diff --git a/LICENSE b/LICENSE index 50e7435..5d678c5 100644 --- a/LICENSE +++ b/LICENSE @@ -1,9 +1,5 @@ LibTomCrypt is public domain. As should all quality software be. -All of the software was either written by or donated to Tom St Denis for the purposes -of this project. The only exception is the SAFER.C source which has no known -license status (assumed copyrighted) which is why SAFER.C is shipped as disabled. - Tom St Denis diff --git a/TODO b/TODO new file mode 100644 index 0000000..8b13789 --- /dev/null +++ b/TODO @@ -0,0 +1 @@ + diff --git a/changes b/changes index 6b4bc25..bdc2c06 100644 --- a/changes +++ b/changes @@ -1,3 +1,72 @@ +April 17th, 2005 +v1.01 + ** Secure Science Corporation has supported this release cycle by sponsoring the development time taken. Their + continuing support of this project has helped me maintain a steady pace in order to keep LibTomCrypt up to date, + stable and more efficient. + ----------------------------------------------------------------------------------------------------- + -- Updated base64_decode.c so if there are more than 3 '=' signs it would stop parsing + -- Merged in latest mpi that fixed a few bugs here and there + -- Updated OAEP encoder/decoder to catch when the hash output is too large + Cleaned up PSS code too + -- Andy Bontoft fixed a bug in my demos/tests/makefile.msvc ... seems "dsa_test.c" isn't an object + afterall. Thanks. + -- Made invalid ECC key sizes (configuration) not hard fault the program (it returns an error code now) + -- SAFER has been re-enabled after I was pointed to http://www.ciphersbyritter.com/NEWS2/95032301.HTM + [Mark Kotiaho] + -- Added CCM mode to the encauth list (now has EAX, OCB and CCM, c'est un treo magnifique!) + -- Added missing ASN.1 header to the RSA keys ... oops... now the rsa_export/import are FULLY compatible + with other libs like OpenSSL (comment: Test vectors would go a long way RSA...) + -- Manually merged in fix to the prime_random_ex() LTM function that ensures the 2nd MSB is set properly. Now + When you say "I want a 1024/8 byte RSA key" the MSB bit of the modulus is set as expected. Note I generally + don't view this as a "huge issue" but it's just one less nit to worry about. [Bryan Klisch] + -- A new CVS has been setup on my Athlon64 box... if you want developer access send me an email (and at this point the email would have to be awesome). + -- Updated API for ECB and CBC shell code. Now can process N whole blocks in one call (like $DEITY intended) + -- Introduced a new "hardware accel" framework that can be used to speed up cipher ECB, CBC and CTR mode + calls. Later on dependent code (e.g. OMAC, CCM) will be re-written to use the generic cbc/ctr functions. But now + if you [say] call ctr_encrypt() with a cipher descriptor that has hardware CTR it will automatically + be used (e.g. no code rewrites) + -- Now ships with 20% more love. + -- x86_prof now uses ECB shell code (hint: accelerators) and outputs cycles per BLOCK not byte. This will make it a bit + easier to compare hardware vs. software cipher implementations. It also emits timings for CBC and CTR modes + -- [Peter LaDow] fixed a typo w.r.t. XREALLOC macro (spelling counts kids!) + -- Fixed bug with __x86_64__ where ROL64/ROR64 with LTC_NO_ROLC would be the 32-bit versions instead... + -- Shipping with preliminary GCM code (disabled). It's buggy (stack overflow hidden somewhere). If anyone can spot it let me know. + -- Added Pelican MAC [it's an AES based fast MAC] to the list of supported MACs + -- Added LTC_FAST [and you can disable by defining LTC_NO_FAST] so that CBC and CTR mode XOR whole words [e.g. 32 or 64 bits] at a time + instead of one byte. On my AMD64 this reduced the overhead for AES-128-CBC from 4.56 cycles/byte to around 1 cycle/byte. This requires + that you either allow unaligned read/writes [e.g. x86_32/x86_64] or align all your data. It won't go out of it's way to ensure + aligned access. Only enabled for x86_* platforms by default since they allow unaligned read/writes. + -- Added LTC_FAST support to PMAC (drops the cycle/byte by about 9 cycles on my AMD64) [note: I later rewrote this prior to release] + -- Updated "profiled" target to work with the new directory layout + -- Added [demo only] optimized RC5-CTR code to x86_prof demo to show off how to make an accelerator + [This has been removed prior to release... It may re-appear later] + -- Added CCM acelerator callbacks to the list [now supports ECB, CTR, CBC and now CCM]. + -- Added chapter to manual about accelerators (you know you want it) + -- Added "bswap" optimizations to x86 LOAD/STORE with big endian. Can be disabled by defining LTC_NO_BSWAP + -- LTC_NO_ASM is now the official "disable all non-portable stuff" macro. When defined it will make the code endian-neutral, + disable any form of ASM and disable LTC_FAST load/stores. Essentially build the library with this defined if you're having + trouble building the library (old GCCs for instance dislike the ROLc macro) + -- Added tomcrypt_mac.h and moved MAC/encMAC functions from tomcrypt_hash.h into it + -- Added "done" function to ciphers and the five chaining modes [and things like omac/pmac/etc] + -- Changed install group to "wheel" from "root". + -- Replaced // comments with /**/ so it will build on older UNIX-like platforms + -- x86_prof builds and runs with IntelCC fine now + -- Added "stest" build to intel CC to test static linked from within the dir (so you don't have to install to test) + -- Moved testing/benchmark into testprof directory and build it as part of the build. Now you can link against libtomcrypt_prof.a to get + testing info (hint: hardware developers ;-) ) + -- Added CCM to tv_gen + -- Added demos to MSVC makefile + -- Removed -funroll-all-loops from GCC makefile and replaced with -funroll-loops which is a bit more sane (P4 ain't got much cache for the IDATA) + -- Fixed GCM prior to release and re-enabled it. It has not been optimized but it does conform when compiled with optimizations. + -- I've since optimized GCM and CCM. They're close in speed but GCM is more flexible imho (though EAX is more flexible than both) + -- For kicks I optimized the ECC code to use projective points. Gets between 3.21x (Prescott P4) to 4.53x (AMD64) times faster than before at 160-bit keys and the + speedup grows as the keysize grows. Basically removing most practical reasons to "not use the ECC code". Enjoy. + -- Added LTC_FAST support to OMAC/PMAC and doubled it's speed on my amd64 [faster on the P4 too I guess] + -- Added GCM to tv_gen + -- Removed "makefile.cygwin_dll" as it's not really used by anyone and not worth the effort (hell I hardly maintain the MSVC makefiles ...) + -- Updated a few files in the "misc" directory to have correct @file comments for doxygen + -- Removed "profile" target since it was slower anyways (go figure...) + December 31st, 2004 v1.00 -- Added "r,s == 0" check to dsa_verify_hash() diff --git a/crypt.tex b/crypt.tex index 4cfd4c9..fd8f2e7 100644 --- a/crypt.tex +++ b/crypt.tex @@ -47,10 +47,10 @@ \def\gap{\vspace{0.5ex}} \makeindex \begin{document} -\title{LibTomCrypt \\ Version 1.00} +\title{LibTomCrypt \\ Version 1.01} \author{Tom St Denis \\ \\ -tomstdenis@iahu.ca \\ +tomstdenis@gmail.com \\ http://libtomcrypt.org } \maketitle @@ -154,14 +154,12 @@ under a public domain license: \begin{enumerate} \item rc2.c - \item safer.c \end{enumerate} `mpi.c'' was originally written by Michael Fromberger (sting@linguist.dartmouth.edu) but has since been replaced with my LibTomMath library which is public domain. -``rc2.c'' is based on publicly available code that is not attributed to a person from the given source. ``safer.c'' -was written by Richard De Moliner (demoliner@isi.ee.ethz.ch) and seems to be free for use. +``rc2.c'' is based on publicly available code that is not attributed to a person from the given source. The project is hereby released as public domain. @@ -246,8 +244,7 @@ The header file ``tomcrypt.h'' also includes ``stdio.h'', ``string.h'', ``stdlib There are a few helper macros to make the coding process a bit easier. The first set are related to loading and storing 32/64-bit words in little/big endian format. The macros are: -\index{STORE32L} \index{STORE64L} \index{LOAD32L} \index{LOAD64L} -\index{STORE32H} \index{STORE64H} \index{LOAD32H} \index{LOAD64H} \index{BSWAP} +\index{STORE32L} \index{STORE64L} \index{LOAD32L} \index{LOAD64L} \index{STORE32H} \index{STORE64H} \index{LOAD32H} \index{LOAD64H} \index{BSWAP} \begin{small} \begin{center} \begin{tabular}{|c|c|c|} @@ -259,14 +256,14 @@ There are a few helper macros to make the coding process a bit easier. The firs \hline STORE64H(x, y) & {\bf unsigned long long} x, {\bf unsigned char} *y & $x \to y[7 \ldots 0]$ \\ \hline LOAD32H(x, y) & {\bf unsigned long} x, {\bf unsigned char} *y & $y[3 \ldots 0] \to x$ \\ \hline LOAD64H(x, y) & {\bf unsigned long long} x, {\bf unsigned char} *y & $y[7 \ldots 0] \to x$ \\ - \hline BSWAP(x) & {\bf unsigned long} x & Swaps the byte order of x. \\ + \hline BSWAP(x) & {\bf unsigned long} x & Swaps byte order (32--bits only) \\ \hline \end{tabular} \end{center} \end{small} There are 32 and 64-bit cyclic rotations as well: -\index{ROL} \index{ROR} +\index{ROL} \index{ROR} \index{ROL64} \index{ROR64} \index{ROLc} \index{RORc} \index{ROL64c} \index{ROR64c} \begin{center} \begin{tabular}{|c|c|c|} \hline ROL(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x << y, 0 \le y \le 31$ \\ @@ -295,7 +292,7 @@ int main(void) { unsigned long x; int err; - /* ... Make up the RSA key somehow */ + /* ... Make up the RSA key somehow ... */ /* lets export the key, set x to the size of the output buffer */ x = sizeof(buffer); @@ -343,6 +340,7 @@ should never use the ECB modes directly to encrypt data. Instead you should use or use one of the provided chaining modes. All of the ciphers are written as ECB interfaces since it allows the rest of the API to grow in a modular fashion. +\subsection{Key Scheduling} All ciphers store their scheduled keys in a single data type called ``symmetric\_key''. This allows all ciphers to have the same prototype and store their keys as naturally as possible. This also removes the need for dynamic memory allocation and allows you to allocate a fixed sized buffer for storing scheduled keys. All ciphers provide five visible @@ -361,6 +359,7 @@ that you should only used this scheduled key with the intended cipher. For exam pass the scheduled key onto ``rc5\_ecb\_encrypt()''. All setup functions do not allocate memory off the heap so when you are done with a key you can simply discard it (e.g. they can be on the stack). +\subsection{ECB Encryption and Decryption} To encrypt or decrypt a block in ECB mode there are these two function classes \index{Cipher Encrypt} \index{Cipher Decrypt} \begin{verbatim} @@ -376,12 +375,16 @@ the same buffer. For the encrypt function ``pt''\footnote{pt stands for plainte ``ct''\footnote{ct stands for ciphertext.} is the output. For the decryption function it's the opposite. To test a particular cipher against test vectors\footnote{As published in their design papers.} call the self-test function +\subsection{Self--Testing} \index{Cipher Testing} \begin{verbatim} int XXX_test(void); \end{verbatim} This function will return {\bf CRYPT\_OK} if the cipher matches the test vectors from the design publication it is -based upon. Finally for each cipher there is a function which will help find a desired key size: +based upon. + +\subsection{Key Sizing} +For each cipher there is a function which will help find a desired key size: \begin{verbatim} int XXX_keysize(int *keysize); \end{verbatim} @@ -407,6 +410,15 @@ int main(void) \end{small} This should indicate a keysize of sixteen bytes is suggested. +\subsection{Cipher Termination} +When you are finished with a cipher you can de--initialize it with the done function. +\begin{verbatim} +void XXX_done(symmetric_key *skey); +\end{verbatim} +For the software based ciphers within LibTomCrypt this function will not do anything. However, user supplied +cipher descriptors may require calls to it for resource management. To be compliant all functions which call a cipher +setup function must also call the respective cipher done function when finished. + \subsection{Simple Encryption Demonstration} An example snippet that encodes a block with Blowfish in ECB mode is below. @@ -445,6 +457,10 @@ int main(void) &skey); /* our previously scheduled key */ /* now we have decrypted ct to the original plaintext in pt */ + + /* Terminate the cipher context */ + blowfish_done(&skey); + return 0; } \end{verbatim} @@ -470,6 +486,7 @@ size. To facilitate automatic routines an array of cipher descriptors is provided in the array ``cipher\_descriptor''. An element of this array has the following format: +\begin{small} \begin{verbatim} struct _cipher_descriptor { char *name; @@ -478,16 +495,43 @@ struct _cipher_descriptor { max_key_length, block_length, default_rounds; - int (*setup)(const unsigned char *key, int keylen, int num_rounds, - symmetric_key *skey); - void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, - symmetric_key *skey); - void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, - symmetric_key *skey); + int (*setup)(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); + void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); + void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int (*test)(void); + void (*done)(symmetric_key *skey); int (*keysize)(int *keysize); + + void (*accel_ecb_encrypt)(const unsigned char *pt, + unsigned char *ct, + unsigned long blocks, symmetric_key *skey); + void (*accel_ecb_decrypt)(const unsigned char *ct, + unsigned char *pt, + unsigned long blocks, symmetric_key *skey); + void (*accel_cbc_encrypt)(const unsigned char *pt, + unsigned char *ct, + unsigned long blocks, unsigned char *IV, + symmetric_key *skey); + void (*accel_cbc_decrypt)(const unsigned char *ct, + unsigned char *pt, + unsigned long blocks, unsigned char *IV, + symmetric_key *skey); + void (*accel_ctr_encrypt)(const unsigned char *pt, + unsigned char *ct, + unsigned long blocks, unsigned char *IV, + int mode, symmetric_key *skey); + void (*accel_ccm_memory)( + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *header, unsigned long headerlen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction); + }; \end{verbatim} +\end{small} Where ``name'' is the lower case ASCII version of the name. The fields ``min\_key\_length'' and ``max\_key\_length'' are the minimum and maximum key sizes in bytes. The ``block\_length'' member is the block size of the cipher @@ -722,7 +766,7 @@ block of memory with either of the three modes. The ECB and CBC modes process blocks of the same size as the cipher at a time. Therefore they are less flexible than the other modes. -\subsection{Implementation} +\subsection{Initialization} \index{CBC Mode} \index{CTR Mode} \index{OFB Mode} \index{CFB Mode} The library provides simple support routines for handling CBC, CTR, CFB, OFB and ECB encoded messages. Assuming the mode @@ -745,30 +789,32 @@ of the cipher you choose. It is important that the IV be random for each uniqu parameters ``key'', ``keylen'' and ``num\_rounds'' are the same as in the XXX\_setup() function call. The final parameter is a pointer to the structure you want to hold the information for the mode of operation. -Both routines return {\bf CRYPT\_OK} if the cipher initialized correctly, otherwise they return an error code. To -actually encrypt or decrypt the following routines are provided: +Both routines return {\bf CRYPT\_OK} if the cipher initialized correctly, otherwise they return an error code. + +\subsection{Encryption and Decryption} +To actually encrypt or decrypt the following routines are provided: \index{ecb\_encrypt()} \index{ecb\_decrypt()} \index{cfb\_encrypt()} \index{cfb\_decrypt()} \index{cbc\_encrypt()} \index{cbc\_decrypt()} \index{ofb\_encrypt()} \index{ofb\_decrypt()} \index{ctr\_encrypt()} \index{ctr\_decrypt()} \begin{verbatim} int XXX_encrypt(const unsigned char *pt, unsigned char *ct, - symmetric_XXX *XXX); -int XXX_decrypt(const unsigned char *ct, unsigned char *pt, - symmetric_XXX *XXX); - -int YYY_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_YYY *YYY); -int YYY_decrypt(const unsigned char *ct, unsigned char *pt, +int XXX_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_YYY *YYY); \end{verbatim} -Where ``XXX'' is one of (ecb, cbc) and ``YYY'' is one of (ctr, ofb, cfb). In the CTR, OFB and CFB cases ``len'' is the -size of the buffer (as number of chars) to encrypt or decrypt. The CTR, OFB and CFB modes are order sensitive but not +Where ``XXX'' is one of $\lbrace ecb, cbc, ctr, cfb, ofb \rbrace$. + +In all cases ``len'' is the size of the buffer (as number of octets) to encrypt or decrypt. The CTR, OFB and CFB modes are order sensitive but not chunk sensitive. That is you can encrypt ``ABCDEF'' in three calls like ``AB'', ``CD'', ``EF'' or two like ``ABCDE'' and ``F'' and end up with the same ciphertext. However, encrypting ``ABC'' and ``DABC'' will result in different ciphertexts. All five of the modes will return {\bf CRYPT\_OK} on success from the encrypt or decrypt functions. +In the ECB and CBC cases ``len'' must be a multiple of the ciphers block size. In the CBC case you must manually pad the end of your message (either with +zeroes or with whatever your protocol requires). + To decrypt in either mode you simply perform the setup like before (recall you have to fetch the IV value you used) and use the decrypt routine on all of the blocks. +\subsection{IV Manipulation} To change or read the IV of a previously initialized chaining mode use the following two functions. \index{cbc\_setiv()} \index{cbc\_getiv()} \index{ofb\_setiv()} \index{ofb\_getiv()} \index{cfb\_setiv()} \index{cfb\_getiv()} @@ -778,11 +824,23 @@ int XXX_getiv(unsigned char *IV, unsigned long *len, symmetric_XXX *XXX); int XXX_setiv(const unsigned char *IV, unsigned long len, symmetric_XXX *XXX); \end{verbatim} -The XXX\_getiv function will read the IV out of the chaining mode and store it into ``IV'' along with the length of the IV +The XXX\_getiv() functions will read the IV out of the chaining mode and store it into ``IV'' along with the length of the IV stored in ``len''. The XXX\_setiv will initialize the chaining mode state as if the original IV were the new IV specified. The length of the IV passed in must be the size of the ciphers block size. -The XXX\_setiv functions are handy if you wish to change the IV without re--keying the cipher. +The XXX\_setiv() functions are handy if you wish to change the IV without re--keying the cipher. + +\subsection{Stream Termination} +To terminate an open stream call the done function. + +\index{ecb\_done()} \index{cbc\_done()}\index{cfb\_done()}\index{ofb\_done()} \index{ctr\_done()} +\begin{verbatim} +int XXX_done(symmetric_XXX *XXX); +\end{verbatim} + +This will terminate the stream (by terminating the cipher) and return \textbf{CRYPT\_OK} if successful. + +\subsection{Examples} \newpage \begin{small} @@ -845,6 +903,12 @@ int main(void) return -1; } + /* terminate the stream */ + if ((err = ctr_done(&ctr)) != CRYPT_OK) { + printf("ctr_done error: %s\n", error_to_string(err)); + return -1; + } + /* clear up and return */ zeromem(key, sizeof(key)); zeromem(&ctr, sizeof(ctr)); @@ -1050,6 +1114,8 @@ They assume that ``pt'' and ``ct'' are the same size as the block cipher's block both functions given a single ``ocb'' state. For bi-directional communication you will have to initialize two ``ocb'' states (with different nonces). Also ``pt'' and ``ct'' may point to the same location in memory. +\subsubsection{State Termination} + When you are finished encrypting the message you call the following function to compute the tag. \index{ocb\_done\_encrypt()} @@ -1083,6 +1149,7 @@ tag of the message (internally) and then compare it against the ``taglen'' bytes ``res'' is set to zero. If all ``taglen'' bytes of ``tag'' can be verified then ``res'' is set to one (authenticated message). +\subsubsection{Packet Functions} To make life simpler the following two functions are provided for memory bound OCB. \index{ocb\_encrypt\_authenticate\_memory()} @@ -1112,6 +1179,238 @@ int ocb_decrypt_verify_memory(int cipher, Similarly this will OCB decrypt and compare the internally computed tag against the tag provided. ``res'' is set appropriately. +\subsection{CCM Mode} +CCM is a NIST proposal for Encrypt+Authenticate that is centered around using AES (or any 16--byte cipher) as a primitive. Unlike EAX and OCB mode +it is only meant for ``packet'' mode where the length of the input is known in advance. Since it is a packet mode function CCM only has one +function that performs the protocol. + +\index{ccm\_memory()} +\begin{verbatim} +int ccm_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *header, unsigned long headerlen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction); +\end{verbatim} + +This performs the ``CCM'' operation on the data. The ``cipher'' variable indicates which cipher in the descriptor table to use. It must have a +16--byte block size for CCM. The key is ``key'' with a length of ``keylen'' octets. The nonce or salt is ``nonce'' of +length ``noncelen'' octets. The header is meta--data you want to send with the message but not have encrypted, it is stored in ``header'' +of length ``headerlen'' octets. The header can be zero octets long (if $headerlen = 0$ then you can pass ``header'' as \textbf{NULL}). + +The plaintext is stored in ``pt'' and the ciphertext in ``ct''. The length of both are expected to be equal and is passed in as ``ptlen''. It is +allowable that $pt = ct$. The ``direction'' variable indicates whether encryption (direction $=$ \textbf{CCM\_ENCRYPT}) or +decryption (direction $=$ \textbf{CCM\_DECRYPT}) is to be performed. + +As implemented this copy of CCM cannot handle a header or plaintext longer than $2^{32} - 1$ octets long. + +You can test the implementation of CCM with the following function. + +\index{ccm\_test()} +\begin{verbatim} +int ccm_test(void); +\end{verbatim} + +This will return \textbf{CRYPT\_OK} if the CCM routine passes known test vectors. + +\subsection{GCM Mode} +Galois counter mode is an IEEE proposal for authenticated encryption. Like EAX and OCB it can be used in a streaming capacity however, unlike EAX it cannot +accept ``additional authentication data'' (meta--data) after plaintext has been processed. This mode also only works with block ciphers with a sixteen +byte block. + +A GCM stream is meant to be processed in three modes each one sequential serial. First the initial vector (per session) data is processed. This should be +unique to every session. Next the the optional additional authentication data is processed and finally the plaintext. + +\subsubsection{Initialization} +To initialize the GCM context with a secret key call the following function. + +\index{gcm\_init()} +\begin{verbatim} +int gcm_init(gcm_state *gcm, int cipher, + const unsigned char *key, int keylen); +\end{verbatim} +This initializes the GCM state ``gcm'' for the given cipher indexed by ``cipher'' with a secret key ``key'' of length ``keylen'' octets. The cipher chosen +must have a 16--byte block size (e.g. AES). + +\subsubsection{Initial Vector} +After the state has been initialized (or reset) the next step is to add the session (or packet) initial vector. It should be unique per packet encrypted. + +\index{gcm\_add\_iv()} +\begin{verbatim} +int gcm_add_iv(gcm_state *gcm, + const unsigned char *IV, unsigned long IVlen); +\end{verbatim} + +This adds the initial vector octets from ``IV'' of length ``IVlen'' to the GCM state ``gcm''. You can call this function as many times as required +to process the entire IV. + +Note that the GCM protocols provides a ``shortcut'' for 12--byte IVs where no preprocessing is to be done. If you want to minimize per packet latency it's ideal +to only use 12--byte IVs. You can just increment it like a counter for each packet and the CTR [privacy] will be ensured. + +\subsubsection{Additional Authentication Data} +After the entire IV has been processed the additional authentication data can be processed. Unlike the IV a packet/session does not require additional +authentication data (AAD) for security. The AAD is meant to be used as side--channel data you want to be authenticated with the packet. Note that once +you begin adding AAD to the GCM state you cannot return to adding IV data until the state is reset. + +\index{gcm\_add\_aad()} +\begin{verbatim} +int gcm_add_aad(gcm_state *gcm, + const unsigned char *adata, unsigned long adatalen); +\end{verbatim} +This adds the additional authentication data ``adata'' of length ``adatalen'' to the GCM state ``gcm''. + +\subsubsection{Plaintext Processing} +After the AAD has been processed the plaintext (or ciphertext depending on the direction) can be processed. + +\index{gcm\_process()} +\begin{verbatim} +int gcm_process(gcm_state *gcm, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + int direction); +\end{verbatim} +This processes message data where ``pt'' is the plaintext and ``ct'' is the ciphertext. The length of both are equal and stored in ``ptlen''. Depending on the +mode ``pt'' is the input and ``ct'' is the output (or vice versa). When ``direction'' equals \textbf{GCM\_ENCRYPT} the plaintext is read, encrypted and stored +in the ciphertext buffer. When ``direction'' equals \textbf{GCM\_DECRYPT} the opposite occurs. + +\subsubsection{State Termination} +To terminate a GCM state and retrieve the message authentication tag call the following function. + +\index{gcm\_done()} +\begin{verbatim} +int gcm_done(gcm_state *gcm, + unsigned char *tag, unsigned long *taglen); +\end{verbatim} +This terminates the GCM state ``gcm'' and stores the tag in ``tag'' of length ``taglen'' octets. + +\subsubsection{State Reset} +The call to gcm\_init() will perform considerable pre--computation (when \textbf{GCM\_TABLES} is defined) and if you're going to be dealing with a lot of packets +it is very costly to have to call it repeatedly. To aid in this endeavour the reset function has been provided. + +\index{gcm\_reset()} +\begin{verbatim} +int gcm_reset(gcm_state *gcm); +\end{verbatim} + +This will reset the GCM state ``gcm'' to the state that gcm\_init() left it. The user would then call gcm\_add\_iv(), gcm\_add\_aad(), etc. + +\subsubsection{One--Shot Packet} +To process a single packet under any given key the following helper function can be used. + +\index{gcm\_memory()} +\begin{verbatim} +int gcm_memory( int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *IV, unsigned long IVlen, + const unsigned char *adata, unsigned long adatalen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction); +\end{verbatim} + +This will initialize the GCM state with the given key, IV and AAD value then proceed to encrypt or decrypt the message text and store the final +message tag. The definition of the variables is the same as it is for all the manual functions. + +If you are processing many packets under the same key you shouldn't use this function as it invokes the pre--computation with each call. + +\subsubsection{Example Usage} +The following is an example usage of how to use GCM over multiple packets with a shared secret key. + +\begin{small} +\begin{verbatim} +#include + +int send_packet(const unsigned char *pt, unsigned long ptlen, + const unsigned char *iv, unsigned long ivlen, + const unsigned char *aad, unsigned long aadlen, + gcm_state *gcm) +{ + int err; + unsigned long taglen; + unsigned char tag[16]; + + /* reset the state */ + if ((err = gcm_reset(gcm)) != CRYPT_OK) { + return err; + } + + /* Add the IV */ + if ((err = gcm_add_iv(gcm, iv, ivlen)) != CRYPT_OK) { + return err; + } + + /* Add the AAD (note: aad can be NULL if aadlen == 0) */ + if ((err = gcm_add_aad(gcm, aad, aadlen)) != CRYPT_OK) { + return err; + } + + /* process the plaintext */ + if ((err = gcm_add_process(gcm, pt, ptlen, pt, GCM_ENCRYPT)) != CRYPT_OK) { + return err; + } + + /* Finish up and get the MAC tag */ + taglen = sizeof(tag); + if ((err = gcm_done(gcm, tag, &taglen)) != CRYPT_OK) { + return err; + } + + /* depending on the protocol and how IV is generated you may have to send it too... */ + send(socket, iv, ivlen, 0); + + /* send the aad */ + send(socket, aad, aadlen, 0); + + /* send the ciphertext */ + send(socket, pt, ptlen, 0); + + /* send the tag */ + send(socket, tag, taglen, 0); + + return CRYPT_OK; +} + +int main(void) +{ + gcm_state gcm; + unsigned char key[16], IV[12], pt[PACKET_SIZE]; + int err, x; + unsigned long ptlen; + + /* somehow fill key/IV with random values */ + + /* register AES */ + register_cipher(&aes_desc); + + /* init the GCM state */ + if ((err = gcm_init(&gcm, find_cipher("aes"), key, 16)) != CRYPT_OK) { + whine_and_pout(err); + } + + /* handle us some packets */ + for (;;) { + ptlen = make_packet_we_want_to_send(pt); + + /* use IV as counter (12 byte counter) */ + for (x = 11; x >= 0; x--) { + if (++IV[x]) { + break; + } + } + + if ((err = send_packet(pt, ptlen, iv, 12, NULL, 0, &gcm)) != CRYPT_OK) { + whine_and_pout(err); + } + } + return EXIT_SUCCESS; +} +\end{verbatim} +\end{small} + \chapter{One-Way Cryptographic Hash Functions} \section{Core Functions} @@ -1709,11 +2008,81 @@ and the cipher specified by the ``cipher'''th entry in the cipher\_descriptor ta the same rules as omac\_done. To test if the PMAC code is working there is the following function: +\index{pmac\_test()} \begin{verbatim} int pmac_test(void); \end{verbatim} Which returns {\bf CRYPT\_OK} if the code passes otherwise it returns an error code. +\section{Pelican MAC} +Pelican MAC is a new (experimental) MAC by the AES team that uses four rounds of AES as a ``mixing function''. It achieves a very high +rate of processing and is potentially very secure. It requires AES to be enabled to function. You do not have to register\_cipher() AES first though +as it calls AES directly. + +\index{pelican\_init()} +\begin{verbatim} +int pelican_init(pelican_state *pelmac, const unsigned char *key, unsigned long keylen); +\end{verbatim} +This will initialize the Pelican state with the given AES key. Once this has been done you can begin processing data. + +\index{pelican\_process()} +\begin{verbatim} +int pelican_process(pelican_state *pelmac, const unsigned char *in, unsigned long inlen); +\end{verbatim} +This will process ``inlen'' bytes of ``in'' through the Pelican MAC. It's best that you pass in multiples of 16 bytes as it makes the +routine more efficient but you may pass in any length of text. You can call this function as many times as required to process +an entire message. + +\index{pelican\_done()} +\begin{verbatim} +int pelican_done(pelican_state *pelmac, unsigned char *out); +\end{verbatim} +This terminates a Pelican MAC and writes the 16--octet tag to ``out''. + +\subsection{Example} + +\begin{verbatim} +#include +int main(void) +{ + pelican_state pelstate; + unsigned char key[32], tag[16]; + int err; + + /* somehow initialize a key */ + + /* initialize pelican mac */ + if ((err = pelican_init(&pelstate, /* the state */ + key, /* user key */ + 32 /* key length in octets */ + )) != CRYPT_OK) { + printf("Error initializing Pelican: %s", error_to_string(err)); + return EXIT_FAILURE; + } + + /* MAC some data */ + if ((err = pelican_process(&pelstate, /* the state */ + "hello world", /* data to mac */ + 11 /* length of data */ + )) != CRYPT_OK) { + printf("Error processing Pelican: %s", error_to_string(err)); + return EXIT_FAILURE; + } + + /* Terminate the MAC */ + if ((err = pelican_done(&pelstate, /* the state */ + tag /* where to store the tag */ + )) != CRYPT_OK) { + printf("Error terminating Pelican: %s", error_to_string(err)); + return EXIT_FAILURE; + } + + /* tag[0..15] has the MAC output now */ + + return EXIT_SUCCESS; +} +\end{verbatim} + \chapter{Pseudo-Random Number Generators} \section{Core Functions} @@ -3359,16 +3728,6 @@ This will use libtool and gcc to build a shared library ``libtomcrypt.la'' as we and install them into /usr/lib (and the headers into /usr/include). To link your application you should use the libtool program in ``--mode=link''. -You can also build LibTomCrypt as a shared library (DLL) in Windows with Cygwin. Issue the following - -\begin{alltt} -make -f makefile.cygwin_dll -\end{alltt} -This will build ``libtomcrypt.dll.a'' which is an import library for ``libtomcrypt.dll''. You must copy -``libtomcrypt.dll.a'' to your library directory, ``libtomcrypt.dll' to somewhere in your PATH and the header -files to your include directory. So long as ``libtomcrypt.dll'' is in your system path you can run any LibTomCrypt -program that uses it. - \section{mycrypt\_cfg.h} The file ``mycrypt\_cfg.h'' is what lets you control various high level macros which control the behaviour of the library. @@ -3391,36 +3750,36 @@ Currently LibTomCrypt will detect x86-32 and x86-64 running GCC as well as x86-3 \section{The Configure Script} There are also options you can specify from the configure script or ``mycrypt\_custom.h''. -\subsubsection{X memory routines} +\subsection{X memory routines} At the top of mycrypt\_custom.h are four macros denoted as XMALLOC, XCALLOC, XREALLOC and XFREE which resolve to the name of the respective functions. This lets you substitute in your own memory routines. If you substitute in your own functions they must behave like the standard C library functions in terms of what they expect as input and output. By default the library uses the standard C routines. -\subsubsection{X clock routines} +\subsection{X clock routines} The rng\_get\_bytes() function can call a function that requires the clock() function. These macros let you override the default clock() used with a replacement. By default the standard C library clock() function is used. -\subsubsection{NO\_FILE} +\subsection{NO\_FILE} During the build if NO\_FILE is defined then any function in the library that uses file I/O will not call the file I/O functions and instead simply return CRYPT\_NOP. This should help resolve any linker errors stemming from a lack of file I/O on embedded platforms. -\subsubsection{CLEAN\_STACK} +\subsection{CLEAN\_STACK} When this functions is defined the functions that store key material on the stack will clean up afterwards. Assumes that you have no memory paging with the stack. -\subsubsection{LTC\_TEST} +\subsection{LTC\_TEST} When this has been defined the various self--test functions (for ciphers, hashes, prngs, etc) are included in the build. When this has been undefined the tests are removed and if called will return CRYPT\_NOP. -\subsubsection{Symmetric Ciphers, One-way Hashes, PRNGS and Public Key Functions} +\subsection{Symmetric Ciphers, One-way Hashes, PRNGS and Public Key Functions} There are a plethora of macros for the ciphers, hashes, PRNGs and public key functions which are fairly self-explanatory. When they are defined the functionality is included otherwise it is not. There are some dependency issues which are noted in the file. For instance, Yarrow requires CTR chaining mode, a block cipher and a hash function. -\subsubsection{TWOFISH\_SMALL and TWOFISH\_TABLES} +\subsection{TWOFISH\_SMALL and TWOFISH\_TABLES} Twofish is a 128-bit symmetric block cipher that is provided within the library. The cipher itself is flexible enough to allow some tradeoffs in the implementation. When TWOFISH\_SMALL is defined the scheduled symmetric key for Twofish requires only 200 bytes of memory. This is achieved by not pre-computing the substitution boxes. Having this @@ -3432,10 +3791,39 @@ useful when TWOFISH\_SMALL is defined as the table values are computed on the fl will increase by approximately 500 bytes. If this is defined but TWOFISH\_SMALL is not the cipher will still work but it will not speed up the encryption or decryption functions. -\subsubsection{SMALL\_CODE} +\subsection{GCM\_TABLES} +When defined GCM will use a 64KB table (per GCM state) which will greatly lower up the per--packet latency. +It also increases the initialization time. + +\subsection{SMALL\_CODE} When this is defined some of the code such as the Rijndael and SAFER+ ciphers are replaced with smaller code variants. These variants are slower but can save quite a bit of code space. +\subsection{LTC\_FAST} +This mode (autodetected with x86\_32,x86\_64 platforms with GCC or MSVC) configures various routines such as ctr\_encrypt() or +cbc\_encrypt() that it can safely XOR multiple octets in one step by using a larger data type. This has the benefit of +cutting down the overhead of the respective functions. + +This mode does have one downside. It can cause unaligned reads from memory if you are not careful with the functions. This is why +it has been enabled by default only for the x86 class of processors where unaligned accesses are allowed. Technically LTC\_FAST +is not ``portable'' since unaligned accesses are not covered by the ISO C specifications. + +In practice however, you can use it on pretty much any platform (even MIPS) with care. + +By design the ``fast'' mode functions won't get unaligned on their own. For instance, if you call ctr\_encrypt() right after calling +ctr\_start() and all the inputs you gave are aligned than ctr\_encrypt() will perform aligned memory operations only. However, if you +call ctr\_encrypt() with an odd amount of plaintext then call it again the CTR pad (the IV) will be partially used. This will +cause the ctr routine to first use up the remaining pad bytes. Then if there are enough plaintext bytes left it will use +whole word XOR operations. These operations will be unaligned. + +The simplest precaution is to make sure you process all data in power of two blocks and handle ``remainder'' at the end. e.g. If you are +CTR'ing a long stream process it in blocks of (say) four kilobytes and handle any remaining incomplete blocks at the end of the stream. + +If you do plan on using the ``LTC\_FAST'' mode you have to also define a ``LTC\_FAST\_TYPE'' macro which resolves to an optimal sized +data type you can perform integer operations with. Ideally it should be four or eight bytes since it must properly divide the size +of your block cipher (e.g. 16 bytes for AES). This means sadly if you're on a platform with 57--bit words (or something) you can't +use this mode. So sad. + \section{MPI Tweaks} \subsection{RSA Only Tweak} If you plan on only using RSA with moduli in the range of 1024 to 2560 bits you can enable a series of tweaks @@ -3448,7 +3836,417 @@ to reduce the library size. Follow these steps \item Rebuild the library. \end{enumerate} +\chapter{Optimizations} +\section{Introduction} +The entire API was designed with plug and play in mind at the low level. That is you can swap out any cipher, hash or PRNG and dependent API will not require +updating. This has the nice benefit that I can add ciphers not have to re--write large portions of the API. For the most part LibTomCrypt has also been written +to be highly portable and easy to build out of the box on pretty much any platform. As such there are no assembler inlines throughout the code, I make no assumptions +about the platform, etc... +That works well for most cases but there are times where time is of the essence. This API also allows optimized routines to be dropped in--place of the existing +portable routines. For instance, hand optimized assembler versions of AES could be provided and any existing function that uses the cipher could automatically use +the optimized code without re--writing. This also paves the way for hardware drivers that can access hardware accelerated cryptographic devices. + +At the heart of this flexibility is the ``descriptor'' system. A descriptor is essentially just a C ``struct'' which describes the algorithm and provides pointers +to functions that do the work. For a given class of operation (e.g. cipher, hash, prng) the functions have identical prototypes which makes development simple. In most +dependent routines all a developer has to do is register\_XXX() the descriptor and they're set. + +\section{Ciphers} +The ciphers in LibTomCrypt are accessed through the ltc\_cipher\_descriptor structure. + +\begin{small} +\begin{verbatim} +struct ltc_cipher_descriptor { + /** name of cipher */ + char *name; + /** internal ID */ + unsigned char ID; + /** min keysize (octets) */ + int min_key_length, + /** max keysize (octets) */ + max_key_length, + /** block size (octets) */ + block_length, + /** default number of rounds */ + default_rounds; + /** Setup the cipher + @param key The input symmetric key + @param keylen The length of the input key (octets) + @param num_rounds The requested number of rounds (0==default) + @param skey [out] The destination of the scheduled key + @return CRYPT_OK if successful + */ + int (*setup)(const unsigned char *key, int keylen, + int num_rounds, symmetric_key *skey); + /** Encrypt a block + @param pt The plaintext + @param ct [out] The ciphertext + @param skey The scheduled key + */ + void (*ecb_encrypt)(const unsigned char *pt, + unsigned char *ct, symmetric_key *skey); + /** Decrypt a block + @param ct The ciphertext + @param pt [out] The plaintext + @param skey The scheduled key + */ + void (*ecb_decrypt)(const unsigned char *ct, + unsigned char *pt, symmetric_key *skey); + /** Test the block cipher + @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled + */ + int (*test)(void); + /** Determine a key size + @param keysize [in/out] The size of the key desired and the suggested size + @return CRYPT_OK if successful + */ + int (*keysize)(int *keysize); + +/** Accelerators **/ + /** Accelerated ECB encryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param skey The scheduled key context + */ + void (*accel_ecb_encrypt)(const unsigned char *pt, + unsigned char *ct, unsigned long blocks, + symmetric_key *skey); + + /** Accelerated ECB decryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param skey The scheduled key context + */ + void (*accel_ecb_decrypt)(const unsigned char *ct, + unsigned char *pt, unsigned long blocks, + symmetric_key *skey); + + /** Accelerated CBC encryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param IV The initial value (input/output) + @param skey The scheduled key context + */ + void (*accel_cbc_encrypt)(const unsigned char *pt, + unsigned char *ct, unsigned long blocks, + unsigned char *IV, symmetric_key *skey); + + /** Accelerated CBC decryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param IV The initial value (input/output) + @param skey The scheduled key context + */ + void (*accel_cbc_decrypt)(const unsigned char *ct, + unsigned char *pt, unsigned long blocks, + unsigned char *IV, symmetric_key *skey); + + /** Accelerated CTR encryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param IV The initial value (input/output) + @param mode little or big endian counter (mode=0 or mode=1) + @param skey The scheduled key context + */ + void (*accel_ctr_encrypt)(const unsigned char *pt, + unsigned char *ct, unsigned long blocks, + unsigned char *IV, int mode, symmetric_key *skey); + + /** Accelerated CCM packet (one-shot) + @param key The secret key to use + @param keylen The length of the secret key (octets) + @param nonce The session nonce [use once] + @param noncelen The length of the nonce + @param header The header for the session + @param headerlen The length of the header (octets) + @param pt [out] The plaintext + @param ptlen The length of the plaintext (octets) + @param ct [out] The ciphertext + @param tag [out] The destination tag + @param taglen [in/out] The max size and resulting size of the authentication tag + @param direction Encrypt or Decrypt direction (0 or 1) + @return CRYPT_OK if successful + */ + void (*accel_ccm_memory)( + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *header, unsigned long headerlen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction); + + /** Accelerated GCM packet (one shot) + @param key The secret key + @param keylen The length of the secret key + @param IV The initial vector + @param IVlen The length of the initial vector + @param adata The additional authentication data (header) + @param adatalen The length of the adata + @param pt The plaintext + @param ptlen The length of the plaintext (ciphertext length is the same) + @param ct The ciphertext + @param tag [out] The MAC tag + @param taglen [in/out] The MAC tag length + @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT) + */ + void (*accel_gcm_memory)( + const unsigned char *key, unsigned long keylen, + const unsigned char *IV, unsigned long IVlen, + const unsigned char *adata, unsigned long adatalen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction); + +}; +\end{verbatim} +\end{small} + +\subsection{Name} +The ``name'' parameter specifies the name of the cipher. This is what a developer would pass to find\_cipher() to find the cipher in the descriptor +tables. + +\subsection{Internal ID} +This is a single byte Internal ID you can use to distingish ciphers from each other. + +\subsection{Key Lengths} +The minimum key length is ``min\_key\_length'' and is measured in octets. Similarly the maximum key length is ``max\_key\_length''. They can be equal +and both must valid key sizes for the cipher. Values in between are not assumed to be valid though they may be. + +\subsection{Block Length} +The size of the ciphers plaintext or ciphertext is ``block\_length'' and is measured in octets. + +\subsection{Rounds} +Some ciphers allow different number of rounds to be used. Usually you just use the default. The default round count is ``default\_rounds''. + +\subsection{Setup} +To initialize a cipher (for ECB mode) the function setup() was provided. It accepts an array of key octets ``key'' of length ``keylen'' octets. The user +can specify the number of rounds they want through ``num\_rounds'' where $num\_rounds = 0$ means use the default. The destination of a scheduled key is stored +in ``skey''. + +This is where things get tricky. Currently there is no provision to allocate memory during initialization since there is no ``cipher done'' function. So you have +to either use an existing member of the symmetric\_key union or alias your own structure over top of it provided symmetric\_key is not smaller. + +\subsection{Single block ECB} +To process a single block in ECB mode the ecb\_encrypt() and ecb\_decrypt() functions were provided. The plaintext and ciphertext buffers are allowed to overlap so you +must make sure you do not overwrite the output before you are finished with the input. + +\subsection{Testing} +The test() function is used to self--test the ``device''. It takes no arguments and returns \textbf{CRYPT\_OK} if all is working properly. + +\subsection{Key Sizing} +Occasionally a function will want to find a suitable key size to use since the input is oddly sized. The keysize() function is for this case. It accepts a +pointer to an integer which represents the desired size. The function then has to match it to the exact or a lower key size that is valid for the cipher. For +example, if the input is $25$ and $24$ is valid then it stores $24$ back in the pointed to integer. It must not round up and must return an error if the keysize + cannot be mapped to a valid key size for the cipher. + +\subsection{Acceleration} +The next set of functions cover the accelerated functionality of the cipher descriptor. Any combination of these functions may be set to \textbf{NULL} to indicate +it is not supported. In those cases the software fallbacks are used (using the single ECB block routines). + +\subsubsection{Accelerated ECB} +These two functions are meant for cases where a user wants to encrypt (in ECB mode no less) an array of blocks. These functions are accessed +through the accel\_ecb\_encrypt and accel\_ecb\_decrypt pointers. The ``blocks'' count is the number of complete blocks to process. + +\subsubsection{Accelerated CBC} +These two functions are meant for accelerated CBC encryption. These functions are accessed through the accel\_cbc\_encrypt and accel\_cbc\_decrypt pointers. +The ``blocks'' value is the number of complete blocks to process. The ``IV'' is the CBC initial vector. It is an input upon calling this function and must be +updated by the function before returning. + +\subsubsection{Accelerated CTR} +This function is meant for accelerated CTR encryption. It is accessible through the accel\_ctr\_encrypt pointer. +The ``blocks'' value is the number of complete blocks to process. The ``IV'' is the CTR counter vector. It is an input upon calling this function and must be +updated by the function before returning. The ``mode'' value indicates whether the counter is big ($mode = 1$) or little ($mode = 0$) endian. + +This function (and the way it's called) differs from the other two since ctr\_encrypt() allows any size input plaintext. The accelerator will only be +called if the following conditions are met. + +\begin{enumerate} + \item The accelerator is present + \item The CTR pad is empty + \item The remaining length of the input to process is greater than or equal to the block size. +\end{enumerate} + +The ``CTR pad'' is empty when a multiple (including zero) blocks of text have been processed. That is, if you pass in seven bytes to AES--CTR mode you would have to +pass in a minimum of nine extra bytes before the accelerator could be called. The CTR accelerator must increment the counter (and store it back into the +buffer provided) before encrypting it to create the pad. + +The accelerator will only be used to encrypt whole blocks. Partial blocks are always handled in software. + +\subsubsection{Accelerated CCM} +This function is meant for accelerated CCM encryption or decryption. It processes the entire packet in one call. Note that the setup() function will not +be called prior to this. This function must handle scheduling the key provided on its own. + +\subsubsection{Accelerated GCM} +This function is meant for accelerated GCM encryption or decryption. It processes the entire packet in one call. Note that the setup() function will not +be called prior to this. This function must handle scheduling the key provided on its own. + +\section{One--Way Hashes} +The hash functions are accessed through the ltc\_hash\_descriptor structure. + +\begin{small} +\begin{verbatim} +struct ltc_hash_descriptor { + /** name of hash */ + char *name; + /** internal ID */ + unsigned char ID; + /** Size of digest in octets */ + unsigned long hashsize; + /** Input block size in octets */ + unsigned long blocksize; + /** ASN.1 DER identifier */ + unsigned char DER[64]; + /** Length of DER encoding */ + unsigned long DERlen; + /** Init a hash state + @param hash The hash to initialize + @return CRYPT_OK if successful + */ + int (*init)(hash_state *hash); + /** Process a block of data + @param hash The hash state + @param in The data to hash + @param inlen The length of the data (octets) + @return CRYPT_OK if successful + */ + int (*process)(hash_state *hash, const unsigned char *in, unsigned long inlen); + /** Produce the digest and store it + @param hash The hash state + @param out [out] The destination of the digest + @return CRYPT_OK if successful + */ + int (*done)(hash_state *hash, unsigned char *out); + /** Self-test + @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled + */ + int (*test)(void); +}; +\end{verbatim} +\end{small} + +\subsection{Name} +This is the name the hash is known by and what find\_hash() will look for. + +\subsection{Internal ID} +This is the internal ID byte used to distinguish the hash from other hashes. + +\subsection{Digest Size} +The ``hashsize'' variable indicates the length of the output in octets. + +\subsection{Block Size} +The `blocksize'' variable indicates the length of input (in octets) that the hash processes in a given +invokation. + +\subsection{DER Identifier} +This is the DER identifier (including the SEQUENCE header). This is used solely for PKCS \#1 style signatures. + +\subsection{Initialization} +The init function initializes the hash and prepares it to process message bytes. + +\subsection{Process} +This processes message bytes. The algorithm must accept any length of input that the hash would allow. The input is not +guaranteed to be a multiple of the block size in length. + +\subsection{Done} +The done function terminates the hash and returns the message digest. + +\subsection{Acceleration} +A compatible accelerator must allow processing data in any granularity which may require internal padding on the driver side. + +\section{Pseudo--Random Number Generators} +The pseudo--random number generators are accessible through the ltc\_prng\_descriptor structure. + +\begin{small} +\begin{verbatim} +struct ltc_prng_descriptor { + /** Name of the PRNG */ + char *name; + /** size in bytes of exported state */ + int export_size; + /** Start a PRNG state + @param prng [out] The state to initialize + @return CRYPT_OK if successful + */ + int (*start)(prng_state *prng); + /** Add entropy to the PRNG + @param in The entropy + @param inlen Length of the entropy (octets)\ + @param prng The PRNG state + @return CRYPT_OK if successful + */ + int (*add_entropy)(const unsigned char *in, unsigned long inlen, prng_state *prng); + /** Ready a PRNG state to read from + @param prng The PRNG state to ready + @return CRYPT_OK if successful + */ + int (*ready)(prng_state *prng); + /** Read from the PRNG + @param out [out] Where to store the data + @param outlen Length of data desired (octets) + @param prng The PRNG state to read from + @return Number of octets read + */ + unsigned long (*read)(unsigned char *out, unsigned long outlen, prng_state *prng); + /** Terminate a PRNG state + @param prng The PRNG state to terminate + @return CRYPT_OK if successful + */ + int (*done)(prng_state *prng); + /** Export a PRNG state + @param out [out] The destination for the state + @param outlen [in/out] The max size and resulting size of the PRNG state + @param prng The PRNG to export + @return CRYPT_OK if successful + */ + int (*pexport)(unsigned char *out, unsigned long *outlen, prng_state *prng); + /** Import a PRNG state + @param in The data to import + @param inlen The length of the data to import (octets) + @param prng The PRNG to initialize/import + @return CRYPT_OK if successful + */ + int (*pimport)(const unsigned char *in, unsigned long inlen, prng_state *prng); + /** Self-test the PRNG + @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled + */ + int (*test)(void); +}; +\end{verbatim} +\end{small} + +\subsection{Name} +The name by which find\_prng() will find the PRNG. + +\subsection{Export Size} +When an PRNG state is to be exported for future use you specify the space required in this variable. + +\subsection{Start} +Initialize the PRNG and make it ready to accept entropy. + +\subsection{Entropy Addition} +Add entropy to the PRNG state. The exact behaviour of this function depends on the particulars of the PRNG. + +\subsection{Ready} +This function makes the PRNG ready to read from by processing the entropy added. The behaviour of this function depends +on the specific PRNG used. + +\subsection{Read} +Read from the PRNG and return the number of bytes read. This function does not have to fill the buffer but it is best +if it does as many protocols do not retry reads and will fail on the first try. + +\subsection{Done} +Terminate a PRNG state. The behaviour of this function depends on the particular PRNG used. + +\subsection{Exporting and Importing} +An exported PRNG state is data that the PRNG can later import to resume activity. They're not meant to resume ``the same session'' +but should at least maintain the same level of state entropy. \input{crypt.ind} diff --git a/demos/test.c b/demos/test.c new file mode 100644 index 0000000..290861d --- /dev/null +++ b/demos/test.c @@ -0,0 +1,19 @@ +#include + +int main(void) +{ + reg_algs(); + printf("build == \n%s\n", crypt_build_settings); + printf("\ncipher_test..."); fflush(stdout); printf(cipher_hash_test() ? "failed" : "passed"); + printf("\nmodes_test..."); fflush(stdout); printf(modes_test() ? "failed" : "passed"); + printf("\nmac_test..."); fflush(stdout); printf(mac_test() ? "failed" : "passed"); + printf("\npkcs_1_test..."); fflush(stdout); printf(pkcs_1_test() ? "failed" : "passed"); + printf("\nstore_test..."); fflush(stdout); printf(store_test() ? "failed" : "passed"); + printf("\nrsa_test..."); fflush(stdout); printf(rsa_test() ? "failed" : "passed"); + printf("\necc_test..."); fflush(stdout); printf(ecc_tests() ? "failed" : "passed"); + printf("\ndsa_test..."); fflush(stdout); printf(dsa_test() ? "failed" : "passed"); + printf("\ndh_test..."); fflush(stdout); printf(dh_tests() ? "failed" : "passed"); + printf("\nder_test..."); fflush(stdout); printf(der_tests() ? "failed" : "passed"); + + return EXIT_SUCCESS; +} diff --git a/demos/test/.ccmalloc b/demos/test/.ccmalloc deleted file mode 100644 index 1b0aba2..0000000 --- a/demos/test/.ccmalloc +++ /dev/null @@ -1,356 +0,0 @@ - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - %%%% generic configuration file for %%%% - %%%% the ccmalloc memory profiler %%%% - %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% - - %-----------------------------------------------------------------% - % COPY THIS FILE TO '.ccmalloc' in your project or home directory % - %-----------------------------------------------------------------% - -############################################################################## -## (C) 1997-2003 Armin Biere, 1998 Johannes Keukelaar -## $Id: ccmalloc.cfg,v 1.6 2003/02/03 08:03:54 biere Exp $ -############################################################################## - -%%% '%' and '#' are comments !!!!!!! - -% This file must be called '.ccmalloc' and is searched for in the -% current directory and in the home directory of the user. If it -% does not exist then the default values mentioned below are used. - -% It is also the only available user manual yet ;-) So here is a reading -% hint. First have a look at the short one line descriptions of each option -% ... - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% with 'file' the executable is specified [a.out] -% ---------------------------------------------------------------------- -% This should not be necessary for Linux and Solaris because the proc -% file system can be used to find argv[0]. -% -% (the rest of this comment only applies to other OS) -% -% For other OS you should use this option unless the executable is -% in the current directory or its name is 'a.out'. -% -% If you do not specify this then ccmalloc tries to find an executable -% in the current directory that matches the running program starting -% with 'a.out'. For this process it must call 'nm' on each executable -% file in the directory which may be time consuming. With this option -% you can speed up this process. -% -% You can also specify absolute or relative path names. This is -% necessary if you do not start your program from the current directory. -% But you can also simply link or name your program to 'a.out'. - -%file FILE - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'log' specify the logfile [stderr] -% ---------------------------------------------------------------------- -% The default is to use stderr. The argument to 'log' is the name of -% the file you want to write to. It can also be 'stdout' or '-' which -% sets stdout as logfile. If the logfile is stdout or stderr and is -% connected to a terminal then the output is slightly different. -% -% For big programs the logfile can be really big. To reduce the size -% you can use a small chain length (see 'chain-length' below). The other -% possibility is to use compressed logfiles. This can be done by -% specifying a logfile name with a '.gz' (or a '.Z') suffix. This means -% that gnuzip (resp. compress) is used to compress the output. - -%log FILE - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'logpid' specify the logfile -% ---------------------------------------------------------------------- -% Can be used alternatively to the 'log' command if you want to use -% ccmalloc for debugging parallel applications where several copies of -% the program you are debugging must be run simoultaneously. In this -% case you can not use 'log' because you do not want to write to the same -% log file. Using 'logpid' uses a file name ending with the of -% the process which means the name is unique even if several copies of -% your program are run simoultaneously. -% -% If you use the compressing suffixes then the is inserted before -% the suffix (e.g. 'logpid ccmalloc.log.gz' uses 'ccmalloc.log..gz' -% as the name for the log file). - -%logpid FILE - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'dont-log-chain' skip info about certain chains [] -% ---------------------------------------------------------------------- -% This command may be repeated any number of times. The argument to this -% command is a comma-separated list of function-or-file-and-line -% specifications. Garbage allocated from a callchain that contains this -% subchain anywhere will _not_ be logged. -% -% The ';'-separated list should not contain any spaces. E.g. not: -% -% main ; foo ; bar -% -% but: -% -% main;foo;bar -% -% A function-or-file-and-line specification is a string followed by an -% optional colon and number, for example: main or main:14 or main.c or -% main.c:15. Note that the string is compared with both the function and the -% file name, if available. If main.c happens to be a function name, that -% will cause a match (for that string at least). Not specifying a line -% number will match any line number. If line number information is not -% available, anything will match! Not specifying a name (e.g. ;;;) will -% match an unknown function name. Not giving any parameters at all, will -% match a chain containing at least one unknown function. -% -% Note that if you say 'dont-log-chain wrapper.c' nothing will be logged. - -%dont-log-chain - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'only-log-chain' skip info about other chains [] -% ---------------------------------------------------------------------- -% The obvious counterpart to dont-log-chain. In this case, only matching -% chains will be reported. Non-matching chains will not be reported. -% Can be repeated any number of times; if the chain matches any of the -% instances, it will be reported. - -%only-log-chain - -######################################################################## -# # -# This is the 'flag' section # -# # -# 'set FLAG' is the same as 'set FLAG 1' # -# # -# The default values are those set below. If 'silent' is disabled # -# then you will find the banner in the log file (or it is listed on # -# stdout or stderr). The banner describes the current settings of all # -# these flags. # -# # -######################################################################## - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% with 'only-count' ccmalloc only counts garbage - no call chains [0] -% ---------------------------------------------------------------------- -% If only-count is set to one then only one additional pointer for -% each allocated data is used and no call chain is generated. This is -% the fasted and most space efficient mode ccmalloc can operate -% in. In this mode you get at least the size of garbage produced. -% -% Note that 'check-free-space' does not work at all with 'only-count' -% set and over writes ('check-overwrites') are only checked when -% calling free. - -%set only-count 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'load-dynlibs' load dynamic linked libraries into gdb [0] -% ---------------------------------------------------------------------- -% If your program is linked with dynamic libraries, function and file -% name information is not available for addresses in those libraries, -% unless you set 'load-dynlibs' to 1. - -%set load-dynlibs 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'keep-deallocated-data' does not recycle deallocated data [0] -% ---------------------------------------------------------------------- -% If you enable keep-deallocated-data then all data deallocated with -% 'free' (or 'delete' in C++) is not given back to the free store -% but stays associated with the call chain of its allocation. This is -% very useful if your program does multiple deallocation of the -% same data. - -%set keep-deallocated-data 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'check-overwrites' detect overwrites [0] -% ---------------------------------------------------------------------- -% If you want to detect 'off by n bytes' errors you should set -% 'checking-overwrites' to n/4 (on 32-Bit machines). -% -% ccmalloc inserts a boundary above allocated data. This boundary -% consists of 'check-overwrites' words. If your program writes to -% this area then ccmalloc can detect this (see also check-start -% and check-interval). 'ccmalloc' also does checking for overwrites -% at non word boundaries (e.g. strcpy(malloc(strlen("hello")),"hello");) - -set check-overwrites 1 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'check-underwrites' detect underwrites [0] -% ---------------------------------------------------------------------- -% same with writes below allocated data. You do not have to set this -% option if you only want detect 'off (below) by one' errors because -% ccmalloc keeps a magic value just before the user data. - -set check-underwrites 1 - - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'check-free-space' can be used to find dangling pointers. [0] -% ---------------------------------------------------------------------- -% A very serious type of bug is to write on data that has already been -% freed. If this happens the free space management of malloc is in -% trouble and you will perhaps encounter non deterministic behaviour of -% your program. To test this first enable 'keep-deallocated-data' and -% restart your program. If the problem goes away and ccmalloc does not -% report anything then you should *also* enable 'check-free-space'. Now -% ccmalloc checks already deallocated data for corruption. -% -% Note that to perform this check 'keep-deallocated-data' also must -% be enabled and 'only-count' disabled. - -set check-free-space 1 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'check-interval' can be used to speed up checks [0] -% ---------------------------------------------------------------------- -% If check-overwrite, check-underwrites or check-free-space is set then -% the default is to do 'write checks' when data is deallocated and -% to do 'free space checks' when reporting together with -% 'write checks' for garbage. When you want these checks to be -% performed more often then you should set 'check-interval' to a -% positive number. This number is the interval between the number of -% calls to free or malloc without performing the checks. - -%set check-interval 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'check-start' can be used to speed up checks [0] -% ---------------------------------------------------------------------- -% The flag 'check-start' delays the start of checks until the given -% number of calls to free and malloc have occured. Together with -% 'check-interval' you can use a binary search to find an aproximation -% when a corruption occured! If you simply set check-interval to 1 and -% check-start to 0 then this will slow done your program too much. - -%set check-start 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'silent' disables banner [0] -% ---------------------------------------------------------------------- -% If you don't want to see the banner of ccmalloc then set -% 'silent' to 1 (f.e. when logging to stderr) - -%set silent - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'file-info' en/disables file and line number information [1] -% ---------------------------------------------------------------------- -% If your program was compiled with debugging information (-g) then -% ccmalloc can generate line number and file info for call chains opening -% a pipe to gdb. For very big programs this method is slow. In this case -% you can set 'file-info' to zero and you will only get the function -% names. For SunOS 4.3.1 'nm' does not 'demangle' C++ identifiers -% very well. So gdb is called instead but only if 'file-info' is -% not set to 0. - -%set file-info 1 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'continue' if ccmalloc aborts when something weired happened [0] -% ---------------------------------------------------------------------- -% If the free function of ccmalloc is called with an argument that does -% not make sense to ccmalloc or that has already been freed then you -% probably want the program to stop at this point. This is also -% the default behaviour. But you can force ccmalloc also to ignore -% this if you set 'continue' to 1. This flag also controls the behaviour -% of ccmalloc when free space is found to be corrupted or a write -% boundary has been overwritten. - -%set continue 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'chain-length' is the length of the maximal call chain [0 = infinite] -% ---------------------------------------------------------------------- -% You can restrict the length of call chains by setting 'chain-length' -% to a number greater than zero. If 'chain-length' is zero (the default) -% then chains are as long as possible (on a non x86 system only call -% chains with a finite maximal length can be generated). For big -% programs especially if keep-deallocated-data is enabled this can -% reduce the size of the log file from over 100MB to several MB! - -%set chain-length 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'print-addresses' of data [0] -% ---------------------------------------------------------------------- -% If you want to see the addresses of the allocated data (and -% deallocated data if keep-deallocated-data is set to 1) set -% 'print-addresses' to 1. - -%set print-addresses 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'print-on-one-line' shortens log file [0] -% ---------------------------------------------------------------------- -% The default is to print function names and file/line number info -% on separate lines. With 'print-on-one-line' set 1 all are printed -% on one line. - -%set print-on-one-line 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'additional-line' enlarges readability [1] -% ---------------------------------------------------------------------- -% When printing call chains an empty line is printed between to -% call points. Set 'additional-line' to 0 to disable this feature. - -%set additional-line 1 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% 'statistics' enables more accurate profiling [0] -% ---------------------------------------------------------------------- -% Calculate number of allocations and deallocations and bytes also on -% a per call chain basis. This uses 4 additional pointers for each -% call chain. - -set statistics 1 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% set order for sorting of call chains [1] [1] -% ---------------------------------------------------------------------- -% When printing the report to the log file the call chains are sorted by -% default with respect to the largest accumulated garbage produced by -% that call chain. This can be changed with setting 'sort-by-wasted' -% to 0. In this case they are sorted by the number of allocated bytes. -% If you want the number of allocations (only possible if 'statistics' -% is enabled) as sorting criteria instead then set 'sort-by-size' to 0. - -%set sort-by-wasted 1 -%set sort-by-size 1 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% report library chains [0] -% ---------------------------------------------------------------------- -% Some external libraries (like libg++) have memory leaks. On some -% systems even a call to printf produces a leak. ccmalloc tries to -% detect this (only heuristically!) and with this flag you can control -% if leaks produced by such library calls are reported. -% -% Since version 0.2.1 some similar effect can be achieved by using -% 'dont-log-chain' with no argument. - -%set library-chains 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% print debugging information [X] (compile time dependend) -% ---------------------------------------------------------------------- - -%set debug X - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% align memory on 8 byte boundary [0] (no effect on SunOS or Solaris) -% ---------------------------------------------------------------------- - -%set align-8-byte 0 - -%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% -% only report allocations which ended up being wasted (i.e don't report -% allocations which were completely freed properly. ) [1] -% ---------------------------------------------------------------------- - -%set only-wasting-alloc 1 diff --git a/demos/test/mac_test.c b/demos/test/mac_test.c deleted file mode 100644 index 52e75d8..0000000 --- a/demos/test/mac_test.c +++ /dev/null @@ -1,12 +0,0 @@ -/* test pmac/omac/hmac */ -#include "test.h" - -int mac_test(void) -{ - DO(hmac_test()); - DO(pmac_test()); - DO(omac_test()); - DO(eax_test()); - DO(ocb_test()); - return 0; -} diff --git a/demos/test/makefile b/demos/test/makefile deleted file mode 100644 index 7351548..0000000 --- a/demos/test/makefile +++ /dev/null @@ -1,25 +0,0 @@ -# make test harness, it is good. -CFLAGS += -Wall -W -Os -I../../src/headers/ -I./ - -# add -g3 for ccmalloc debugging -#CFLAGS += -g3 - -# if you're not debugging -CFLAGS += -fomit-frame-pointer - -default: test - -OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \ -pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o - -#uncomment this to get heap checking [e.g. memory leaks]. Note -#that you *MUST* build libtomcrypt.a with -g3 enabled [and make install it] -# -# -#CCMALLOC = -lccmalloc -ldl - -test: $(OBJECTS) - $(CC) $(CFLAGS) $(OBJECTS) /usr/lib/libtomcrypt.a $(CCMALLOC) -o test - -clean: - rm -rf test *.o *.obj *.exe *~ .libs diff --git a/demos/test/makefile.icc b/demos/test/makefile.icc deleted file mode 100644 index b69c997..0000000 --- a/demos/test/makefile.icc +++ /dev/null @@ -1,14 +0,0 @@ -# make test harness, it is good. -CFLAGS += -O3 -xN -ip -I../../src/headers/ -I./ -CC=icc - -default: test - -OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \ -pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o - -test: $(OBJECTS) - $(CC) $(OBJECTS) -ltomcrypt -o test - -clean: - rm -f test *.o *~ diff --git a/demos/test/makefile.msvc b/demos/test/makefile.msvc deleted file mode 100644 index 7d04b86..0000000 --- a/demos/test/makefile.msvc +++ /dev/null @@ -1,14 +0,0 @@ -# make test harness, it is good. -CFLAGS = $(CFLAGS) /W3 /Ox /I../../src/headers/ /I./ - -default: test.exe - -OBJECTS = test.obj cipher_hash_test.obj mac_test.obj modes_test.obj \ -pkcs_1_test.obj store_test.obj rsa_test.obj ecc_test.obj dsa_test.c dh_tests.obj der_tests.obj - - -test.exe: $(OBJECTS) - cl $(OBJECTS) tomcrypt.lib advapi32.lib - -clean: - rm -f test.exe *.obj *~ diff --git a/demos/test/makefile.shared b/demos/test/makefile.shared deleted file mode 100644 index 9f46713..0000000 --- a/demos/test/makefile.shared +++ /dev/null @@ -1,19 +0,0 @@ -# make test harness, it is good. -CFLAGS += -Wall -W -Os -I../../src/headers/ -I./ - -# if you're not debugging -CFLAGS += -fomit-frame-pointer - -default: test - -#if you don't have mpi.o -#MPISHARED=-ltommath - -OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \ -pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o - -test: $(OBJECTS) - libtool --mode=link gcc $(CFLAGS) $(OBJECTS) -o test -ltomcrypt $(MPISHARED) - -clean: - rm -f test *.o *.obj *.exe *~ diff --git a/demos/test/test.c b/demos/test/test.c deleted file mode 100644 index b28990d..0000000 --- a/demos/test/test.c +++ /dev/null @@ -1,271 +0,0 @@ -#include "test.h" - -test_entry tests[26]; - -test_entry test_list[26] = { - -/* test name provides requires entry */ -{"store_test", "a", "", store_test }, -{"cipher_hash_test", "b", "a", cipher_hash_test }, -{"modes_test", "c", "b", modes_test }, -{"mac_test", "d", "c", mac_test }, -{"der_test", "e", "", der_tests }, - -{"pkcs_1_test", "f", "e", pkcs_1_test }, -{"rsa_test", "g", "e", rsa_test }, -{"ecc_test", "h", "a", ecc_tests }, -{"dsa_test", "i", "a", dsa_test }, -{"dh_test", "j", "a", dh_tests }, - -{NULL, NULL, NULL, NULL} -}; - -prng_state test_yarrow; -static int current_test; - -void run_cmd(int res, int line, char *file, char *cmd) -{ - if (res != CRYPT_OK) { - fprintf(stderr, "[%s]: %s (%d)\n%s:%d:%s\n", tests[current_test].name, error_to_string(res), res, file, line, cmd); - exit(EXIT_FAILURE); - } -} - -void register_algs(void) -{ - int err; - -#ifdef RIJNDAEL - register_cipher (&aes_desc); -#endif -#ifdef BLOWFISH - register_cipher (&blowfish_desc); -#endif -#ifdef XTEA - register_cipher (&xtea_desc); -#endif -#ifdef RC5 - register_cipher (&rc5_desc); -#endif -#ifdef RC6 - register_cipher (&rc6_desc); -#endif -#ifdef SAFERP - register_cipher (&saferp_desc); -#endif -#ifdef TWOFISH - register_cipher (&twofish_desc); -#endif -#ifdef SAFER - register_cipher (&safer_k64_desc); - register_cipher (&safer_sk64_desc); - register_cipher (&safer_k128_desc); - register_cipher (&safer_sk128_desc); -#endif -#ifdef RC2 - register_cipher (&rc2_desc); -#endif -#ifdef DES - register_cipher (&des_desc); - register_cipher (&des3_desc); -#endif -#ifdef CAST5 - register_cipher (&cast5_desc); -#endif -#ifdef NOEKEON - register_cipher (&noekeon_desc); -#endif -#ifdef SKIPJACK - register_cipher (&skipjack_desc); -#endif -#ifdef KHAZAD - register_cipher (&khazad_desc); -#endif -#ifdef ANUBIS - register_cipher (&anubis_desc); -#endif - -#ifdef TIGER - register_hash (&tiger_desc); -#endif -#ifdef MD2 - register_hash (&md2_desc); -#endif -#ifdef MD4 - register_hash (&md4_desc); -#endif -#ifdef MD5 - register_hash (&md5_desc); -#endif -#ifdef SHA1 - register_hash (&sha1_desc); -#endif -#ifdef SHA256 - register_hash (&sha256_desc); -#endif -#ifdef SHA224 - register_hash (&sha224_desc); -#endif -#ifdef SHA384 - register_hash (&sha384_desc); -#endif -#ifdef SHA512 - register_hash (&sha512_desc); -#endif -#ifdef RIPEMD128 - register_hash (&rmd128_desc); -#endif -#ifdef RIPEMD160 - register_hash (&rmd160_desc); -#endif -#ifdef WHIRLPOOL - register_hash (&whirlpool_desc); -#endif -#ifdef CHC_HASH - register_hash(&chc_desc); - if ((err = chc_register(register_cipher(&aes_enc_desc))) != CRYPT_OK) { - printf("chc_register error: %s\n", error_to_string(err)); - exit(EXIT_FAILURE); - } -#endif - - -#ifdef YARROW - register_prng(&yarrow_desc); -#endif -#ifdef FORTUNA - register_prng(&fortuna_desc); -#endif -#ifdef RC4 - register_prng(&rc4_desc); -#endif -#ifdef SPRNG - register_prng(&sprng_desc); -#endif -#ifdef SOBER128 - register_prng(&sober128_desc); -#endif -} - -/* sort tests based on their requirement/services. Helps make sure dependencies are tested first */ -void sort(void) -{ - unsigned x, y, z, a, pidx[26]; - - /* find out where things are provided */ - zeromem(pidx, sizeof(pidx)); - z = 0; - do { - y = 0; - for (x = 0; test_list[x].name != NULL; x++) { - if (test_list[x].entry == NULL) continue; - if (strlen(test_list[x].prov) == 0) { - y = 1; - tests[z++] = test_list[x]; test_list[x].entry = NULL; - pidx[test_list[x].prov[0]-'a'] = 1; - break; - } else { - for (a = 0; a < strlen(test_list[x].req); a++) { - if (pidx[test_list[x].req[a]-'a'] == 0) break; - } - if (a == strlen(test_list[x].req)) { - y = 1; - tests[z++] = test_list[x]; test_list[x].entry = NULL; - pidx[test_list[x].prov[0]-'a'] = 1; - break; - } - } - } - } while (y == 1); -} - -#define STACKBLOCK 8 -#define STACK_EST_USAGE 32768 - -unsigned char stack_mask[STACKBLOCK]; -unsigned long stack_cur=0; - -void stack_masker(void) -{ -#ifdef STACK_TEST - volatile unsigned char M[STACK_EST_USAGE]; - stack_cur = 0; - for (stack_cur = 0; stack_cur < STACK_EST_USAGE/STACKBLOCK; stack_cur++) { - memcpy(M+(stack_cur*STACKBLOCK), stack_mask, STACKBLOCK); - } -#endif -} - -void stack_check(void) -{ -#ifdef STACK_TEST - unsigned char M[STACK_EST_USAGE]; - stack_cur = 0; -#ifdef STACK_DOWN - while (memcmp(M+(STACK_EST_USAGE-STACKBLOCK-stack_cur), stack_mask, STACKBLOCK) && -#else - while (memcmp(M+stack_cur, stack_mask, STACKBLOCK) && -#endif - stack_cur < (STACK_EST_USAGE - STACKBLOCK)) { - ++stack_cur; - } -#endif -} - -int main(void) -{ - int x; - unsigned char buf[16]; - - /* setup stack checker */ - srand(time(NULL)); - for (x = 0; x < STACKBLOCK; x++) { - stack_mask[x] = rand() & 255; - } - stack_masker(); - - printf("Built with\n%s\n", crypt_build_settings); - - sort(); - register_algs(); - - // start dummy yarrow for internal use - DO(yarrow_start(&test_yarrow)); - sprng_read(buf, 16, NULL); - DO(yarrow_add_entropy(buf, 16, &test_yarrow)); - DO(yarrow_ready(&test_yarrow)); - - // output sizes (this will crash MSVC... go figure.) -#ifndef _MSC_VER - printf("Sizes of objects (in bytes)\n"); - printf("\tsymmetric_key\t=\t%5Zu\n", sizeof(symmetric_key)); - printf("\thash_state\t=\t%5Zu\n", sizeof(hash_state)); - printf("\thmac_state\t=\t%5Zu\n", sizeof(hmac_state)); - printf("\tomac_state\t=\t%5Zu\n", sizeof(omac_state)); - printf("\tpmac_state\t=\t%5Zu\n", sizeof(pmac_state)); - printf("\tocb_state\t=\t%5Zu\n", sizeof(ocb_state)); - printf("\teax_state\t=\t%5Zu\n", sizeof(eax_state)); - printf("\tmp_int\t\t=\t%5Zu\n", sizeof(mp_int)); -#ifdef MRSA - printf("\trsa_key\t\t=\t%5Zu\n", sizeof(rsa_key)); -#endif -#ifdef MDSA - printf("\tdsa_key\t\t=\t%5Zu\n", sizeof(dsa_key)); -#endif -#ifdef MDH - printf("\tdh_key\t\t=\t%5Zu\n", sizeof(dh_key)); -#endif -#ifdef MECC - printf("\tecc_key\t\t=\t%5Zu\n", sizeof(ecc_key)); -#endif - printf("\n\n"); -#endif - - // do tests - for (current_test = 0; tests[current_test].name != NULL; current_test++) { - printf("[%-20s]: ", tests[current_test].name); fflush(stdout); - printf("\t%s\n", tests[current_test].entry()==0?"passed":"failed"); - } - - return 0; -} diff --git a/demos/test/test.h b/demos/test/test.h deleted file mode 100644 index 9c0ed6f..0000000 --- a/demos/test/test.h +++ /dev/null @@ -1,41 +0,0 @@ - -#ifndef __TEST_H_ -#define __TEST_H_ - -#include "tomcrypt.h" - -/* enable stack testing */ -// #define STACK_TEST - -/* stack testing, define this if stack usage goes downwards [e.g. x86] */ -#define STACK_DOWN - -typedef struct { - char *name, *prov, *req; - int (*entry)(void); -} test_entry; - -extern prng_state test_yarrow; - - -void stack_masker(void); -void stack_check(void); -extern unsigned long stack_cur; -#define stack_chk(x) { stack_check(); if (stack_cur >= 1024) { fprintf(stderr, " Warning: Stack usage of %lu in %s, %s:%d\n", stack_cur, x, __FILE__, __LINE__); } } - -void run_cmd(int res, int line, char *file, char *cmd); -#define DO(x) { stack_masker(); run_cmd((x), __LINE__, __FILE__, #x); stack_chk(#x); } - -/* TESTS */ -int cipher_hash_test(void); -int modes_test(void); -int mac_test(void); -int pkcs_1_test(void); -int store_test(void); -int rsa_test(void); -int ecc_tests(void); -int dsa_test(void); -int dh_tests(void); -int der_tests(void); - -#endif diff --git a/demos/timing.c b/demos/timing.c new file mode 100644 index 0000000..54c0462 --- /dev/null +++ b/demos/timing.c @@ -0,0 +1,23 @@ +#include + +int main(void) +{ +init_timer(); +reg_algs(); +time_keysched(); +time_cipher(); +time_cipher2(); +time_cipher3(); +time_hash(); +time_macs(); +time_encmacs(); +time_prng(); +time_mult(); +time_sqr(); +time_rsa(); +time_ecc(); +time_dh(); + +return EXIT_SUCCESS; + +} diff --git a/demos/tv_gen.c b/demos/tv_gen.c index 5a778d0..c37d1af 100644 --- a/demos/tv_gen.c +++ b/demos/tv_gen.c @@ -501,6 +501,127 @@ void ocb_gen(void) fclose(out); } + +void ccm_gen(void) +{ + int err, kl, x, y1, z; + FILE *out; + unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], + plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE]; + unsigned long len; + + out = fopen("ccm_tv.txt", "w"); + fprintf(out, "CCM Test Vectors. Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key. The outputs\n" + "are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous\n" + "step repeated sufficiently. The nonce is fixed throughout at 13 bytes 000102...\n\n"); + + for (x = 0; cipher_descriptor[x].name != NULL; x++) { + kl = cipher_descriptor[x].block_length; + + /* skip ciphers which do not have 128 bit block sizes */ + if (kl != 16) continue; + + if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) { + kl = cipher_descriptor[x].max_key_length; + } + fprintf(out, "CCM-%s (%d byte key)\n", cipher_descriptor[x].name, kl); + + /* the key */ + for (z = 0; z < kl; z++) { + key[z] = (z & 255); + } + + /* fixed nonce */ + for (z = 0; z < cipher_descriptor[x].block_length; z++) { + nonce[z] = z; + } + + for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){ + for (z = 0; z < y1; z++) { + plaintext[z] = (unsigned char)(z & 255); + } + len = sizeof(tag); + if ((err = ccm_memory(x, key, kl, nonce, 13, plaintext, y1, plaintext, y1, plaintext, tag, &len, CCM_ENCRYPT)) != CRYPT_OK) { + printf("Error CCM'ing: %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } + fprintf(out, "%3d: ", y1); + for (z = 0; z < y1; z++) { + fprintf(out, "%02X", plaintext[z]); + } + fprintf(out, ", "); + for (z = 0; z <(int)len; z++) { + fprintf(out, "%02X", tag[z]); + } + fprintf(out, "\n"); + + /* forward the key */ + for (z = 0; z < kl; z++) { + key[z] = tag[z % len]; + } + } + fprintf(out, "\n"); + } + fclose(out); +} + +void gcm_gen(void) +{ + int err, kl, x, y1, z; + FILE *out; + unsigned char key[MAXBLOCKSIZE], plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE]; + unsigned long len; + + out = fopen("gcm_tv.txt", "w"); + fprintf(out, "GCM Test Vectors. Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key. The outputs\n" + "are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous\n" + "step repeated sufficiently. The nonce is fixed throughout at 13 bytes 000102...\n\n"); + + for (x = 0; cipher_descriptor[x].name != NULL; x++) { + kl = cipher_descriptor[x].block_length; + + /* skip ciphers which do not have 128 bit block sizes */ + if (kl != 16) continue; + + if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) { + kl = cipher_descriptor[x].max_key_length; + } + fprintf(out, "GCM-%s (%d byte key)\n", cipher_descriptor[x].name, kl); + + /* the key */ + for (z = 0; z < kl; z++) { + key[z] = (z & 255); + } + + for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){ + for (z = 0; z < y1; z++) { + plaintext[z] = (unsigned char)(z & 255); + } + len = sizeof(tag); + if ((err = gcm_memory(x, key, kl, plaintext, y1, plaintext, y1, plaintext, y1, plaintext, tag, &len, GCM_ENCRYPT)) != CRYPT_OK) { + printf("Error GCM'ing: %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } + fprintf(out, "%3d: ", y1); + for (z = 0; z < y1; z++) { + fprintf(out, "%02X", plaintext[z]); + } + fprintf(out, ", "); + for (z = 0; z <(int)len; z++) { + fprintf(out, "%02X", tag[z]); + } + fprintf(out, "\n"); + + /* forward the key */ + for (z = 0; z < kl; z++) { + key[z] = tag[z % len]; + } + } + fprintf(out, "\n"); + } + fclose(out); +} + void base64_gen(void) { FILE *out; @@ -530,6 +651,8 @@ int main(void) printf("Generating PMAC vectors..."); fflush(stdout); pmac_gen(); printf("done\n"); printf("Generating EAX vectors..."); fflush(stdout); eax_gen(); printf("done\n"); printf("Generating OCB vectors..."); fflush(stdout); ocb_gen(); printf("done\n"); + printf("Generating CCM vectors..."); fflush(stdout); ccm_gen(); printf("done\n"); + printf("Generating GCM vectors..."); fflush(stdout); gcm_gen(); printf("done\n"); printf("Generating BASE64 vectors..."); fflush(stdout); base64_gen(); printf("done\n"); return 0; } diff --git a/doc/crypt.pdf b/doc/crypt.pdf index 760d734..b687065 100644 Binary files a/doc/crypt.pdf and b/doc/crypt.pdf differ diff --git a/genlist.sh b/genlist.sh index ddc252c..73daa1d 100644 --- a/genlist.sh +++ b/genlist.sh @@ -1,6 +1,6 @@ #!/bin/bash # aes_tab.o is a pseudo object as it's made from aes.o and MPI is optional export a=`echo -n "src/ciphers/aes/aes_enc.o *(MPIOBJECT) " ; find . -type f | sort | grep "[.]/src" | grep "[.]c" | grep -v "sha224" | grep -v "sha384" | grep -v "aes_tab" | grep -v "twofish_tab" | grep -v "whirltab" | grep -v "dh_sys" | grep -v "ecc_sys" | grep -v "mpi[.]c" | grep -v "sober128tab" | sed -e 'sE\./EE' | sed -e 's/\.c/\.o/' | xargs` -./parsenames.pl OBJECTS "$a" +perl ./parsenames.pl OBJECTS "$a" export a=`find . -type f | grep [.]/src | grep [.]h | sed -e 'se\./ee' | xargs` -./parsenames.pl HEADERS "$a" +perl ./parsenames.pl HEADERS "$a" diff --git a/makefile b/makefile index 9d97805..7562570 100644 --- a/makefile +++ b/makefile @@ -4,7 +4,7 @@ # Modified by Clay Culver # The version -VERSION=1.00 +VERSION=1.01 # Compiler and Linker Names #CC=gcc @@ -15,20 +15,20 @@ VERSION=1.00 #ARFLAGS=r # Compilation flags. Note the += does not write over the user's CFLAGS! -CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow +CFLAGS += -c -I./testprof/ -I./src/headers/ -Wall -Wsign-compare -W -Wshadow -Wno-unused-parameter # additional warnings (newer GCC 3.4 and higher) #CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \ # -Wmissing-declarations -Wpointer-arith # optimize for SPEED -#CFLAGS += -O3 -funroll-all-loops +CFLAGS += -O3 -funroll-loops # add -fomit-frame-pointer. hinders debugging! CFLAGS += -fomit-frame-pointer # optimize for SIZE -CFLAGS += -Os -DLTC_SMALL_CODE +#CFLAGS += -Os -DLTC_SMALL_CODE # older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros # define this to help @@ -39,12 +39,15 @@ CFLAGS += -Os -DLTC_SMALL_CODE #Output filenames for various targets. LIBNAME=libtomcrypt.a +LIBTEST=testprof/libtomcrypt_prof.a HASH=hashsum CRYPT=encrypt SMALL=small PROF=x86_prof TV=tv_gen MULTI=multi +TIMING=timing +TEST=test #LIBPATH-The directory for libtomcrypt to be installed to. #INCPATH-The directory to install the header files for libtomcrypt. @@ -56,93 +59,94 @@ DATAPATH=/usr/share/doc/libtomcrypt/pdf #Who do we install as? USER=root -GROUP=root +GROUP=wheel #List of objects to compile. #Leave MPI built-in or force developer to link against libtommath? MPIOBJECT=src/misc/mpi/mpi.o - -OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \ -src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \ -src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \ -src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \ -src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \ -src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \ -src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \ -src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \ -src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \ -src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ -src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \ -src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \ -src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ -src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \ -src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \ -src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \ -src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \ -src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \ -src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \ -src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \ -src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \ -src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \ -src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \ -src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \ -src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \ -src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \ -src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \ -src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \ -src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \ -src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \ -src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \ -src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \ -src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \ -src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \ -src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \ -src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \ -src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \ -src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \ -src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \ -src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \ -src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \ -src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \ -src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \ -src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \ -src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \ -src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \ -src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \ +OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \ +src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \ +src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \ +src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \ +src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \ +src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \ +src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \ +src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \ +src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \ +src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \ +src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \ +src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ +src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ +src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ +src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ +src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \ +src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \ +src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \ +src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \ +src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \ +src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \ +src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \ +src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \ +src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \ +src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \ +src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \ +src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \ +src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \ +src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \ +src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \ +src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \ +src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \ +src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \ +src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \ +src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \ +src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \ +src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \ +src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \ +src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \ +src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \ +src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \ +src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \ +src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \ +src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \ +src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \ src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \ -src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \ -src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \ -src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \ -src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \ +src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \ +src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \ +src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \ +src/modes/ofb/ofb_start.o src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \ src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \ -src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \ -src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \ -src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ -src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \ -src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \ -src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \ -src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ -src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \ -src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \ -src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \ -src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \ -src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \ -src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \ -src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \ -src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \ -src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \ -src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \ -src/prngs/sprng.o src/prngs/yarrow.o +src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ +src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o \ +src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \ +src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ +src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ +src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v15_es_decode.o \ +src/pk/pkcs1/pkcs_1_v15_es_encode.o src/pk/pkcs1/pkcs_1_v15_sa_decode.o \ +src/pk/pkcs1/pkcs_1_v15_sa_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ +src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \ +src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_v15_decrypt_key.o \ +src/pk/rsa/rsa_v15_encrypt_key.o src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \ +src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \ +src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o + +HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \ +src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \ +src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \ +src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \ +src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \ +src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \ +src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h TESTOBJECTS=demos/test.o HASHOBJECTS=demos/hashsum.o CRYPTOBJECTS=demos/encrypt.o SMALLOBJECTS=demos/small.o -PROFS=demos/x86_prof.o TVS=demos/tv_gen.o MULTIS=demos/multi.o +TIMINGS=demos/timing.o +TESTS=demos/test.o #Files left over from making the crypt.pdf. LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out @@ -150,12 +154,6 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out #Compressed filenames COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip -#Header files used by libtomcrypt. -HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \ -src/headers/tomcrypt_misc.h src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h src/headers/tomcrypt_hash.h \ -src/headers/tomcrypt_macros.h src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \ -src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h - #The default rule for make builds the libtomcrypt library. default:library @@ -173,7 +171,10 @@ src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c #This rule makes the libtomcrypt library. -library: $(LIBNAME) +library: $(LIBTEST) $(LIBNAME) + +$(LIBTEST): + cd testprof ; CFLAGS="$(CFLAGS)" make $(LIBNAME): $(OBJECTS) $(AR) $(ARFLAGS) $@ $(OBJECTS) @@ -191,14 +192,18 @@ crypt: library $(CRYPTOBJECTS) small: library $(SMALLOBJECTS) $(CC) $(SMALLOBJECTS) $(LIBNAME) -o $(SMALL) $(WARN) -x86_prof: library $(PROFS) - $(CC) $(PROFS) $(LIBNAME) $(EXTRALIBS) -o $(PROF) - tv_gen: library $(TVS) $(CC) $(TVS) $(LIBNAME) $(EXTRALIBS) -o $(TV) multi: library $(MULTIS) - $(CC) $(MULTIS) $(LIBNAME) -o multi + $(CC) $(MULTIS) $(LIBNAME) -o $(MULTI) + +timing: library $(TIMINGS) + $(CC) $(TIMINGS) $(LIBTEST) $(LIBNAME) -o $(TIMING) + +test: library $(TESTS) + $(CC) $(TESTS) $(LIBTEST) $(LIBNAME) -o $(TEST) + #This rule installs the library and the header files. This must be run #as root in order to have a high enough permission to write to the correct @@ -227,10 +232,14 @@ clean: rm -f `find . -type f | grep "[.]obj" | xargs` rm -f `find . -type f | grep "[.]lib" | xargs` rm -f `find . -type f | grep "[.]exe" | xargs` + rm -f `find . -type f | grep "[.]gcda" | xargs` + rm -f `find . -type f | grep "[.]gcno" | xargs` + rm -f `find . -type f | grep "[.]il" | xargs` + rm -f `find . -type f | grep "[.]dyn" | xargs` + rm -f `find . -type f | grep "[.]dpi" | xargs` rm -rf `find . -type d | grep "[.]libs" | xargs` rm -f crypt.aux crypt.dvi crypt.idx crypt.ilg crypt.ind crypt.log crypt.toc - rm -f $(TV) $(PROF) $(SMALL) $(CRYPT) $(HASHSUM) $(MULTI) - cd demos/test ; make clean + rm -f $(TV) $(PROF) $(SMALL) $(CRYPT) $(HASHSUM) $(MULTI) $(TIMING) $(TEST) rm -rf doc/doxygen rm -f doc/*.pdf @@ -262,18 +271,15 @@ docdvi: crypt.tex makeindex crypt.idx latex crypt > /dev/null -#for GCC 3.4+ -profiled: - make clean - make CFLAGS="$(CFLAGS) -fprofile-generate" EXTRALIBS=-lgcov x86_prof - ./x86_prof - rm *.o *.a x86_prof - make CFLAGS="$(CFLAGS) -fprofile-use" EXTRALIBS=-lgcov x86_prof - #zipup the project (take that!) -zipup: clean docs +no_oops: clean + cd .. ; cvs commit + +zipup: no_oops docs cd .. ; rm -rf crypt* libtomcrypt-$(VERSION) ; mkdir libtomcrypt-$(VERSION) ; \ cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)/ ; \ - tar -cjvf crypt-$(VERSION).tar.bz2 libtomcrypt-$(VERSION)/* ; \ - zip -9 -r crypt-$(VERSION).zip libtomcrypt-$(VERSION)/* ; \ - gpg -b -a crypt-$(VERSION).tar.bz2 ; gpg -b -a crypt-$(VERSION).zip + cd libtomcrypt-$(VERSION) ; rm -rf `find . -type d | grep CVS | xargs` ; cd .. ; \ + tar -cjvf crypt-$(VERSION).tar.bz2 libtomcrypt-$(VERSION) ; \ + zip -9r crypt-$(VERSION).zip libtomcrypt-$(VERSION) ; \ + gpg -b -a crypt-$(VERSION).tar.bz2 ; gpg -b -a crypt-$(VERSION).zip ; \ + mv -fv crypt* ~ ; rm -rf libtomcrypt-$(VERSION) diff --git a/makefile.cygwin_dll b/makefile.cygwin_dll deleted file mode 100644 index a1f3696..0000000 --- a/makefile.cygwin_dll +++ /dev/null @@ -1,117 +0,0 @@ -#makefile for Cygwin [makes a .dll] - -default: ltc_dll - - -# Compilation flags. Note the += does not write over the user's CFLAGS! -CFLAGS += -I./src/headers/ -Wall -Wsign-compare -W -Wno-unused -Wshadow -mno-cygwin -DWIN32 -DLTC_NO_ROLC - -# optimize for SPEED -CFLAGS += -O3 -funroll-all-loops - -#add -fomit-frame-pointer. v3.2 is buggy for certain platforms! -CFLAGS += -fomit-frame-pointer - -# optimize for SIZE -#CFLAGS += -Os - -#Leave MPI built-in or force developer to link against libtommath? -MPIOBJECT=src/misc/mpi/mpi.o - -OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \ -src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \ -src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \ -src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \ -src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \ -src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \ -src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \ -src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \ -src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \ -src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ -src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \ -src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \ -src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ -src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \ -src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \ -src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \ -src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \ -src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \ -src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \ -src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \ -src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \ -src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \ -src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \ -src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \ -src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \ -src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \ -src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \ -src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \ -src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \ -src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \ -src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \ -src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \ -src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \ -src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \ -src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \ -src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \ -src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \ -src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \ -src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \ -src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \ -src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \ -src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \ -src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \ -src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \ -src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \ -src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \ -src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \ -src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \ -src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \ -src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \ -src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \ -src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \ -src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \ -src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \ -src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \ -src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ -src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \ -src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \ -src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \ -src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ -src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \ -src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \ -src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \ -src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \ -src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \ -src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \ -src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \ -src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \ -src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \ -src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \ -src/prngs/sprng.o src/prngs/yarrow.o - -#Header files used by libtomcrypt. -HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \ -src/headers/tomcrypt_misc.h src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h src/headers/tomcrypt_hash.h \ -src/headers/tomcrypt_macros.h src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \ -src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h - -#ciphers come in two flavours... enc+dec and enc -src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c - $(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o - -#These are the rules to make certain object files. -src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c -src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c -src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c -src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c -src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c -src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c -src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c - -ltc_dll: $(OBJECTS) $(MPIOBJECT) - gcc -mno-cygwin -mdll -o libtomcrypt.dll -Wl,--out-implib=libtomcrypt.dll.a -Wl,--export-all-symbols `find . -type f | grep [.]o | xargs` -ladvapi32 - ranlib libtomcrypt.dll.a - cp -fv src/headers/* /usr/include - cp -fv *.a /usr/lib - cp -fv *.dll /usr/bin diff --git a/makefile.icc b/makefile.icc index cd01c0b..41848dc 100644 --- a/makefile.icc +++ b/makefile.icc @@ -41,7 +41,7 @@ default:library # B - Blend of P4 and PM [mobile] # # Default to just generic max opts -CFLAGS += -O3 -xN -ip +CFLAGS += -O3 -xP -ip # want to see stuff? #CFLAGS += -opt_report @@ -50,11 +50,15 @@ CFLAGS += -O3 -xN -ip #Output filenames for various targets. LIBNAME=libtomcrypt.a +LIBTEST=testprof/libtomcrypt_prof.a HASH=hashsum CRYPT=encrypt SMALL=small PROF=x86_prof TV=tv_gen +MULTI=multi +TIMING=timing +TEST=test #LIBPATH-The directory for libtomcrypt to be installed to. #INCPATH-The directory to install the header files for libtomcrypt. @@ -69,77 +73,78 @@ DATAPATH=/usr/share/doc/libtomcrypt/pdf #Leave MPI built-in or force developer to link against libtommath? MPIOBJECT=src/misc/mpi/mpi.o -OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \ -src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \ -src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \ -src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \ -src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \ -src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \ -src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \ -src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \ -src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \ -src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ -src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \ -src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \ -src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ -src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \ -src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \ -src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \ -src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \ -src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \ -src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \ -src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \ -src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \ -src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \ -src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \ -src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \ -src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \ -src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \ -src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \ -src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \ -src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \ -src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \ -src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \ -src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \ -src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \ -src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \ -src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \ -src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \ -src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \ -src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \ -src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \ -src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \ -src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \ -src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \ -src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \ -src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \ -src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \ -src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \ -src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \ +OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \ +src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \ +src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \ +src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \ +src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \ +src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \ +src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \ +src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \ +src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \ +src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \ +src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \ +src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ +src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ +src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ +src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ +src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \ +src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \ +src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \ +src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \ +src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \ +src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \ +src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \ +src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \ +src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \ +src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \ +src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \ +src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \ +src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \ +src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \ +src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \ +src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \ +src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \ +src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \ +src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \ +src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \ +src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \ +src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \ +src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \ +src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \ +src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \ +src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \ +src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \ +src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \ +src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \ +src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \ src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \ -src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \ -src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \ -src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \ -src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \ +src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \ +src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \ +src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \ +src/modes/ofb/ofb_start.o src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \ src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \ -src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \ -src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \ -src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ -src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \ -src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \ -src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \ -src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ -src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \ -src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \ -src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \ -src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \ -src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \ -src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \ -src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \ -src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \ -src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \ -src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \ -src/prngs/sprng.o src/prngs/yarrow.o +src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ +src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o \ +src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \ +src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ +src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ +src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v15_es_decode.o \ +src/pk/pkcs1/pkcs_1_v15_es_encode.o src/pk/pkcs1/pkcs_1_v15_sa_decode.o \ +src/pk/pkcs1/pkcs_1_v15_sa_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ +src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \ +src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_v15_decrypt_key.o \ +src/pk/rsa/rsa_v15_encrypt_key.o src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \ +src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \ +src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o + +HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \ +src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \ +src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \ +src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \ +src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \ +src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \ +src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h #ciphers come in two flavours... enc+dec and enc aes_enc.o: aes.c aes_tab.c @@ -148,8 +153,9 @@ aes_enc.o: aes.c aes_tab.c HASHOBJECTS=demos/hashsum.o CRYPTOBJECTS=demos/encrypt.o SMALLOBJECTS=demos/small.o -PROFS=demos/x86_prof.o TVS=demos/tv_gen.o +TIMINGS=demos/timing.o +TESTS=demos/test.o #Files left over from making the crypt.pdf. LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind @@ -157,12 +163,6 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind #Compressed filenames COMPRESSED=crypt.tar.bz2 crypt.zip crypt.tar.gz -#Header files used by libtomcrypt. -HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \ -src/headers/tomcrypt_misc.h src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h src/headers/tomcrypt_hash.h \ -src/headers/tomcrypt_macros.h src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \ -src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h - #ciphers come in two flavours... enc+dec and enc src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c $(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o @@ -177,7 +177,10 @@ src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c #This rule makes the libtomcrypt library. -library: $(LIBNAME) +library: $(LIBTEST) $(LIBNAME) + +$(LIBTEST): + cd testprof ; make -f makefile.icc $(LIBNAME): $(OBJECTS) $(AR) $(ARFLAGS) $@ $(OBJECTS) @@ -195,19 +198,14 @@ crypt: library $(CRYPTOBJECTS) small: library $(SMALLOBJECTS) $(CC) $(SMALLOBJECTS) $(LIBNAME) -o $(SMALL) $(WARN) -x86_prof: library $(PROFS) - $(CC) $(PROFS) $(LIBNAME) -o $(PROF) - tv_gen: library $(TVS) $(CC) $(TVS) $(LIBNAME) -o $(TV) -profiled: - make clean - make -f makefile.icc CFLAGS="$(CFLAGS) -prof_gen" x86_prof - ./x86_prof - rm *.o *.a x86_prof - make -f makefile.icc CFLAGS="$(CFLAGS) -prof_use" x86_prof +timing: library $(TIMINGS) + $(CC) $(TIMINGS) $(LIBTEST) $(LIBNAME) -o $(TIMING) +test: library $(TESTS) + $(CC) $(TESTS) $(LIBTEST) $(LIBNAME) -o $(TEST) #This rule installs the library and the header files. This must be run #as root in order to have a high enough permission to write to the correct diff --git a/makefile.msvc b/makefile.msvc index f96e213..16d4b8d 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -1,84 +1,85 @@ #MSVC Makefile [tested with MSVC 6.00 with SP5] # #Tom St Denis -CFLAGS = /Isrc/headers/ /Ox /DWIN32 /W3 /Fo$@ +CFLAGS = /Isrc/headers/ /Itestprof/ /Ox /DWIN32 /W3 /Fo$@ default: library # leave this blank and link against libtommath if you want better link resolution MPIOBJECT=src/misc/mpi/mpi.obj -OBJECTS=src/ciphers/aes/aes_enc.obj $(MPIOBJECT) src/ciphers/aes/aes.obj \ -src/ciphers/anubis.obj src/ciphers/blowfish.obj src/ciphers/cast5.obj src/ciphers/des.obj \ -src/ciphers/khazad.obj src/ciphers/noekeon.obj src/ciphers/rc2.obj src/ciphers/rc5.obj \ -src/ciphers/rc6.obj src/ciphers/safer/safer.obj src/ciphers/safer/safer_tab.obj \ -src/ciphers/safer/saferp.obj src/ciphers/skipjack.obj src/ciphers/twofish/twofish.obj \ -src/ciphers/xtea.obj src/encauth/eax/eax_addheader.obj src/encauth/eax/eax_decrypt.obj \ -src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj \ -src/encauth/eax/eax_encrypt.obj src/encauth/eax/eax_encrypt_authenticate_memory.obj \ -src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj \ -src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \ -src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj \ -src/encauth/ocb/ocb_encrypt.obj src/encauth/ocb/ocb_encrypt_authenticate_memory.obj \ -src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \ -src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj \ -src/encauth/ocb/s_ocb_done.obj src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj \ -src/hashes/helper/hash_filehandle.obj src/hashes/helper/hash_memory.obj \ -src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \ -src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/sha1.obj \ -src/hashes/sha2/sha256.obj src/hashes/sha2/sha512.obj src/hashes/tiger.obj \ -src/hashes/whirl/whirl.obj src/mac/hmac/hmac_done.obj src/mac/hmac/hmac_file.obj \ -src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \ -src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj \ -src/mac/hmac/hmac_test.obj src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj \ -src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \ -src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj \ -src/mac/omac/omac_test.obj src/mac/pmac/pmac_done.obj src/mac/pmac/pmac_file.obj \ -src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \ -src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj \ -src/mac/pmac/pmac_process.obj src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj \ -src/misc/base64/base64_decode.obj src/misc/base64/base64_encode.obj \ -src/misc/burn_stack.obj src/misc/crypt/crypt.obj src/misc/crypt/crypt_argchk.obj \ -src/misc/crypt/crypt_cipher_descriptor.obj src/misc/crypt/crypt_cipher_is_valid.obj \ -src/misc/crypt/crypt_find_cipher.obj src/misc/crypt/crypt_find_cipher_any.obj \ -src/misc/crypt/crypt_find_cipher_id.obj src/misc/crypt/crypt_find_hash.obj \ -src/misc/crypt/crypt_find_hash_any.obj src/misc/crypt/crypt_find_hash_id.obj \ -src/misc/crypt/crypt_find_prng.obj src/misc/crypt/crypt_hash_descriptor.obj \ -src/misc/crypt/crypt_hash_is_valid.obj src/misc/crypt/crypt_prng_descriptor.obj \ -src/misc/crypt/crypt_prng_is_valid.obj src/misc/crypt/crypt_register_cipher.obj \ -src/misc/crypt/crypt_register_hash.obj src/misc/crypt/crypt_register_prng.obj \ -src/misc/crypt/crypt_unregister_cipher.obj src/misc/crypt/crypt_unregister_hash.obj \ -src/misc/crypt/crypt_unregister_prng.obj src/misc/error_to_string.obj \ -src/misc/mpi/is_prime.obj src/misc/mpi/mpi_to_ltc_error.obj src/misc/mpi/rand_prime.obj \ -src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj \ -src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_encrypt.obj src/modes/cbc/cbc_getiv.obj \ -src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj src/modes/cfb/cfb_decrypt.obj \ -src/modes/cfb/cfb_encrypt.obj src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj \ -src/modes/cfb/cfb_start.obj src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_encrypt.obj \ +OBJECTS=src/ciphers/aes/aes_enc.obj $(MPIOBJECT) src/ciphers/aes/aes.obj src/ciphers/anubis.obj \ +src/ciphers/blowfish.obj src/ciphers/cast5.obj src/ciphers/des.obj src/ciphers/khazad.obj src/ciphers/noekeon.obj \ +src/ciphers/rc2.obj src/ciphers/rc5.obj src/ciphers/rc6.obj src/ciphers/safer/safer.obj \ +src/ciphers/safer/safer_tab.obj src/ciphers/safer/saferp.obj src/ciphers/skipjack.obj \ +src/ciphers/twofish/twofish.obj src/ciphers/xtea.obj src/encauth/ccm/ccm_memory.obj \ +src/encauth/ccm/ccm_test.obj src/encauth/eax/eax_addheader.obj src/encauth/eax/eax_decrypt.obj \ +src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj src/encauth/eax/eax_encrypt.obj \ +src/encauth/eax/eax_encrypt_authenticate_memory.obj src/encauth/eax/eax_init.obj \ +src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj src/encauth/gcm/gcm_add_iv.obj \ +src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj src/encauth/gcm/gcm_init.obj \ +src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj \ +src/encauth/gcm/gcm_test.obj src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \ +src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \ +src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \ +src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \ +src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj src/hashes/helper/hash_filehandle.obj \ +src/hashes/helper/hash_memory.obj src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \ +src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/sha1.obj src/hashes/sha2/sha256.obj \ +src/hashes/sha2/sha512.obj src/hashes/tiger.obj src/hashes/whirl/whirl.obj src/mac/hmac/hmac_done.obj \ +src/mac/hmac/hmac_file.obj src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \ +src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj src/mac/hmac/hmac_test.obj \ +src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \ +src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj src/mac/omac/omac_test.obj \ +src/mac/pelican/pelican.obj src/mac/pelican/pelican_memory.obj src/mac/pelican/pelican_test.obj \ +src/mac/pmac/pmac_done.obj src/mac/pmac/pmac_file.obj src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \ +src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj src/mac/pmac/pmac_process.obj \ +src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj src/misc/base64/base64_decode.obj \ +src/misc/base64/base64_encode.obj src/misc/burn_stack.obj src/misc/crypt/crypt.obj \ +src/misc/crypt/crypt_argchk.obj src/misc/crypt/crypt_cipher_descriptor.obj \ +src/misc/crypt/crypt_cipher_is_valid.obj src/misc/crypt/crypt_find_cipher.obj \ +src/misc/crypt/crypt_find_cipher_any.obj src/misc/crypt/crypt_find_cipher_id.obj \ +src/misc/crypt/crypt_find_hash.obj src/misc/crypt/crypt_find_hash_any.obj \ +src/misc/crypt/crypt_find_hash_id.obj src/misc/crypt/crypt_find_prng.obj \ +src/misc/crypt/crypt_hash_descriptor.obj src/misc/crypt/crypt_hash_is_valid.obj \ +src/misc/crypt/crypt_prng_descriptor.obj src/misc/crypt/crypt_prng_is_valid.obj \ +src/misc/crypt/crypt_register_cipher.obj src/misc/crypt/crypt_register_hash.obj \ +src/misc/crypt/crypt_register_prng.obj src/misc/crypt/crypt_unregister_cipher.obj \ +src/misc/crypt/crypt_unregister_hash.obj src/misc/crypt/crypt_unregister_prng.obj \ +src/misc/error_to_string.obj src/misc/mpi/is_prime.obj src/misc/mpi/mpi_to_ltc_error.obj \ +src/misc/mpi/rand_prime.obj src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj \ +src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj \ +src/modes/cbc/cbc_getiv.obj src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj \ +src/modes/cfb/cfb_decrypt.obj src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj \ +src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj \ +src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj \ src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj \ -src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_encrypt.obj src/modes/ecb/ecb_start.obj \ -src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj \ -src/modes/ofb/ofb_setiv.obj src/modes/ofb/ofb_start.obj \ -src/pk/asn1/der/der_decode_integer.obj src/pk/asn1/der/der_encode_integer.obj \ +src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \ +src/modes/ecb/ecb_start.obj src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj \ +src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj \ +src/modes/ofb/ofb_start.obj src/pk/asn1/der/der_decode_integer.obj src/pk/asn1/der/der_encode_integer.obj \ src/pk/asn1/der/der_get_multi_integer.obj src/pk/asn1/der/der_length_integer.obj \ -src/pk/asn1/der/der_put_multi_integer.obj src/pk/dh/dh.obj src/pk/dsa/dsa_export.obj \ -src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_make_key.obj \ -src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj \ -src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/packet_store_header.obj \ -src/pk/packet_valid_header.obj src/pk/pkcs1/pkcs_1_i2osp.obj \ -src/pk/pkcs1/pkcs_1_mgf1.obj src/pk/pkcs1/pkcs_1_oaep_decode.obj \ -src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \ -src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj \ -src/pk/pkcs1/pkcs_1_v15_es_decode.obj src/pk/pkcs1/pkcs_1_v15_es_encode.obj \ -src/pk/pkcs1/pkcs_1_v15_sa_decode.obj src/pk/pkcs1/pkcs_1_v15_sa_encode.obj \ -src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj src/pk/rsa/rsa_export.obj \ -src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_import.obj \ -src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj \ -src/pk/rsa/rsa_v15_decrypt_key.obj src/pk/rsa/rsa_v15_encrypt_key.obj \ -src/pk/rsa/rsa_v15_sign_hash.obj src/pk/rsa/rsa_v15_verify_hash.obj \ -src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj src/prngs/rc4.obj \ -src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj \ -src/prngs/sprng.obj src/prngs/yarrow.obj +src/pk/asn1/der/der_put_multi_integer.obj src/pk/dh/dh.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj \ +src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_sign_hash.obj \ +src/pk/dsa/dsa_verify_hash.obj src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/packet_store_header.obj \ +src/pk/packet_valid_header.obj src/pk/pkcs1/pkcs_1_i2osp.obj src/pk/pkcs1/pkcs_1_mgf1.obj \ +src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \ +src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/pkcs1/pkcs_1_v15_es_decode.obj \ +src/pk/pkcs1/pkcs_1_v15_es_encode.obj src/pk/pkcs1/pkcs_1_v15_sa_decode.obj \ +src/pk/pkcs1/pkcs_1_v15_sa_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \ +src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_import.obj \ +src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_v15_decrypt_key.obj \ +src/pk/rsa/rsa_v15_encrypt_key.obj src/pk/rsa/rsa_v15_sign_hash.obj src/pk/rsa/rsa_v15_verify_hash.obj \ +src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj src/prngs/rc4.obj src/prngs/rng_get_bytes.obj \ +src/prngs/rng_make_prng.obj src/prngs/sober128.obj src/prngs/sprng.obj src/prngs/yarrow.obj + +HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \ +src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \ +src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \ +src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \ +src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \ +src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \ +src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h #ciphers come in two flavours... enc+dec and enc src/ciphers/aes/aes_enc.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c @@ -86,12 +87,18 @@ src/ciphers/aes/aes_enc.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c library: $(OBJECTS) lib /out:tomcrypt.lib $(OBJECTS) + cd testprof + nmake -f makefile.msvc + cd .. -x86_prof: demos/x86_prof.c library - cl $(CFLAGS) demos/x86_prof.c tomcrypt.lib advapi32.lib - tv_gen: demos/tv_gen.c library cl $(CFLAGS) demos/tv_gen.c tomcrypt.lib advapi32.lib hashsum: demos/hashsum.c library cl $(CFLAGS) demos/hashsum.c tomcrypt.lib advapi32.lib + +test: demos/test.c library + cl $(CFLAGS) demos/test.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib + +timing: demos/timing.c library + cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib diff --git a/makefile.shared b/makefile.shared index be818d7..2c5c4b3 100644 --- a/makefile.shared +++ b/makefile.shared @@ -6,10 +6,10 @@ # Tom St Denis # The version -VERSION=0:100 +VERSION=0:101 # Compiler and Linker Names -CC=libtool --silent --mode=compile gcc +CC=libtool --mode=compile gcc # Compilation flags. Note the += does not write over the user's CFLAGS! CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow @@ -35,12 +35,16 @@ CFLAGS += -fomit-frame-pointer #CFLAGS += -DLTC_NO_ROLC #Output filenames for various targets. +LIBTEST=libtomcrypt_prof.la LIBNAME=libtomcrypt.la HASH=hashsum CRYPT=encrypt SMALL=small PROF=x86_prof TV=tv_gen +TEST=test +TIMING=timing + #LIBPATH-The directory for libtomcrypt to be installed to. #INCPATH-The directory to install the header files for libtomcrypt. @@ -52,7 +56,7 @@ DATAPATH=/usr/share/doc/libtomcrypt/pdf #Who do we install as? USER=root -GROUP=root +GROUP=wheel #List of objects to compile. @@ -62,90 +66,86 @@ MPIOBJECT=src/misc/mpi/mpi.o #If you don't want mpi.o then add this #MPISHARED=$(LIBPATH)/libtommath.la -OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \ -src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \ -src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \ -src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \ -src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \ -src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \ -src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \ -src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \ -src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \ -src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ -src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \ -src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \ -src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ -src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \ -src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \ -src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \ -src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \ -src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \ -src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \ -src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \ -src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \ -src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \ -src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \ -src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \ -src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \ -src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \ -src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \ -src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \ -src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \ -src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \ -src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \ -src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \ -src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \ -src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \ -src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \ -src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \ -src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \ -src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \ -src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \ -src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \ -src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \ -src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \ -src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \ -src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \ -src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \ -src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \ -src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \ +OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \ +src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \ +src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \ +src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \ +src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \ +src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \ +src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \ +src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \ +src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \ +src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \ +src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \ +src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ +src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ +src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ +src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ +src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \ +src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \ +src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \ +src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \ +src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \ +src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \ +src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \ +src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \ +src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \ +src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \ +src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \ +src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \ +src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \ +src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \ +src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \ +src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \ +src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \ +src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \ +src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \ +src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \ +src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \ +src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \ +src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \ +src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \ +src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \ +src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \ +src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \ +src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \ +src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \ +src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \ src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \ -src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \ -src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \ -src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \ -src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \ +src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \ +src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \ +src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \ +src/modes/ofb/ofb_start.o src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \ src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \ -src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \ -src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \ -src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ -src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \ -src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \ -src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \ -src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ -src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \ -src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \ -src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \ -src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \ -src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \ -src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \ -src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \ -src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \ -src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \ -src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \ -src/prngs/sprng.o src/prngs/yarrow.o +src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ +src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o \ +src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \ +src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \ +src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \ +src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v15_es_decode.o \ +src/pk/pkcs1/pkcs_1_v15_es_encode.o src/pk/pkcs1/pkcs_1_v15_sa_decode.o \ +src/pk/pkcs1/pkcs_1_v15_sa_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ +src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \ +src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_v15_decrypt_key.o \ +src/pk/rsa/rsa_v15_encrypt_key.o src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \ +src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \ +src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o + +HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \ +src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \ +src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \ +src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \ +src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \ +src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \ +src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h TESTOBJECTS=demos/test.o HASHOBJECTS=demos/hashsum.o CRYPTOBJECTS=demos/encrypt.o SMALLOBJECTS=demos/small.o -PROFS=demos/x86_prof.o TVS=demos/tv_gen.o - -#Header files used by libtomcrypt. -HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \ -src/headers/tomcrypt_misc.h src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h src/headers/tomcrypt_hash.h \ -src/headers/tomcrypt_macros.h src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \ -src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h +TESTS=demos/test.o +TIMINGS=demos/timing.o #The default rule for make builds the libtomcrypt library. default:library @@ -164,11 +164,14 @@ src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c #This rule makes the libtomcrypt library. -library: $(LIBNAME) +library: $(LIBTEST) $(LIBNAME) + +$(LIBTEST): + cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBNAME=$(LIBTEST) make -f makefile.shared $(LIBNAME): $(OBJECTS) - libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | xargs` -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION) - libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]o" | xargs` -o libtomcrypt.a + libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION) + libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]o" | grep "src/" | xargs` -o libtomcrypt.a ranlib libtomcrypt.a libtool --silent --mode=install install -c libtomcrypt.la $(LIBPATH)/libtomcrypt.la install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH) @@ -177,17 +180,19 @@ $(LIBNAME): $(OBJECTS) #This rule makes the hash program included with libtomcrypt hashsum: library gcc $(CFLAGS) demos/hashsum.c -o hashsum.o - libtool --mode=link gcc -o hashsum hashsum.o -ltomcrypt $(MPISHARED) + gcc -o hashsum hashsum.o -ltomcrypt_prof -ltomcrypt $(MPISHARED) #makes the crypt program crypt: library gcc $(CFLAGS) demos/encrypt.c -o encrypt.o - libtool --mode=link gcc -o crypt encrypt.o -ltomcrypt $(MPISHARED) - -x86_prof: library - gcc $(CFLAGS) demos/x86_prof.c -o x86_prof.o - libtool --mode=link gcc -o x86_prof x86_prof.o -ltomcrypt $(MPISHARED) $(EXTRALIBS) + gcc -o crypt encrypt.o -ltomcrypt_prof -ltomcrypt $(MPISHARED) tv_gen: library $(TVS) - gcc $(CFLAGS) demos/tv_gen.c -o tv_gen.o - libtool --mode=link gcc -o tv_gen tv_gen.o -ltomcrypt $(MPISHARED) + gcc -o tv_gen $(TVS) -ltomcrypt_prof -ltomcrypt $(MPISHARED) + +test: library $(TESTS) + gcc -o $(TEST) $(TESTS) -ltomcrypt_prof -ltomcrypt $(MPISHARED) + +timing: library $(TIMINGS) + gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(MPISHARED) + diff --git a/notes/ccm_tv.txt b/notes/ccm_tv.txt new file mode 100644 index 0000000..3ff4b77 --- /dev/null +++ b/notes/ccm_tv.txt @@ -0,0 +1,214 @@ +CCM Test Vectors. Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key. The outputs +are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous +step repeated sufficiently. The nonce is fixed throughout at 13 bytes 000102... + +CCM-aes (16 byte key) + 0: , 54C92FE45510D6B3B0D46EAC2FEE8E63 + 1: DA, 7A8984228DCF944903936CA9D7709ACF + 2: B95E, 1056DE0CBBEEA760ED2053FFEB554EA6 + 3: 58FF3B, A42DE1A812D29BBC6C1C5AC808565437 + 4: 9D6E6FB6, 5E8E0422792999381ED669CE17601D34 + 5: 40D49E851D, B076B4ED79BF0155B39A743550593944 + 6: 015356B9A6E1, 8D62CEFC451CAE4A21C1C579C6CAA128 + 7: A2CF0A77AE0DE2, 97B9D201740FA59E863513EDACC59FFB + 8: A44C68E52F95B48B, A461B79D4D9B8ADF6C6618E6ECDC059A + 9: F56B8AD68AA31F22B9, C5C7D2E6FE34D94CE72B86DA55679080 + 10: 5C17EEBF4E348CBE3278, 29FAE7B470CB652C501343FE23B25894 + 11: 1EE960BFAE360302D834E3, 8F8F475EB9BAB29CE14A9CF42C30B148 + 12: EFF6BA1F2B1389237C6C045E, C895302DD8E75096951EF5CA63BFDD67 + 13: 5A1179A4047334CCD9162F36EB, 110987D37F45422625DEA402BD7580EB + 14: F26E2C27E7D287B182FA42879978, 530FDE90C13A01EBCA86449073A3B035 + 15: 77BFE79B4BC87116EC5232606E890F, 280994EB0E16C7CF10F31BB60DBF52C8 + 16: 9926A4CE1AD70B89CC0050A58B958742, A635B4272EBFA1F83DAE270452D877E7 + 17: BAAF99CAE4753E3304D6F8F9C0CD366C68, A6F606AACD0B87923B43C3EB61AC3965 + 18: F72453C6765352A31494FA02B388E407B1FB, 0A446D28B7C5845C3621B4D3A0FA98DB + 19: A7372589A86B2E137F124A96618095EB5E1435, 3C59A6A858947FEBFD32441E37309F1A + 20: 5683E13A4E82A1AB8B3DC2051B6DBF2E1F2BB417, 459D1B0D2CF2C30B5ED5C237D07DFC19 + 21: 33594C4B84536C23DA5AB2117E9267258CCE5DEC3B, 6E4BB70A72343E142AC4E31CE0FE6A77 + 22: 332EDC9A3BDB90DBCCF317AC55BE5855CA9BCA2A73C4, 9FB310E5FFF5C754EE1E5FFF865F1656 + 23: 734618677055469335FFD574B008F2C68B78633F79010E, FAD31386E42BB4EA76A643A9004A8CB4 + 24: BA6F6ABA2AF35895F7F966D71F4E91A0BDD1DD551826F861, 25A3EC1C91C26283BAA5975390285AB2 + 25: FF519213E858E36AC8D92450F81CA46C8CA8AB129A997EBB36, 0D4AB2B7A5EB02242C01A81CEBF5D84E + 26: B1F80058C3B4316EA86E9A898CD0B9C0366DFCB2AEC0799312D5, 0F4FF2759EDDF6349F4E23F284FAAD2E + 27: 00BDC15012F8183112D5C3A135DC60DC9C764A04BD39A8E041F1D9, 0C68BC9E6A6BF1B01743F3183C9B7C80 + 28: 3022FD12969D925365C553D98D59E5D1EC494540909D1FA794F41E18, 05E61844943E78DB9BD417DDDE9C98B2 + 29: 4F4A4554BFED6BAA09E3D8843C4EA3807B8762799C1D21289A46575389, 3A59A6DC9230020FE061466A92BBCAFD + 30: 6AE735EB15D9B39C8AD0E54F45307AAD97DB9F8A2A66BDC9BABCCFBD54A3, 0BDB365E493A9E160EEFD7DE24101870 + 31: 4AF19F00EAE55FED2304B94FBCA29383042F2BE711041323C1D9F14BA63383, 94561581E496553D068052BA698683D2 + 32: C2438BC46A92A465E0DB41E638CC6C8E0029C4DA842CA4140D73F90985EABA9C, 0F5A69F52AA8D8508D09E642511E54E5 + +CCM-rc6 (16 byte key) + 0: , D01FACF2BB577BFA6194800E53FB4A00 + 1: 65, 92E48F7300FA2697E9E0FF80DD187237 + 2: AF5C, 332863BC515649D5BCAB6A2FE5F5250D + 3: E7C89D, 49A641F027C65A15100009D99E79CF3F + 4: ACB36D46, 53DE328A8B4B14CAD363BED53DACE8A1 + 5: C3ADAE6CCF, F713F5079BD77046F95D8685CDF522DC + 6: 5A8CABC912DA, FB97B059D2BE1273497FA8D2739A1505 + 7: 27F101DD6D0894, 266ACEF34476A0E64410D209219335D0 + 8: 66164DA09BE2F46D, EFC64C01890A5B562AF39ADFC48E1CA9 + 9: 1B0018895394753995, FA894E1C882D96E35A4C238708931F3D + 10: D346062826187BAEFC3B, A036AE1D3C02E2AD23541DE095AC7B84 + 11: EFB375BA1138339FA1B504, CDD4232FF4664D59D5AC6BE32CBE1B35 + 12: AFCF494078D7D7E6D9803FD5, 07E06ED923F76150BE82C1DDCB62C4DD + 13: 75DF2EC91379408DA426A444E4, 440ACDF2A6567FA3A5009DDFE502A1A1 + 14: 3B36B62B01E324E702694305DD29, 4093598607DCD9993845D1837D211FE2 + 15: 7DF6595C9711B164C99CB246B4D57E, F364993B2C187058F466B62D11E0F94D + 16: D317EE9EE1746D1B89A4CC52D88F0819, 41856B0B229D38344FA718E04CA57A8B + 17: 85252277A97CA7553007995BD5A0DCD372, BDEEAB636BD1ACC8D5A23F658150FA30 + 18: 36FF305AC6EF662C155A1C15A6C195D3EC88, 9AC48EF07A510E308E06E79C0C80C3A0 + 19: 51645A614313E978F6DCE7BBDDEDC33E3284AB, E9F7723E763AD50161C0671C4034FD0A + 20: 3CB9E6D0730FE05F903D338708AD8E34BFBB3285, 8A12185DAD518049F0FAC945A8FB305A + 21: 276E37D246C40ABF32DC83007B95390EE801CDA6E3, 73FA1D310D031E0A0A3A1421661B4697 + 22: 4444BB070EDFBD1AC59D0BF70D66F48F0830069F3562, 9DCB6A99CBCCE3C8AEF29F06AF5057FB + 23: D16BA084CF82EDD2E43349311140BF3A2E37DE40544BF3, CB93C5AD60C700D4EA653136101AACCC + 24: 3FBAEBB36E2B74014043BA7D72F899B0D8DED883F592D778, 54DEA31D7EEA863A06A16D6C9B25DC13 + 25: 3614B5428B790793F31E23670A38A070B65DB8E51C61FEA9C9, A91B750FD7ABFF18376C982DFA0C8872 + 26: AC15FD90A4C254BA1406BE7DBA5694BB2625F634C69F45CCCD04, E6F97BCC8526BE3C04BA139EB50E65DF + 27: B506E83557E48553BD8557411D2C17D64005E734BA5A5FF1CF98B1, 6FA001758A19F783A71C97AF1AA61F94 + 28: F07721663400838947EA1B9404D9683556F2D911429A9F59E3F5AD31, 376A1165A30C919E96C3706A4AB5DB37 + 29: 98B5EB8FE0005E515A585D8F44D838FA590054EA5201CD444366B6F71E, D8C58448F601F2C05F24ED2CC349C78B + 30: E36E2FC225767CC1E2C388BEBC2C81C340FEF5B504575D5FA49682E1C214, CFED56F38CA4F84E6E1E16CEF50A6154 + 31: 7A9FDD8E481B822B3D282AAF726944101ED61DAE73782DE055D7D305E36B27, 328B10841E977041CBD13C39CD70F03F + 32: 48AE8B5FA027930A7BCEC27468D795D0D8E6099C5F0558361B3AD20C1ECFF89F, B180AA9353E9EB6A22710A4DE872FACB + +CCM-safer+ (16 byte key) + 0: , E106F41D61402E532662213EBA471BFF + 1: 05, 1749600C7045647DCB3293C0724E7A21 + 2: 2355, 80DD597665723F4AEFFF760C5C6C5EE2 + 3: 5F4CD8, 59AE54E63A8CF4DBAD050B42CE922013 + 4: 75F63A43, C31B6BD3125C036C99507DDEE0197201 + 5: 51D4D87B8D, 0F3872088CDEB0E958C35F343677AC24 + 6: 8CF6D81A274C, C8E688954E72A052B5F8D1CA46FB44B0 + 7: 5EB8283B299AB1, 5977CB96C8D439DE3A86AE0452A2EE34 + 8: 829B1A4EA8643EAA, 1E892D3DFB73A469035CA81DD7F937D1 + 9: 0FEEF9504CF0F4E282, EDCBED7C61E8E2D24392B4145218F0AB + 10: DEF7679D3073D461A94C, D7ABAE561901CBB30FD7D9467C088B3B + 11: 625FD679C7354A74D62893, 450E3954857640DDF4C7A95A6E202A1E + 12: 3C9E76E4E2D4D95FEABD5C90, CD4467F695B7ED8973AEED5A822B347A + 13: B1B6294ECEAE6AEE4853731CA9, 6042302DAE598822BE8554BE038119CF + 14: 204BF480582D4BA408BAD23CEB52, 4D6B87334E1BFB9BA2D42B89B24165B2 + 15: 277591770E3E2DB97A3011D9616991, 75D0A4B9937748EAE7794056F7A8A7FE + 16: 5669F75D0C908BFF7B82095231B86DAA, 3E816776A73FB89276534A3646C0F8FB + 17: 37E621EF5A043A83FC98A65329891BC031, 159A823EA61B3A47B42EFCF12F304725 + 18: 18AC6ECF3F478A0797BF813C871235A9D309, 9B415B1B3A933B22C9027E2D72764956 + 19: 671484C7587DAAB885C7F2FAF030081B452CC6, 574A63D113A5ECEC877D5A368A3160AA + 20: D7AB0F7D46B7ED976C8F6E7D0C6AABE3CAAA5A6E, 266C7A025C4EDF657DD42EB82BB6616A + 21: D60E4CFC6500E237276A69F35AE4BBAE17371392EF, 6ED2A1673F8B4DB795547D9D93D76D8B + 22: FAC6E21979D8D9896C790CB883C29F84D6820AE4FD4B, 1C7B6D73200E3C2DC5C701152F38EE8E + 23: 39240DC2B544CA8BEBBB4EA499FD48A5EE707198AE8AC8, E7FFD169552665ADE7B9C0DFFDD04EBD + 24: 6BE2C24172CAA192D55CC3E640E34675DD7F441CE5DB0FC0, 760CA976355281F76E49A2856A4EC7A0 + 25: 0E20427218D6447D6E23FA4832CB8D2A172B23FDC542B41524, 27D0F37E109252FF5E6F6F703CA784F5 + 26: 0AF75BD89028A5691B8B7993B9CE4FD24334A312DE28212C8B2C, AFE4C6B193B0F1796FC9E6C23292C060 + 27: 6830D8E2E6DEC1476796DA44C982D36409E268F966283A66E801ED, 9E2C92D5B30EB0943E17869ED4C789EC + 28: 75ED280BEECD7768F7E032071F0E06D9D6BF1C9FF8E5DEB536DCD4BA, BF0DD11D633DBA5DCD25F4172765570B + 29: DF1FAECC1DB24718236B18B90B354F405FD5DE1257EC43F811F4A43DCD, 48D182E572E794350BBDA91FD76B86BC + 30: 176681E38ACACCD3C625F554C1F7A2D7C2C474C9444EAC8929B8C36EC05E, 080E109FFC5D247F1007217DD642BBA3 + 31: 8A8172C21D88A1FDD43089C545C308507617F7BDB02C47CF2719F1484407E2, 1A0D10B0AF5BE21BF19D570D3FDA5BCE + 32: 0A93CAE2B95517773A4009FD3438231A207B9D46AABAE83FC4E1057EA4E2D6B4, 717AEF2F55DC8669F7E2D0298F8A7BE9 + +CCM-twofish (16 byte key) + 0: , 33B3DF1B59C84DD3C15E4FEB66173303 + 1: BF, 92DCEBF1C11DD0B028DEC944A555E4C6 + 2: 8A4F, A859C7F76291326D821BB3C7519657C0 + 3: BAE755, 14D7C2EFBCA1063460FEFCEBAE3AD79A + 4: 25695BC6, 9358BC434B14B59ED17F9C0D3F51DCB1 + 5: 1D9FC70ECE, 2A86578FA3A8C702E2E6723DB9A9893F + 6: AC39F1DF3661, 3F9C71EE0506FD2BAFFEE7200D22CD92 + 7: D330A915EED9D0, 22DC25EDF5ACDEF8358BE2A3082112BC + 8: EF913ADAE6380507, E87D72BB6395EEEF2AD4F546B4033DE8 + 9: 5EC16994E762BCE467, D7700F7BF4FE026A2076F161C3383A0A + 10: 7EEB4910B7C2B540B490, 40C88A977E1DCDDABD749ABC9A0C60F8 + 11: E5DD32FF54D39451CC2AF8, 541B1558B5AFF6E9EFBEE496D60AD65C + 12: 242C2900F859966B6627FF5C, 1CED148098350F3A5D1B5634180817A3 + 13: EEF025B9E4EB867B127EBD19D4, AD0179A07AD1418C25F40E123C2BEF47 + 14: C5E812B0AE37098686E2C4452C12, 02FC88AAA62E34742BB8577A651E922B + 15: 7BCAB32D1A871A62F9C781AFCAC60C, 2CD1C11EE197D9E130359F76E7F49251 + 16: 1E82D8B8EED9A730D1670F0DCFF17B60, B7730261560EA6CF715FF7006D5FEFE2 + 17: 0E1966992E360DC81312B28ECA6865B811, 10C40ACD169CB0F2A6FFC99F9A5516EA + 18: 5F5418C1322BF7EB828CF27C1F72086515BE, 90F8ED0447171A10476DED39F7518075 + 19: 6C552506FA167FB8AA12E9F416930031487D4E, C992009F83F31A7BF922BFAE68C4134B + 20: 38429D966676406B17638DB7F9F7205250408BB2, 3385A50E9789D2C63835A80EFE9CFAE4 + 21: 56EF426315EF96BE4C60B49F41C9BDDE2E0CDB3C22, 2D51D5B4F5B04BEF3BC1A7CF1AEA70E9 + 22: 314B075C097EE531ECCE6AD7CEF22A72AAFCEFB02029, FB7A7D84D23FF524D060871D90FAC106 + 23: 61CCCF7E2A9B3E46CD0A94D7F4A7617BB0DBA2D989907A, B3F4D46094732F3EDD81E0755F0C52EB + 24: 7A812A3BCED4E0A72FB81218BD5A4E33D69CA18834FFAE61, 487F80588B41F4E1198124708987667D + 25: DBFAB77EF07AA4C9ED2B05500BDFA00FE3F19F15F97A74880A, 84504D9EECBC6CE11B18BD105DE55E2C + 26: E676D4739B01B5101E36BF8D9F4FAE8F767C028E83A6D5B39664, 3141A05669807BCA30F0934F599FD077 + 27: D8FEBD069D87C1EE504CB8F72ADFF2166B14BA40B17B4DAA439668, 1D99A301943041C2F7A71432DA736FE0 + 28: D98E2A1CFFAB28341F92C41971A21AD0FDDE733EA25F2607967CD0C3, 42E05A53BF4F1A6C5B7F84742ECE031B + 29: 13FA412B484945C1FE8291A7EB8F8FB78D2DC2C72C5132386EA82BF4A6, A1A8E8B026DD116B0F9C73EB14C1C7CD + 30: 10ABD2DC25C8BA594FBFA9312E69C1A2DBF326475AF2080E55E3611FBC0E, 49DF8A5171DAC3FB684BA2CF7FBB3D3B + 31: F401D2123619B81F54F307B783362CC40FB4FB2433CF51F5543A147BCD1FE5, ACBB670CB3722059B4B9FBEE67703E98 + 32: 839A9BFA1D3CA37924BC6648DED2291FC61736A3638906D9C5DA28A66AA684AC, CD07B83C8E0C3E6FB4115A149BDF6FDA + +CCM-noekeon (16 byte key) + 0: , FF73C6775C61DB36D9B5EEC812091FF7 + 1: 5F, 7D2AEA62A5202E3C4FBE05F33EBE4CC5 + 2: 0EA5, 312ED15FDDAB6EEEAC6AF9BE9CE698FA + 3: 968F95, FA1AD58B85B93B5A4B5096C881F773C3 + 4: 9A8F4069, 8911063ADDF79E27D9DCEFF3F440E6D7 + 5: A5C0376E27, 9553F44B0BA8039527F8E05CD70AD8B0 + 6: 5B097736F3DA, 405B7EC685FC94903B36AC8E700558B8 + 7: 616810AE303B2C, 64C95A2DF5263F7BE6D1F9F3CF88EADE + 8: C8D69A2E1170532C, 073A7E426266237FD73D8109F55AE5D3 + 9: 3E42CDB7DA4A72F2E0, 48675EA4302CA6BFE5992DE96CE43BB3 + 10: 88532CC1F3E321F66D64, 528B3516C6D9A4B5390DD32C2A2E6C19 + 11: 9216A8FC9A961E7F602F7D, B03047186B783844F5B6757057576B38 + 12: 89B0858D4FDE6795EDE19CCC, F4530A2DCA823307AEDE5AF34E5C4191 + 13: A676E20BB0A5E84FD0B9149BF7, 11B823B315DA93B0E15780851526D4BD + 14: 903AD5C108C43A80436FE2117EF0, EB1C79C7DF20CE2967A99783EA8D6EF8 + 15: 81774C36F46F67159B7FFC24C080D7, 2E9E4812D9A92977EC34922782B6420D + 16: 63FD1C3F692D64B2DA3982FCD474A5D4, 04171AE84857713A9BABBD4564875D33 + 17: B1BF6AD99F83C9173C6C021ACA74C5431C, 38D17D4F6AA3C24B8F3B465EAACE0A1E + 18: 0948D1ED59F07DE44A96A76E05B0B6F7C309, 1848D886FCFF35E85B0DC3CBE5BEE7FA + 19: 3458E5911222F9C555A1054C7D9748876DA39A, 584AFAE72FB6065A74BE016CF39D2E86 + 20: 641F3867185D0605E9D666AB605187E75A1299EF, 6F9332E6FB5EA0CE811E3345593CD163 + 21: 0676622D07733EF31A765AAB1E713FCE329277FB16, 88547474050FFC986930CC04BA8A03F0 + 22: 79861EC2FD2BCC5C12B69F30A1575FC66AC1405281BB, FC68EEAC8F39ED69D312AEABF8000084 + 23: CB2731835A576F7F8F2C2786D786FB6186E2F85D89DA3B, 3ED9E95BC51CF6368E6EF63667B35BD8 + 24: 3CB1C02FADB6DD5483BC5D3C03D944102CFCEDF82B913402, 1C3F60C989A6FBF41A7AF4F29115C334 + 25: E69FAEA5E3D0B76EF9E70F99C5918D934D0E9836F248DB9EEE, 7F1916B2CF7C9A5E3F5581D365ADBD31 + 26: 36779AD755A9DF2DC3C5824DC2F7DD4FFE038628A4E1A1C33AE7, 2BDED3703468D267F8AB7EC0AF8F1E65 + 27: E9D325646A41EE5AA7DABCDE98DE83440A7DC02714BA0AEE017E22, 972F4D7832F3371C60DCD04A6DEDEA15 + 28: 0FAAE3F6028A28A80BBFE71FA7AA9042E538B41A0D514D6EB4EE6029, F7B3925495E260249ACC6E1CBE956BC5 + 29: A9CC39EFFEE354C0E0579256AA85CBAA7B10E670DD3828A7A05DA0F49D, 28D9D20187AFE70AD9DD16759F0EFEB5 + 30: 032F4BBB4EBF2E65758C541FDAFF2107DDBED399739849F8EBB41AF9711F, A3436981ED637CE5EEE01B380C46ACAD + 31: 7B321ED831CE96A603668E3E74BBC7453749A03D04A1B38E95966E6CC488F0, 88D1DADF2C1EE0BA579D0A8A90C1E62A + 32: D862B0BD0E2178AE05AEFB14F34C791547C5956F1F3B5BD525926578DE383A94, BF32CFE059F27222DC55D3E7CE7C5F10 + +CCM-anubis (16 byte key) + 0: , C85F41475E06F25682F855C3D45A6523 + 1: 25, 437BD73ECB8CFFAD9B2876F08D4BDA36 + 2: 5ADC, 5C762058A5EF71278B69F567F18CBE51 + 3: 95E541, DF099E8218AEDE8087791B38298334E9 + 4: 2DAA84E4, 7437094198E4AD2647C2618248769A26 + 5: B9641C5855, 91B02EC44D22460BFF22BB40C799E20C + 6: 102012BCEFA5, E60488DA65D683182F0EFDF9DA52A78C + 7: 8F14972CA4F8EA, C26B51F20ACDEC7DCA911500CF1241ED + 8: ED2714B652972256, 8BA29459D5D370FC608EE362B55B7633 + 9: BF58A269A4F59CE0A4, D69080820F836E5B5CA8F393E61ED009 + 10: 44AF1F715ADAF26C6EF0, FEFBC7DB75ECDDBA4A13CBF9A57873D8 + 11: 77CDE1B951F0803893642D, FBF8B80B061703504D8D3A7718366B6E + 12: DE599BAAC9D3EFD9FCD47E44, F636EC35D172D661F01746FF86688B95 + 13: A792B8359050C4866572977415, AE67D4EED92E63A14003FBC936EEF43E + 14: 62D5A7A4DFB78A175831627987CB, 25F7B440DBE9902C28B28E50BF02C516 + 15: B6F289459F924C76586F4EEA0C1CAA, 54266B4424C3AF6E81F6CC4F2437F54E + 16: 884B7DF3395F063DCA26BDF9F2FEF4EA, E3C2BFA1964EFDF78FDB9559C8031C50 + 17: 774962377B8731F2F301B930487518801F, F35B54264711D843D23636BA6CFA3E4C + 18: E9C8D1164F2B196C7305406179B232E45F1F, 2A13E034A136EBC0ED3361737EAD214C + 19: D3DCD242C952C5589E00B65CD826CA87691B8F, 9D624D482042798DB896B55D801EAD98 + 20: 57065B2655D4799C0478FE7E8463A2215E758875, C8FB052F14F9DF6731A9C8B566E71D53 + 21: FF736FDBD23593D9BC9A0D8CA7D819F550EF969322, 5CC3023029790BFD43204B27D52D7D7E + 22: C562B7387B8F1D3DBA22DD1636C9C4AB443F2FF15F70, 195C928EAF88BB4ACBA8A01B4EBAEE6E + 23: D0AC6EA8A804DC261304D4821E6AD7FCC2F0DC1A299B9A, 34FE2034CCF09A98DD50581DA8BCBE39 + 24: B65933A7D7C8EF19C1BDEAABE2B4CE5E821459D953565EF8, 42B20EF142EB228803D6AF47C6482BEB + 25: F1F4FCE842EFEF563F6F047956E6706DC9B178D00D82776D74, 3ECE3050D8C80319821D5F57A7CA7066 + 26: 4A3F10F4E34210A5CA1B81AD4269CBC3FD68AC662BF0E9DC9935, 0BC0724AA9A194D8C75EE6FC8E7F28F1 + 27: 077F3C055303FD669BC1A370B18AA7F31D3C8CBFF5A69381404FBB, 872C7946401BE70E677B79EA13FB0F58 + 28: FD39D32B27FE5BB8E6512C642D490E0AD0866E386580AE115C85ED2B, EE81712EA57DD54DDEE98EAB3285E6EE + 29: B45ED179290A6064188AFF6B722B37F8C3E984EC37AB5F47B353229B12, 186B3AD0C9F60D57E84992CBB2B0F71B + 30: 83FF1FD179D518A414148C15BE566BE4CC3DBE9FF5319A651E862811F152, 4B2942C66565EB9139A83C2EFD549D55 + 31: B8176469E6A0D5797ED6421A871FEECDE48ACF011E394981C43AC917E8FFD5, E9B01383DB1A32E6126BD802A6C6F47E + 32: AB6A0AA29B687D05735167D78DB697BA2478BD14ECD059AE9D1239E7F2AB48FD, A560A30FD87CF28BA66F5B2638567E4B + diff --git a/notes/cipher_tv.txt b/notes/cipher_tv.txt index cbb60c3..c649d26 100644 --- a/notes/cipher_tv.txt +++ b/notes/cipher_tv.txt @@ -1005,6 +1005,222 @@ Key Size: 32 bytes 49: F8B974A4BC134F39BE9B27BD8B2F1129 +Cipher: safer-k64 +Key Size: 8 bytes + 0: 533F0CD7CCC6DDF6 + 1: C3CD66BB1E5E5C17 + 2: 079DFD68F6AF9A79 + 3: 84EB4922264A1204 + 4: 31F3A7D739C7E42C + 5: 381F88FB46E1DCA2 + 6: CAF4AC443E50EF47 + 7: 2914E255DA9BDDBB + 8: A160A24120E4FECC + 9: F748C6009FFBC465 +10: 8B3CB5784846D2B0 +11: 4F98C1621473399B +12: B486B0BC365ABEE9 +13: 314EAB2B4E9F7840 +14: 613FE3637968A8FE +15: 28935352361E1239 +16: 0DCB090233B8EB3C +17: CF0BC7F307586C8B +18: 64DF354F96CB0781 +19: D2B73C6BAACA7FB1 +20: 638FCEEF49A29743 +21: 204C4E0E0C0A8B63 +22: F041EF6BE046D8AA +23: 76954D822F5E2C32 +24: 6700C60971A73C9E +25: 80019293AA929DF2 +26: 8EF4DE13F054ED98 +27: 41DDF9845ABA2B7A +28: B91834079643850C +29: 8F44EC823D5D70DC +30: EC2FF8DE726C84CE +31: 25DF59DC2EA22CB5 +32: FC1130B511794ABB +33: ED3259359D2E68D4 +34: D7773C04804033F6 +35: C1A32C114589251C +36: 51647E61EE32542E +37: B95A8037457C8425 +38: 4F84B3D483F239EE +39: 458401C3787BCA5E +40: F59B5A93FD066F8A +41: 1450E10189CC4000 +42: 0F758B71804B3AB3 +43: 51B744B271554626 +44: B55ADA1ED1B29F0D +45: 585DF794461FEBDA +46: 3790CC4DCA437505 +47: 7F7D46616FF05DFA +48: 6AE981921DFCFB13 +49: FE89299D55465BC6 + + +Cipher: safer-sk64 +Key Size: 8 bytes + 0: 14A391FCE1DECD95 + 1: 16A5418C990D77F4 + 2: EE33161465F7E2DD + 3: AB85A34464D58EC4 + 4: 3D247C84C1B98737 + 5: D88D275545132F17 + 6: 00B45A81780E3441 + 7: 6830FAE6C4A6D0D3 + 8: 93DF6918E1975723 + 9: 15AB9036D02AA290 +10: 0933666F0BA4486E +11: 93F42DEE726D949C +12: 756E7BA3A6D4DE2E +13: 4922DCE8EED38CFD +14: 8EC07AFBD42DF21C +15: E82BEBCFB1D7C6B4 +16: B3EDB4CB62B8A9BA +17: 5521307CA52DD2F3 +18: 54B5D75512E1F8F3 +19: 1A736293F2D460A8 +20: 778C71384545F710 +21: CBC041D3BF742253 +22: 9C47FC0FDA1FE8D9 +23: B84E290D4BF6EE66 +24: FC3E514CE66BB9E3 +25: E8742C92E3640AA8 +26: 4DA275A571BDE1F0 +27: C5698E3F6AC5ED9D +28: AC3E758DBC7425EA +29: B1D316FC0C5A59FD +30: 2861C78CA59069B9 +31: E742B9B6525201CF +32: 2072746EDF9B32A6 +33: 41EF55A26D66FEBC +34: EC57905E4EED5AC9 +35: 5854E6D1C2FB2B88 +36: 492D7E4A699EA6D6 +37: D3E6B9298813982C +38: 65071A860261288B +39: 401EEF4839AC3C2E +40: 1025CA9BD9109F1D +41: 0C28B570A1AE84EA +42: BFBE239720E4B3C5 +43: 09FB0339ACCEC228 +44: DFF2E0E2631B556D +45: ECE375020575B084 +46: 1C4C14890D44EB42 +47: EA9062A14D4E1F7F +48: 82773D9EEFCAB1AB +49: 516C78FF770B6A2F + + +Cipher: safer-k128 +Key Size: 16 bytes + 0: 4D791DB28D724E55 + 1: 53788205114E1200 + 2: 4472BCCAF3DDEF59 + 3: FE9B3640ED11589C + 4: 4DDD7859819857D7 + 5: 6BF901C4B46CC9DB + 6: 930DBFC0DE0F5007 + 7: E89F702158A00D82 + 8: BEB661953BF46D50 + 9: 6F0DA64C0FD101F9 +10: 4EBBCE4E5A37BED8 +11: 996EAA0AF92A09AC +12: AED6BB9522E0B00F +13: DF9C643624A271B4 +14: 2E5C789DD44EF0CF +15: 86A5BA1060177330 +16: 2385DBA4DEBEB4A3 +17: 82E2FC765722094D +18: B3CA2161757695EF +19: F8A4C6081F3ABC06 +20: 6422316E1BEFFAC8 +21: C178511BFBFF380E +22: 049B8CBEDE5942A9 +23: 0E181292C1B1DEFC +24: C347BA0632A49E55 +25: 32FDA46669714F99 +26: 0523743E30C16788 +27: 782BE96A93769ED0 +28: 9F99C9E8BD4A69D8 +29: 104C094F120C926D +30: 1F7EA3C4654D59E6 +31: 90C263629BC81D53 +32: 1803469BE59FED9E +33: 1478C7C176B86336 +34: 362FE111601411FF +35: 6428417432ECC3C8 +36: D74C42FCC6946FC5 +37: 1A8F3A82C78C2BE6 +38: EE22C641DC096375 +39: 59D34A0187C5C021 +40: F68CC96F09686A30 +41: CF8C608BDCC4A7FC +42: D2896AB16C284A85 +43: 8375C5B139D93189 +44: 0F0462F9D8EBAED0 +45: C3359B7CF78B3963 +46: E4F7233D6F05DCC9 +47: 8533D1062397119B +48: 4B300915F320DFCE +49: A050956A4F705DB9 + + +Cipher: safer-sk128 +Key Size: 16 bytes + 0: 511E4D5D8D70B37E + 1: 3C688F629490B796 + 2: 41CB15571FE700C6 + 3: F1CBFE79F0AD23C8 + 4: 0A0DC4AA14C2E8AA + 5: 05740CF7CD1CA039 + 6: 24E886AD6E0C0A67 + 7: EEF14D7B967066BC + 8: 6ABDF6D8AF85EAA0 + 9: 0EB947521357ED27 +10: BDD2C15957F9EC95 +11: 0989B87A74A2D454 +12: 04C793BA2FAB7462 +13: 3DAD2FACDDFA3C45 +14: D1194935CC4E1BD7 +15: BAC0A2C8248FF782 +16: 7DD5894A82298C64 +17: A59F552A4377C08B +18: 8DDDE41AB4586151 +19: 7CC4261B38FFA833 +20: E99204D6584158EC +21: AACC8ED0803CB5C4 +22: C105CA72A7688E79 +23: 3D662FDC35B88C09 +24: A4BCEDC0AE99E30E +25: EAECF9B6024D353C +26: 214651A3D34AFF40 +27: 807099325F9D73C2 +28: 45EC21AEB6B90A24 +29: DCED39526687F219 +30: 2CC248E301D3101D +31: C7F37AB8570BA13C +32: BB9B31A34A39641B +33: 5314570844948CAC +34: 4581F837C02CD4F4 +35: 4E036B1B62303BF3 +36: 7B3B88DE1F5492A4 +37: CEF2865C14875035 +38: 14DE8BEE09A155DE +39: 3AA284C74867161B +40: 3616B4607369D597 +41: 07512F57E75EDEF7 +42: 710D1641FCE64DC2 +43: DB2A089E87C867A2 +44: A192D7B392AA2E2F +45: 8D797A62FBFE6C81 +46: E52CE898E19BF110 +47: 72695C25158CB870 +48: 29F945B733FB498F +49: 27057037E976F3FB + + Cipher: rc2 Key Size: 8 bytes 0: 83B189DE87161805 diff --git a/notes/eax_tv.txt b/notes/eax_tv.txt index 09df008..95cd7c1 100644 --- a/notes/eax_tv.txt +++ b/notes/eax_tv.txt @@ -199,6 +199,82 @@ EAX-twofish (16 byte key) 31: 2DC26D449379997D110309B2A0DC2760FCE8CADB4B14ED580F86C70F69C9BA, EFCB60EB2B25737E256BC76700B198EF 32: 2B1890EB9FC0B8293E45D42D2126F4072754AA54E220C853C5F20FBA86BE0795, 1A1B15BBC287372FB9AF035FB124B6A1 +EAX-safer-k64 (8 byte key) + 0: , 9065118C8F6F7842 + 1: A1, 1926B3F5112C33BA + 2: 2E9A, 5FA6078A0AA7B7C8 + 3: 56FCE2, 984E385F9441FEC8 + 4: C33ACE8A, 24AC1CBBCCD0D00A + 5: 24307E196B, DD2D52EFCA571B68 + 6: 31471EAA5155, EB41C2B36FAAA774 + 7: 03D397F6CFFF62, 7DFBC8485C8B169B + 8: 8FA39E282C21B5B2, 2C7EC769966B36D7 + 9: FEA5402D9A8BE34946, A058E165B5FFB556 + 10: 6CDEF76554CA845193F0, FED516001FFE039A + 11: DC50D19E98463543D94820, 8F9CCF32394498A1 + 12: 42D8DC34F1974FB4EB2535D7, 77F648526BCBB5AF + 13: B75F1299EF6211A6318F6A8EAA, C5086AEA1BE7640B + 14: 1E28D68373330829DD1FFC5D083E, 33EDA06A7B5929A2 + 15: 85529CF87C4706751B0D47CC89CEA6, D031905D6141CBED + 16: FE5CB61BAF93B30ED3C296EE85F51864, CC484888F0ABD922 + +EAX-safer-sk64 (8 byte key) + 0: , 5254AB3079CDCB78 + 1: 75, 798DCF14FEF8F4D1 + 2: 0300, D5FCA75DAC97849C + 3: 520F98, 10E357957CE20898 + 4: 80E2764D, 5C7F46656C6A46EA + 5: C48960CDAA, 3CCF44BD41F01CA8 + 6: E0E60BD9AA2C, EBB493983FCEE79D + 7: D13D8804906A1B, 6EDDCA919978F0B6 + 8: B7AE14C37A343BFB, 2369E38A9B686747 + 9: 5DE326BBCC7D0D35E9, 041E5EE8568E941C + 10: 13494F5B0635BA3D6E53, EAEEA8AFA55141DD + 11: A9BB35B14C831FDA0D83F7, 4002A696F1363987 + 12: E242043A1C355409819FABFC, 63A085B8886C5FDC + 13: 204598B889272C6FE694BDBB4D, 194A1530138EFECE + 14: EE3F39E0823A82615679C664DEBF, 1EFF8134C8BEFB3A + 15: 8579D87FD3B5E2780BC229665F1D1B, A832CD3E1C1C2289 + 16: 74D7290D72DA67C4A9EAD434AE3A0A85, 96BAA615A5253CB5 + +EAX-safer-k128 (16 byte key) + 0: , 7E32E3F943777EE7 + 1: D1, BA00336F561731A7 + 2: F6D7, 8E3862846CD1F482 + 3: 5323B5, BD1B8C27B061969B + 4: A3EC3416, 170BBB9CE17D1D62 + 5: 0C74D66716, 7BD024B890C5CE01 + 6: 6158A630EB37, B5C5BD0652ACB712 + 7: 17F2D0E019947D, F9FF81E2638EC21C + 8: 68E135CC154509C8, AA9EAEF8426886AA + 9: EDB1ABE0B486749C21, 355C99E4651C0400 + 10: DB0C30E9367A72E8F5B2, 631B5671B8A1DB9A + 11: D4E5453D9A4C9DB5170FCE, 75A2DF0042E14D82 + 12: 3F429CC9A550CBDA44107AA7, 2C2977EA13FEBD45 + 13: A7CA22A97C2361171B415E7083, BFE81185F31727A8 + 14: 170F79D8B0E3F77299C44208C5B1, D5ED9F9459DF9C22 + 15: 2E24312D2AE5D5F09D5410900A4BBA, 2FC865CA96EA5A7E + 16: 8F3C49A316BA27067FF2C6D99EC8C846, 9D840F40CDB62E4B + +EAX-safer-sk128 (16 byte key) + 0: , 22D90A75BBA5F298 + 1: 3F, 98C31AB2DE61DE82 + 2: 584D, F4701D4A1A09928C + 3: B9DEAD, 6E221A98505153DA + 4: 06D4A6EB, 0E57C51B96BA13B6 + 5: 7B58B441CA, E28CCF271F5D0A29 + 6: 7950E0D1EC24, 2ACDDE6E38180C07 + 7: 65A4F4E098D7C6, 7DC1C9E9602BACF2 + 8: FEBE4E72BAA0848F, C4607EA3F138BAD9 + 9: 9B7BD6D6D655985AA3, 8B2C58A9530EA6AC + 10: 60C92F925D1478470203, 51E6F5F6DC996F84 + 11: 7B40769370E651F64AA654, 74F1F8A8D3F4B9AF + 12: 7215832C2FB9C54DF7A9C686, 9BF9AEF14F9151D1 + 13: AD0F9C79008572AB8AE2466EFF, F375D0583D921B69 + 14: C05076E2C330A0D25D7CEC80597F, 843C12F84B00A8E0 + 15: D18F0563AB0278140B0CD9A9B07B34, 262B1688E16A171E + 16: 650747091F5C532EE37D2D78EE1EC605, 1BAC36144F9A0E8D + EAX-rc2 (8 byte key) 0: , D6CC8632EEE0F46B 1: 4C, EA19572CB8970CB4 diff --git a/notes/gcm_tv.txt b/notes/gcm_tv.txt new file mode 100644 index 0000000..79d3b8d --- /dev/null +++ b/notes/gcm_tv.txt @@ -0,0 +1,214 @@ +GCM Test Vectors. Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key. The outputs +are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous +step repeated sufficiently. The nonce is fixed throughout at 13 bytes 000102... + +GCM-aes (16 byte key) + 0: , C6A13B37878F5B826F4F8162A1C8D879 + 1: F1, 397F649A20F3F89A00F45BF230F26B61 + 2: D6B8, 1653F67C9C716D0FC59F3B14154DECBF + 3: 673456, E82EFC79B30CA5235E2DC8BE4C14265D + 4: 26DD7C26, B8D1F4DB845F7D7079DEB8920949C14D + 5: DA62AD1487, 828A42329320764E5FB74D44A6108F4B + 6: FB79F7D51742, 865415BD049E86F3DA2E0B6E25E1A50C + 7: 9D96D1034166BF, 50669247A5B338E183DE5139831CD6A4 + 8: B466050E1330B20A, CB264FA7853A1FFE86E1A07CFA7C7319 + 9: CF16F0B3D9FC6183DF, 647DD6E1F40F385E1DFE6676FB036242 + 10: 14D90928C7236050096F, 930CAAA5536406218885475CA823A973 + 11: 4F2322D66A7079BD7DF519, 3B3931D47413042FAF1313F1041509A3 + 12: F1497906F1D8F4F9E47E4BE9, 469FB0D62828427C2E9BA04041A1424F + 13: 2FAFA2A3EEA4C000702E58D1D4, C9A484FC4ED8644A06060DAE2C3D1568 + 14: 5D707F8ACF319413D220AA2FC2B2, 0EE9AAF5B1CF622ECF6C4F5E5FF4656A + 15: 2C19DBF966D24B2713F82B69934060, 8676246A2F7795ABD435B3C6B4EA6E7A + 16: B3FED6C2315CE6D98729DBE69270A11E, B8AC739AD154744A33E906C34D91BD4B + 17: B2BC44CE088BC3F654B9703D9C691F17B3, BAD8314A171BC0119942136C5876AACC + 18: C6E958E3E9AC836C9626BD66478974D26B0C, 4E6D61833E9DB839117B665A96DC686C + 19: D40FADD078B474EBCE130FB44DDB4824077988, F43E3CD978A6E328AF039CC70E291E1C + 20: E177B3DF83A117E55F255A6C2CD78AFDAFDA307F, EEF1ABAAB9CBE0EE317CC79E7E5E24B8 + 21: DBB4569B3E305E4525F1F7B3D2AFEF226F397E661D, 65ACFB70132EEE1D47319A550A506DB5 + 22: AC2CAF77718DE59131A6B745DE9F3A9897B17580EC71, D8DB9006A9597F640F2594340D69E551 + 23: 8F62022F72A0D769D2D095A55E28832950870B2B44B0BE, A7E196F869071B7BB713E8A2D15627E9 + 24: 37F5640F820384B35F13F8C8C7DC31BDE1E4F29DCFBDA321, D5765C39DBCA72AC89100CCB8864E1DB + 25: 25059BFC302D0F8DD41BB22CF2391D456630C06F1DAF4DFA86, DC2FFD153C788C28D251B78AB8B7388C + 26: 151F158CC4BA9393FDB153C4C72911C120BAB519FAF64719133D, C61915006038BF15DED603832FD179DE + 27: F5DCF4231482F72D02F8B9BE0A41113D35AEA1CD85021CEC978D9C, 9CBD02C557180FBD0868C87A0BEA25AE + 28: 5D88B5554A2ED73054226473676FAA7159CE12B5357D635DDED35B5A, 5AD11CD6B14C59E64B5B26DFBD00FB5C + 29: 5696C7066EA09A30FC8BCBAD96D48A5E5FBCC8756B770F0A89B8711911, B9EA5F3BEF0599D385A9ACEBE4064498 + 30: 1240FED47B305AC1883F8CF137D58E79052B4E686DCA1423A6A2BECBD5F5, 036A5EA5F4F2D0BF397E8896EB7AB03D + 31: AD9517BF392C1EB56D78EDE1C41F3C73B72304DA47F400C390C86B37A50C2A, EB3E026D518EED47F6C927525746AC54 + 32: 2AE1CEED83C6490A7E5752E91532406EAC6FF4B11AA770EFFF1B255FDB77C528, 74BFBC7F120B58FA2B5E988A41EAF7AC + +GCM-rc6 (16 byte key) + 0: , D595FEDAB06C62D8C5290E76ED84601D + 1: 4D, 47A6EDEF8286F9C144B7B51C9BCCCACF + 2: 0085, 9788DDF89843EC51120B132EB0D0F833 + 3: 463701, 673CB8D248E6BECD5A6A7B0B08465EF6 + 4: F5B3222C, 1C424282D7FB427E55285E20FC2ABFF9 + 5: 3A4A8361B2, BD40E631B054F280C7973E5AB3F06B42 + 6: A475866BF2C5, 2067F42FAAA6274270CF9E65D833FDED + 7: 689D0D407172C8, 3BCCFFC64E56D5B753352E1DDD5CCAA3 + 8: D9CE4B051202A1D3, 79B0CCDA3D0B9C9BCF640BC9E6D9CE0D + 9: 0317D68BE098D276B7, AF35043DB6213DC5D4F3DFB8E29EE537 + 10: 154CEF0C6F37AA0A73C4, 61E598A8C6D17B639F9E27AF55DD00F3 + 11: C3DB1B2B6CCC9170B9C05F, 966871DDD6E110711FB9DD733B6B2B3A + 12: E4F22383C75BC0FB0E59C5E8, 971536AF878F4EED68F59046C928EAC8 + 13: 2FBFB99AABC6209FB8664916DD, 68D0BF2144AD1ADECC4074DAE58540C2 + 14: 5FEEDFD09BF89719A34CDCCD2AAA, 64DEB7D5E6891103AA54C0EB366715D0 + 15: E063A076E0C770FB010D26C3AC3EB5, 0CA321B2A7448FEEF84D4E0AD5BA2DA4 + 16: AFB0DB9959F0906BD346C2D81DC5412C, 425627895E2C4C9546D3227975585459 + 17: 79179C0D4D6C5E0741DD4CA1E8CF28C75C, D0188A344A1CEE52272FE6368DB0FB75 + 18: 8A75521139B0DE3C08C9EAEB77D8018A39FE, 47FCC200D8A384320D2F1A5E803A9991 + 19: 0399381D0A975AE3980A9FB75B991C055AF367, 034915370AF94B96A8A4E50FF9B134CC + 20: 8C189094DB13FBE62EA5C4A53C29A428ED587BA2, 99C58F838423033298897841ED526347 + 21: D91F5144B525AF5D47EF4D5F0AF9915447A55927F9, F6750BF7E089515D35B47BC1C65E2E3A + 22: A4E26B554AA277057A5FE3FA08A6138CEEC6D69BB1D8, 7BBEBF52D8251108C7AA1025E213EC44 + 23: 5C1A8C3A46FCA90D73675706313CADFBB90A535A4B3D5A, E35244A2633478BBDAFCC81161F28B80 + 24: D69F7264FC594057B89181B83582D799AE54E9EE4FE8AD48, D4B29E5C25F9477D9345526DBDE9372A + 25: AFD322D0AC4AF38D5B9CBE0DFE85618C001A7A77CD8FFFCB3E, AD06BB9C59D23D258D6A2AEDD946AA20 + 26: 179CA8395CD8E75B4E5EA07D25C8036AF08B1A1C330492523D36, E3704C4341A834C087500E332B7DEAE9 + 27: B9178EF7774684F43F1FCE99A4319B5A4D167B0A848551F562CD7C, 5D5082FB02B9B494D5883DF49DB3B84B + 28: 830FCD15A09EC61245D7DA258E308E76D3B542F2345DBFC11AE983A3, F50C3332F8D91911BDACCFE228565E5C + 29: 179619B8C7EE9B3121405BBED2AC102A027E6C97EAEDB5ECFEB13792EF, 859EBA3BADCE6E5AB271A261B26DE28C + 30: 14264C7E0A154119BF24B7FCF434E81440D42D54738F0BAE55836849AB85, 0B6C9B9CADB1B6EC71CEA090C8C72834 + 31: 0D7A316F8B873F62CF26CFC569179AB11CBF09D3467936A85ADC265B2C9A8F, 866AE7C51EC2D9DEB32748A1C8B61143 + 32: F8FD1F967CD3632805AD7FA8ECB40F530927DD5C49D31FDBAE49738E2315905D, 9CB1CB84A727C9F42555EB566E0A1DEE + +GCM-safer+ (16 byte key) + 0: , F769B436C7FB7C0C822E24BB2B2555D3 + 1: CA, B156298625F5634FA012B23044437807 + 2: 4960, A64C73E890F3D77B2C3B3C76C2D913C6 + 3: DBBB8D, 686651A017F89A22F9FE96533C85C52C + 4: 150AD99A, 177F7DE9E897DACCAB7EACEE3CDE7601 + 5: 077055065F, 48B4309C76CAC37BDF11842311BA6CD3 + 6: B2F8CE062C06, ED04DF96C06959524956E8AC5C338457 + 7: DCE718211410D8, 3F8D8180BDEAC2F018EA81615177CC8F + 8: 0F71E2772402AC83, 2130481B2CA7B4B4C8F3EE73B3B3C28F + 9: B69030734E5ADF753C, 8CC4B62BFBC3EA56CCDBF0ED318C784D + 10: 6B8A91ABC1BF2F2D0176, 86EAAD80D148A48086987A40A5631DEF + 11: 44AD00799EC8E62E34D6A1, 016830D58F06F75E54531B45D9E785F9 + 12: 0C4B9381D78E0F0A78B3CEAA, 4A79C58DAB131A22F172F9177DC4158B + 13: 2C56D4625876524B4D8D5F079B, 7B407F704225B25F1F136C984E564147 + 14: 36424D69BACC56407D345B3D7B4D, EB126C255A2DCFD32F69DD5CB61876C7 + 15: FDD3E091C0420D1A4D4A848757FCC2, D319C5C07134D67BA42A4BF312CD874D + 16: EFAF6F117EA9A4B4B83052BBF5A07DB9, BB09D473FE82257146E7ABC2EFF6F631 + 17: 19B71383C414BAC3EF252FFF09F5ACD777, 526DC9AE6895ED33A34A9A4ADB07E1B6 + 18: 9AB6DFDB930D26E00B3D98DD5AD014E08756, D70B95B20C106A5A03F9B803D2CAC3A0 + 19: EEB3C236C3031DE4C3F94BD746677AE84B271D, 9483BBCBBFDBA1CC5F6392DABA2ACC19 + 20: 3A0EBC7536F8717E8FDAFEDAC39E8F1F43C0627A, 3DA7DC2475466CEDF01EB543870A74FA + 21: 79D28D2F149E1D97E910342DF383FCEECF5AFD4C6A, 2364F33BCF6F07E381F7E26DAF802D83 + 22: F1D7C319BAFB740332CA19AB0C9B71728D3AE69BFAC2, 3D4AEE9780A5C98CBC69606CDDDB31F8 + 23: 1A0D80381A186673FB7B52C40AB6C46A11AB0889333C20, AF5C17E3D0D9724EDC1FC438A16B4EBB + 24: 5E503440B22DD6AE6401BA4355C8791BACC598C9E0F1412E, 156D8221BD61F5C108FC18FB2F50D159 + 25: 7784EFDC6F0FC56FCADAFF17BB52DEB35B64FA19C3F391BDFD, A291E8238EF158A2379692077F70E8D0 + 26: 184B6E18032D1A70CE5027912E447C357C72EEF7B20EF0FB256C, 0FA0138FB9480E0C4C237BF5D6099777 + 27: 7AC8FCB64F35B71C5ED0CCD776B1FF76CE352EB57244085ED34FE8, D995B3C1350CC777878108640C1CADAE + 28: 86C7A01FB2262A8E37FF38CC99BF3EFAEB8B36166D24913BDD3B91DA, 25EC6D9F69168C5FA32C39631B606B55 + 29: 91F5D3E3FE0B1976E2915B8DA3E785F4D55768FD727AEF19FA1552F506, AF902DED55E386F0FC4210C97DB9446E + 30: 7ABF5BD9CB2EFF8382C6D2B28C1B0B25540E434123AC252046BDDA74DA32, 713259EDDA9B1B63EB68E0283D0259DB + 31: 5634B23ACEF2874BE0591BE3268C4538698FF2D93D59B39BC86D0137DACBAD, C4054796AFD335B43C60E7E634122BAF + 32: F26C68C36B1E56449595EA4E162391E0C6A306592949F69797B6C2327E533ADB, 7B392AF776A94983078814B6B8428BFE + +GCM-twofish (16 byte key) + 0: , 6275E8CA35B36C108AD6D5F84F0CC5A3 + 1: 38, A714210792F9ED12A28F25CAE3B3BC5E + 2: 8E2F, 6357C1F125723F2244DAF344CDFCD47B + 3: 900A4C, ED4E0B318346D5B9B646441E946204E9 + 4: 087EAFF8, B871ED95C873F1EFA24EF8B6915F447D + 5: 63FC9EFBD4, 650D0ED98CBECA07040AB97B97129360 + 6: B6081E94AA19, 6A3BDA8030C5A79B6B9087555A1DA67B + 7: E10A7B9CBB20C2, 59EB55DFD0A37C55A869834E597373AF + 8: 94E947FEE05780EE, 354918527F855264E37DB6892E868050 + 9: 9A80C567AA50220862, 814EE57CC9D51D7D900AB4840C4B072F + 10: A8741BE1E42BE207C416, 2B28AFD8ABE20664D8BAD7535F82F11A + 11: 6AB7E3C68B6682023E8190, 5E48B67541FE83969952394F84D29E93 + 12: 4F66FB634EB258CEE2955D84, F2632C2135B6E1144673B0EF73499818 + 13: B29042F3877C2F5E694953C5F6, 03268A30499D57A06AA873EF00160C3C + 14: DCC7B5D9F58C88F54A9611389B8D, 5515426FF7CF2EEA91BE2B3752371CE0 + 15: B665488BCD75FC02A0DF7994B7CF98, B721531E2A317C254FA2ED306ADCF96C + 16: 9535DC8A72645E34F948B71A5159AA9B, 5CEED93DE128044F0471C65AA8F21D29 + 17: 5CBFC61A23D28562FCA929375E5B585327, 3AA842B21631968D1B58B72FEE090EE1 + 18: 2AC3F780B956A933C0B8565EE527173B8CC8, 16EC4B6D8E2CF3CD0D16E7A5F401C78E + 19: 5067FD65870A4EBF6C7FA811A15270E7F8F17D, 9A7563BEDADFA6B6E48F5C13FCEAED6E + 20: E3A65A188077E5DC171CFF30BE8B27F10F015166, BD5B3D84D0C1DD51A3909F849141B57F + 21: 88D0A65C105823E68BE3987CB205AE0C1A27588FCD, B280221AD0BD83E1D6B37F331F326AB5 + 22: 7C56D987FEF6807EEFAFD4C7EB9D72AA0E037979D91E, 686E1268A8DC9CD0192A383EA6C2D975 + 23: B23CCD0A076CB122750B634B9E6551E0585EDEA18C3245, 6DF30A7F0728E2D549AA411AE375E569 + 24: 767BC3AF206E67C9E27A4D7E814F3B3A65D27BB70BA9DD4D, AB2B16C031FB2C8E85B3B2B38A5CBA4E + 25: 9ABF34ABD43705D62F377449461C5DC239A2A86E5A98AFB159, 3DEDEDA85E6BFB53C6F18726CD561604 + 26: FE756344C05CB12AA0673F1C2069A86556E583FF4B7313A0D395, 21CB0E0BABC3C7E547F5CB207295C0EE + 27: B70F16AD19A6B0AF6D8DBF4E98D7D5ADB944D91BD889D9390C3E21, 2AE67812A22C1C785D3BFC184A1C74EA + 28: A6389032AA9D08BDBAAA5E230E5130665FB4F0CB868F3F20C4C5438B, ECA054EFA3F39400A587839C4F0605C7 + 29: A55A41315EAF3A67A0FD0E14C6E04D03A5E38D0F756719F4A0800B290A, 7A5277809D4B65E663603099B4DFFBD8 + 30: E739633579AA6201A024B9873F28412BB08B08B8616D611BC9D07979BD3A, 390038A93AFD326C5CC1525A24CA91AD + 31: ED3266F8B0DAA7C3DB7814427E8139831CFC0EDE668F0DA83FF7090154410D, DE440EC2C6080048BFF3C5455E1BB33F + 32: 4D0F751B55DA3A2E0B28DE59E9680669FCB5984E9C0DB942DBAACDDEF0879731, 62F96CFE31D3D6AAA0B9F5130ED1B21B + +GCM-noekeon (16 byte key) + 0: , EB5A8E30D5C16311864E2D8D32859ACB + 1: 88, EAB88DE1EB7BC784A706B2D7946798D7 + 2: BA1F, DC3CEC6AA324AC7D053EFF7A99AD3069 + 3: 9A1457, 4AB65831DE378DFF71C20249C7BEC05E + 4: 2F9496D6, 800745CF95EAE3A698EDF9EC949D92B7 + 5: 84153177A2, F6A05B654435ABDF5F696C0E0588CB5C + 6: F80B7865C766, 2334D0061FD488D15A6AC8E44EA1F4B9 + 7: 872EA486B4EA9D, 3A49671DE347F675AD7904DDF4255F3D + 8: A4EE5750507FC831, 956D09F7C5FE812C6FB982E1DDBE864A + 9: B5874AC964FBFC1A97, 90FBC75F45BFF58B3A1100393955D0C2 + 10: 92FF5FCF1EC675E02E71, 983C96A7BD4A0DB5D3B877911CE8A6B3 + 11: F7BCA69A9C7033D84A2BA0, D4ECE5BB9FFCBB331A646D9CE8078634 + 12: 5E1041B4554C8CDD14AAF16D, 1EF777F307CB96788B9120FFF8A8BC2F + 13: 7BB7289FCAD209D7992EB7AEDC, E8AEFB830DBAED2B4A790FFEF940A20B + 14: 12776A7C937A648F0A8628AD8C5C, F070283852AC030819EA67BF82C719AA + 15: 7293476D9E935EAE9DEB66F697F662, D6322603671153A1EC1453CDA5978E15 + 16: DC12A86C85E7358919BABB15A3BF5FD7, BBBFA467EBA8124DFEC82DB0137D56B9 + 17: 0CC1DAD00A987F9C57E3660D9417F226E5, BB8AF5A0B5BC79BD11C5D41CA80CDE2C + 18: D0049115D6EB5495FB391CDC494022AEAA48, 682FF357B2BC059765C29AE6CA668D0C + 19: 48FC54A401B4C06CE8567AD298B672191C7E84, 493A4AF4C2A8828FED8442C4EFF877F6 + 20: 90779795821CB1B7DBD97028E29DC1CE7D0CFAE0, E126F485F73B6F7B3894B4CF7E1C5DDE + 21: 8CA5C246C8B7C04BD7171CAE2D1A892D66302433F8, 5D73149A3635A86B3C34DEA5B95CCBCB + 22: DF082B665F7A952B2604C04554B81393FCC7C0B816C8, D3569ED7D431176B286EF22414E4CBA8 + 23: 761908530C9069E189649ED24B6A68A89B067C31E9868C, A258BCD83D3FBC7AE2AEF7516025AB36 + 24: 717048F5A31F3C89D3704F90069AC5D5174118770C65BDA1, 067EBF18F7E3DF4EA13F9ABAC682C2A2 + 25: 08C6FCC5D3099347C3FEBA3858A6C22C51298CB591DDB77827, B57BFBA40BE99DF5031918A1A4E2CA80 + 26: 2CC53EF7EB954234E64CD4D60FB1D7157A489ABABC10900FFCDB, 236E769611D16EB7F463B7578770F886 + 27: 2556B46F2E831223D632F2691329A874F517687AF81B8322AC55D7, E213A90DBC31DC261A45A9AE41CFEEC3 + 28: 71241792728594D69791B80AD6DBC6417D1D14D222DF5E6F834B82C8, 601F97617708B1945BCDA8A82496EFB1 + 29: 5003DC2EAAA23F9E2221CCBB9E20116692CCC99B3CFBD0DDD3A8491E7C, 3743155B792012845550205C8949B73E + 30: D0589675357E850333F854FBA160688F06D122DEC00CC2620DA0B2770765, 20E085752FC4D37791C22501ED1DB6AD + 31: 645B46D2D114EE7329F14AC1D94E6817EB385EB80C61F014F90530749079EC, 8A18DE86F9555A1070D0BFEDAC15B14F + 32: 068389206D37BF5A41C58075FC98901C3B42E6F2F13C09F4E92524021BB1C1C8, 370B86914D63CFEE8303D538A6BEA0E7 + +GCM-anubis (16 byte key) + 0: , A0061C2F3B2295BFA33BC74C037EA8DA + 1: ED, 9E5648DCE40DE37B56C557D26CB18D83 + 2: 6719, A6605253C59A101FF85C5102CE92BE45 + 3: B8873D, 13F3E3ED3646BB296EE4ED5D6379A21B + 4: 5AA6E2CB, 1812E8385D15B5BAE043E4E860BEF490 + 5: 4F6F4CD8E9, 8A80BC5E08929C42A5A74C5D9ACC0C6D + 6: 2F0D8B483CE4, 316F588F78FC6A9196C97CE59B9B63B6 + 7: 82D885FDE1F948, 7160BF556614511F53738A92B5277056 + 8: E4931462AD41B6DC, 7CE24C4D6B499975FCB72B5E2275ED56 + 9: 503AA70BE698BC5B41, 10EA0C61FDBA8FF7B4E9927BCCEFD911 + 10: 6B2D213D14B5D25EBE36, DC3222AED12EE26D3D14E2E733EDB2A7 + 11: 7D8B0BC1B7443E7267371E, FCACFC73E391865BE86E041F51C45E81 + 12: 9EF3BF8609E133BEB10565AF, D84326D4CAC9D5B74FCFD8CBAFE79E77 + 13: 59AE7B1FDE1178CEE7F63C4894, E1BCFCDCA86CAB9C684F7D21962D580D + 14: 564E7B8BAC5582A3BF1178916569, 54804D8DF4D7577EF65C15487695F840 + 15: 758A6DC437C8821274B0F16F911BAA, 19DD27500915F425F34F67CC2374DC36 + 16: 0468C94A88A27AEEE2B3A973065E53CC, C743996C6F49363B2F4613F24703EF7E + 17: 3B0CABA5EEE44B7BFF0D726ECED54763FF, 14D9D09815BCD91DCCE2F5AE1A9929CF + 18: 5B945D83B98C43B0248F9BC0479E332869AB, 67A275F0313D4245B1965411CFCC8F17 + 19: 97332441CA96DE8553A3C6D898FC6D90C86DBF, 73150EC3D6327E3FC8015A6192652D3B + 20: B9A1778FAF9767160D0D87816ECE1B99AA727087, 0C173D3C4078392CE377313C48D2BAE8 + 21: 5882B73911C7D26EFDCCA3AED2EDC8A8BFFE75B1F8, 8F8C535639A0B59537E590C7FC9D2E53 + 22: 70AEBED8CCFFF6E5CF06F3E841D12387EF8D6C7B4BDE, 4B00C27FCA9BEB82331CC8EB13DCC580 + 23: 345CCB52BC20DC5F1BF5EEDF5D72A6C48F402557FFD342, 1A790A39573B853DBB8E2E73B7331014 + 24: 0637C78A817E91D63CE18CEAF8D65C6107283A90C5A97842, 52786CB81724E12C76A0D23D4680E36B + 25: 59526D1E86A473DFB720FF25E97D6571077845F73C5E8322F1, 369FBA7823FC83D727FFD25D10130987 + 26: 2933BB4E7603C313B62332827601F8189E14C1F08EA547E15AB5, 204520E365DAFF6551B01562A4CEFDFB + 27: A4098CF2A48A1DC2BCCE65CCE8DF825AF51E7E5F94B6186FF85D77, 9833EBB9A1D5CD0356E023E2C3761C2B + 28: 26557B942FD6913D806672EB01526DBD5D6F532F78AB6759DE3415C5, EDAACDD101BC40EE6530D8B5DC031F31 + 29: DB92C3D77DF0C8F4C98845AA9AD43FB800192E57A53E083862B7E3FAF0, 628DEB1E345303A40700289052080FF8 + 30: FC57BFAC2C77781723C2B721886D44ED67A52D9AD827874BC4EEC0A97281, 9A222DBC47B4AB4E520D3CC5850D4DEF + 31: 72DFB9E91A78EAFE758B4542206A4A957B4523A58428398C11BCF2AEAE1938, 307D0B876130E82804C1167E03B69B2F + 32: 7275C6EBDC2680DFCB73326A987D2FBCE83E40A9AEFE6351CFDA7251A6FE10A6, 895E6EEAA9BD88594903325A063CA45F + diff --git a/notes/ocb_tv.txt b/notes/ocb_tv.txt index 6e0ff9d..6429228 100644 --- a/notes/ocb_tv.txt +++ b/notes/ocb_tv.txt @@ -199,6 +199,82 @@ OCB-twofish (16 byte key) 31: F175230606040ADACEBAFE4D58BBD140B2D45E8BF7E5C904510B58E4B53D3F, DAF579E1A12481D39F4DCFB7C28794B1 32: 261388D491EF1CB92C261FD9B91CAD5B95440DE0A747144EB8697699F600801D, 749056EBEAF4F20CD8746AA8C8846C47 +OCB-safer-k64 (8 byte key) + 0: , 0EDD2A1AB692AA7A + 1: 3E, 306F814F3C2C109E + 2: 0593, 063D19B734C34715 + 3: CA72C6, DF6DAAFAD91BE697 + 4: 08924AEE, 15095FA49E789483 + 5: 359908A6CD, 16CB7F0741BA4091 + 6: 97F3BD820CF4, A59DB15B67B95EE8 + 7: 0A267201AC039E, B4FFC31DBCD8284A + 8: 9F6ACD9705C9ECC5, 6B41A938F0B1CAEB + 9: F355D5A937DD1582C2, 9D1F932E521CB955 + 10: ED39758CAF89E7932E48, 398EF517015F118F + 11: D8ACF19363A0E0ADC9321B, F98B2A30217766AA + 12: F8F54A8202B0F281ED610F33, 36EF7FA4A20E04B7 + 13: 0F8677DF64B5982DB6E2299140, 4DED2DA806834C81 + 14: 0C357A9DC321C93B3872881503B0, 7814D1C0C6A8900A + 15: 10B6B1A261C3015A18110AD200A7B6, 9A814D6D2BAD850C + 16: AA9EA9D1BA7818C0D2EBF23781A5467D, 236A24FC98826702 + +OCB-safer-sk64 (8 byte key) + 0: , 76F16BDCE55B3E23 + 1: 63, F34B0B471F6F8F75 + 2: 8651, D7EFE17943D35193 + 3: D45504, 263224E50E7E9E75 + 4: 57B414C3, A553D6CABCA0F285 + 5: 4976E3B303, AC5E9969F739EBD9 + 6: F10AB8EB94E0, 8301FFE68848D46D + 7: 6E954593AC427D, C1CF93BBC0F92644 + 8: F48F44441B898C0F, 698FFAED1A95E8E4 + 9: 1DC60156D62782E3D0, 6AFF0DCC65D4C933 + 10: 71920ADC8997CB8B3A72, 1C101C6A27CFBBBD + 11: 890ED7492ED914AC20391B, F66DCD6205D945C6 + 12: 1B9FAB84A8748BAC187C7393, B450757FCAFAAD52 + 13: B4C89E1BB280DBC265E43ACE15, AE6BB3D2E6A371FF + 14: 24B0C28944BDF22048E2E86644F5, 84E93E2191CEF17A + 15: 8F2D5694D55EE235168AAA735943AF, 514252AEF2F2A2D9 + 16: 568B7E31FFDA726718E40397CFC8DCC6, 3C80BA7FCA9E419E + +OCB-safer-k128 (16 byte key) + 0: , 4919F68F6BC44ABC + 1: 65, C6785F7BE4DE54D3 + 2: E1B0, C197C93B63F58355 + 3: BB7247, DFE092EF8184443B + 4: 38C2D022, 943FD999227C5596 + 5: D71E4FD0ED, 51040FE9A01EA901 + 6: C4B211EADC2A, 329429BE3366F22F + 7: 426DEB3FC3A4BC, CF1C976F6A19CE88 + 8: A6F813C09CE84800, 98D9FF427B3BD571 + 9: 4D1A9948FD157814B4, 5A389FAEEB85B8C6 + 10: EC3EA142C3F07F5A9EEB, 31E26E13F032A48F + 11: A75FB14365D1533CD3FBE7, 8EF01ACC568C0591 + 12: 891582B5853DD546FF3EA071, E013CFFE43219C21 + 13: 54CA848C49DCDEE076780F21F4, 298EFC7B4D6B6CFE + 14: EA7611C69A60F1A2EF71D6A7762D, 7D9AA51CFCEC8101 + 15: B2D1A211BC524B965A084BB4B21710, 7B2AC0EEB5216892 + 16: 5E81F1BFA270E804A488C9BFAB75811D, A67F627CE1E37851 + +OCB-safer-sk128 (16 byte key) + 0: , E523C6DBB3CA178D + 1: 5E, B1CB7EBE5780DF98 + 2: F4D8, 8036235F2BE7A817 + 3: 4FE268, 123320394EAC24F6 + 4: A5BA02B4, B8276B5E027D45DA + 5: 1571859CCC, 29406C5F2DF2CFC4 + 6: CA1E47447B95, 5D4FAF8FD5341791 + 7: 8710DB37022D96, E10040FEA9AEA9C2 + 8: 205990DC9A34DA3C, AE25CB49AA7A697B + 9: 757AFCB3191DC811C3, AA8CADA8638D6118 + 10: 6994F8C153522361BB92, 1BCEE09E928EB18B + 11: A86FA0CDD051BB60AF5AA8, 50A38F8E9889354D + 12: 8D3FD3EB7FF2269AACFD24BA, CB51CF84CEFC45F0 + 13: 03D2A313925D9490FC5547F95F, A1FF9D72E11C420B + 14: D77C0F0F600FE92F14F479FA457C, 1EBE1B4B9685EDFA + 15: 0CAF0A8BEB864E26058C7DF8EBA0EB, 1B153DDAE807561F + 16: 113D12716DFE0596A2F30C875EC6BA0E, C61F5AC0245154A6 + OCB-rc2 (8 byte key) 0: , 1A073F25FF5690BE 1: F4, 3D3221E92E40F634 diff --git a/notes/omac_tv.txt b/notes/omac_tv.txt index 25f026f..56d8da6 100644 --- a/notes/omac_tv.txt +++ b/notes/omac_tv.txt @@ -199,6 +199,82 @@ OMAC-twofish (16 byte key) 31: C24FCA5DD4AE0DF2BFF17364D17D6743 32: DC6738080478AF9AF7CA833295031E06 +OMAC-safer-k64 (8 byte key) + 0: 726FE2DD40A43924 + 1: 2A138B65EB352621 + 2: 9588A1B53E29616C + 3: C025DEFDE1A59850 + 4: 73D062F1B6D8E003 + 5: 944598A2FC8A2D76 + 6: B176C25D8CAFFC98 + 7: 14F05014DE6A090A + 8: A7B9847B2CE22D0F + 9: FCD71310CBAA3A62 + 10: BFF00CE5D4A20331 + 11: BEE12A2171333ED5 + 12: 333FD849BEB4A64A + 13: D048EC7E93B90435 + 14: F04960356689CFEF + 15: 9E63D9744BF1B61A + 16: 7C744982F32F8889 + +OMAC-safer-sk64 (8 byte key) + 0: E96711BA37D53743 + 1: 7DCFF26A03509FE1 + 2: 0A20EF19C8EE9BF2 + 3: FE2883748A6963CF + 4: 557060195B820A18 + 5: 771A7931FBBE5C0F + 6: 6BDBCE5F96CF91D8 + 7: F3B924CCE8724595 + 8: EC7191286D83C2C3 + 9: 94F55B19BB7A8AC1 + 10: 2189F4F2B06A8CA4 + 11: 99853DAEBCA33A46 + 12: 66EAC37A033802D7 + 13: 845D7AA866F8A8AD + 14: 33A874DFECAC22AC + 15: 63DD9F7A7F3683DF + 16: EAC277D951676C44 + +OMAC-safer-k128 (16 byte key) + 0: 8037B89AF193F129 + 1: FF2314E87BA6AFE1 + 2: C3243DF896B61D85 + 3: 0F61C715CE821AB8 + 4: EBFDC6A9CFD2F5A4 + 5: AB6497D7AF2C7FFF + 6: C920CEEB7C1819C2 + 7: 3E186951B545A7E5 + 8: 5EA36A93C94AF4AC + 9: 6A2C59FAE33709BE + 10: BF1BAFAF9FC39C19 + 11: 69EB6EF046677B7C + 12: CDDCEE6B20453094 + 13: A3833BD3FED6895C + 14: B6C05E51F01E049B + 15: 90A2D0EAB739D39B + 16: 07BF607A161D0A66 + +OMAC-safer-sk128 (16 byte key) + 0: 5E8B137A3946A557 + 1: 0228FA66B13F3C7E + 2: A6F9BBAFF050DCDD + 3: F75880F684A796CE + 4: E0AEFB8E32040EBD + 5: 9F65D658B86D310F + 6: 3FA52804FB46CCAA + 7: 2F6D12D199FCD2FB + 8: CB56AF60AFB4D2BB + 9: 8E6F0FF6FDD262FD + 10: 490245BE3CCCEDE2 + 11: EFD319AE46C73005 + 12: 43E00E545C848995 + 13: 10444B41ECA15EBE + 14: 521775C389D5BE71 + 15: 9B683EF8B097FEBA + 16: 3C5D746EED09530A + OMAC-rc2 (8 byte key) 0: F001FE9BBC3A97B0 1: 8F8DC9C952897FBD diff --git a/notes/pmac_tv.txt b/notes/pmac_tv.txt index ed0b7fe..e0a1900 100644 --- a/notes/pmac_tv.txt +++ b/notes/pmac_tv.txt @@ -199,6 +199,82 @@ PMAC-twofish (16 byte key) 31: 0D06F2FAEC5AA404A4087AAEBC4DBB36 32: 0F396FE9E3D9D74D17EB7A0BF603AB51 +PMAC-safer-k64 (8 byte key) + 0: 2E49792C78C1DA52 + 1: 7A5136F4FE617C57 + 2: 6FC8575F6F3D78EC + 3: 7C0373CAEAAA640B + 4: 9D469E7FF6C35D31 + 5: 7755D62DD7D88112 + 6: ADD9E7855A958C9F + 7: 752D29BA8150F18E + 8: 0954649A99596104 + 9: 05D4D75A9FAE233D + 10: 1AADAFD7B4B250DA + 11: E7A8F31ED74DA32B + 12: 1A74DF61BDB9DF94 + 13: C38A67B1955C4E0D + 14: EBADAA44746ADF16 + 15: C0BFBB092CE81D8E + 16: 984975657F3FF2B0 + +PMAC-safer-sk64 (8 byte key) + 0: E8917E1629E7403E + 1: AE8061A5E412A647 + 2: C969771CE5A9B0C6 + 3: 78159C01D0A3A5CB + 4: 1DD4382A8FC81921 + 5: 4086880FD863C048 + 6: A520B45600A3FA1D + 7: 0F0AB5118D7506C4 + 8: 22E315F2DD03BCC6 + 9: 5ECB5561EE372016 + 10: 446A9B2BCB367AD6 + 11: B2107FE2EB411AE9 + 12: 5A539B62FB5893DF + 13: F44EE1EB3278C2BA + 14: 293FEA56D1F6EA81 + 15: F38F614D2B5F81C4 + 16: AB23F7F8F4C12A7E + +PMAC-safer-k128 (16 byte key) + 0: 7E0BDE11EC82FDE6 + 1: 8942FB017A135520 + 2: 0B073E6D0F037A02 + 3: DBF88439D671ED4F + 4: B89427ED1121069A + 5: AA8573DAC66D2315 + 6: 12DA3144BEF13FF2 + 7: EF80413CBA281B3A + 8: DFA7114D8505EEBD + 9: AE53607F3E6F4A54 + 10: 3F2C9395CFB9F78F + 11: 67EB7C5F02760AED + 12: 3EF4CBB4AB5B8D1F + 13: 83B63AFA78795A92 + 14: 5DE400951766992A + 15: AA8791A45237CF83 + 16: 7743B18704B037CF + +PMAC-safer-sk128 (16 byte key) + 0: 8F1597FFCF6FB7C1 + 1: AFF8BD8FF9F3888A + 2: 65F89D82869D8B42 + 3: CBE1F06476B2D5BD + 4: 4878D47FDFECE23E + 5: 4751A9E6D61AB2A2 + 6: 003AC162AED4DED8 + 7: 1F617A5555092C22 + 8: 088EE0C35B607153 + 9: F840B485086F9908 + 10: BA99E0FB5D7D0976 + 11: F04AF6DC4BAF6887 + 12: 5DBBE40AF2F67E4E + 13: 7F52A93E87E29C9D + 14: 7B26A14A4BD5B709 + 15: C34F26E08C64F26B + 16: 291A41D479EC1D2A + PMAC-rc2 (8 byte key) 0: E5AF80FAC4580444 1: 6A15D6211EB4FF99 diff --git a/parsenames.pl b/parsenames.pl index 9047cd1..d6466c5 100644 --- a/parsenames.pl +++ b/parsenames.pl @@ -11,10 +11,12 @@ print $b; foreach my $obj (@a) { $len = $len + length($obj); $obj =~ s/\*/\$/; - if ($len > 80) { + if ($len > 100) { printf "\\\n"; $len = length($obj); } print "$obj "; } +if ($ARGV[0] eq "HEADERS") { print "testprof/tomcrypt_test.h"; } + print "\n\n"; diff --git a/src/ciphers/aes/aes.c b/src/ciphers/aes/aes.c index 7df04f2..e698efd 100644 --- a/src/ciphers/aes/aes.c +++ b/src/ciphers/aes/aes.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /* AES implementation by Tom St Denis @@ -39,6 +39,7 @@ #define SETUP rijndael_setup #define ECB_ENC rijndael_ecb_encrypt #define ECB_DEC rijndael_ecb_decrypt +#define ECB_DONE rijndael_done #define ECB_TEST rijndael_test #define ECB_KS rijndael_keysize @@ -47,7 +48,8 @@ const struct ltc_cipher_descriptor rijndael_desc = "rijndael", 6, 16, 32, 16, 10, - SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_KS + SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; const struct ltc_cipher_descriptor aes_desc = @@ -55,7 +57,8 @@ const struct ltc_cipher_descriptor aes_desc = "aes", 6, 16, 32, 16, 10, - SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_KS + SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #else @@ -63,13 +66,15 @@ const struct ltc_cipher_descriptor aes_desc = #define SETUP rijndael_enc_setup #define ECB_ENC rijndael_enc_ecb_encrypt #define ECB_KS rijndael_enc_keysize +#define ECB_DONE rijndael_enc_done const struct ltc_cipher_descriptor rijndael_enc_desc = { "rijndael", 6, 16, 32, 16, 10, - SETUP, ECB_ENC, NULL, NULL, ECB_KS + SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; const struct ltc_cipher_descriptor aes_enc_desc = @@ -77,7 +82,8 @@ const struct ltc_cipher_descriptor aes_enc_desc = "aes", 6, 16, 32, 16, 10, - SETUP, ECB_ENC, NULL, NULL, ECB_KS + SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #endif @@ -707,6 +713,15 @@ int ECB_TEST(void) #endif /* ENCRYPT_ONLY */ + +/** Terminate the context + @param skey The scheduled key +*/ +void ECB_DONE(symmetric_key *skey) +{ +} + + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/aes/aes_tab.c b/src/ciphers/aes/aes_tab.c index 135b8f9..0ad1dfe 100644 --- a/src/ciphers/aes/aes_tab.c +++ b/src/ciphers/aes/aes_tab.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /* The precomputed tables for AES */ /* diff --git a/src/ciphers/anubis.c b/src/ciphers/anubis.c index d4543d9..7e2af60 100644 --- a/src/ciphers/anubis.c +++ b/src/ciphers/anubis.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -27,7 +27,9 @@ const struct ltc_cipher_descriptor anubis_desc = { &anubis_ecb_encrypt, &anubis_ecb_decrypt, &anubis_test, - &anubis_keysize + &anubis_done, + &anubis_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #define MIN_N 4 @@ -1168,7 +1170,7 @@ int anubis_test(void) int keylen; unsigned char pt[16], ct[16], key[40]; } tests[] = { -#ifndef ANUBIS_TWEAK +#ifndef ANUBIS_TWEAK /**** ORIGINAL ANUBIS ****/ /* 128 bit keys */ { @@ -1325,24 +1327,24 @@ int anubis_test(void) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 } -} -#else - /**** Tweaked ANUBIS ****/ +} +#else + /**** Tweaked ANUBIS ****/ /* 128 bit keys */ { - 16, + 16, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xB8, 0x35, 0xBD, 0xC3, 0x34, 0x82, 0x9D, 0x83, - 0x71, 0xBF, 0xA3, 0x71, 0xE4, 0xB3, 0xC4, 0xFD }, + { 0xB8, 0x35, 0xBD, 0xC3, 0x34, 0x82, 0x9D, 0x83, + 0x71, 0xBF, 0xA3, 0x71, 0xE4, 0xB3, 0xC4, 0xFD }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, { 16, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xE6, 0x14, 0x1E, 0xAF, 0xEB, 0xE0, 0x59, 0x3C, - 0x48, 0xE1, 0xCD, 0xF2, 0x1B, 0xBA, 0xA1, 0x89 }, + { 0xE6, 0x14, 0x1E, 0xAF, 0xEB, 0xE0, 0x59, 0x3C, + 0x48, 0xE1, 0xCD, 0xF2, 0x1B, 0xBA, 0xA1, 0x89 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 } }, @@ -1352,8 +1354,8 @@ int anubis_test(void) 20, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x97, 0x59, 0x79, 0x4B, 0x5C, 0xA0, 0x70, 0x73, - 0x24, 0xEF, 0xB3, 0x58, 0x67, 0xCA, 0xD4, 0xB3 }, + { 0x97, 0x59, 0x79, 0x4B, 0x5C, 0xA0, 0x70, 0x73, + 0x24, 0xEF, 0xB3, 0x58, 0x67, 0xCA, 0xD4, 0xB3 }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } @@ -1361,8 +1363,8 @@ int anubis_test(void) 20, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xB8, 0x0D, 0xFB, 0x9B, 0xE4, 0xA1, 0x58, 0x87, - 0xB3, 0x76, 0xD5, 0x02, 0x18, 0x95, 0xC1, 0x2E }, + { 0xB8, 0x0D, 0xFB, 0x9B, 0xE4, 0xA1, 0x58, 0x87, + 0xB3, 0x76, 0xD5, 0x02, 0x18, 0x95, 0xC1, 0x2E }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 } @@ -1373,8 +1375,8 @@ int anubis_test(void) 24, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x7D, 0x62, 0x3B, 0x52, 0xC7, 0x4C, 0x64, 0xD8, - 0xEB, 0xC7, 0x2D, 0x57, 0x97, 0x85, 0x43, 0x8F }, + { 0x7D, 0x62, 0x3B, 0x52, 0xC7, 0x4C, 0x64, 0xD8, + 0xEB, 0xC7, 0x2D, 0x57, 0x97, 0x85, 0x43, 0x8F }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } @@ -1382,8 +1384,8 @@ int anubis_test(void) 24, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xB1, 0x0A, 0x59, 0xDD, 0x5D, 0x5D, 0x8D, 0x67, - 0xEC, 0xEE, 0x4A, 0xC4, 0xBE, 0x4F, 0xA8, 0x4F }, + { 0xB1, 0x0A, 0x59, 0xDD, 0x5D, 0x5D, 0x8D, 0x67, + 0xEC, 0xEE, 0x4A, 0xC4, 0xBE, 0x4F, 0xA8, 0x4F }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 } @@ -1394,8 +1396,8 @@ int anubis_test(void) 28, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x68, 0x9E, 0x05, 0x94, 0x6A, 0x94, 0x43, 0x8F, - 0xE7, 0x8E, 0x37, 0x3D, 0x24, 0x97, 0x92, 0xF5 }, + { 0x68, 0x9E, 0x05, 0x94, 0x6A, 0x94, 0x43, 0x8F, + 0xE7, 0x8E, 0x37, 0x3D, 0x24, 0x97, 0x92, 0xF5 }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1404,8 +1406,8 @@ int anubis_test(void) 28, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xDD, 0xB7, 0xB0, 0xB4, 0xE9, 0xB4, 0x9B, 0x9C, - 0x38, 0x20, 0x25, 0x0B, 0x47, 0xC2, 0x1F, 0x89 }, + { 0xDD, 0xB7, 0xB0, 0xB4, 0xE9, 0xB4, 0x9B, 0x9C, + 0x38, 0x20, 0x25, 0x0B, 0x47, 0xC2, 0x1F, 0x89 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1417,8 +1419,8 @@ int anubis_test(void) 32, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x96, 0x00, 0xF0, 0x76, 0x91, 0x69, 0x29, 0x87, - 0xF5, 0xE5, 0x97, 0xDB, 0xDB, 0xAF, 0x1B, 0x0A }, + { 0x96, 0x00, 0xF0, 0x76, 0x91, 0x69, 0x29, 0x87, + 0xF5, 0xE5, 0x97, 0xDB, 0xDB, 0xAF, 0x1B, 0x0A }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1427,8 +1429,8 @@ int anubis_test(void) 32, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x69, 0x9C, 0xAF, 0xDD, 0x94, 0xC7, 0xBC, 0x60, - 0x44, 0xFE, 0x02, 0x05, 0x8A, 0x6E, 0xEF, 0xBD }, + { 0x69, 0x9C, 0xAF, 0xDD, 0x94, 0xC7, 0xBC, 0x60, + 0x44, 0xFE, 0x02, 0x05, 0x8A, 0x6E, 0xEF, 0xBD }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1440,8 +1442,8 @@ int anubis_test(void) 36, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x0F, 0xC7, 0xA2, 0xC0, 0x11, 0x17, 0xAC, 0x43, - 0x52, 0x5E, 0xDF, 0x6C, 0xF3, 0x96, 0x33, 0x6C }, + { 0x0F, 0xC7, 0xA2, 0xC0, 0x11, 0x17, 0xAC, 0x43, + 0x52, 0x5E, 0xDF, 0x6C, 0xF3, 0x96, 0x33, 0x6C }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1451,8 +1453,8 @@ int anubis_test(void) 36, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xAD, 0x08, 0x4F, 0xED, 0x55, 0xA6, 0x94, 0x3E, - 0x7E, 0x5E, 0xED, 0x05, 0xA1, 0x9D, 0x41, 0xB4 }, + { 0xAD, 0x08, 0x4F, 0xED, 0x55, 0xA6, 0x94, 0x3E, + 0x7E, 0x5E, 0xED, 0x05, 0xA1, 0x9D, 0x41, 0xB4 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1465,8 +1467,8 @@ int anubis_test(void) 40, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xFE, 0xE2, 0x0E, 0x2A, 0x9D, 0xC5, 0x83, 0xBA, - 0xA3, 0xA6, 0xD6, 0xA6, 0xF2, 0xE8, 0x06, 0xA5 }, + { 0xFE, 0xE2, 0x0E, 0x2A, 0x9D, 0xC5, 0x83, 0xBA, + 0xA3, 0xA6, 0xD6, 0xA6, 0xF2, 0xE8, 0x06, 0xA5 }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1476,15 +1478,15 @@ int anubis_test(void) 40, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x86, 0x3D, 0xCC, 0x4A, 0x60, 0x34, 0x9C, 0x28, - 0xA7, 0xDA, 0xA4, 0x3B, 0x0A, 0xD7, 0xFD, 0xC7 }, + { 0x86, 0x3D, 0xCC, 0x4A, 0x60, 0x34, 0x9C, 0x28, + 0xA7, 0xDA, 0xA4, 0x3B, 0x0A, 0xD7, 0xFD, 0xC7 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 } -} -#endif +} +#endif }; int x, y; unsigned char buf[2][16]; @@ -1509,6 +1511,13 @@ int anubis_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void anubis_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/blowfish.c b/src/ciphers/blowfish.c index d136794..2f0385d 100644 --- a/src/ciphers/blowfish.c +++ b/src/ciphers/blowfish.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @file blowfish.c @@ -25,7 +25,9 @@ const struct ltc_cipher_descriptor blowfish_desc = &blowfish_ecb_encrypt, &blowfish_ecb_decrypt, &blowfish_test, - &blowfish_keysize + &blowfish_done, + &blowfish_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 ORIG_P[16 + 2] = { @@ -553,6 +555,13 @@ int blowfish_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void blowfish_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/cast5.c b/src/ciphers/cast5.c index 2a2c714..2b8e4a5 100644 --- a/src/ciphers/cast5.c +++ b/src/ciphers/cast5.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -25,7 +25,9 @@ const struct ltc_cipher_descriptor cast5_desc = { &cast5_ecb_encrypt, &cast5_ecb_decrypt, &cast5_test, - &cast5_keysize + &cast5_done, + &cast5_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 S1[256] = { @@ -683,6 +685,13 @@ int cast5_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void cast5_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/des.c b/src/ciphers/des.c index a8c4500..d42c5fa 100644 --- a/src/ciphers/des.c +++ b/src/ciphers/des.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -29,7 +29,9 @@ const struct ltc_cipher_descriptor des_desc = &des_ecb_encrypt, &des_ecb_decrypt, &des_test, - &des_keysize + &des_done, + &des_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; const struct ltc_cipher_descriptor des3_desc = @@ -41,7 +43,9 @@ const struct ltc_cipher_descriptor des3_desc = &des3_ecb_encrypt, &des3_ecb_decrypt, &des3_test, - &des3_keysize + &des3_done, + &des3_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 bytebit[8] = @@ -1476,7 +1480,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys) work = ((leftt >> 8) ^ right) & 0x00ff00ffL; right ^= work; leftt ^= (work << 8); - // -- + /* -- */ work = ((leftt >> 2) ^ right) & 0x33333333L; right ^= work; leftt ^= (work << 2); @@ -1665,7 +1669,7 @@ int des_test(void) #else int err; static const struct des_test_case { - int num, mode; // mode 1 = encrypt + int num, mode; /* mode 1 = encrypt */ unsigned char key[8], txt[8], out[8]; } cases[] = { { 1, 1, { 0x10, 0x31, 0x6E, 0x02, 0x8C, 0x8F, 0x3B, 0x4A }, @@ -1837,6 +1841,21 @@ int des3_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void des_done(symmetric_key *skey) +{ +} + +/** Terminate the context + @param skey The scheduled key +*/ +void des3_done(symmetric_key *skey) +{ +} + + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/khazad.c b/src/ciphers/khazad.c index 207ea6f..4626923 100644 --- a/src/ciphers/khazad.c +++ b/src/ciphers/khazad.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -26,7 +26,9 @@ const struct ltc_cipher_descriptor khazad_desc = { &khazad_ecb_encrypt, &khazad_ecb_decrypt, &khazad_test, - &khazad_keysize + &khazad_done, + &khazad_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #define R 8 @@ -819,6 +821,13 @@ int khazad_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void khazad_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/noekeon.c b/src/ciphers/noekeon.c index 0e31fdb..194cdbe 100644 --- a/src/ciphers/noekeon.c +++ b/src/ciphers/noekeon.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @file noekeon.c @@ -25,7 +25,9 @@ const struct ltc_cipher_descriptor noekeon_desc = &noekeon_ecb_encrypt, &noekeon_ecb_decrypt, &noekeon_test, - &noekeon_keysize + &noekeon_done, + &noekeon_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 RC[] = { @@ -263,6 +265,13 @@ int noekeon_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void noekeon_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/rc2.c b/src/ciphers/rc2.c index 68e53ea..6382941 100644 --- a/src/ciphers/rc2.c +++ b/src/ciphers/rc2.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /**********************************************************************\ * To commemorate the 1996 RSA Data Security Conference, the following * @@ -34,7 +34,9 @@ const struct ltc_cipher_descriptor rc2_desc = { &rc2_ecb_encrypt, &rc2_ecb_decrypt, &rc2_test, - &rc2_keysize + &rc2_done, + &rc2_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; /* 256-entry permutation table, probably derived somehow from pi */ @@ -319,6 +321,13 @@ int rc2_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void rc2_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/rc5.c b/src/ciphers/rc5.c index 809be04..32f666f 100644 --- a/src/ciphers/rc5.c +++ b/src/ciphers/rc5.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -27,7 +27,9 @@ const struct ltc_cipher_descriptor rc5_desc = &rc5_ecb_encrypt, &rc5_ecb_decrypt, &rc5_test, - &rc5_keysize + &rc5_done, + &rc5_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 stab[50] = { @@ -279,6 +281,13 @@ int rc5_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void rc5_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/rc6.c b/src/ciphers/rc6.c index 8ec389a..996c015 100644 --- a/src/ciphers/rc6.c +++ b/src/ciphers/rc6.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -26,7 +26,9 @@ const struct ltc_cipher_descriptor rc6_desc = &rc6_ecb_encrypt, &rc6_ecb_decrypt, &rc6_test, - &rc6_keysize + &rc6_done, + &rc6_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 stab[44] = { @@ -309,6 +311,13 @@ int rc6_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void rc6_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/safer/safer.c b/src/ciphers/safer/safer.c index 491bf2b..e6e073a 100644 --- a/src/ciphers/safer/safer.c +++ b/src/ciphers/safer/safer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /******************************************************************************* @@ -40,7 +40,9 @@ const struct ltc_cipher_descriptor &safer_ecb_encrypt, &safer_ecb_decrypt, &safer_k64_test, - &safer_64_keysize + &safer_done, + &safer_64_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }, safer_sk64_desc = { @@ -50,7 +52,9 @@ const struct ltc_cipher_descriptor &safer_ecb_encrypt, &safer_ecb_decrypt, &safer_sk64_test, - &safer_64_keysize + &safer_done, + &safer_64_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }, safer_k128_desc = { @@ -60,7 +64,9 @@ const struct ltc_cipher_descriptor &safer_ecb_encrypt, &safer_ecb_decrypt, &safer_sk128_test, - &safer_128_keysize + &safer_done, + &safer_128_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }, safer_sk128_desc = { @@ -70,11 +76,13 @@ const struct ltc_cipher_descriptor &safer_ecb_encrypt, &safer_ecb_decrypt, &safer_sk128_test, - &safer_128_keysize + &safer_done, + &safer_128_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; /******************* Constants ************************************************/ -// #define TAB_LEN 256 +/* #define TAB_LEN 256 */ /******************* Assertions ***********************************************/ @@ -428,6 +436,13 @@ int safer_sk64_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void safer_done(symmetric_key *skey) +{ +} + int safer_sk128_test(void) { #ifndef LTC_TEST diff --git a/src/ciphers/safer/safer_tab.c b/src/ciphers/safer/safer_tab.c index 5d1c31e..f63ba6c 100644 --- a/src/ciphers/safer/safer_tab.c +++ b/src/ciphers/safer/safer_tab.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/ciphers/safer/saferp.c b/src/ciphers/safer/saferp.c index 1d982b3..17112f4 100644 --- a/src/ciphers/safer/saferp.c +++ b/src/ciphers/safer/saferp.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -26,7 +26,9 @@ const struct ltc_cipher_descriptor saferp_desc = &saferp_ecb_encrypt, &saferp_ecb_decrypt, &saferp_test, - &saferp_keysize + &saferp_done, + &saferp_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; /* ROUND(b,i) @@ -516,6 +518,13 @@ int saferp_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void saferp_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/skipjack.c b/src/ciphers/skipjack.c index acc1d72..e2431af 100644 --- a/src/ciphers/skipjack.c +++ b/src/ciphers/skipjack.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -26,7 +26,9 @@ const struct ltc_cipher_descriptor skipjack_desc = &skipjack_ecb_encrypt, &skipjack_ecb_decrypt, &skipjack_test, - &skipjack_keysize + &skipjack_done, + &skipjack_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const unsigned char sbox[256] = { @@ -303,6 +305,13 @@ int skipjack_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void skipjack_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/twofish/twofish.c b/src/ciphers/twofish/twofish.c index cae0969..7dbe9b7 100644 --- a/src/ciphers/twofish/twofish.c +++ b/src/ciphers/twofish/twofish.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -33,7 +33,9 @@ const struct ltc_cipher_descriptor twofish_desc = &twofish_ecb_encrypt, &twofish_ecb_decrypt, &twofish_test, - &twofish_keysize + &twofish_done, + &twofish_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; /* the two polynomials */ @@ -665,6 +667,13 @@ int twofish_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void twofish_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/ciphers/twofish/twofish_tab.c b/src/ciphers/twofish/twofish_tab.c index a7cfd80..0bffade 100644 --- a/src/ciphers/twofish/twofish_tab.c +++ b/src/ciphers/twofish/twofish_tab.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/ciphers/xtea.c b/src/ciphers/xtea.c index 42cc81d..98546df 100644 --- a/src/ciphers/xtea.c +++ b/src/ciphers/xtea.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -26,7 +26,9 @@ const struct ltc_cipher_descriptor xtea_desc = &xtea_ecb_encrypt, &xtea_ecb_decrypt, &xtea_test, - &xtea_keysize + &xtea_done, + &xtea_keysize, + NULL, NULL, NULL, NULL, NULL, NULL, NULL }; int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) @@ -172,6 +174,13 @@ int xtea_test(void) #endif } +/** Terminate the context + @param skey The scheduled key +*/ +void xtea_done(symmetric_key *skey) +{ +} + /** Gets suitable key size @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. diff --git a/src/encauth/ccm/ccm_memory.c b/src/encauth/ccm/ccm_memory.c new file mode 100644 index 0000000..34a254d --- /dev/null +++ b/src/encauth/ccm/ccm_memory.c @@ -0,0 +1,306 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file ccm_memory.c + CCM support, process a block of memory, Tom St Denis +*/ + +#ifdef CCM_MODE + +/** + CCM encrypt/decrypt and produce an authentication tag + @param cipher The index of the cipher desired + @param key The secret key to use + @param keylen The length of the secret key (octets) + @param nonce The session nonce [use once] + @param noncelen The length of the nonce + @param header The header for the session + @param headerlen The length of the header (octets) + @param pt [out] The plaintext + @param ptlen The length of the plaintext (octets) + @param ct [out] The ciphertext + @param tag [out] The destination tag + @param taglen [in/out] The max size and resulting size of the authentication tag + @param direction Encrypt or Decrypt direction (0 or 1) + @return CRYPT_OK if successful +*/ +int ccm_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *header, unsigned long headerlen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction) +{ + unsigned char PAD[16], ctr[16], CTRPAD[16], b; + symmetric_key *skey; + int err; + unsigned long len, L, x, y, z, CTRlen; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(nonce != NULL); + if (headerlen > 0) { + LTC_ARGCHK(header != NULL); + } + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + LTC_ARGCHK(tag != NULL); + LTC_ARGCHK(taglen != NULL); + +#ifdef LTC_FAST + if (16 % sizeof(LTC_FAST_TYPE)) { + return CRYPT_INVALID_ARG; + } +#endif + + /* check cipher input */ + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { + return err; + } + if (cipher_descriptor[cipher].block_length != 16) { + return CRYPT_INVALID_CIPHER; + } + + /* make sure the taglen is even and <= 16 */ + *taglen &= ~1; + if (*taglen > 16) { + *taglen = 16; + } + + /* can't use < 4 */ + if (*taglen < 4) { + return CRYPT_INVALID_ARG; + } + + /* is there an accelerator? */ + if (cipher_descriptor[cipher].accel_ccm_memory != NULL) { + cipher_descriptor[cipher].accel_ccm_memory( + key, keylen, + nonce, noncelen, + header, headerlen, + pt, ptlen, + ct, + tag, taglen, + direction); + return CRYPT_OK; + } + + /* let's get the L value */ + len = ptlen; + L = 0; + while (len) { + ++L; + len >>= 8; + } + if (L <= 1) { + L = 2; + } + + /* increase L to match the nonce len */ + noncelen = (noncelen > 13) ? 13 : noncelen; + if ((15 - noncelen) > L) { + L = 15 - noncelen; + } + + /* allocate mem for the symmetric key */ + skey = XMALLOC(sizeof(*skey)); + if (skey == NULL) { + return CRYPT_MEM; + } + + /* initialize the cipher */ + if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) { + XFREE(skey); + return err; + } + + /* form B_0 == flags | Nonce N | l(m) */ + x = 0; + PAD[x++] = ((headerlen > 0) ? (1<<6) : 0) | + (((*taglen - 2)>>1)<<3) | + (L-1); + + /* nonce */ + for (y = 0; y < (16 - (L + 1)); y++) { + PAD[x++] = nonce[y]; + } + + /* store len */ + len = ptlen; + + /* shift len so the upper bytes of len are the contents of the length */ + for (y = L; y < 4; y++) { + len <<= 8; + } + + /* store l(m) (only store 32-bits) */ + for (y = 0; L > 4 && (L-y)>4; y++) { + PAD[x++] = 0; + } + for (; y < L; y++) { + PAD[x++] = (len >> 24) & 255; + len <<= 8; + } + + /* encrypt PAD */ + cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + + /* handle header */ + if (headerlen > 0) { + x = 0; + + /* store length */ + if (headerlen < ((1UL<<16) - (1UL<<8))) { + PAD[x++] ^= (headerlen>>8) & 255; + PAD[x++] ^= headerlen & 255; + } else { + PAD[x++] ^= 0xFF; + PAD[x++] ^= 0xFE; + PAD[x++] ^= (headerlen>>24) & 255; + PAD[x++] ^= (headerlen>>16) & 255; + PAD[x++] ^= (headerlen>>8) & 255; + PAD[x++] ^= headerlen & 255; + } + + /* now add the data */ + for (y = 0; y < headerlen; y++) { + if (x == 16) { + /* full block so let's encrypt it */ + cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + x = 0; + } + PAD[x++] ^= header[y]; + } + + /* remainder? */ + if (x != 0) { + cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + } + } + + /* setup the ctr counter */ + x = 0; + + /* flags */ + ctr[x++] = L-1; + + /* nonce */ + for (y = 0; y < (16 - (L+1)); ++y) { + ctr[x++] = nonce[y]; + } + /* offset */ + while (x < 16) { + ctr[x++] = 0; + } + + x = 0; + CTRlen = 16; + + /* now handle the PT */ + if (ptlen > 0) { + y = 0; +#ifdef LTC_FAST + if (ptlen & ~15) { + if (direction == CCM_ENCRYPT) { + for (; y < (ptlen & ~15); y += 16) { + /* increment the ctr? */ + for (z = 15; z > 15-L; z--) { + ctr[z] = (ctr[z] + 1) & 255; + if (ctr[z]) break; + } + cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey); + + /* xor the PT against the pad first */ + for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)(&PAD[z])) ^= *((LTC_FAST_TYPE*)(&pt[y+z])); + *((LTC_FAST_TYPE*)(&ct[y+z])) = *((LTC_FAST_TYPE*)(&pt[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z])); + } + cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + } + } else { + for (; y < (ptlen & ~15); y += 16) { + /* increment the ctr? */ + for (z = 15; z > 15-L; z--) { + ctr[z] = (ctr[z] + 1) & 255; + if (ctr[z]) break; + } + cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey); + + /* xor the PT against the pad last */ + for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)(&pt[y+z])) = *((LTC_FAST_TYPE*)(&ct[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z])); + *((LTC_FAST_TYPE*)(&PAD[z])) ^= *((LTC_FAST_TYPE*)(&pt[y+z])); + } + cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + } + } + } +#endif + + for (; y < ptlen; y++) { + /* increment the ctr? */ + if (CTRlen == 16) { + for (z = 15; z > 15-L; z--) { + ctr[z] = (ctr[z] + 1) & 255; + if (ctr[z]) break; + } + cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey); + CTRlen = 0; + } + + /* if we encrypt we add the bytes to the MAC first */ + if (direction == CCM_ENCRYPT) { + b = pt[y]; + ct[y] = b ^ CTRPAD[CTRlen++]; + } else { + b = ct[y] ^ CTRPAD[CTRlen++]; + pt[y] = b; + } + + if (x == 16) { + cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + x = 0; + } + PAD[x++] ^= b; + } + + if (x != 0) { + cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey); + } + } + + /* setup CTR for the TAG */ + ctr[14] = ctr[15] = 0x00; + cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey); + cipher_descriptor[cipher].done(skey); + + /* store the TAG */ + for (x = 0; x < 16 && x < *taglen; x++) { + tag[x] = PAD[x] ^ CTRPAD[x]; + } + *taglen = x; + +#ifdef LTC_CLEAN_STACK + zeromem(skey, sizeof(*skey)); + zeromem(B, sizeof(B)); + zeromem(PAD, sizeof(PAD)); + zeromem(CTRPAD, sizeof(CTRPAD)); +#endif + + XFREE(skey); + + return CRYPT_OK; +} + +#endif diff --git a/src/encauth/ccm/ccm_test.c b/src/encauth/ccm/ccm_test.c new file mode 100644 index 0000000..ee78523 --- /dev/null +++ b/src/encauth/ccm/ccm_test.c @@ -0,0 +1,170 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file ccm_test.c + CCM support, process a block of memory, Tom St Denis +*/ + +#ifdef CCM_MODE + +int ccm_test(void) +{ +#ifndef LTC_TEST + return CRYPT_NOP; +#else + static const struct { + unsigned char key[16]; + unsigned char nonce[16]; + int noncelen; + unsigned char header[64]; + int headerlen; + unsigned char pt[64]; + int ptlen; + unsigned char ct[64]; + unsigned char tag[16]; + int taglen; + } tests[] = { + +/* 13 byte nonce, 8 byte auth, 23 byte pt */ +{ + { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, + 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF }, + { 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xA0, + 0xA1, 0xA2, 0xA3, 0xA4, 0xA5 }, + 13, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }, + 8, + { 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E }, + 23, + { 0x58, 0x8C, 0x97, 0x9A, 0x61, 0xC6, 0x63, 0xD2, + 0xF0, 0x66, 0xD0, 0xC2, 0xC0, 0xF9, 0x89, 0x80, + 0x6D, 0x5F, 0x6B, 0x61, 0xDA, 0xC3, 0x84 }, + { 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 }, + 8 +}, + +/* 13 byte nonce, 12 byte header, 19 byte pt */ +{ + { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, + 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF }, + { 0x00, 0x00, 0x00, 0x06, 0x05, 0x04, 0x03, 0xA0, + 0xA1, 0xA2, 0xA3, 0xA4, 0xA5 }, + 13, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B }, + 12, + { 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, + 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, + 0x1C, 0x1D, 0x1E }, + 19, + { 0xA2, 0x8C, 0x68, 0x65, 0x93, 0x9A, 0x9A, 0x79, + 0xFA, 0xAA, 0x5C, 0x4C, 0x2A, 0x9D, 0x4A, 0x91, + 0xCD, 0xAC, 0x8C }, + { 0x96, 0xC8, 0x61, 0xB9, 0xC9, 0xE6, 0x1E, 0xF1 }, + 8 +}, + +/* supplied by Brian Gladman */ +{ + { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f }, + { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16 }, + 7, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }, + 8, + { 0x20, 0x21, 0x22, 0x23 }, + 4, + { 0x71, 0x62, 0x01, 0x5b }, + { 0x4d, 0xac, 0x25, 0x5d }, + 4 +}, + +{ + { 0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85, + 0x51, 0x4a, 0x8a, 0x19, 0xf2, 0xbd, 0xd5, 0x2f }, + { 0x00, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0xb5, + 0x03, 0x97, 0x76, 0xe7, 0x0c }, + 13, + { 0x08, 0x40, 0x0f, 0xd2, 0xe1, 0x28, 0xa5, 0x7c, + 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0xab, 0xae, + 0xa5, 0xb8, 0xfc, 0xba, 0x00, 0x00 }, + 22, + { 0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae, + 0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb, + 0x7e, 0x78, 0xa0, 0x50 }, + 20, + { 0xf3, 0xd0, 0xa2, 0xfe, 0x9a, 0x3d, 0xbf, 0x23, + 0x42, 0xa6, 0x43, 0xe4, 0x32, 0x46, 0xe8, 0x0c, + 0x3c, 0x04, 0xd0, 0x19 }, + { 0x78, 0x45, 0xce, 0x0b, 0x16, 0xf9, 0x76, 0x23 }, + 8 +}, + +}; + unsigned long taglen, x; + unsigned char buf[64], buf2[64], tag2[16], tag[16]; + int err, idx; + + idx = find_cipher("aes"); + if (idx == -1) { + idx = find_cipher("rijndael"); + if (idx == -1) { + return CRYPT_NOP; + } + } + + for (x = 0; x < (sizeof(tests)/sizeof(tests[0])); x++) { + taglen = tests[x].taglen; + if ((err = ccm_memory(idx, + tests[x].key, 16, + tests[x].nonce, tests[x].noncelen, + tests[x].header, tests[x].headerlen, + (unsigned char*)tests[x].pt, tests[x].ptlen, + buf, + tag, &taglen, 0)) != CRYPT_OK) { + return err; + } + + if (memcmp(buf, tests[x].ct, tests[x].ptlen)) { + return CRYPT_FAIL_TESTVECTOR; + } + if (memcmp(tag, tests[x].tag, tests[x].taglen)) { + return CRYPT_FAIL_TESTVECTOR; + } + + if ((err = ccm_memory(idx, + tests[x].key, 16, + tests[x].nonce, tests[x].noncelen, + tests[x].header, tests[x].headerlen, + buf2, tests[x].ptlen, + buf, + tag2, &taglen, 1 )) != CRYPT_OK) { + return err; + } + + if (memcmp(buf2, tests[x].pt, tests[x].ptlen)) { + return CRYPT_FAIL_TESTVECTOR; + } + if (memcmp(tag2, tests[x].tag, tests[x].taglen)) { + return CRYPT_FAIL_TESTVECTOR; + } + + + } + return CRYPT_OK; +#endif +} + +#endif diff --git a/src/encauth/eax/eax_addheader.c b/src/encauth/eax/eax_addheader.c index 1ec2300..3004025 100644 --- a/src/encauth/eax/eax_addheader.c +++ b/src/encauth/eax/eax_addheader.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @file eax_addheader.c diff --git a/src/encauth/eax/eax_decrypt.c b/src/encauth/eax/eax_decrypt.c index 4217254..8711d2d 100644 --- a/src/encauth/eax/eax_decrypt.c +++ b/src/encauth/eax/eax_decrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/eax/eax_decrypt_verify_memory.c b/src/encauth/eax/eax_decrypt_verify_memory.c index 1929e80..3fcab46 100644 --- a/src/encauth/eax/eax_decrypt_verify_memory.c +++ b/src/encauth/eax/eax_decrypt_verify_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/eax/eax_done.c b/src/encauth/eax/eax_done.c index 73342b8..1d43651 100644 --- a/src/encauth/eax/eax_done.c +++ b/src/encauth/eax/eax_done.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -62,6 +62,11 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen) goto LBL_ERR; } + /* terminate the CTR chain */ + if ((err = ctr_done(&eax->ctr)) != CRYPT_OK) { + goto LBL_ERR; + } + /* compute N xor H xor C */ for (x = 0; x < len && x < *taglen; x++) { tag[x] = eax->N[x] ^ headermac[x] ^ ctmac[x]; diff --git a/src/encauth/eax/eax_encrypt.c b/src/encauth/eax/eax_encrypt.c index 55b4f76..da23a8c 100644 --- a/src/encauth/eax/eax_encrypt.c +++ b/src/encauth/eax/eax_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/eax/eax_encrypt_authenticate_memory.c b/src/encauth/eax/eax_encrypt_authenticate_memory.c index 2a09f53..8a601cf 100644 --- a/src/encauth/eax/eax_encrypt_authenticate_memory.c +++ b/src/encauth/eax/eax_encrypt_authenticate_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/eax/eax_init.c b/src/encauth/eax/eax_init.c index 58d8f8d..5a20db0 100644 --- a/src/encauth/eax/eax_init.c +++ b/src/encauth/eax/eax_init.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/eax/eax_test.c b/src/encauth/eax/eax_test.c index 7a1ec24..777dea1 100644 --- a/src/encauth/eax/eax_test.c +++ b/src/encauth/eax/eax_test.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/gcm/gcm_add_aad.c b/src/encauth/gcm/gcm_add_aad.c new file mode 100644 index 0000000..7354e3a --- /dev/null +++ b/src/encauth/gcm/gcm_add_aad.c @@ -0,0 +1,120 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file gcm_add_aad.c + GCM implementation, Add AAD data to the stream, by Tom St Denis +*/ +#include "tomcrypt.h" + +#ifdef GCM_MODE + +/** + Add AAD to the GCM state + @param gcm The GCM state + @param adata The additional authentication data to add to the GCM state + @param adatalen The length of the AAD data. + @return CRYPT_OK on success + */ +int gcm_add_aad(gcm_state *gcm, + const unsigned char *adata, unsigned long adatalen) +{ + unsigned long x, y; + int err; + + LTC_ARGCHK(gcm != NULL); + if (adatalen > 0) { + LTC_ARGCHK(adata != NULL); + } + + if (gcm->buflen > 16 || gcm->buflen < 0) { + return CRYPT_INVALID_ARG; + } + + if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { + return err; + } + + /* in IV mode? */ + if (gcm->mode == GCM_MODE_IV) { + /* let's process the IV */ + if (gcm->ivmode || gcm->buflen != 12) { + for (x = 0; x < (unsigned long)gcm->buflen; x++) { + gcm->X[x] ^= gcm->buf[x]; + } + if (gcm->buflen) { + gcm->totlen += gcm->buflen * CONST64(8); + gcm_mult_h(gcm, gcm->X); + } + + /* mix in the length */ + zeromem(gcm->buf, 8); + STORE64H(gcm->totlen, gcm->buf+8); + for (x = 0; x < 16; x++) { + gcm->X[x] ^= gcm->buf[x]; + } + gcm_mult_h(gcm, gcm->X); + + /* copy counter out */ + XMEMCPY(gcm->Y, gcm->X, 16); + zeromem(gcm->X, 16); + } else { + XMEMCPY(gcm->Y, gcm->buf, 12); + gcm->Y[12] = 0; + gcm->Y[13] = 0; + gcm->Y[14] = 0; + gcm->Y[15] = 1; + } + XMEMCPY(gcm->Y_0, gcm->Y, 16); + zeromem(gcm->buf, 16); + gcm->buflen = 0; + gcm->totlen = 0; + gcm->mode = GCM_MODE_AAD; + } + + if (gcm->mode != GCM_MODE_AAD || gcm->buflen >= 16) { + return CRYPT_INVALID_ARG; + } + + x = 0; +#ifdef LTC_FAST + if (gcm->buflen == 0) { + for (x = 0; x < (adatalen & ~15); x += 16) { + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&adata[x + y])); + } + gcm_mult_h(gcm, gcm->X); + gcm->totlen += 128; + } + adata += x; + } +#endif + + + /* start adding AAD data to the state */ + for (; x < adatalen; x++) { + gcm->buf[gcm->buflen++] = *adata++; + + if (gcm->buflen == 16) { + /* GF mult it */ + for (y = 0; y < 16; y++) { + gcm->X[y] ^= gcm->buf[y]; + } + gcm_mult_h(gcm, gcm->X); + gcm->buflen = 0; + gcm->totlen += 128; + } + } + + return CRYPT_OK; +} +#endif + diff --git a/src/encauth/gcm/gcm_add_iv.c b/src/encauth/gcm/gcm_add_iv.c new file mode 100644 index 0000000..7faf4c0 --- /dev/null +++ b/src/encauth/gcm/gcm_add_iv.c @@ -0,0 +1,90 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file gcm_add_iv.c + GCM implementation, add IV data to the state, by Tom St Denis +*/ +#include "tomcrypt.h" + +#ifdef GCM_MODE + +/** + Add IV data to the GCM state + @param gcm The GCM state + @param IV The initial value data to add + @param IVlen The length of the IV + @return CRYPT_OK on success + */ +int gcm_add_iv(gcm_state *gcm, + const unsigned char *IV, unsigned long IVlen) +{ + unsigned long x, y; + int err; + + LTC_ARGCHK(gcm != NULL); + if (IVlen > 0) { + LTC_ARGCHK(IV != NULL); + } + + /* must be in IV mode */ + if (gcm->mode != GCM_MODE_IV) { + return CRYPT_INVALID_ARG; + } + + if (gcm->buflen >= 16 || gcm->buflen < 0) { + return CRYPT_INVALID_ARG; + } + + if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { + return err; + } + + + /* trip the ivmode flag */ + if (IVlen + gcm->buflen > 12) { + gcm->ivmode |= 1; + } + + x = 0; +#ifdef LTC_FAST + if (gcm->buflen == 0) { + for (x = 0; x < (IVlen & ~15); x += 16) { + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&IV[x + y])); + } + gcm_mult_h(gcm, gcm->X); + gcm->totlen += 128; + } + IV += x; + } +#endif + + /* start adding IV data to the state */ + for (; x < IVlen; x++) { + gcm->buf[gcm->buflen++] = *IV++; + + if (gcm->buflen == 16) { + /* GF mult it */ + for (y = 0; y < 16; y++) { + gcm->X[y] ^= gcm->buf[y]; + } + gcm_mult_h(gcm, gcm->X); + gcm->buflen = 0; + gcm->totlen += 128; + } + } + + return CRYPT_OK; +} + +#endif + diff --git a/src/encauth/gcm/gcm_done.c b/src/encauth/gcm/gcm_done.c new file mode 100644 index 0000000..49ca638 --- /dev/null +++ b/src/encauth/gcm/gcm_done.c @@ -0,0 +1,80 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file gcm_done.c + GCM implementation, Terminate the stream, by Tom St Denis +*/ +#include "tomcrypt.h" + +#ifdef GCM_MODE + +/** + Terminate a GCM stream + @param gcm The GCM state + @param tag [out] The destination for the MAC tag + @param taglen [in/out] The length of the MAC tag + @return CRYPT_OK on success + */ +int gcm_done(gcm_state *gcm, + unsigned char *tag, unsigned long *taglen) +{ + unsigned long x; + int err; + + LTC_ARGCHK(gcm != NULL); + LTC_ARGCHK(tag != NULL); + LTC_ARGCHK(taglen != NULL); + + if (gcm->buflen > 16 || gcm->buflen < 0) { + return CRYPT_INVALID_ARG; + } + + if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { + return err; + } + + + if (gcm->mode != GCM_MODE_TEXT) { + return CRYPT_INVALID_ARG; + } + + /* handle remaining ciphertext */ + if (gcm->buflen) { + for (x = 0; x < (unsigned long)gcm->buflen; x++) { + gcm->X[x] ^= gcm->buf[x]; + } + gcm->pttotlen += gcm->buflen * CONST64(8); + gcm_mult_h(gcm, gcm->X); + } + + /* length */ + STORE64H(gcm->totlen, gcm->buf); + STORE64H(gcm->pttotlen, gcm->buf+8); + for (x = 0; x < 16; x++) { + gcm->X[x] ^= gcm->buf[x]; + } + gcm_mult_h(gcm, gcm->X); + + /* encrypt original counter */ + cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y_0, gcm->buf, &gcm->K); + for (x = 0; x < 16 && x < *taglen; x++) { + tag[x] = gcm->buf[x] ^ gcm->X[x]; + } + *taglen = x; + + cipher_descriptor[gcm->cipher].done(&gcm->K); + + return CRYPT_OK; +} + +#endif + diff --git a/src/encauth/gcm/gcm_gf_mult.c b/src/encauth/gcm/gcm_gf_mult.c new file mode 100644 index 0000000..a870c91 --- /dev/null +++ b/src/encauth/gcm/gcm_gf_mult.c @@ -0,0 +1,89 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file gcm_gf_mult.c + GCM implementation, initialize state, by Tom St Denis +*/ +#include "tomcrypt.h" + +#ifdef GCM_MODE + +/* right shift */ +static void gcm_rightshift(unsigned char *a) +{ + int x; + for (x = 15; x > 0; x--) { + a[x] = (a[x]>>1) | ((a[x-1]<<7)&0x80); + } + a[0] >>= 1; +} + +/* c = b*a */ +static const unsigned char mask[] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; +static const unsigned char poly[] = { 0x00, 0xE1 }; + +/** + GCM GF multiplier (internal use only) + @param a First value + @param b Second value + @param c Destination for a * b + */ +void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c) +{ + unsigned char Z[16], V[16]; + unsigned x, y, z; + + zeromem(Z, 16); + XMEMCPY(V, a, 16); + for (x = 0; x < 128; x++) { + if (b[x>>3] & mask[x&7]) { + for (y = 0; y < 16; y++) { + Z[y] ^= V[y]; + } + } + z = V[15] & 0x01; + gcm_rightshift(V); + V[0] ^= poly[z]; + } + XMEMCPY(c, Z, 16); +} + +/** + GCM multiply by H + @param gcm The GCM state which holds the H value + @param I The value to multiply H by + */ +void gcm_mult_h(gcm_state *gcm, unsigned char *I) +{ + unsigned char T[16]; +#ifdef GCM_TABLES + int x, y; + XMEMCPY(T, &gcm->PC[0][I[0]][0], 16); + for (x = 1; x < 16; x++) { +#ifdef LTC_FAST + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y])); + } +#else + for (y = 0; y < 16; y++) { + T[y] ^= gcm->PC[x][I[x]][y]; + } +#endif + } +#else + gcm_gf_mult(gcm->H, I, T); +#endif + XMEMCPY(I, T, 16); +} + + +#endif diff --git a/src/encauth/gcm/gcm_init.c b/src/encauth/gcm/gcm_init.c new file mode 100644 index 0000000..35a5ab8 --- /dev/null +++ b/src/encauth/gcm/gcm_init.c @@ -0,0 +1,88 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file gcm_init.c + GCM implementation, initialize state, by Tom St Denis +*/ +#include "tomcrypt.h" + +#ifdef GCM_MODE + +/** + Initialize a GCM state + @param gcm The GCM state to initialize + @param cipher The index of the cipher to use + @param key The secret key + @param keylen The length of the secret key + @return CRYPT_OK on success + */ +int gcm_init(gcm_state *gcm, int cipher, + const unsigned char *key, int keylen) +{ + int err; + unsigned char B[16]; +#ifdef GCM_TABLES + int x, y; +#endif + + LTC_ARGCHK(gcm != NULL); + LTC_ARGCHK(key != NULL); + +#ifdef LTC_FAST + if (16 % sizeof(LTC_FAST_TYPE)) { + return CRYPT_INVALID_ARG; + } +#endif + + /* is cipher valid? */ + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { + return err; + } + if (cipher_descriptor[cipher].block_length != 16) { + return CRYPT_INVALID_CIPHER; + } + + /* schedule key */ + if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &gcm->K)) != CRYPT_OK) { + return err; + } + + /* H = E(0) */ + zeromem(B, 16); + cipher_descriptor[cipher].ecb_encrypt(B, gcm->H, &gcm->K); + + /* setup state */ + zeromem(gcm->buf, sizeof(gcm->buf)); + zeromem(gcm->X, sizeof(gcm->X)); + gcm->cipher = cipher; + gcm->mode = GCM_MODE_IV; + gcm->ivmode = 0; + gcm->buflen = 0; + gcm->totlen = 0; + gcm->pttotlen = 0; + +#ifdef GCM_TABLES + /* setup tables */ + zeromem(B, 16); + for (x = 0; x < 16; x++) { + for (y = 0; y < 256; y++) { + B[x] = y; + gcm_gf_mult(gcm->H, B, &gcm->PC[x][y][0]); + } + B[x] = 0; + } +#endif + + return CRYPT_OK; +} + +#endif diff --git a/src/encauth/gcm/gcm_memory.c b/src/encauth/gcm/gcm_memory.c new file mode 100644 index 0000000..e062413 --- /dev/null +++ b/src/encauth/gcm/gcm_memory.c @@ -0,0 +1,89 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file gcm_memory.c + GCM implementation, process a packet, by Tom St Denis +*/ +#include "tomcrypt.h" + +#ifdef GCM_MODE + +/** + Process an entire GCM packet in one call. + @param cipher Index of cipher to use + @param key The secret key + @param keylen The length of the secret key + @param IV The initial vector + @param IVlen The length of the initial vector + @param adata The additional authentication data (header) + @param adatalen The length of the adata + @param pt The plaintext + @param ptlen The length of the plaintext (ciphertext length is the same) + @param ct The ciphertext + @param tag [out] The MAC tag + @param taglen [in/out] The MAC tag length + @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT) + @return CRYPT_OK on success + */ +int gcm_memory( int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *IV, unsigned long IVlen, + const unsigned char *adata, unsigned long adatalen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction) +{ + gcm_state *gcm; + int err; + + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { + return err; + } + + if (cipher_descriptor[cipher].accel_gcm_memory != NULL) { + cipher_descriptor[cipher].accel_gcm_memory + (key, keylen, + IV, IVlen, + adata, adatalen, + pt, ptlen, + ct, + tag, taglen, + direction); + return CRYPT_OK; + } + + + gcm = XMALLOC(sizeof(*gcm)); + if (gcm == NULL) { + return CRYPT_MEM; + } + + if ((err = gcm_init(gcm, cipher, key, keylen)) != CRYPT_OK) { + goto LTC_ERR; + } + if ((err = gcm_add_iv(gcm, IV, IVlen)) != CRYPT_OK) { + goto LTC_ERR; + } + if ((err = gcm_add_aad(gcm, adata, adatalen)) != CRYPT_OK) { + goto LTC_ERR; + } + if ((err = gcm_process(gcm, pt, ptlen, ct, direction)) != CRYPT_OK) { + goto LTC_ERR; + } + err = gcm_done(gcm, tag, taglen); +LTC_ERR: + XFREE(gcm); + return err; +} +#endif + diff --git a/src/encauth/gcm/gcm_process.c b/src/encauth/gcm/gcm_process.c new file mode 100644 index 0000000..15a9c07 --- /dev/null +++ b/src/encauth/gcm/gcm_process.c @@ -0,0 +1,147 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file gcm_process.c + GCM implementation, process message data, by Tom St Denis +*/ +#include "tomcrypt.h" + +#ifdef GCM_MODE + +/** + Process plaintext/ciphertext through GCM + @param gcm The GCM state + @param pt The plaintext + @param ptlen The plaintext length (ciphertext length is the same) + @param ct The ciphertext + @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT) + @return CRYPT_OK on success + */ +int gcm_process(gcm_state *gcm, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + int direction) +{ + unsigned long x, y; + unsigned char b; + int err; + + LTC_ARGCHK(gcm != NULL); + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + + if (gcm->buflen > 16 || gcm->buflen < 0) { + return CRYPT_INVALID_ARG; + } + + if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { + return err; + } + + /* in AAD mode? */ + if (gcm->mode == GCM_MODE_AAD) { + /* let's process the AAD */ + if (gcm->buflen) { + for (x = 0; x < (unsigned long)gcm->buflen; x++) { + gcm->X[x] ^= gcm->buf[x]; + } + gcm->totlen += gcm->buflen * CONST64(8); + gcm_mult_h(gcm, gcm->X); + } + + /* increment counter */ + for (y = 15; y >= 12; y--) { + if (++gcm->Y[y]) { break; } + } + /* encrypt the counter */ + cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K); + + gcm->buflen = 0; + gcm->mode = GCM_MODE_TEXT; + } + + if (gcm->mode != GCM_MODE_TEXT) { + return CRYPT_INVALID_ARG; + } + + x = 0; +#ifdef LTC_FAST + if (gcm->buflen == 0) { + if (direction == GCM_ENCRYPT) { + for (x = 0; x < (ptlen & ~15); x += 16) { + /* ctr encrypt */ + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)(&ct[x + y])) = *((LTC_FAST_TYPE*)(&pt[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y])); + *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y])); + } + /* GMAC it */ + gcm->pttotlen += 128; + gcm_mult_h(gcm, gcm->X); + /* increment counter */ + for (y = 15; y >= 12; y--) { + if (++gcm->Y[y]) { break; } + } + cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K); + } + } else { + for (x = 0; x < (ptlen & ~15); x += 16) { + /* ctr encrypt */ + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y])); + *((LTC_FAST_TYPE*)(&pt[x + y])) = *((LTC_FAST_TYPE*)(&ct[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y])); + } + /* GMAC it */ + gcm->pttotlen += 128; + gcm_mult_h(gcm, gcm->X); + /* increment counter */ + for (y = 15; y >= 12; y--) { + if (++gcm->Y[y]) { break; } + } + cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K); + } + } + } +#endif + + /* process text */ + for (; x < ptlen; x++) { + if (gcm->buflen == 16) { + for (y = 0; y < 16; y++) { + gcm->X[y] ^= gcm->buf[y]; + } + gcm->pttotlen += 128; + gcm_mult_h(gcm, gcm->X); + + /* increment counter */ + for (y = 15; y >= 12; y--) { + if (++gcm->Y[y]) { break; } + } + cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K); + gcm->buflen = 0; + } + + if (direction == GCM_ENCRYPT) { + b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen]; + } else { + b = ct[x]; + pt[x] = ct[x] ^ gcm->buf[gcm->buflen]; + } + gcm->buf[gcm->buflen++] = b; + } + + return CRYPT_OK; +} + + + +#endif + diff --git a/src/encauth/gcm/gcm_reset.c b/src/encauth/gcm/gcm_reset.c new file mode 100644 index 0000000..e73bf66 --- /dev/null +++ b/src/encauth/gcm/gcm_reset.c @@ -0,0 +1,40 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file gcm_reset.c + GCM implementation, reset a used state so it can accept IV data, by Tom St Denis +*/ +#include "tomcrypt.h" + +#ifdef GCM_MODE + +/** + Reset a GCM state to as if you just called gcm_init(). This saves the initialization time. + @param gcm The GCM state to reset + @return CRYPT_OK on success +*/ +int gcm_reset(gcm_state *gcm) +{ + LTC_ARGCHK(gcm != NULL); + + zeromem(gcm->buf, sizeof(gcm->buf)); + zeromem(gcm->X, sizeof(gcm->X)); + gcm->mode = GCM_MODE_IV; + gcm->ivmode = 0; + gcm->buflen = 0; + gcm->totlen = 0; + gcm->pttotlen = 0; + + return CRYPT_OK; +} + +#endif diff --git a/src/encauth/gcm/gcm_test.c b/src/encauth/gcm/gcm_test.c new file mode 100644 index 0000000..7c20967 --- /dev/null +++ b/src/encauth/gcm/gcm_test.c @@ -0,0 +1,361 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file gcm_test.c + GCM implementation, testing, by Tom St Denis +*/ +#include "tomcrypt.h" + +#ifdef GCM_MODE + +/** + Test the GCM code + @return CRYPT_OK on success + */ +int gcm_test(void) +{ + static const struct { + unsigned char K[32]; + int keylen; + unsigned char P[64]; + unsigned long ptlen; + unsigned char A[64]; + unsigned long alen; + unsigned char IV[64]; + unsigned long IVlen; + unsigned char C[64]; + unsigned char T[16]; + } tests[] = { + +/* test case #1 */ +{ + /* key */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + 16, + + /* plaintext */ + { 0 }, + 0, + + /* AAD data */ + { 0 }, + 0, + + /* IV */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 }, + 12, + + /* ciphertext */ + { 0 }, + + /* tag */ + { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61, + 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a } +}, + +/* test case #2 */ +{ + /* key */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + 16, + + /* PT */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + 16, + + /* ADATA */ + { 0 }, + 0, + + /* IV */ + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00 }, + 12, + + /* CT */ + { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92, + 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 }, + + /* TAG */ + { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd, + 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf } +}, + +/* test case #3 */ +{ + /* key */ + { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, }, + 16, + + /* PT */ + { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, }, + 64, + + /* ADATA */ + { 0 }, + 0, + + /* IV */ + { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88, }, + 12, + + /* CT */ + { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, + 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, + 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, + 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, + 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, + 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, + 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, + 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85, }, + + /* TAG */ + { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, + 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4, } +}, + +/* test case #4 */ +{ + /* key */ + { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, }, + 16, + + /* PT */ + { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39, }, + 60, + + /* ADATA */ + { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2, }, + 20, + + /* IV */ + { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88, }, + 12, + + /* CT */ + { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, + 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, + 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, + 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, + 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, + 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, + 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, + 0x3d, 0x58, 0xe0, 0x91, }, + + /* TAG */ + { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, + 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, } + +}, + +/* test case #5 */ +{ + /* key */ + { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, }, + 16, + + /* PT */ + { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39, }, + 60, + + /* ADATA */ + { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2, }, + 20, + + /* IV */ + { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, }, + 8, + + /* CT */ + { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, + 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, + 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, + 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, + 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, + 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, + 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, + 0xc2, 0x3f, 0x45, 0x98, }, + + /* TAG */ + { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, + 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb, } +}, + +/* test case #6 */ +{ + /* key */ + { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, }, + 16, + + /* PT */ + { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39, }, + 60, + + /* ADATA */ + { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2, }, + 20, + + /* IV */ + { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, + 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, + 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, + 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, + 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, + 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, + 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, + 0xa6, 0x37, 0xb3, 0x9b, }, + 60, + + /* CT */ + { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, + 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, + 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, + 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, + 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, + 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, + 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, + 0x4c, 0x34, 0xae, 0xe5, }, + + /* TAG */ + { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, + 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50, } +} + +/* rest of test cases are the same except AES key size changes... ignored... */ +}; + int idx, err; + unsigned long x, y; + gcm_state gcm; + unsigned char out[2][64], T[2][16]; + + /* find aes */ + idx = find_cipher("aes"); + if (idx == -1) { + idx = find_cipher("rijndael"); + if (idx == -1) { + return CRYPT_NOP; + } + } + + for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { + y = sizeof(T[0]); + if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen, + tests[x].IV, tests[x].IVlen, + tests[x].A, tests[x].alen, + (unsigned char*)tests[x].P, tests[x].ptlen, + out[0], T[0], &y, GCM_ENCRYPT)) != CRYPT_OK) { + return err; + } + + if (memcmp(out[0], tests[x].C, tests[x].ptlen)) { +#if 0 + printf("\nCiphertext wrong %lu\n", x); + for (y = 0; y < tests[x].ptlen; y++) { + printf("%02x", out[0][y] & 255); + } + printf("\n"); +#endif + return CRYPT_FAIL_TESTVECTOR; + } + + if (memcmp(T[0], tests[x].T, 16)) { +#if 0 + printf("\nTag on plaintext wrong %lu\n", x); + for (y = 0; y < 16; y++) { + printf("%02x", T[0][y] & 255); + } + printf("\n"); +#endif + return CRYPT_FAIL_TESTVECTOR; + } + + y = sizeof(T[1]); + if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen, + tests[x].IV, tests[x].IVlen, + tests[x].A, tests[x].alen, + out[1], tests[x].ptlen, + out[0], T[1], &y, GCM_DECRYPT)) != CRYPT_OK) { + return err; + } + + if (memcmp(out[1], tests[x].P, tests[x].ptlen)) { +#if 0 + printf("\nplaintext wrong %lu\n", x); + for (y = 0; y < tests[x].ptlen; y++) { + printf("%02x", out[0][y] & 255); + } + printf("\n"); +#endif + return CRYPT_FAIL_TESTVECTOR; + } + + if (memcmp(T[1], tests[x].T, 16)) { +#if 0 + printf("\nTag on ciphertext wrong %lu\n", x); + for (y = 0; y < 16; y++) { + printf("%02x", T[1][y] & 255); + } + printf("\n"); +#endif + return CRYPT_FAIL_TESTVECTOR; + } + + } + return CRYPT_OK; +} + +#endif + diff --git a/src/encauth/ocb/ocb_decrypt.c b/src/encauth/ocb/ocb_decrypt.c index 8fa2c35..d3bf480 100644 --- a/src/encauth/ocb/ocb_decrypt.c +++ b/src/encauth/ocb/ocb_decrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/ocb/ocb_decrypt_verify_memory.c b/src/encauth/ocb/ocb_decrypt_verify_memory.c index 2377bab..378a8af 100644 --- a/src/encauth/ocb/ocb_decrypt_verify_memory.c +++ b/src/encauth/ocb/ocb_decrypt_verify_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/ocb/ocb_done_decrypt.c b/src/encauth/ocb/ocb_done_decrypt.c index 51e88a2..9f8b1b9 100644 --- a/src/encauth/ocb/ocb_done_decrypt.c +++ b/src/encauth/ocb/ocb_done_decrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/ocb/ocb_done_encrypt.c b/src/encauth/ocb/ocb_done_encrypt.c index 3697f80..1a07569 100644 --- a/src/encauth/ocb/ocb_done_encrypt.c +++ b/src/encauth/ocb/ocb_done_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/ocb/ocb_encrypt.c b/src/encauth/ocb/ocb_encrypt.c index 81fc776..ba39c60 100644 --- a/src/encauth/ocb/ocb_encrypt.c +++ b/src/encauth/ocb/ocb_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c b/src/encauth/ocb/ocb_encrypt_authenticate_memory.c index 52741d4..bcc9cfb 100644 --- a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c +++ b/src/encauth/ocb/ocb_encrypt_authenticate_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/ocb/ocb_init.c b/src/encauth/ocb/ocb_init.c index 2f7773c..57e04af 100644 --- a/src/encauth/ocb/ocb_init.c +++ b/src/encauth/ocb/ocb_init.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/ocb/ocb_ntz.c b/src/encauth/ocb/ocb_ntz.c index 78134f7..4ffe7e8 100644 --- a/src/encauth/ocb/ocb_ntz.c +++ b/src/encauth/ocb/ocb_ntz.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/ocb/ocb_shift_xor.c b/src/encauth/ocb/ocb_shift_xor.c index cec1457..b63b022 100644 --- a/src/encauth/ocb/ocb_shift_xor.c +++ b/src/encauth/ocb/ocb_shift_xor.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/ocb/ocb_test.c b/src/encauth/ocb/ocb_test.c index 2df19d0..d6cb14b 100644 --- a/src/encauth/ocb/ocb_test.c +++ b/src/encauth/ocb/ocb_test.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/encauth/ocb/s_ocb_done.c b/src/encauth/ocb/s_ocb_done.c index ea4cbeb..6f6e63d 100644 --- a/src/encauth/ocb/s_ocb_done.c +++ b/src/encauth/ocb/s_ocb_done.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -114,6 +114,7 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, /* encrypt checksum, er... tag!! */ cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key); + cipher_descriptor[ocb->cipher].done(&ocb->key); /* now store it */ for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) { diff --git a/src/hashes/chc/chc.c b/src/hashes/chc/chc.c index d71d18f..67dd090 100644 --- a/src/hashes/chc/chc.c +++ b/src/hashes/chc/chc.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/helper/hash_file.c b/src/hashes/helper/hash_file.c index 671b030..78c290a 100644 --- a/src/hashes/helper/hash_file.c +++ b/src/hashes/helper/hash_file.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/helper/hash_filehandle.c b/src/hashes/helper/hash_filehandle.c index a721c76..c02c5a7 100644 --- a/src/hashes/helper/hash_filehandle.c +++ b/src/hashes/helper/hash_filehandle.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/helper/hash_memory.c b/src/hashes/helper/hash_memory.c index 6314fe0..9786948 100644 --- a/src/hashes/helper/hash_memory.c +++ b/src/hashes/helper/hash_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/helper/hash_memory_multi.c b/src/hashes/helper/hash_memory_multi.c index 411a560..ce22283 100644 --- a/src/hashes/helper/hash_memory_multi.c +++ b/src/hashes/helper/hash_memory_multi.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" #include diff --git a/src/hashes/md2.c b/src/hashes/md2.c index 765f69d..5381771 100644 --- a/src/hashes/md2.c +++ b/src/hashes/md2.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/md4.c b/src/hashes/md4.c index 138cab1..477f5b0 100644 --- a/src/hashes/md4.c +++ b/src/hashes/md4.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/md5.c b/src/hashes/md5.c index e74f157..e2e5c74 100644 --- a/src/hashes/md5.c +++ b/src/hashes/md5.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/rmd128.c b/src/hashes/rmd128.c index 8a438fe..1c304a1 100644 --- a/src/hashes/rmd128.c +++ b/src/hashes/rmd128.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/rmd160.c b/src/hashes/rmd160.c index 0103842..a617152 100644 --- a/src/hashes/rmd160.c +++ b/src/hashes/rmd160.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/sha1.c b/src/hashes/sha1.c index 27bdb99..267729b 100644 --- a/src/hashes/sha1.c +++ b/src/hashes/sha1.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/sha2/sha224.c b/src/hashes/sha2/sha224.c index 625da34..8c0dcde 100644 --- a/src/hashes/sha2/sha224.c +++ b/src/hashes/sha2/sha224.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @param sha224.c diff --git a/src/hashes/sha2/sha256.c b/src/hashes/sha2/sha256.c index 318ac57..85eba2a 100644 --- a/src/hashes/sha2/sha256.c +++ b/src/hashes/sha2/sha256.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/sha2/sha384.c b/src/hashes/sha2/sha384.c index debc768..912145c 100644 --- a/src/hashes/sha2/sha384.c +++ b/src/hashes/sha2/sha384.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @param sha384.c diff --git a/src/hashes/sha2/sha512.c b/src/hashes/sha2/sha512.c index 1cc14db..3238f2b 100644 --- a/src/hashes/sha2/sha512.c +++ b/src/hashes/sha2/sha512.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/tiger.c b/src/hashes/tiger.c index 12ef7ab..a1cd888 100644 --- a/src/hashes/tiger.c +++ b/src/hashes/tiger.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/hashes/whirl/whirl.c b/src/hashes/whirl/whirl.c index 4902fd6..ff0b436 100644 --- a/src/hashes/whirl/whirl.c +++ b/src/hashes/whirl/whirl.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/headers/ltc_tommath.h b/src/headers/ltc_tommath.h index dc1c75a..05212e5 100644 --- a/src/headers/ltc_tommath.h +++ b/src/headers/ltc_tommath.h @@ -44,7 +44,7 @@ extern "C" { /* detect 64-bit mode if possible */ #if defined(__x86_64__) - #if !(defined(MP_64BIT) || defined(MP_31BIT) || defined(MP_16BIT) || defined(MP_8BIT)) + #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT)) #define MP_64BIT #endif #endif @@ -112,7 +112,7 @@ extern "C" { #else /* prototypes for our heap functions */ extern void *XMALLOC(size_t n); - extern void *REALLOC(void *p, size_t n); + extern void *XREALLOC(void *p, size_t n); extern void *XCALLOC(size_t n, size_t s); extern void XFREE(void *p); #endif @@ -147,7 +147,6 @@ extern "C" { /* Primality generation flags */ #define LTM_PRIME_BBS 0x0001 /* BBS style prime */ #define LTM_PRIME_SAFE 0x0002 /* Safe prime (p-1)/2 == prime */ -#define LTM_PRIME_2MSB_OFF 0x0004 /* force 2nd MSB to 0 */ #define LTM_PRIME_2MSB_ON 0x0008 /* force 2nd MSB to 1 */ typedef int mp_err; @@ -429,6 +428,15 @@ int mp_reduce_2k_setup(mp_int *a, mp_digit *d); /* reduces a modulo b where b is of the form 2**p - k [0 <= a] */ int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d); +/* returns true if a can be reduced with mp_reduce_2k_l */ +int mp_reduce_is_2k_l(mp_int *a); + +/* determines k value for 2k reduction */ +int mp_reduce_2k_setup_l(mp_int *a, mp_int *d); + +/* reduces a modulo b where b is of the form 2**p - k [0 <= a] */ +int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d); + /* d = a**b (mod c) */ int mp_exptmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d); @@ -509,14 +517,16 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback int mp_count_bits(mp_int *a); int mp_unsigned_bin_size(mp_int *a); -int mp_read_unsigned_bin(mp_int *a, unsigned char *b, int c); +int mp_read_unsigned_bin(mp_int *a, const unsigned char *b, int c); int mp_to_unsigned_bin(mp_int *a, unsigned char *b); +int mp_to_unsigned_bin_n (mp_int * a, unsigned char *b, unsigned long *outlen); int mp_signed_bin_size(mp_int *a); -int mp_read_signed_bin(mp_int *a, unsigned char *b, int c); -int mp_to_signed_bin(mp_int *a, unsigned char *b); +int mp_read_signed_bin(mp_int *a, const unsigned char *b, int c); +int mp_to_signed_bin(mp_int *a, unsigned char *b); +int mp_to_signed_bin_n (mp_int * a, unsigned char *b, unsigned long *outlen); -int mp_read_radix(mp_int *a, char *str, int radix); +int mp_read_radix(mp_int *a, const char *str, int radix); int mp_toradix(mp_int *a, char *str, int radix); int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen); int mp_radix_size(mp_int *a, int radix, int *size); @@ -554,7 +564,7 @@ int fast_mp_invmod(mp_int *a, mp_int *b, mp_int *c); int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c); int fast_mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp); int mp_exptmod_fast(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int mode); -int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y); +int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int mode); void bn_reverse(unsigned char *s, int len); extern const char *mp_s_rmap; diff --git a/src/headers/tomcrypt.h b/src/headers/tomcrypt.h index bd80896..b1745c0 100644 --- a/src/headers/tomcrypt.h +++ b/src/headers/tomcrypt.h @@ -16,8 +16,8 @@ extern "C" { #endif /* version */ -#define CRYPT 0x0100 -#define SCRYPT "1.00" +#define CRYPT 0x0101 +#define SCRYPT "1.01" /* max size of either a cipher/hash block or symmetric key [largest of the two] */ #define MAXBLOCKSIZE 128 @@ -66,6 +66,7 @@ enum { #include #include #include +#include #include #include #include diff --git a/src/headers/tomcrypt_cfg.h b/src/headers/tomcrypt_cfg.h index 8e8f17e..a0022d1 100644 --- a/src/headers/tomcrypt_cfg.h +++ b/src/headers/tomcrypt_cfg.h @@ -9,7 +9,7 @@ /* you can change how memory allocation works ... */ void *XMALLOC(size_t n); -void *REALLOC(void *p, size_t n); +void *XREALLOC(void *p, size_t n); void *XCALLOC(size_t n, size_t s); void XFREE(void *p); @@ -34,6 +34,8 @@ int XMEMCMP(const void *s1, const void *s2, size_t n); #if defined(INTEL_CC) || (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__))) #define ENDIAN_LITTLE #define ENDIAN_32BITWORD + #define LTC_FAST + #define LTC_FAST_TYPE unsigned long #endif /* detects MIPS R5900 processors (PS2) */ @@ -46,6 +48,26 @@ int XMEMCMP(const void *s1, const void *s2, size_t n); #if defined(__x86_64__) #define ENDIAN_LITTLE #define ENDIAN_64BITWORD + #define LTC_FAST + #define LTC_FAST_TYPE unsigned long +#endif + +#ifdef LTC_NO_FAST + #ifdef LTC_FAST + #undef LTC_FAST + #endif +#endif + +/* No asm is a quick way to disable anything "not portable" */ +#ifdef LTC_NO_ASM + #undef ENDIAN_LITTLE + #undef ENDIAN_BIG + #undef ENDIAN_32BITWORD + #undef ENDIAN_64BITWORD + #undef LTC_FAST + #undef LTC_FAST_TYPE + #define LTC_NO_ROLC + #define LTC_NO_BSWAP #endif /* #define ENDIAN_LITTLE */ diff --git a/src/headers/tomcrypt_cipher.h b/src/headers/tomcrypt_cipher.h index 6d9b555..af184c2 100644 --- a/src/headers/tomcrypt_cipher.h +++ b/src/headers/tomcrypt_cipher.h @@ -164,6 +164,7 @@ typedef union Symmetric_key { #ifdef ANUBIS struct anubis_key anubis; #endif + void *data; } symmetric_key; /* A block cipher ECB structure */ @@ -274,11 +275,109 @@ extern struct ltc_cipher_descriptor { @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled */ int (*test)(void); + + /** Terminate the context + @param skey The scheduled key + */ + void (*done)(symmetric_key *skey); + /** Determine a key size @param keysize [in/out] The size of the key desired and the suggested size @return CRYPT_OK if successful */ int (*keysize)(int *keysize); + +/** Accelerators **/ + /** Accelerated ECB encryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param skey The scheduled key context + */ + void (*accel_ecb_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, symmetric_key *skey); + + /** Accelerated ECB decryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param skey The scheduled key context + */ + void (*accel_ecb_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, symmetric_key *skey); + + /** Accelerated CBC encryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param IV The initial value (input/output) + @param skey The scheduled key context + */ + void (*accel_cbc_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, symmetric_key *skey); + + /** Accelerated CBC decryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param IV The initial value (input/output) + @param skey The scheduled key context + */ + void (*accel_cbc_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, symmetric_key *skey); + + /** Accelerated CTR encryption + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param IV The initial value (input/output) + @param mode little or big endian counter (mode=0 or mode=1) + @param skey The scheduled key context + */ + void (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey); + + /** Accelerated CCM packet (one-shot) + @param key The secret key to use + @param keylen The length of the secret key (octets) + @param nonce The session nonce [use once] + @param noncelen The length of the nonce + @param header The header for the session + @param headerlen The length of the header (octets) + @param pt [out] The plaintext + @param ptlen The length of the plaintext (octets) + @param ct [out] The ciphertext + @param tag [out] The destination tag + @param taglen [in/out] The max size and resulting size of the authentication tag + @param direction Encrypt or Decrypt direction (0 or 1) + @return CRYPT_OK if successful + */ + void (*accel_ccm_memory)( + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *header, unsigned long headerlen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction); + + /** Accelerated GCM packet (one shot) + @param key The secret key + @param keylen The length of the secret key + @param IV The initial vector + @param IVlen The length of the initial vector + @param adata The additional authentication data (header) + @param adatalen The length of the adata + @param pt The plaintext + @param ptlen The length of the plaintext (ciphertext length is the same) + @param ct The ciphertext + @param tag [out] The MAC tag + @param taglen [in/out] The MAC tag length + @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT) + */ + void (*accel_gcm_memory)( + const unsigned char *key, unsigned long keylen, + const unsigned char *IV, unsigned long IVlen, + const unsigned char *adata, unsigned long adatalen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction); } cipher_descriptor[]; #ifdef BLOWFISH @@ -286,6 +385,7 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, symmetr void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int blowfish_test(void); +void blowfish_done(symmetric_key *skey); int blowfish_keysize(int *keysize); extern const struct ltc_cipher_descriptor blowfish_desc; #endif @@ -295,6 +395,7 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int rc5_test(void); +void rc5_done(symmetric_key *skey); int rc5_keysize(int *keysize); extern const struct ltc_cipher_descriptor rc5_desc; #endif @@ -304,6 +405,7 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int rc6_test(void); +void rc6_done(symmetric_key *skey); int rc6_keysize(int *keysize); extern const struct ltc_cipher_descriptor rc6_desc; #endif @@ -313,6 +415,7 @@ int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke void rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int rc2_test(void); +void rc2_done(symmetric_key *skey); int rc2_keysize(int *keysize); extern const struct ltc_cipher_descriptor rc2_desc; #endif @@ -322,6 +425,7 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int saferp_test(void); +void saferp_done(symmetric_key *skey); int saferp_keysize(int *keysize); extern const struct ltc_cipher_descriptor saferp_desc; #endif @@ -336,6 +440,7 @@ void safer_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key int safer_k64_test(void); int safer_sk64_test(void); int safer_sk128_test(void); +void safer_done(symmetric_key *skey); int safer_64_keysize(int *keysize); int safer_128_keysize(int *keysize); extern const struct ltc_cipher_descriptor safer_k64_desc, safer_k128_desc, safer_sk64_desc, safer_sk128_desc; @@ -348,6 +453,7 @@ extern const struct ltc_cipher_descriptor safer_k64_desc, safer_k128_desc, safer #define aes_ecb_encrypt rijndael_ecb_encrypt #define aes_ecb_decrypt rijndael_ecb_decrypt #define aes_test rijndael_test +#define aes_done rijndael_done #define aes_keysize rijndael_keysize #define aes_enc_setup rijndael_enc_setup @@ -358,9 +464,11 @@ int rijndael_setup(const unsigned char *key, int keylen, int num_rounds, symmetr void rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int rijndael_test(void); +void rijndael_done(symmetric_key *skey); int rijndael_keysize(int *keysize); int rijndael_enc_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); void rijndael_enc_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); +void rijndael_enc_done(symmetric_key *skey); int rijndael_enc_keysize(int *keysize); extern const struct ltc_cipher_descriptor rijndael_desc, aes_desc; extern const struct ltc_cipher_descriptor rijndael_enc_desc, aes_enc_desc; @@ -371,6 +479,7 @@ int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int xtea_test(void); +void xtea_done(symmetric_key *skey); int xtea_keysize(int *keysize); extern const struct ltc_cipher_descriptor xtea_desc; #endif @@ -380,6 +489,7 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int twofish_test(void); +void twofish_done(symmetric_key *skey); int twofish_keysize(int *keysize); extern const struct ltc_cipher_descriptor twofish_desc; #endif @@ -389,11 +499,13 @@ int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int des_test(void); +void des_done(symmetric_key *skey); int des_keysize(int *keysize); int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int des3_test(void); +void des3_done(symmetric_key *skey); int des3_keysize(int *keysize); extern const struct ltc_cipher_descriptor des_desc, des3_desc; #endif @@ -403,6 +515,7 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int cast5_test(void); +void cast5_done(symmetric_key *skey); int cast5_keysize(int *keysize); extern const struct ltc_cipher_descriptor cast5_desc; #endif @@ -412,6 +525,7 @@ int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetri void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int noekeon_test(void); +void noekeon_done(symmetric_key *skey); int noekeon_keysize(int *keysize); extern const struct ltc_cipher_descriptor noekeon_desc; #endif @@ -421,6 +535,7 @@ int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetr void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int skipjack_test(void); +void skipjack_done(symmetric_key *skey); int skipjack_keysize(int *keysize); extern const struct ltc_cipher_descriptor skipjack_desc; #endif @@ -430,6 +545,7 @@ int khazad_setup(const unsigned char *key, int keylen, int num_rounds, symmetric void khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int khazad_test(void); +void khazad_done(symmetric_key *skey); int khazad_keysize(int *keysize); extern const struct ltc_cipher_descriptor khazad_desc; #endif @@ -439,6 +555,7 @@ int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric void anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); void anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); int anubis_test(void); +void anubis_done(symmetric_key *skey); int anubis_keysize(int *keysize); extern const struct ltc_cipher_descriptor anubis_desc; #endif @@ -446,8 +563,9 @@ extern const struct ltc_cipher_descriptor anubis_desc; #ifdef ECB int ecb_start(int cipher, const unsigned char *key, int keylen, int num_rounds, symmetric_ECB *ecb); -int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb); -int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb); +int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb); +int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_ECB *ecb); +int ecb_done(symmetric_ECB *ecb); #endif #ifdef CFB @@ -457,6 +575,7 @@ int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb); int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb); int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb); +int cfb_done(symmetric_CFB *cfb); #endif #ifdef OFB @@ -466,15 +585,17 @@ int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb); int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb); int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb); +int ofb_done(symmetric_OFB *ofb); #endif #ifdef CBC int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key, int keylen, int num_rounds, symmetric_CBC *cbc); -int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc); -int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc); +int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc); +int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CBC *cbc); int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc); int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc); +int cbc_done(symmetric_CBC *cbc); #endif #ifdef CTR @@ -484,6 +605,7 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr); int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr); int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr); +int ctr_done(symmetric_CTR *ctr); #endif int find_cipher(const char *name); diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 20415b6..d786f0b 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -17,19 +17,25 @@ #define XCLOCKS_PER_SEC CLOCKS_PER_SEC /* Use small code where possible */ -// #define LTC_SMALL_CODE +/* #define LTC_SMALL_CODE */ /* Enable self-test test vector checking */ #define LTC_TEST /* clean the stack of functions which put private information on stack */ -// #define LTC_CLEAN_STACK +/* #define LTC_CLEAN_STACK */ /* disable all file related functions */ -// #define LTC_NO_FILE +/* #define LTC_NO_FILE */ /* disable all forms of ASM */ -// #define LTC_NO_ASM +/* #define LTC_NO_ASM */ + +/* disable FAST mode */ +/* #define LTC_NO_FAST */ + +/* disable BSWAP on x86 */ +/* #define LTC_NO_BSWAP */ /* ---> Symmetric Block Ciphers <--- */ #define BLOWFISH @@ -43,17 +49,14 @@ * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */ #define TWOFISH #define TWOFISH_TABLES -// #define TWOFISH_ALL_TABLES -// #define TWOFISH_SMALL +/* #define TWOFISH_ALL_TABLES */ +/* #define TWOFISH_SMALL */ /* DES includes EDE triple-DES */ #define DES #define CAST5 #define NOEKEON #define SKIPJACK -/* SAFER code isn't public domain. It appears to be free to use - * but has been disabled by default to avoid any such problems - */ -//#define SAFER +#define SAFER #define KHAZAD #define ANUBIS #define ANUBIS_TWEAK @@ -85,6 +88,11 @@ #define HMAC #define OMAC #define PMAC +#define PELICAN + +#if defined(PELICAN) && !defined(RIJNDAEL) + #error Pelican-MAC requires RIJNDAEL +#endif /* ---> Encrypt + Authenticate Modes <--- */ #define EAX_MODE @@ -93,6 +101,11 @@ #endif #define OCB_MODE +#define CCM_MODE + +#define GCM_MODE +/* Use 64KiB tables */ +#define GCM_TABLES /* Various tidbits of modern neatoness */ #define BASE64 @@ -100,8 +113,8 @@ /* --> Pseudo Random Number Generators <--- */ /* Yarrow */ #define YARROW -// which descriptor of AES to use? -// 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] +/* which descriptor of AES to use? */ +/* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */ #define YARROW_AES 0 #if defined(YARROW) && !defined(CTR) diff --git a/src/headers/tomcrypt_hash.h b/src/headers/tomcrypt_hash.h index 388d234..d295a59 100644 --- a/src/headers/tomcrypt_hash.h +++ b/src/headers/tomcrypt_hash.h @@ -120,6 +120,7 @@ typedef union Hash_state { #ifdef RIPEMD160 struct rmd160_state rmd160; #endif + void *data; } hash_state; extern struct ltc_hash_descriptor { @@ -321,198 +322,3 @@ int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) } \ return CRYPT_OK; \ } - -#ifdef HMAC -typedef struct Hmac_state { - hash_state md; - int hash; - hash_state hashstate; - unsigned char *key; -} hmac_state; - -int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen); -int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen); -int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen); -int hmac_test(void); -int hmac_memory(int hash, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int hmac_memory_multi(int hash, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...); -int hmac_file(int hash, const char *fname, const unsigned char *key, - unsigned long keylen, - unsigned char *dst, unsigned long *dstlen); -#endif - -#ifdef OMAC - -typedef struct { - int cipher_idx, - buflen, - blklen; - unsigned char block[MAXBLOCKSIZE], - prev[MAXBLOCKSIZE], - Lu[2][MAXBLOCKSIZE]; - symmetric_key key; -} omac_state; - -int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen); -int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen); -int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen); -int omac_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int omac_memory_multi(int cipher, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...); -int omac_file(int cipher, - const unsigned char *key, unsigned long keylen, - const char *filename, - unsigned char *out, unsigned long *outlen); -int omac_test(void); -#endif /* OMAC */ - -#ifdef PMAC - -typedef struct { - unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ - Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ - Lr[MAXBLOCKSIZE], /* L * x^-1 */ - block[MAXBLOCKSIZE], /* currently accumulated block */ - checksum[MAXBLOCKSIZE]; /* current checksum */ - - symmetric_key key; /* scheduled key for cipher */ - unsigned long block_index; /* index # for current block */ - int cipher_idx, /* cipher idx */ - block_len, /* length of block */ - buflen; /* number of bytes in the buffer */ -} pmac_state; - -int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen); -int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen); -int pmac_done(pmac_state *pmac, unsigned char *out, unsigned long *outlen); - -int pmac_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *msg, unsigned long msglen, - unsigned char *out, unsigned long *outlen); - -int pmac_memory_multi(int cipher, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...); - -int pmac_file(int cipher, - const unsigned char *key, unsigned long keylen, - const char *filename, - unsigned char *out, unsigned long *outlen); - -int pmac_test(void); - -/* internal functions */ -int pmac_ntz(unsigned long x); -void pmac_shift_xor(pmac_state *pmac); - -#endif /* PMAC */ - -#ifdef EAX_MODE - -#if !(defined(OMAC) && defined(CTR)) - #error EAX_MODE requires OMAC and CTR -#endif - -typedef struct { - unsigned char N[MAXBLOCKSIZE]; - symmetric_CTR ctr; - omac_state headeromac, ctomac; -} eax_state; - -int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen); - -int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length); -int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length); -int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length); -int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen); - -int eax_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -int eax_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - unsigned char *tag, unsigned long taglen, - int *stat); - - int eax_test(void); -#endif /* EAX MODE */ - -#ifdef OCB_MODE -typedef struct { - unsigned char L[MAXBLOCKSIZE], /* L value */ - Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ - Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ - Lr[MAXBLOCKSIZE], /* L * x^-1 */ - R[MAXBLOCKSIZE], /* R value */ - checksum[MAXBLOCKSIZE]; /* current checksum */ - - symmetric_key key; /* scheduled key for cipher */ - unsigned long block_index; /* index # for current block */ - int cipher, /* cipher idx */ - block_len; /* length of block */ -} ocb_state; - -int ocb_init(ocb_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, const unsigned char *nonce); - -int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct); -int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt); - -int ocb_done_encrypt(ocb_state *ocb, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -int ocb_done_decrypt(ocb_state *ocb, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, int *stat); - -int ocb_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -int ocb_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat); - -int ocb_test(void); - -/* internal functions */ -void ocb_shift_xor(ocb_state *ocb, unsigned char *Z); -int ocb_ntz(unsigned long x); -int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode); - -#endif /* OCB_MODE */ diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h new file mode 100644 index 0000000..6b5e1ce --- /dev/null +++ b/src/headers/tomcrypt_mac.h @@ -0,0 +1,297 @@ +#ifdef HMAC +typedef struct Hmac_state { + hash_state md; + int hash; + hash_state hashstate; + unsigned char *key; +} hmac_state; + +int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen); +int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen); +int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen); +int hmac_test(void); +int hmac_memory(int hash, + const unsigned char *key, unsigned long keylen, + const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen); +int hmac_memory_multi(int hash, + const unsigned char *key, unsigned long keylen, + unsigned char *out, unsigned long *outlen, + const unsigned char *in, unsigned long inlen, ...); +int hmac_file(int hash, const char *fname, const unsigned char *key, + unsigned long keylen, + unsigned char *dst, unsigned long *dstlen); +#endif + +#ifdef OMAC + +typedef struct { + int cipher_idx, + buflen, + blklen; + unsigned char block[MAXBLOCKSIZE], + prev[MAXBLOCKSIZE], + Lu[2][MAXBLOCKSIZE]; + symmetric_key key; +} omac_state; + +int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen); +int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen); +int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen); +int omac_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen); +int omac_memory_multi(int cipher, + const unsigned char *key, unsigned long keylen, + unsigned char *out, unsigned long *outlen, + const unsigned char *in, unsigned long inlen, ...); +int omac_file(int cipher, + const unsigned char *key, unsigned long keylen, + const char *filename, + unsigned char *out, unsigned long *outlen); +int omac_test(void); +#endif /* OMAC */ + +#ifdef PMAC + +typedef struct { + unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ + Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ + Lr[MAXBLOCKSIZE], /* L * x^-1 */ + block[MAXBLOCKSIZE], /* currently accumulated block */ + checksum[MAXBLOCKSIZE]; /* current checksum */ + + symmetric_key key; /* scheduled key for cipher */ + unsigned long block_index; /* index # for current block */ + int cipher_idx, /* cipher idx */ + block_len, /* length of block */ + buflen; /* number of bytes in the buffer */ +} pmac_state; + +int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen); +int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen); +int pmac_done(pmac_state *pmac, unsigned char *out, unsigned long *outlen); + +int pmac_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *msg, unsigned long msglen, + unsigned char *out, unsigned long *outlen); + +int pmac_memory_multi(int cipher, + const unsigned char *key, unsigned long keylen, + unsigned char *out, unsigned long *outlen, + const unsigned char *in, unsigned long inlen, ...); + +int pmac_file(int cipher, + const unsigned char *key, unsigned long keylen, + const char *filename, + unsigned char *out, unsigned long *outlen); + +int pmac_test(void); + +/* internal functions */ +int pmac_ntz(unsigned long x); +void pmac_shift_xor(pmac_state *pmac); + +#endif /* PMAC */ + +#ifdef EAX_MODE + +#if !(defined(OMAC) && defined(CTR)) + #error EAX_MODE requires OMAC and CTR +#endif + +typedef struct { + unsigned char N[MAXBLOCKSIZE]; + symmetric_CTR ctr; + omac_state headeromac, ctomac; +} eax_state; + +int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *header, unsigned long headerlen); + +int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length); +int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length); +int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length); +int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen); + +int eax_encrypt_authenticate_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *header, unsigned long headerlen, + const unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen); + +int eax_decrypt_verify_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *header, unsigned long headerlen, + const unsigned char *ct, unsigned long ctlen, + unsigned char *pt, + unsigned char *tag, unsigned long taglen, + int *stat); + + int eax_test(void); +#endif /* EAX MODE */ + +#ifdef OCB_MODE +typedef struct { + unsigned char L[MAXBLOCKSIZE], /* L value */ + Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ + Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ + Lr[MAXBLOCKSIZE], /* L * x^-1 */ + R[MAXBLOCKSIZE], /* R value */ + checksum[MAXBLOCKSIZE]; /* current checksum */ + + symmetric_key key; /* scheduled key for cipher */ + unsigned long block_index; /* index # for current block */ + int cipher, /* cipher idx */ + block_len; /* length of block */ +} ocb_state; + +int ocb_init(ocb_state *ocb, int cipher, + const unsigned char *key, unsigned long keylen, const unsigned char *nonce); + +int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct); +int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt); + +int ocb_done_encrypt(ocb_state *ocb, + const unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen); + +int ocb_done_decrypt(ocb_state *ocb, + const unsigned char *ct, unsigned long ctlen, + unsigned char *pt, + const unsigned char *tag, unsigned long taglen, int *stat); + +int ocb_encrypt_authenticate_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, + const unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen); + +int ocb_decrypt_verify_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, + const unsigned char *ct, unsigned long ctlen, + unsigned char *pt, + const unsigned char *tag, unsigned long taglen, + int *stat); + +int ocb_test(void); + +/* internal functions */ +void ocb_shift_xor(ocb_state *ocb, unsigned char *Z); +int ocb_ntz(unsigned long x); +int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, + unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode); + +#endif /* OCB_MODE */ + +#ifdef CCM_MODE + +#define CCM_ENCRYPT 0 +#define CCM_DECRYPT 1 + +int ccm_memory(int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *nonce, unsigned long noncelen, + const unsigned char *header, unsigned long headerlen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction); + +int ccm_test(void); + +#endif /* CCM_MODE */ + +#ifdef GCM_MODE + +#define GCM_ENCRYPT 0 +#define GCM_DECRYPT 1 + +#define GCM_MODE_IV 0 +#define GCM_MODE_AAD 1 +#define GCM_MODE_TEXT 2 + +typedef struct { + symmetric_key K; + unsigned char H[16], /* multiplier */ + X[16], /* accumulator */ + Y[16], /* counter */ + Y_0[16], /* initial counter */ + buf[16]; /* buffer for stuff */ + + int cipher, /* which cipher */ + ivmode, /* Which mode is the IV in? */ + mode, /* mode the GCM code is in */ + buflen; /* length of data in buf */ + + ulong64 totlen, /* 64-bit counter used for IV and AAD */ + pttotlen; /* 64-bit counter for the PT */ + +#ifdef GCM_TABLES + unsigned char PC[16][256][16]; /* 16 tables of 8x128 */ +#endif + +} gcm_state; + +void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c); +void gcm_mult_h(gcm_state *gcm, unsigned char *I); + +int gcm_init(gcm_state *gcm, int cipher, + const unsigned char *key, int keylen); + +int gcm_reset(gcm_state *gcm); + +int gcm_add_iv(gcm_state *gcm, + const unsigned char *IV, unsigned long IVlen); + +int gcm_add_aad(gcm_state *gcm, + const unsigned char *adata, unsigned long adatalen); + +int gcm_process(gcm_state *gcm, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + int direction); + +int gcm_done(gcm_state *gcm, + unsigned char *tag, unsigned long *taglen); + +int gcm_memory( int cipher, + const unsigned char *key, unsigned long keylen, + const unsigned char *IV, unsigned long IVlen, + const unsigned char *adata, unsigned long adatalen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long *taglen, + int direction); +int gcm_test(void); + +#endif /* GCM_MODE */ + +#ifdef PELICAN + +typedef struct pelican_state +{ + symmetric_key K; + unsigned char state[16]; + int buflen; +} pelican_state; + +int pelican_init(pelican_state *pelmac, const unsigned char *key, unsigned long keylen); +int pelican_process(pelican_state *pelmac, const unsigned char *in, unsigned long inlen); +int pelican_done(pelican_state *pelmac, unsigned char *out); +int pelican_test(void); + +int pelican_memory(const unsigned char *key, unsigned long keylen, + const unsigned char *in, unsigned long inlen, + unsigned char *out); + +#endif diff --git a/src/headers/tomcrypt_macros.h b/src/headers/tomcrypt_macros.h index 971cb9c..f083984 100644 --- a/src/headers/tomcrypt_macros.h +++ b/src/headers/tomcrypt_macros.h @@ -67,6 +67,23 @@ #ifdef ENDIAN_LITTLE +#if !defined(LTC_NO_BSWAP) && (defined(INTEL_CC) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__) || defined(__x86_64__)))) + +#define STORE32H(x, y) \ +asm __volatile__ ( \ + "bswapl %0 \n\t" \ + "movl %0,(%2)\n\t" \ + "bswapl %0 \n\t" \ + :"=r"(x):"0"(x), "r"(y)); + +#define LOAD32H(x, y) \ +asm __volatile__ ( \ + "movl (%2),%0\n\t" \ + "bswapl %0\n\t" \ + :"=r"(x): "0"(x), "r"(y)); + +#else + #define STORE32H(x, y) \ { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } @@ -77,6 +94,27 @@ ((unsigned long)((y)[2] & 255)<<8) | \ ((unsigned long)((y)[3] & 255)); } +#endif + + +/* x86_64 processor */ +#if !defined(LTC_NO_BSWAP) && (defined(__GNUC__) && defined(__x86_64__)) + +#define STORE64H(x, y) \ +asm __volatile__ ( \ + "bswapq %0 \n\t" \ + "movq %0,(%2)\n\t" \ + "bswapq %0 \n\t" \ + :"=r"(x):"0"(x), "r"(y):"0"); + +#define LOAD64H(x, y) \ +asm __volatile__ ( \ + "movq (%2),%0\n\t" \ + "bswapq %0\n\t" \ + :"=r"(x): "0"(x), "r"(y)); + +#else + #define STORE64H(x, y) \ { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ @@ -89,6 +127,8 @@ (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } +#endif + #ifdef ENDIAN_32BITWORD #define STORE32L(x, y) \ @@ -295,8 +335,8 @@ static inline unsigned long ROR64c(unsigned long word, const int i) #else /* LTC_NO_ROLC */ -#define ROL64c ROL -#define ROR64c ROR +#define ROL64c ROL64 +#define ROR64c ROR64 #endif diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index b1254db..065ca99 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -193,7 +193,7 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen, /* ---- ECC Routines ---- */ #ifdef MECC typedef struct { - mp_int x, y; + mp_int x, y, z; } ecc_point; typedef struct { diff --git a/src/headers/tommath_class.h b/src/headers/tommath_class.h index 3dc21a1..6d05b7b 100644 --- a/src/headers/tommath_class.h +++ b/src/headers/tommath_class.h @@ -90,8 +90,11 @@ #define BN_MP_READ_UNSIGNED_BIN_C #define BN_MP_REDUCE_C #define BN_MP_REDUCE_2K_C +#define BN_MP_REDUCE_2K_L_C #define BN_MP_REDUCE_2K_SETUP_C +#define BN_MP_REDUCE_2K_SETUP_L_C #define BN_MP_REDUCE_IS_2K_C +#define BN_MP_REDUCE_IS_2K_L_C #define BN_MP_REDUCE_SETUP_C #define BN_MP_RSHD_C #define BN_MP_SET_C @@ -105,7 +108,9 @@ #define BN_MP_SUB_D_C #define BN_MP_SUBMOD_C #define BN_MP_TO_SIGNED_BIN_C +#define BN_MP_TO_SIGNED_BIN_N_C #define BN_MP_TO_UNSIGNED_BIN_C +#define BN_MP_TO_UNSIGNED_BIN_N_C #define BN_MP_TOOM_MUL_C #define BN_MP_TOOM_SQR_C #define BN_MP_TORADIX_C @@ -132,7 +137,7 @@ #define BN_MP_ISEVEN_C #define BN_MP_INIT_MULTI_C #define BN_MP_COPY_C - #define BN_MP_ABS_C + #define BN_MP_MOD_C #define BN_MP_SET_C #define BN_MP_DIV_2_C #define BN_MP_ISODD_C @@ -324,11 +329,12 @@ #define BN_MP_CLEAR_C #define BN_MP_ABS_C #define BN_MP_CLEAR_MULTI_C + #define BN_MP_REDUCE_IS_2K_L_C + #define BN_S_MP_EXPTMOD_C #define BN_MP_DR_IS_MODULUS_C #define BN_MP_REDUCE_IS_2K_C #define BN_MP_ISODD_C #define BN_MP_EXPTMOD_FAST_C - #define BN_S_MP_EXPTMOD_C #endif #if defined(BN_MP_EXPTMOD_FAST_C) @@ -360,6 +366,7 @@ #define BN_MP_DIV_C #define BN_MP_MUL_C #define BN_MP_SUB_C + #define BN_MP_NEG_C #define BN_MP_EXCH_C #define BN_MP_CLEAR_MULTI_C #endif @@ -434,6 +441,7 @@ #if defined(BN_MP_INVMOD_SLOW_C) #define BN_MP_ISZERO_C #define BN_MP_INIT_MULTI_C + #define BN_MP_MOD_C #define BN_MP_COPY_C #define BN_MP_ISEVEN_C #define BN_MP_SET_C @@ -659,9 +667,9 @@ #endif #if defined(BN_MP_RADIX_SIZE_C) - #define BN_MP_ISZERO_C #define BN_MP_COUNT_BITS_C #define BN_MP_INIT_COPY_C + #define BN_MP_ISZERO_C #define BN_MP_DIV_D_C #define BN_MP_CLEAR_C #endif @@ -700,8 +708,8 @@ #define BN_MP_INIT_COPY_C #define BN_MP_RSHD_C #define BN_MP_MUL_C - #define BN_FAST_S_MP_MUL_HIGH_DIGS_C #define BN_S_MP_MUL_HIGH_DIGS_C + #define BN_FAST_S_MP_MUL_HIGH_DIGS_C #define BN_MP_MOD_2D_C #define BN_S_MP_MUL_DIGS_C #define BN_MP_SUB_C @@ -725,6 +733,17 @@ #define BN_MP_CLEAR_C #endif +#if defined(BN_MP_REDUCE_2K_L_C) + #define BN_MP_INIT_C + #define BN_MP_COUNT_BITS_C + #define BN_MP_DIV_2D_C + #define BN_MP_MUL_C + #define BN_S_MP_ADD_C + #define BN_MP_CMP_MAG_C + #define BN_S_MP_SUB_C + #define BN_MP_CLEAR_C +#endif + #if defined(BN_MP_REDUCE_2K_SETUP_C) #define BN_MP_INIT_C #define BN_MP_COUNT_BITS_C @@ -733,11 +752,22 @@ #define BN_S_MP_SUB_C #endif +#if defined(BN_MP_REDUCE_2K_SETUP_L_C) + #define BN_MP_INIT_C + #define BN_MP_2EXPT_C + #define BN_MP_COUNT_BITS_C + #define BN_S_MP_SUB_C + #define BN_MP_CLEAR_C +#endif + #if defined(BN_MP_REDUCE_IS_2K_C) #define BN_MP_REDUCE_2K_C #define BN_MP_COUNT_BITS_C #endif +#if defined(BN_MP_REDUCE_IS_2K_L_C) +#endif + #if defined(BN_MP_REDUCE_SETUP_C) #define BN_MP_2EXPT_C #define BN_MP_DIV_C @@ -815,6 +845,11 @@ #define BN_MP_TO_UNSIGNED_BIN_C #endif +#if defined(BN_MP_TO_SIGNED_BIN_N_C) + #define BN_MP_SIGNED_BIN_SIZE_C + #define BN_MP_TO_SIGNED_BIN_C +#endif + #if defined(BN_MP_TO_UNSIGNED_BIN_C) #define BN_MP_INIT_COPY_C #define BN_MP_ISZERO_C @@ -822,6 +857,11 @@ #define BN_MP_CLEAR_C #endif +#if defined(BN_MP_TO_UNSIGNED_BIN_N_C) + #define BN_MP_UNSIGNED_BIN_SIZE_C + #define BN_MP_TO_UNSIGNED_BIN_C +#endif + #if defined(BN_MP_TOOM_MUL_C) #define BN_MP_INIT_MULTI_C #define BN_MP_MOD_2D_C @@ -902,10 +942,12 @@ #define BN_MP_INIT_C #define BN_MP_CLEAR_C #define BN_MP_REDUCE_SETUP_C + #define BN_MP_REDUCE_C + #define BN_MP_REDUCE_2K_SETUP_L_C + #define BN_MP_REDUCE_2K_L_C #define BN_MP_MOD_C #define BN_MP_COPY_C #define BN_MP_SQR_C - #define BN_MP_REDUCE_C #define BN_MP_MUL_C #define BN_MP_SET_C #define BN_MP_EXCH_C diff --git a/src/headers/tommath_superclass.h b/src/headers/tommath_superclass.h index 7b6c05a..b50ecb0 100644 --- a/src/headers/tommath_superclass.h +++ b/src/headers/tommath_superclass.h @@ -7,7 +7,9 @@ // #define SC_RSA_1 /* For reference.... On an Athlon64 optimizing for speed... + LTM's mpi.o with all functions [striped] is 142KiB in size. + */ /* Works for RSA only, mpi.o is 68KiB */ @@ -32,7 +34,7 @@ #define BN_PRIME_TAB_C /* other modifiers */ - #define BN_MP_DIV_SMALL /* Slower division, not critical */ + #define BN_MP_DIV_SMALL /* Slower division, not critical */ /* here we are on the last pass so we turn things off. The functions classes are still there * but we remove them specifically from the build. This also invokes tweaks in functions diff --git a/src/mac/hmac/hmac_done.c b/src/mac/hmac/hmac_done.c index 9bc9f69..fdf20be 100644 --- a/src/mac/hmac/hmac_done.c +++ b/src/mac/hmac/hmac_done.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/hmac/hmac_file.c b/src/mac/hmac/hmac_file.c index c726e50..edbb6a6 100644 --- a/src/mac/hmac/hmac_file.c +++ b/src/mac/hmac/hmac_file.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/hmac/hmac_init.c b/src/mac/hmac/hmac_init.c index 3f7d8c2..d060a5b 100644 --- a/src/mac/hmac/hmac_init.c +++ b/src/mac/hmac/hmac_init.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/hmac/hmac_memory.c b/src/mac/hmac/hmac_memory.c index 804e06d..036ee36 100644 --- a/src/mac/hmac/hmac_memory.c +++ b/src/mac/hmac/hmac_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/hmac/hmac_memory_multi.c b/src/mac/hmac/hmac_memory_multi.c index f45776a..4a5b9be 100644 --- a/src/mac/hmac/hmac_memory_multi.c +++ b/src/mac/hmac/hmac_memory_multi.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" #include diff --git a/src/mac/hmac/hmac_process.c b/src/mac/hmac/hmac_process.c index 265293f..30e64c3 100644 --- a/src/mac/hmac/hmac_process.c +++ b/src/mac/hmac/hmac_process.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/hmac/hmac_test.c b/src/mac/hmac/hmac_test.c index 6ff749f..0d542d4 100644 --- a/src/mac/hmac/hmac_test.c +++ b/src/mac/hmac/hmac_test.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/omac/omac_done.c b/src/mac/omac/omac_done.c index e2c9b7c..0a91a14 100644 --- a/src/mac/omac/omac_done.c +++ b/src/mac/omac/omac_done.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -62,6 +62,7 @@ int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen) /* encrypt it */ cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->block, &omac->key); + cipher_descriptor[omac->cipher_idx].done(&omac->key); /* output it */ for (x = 0; x < (unsigned)omac->blklen && x < *outlen; x++) { diff --git a/src/mac/omac/omac_file.c b/src/mac/omac/omac_file.c index 25e8c50..1e3d2f6 100644 --- a/src/mac/omac/omac_file.c +++ b/src/mac/omac/omac_file.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/omac/omac_init.c b/src/mac/omac/omac_init.c index 98ca640..d39219d 100644 --- a/src/mac/omac/omac_init.c +++ b/src/mac/omac/omac_init.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -38,6 +38,12 @@ int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned l return err; } +#ifdef LTC_FAST + if (16 % sizeof(LTC_FAST_TYPE)) { + return CRYPT_INVALID_ARG; + } +#endif + /* now setup the system */ switch (cipher_descriptor[cipher].block_length) { case 8: mask = 0x1B; diff --git a/src/mac/omac/omac_memory.c b/src/mac/omac/omac_memory.c index f9a025d..51d0ce2 100644 --- a/src/mac/omac/omac_memory.c +++ b/src/mac/omac/omac_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/omac/omac_memory_multi.c b/src/mac/omac/omac_memory_multi.c index 9bd31e8..76e4eb0 100644 --- a/src/mac/omac/omac_memory_multi.c +++ b/src/mac/omac/omac_memory_multi.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" #include diff --git a/src/mac/omac/omac_process.c b/src/mac/omac/omac_process.c index e5f3147..6b603f7 100644 --- a/src/mac/omac/omac_process.c +++ b/src/mac/omac/omac_process.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -40,6 +40,20 @@ int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen) return CRYPT_INVALID_ARG; } +#ifdef LTC_FAST + if (omac->buflen == 0 && inlen > 16) { + int y; + for (x = 0; x < (inlen - 16); x += 16) { + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)(&omac->prev[y])) ^= *((LTC_FAST_TYPE*)(&in[y])); + } + in += 16; + cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->prev, omac->prev, &omac->key); + } + inlen -= x; + } +#endif + while (inlen != 0) { /* ok if the block is full we xor in prev, encrypt and replace prev */ if (omac->buflen == omac->blklen) { @@ -53,7 +67,7 @@ int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen) /* add bytes */ n = MIN(inlen, (unsigned long)(omac->blklen - omac->buflen)); XMEMCPY(omac->block + omac->buflen, in, n); - omac->buflen += n; + omac->buflen += n; inlen -= n; in += n; } diff --git a/src/mac/omac/omac_test.c b/src/mac/omac/omac_test.c index f6cabdf..42e42bd 100644 --- a/src/mac/omac/omac_test.c +++ b/src/mac/omac/omac_test.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/pelican/pelican.c b/src/mac/pelican/pelican.c new file mode 100644 index 0000000..d47bd56 --- /dev/null +++ b/src/mac/pelican/pelican.c @@ -0,0 +1,149 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file pelican.c + Pelican MAC, initialize state, by Tom St Denis +*/ + +#ifdef PELICAN + +#define ENCRYPT_ONLY +#include "../../ciphers/aes/aes_tab.c" + + +/** + Initialize a Pelican state + @param pelmac The Pelican state to initialize + @param key The secret key + @param keylen The length of the secret key (octets) + @return CRYPT_OK if successful +*/ +int pelican_init(pelican_state *pelmac, const unsigned char *key, unsigned long keylen) +{ + int err; + + LTC_ARGCHK(pelmac != NULL); + LTC_ARGCHK(key != NULL); + +#ifdef LTC_FAST + if (16 % sizeof(LTC_FAST_TYPE)) { + return CRYPT_INVALID_ARG; + } +#endif + + if ((err = aes_setup(key, keylen, 0, &pelmac->K)) != CRYPT_OK) { + return err; + } + + zeromem(pelmac->state, 16); + aes_ecb_encrypt(pelmac->state, pelmac->state, &pelmac->K); + pelmac->buflen = 0; + + return CRYPT_OK; +} + +static void four_rounds(pelican_state *pelmac) +{ + ulong32 s0, s1, s2, s3, t0, t1, t2, t3; + int r; + + LOAD32H(s0, pelmac->state ); + LOAD32H(s1, pelmac->state + 4); + LOAD32H(s2, pelmac->state + 8); + LOAD32H(s3, pelmac->state + 12); + for (r = 0; r < 4; r++) { + t0 = + Te0(byte(s0, 3)) ^ + Te1(byte(s1, 2)) ^ + Te2(byte(s2, 1)) ^ + Te3(byte(s3, 0)); + t1 = + Te0(byte(s1, 3)) ^ + Te1(byte(s2, 2)) ^ + Te2(byte(s3, 1)) ^ + Te3(byte(s0, 0)); + t2 = + Te0(byte(s2, 3)) ^ + Te1(byte(s3, 2)) ^ + Te2(byte(s0, 1)) ^ + Te3(byte(s1, 0)); + t3 = + Te0(byte(s3, 3)) ^ + Te1(byte(s0, 2)) ^ + Te2(byte(s1, 1)) ^ + Te3(byte(s2, 0)); + s0 = t0; s1 = t1; s2 = t2; s3 = t3; + } + STORE32H(s0, pelmac->state ); + STORE32H(s1, pelmac->state + 4); + STORE32H(s2, pelmac->state + 8); + STORE32H(s3, pelmac->state + 12); +} + +/** + Process a block of text through Pelican + @param pelmac The Pelican MAC state + @param in The input + @param inlen The length input (octets) + @return CRYPT_OK on success + */ +int pelican_process(pelican_state *pelmac, const unsigned char *in, unsigned long inlen) +{ + + LTC_ARGCHK(pelmac != NULL); + LTC_ARGCHK(in != NULL); +#ifdef LTC_FAST + if (pelmac->buflen == 0) { + while (inlen & ~15) { + int x; + for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)((unsigned char *)pelmac->state + x)) ^= *((LTC_FAST_TYPE*)((unsigned char *)in + x)); + } + four_rounds(pelmac); + in += 16; + inlen -= 16; + } + } +#endif + + while (inlen--) { + pelmac->state[pelmac->buflen++] ^= *in++; + if (pelmac->buflen == 16) { + four_rounds(pelmac); + pelmac->buflen = 0; + } + } + return CRYPT_OK; +} + +/** + Terminate Pelican MAC + @param pelmac The Pelican MAC state + @param out [out] The TAG + @return CRYPT_OK on sucess +*/ +int pelican_done(pelican_state *pelmac, unsigned char *out) +{ + LTC_ARGCHK(pelmac != NULL); + LTC_ARGCHK(out != NULL); + if (pelmac->buflen == 16) { + four_rounds(pelmac); + pelmac->buflen = 0; + } + pelmac->state[pelmac->buflen++] ^= 0x80; + aes_ecb_encrypt(pelmac->state, out, &pelmac->K); + aes_done(&pelmac->K); + return CRYPT_OK; +} + +#endif diff --git a/src/mac/pelican/pelican_memory.c b/src/mac/pelican/pelican_memory.c new file mode 100644 index 0000000..9e0fc7b --- /dev/null +++ b/src/mac/pelican/pelican_memory.c @@ -0,0 +1,55 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file pelican_memory.c + Pelican MAC, MAC a block of memory, by Tom St Denis +*/ + +#ifdef PELICAN + +/** + Pelican block of memory + @param key The key for the MAC + @param keylen The length of the key (octets) + @param in The input to MAC + @param inlen The length of the input (octets) + @param out [out] The output TAG + @return CRYPT_OK on success +*/ +int pelican_memory(const unsigned char *key, unsigned long keylen, + const unsigned char *in, unsigned long inlen, + unsigned char *out) +{ + pelican_state *pel; + int err; + + pel = XMALLOC(sizeof(*pel)); + if (pel == NULL) { + return CRYPT_MEM; + } + + if ((err = pelican_init(pel, key, keylen)) != CRYPT_OK) { + XFREE(pel); + return err; + } + if ((err = pelican_process(pel, in ,inlen)) != CRYPT_OK) { + XFREE(pel); + return err; + } + err = pelican_done(pel, out); + XFREE(pel); + return err; +} + + +#endif diff --git a/src/mac/pelican/pelican_test.c b/src/mac/pelican/pelican_test.c new file mode 100644 index 0000000..e694f61 --- /dev/null +++ b/src/mac/pelican/pelican_test.c @@ -0,0 +1,116 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file pelican_test.c + Pelican MAC, test, by Tom St Denis +*/ + +#ifdef PELICAN + +int pelican_test(void) +{ +#ifndef LTC_TEST + return CRYPT_NOP; +#else + static const struct { + unsigned char K[32], MSG[64], T[16]; + int keylen, ptlen; + } tests[] = { +/* K=16, M=0 */ +{ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, + { 0 }, + { 0xeb, 0x58, 0x37, 0x15, 0xf8, 0x34, 0xde, 0xe5, + 0xa4, 0xd1, 0x6e, 0xe4, 0xb9, 0xd7, 0x76, 0x0e, }, + 16, 0 +}, + +/* K=16, M=3 */ +{ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, + { 0x00, 0x01, 0x02 }, + { 0x1c, 0x97, 0x40, 0x60, 0x6c, 0x58, 0x17, 0x2d, + 0x03, 0x94, 0x19, 0x70, 0x81, 0xc4, 0x38, 0x54, }, + 16, 3 +}, + +/* K=16, M=16 */ +{ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, + { 0x03, 0xcc, 0x46, 0xb8, 0xac, 0xa7, 0x9c, 0x36, + 0x1e, 0x8c, 0x6e, 0xa6, 0x7b, 0x89, 0x32, 0x49, }, + 16, 16 +}, + +/* K=16, M=32 */ +{ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F }, + { 0x89, 0xcc, 0x36, 0x58, 0x1b, 0xdd, 0x4d, 0xb5, + 0x78, 0xbb, 0xac, 0xf0, 0xff, 0x8b, 0x08, 0x15, }, + 16, 32 +}, + +/* K=16, M=35 */ +{ + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, + 0x20, 0x21, 0x23 }, + { 0x4a, 0x7d, 0x45, 0x4d, 0xcd, 0xb5, 0xda, 0x8d, + 0x48, 0x78, 0x16, 0x48, 0x5d, 0x45, 0x95, 0x99, }, + 16, 35 +}, +}; + int x, err; + unsigned char out[16]; + pelican_state pel; + + for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { + if ((err = pelican_init(&pel, tests[x].K, tests[x].keylen)) != CRYPT_OK) { + return err; + } + if ((err = pelican_process(&pel, tests[x].MSG, tests[x].ptlen)) != CRYPT_OK) { + return err; + } + if ((err = pelican_done(&pel, out)) != CRYPT_OK) { + return err; + } + + if (memcmp(out, tests[x].T, 16)) { +#if 0 + int y; + printf("\nFailed test %d\n", x); + printf("{ "); for (y = 0; y < 16; ) { printf("0x%02x, ", out[y]); if (!(++y & 7)) printf("\n"); } printf(" }\n"); +#endif + return CRYPT_FAIL_TESTVECTOR; + } + } + return CRYPT_OK; +#endif +} + + +#endif diff --git a/src/mac/pmac/pmac_done.c b/src/mac/pmac/pmac_done.c index 384a5b8..610e433 100644 --- a/src/mac/pmac/pmac_done.c +++ b/src/mac/pmac/pmac_done.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -50,6 +50,7 @@ int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen) /* encrypt it */ cipher_descriptor[state->cipher_idx].ecb_encrypt(state->checksum, state->checksum, &state->key); + cipher_descriptor[state->cipher_idx].done(&state->key); /* store it */ for (x = 0; x < state->block_len && x <= (int)*outlen; x++) { diff --git a/src/mac/pmac/pmac_file.c b/src/mac/pmac/pmac_file.c index f2ea7f4..5b7dd24 100644 --- a/src/mac/pmac/pmac_file.c +++ b/src/mac/pmac/pmac_file.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/pmac/pmac_init.c b/src/mac/pmac/pmac_init.c index 0f9e838..a02b20c 100644 --- a/src/mac/pmac/pmac_init.c +++ b/src/mac/pmac/pmac_init.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -65,7 +65,14 @@ int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned l } if (polys[poly].len != pmac->block_len) { return CRYPT_INVALID_ARG; - } + } + +#ifdef LTC_FAST + if (pmac->block_len % sizeof(LTC_FAST_TYPE)) { + return CRYPT_INVALID_ARG; + } +#endif + /* schedule the key */ if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &pmac->key)) != CRYPT_OK) { diff --git a/src/mac/pmac/pmac_memory.c b/src/mac/pmac/pmac_memory.c index 6a97003..a04cd78 100644 --- a/src/mac/pmac/pmac_memory.c +++ b/src/mac/pmac/pmac_memory.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/pmac/pmac_memory_multi.c b/src/mac/pmac/pmac_memory_multi.c index c1481fc..289d2e0 100644 --- a/src/mac/pmac/pmac_memory_multi.c +++ b/src/mac/pmac/pmac_memory_multi.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" #include @@ -31,9 +31,9 @@ @return CRYPT_OK if successful */ int pmac_memory_multi(int cipher, - const unsigned char *key, unsigned long keylen, + const unsigned char *key, unsigned long keylen, unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...) + const unsigned char *in, unsigned long inlen, ...) { int err; pmac_state *pmac; diff --git a/src/mac/pmac/pmac_ntz.c b/src/mac/pmac/pmac_ntz.c index 45970b3..97f0a15 100644 --- a/src/mac/pmac/pmac_ntz.c +++ b/src/mac/pmac/pmac_ntz.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/mac/pmac/pmac_process.c b/src/mac/pmac/pmac_process.c index 0f68e90..5cee5ec 100644 --- a/src/mac/pmac/pmac_process.c +++ b/src/mac/pmac/pmac_process.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -27,7 +27,8 @@ */ int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen) { - int err, n, x; + int err, n; + unsigned long x; unsigned char Z[MAXBLOCKSIZE]; LTC_ARGCHK(pmac != NULL); @@ -41,15 +42,33 @@ int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen) return CRYPT_INVALID_ARG; } +#ifdef LTC_FAST + if (pmac->buflen == 0 && inlen > 16) { + unsigned long y; + for (x = 0; x < (inlen - 16); x += 16) { + pmac_shift_xor(pmac); + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)(&Z[y])) = *((LTC_FAST_TYPE*)(&in[y])) ^ *((LTC_FAST_TYPE*)(&pmac->Li[y])); + } + cipher_descriptor[pmac->cipher_idx].ecb_encrypt(Z, Z, &pmac->key); + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)(&pmac->checksum[y])) ^= *((LTC_FAST_TYPE*)(&Z[y])); + } + in += 16; + } + inlen -= x; + } +#endif + while (inlen != 0) { /* ok if the block is full we xor in prev, encrypt and replace prev */ if (pmac->buflen == pmac->block_len) { pmac_shift_xor(pmac); - for (x = 0; x < pmac->block_len; x++) { - Z[x] = pmac->Li[x] ^ pmac->block[x]; + for (x = 0; x < (unsigned long)pmac->block_len; x++) { + Z[x] = pmac->Li[x] ^ pmac->block[x]; } cipher_descriptor[pmac->cipher_idx].ecb_encrypt(Z, Z, &pmac->key); - for (x = 0; x < pmac->block_len; x++) { + for (x = 0; x < (unsigned long)pmac->block_len; x++) { pmac->checksum[x] ^= Z[x]; } pmac->buflen = 0; diff --git a/src/mac/pmac/pmac_shift_xor.c b/src/mac/pmac/pmac_shift_xor.c index 5c9ab96..18c6141 100644 --- a/src/mac/pmac/pmac_shift_xor.c +++ b/src/mac/pmac/pmac_shift_xor.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -25,9 +25,16 @@ void pmac_shift_xor(pmac_state *pmac) { int x, y; y = pmac_ntz(pmac->block_index++); +#ifdef LTC_FAST + for (x = 0; x < pmac->block_len; x += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)((unsigned char *)pmac->Li + x)) ^= + *((LTC_FAST_TYPE*)((unsigned char *)pmac->Ls[y] + x)); + } +#else for (x = 0; x < pmac->block_len; x++) { pmac->Li[x] ^= pmac->Ls[y][x]; } +#endif } #endif diff --git a/src/mac/pmac/pmac_test.c b/src/mac/pmac/pmac_test.c index 08cc9b3..6c610f9 100644 --- a/src/mac/pmac/pmac_test.c +++ b/src/mac/pmac/pmac_test.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/base64/base64_decode.c b/src/misc/base64/base64_decode.c index 5c220ee..ac6db57 100644 --- a/src/misc/base64/base64_decode.c +++ b/src/misc/base64/base64_decode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -65,8 +65,20 @@ int base64_decode(const unsigned char *in, unsigned long inlen, for (x = y = z = t = 0; x < inlen; x++) { c = map[in[x]&0xFF]; if (c == 255) continue; - if (c == 254) { c = 0; g--; } + /* the final = symbols are read and used to trim the remaining bytes */ + if (c == 254) { + c = 0; + /* prevent g < 0 which would potentially allow an overflow later */ + if (--g < 0) { + return CRYPT_INVALID_PACKET; + } + } else if (g != 3) { + /* we only allow = to be at the end */ + return CRYPT_INVALID_PACKET; + } + t = (t<<6)|c; + if (++y == 4) { if (z + g > *outlen) { return CRYPT_BUFFER_OVERFLOW; diff --git a/src/misc/base64/base64_encode.c b/src/misc/base64/base64_encode.c index 85b5a17..047980c 100644 --- a/src/misc/base64/base64_encode.c +++ b/src/misc/base64/base64_encode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/burn_stack.c b/src/misc/burn_stack.c index 0724154..3bc69ab 100644 --- a/src/misc/burn_stack.c +++ b/src/misc/burn_stack.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index 6726046..83f1414 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -179,6 +179,9 @@ const char *crypt_build_settings = #if defined(PMAC) " PMAC\n" #endif +#if defined(PELICAN) + " PELICAN\n" +#endif "\nENC + AUTH modes:\n" #if defined(EAX_MODE) @@ -187,6 +190,16 @@ const char *crypt_build_settings = #if defined(OCB_MODE) " OCB_MODE\n" #endif +#if defined(CCM_MODE) + " CCM_MODE\n" +#endif +#if defined(GCM_MODE) + " GCM_MODE " +#endif +#if defined(GCM_TABLES) + " (GCM_TABLES) " +#endif + "\n" "\nPRNG:\n" @@ -270,6 +283,18 @@ const char *crypt_build_settings = #endif #if defined(LTC_DER) " LTC_DER " +#endif +#if defined(LTC_FAST) + " LTC_FAST " +#endif +#if defined(LTC_NO_FAST) + " LTC_NO_FAST " +#endif +#if defined(LTC_NO_BSWAP) + " LTC_NO_BSWAP " +#endif +#if defined(LTC_NO_ASM) + " LTC_NO_ASM " #endif "\n" "\n\n\n" diff --git a/src/misc/crypt/crypt_argchk.c b/src/misc/crypt/crypt_argchk.c index b44d012..d345c8d 100644 --- a/src/misc/crypt/crypt_argchk.c +++ b/src/misc/crypt/crypt_argchk.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" #include diff --git a/src/misc/crypt/crypt_cipher_descriptor.c b/src/misc/crypt/crypt_cipher_descriptor.c index 99091bf..e274449 100644 --- a/src/misc/crypt/crypt_cipher_descriptor.c +++ b/src/misc/crypt/crypt_cipher_descriptor.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -15,5 +15,7 @@ Stores the cipher descriptor table, Tom St Denis */ -struct ltc_cipher_descriptor cipher_descriptor[TAB_SIZE]; +struct ltc_cipher_descriptor cipher_descriptor[TAB_SIZE] = { +{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } + }; diff --git a/src/misc/crypt/crypt_cipher_is_valid.c b/src/misc/crypt/crypt_cipher_is_valid.c index f730b54..b179402 100644 --- a/src/misc/crypt/crypt_cipher_is_valid.c +++ b/src/misc/crypt/crypt_cipher_is_valid.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_find_cipher.c b/src/misc/crypt/crypt_find_cipher.c index 661e0ae..b83109c 100644 --- a/src/misc/crypt/crypt_find_cipher.c +++ b/src/misc/crypt/crypt_find_cipher.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_find_cipher_any.c b/src/misc/crypt/crypt_find_cipher_any.c index 880b082..42e59c0 100644 --- a/src/misc/crypt/crypt_find_cipher_any.c +++ b/src/misc/crypt/crypt_find_cipher_any.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_find_cipher_id.c b/src/misc/crypt/crypt_find_cipher_id.c index 422eef7..986baf5 100644 --- a/src/misc/crypt/crypt_find_cipher_id.c +++ b/src/misc/crypt/crypt_find_cipher_id.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_find_hash.c b/src/misc/crypt/crypt_find_hash.c index e7eb9ee..d66201c 100644 --- a/src/misc/crypt/crypt_find_hash.c +++ b/src/misc/crypt/crypt_find_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_find_hash_any.c b/src/misc/crypt/crypt_find_hash_any.c index a2650ec..0d6d430 100644 --- a/src/misc/crypt/crypt_find_hash_any.c +++ b/src/misc/crypt/crypt_find_hash_any.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_find_hash_id.c b/src/misc/crypt/crypt_find_hash_id.c index fbd965a..8628d53 100644 --- a/src/misc/crypt/crypt_find_hash_id.c +++ b/src/misc/crypt/crypt_find_hash_id.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_find_prng.c b/src/misc/crypt/crypt_find_prng.c index cac1317..c01a023 100644 --- a/src/misc/crypt/crypt_find_prng.c +++ b/src/misc/crypt/crypt_find_prng.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_hash_descriptor.c b/src/misc/crypt/crypt_hash_descriptor.c index e06cbf0..cbd6d03 100644 --- a/src/misc/crypt/crypt_hash_descriptor.c +++ b/src/misc/crypt/crypt_hash_descriptor.c @@ -6,14 +6,15 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" /** - @file crypt_hash_decriptor.c + @file crypt_hash_descriptor.c Stores the hash descriptor table, Tom St Denis */ -struct ltc_hash_descriptor hash_descriptor[TAB_SIZE]; - +struct ltc_hash_descriptor hash_descriptor[TAB_SIZE] = { +{ NULL, 0, 0, 0, { 0 }, 0, NULL, NULL, NULL, NULL } +}; diff --git a/src/misc/crypt/crypt_hash_is_valid.c b/src/misc/crypt/crypt_hash_is_valid.c index 8ea88a0..c9784b8 100644 --- a/src/misc/crypt/crypt_hash_is_valid.c +++ b/src/misc/crypt/crypt_hash_is_valid.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_prng_descriptor.c b/src/misc/crypt/crypt_prng_descriptor.c index 6f496da..8a99510 100644 --- a/src/misc/crypt/crypt_prng_descriptor.c +++ b/src/misc/crypt/crypt_prng_descriptor.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -14,4 +14,6 @@ @file crypt_prng_descriptor.c Stores the PRNG descriptors, Tom St Denis */ -struct ltc_prng_descriptor prng_descriptor[TAB_SIZE]; +struct ltc_prng_descriptor prng_descriptor[TAB_SIZE] = { +{ NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } +}; diff --git a/src/misc/crypt/crypt_prng_is_valid.c b/src/misc/crypt/crypt_prng_is_valid.c index 8634e94..7795bbb 100644 --- a/src/misc/crypt/crypt_prng_is_valid.c +++ b/src/misc/crypt/crypt_prng_is_valid.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_register_cipher.c b/src/misc/crypt/crypt_register_cipher.c index c1fe8f0..74349e6 100644 --- a/src/misc/crypt/crypt_register_cipher.c +++ b/src/misc/crypt/crypt_register_cipher.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_register_hash.c b/src/misc/crypt/crypt_register_hash.c index 8d05e42..d5cf5b8 100644 --- a/src/misc/crypt/crypt_register_hash.c +++ b/src/misc/crypt/crypt_register_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_register_prng.c b/src/misc/crypt/crypt_register_prng.c index 50ff229..6a1be77 100644 --- a/src/misc/crypt/crypt_register_prng.c +++ b/src/misc/crypt/crypt_register_prng.c @@ -6,12 +6,12 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" /** - @file register_prng.c + @file crypt_register_prng.c Register a PRNG, Tom St Denis */ diff --git a/src/misc/crypt/crypt_unregister_cipher.c b/src/misc/crypt/crypt_unregister_cipher.c index 309e08a..0511de5 100644 --- a/src/misc/crypt/crypt_unregister_cipher.c +++ b/src/misc/crypt/crypt_unregister_cipher.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_unregister_hash.c b/src/misc/crypt/crypt_unregister_hash.c index aef522d..25e36f2 100644 --- a/src/misc/crypt/crypt_unregister_hash.c +++ b/src/misc/crypt/crypt_unregister_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/crypt/crypt_unregister_prng.c b/src/misc/crypt/crypt_unregister_prng.c index fafa9b6..55cc554 100644 --- a/src/misc/crypt/crypt_unregister_prng.c +++ b/src/misc/crypt/crypt_unregister_prng.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/error_to_string.c b/src/misc/error_to_string.c index 5a7e0f4..3a325a2 100644 --- a/src/misc/error_to_string.c +++ b/src/misc/error_to_string.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/mpi/is_prime.c b/src/misc/mpi/is_prime.c index 4f52323..f58391f 100644 --- a/src/misc/mpi/is_prime.c +++ b/src/misc/mpi/is_prime.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/mpi/mpi.c b/src/misc/mpi/mpi.c index e5664e6..ba3a7ed 100644 --- a/src/misc/mpi/mpi.c +++ b/src/misc/mpi/mpi.c @@ -13,7 +13,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ static const struct { @@ -60,7 +60,7 @@ char *mp_error_to_string(int code) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* computes the modular inverse via binary extended euclidean algorithm, @@ -69,8 +69,7 @@ char *mp_error_to_string(int code) * Based on slow invmod except this is optimized for the case where b is * odd as per HAC Note 14.64 on pp. 610 */ -int -fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c) +int fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c) { mp_int x, y, u, v, B, D; int res, neg; @@ -91,7 +90,7 @@ fast_mp_invmod (mp_int * a, mp_int * b, mp_int * c) } /* we need y = |a| */ - if ((res = mp_abs (a, &y)) != MP_OKAY) { + if ((res = mp_mod (a, b, &y)) != MP_OKAY) { goto LBL_ERR; } @@ -209,7 +208,7 @@ LBL_ERR:mp_clear_multi (&x, &y, &u, &v, &B, &D, NULL); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* computes xR**-1 == x (mod N) via Montgomery Reduction @@ -220,8 +219,7 @@ LBL_ERR:mp_clear_multi (&x, &y, &u, &v, &B, &D, NULL); * * Based on Algorithm 14.32 on pp.601 of HAC. */ -int -fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) +int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) { int ix, res, olduse; mp_word W[MP_WARRAY]; @@ -382,7 +380,7 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* Fast (comba) multiplier @@ -401,15 +399,14 @@ fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) * Based on Algorithm 14.12 on pp.595 of HAC. * */ -int -fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) +int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) { int olduse, res, pa, ix, iz; mp_digit W[MP_WARRAY]; register mp_word _W; /* grow the destination as required */ - if (c->alloc <= digs) { + if (c->alloc < digs) { if ((res = mp_grow (c, digs)) != MP_OKAY) { return res; } @@ -433,7 +430,7 @@ fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) tmpx = a->dp + tx; tmpy = b->dp + ty; - /* this is the number of times the loop will iterrate, essentially its + /* this is the number of times the loop will iterrate, essentially while (tx++ < a->used && ty-- >= 0) { ... } */ iy = MIN(a->used-tx, ty+1); @@ -451,16 +448,16 @@ fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) } /* store final carry */ - W[ix] = _W; + W[ix] = (mp_digit)(_W & MP_MASK); /* setup dest */ olduse = c->used; - c->used = digs; + c->used = pa; { register mp_digit *tmpc; tmpc = c->dp; - for (ix = 0; ix < digs; ix++) { + for (ix = 0; ix < pa+1; ix++) { /* now extract the previous digit [below the carry] */ *tmpc++ = W[ix]; } @@ -492,7 +489,7 @@ fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* this is a modified version of fast_s_mul_digs that only produces @@ -504,8 +501,7 @@ fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) * * Based on Algorithm 14.12 on pp.595 of HAC. */ -int -fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) +int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) { int olduse, res, pa, ix, iz; mp_digit W[MP_WARRAY]; @@ -513,7 +509,7 @@ fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) /* grow the destination as required */ pa = a->used + b->used; - if (c->alloc <= pa) { + if (c->alloc < pa) { if ((res = mp_grow (c, pa)) != MP_OKAY) { return res; } @@ -552,7 +548,7 @@ fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) } /* store final carry */ - W[ix] = _W; + W[ix] = (mp_digit)(_W & MP_MASK); /* setup dest */ olduse = c->used; @@ -594,36 +590,17 @@ fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ -/* fast squaring - * - * This is the comba method where the columns of the product - * are computed first then the carries are computed. This - * has the effect of making a very simple inner loop that - * is executed the most - * - * W2 represents the outer products and W the inner. - * - * A further optimizations is made because the inner - * products are of the form "A * B * 2". The *2 part does - * not need to be computed until the end which is good - * because 64-bit shifts are slow! - * - * Based on Algorithm 14.16 on pp.597 of HAC. - * - */ /* the jist of squaring... - -you do like mult except the offset of the tmpx [one that starts closer to zero] -can't equal the offset of tmpy. So basically you set up iy like before then you min it with -(ty-tx) so that it never happens. You double all those you add in the inner loop + * you do like mult except the offset of the tmpx [one that + * starts closer to zero] can't equal the offset of tmpy. + * So basically you set up iy like before then you min it with + * (ty-tx) so that it never happens. You double all those + * you add in the inner loop After that loop you do the squares and add them in. - -Remove W2 and don't memset W - */ int fast_s_mp_sqr (mp_int * a, mp_int * b) @@ -634,7 +611,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b) /* grow the destination as required */ pa = a->used + a->used; - if (b->alloc <= pa) { + if (b->alloc < pa) { if ((res = mp_grow (b, pa)) != MP_OKAY) { return res; } @@ -658,7 +635,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b) tmpx = a->dp + tx; tmpy = a->dp + ty; - /* this is the number of times the loop will iterrate, essentially its + /* this is the number of times the loop will iterrate, essentially while (tx++ < a->used && ty-- >= 0) { ... } */ iy = MIN(a->used-tx, ty+1); @@ -683,7 +660,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b) } /* store it */ - W[ix] = _W; + W[ix] = (mp_digit)(_W & MP_MASK); /* make next carry */ W1 = _W >> ((mp_word)DIGIT_BIT); @@ -727,7 +704,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* computes a = 2**b @@ -775,7 +752,7 @@ mp_2expt (mp_int * a, int b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* b = |a| @@ -818,7 +795,7 @@ mp_abs (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* high level addition (handles signs) */ @@ -871,7 +848,7 @@ int mp_add (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* single digit addition */ @@ -980,7 +957,7 @@ mp_add_d (mp_int * a, mp_digit b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* d = a + b (mod c) */ @@ -1021,7 +998,7 @@ mp_addmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* AND two ints together */ @@ -1078,7 +1055,7 @@ mp_and (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* trim unused digits @@ -1122,7 +1099,7 @@ mp_clamp (mp_int * a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* clear one (frees) */ @@ -1166,7 +1143,7 @@ mp_clear (mp_int * a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ #include @@ -1200,7 +1177,7 @@ void mp_clear_multi(mp_int *mp, ...) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* compare two ints (signed)*/ @@ -1243,7 +1220,7 @@ mp_cmp (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* compare a digit */ @@ -1287,7 +1264,7 @@ int mp_cmp_d(mp_int * a, mp_digit b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* compare maginitude of two ints (unsigned) */ @@ -1342,7 +1319,7 @@ int mp_cmp_mag (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ static const int lnz[16] = { @@ -1395,7 +1372,7 @@ int mp_cnt_lsb(mp_int *a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* copy, b = a */ @@ -1463,7 +1440,7 @@ mp_copy (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* returns the number of bits in an int */ @@ -1508,7 +1485,7 @@ mp_count_bits (mp_int * a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ #ifdef BN_MP_DIV_SMALL @@ -1800,7 +1777,7 @@ LBL_Q:mp_clear (&q); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* b = a/2 */ @@ -1868,7 +1845,7 @@ int mp_div_2(mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* shift right by a certain bit count (store quotient in c, optional remainder in d) */ @@ -1965,7 +1942,7 @@ int mp_div_2d (mp_int * a, int b, mp_int * c, mp_int * d) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* divide by three (based on routine from MPI and the GMP manual) */ @@ -2044,7 +2021,7 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ static int s_is_power_of_two(mp_digit b, int *p) @@ -2154,7 +2131,7 @@ int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* determines if a number is a valid DR modulus */ @@ -2197,7 +2174,7 @@ int mp_dr_is_modulus(mp_int *a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* reduce "x" in place modulo "n" using the Diminished Radix algorithm. @@ -2205,7 +2182,7 @@ int mp_dr_is_modulus(mp_int *a) * Based on algorithm from the paper * * "Generating Efficient Primes for Discrete Log Cryptosystems" - * Chae Hoon Lim, Pil Loong Lee, + * Chae Hoon Lim, Pil Joong Lee, * POSTECH Information Research Laboratories * * The modulus must be of a special format [see manual] @@ -2291,7 +2268,7 @@ top: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* determines the setup value */ @@ -2323,7 +2300,7 @@ void mp_dr_setup(mp_int *a, mp_digit *d) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* swap the elements of two integers, for cases where you can't simply swap the @@ -2357,7 +2334,7 @@ mp_exch (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* calculate c = a**b using a square-multiply algorithm */ @@ -2414,7 +2391,7 @@ int mp_expt_d (mp_int * a, mp_digit b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ @@ -2467,21 +2444,29 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) #endif } +/* modified diminished radix reduction */ +#if defined(BN_MP_REDUCE_IS_2K_L_C) && defined(BN_MP_REDUCE_2K_L_C) + if (mp_reduce_is_2k_l(P) == MP_YES) { + return s_mp_exptmod(G, X, P, Y, 1); + } +#endif + #ifdef BN_MP_DR_IS_MODULUS_C /* is it a DR modulus? */ dr = mp_dr_is_modulus(P); #else + /* default to no */ dr = 0; #endif #ifdef BN_MP_REDUCE_IS_2K_C - /* if not, is it a uDR modulus? */ + /* if not, is it a unrestricted DR modulus? */ if (dr == 0) { dr = mp_reduce_is_2k(P) << 1; } #endif - /* if the modulus is odd or dr != 0 use the fast method */ + /* if the modulus is odd or dr != 0 use the montgomery method */ #ifdef BN_MP_EXPTMOD_FAST_C if (mp_isodd (P) == 1 || dr != 0) { return mp_exptmod_fast (G, X, P, Y, dr); @@ -2489,7 +2474,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) #endif #ifdef BN_S_MP_EXPTMOD_C /* otherwise use the generic Barrett reduction technique */ - return s_mp_exptmod (G, X, P, Y); + return s_mp_exptmod (G, X, P, Y, 0); #else /* no exptmod for evens */ return MP_VAL; @@ -2518,7 +2503,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* computes Y == G**X mod P, HAC pp.616, Algorithm 14.85 @@ -2535,8 +2520,7 @@ int mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) #define TAB_SIZE 256 #endif -int -mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode) +int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode) { mp_int M[TAB_SIZE], res; mp_digit buf, mp; @@ -2840,7 +2824,7 @@ LBL_M: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* Extended euclidean algorithm of (a, b) produces @@ -2887,6 +2871,13 @@ int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3) if ((err = mp_copy(&t3, &v3)) != MP_OKAY) { goto _ERR; } } + /* make sure U3 >= 0 */ + if (u3.sign == MP_NEG) { + mp_neg(&u1, &u1); + mp_neg(&u2, &u2); + mp_neg(&u3, &u3); + } + /* copy result out */ if (U1 != NULL) { mp_exch(U1, &u1); } if (U2 != NULL) { mp_exch(U2, &u2); } @@ -2915,7 +2906,7 @@ _ERR: mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* read a bigint from a file stream in ASCII */ @@ -2982,7 +2973,7 @@ int mp_fread(mp_int *a, int radix, FILE *stream) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ int mp_fwrite(mp_int *a, int radix, FILE *stream) @@ -3034,7 +3025,7 @@ int mp_fwrite(mp_int *a, int radix, FILE *stream) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* Greatest Common Divisor using the binary method */ @@ -3147,7 +3138,7 @@ LBL_U:mp_clear (&v); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* get the lower 32-bits of an mp_int */ @@ -3192,7 +3183,7 @@ unsigned long mp_get_int(mp_int * a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* grow as required */ @@ -3249,7 +3240,7 @@ int mp_grow (mp_int * a, int size) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* init a new mp_int */ @@ -3295,7 +3286,7 @@ int mp_init (mp_int * a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* creates "a" then copies b into it */ @@ -3327,7 +3318,7 @@ int mp_init_copy (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ #include @@ -3386,7 +3377,7 @@ int mp_init_multi(mp_int *mp, ...) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* initialize and set a digit */ @@ -3418,7 +3409,7 @@ int mp_init_set (mp_int * a, mp_digit b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* initialize and set a digit */ @@ -3449,7 +3440,7 @@ int mp_init_set_int (mp_int * a, unsigned long b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* init an mp_init for a given size */ @@ -3497,7 +3488,7 @@ int mp_init_size (mp_int * a, int size) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* hac 14.61, pp608 */ @@ -3540,7 +3531,7 @@ int mp_invmod (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* hac 14.61, pp608 */ @@ -3561,8 +3552,8 @@ int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c) } /* x = a, y = b */ - if ((res = mp_copy (a, &x)) != MP_OKAY) { - goto LBL_ERR; + if ((res = mp_mod(a, b, &x)) != MP_OKAY) { + goto LBL_ERR; } if ((res = mp_copy (b, &y)) != MP_OKAY) { goto LBL_ERR; @@ -3715,7 +3706,7 @@ LBL_ERR:mp_clear_multi (&x, &y, &u, &v, &A, &B, &C, &D, NULL); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* Check if remainders are possible squares - fast exclude non-squares */ @@ -3824,7 +3815,7 @@ ERR:mp_clear(&t); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* computes the jacobi c = (a | n) (or Legendre if n is prime) @@ -3929,7 +3920,7 @@ LBL_A1:mp_clear (&a1); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* c = |a| * |b| using Karatsuba Multiplication using @@ -4096,7 +4087,7 @@ ERR: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* Karatsuba squaring, computes b = a*a using three @@ -4217,7 +4208,7 @@ ERR: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* computes least common multiple as |a*b|/(a, b) */ @@ -4277,7 +4268,7 @@ LBL_T: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* shift left a certain amount of digits */ @@ -4344,7 +4335,7 @@ int mp_lshd (mp_int * a, int b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* c = a mod b, 0 <= c < b */ @@ -4392,7 +4383,7 @@ mp_mod (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* calc a value mod 2**b */ @@ -4447,7 +4438,7 @@ mp_mod_2d (mp_int * a, int b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ int @@ -4474,7 +4465,7 @@ mp_mod_d (mp_int * a, mp_digit b, mp_digit * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* @@ -4490,7 +4481,6 @@ int mp_montgomery_calc_normalization (mp_int * a, mp_int * b) /* how many bits of last digit does b use */ bits = mp_count_bits (b) % DIGIT_BIT; - if (b->used > 1) { if ((res = mp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1)) != MP_OKAY) { return res; @@ -4534,7 +4524,7 @@ int mp_montgomery_calc_normalization (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* computes xR**-1 == x (mod N) via Montgomery Reduction */ @@ -4652,7 +4642,7 @@ mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* setups the montgomery reduction stuff */ @@ -4711,7 +4701,7 @@ mp_montgomery_setup (mp_int * n, mp_digit * rho) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* high level multiplication (handles sign) */ @@ -4777,7 +4767,7 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* b = a*2 */ @@ -4859,7 +4849,7 @@ int mp_mul_2(mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* shift left by a certain bit count */ @@ -4944,7 +4934,7 @@ int mp_mul_2d (mp_int * a, int b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* multiply by a digit */ @@ -4989,8 +4979,9 @@ mp_mul_d (mp_int * a, mp_digit b, mp_int * c) u = (mp_digit) (r >> ((mp_word) DIGIT_BIT)); } - /* store final carry [if any] */ + /* store final carry [if any] and increment ix offset */ *tmpc++ = u; + ++ix; /* now zero digits above the top */ while (ix++ < olduse) { @@ -5022,7 +5013,7 @@ mp_mul_d (mp_int * a, mp_digit b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* d = a * b (mod c) */ @@ -5063,7 +5054,7 @@ mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* find the n'th root of an integer @@ -5195,19 +5186,25 @@ LBL_T1:mp_clear (&t1); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* b = -a */ int mp_neg (mp_int * a, mp_int * b) { int res; - if ((res = mp_copy (a, b)) != MP_OKAY) { - return res; + if (a != b) { + if ((res = mp_copy (a, b)) != MP_OKAY) { + return res; + } } + if (mp_iszero(b) != MP_YES) { b->sign = (a->sign == MP_ZPOS) ? MP_NEG : MP_ZPOS; + } else { + b->sign = MP_ZPOS; } + return MP_OKAY; } #endif @@ -5229,7 +5226,7 @@ int mp_neg (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* OR two ints together */ @@ -5279,7 +5276,7 @@ int mp_or (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* performs one Fermat test. @@ -5341,7 +5338,7 @@ LBL_T:mp_clear (&t); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* determines if an integers is divisible by one @@ -5391,7 +5388,7 @@ int mp_prime_is_divisible (mp_int * a, int *result) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* performs a variable number of rounds of Miller-Rabin @@ -5474,7 +5471,7 @@ LBL_B:mp_clear (&b); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* Miller-Rabin test of "a" to the base of "b" as described in @@ -5577,7 +5574,7 @@ LBL_N1:mp_clear (&n1); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* finds the next prime after the number "a" using "t" trials @@ -5747,7 +5744,7 @@ LBL_ERR: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ @@ -5799,7 +5796,7 @@ int mp_prime_rabin_miller_trials(int size) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* makes a truly random prime of a given size (bits), @@ -5847,12 +5844,10 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback /* calc the maskOR_msb */ maskOR_msb = 0; - maskOR_msb_offset = ((size&7)==1)?1:0; + maskOR_msb_offset = ((size & 7) == 1) ? 1 : 0; if (flags & LTM_PRIME_2MSB_ON) { - maskOR_msb |= 1 << ((size - 2) & 7); - } else if (flags & LTM_PRIME_2MSB_OFF) { - maskAND &= ~(1 << ((size - 2) & 7)); - } + maskOR_msb |= 0x80 >> ((9 - size) & 7); + } /* get the maskOR_lsb */ maskOR_lsb = 1; @@ -5926,7 +5921,7 @@ error: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* returns size of ASCII reprensentation */ @@ -5949,22 +5944,29 @@ int mp_radix_size (mp_int * a, int radix, int *size) return MP_VAL; } - /* init a copy of the input */ - if ((res = mp_init_copy (&t, a)) != MP_OKAY) { - return res; + if (mp_iszero(a) == MP_YES) { + *size = 2; + return MP_OKAY; } /* digs is the digit count */ digs = 0; /* if it's negative add one for the sign */ - if (t.sign == MP_NEG) { + if (a->sign == MP_NEG) { ++digs; - t.sign = MP_ZPOS; } + /* init a copy of the input */ + if ((res = mp_init_copy (&t, a)) != MP_OKAY) { + return res; + } + + /* force temp to positive */ + t.sign = MP_ZPOS; + /* fetch out all of the digits */ - while (mp_iszero (&t) == 0) { + while (mp_iszero (&t) == MP_NO) { if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) { mp_clear (&t); return res; @@ -5997,7 +5999,7 @@ int mp_radix_size (mp_int * a, int radix, int *size) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* chars used in radix conversions */ @@ -6021,7 +6023,7 @@ const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrs * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* makes a pseudo-random int of a given size */ @@ -6038,14 +6040,14 @@ mp_rand (mp_int * a, int digits) /* first place a random non-zero digit */ do { - d = ((mp_digit) abs (rand ())); + d = ((mp_digit) abs (rand ())) & MP_MASK; } while (d == 0); if ((res = mp_add_d (a, d, a)) != MP_OKAY) { return res; } - while (digits-- > 0) { + while (--digits > 0) { if ((res = mp_lshd (a, 1)) != MP_OKAY) { return res; } @@ -6076,11 +6078,11 @@ mp_rand (mp_int * a, int digits) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* read a string [ASCII] in a given radix */ -int mp_read_radix (mp_int * a, char *str, int radix) +int mp_read_radix (mp_int * a, const char *str, int radix) { int y, res, neg; char ch; @@ -6158,12 +6160,11 @@ int mp_read_radix (mp_int * a, char *str, int radix) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* read signed bin, big endian, first byte is 0==positive or 1==negative */ -int -mp_read_signed_bin (mp_int * a, unsigned char *b, int c) +int mp_read_signed_bin (mp_int * a, const unsigned char *b, int c) { int res; @@ -6200,12 +6201,11 @@ mp_read_signed_bin (mp_int * a, unsigned char *b, int c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* reads a unsigned char array, assumes the msb is stored first [big endian] */ -int -mp_read_unsigned_bin (mp_int * a, unsigned char *b, int c) +int mp_read_unsigned_bin (mp_int * a, const unsigned char *b, int c) { int res; @@ -6256,15 +6256,14 @@ mp_read_unsigned_bin (mp_int * a, unsigned char *b, int c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* reduces x mod m, assumes 0 < x < m**2, mu is * precomputed via mp_reduce_setup. * From HAC pp.604 Algorithm 14.42 */ -int -mp_reduce (mp_int * x, mp_int * m, mp_int * mu) +int mp_reduce (mp_int * x, mp_int * m, mp_int * mu) { mp_int q; int res, um = m->used; @@ -6284,11 +6283,11 @@ mp_reduce (mp_int * x, mp_int * m, mp_int * mu) } } else { #ifdef BN_S_MP_MUL_HIGH_DIGS_C - if ((res = s_mp_mul_high_digs (&q, mu, &q, um - 1)) != MP_OKAY) { + if ((res = s_mp_mul_high_digs (&q, mu, &q, um)) != MP_OKAY) { goto CLEANUP; } #elif defined(BN_FAST_S_MP_MUL_HIGH_DIGS_C) - if ((res = fast_s_mp_mul_high_digs (&q, mu, &q, um - 1)) != MP_OKAY) { + if ((res = fast_s_mp_mul_high_digs (&q, mu, &q, um)) != MP_OKAY) { goto CLEANUP; } #else @@ -6357,12 +6356,11 @@ CLEANUP: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* reduces a modulo n where n is of the form 2**p - d */ -int -mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d) +int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d) { mp_int q; int p, res; @@ -6404,6 +6402,68 @@ ERR: /* End: bn_mp_reduce_2k.c */ +/* Start: bn_mp_reduce_2k_l.c */ +#include +#ifdef BN_MP_REDUCE_2K_L_C +/* LibTomMath, multiple-precision integer library -- Tom St Denis + * + * LibTomMath is a library that provides multiple-precision + * integer arithmetic as well as number theoretic functionality. + * + * The library was designed directly after the MPI library by + * Michael Fromberger but has been written from scratch with + * additional optimizations in place. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org + */ + +/* reduces a modulo n where n is of the form 2**p - d + This differs from reduce_2k since "d" can be larger + than a single digit. +*/ +int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d) +{ + mp_int q; + int p, res; + + if ((res = mp_init(&q)) != MP_OKAY) { + return res; + } + + p = mp_count_bits(n); +top: + /* q = a/2**p, a = a mod 2**p */ + if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) { + goto ERR; + } + + /* q = q * d */ + if ((res = mp_mul(&q, d, &q)) != MP_OKAY) { + goto ERR; + } + + /* a = a + q */ + if ((res = s_mp_add(a, &q, a)) != MP_OKAY) { + goto ERR; + } + + if (mp_cmp_mag(a, n) != MP_LT) { + s_mp_sub(a, n, a); + goto top; + } + +ERR: + mp_clear(&q); + return res; +} + +#endif + +/* End: bn_mp_reduce_2k_l.c */ + /* Start: bn_mp_reduce_2k_setup.c */ #include #ifdef BN_MP_REDUCE_2K_SETUP_C @@ -6419,12 +6479,11 @@ ERR: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* determines the setup value */ -int -mp_reduce_2k_setup(mp_int *a, mp_digit *d) +int mp_reduce_2k_setup(mp_int *a, mp_digit *d) { int res, p; mp_int tmp; @@ -6452,6 +6511,50 @@ mp_reduce_2k_setup(mp_int *a, mp_digit *d) /* End: bn_mp_reduce_2k_setup.c */ +/* Start: bn_mp_reduce_2k_setup_l.c */ +#include +#ifdef BN_MP_REDUCE_2K_SETUP_L_C +/* LibTomMath, multiple-precision integer library -- Tom St Denis + * + * LibTomMath is a library that provides multiple-precision + * integer arithmetic as well as number theoretic functionality. + * + * The library was designed directly after the MPI library by + * Michael Fromberger but has been written from scratch with + * additional optimizations in place. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org + */ + +/* determines the setup value */ +int mp_reduce_2k_setup_l(mp_int *a, mp_int *d) +{ + int res; + mp_int tmp; + + if ((res = mp_init(&tmp)) != MP_OKAY) { + return res; + } + + if ((res = mp_2expt(&tmp, mp_count_bits(a))) != MP_OKAY) { + goto ERR; + } + + if ((res = s_mp_sub(&tmp, a, d)) != MP_OKAY) { + goto ERR; + } + +ERR: + mp_clear(&tmp); + return res; +} +#endif + +/* End: bn_mp_reduce_2k_setup_l.c */ + /* Start: bn_mp_reduce_is_2k.c */ #include #ifdef BN_MP_REDUCE_IS_2K_C @@ -6467,7 +6570,7 @@ mp_reduce_2k_setup(mp_int *a, mp_digit *d) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* determines if mp_reduce_2k can be used */ @@ -6477,9 +6580,9 @@ int mp_reduce_is_2k(mp_int *a) mp_digit iz; if (a->used == 0) { - return 0; + return MP_NO; } else if (a->used == 1) { - return 1; + return MP_YES; } else if (a->used > 1) { iy = mp_count_bits(a); iz = 1; @@ -6488,7 +6591,7 @@ int mp_reduce_is_2k(mp_int *a) /* Test every bit from the second digit up, must be 1 */ for (ix = DIGIT_BIT; ix < iy; ix++) { if ((a->dp[iw] & iz) == 0) { - return 0; + return MP_NO; } iz <<= 1; if (iz > (mp_digit)MP_MASK) { @@ -6497,13 +6600,57 @@ int mp_reduce_is_2k(mp_int *a) } } } - return 1; + return MP_YES; } #endif /* End: bn_mp_reduce_is_2k.c */ +/* Start: bn_mp_reduce_is_2k_l.c */ +#include +#ifdef BN_MP_REDUCE_IS_2K_L_C +/* LibTomMath, multiple-precision integer library -- Tom St Denis + * + * LibTomMath is a library that provides multiple-precision + * integer arithmetic as well as number theoretic functionality. + * + * The library was designed directly after the MPI library by + * Michael Fromberger but has been written from scratch with + * additional optimizations in place. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org + */ + +/* determines if reduce_2k_l can be used */ +int mp_reduce_is_2k_l(mp_int *a) +{ + int ix, iy; + + if (a->used == 0) { + return MP_NO; + } else if (a->used == 1) { + return MP_YES; + } else if (a->used > 1) { + /* if more than half of the digits are -1 we're sold */ + for (iy = ix = 0; ix < a->used; ix++) { + if (a->dp[ix] == MP_MASK) { + ++iy; + } + } + return (iy >= (a->used/2)) ? MP_YES : MP_NO; + + } + return MP_NO; +} + +#endif + +/* End: bn_mp_reduce_is_2k_l.c */ + /* Start: bn_mp_reduce_setup.c */ #include #ifdef BN_MP_REDUCE_SETUP_C @@ -6519,7 +6666,7 @@ int mp_reduce_is_2k(mp_int *a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* pre-calculate the value required for Barrett reduction @@ -6553,7 +6700,7 @@ int mp_reduce_setup (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* shift right a certain amount of digits */ @@ -6625,7 +6772,7 @@ void mp_rshd (mp_int * a, int b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* set to a digit */ @@ -6654,7 +6801,7 @@ void mp_set (mp_int * a, mp_digit b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* set a 32-bit const */ @@ -6702,7 +6849,7 @@ int mp_set_int (mp_int * a, unsigned long b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* shrink a bignum */ @@ -6737,7 +6884,7 @@ int mp_shrink (mp_int * a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* get the size for an signed equivalent */ @@ -6764,7 +6911,7 @@ int mp_signed_bin_size (mp_int * a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* computes b = a*a */ @@ -6822,7 +6969,7 @@ if (a->used >= KARATSUBA_SQR_CUTOFF) { * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* c = a * a (mod b) */ @@ -6863,7 +7010,7 @@ mp_sqrmod (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* this function is less generic than mp_n_root, simpler and faster */ @@ -6944,7 +7091,7 @@ E2: mp_clear(&t1); * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* high level subtraction (handles signs) */ @@ -7003,7 +7150,7 @@ mp_sub (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* single digit subtraction */ @@ -7092,7 +7239,7 @@ mp_sub_d (mp_int * a, mp_digit b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* d = a - b (mod c) */ @@ -7134,12 +7281,11 @@ mp_submod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* store in signed [big endian] format */ -int -mp_to_signed_bin (mp_int * a, unsigned char *b) +int mp_to_signed_bin (mp_int * a, unsigned char *b) { int res; @@ -7153,6 +7299,37 @@ mp_to_signed_bin (mp_int * a, unsigned char *b) /* End: bn_mp_to_signed_bin.c */ +/* Start: bn_mp_to_signed_bin_n.c */ +#include +#ifdef BN_MP_TO_SIGNED_BIN_N_C +/* LibTomMath, multiple-precision integer library -- Tom St Denis + * + * LibTomMath is a library that provides multiple-precision + * integer arithmetic as well as number theoretic functionality. + * + * The library was designed directly after the MPI library by + * Michael Fromberger but has been written from scratch with + * additional optimizations in place. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org + */ + +/* store in signed [big endian] format */ +int mp_to_signed_bin_n (mp_int * a, unsigned char *b, unsigned long *outlen) +{ + if (*outlen < (unsigned long)mp_signed_bin_size(a)) { + return MP_VAL; + } + *outlen = mp_signed_bin_size(a); + return mp_to_signed_bin(a, b); +} +#endif + +/* End: bn_mp_to_signed_bin_n.c */ + /* Start: bn_mp_to_unsigned_bin.c */ #include #ifdef BN_MP_TO_UNSIGNED_BIN_C @@ -7168,12 +7345,11 @@ mp_to_signed_bin (mp_int * a, unsigned char *b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* store in unsigned [big endian] format */ -int -mp_to_unsigned_bin (mp_int * a, unsigned char *b) +int mp_to_unsigned_bin (mp_int * a, unsigned char *b) { int x, res; mp_int t; @@ -7202,6 +7378,37 @@ mp_to_unsigned_bin (mp_int * a, unsigned char *b) /* End: bn_mp_to_unsigned_bin.c */ +/* Start: bn_mp_to_unsigned_bin_n.c */ +#include +#ifdef BN_MP_TO_UNSIGNED_BIN_N_C +/* LibTomMath, multiple-precision integer library -- Tom St Denis + * + * LibTomMath is a library that provides multiple-precision + * integer arithmetic as well as number theoretic functionality. + * + * The library was designed directly after the MPI library by + * Michael Fromberger but has been written from scratch with + * additional optimizations in place. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org + */ + +/* store in unsigned [big endian] format */ +int mp_to_unsigned_bin_n (mp_int * a, unsigned char *b, unsigned long *outlen) +{ + if (*outlen < (unsigned long)mp_unsigned_bin_size(a)) { + return MP_VAL; + } + *outlen = mp_unsigned_bin_size(a); + return mp_to_unsigned_bin(a, b); +} +#endif + +/* End: bn_mp_to_unsigned_bin_n.c */ + /* Start: bn_mp_toom_mul.c */ #include #ifdef BN_MP_TOOM_MUL_C @@ -7217,14 +7424,15 @@ mp_to_unsigned_bin (mp_int * a, unsigned char *b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* multiplication using the Toom-Cook 3-way algorithm * - * Much more complicated than Karatsuba but has a lower asymptotic running time of - * O(N**1.464). This algorithm is only particularly useful on VERY large - * inputs (we're talking 1000s of digits here...). + * Much more complicated than Karatsuba but has a lower + * asymptotic running time of O(N**1.464). This algorithm is + * only particularly useful on VERY large inputs + * (we're talking 1000s of digits here...). */ int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c) { @@ -7500,7 +7708,7 @@ ERR: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* squaring using Toom-Cook 3-way algorithm */ @@ -7726,7 +7934,7 @@ ERR: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* stores a bignum as a ASCII string in a given radix (2..64) */ @@ -7801,7 +8009,7 @@ int mp_toradix (mp_int * a, char *str, int radix) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* stores a bignum as a ASCII string in a given radix (2..64) @@ -7890,12 +8098,11 @@ int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* get the size for an unsigned equivalent */ -int -mp_unsigned_bin_size (mp_int * a) +int mp_unsigned_bin_size (mp_int * a) { int size = mp_count_bits (a); return (size / 8 + ((size & 7) != 0 ? 1 : 0)); @@ -7919,7 +8126,7 @@ mp_unsigned_bin_size (mp_int * a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* XOR two ints together */ @@ -7944,7 +8151,7 @@ mp_xor (mp_int * a, mp_int * b, mp_int * c) } for (ix = 0; ix < px; ix++) { - + t.dp[ix] ^= x->dp[ix]; } mp_clamp (&t); mp_exch (c, &t); @@ -7970,16 +8177,22 @@ mp_xor (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* set to zero */ -void -mp_zero (mp_int * a) +void mp_zero (mp_int * a) { + int n; + mp_digit *tmp; + a->sign = MP_ZPOS; a->used = 0; - memset (a->dp, 0, sizeof (mp_digit) * a->alloc); + + tmp = a->dp; + for (n = 0; n < a->alloc; n++) { + *tmp++ = 0; + } } #endif @@ -8000,7 +8213,7 @@ mp_zero (mp_int * a) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ const mp_digit ltm_prime_tab[] = { 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013, @@ -8061,7 +8274,7 @@ const mp_digit ltm_prime_tab[] = { * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* reverse an array, used for radix code */ @@ -8100,7 +8313,7 @@ bn_reverse (unsigned char *s, int len) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* low level addition, based on HAC pp.594, Algorithm 14.7 */ @@ -8209,7 +8422,7 @@ s_mp_add (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ #ifdef MP_LOW_MEM @@ -8218,11 +8431,12 @@ s_mp_add (mp_int * a, mp_int * b, mp_int * c) #define TAB_SIZE 256 #endif -int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) +int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int redmode) { mp_int M[TAB_SIZE], res, mu; mp_digit buf; int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; + int (*redux)(mp_int*,mp_int*,mp_int*); /* find window size */ x = mp_count_bits (X); @@ -8269,9 +8483,18 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) if ((err = mp_init (&mu)) != MP_OKAY) { goto LBL_M; } - if ((err = mp_reduce_setup (&mu, P)) != MP_OKAY) { - goto LBL_MU; - } + + if (redmode == 0) { + if ((err = mp_reduce_setup (&mu, P)) != MP_OKAY) { + goto LBL_MU; + } + redux = mp_reduce; + } else { + if ((err = mp_reduce_2k_setup_l (P, &mu)) != MP_OKAY) { + goto LBL_MU; + } + redux = mp_reduce_2k_l; + } /* create M table * @@ -8293,11 +8516,14 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) } for (x = 0; x < (winsize - 1); x++) { + /* square it */ if ((err = mp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)])) != MP_OKAY) { goto LBL_MU; } - if ((err = mp_reduce (&M[1 << (winsize - 1)], P, &mu)) != MP_OKAY) { + + /* reduce modulo P */ + if ((err = redux (&M[1 << (winsize - 1)], P, &mu)) != MP_OKAY) { goto LBL_MU; } } @@ -8309,7 +8535,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) if ((err = mp_mul (&M[x - 1], &M[1], &M[x])) != MP_OKAY) { goto LBL_MU; } - if ((err = mp_reduce (&M[x], P, &mu)) != MP_OKAY) { + if ((err = redux (&M[x], P, &mu)) != MP_OKAY) { goto LBL_MU; } } @@ -8358,7 +8584,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) if ((err = mp_sqr (&res, &res)) != MP_OKAY) { goto LBL_RES; } - if ((err = mp_reduce (&res, P, &mu)) != MP_OKAY) { + if ((err = redux (&res, P, &mu)) != MP_OKAY) { goto LBL_RES; } continue; @@ -8375,7 +8601,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) if ((err = mp_sqr (&res, &res)) != MP_OKAY) { goto LBL_RES; } - if ((err = mp_reduce (&res, P, &mu)) != MP_OKAY) { + if ((err = redux (&res, P, &mu)) != MP_OKAY) { goto LBL_RES; } } @@ -8384,7 +8610,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) if ((err = mp_mul (&res, &M[bitbuf], &res)) != MP_OKAY) { goto LBL_RES; } - if ((err = mp_reduce (&res, P, &mu)) != MP_OKAY) { + if ((err = redux (&res, P, &mu)) != MP_OKAY) { goto LBL_RES; } @@ -8402,7 +8628,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) if ((err = mp_sqr (&res, &res)) != MP_OKAY) { goto LBL_RES; } - if ((err = mp_reduce (&res, P, &mu)) != MP_OKAY) { + if ((err = redux (&res, P, &mu)) != MP_OKAY) { goto LBL_RES; } @@ -8412,7 +8638,7 @@ int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y) if ((err = mp_mul (&res, &M[1], &res)) != MP_OKAY) { goto LBL_RES; } - if ((err = mp_reduce (&res, P, &mu)) != MP_OKAY) { + if ((err = redux (&res, P, &mu)) != MP_OKAY) { goto LBL_RES; } } @@ -8449,15 +8675,14 @@ LBL_M: * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* multiplies |a| * |b| and only computes upto digs digits of result * HAC pp. 595, Algorithm 14.12 Modified so you can control how * many digits of output are created. */ -int -s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) +int s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) { mp_int t; int res, pa, pb, ix, iy; @@ -8540,7 +8765,7 @@ s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* multiplies |a| * |b| and does not compute the lower digs digits @@ -8621,12 +8846,11 @@ s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* low level squaring, b = a*a, HAC pp.596-597, Algorithm 14.16 */ -int -s_mp_sqr (mp_int * a, mp_int * b) +int s_mp_sqr (mp_int * a, mp_int * b) { mp_int t; int res, ix, iy, pa; @@ -8706,7 +8930,7 @@ s_mp_sqr (mp_int * a, mp_int * b) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* low level subtraction (assumes |a| > |b|), HAC pp.595 Algorithm 14.9 */ @@ -8795,7 +9019,7 @@ s_mp_sub (mp_int * a, mp_int * b, mp_int * c) * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://math.libtomcrypt.org */ /* Known optimal configurations @@ -8803,11 +9027,12 @@ s_mp_sub (mp_int * a, mp_int * b, mp_int * c) CPU /Compiler /MUL CUTOFF/SQR CUTOFF ------------------------------------------------------------- Intel P4 Northwood /GCC v3.4.1 / 88/ 128/LTM 0.32 ;-) + AMD Athlon64 /GCC v3.4.4 / 74/ 124/LTM 0.34 */ -int KARATSUBA_MUL_CUTOFF = 88, /* Min. number of digits before Karatsuba multiplication is used. */ - KARATSUBA_SQR_CUTOFF = 128, /* Min. number of digits before Karatsuba squaring is used. */ +int KARATSUBA_MUL_CUTOFF = 74, /* Min. number of digits before Karatsuba multiplication is used. */ + KARATSUBA_SQR_CUTOFF = 124, /* Min. number of digits before Karatsuba squaring is used. */ TOOM_MUL_CUTOFF = 350, /* no optimal values of these are known yet so set em high */ TOOM_SQR_CUTOFF = 400; diff --git a/src/misc/mpi/mpi_to_ltc_error.c b/src/misc/mpi/mpi_to_ltc_error.c index 0fa590d..3a4ea17 100644 --- a/src/misc/mpi/mpi_to_ltc_error.c +++ b/src/misc/mpi/mpi_to_ltc_error.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/misc/mpi/rand_prime.c b/src/misc/mpi/rand_prime.c index c7d875c..97ddf73 100644 --- a/src/misc/mpi/rand_prime.c +++ b/src/misc/mpi/rand_prime.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -54,6 +54,7 @@ int rand_prime(mp_int *N, long len, prng_state *prng, int wprng) } else { type = 0; } + type |= LTM_PRIME_2MSB_ON; /* New prime generation makes the code even more cryptoish-insane. Do you know what this means!!! -- Gir: Yeah, oh wait, er, no. diff --git a/src/misc/pkcs5/pkcs_5_1.c b/src/misc/pkcs5/pkcs_5_1.c index 7c0c805..ec47372 100644 --- a/src/misc/pkcs5/pkcs_5_1.c +++ b/src/misc/pkcs5/pkcs_5_1.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include @@ -74,7 +74,7 @@ int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, } while (--iteration_count) { - // code goes here. + /* code goes here. */ x = MAXBLOCKSIZE; if ((err = hash_memory(hash_idx, buf, hash_descriptor[hash_idx].hashsize, buf, &x)) != CRYPT_OK) { goto LBL_ERR; diff --git a/src/misc/pkcs5/pkcs_5_2.c b/src/misc/pkcs5/pkcs_5_2.c index 57cbd80..aac811b 100644 --- a/src/misc/pkcs5/pkcs_5_2.c +++ b/src/misc/pkcs5/pkcs_5_2.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include @@ -34,7 +34,8 @@ int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, unsigned char *out, unsigned long *outlen) { int err, itts; - unsigned long stored, left, x, y, blkno; + ulong32 blkno; + unsigned long stored, left, x, y; unsigned char *buf[2]; hmac_state *hmac; diff --git a/src/misc/zeromem.c b/src/misc/zeromem.c index 92f5f37..c640bb4 100644 --- a/src/misc/zeromem.c +++ b/src/misc/zeromem.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -22,8 +22,9 @@ */ void zeromem(void *out, size_t outlen) { - unsigned char *mem = (unsigned char *)out; - LTC_ARGCHK(out != NULL); - while (outlen-- > 0) - *mem++ = 0; + unsigned char *mem = out; + LTC_ARGCHK(out != NULL); + while (outlen-- > 0) { + *mem++ = 0; + } } diff --git a/src/modes/cbc/cbc_decrypt.c b/src/modes/cbc/cbc_decrypt.c index 0343268..c79631c 100644 --- a/src/modes/cbc/cbc_decrypt.c +++ b/src/modes/cbc/cbc_decrypt.c @@ -6,64 +6,86 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" /** @file cbc_decrypt.c - CBC implementation, decrypt block, Tom St Denis + CBC implementation, encrypt block, Tom St Denis */ + #ifdef CBC /** - CBC decrypt - @param ct Ciphertext - @param pt [out] Plaintext - @param cbc CBC state - @return CRYPT_OK if successful + CBC decrypt + @param ct Ciphertext + @param pt [out] Plaintext + @param len The number of bytes to process (must be multiple of block length) + @param cbc CBC state + @return CRYPT_OK if successful */ -int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc) +int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CBC *cbc) { int x, err; - unsigned char tmp[MAXBLOCKSIZE], tmp2[MAXBLOCKSIZE]; + unsigned char tmp[16]; +#ifdef LTC_FAST + LTC_FAST_TYPE tmpy; +#else + unsigned char tmpy; +#endif - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); LTC_ARGCHK(cbc != NULL); - /* decrypt the block from ct into tmp */ if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { return err; } - LTC_ARGCHK(cipher_descriptor[cbc->cipher].ecb_decrypt != NULL); - + /* is blocklen valid? */ if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) { return CRYPT_INVALID_ARG; - } + } - /* decrypt and xor IV against the plaintext of the previous step */ - cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key); - for (x = 0; x < cbc->blocklen; x++) { - /* copy CT in case ct == pt */ - tmp2[x] = ct[x]; - - /* actually decrypt the byte */ - pt[x] = tmp[x] ^ cbc->IV[x]; + if (len % cbc->blocklen) { + return CRYPT_INVALID_ARG; } - - /* replace IV with this current ciphertext */ - for (x = 0; x < cbc->blocklen; x++) { - cbc->IV[x] = tmp2[x]; +#ifdef LTC_FAST + if (len % sizeof(LTC_FAST_TYPE)) { + return CRYPT_INVALID_ARG; + } +#endif + + if (cipher_descriptor[cbc->cipher].accel_cbc_decrypt != NULL) { + cipher_descriptor[cbc->cipher].accel_cbc_decrypt(ct, pt, len / cbc->blocklen, cbc->IV, &cbc->key); + } else { + while (len) { + /* decrypt */ + cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key); + + /* xor IV against plaintext */ + #if defined(LTC_FAST) + for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { + tmpy = *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) ^ *((LTC_FAST_TYPE*)((unsigned char *)tmp + x)); + *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) = *((LTC_FAST_TYPE*)((unsigned char *)ct + x)); + *((LTC_FAST_TYPE*)((unsigned char *)pt + x)) = tmpy; + } + #else + for (x = 0; x < cbc->blocklen; x++) { + tmpy = tmp[x] ^ cbc->IV[x]; + cbc->IV[x] = ct[x]; + pt[x] = tmpy; + } + #endif + + ct += cbc->blocklen; + pt += cbc->blocklen; + len -= cbc->blocklen; + } } - #ifdef LTC_CLEAN_STACK - zeromem(tmp, sizeof(tmp)); - zeromem(tmp2, sizeof(tmp2)); - #endif return CRYPT_OK; } #endif - diff --git a/src/modes/cbc/cbc_done.c b/src/modes/cbc/cbc_done.c new file mode 100644 index 0000000..daa9110 --- /dev/null +++ b/src/modes/cbc/cbc_done.c @@ -0,0 +1,38 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file cbc_done.c + CBC implementation, finish chain, Tom St Denis +*/ + +#ifdef CBC + +/** Terminate the chain + @param cbc The CBC chain to terminate + @return CRYPT_OK on success +*/ +int cbc_done(symmetric_CBC *cbc) +{ + int err; + LTC_ARGCHK(cbc != NULL); + + if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { + return err; + } + cipher_descriptor[cbc->cipher].done(&cbc->key); + return CRYPT_OK; +} + + + +#endif diff --git a/src/modes/cbc/cbc_encrypt.c b/src/modes/cbc/cbc_encrypt.c index bd665de..00ca05f 100644 --- a/src/modes/cbc/cbc_encrypt.c +++ b/src/modes/cbc/cbc_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -22,13 +22,13 @@ CBC encrypt @param pt Plaintext @param ct [out] Ciphertext + @param len The number of bytes to process (must be multiple of block length) @param cbc CBC state @return CRYPT_OK if successful */ -int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc) +int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc) { int x, err; - unsigned char tmp[MAXBLOCKSIZE]; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); @@ -43,22 +43,49 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc) return CRYPT_INVALID_ARG; } - /* xor IV against plaintext */ - for (x = 0; x < cbc->blocklen; x++) { - tmp[x] = pt[x] ^ cbc->IV[x]; + if (len % cbc->blocklen) { + return CRYPT_INVALID_ARG; } - - /* encrypt */ - cipher_descriptor[cbc->cipher].ecb_encrypt(tmp, ct, &cbc->key); - - /* store IV [ciphertext] for a future block */ - for (x = 0; x < cbc->blocklen; x++) { - cbc->IV[x] = ct[x]; +#ifdef LTC_FAST + if (len % sizeof(LTC_FAST_TYPE)) { + return CRYPT_INVALID_ARG; } +#endif - #ifdef LTC_CLEAN_STACK - zeromem(tmp, sizeof(tmp)); - #endif + if (cipher_descriptor[cbc->cipher].accel_cbc_encrypt != NULL) { + cipher_descriptor[cbc->cipher].accel_cbc_encrypt(pt, ct, len / cbc->blocklen, cbc->IV, &cbc->key); + } else { + while (len) { + /* xor IV against plaintext */ + #if defined(LTC_FAST) + for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) ^= *((LTC_FAST_TYPE*)((unsigned char *)pt + x)); + } + #else + for (x = 0; x < cbc->blocklen; x++) { + cbc->IV[x] ^= pt[x]; + } + #endif + + /* encrypt */ + cipher_descriptor[cbc->cipher].ecb_encrypt(cbc->IV, ct, &cbc->key); + + /* store IV [ciphertext] for a future block */ + #if defined(LTC_FAST) + for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) = *((LTC_FAST_TYPE*)((unsigned char *)ct + x)); + } + #else + for (x = 0; x < cbc->blocklen; x++) { + cbc->IV[x] = ct[x]; + } + #endif + + ct += cbc->blocklen; + pt += cbc->blocklen; + len -= cbc->blocklen; + } + } return CRYPT_OK; } diff --git a/src/modes/cbc/cbc_getiv.c b/src/modes/cbc/cbc_getiv.c index 86e4eb6..0f5c3e4 100644 --- a/src/modes/cbc/cbc_getiv.c +++ b/src/modes/cbc/cbc_getiv.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/cbc/cbc_setiv.c b/src/modes/cbc/cbc_setiv.c index 034a516..f2e8b31 100644 --- a/src/modes/cbc/cbc_setiv.c +++ b/src/modes/cbc/cbc_setiv.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/cbc/cbc_start.c b/src/modes/cbc/cbc_start.c index df2e6a1..680faab 100644 --- a/src/modes/cbc/cbc_start.c +++ b/src/modes/cbc/cbc_start.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/cfb/cfb_decrypt.c b/src/modes/cfb/cfb_decrypt.c index 27930b0..8b78898 100644 --- a/src/modes/cfb/cfb_decrypt.c +++ b/src/modes/cfb/cfb_decrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/cfb/cfb_done.c b/src/modes/cfb/cfb_done.c new file mode 100644 index 0000000..04e775c --- /dev/null +++ b/src/modes/cfb/cfb_done.c @@ -0,0 +1,38 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file cfb_done.c + CFB implementation, finish chain, Tom St Denis +*/ + +#ifdef CFB + +/** Terminate the chain + @param cfb The CFB chain to terminate + @return CRYPT_OK on success +*/ +int cfb_done(symmetric_CFB *cfb) +{ + int err; + LTC_ARGCHK(cfb != NULL); + + if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { + return err; + } + cipher_descriptor[cfb->cipher].done(&cfb->key); + return CRYPT_OK; +} + + + +#endif diff --git a/src/modes/cfb/cfb_encrypt.c b/src/modes/cfb/cfb_encrypt.c index f6d39ae..b960368 100644 --- a/src/modes/cfb/cfb_encrypt.c +++ b/src/modes/cfb/cfb_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/cfb/cfb_getiv.c b/src/modes/cfb/cfb_getiv.c index 27720a8..e59c1e4 100644 --- a/src/modes/cfb/cfb_getiv.c +++ b/src/modes/cfb/cfb_getiv.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/cfb/cfb_setiv.c b/src/modes/cfb/cfb_setiv.c index 6745b2c..e475ad9 100644 --- a/src/modes/cfb/cfb_setiv.c +++ b/src/modes/cfb/cfb_setiv.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/cfb/cfb_start.c b/src/modes/cfb/cfb_start.c index 209e175..7157fc3 100644 --- a/src/modes/cfb/cfb_start.c +++ b/src/modes/cfb/cfb_start.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/ctr/ctr_decrypt.c b/src/modes/ctr/ctr_decrypt.c index 0277a43..daa78a8 100644 --- a/src/modes/ctr/ctr_decrypt.c +++ b/src/modes/ctr/ctr_decrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/ctr/ctr_done.c b/src/modes/ctr/ctr_done.c new file mode 100644 index 0000000..88508ba --- /dev/null +++ b/src/modes/ctr/ctr_done.c @@ -0,0 +1,38 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file ctr_done.c + CTR implementation, finish chain, Tom St Denis +*/ + +#ifdef CTR + +/** Terminate the chain + @param ctr The CTR chain to terminate + @return CRYPT_OK on success +*/ +int ctr_done(symmetric_CTR *ctr) +{ + int err; + LTC_ARGCHK(ctr != NULL); + + if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { + return err; + } + cipher_descriptor[ctr->cipher].done(&ctr->key); + return CRYPT_OK; +} + + + +#endif diff --git a/src/modes/ctr/ctr_encrypt.c b/src/modes/ctr/ctr_encrypt.c index ca22554..a96b806 100644 --- a/src/modes/ctr/ctr_encrypt.c +++ b/src/modes/ctr/ctr_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -44,7 +44,19 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s return CRYPT_INVALID_ARG; } - while (len-- > 0) { +#ifdef LTC_FAST + if (ctr->blocklen % sizeof(LTC_FAST_TYPE)) { + return CRYPT_INVALID_ARG; + } +#endif + + /* handle acceleration only if pad is empty, accelerator is present and length is >= a block size */ + if ((ctr->padlen == ctr->blocklen) && cipher_descriptor[ctr->cipher].accel_ctr_encrypt != NULL && (len >= (unsigned long)ctr->blocklen)) { + cipher_descriptor[ctr->cipher].accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key); + len %= ctr->blocklen; + } + + while (len) { /* is the pad empty? */ if (ctr->padlen == ctr->blocklen) { /* increment counter */ @@ -70,7 +82,21 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key); ctr->padlen = 0; } - *ct++ = *pt++ ^ ctr->pad[ctr->padlen++]; +#ifdef LTC_FAST + if (ctr->padlen == 0 && len >= (unsigned long)ctr->blocklen) { + for (x = 0; x < ctr->blocklen; x += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)((unsigned char *)ct + x)) = *((LTC_FAST_TYPE*)((unsigned char *)pt + x)) ^ + *((LTC_FAST_TYPE*)((unsigned char *)ctr->pad + x)); + } + pt += ctr->blocklen; + ct += ctr->blocklen; + len -= ctr->blocklen; + ctr->padlen = ctr->blocklen; + continue; + } +#endif + *ct++ = *pt++ ^ ctr->pad[ctr->padlen++]; + --len; } return CRYPT_OK; } diff --git a/src/modes/ctr/ctr_getiv.c b/src/modes/ctr/ctr_getiv.c index c05ba21..3997033 100644 --- a/src/modes/ctr/ctr_getiv.c +++ b/src/modes/ctr/ctr_getiv.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/ctr/ctr_setiv.c b/src/modes/ctr/ctr_setiv.c index c97d1d1..2aab190 100644 --- a/src/modes/ctr/ctr_setiv.c +++ b/src/modes/ctr/ctr_setiv.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/ctr/ctr_start.c b/src/modes/ctr/ctr_start.c index fc0a104..db8c464 100644 --- a/src/modes/ctr/ctr_start.c +++ b/src/modes/ctr/ctr_start.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/ecb/ecb_decrypt.c b/src/modes/ecb/ecb_decrypt.c index d60bad2..8db4d37 100644 --- a/src/modes/ecb/ecb_decrypt.c +++ b/src/modes/ecb/ecb_decrypt.c @@ -6,41 +6,50 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" /** @file ecb_decrypt.c - ECB implementation, decrypt block, Tom St Denis + ECB implementation, decrypt a block, Tom St Denis */ #ifdef ECB /** - ECB decrypt - @param ct Ciphertext - @param pt [out] Plaintext - @param ecb ECB state - @return CRYPT_OK if successful + ECB decrypt + @param ct Ciphertext + @param pt [out] Plaintext + @param len The number of octets to process (must be multiple of the cipher block size) + @param ecb ECB state + @return CRYPT_OK if successful */ -int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb) +int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_ECB *ecb) { int err; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(ecb != NULL); - - /* valid cipher? */ if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { return err; } - LTC_ARGCHK(cipher_descriptor[ecb->cipher].ecb_decrypt != NULL); - - cipher_descriptor[ecb->cipher].ecb_decrypt(ct, pt, &ecb->key); + if (len % cipher_descriptor[ecb->cipher].block_length) { + return CRYPT_INVALID_ARG; + } + + /* check for accel */ + if (cipher_descriptor[ecb->cipher].accel_ecb_decrypt != NULL) { + cipher_descriptor[ecb->cipher].accel_ecb_decrypt(ct, pt, len / cipher_descriptor[ecb->cipher].block_length, &ecb->key); + } else { + while (len) { + cipher_descriptor[ecb->cipher].ecb_decrypt(ct, pt, &ecb->key); + pt += cipher_descriptor[ecb->cipher].block_length; + ct += cipher_descriptor[ecb->cipher].block_length; + len -= cipher_descriptor[ecb->cipher].block_length; + } + } return CRYPT_OK; } #endif - - diff --git a/src/modes/ecb/ecb_done.c b/src/modes/ecb/ecb_done.c new file mode 100644 index 0000000..31a42fa --- /dev/null +++ b/src/modes/ecb/ecb_done.c @@ -0,0 +1,38 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file ecb_done.c + ECB implementation, finish chain, Tom St Denis +*/ + +#ifdef ECB + +/** Terminate the chain + @param rcb The ECB chain to terminate + @return CRYPT_OK on success +*/ +int ecb_done(symmetric_ECB *ecb) +{ + int err; + LTC_ARGCHK(ecb != NULL); + + if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { + return err; + } + cipher_descriptor[ecb->cipher].done(&ecb->key); + return CRYPT_OK; +} + + + +#endif diff --git a/src/modes/ecb/ecb_encrypt.c b/src/modes/ecb/ecb_encrypt.c index 68b6e5d..dc045e9 100644 --- a/src/modes/ecb/ecb_encrypt.c +++ b/src/modes/ecb/ecb_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -21,20 +21,34 @@ ECB encrypt @param pt Plaintext @param ct [out] Ciphertext + @param len The number of octets to process (must be multiple of the cipher block size) @param ecb ECB state @return CRYPT_OK if successful */ -int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb) +int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb) { int err; LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(ecb != NULL); - if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { return err; } - cipher_descriptor[ecb->cipher].ecb_encrypt(pt, ct, &ecb->key); + if (len % cipher_descriptor[ecb->cipher].block_length) { + return CRYPT_INVALID_ARG; + } + + /* check for accel */ + if (cipher_descriptor[ecb->cipher].accel_ecb_encrypt != NULL) { + cipher_descriptor[ecb->cipher].accel_ecb_encrypt(pt, ct, len / cipher_descriptor[ecb->cipher].block_length, &ecb->key); + } else { + while (len) { + cipher_descriptor[ecb->cipher].ecb_encrypt(pt, ct, &ecb->key); + pt += cipher_descriptor[ecb->cipher].block_length; + ct += cipher_descriptor[ecb->cipher].block_length; + len -= cipher_descriptor[ecb->cipher].block_length; + } + } return CRYPT_OK; } diff --git a/src/modes/ecb/ecb_start.c b/src/modes/ecb/ecb_start.c index c84b3c7..a8b6d45 100644 --- a/src/modes/ecb/ecb_start.c +++ b/src/modes/ecb/ecb_start.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/ofb/ofb_decrypt.c b/src/modes/ofb/ofb_decrypt.c index 732daf7..f725410 100644 --- a/src/modes/ofb/ofb_decrypt.c +++ b/src/modes/ofb/ofb_decrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/ofb/ofb_done.c b/src/modes/ofb/ofb_done.c new file mode 100644 index 0000000..ff72ddc --- /dev/null +++ b/src/modes/ofb/ofb_done.c @@ -0,0 +1,38 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file ofb_done.c + OFB implementation, finish chain, Tom St Denis +*/ + +#ifdef OFB + +/** Terminate the chain + @param ofb The OFB chain to terminate + @return CRYPT_OK on success +*/ +int ofb_done(symmetric_OFB *ofb) +{ + int err; + LTC_ARGCHK(ofb != NULL); + + if ((err = cipher_is_valid(ofb->cipher)) != CRYPT_OK) { + return err; + } + cipher_descriptor[ofb->cipher].done(&ofb->key); + return CRYPT_OK; +} + + + +#endif diff --git a/src/modes/ofb/ofb_encrypt.c b/src/modes/ofb/ofb_encrypt.c index 56a3647..4409ac8 100644 --- a/src/modes/ofb/ofb_encrypt.c +++ b/src/modes/ofb/ofb_encrypt.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/ofb/ofb_getiv.c b/src/modes/ofb/ofb_getiv.c index 7211d95..eb8ef1e 100644 --- a/src/modes/ofb/ofb_getiv.c +++ b/src/modes/ofb/ofb_getiv.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/ofb/ofb_setiv.c b/src/modes/ofb/ofb_setiv.c index af7b843..96b3f1c 100644 --- a/src/modes/ofb/ofb_setiv.c +++ b/src/modes/ofb/ofb_setiv.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/modes/ofb/ofb_start.c b/src/modes/ofb/ofb_start.c index 67dc2c6..977e6a3 100644 --- a/src/modes/ofb/ofb_start.c +++ b/src/modes/ofb/ofb_start.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/asn1/der/der_decode_integer.c b/src/pk/asn1/der/der_decode_integer.c index 08ec619..b798bd4 100644 --- a/src/pk/asn1/der/der_decode_integer.c +++ b/src/pk/asn1/der/der_decode_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/asn1/der/der_encode_integer.c b/src/pk/asn1/der/der_encode_integer.c index 460eace..c5c5267 100644 --- a/src/pk/asn1/der/der_encode_integer.c +++ b/src/pk/asn1/der/der_encode_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/asn1/der/der_get_multi_integer.c b/src/pk/asn1/der/der_get_multi_integer.c index e4d5c1b..75ae0bc 100644 --- a/src/pk/asn1/der/der_get_multi_integer.c +++ b/src/pk/asn1/der/der_get_multi_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include #include "tomcrypt.h" diff --git a/src/pk/asn1/der/der_length_integer.c b/src/pk/asn1/der/der_length_integer.c index ff9a394..f86738a 100644 --- a/src/pk/asn1/der/der_length_integer.c +++ b/src/pk/asn1/der/der_length_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/asn1/der/der_put_multi_integer.c b/src/pk/asn1/der/der_put_multi_integer.c index 44f5ef3..af2ca88 100644 --- a/src/pk/asn1/der/der_put_multi_integer.c +++ b/src/pk/asn1/der/der_put_multi_integer.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include #include "tomcrypt.h" diff --git a/src/pk/dh/dh.c b/src/pk/dh/dh.c index a70e594..c2085a6 100644 --- a/src/pk/dh/dh.c +++ b/src/pk/dh/dh.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/dh/dh_sys.c b/src/pk/dh/dh_sys.c index 0596b37..801f85a 100644 --- a/src/pk/dh/dh_sys.c +++ b/src/pk/dh/dh_sys.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** diff --git a/src/pk/dsa/dsa_export.c b/src/pk/dsa/dsa_export.c index 35c16fe..773023e 100644 --- a/src/pk/dsa/dsa_export.c +++ b/src/pk/dsa/dsa_export.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/dsa/dsa_free.c b/src/pk/dsa/dsa_free.c index d8d3ddf..862a2dd 100644 --- a/src/pk/dsa/dsa_free.c +++ b/src/pk/dsa/dsa_free.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/dsa/dsa_import.c b/src/pk/dsa/dsa_import.c index 73c2a55..6de56e3 100644 --- a/src/pk/dsa/dsa_import.c +++ b/src/pk/dsa/dsa_import.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/dsa/dsa_make_key.c b/src/pk/dsa/dsa_make_key.c index d5dd889..60683a0 100644 --- a/src/pk/dsa/dsa_make_key.c +++ b/src/pk/dsa/dsa_make_key.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/dsa/dsa_sign_hash.c b/src/pk/dsa/dsa_sign_hash.c index 38ae121..da92a82 100644 --- a/src/pk/dsa/dsa_sign_hash.c +++ b/src/pk/dsa/dsa_sign_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/dsa/dsa_verify_hash.c b/src/pk/dsa/dsa_verify_hash.c index 391cc24..140f0e2 100644 --- a/src/pk/dsa/dsa_verify_hash.c +++ b/src/pk/dsa/dsa_verify_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/dsa/dsa_verify_key.c b/src/pk/dsa/dsa_verify_key.c index 3039668..3e84261 100644 --- a/src/pk/dsa/dsa_verify_key.c +++ b/src/pk/dsa/dsa_verify_key.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/ecc/ecc.c b/src/pk/ecc/ecc.c index cb99dde..b5e088b 100644 --- a/src/pk/ecc/ecc.c +++ b/src/pk/ecc/ecc.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b @@ -247,7 +247,7 @@ static ecc_point *new_point(void) if (p == NULL) { return NULL; } - if (mp_init_multi(&p->x, &p->y, NULL) != MP_OKAY) { + if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != MP_OKAY) { XFREE(p); return NULL; } @@ -258,113 +258,294 @@ static void del_point(ecc_point *p) { /* prevents free'ing null arguments */ if (p != NULL) { - mp_clear_multi(&p->x, &p->y, NULL); + mp_clear_multi(&p->x, &p->y, &p->z, NULL); XFREE(p); } } -/* double a point R = 2P, R can be P*/ -static int dbl_point(ecc_point *P, ecc_point *R, mp_int *modulus, mp_int *mu) +static int ecc_map(ecc_point *P, mp_int *modulus, mp_int *mu) { - mp_int s, tmp, tmpx; + mp_int t1, t2; int err; - if ((err = mp_init_multi(&s, &tmp, &tmpx, NULL)) != MP_OKAY) { - return mpi_to_ltc_error(err); + if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { + return CRYPT_MEM; } - /* s = (3Xp^2 + a) / (2Yp) */ - if ((err = mp_mul_2(&P->y, &tmp)) != MP_OKAY) { goto error; } /* tmp = 2*y */ - if ((err = mp_invmod(&tmp, modulus, &tmp)) != MP_OKAY) { goto error; } /* tmp = 1/tmp mod modulus */ - if ((err = mp_sqr(&P->x, &s)) != MP_OKAY) { goto error; } /* s = x^2 */ - if ((err = mp_reduce(&s, modulus, mu)) != MP_OKAY) { goto error; } - if ((err = mp_mul_d(&s,(mp_digit)3, &s)) != MP_OKAY) { goto error; } /* s = 3*(x^2) */ - if ((err = mp_sub_d(&s,(mp_digit)3, &s)) != MP_OKAY) { goto error; } /* s = 3*(x^2) - 3 */ - if (mp_cmp_d(&s, 0) == MP_LT) { /* if s < 0 add modulus */ - if ((err = mp_add(&s, modulus, &s)) != MP_OKAY) { goto error; } - } - if ((err = mp_mul(&s, &tmp, &s)) != MP_OKAY) { goto error; } /* s = tmp * s mod modulus */ - if ((err = mp_reduce(&s, modulus, mu)) != MP_OKAY) { goto error; } + /* get 1/z */ + if ((err = mp_invmod(&P->z, modulus, &t1)) != MP_OKAY) { goto error; } + + /* get 1/z^2 and 1/z^3 */ + if ((err = mp_sqr(&t1, &t2)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t2, modulus, mu)) != MP_OKAY) { goto error; } + if ((err = mp_mul(&t1, &t2, &t1)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t1, modulus, mu)) != MP_OKAY) { goto error; } - /* Xr = s^2 - 2Xp */ - if ((err = mp_sqr(&s, &tmpx)) != MP_OKAY) { goto error; } /* tmpx = s^2 */ - if ((err = mp_reduce(&tmpx, modulus, mu)) != MP_OKAY) { goto error; } /* tmpx = tmpx mod modulus */ - if ((err = mp_sub(&tmpx, &P->x, &tmpx)) != MP_OKAY) { goto error; } /* tmpx = tmpx - x */ - if ((err = mp_submod(&tmpx, &P->x, modulus, &tmpx)) != MP_OKAY) { goto error; } /* tmpx = tmpx - x mod modulus */ - - /* Yr = -Yp + s(Xp - Xr) */ - if ((err = mp_sub(&P->x, &tmpx, &tmp)) != MP_OKAY) { goto error; } /* tmp = x - tmpx */ - if ((err = mp_mul(&tmp, &s, &tmp)) != MP_OKAY) { goto error; } /* tmp = tmp * s */ - if ((err = mp_submod(&tmp, &P->y, modulus, &R->y)) != MP_OKAY) { goto error; } /* y = tmp - y mod modulus */ - if ((err = mp_copy(&tmpx, &R->x)) != MP_OKAY) { goto error; } /* x = tmpx */ + /* multiply against x/y */ + if ((err = mp_mul(&P->x, &t2, &P->x)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&P->x, modulus, mu)) != MP_OKAY) { goto error; } + if ((err = mp_mul(&P->y, &t1, &P->y)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&P->y, modulus, mu)) != MP_OKAY) { goto error; } + mp_set(&P->z, 1); err = CRYPT_OK; goto done; error: err = mpi_to_ltc_error(err); done: - mp_clear_multi(&tmpx, &tmp, &s, NULL); + mp_clear_multi(&t1, &t2, NULL); + return err; + +} + + +/* double a point R = 2P, R can be P*/ +static int dbl_point(ecc_point *P, ecc_point *R, mp_int *modulus, mp_int *mu) +{ + mp_int t1, t2; + int err; + + if ((err = mp_init_multi(&t1, &t2, NULL)) != MP_OKAY) { + return mpi_to_ltc_error(err); + } + + if ((err = mp_copy(&P->x, &R->x)) != MP_OKAY) { goto error; } + if ((err = mp_copy(&P->y, &R->y)) != MP_OKAY) { goto error; } + if ((err = mp_copy(&P->z, &R->z)) != MP_OKAY) { goto error; } + + /* t1 = Z * Z */ + if ((err = mp_sqr(&R->z, &t1)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t1, modulus, mu)) != MP_OKAY) { goto error; } + /* Z = Y * Z */ + if ((err = mp_mul(&R->z, &R->y, &R->z)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&R->z, modulus, mu)) != MP_OKAY) { goto error; } + /* Z = 2Z */ + if ((err = mp_mul_2(&R->z, &R->z)) != MP_OKAY) { goto error; } + if (mp_cmp(&R->z, modulus) != MP_LT) { + if ((err = mp_sub(&R->z, modulus, &R->z)) != MP_OKAY) { goto error; } + } + + /* T2 = X - T1 */ + if ((err = mp_sub(&R->x, &t1, &t2)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&t2, 0) == MP_LT) { + if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; } + } + /* T1 = X + T1 */ + if ((err = mp_add(&t1, &R->x, &t1)) != MP_OKAY) { goto error; } + if (mp_cmp(&t1, modulus) != MP_LT) { + if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } + } + /* T2 = T1 * T2 */ + if ((err = mp_mul(&t1, &t2, &t2)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t2, modulus, mu)) != MP_OKAY) { goto error; } + /* T1 = 2T2 */ + if ((err = mp_mul_2(&t2, &t1)) != MP_OKAY) { goto error; } + if (mp_cmp(&t1, modulus) != MP_LT) { + if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } + } + /* T1 = T1 + T2 */ + if ((err = mp_add(&t1, &t2, &t1)) != MP_OKAY) { goto error; } + if (mp_cmp(&t1, modulus) != MP_LT) { + if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } + } + + /* Y = 2Y */ + if ((err = mp_mul_2(&R->y, &R->y)) != MP_OKAY) { goto error; } + if (mp_cmp(&R->y, modulus) != MP_LT) { + if ((err = mp_sub(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; } + } + /* Y = Y * Y */ + if ((err = mp_sqr(&R->y, &R->y)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&R->y, modulus, mu)) != MP_OKAY) { goto error; } + /* T2 = Y * Y */ + if ((err = mp_sqr(&R->y, &t2)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t2, modulus, mu)) != MP_OKAY) { goto error; } + /* T2 = T2/2 */ + if (mp_isodd(&t2)) { + if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; } + } + if ((err = mp_div_2(&t2, &t2)) != MP_OKAY) { goto error; } + /* Y = Y * X */ + if ((err = mp_mul(&R->y, &R->x, &R->y)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&R->y, modulus, mu)) != MP_OKAY) { goto error; } + + /* X = T1 * T1 */ + if ((err = mp_sqr(&t1, &R->x)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&R->x, modulus, mu)) != MP_OKAY) { goto error; } + /* X = X - Y */ + if ((err = mp_sub(&R->x, &R->y, &R->x)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&R->x, 0) == MP_LT) { + if ((err = mp_add(&R->x, modulus, &R->x)) != MP_OKAY) { goto error; } + } + /* X = X - Y */ + if ((err = mp_sub(&R->x, &R->y, &R->x)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&R->x, 0) == MP_LT) { + if ((err = mp_add(&R->x, modulus, &R->x)) != MP_OKAY) { goto error; } + } + + /* Y = Y - X */ + if ((err = mp_sub(&R->y, &R->x, &R->y)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&R->y, 0) == MP_LT) { + if ((err = mp_add(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; } + } + /* Y = Y * T1 */ + if ((err = mp_mul(&R->y, &t1, &R->y)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&R->y, modulus, mu)) != MP_OKAY) { goto error; } + /* Y = Y - T2 */ + if ((err = mp_sub(&R->y, &t2, &R->y)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&R->y, 0) == MP_LT) { + if ((err = mp_add(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; } + } + + err = CRYPT_OK; + goto done; +error: + err = mpi_to_ltc_error(err); +done: + mp_clear_multi(&t1, &t2, NULL); return err; } /* add two different points over Z/pZ, R = P + Q, note R can equal either P or Q */ static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus, mp_int *mu) { - mp_int s, tmp, tmpx; + mp_int t1, t2, x, y, z; int err; - if ((err = mp_init(&tmp)) != MP_OKAY) { + if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); } - /* is P==Q or P==-Q? */ - if (((err = mp_neg(&Q->y, &tmp)) != MP_OKAY) || ((err = mp_mod(&tmp, modulus, &tmp)) != MP_OKAY)) { - mp_clear(&tmp); - return mpi_to_ltc_error(err); + if ((err = mp_copy(&P->x, &x)) != MP_OKAY) { goto error; } + if ((err = mp_copy(&P->y, &y)) != MP_OKAY) { goto error; } + if ((err = mp_copy(&P->z, &z)) != MP_OKAY) { goto error; } + + /* if Z' != 1 */ + if (mp_cmp_d(&Q->z, 1) != MP_EQ) { + /* T1 = Z' * Z' */ + if ((err = mp_sqr(&Q->z, &t1)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t1, modulus, mu)) != MP_OKAY) { goto error; } + /* X = X * T1 */ + if ((err = mp_mul(&t1, &x, &x)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&x, modulus, mu)) != MP_OKAY) { goto error; } + /* T1 = Z' * T1 */ + if ((err = mp_mul(&Q->z, &t1, &t1)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t1, modulus, mu)) != MP_OKAY) { goto error; } + /* Y = Y * T1 */ + if ((err = mp_mul(&t1, &y, &y)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&y, modulus, mu)) != MP_OKAY) { goto error; } } - if (mp_cmp(&P->x, &Q->x) == MP_EQ) - if (mp_cmp(&P->y, &Q->y) == MP_EQ || mp_cmp(&P->y, &tmp) == MP_EQ) { - mp_clear(&tmp); - return dbl_point(P, R, modulus, mu); - } + /* T1 = Z*Z */ + if ((err = mp_sqr(&z, &t1)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t1, modulus, mu)) != MP_OKAY) { goto error; } + /* T2 = X' * T1 */ + if ((err = mp_mul(&Q->x, &t1, &t2)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t2, modulus, mu)) != MP_OKAY) { goto error; } + /* T1 = Z * T1 */ + if ((err = mp_mul(&z, &t1, &t1)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t1, modulus, mu)) != MP_OKAY) { goto error; } + /* T1 = Y' * T1 */ + if ((err = mp_mul(&Q->y, &t1, &t1)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t1, modulus, mu)) != MP_OKAY) { goto error; } - if ((err = mp_init_multi(&tmpx, &s, NULL)) != MP_OKAY) { - mp_clear(&tmp); - return mpi_to_ltc_error(err); + /* Y = Y - T1 */ + if ((err = mp_sub(&y, &t1, &y)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&y, 0) == MP_LT) { + if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; } + } + /* T1 = 2T1 */ + if ((err = mp_mul_2(&t1, &t1)) != MP_OKAY) { goto error; } + if (mp_cmp(&t1, modulus) != MP_LT) { + if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } + } + /* T1 = Y + T1 */ + if ((err = mp_add(&t1, &y, &t1)) != MP_OKAY) { goto error; } + if (mp_cmp(&t1, modulus) != MP_LT) { + if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; } + } + /* X = X - T2 */ + if ((err = mp_sub(&x, &t2, &x)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&x, 0) == MP_LT) { + if ((err = mp_add(&x, modulus, &x)) != MP_OKAY) { goto error; } + } + /* T2 = 2T2 */ + if ((err = mp_mul_2(&t2, &t2)) != MP_OKAY) { goto error; } + if (mp_cmp(&t2, modulus) != MP_LT) { + if ((err = mp_sub(&t2, modulus, &t2)) != MP_OKAY) { goto error; } + } + /* T2 = X + T2 */ + if ((err = mp_add(&t2, &x, &t2)) != MP_OKAY) { goto error; } + if (mp_cmp(&t2, modulus) != MP_LT) { + if ((err = mp_sub(&t2, modulus, &t2)) != MP_OKAY) { goto error; } } - /* get s = (Yp - Yq)/(Xp-Xq) mod p */ - if ((err = mp_sub(&P->x, &Q->x, &tmp)) != MP_OKAY) { goto error; } /* tmp = Px - Qx mod modulus */ - if (mp_cmp_d(&tmp, 0) == MP_LT) { /* if tmp<0 add modulus */ - if ((err = mp_add(&tmp, modulus, &tmp)) != MP_OKAY) { goto error; } + /* if Z' != 1 */ + if (mp_cmp_d(&Q->z, 1) != MP_EQ) { + /* Z = Z * Z' */ + if ((err = mp_mul(&z, &Q->z, &z)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&z, modulus, mu)) != MP_OKAY) { goto error; } } - if ((err = mp_invmod(&tmp, modulus, &tmp)) != MP_OKAY) { goto error; } /* tmp = 1/tmp mod modulus */ - if ((err = mp_sub(&P->y, &Q->y, &s)) != MP_OKAY) { goto error; } /* s = Py - Qy mod modulus */ - if (mp_cmp_d(&s, 0) == MP_LT) { /* if s<0 add modulus */ - if ((err = mp_add(&s, modulus, &s)) != MP_OKAY) { goto error; } + /* Z = Z * X */ + if ((err = mp_mul(&z, &x, &z)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&z, modulus, mu)) != MP_OKAY) { goto error; } + + /* T1 = T1 * X */ + if ((err = mp_mul(&t1, &x, &t1)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t1, modulus, mu)) != MP_OKAY) { goto error; } + /* X = X * X */ + if ((err = mp_sqr(&x, &x)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&x, modulus, mu)) != MP_OKAY) { goto error; } + /* T2 = T2 * x */ + if ((err = mp_mul(&t2, &x, &t2)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t2, modulus, mu)) != MP_OKAY) { goto error; } + /* T1 = T1 * X */ + if ((err = mp_mul(&t1, &x, &t1)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t1, modulus, mu)) != MP_OKAY) { goto error; } + + /* X = Y*Y */ + if ((err = mp_sqr(&y, &x)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&x, modulus, mu)) != MP_OKAY) { goto error; } + /* X = X - T2 */ + if ((err = mp_sub(&x, &t2, &x)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&x, 0) == MP_LT) { + if ((err = mp_add(&x, modulus, &x)) != MP_OKAY) { goto error; } } - if ((err = mp_mul(&s, &tmp, &s)) != MP_OKAY) { goto error; } /* s = s * tmp mod modulus */ - if ((err = mp_reduce(&s, modulus, mu)) != MP_OKAY) { goto error; } - /* Xr = s^2 - Xp - Xq */ - if ((err = mp_sqr(&s, &tmp)) != MP_OKAY) { goto error; } /* tmp = s^2 mod modulus */ - if ((err = mp_reduce(&tmp, modulus, mu)) != MP_OKAY) { goto error; } - if ((err = mp_sub(&tmp, &P->x, &tmp)) != MP_OKAY) { goto error; } /* tmp = tmp - Px */ - if ((err = mp_sub(&tmp, &Q->x, &tmpx)) != MP_OKAY) { goto error; } /* tmpx = tmp - Qx */ + /* T2 = T2 - X */ + if ((err = mp_sub(&t2, &x, &t2)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&t2, 0) == MP_LT) { + if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; } + } + /* T2 = T2 - X */ + if ((err = mp_sub(&t2, &x, &t2)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&t2, 0) == MP_LT) { + if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; } + } + /* T2 = T2 * Y */ + if ((err = mp_mul(&t2, &y, &t2)) != MP_OKAY) { goto error; } + if ((err = mp_reduce(&t2, modulus, mu)) != MP_OKAY) { goto error; } + /* Y = T2 - T1 */ + if ((err = mp_sub(&t2, &t1, &y)) != MP_OKAY) { goto error; } + if (mp_cmp_d(&y, 0) == MP_LT) { + if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; } + } + /* Y = Y/2 */ + if (mp_isodd(&y)) { + if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; } + } + if ((err = mp_div_2(&y, &y)) != MP_OKAY) { goto error; } - /* Yr = -Yp + s(Xp - Xr) */ - if ((err = mp_sub(&P->x, &tmpx, &tmp)) != MP_OKAY) { goto error; } /* tmp = Px - tmpx */ - if ((err = mp_mul(&tmp, &s, &tmp)) != MP_OKAY) { goto error; } /* tmp = tmp * s */ - if ((err = mp_submod(&tmp, &P->y, modulus, &R->y)) != MP_OKAY) { goto error; } /* Ry = tmp - Py mod modulus */ - if ((err = mp_mod(&tmpx, modulus, &R->x)) != MP_OKAY) { goto error; } /* Rx = tmpx mod modulus */ + if ((err = mp_copy(&x, &R->x)) != MP_OKAY) { goto error; } + if ((err = mp_copy(&y, &R->y)) != MP_OKAY) { goto error; } + if ((err = mp_copy(&z, &R->z)) != MP_OKAY) { goto error; } err = CRYPT_OK; goto done; error: err = mpi_to_ltc_error(err); done: - mp_clear_multi(&s, &tmpx, &tmp, NULL); + mp_clear_multi(&t1, &t2, &x, &y, &z, NULL); return err; } @@ -408,6 +589,7 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus) /* tG = G */ if ((err = mp_copy(&G->x, &tG->x)) != MP_OKAY) { goto error; } if ((err = mp_copy(&G->y, &tG->y)) != MP_OKAY) { goto error; } + if ((err = mp_copy(&G->z, &tG->z)) != MP_OKAY) { goto error; } /* calc the M tab, which holds kG for k==8..15 */ /* M[0] == 8G */ @@ -464,6 +646,7 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus) /* R = kG [k = first window] */ if ((err = mp_copy(&M[bitbuf-8]->x, &R->x)) != MP_OKAY) { goto error; } if ((err = mp_copy(&M[bitbuf-8]->y, &R->y)) != MP_OKAY) { goto error; } + if ((err = mp_copy(&M[bitbuf-8]->z, &R->z)) != MP_OKAY) { goto error; } first = 0; } else { /* normal window */ @@ -497,6 +680,7 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus) /* first add, so copy */ if ((err = mp_copy(&tG->x, &R->x)) != MP_OKAY) { goto error; } if ((err = mp_copy(&tG->y, &R->y)) != MP_OKAY) { goto error; } + if ((err = mp_copy(&tG->z, &R->z)) != MP_OKAY) { goto error; } first = 0; } else { /* then add */ @@ -505,7 +689,9 @@ static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus) } } } - err = CRYPT_OK; + + /* map R back from projective space */ + err = ecc_map(R, modulus, &mu); goto done; error: err = mpi_to_ltc_error(err); @@ -566,6 +752,7 @@ int ecc_test(void) if ((err = mp_read_radix(&G->x, (char *)sets[i].Gx, 64)) != MP_OKAY) { goto error; } if ((err = mp_read_radix(&G->y, (char *)sets[i].Gy, 64)) != MP_OKAY) { goto error; } + mp_set(&G->z, 1); /* then we should have G == (order + 1)G */ if ((err = mp_add_d(&order, 1, &order)) != MP_OKAY) { goto error; } @@ -629,9 +816,8 @@ int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) /* find key size */ for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++); keysize = sets[x].size; - LTC_ARGCHK(keysize <= ECC_MAXSIZE); - if (sets[x].size == 0) { + if (keysize > ECC_MAXSIZE || sets[x].size == 0) { return CRYPT_INVALID_KEYSIZE; } key->idx = x; @@ -650,13 +836,13 @@ int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) } /* setup the key variables */ - if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->k, &prime, NULL)) != MP_OKAY) { + if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL)) != MP_OKAY) { err = mpi_to_ltc_error(err); goto LBL_ERR; } base = new_point(); if (base == NULL) { - mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->k, &prime, NULL); + mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL); err = CRYPT_MEM; goto LBL_ERR; } @@ -665,6 +851,7 @@ int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) if ((err = mp_read_radix(&prime, (char *)sets[key->idx].prime, 64)) != MP_OKAY) { goto error; } if ((err = mp_read_radix(&base->x, (char *)sets[key->idx].Gx, 64)) != MP_OKAY) { goto error; } if ((err = mp_read_radix(&base->y, (char *)sets[key->idx].Gy, 64)) != MP_OKAY) { goto error; } + mp_set(&base->z, 1); if ((err = mp_read_unsigned_bin(&key->k, (unsigned char *)buf, keysize)) != MP_OKAY) { goto error; } /* make the public key */ @@ -675,6 +862,7 @@ int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) if ((err = mp_shrink(&key->k)) != MP_OKAY) { goto error; } if ((err = mp_shrink(&key->pubkey.x)) != MP_OKAY) { goto error; } if ((err = mp_shrink(&key->pubkey.y)) != MP_OKAY) { goto error; } + if ((err = mp_shrink(&key->pubkey.z)) != MP_OKAY) { goto error; } /* free up ram */ err = CRYPT_OK; @@ -701,7 +889,7 @@ LBL_ERR2: void ecc_free(ecc_key *key) { LTC_ARGCHK(key != NULL); - mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->k, NULL); + mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL); } static int compress_y_point(ecc_point *pt, int idx, int *result) @@ -865,7 +1053,7 @@ int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key) } /* init key */ - if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->k, NULL) != MP_OKAY) { + if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != MP_OKAY) { return CRYPT_MEM; } @@ -911,9 +1099,12 @@ int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key) mp_clear(&key->k); } + /* z is always 1 */ + mp_set(&key->pubkey.z, 1); + return CRYPT_OK; error: - mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->k, NULL); + mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL); return err; } diff --git a/src/pk/ecc/ecc_sys.c b/src/pk/ecc/ecc_sys.c index 9a92572..d5576f6 100644 --- a/src/pk/ecc/ecc_sys.c +++ b/src/pk/ecc/ecc_sys.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ /** @@ -520,9 +520,13 @@ int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, /* get bA + Y */ if ((err = add_point(&pubkey.pubkey, &key->pubkey, &pubkey.pubkey, &p, &mu)) != CRYPT_OK) { goto done; } + /* we have to transform it */ + if ((err = ecc_map(&pubkey.pubkey, &p, &mu)) != CRYPT_OK) { goto done; } + /* get mG */ if ((err = mp_read_radix(&mG->x, (char *)sets[key->idx].Gx, 64)) != MP_OKAY) { goto error; } if ((err = mp_read_radix(&mG->y, (char *)sets[key->idx].Gy, 64)) != MP_OKAY) { goto error; } + mp_set(&mG->z, 1); if ((err = ecc_mulmod(&m, mG, mG, &p)) != CRYPT_OK) { goto done; } /* compare mG to bA + Y */ diff --git a/src/pk/packet_store_header.c b/src/pk/packet_store_header.c index c86f00e..a2442cc 100644 --- a/src/pk/packet_store_header.c +++ b/src/pk/packet_store_header.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/packet_valid_header.c b/src/pk/packet_valid_header.c index 39eb0bb..b2eb9c9 100644 --- a/src/pk/packet_valid_header.c +++ b/src/pk/packet_valid_header.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/pkcs1/pkcs_1_i2osp.c b/src/pk/pkcs1/pkcs_1_i2osp.c index a1ce7e8..7f13626 100644 --- a/src/pk/pkcs1/pkcs_1_i2osp.c +++ b/src/pk/pkcs1/pkcs_1_i2osp.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/pkcs1/pkcs_1_mgf1.c b/src/pk/pkcs1/pkcs_1_mgf1.c index 48ec7b0..0fe177f 100644 --- a/src/pk/pkcs1/pkcs_1_mgf1.c +++ b/src/pk/pkcs1/pkcs_1_mgf1.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -30,7 +30,8 @@ int pkcs_1_mgf1(const unsigned char *seed, unsigned long seedlen, int hash_idx, unsigned char *mask, unsigned long masklen) { - unsigned long hLen, counter, x; + unsigned long hLen, x; + ulong32 counter; int err; hash_state *md; unsigned char *buf; diff --git a/src/pk/pkcs1/pkcs_1_oaep_decode.c b/src/pk/pkcs1/pkcs_1_oaep_decode.c index 32a1e36..82862c1 100644 --- a/src/pk/pkcs1/pkcs_1_oaep_decode.c +++ b/src/pk/pkcs1/pkcs_1_oaep_decode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -55,6 +55,11 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, hLen = hash_descriptor[hash_idx].hashsize; modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + /* test hash/message size */ + if ((2*hLen >= (modulus_len - 2)) || (msglen != modulus_len)) { + return CRYPT_PK_INVALID_SIZE; + } + /* allocate ram for DB/mask/salt of size modulus_len */ DB = XMALLOC(modulus_len); mask = XMALLOC(modulus_len); @@ -72,13 +77,6 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, return CRYPT_MEM; } - - /* test message size */ - if (msglen != modulus_len) { - err = CRYPT_PK_INVALID_SIZE; - goto LBL_ERR; - } - /* ok so it's now in the form 0x00 || maskedseed || maskedDB diff --git a/src/pk/pkcs1/pkcs_1_oaep_encode.c b/src/pk/pkcs1/pkcs_1_oaep_encode.c index 63fc1c8..7afea60 100644 --- a/src/pk/pkcs1/pkcs_1_oaep_encode.c +++ b/src/pk/pkcs1/pkcs_1_oaep_encode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -58,6 +58,11 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, hLen = hash_descriptor[hash_idx].hashsize; modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); + /* test message size */ + if ((2*hLen >= (modulus_len - 2)) || (msglen > (modulus_len - 2*hLen - 2))) { + return CRYPT_PK_INVALID_SIZE; + } + /* allocate ram for DB/mask/salt of size modulus_len */ DB = XMALLOC(modulus_len); mask = XMALLOC(modulus_len); @@ -75,12 +80,6 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, return CRYPT_MEM; } - /* test message size */ - if (msglen > (modulus_len - 2*hLen - 2)) { - err = CRYPT_PK_INVALID_SIZE; - goto LBL_ERR; - } - /* get lhash */ /* DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ x = modulus_len; diff --git a/src/pk/pkcs1/pkcs_1_os2ip.c b/src/pk/pkcs1/pkcs_1_os2ip.c index 4e786ad..db6b58c 100644 --- a/src/pk/pkcs1/pkcs_1_os2ip.c +++ b/src/pk/pkcs1/pkcs_1_os2ip.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/pkcs1/pkcs_1_pss_decode.c b/src/pk/pkcs1/pkcs_1_pss_decode.c index 6ea2e91..a19e7d8 100644 --- a/src/pk/pkcs1/pkcs_1_pss_decode.c +++ b/src/pk/pkcs1/pkcs_1_pss_decode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -53,6 +53,12 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, hLen = hash_descriptor[hash_idx].hashsize; modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); + /* check sizes */ + if ((saltlen > modulus_len) || + (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) { + return CRYPT_PK_INVALID_SIZE; + } + /* allocate ram for DB/mask/salt/hash of size modulus_len */ DB = XMALLOC(modulus_len); mask = XMALLOC(modulus_len); @@ -74,13 +80,6 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, return CRYPT_MEM; } - /* check sizes */ - if ((saltlen > modulus_len) || - (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) { - err = CRYPT_INVALID_ARG; - goto LBL_ERR; - } - /* ensure the 0xBC byte */ if (sig[siglen-1] != 0xBC) { err = CRYPT_OK; diff --git a/src/pk/pkcs1/pkcs_1_pss_encode.c b/src/pk/pkcs1/pkcs_1_pss_encode.c index e5adf5b..58a03d5 100644 --- a/src/pk/pkcs1/pkcs_1_pss_encode.c +++ b/src/pk/pkcs1/pkcs_1_pss_encode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -56,6 +56,11 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, hLen = hash_descriptor[hash_idx].hashsize; modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); + /* check sizes */ + if ((saltlen > modulus_len) || (modulus_len < hLen + saltlen + 2)) { + return CRYPT_PK_INVALID_SIZE; + } + /* allocate ram for DB/mask/salt/hash of size modulus_len */ DB = XMALLOC(modulus_len); mask = XMALLOC(modulus_len); @@ -78,12 +83,6 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, } - /* check sizes */ - if ((saltlen > modulus_len) || (modulus_len < hLen + saltlen + 2)) { - err = CRYPT_INVALID_ARG; - goto LBL_ERR; - } - /* generate random salt */ if (saltlen > 0) { if (prng_descriptor[prng_idx].read(salt, saltlen, prng) != saltlen) { diff --git a/src/pk/pkcs1/pkcs_1_v15_es_decode.c b/src/pk/pkcs1/pkcs_1_v15_es_decode.c index 7f0631c..fc54845 100644 --- a/src/pk/pkcs1/pkcs_1_v15_es_decode.c +++ b/src/pk/pkcs1/pkcs_1_v15_es_decode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/pkcs1/pkcs_1_v15_es_encode.c b/src/pk/pkcs1/pkcs_1_v15_es_encode.c index 8e18f8f..b6ac429 100644 --- a/src/pk/pkcs1/pkcs_1_v15_es_encode.c +++ b/src/pk/pkcs1/pkcs_1_v15_es_encode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/pkcs1/pkcs_1_v15_sa_decode.c b/src/pk/pkcs1/pkcs_1_v15_sa_decode.c index 595a0aa..7cad021 100644 --- a/src/pk/pkcs1/pkcs_1_v15_sa_decode.c +++ b/src/pk/pkcs1/pkcs_1_v15_sa_decode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/pkcs1/pkcs_1_v15_sa_encode.c b/src/pk/pkcs1/pkcs_1_v15_sa_encode.c index 70c88cb..60c77ef 100644 --- a/src/pk/pkcs1/pkcs_1_v15_sa_encode.c +++ b/src/pk/pkcs1/pkcs_1_v15_sa_encode.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_decrypt_key.c b/src/pk/rsa/rsa_decrypt_key.c index 95c94e3..3117715 100644 --- a/src/pk/rsa/rsa_decrypt_key.c +++ b/src/pk/rsa/rsa_decrypt_key.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_encrypt_key.c b/src/pk/rsa/rsa_encrypt_key.c index ab5b978..891b43e 100644 --- a/src/pk/rsa/rsa_encrypt_key.c +++ b/src/pk/rsa/rsa_encrypt_key.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_export.c b/src/pk/rsa/rsa_export.c index 1b52fac..951be70 100644 --- a/src/pk/rsa/rsa_export.c +++ b/src/pk/rsa/rsa_export.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -27,7 +27,7 @@ */ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key) { - int err; + int err, x; LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); @@ -37,7 +37,15 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) { return CRYPT_PK_INVALID_TYPE; } + if (*outlen < 4) { + return CRYPT_BUFFER_OVERFLOW; + } + /* Mental Note: push space for the header 0x30 0x82 LL LL (LL = length of packet EXcluding 4 bytes) + * we assume LL > 255 which is true since the smallest RSA key has a 128-byte modulus (1024-bit) + */ + *outlen -= 4; + if (type == PK_PRIVATE) { /* private key */ mp_int zero; @@ -50,17 +58,40 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key /* output is Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p */ - err = der_put_multi_integer(out, outlen, &zero, &key->N, &key->e, + if ((err = der_put_multi_integer( + out+4, outlen, &zero, &key->N, &key->e, &key->d, &key->p, &key->q, &key->dP, - &key->dQ, &key->qP, NULL); + &key->dQ, &key->qP, NULL)) != CRYPT_OK) { + mp_clear(&zero); + return err; + } /* clear zero and return */ mp_clear(&zero); - return err; } else { /* public key */ - return der_put_multi_integer(out, outlen, &key->N, &key->e, NULL); + if ((err = der_put_multi_integer(out+4, outlen, &key->N, &key->e, NULL)) != CRYPT_OK) { + return err; + } } + + /* store the header */ + out[0] = 0x30; + if (*outlen < 256) { + /* shift the output up one byte if the header is only 3 bytes */ + for (x = 0; x < *outlen; x++) { + out[x+3] = out[x+4]; + } + out[1] = 0x81; + out[2] = (*outlen & 255); + *outlen += 3; + } else { + out[1] = 0x82; + out[2] = (*outlen >> 8) & 255; + out[3] = (*outlen & 255); + *outlen += 4; + } + return err; } #endif /* MRSA */ diff --git a/src/pk/rsa/rsa_exptmod.c b/src/pk/rsa/rsa_exptmod.c index e7f7c6a..fda6cbb 100644 --- a/src/pk/rsa/rsa_exptmod.c +++ b/src/pk/rsa/rsa_exptmod.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_free.c b/src/pk/rsa/rsa_free.c index e828a72..85ade97 100644 --- a/src/pk/rsa/rsa_free.c +++ b/src/pk/rsa/rsa_free.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_import.c b/src/pk/rsa/rsa_import.c index 2c96f6c..6ceac44 100644 --- a/src/pk/rsa/rsa_import.c +++ b/src/pk/rsa/rsa_import.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -26,7 +26,7 @@ */ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) { - unsigned long x; + unsigned long x, y; int err; LTC_ARGCHK(in != NULL); @@ -38,6 +38,35 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) return mpi_to_ltc_error(err); } + /* check the header */ + if (inlen < 4) { + return CRYPT_INVALID_PACKET; + } + + /* should be 0x30 0x8{1|2} LL LL */ + if ((in[0] != 0x30) || ((in[1] != 0x81) && (in[1] != 0x82))) { + return CRYPT_INVALID_PACKET; + } + + /* ok all the ASN.1 params are fine so far, let's move up */ + x = ((unsigned long)in[2]); + y = 0; + if ((in[1] & 0x0f) == 2) { + x = (x << 8) + ((unsigned long)in[3]) + 1; + in += 1; + y = 1; + } + in += 3; /* advance input */ + x += 3; /* size of packet according to header */ + y += 3; /* used input */ + + if (x != inlen) { + return CRYPT_INVALID_PACKET; + } + + /* decrement inlen by the header size */ + inlen -= y; + /* read first number, it's either N or 0 [0 == private key] */ x = inlen; if ((err = der_get_multi_integer(in, &x, &key->N, NULL)) != CRYPT_OK) { diff --git a/src/pk/rsa/rsa_make_key.c b/src/pk/rsa/rsa_make_key.c index a37057b..9d49e3c 100644 --- a/src/pk/rsa/rsa_make_key.c +++ b/src/pk/rsa/rsa_make_key.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_sign_hash.c b/src/pk/rsa/rsa_sign_hash.c index 70f6259..b86ad64 100644 --- a/src/pk/rsa/rsa_sign_hash.c +++ b/src/pk/rsa/rsa_sign_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_v15_decrypt_key.c b/src/pk/rsa/rsa_v15_decrypt_key.c index d29aa15..eb5fe7d 100644 --- a/src/pk/rsa/rsa_v15_decrypt_key.c +++ b/src/pk/rsa/rsa_v15_decrypt_key.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_v15_encrypt_key.c b/src/pk/rsa/rsa_v15_encrypt_key.c index 4aaa4a7..d422f67 100644 --- a/src/pk/rsa/rsa_v15_encrypt_key.c +++ b/src/pk/rsa/rsa_v15_encrypt_key.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_v15_sign_hash.c b/src/pk/rsa/rsa_v15_sign_hash.c index 4571c68..7e9b350 100644 --- a/src/pk/rsa/rsa_v15_sign_hash.c +++ b/src/pk/rsa/rsa_v15_sign_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_v15_verify_hash.c b/src/pk/rsa/rsa_v15_verify_hash.c index bdf6bac..e742cba 100644 --- a/src/pk/rsa/rsa_v15_verify_hash.c +++ b/src/pk/rsa/rsa_v15_verify_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/pk/rsa/rsa_verify_hash.c b/src/pk/rsa/rsa_verify_hash.c index 910f093..7072083 100644 --- a/src/pk/rsa/rsa_verify_hash.c +++ b/src/pk/rsa/rsa_verify_hash.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/prngs/fortuna.c b/src/prngs/fortuna.c index fc054ee..4548a90 100644 --- a/src/prngs/fortuna.c +++ b/src/prngs/fortuna.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/prngs/rc4.c b/src/prngs/rc4.c index 63a4c55..750c38b 100644 --- a/src/prngs/rc4.c +++ b/src/prngs/rc4.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/prngs/rng_get_bytes.c b/src/prngs/rng_get_bytes.c index cac4acf..8519e0a 100644 --- a/src/prngs/rng_get_bytes.c +++ b/src/prngs/rng_get_bytes.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/prngs/rng_make_prng.c b/src/prngs/rng_make_prng.c index 49195d3..94132e7 100644 --- a/src/prngs/rng_make_prng.c +++ b/src/prngs/rng_make_prng.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/prngs/sober128.c b/src/prngs/sober128.c index 715742d..48667bd 100644 --- a/src/prngs/sober128.c +++ b/src/prngs/sober128.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/prngs/sprng.c b/src/prngs/sprng.c index e45d674..dce8347 100644 --- a/src/prngs/sprng.c +++ b/src/prngs/sprng.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" diff --git a/src/prngs/yarrow.c b/src/prngs/yarrow.c index cf5458a..1582856 100644 --- a/src/prngs/yarrow.c +++ b/src/prngs/yarrow.c @@ -6,7 +6,7 @@ * The library is free for all purposes without any express * guarantee it works. * - * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ #include "tomcrypt.h" @@ -222,9 +222,11 @@ unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state * int yarrow_done(prng_state *prng) { LTC_ARGCHK(prng != NULL); + /* call cipher done when we invent one ;-) */ - return CRYPT_OK; + /* we invented one */ + return ctr_done(&prng->yarrow.ctr); } /** diff --git a/demos/test/base64_test.c b/testprof/base64_test.c similarity index 86% rename from demos/test/base64_test.c rename to testprof/base64_test.c index b02c1a2..e93ebef 100644 --- a/demos/test/base64_test.c +++ b/testprof/base64_test.c @@ -1,4 +1,4 @@ -#include "test.h" +#include int base64_test(void) { @@ -6,7 +6,7 @@ int base64_test(void) unsigned long x, l1, l2; for (x = 0; x < 64; x++) { - yarrow_read(in, x, &test_yarrow); + yarrow_read(in, x, &yarrow_prng); l1 = sizeof(out); DO(base64_encode(in, x, out, &l1)); l2 = sizeof(tmp); diff --git a/demos/test/cipher_hash_test.c b/testprof/cipher_hash_test.c similarity index 97% rename from demos/test/cipher_hash_test.c rename to testprof/cipher_hash_test.c index 2737623..d2f3bfc 100644 --- a/demos/test/cipher_hash_test.c +++ b/testprof/cipher_hash_test.c @@ -1,6 +1,6 @@ /* test the ciphers and hashes using their built-in self-tests */ -#include "test.h" +#include int cipher_hash_test(void) { diff --git a/demos/test/der_tests.c b/testprof/der_tests.c similarity index 96% rename from demos/test/der_tests.c rename to testprof/der_tests.c index dd17f31..fe8eb00 100644 --- a/demos/test/der_tests.c +++ b/testprof/der_tests.c @@ -1,4 +1,4 @@ -#include "test.h" +#include #ifndef LTC_DER @@ -19,7 +19,7 @@ int der_tests(void) DO(mpi_to_ltc_error(mp_init_multi(&a, &b, &c, &d, &e, &f, &g, NULL))); for (zz = 0; zz < 16; zz++) { for (z = 0; z < 1024; z++) { - if (yarrow_read(buf[0], z, &test_yarrow) != z) { + if (yarrow_read(buf[0], z, &yarrow_prng) != z) { printf("Failed to read %lu bytes from yarrow\n", z); return 1; } diff --git a/demos/test/dh_tests.c b/testprof/dh_tests.c similarity index 84% rename from demos/test/dh_tests.c rename to testprof/dh_tests.c index 6977c58..feb74ac 100644 --- a/demos/test/dh_tests.c +++ b/testprof/dh_tests.c @@ -1,4 +1,4 @@ -#include "test.h" +#include #ifdef MDH @@ -12,8 +12,8 @@ int dh_tests (void) DO(dh_test()); /* make up two keys */ - DO(dh_make_key (&test_yarrow, find_prng ("yarrow"), 512, &usera)); - DO(dh_make_key (&test_yarrow, find_prng ("yarrow"), 512, &userb)); + DO(dh_make_key (&yarrow_prng, find_prng ("yarrow"), 512, &usera)); + DO(dh_make_key (&yarrow_prng, find_prng ("yarrow"), 512, &userb)); /* make the shared secret */ x = 4096; @@ -52,12 +52,12 @@ int dh_tests (void) dh_free (&userb); /* test encrypt_key */ - dh_make_key (&test_yarrow, find_prng ("yarrow"), 512, &usera); + dh_make_key (&yarrow_prng, find_prng ("yarrow"), 512, &usera); for (x = 0; x < 16; x++) { buf[0][x] = x; } y = sizeof (buf[1]); - DO(dh_encrypt_key (buf[0], 16, buf[1], &y, &test_yarrow, find_prng ("yarrow"), find_hash ("md5"), &usera)); + DO(dh_encrypt_key (buf[0], 16, buf[1], &y, &yarrow_prng, find_prng ("yarrow"), find_hash ("md5"), &usera)); zeromem (buf[0], sizeof (buf[0])); x = sizeof (buf[0]); DO(dh_decrypt_key (buf[1], y, buf[0], &x, &usera)); @@ -76,7 +76,7 @@ int dh_tests (void) buf[0][x] = x; } x = sizeof (buf[1]); - DO(dh_sign_hash (buf[0], 16, buf[1], &x, &test_yarrow , find_prng ("yarrow"), &usera)); + DO(dh_sign_hash (buf[0], 16, buf[1], &x, &yarrow_prng , find_prng ("yarrow"), &usera)); DO(dh_verify_hash (buf[1], x, buf[0], 16, &stat, &usera)); buf[0][0] ^= 1; DO(dh_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera)); diff --git a/demos/test/dsa_test.c b/testprof/dsa_test.c similarity index 90% rename from demos/test/dsa_test.c rename to testprof/dsa_test.c index c5eeb6d..cd2e89a 100644 --- a/demos/test/dsa_test.c +++ b/testprof/dsa_test.c @@ -1,4 +1,4 @@ -#include "test.h" +#include #ifdef MDSA @@ -10,7 +10,7 @@ int dsa_test(void) dsa_key key, key2; /* make a random key */ - DO(dsa_make_key(&test_yarrow, find_prng("yarrow"), 20, 128, &key)); + DO(dsa_make_key(&yarrow_prng, find_prng("yarrow"), 20, 128, &key)); /* verify it */ DO(dsa_verify_key(&key, &stat1)); @@ -18,7 +18,7 @@ int dsa_test(void) /* sign the message */ x = sizeof(out); - DO(dsa_sign_hash(msg, sizeof(msg), out, &x, &test_yarrow, find_prng("yarrow"), &key)); + DO(dsa_sign_hash(msg, sizeof(msg), out, &x, &yarrow_prng, find_prng("yarrow"), &key)); /* verify it once */ DO(dsa_verify_hash(out, x, msg, sizeof(msg), &stat1, &key)); diff --git a/demos/test/ecc_test.c b/testprof/ecc_test.c similarity index 84% rename from demos/test/ecc_test.c rename to testprof/ecc_test.c index 9121f92..0b37ba2 100644 --- a/demos/test/ecc_test.c +++ b/testprof/ecc_test.c @@ -1,4 +1,4 @@ -#include "test.h" +#include #ifdef MECC @@ -12,8 +12,8 @@ int ecc_tests (void) DO(ecc_test ()); /* make up two keys */ - DO(ecc_make_key (&test_yarrow, find_prng ("yarrow"), 65, &usera)); - DO(ecc_make_key (&test_yarrow, find_prng ("yarrow"), 65, &userb)); + DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), 65, &usera)); + DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), 65, &userb)); /* make the shared secret */ x = 4096; @@ -55,7 +55,7 @@ int ecc_tests (void) ecc_free (&userb); /* test encrypt_key */ - DO(ecc_make_key (&test_yarrow, find_prng ("yarrow"), 65, &usera)); + DO(ecc_make_key (&yarrow_prng, find_prng ("yarrow"), 65, &usera)); /* export key */ x = sizeof(buf[0]); @@ -69,7 +69,7 @@ int ecc_tests (void) buf[0][x] = x; } y = sizeof (buf[1]); - DO(ecc_encrypt_key (buf[0], 32, buf[1], &y, &test_yarrow, find_prng ("yarrow"), find_hash ("sha256"), &pubKey)); + DO(ecc_encrypt_key (buf[0], 32, buf[1], &y, &yarrow_prng, find_prng ("yarrow"), find_hash ("sha256"), &pubKey)); zeromem (buf[0], sizeof (buf[0])); x = sizeof (buf[0]); DO(ecc_decrypt_key (buf[1], y, buf[0], &x, &privKey)); @@ -87,12 +87,12 @@ int ecc_tests (void) buf[0][x] = x; } x = sizeof (buf[1]); - DO(ecc_sign_hash (buf[0], 16, buf[1], &x, &test_yarrow, find_prng ("yarrow"), &privKey)); + DO(ecc_sign_hash (buf[0], 16, buf[1], &x, &yarrow_prng, find_prng ("yarrow"), &privKey)); DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat, &pubKey)); buf[0][0] ^= 1; DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat2, &privKey)); if (!(stat == 1 && stat2 == 0)) { - printf("ecc_verify_hash failed"); + printf("ecc_verify_hash failed %d, %d, ", stat, stat2); return 1; } ecc_free (&usera); diff --git a/testprof/mac_test.c b/testprof/mac_test.c new file mode 100644 index 0000000..b076d7b --- /dev/null +++ b/testprof/mac_test.c @@ -0,0 +1,31 @@ +/* test pmac/omac/hmac */ +#include + +int mac_test(void) +{ +#ifdef HMAC + DO(hmac_test()); +#endif +#ifdef PMAC + DO(pmac_test()); +#endif +#ifdef OMAC + DO(omac_test()); +#endif +#ifdef EAX_MODE + DO(eax_test()); +#endif +#ifdef OCB_MODE + DO(ocb_test()); +#endif +#ifdef CCM_MODE + DO(ccm_test()); +#endif +#ifdef GCM_MODE + DO(gcm_test()); +#endif +#ifdef PELICAN + DO(pelican_test()); +#endif + return 0; +} diff --git a/testprof/makefile b/testprof/makefile new file mode 100644 index 0000000..f4be577 --- /dev/null +++ b/testprof/makefile @@ -0,0 +1,15 @@ +CFLAGS += -I../src/headers -I./ -Wall -W + +OBJECTS = base64_test.o cipher_hash_test.o der_tests.o dh_tests.o \ +dsa_test.o ecc_test.o mac_test.o modes_test.o pkcs_1_test.o rsa_test.o \ +store_test.o test.o x86_prof.o + +default: libtomcrypt_prof.a + +libtomcrypt_prof.a: $(OBJECTS) + $(AR) $(ARFLAGS) libtomcrypt_prof.a $(OBJECTS) + ranlib libtomcrypt_prof.a + +clean: + rm -f *.o *.a + diff --git a/testprof/makefile.icc b/testprof/makefile.icc new file mode 100644 index 0000000..c9226fb --- /dev/null +++ b/testprof/makefile.icc @@ -0,0 +1,15 @@ +CFLAGS += -I../src/headers -I./ -O3 -xP -ip +CC=icc + +OBJECTS = base64_test.o cipher_hash_test.o der_tests.o dh_tests.o \ +dsa_test.o ecc_test.o mac_test.o modes_test.o pkcs_1_test.o rsa_test.o \ +store_test.o test.o x86_prof.o + +default: libtomcrypt_prof.a + +libtomcrypt_prof.a: $(OBJECTS) + $(AR) $(ARFLAGS) libtomcrypt_prof.a $(OBJECTS) + +clean: + rm -f *.o *.a + diff --git a/testprof/makefile.msvc b/testprof/makefile.msvc new file mode 100644 index 0000000..6e15ffb --- /dev/null +++ b/testprof/makefile.msvc @@ -0,0 +1,10 @@ +CFLAGS = /I../src/headers/ /I./ /Ox /DWIN32 /W3 /Fo$@ + +OBJECTS=base64_test.obj cipher_hash_test.obj der_tests.obj dh_tests.obj \ +dsa_test.obj ecc_test.obj mac_test.obj modes_test.obj pkcs_1_test.obj \ +rsa_test.obj store_test.obj test.obj x86_prof.obj + +tomcrypt_prof.lib: $(OBJECTS) + lib /out:tomcrypt_prof.lib $(OBJECTS) + + diff --git a/testprof/makefile.shared b/testprof/makefile.shared new file mode 100644 index 0000000..b4219f0 --- /dev/null +++ b/testprof/makefile.shared @@ -0,0 +1,15 @@ +CC=libtool --mode=compile gcc + +CFLAGS += -I../src/headers -I./ -O3 -fomit-frame-pointer -funroll-loops -Wall -W + +OBJECTS = base64_test.o cipher_hash_test.o der_tests.o dh_tests.o \ +dsa_test.o ecc_test.o mac_test.o modes_test.o pkcs_1_test.o rsa_test.o \ +store_test.o test.o x86_prof.o + +default: $(LIBNAME) + +$(LIBNAME): $(OBJECTS) + libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | xargs` -o libtomcrypt_prof.la -rpath $(LIBPATH) -version-info $(VERSION) + libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]o" | xargs` -o libtomcrypt_prof.a + ranlib libtomcrypt_prof.a + libtool --silent --mode=install install -c libtomcrypt_prof.la $(LIBPATH)/libtomcrypt_prof.la diff --git a/demos/test/modes_test.c b/testprof/modes_test.c similarity index 84% rename from demos/test/modes_test.c rename to testprof/modes_test.c index 7494b4d..46beb8a 100644 --- a/demos/test/modes_test.c +++ b/testprof/modes_test.c @@ -1,10 +1,10 @@ /* test CFB/OFB/CBC modes */ -#include "test.h" +#include int modes_test(void) { unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16]; - int x, cipher_idx; + int cipher_idx; symmetric_CBC cbc; symmetric_CFB cfb; symmetric_OFB ofb; @@ -12,9 +12,9 @@ int modes_test(void) unsigned long l; /* make a random pt, key and iv */ - yarrow_read(pt, 64, &test_yarrow); - yarrow_read(key, 16, &test_yarrow); - yarrow_read(iv, 16, &test_yarrow); + yarrow_read(pt, 64, &yarrow_prng); + yarrow_read(key, 16, &yarrow_prng); + yarrow_read(iv, 16, &yarrow_prng); /* get idx of AES handy */ cipher_idx = find_cipher("aes"); @@ -23,6 +23,7 @@ int modes_test(void) return 1; } +#ifdef CBC /* test CBC mode */ /* encode the block */ DO(cbc_start(cipher_idx, iv, key, 16, 0, &cbc)); @@ -32,21 +33,19 @@ int modes_test(void) printf("cbc_getiv failed"); return 1; } - for (x = 0; x < 4; x++) { - DO(cbc_encrypt(pt+x*16, ct+x*16, &cbc)); - } + DO(cbc_encrypt(pt, ct, 64, &cbc)); /* decode the block */ DO(cbc_setiv(iv2, l, &cbc)); zeromem(tmp, sizeof(tmp)); - for (x = 0; x < 4; x++) { - DO(cbc_decrypt(ct+x*16, tmp+x*16, &cbc)); - } + DO(cbc_decrypt(ct, tmp, 64, &cbc)); if (memcmp(tmp, pt, 64) != 0) { printf("CBC failed"); return 1; } - +#endif + +#ifdef CFB /* test CFB mode */ /* encode the block */ DO(cfb_start(cipher_idx, iv, key, 16, 0, &cfb)); @@ -67,7 +66,9 @@ int modes_test(void) printf("CFB failed"); return 1; } +#endif +#ifdef OFB /* test OFB mode */ /* encode the block */ DO(ofb_start(cipher_idx, iv, key, 16, 0, &ofb)); @@ -87,7 +88,9 @@ int modes_test(void) printf("OFB failed"); return 1; } - +#endif + +#ifdef CTR /* test CTR mode */ /* encode the block */ DO(ctr_start(cipher_idx, iv, key, 16, 0, &ctr)); @@ -97,16 +100,17 @@ int modes_test(void) printf("ctr_getiv failed"); return 1; } - DO(ctr_encrypt(pt, ct, 64, &ctr)); + DO(ctr_encrypt(pt, ct, 57, &ctr)); /* decode the block */ DO(ctr_setiv(iv2, l, &ctr)); zeromem(tmp, sizeof(tmp)); - DO(ctr_decrypt(ct, tmp, 64, &ctr)); - if (memcmp(tmp, pt, 64) != 0) { + DO(ctr_decrypt(ct, tmp, 57, &ctr)); + if (memcmp(tmp, pt, 57) != 0) { printf("CTR failed"); return 1; } +#endif return 0; } diff --git a/demos/test/pkcs_1_test.c b/testprof/pkcs_1_test.c similarity index 94% rename from demos/test/pkcs_1_test.c rename to testprof/pkcs_1_test.c index 52af7b6..40cf630 100644 --- a/demos/test/pkcs_1_test.c +++ b/testprof/pkcs_1_test.c @@ -1,4 +1,4 @@ -#include "test.h" +#include #ifdef PKCS_1 @@ -31,7 +31,7 @@ int pkcs_1_test(void) /* PKCS v1.5 testing (encryption) */ l1 = sizeof(buf[1]); - DO(pkcs_1_v15_es_encode(buf[0], l3, modlen, &test_yarrow, prng_idx, buf[1], &l1)); + DO(pkcs_1_v15_es_encode(buf[0], l3, modlen, &yarrow_prng, prng_idx, buf[1], &l1)); DO(pkcs_1_v15_es_decode(buf[1], l1, modlen, buf[2], l3, &res1)); if (res1 != 1 || memcmp(buf[0], buf[2], l3)) { printf("pkcs v1.5 encrypt failed %d, %lu, %lu ", res1, l1, l3); @@ -64,7 +64,7 @@ int pkcs_1_test(void) /* encode it */ l1 = sizeof(buf[1]); - DO(pkcs_1_oaep_encode(buf[0], l3, lparam, lparamlen, modlen, &test_yarrow, prng_idx, hash_idx, buf[1], &l1)); + DO(pkcs_1_oaep_encode(buf[0], l3, lparam, lparamlen, modlen, &yarrow_prng, prng_idx, hash_idx, buf[1], &l1)); /* decode it */ l2 = sizeof(buf[2]); @@ -86,7 +86,7 @@ int pkcs_1_test(void) /* test PSS */ l1 = sizeof(buf[1]); - DO(pkcs_1_pss_encode(buf[0], l3, saltlen, &test_yarrow, prng_idx, hash_idx, modlen, buf[1], &l1)); + DO(pkcs_1_pss_encode(buf[0], l3, saltlen, &yarrow_prng, prng_idx, hash_idx, modlen, buf[1], &l1)); DO(pkcs_1_pss_decode(buf[0], l3, buf[1], l1, saltlen, hash_idx, modlen, &res1)); buf[0][i1 = abs(rand()) % l3] ^= 1; diff --git a/demos/test/rsa_test.c b/testprof/rsa_test.c similarity index 81% rename from demos/test/rsa_test.c rename to testprof/rsa_test.c index 4ff1962..f114e49 100644 --- a/demos/test/rsa_test.c +++ b/testprof/rsa_test.c @@ -1,4 +1,4 @@ -#include "test.h" +#include #ifdef MRSA @@ -19,20 +19,56 @@ int rsa_test(void) return 1; } - /* make a random key */ - DO(rsa_make_key(&test_yarrow, prng_idx, 1024/8, 65537, &key)); + /* make 10 random key */ + for (cnt = 0; cnt < 10; cnt++) { + DO(rsa_make_key(&yarrow_prng, prng_idx, 1024/8, 65537, &key)); + if (mp_count_bits(&key.N) != 1024) { + printf("rsa_1024 key modulus has %d bits\n", mp_count_bits(&key.N)); + +len = mp_unsigned_bin_size(&key.N); +mp_to_unsigned_bin(&key.N, tmp); +printf("N == \n"); +for (cnt = 0; cnt < len; ) { + printf("%02x ", tmp[cnt]); + if (!(++cnt & 15)) printf("\n"); +} + +len = mp_unsigned_bin_size(&key.p); +mp_to_unsigned_bin(&key.p, tmp); +printf("p == \n"); +for (cnt = 0; cnt < len; ) { + printf("%02x ", tmp[cnt]); + if (!(++cnt & 15)) printf("\n"); +} + +len = mp_unsigned_bin_size(&key.q); +mp_to_unsigned_bin(&key.q, tmp); +printf("\nq == \n"); +for (cnt = 0; cnt < len; ) { + printf("%02x ", tmp[cnt]); + if (!(++cnt & 15)) printf("\n"); +} +printf("\n"); + + + return 1; + } + if (cnt != 9) { + rsa_free(&key); + } + } /* test PKCS #1 v1.5 */ for (cnt = 0; cnt < 4; cnt++) { for (rsa_msgsize = 1; rsa_msgsize <= 117; rsa_msgsize++) { /* make a random key/msg */ - yarrow_read(in, rsa_msgsize, &test_yarrow); + yarrow_read(in, rsa_msgsize, &yarrow_prng); len = sizeof(out); len2 = rsa_msgsize; /* encrypt */ - DO(rsa_v15_encrypt_key(in, rsa_msgsize, out, &len, &test_yarrow, prng_idx, &key)); + DO(rsa_v15_encrypt_key(in, rsa_msgsize, out, &len, &yarrow_prng, prng_idx, &key)); DO(rsa_v15_decrypt_key(out, len, tmp, rsa_msgsize, &stat, &key)); if (stat != 1 || memcmp(tmp, in, rsa_msgsize)) { printf("PKCS #1 v1.5 encrypt/decrypt failure (rsa_msgsize: %lu, stat: %d)\n", rsa_msgsize, stat); @@ -57,12 +93,12 @@ int rsa_test(void) for (cnt = 0; cnt < 4; cnt++) { for (rsa_msgsize = 1; rsa_msgsize <= 86; rsa_msgsize++) { /* make a random key/msg */ - yarrow_read(in, rsa_msgsize, &test_yarrow); + yarrow_read(in, rsa_msgsize, &yarrow_prng); len = sizeof(out); len2 = rsa_msgsize; - DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, NULL, 0, &test_yarrow, prng_idx, hash_idx, &key)); + DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, NULL, 0, &yarrow_prng, prng_idx, hash_idx, &key)); /* change a byte */ out[8] ^= 1; DO(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat2, &key)); @@ -107,7 +143,7 @@ int rsa_test(void) for (rsa_msgsize = 1; rsa_msgsize <= 86; rsa_msgsize++) { len = sizeof(out); len2 = rsa_msgsize; - DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, lparam, sizeof(lparam), &test_yarrow, prng_idx, hash_idx, &key)); + DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, lparam, sizeof(lparam), &yarrow_prng, prng_idx, hash_idx, &key)); /* change a byte */ out[8] ^= 1; DO(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat2, &key)); @@ -132,7 +168,7 @@ int rsa_test(void) /* sign a message (unsalted, lower cholestorol and Atkins approved) now */ len = sizeof(out); - DO(rsa_sign_hash(in, 20, out, &len, &test_yarrow, prng_idx, hash_idx, 0, &key)); + DO(rsa_sign_hash(in, 20, out, &len, &yarrow_prng, prng_idx, hash_idx, 0, &key)); /* export key and import as both private and public */ len2 = sizeof(tmp); @@ -190,7 +226,7 @@ int rsa_test(void) /* sign a message (salted) now (use privKey to make, pubKey to verify) */ len = sizeof(out); - DO(rsa_sign_hash(in, 20, out, &len, &test_yarrow, prng_idx, hash_idx, 8, &privKey)); + DO(rsa_sign_hash(in, 20, out, &len, &yarrow_prng, prng_idx, hash_idx, 8, &privKey)); DO(rsa_verify_hash(out, len, in, 20, hash_idx, 8, &stat, &pubKey)); /* change a byte */ in[0] ^= 1; diff --git a/demos/test/store_test.c b/testprof/store_test.c similarity index 95% rename from demos/test/store_test.c rename to testprof/store_test.c index e033594..41b2f92 100644 --- a/demos/test/store_test.c +++ b/testprof/store_test.c @@ -1,11 +1,11 @@ -#include "test.h" +#include /* Test store/load macros with offsets */ int store_test(void) { unsigned char buf[24]; - unsigned long L, L1; int y; + ulong32 L, L1; ulong64 LL, LL1; L = 0x12345678UL; diff --git a/testprof/test.c b/testprof/test.c new file mode 100644 index 0000000..9f6df71 --- /dev/null +++ b/testprof/test.c @@ -0,0 +1,9 @@ +#include + +void run_cmd(int res, int line, char *file, char *cmd) +{ + if (res != CRYPT_OK) { + fprintf(stderr, "%s (%d)\n%s:%d:%s\n", error_to_string(res), res, file, line, cmd); + exit(EXIT_FAILURE); + } +} diff --git a/testprof/tomcrypt_test.h b/testprof/tomcrypt_test.h new file mode 100644 index 0000000..fc28430 --- /dev/null +++ b/testprof/tomcrypt_test.h @@ -0,0 +1,73 @@ + +#ifndef __TEST_H_ +#define __TEST_H_ + +#include + +/* enable stack testing */ +// #define STACK_TEST + +/* stack testing, define this if stack usage goes downwards [e.g. x86] */ +#define STACK_DOWN + +typedef struct { + char *name, *prov, *req; + int (*entry)(void); +} test_entry; + +extern prng_state yarrow_prng; + +void run_cmd(int res, int line, char *file, char *cmd); +#define DO(x) { run_cmd((x), __LINE__, __FILE__, #x); } + +/* TESTS */ +int cipher_hash_test(void); +int modes_test(void); +int mac_test(void); +int pkcs_1_test(void); +int store_test(void); +int rsa_test(void); +int ecc_tests(void); +int dsa_test(void); +int dh_tests(void); +int der_tests(void); + +/* timing */ +#define KTIMES 25 +#define TIMES 100000 + +extern struct list { + int id; + unsigned long spd1, spd2, avg; +} results[]; + +extern int no_results; + +int sorter(const void *a, const void *b); +void tally_results(int type); +ulong64 rdtsc (void); + +void t_start(void); +ulong64 t_read(void); +void init_timer(void); + +/* register default algs */ +void reg_algs(void); +int time_keysched(void); +int time_cipher(void); +int time_cipher2(void); +int time_cipher3(void); +int time_hash(void); +void time_mult(void); +void time_sqr(void); +void time_prng(void); +void time_rsa(void); +void time_ecc(void); +void time_dh(void); +void time_macs_(unsigned long MAC_SIZE); +void time_macs(void); +void time_encmacs(void); + + + +#endif diff --git a/demos/x86_prof.c b/testprof/x86_prof.c similarity index 61% rename from demos/x86_prof.c rename to testprof/x86_prof.c index f6ba8a8..edccf55 100644 --- a/demos/x86_prof.c +++ b/testprof/x86_prof.c @@ -1,15 +1,9 @@ -#include +#include -#define KTIMES 25 -#define TIMES 100000 - -struct list { - int id; - unsigned long spd1, spd2, avg; -} results[100]; +prng_state yarrow_prng; +struct list results[100]; int no_results; - int sorter(const void *a, const void *b) { const struct list *A, *B; @@ -35,7 +29,7 @@ void tally_results(int type) } else if (type == 1) { for (x = 0; x < no_results; x++) { printf - ("%-20s[%2d]: Encrypt at %5lu, Decrypt at %5lu\n", cipher_descriptor[results[x].id].name, cipher_descriptor[results[x].id].ID, results[x].spd1, results[x].spd2); + ("%-20s[%3d]: Encrypt at %5lu, Decrypt at %5lu\n", cipher_descriptor[results[x].id].name, cipher_descriptor[results[x].id].ID, results[x].spd1, results[x].spd2); } } else { for (x = 0; x < no_results; x++) { @@ -46,12 +40,16 @@ void tally_results(int type) } /* RDTSC from Scott Duplichan */ -static ulong64 rdtsc (void) +ulong64 rdtsc (void) { #if defined __GNUC__ - #if defined(__i386__) || defined(__x86_64__) - unsigned long long a; - __asm__ __volatile__ ("rdtsc\nmovl %%eax,%0\nmovl %%edx,4+%0\n"::"m"(a):"%eax","%edx"); + #ifdef INTEL_CC + ulong64 a; + asm ( " rdtsc ":"=A"(a)); + return a; + #elif defined(__i386__) || defined(__x86_64__) + ulong64 a; + asm __volatile__ ("rdtsc\nmovl %%eax,(%0)\nmovl %%edx,4(%0)\n"::"r"(&a):"%eax","%edx"); return a; #else /* gcc-IA64 version */ unsigned long result; @@ -76,8 +74,7 @@ static ulong64 rdtsc (void) #endif } -ulong64 timer, skew = 0; -prng_state prng; +static ulong64 timer, skew = 0; void t_start(void) { @@ -99,10 +96,10 @@ void init_timer(void) t_start(); t1 = t_read(); t3 = t_read(); - t2 = t_read() - t1; + t2 = (t_read() - t1)>>1; - c1 = (c1 > t1) ? t1 : c1; - c2 = (c2 > t2) ? t2 : c2; + c1 = (t1 > c1) ? t1 : c1; + c2 = (t2 > c2) ? t2 : c2; } skew = c2 - c1; printf("Clock Skew: %lu\n", (unsigned long)skew); @@ -220,7 +217,7 @@ register_prng(&rc4_desc); register_prng(&sober128_desc); #endif -rng_make_prng(128, find_prng("yarrow"), &prng, NULL); +rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL); } int time_keysched(void) @@ -241,7 +238,7 @@ int time_keysched(void) kl = cipher_descriptor[x].min_key_length; c1 = (ulong64)-1; for (y1 = 0; y1 < KTIMES; y1++) { - yarrow_read(key, kl, &prng); + yarrow_read(key, kl, &yarrow_prng); t_start(); DO1(key); t1 = t_read(); @@ -263,16 +260,14 @@ int time_cipher(void) { unsigned long x, y1; ulong64 t1, t2, c1, c2, a1, a2; - symmetric_key skey; - void (*func) (const unsigned char *, unsigned char *, symmetric_key *); - unsigned char key[MAXBLOCKSIZE], pt[MAXBLOCKSIZE]; + symmetric_ECB ecb; + unsigned char key[MAXBLOCKSIZE], pt[4096]; int err; printf ("\n\nECB Time Trials for the Symmetric Ciphers:\n"); no_results = 0; for (x = 0; cipher_descriptor[x].name != NULL; x++) { - cipher_descriptor[x].setup (key, cipher_descriptor[x].min_key_length, 0, - &skey); + ecb_start(x, key, cipher_descriptor[x].min_key_length, 0, &ecb); /* sanity check on cipher */ if ((err = cipher_descriptor[x].test()) != CRYPT_OK) { @@ -280,12 +275,11 @@ int time_cipher(void) exit(EXIT_FAILURE); } -#define DO1 func(pt,pt,&skey); +#define DO1 ecb_encrypt(pt, pt, sizeof(pt), &ecb); #define DO2 DO1 DO1 - func = cipher_descriptor[x].ecb_encrypt; c1 = c2 = (ulong64)-1; - for (y1 = 0; y1 < TIMES; y1++) { + for (y1 = 0; y1 < 100; y1++) { t_start(); DO1; t1 = t_read(); @@ -298,10 +292,13 @@ int time_cipher(void) } a1 = c2 - c1 - skew; +#undef DO1 +#undef DO2 +#define DO1 ecb_decrypt(pt, pt, sizeof(pt), &ecb); +#define DO2 DO1 DO1 - func = cipher_descriptor[x].ecb_decrypt; c1 = c2 = (ulong64)-1; - for (y1 = 0; y1 < TIMES; y1++) { + for (y1 = 0; y1 < 100; y1++) { t_start(); DO1; t1 = t_read(); @@ -315,8 +312,8 @@ int time_cipher(void) a2 = c2 - c1 - skew; results[no_results].id = x; - results[no_results].spd1 = a1/cipher_descriptor[x].block_length; - results[no_results].spd2 = a2/cipher_descriptor[x].block_length;; + results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length); + results[no_results].spd2 = a2/(sizeof(pt)/cipher_descriptor[x].block_length); results[no_results].avg = (results[no_results].spd1 + results[no_results].spd2+1)/2; ++no_results; printf("."); fflush(stdout); @@ -329,6 +326,154 @@ int time_cipher(void) return 0; } +#ifdef CBC +int time_cipher2(void) +{ + unsigned long x, y1; + ulong64 t1, t2, c1, c2, a1, a2; + symmetric_CBC cbc; + unsigned char key[MAXBLOCKSIZE], pt[4096]; + int err; + + printf ("\n\nCBC Time Trials for the Symmetric Ciphers:\n"); + no_results = 0; + for (x = 0; cipher_descriptor[x].name != NULL; x++) { + cbc_start(x, pt, key, cipher_descriptor[x].min_key_length, 0, &cbc); + + /* sanity check on cipher */ + if ((err = cipher_descriptor[x].test()) != CRYPT_OK) { + fprintf(stderr, "\n\nERROR: Cipher %s failed self-test %s\n", cipher_descriptor[x].name, error_to_string(err)); + exit(EXIT_FAILURE); + } + +#define DO1 cbc_encrypt(pt, pt, sizeof(pt), &cbc); +#define DO2 DO1 DO1 + + c1 = c2 = (ulong64)-1; + for (y1 = 0; y1 < 100; y1++) { + t_start(); + DO1; + t1 = t_read(); + DO2; + t2 = t_read(); + t2 -= t1; + + c1 = (t1 > c1 ? c1 : t1); + c2 = (t2 > c2 ? c2 : t2); + } + a1 = c2 - c1 - skew; + +#undef DO1 +#undef DO2 +#define DO1 cbc_decrypt(pt, pt, sizeof(pt), &cbc); +#define DO2 DO1 DO1 + + c1 = c2 = (ulong64)-1; + for (y1 = 0; y1 < 100; y1++) { + t_start(); + DO1; + t1 = t_read(); + DO2; + t2 = t_read(); + t2 -= t1; + + c1 = (t1 > c1 ? c1 : t1); + c2 = (t2 > c2 ? c2 : t2); + } + a2 = c2 - c1 - skew; + + results[no_results].id = x; + results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length); + results[no_results].spd2 = a2/(sizeof(pt)/cipher_descriptor[x].block_length); + results[no_results].avg = (results[no_results].spd1 + results[no_results].spd2+1)/2; + ++no_results; + printf("."); fflush(stdout); + +#undef DO2 +#undef DO1 + } + tally_results(1); + + return 0; +} +#else +int time_cipher2(void) { printf("NO CBC\n"); return 0; } +#endif + +#ifdef CTR +int time_cipher3(void) +{ + unsigned long x, y1; + ulong64 t1, t2, c1, c2, a1, a2; + symmetric_CTR ctr; + unsigned char key[MAXBLOCKSIZE], pt[4096]; + int err; + + printf ("\n\nCTR Time Trials for the Symmetric Ciphers:\n"); + no_results = 0; + for (x = 0; cipher_descriptor[x].name != NULL; x++) { + ctr_start(x, pt, key, cipher_descriptor[x].min_key_length, 0, &ctr); + + /* sanity check on cipher */ + if ((err = cipher_descriptor[x].test()) != CRYPT_OK) { + fprintf(stderr, "\n\nERROR: Cipher %s failed self-test %s\n", cipher_descriptor[x].name, error_to_string(err)); + exit(EXIT_FAILURE); + } + +#define DO1 ctr_encrypt(pt, pt, sizeof(pt), &ctr); +#define DO2 DO1 DO1 + + c1 = c2 = (ulong64)-1; + for (y1 = 0; y1 < 100; y1++) { + t_start(); + DO1; + t1 = t_read(); + DO2; + t2 = t_read(); + t2 -= t1; + + c1 = (t1 > c1 ? c1 : t1); + c2 = (t2 > c2 ? c2 : t2); + } + a1 = c2 - c1 - skew; + +#undef DO1 +#undef DO2 +#define DO1 ctr_decrypt(pt, pt, sizeof(pt), &ctr); +#define DO2 DO1 DO1 + + c1 = c2 = (ulong64)-1; + for (y1 = 0; y1 < 100; y1++) { + t_start(); + DO1; + t1 = t_read(); + DO2; + t2 = t_read(); + t2 -= t1; + + c1 = (t1 > c1 ? c1 : t1); + c2 = (t2 > c2 ? c2 : t2); + } + a2 = c2 - c1 - skew; + + results[no_results].id = x; + results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length); + results[no_results].spd2 = a2/(sizeof(pt)/cipher_descriptor[x].block_length); + results[no_results].avg = (results[no_results].spd1 + results[no_results].spd2+1)/2; + ++no_results; + printf("."); fflush(stdout); + +#undef DO2 +#undef DO1 + } + tally_results(1); + + return 0; +} +#else +int time_cipher3(void) { printf("NO CTR\n"); return 0; } +#endif + int time_hash(void) { unsigned long x, y1, len; @@ -380,6 +525,7 @@ int time_hash(void) return 0; } +#ifdef MPI void time_mult(void) { ulong64 t1, t2; @@ -409,7 +555,7 @@ void time_mult(void) #undef DO1 #undef DO2 -} +} void time_sqr(void) { @@ -439,7 +585,11 @@ void time_sqr(void) #undef DO1 #undef DO2 -} +} +#else +void time_mult(void) { printf("NO MULT\n"); } +void time_sqr(void) { printf("NO SQR\n"); } +#endif void time_prng(void) { @@ -492,7 +642,8 @@ void time_prng(void) } } - + +#ifdef MRSA /* time various RSA operations */ void time_rsa(void) { @@ -507,7 +658,7 @@ void time_rsa(void) for (y = 0; y < 16; y++) { t_start(); t1 = t_read(); - if ((err = rsa_make_key(&prng, find_prng("yarrow"), x/8, 65537, &key)) != CRYPT_OK) { + if ((err = rsa_make_key(&yarrow_prng, find_prng("yarrow"), x/8, 65537, &key)) != CRYPT_OK) { fprintf(stderr, "\n\nrsa_make_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); exit(EXIT_FAILURE); } @@ -526,7 +677,7 @@ void time_rsa(void) t_start(); t1 = t_read(); z = sizeof(buf[1]); - if ((err = rsa_encrypt_key(buf[0], 32, buf[1], &z, "testprog", 8, &prng, + if ((err = rsa_encrypt_key(buf[0], 32, buf[1], &z, "testprog", 8, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"), &key)) != CRYPT_OK) { fprintf(stderr, "\n\nrsa_encrypt_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); @@ -558,7 +709,11 @@ void time_rsa(void) rsa_free(&key); } } +#else +void time_rsa(void) { printf("NO RSA\n"); } +#endif +#ifdef MECC /* time various ECC operations */ void time_ecc(void) { @@ -574,7 +729,7 @@ void time_ecc(void) for (y = 0; y < 16; y++) { t_start(); t1 = t_read(); - if ((err = ecc_make_key(&prng, find_prng("yarrow"), x, &key)) != CRYPT_OK) { + if ((err = ecc_make_key(&yarrow_prng, find_prng("yarrow"), x, &key)) != CRYPT_OK) { fprintf(stderr, "\n\necc_make_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); exit(EXIT_FAILURE); } @@ -593,7 +748,7 @@ void time_ecc(void) t_start(); t1 = t_read(); z = sizeof(buf[1]); - if ((err = ecc_encrypt_key(buf[0], 20, buf[1], &z, &prng, find_prng("yarrow"), find_hash("sha1"), + if ((err = ecc_encrypt_key(buf[0], 20, buf[1], &z, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"), &key)) != CRYPT_OK) { fprintf(stderr, "\n\necc_encrypt_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); exit(EXIT_FAILURE); @@ -606,7 +761,11 @@ void time_ecc(void) ecc_free(&key); } } +#else +void time_ecc(void) { printf("NO ECC\n"); } +#endif +#ifdef MDH /* time various DH operations */ void time_dh(void) { @@ -622,7 +781,7 @@ void time_dh(void) for (y = 0; y < 16; y++) { t_start(); t1 = t_read(); - if ((err = dh_make_key(&prng, find_prng("yarrow"), x, &key)) != CRYPT_OK) { + if ((err = dh_make_key(&yarrow_prng, find_prng("yarrow"), x, &key)) != CRYPT_OK) { fprintf(stderr, "\n\ndh_make_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); exit(EXIT_FAILURE); } @@ -641,7 +800,7 @@ void time_dh(void) t_start(); t1 = t_read(); z = sizeof(buf[1]); - if ((err = dh_encrypt_key(buf[0], 20, buf[1], &z, &prng, find_prng("yarrow"), find_hash("sha1"), + if ((err = dh_encrypt_key(buf[0], 20, buf[1], &z, &yarrow_prng, find_prng("yarrow"), find_hash("sha1"), &key)) != CRYPT_OK) { fprintf(stderr, "\n\ndh_encrypt_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); exit(EXIT_FAILURE); @@ -654,9 +813,11 @@ void time_dh(void) dh_free(&key); } } +#else +void time_dh(void) { printf("NO DH\n"); } +#endif -#define MAC_SIZE 32 -void time_macs(void) +void time_macs_(unsigned long MAC_SIZE) { unsigned char *buf, key[16], tag[16]; ulong64 t1, t2; @@ -674,9 +835,10 @@ void time_macs(void) cipher_idx = find_cipher("aes"); hash_idx = find_hash("md5"); - yarrow_read(buf, MAC_SIZE*1024, &prng); - yarrow_read(key, 16, &prng); + yarrow_read(buf, MAC_SIZE*1024, &yarrow_prng); + yarrow_read(key, 16, &yarrow_prng); +#ifdef OMAC t2 = -1; for (x = 0; x < 10000; x++) { t_start(); @@ -690,7 +852,9 @@ void time_macs(void) if (t1 < t2) t2 = t1; } printf("OMAC-AES\t\t%9llu\n", t2/(MAC_SIZE*1024)); +#endif +#ifdef PMAC t2 = -1; for (x = 0; x < 10000; x++) { t_start(); @@ -704,7 +868,25 @@ void time_macs(void) if (t1 < t2) t2 = t1; } printf("PMAC-AES\t\t%9llu\n", t2/(MAC_SIZE*1024)); +#endif +#ifdef PELICAN + t2 = -1; + for (x = 0; x < 10000; x++) { + t_start(); + t1 = t_read(); + z = 16; + if ((err = pelican_memory(key, 16, buf, MAC_SIZE*1024, tag)) != CRYPT_OK) { + fprintf(stderr, "\n\npelican error... %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } + t1 = t_read() - t1; + if (t1 < t2) t2 = t1; + } + printf("PELICAN \t\t%9llu\n", t2/(MAC_SIZE*1024)); +#endif + +#ifdef HMAC t2 = -1; for (x = 0; x < 10000; x++) { t_start(); @@ -718,28 +900,145 @@ void time_macs(void) if (t1 < t2) t2 = t1; } printf("HMAC-MD5\t\t%9llu\n", t2/(MAC_SIZE*1024)); +#endif XFREE(buf); } -int main(void) +void time_macs(void) { - reg_algs(); - - printf("Timings for ciphers and hashes. Times are listed as cycles per byte processed.\n\n"); - -// init_timer(); - time_mult(); - time_sqr(); - time_rsa(); - time_dh(); - time_ecc(); - time_prng(); - time_cipher(); - time_keysched(); - time_hash(); - time_macs(); - - return EXIT_SUCCESS; + time_macs_(1); + time_macs_(4); + time_macs_(32); } +void time_encmacs_(unsigned long MAC_SIZE) +{ + unsigned char *buf, IV[16], key[16], tag[16]; + ulong64 t1, t2; + unsigned long x, z; + int err, cipher_idx; + + printf("\nENC+MAC Timings (zero byte AAD, 16 byte IV, cycles/byte on %dKB blocks):\n", MAC_SIZE); + + buf = XMALLOC(MAC_SIZE*1024); + if (buf == NULL) { + fprintf(stderr, "\n\nout of heap yo\n\n"); + exit(EXIT_FAILURE); + } + + cipher_idx = find_cipher("aes"); + + yarrow_read(buf, MAC_SIZE*1024, &yarrow_prng); + yarrow_read(key, 16, &yarrow_prng); + yarrow_read(IV, 16, &yarrow_prng); + +#ifdef EAX_MODE + t2 = -1; + for (x = 0; x < 10000; x++) { + t_start(); + t1 = t_read(); + z = 16; + if ((err = eax_encrypt_authenticate_memory(cipher_idx, key, 16, IV, 16, NULL, 0, buf, MAC_SIZE*1024, buf, tag, &z)) != CRYPT_OK) { + fprintf(stderr, "\nEAX error... %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } + t1 = t_read() - t1; + if (t1 < t2) t2 = t1; + } + printf("EAX \t\t%9llu\n", t2/(MAC_SIZE*1024)); +#endif + +#ifdef OCB_MODE + t2 = -1; + for (x = 0; x < 10000; x++) { + t_start(); + t1 = t_read(); + z = 16; + if ((err = ocb_encrypt_authenticate_memory(cipher_idx, key, 16, IV, buf, MAC_SIZE*1024, buf, tag, &z)) != CRYPT_OK) { + fprintf(stderr, "\nOCB error... %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } + t1 = t_read() - t1; + if (t1 < t2) t2 = t1; + } + printf("OCB \t\t%9llu\n", t2/(MAC_SIZE*1024)); +#endif + +#ifdef CCM_MODE + t2 = -1; + for (x = 0; x < 10000; x++) { + t_start(); + t1 = t_read(); + z = 16; + if ((err = ccm_memory(cipher_idx, key, 16, IV, 16, NULL, 0, buf, MAC_SIZE*1024, buf, tag, &z, CCM_ENCRYPT)) != CRYPT_OK) { + fprintf(stderr, "\nCCM error... %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } + t1 = t_read() - t1; + if (t1 < t2) t2 = t1; + } + printf("CCM \t\t%9llu\n", t2/(MAC_SIZE*1024)); +#endif + +#ifdef GCM_MODE + t2 = -1; + for (x = 0; x < 100; x++) { + t_start(); + t1 = t_read(); + z = 16; + if ((err = gcm_memory(cipher_idx, key, 16, IV, 16, NULL, 0, buf, MAC_SIZE*1024, buf, tag, &z, GCM_ENCRYPT)) != CRYPT_OK) { + fprintf(stderr, "\nGCM error... %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } + t1 = t_read() - t1; + if (t1 < t2) t2 = t1; + } + printf("GCM (no-precomp)\t%9llu\n", t2/(MAC_SIZE*1024)); + + { + gcm_state gcm; + + if ((err = gcm_init(&gcm, cipher_idx, key, 16)) != CRYPT_OK) { printf("gcm_init: %s\n", error_to_string(err)); exit(EXIT_FAILURE); } + t2 = -1; + for (x = 0; x < 10000; x++) { + t_start(); + t1 = t_read(); + z = 16; + if ((err = gcm_reset(&gcm)) != CRYPT_OK) { + fprintf(stderr, "\nGCM error[%d]... %s\n", __LINE__, error_to_string(err)); + exit(EXIT_FAILURE); + } + if ((err = gcm_add_iv(&gcm, IV, 16)) != CRYPT_OK) { + fprintf(stderr, "\nGCM error[%d]... %s\n", __LINE__, error_to_string(err)); + exit(EXIT_FAILURE); + } + if ((err = gcm_add_aad(&gcm, NULL, 0)) != CRYPT_OK) { + fprintf(stderr, "\nGCM error[%d]... %s\n", __LINE__, error_to_string(err)); + exit(EXIT_FAILURE); + } + if ((err = gcm_process(&gcm, buf, MAC_SIZE*1024, buf, GCM_ENCRYPT)) != CRYPT_OK) { + fprintf(stderr, "\nGCM error[%d]... %s\n", __LINE__, error_to_string(err)); + exit(EXIT_FAILURE); + } + + if ((err = gcm_done(&gcm, tag, &z)) != CRYPT_OK) { + fprintf(stderr, "\nGCM error[%d]... %s\n", __LINE__, error_to_string(err)); + exit(EXIT_FAILURE); + } + t1 = t_read() - t1; + if (t1 < t2) t2 = t1; + } + printf("GCM (precomp)\t%9llu\n", t2/(MAC_SIZE*1024)); + } + +#endif + +} + +void time_encmacs(void) +{ + time_encmacs_(1); + time_encmacs_(4); + time_encmacs_(32); +}