added libtomcrypt-1.10
This commit is contained in:
parent
a3ce807bae
commit
99b6d03203
2
Doxyfile
2
Doxyfile
@ -23,7 +23,7 @@ PROJECT_NAME = LibTomCrypt
|
||||
# This could be handy for archiving the generated documentation or
|
||||
# if some version control system is used.
|
||||
|
||||
PROJECT_NUMBER = 1.09
|
||||
PROJECT_NUMBER = 1.10
|
||||
|
||||
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
|
||||
# base path where the generated documentation will be put.
|
||||
|
12
changes
12
changes
@ -1,3 +1,11 @@
|
||||
February 11th, 2006
|
||||
v1.10 -- Free ecb/cbc/ctr/lrw structures in timing code by calling the "done" function
|
||||
-- fixed bug in lrw_process() which would always use the slow update ...
|
||||
-- vastly sped up gcm_gf_mult() when LTC_FAST is defined. This speeds up LRW and GCM state creation, useful for servers with GCM
|
||||
-- Removed NLS since there are some attacks against it.
|
||||
-- fixed memory leak in rsa_import reported by John Kuhns
|
||||
++ re-released as the rsa fix was incorrect (bad John bad ... hehehe) and I missed some NULLs in the static descriptor entry for ciphers
|
||||
|
||||
January 26th, 2006
|
||||
v1.09 -- Added missing doxygen comments to some of the ASN.1 routines
|
||||
-- Added "easy button" define LTC_EASY and LTC will build with a subset of all the algos. Reduces build times for typical
|
||||
@ -1405,6 +1413,6 @@ v0.02 -- Changed RC5 to only allow 12 to 24 rounds
|
||||
v0.01 -- We will call this the first version.
|
||||
|
||||
/* $Source: /cvs/libtom/libtomcrypt/changes,v $ */
|
||||
/* $Revision: 1.168 $ */
|
||||
/* $Date: 2006/01/26 18:15:51 $ */
|
||||
/* $Revision: 1.173 $ */
|
||||
/* $Date: 2006/02/11 09:18:11 $ */
|
||||
|
||||
|
@ -47,7 +47,7 @@
|
||||
\def\gap{\vspace{0.5ex}}
|
||||
\makeindex
|
||||
\begin{document}
|
||||
\title{LibTomCrypt \\ Version 1.09}
|
||||
\title{LibTomCrypt \\ Version 1.10}
|
||||
\author{Tom St Denis \\
|
||||
\\
|
||||
tomstdenis@gmail.com \\
|
||||
@ -5181,5 +5181,5 @@ Since the function is given the entire RSA key (for private keys only) CRT is po
|
||||
\end{document}
|
||||
|
||||
% $Source: /cvs/libtom/libtomcrypt/crypt.tex,v $
|
||||
% $Revision: 1.62 $
|
||||
% $Date: 2006/01/26 18:29:02 $
|
||||
% $Revision: 1.63 $
|
||||
% $Date: 2006/01/26 19:20:46 $
|
||||
|
@ -18,6 +18,7 @@ time_keysched();
|
||||
time_cipher();
|
||||
time_cipher2();
|
||||
time_cipher3();
|
||||
time_cipher4();
|
||||
time_hash();
|
||||
time_macs();
|
||||
time_encmacs();
|
||||
|
BIN
doc/crypt.pdf
BIN
doc/crypt.pdf
Binary file not shown.
11
makefile
11
makefile
@ -4,7 +4,7 @@
|
||||
# Modified by Clay Culver
|
||||
|
||||
# The version
|
||||
VERSION=1.09
|
||||
VERSION=1.10
|
||||
|
||||
# Compiler and Linker Names
|
||||
#CC=gcc
|
||||
@ -113,9 +113,8 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa
|
||||
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
|
||||
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
|
||||
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
|
||||
src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
|
||||
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
|
||||
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
|
||||
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
|
||||
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
|
||||
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
|
||||
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
|
||||
src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
|
||||
@ -365,5 +364,5 @@ zipup: no_oops docs
|
||||
|
||||
|
||||
# $Source: /cvs/libtom/libtomcrypt/makefile,v $
|
||||
# $Revision: 1.114 $
|
||||
# $Date: 2006/01/26 06:12:31 $
|
||||
# $Revision: 1.116 $
|
||||
# $Date: 2006/01/29 15:53:38 $
|
||||
|
@ -100,9 +100,8 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa
|
||||
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
|
||||
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
|
||||
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
|
||||
src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
|
||||
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
|
||||
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
|
||||
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
|
||||
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
|
||||
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
|
||||
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
|
||||
src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
|
||||
@ -270,6 +269,6 @@ install: library
|
||||
install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
|
||||
|
||||
# $Source: /cvs/libtom/libtomcrypt/makefile.icc,v $
|
||||
# $Revision: 1.49 $
|
||||
# $Date: 2006/01/26 06:12:31 $
|
||||
# $Revision: 1.50 $
|
||||
# $Date: 2006/01/29 15:53:38 $
|
||||
|
||||
|
@ -15,9 +15,8 @@ src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_ad
|
||||
src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \
|
||||
src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \
|
||||
src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \
|
||||
src/encauth/nls/nls_memory.obj src/encauth/nls/nlsfast.obj src/encauth/ocb/ocb_decrypt.obj \
|
||||
src/encauth/ocb/ocb_decrypt_verify_memory.obj src/encauth/ocb/ocb_done_decrypt.obj \
|
||||
src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
|
||||
src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
|
||||
src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
|
||||
src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
|
||||
src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \
|
||||
src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj src/hashes/helper/hash_filehandle.obj \
|
||||
@ -133,5 +132,5 @@ timing: demos/timing.c library
|
||||
cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib $(EXTRALIBS)
|
||||
|
||||
# $Source: /cvs/libtom/libtomcrypt/makefile.msvc,v $
|
||||
# $Revision: 1.29 $
|
||||
# $Date: 2006/01/26 06:12:31 $
|
||||
# $Revision: 1.30 $
|
||||
# $Date: 2006/01/29 15:53:38 $
|
||||
|
@ -6,7 +6,7 @@
|
||||
# Tom St Denis
|
||||
|
||||
# The version
|
||||
VERSION=0:109
|
||||
VERSION=0:110
|
||||
|
||||
# Compiler and Linker Names
|
||||
CC=libtool --mode=compile gcc
|
||||
@ -107,9 +107,8 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa
|
||||
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
|
||||
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
|
||||
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
|
||||
src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
|
||||
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
|
||||
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
|
||||
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
|
||||
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
|
||||
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
|
||||
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
|
||||
src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
|
||||
@ -259,5 +258,5 @@ timing: library testprof/$(LIBTEST) $(TIMINGS)
|
||||
gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS)
|
||||
|
||||
# $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $
|
||||
# $Revision: 1.43 $
|
||||
# $Date: 2006/01/26 06:12:31 $
|
||||
# $Revision: 1.45 $
|
||||
# $Date: 2006/01/29 15:53:38 $
|
||||
|
@ -15,8 +15,50 @@
|
||||
*/
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#if defined(GCM_TABLES) || defined(LRW_TABLES) || ((defined(GCM_MODE) || defined(GCM_MODE)) && defined(LTC_FAST))
|
||||
|
||||
/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the
|
||||
* lower 16 bits are not zero'ed I removed the upper 14 bytes */
|
||||
const unsigned char gcm_shift_table[256*2] = {
|
||||
0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
|
||||
0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
|
||||
0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
|
||||
0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
|
||||
0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
|
||||
0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
|
||||
0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
|
||||
0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
|
||||
0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
|
||||
0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
|
||||
0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
|
||||
0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
|
||||
0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
|
||||
0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
|
||||
0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
|
||||
0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
|
||||
0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
|
||||
0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
|
||||
0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
|
||||
0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
|
||||
0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
|
||||
0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
|
||||
0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
|
||||
0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
|
||||
0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
|
||||
0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
|
||||
0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
|
||||
0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
|
||||
0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
|
||||
0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
|
||||
0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
|
||||
0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
#if defined(GCM_MODE) || defined(LRW_MODE)
|
||||
|
||||
#ifndef LTC_FAST
|
||||
/* right shift */
|
||||
static void gcm_rightshift(unsigned char *a)
|
||||
{
|
||||
@ -33,7 +75,7 @@ static const unsigned char poly[] = { 0x00, 0xE1 };
|
||||
|
||||
|
||||
/**
|
||||
GCM GF multiplier (internal use only)
|
||||
GCM GF multiplier (internal use only) bitserial
|
||||
@param a First value
|
||||
@param b Second value
|
||||
@param c Destination for a * b
|
||||
@ -57,8 +99,123 @@ void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *
|
||||
}
|
||||
XMEMCPY(c, Z, 16);
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
/* map normal numbers to "ieee" way ... e.g. bit reversed */
|
||||
#define M(x) ( ((x&8)>>3) | ((x&4)>>1) | ((x&2)<<1) | ((x&1)<<3) )
|
||||
|
||||
#define BPD (sizeof(LTC_FAST_TYPE) * 8)
|
||||
#define WPV (1 + (16 / sizeof(LTC_FAST_TYPE)))
|
||||
|
||||
/**
|
||||
GCM GF multiplier (internal use only) word oriented
|
||||
@param a First value
|
||||
@param b Second value
|
||||
@param c Destination for a * b
|
||||
*/
|
||||
void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
|
||||
{
|
||||
int i, j, k, u;
|
||||
LTC_FAST_TYPE B[16][WPV], tmp[32 / sizeof(LTC_FAST_TYPE)], pB[16 / sizeof(LTC_FAST_TYPE)], zz, z;
|
||||
unsigned char pTmp[32];
|
||||
|
||||
/* create simple tables */
|
||||
zeromem(B[0], sizeof(B[0]));
|
||||
zeromem(B[M(1)], sizeof(B[M(1)]));
|
||||
|
||||
#ifdef ENDIAN_32BITWORD
|
||||
for (i = 0; i < 4; i++) {
|
||||
LOAD32H(B[M(1)][i], a + (i<<2));
|
||||
LOAD32L(pB[i], b + (i<<2));
|
||||
}
|
||||
#else
|
||||
for (i = 0; i < 2; i++) {
|
||||
LOAD64H(B[M(1)][i], a + (i<<3));
|
||||
LOAD64L(pB[i], b + (i<<3));
|
||||
}
|
||||
#endif
|
||||
|
||||
/* now create 2, 4 and 8 */
|
||||
B[M(2)][0] = B[M(1)][0] >> 1;
|
||||
B[M(4)][0] = B[M(1)][0] >> 2;
|
||||
B[M(8)][0] = B[M(1)][0] >> 3;
|
||||
for (i = 1; i < (int)WPV; i++) {
|
||||
B[M(2)][i] = (B[M(1)][i-1] << (BPD-1)) | (B[M(1)][i] >> 1);
|
||||
B[M(4)][i] = (B[M(1)][i-1] << (BPD-2)) | (B[M(1)][i] >> 2);
|
||||
B[M(8)][i] = (B[M(1)][i-1] << (BPD-3)) | (B[M(1)][i] >> 3);
|
||||
}
|
||||
|
||||
/* now all values with two bits which are 3, 5, 6, 9, 10, 12 */
|
||||
for (i = 0; i < (int)WPV; i++) {
|
||||
B[M(3)][i] = B[M(1)][i] ^ B[M(2)][i];
|
||||
B[M(5)][i] = B[M(1)][i] ^ B[M(4)][i];
|
||||
B[M(6)][i] = B[M(2)][i] ^ B[M(4)][i];
|
||||
B[M(9)][i] = B[M(1)][i] ^ B[M(8)][i];
|
||||
B[M(10)][i] = B[M(2)][i] ^ B[M(8)][i];
|
||||
B[M(12)][i] = B[M(8)][i] ^ B[M(4)][i];
|
||||
|
||||
/* now all 3 bit values and the only 4 bit value: 7, 11, 13, 14, 15 */
|
||||
B[M(7)][i] = B[M(3)][i] ^ B[M(4)][i];
|
||||
B[M(11)][i] = B[M(3)][i] ^ B[M(8)][i];
|
||||
B[M(13)][i] = B[M(1)][i] ^ B[M(12)][i];
|
||||
B[M(14)][i] = B[M(6)][i] ^ B[M(8)][i];
|
||||
B[M(15)][i] = B[M(7)][i] ^ B[M(8)][i];
|
||||
}
|
||||
|
||||
zeromem(tmp, sizeof(tmp));
|
||||
|
||||
/* compute product four bits of each word at a time */
|
||||
/* for each nibble */
|
||||
for (i = (BPD/4)-1; i >= 0; i--) {
|
||||
/* for each word */
|
||||
for (j = 0; j < (int)(WPV-1); j++) {
|
||||
/* grab the 4 bits recall the nibbles are backwards so it's a shift by (i^1)*4 */
|
||||
u = (pB[j] >> ((i^1)<<2)) & 15;
|
||||
|
||||
/* add offset by the word count the table looked up value to the result */
|
||||
for (k = 0; k < (int)WPV; k++) {
|
||||
tmp[k+j] ^= B[u][k];
|
||||
}
|
||||
}
|
||||
/* shift result up by 4 bits */
|
||||
if (i != 0) {
|
||||
for (z = j = 0; j < (int)(32 / sizeof(LTC_FAST_TYPE)); j++) {
|
||||
zz = tmp[j] << (BPD-4);
|
||||
tmp[j] = (tmp[j] >> 4) | z;
|
||||
z = zz;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* store product */
|
||||
#ifdef ENDIAN_32BITWORD
|
||||
for (i = 0; i < 8; i++) {
|
||||
STORE32H(tmp[i], pTmp + (i<<2));
|
||||
}
|
||||
#else
|
||||
for (i = 0; i < 4; i++) {
|
||||
STORE64H(tmp[i], pTmp + (i<<3));
|
||||
}
|
||||
#endif
|
||||
|
||||
/* reduce by taking most significant byte and adding the appropriate two byte sequence 16 bytes down */
|
||||
for (i = 31; i >= 16; i--) {
|
||||
pTmp[i-16] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)];
|
||||
pTmp[i-15] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)+1];
|
||||
}
|
||||
|
||||
for (i = 0; i < 16; i++) {
|
||||
c[i] = pTmp[i];
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
/* $Source$ */
|
||||
/* $Revision$ */
|
||||
/* $Date$ */
|
||||
|
||||
|
@ -17,46 +17,6 @@
|
||||
|
||||
#ifdef GCM_MODE
|
||||
|
||||
#ifdef GCM_TABLES
|
||||
|
||||
/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the
|
||||
* lower 16 bits are not zero'ed I removed the upper 14 bytes */
|
||||
static const unsigned char gcm_shift_table[256*2] = {
|
||||
0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
|
||||
0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
|
||||
0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
|
||||
0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
|
||||
0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
|
||||
0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
|
||||
0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
|
||||
0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
|
||||
0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
|
||||
0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
|
||||
0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
|
||||
0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
|
||||
0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
|
||||
0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
|
||||
0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
|
||||
0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
|
||||
0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
|
||||
0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
|
||||
0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
|
||||
0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
|
||||
0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
|
||||
0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
|
||||
0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
|
||||
0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
|
||||
0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
|
||||
0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
|
||||
0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
|
||||
0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
|
||||
0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
|
||||
0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
|
||||
0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
|
||||
0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
|
||||
|
||||
#endif
|
||||
|
||||
/**
|
||||
Initialize a GCM state
|
||||
@param gcm The GCM state to initialize
|
||||
|
@ -1,94 +0,0 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/**
|
||||
@file nls_memory.c
|
||||
NLS support, process a block of memory, Tom St Denis
|
||||
*/
|
||||
|
||||
#ifdef NLS_MODE
|
||||
|
||||
int nls_memory(const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *IV, unsigned long IVlen,
|
||||
const unsigned char *adata, unsigned long adatalen,
|
||||
unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct,
|
||||
unsigned char *tag, unsigned long taglen,
|
||||
int direction)
|
||||
{
|
||||
nls_state *nls;
|
||||
int err;
|
||||
|
||||
LTC_ARGCHK(key != NULL);
|
||||
LTC_ARGCHK(IV != NULL);
|
||||
if (adatalen > 0) {
|
||||
LTC_ARGCHK(adata != NULL);
|
||||
}
|
||||
LTC_ARGCHK(pt != NULL);
|
||||
LTC_ARGCHK(ct != NULL);
|
||||
if (taglen > 0) {
|
||||
LTC_ARGCHK(tag != NULL);
|
||||
}
|
||||
|
||||
/* alloc NLS state */
|
||||
nls = XCALLOC(1, sizeof(*nls));
|
||||
if (nls == NULL) {
|
||||
return CRYPT_MEM;
|
||||
}
|
||||
|
||||
/* init key and IV */
|
||||
if ((err = nls_key(nls, key, keylen)) != CRYPT_OK) {
|
||||
goto done;
|
||||
}
|
||||
if ((err = nls_nonce(nls, IV, IVlen)) != CRYPT_OK) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* process adata */
|
||||
if (adatalen > 0) {
|
||||
if ((err = nls_maconly(nls, adata, adatalen)) != CRYPT_OK) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
/* process msg */
|
||||
if (direction == NLS_ENCRYPT) {
|
||||
if ((err = nls_encrypt(nls, pt, nbytes, ct)) != CRYPT_OK) {
|
||||
goto done;
|
||||
}
|
||||
} else {
|
||||
if ((err = nls_decrypt(nls, ct, nbytes, pt)) != CRYPT_OK) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
/* grab tag */
|
||||
if (taglen > 0) {
|
||||
if ((err = nls_finish(nls, tag, taglen)) != CRYPT_OK) {
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
|
||||
err = CRYPT_OK;
|
||||
done:
|
||||
#ifdef LTC_CLEAN_STACK
|
||||
zeromem(nls, sizeof(*nls));
|
||||
#endif
|
||||
XFREE(nls);
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* $Source$ */
|
||||
/* $Revision$ */
|
||||
/* $Date$ */
|
@ -1,981 +0,0 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/**
|
||||
@file nlsfast.c
|
||||
NLS support, entire suite, Tom St Denis
|
||||
*/
|
||||
|
||||
|
||||
/* Id: nlsfast.c 346 2005-04-22 18:36:12Z mwp */
|
||||
/* nlsfast: NLS stream cipher and Mundja MAC -- fast implementation */
|
||||
|
||||
/*
|
||||
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
|
||||
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
||||
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND AGAINST
|
||||
INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
|
||||
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
|
||||
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
||||
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
|
||||
/* This source has been modified from the original source for the LibTomCrypt project
|
||||
* by Tom St Denis. (Warnings fixed and code GNU indented)
|
||||
*/
|
||||
|
||||
#include "tomcrypt.h"
|
||||
|
||||
#ifdef NLS_MODE
|
||||
|
||||
#define NLS_LONG_OUTPUT 1
|
||||
#define N 17
|
||||
#define NMAC 8
|
||||
#define WORDSIZE 32
|
||||
#define F16 0x10001ul
|
||||
#define MACKONST 8
|
||||
|
||||
/* interface, multiplication table and SBox */
|
||||
#include "nlssbox.inc"
|
||||
#include "nlsmultab.inc"
|
||||
/*
|
||||
* FOLD is how many register cycles need to be performed after combining the
|
||||
* last byte of key and non-linear feedback, before every byte depends on every
|
||||
* byte of the key. This depends on the feedback and nonlinear functions, and
|
||||
* on where they are combined into the register.
|
||||
*/
|
||||
#define FOLD N /* how many iterations of folding to do */
|
||||
#define INITKONST 0x6996c53a /* value of KONST to use during key loading */
|
||||
#define KEYP 15 /* where to insert key words */
|
||||
#define FOLDP 4 /* where to insert non-linear feedback */
|
||||
#if NLS_LONG_OUTPUT
|
||||
#define CTRP 2 /* where to insert counter to avoid small cycles */
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
|
||||
#define Byte(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
|
||||
|
||||
/* define IS_LITTLE_ENDIAN for faster operation when appropriate */
|
||||
#if defined(ENDIAN_LITTLE) && defined(ENDIAN_32BITWORD)
|
||||
/* Useful macros -- little endian words on a little endian machine */
|
||||
#define BYTE2WORD(b) (*(ulong32 *)(b))
|
||||
#define WORD2BYTE(w, b) ((*(ulong32 *)(b)) = w)
|
||||
#define XORWORD(w, b) ((*(ulong32 *)(b)) ^= w)
|
||||
#else
|
||||
/* Useful macros -- machine independent little-endian version */
|
||||
#define BYTE2WORD(b) ( \
|
||||
(((ulong32)(b)[3] & 0xFF)<<24) | \
|
||||
(((ulong32)(b)[2] & 0xFF)<<16) | \
|
||||
(((ulong32)(b)[1] & 0xFF)<<8) | \
|
||||
(((ulong32)(b)[0] & 0xFF)) \
|
||||
)
|
||||
#define WORD2BYTE(w, b) { \
|
||||
(b)[3] = Byte(w,3); \
|
||||
(b)[2] = Byte(w,2); \
|
||||
(b)[1] = Byte(w,1); \
|
||||
(b)[0] = Byte(w,0); \
|
||||
}
|
||||
#define XORWORD(w, b) { \
|
||||
(b)[3] ^= Byte(w,3); \
|
||||
(b)[2] ^= Byte(w,2); \
|
||||
(b)[1] ^= Byte(w,1); \
|
||||
(b)[0] ^= Byte(w,0); \
|
||||
}
|
||||
#endif
|
||||
|
||||
#if NLS_LONG_OUTPUT
|
||||
#define ZEROCOUNTER(c) c->CtrModF16 = c->CtrMod232 = 0
|
||||
#else
|
||||
#define ZEROCOUNTER(c) /* nothing */
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
|
||||
/* give correct offset for the current position of the register,
|
||||
* where logically R[0] is at position "zero".
|
||||
*/
|
||||
#define OFF(zero, i) (((zero)+(i)) % N)
|
||||
|
||||
#if NLS_LONG_OUTPUT
|
||||
/* Increment counter and mix into register every so often */
|
||||
#define FIXCTR(c,z) \
|
||||
{ \
|
||||
if (++c->CtrModF16 == F16) { \
|
||||
c->CtrMod232 += c->CtrModF16; \
|
||||
c->R[OFF(z,CTRP)] += c->CtrMod232; \
|
||||
c->CtrMod232 = 0; \
|
||||
} \
|
||||
}
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
|
||||
/* step the shift register */
|
||||
/* After stepping, "zero" moves right one place */
|
||||
#define STEP(c,z) \
|
||||
{ register ulong32 tt; \
|
||||
tt = ROL(c->R[OFF(z,0)],19) + ROL(c->R[OFF(z,15)],9) + c->konst; \
|
||||
tt ^= Sbox[(tt >> 24) & 0xFF]; \
|
||||
c->R[OFF(z,0)] = tt ^ c->R[OFF(z,4)]; \
|
||||
}
|
||||
static void cycle(nls_state * c)
|
||||
{
|
||||
ulong32 t;
|
||||
int i;
|
||||
|
||||
/* nonlinear feedback function */
|
||||
STEP(c, 0);
|
||||
/* shift register */
|
||||
t = c->R[0];
|
||||
for (i = 1; i < N; ++i)
|
||||
c->R[i - 1] = c->R[i];
|
||||
c->R[N - 1] = t;
|
||||
#if NLS_LONG_OUTPUT
|
||||
FIXCTR(c, 0);
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
}
|
||||
|
||||
/* Return a non-linear function of some parts of the register.
|
||||
*/
|
||||
#define NLFUNC(c,z) \
|
||||
(c->R[OFF(z,0)] + c->R[OFF(z,16)]) \
|
||||
^ (c->R[OFF(z,1)] + c->konst) \
|
||||
^ (c->R[OFF(z,6)] + c->R[OFF(z,13)])
|
||||
|
||||
static ulong32 nltap(nls_state * c)
|
||||
{
|
||||
return NLFUNC(c, 0);
|
||||
}
|
||||
|
||||
/* The Mundja MAC function is modelled after the round function of SHA-256.
|
||||
* The following lines establish aliases for the MAC accumulator, just
|
||||
* so that the definition of that function looks more like FIPS-180-2.
|
||||
*/
|
||||
#define A c->M[0]
|
||||
#define B c->M[1]
|
||||
#define C c->M[2]
|
||||
#define D c->M[3]
|
||||
#define E c->M[4]
|
||||
#define F c->M[5]
|
||||
#define G c->M[6]
|
||||
#define H c->M[7]
|
||||
#define SIGMA0(x) (ROR((x), 2) ^ ROR((x), 13) ^ ROR((x), 22))
|
||||
#define SIGMA1(x) (ROR((x), 6) ^ ROR((x), 11) ^ ROR((x), 25))
|
||||
#define CHOOSE(x,y,z) (z ^ (x & (y ^ z)))
|
||||
#define MAJORITY(x,y,z) ((x & y) | (z & (x | y)))
|
||||
|
||||
/* Accumulate a nonlinear function of a register word and an input word for MAC.
|
||||
* Except for the added S-Box and SOBER LFSR input instead of constants,
|
||||
* this is exactly a round of SHA-256.
|
||||
*/
|
||||
#define SHAFUNC(c,i,k,A,B,C,D,E,F,G,H) \
|
||||
{ \
|
||||
ulong32 t1; \
|
||||
t1 = H + k + i; \
|
||||
t1 ^= Sbox[(t1 >> 24) & 0xFF]; \
|
||||
t1 += SIGMA1(E) + CHOOSE(E, F, G); \
|
||||
D += t1; \
|
||||
t1 += SIGMA0(A) + MAJORITY(A, B, C); \
|
||||
H = t1; \
|
||||
}
|
||||
|
||||
static void shafunc(nls_state * c, ulong32 i)
|
||||
{
|
||||
ulong32 t;
|
||||
|
||||
SHAFUNC(c, i, c->R[MACKONST], A, B, C, D, E, F, G, H);
|
||||
/* now correct alignment of MAC accumulator */
|
||||
t = c->M[NMAC - 1];
|
||||
for (i = NMAC - 1; i > 0; --i)
|
||||
c->M[i] = c->M[i - 1];
|
||||
c->M[0] = t;
|
||||
}
|
||||
|
||||
/* Accumulate a CRC of input words, later to be fed into MAC.
|
||||
*/
|
||||
#define CRCFUNC(c,i,zero,five) \
|
||||
{ \
|
||||
ulong32 t1; \
|
||||
t1 = (c->CRC[zero] << 8) ^ Multab[(c->CRC[zero] >> 24) & 0xFF] \
|
||||
^ c->CRC[five] ^ i; \
|
||||
c->CRC[zero] = t1; \
|
||||
}
|
||||
|
||||
static void crcfunc(nls_state * c, ulong32 i)
|
||||
{
|
||||
ulong32 t;
|
||||
|
||||
CRCFUNC(c, i, 0, 5);
|
||||
/* now correct alignment of CRC accumulator */
|
||||
t = c->CRC[0];
|
||||
for (i = 1; i < NMAC; ++i)
|
||||
c->CRC[i - 1] = c->CRC[i];
|
||||
c->CRC[NMAC - 1] = t;
|
||||
}
|
||||
|
||||
/* Normal MAC word processing: do both SHA and CRC.
|
||||
*/
|
||||
static void macfunc(nls_state * c, ulong32 i)
|
||||
{
|
||||
crcfunc(c, i);
|
||||
shafunc(c, i);
|
||||
}
|
||||
|
||||
/* initialise to known state
|
||||
*/
|
||||
static void nls_initstate(nls_state * c)
|
||||
{
|
||||
int i;
|
||||
|
||||
/* Register initialised to Fibonacci numbers */
|
||||
c->R[0] = 1;
|
||||
c->R[1] = 1;
|
||||
for (i = 2; i < N; ++i)
|
||||
c->R[i] = c->R[i - 1] + c->R[i - 2];
|
||||
c->konst = INITKONST;
|
||||
ZEROCOUNTER(c);
|
||||
}
|
||||
|
||||
/* Save the current register state
|
||||
*/
|
||||
static void nls_savestate(nls_state * c)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < N; ++i)
|
||||
c->initR[i] = c->R[i];
|
||||
}
|
||||
|
||||
/* initialise to previously saved register state
|
||||
*/
|
||||
static void nls_reloadstate(nls_state * c)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < N; ++i)
|
||||
c->R[i] = c->initR[i];
|
||||
ZEROCOUNTER(c);
|
||||
}
|
||||
|
||||
/* Initialise "konst"
|
||||
*/
|
||||
static void nls_genkonst(nls_state * c)
|
||||
{
|
||||
ulong32 newkonst;
|
||||
|
||||
do {
|
||||
cycle(c);
|
||||
newkonst = nltap(c);
|
||||
}
|
||||
while ((newkonst & 0xFF000000) == 0);
|
||||
c->konst = newkonst;
|
||||
}
|
||||
|
||||
/* Load key material into the register
|
||||
*/
|
||||
#define ADDKEY(k) \
|
||||
c->R[KEYP] += (k);
|
||||
|
||||
#define XORNL(nl) \
|
||||
c->R[FOLDP] ^= (nl);
|
||||
|
||||
/* nonlinear diffusion of register for key and MAC */
|
||||
#define DROUND(z) STEP(c,z); c->R[OFF((z+1),FOLDP)] ^= NLFUNC(c,(z+1));
|
||||
static void nls_diffuse(nls_state * c)
|
||||
{
|
||||
/* relies on FOLD == N! */
|
||||
DROUND(0);
|
||||
DROUND(1);
|
||||
DROUND(2);
|
||||
DROUND(3);
|
||||
DROUND(4);
|
||||
DROUND(5);
|
||||
DROUND(6);
|
||||
DROUND(7);
|
||||
DROUND(8);
|
||||
DROUND(9);
|
||||
DROUND(10);
|
||||
DROUND(11);
|
||||
DROUND(12);
|
||||
DROUND(13);
|
||||
DROUND(14);
|
||||
DROUND(15);
|
||||
DROUND(16);
|
||||
}
|
||||
|
||||
/* common actions for loading key material */
|
||||
static void
|
||||
nls_loadkey(nls_state * c, const unsigned char *key, unsigned long keylen)
|
||||
{
|
||||
ulong32 i, k;
|
||||
|
||||
/* start folding in key, reject odd sized keys */
|
||||
if ((keylen & 3) != 0)
|
||||
abort();
|
||||
for (i = 0; i < keylen; i += 4) {
|
||||
k = BYTE2WORD(&key[i]);
|
||||
ADDKEY(k);
|
||||
cycle(c);
|
||||
XORNL(nltap(c));
|
||||
}
|
||||
|
||||
/* also fold in the length of the key */
|
||||
ADDKEY(keylen);
|
||||
|
||||
/* now diffuse */
|
||||
nls_diffuse(c);
|
||||
}
|
||||
|
||||
/* initialise MAC related registers
|
||||
*/
|
||||
static void nls_macinit(nls_state * c)
|
||||
{
|
||||
int i;
|
||||
|
||||
for (i = 0; i < NMAC; ++i) {
|
||||
c->M[i] = c->R[i];
|
||||
c->CRC[i] = c->R[i + NMAC];
|
||||
}
|
||||
}
|
||||
|
||||
/* Published "key" interface
|
||||
*/
|
||||
int nls_key(nls_state * c, const unsigned char *key, unsigned long keylen)
|
||||
{
|
||||
LTC_ARGCHK(c != NULL);
|
||||
LTC_ARGCHK(key != NULL);
|
||||
|
||||
if (keylen == 0) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
nls_initstate(c);
|
||||
nls_loadkey(c, key, keylen);
|
||||
nls_genkonst(c);
|
||||
nls_savestate(c);
|
||||
nls_macinit(c);
|
||||
c->nbuf = 0;
|
||||
ZEROCOUNTER(c);
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* Published "nonce" interface
|
||||
*/
|
||||
int
|
||||
nls_nonce(nls_state * c, const unsigned char *nonce, unsigned long noncelen)
|
||||
{
|
||||
LTC_ARGCHK(c != NULL);
|
||||
LTC_ARGCHK(nonce != NULL);
|
||||
if (noncelen == 0) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
nls_reloadstate(c);
|
||||
nls_loadkey(c, nonce, noncelen);
|
||||
nls_macinit(c);
|
||||
c->nbuf = 0;
|
||||
ZEROCOUNTER(c);
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#if 0
|
||||
/* XOR pseudo-random bytes into buffer
|
||||
* Note: doesn't play well with MAC functions.
|
||||
*/
|
||||
#define SROUND(z) STEP(c,z); t = NLFUNC(c,(z+1)); XORWORD(t, buf+(z*4));
|
||||
static void
|
||||
nls_stream(nls_state * c, unsigned char *buf, unsigned long nbytes)
|
||||
{
|
||||
ulong32 t = 0;
|
||||
|
||||
/* handle any previously buffered bytes */
|
||||
while (c->nbuf != 0 && nbytes != 0) {
|
||||
*buf++ ^= c->sbuf & 0xFF;
|
||||
c->sbuf >>= 8;
|
||||
c->nbuf -= 8;
|
||||
--nbytes;
|
||||
}
|
||||
|
||||
/* do lots at a time, if there's enough to do */
|
||||
while (nbytes >= N * 4) {
|
||||
#if NLS_LONG_OUTPUT
|
||||
if (c->CtrModF16 < (F16 - 17)) {
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
SROUND(0);
|
||||
SROUND(1);
|
||||
SROUND(2);
|
||||
SROUND(3);
|
||||
SROUND(4);
|
||||
SROUND(5);
|
||||
SROUND(6);
|
||||
SROUND(7);
|
||||
SROUND(8);
|
||||
SROUND(9);
|
||||
SROUND(10);
|
||||
SROUND(11);
|
||||
SROUND(12);
|
||||
SROUND(13);
|
||||
SROUND(14);
|
||||
SROUND(15);
|
||||
SROUND(16);
|
||||
#if NLS_LONG_OUTPUT
|
||||
c->CtrModF16 += 17;
|
||||
} else {
|
||||
SROUND(0);
|
||||
FIXCTR(c, 1);
|
||||
SROUND(1);
|
||||
FIXCTR(c, 2);
|
||||
SROUND(2);
|
||||
FIXCTR(c, 3);
|
||||
SROUND(3);
|
||||
FIXCTR(c, 4);
|
||||
SROUND(4);
|
||||
FIXCTR(c, 5);
|
||||
SROUND(5);
|
||||
FIXCTR(c, 6);
|
||||
SROUND(6);
|
||||
FIXCTR(c, 7);
|
||||
SROUND(7);
|
||||
FIXCTR(c, 8);
|
||||
SROUND(8);
|
||||
FIXCTR(c, 9);
|
||||
SROUND(9);
|
||||
FIXCTR(c, 10);
|
||||
SROUND(10);
|
||||
FIXCTR(c, 11);
|
||||
SROUND(11);
|
||||
FIXCTR(c, 12);
|
||||
SROUND(12);
|
||||
FIXCTR(c, 13);
|
||||
SROUND(13);
|
||||
FIXCTR(c, 14);
|
||||
SROUND(14);
|
||||
FIXCTR(c, 15);
|
||||
SROUND(15);
|
||||
FIXCTR(c, 16);
|
||||
SROUND(16);
|
||||
FIXCTR(c, 0);
|
||||
}
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
buf += 4 * N;
|
||||
nbytes -= N * 4;
|
||||
}
|
||||
|
||||
/* do small or odd size buffers the slow way */
|
||||
while (4 <= nbytes) {
|
||||
cycle(c);
|
||||
t = nltap(c);
|
||||
XORWORD(t, buf);
|
||||
buf += 4;
|
||||
nbytes -= 4;
|
||||
}
|
||||
|
||||
/* handle any trailing bytes */
|
||||
if (nbytes != 0) {
|
||||
cycle(c);
|
||||
c->sbuf = nltap(c);
|
||||
c->nbuf = 32;
|
||||
while (c->nbuf != 0 && nbytes != 0) {
|
||||
*buf++ ^= c->sbuf & 0xFF;
|
||||
c->sbuf >>= 8;
|
||||
c->nbuf -= 8;
|
||||
--nbytes;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* accumulate words into MAC without encryption
|
||||
* Note that plaintext is accumulated for MAC.
|
||||
*/
|
||||
#define MROUND(z,A,B,C,D,E,F,G,H) \
|
||||
t = BYTE2WORD(buf+(z*4)); \
|
||||
STEP(c,z); \
|
||||
CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \
|
||||
SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H);
|
||||
int nls_maconly(nls_state * c, const unsigned char *buf, unsigned long nbytes)
|
||||
{
|
||||
int i;
|
||||
ulong32 t = 0;
|
||||
|
||||
LTC_ARGCHK(c != NULL);
|
||||
LTC_ARGCHK(buf != NULL);
|
||||
|
||||
|
||||
/* handle any previously buffered bytes */
|
||||
if (c->nbuf != 0) {
|
||||
while (c->nbuf != 0 && nbytes != 0) {
|
||||
c->mbuf ^= (*buf++) << (32 - c->nbuf);
|
||||
c->nbuf -= 8;
|
||||
--nbytes;
|
||||
}
|
||||
if (c->nbuf != 0) { /* not a whole word yet */
|
||||
return CRYPT_OK;
|
||||
}
|
||||
/* LFSR already cycled */
|
||||
macfunc(c, c->mbuf);
|
||||
}
|
||||
|
||||
/* do lots at a time, if there's enough to do */
|
||||
while (4 * N <= nbytes) {
|
||||
#if NLS_LONG_OUTPUT
|
||||
if (c->CtrModF16 < (F16 - 17)) {
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
MROUND(0, A, B, C, D, E, F, G, H);
|
||||
MROUND(1, H, A, B, C, D, E, F, G);
|
||||
MROUND(2, G, H, A, B, C, D, E, F);
|
||||
MROUND(3, F, G, H, A, B, C, D, E);
|
||||
MROUND(4, E, F, G, H, A, B, C, D);
|
||||
MROUND(5, D, E, F, G, H, A, B, C);
|
||||
MROUND(6, C, D, E, F, G, H, A, B);
|
||||
MROUND(7, B, C, D, E, F, G, H, A);
|
||||
MROUND(8, A, B, C, D, E, F, G, H);
|
||||
MROUND(9, H, A, B, C, D, E, F, G);
|
||||
MROUND(10, G, H, A, B, C, D, E, F);
|
||||
MROUND(11, F, G, H, A, B, C, D, E);
|
||||
MROUND(12, E, F, G, H, A, B, C, D);
|
||||
MROUND(13, D, E, F, G, H, A, B, C);
|
||||
MROUND(14, C, D, E, F, G, H, A, B);
|
||||
MROUND(15, B, C, D, E, F, G, H, A);
|
||||
MROUND(16, A, B, C, D, E, F, G, H);
|
||||
#if NLS_LONG_OUTPUT
|
||||
c->CtrModF16 += 17;
|
||||
} else {
|
||||
MROUND(0, A, B, C, D, E, F, G, H);
|
||||
FIXCTR(c, 1);
|
||||
MROUND(1, H, A, B, C, D, E, F, G);
|
||||
FIXCTR(c, 2);
|
||||
MROUND(2, G, H, A, B, C, D, E, F);
|
||||
FIXCTR(c, 3);
|
||||
MROUND(3, F, G, H, A, B, C, D, E);
|
||||
FIXCTR(c, 4);
|
||||
MROUND(4, E, F, G, H, A, B, C, D);
|
||||
FIXCTR(c, 5);
|
||||
MROUND(5, D, E, F, G, H, A, B, C);
|
||||
FIXCTR(c, 6);
|
||||
MROUND(6, C, D, E, F, G, H, A, B);
|
||||
FIXCTR(c, 7);
|
||||
MROUND(7, B, C, D, E, F, G, H, A);
|
||||
FIXCTR(c, 8);
|
||||
MROUND(8, A, B, C, D, E, F, G, H);
|
||||
FIXCTR(c, 9);
|
||||
MROUND(9, H, A, B, C, D, E, F, G);
|
||||
FIXCTR(c, 10);
|
||||
MROUND(10, G, H, A, B, C, D, E, F);
|
||||
FIXCTR(c, 11);
|
||||
MROUND(11, F, G, H, A, B, C, D, E);
|
||||
FIXCTR(c, 12);
|
||||
MROUND(12, E, F, G, H, A, B, C, D);
|
||||
FIXCTR(c, 13);
|
||||
MROUND(13, D, E, F, G, H, A, B, C);
|
||||
FIXCTR(c, 14);
|
||||
MROUND(14, C, D, E, F, G, H, A, B);
|
||||
FIXCTR(c, 15);
|
||||
MROUND(15, B, C, D, E, F, G, H, A);
|
||||
FIXCTR(c, 16);
|
||||
MROUND(16, A, B, C, D, E, F, G, H);
|
||||
FIXCTR(c, 0);
|
||||
}
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
buf += 4 * N;
|
||||
nbytes -= 4 * N;
|
||||
/* fix alignment of MAC buffer */
|
||||
t = c->M[NMAC - 1];
|
||||
for (i = NMAC - 1; i > 0; --i)
|
||||
c->M[i] = c->M[i - 1];
|
||||
c->M[0] = t;
|
||||
/* fix alignment of CRC buffer */
|
||||
t = c->CRC[0];
|
||||
for (i = 1; i < NMAC; ++i)
|
||||
c->CRC[i - 1] = c->CRC[i];
|
||||
c->CRC[NMAC - 1] = t;
|
||||
}
|
||||
|
||||
/* do small or odd size buffers the slow way */
|
||||
while (4 <= nbytes) {
|
||||
cycle(c);
|
||||
macfunc(c, BYTE2WORD(buf));
|
||||
buf += 4;
|
||||
nbytes -= 4;
|
||||
}
|
||||
|
||||
/* handle any trailing bytes */
|
||||
if (nbytes != 0) {
|
||||
cycle(c);
|
||||
c->sbuf = nltap(c);
|
||||
c->mbuf = 0;
|
||||
c->nbuf = 32;
|
||||
while (nbytes != 0) {
|
||||
c->mbuf ^= (*buf++) << (32 - c->nbuf);
|
||||
c->nbuf -= 8;
|
||||
--nbytes;
|
||||
}
|
||||
}
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* Combined MAC and encryption.
|
||||
* Note that plaintext is accumulated for MAC.
|
||||
*/
|
||||
#define EROUND(z,A,B,C,D,E,F,G,H) \
|
||||
STEP(c,z); \
|
||||
t3 = BYTE2WORD(buf+(z*4)); \
|
||||
CRCFUNC(c,t3,((z)&0x7),(((z)+5)&0x7)); \
|
||||
SHAFUNC(c,t3,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \
|
||||
t = NLFUNC(c,(z+1)); \
|
||||
t ^= t3; \
|
||||
WORD2BYTE(t,buf+(z*4));
|
||||
int nls_encrypt(nls_state * c,
|
||||
const unsigned char *pt, unsigned long nbytes,
|
||||
unsigned char *ct)
|
||||
{
|
||||
ulong32 t = 0, t3 = 0;
|
||||
int i;
|
||||
|
||||
LTC_ARGCHK(c != NULL);
|
||||
LTC_ARGCHK(pt != NULL);
|
||||
LTC_ARGCHK(ct != NULL);
|
||||
|
||||
#define buf ct
|
||||
|
||||
/* do copy as required */
|
||||
if (pt != ct) {
|
||||
XMEMCPY(ct, pt, nbytes);
|
||||
}
|
||||
|
||||
/* handle any previously buffered bytes */
|
||||
if (c->nbuf != 0) {
|
||||
while (c->nbuf != 0 && nbytes != 0) {
|
||||
c->mbuf ^= *buf << (32 - c->nbuf);
|
||||
*buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
|
||||
++buf;
|
||||
c->nbuf -= 8;
|
||||
--nbytes;
|
||||
}
|
||||
if (c->nbuf != 0) /* not a whole word yet */
|
||||
return CRYPT_OK;
|
||||
/* LFSR already cycled */
|
||||
macfunc(c, c->mbuf);
|
||||
}
|
||||
|
||||
/* do lots at a time, if there's enough to do */
|
||||
while (4 * N <= nbytes) {
|
||||
#if NLS_LONG_OUTPUT
|
||||
if (c->CtrModF16 < (F16 - 17)) {
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
EROUND(0, A, B, C, D, E, F, G, H);
|
||||
EROUND(1, H, A, B, C, D, E, F, G);
|
||||
EROUND(2, G, H, A, B, C, D, E, F);
|
||||
EROUND(3, F, G, H, A, B, C, D, E);
|
||||
EROUND(4, E, F, G, H, A, B, C, D);
|
||||
EROUND(5, D, E, F, G, H, A, B, C);
|
||||
EROUND(6, C, D, E, F, G, H, A, B);
|
||||
EROUND(7, B, C, D, E, F, G, H, A);
|
||||
EROUND(8, A, B, C, D, E, F, G, H);
|
||||
EROUND(9, H, A, B, C, D, E, F, G);
|
||||
EROUND(10, G, H, A, B, C, D, E, F);
|
||||
EROUND(11, F, G, H, A, B, C, D, E);
|
||||
EROUND(12, E, F, G, H, A, B, C, D);
|
||||
EROUND(13, D, E, F, G, H, A, B, C);
|
||||
EROUND(14, C, D, E, F, G, H, A, B);
|
||||
EROUND(15, B, C, D, E, F, G, H, A);
|
||||
EROUND(16, A, B, C, D, E, F, G, H);
|
||||
#if NLS_LONG_OUTPUT
|
||||
c->CtrModF16 += 17;
|
||||
} else {
|
||||
EROUND(0, A, B, C, D, E, F, G, H);
|
||||
FIXCTR(c, 1);
|
||||
EROUND(1, H, A, B, C, D, E, F, G);
|
||||
FIXCTR(c, 2);
|
||||
EROUND(2, G, H, A, B, C, D, E, F);
|
||||
FIXCTR(c, 3);
|
||||
EROUND(3, F, G, H, A, B, C, D, E);
|
||||
FIXCTR(c, 4);
|
||||
EROUND(4, E, F, G, H, A, B, C, D);
|
||||
FIXCTR(c, 5);
|
||||
EROUND(5, D, E, F, G, H, A, B, C);
|
||||
FIXCTR(c, 6);
|
||||
EROUND(6, C, D, E, F, G, H, A, B);
|
||||
FIXCTR(c, 7);
|
||||
EROUND(7, B, C, D, E, F, G, H, A);
|
||||
FIXCTR(c, 8);
|
||||
EROUND(8, A, B, C, D, E, F, G, H);
|
||||
FIXCTR(c, 9);
|
||||
EROUND(9, H, A, B, C, D, E, F, G);
|
||||
FIXCTR(c, 10);
|
||||
EROUND(10, G, H, A, B, C, D, E, F);
|
||||
FIXCTR(c, 11);
|
||||
EROUND(11, F, G, H, A, B, C, D, E);
|
||||
FIXCTR(c, 12);
|
||||
EROUND(12, E, F, G, H, A, B, C, D);
|
||||
FIXCTR(c, 13);
|
||||
EROUND(13, D, E, F, G, H, A, B, C);
|
||||
FIXCTR(c, 14);
|
||||
EROUND(14, C, D, E, F, G, H, A, B);
|
||||
FIXCTR(c, 15);
|
||||
EROUND(15, B, C, D, E, F, G, H, A);
|
||||
FIXCTR(c, 16);
|
||||
EROUND(16, A, B, C, D, E, F, G, H);
|
||||
FIXCTR(c, 0);
|
||||
}
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
buf += 4 * N;
|
||||
nbytes -= 4 * N;
|
||||
/* fix alignment of MAC buffer */
|
||||
t = c->M[7];
|
||||
for (i = NMAC - 1; i > 0; --i)
|
||||
c->M[i] = c->M[i - 1];
|
||||
c->M[0] = t;
|
||||
/* fix alignment of CRC buffer */
|
||||
t = c->CRC[0];
|
||||
for (i = 1; i < NMAC; ++i)
|
||||
c->CRC[i - 1] = c->CRC[i];
|
||||
c->CRC[NMAC - 1] = t;
|
||||
}
|
||||
|
||||
/* do small or odd size buffers the slow way */
|
||||
while (4 <= nbytes) {
|
||||
cycle(c);
|
||||
t = BYTE2WORD(buf);
|
||||
macfunc(c, t);
|
||||
t ^= nltap(c);
|
||||
WORD2BYTE(t, buf);
|
||||
nbytes -= 4;
|
||||
buf += 4;
|
||||
}
|
||||
|
||||
/* handle any trailing bytes */
|
||||
if (nbytes != 0) {
|
||||
cycle(c);
|
||||
c->sbuf = nltap(c);
|
||||
c->mbuf = 0;
|
||||
c->nbuf = 32;
|
||||
while (c->nbuf != 0 && nbytes != 0) {
|
||||
c->mbuf ^= *buf << (32 - c->nbuf);
|
||||
*buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
|
||||
++buf;
|
||||
c->nbuf -= 8;
|
||||
--nbytes;
|
||||
}
|
||||
}
|
||||
|
||||
#undef buf
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
/* Combined MAC and decryption.
|
||||
* Note that plaintext is accumulated for MAC.
|
||||
*/
|
||||
#undef DROUND
|
||||
#define DROUND(z,A,B,C,D,E,F,G,H) \
|
||||
STEP(c,z); \
|
||||
t = NLFUNC(c,(z+1)); \
|
||||
t3 = BYTE2WORD(buf+(z*4)); \
|
||||
t ^= t3; \
|
||||
CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \
|
||||
SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \
|
||||
WORD2BYTE(t, buf+(z*4));
|
||||
int nls_decrypt(nls_state * c,
|
||||
const unsigned char *ct, unsigned long nbytes,
|
||||
unsigned char *pt)
|
||||
{
|
||||
ulong32 t = 0, t3 = 0;
|
||||
int i;
|
||||
|
||||
LTC_ARGCHK(c != NULL);
|
||||
LTC_ARGCHK(pt != NULL);
|
||||
LTC_ARGCHK(ct != NULL);
|
||||
|
||||
#define buf pt
|
||||
|
||||
if (pt != ct) {
|
||||
XMEMCPY(pt, ct, nbytes);
|
||||
}
|
||||
|
||||
/* handle any previously buffered bytes */
|
||||
if (c->nbuf != 0) {
|
||||
while (c->nbuf != 0 && nbytes != 0) {
|
||||
*buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
|
||||
c->mbuf ^= *buf << (32 - c->nbuf);
|
||||
++buf;
|
||||
c->nbuf -= 8;
|
||||
--nbytes;
|
||||
}
|
||||
if (c->nbuf != 0) /* not a whole word yet */
|
||||
return CRYPT_OK;
|
||||
/* LFSR already cycled */
|
||||
macfunc(c, c->mbuf);
|
||||
}
|
||||
|
||||
/* now do lots at a time, if there's enough */
|
||||
while (4 * N <= nbytes) {
|
||||
#if NLS_LONG_OUTPUT
|
||||
if (c->CtrModF16 < (F16 - 17)) {
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
DROUND(0, A, B, C, D, E, F, G, H);
|
||||
DROUND(1, H, A, B, C, D, E, F, G);
|
||||
DROUND(2, G, H, A, B, C, D, E, F);
|
||||
DROUND(3, F, G, H, A, B, C, D, E);
|
||||
DROUND(4, E, F, G, H, A, B, C, D);
|
||||
DROUND(5, D, E, F, G, H, A, B, C);
|
||||
DROUND(6, C, D, E, F, G, H, A, B);
|
||||
DROUND(7, B, C, D, E, F, G, H, A);
|
||||
DROUND(8, A, B, C, D, E, F, G, H);
|
||||
DROUND(9, H, A, B, C, D, E, F, G);
|
||||
DROUND(10, G, H, A, B, C, D, E, F);
|
||||
DROUND(11, F, G, H, A, B, C, D, E);
|
||||
DROUND(12, E, F, G, H, A, B, C, D);
|
||||
DROUND(13, D, E, F, G, H, A, B, C);
|
||||
DROUND(14, C, D, E, F, G, H, A, B);
|
||||
DROUND(15, B, C, D, E, F, G, H, A);
|
||||
DROUND(16, A, B, C, D, E, F, G, H);
|
||||
#if NLS_LONG_OUTPUT
|
||||
c->CtrModF16 += 17;
|
||||
} else {
|
||||
DROUND(0, A, B, C, D, E, F, G, H);
|
||||
FIXCTR(c, 1);
|
||||
DROUND(1, H, A, B, C, D, E, F, G);
|
||||
FIXCTR(c, 2);
|
||||
DROUND(2, G, H, A, B, C, D, E, F);
|
||||
FIXCTR(c, 3);
|
||||
DROUND(3, F, G, H, A, B, C, D, E);
|
||||
FIXCTR(c, 4);
|
||||
DROUND(4, E, F, G, H, A, B, C, D);
|
||||
FIXCTR(c, 5);
|
||||
DROUND(5, D, E, F, G, H, A, B, C);
|
||||
FIXCTR(c, 6);
|
||||
DROUND(6, C, D, E, F, G, H, A, B);
|
||||
FIXCTR(c, 7);
|
||||
DROUND(7, B, C, D, E, F, G, H, A);
|
||||
FIXCTR(c, 8);
|
||||
DROUND(8, A, B, C, D, E, F, G, H);
|
||||
FIXCTR(c, 9);
|
||||
DROUND(9, H, A, B, C, D, E, F, G);
|
||||
FIXCTR(c, 10);
|
||||
DROUND(10, G, H, A, B, C, D, E, F);
|
||||
FIXCTR(c, 11);
|
||||
DROUND(11, F, G, H, A, B, C, D, E);
|
||||
FIXCTR(c, 12);
|
||||
DROUND(12, E, F, G, H, A, B, C, D);
|
||||
FIXCTR(c, 13);
|
||||
DROUND(13, D, E, F, G, H, A, B, C);
|
||||
FIXCTR(c, 14);
|
||||
DROUND(14, C, D, E, F, G, H, A, B);
|
||||
FIXCTR(c, 15);
|
||||
DROUND(15, B, C, D, E, F, G, H, A);
|
||||
FIXCTR(c, 16);
|
||||
DROUND(16, A, B, C, D, E, F, G, H);
|
||||
FIXCTR(c, 0);
|
||||
}
|
||||
#endif /*NLS_LONG_OUTPUT */
|
||||
buf += 4 * N;
|
||||
nbytes -= 4 * N;
|
||||
/* fix alignment of MAC buffer */
|
||||
t = c->M[7];
|
||||
for (i = NMAC - 1; i > 0; --i)
|
||||
c->M[i] = c->M[i - 1];
|
||||
c->M[0] = t;
|
||||
/* fix alignment of CRC buffer */
|
||||
t = c->CRC[0];
|
||||
for (i = 1; i < NMAC; ++i)
|
||||
c->CRC[i - 1] = c->CRC[i];
|
||||
c->CRC[NMAC - 1] = t;
|
||||
}
|
||||
|
||||
/* do small or odd size buffers the slow way */
|
||||
while (4 <= nbytes) {
|
||||
cycle(c);
|
||||
t = nltap(c);
|
||||
t3 = BYTE2WORD(buf);
|
||||
t ^= t3;
|
||||
macfunc(c, t);
|
||||
WORD2BYTE(t, buf);
|
||||
nbytes -= 4;
|
||||
buf += 4;
|
||||
}
|
||||
|
||||
/* handle any trailing bytes */
|
||||
if (nbytes != 0) {
|
||||
cycle(c);
|
||||
c->sbuf = nltap(c);
|
||||
c->mbuf = 0;
|
||||
c->nbuf = 32;
|
||||
while (c->nbuf != 0 && nbytes != 0) {
|
||||
*buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
|
||||
c->mbuf ^= *buf << (32 - c->nbuf);
|
||||
++buf;
|
||||
c->nbuf -= 8;
|
||||
--nbytes;
|
||||
}
|
||||
}
|
||||
return CRYPT_OK;
|
||||
|
||||
#undef buf
|
||||
}
|
||||
|
||||
/* Having accumulated a MAC, finish processing and return it.
|
||||
* Note that any unprocessed bytes are treated as if
|
||||
* they were encrypted zero bytes, so plaintext (zero) is accumulated.
|
||||
*/
|
||||
int nls_finish(nls_state * c, unsigned char *buf, unsigned long nbytes)
|
||||
{
|
||||
ulong32 i;
|
||||
|
||||
LTC_ARGCHK(c != NULL);
|
||||
LTC_ARGCHK(buf != NULL);
|
||||
|
||||
/* handle any previously buffered bytes */
|
||||
if (c->nbuf != 0) {
|
||||
/* LFSR already cycled */
|
||||
macfunc(c, c->mbuf);
|
||||
}
|
||||
|
||||
/* perturb the MAC to mark end of input.
|
||||
* Note that only the SHA part is updated, not the CRC. This is an
|
||||
* action that can't be duplicated by passing in plaintext, hence
|
||||
* defeating any kind of extension attack.
|
||||
*/
|
||||
cycle(c);
|
||||
shafunc(c, INITKONST + (c->nbuf << 24));
|
||||
c->nbuf = 0;
|
||||
|
||||
/* now add the CRC to the MAC like input material */
|
||||
for (i = 0; i < NMAC; ++i) {
|
||||
cycle(c);
|
||||
crcfunc(c, 0);
|
||||
shafunc(c, c->CRC[7]);
|
||||
}
|
||||
|
||||
/* continue that process, producing output from the MAC buffer */
|
||||
while (nbytes > 0) {
|
||||
cycle(c);
|
||||
crcfunc(c, 0);
|
||||
shafunc(c, c->CRC[7]);
|
||||
if (nbytes >= 4) {
|
||||
WORD2BYTE(A, buf);
|
||||
nbytes -= 4;
|
||||
buf += 4;
|
||||
} else {
|
||||
for (i = 0; i < nbytes; ++i)
|
||||
buf[i] = Byte(A, i);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* $Source$ */
|
||||
/* $Revision$ */
|
||||
/* $Date$ */
|
@ -1,68 +0,0 @@
|
||||
/* Id: nlsmultab.h 333 2005-04-13 05:35:54Z mwp */
|
||||
/* Multiplication table for Mundja using 0xD02B4367 */
|
||||
static const ulong32 Multab[256] = {
|
||||
0x00000000, 0xD02B4367, 0xED5686CE, 0x3D7DC5A9,
|
||||
0x97AC41D1, 0x478702B6, 0x7AFAC71F, 0xAAD18478,
|
||||
0x631582EF, 0xB33EC188, 0x8E430421, 0x5E684746,
|
||||
0xF4B9C33E, 0x24928059, 0x19EF45F0, 0xC9C40697,
|
||||
0xC62A4993, 0x16010AF4, 0x2B7CCF5D, 0xFB578C3A,
|
||||
0x51860842, 0x81AD4B25, 0xBCD08E8C, 0x6CFBCDEB,
|
||||
0xA53FCB7C, 0x7514881B, 0x48694DB2, 0x98420ED5,
|
||||
0x32938AAD, 0xE2B8C9CA, 0xDFC50C63, 0x0FEE4F04,
|
||||
0xC154926B, 0x117FD10C, 0x2C0214A5, 0xFC2957C2,
|
||||
0x56F8D3BA, 0x86D390DD, 0xBBAE5574, 0x6B851613,
|
||||
0xA2411084, 0x726A53E3, 0x4F17964A, 0x9F3CD52D,
|
||||
0x35ED5155, 0xE5C61232, 0xD8BBD79B, 0x089094FC,
|
||||
0x077EDBF8, 0xD755989F, 0xEA285D36, 0x3A031E51,
|
||||
0x90D29A29, 0x40F9D94E, 0x7D841CE7, 0xADAF5F80,
|
||||
0x646B5917, 0xB4401A70, 0x893DDFD9, 0x59169CBE,
|
||||
0xF3C718C6, 0x23EC5BA1, 0x1E919E08, 0xCEBADD6F,
|
||||
0xCFA869D6, 0x1F832AB1, 0x22FEEF18, 0xF2D5AC7F,
|
||||
0x58042807, 0x882F6B60, 0xB552AEC9, 0x6579EDAE,
|
||||
0xACBDEB39, 0x7C96A85E, 0x41EB6DF7, 0x91C02E90,
|
||||
0x3B11AAE8, 0xEB3AE98F, 0xD6472C26, 0x066C6F41,
|
||||
0x09822045, 0xD9A96322, 0xE4D4A68B, 0x34FFE5EC,
|
||||
0x9E2E6194, 0x4E0522F3, 0x7378E75A, 0xA353A43D,
|
||||
0x6A97A2AA, 0xBABCE1CD, 0x87C12464, 0x57EA6703,
|
||||
0xFD3BE37B, 0x2D10A01C, 0x106D65B5, 0xC04626D2,
|
||||
0x0EFCFBBD, 0xDED7B8DA, 0xE3AA7D73, 0x33813E14,
|
||||
0x9950BA6C, 0x497BF90B, 0x74063CA2, 0xA42D7FC5,
|
||||
0x6DE97952, 0xBDC23A35, 0x80BFFF9C, 0x5094BCFB,
|
||||
0xFA453883, 0x2A6E7BE4, 0x1713BE4D, 0xC738FD2A,
|
||||
0xC8D6B22E, 0x18FDF149, 0x258034E0, 0xF5AB7787,
|
||||
0x5F7AF3FF, 0x8F51B098, 0xB22C7531, 0x62073656,
|
||||
0xABC330C1, 0x7BE873A6, 0x4695B60F, 0x96BEF568,
|
||||
0x3C6F7110, 0xEC443277, 0xD139F7DE, 0x0112B4B9,
|
||||
0xD31DD2E1, 0x03369186, 0x3E4B542F, 0xEE601748,
|
||||
0x44B19330, 0x949AD057, 0xA9E715FE, 0x79CC5699,
|
||||
0xB008500E, 0x60231369, 0x5D5ED6C0, 0x8D7595A7,
|
||||
0x27A411DF, 0xF78F52B8, 0xCAF29711, 0x1AD9D476,
|
||||
0x15379B72, 0xC51CD815, 0xF8611DBC, 0x284A5EDB,
|
||||
0x829BDAA3, 0x52B099C4, 0x6FCD5C6D, 0xBFE61F0A,
|
||||
0x7622199D, 0xA6095AFA, 0x9B749F53, 0x4B5FDC34,
|
||||
0xE18E584C, 0x31A51B2B, 0x0CD8DE82, 0xDCF39DE5,
|
||||
0x1249408A, 0xC26203ED, 0xFF1FC644, 0x2F348523,
|
||||
0x85E5015B, 0x55CE423C, 0x68B38795, 0xB898C4F2,
|
||||
0x715CC265, 0xA1778102, 0x9C0A44AB, 0x4C2107CC,
|
||||
0xE6F083B4, 0x36DBC0D3, 0x0BA6057A, 0xDB8D461D,
|
||||
0xD4630919, 0x04484A7E, 0x39358FD7, 0xE91ECCB0,
|
||||
0x43CF48C8, 0x93E40BAF, 0xAE99CE06, 0x7EB28D61,
|
||||
0xB7768BF6, 0x675DC891, 0x5A200D38, 0x8A0B4E5F,
|
||||
0x20DACA27, 0xF0F18940, 0xCD8C4CE9, 0x1DA70F8E,
|
||||
0x1CB5BB37, 0xCC9EF850, 0xF1E33DF9, 0x21C87E9E,
|
||||
0x8B19FAE6, 0x5B32B981, 0x664F7C28, 0xB6643F4F,
|
||||
0x7FA039D8, 0xAF8B7ABF, 0x92F6BF16, 0x42DDFC71,
|
||||
0xE80C7809, 0x38273B6E, 0x055AFEC7, 0xD571BDA0,
|
||||
0xDA9FF2A4, 0x0AB4B1C3, 0x37C9746A, 0xE7E2370D,
|
||||
0x4D33B375, 0x9D18F012, 0xA06535BB, 0x704E76DC,
|
||||
0xB98A704B, 0x69A1332C, 0x54DCF685, 0x84F7B5E2,
|
||||
0x2E26319A, 0xFE0D72FD, 0xC370B754, 0x135BF433,
|
||||
0xDDE1295C, 0x0DCA6A3B, 0x30B7AF92, 0xE09CECF5,
|
||||
0x4A4D688D, 0x9A662BEA, 0xA71BEE43, 0x7730AD24,
|
||||
0xBEF4ABB3, 0x6EDFE8D4, 0x53A22D7D, 0x83896E1A,
|
||||
0x2958EA62, 0xF973A905, 0xC40E6CAC, 0x14252FCB,
|
||||
0x1BCB60CF, 0xCBE023A8, 0xF69DE601, 0x26B6A566,
|
||||
0x8C67211E, 0x5C4C6279, 0x6131A7D0, 0xB11AE4B7,
|
||||
0x78DEE220, 0xA8F5A147, 0x958864EE, 0x45A32789,
|
||||
0xEF72A3F1, 0x3F59E096, 0x0224253F, 0xD20F6658,
|
||||
};
|
@ -1,84 +0,0 @@
|
||||
/* Id: nlssbox.h 333 2005-04-13 05:35:54Z mwp */
|
||||
/* Sbox for NLS */
|
||||
/*
|
||||
* This is really the combination of two SBoxes; the least significant
|
||||
* 24 bits comes from:
|
||||
* 8->32 Sbox generated by Millan et. al. at Queensland University of
|
||||
* Technology. See: E. Dawson, W. Millan, L. Burnett, G. Carter,
|
||||
* "On the Design of 8*32 S-boxes". Unpublished report, by the
|
||||
* Information Systems Research Centre,
|
||||
* Queensland University of Technology, 1999.
|
||||
*
|
||||
* The most significant 8 bits are the Skipjack "F table", which can be
|
||||
* found at http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf .
|
||||
* In this optimised table, though, the intent is to XOR the word from
|
||||
* the table selected by the high byte with the input word. Thus, the
|
||||
* high byte is actually the Skipjack F-table entry XORED with its
|
||||
* table index.
|
||||
*/
|
||||
static const ulong32 Sbox[256] = {
|
||||
0xa3aa1887, 0xd65e435c, 0x0b65c042, 0x800e6ef4,
|
||||
0xfc57ee20, 0x4d84fed3, 0xf066c502, 0xf354e8ae,
|
||||
0xbb2ee9d9, 0x281f38d4, 0x1f829b5d, 0x735cdf3c,
|
||||
0x95864249, 0xbc2e3963, 0xa1f4429f, 0xf6432c35,
|
||||
0xf7f40325, 0x3cc0dd70, 0x5f973ded, 0x9902dc5e,
|
||||
0xda175b42, 0x590012bf, 0xdc94d78c, 0x39aab26b,
|
||||
0x4ac11b9a, 0x8c168146, 0xc3ea8ec5, 0x058ac28f,
|
||||
0x52ed5c0f, 0x25b4101c, 0x5a2db082, 0x370929e1,
|
||||
0x2a1843de, 0xfe8299fc, 0x202fbc4b, 0x833915dd,
|
||||
0x33a803fa, 0xd446b2de, 0x46233342, 0x4fcee7c3,
|
||||
0x3ad607ef, 0x9e97ebab, 0x507f859b, 0xe81f2e2f,
|
||||
0xc55b71da, 0xd7e2269a, 0x1339c3d1, 0x7ca56b36,
|
||||
0xa6c9def2, 0xb5c9fc5f, 0x5927b3a3, 0x89a56ddf,
|
||||
0xc625b510, 0x560f85a7, 0xace82e71, 0x2ecb8816,
|
||||
0x44951e2a, 0x97f5f6af, 0xdfcbc2b3, 0xce4ff55d,
|
||||
0xcb6b6214, 0x2b0b83e3, 0x549ea6f5, 0x9de041af,
|
||||
0x792f1f17, 0xf73b99ee, 0x39a65ec0, 0x4c7016c6,
|
||||
0x857709a4, 0xd6326e01, 0xc7b280d9, 0x5cfb1418,
|
||||
0xa6aff227, 0xfd548203, 0x506b9d96, 0xa117a8c0,
|
||||
0x9cd5bf6e, 0xdcee7888, 0x61fcfe64, 0xf7a193cd,
|
||||
0x050d0184, 0xe8ae4930, 0x88014f36, 0xd6a87088,
|
||||
0x6bad6c2a, 0x1422c678, 0xe9204de7, 0xb7c2e759,
|
||||
0x0200248e, 0x013b446b, 0xda0d9fc2, 0x0414a895,
|
||||
0x3a6cc3a1, 0x56fef170, 0x86c19155, 0xcf7b8a66,
|
||||
0x551b5e69, 0xb4a8623e, 0xa2bdfa35, 0xc4f068cc,
|
||||
0x573a6acd, 0x6355e936, 0x03602db9, 0x0edf13c1,
|
||||
0x2d0bb16d, 0x6980b83c, 0xfeb23763, 0x3dd8a911,
|
||||
0x01b6bc13, 0xf55579d7, 0xf55c2fa8, 0x19f4196e,
|
||||
0xe7db5476, 0x8d64a866, 0xc06e16ad, 0xb17fc515,
|
||||
0xc46feb3c, 0x8bc8a306, 0xad6799d9, 0x571a9133,
|
||||
0x992466dd, 0x92eb5dcd, 0xac118f50, 0x9fafb226,
|
||||
0xa1b9cef3, 0x3ab36189, 0x347a19b1, 0x62c73084,
|
||||
0xc27ded5c, 0x6c8bc58f, 0x1cdde421, 0xed1e47fb,
|
||||
0xcdcc715e, 0xb9c0ff99, 0x4b122f0f, 0xc4d25184,
|
||||
0xaf7a5e6c, 0x5bbf18bc, 0x8dd7c6e0, 0x5fb7e420,
|
||||
0x521f523f, 0x4ad9b8a2, 0xe9da1a6b, 0x97888c02,
|
||||
0x19d1e354, 0x5aba7d79, 0xa2cc7753, 0x8c2d9655,
|
||||
0x19829da1, 0x531590a7, 0x19c1c149, 0x3d537f1c,
|
||||
0x50779b69, 0xed71f2b7, 0x463c58fa, 0x52dc4418,
|
||||
0xc18c8c76, 0xc120d9f0, 0xafa80d4d, 0x3b74c473,
|
||||
0xd09410e9, 0x290e4211, 0xc3c8082b, 0x8f6b334a,
|
||||
0x3bf68ed2, 0xa843cc1b, 0x8d3c0ff3, 0x20e564a0,
|
||||
0xf8f55a4f, 0x2b40f8e7, 0xfea7f15f, 0xcf00fe21,
|
||||
0x8a6d37d6, 0xd0d506f1, 0xade00973, 0xefbbde36,
|
||||
0x84670fa8, 0xfa31ab9e, 0xaedab618, 0xc01f52f5,
|
||||
0x6558eb4f, 0x71b9e343, 0x4b8d77dd, 0x8cb93da6,
|
||||
0x740fd52d, 0x425412f8, 0xc5a63360, 0x10e53ad0,
|
||||
0x5a700f1c, 0x8324ed0b, 0xe53dc1ec, 0x1a366795,
|
||||
0x6d549d15, 0xc5ce46d7, 0xe17abe76, 0x5f48e0a0,
|
||||
0xd0f07c02, 0x941249b7, 0xe49ed6ba, 0x37a47f78,
|
||||
0xe1cfffbd, 0xb007ca84, 0xbb65f4da, 0xb59f35da,
|
||||
0x33d2aa44, 0x417452ac, 0xc0d674a7, 0x2d61a46a,
|
||||
0xdc63152a, 0x3e12b7aa, 0x6e615927, 0xa14fb118,
|
||||
0xa151758d, 0xba81687b, 0xe152f0b3, 0x764254ed,
|
||||
0x34c77271, 0x0a31acab, 0x54f94aec, 0xb9e994cd,
|
||||
0x574d9e81, 0x5b623730, 0xce8a21e8, 0x37917f0b,
|
||||
0xe8a9b5d6, 0x9697adf8, 0xf3d30431, 0x5dcac921,
|
||||
0x76b35d46, 0xaa430a36, 0xc2194022, 0x22bca65e,
|
||||
0xdaec70ba, 0xdfaea8cc, 0x777bae8b, 0x242924d5,
|
||||
0x1f098a5a, 0x4b396b81, 0x55de2522, 0x435c1cb8,
|
||||
0xaeb8fe1d, 0x9db3c697, 0x5b164f83, 0xe0c16376,
|
||||
0xa319224c, 0xd0203b35, 0x433ac0fe, 0x1466a19a,
|
||||
0x45f0b24f, 0x51fda998, 0xc0d52d71, 0xfa0896a8,
|
||||
0xf9e6053f, 0xa4b0d300, 0xd499cbcc, 0xb95e3d40,
|
||||
};
|
@ -16,8 +16,8 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
/* version */
|
||||
#define CRYPT 0x0109
|
||||
#define SCRYPT "1.09"
|
||||
#define CRYPT 0x0110
|
||||
#define SCRYPT "1.10"
|
||||
|
||||
/* max size of either a cipher/hash block or symmetric key [largest of the two] */
|
||||
#define MAXBLOCKSIZE 128
|
||||
|
@ -192,8 +192,6 @@
|
||||
#define OCB_MODE
|
||||
#define CCM_MODE
|
||||
#define GCM_MODE
|
||||
/* disabled waiting on test vectors */
|
||||
/* #define NLS_MODE */
|
||||
|
||||
/* Use 64KiB tables */
|
||||
#ifndef LTC_NO_TABLES
|
||||
|
@ -216,6 +216,12 @@ int ccm_test(void);
|
||||
void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
|
||||
#endif
|
||||
|
||||
|
||||
/* table shared between GCM and LRW */
|
||||
#if defined(GCM_TABLES) || defined(LRW_TABLES) || ((defined(GCM_MODE) || defined(GCM_MODE)) && defined(LTC_FAST))
|
||||
extern const unsigned char gcm_shift_table[];
|
||||
#endif
|
||||
|
||||
#ifdef GCM_MODE
|
||||
|
||||
#define GCM_ENCRYPT 0
|
||||
@ -300,48 +306,6 @@ int pelican_memory(const unsigned char *key, unsigned long keylen,
|
||||
|
||||
#endif
|
||||
|
||||
#ifdef NLS_MODE
|
||||
|
||||
#define NLS_ENCRYPT 0
|
||||
#define NLS_DECRYPT 1
|
||||
|
||||
typedef struct {
|
||||
ulong32 R[17]; /* Working storage for the shift register */
|
||||
ulong32 M[8]; /* Working storage for MAC accumulation */
|
||||
ulong32 CRC[8]; /* Working storage for CRC accumulation */
|
||||
ulong32 initR[17]; /* saved register contents */
|
||||
ulong32 konst; /* key dependent constant */
|
||||
ulong32 sbuf; /* partial ulong32 encryption buffer */
|
||||
ulong32 mbuf; /* partial ulong32 MAC buffer */
|
||||
int nbuf; /* number of part-ulong32 stream bits buffered */
|
||||
ulong32 CtrModF16; /* Multiprecision counter, modulo F16 */
|
||||
ulong32 CtrMod232; /* Multiprecision counter, LSW */
|
||||
} nls_state;
|
||||
|
||||
/* interface definitions */
|
||||
int nls_key(nls_state *c, const unsigned char *key, unsigned long keylen); /* set key */
|
||||
int nls_nonce(nls_state *c, const unsigned char *nonce, unsigned long noncelen); /* set IV */
|
||||
int nls_maconly(nls_state *c, const unsigned char *buf, unsigned long nbytes); /* accumulate MAC */
|
||||
int nls_encrypt(nls_state * c,
|
||||
const unsigned char *pt, unsigned long nbytes,
|
||||
unsigned char *ct); /* enc+MAC */
|
||||
int nls_decrypt(nls_state * c,
|
||||
const unsigned char *ct, unsigned long nbytes,
|
||||
unsigned char *pt); /* dec+MAC */
|
||||
int nls_finish(nls_state *c, unsigned char *buf, unsigned long nbytes); /* finalize MAC */
|
||||
|
||||
int nls_memory(const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *IV, unsigned long IVlen,
|
||||
const unsigned char *adata, unsigned long adatalen,
|
||||
unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct,
|
||||
unsigned char *tag, unsigned long taglen,
|
||||
int direction);
|
||||
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
/* $Source$ */
|
||||
/* $Revision$ */
|
||||
/* $Date$ */
|
||||
|
@ -16,7 +16,7 @@
|
||||
*/
|
||||
|
||||
struct ltc_cipher_descriptor cipher_descriptor[TAB_SIZE] = {
|
||||
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
|
||||
{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
|
||||
};
|
||||
|
||||
LTC_MUTEX_GLOBAL(ltc_cipher_mutex)
|
||||
|
@ -55,7 +55,7 @@ int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, i
|
||||
}
|
||||
|
||||
/* update pad */
|
||||
#ifdef LRW_2TABLES
|
||||
#ifdef LRW_TABLES
|
||||
/* for each byte changed we undo it's affect on the pad then add the new product */
|
||||
for (; x < 16; x++) {
|
||||
#ifdef LTC_FAST
|
||||
|
@ -17,46 +17,6 @@
|
||||
|
||||
#ifdef LRW_MODE
|
||||
|
||||
#ifdef LRW_TABLES
|
||||
|
||||
/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the
|
||||
* lower 16 bits are not zero'ed I removed the upper 14 bytes */
|
||||
static const unsigned char gcm_shift_table[256*2] = {
|
||||
0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
|
||||
0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
|
||||
0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
|
||||
0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
|
||||
0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
|
||||
0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
|
||||
0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
|
||||
0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
|
||||
0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
|
||||
0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
|
||||
0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
|
||||
0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
|
||||
0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
|
||||
0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
|
||||
0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
|
||||
0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
|
||||
0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
|
||||
0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
|
||||
0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
|
||||
0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
|
||||
0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
|
||||
0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
|
||||
0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
|
||||
0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
|
||||
0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
|
||||
0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
|
||||
0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
|
||||
0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
|
||||
0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
|
||||
0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
|
||||
0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
|
||||
0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
|
||||
|
||||
#endif
|
||||
|
||||
/**
|
||||
Initialize the LRW context
|
||||
@param cipher The cipher desired, must be a 128-bit block cipher
|
||||
|
@ -38,7 +38,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
||||
LTC_ARGCHK(ltc_mp.name != NULL);
|
||||
|
||||
/* init key */
|
||||
if ((err = mp_init_multi(&zero, &key->e, &key->d, &key->N, &key->dQ,
|
||||
if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
|
||||
&key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
@ -95,6 +95,9 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
||||
}
|
||||
|
||||
if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) {
|
||||
if ((err = mp_init(&zero)) != CRYPT_OK) {
|
||||
goto LBL_ERR;
|
||||
}
|
||||
/* it's a private key */
|
||||
if ((err = der_decode_sequence_multi(in, inlen,
|
||||
LTC_ASN1_INTEGER, 1UL, zero,
|
||||
@ -107,8 +110,10 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
||||
LTC_ASN1_INTEGER, 1UL, key->dQ,
|
||||
LTC_ASN1_INTEGER, 1UL, key->qP,
|
||||
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
|
||||
mp_clear(zero);
|
||||
goto LBL_ERR;
|
||||
}
|
||||
mp_clear(zero);
|
||||
key->type = PK_PRIVATE;
|
||||
} else if (mp_cmp_d(key->N, 1) == LTC_MP_EQ) {
|
||||
/* we don't support multi-prime RSA */
|
||||
@ -126,7 +131,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
||||
}
|
||||
return CRYPT_OK;
|
||||
LBL_ERR:
|
||||
mp_clear_multi(zero, key->d, key->e, key->N, key->dQ, key->dP,
|
||||
mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP,
|
||||
key->qP, key->p, key->q, NULL);
|
||||
return err;
|
||||
}
|
||||
|
@ -330,6 +330,7 @@ int time_cipher(void)
|
||||
c2 = (t2 > c2 ? c2 : t2);
|
||||
}
|
||||
a2 = c2 - c1 - skew;
|
||||
ecb_done(&ecb);
|
||||
|
||||
results[no_results].id = x;
|
||||
results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length);
|
||||
@ -401,6 +402,7 @@ int time_cipher2(void)
|
||||
c2 = (t2 > c2 ? c2 : t2);
|
||||
}
|
||||
a2 = c2 - c1 - skew;
|
||||
cbc_done(&cbc);
|
||||
|
||||
results[no_results].id = x;
|
||||
results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length);
|
||||
@ -475,6 +477,7 @@ int time_cipher3(void)
|
||||
c2 = (t2 > c2 ? c2 : t2);
|
||||
}
|
||||
a2 = c2 - c1 - skew;
|
||||
ctr_done(&ctr);
|
||||
|
||||
results[no_results].id = x;
|
||||
results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length);
|
||||
@ -494,6 +497,84 @@ int time_cipher3(void)
|
||||
int time_cipher3(void) { fprintf(stderr, "NO CTR\n"); return 0; }
|
||||
#endif
|
||||
|
||||
#ifdef LRW_MODE
|
||||
int time_cipher4(void)
|
||||
{
|
||||
unsigned long x, y1;
|
||||
ulong64 t1, t2, c1, c2, a1, a2;
|
||||
symmetric_LRW lrw;
|
||||
unsigned char key[MAXBLOCKSIZE], pt[4096];
|
||||
int err;
|
||||
|
||||
fprintf(stderr, "\n\nLRW Time Trials for the Symmetric Ciphers:\n");
|
||||
no_results = 0;
|
||||
for (x = 0; cipher_descriptor[x].name != NULL; x++) {
|
||||
if (cipher_descriptor[x].block_length != 16) continue;
|
||||
lrw_start(x, pt, key, cipher_descriptor[x].min_key_length, key, 0, &lrw);
|
||||
|
||||
/* sanity check on cipher */
|
||||
if ((err = cipher_descriptor[x].test()) != CRYPT_OK) {
|
||||
fprintf(stderr, "\n\nERROR: Cipher %s failed self-test %s\n", cipher_descriptor[x].name, error_to_string(err));
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
#define DO1 lrw_encrypt(pt, pt, sizeof(pt), &lrw);
|
||||
#define DO2 DO1 DO1
|
||||
|
||||
c1 = c2 = (ulong64)-1;
|
||||
for (y1 = 0; y1 < 100; y1++) {
|
||||
t_start();
|
||||
DO1;
|
||||
t1 = t_read();
|
||||
DO2;
|
||||
t2 = t_read();
|
||||
t2 -= t1;
|
||||
|
||||
c1 = (t1 > c1 ? c1 : t1);
|
||||
c2 = (t2 > c2 ? c2 : t2);
|
||||
}
|
||||
a1 = c2 - c1 - skew;
|
||||
|
||||
#undef DO1
|
||||
#undef DO2
|
||||
#define DO1 lrw_decrypt(pt, pt, sizeof(pt), &lrw);
|
||||
#define DO2 DO1 DO1
|
||||
|
||||
c1 = c2 = (ulong64)-1;
|
||||
for (y1 = 0; y1 < 100; y1++) {
|
||||
t_start();
|
||||
DO1;
|
||||
t1 = t_read();
|
||||
DO2;
|
||||
t2 = t_read();
|
||||
t2 -= t1;
|
||||
|
||||
c1 = (t1 > c1 ? c1 : t1);
|
||||
c2 = (t2 > c2 ? c2 : t2);
|
||||
}
|
||||
a2 = c2 - c1 - skew;
|
||||
|
||||
lrw_done(&lrw);
|
||||
|
||||
results[no_results].id = x;
|
||||
results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length);
|
||||
results[no_results].spd2 = a2/(sizeof(pt)/cipher_descriptor[x].block_length);
|
||||
results[no_results].avg = (results[no_results].spd1 + results[no_results].spd2+1)/2;
|
||||
++no_results;
|
||||
fprintf(stderr, "."); fflush(stdout);
|
||||
|
||||
#undef DO2
|
||||
#undef DO1
|
||||
}
|
||||
tally_results(1);
|
||||
|
||||
return 0;
|
||||
}
|
||||
#else
|
||||
int time_cipher4(void) { fprintf(stderr, "NO LRW\n"); return 0; }
|
||||
#endif
|
||||
|
||||
|
||||
int time_hash(void)
|
||||
{
|
||||
unsigned long x, y1, len;
|
||||
|
Loading…
Reference in New Issue
Block a user