added libtomcrypt-1.09

This commit is contained in:
Tom St Denis 2006-01-26 18:11:56 +00:00 committed by Steffen Jaeckel
parent 1eeff0bfb4
commit a3ce807bae
55 changed files with 2480 additions and 126 deletions

View File

@ -23,7 +23,7 @@ PROJECT_NAME = LibTomCrypt
# This could be handy for archiving the generated documentation or
# if some version control system is used.
PROJECT_NUMBER = 1.08
PROJECT_NUMBER = 1.09
# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
# base path where the generated documentation will be put.

1
TODO
View File

@ -1 +0,0 @@

15
changes
View File

@ -1,3 +1,14 @@
January 26th, 2006
v1.09 -- Added missing doxygen comments to some of the ASN.1 routines
-- Added "easy button" define LTC_EASY and LTC will build with a subset of all the algos. Reduces build times for typical
configurations. Tunable [see tomcrypt_custom.h]
-- Added some error detection to reg_algs() of the testprof.a library to detect when the PRNG is not setup correctly (took me 10 mins to figure out, PITA!)
-- Similar fixes to timing demo (MD5 not defined when EASY is defined)
-- Added the NLS enc+mac stream cipher from QUALCOMM, disabled for this release, waiting on test vectors
-- Finally added an auto-update script for the makefiles. So when I add new files/dirs it can automatically fix up the makefiles [all four of them...]
-- Added LRW to the list of cipher modes supported
-- cleaned up ciphers definitions to remove cbc/cfb/ofb/ctr/etc from the namespace when not used.
November 24th, 2005
v1.08 -- Added SET and SET OF support to the ASN.1 side
-- Fixed up X macros, added QSORT to the mix [thanks SET/SETOF]
@ -1394,6 +1405,6 @@ v0.02 -- Changed RC5 to only allow 12 to 24 rounds
v0.01 -- We will call this the first version.
/* $Source: /cvs/libtom/libtomcrypt/changes,v $ */
/* $Revision: 1.161 $ */
/* $Date: 2005/11/24 03:30:18 $ */
/* $Revision: 1.168 $ */
/* $Date: 2006/01/26 18:15:51 $ */

111
crypt.tex
View File

@ -47,7 +47,7 @@
\def\gap{\vspace{0.5ex}}
\makeindex
\begin{document}
\title{LibTomCrypt \\ Version 1.08}
\title{LibTomCrypt \\ Version 1.09}
\author{Tom St Denis \\
\\
tomstdenis@gmail.com \\
@ -520,6 +520,18 @@ struct _cipher_descriptor {
unsigned char *ct,
unsigned long blocks, unsigned char *IV,
int mode, symmetric_key *skey);
int (*accel_lrw_encrypt)(const unsigned char *pt,
unsigned char *ct,
unsigned long blocks,
unsigned char *IV,
const unsigned char *tweak,
symmetric_key *skey);
int (*accel_lrw_decrypt)(const unsigned char *ct,
unsigned char *pt,
unsigned long blocks,
unsigned char *IV,
const unsigned char *tweak,
symmetric_key *skey);
int (*accel_ccm_memory)(
const unsigned char *key, unsigned long keylen,
symmetric_key *uskey,
@ -938,6 +950,61 @@ int main(void)
\end{verbatim}
\end{small}
\subsection{LRW Mode}
LRW mode is a cipher mode which is meant for indexed encryption like used to handle storage media. It is meant to have efficient seeking and overcome the
security problems of ECB mode while not increasing the storage requirements. It is used much like any other chaining mode except with two key differences.
The key is specified as two strings the first key $K_1$ is the (normally AES) key and can be any length (typically 16, 24 or 32 octets long). The second key
$K_2$ is the ``tweak'' key and is always 16 octets long. The tweak value is \textbf{NOT} a nonce or IV value it must be random and secret.
To initialize LRW mode use:
\index{lrw\_start()}
\begin{verbatim}
int lrw_start( int cipher,
const unsigned char *IV,
const unsigned char *key, int keylen,
const unsigned char *tweak,
int num_rounds,
symmetric_LRW *lrw);
\end{verbatim}
This will initialize the LRW context with the given (16 octet) ``IV'', cipher $K_1$ ``key'' of length ``keylen'' octets and the (16 octet) $K_2$ ``tweak''.
While LRW was specified to be used only with AES, LibTomCrypt will allow any 128--bit block cipher to be specified as indexed by ``cipher''. The
number of rounds for the block cipher ``num\_rounds'' can be 0 to use the default number of rounds for the given cipher.
To process data use the following functions:
\index{lrw\_encrypt()} \index{lrw\_decrypt()}
\begin{verbatim}
int lrw_encrypt(const unsigned char *pt, unsigned char *ct,
unsigned long len, symmetric_LRW *lrw);
int lrw_decrypt(const unsigned char *ct, unsigned char *pt,
unsigned long len, symmetric_LRW *lrw);
\end{verbatim}
These will encrypt (or decrypt) the plaintext to the ciphertext buffer (or vice versa). The length is specified by ``len'' in octets but must be a multiple
of 16.
To manipulate the IV use the following functions:
\index{lrw\_getiv()} \index{lrw\_setiv()}
\begin{verbatim}
int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw);
int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw);
\end{verbatim}
These will get or set the 16--octet IV. Note that setting the IV is the same as ``seeking'' and unlike other modes is not a free operation. It requires
updating the entire tweak which is slower than sequential use. Avoid seeking excessively in performance constrained code.
To terminate the LRW state use the following:
\index{lrw\_done()}
\begin{verbatim}
int lrw_done(symmetric_LRW *lrw);
\end{verbatim}
\section{Encrypt and Authenticate Modes}
\subsection{EAX Mode}
@ -4306,6 +4373,32 @@ struct ltc_cipher_descriptor {
unsigned long blocks, unsigned char *IV,
int mode, symmetric_key *skey);
/** Accelerated LRW
@param pt Plaintext
@param ct Ciphertext
@param blocks The number of complete blocks to process
@param IV The initial value (input/output)
@param tweak The LRW tweak
@param skey The scheduled key context
@return CRYPT_OK if successful
*/
int (*accel_lrw_encrypt)(const unsigned char *pt, unsigned char *ct,
unsigned long blocks, unsigned char *IV,
const unsigned char *tweak, symmetric_key *skey);
/** Accelerated LRW
@param ct Ciphertext
@param pt Plaintext
@param blocks The number of complete blocks to process
@param IV The initial value (input/output)
@param tweak The LRW tweak
@param skey The scheduled key context
@return CRYPT_OK if successful
*/
int (*accel_lrw_decrypt)(const unsigned char *ct, unsigned char *pt,
unsigned long blocks, unsigned char *IV,
const unsigned char *tweak, symmetric_key *skey);
/** Accelerated CCM packet (one-shot)
@param key The secret key to use
@param keylen The length of the secret key (octets)
@ -4432,6 +4525,18 @@ buffer provided) before encrypting it to create the pad.
The accelerator will only be used to encrypt whole blocks. Partial blocks are always handled in software.
\subsubsection{Accelerated LRW}
These functions are meant for accelerated LRW. They process blocks of input in lengths of multiples of 16 octets. They must accept the ``IV'' and ``tweak''
state variables and updated them prior to returning. Note that you may want to disable \textbf{LRW\_TABLES} in ``tomcrypt\_custom.h'' if you intend
to use accelerators for LRW.
While both encrypt and decrypt accelerators are not required it is suggested as it makes lrw\_setiv() more efficient.
Note that calling lrw\_done() will only invoke the cipher\_descriptor[].done() function on the ``symmetric\_key'' parameter of the LRW state. That means
if your device requires any (LRW specific) resources you should free them in your ciphers() done function. The simplest way to think of it is to write
the plugin solely to do LRW with the cipher. That way cipher\_descriptor[].setup() means to init LRW resources and cipher\_descriptor[].done() means to
free them.
\subsubsection{Accelerated CCM}
This function is meant for accelerated CCM encryption or decryption. It processes the entire packet in one call. You can optimize the work flow somewhat
by allowing the caller to call the setup() function first to schedule the key if your accelerator cannot do the key schedule on the fly (for instance). This
@ -5076,5 +5181,5 @@ Since the function is given the entire RSA key (for private keys only) CRT is po
\end{document}
% $Source: /cvs/libtom/libtomcrypt/crypt.tex,v $
% $Revision: 1.59 $
% $Date: 2005/11/24 01:53:18 $
% $Revision: 1.62 $
% $Date: 2006/01/26 18:29:02 $

Binary file not shown.

30
filter.pl Normal file
View File

@ -0,0 +1,30 @@
#!/usr/bin/perl
# we want to filter every between START_INS and END_INS out and then insert crap from another file (this is fun)
$dst = shift;
$ins = shift;
open(SRC,"<$dst");
open(INS,"<$ins");
open(TMP,">tmp.delme");
$l = 0;
while (<SRC>) {
if ($_ =~ /START_INS/) {
print TMP $_;
$l = 1;
while (<INS>) {
print TMP $_;
}
close INS;
} elsif ($_ =~ /END_INS/) {
print TMP $_;
$l = 0;
} elsif ($l == 0) {
print TMP $_;
}
}
close TMP;
close SRC;

View File

@ -4,7 +4,7 @@
# Modified by Clay Culver
# The version
VERSION=1.08
VERSION=1.09
# Compiler and Linker Names
#CC=gcc
@ -111,8 +111,9 @@ src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/en
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o \
src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
@ -150,14 +151,16 @@ src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
src/pk/asn1/der/integer/der_length_integer.o \
src/modes/ecb/ecb_start.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/choice/der_decode_choice.o \
src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
@ -200,6 +203,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt
src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
#END_INS
TESTOBJECTS=demos/test.o
@ -361,5 +365,5 @@ zipup: no_oops docs
# $Source: /cvs/libtom/libtomcrypt/makefile,v $
# $Revision: 1.108 $
# $Date: 2005/11/23 02:34:57 $
# $Revision: 1.114 $
# $Date: 2006/01/26 06:12:31 $

View File

@ -98,8 +98,9 @@ src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/en
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o \
src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
@ -137,14 +138,16 @@ src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
src/pk/asn1/der/integer/der_length_integer.o \
src/modes/ecb/ecb_start.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/choice/der_decode_choice.o \
src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
@ -187,6 +190,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt
src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
#END_INS
#Who do we install as?
@ -266,6 +270,6 @@ install: library
install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
# $Source: /cvs/libtom/libtomcrypt/makefile.icc,v $
# $Revision: 1.45 $
# $Date: 2005/11/23 02:34:57 $
# $Revision: 1.49 $
# $Date: 2006/01/26 06:12:31 $

View File

@ -13,8 +13,9 @@ src/encauth/eax/eax_decrypt.obj src/encauth/eax/eax_decrypt_verify_memory.obj sr
src/encauth/eax/eax_encrypt.obj src/encauth/eax/eax_encrypt_authenticate_memory.obj \
src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj \
src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \
src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_process.obj \
src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj src/encauth/ocb/ocb_decrypt.obj \
src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \
src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \
src/encauth/nls/nls_memory.obj src/encauth/nls/nlsfast.obj src/encauth/ocb/ocb_decrypt.obj \
src/encauth/ocb/ocb_decrypt_verify_memory.obj src/encauth/ocb/ocb_done_decrypt.obj \
src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
@ -52,14 +53,16 @@ src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.
src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj \
src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj \
src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \
src/modes/ecb/ecb_start.obj src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj \
src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj \
src/modes/ofb/ofb_start.obj src/pk/asn1/der/bit/der_decode_bit_string.obj \
src/pk/asn1/der/bit/der_encode_bit_string.obj src/pk/asn1/der/bit/der_length_bit_string.obj \
src/pk/asn1/der/choice/der_decode_choice.obj src/pk/asn1/der/ia5/der_decode_ia5_string.obj \
src/pk/asn1/der/ia5/der_encode_ia5_string.obj src/pk/asn1/der/ia5/der_length_ia5_string.obj \
src/pk/asn1/der/integer/der_decode_integer.obj src/pk/asn1/der/integer/der_encode_integer.obj \
src/pk/asn1/der/integer/der_length_integer.obj \
src/modes/ecb/ecb_start.obj src/modes/lrw/lrw_decrypt.obj src/modes/lrw/lrw_done.obj \
src/modes/lrw/lrw_encrypt.obj src/modes/lrw/lrw_getiv.obj src/modes/lrw/lrw_process.obj \
src/modes/lrw/lrw_setiv.obj src/modes/lrw/lrw_start.obj src/modes/lrw/lrw_test.obj \
src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj src/modes/ofb/ofb_encrypt.obj \
src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj src/modes/ofb/ofb_start.obj \
src/pk/asn1/der/bit/der_decode_bit_string.obj src/pk/asn1/der/bit/der_encode_bit_string.obj \
src/pk/asn1/der/bit/der_length_bit_string.obj src/pk/asn1/der/choice/der_decode_choice.obj \
src/pk/asn1/der/ia5/der_decode_ia5_string.obj src/pk/asn1/der/ia5/der_encode_ia5_string.obj \
src/pk/asn1/der/ia5/der_length_ia5_string.obj src/pk/asn1/der/integer/der_decode_integer.obj \
src/pk/asn1/der/integer/der_encode_integer.obj src/pk/asn1/der/integer/der_length_integer.obj \
src/pk/asn1/der/object_identifier/der_decode_object_identifier.obj \
src/pk/asn1/der/object_identifier/der_encode_object_identifier.obj \
src/pk/asn1/der/object_identifier/der_length_object_identifier.obj \
@ -102,6 +105,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt
src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
#END_INS
default: library
@ -129,5 +133,5 @@ timing: demos/timing.c library
cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib $(EXTRALIBS)
# $Source: /cvs/libtom/libtomcrypt/makefile.msvc,v $
# $Revision: 1.25 $
# $Date: 2005/11/23 02:34:57 $
# $Revision: 1.29 $
# $Date: 2006/01/26 06:12:31 $

View File

@ -6,7 +6,7 @@
# Tom St Denis
# The version
VERSION=0:108
VERSION=0:109
# Compiler and Linker Names
CC=libtool --mode=compile gcc
@ -105,8 +105,9 @@ src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/en
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o \
src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
@ -144,14 +145,16 @@ src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
src/pk/asn1/der/integer/der_length_integer.o \
src/modes/ecb/ecb_start.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/choice/der_decode_choice.o \
src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
@ -194,6 +197,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt
src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
#END_INS
TESTOBJECTS=demos/test.o
@ -255,5 +259,5 @@ timing: library testprof/$(LIBTEST) $(TIMINGS)
gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS)
# $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $
# $Revision: 1.38 $
# $Date: 2005/11/23 02:34:57 $
# $Revision: 1.43 $
# $Date: 2006/01/26 06:12:31 $

View File

@ -49,7 +49,7 @@ const struct ltc_cipher_descriptor rijndael_desc =
6,
16, 32, 16, 10,
SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
const struct ltc_cipher_descriptor aes_desc =
@ -58,7 +58,7 @@ const struct ltc_cipher_descriptor aes_desc =
6,
16, 32, 16, 10,
SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#else
@ -74,7 +74,7 @@ const struct ltc_cipher_descriptor rijndael_enc_desc =
6,
16, 32, 16, 10,
SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
const struct ltc_cipher_descriptor aes_enc_desc =
@ -83,7 +83,7 @@ const struct ltc_cipher_descriptor aes_enc_desc =
6,
16, 32, 16, 10,
SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif

View File

@ -29,7 +29,7 @@ const struct ltc_cipher_descriptor anubis_desc = {
&anubis_test,
&anubis_done,
&anubis_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#define MIN_N 4

View File

@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor blowfish_desc =
&blowfish_test,
&blowfish_done,
&blowfish_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 ORIG_P[16 + 2] = {

View File

@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor cast5_desc = {
&cast5_test,
&cast5_done,
&cast5_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 S1[256] = {

View File

@ -31,7 +31,7 @@ const struct ltc_cipher_descriptor des_desc =
&des_test,
&des_done,
&des_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
const struct ltc_cipher_descriptor des3_desc =
@ -45,7 +45,7 @@ const struct ltc_cipher_descriptor des3_desc =
&des3_test,
&des3_done,
&des3_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 bytebit[8] =

View File

@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor khazad_desc = {
&khazad_test,
&khazad_done,
&khazad_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#define R 8

View File

@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor noekeon_desc =
&noekeon_test,
&noekeon_done,
&noekeon_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 RC[] = {

View File

@ -36,7 +36,7 @@ const struct ltc_cipher_descriptor rc2_desc = {
&rc2_test,
&rc2_done,
&rc2_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/* 256-entry permutation table, probably derived somehow from pi */

View File

@ -29,7 +29,7 @@ const struct ltc_cipher_descriptor rc5_desc =
&rc5_test,
&rc5_done,
&rc5_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 stab[50] = {

View File

@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor rc6_desc =
&rc6_test,
&rc6_done,
&rc6_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 stab[44] = {

View File

@ -42,7 +42,7 @@ const struct ltc_cipher_descriptor
&safer_k64_test,
&safer_done,
&safer_64_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
},
safer_sk64_desc = {
@ -54,7 +54,7 @@ const struct ltc_cipher_descriptor
&safer_sk64_test,
&safer_done,
&safer_64_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
},
safer_k128_desc = {
@ -66,7 +66,7 @@ const struct ltc_cipher_descriptor
&safer_sk128_test,
&safer_done,
&safer_128_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
},
safer_sk128_desc = {
@ -78,7 +78,7 @@ const struct ltc_cipher_descriptor
&safer_sk128_test,
&safer_done,
&safer_128_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/******************* Constants ************************************************/

View File

@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor saferp_desc =
&saferp_test,
&saferp_done,
&saferp_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/* ROUND(b,i)

View File

@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor skipjack_desc =
&skipjack_test,
&skipjack_done,
&skipjack_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const unsigned char sbox[256] = {

View File

@ -35,7 +35,7 @@ const struct ltc_cipher_descriptor twofish_desc =
&twofish_test,
&twofish_done,
&twofish_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/* the two polynomials */

View File

@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor xtea_desc =
&xtea_test,
&xtea_done,
&xtea_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)

View File

@ -11,11 +11,11 @@
/**
@file gcm_gf_mult.c
GCM implementation, initialize state, by Tom St Denis
GCM implementation, do the GF mult, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef GCM_MODE
#if defined(GCM_MODE) || defined(LRW_MODE)
/* right shift */
static void gcm_rightshift(unsigned char *a)
@ -57,36 +57,6 @@ void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *
}
XMEMCPY(c, Z, 16);
}
/**
GCM multiply by H
@param gcm The GCM state which holds the H value
@param I The value to multiply H by
*/
void gcm_mult_h(gcm_state *gcm, unsigned char *I)
{
unsigned char T[16];
#ifdef GCM_TABLES
int x, y;
XMEMCPY(T, &gcm->PC[0][I[0]][0], 16);
for (x = 1; x < 16; x++) {
#ifdef LTC_FAST
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y]));
}
#else
for (y = 0; y < 16; y++) {
T[y] ^= gcm->PC[x][I[x]][y];
}
#endif
}
#else
gcm_gf_mult(gcm->H, I, T);
#endif
XMEMCPY(I, T, 16);
}
#endif
/* $Source$ */

View File

@ -0,0 +1,50 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file gcm_mult_h.c
GCM implementation, do the GF mult, by Tom St Denis
*/
#include "tomcrypt.h"
#if defined(GCM_MODE)
/**
GCM multiply by H
@param gcm The GCM state which holds the H value
@param I The value to multiply H by
*/
void gcm_mult_h(gcm_state *gcm, unsigned char *I)
{
unsigned char T[16];
#ifdef GCM_TABLES
int x, y;
XMEMCPY(T, &gcm->PC[0][I[0]][0], 16);
for (x = 1; x < 16; x++) {
#ifdef LTC_FAST
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y]));
}
#else
for (y = 0; y < 16; y++) {
T[y] ^= gcm->PC[x][I[x]][y];
}
#endif
}
#else
gcm_gf_mult(gcm->H, I, T);
#endif
XMEMCPY(I, T, 16);
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

View File

@ -0,0 +1,94 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file nls_memory.c
NLS support, process a block of memory, Tom St Denis
*/
#ifdef NLS_MODE
int nls_memory(const unsigned char *key, unsigned long keylen,
const unsigned char *IV, unsigned long IVlen,
const unsigned char *adata, unsigned long adatalen,
unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long taglen,
int direction)
{
nls_state *nls;
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(IV != NULL);
if (adatalen > 0) {
LTC_ARGCHK(adata != NULL);
}
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
if (taglen > 0) {
LTC_ARGCHK(tag != NULL);
}
/* alloc NLS state */
nls = XCALLOC(1, sizeof(*nls));
if (nls == NULL) {
return CRYPT_MEM;
}
/* init key and IV */
if ((err = nls_key(nls, key, keylen)) != CRYPT_OK) {
goto done;
}
if ((err = nls_nonce(nls, IV, IVlen)) != CRYPT_OK) {
goto done;
}
/* process adata */
if (adatalen > 0) {
if ((err = nls_maconly(nls, adata, adatalen)) != CRYPT_OK) {
goto done;
}
}
/* process msg */
if (direction == NLS_ENCRYPT) {
if ((err = nls_encrypt(nls, pt, nbytes, ct)) != CRYPT_OK) {
goto done;
}
} else {
if ((err = nls_decrypt(nls, ct, nbytes, pt)) != CRYPT_OK) {
goto done;
}
}
/* grab tag */
if (taglen > 0) {
if ((err = nls_finish(nls, tag, taglen)) != CRYPT_OK) {
goto done;
}
}
err = CRYPT_OK;
done:
#ifdef LTC_CLEAN_STACK
zeromem(nls, sizeof(*nls));
#endif
XFREE(nls);
return err;
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

981
src/encauth/nls/nlsfast.c Normal file
View File

@ -0,0 +1,981 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file nlsfast.c
NLS support, entire suite, Tom St Denis
*/
/* Id: nlsfast.c 346 2005-04-22 18:36:12Z mwp */
/* nlsfast: NLS stream cipher and Mundja MAC -- fast implementation */
/*
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND AGAINST
INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* This source has been modified from the original source for the LibTomCrypt project
* by Tom St Denis. (Warnings fixed and code GNU indented)
*/
#include "tomcrypt.h"
#ifdef NLS_MODE
#define NLS_LONG_OUTPUT 1
#define N 17
#define NMAC 8
#define WORDSIZE 32
#define F16 0x10001ul
#define MACKONST 8
/* interface, multiplication table and SBox */
#include "nlssbox.inc"
#include "nlsmultab.inc"
/*
* FOLD is how many register cycles need to be performed after combining the
* last byte of key and non-linear feedback, before every byte depends on every
* byte of the key. This depends on the feedback and nonlinear functions, and
* on where they are combined into the register.
*/
#define FOLD N /* how many iterations of folding to do */
#define INITKONST 0x6996c53a /* value of KONST to use during key loading */
#define KEYP 15 /* where to insert key words */
#define FOLDP 4 /* where to insert non-linear feedback */
#if NLS_LONG_OUTPUT
#define CTRP 2 /* where to insert counter to avoid small cycles */
#endif /*NLS_LONG_OUTPUT */
#define Byte(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
/* define IS_LITTLE_ENDIAN for faster operation when appropriate */
#if defined(ENDIAN_LITTLE) && defined(ENDIAN_32BITWORD)
/* Useful macros -- little endian words on a little endian machine */
#define BYTE2WORD(b) (*(ulong32 *)(b))
#define WORD2BYTE(w, b) ((*(ulong32 *)(b)) = w)
#define XORWORD(w, b) ((*(ulong32 *)(b)) ^= w)
#else
/* Useful macros -- machine independent little-endian version */
#define BYTE2WORD(b) ( \
(((ulong32)(b)[3] & 0xFF)<<24) | \
(((ulong32)(b)[2] & 0xFF)<<16) | \
(((ulong32)(b)[1] & 0xFF)<<8) | \
(((ulong32)(b)[0] & 0xFF)) \
)
#define WORD2BYTE(w, b) { \
(b)[3] = Byte(w,3); \
(b)[2] = Byte(w,2); \
(b)[1] = Byte(w,1); \
(b)[0] = Byte(w,0); \
}
#define XORWORD(w, b) { \
(b)[3] ^= Byte(w,3); \
(b)[2] ^= Byte(w,2); \
(b)[1] ^= Byte(w,1); \
(b)[0] ^= Byte(w,0); \
}
#endif
#if NLS_LONG_OUTPUT
#define ZEROCOUNTER(c) c->CtrModF16 = c->CtrMod232 = 0
#else
#define ZEROCOUNTER(c) /* nothing */
#endif /*NLS_LONG_OUTPUT */
/* give correct offset for the current position of the register,
* where logically R[0] is at position "zero".
*/
#define OFF(zero, i) (((zero)+(i)) % N)
#if NLS_LONG_OUTPUT
/* Increment counter and mix into register every so often */
#define FIXCTR(c,z) \
{ \
if (++c->CtrModF16 == F16) { \
c->CtrMod232 += c->CtrModF16; \
c->R[OFF(z,CTRP)] += c->CtrMod232; \
c->CtrMod232 = 0; \
} \
}
#endif /*NLS_LONG_OUTPUT */
/* step the shift register */
/* After stepping, "zero" moves right one place */
#define STEP(c,z) \
{ register ulong32 tt; \
tt = ROL(c->R[OFF(z,0)],19) + ROL(c->R[OFF(z,15)],9) + c->konst; \
tt ^= Sbox[(tt >> 24) & 0xFF]; \
c->R[OFF(z,0)] = tt ^ c->R[OFF(z,4)]; \
}
static void cycle(nls_state * c)
{
ulong32 t;
int i;
/* nonlinear feedback function */
STEP(c, 0);
/* shift register */
t = c->R[0];
for (i = 1; i < N; ++i)
c->R[i - 1] = c->R[i];
c->R[N - 1] = t;
#if NLS_LONG_OUTPUT
FIXCTR(c, 0);
#endif /*NLS_LONG_OUTPUT */
}
/* Return a non-linear function of some parts of the register.
*/
#define NLFUNC(c,z) \
(c->R[OFF(z,0)] + c->R[OFF(z,16)]) \
^ (c->R[OFF(z,1)] + c->konst) \
^ (c->R[OFF(z,6)] + c->R[OFF(z,13)])
static ulong32 nltap(nls_state * c)
{
return NLFUNC(c, 0);
}
/* The Mundja MAC function is modelled after the round function of SHA-256.
* The following lines establish aliases for the MAC accumulator, just
* so that the definition of that function looks more like FIPS-180-2.
*/
#define A c->M[0]
#define B c->M[1]
#define C c->M[2]
#define D c->M[3]
#define E c->M[4]
#define F c->M[5]
#define G c->M[6]
#define H c->M[7]
#define SIGMA0(x) (ROR((x), 2) ^ ROR((x), 13) ^ ROR((x), 22))
#define SIGMA1(x) (ROR((x), 6) ^ ROR((x), 11) ^ ROR((x), 25))
#define CHOOSE(x,y,z) (z ^ (x & (y ^ z)))
#define MAJORITY(x,y,z) ((x & y) | (z & (x | y)))
/* Accumulate a nonlinear function of a register word and an input word for MAC.
* Except for the added S-Box and SOBER LFSR input instead of constants,
* this is exactly a round of SHA-256.
*/
#define SHAFUNC(c,i,k,A,B,C,D,E,F,G,H) \
{ \
ulong32 t1; \
t1 = H + k + i; \
t1 ^= Sbox[(t1 >> 24) & 0xFF]; \
t1 += SIGMA1(E) + CHOOSE(E, F, G); \
D += t1; \
t1 += SIGMA0(A) + MAJORITY(A, B, C); \
H = t1; \
}
static void shafunc(nls_state * c, ulong32 i)
{
ulong32 t;
SHAFUNC(c, i, c->R[MACKONST], A, B, C, D, E, F, G, H);
/* now correct alignment of MAC accumulator */
t = c->M[NMAC - 1];
for (i = NMAC - 1; i > 0; --i)
c->M[i] = c->M[i - 1];
c->M[0] = t;
}
/* Accumulate a CRC of input words, later to be fed into MAC.
*/
#define CRCFUNC(c,i,zero,five) \
{ \
ulong32 t1; \
t1 = (c->CRC[zero] << 8) ^ Multab[(c->CRC[zero] >> 24) & 0xFF] \
^ c->CRC[five] ^ i; \
c->CRC[zero] = t1; \
}
static void crcfunc(nls_state * c, ulong32 i)
{
ulong32 t;
CRCFUNC(c, i, 0, 5);
/* now correct alignment of CRC accumulator */
t = c->CRC[0];
for (i = 1; i < NMAC; ++i)
c->CRC[i - 1] = c->CRC[i];
c->CRC[NMAC - 1] = t;
}
/* Normal MAC word processing: do both SHA and CRC.
*/
static void macfunc(nls_state * c, ulong32 i)
{
crcfunc(c, i);
shafunc(c, i);
}
/* initialise to known state
*/
static void nls_initstate(nls_state * c)
{
int i;
/* Register initialised to Fibonacci numbers */
c->R[0] = 1;
c->R[1] = 1;
for (i = 2; i < N; ++i)
c->R[i] = c->R[i - 1] + c->R[i - 2];
c->konst = INITKONST;
ZEROCOUNTER(c);
}
/* Save the current register state
*/
static void nls_savestate(nls_state * c)
{
int i;
for (i = 0; i < N; ++i)
c->initR[i] = c->R[i];
}
/* initialise to previously saved register state
*/
static void nls_reloadstate(nls_state * c)
{
int i;
for (i = 0; i < N; ++i)
c->R[i] = c->initR[i];
ZEROCOUNTER(c);
}
/* Initialise "konst"
*/
static void nls_genkonst(nls_state * c)
{
ulong32 newkonst;
do {
cycle(c);
newkonst = nltap(c);
}
while ((newkonst & 0xFF000000) == 0);
c->konst = newkonst;
}
/* Load key material into the register
*/
#define ADDKEY(k) \
c->R[KEYP] += (k);
#define XORNL(nl) \
c->R[FOLDP] ^= (nl);
/* nonlinear diffusion of register for key and MAC */
#define DROUND(z) STEP(c,z); c->R[OFF((z+1),FOLDP)] ^= NLFUNC(c,(z+1));
static void nls_diffuse(nls_state * c)
{
/* relies on FOLD == N! */
DROUND(0);
DROUND(1);
DROUND(2);
DROUND(3);
DROUND(4);
DROUND(5);
DROUND(6);
DROUND(7);
DROUND(8);
DROUND(9);
DROUND(10);
DROUND(11);
DROUND(12);
DROUND(13);
DROUND(14);
DROUND(15);
DROUND(16);
}
/* common actions for loading key material */
static void
nls_loadkey(nls_state * c, const unsigned char *key, unsigned long keylen)
{
ulong32 i, k;
/* start folding in key, reject odd sized keys */
if ((keylen & 3) != 0)
abort();
for (i = 0; i < keylen; i += 4) {
k = BYTE2WORD(&key[i]);
ADDKEY(k);
cycle(c);
XORNL(nltap(c));
}
/* also fold in the length of the key */
ADDKEY(keylen);
/* now diffuse */
nls_diffuse(c);
}
/* initialise MAC related registers
*/
static void nls_macinit(nls_state * c)
{
int i;
for (i = 0; i < NMAC; ++i) {
c->M[i] = c->R[i];
c->CRC[i] = c->R[i + NMAC];
}
}
/* Published "key" interface
*/
int nls_key(nls_state * c, const unsigned char *key, unsigned long keylen)
{
LTC_ARGCHK(c != NULL);
LTC_ARGCHK(key != NULL);
if (keylen == 0) {
return CRYPT_INVALID_ARG;
}
nls_initstate(c);
nls_loadkey(c, key, keylen);
nls_genkonst(c);
nls_savestate(c);
nls_macinit(c);
c->nbuf = 0;
ZEROCOUNTER(c);
return CRYPT_OK;
}
/* Published "nonce" interface
*/
int
nls_nonce(nls_state * c, const unsigned char *nonce, unsigned long noncelen)
{
LTC_ARGCHK(c != NULL);
LTC_ARGCHK(nonce != NULL);
if (noncelen == 0) {
return CRYPT_INVALID_ARG;
}
nls_reloadstate(c);
nls_loadkey(c, nonce, noncelen);
nls_macinit(c);
c->nbuf = 0;
ZEROCOUNTER(c);
return CRYPT_OK;
}
#if 0
/* XOR pseudo-random bytes into buffer
* Note: doesn't play well with MAC functions.
*/
#define SROUND(z) STEP(c,z); t = NLFUNC(c,(z+1)); XORWORD(t, buf+(z*4));
static void
nls_stream(nls_state * c, unsigned char *buf, unsigned long nbytes)
{
ulong32 t = 0;
/* handle any previously buffered bytes */
while (c->nbuf != 0 && nbytes != 0) {
*buf++ ^= c->sbuf & 0xFF;
c->sbuf >>= 8;
c->nbuf -= 8;
--nbytes;
}
/* do lots at a time, if there's enough to do */
while (nbytes >= N * 4) {
#if NLS_LONG_OUTPUT
if (c->CtrModF16 < (F16 - 17)) {
#endif /*NLS_LONG_OUTPUT */
SROUND(0);
SROUND(1);
SROUND(2);
SROUND(3);
SROUND(4);
SROUND(5);
SROUND(6);
SROUND(7);
SROUND(8);
SROUND(9);
SROUND(10);
SROUND(11);
SROUND(12);
SROUND(13);
SROUND(14);
SROUND(15);
SROUND(16);
#if NLS_LONG_OUTPUT
c->CtrModF16 += 17;
} else {
SROUND(0);
FIXCTR(c, 1);
SROUND(1);
FIXCTR(c, 2);
SROUND(2);
FIXCTR(c, 3);
SROUND(3);
FIXCTR(c, 4);
SROUND(4);
FIXCTR(c, 5);
SROUND(5);
FIXCTR(c, 6);
SROUND(6);
FIXCTR(c, 7);
SROUND(7);
FIXCTR(c, 8);
SROUND(8);
FIXCTR(c, 9);
SROUND(9);
FIXCTR(c, 10);
SROUND(10);
FIXCTR(c, 11);
SROUND(11);
FIXCTR(c, 12);
SROUND(12);
FIXCTR(c, 13);
SROUND(13);
FIXCTR(c, 14);
SROUND(14);
FIXCTR(c, 15);
SROUND(15);
FIXCTR(c, 16);
SROUND(16);
FIXCTR(c, 0);
}
#endif /*NLS_LONG_OUTPUT */
buf += 4 * N;
nbytes -= N * 4;
}
/* do small or odd size buffers the slow way */
while (4 <= nbytes) {
cycle(c);
t = nltap(c);
XORWORD(t, buf);
buf += 4;
nbytes -= 4;
}
/* handle any trailing bytes */
if (nbytes != 0) {
cycle(c);
c->sbuf = nltap(c);
c->nbuf = 32;
while (c->nbuf != 0 && nbytes != 0) {
*buf++ ^= c->sbuf & 0xFF;
c->sbuf >>= 8;
c->nbuf -= 8;
--nbytes;
}
}
}
#endif
/* accumulate words into MAC without encryption
* Note that plaintext is accumulated for MAC.
*/
#define MROUND(z,A,B,C,D,E,F,G,H) \
t = BYTE2WORD(buf+(z*4)); \
STEP(c,z); \
CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \
SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H);
int nls_maconly(nls_state * c, const unsigned char *buf, unsigned long nbytes)
{
int i;
ulong32 t = 0;
LTC_ARGCHK(c != NULL);
LTC_ARGCHK(buf != NULL);
/* handle any previously buffered bytes */
if (c->nbuf != 0) {
while (c->nbuf != 0 && nbytes != 0) {
c->mbuf ^= (*buf++) << (32 - c->nbuf);
c->nbuf -= 8;
--nbytes;
}
if (c->nbuf != 0) { /* not a whole word yet */
return CRYPT_OK;
}
/* LFSR already cycled */
macfunc(c, c->mbuf);
}
/* do lots at a time, if there's enough to do */
while (4 * N <= nbytes) {
#if NLS_LONG_OUTPUT
if (c->CtrModF16 < (F16 - 17)) {
#endif /*NLS_LONG_OUTPUT */
MROUND(0, A, B, C, D, E, F, G, H);
MROUND(1, H, A, B, C, D, E, F, G);
MROUND(2, G, H, A, B, C, D, E, F);
MROUND(3, F, G, H, A, B, C, D, E);
MROUND(4, E, F, G, H, A, B, C, D);
MROUND(5, D, E, F, G, H, A, B, C);
MROUND(6, C, D, E, F, G, H, A, B);
MROUND(7, B, C, D, E, F, G, H, A);
MROUND(8, A, B, C, D, E, F, G, H);
MROUND(9, H, A, B, C, D, E, F, G);
MROUND(10, G, H, A, B, C, D, E, F);
MROUND(11, F, G, H, A, B, C, D, E);
MROUND(12, E, F, G, H, A, B, C, D);
MROUND(13, D, E, F, G, H, A, B, C);
MROUND(14, C, D, E, F, G, H, A, B);
MROUND(15, B, C, D, E, F, G, H, A);
MROUND(16, A, B, C, D, E, F, G, H);
#if NLS_LONG_OUTPUT
c->CtrModF16 += 17;
} else {
MROUND(0, A, B, C, D, E, F, G, H);
FIXCTR(c, 1);
MROUND(1, H, A, B, C, D, E, F, G);
FIXCTR(c, 2);
MROUND(2, G, H, A, B, C, D, E, F);
FIXCTR(c, 3);
MROUND(3, F, G, H, A, B, C, D, E);
FIXCTR(c, 4);
MROUND(4, E, F, G, H, A, B, C, D);
FIXCTR(c, 5);
MROUND(5, D, E, F, G, H, A, B, C);
FIXCTR(c, 6);
MROUND(6, C, D, E, F, G, H, A, B);
FIXCTR(c, 7);
MROUND(7, B, C, D, E, F, G, H, A);
FIXCTR(c, 8);
MROUND(8, A, B, C, D, E, F, G, H);
FIXCTR(c, 9);
MROUND(9, H, A, B, C, D, E, F, G);
FIXCTR(c, 10);
MROUND(10, G, H, A, B, C, D, E, F);
FIXCTR(c, 11);
MROUND(11, F, G, H, A, B, C, D, E);
FIXCTR(c, 12);
MROUND(12, E, F, G, H, A, B, C, D);
FIXCTR(c, 13);
MROUND(13, D, E, F, G, H, A, B, C);
FIXCTR(c, 14);
MROUND(14, C, D, E, F, G, H, A, B);
FIXCTR(c, 15);
MROUND(15, B, C, D, E, F, G, H, A);
FIXCTR(c, 16);
MROUND(16, A, B, C, D, E, F, G, H);
FIXCTR(c, 0);
}
#endif /*NLS_LONG_OUTPUT */
buf += 4 * N;
nbytes -= 4 * N;
/* fix alignment of MAC buffer */
t = c->M[NMAC - 1];
for (i = NMAC - 1; i > 0; --i)
c->M[i] = c->M[i - 1];
c->M[0] = t;
/* fix alignment of CRC buffer */
t = c->CRC[0];
for (i = 1; i < NMAC; ++i)
c->CRC[i - 1] = c->CRC[i];
c->CRC[NMAC - 1] = t;
}
/* do small or odd size buffers the slow way */
while (4 <= nbytes) {
cycle(c);
macfunc(c, BYTE2WORD(buf));
buf += 4;
nbytes -= 4;
}
/* handle any trailing bytes */
if (nbytes != 0) {
cycle(c);
c->sbuf = nltap(c);
c->mbuf = 0;
c->nbuf = 32;
while (nbytes != 0) {
c->mbuf ^= (*buf++) << (32 - c->nbuf);
c->nbuf -= 8;
--nbytes;
}
}
return CRYPT_OK;
}
/* Combined MAC and encryption.
* Note that plaintext is accumulated for MAC.
*/
#define EROUND(z,A,B,C,D,E,F,G,H) \
STEP(c,z); \
t3 = BYTE2WORD(buf+(z*4)); \
CRCFUNC(c,t3,((z)&0x7),(((z)+5)&0x7)); \
SHAFUNC(c,t3,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \
t = NLFUNC(c,(z+1)); \
t ^= t3; \
WORD2BYTE(t,buf+(z*4));
int nls_encrypt(nls_state * c,
const unsigned char *pt, unsigned long nbytes,
unsigned char *ct)
{
ulong32 t = 0, t3 = 0;
int i;
LTC_ARGCHK(c != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
#define buf ct
/* do copy as required */
if (pt != ct) {
XMEMCPY(ct, pt, nbytes);
}
/* handle any previously buffered bytes */
if (c->nbuf != 0) {
while (c->nbuf != 0 && nbytes != 0) {
c->mbuf ^= *buf << (32 - c->nbuf);
*buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
++buf;
c->nbuf -= 8;
--nbytes;
}
if (c->nbuf != 0) /* not a whole word yet */
return CRYPT_OK;
/* LFSR already cycled */
macfunc(c, c->mbuf);
}
/* do lots at a time, if there's enough to do */
while (4 * N <= nbytes) {
#if NLS_LONG_OUTPUT
if (c->CtrModF16 < (F16 - 17)) {
#endif /*NLS_LONG_OUTPUT */
EROUND(0, A, B, C, D, E, F, G, H);
EROUND(1, H, A, B, C, D, E, F, G);
EROUND(2, G, H, A, B, C, D, E, F);
EROUND(3, F, G, H, A, B, C, D, E);
EROUND(4, E, F, G, H, A, B, C, D);
EROUND(5, D, E, F, G, H, A, B, C);
EROUND(6, C, D, E, F, G, H, A, B);
EROUND(7, B, C, D, E, F, G, H, A);
EROUND(8, A, B, C, D, E, F, G, H);
EROUND(9, H, A, B, C, D, E, F, G);
EROUND(10, G, H, A, B, C, D, E, F);
EROUND(11, F, G, H, A, B, C, D, E);
EROUND(12, E, F, G, H, A, B, C, D);
EROUND(13, D, E, F, G, H, A, B, C);
EROUND(14, C, D, E, F, G, H, A, B);
EROUND(15, B, C, D, E, F, G, H, A);
EROUND(16, A, B, C, D, E, F, G, H);
#if NLS_LONG_OUTPUT
c->CtrModF16 += 17;
} else {
EROUND(0, A, B, C, D, E, F, G, H);
FIXCTR(c, 1);
EROUND(1, H, A, B, C, D, E, F, G);
FIXCTR(c, 2);
EROUND(2, G, H, A, B, C, D, E, F);
FIXCTR(c, 3);
EROUND(3, F, G, H, A, B, C, D, E);
FIXCTR(c, 4);
EROUND(4, E, F, G, H, A, B, C, D);
FIXCTR(c, 5);
EROUND(5, D, E, F, G, H, A, B, C);
FIXCTR(c, 6);
EROUND(6, C, D, E, F, G, H, A, B);
FIXCTR(c, 7);
EROUND(7, B, C, D, E, F, G, H, A);
FIXCTR(c, 8);
EROUND(8, A, B, C, D, E, F, G, H);
FIXCTR(c, 9);
EROUND(9, H, A, B, C, D, E, F, G);
FIXCTR(c, 10);
EROUND(10, G, H, A, B, C, D, E, F);
FIXCTR(c, 11);
EROUND(11, F, G, H, A, B, C, D, E);
FIXCTR(c, 12);
EROUND(12, E, F, G, H, A, B, C, D);
FIXCTR(c, 13);
EROUND(13, D, E, F, G, H, A, B, C);
FIXCTR(c, 14);
EROUND(14, C, D, E, F, G, H, A, B);
FIXCTR(c, 15);
EROUND(15, B, C, D, E, F, G, H, A);
FIXCTR(c, 16);
EROUND(16, A, B, C, D, E, F, G, H);
FIXCTR(c, 0);
}
#endif /*NLS_LONG_OUTPUT */
buf += 4 * N;
nbytes -= 4 * N;
/* fix alignment of MAC buffer */
t = c->M[7];
for (i = NMAC - 1; i > 0; --i)
c->M[i] = c->M[i - 1];
c->M[0] = t;
/* fix alignment of CRC buffer */
t = c->CRC[0];
for (i = 1; i < NMAC; ++i)
c->CRC[i - 1] = c->CRC[i];
c->CRC[NMAC - 1] = t;
}
/* do small or odd size buffers the slow way */
while (4 <= nbytes) {
cycle(c);
t = BYTE2WORD(buf);
macfunc(c, t);
t ^= nltap(c);
WORD2BYTE(t, buf);
nbytes -= 4;
buf += 4;
}
/* handle any trailing bytes */
if (nbytes != 0) {
cycle(c);
c->sbuf = nltap(c);
c->mbuf = 0;
c->nbuf = 32;
while (c->nbuf != 0 && nbytes != 0) {
c->mbuf ^= *buf << (32 - c->nbuf);
*buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
++buf;
c->nbuf -= 8;
--nbytes;
}
}
#undef buf
return CRYPT_OK;
}
/* Combined MAC and decryption.
* Note that plaintext is accumulated for MAC.
*/
#undef DROUND
#define DROUND(z,A,B,C,D,E,F,G,H) \
STEP(c,z); \
t = NLFUNC(c,(z+1)); \
t3 = BYTE2WORD(buf+(z*4)); \
t ^= t3; \
CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \
SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \
WORD2BYTE(t, buf+(z*4));
int nls_decrypt(nls_state * c,
const unsigned char *ct, unsigned long nbytes,
unsigned char *pt)
{
ulong32 t = 0, t3 = 0;
int i;
LTC_ARGCHK(c != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
#define buf pt
if (pt != ct) {
XMEMCPY(pt, ct, nbytes);
}
/* handle any previously buffered bytes */
if (c->nbuf != 0) {
while (c->nbuf != 0 && nbytes != 0) {
*buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
c->mbuf ^= *buf << (32 - c->nbuf);
++buf;
c->nbuf -= 8;
--nbytes;
}
if (c->nbuf != 0) /* not a whole word yet */
return CRYPT_OK;
/* LFSR already cycled */
macfunc(c, c->mbuf);
}
/* now do lots at a time, if there's enough */
while (4 * N <= nbytes) {
#if NLS_LONG_OUTPUT
if (c->CtrModF16 < (F16 - 17)) {
#endif /*NLS_LONG_OUTPUT */
DROUND(0, A, B, C, D, E, F, G, H);
DROUND(1, H, A, B, C, D, E, F, G);
DROUND(2, G, H, A, B, C, D, E, F);
DROUND(3, F, G, H, A, B, C, D, E);
DROUND(4, E, F, G, H, A, B, C, D);
DROUND(5, D, E, F, G, H, A, B, C);
DROUND(6, C, D, E, F, G, H, A, B);
DROUND(7, B, C, D, E, F, G, H, A);
DROUND(8, A, B, C, D, E, F, G, H);
DROUND(9, H, A, B, C, D, E, F, G);
DROUND(10, G, H, A, B, C, D, E, F);
DROUND(11, F, G, H, A, B, C, D, E);
DROUND(12, E, F, G, H, A, B, C, D);
DROUND(13, D, E, F, G, H, A, B, C);
DROUND(14, C, D, E, F, G, H, A, B);
DROUND(15, B, C, D, E, F, G, H, A);
DROUND(16, A, B, C, D, E, F, G, H);
#if NLS_LONG_OUTPUT
c->CtrModF16 += 17;
} else {
DROUND(0, A, B, C, D, E, F, G, H);
FIXCTR(c, 1);
DROUND(1, H, A, B, C, D, E, F, G);
FIXCTR(c, 2);
DROUND(2, G, H, A, B, C, D, E, F);
FIXCTR(c, 3);
DROUND(3, F, G, H, A, B, C, D, E);
FIXCTR(c, 4);
DROUND(4, E, F, G, H, A, B, C, D);
FIXCTR(c, 5);
DROUND(5, D, E, F, G, H, A, B, C);
FIXCTR(c, 6);
DROUND(6, C, D, E, F, G, H, A, B);
FIXCTR(c, 7);
DROUND(7, B, C, D, E, F, G, H, A);
FIXCTR(c, 8);
DROUND(8, A, B, C, D, E, F, G, H);
FIXCTR(c, 9);
DROUND(9, H, A, B, C, D, E, F, G);
FIXCTR(c, 10);
DROUND(10, G, H, A, B, C, D, E, F);
FIXCTR(c, 11);
DROUND(11, F, G, H, A, B, C, D, E);
FIXCTR(c, 12);
DROUND(12, E, F, G, H, A, B, C, D);
FIXCTR(c, 13);
DROUND(13, D, E, F, G, H, A, B, C);
FIXCTR(c, 14);
DROUND(14, C, D, E, F, G, H, A, B);
FIXCTR(c, 15);
DROUND(15, B, C, D, E, F, G, H, A);
FIXCTR(c, 16);
DROUND(16, A, B, C, D, E, F, G, H);
FIXCTR(c, 0);
}
#endif /*NLS_LONG_OUTPUT */
buf += 4 * N;
nbytes -= 4 * N;
/* fix alignment of MAC buffer */
t = c->M[7];
for (i = NMAC - 1; i > 0; --i)
c->M[i] = c->M[i - 1];
c->M[0] = t;
/* fix alignment of CRC buffer */
t = c->CRC[0];
for (i = 1; i < NMAC; ++i)
c->CRC[i - 1] = c->CRC[i];
c->CRC[NMAC - 1] = t;
}
/* do small or odd size buffers the slow way */
while (4 <= nbytes) {
cycle(c);
t = nltap(c);
t3 = BYTE2WORD(buf);
t ^= t3;
macfunc(c, t);
WORD2BYTE(t, buf);
nbytes -= 4;
buf += 4;
}
/* handle any trailing bytes */
if (nbytes != 0) {
cycle(c);
c->sbuf = nltap(c);
c->mbuf = 0;
c->nbuf = 32;
while (c->nbuf != 0 && nbytes != 0) {
*buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
c->mbuf ^= *buf << (32 - c->nbuf);
++buf;
c->nbuf -= 8;
--nbytes;
}
}
return CRYPT_OK;
#undef buf
}
/* Having accumulated a MAC, finish processing and return it.
* Note that any unprocessed bytes are treated as if
* they were encrypted zero bytes, so plaintext (zero) is accumulated.
*/
int nls_finish(nls_state * c, unsigned char *buf, unsigned long nbytes)
{
ulong32 i;
LTC_ARGCHK(c != NULL);
LTC_ARGCHK(buf != NULL);
/* handle any previously buffered bytes */
if (c->nbuf != 0) {
/* LFSR already cycled */
macfunc(c, c->mbuf);
}
/* perturb the MAC to mark end of input.
* Note that only the SHA part is updated, not the CRC. This is an
* action that can't be duplicated by passing in plaintext, hence
* defeating any kind of extension attack.
*/
cycle(c);
shafunc(c, INITKONST + (c->nbuf << 24));
c->nbuf = 0;
/* now add the CRC to the MAC like input material */
for (i = 0; i < NMAC; ++i) {
cycle(c);
crcfunc(c, 0);
shafunc(c, c->CRC[7]);
}
/* continue that process, producing output from the MAC buffer */
while (nbytes > 0) {
cycle(c);
crcfunc(c, 0);
shafunc(c, c->CRC[7]);
if (nbytes >= 4) {
WORD2BYTE(A, buf);
nbytes -= 4;
buf += 4;
} else {
for (i = 0; i < nbytes; ++i)
buf[i] = Byte(A, i);
break;
}
}
return CRYPT_OK;
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

View File

@ -0,0 +1,68 @@
/* Id: nlsmultab.h 333 2005-04-13 05:35:54Z mwp */
/* Multiplication table for Mundja using 0xD02B4367 */
static const ulong32 Multab[256] = {
0x00000000, 0xD02B4367, 0xED5686CE, 0x3D7DC5A9,
0x97AC41D1, 0x478702B6, 0x7AFAC71F, 0xAAD18478,
0x631582EF, 0xB33EC188, 0x8E430421, 0x5E684746,
0xF4B9C33E, 0x24928059, 0x19EF45F0, 0xC9C40697,
0xC62A4993, 0x16010AF4, 0x2B7CCF5D, 0xFB578C3A,
0x51860842, 0x81AD4B25, 0xBCD08E8C, 0x6CFBCDEB,
0xA53FCB7C, 0x7514881B, 0x48694DB2, 0x98420ED5,
0x32938AAD, 0xE2B8C9CA, 0xDFC50C63, 0x0FEE4F04,
0xC154926B, 0x117FD10C, 0x2C0214A5, 0xFC2957C2,
0x56F8D3BA, 0x86D390DD, 0xBBAE5574, 0x6B851613,
0xA2411084, 0x726A53E3, 0x4F17964A, 0x9F3CD52D,
0x35ED5155, 0xE5C61232, 0xD8BBD79B, 0x089094FC,
0x077EDBF8, 0xD755989F, 0xEA285D36, 0x3A031E51,
0x90D29A29, 0x40F9D94E, 0x7D841CE7, 0xADAF5F80,
0x646B5917, 0xB4401A70, 0x893DDFD9, 0x59169CBE,
0xF3C718C6, 0x23EC5BA1, 0x1E919E08, 0xCEBADD6F,
0xCFA869D6, 0x1F832AB1, 0x22FEEF18, 0xF2D5AC7F,
0x58042807, 0x882F6B60, 0xB552AEC9, 0x6579EDAE,
0xACBDEB39, 0x7C96A85E, 0x41EB6DF7, 0x91C02E90,
0x3B11AAE8, 0xEB3AE98F, 0xD6472C26, 0x066C6F41,
0x09822045, 0xD9A96322, 0xE4D4A68B, 0x34FFE5EC,
0x9E2E6194, 0x4E0522F3, 0x7378E75A, 0xA353A43D,
0x6A97A2AA, 0xBABCE1CD, 0x87C12464, 0x57EA6703,
0xFD3BE37B, 0x2D10A01C, 0x106D65B5, 0xC04626D2,
0x0EFCFBBD, 0xDED7B8DA, 0xE3AA7D73, 0x33813E14,
0x9950BA6C, 0x497BF90B, 0x74063CA2, 0xA42D7FC5,
0x6DE97952, 0xBDC23A35, 0x80BFFF9C, 0x5094BCFB,
0xFA453883, 0x2A6E7BE4, 0x1713BE4D, 0xC738FD2A,
0xC8D6B22E, 0x18FDF149, 0x258034E0, 0xF5AB7787,
0x5F7AF3FF, 0x8F51B098, 0xB22C7531, 0x62073656,
0xABC330C1, 0x7BE873A6, 0x4695B60F, 0x96BEF568,
0x3C6F7110, 0xEC443277, 0xD139F7DE, 0x0112B4B9,
0xD31DD2E1, 0x03369186, 0x3E4B542F, 0xEE601748,
0x44B19330, 0x949AD057, 0xA9E715FE, 0x79CC5699,
0xB008500E, 0x60231369, 0x5D5ED6C0, 0x8D7595A7,
0x27A411DF, 0xF78F52B8, 0xCAF29711, 0x1AD9D476,
0x15379B72, 0xC51CD815, 0xF8611DBC, 0x284A5EDB,
0x829BDAA3, 0x52B099C4, 0x6FCD5C6D, 0xBFE61F0A,
0x7622199D, 0xA6095AFA, 0x9B749F53, 0x4B5FDC34,
0xE18E584C, 0x31A51B2B, 0x0CD8DE82, 0xDCF39DE5,
0x1249408A, 0xC26203ED, 0xFF1FC644, 0x2F348523,
0x85E5015B, 0x55CE423C, 0x68B38795, 0xB898C4F2,
0x715CC265, 0xA1778102, 0x9C0A44AB, 0x4C2107CC,
0xE6F083B4, 0x36DBC0D3, 0x0BA6057A, 0xDB8D461D,
0xD4630919, 0x04484A7E, 0x39358FD7, 0xE91ECCB0,
0x43CF48C8, 0x93E40BAF, 0xAE99CE06, 0x7EB28D61,
0xB7768BF6, 0x675DC891, 0x5A200D38, 0x8A0B4E5F,
0x20DACA27, 0xF0F18940, 0xCD8C4CE9, 0x1DA70F8E,
0x1CB5BB37, 0xCC9EF850, 0xF1E33DF9, 0x21C87E9E,
0x8B19FAE6, 0x5B32B981, 0x664F7C28, 0xB6643F4F,
0x7FA039D8, 0xAF8B7ABF, 0x92F6BF16, 0x42DDFC71,
0xE80C7809, 0x38273B6E, 0x055AFEC7, 0xD571BDA0,
0xDA9FF2A4, 0x0AB4B1C3, 0x37C9746A, 0xE7E2370D,
0x4D33B375, 0x9D18F012, 0xA06535BB, 0x704E76DC,
0xB98A704B, 0x69A1332C, 0x54DCF685, 0x84F7B5E2,
0x2E26319A, 0xFE0D72FD, 0xC370B754, 0x135BF433,
0xDDE1295C, 0x0DCA6A3B, 0x30B7AF92, 0xE09CECF5,
0x4A4D688D, 0x9A662BEA, 0xA71BEE43, 0x7730AD24,
0xBEF4ABB3, 0x6EDFE8D4, 0x53A22D7D, 0x83896E1A,
0x2958EA62, 0xF973A905, 0xC40E6CAC, 0x14252FCB,
0x1BCB60CF, 0xCBE023A8, 0xF69DE601, 0x26B6A566,
0x8C67211E, 0x5C4C6279, 0x6131A7D0, 0xB11AE4B7,
0x78DEE220, 0xA8F5A147, 0x958864EE, 0x45A32789,
0xEF72A3F1, 0x3F59E096, 0x0224253F, 0xD20F6658,
};

View File

@ -0,0 +1,84 @@
/* Id: nlssbox.h 333 2005-04-13 05:35:54Z mwp */
/* Sbox for NLS */
/*
* This is really the combination of two SBoxes; the least significant
* 24 bits comes from:
* 8->32 Sbox generated by Millan et. al. at Queensland University of
* Technology. See: E. Dawson, W. Millan, L. Burnett, G. Carter,
* "On the Design of 8*32 S-boxes". Unpublished report, by the
* Information Systems Research Centre,
* Queensland University of Technology, 1999.
*
* The most significant 8 bits are the Skipjack "F table", which can be
* found at http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf .
* In this optimised table, though, the intent is to XOR the word from
* the table selected by the high byte with the input word. Thus, the
* high byte is actually the Skipjack F-table entry XORED with its
* table index.
*/
static const ulong32 Sbox[256] = {
0xa3aa1887, 0xd65e435c, 0x0b65c042, 0x800e6ef4,
0xfc57ee20, 0x4d84fed3, 0xf066c502, 0xf354e8ae,
0xbb2ee9d9, 0x281f38d4, 0x1f829b5d, 0x735cdf3c,
0x95864249, 0xbc2e3963, 0xa1f4429f, 0xf6432c35,
0xf7f40325, 0x3cc0dd70, 0x5f973ded, 0x9902dc5e,
0xda175b42, 0x590012bf, 0xdc94d78c, 0x39aab26b,
0x4ac11b9a, 0x8c168146, 0xc3ea8ec5, 0x058ac28f,
0x52ed5c0f, 0x25b4101c, 0x5a2db082, 0x370929e1,
0x2a1843de, 0xfe8299fc, 0x202fbc4b, 0x833915dd,
0x33a803fa, 0xd446b2de, 0x46233342, 0x4fcee7c3,
0x3ad607ef, 0x9e97ebab, 0x507f859b, 0xe81f2e2f,
0xc55b71da, 0xd7e2269a, 0x1339c3d1, 0x7ca56b36,
0xa6c9def2, 0xb5c9fc5f, 0x5927b3a3, 0x89a56ddf,
0xc625b510, 0x560f85a7, 0xace82e71, 0x2ecb8816,
0x44951e2a, 0x97f5f6af, 0xdfcbc2b3, 0xce4ff55d,
0xcb6b6214, 0x2b0b83e3, 0x549ea6f5, 0x9de041af,
0x792f1f17, 0xf73b99ee, 0x39a65ec0, 0x4c7016c6,
0x857709a4, 0xd6326e01, 0xc7b280d9, 0x5cfb1418,
0xa6aff227, 0xfd548203, 0x506b9d96, 0xa117a8c0,
0x9cd5bf6e, 0xdcee7888, 0x61fcfe64, 0xf7a193cd,
0x050d0184, 0xe8ae4930, 0x88014f36, 0xd6a87088,
0x6bad6c2a, 0x1422c678, 0xe9204de7, 0xb7c2e759,
0x0200248e, 0x013b446b, 0xda0d9fc2, 0x0414a895,
0x3a6cc3a1, 0x56fef170, 0x86c19155, 0xcf7b8a66,
0x551b5e69, 0xb4a8623e, 0xa2bdfa35, 0xc4f068cc,
0x573a6acd, 0x6355e936, 0x03602db9, 0x0edf13c1,
0x2d0bb16d, 0x6980b83c, 0xfeb23763, 0x3dd8a911,
0x01b6bc13, 0xf55579d7, 0xf55c2fa8, 0x19f4196e,
0xe7db5476, 0x8d64a866, 0xc06e16ad, 0xb17fc515,
0xc46feb3c, 0x8bc8a306, 0xad6799d9, 0x571a9133,
0x992466dd, 0x92eb5dcd, 0xac118f50, 0x9fafb226,
0xa1b9cef3, 0x3ab36189, 0x347a19b1, 0x62c73084,
0xc27ded5c, 0x6c8bc58f, 0x1cdde421, 0xed1e47fb,
0xcdcc715e, 0xb9c0ff99, 0x4b122f0f, 0xc4d25184,
0xaf7a5e6c, 0x5bbf18bc, 0x8dd7c6e0, 0x5fb7e420,
0x521f523f, 0x4ad9b8a2, 0xe9da1a6b, 0x97888c02,
0x19d1e354, 0x5aba7d79, 0xa2cc7753, 0x8c2d9655,
0x19829da1, 0x531590a7, 0x19c1c149, 0x3d537f1c,
0x50779b69, 0xed71f2b7, 0x463c58fa, 0x52dc4418,
0xc18c8c76, 0xc120d9f0, 0xafa80d4d, 0x3b74c473,
0xd09410e9, 0x290e4211, 0xc3c8082b, 0x8f6b334a,
0x3bf68ed2, 0xa843cc1b, 0x8d3c0ff3, 0x20e564a0,
0xf8f55a4f, 0x2b40f8e7, 0xfea7f15f, 0xcf00fe21,
0x8a6d37d6, 0xd0d506f1, 0xade00973, 0xefbbde36,
0x84670fa8, 0xfa31ab9e, 0xaedab618, 0xc01f52f5,
0x6558eb4f, 0x71b9e343, 0x4b8d77dd, 0x8cb93da6,
0x740fd52d, 0x425412f8, 0xc5a63360, 0x10e53ad0,
0x5a700f1c, 0x8324ed0b, 0xe53dc1ec, 0x1a366795,
0x6d549d15, 0xc5ce46d7, 0xe17abe76, 0x5f48e0a0,
0xd0f07c02, 0x941249b7, 0xe49ed6ba, 0x37a47f78,
0xe1cfffbd, 0xb007ca84, 0xbb65f4da, 0xb59f35da,
0x33d2aa44, 0x417452ac, 0xc0d674a7, 0x2d61a46a,
0xdc63152a, 0x3e12b7aa, 0x6e615927, 0xa14fb118,
0xa151758d, 0xba81687b, 0xe152f0b3, 0x764254ed,
0x34c77271, 0x0a31acab, 0x54f94aec, 0xb9e994cd,
0x574d9e81, 0x5b623730, 0xce8a21e8, 0x37917f0b,
0xe8a9b5d6, 0x9697adf8, 0xf3d30431, 0x5dcac921,
0x76b35d46, 0xaa430a36, 0xc2194022, 0x22bca65e,
0xdaec70ba, 0xdfaea8cc, 0x777bae8b, 0x242924d5,
0x1f098a5a, 0x4b396b81, 0x55de2522, 0x435c1cb8,
0xaeb8fe1d, 0x9db3c697, 0x5b164f83, 0xe0c16376,
0xa319224c, 0xd0203b35, 0x433ac0fe, 0x1466a19a,
0x45f0b24f, 0x51fda998, 0xc0d52d71, 0xfa0896a8,
0xf9e6053f, 0xa4b0d300, 0xd499cbcc, 0xb95e3d40,
};

View File

@ -16,8 +16,8 @@ extern "C" {
#endif
/* version */
#define CRYPT 0x0108
#define SCRYPT "1.08"
#define CRYPT 0x0109
#define SCRYPT "1.09"
/* max size of either a cipher/hash block or symmetric key [largest of the two] */
#define MAXBLOCKSIZE 128

View File

@ -167,6 +167,7 @@ typedef union Symmetric_key {
void *data;
} symmetric_key;
#ifdef ECB
/** A block cipher ECB structure */
typedef struct {
/** The index of the cipher chosen */
@ -176,7 +177,9 @@ typedef struct {
/** The scheduled key */
symmetric_key key;
} symmetric_ECB;
#endif
#ifdef CFB
/** A block cipher CFB structure */
typedef struct {
/** The index of the cipher chosen */
@ -192,7 +195,9 @@ typedef struct {
/** The scheduled key */
symmetric_key key;
} symmetric_CFB;
#endif
#ifdef OFB
/** A block cipher OFB structure */
typedef struct {
/** The index of the cipher chosen */
@ -206,7 +211,9 @@ typedef struct {
/** The scheduled key */
symmetric_key key;
} symmetric_OFB;
#endif
#ifdef CBC
/** A block cipher CBC structure */
typedef struct {
/** The index of the cipher chosen */
@ -218,7 +225,10 @@ typedef struct {
/** The scheduled key */
symmetric_key key;
} symmetric_CBC;
#endif
#ifdef CTR
/** A block cipher CTR structure */
typedef struct {
/** The index of the cipher chosen */
@ -236,6 +246,35 @@ typedef struct {
/** The scheduled key */
symmetric_key key;
} symmetric_CTR;
#endif
#ifdef LRW_MODE
/** A LRW structure */
typedef struct {
/** The index of the cipher chosen (must be a 128-bit block cipher) */
int cipher;
/** The current IV */
unsigned char IV[16],
/** the tweak key */
tweak[16],
/** The current pad, it's the product of the first 15 bytes against the tweak key */
pad[16];
/** The scheduled symmetric key */
symmetric_key key;
#ifdef LRW_TABLES
/** The pre-computed multiplication table */
unsigned char PC[16][256][16];
#endif
} symmetric_LRW;
#endif
/** cipher descriptor table, last entry has "name == NULL" to mark the end of table */
extern struct ltc_cipher_descriptor {
@ -339,6 +378,28 @@ extern struct ltc_cipher_descriptor {
*/
int (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey);
/** Accelerated LRW
@param pt Plaintext
@param ct Ciphertext
@param blocks The number of complete blocks to process
@param IV The initial value (input/output)
@param tweak The LRW tweak
@param skey The scheduled key context
@return CRYPT_OK if successful
*/
int (*accel_lrw_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey);
/** Accelerated LRW
@param ct Ciphertext
@param pt Plaintext
@param blocks The number of complete blocks to process
@param IV The initial value (input/output)
@param tweak The LRW tweak
@param skey The scheduled key context
@return CRYPT_OK if successful
*/
int (*accel_lrw_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey);
/** Accelerated CCM packet (one-shot)
@param key The secret key to use
@param keylen The length of the secret key (octets)
@ -624,7 +685,29 @@ int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr);
int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr);
int ctr_done(symmetric_CTR *ctr);
#endif
#ifdef LRW_MODE
#define LRW_ENCRYPT 0
#define LRW_DECRYPT 1
int lrw_start( int cipher,
const unsigned char *IV,
const unsigned char *key, int keylen,
const unsigned char *tweak,
int num_rounds,
symmetric_LRW *lrw);
int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw);
int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw);
int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw);
int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw);
int lrw_done(symmetric_LRW *lrw);
/* don't call */
int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw);
#endif
int find_cipher(const char *name);
int find_cipher_any(const char *name, int blocklen, int keylen);
int find_cipher_id(unsigned char ID);

View File

@ -36,6 +36,45 @@
#define XQSORT qsort
#endif
/* Easy button? */
#ifdef LTC_EASY
#define LTC_NO_CIPHERS
#define RIJNDAEL
#define BLOWFISH
#define DES
#define CAST5
#define LTC_NO_MODES
#define ECB
#define CBC
#define CTR
#define LTC_NO_HASHES
#define SHA1
#define SHA512
#define SHA384
#define SHA256
#define SHA224
#define WHIRLPOOL
#define LTC_NO_MACS
#define HMAC
#define OMAC
#define CCM_MODE
#define LTC_NO_PRNGS
#define SPRNG
#define YARROW
#define DEVRANDOM
#define TRY_URANDOM_FIRST
#define LTC_NO_PK
#define MRSA
#define MECC
#endif
/* Use small code where possible */
/* #define LTC_SMALL_CODE */
@ -101,6 +140,15 @@
#define CBC
#define CTR
/* LRW mode */
#define LRW_MODE
#ifndef LTC_NO_TABLES
/* like GCM mode this will enable 16 8x128 tables [64KB] that make
* seeking very fast.
*/
#define LRW_TABLES
#endif
#endif /* LTC_NO_MODES */
/* ---> One-Way Hash Functions <--- */
@ -143,8 +191,9 @@
#define OCB_MODE
#define CCM_MODE
#define GCM_MODE
/* disabled waiting on test vectors */
/* #define NLS_MODE */
/* Use 64KiB tables */
#ifndef LTC_NO_TABLES

View File

@ -212,6 +212,10 @@ int ccm_test(void);
#endif /* CCM_MODE */
#if defined(LRW_MODE) || defined(GCM_MODE)
void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
#endif
#ifdef GCM_MODE
#define GCM_ENCRYPT 0
@ -243,7 +247,6 @@ typedef struct {
} gcm_state;
void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
void gcm_mult_h(gcm_state *gcm, unsigned char *I);
int gcm_init(gcm_state *gcm, int cipher,
@ -297,6 +300,48 @@ int pelican_memory(const unsigned char *key, unsigned long keylen,
#endif
#ifdef NLS_MODE
#define NLS_ENCRYPT 0
#define NLS_DECRYPT 1
typedef struct {
ulong32 R[17]; /* Working storage for the shift register */
ulong32 M[8]; /* Working storage for MAC accumulation */
ulong32 CRC[8]; /* Working storage for CRC accumulation */
ulong32 initR[17]; /* saved register contents */
ulong32 konst; /* key dependent constant */
ulong32 sbuf; /* partial ulong32 encryption buffer */
ulong32 mbuf; /* partial ulong32 MAC buffer */
int nbuf; /* number of part-ulong32 stream bits buffered */
ulong32 CtrModF16; /* Multiprecision counter, modulo F16 */
ulong32 CtrMod232; /* Multiprecision counter, LSW */
} nls_state;
/* interface definitions */
int nls_key(nls_state *c, const unsigned char *key, unsigned long keylen); /* set key */
int nls_nonce(nls_state *c, const unsigned char *nonce, unsigned long noncelen); /* set IV */
int nls_maconly(nls_state *c, const unsigned char *buf, unsigned long nbytes); /* accumulate MAC */
int nls_encrypt(nls_state * c,
const unsigned char *pt, unsigned long nbytes,
unsigned char *ct); /* enc+MAC */
int nls_decrypt(nls_state * c,
const unsigned char *ct, unsigned long nbytes,
unsigned char *pt); /* dec+MAC */
int nls_finish(nls_state *c, unsigned char *buf, unsigned long nbytes); /* finalize MAC */
int nls_memory(const unsigned char *key, unsigned long keylen,
const unsigned char *IV, unsigned long IVlen,
const unsigned char *adata, unsigned long adatalen,
unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long taglen,
int direction);
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

View File

@ -168,6 +168,13 @@ const char *crypt_build_settings =
#if defined(CTR)
" CTR\n"
#endif
#if defined(LRW_MODE)
" LRW_MODE"
#if defined(LRW_TABLES)
" (LRW_TABLES) "
#endif
"\n"
#endif
"\nMACs:\n"
#if defined(HMAC)
@ -314,6 +321,9 @@ const char *crypt_build_settings =
#if defined(TFM_DESC)
" TFM_DESC "
#endif
#if defined(LTC_EASY)
" (easy) "
#endif
"\n"
"\n\n\n"

View File

@ -0,0 +1,51 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file lrw_decrypt.c
LRW_MODE implementation, Decrypt blocks, Tom St Denis
*/
#ifdef LRW_MODE
/**
LRW decrypt blocks
@param ct The ciphertext
@param pt [out] The plaintext
@param len The length in octets, must be a multiple of 16
@param lrw The LRW state
*/
int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw)
{
int err;
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(lrw != NULL);
if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
return err;
}
if (cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) {
return cipher_descriptor[lrw->cipher].accel_lrw_decrypt(ct, pt, len, lrw->IV, lrw->tweak, &lrw->key);
}
return lrw_process(ct, pt, len, LRW_DECRYPT, lrw);
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

42
src/modes/lrw/lrw_done.c Normal file
View File

@ -0,0 +1,42 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file lrw_done.c
LRW_MODE implementation, Free resources, Tom St Denis
*/
#ifdef LRW_MODE
/**
Terminate a LRW state
@param lrw The state to terminate
@return CRYPT_OK if successful
*/
int lrw_done(symmetric_LRW *lrw)
{
int err;
LTC_ARGCHK(lrw != NULL);
if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
return err;
}
cipher_descriptor[lrw->cipher].done(&lrw->key);
return CRYPT_OK;
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

View File

@ -0,0 +1,50 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file lrw_encrypt.c
LRW_MODE implementation, Encrypt blocks, Tom St Denis
*/
#ifdef LRW_MODE
/**
LRW encrypt blocks
@param pt The plaintext
@param ct [out] The ciphertext
@param len The length in octets, must be a multiple of 16
@param lrw The LRW state
*/
int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw)
{
int err;
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(lrw != NULL);
if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
return err;
}
if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL) {
return cipher_descriptor[lrw->cipher].accel_lrw_encrypt(pt, ct, len, lrw->IV, lrw->tweak, &lrw->key);
}
return lrw_process(pt, ct, len, LRW_ENCRYPT, lrw);
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

44
src/modes/lrw/lrw_getiv.c Normal file
View File

@ -0,0 +1,44 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file lrw_getiv.c
LRW_MODE implementation, Retrieve the current IV, Tom St Denis
*/
#ifdef LRW_MODE
/**
Get the IV for LRW
@param IV [out] The IV, must be 16 octets
@param len Length ... must be at least 16 :-)
@param lrw The LRW state to read
@return CRYPT_OK if successful
*/
int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw)
{
LTC_ARGCHK(IV != NULL);
LTC_ARGCHK(len != NULL);
LTC_ARGCHK(lrw != NULL);
if (*len < 16) {
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(IV, lrw->IV, 16);
*len = 16;
return CRYPT_OK;
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

116
src/modes/lrw/lrw_process.c Normal file
View File

@ -0,0 +1,116 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file lrw_process.c
LRW_MODE implementation, Encrypt/decrypt blocks, Tom St Denis
*/
#ifdef LRW_MODE
/**
Process blocks with LRW, since decrypt/encrypt are largely the same they share this code.
@param pt The "input" data
@param ct [out] The "output" data
@param len The length of the input, must be a multiple of 128-bits (16 octets)
@param mode LRW_ENCRYPT or LRW_DECRYPT
@param lrw The LRW state
@return CRYPT_OK if successful
*/
int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw)
{
unsigned char prod[16];
int x;
#ifdef LRW_TABLES
int y;
#endif
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(lrw != NULL);
if (len & 15) {
return CRYPT_INVALID_ARG;
}
while (len) {
/* copy pad */
XMEMCPY(prod, lrw->pad, 16);
/* increment IV */
for (x = 15; x >= 0; x--) {
lrw->IV[x] = (lrw->IV[x] + 1) & 255;
if (lrw->IV[x]) {
break;
}
}
/* update pad */
#ifdef LRW_2TABLES
/* for each byte changed we undo it's affect on the pad then add the new product */
for (; x < 16; x++) {
#ifdef LTC_FAST
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE *)(lrw->pad + y)) ^= *((LTC_FAST_TYPE *)(&lrw->PC[x][lrw->IV[x]][y])) ^ *((LTC_FAST_TYPE *)(&lrw->PC[x][(lrw->IV[x]-1)&255][y]));
}
#else
for (y = 0; y < 16; y++) {
lrw->pad[y] ^= lrw->PC[x][lrw->IV[x]][y] ^ lrw->PC[x][(lrw->IV[x]-1)&255][y];
}
#endif
}
#else
gcm_gf_mult(lrw->tweak, lrw->IV, lrw->pad);
#endif
/* xor prod */
#ifdef LTC_FAST
for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE *)(ct + x)) = *((LTC_FAST_TYPE *)(pt + x)) ^ *((LTC_FAST_TYPE *)(prod + x));
}
#else
for (x = 0; x < 16; x++) {
ct[x] = pt[x] ^ prod[x];
}
#endif
/* send through cipher */
if (mode == LRW_ENCRYPT) {
cipher_descriptor[lrw->cipher].ecb_encrypt(ct, ct, &lrw->key);
} else {
cipher_descriptor[lrw->cipher].ecb_decrypt(ct, ct, &lrw->key);
}
/* xor prod */
#ifdef LTC_FAST
for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE *)(ct + x)) = *((LTC_FAST_TYPE *)(ct + x)) ^ *((LTC_FAST_TYPE *)(prod + x));
}
#else
for (x = 0; x < 16; x++) {
ct[x] = ct[x] ^ prod[x];
}
#endif
/* move to next */
pt += 16;
ct += 16;
len -= 16;
}
return CRYPT_OK;
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

79
src/modes/lrw/lrw_setiv.c Normal file
View File

@ -0,0 +1,79 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file lrw_setiv.c
LRW_MODE implementation, Set the current IV, Tom St Denis
*/
#ifdef LRW_MODE
/**
Set the IV for LRW
@param IV The IV, must be 16 octets
@param len Length ... must be 16 :-)
@param lrw The LRW state to update
@return CRYPT_OK if successful
*/
int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw)
{
int err;
#ifdef LRW_TABLES
unsigned char T[16];
int x, y;
#endif
LTC_ARGCHK(IV != NULL);
LTC_ARGCHK(lrw != NULL);
if (len != 16) {
return CRYPT_INVALID_ARG;
}
if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
return err;
}
/* copy the IV */
XMEMCPY(lrw->IV, IV, 16);
/* check if we have to actually do work */
if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL && cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) {
/* we have accelerators, let's bail since they don't use lrw->pad anyways */
return CRYPT_OK;
}
#ifdef LRW_TABLES
XMEMCPY(T, &lrw->PC[0][IV[0]][0], 16);
for (x = 1; x < 16; x++) {
#ifdef LTC_FAST
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&lrw->PC[x][IV[x]][y]));
}
#else
for (y = 0; y < 16; y++) {
T[y] ^= lrw->PC[x][IV[x]][y];
}
#endif
}
XMEMCPY(lrw->pad, T, 16);
#else
gcm_gf_mult(lrw->tweak, IV, lrw->pad);
#endif
return CRYPT_OK;
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

143
src/modes/lrw/lrw_start.c Normal file
View File

@ -0,0 +1,143 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file lrw_start.c
LRW_MODE implementation, start mode, Tom St Denis
*/
#ifdef LRW_MODE
#ifdef LRW_TABLES
/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the
* lower 16 bits are not zero'ed I removed the upper 14 bytes */
static const unsigned char gcm_shift_table[256*2] = {
0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
#endif
/**
Initialize the LRW context
@param cipher The cipher desired, must be a 128-bit block cipher
@param IV The index value, must be 128-bits
@param key The cipher key
@param keylen The length of the cipher key in octets
@param tweak The tweak value (second key), must be 128-bits
@param num_rounds The number of rounds for the cipher (0 == default)
@param lrw [out] The LRW state
@return CRYPT_OK on success.
*/
int lrw_start( int cipher,
const unsigned char *IV,
const unsigned char *key, int keylen,
const unsigned char *tweak,
int num_rounds,
symmetric_LRW *lrw)
{
int err;
#ifdef LRW_TABLES
unsigned char B[16];
int x, y, z, t;
#endif
LTC_ARGCHK(IV != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(tweak != NULL);
LTC_ARGCHK(lrw != NULL);
#ifdef LTC_FAST
if (16 % sizeof(LTC_FAST_TYPE)) {
return CRYPT_INVALID_ARG;
}
#endif
/* is cipher valid? */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
if (cipher_descriptor[cipher].block_length != 16) {
return CRYPT_INVALID_CIPHER;
}
/* schedule key */
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &lrw->key)) != CRYPT_OK) {
return err;
}
lrw->cipher = cipher;
/* copy the IV and tweak */
XMEMCPY(lrw->tweak, tweak, 16);
#ifdef LRW_TABLES
/* setup tables */
/* generate the first table as it has no shifting (from which we make the other tables) */
zeromem(B, 16);
for (y = 0; y < 256; y++) {
B[0] = y;
gcm_gf_mult(tweak, B, &lrw->PC[0][y][0]);
}
/* now generate the rest of the tables based the previous table */
for (x = 1; x < 16; x++) {
for (y = 0; y < 256; y++) {
/* now shift it right by 8 bits */
t = lrw->PC[x-1][y][15];
for (z = 15; z > 0; z--) {
lrw->PC[x][y][z] = lrw->PC[x-1][y][z-1];
}
lrw->PC[x][y][0] = gcm_shift_table[t<<1];
lrw->PC[x][y][1] ^= gcm_shift_table[(t<<1)+1];
}
}
#endif
/* generate first pad */
return lrw_setiv(IV, 16, lrw);
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

157
src/modes/lrw/lrw_test.c Normal file
View File

@ -0,0 +1,157 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file lrw_test.c
LRW_MODE implementation, test LRW, Tom St Denis
*/
#ifdef LRW_MODE
/**
Test LRW against specs
@return CRYPT_OK if goodly
*/
int lrw_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct {
unsigned char key[16], tweak[16], IV[16], P[16], expected_tweak[16], C[16];
} tests[] = {
{
{ 0x45, 0x62, 0xac, 0x25, 0xf8, 0x28, 0x17, 0x6d, 0x4c, 0x26, 0x84, 0x14, 0xb5, 0x68, 0x01, 0x85 },
{ 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03, 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 },
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
{ 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03, 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 },
{ 0xf1, 0xb2, 0x73, 0xcd, 0x65, 0xa3, 0xdf, 0x5f, 0xe9, 0x5d, 0x48, 0x92, 0x54, 0x63, 0x4e, 0xb8 }
},
{
{ 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c, 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44 },
{ 0x35, 0x23, 0xc2, 0xde, 0xc5, 0x69, 0x4f, 0xa8, 0x72, 0xa9, 0xac, 0xa7, 0x0b, 0x2b, 0xee, 0xbc },
{ 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
{ 0x1a, 0x91, 0xe1, 0x6f, 0x62, 0xb4, 0xa7, 0xd4, 0x39, 0x54, 0xd6, 0x53, 0x85, 0x95, 0xf7, 0x5e },
{ 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5, 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 },
},
{
{ 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c, 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44 },
{ 0x67, 0x53, 0xc9, 0x0c, 0xb7, 0xd8, 0xcd, 0xe5, 0x06, 0xa0, 0x47, 0x78, 0x1a, 0xad, 0x85, 0x11 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 },
{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
{ 0x1a, 0x91, 0xe1, 0x6f, 0x62, 0xb4, 0xa7, 0xd4, 0x39, 0x54, 0xd6, 0x53, 0x85, 0x95, 0xf7, 0x5e },
{ 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5, 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 },
},
{
{ 0xd8, 0x2a, 0x91, 0x34, 0xb2, 0x6a, 0x56, 0x50, 0x30, 0xfe, 0x69, 0xe2, 0x37, 0x7f, 0x98, 0x47 },
{ 0x4e, 0xb5, 0x5d, 0x31, 0x05, 0x97, 0x3a, 0x3f, 0x5e, 0x23, 0xda, 0xfb, 0x5a, 0x45, 0xd6, 0xc0 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
{ 0x18, 0xc9, 0x1f, 0x6d, 0x60, 0x1a, 0x1a, 0x37, 0x5d, 0x0b, 0x0e, 0xf7, 0x3a, 0xd5, 0x74, 0xc4 },
{ 0x76, 0x32, 0x21, 0x83, 0xed, 0x8f, 0xf1, 0x82, 0xf9, 0x59, 0x62, 0x03, 0x69, 0x0e, 0x5e, 0x01 },
}
};
int idx, err, x;
symmetric_LRW lrw;
unsigned char buf[2][16];
idx = find_cipher("aes");
if (idx == -1) {
idx = find_cipher("rijndael");
if (idx == -1) {
return CRYPT_NOP;
}
}
#define PRINT
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
/* schedule it */
if ((err = lrw_start(idx, tests[x].IV, tests[x].key, 16, tests[x].tweak, 0, &lrw)) != CRYPT_OK) {
#ifdef PRINT
printf("\n\nERR at %d\n", __LINE__);
#endif
return err;
}
/* check pad against expected tweak */
if (XMEMCMP(tests[x].expected_tweak, lrw.pad, 16)) {
lrw_done(&lrw);
#ifdef PRINT
printf("\n\nERR at %d\n", __LINE__);
#endif
return CRYPT_FAIL_TESTVECTOR;
}
/* process block */
if ((err = lrw_encrypt(tests[x].P, buf[0], 16, &lrw)) != CRYPT_OK) {
lrw_done(&lrw);
#ifdef PRINT
printf("\n\nERR at %d\n", __LINE__);
#endif
return err;
}
if (XMEMCMP(buf[0], tests[x].C, 16)) {
lrw_done(&lrw);
#ifdef PRINT
printf("\n\nERR at %d\n", __LINE__);
#endif
return CRYPT_FAIL_TESTVECTOR;
}
/* process block */
if ((err = lrw_setiv(tests[x].IV, 16, &lrw)) != CRYPT_OK) {
lrw_done(&lrw);
#ifdef PRINT
printf("\n\nERR at %d\n", __LINE__);
#endif
return err;
}
if ((err = lrw_decrypt(buf[0], buf[1], 16, &lrw)) != CRYPT_OK) {
lrw_done(&lrw);
#ifdef PRINT
printf("\n\nERR at %d\n", __LINE__);
#endif
return err;
}
if (XMEMCMP(buf[1], tests[x].P, 16)) {
lrw_done(&lrw);
#ifdef PRINT
printf("\n\nERR at %d\n", __LINE__);
#endif
return CRYPT_FAIL_TESTVECTOR;
}
lrw_done(&lrw);
}
return CRYPT_OK;
#endif
}
#endif
/* $Source$ */
/* $Revision$ */
/* $Date$ */

View File

@ -19,6 +19,13 @@
#ifdef LTC_DER
/**
Decode a SEQUENCE type using a VA list
@param in Input buffer
@param inlen Length of input in octets
@remark <...> is of the form <type, size, data> (int, unsigned long, void*)
@return CRYPT_OK on success
*/
int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
{
int err, type;

View File

@ -19,6 +19,13 @@
#ifdef LTC_DER
/**
Encode a SEQUENCE type using a VA list
@param out [out] Destination for data
@param outlen [in/out] Length of buffer and resulting length of output
@remark <...> is of the form <type, size, data> (int, unsigned long, void*)
@return CRYPT_OK on success
*/
int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
{
int err, type;

View File

@ -54,6 +54,14 @@ static int qsort_helper(const void *a, const void *b)
}
}
/*
Encode a SET type
@param list The list of items to encode
@param inlen The number of items in the list
@param out [out] The destination
@param outlen [in/out] The size of the output
@return CRYPT_OK on success
*/
int der_encode_set(ltc_asn1_list *list, unsigned long inlen,
unsigned char *out, unsigned long *outlen)
{

View File

@ -50,6 +50,14 @@ static int qsort_helper(const void *a, const void *b)
return r;
}
/**
Encode a SETOF stucture
@param list The list of items to encode
@param inlen The number of items in the list
@param out [out] The destination
@param outlen [in/out] The size of the output
@return CRYPT_OK on success
*/
int der_encode_setof(ltc_asn1_list *list, unsigned long inlen,
unsigned char *out, unsigned long *outlen)
{

View File

@ -19,7 +19,7 @@
#ifdef LTC_DER
/**
Read a mp_int integer
Read a short integer
@param in The DER encoded data
@param inlen Size of data
@param num [out] The integer to decode

View File

@ -18,9 +18,8 @@
#ifdef LTC_DER
/* Exports a positive integer as DER format (upto 32-bits in size) */
/**
Store a mp_int integer
Store a short integer in the range (0,2^32-1)
@param num The integer to encode
@param out [out] The destination for the DER encoded integers
@param outlen [in/out] The max size and resulting size of the DER encoded integers

View File

@ -39,6 +39,13 @@ static int char_to_int(unsigned char x)
if (y >= max) return CRYPT_INVALID_PACKET; \
x += 2;
/**
Decodes a UTC time structure in DER format (reads all 6 valid encoding formats)
@param in Input buffer
@param inlen Length of input buffer in octets
@param out [out] Destination of UTC time structure
@return CRYPT_OK if successful
*/
int der_decode_utctime(const unsigned char *in, unsigned long *inlen,
ltc_utctime *out)
{

View File

@ -14,7 +14,6 @@ echo "uname="`uname -a`
echo "gcc="`gcc -dumpversion`
echo
# stock build
bash run.sh "STOCK" " " "$1" "$2" "$3" || exit 1
@ -42,6 +41,9 @@ bash run.sh "CLEANSTACK+NOTABLES+SMALL" "-DLTC_NO_TABLES -DLTC_CLEAN_STACK -DLTC
# NO_FAST
bash run.sh "NO_FAST" "-DLTC_NO_FAST" "$1" "$2" "$3" || exit 1
# NO_FAST + NOTABLES
bash run.sh "NO_FAST+NOTABLES" "-DLTC_NO_FAST -DLTC_NO_TABLES" "$1" "$2" "$3" || exit 1
# NO_ASM
bash run.sh "NO_ASM" "-DLTC_NO_ASM" "$1" "$2" "$3" || exit 1
@ -52,5 +54,5 @@ bash testbuild.sh "NOTEST" "-DLTC_NO_TEST" "$1" "$2" "$3" || exit 1
bash testbuild.sh "NOFILE" "-DLTC_NO_FILE" "$1" "$2" "$3" || exit 1
# $Source: /cvs/libtom/libtomcrypt/testme.sh,v $
# $Revision: 1.19 $
# $Date: 2005/07/28 01:32:41 $
# $Revision: 1.20 $
# $Date: 2006/01/26 14:49:43 $

View File

@ -5,10 +5,18 @@ int modes_test(void)
{
unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16];
int cipher_idx;
#ifdef CBC
symmetric_CBC cbc;
#endif
#ifdef CFB
symmetric_CFB cfb;
#endif
#ifdef OFB
symmetric_OFB ofb;
#endif
#ifdef CTR
symmetric_CTR ctr;
#endif
unsigned long l;
/* make a random pt, key and iv */
@ -23,6 +31,10 @@ int modes_test(void)
return 1;
}
#ifdef LRW_MODE
DO(lrw_test());
#endif
#ifdef CBC
/* test CBC mode */
/* encode the block */

View File

@ -233,7 +233,11 @@ register_prng(&rc4_desc);
register_prng(&sober128_desc);
#endif
rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL);
if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT_OK) {
fprintf(stderr, "rng_make_prng failed: %s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
}
int time_keysched(void)
@ -886,7 +890,12 @@ void time_macs_(unsigned long MAC_SIZE)
}
cipher_idx = find_cipher("aes");
hash_idx = find_hash("md5");
hash_idx = find_hash("sha1");
if (cipher_idx == -1 || hash_idx == -1) {
fprintf(stderr, "Warning the MAC tests requires AES and SHA1 to operate... so sorry\n");
return;
}
yarrow_read(buf, MAC_SIZE*1024, &yarrow_prng);
yarrow_read(key, 16, &yarrow_prng);
@ -904,7 +913,7 @@ void time_macs_(unsigned long MAC_SIZE)
t1 = t_read() - t1;
if (t1 < t2) t2 = t1;
}
fprintf(stderr, "OMAC-AES\t\t%9llu\n", t2/(ulong64)(MAC_SIZE*1024));
fprintf(stderr, "OMAC-%s\t\t%9llu\n", cipher_descriptor[cipher_idx].name, t2/(ulong64)(MAC_SIZE*1024));
#endif
#ifdef PMAC
@ -952,7 +961,7 @@ void time_macs_(unsigned long MAC_SIZE)
t1 = t_read() - t1;
if (t1 < t2) t2 = t1;
}
fprintf(stderr, "HMAC-MD5\t\t%9llu\n", t2/(ulong64)(MAC_SIZE*1024));
fprintf(stderr, "HMAC-%s\t\t%9llu\n", hash_descriptor[hash_idx].name, t2/(ulong64)(MAC_SIZE*1024));
#endif
XFREE(buf);

18
updatemakes.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
bash genlist.sh > tmplist
perl filter.pl makefile tmplist
mv -f tmp.delme makefile
perl filter.pl makefile.icc tmplist
mv -f tmp.delme makefile.icc
perl filter.pl makefile.shared tmplist
mv -f tmp.delme makefile.shared
perl filter.pl makefile.msvc tmplist
sed -e 's/\.o /.obj /g' < tmp.delme > makefile.msvc
rm -f tmplist
rm -f tmp.delme