diff --git a/Doxyfile b/Doxyfile index 389e5cc..1a6f7fb 100644 --- a/Doxyfile +++ b/Doxyfile @@ -23,7 +23,7 @@ PROJECT_NAME = LibTomCrypt # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.08 +PROJECT_NUMBER = 1.09 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/TODO b/TODO index 8b13789..e69de29 100644 --- a/TODO +++ b/TODO @@ -1 +0,0 @@ - diff --git a/changes b/changes index 239d569..c06f245 100644 --- a/changes +++ b/changes @@ -1,3 +1,14 @@ +January 26th, 2006 +v1.09 -- Added missing doxygen comments to some of the ASN.1 routines + -- Added "easy button" define LTC_EASY and LTC will build with a subset of all the algos. Reduces build times for typical + configurations. Tunable [see tomcrypt_custom.h] + -- Added some error detection to reg_algs() of the testprof.a library to detect when the PRNG is not setup correctly (took me 10 mins to figure out, PITA!) + -- Similar fixes to timing demo (MD5 not defined when EASY is defined) + -- Added the NLS enc+mac stream cipher from QUALCOMM, disabled for this release, waiting on test vectors + -- Finally added an auto-update script for the makefiles. So when I add new files/dirs it can automatically fix up the makefiles [all four of them...] + -- Added LRW to the list of cipher modes supported + -- cleaned up ciphers definitions to remove cbc/cfb/ofb/ctr/etc from the namespace when not used. + November 24th, 2005 v1.08 -- Added SET and SET OF support to the ASN.1 side -- Fixed up X macros, added QSORT to the mix [thanks SET/SETOF] @@ -1394,6 +1405,6 @@ v0.02 -- Changed RC5 to only allow 12 to 24 rounds v0.01 -- We will call this the first version. /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */ -/* $Revision: 1.161 $ */ -/* $Date: 2005/11/24 03:30:18 $ */ +/* $Revision: 1.168 $ */ +/* $Date: 2006/01/26 18:15:51 $ */ diff --git a/crypt.tex b/crypt.tex index 676f945..7c65080 100644 --- a/crypt.tex +++ b/crypt.tex @@ -47,7 +47,7 @@ \def\gap{\vspace{0.5ex}} \makeindex \begin{document} -\title{LibTomCrypt \\ Version 1.08} +\title{LibTomCrypt \\ Version 1.09} \author{Tom St Denis \\ \\ tomstdenis@gmail.com \\ @@ -520,6 +520,18 @@ struct _cipher_descriptor { unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey); + int (*accel_lrw_encrypt)(const unsigned char *pt, + unsigned char *ct, + unsigned long blocks, + unsigned char *IV, + const unsigned char *tweak, + symmetric_key *skey); + int (*accel_lrw_decrypt)(const unsigned char *ct, + unsigned char *pt, + unsigned long blocks, + unsigned char *IV, + const unsigned char *tweak, + symmetric_key *skey); int (*accel_ccm_memory)( const unsigned char *key, unsigned long keylen, symmetric_key *uskey, @@ -938,6 +950,61 @@ int main(void) \end{verbatim} \end{small} +\subsection{LRW Mode} + +LRW mode is a cipher mode which is meant for indexed encryption like used to handle storage media. It is meant to have efficient seeking and overcome the +security problems of ECB mode while not increasing the storage requirements. It is used much like any other chaining mode except with two key differences. + +The key is specified as two strings the first key $K_1$ is the (normally AES) key and can be any length (typically 16, 24 or 32 octets long). The second key +$K_2$ is the ``tweak'' key and is always 16 octets long. The tweak value is \textbf{NOT} a nonce or IV value it must be random and secret. + +To initialize LRW mode use: + +\index{lrw\_start()} +\begin{verbatim} +int lrw_start( int cipher, + const unsigned char *IV, + const unsigned char *key, int keylen, + const unsigned char *tweak, + int num_rounds, + symmetric_LRW *lrw); +\end{verbatim} + +This will initialize the LRW context with the given (16 octet) ``IV'', cipher $K_1$ ``key'' of length ``keylen'' octets and the (16 octet) $K_2$ ``tweak''. +While LRW was specified to be used only with AES, LibTomCrypt will allow any 128--bit block cipher to be specified as indexed by ``cipher''. The +number of rounds for the block cipher ``num\_rounds'' can be 0 to use the default number of rounds for the given cipher. + +To process data use the following functions: + +\index{lrw\_encrypt()} \index{lrw\_decrypt()} +\begin{verbatim} +int lrw_encrypt(const unsigned char *pt, unsigned char *ct, + unsigned long len, symmetric_LRW *lrw); +int lrw_decrypt(const unsigned char *ct, unsigned char *pt, + unsigned long len, symmetric_LRW *lrw); +\end{verbatim} + +These will encrypt (or decrypt) the plaintext to the ciphertext buffer (or vice versa). The length is specified by ``len'' in octets but must be a multiple +of 16. + +To manipulate the IV use the following functions: + +\index{lrw\_getiv()} \index{lrw\_setiv()} +\begin{verbatim} +int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw); +int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw); +\end{verbatim} + +These will get or set the 16--octet IV. Note that setting the IV is the same as ``seeking'' and unlike other modes is not a free operation. It requires +updating the entire tweak which is slower than sequential use. Avoid seeking excessively in performance constrained code. + +To terminate the LRW state use the following: + +\index{lrw\_done()} +\begin{verbatim} +int lrw_done(symmetric_LRW *lrw); +\end{verbatim} + \section{Encrypt and Authenticate Modes} \subsection{EAX Mode} @@ -4306,6 +4373,32 @@ struct ltc_cipher_descriptor { unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey); + /** Accelerated LRW + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param IV The initial value (input/output) + @param tweak The LRW tweak + @param skey The scheduled key context + @return CRYPT_OK if successful + */ + int (*accel_lrw_encrypt)(const unsigned char *pt, unsigned char *ct, + unsigned long blocks, unsigned char *IV, + const unsigned char *tweak, symmetric_key *skey); + + /** Accelerated LRW + @param ct Ciphertext + @param pt Plaintext + @param blocks The number of complete blocks to process + @param IV The initial value (input/output) + @param tweak The LRW tweak + @param skey The scheduled key context + @return CRYPT_OK if successful + */ + int (*accel_lrw_decrypt)(const unsigned char *ct, unsigned char *pt, + unsigned long blocks, unsigned char *IV, + const unsigned char *tweak, symmetric_key *skey); + /** Accelerated CCM packet (one-shot) @param key The secret key to use @param keylen The length of the secret key (octets) @@ -4432,6 +4525,18 @@ buffer provided) before encrypting it to create the pad. The accelerator will only be used to encrypt whole blocks. Partial blocks are always handled in software. +\subsubsection{Accelerated LRW} +These functions are meant for accelerated LRW. They process blocks of input in lengths of multiples of 16 octets. They must accept the ``IV'' and ``tweak'' +state variables and updated them prior to returning. Note that you may want to disable \textbf{LRW\_TABLES} in ``tomcrypt\_custom.h'' if you intend +to use accelerators for LRW. + +While both encrypt and decrypt accelerators are not required it is suggested as it makes lrw\_setiv() more efficient. + +Note that calling lrw\_done() will only invoke the cipher\_descriptor[].done() function on the ``symmetric\_key'' parameter of the LRW state. That means +if your device requires any (LRW specific) resources you should free them in your ciphers() done function. The simplest way to think of it is to write +the plugin solely to do LRW with the cipher. That way cipher\_descriptor[].setup() means to init LRW resources and cipher\_descriptor[].done() means to +free them. + \subsubsection{Accelerated CCM} This function is meant for accelerated CCM encryption or decryption. It processes the entire packet in one call. You can optimize the work flow somewhat by allowing the caller to call the setup() function first to schedule the key if your accelerator cannot do the key schedule on the fly (for instance). This @@ -5076,5 +5181,5 @@ Since the function is given the entire RSA key (for private keys only) CRT is po \end{document} % $Source: /cvs/libtom/libtomcrypt/crypt.tex,v $ -% $Revision: 1.59 $ -% $Date: 2005/11/24 01:53:18 $ +% $Revision: 1.62 $ +% $Date: 2006/01/26 18:29:02 $ diff --git a/doc/crypt.pdf b/doc/crypt.pdf index 9891ab9..f8bb716 100644 Binary files a/doc/crypt.pdf and b/doc/crypt.pdf differ diff --git a/filter.pl b/filter.pl new file mode 100644 index 0000000..11ba62f --- /dev/null +++ b/filter.pl @@ -0,0 +1,30 @@ +#!/usr/bin/perl + +# we want to filter every between START_INS and END_INS out and then insert crap from another file (this is fun) + +$dst = shift; +$ins = shift; + +open(SRC,"<$dst"); +open(INS,"<$ins"); +open(TMP,">tmp.delme"); + +$l = 0; +while () { + if ($_ =~ /START_INS/) { + print TMP $_; + $l = 1; + while () { + print TMP $_; + } + close INS; + } elsif ($_ =~ /END_INS/) { + print TMP $_; + $l = 0; + } elsif ($l == 0) { + print TMP $_; + } +} + +close TMP; +close SRC; diff --git a/makefile b/makefile index 4d36fa3..f5248de 100644 --- a/makefile +++ b/makefile @@ -4,7 +4,7 @@ # Modified by Clay Culver # The version -VERSION=1.08 +VERSION=1.09 # Compiler and Linker Names #CC=gcc @@ -111,8 +111,9 @@ src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/en src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \ src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ -src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o \ -src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \ +src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ +src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ +src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \ src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \ src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ @@ -150,14 +151,16 @@ src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \ src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \ src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \ src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \ -src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \ -src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \ -src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \ -src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \ -src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \ -src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \ -src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \ -src/pk/asn1/der/integer/der_length_integer.o \ +src/modes/ecb/ecb_start.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \ +src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \ +src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \ +src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \ +src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \ +src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \ +src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/choice/der_decode_choice.o \ +src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \ +src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \ +src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \ src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \ src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \ src/pk/asn1/der/object_identifier/der_length_object_identifier.o \ @@ -200,6 +203,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \ src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \ src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h + #END_INS TESTOBJECTS=demos/test.o @@ -361,5 +365,5 @@ zipup: no_oops docs # $Source: /cvs/libtom/libtomcrypt/makefile,v $ -# $Revision: 1.108 $ -# $Date: 2005/11/23 02:34:57 $ +# $Revision: 1.114 $ +# $Date: 2006/01/26 06:12:31 $ diff --git a/makefile.icc b/makefile.icc index 7a72e88..9a4462f 100644 --- a/makefile.icc +++ b/makefile.icc @@ -98,8 +98,9 @@ src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/en src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \ src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ -src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o \ -src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \ +src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ +src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ +src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \ src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \ src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ @@ -137,14 +138,16 @@ src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \ src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \ src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \ src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \ -src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \ -src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \ -src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \ -src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \ -src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \ -src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \ -src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \ -src/pk/asn1/der/integer/der_length_integer.o \ +src/modes/ecb/ecb_start.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \ +src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \ +src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \ +src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \ +src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \ +src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \ +src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/choice/der_decode_choice.o \ +src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \ +src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \ +src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \ src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \ src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \ src/pk/asn1/der/object_identifier/der_length_object_identifier.o \ @@ -187,6 +190,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \ src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \ src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h + #END_INS #Who do we install as? @@ -266,6 +270,6 @@ install: library install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH) # $Source: /cvs/libtom/libtomcrypt/makefile.icc,v $ -# $Revision: 1.45 $ -# $Date: 2005/11/23 02:34:57 $ +# $Revision: 1.49 $ +# $Date: 2006/01/26 06:12:31 $ diff --git a/makefile.msvc b/makefile.msvc index f0148b0..c73c43f 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -13,8 +13,9 @@ src/encauth/eax/eax_decrypt.obj src/encauth/eax/eax_decrypt_verify_memory.obj sr src/encauth/eax/eax_encrypt.obj src/encauth/eax/eax_encrypt_authenticate_memory.obj \ src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj \ src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \ -src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_process.obj \ -src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj src/encauth/ocb/ocb_decrypt.obj \ +src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \ +src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \ +src/encauth/nls/nls_memory.obj src/encauth/nls/nlsfast.obj src/encauth/ocb/ocb_decrypt.obj \ src/encauth/ocb/ocb_decrypt_verify_memory.obj src/encauth/ocb/ocb_done_decrypt.obj \ src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \ src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \ @@ -52,14 +53,16 @@ src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start. src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj \ src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj \ src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \ -src/modes/ecb/ecb_start.obj src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj \ -src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj \ -src/modes/ofb/ofb_start.obj src/pk/asn1/der/bit/der_decode_bit_string.obj \ -src/pk/asn1/der/bit/der_encode_bit_string.obj src/pk/asn1/der/bit/der_length_bit_string.obj \ -src/pk/asn1/der/choice/der_decode_choice.obj src/pk/asn1/der/ia5/der_decode_ia5_string.obj \ -src/pk/asn1/der/ia5/der_encode_ia5_string.obj src/pk/asn1/der/ia5/der_length_ia5_string.obj \ -src/pk/asn1/der/integer/der_decode_integer.obj src/pk/asn1/der/integer/der_encode_integer.obj \ -src/pk/asn1/der/integer/der_length_integer.obj \ +src/modes/ecb/ecb_start.obj src/modes/lrw/lrw_decrypt.obj src/modes/lrw/lrw_done.obj \ +src/modes/lrw/lrw_encrypt.obj src/modes/lrw/lrw_getiv.obj src/modes/lrw/lrw_process.obj \ +src/modes/lrw/lrw_setiv.obj src/modes/lrw/lrw_start.obj src/modes/lrw/lrw_test.obj \ +src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj src/modes/ofb/ofb_encrypt.obj \ +src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj src/modes/ofb/ofb_start.obj \ +src/pk/asn1/der/bit/der_decode_bit_string.obj src/pk/asn1/der/bit/der_encode_bit_string.obj \ +src/pk/asn1/der/bit/der_length_bit_string.obj src/pk/asn1/der/choice/der_decode_choice.obj \ +src/pk/asn1/der/ia5/der_decode_ia5_string.obj src/pk/asn1/der/ia5/der_encode_ia5_string.obj \ +src/pk/asn1/der/ia5/der_length_ia5_string.obj src/pk/asn1/der/integer/der_decode_integer.obj \ +src/pk/asn1/der/integer/der_encode_integer.obj src/pk/asn1/der/integer/der_length_integer.obj \ src/pk/asn1/der/object_identifier/der_decode_object_identifier.obj \ src/pk/asn1/der/object_identifier/der_encode_object_identifier.obj \ src/pk/asn1/der/object_identifier/der_length_object_identifier.obj \ @@ -102,6 +105,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \ src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \ src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h + #END_INS default: library @@ -129,5 +133,5 @@ timing: demos/timing.c library cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib $(EXTRALIBS) # $Source: /cvs/libtom/libtomcrypt/makefile.msvc,v $ -# $Revision: 1.25 $ -# $Date: 2005/11/23 02:34:57 $ +# $Revision: 1.29 $ +# $Date: 2006/01/26 06:12:31 $ diff --git a/makefile.shared b/makefile.shared index 56de817..ce404b0 100644 --- a/makefile.shared +++ b/makefile.shared @@ -6,7 +6,7 @@ # Tom St Denis # The version -VERSION=0:108 +VERSION=0:109 # Compiler and Linker Names CC=libtool --mode=compile gcc @@ -105,8 +105,9 @@ src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/en src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \ src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ -src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o \ -src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \ +src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ +src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ +src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \ src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \ src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ @@ -144,14 +145,16 @@ src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \ src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \ src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \ src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \ -src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \ -src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \ -src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \ -src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \ -src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \ -src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \ -src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \ -src/pk/asn1/der/integer/der_length_integer.o \ +src/modes/ecb/ecb_start.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \ +src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \ +src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \ +src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \ +src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \ +src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \ +src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/choice/der_decode_choice.o \ +src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \ +src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \ +src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \ src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \ src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \ src/pk/asn1/der/object_identifier/der_length_object_identifier.o \ @@ -194,6 +197,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \ src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \ src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h + #END_INS TESTOBJECTS=demos/test.o @@ -255,5 +259,5 @@ timing: library testprof/$(LIBTEST) $(TIMINGS) gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS) # $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $ -# $Revision: 1.38 $ -# $Date: 2005/11/23 02:34:57 $ +# $Revision: 1.43 $ +# $Date: 2006/01/26 06:12:31 $ diff --git a/src/ciphers/aes/aes.c b/src/ciphers/aes/aes.c index dd97956..d8084c1 100644 --- a/src/ciphers/aes/aes.c +++ b/src/ciphers/aes/aes.c @@ -49,7 +49,7 @@ const struct ltc_cipher_descriptor rijndael_desc = 6, 16, 32, 16, 10, SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; const struct ltc_cipher_descriptor aes_desc = @@ -58,7 +58,7 @@ const struct ltc_cipher_descriptor aes_desc = 6, 16, 32, 16, 10, SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #else @@ -74,7 +74,7 @@ const struct ltc_cipher_descriptor rijndael_enc_desc = 6, 16, 32, 16, 10, SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; const struct ltc_cipher_descriptor aes_enc_desc = @@ -83,7 +83,7 @@ const struct ltc_cipher_descriptor aes_enc_desc = 6, 16, 32, 16, 10, SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #endif diff --git a/src/ciphers/anubis.c b/src/ciphers/anubis.c index 182edb5..75440e6 100644 --- a/src/ciphers/anubis.c +++ b/src/ciphers/anubis.c @@ -29,7 +29,7 @@ const struct ltc_cipher_descriptor anubis_desc = { &anubis_test, &anubis_done, &anubis_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #define MIN_N 4 diff --git a/src/ciphers/blowfish.c b/src/ciphers/blowfish.c index 74b9d9c..5df2364 100644 --- a/src/ciphers/blowfish.c +++ b/src/ciphers/blowfish.c @@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor blowfish_desc = &blowfish_test, &blowfish_done, &blowfish_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 ORIG_P[16 + 2] = { diff --git a/src/ciphers/cast5.c b/src/ciphers/cast5.c index 1d30794..c7a8128 100644 --- a/src/ciphers/cast5.c +++ b/src/ciphers/cast5.c @@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor cast5_desc = { &cast5_test, &cast5_done, &cast5_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 S1[256] = { diff --git a/src/ciphers/des.c b/src/ciphers/des.c index e40a837..91f128f 100644 --- a/src/ciphers/des.c +++ b/src/ciphers/des.c @@ -31,7 +31,7 @@ const struct ltc_cipher_descriptor des_desc = &des_test, &des_done, &des_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; const struct ltc_cipher_descriptor des3_desc = @@ -45,7 +45,7 @@ const struct ltc_cipher_descriptor des3_desc = &des3_test, &des3_done, &des3_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 bytebit[8] = diff --git a/src/ciphers/khazad.c b/src/ciphers/khazad.c index 3a84272..5c3ebcb 100644 --- a/src/ciphers/khazad.c +++ b/src/ciphers/khazad.c @@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor khazad_desc = { &khazad_test, &khazad_done, &khazad_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; #define R 8 diff --git a/src/ciphers/noekeon.c b/src/ciphers/noekeon.c index 70c1fec..b5a3b2e 100644 --- a/src/ciphers/noekeon.c +++ b/src/ciphers/noekeon.c @@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor noekeon_desc = &noekeon_test, &noekeon_done, &noekeon_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 RC[] = { diff --git a/src/ciphers/rc2.c b/src/ciphers/rc2.c index 8d5608f..2eb1922 100644 --- a/src/ciphers/rc2.c +++ b/src/ciphers/rc2.c @@ -36,7 +36,7 @@ const struct ltc_cipher_descriptor rc2_desc = { &rc2_test, &rc2_done, &rc2_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; /* 256-entry permutation table, probably derived somehow from pi */ diff --git a/src/ciphers/rc5.c b/src/ciphers/rc5.c index 9c1afe3..1fce2f6 100644 --- a/src/ciphers/rc5.c +++ b/src/ciphers/rc5.c @@ -29,7 +29,7 @@ const struct ltc_cipher_descriptor rc5_desc = &rc5_test, &rc5_done, &rc5_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 stab[50] = { diff --git a/src/ciphers/rc6.c b/src/ciphers/rc6.c index 99274f0..9599417 100644 --- a/src/ciphers/rc6.c +++ b/src/ciphers/rc6.c @@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor rc6_desc = &rc6_test, &rc6_done, &rc6_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const ulong32 stab[44] = { diff --git a/src/ciphers/safer/safer.c b/src/ciphers/safer/safer.c index 5241110..f736efc 100644 --- a/src/ciphers/safer/safer.c +++ b/src/ciphers/safer/safer.c @@ -42,7 +42,7 @@ const struct ltc_cipher_descriptor &safer_k64_test, &safer_done, &safer_64_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, safer_sk64_desc = { @@ -54,7 +54,7 @@ const struct ltc_cipher_descriptor &safer_sk64_test, &safer_done, &safer_64_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, safer_k128_desc = { @@ -66,7 +66,7 @@ const struct ltc_cipher_descriptor &safer_sk128_test, &safer_done, &safer_128_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }, safer_sk128_desc = { @@ -78,7 +78,7 @@ const struct ltc_cipher_descriptor &safer_sk128_test, &safer_done, &safer_128_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; /******************* Constants ************************************************/ diff --git a/src/ciphers/safer/saferp.c b/src/ciphers/safer/saferp.c index 2c6cb2c..7055147 100644 --- a/src/ciphers/safer/saferp.c +++ b/src/ciphers/safer/saferp.c @@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor saferp_desc = &saferp_test, &saferp_done, &saferp_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; /* ROUND(b,i) diff --git a/src/ciphers/skipjack.c b/src/ciphers/skipjack.c index 0695017..84435d9 100644 --- a/src/ciphers/skipjack.c +++ b/src/ciphers/skipjack.c @@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor skipjack_desc = &skipjack_test, &skipjack_done, &skipjack_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; static const unsigned char sbox[256] = { diff --git a/src/ciphers/twofish/twofish.c b/src/ciphers/twofish/twofish.c index 160b33f..b5f4f70 100644 --- a/src/ciphers/twofish/twofish.c +++ b/src/ciphers/twofish/twofish.c @@ -35,7 +35,7 @@ const struct ltc_cipher_descriptor twofish_desc = &twofish_test, &twofish_done, &twofish_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; /* the two polynomials */ diff --git a/src/ciphers/xtea.c b/src/ciphers/xtea.c index aeb6317..d6471bc 100644 --- a/src/ciphers/xtea.c +++ b/src/ciphers/xtea.c @@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor xtea_desc = &xtea_test, &xtea_done, &xtea_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) diff --git a/src/encauth/gcm/gcm_gf_mult.c b/src/encauth/gcm/gcm_gf_mult.c index f48e664..e4ffe4e 100644 --- a/src/encauth/gcm/gcm_gf_mult.c +++ b/src/encauth/gcm/gcm_gf_mult.c @@ -11,11 +11,11 @@ /** @file gcm_gf_mult.c - GCM implementation, initialize state, by Tom St Denis + GCM implementation, do the GF mult, by Tom St Denis */ #include "tomcrypt.h" -#ifdef GCM_MODE +#if defined(GCM_MODE) || defined(LRW_MODE) /* right shift */ static void gcm_rightshift(unsigned char *a) @@ -57,36 +57,6 @@ void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char * } XMEMCPY(c, Z, 16); } - -/** - GCM multiply by H - @param gcm The GCM state which holds the H value - @param I The value to multiply H by - */ -void gcm_mult_h(gcm_state *gcm, unsigned char *I) -{ - unsigned char T[16]; -#ifdef GCM_TABLES - int x, y; - XMEMCPY(T, &gcm->PC[0][I[0]][0], 16); - for (x = 1; x < 16; x++) { -#ifdef LTC_FAST - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y])); - } -#else - for (y = 0; y < 16; y++) { - T[y] ^= gcm->PC[x][I[x]][y]; - } -#endif - } -#else - gcm_gf_mult(gcm->H, I, T); -#endif - XMEMCPY(I, T, 16); -} - - #endif /* $Source$ */ diff --git a/src/encauth/gcm/gcm_mult_h.c b/src/encauth/gcm/gcm_mult_h.c new file mode 100644 index 0000000..039f1a2 --- /dev/null +++ b/src/encauth/gcm/gcm_mult_h.c @@ -0,0 +1,50 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file gcm_mult_h.c + GCM implementation, do the GF mult, by Tom St Denis +*/ +#include "tomcrypt.h" + +#if defined(GCM_MODE) +/** + GCM multiply by H + @param gcm The GCM state which holds the H value + @param I The value to multiply H by + */ +void gcm_mult_h(gcm_state *gcm, unsigned char *I) +{ + unsigned char T[16]; +#ifdef GCM_TABLES + int x, y; + XMEMCPY(T, &gcm->PC[0][I[0]][0], 16); + for (x = 1; x < 16; x++) { +#ifdef LTC_FAST + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y])); + } +#else + for (y = 0; y < 16; y++) { + T[y] ^= gcm->PC[x][I[x]][y]; + } +#endif + } +#else + gcm_gf_mult(gcm->H, I, T); +#endif + XMEMCPY(I, T, 16); +} +#endif + +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/encauth/nls/nls_memory.c b/src/encauth/nls/nls_memory.c new file mode 100644 index 0000000..60c3445 --- /dev/null +++ b/src/encauth/nls/nls_memory.c @@ -0,0 +1,94 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file nls_memory.c + NLS support, process a block of memory, Tom St Denis +*/ + +#ifdef NLS_MODE + +int nls_memory(const unsigned char *key, unsigned long keylen, + const unsigned char *IV, unsigned long IVlen, + const unsigned char *adata, unsigned long adatalen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long taglen, + int direction) +{ + nls_state *nls; + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(IV != NULL); + if (adatalen > 0) { + LTC_ARGCHK(adata != NULL); + } + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + if (taglen > 0) { + LTC_ARGCHK(tag != NULL); + } + + /* alloc NLS state */ + nls = XCALLOC(1, sizeof(*nls)); + if (nls == NULL) { + return CRYPT_MEM; + } + + /* init key and IV */ + if ((err = nls_key(nls, key, keylen)) != CRYPT_OK) { + goto done; + } + if ((err = nls_nonce(nls, IV, IVlen)) != CRYPT_OK) { + goto done; + } + + /* process adata */ + if (adatalen > 0) { + if ((err = nls_maconly(nls, adata, adatalen)) != CRYPT_OK) { + goto done; + } + } + + /* process msg */ + if (direction == NLS_ENCRYPT) { + if ((err = nls_encrypt(nls, pt, nbytes, ct)) != CRYPT_OK) { + goto done; + } + } else { + if ((err = nls_decrypt(nls, ct, nbytes, pt)) != CRYPT_OK) { + goto done; + } + } + + /* grab tag */ + if (taglen > 0) { + if ((err = nls_finish(nls, tag, taglen)) != CRYPT_OK) { + goto done; + } + } + + err = CRYPT_OK; +done: +#ifdef LTC_CLEAN_STACK + zeromem(nls, sizeof(*nls)); +#endif + XFREE(nls); + + return err; +} + +#endif + +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/encauth/nls/nlsfast.c b/src/encauth/nls/nlsfast.c new file mode 100644 index 0000000..c4758b8 --- /dev/null +++ b/src/encauth/nls/nlsfast.c @@ -0,0 +1,981 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ + +/** + @file nlsfast.c + NLS support, entire suite, Tom St Denis +*/ + + +/* Id: nlsfast.c 346 2005-04-22 18:36:12Z mwp */ +/* nlsfast: NLS stream cipher and Mundja MAC -- fast implementation */ + +/* +THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED +WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND AGAINST +INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR +CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, +EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR +PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF +LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING +NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + + +/* This source has been modified from the original source for the LibTomCrypt project + * by Tom St Denis. (Warnings fixed and code GNU indented) + */ + +#include "tomcrypt.h" + +#ifdef NLS_MODE + +#define NLS_LONG_OUTPUT 1 +#define N 17 +#define NMAC 8 +#define WORDSIZE 32 +#define F16 0x10001ul +#define MACKONST 8 + +/* interface, multiplication table and SBox */ +#include "nlssbox.inc" +#include "nlsmultab.inc" +/* + * FOLD is how many register cycles need to be performed after combining the + * last byte of key and non-linear feedback, before every byte depends on every + * byte of the key. This depends on the feedback and nonlinear functions, and + * on where they are combined into the register. + */ +#define FOLD N /* how many iterations of folding to do */ +#define INITKONST 0x6996c53a /* value of KONST to use during key loading */ +#define KEYP 15 /* where to insert key words */ +#define FOLDP 4 /* where to insert non-linear feedback */ +#if NLS_LONG_OUTPUT +#define CTRP 2 /* where to insert counter to avoid small cycles */ +#endif /*NLS_LONG_OUTPUT */ + +#define Byte(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF)) + +/* define IS_LITTLE_ENDIAN for faster operation when appropriate */ +#if defined(ENDIAN_LITTLE) && defined(ENDIAN_32BITWORD) +/* Useful macros -- little endian words on a little endian machine */ +#define BYTE2WORD(b) (*(ulong32 *)(b)) +#define WORD2BYTE(w, b) ((*(ulong32 *)(b)) = w) +#define XORWORD(w, b) ((*(ulong32 *)(b)) ^= w) +#else +/* Useful macros -- machine independent little-endian version */ +#define BYTE2WORD(b) ( \ + (((ulong32)(b)[3] & 0xFF)<<24) | \ + (((ulong32)(b)[2] & 0xFF)<<16) | \ + (((ulong32)(b)[1] & 0xFF)<<8) | \ + (((ulong32)(b)[0] & 0xFF)) \ +) +#define WORD2BYTE(w, b) { \ + (b)[3] = Byte(w,3); \ + (b)[2] = Byte(w,2); \ + (b)[1] = Byte(w,1); \ + (b)[0] = Byte(w,0); \ +} +#define XORWORD(w, b) { \ + (b)[3] ^= Byte(w,3); \ + (b)[2] ^= Byte(w,2); \ + (b)[1] ^= Byte(w,1); \ + (b)[0] ^= Byte(w,0); \ +} +#endif + +#if NLS_LONG_OUTPUT +#define ZEROCOUNTER(c) c->CtrModF16 = c->CtrMod232 = 0 +#else +#define ZEROCOUNTER(c) /* nothing */ +#endif /*NLS_LONG_OUTPUT */ + +/* give correct offset for the current position of the register, + * where logically R[0] is at position "zero". + */ +#define OFF(zero, i) (((zero)+(i)) % N) + +#if NLS_LONG_OUTPUT +/* Increment counter and mix into register every so often */ +#define FIXCTR(c,z) \ +{ \ + if (++c->CtrModF16 == F16) { \ + c->CtrMod232 += c->CtrModF16; \ + c->R[OFF(z,CTRP)] += c->CtrMod232; \ + c->CtrMod232 = 0; \ + } \ +} +#endif /*NLS_LONG_OUTPUT */ + +/* step the shift register */ +/* After stepping, "zero" moves right one place */ +#define STEP(c,z) \ + { register ulong32 tt; \ + tt = ROL(c->R[OFF(z,0)],19) + ROL(c->R[OFF(z,15)],9) + c->konst; \ + tt ^= Sbox[(tt >> 24) & 0xFF]; \ + c->R[OFF(z,0)] = tt ^ c->R[OFF(z,4)]; \ + } +static void cycle(nls_state * c) +{ + ulong32 t; + int i; + + /* nonlinear feedback function */ + STEP(c, 0); + /* shift register */ + t = c->R[0]; + for (i = 1; i < N; ++i) + c->R[i - 1] = c->R[i]; + c->R[N - 1] = t; +#if NLS_LONG_OUTPUT + FIXCTR(c, 0); +#endif /*NLS_LONG_OUTPUT */ +} + +/* Return a non-linear function of some parts of the register. + */ +#define NLFUNC(c,z) \ + (c->R[OFF(z,0)] + c->R[OFF(z,16)]) \ + ^ (c->R[OFF(z,1)] + c->konst) \ + ^ (c->R[OFF(z,6)] + c->R[OFF(z,13)]) + +static ulong32 nltap(nls_state * c) +{ + return NLFUNC(c, 0); +} + +/* The Mundja MAC function is modelled after the round function of SHA-256. + * The following lines establish aliases for the MAC accumulator, just + * so that the definition of that function looks more like FIPS-180-2. + */ +#define A c->M[0] +#define B c->M[1] +#define C c->M[2] +#define D c->M[3] +#define E c->M[4] +#define F c->M[5] +#define G c->M[6] +#define H c->M[7] +#define SIGMA0(x) (ROR((x), 2) ^ ROR((x), 13) ^ ROR((x), 22)) +#define SIGMA1(x) (ROR((x), 6) ^ ROR((x), 11) ^ ROR((x), 25)) +#define CHOOSE(x,y,z) (z ^ (x & (y ^ z))) +#define MAJORITY(x,y,z) ((x & y) | (z & (x | y))) + +/* Accumulate a nonlinear function of a register word and an input word for MAC. + * Except for the added S-Box and SOBER LFSR input instead of constants, + * this is exactly a round of SHA-256. + */ +#define SHAFUNC(c,i,k,A,B,C,D,E,F,G,H) \ + { \ + ulong32 t1; \ + t1 = H + k + i; \ + t1 ^= Sbox[(t1 >> 24) & 0xFF]; \ + t1 += SIGMA1(E) + CHOOSE(E, F, G); \ + D += t1; \ + t1 += SIGMA0(A) + MAJORITY(A, B, C); \ + H = t1; \ + } + +static void shafunc(nls_state * c, ulong32 i) +{ + ulong32 t; + + SHAFUNC(c, i, c->R[MACKONST], A, B, C, D, E, F, G, H); + /* now correct alignment of MAC accumulator */ + t = c->M[NMAC - 1]; + for (i = NMAC - 1; i > 0; --i) + c->M[i] = c->M[i - 1]; + c->M[0] = t; +} + +/* Accumulate a CRC of input words, later to be fed into MAC. + */ +#define CRCFUNC(c,i,zero,five) \ + { \ + ulong32 t1; \ + t1 = (c->CRC[zero] << 8) ^ Multab[(c->CRC[zero] >> 24) & 0xFF] \ + ^ c->CRC[five] ^ i; \ + c->CRC[zero] = t1; \ + } + +static void crcfunc(nls_state * c, ulong32 i) +{ + ulong32 t; + + CRCFUNC(c, i, 0, 5); + /* now correct alignment of CRC accumulator */ + t = c->CRC[0]; + for (i = 1; i < NMAC; ++i) + c->CRC[i - 1] = c->CRC[i]; + c->CRC[NMAC - 1] = t; +} + +/* Normal MAC word processing: do both SHA and CRC. + */ +static void macfunc(nls_state * c, ulong32 i) +{ + crcfunc(c, i); + shafunc(c, i); +} + +/* initialise to known state + */ +static void nls_initstate(nls_state * c) +{ + int i; + + /* Register initialised to Fibonacci numbers */ + c->R[0] = 1; + c->R[1] = 1; + for (i = 2; i < N; ++i) + c->R[i] = c->R[i - 1] + c->R[i - 2]; + c->konst = INITKONST; + ZEROCOUNTER(c); +} + +/* Save the current register state + */ +static void nls_savestate(nls_state * c) +{ + int i; + + for (i = 0; i < N; ++i) + c->initR[i] = c->R[i]; +} + +/* initialise to previously saved register state + */ +static void nls_reloadstate(nls_state * c) +{ + int i; + + for (i = 0; i < N; ++i) + c->R[i] = c->initR[i]; + ZEROCOUNTER(c); +} + +/* Initialise "konst" + */ +static void nls_genkonst(nls_state * c) +{ + ulong32 newkonst; + + do { + cycle(c); + newkonst = nltap(c); + } + while ((newkonst & 0xFF000000) == 0); + c->konst = newkonst; +} + +/* Load key material into the register + */ +#define ADDKEY(k) \ + c->R[KEYP] += (k); + +#define XORNL(nl) \ + c->R[FOLDP] ^= (nl); + +/* nonlinear diffusion of register for key and MAC */ +#define DROUND(z) STEP(c,z); c->R[OFF((z+1),FOLDP)] ^= NLFUNC(c,(z+1)); +static void nls_diffuse(nls_state * c) +{ + /* relies on FOLD == N! */ + DROUND(0); + DROUND(1); + DROUND(2); + DROUND(3); + DROUND(4); + DROUND(5); + DROUND(6); + DROUND(7); + DROUND(8); + DROUND(9); + DROUND(10); + DROUND(11); + DROUND(12); + DROUND(13); + DROUND(14); + DROUND(15); + DROUND(16); +} + +/* common actions for loading key material */ +static void +nls_loadkey(nls_state * c, const unsigned char *key, unsigned long keylen) +{ + ulong32 i, k; + + /* start folding in key, reject odd sized keys */ + if ((keylen & 3) != 0) + abort(); + for (i = 0; i < keylen; i += 4) { + k = BYTE2WORD(&key[i]); + ADDKEY(k); + cycle(c); + XORNL(nltap(c)); + } + + /* also fold in the length of the key */ + ADDKEY(keylen); + + /* now diffuse */ + nls_diffuse(c); +} + +/* initialise MAC related registers + */ +static void nls_macinit(nls_state * c) +{ + int i; + + for (i = 0; i < NMAC; ++i) { + c->M[i] = c->R[i]; + c->CRC[i] = c->R[i + NMAC]; + } +} + +/* Published "key" interface + */ +int nls_key(nls_state * c, const unsigned char *key, unsigned long keylen) +{ + LTC_ARGCHK(c != NULL); + LTC_ARGCHK(key != NULL); + + if (keylen == 0) { + return CRYPT_INVALID_ARG; + } + nls_initstate(c); + nls_loadkey(c, key, keylen); + nls_genkonst(c); + nls_savestate(c); + nls_macinit(c); + c->nbuf = 0; + ZEROCOUNTER(c); + return CRYPT_OK; +} + +/* Published "nonce" interface + */ +int +nls_nonce(nls_state * c, const unsigned char *nonce, unsigned long noncelen) +{ + LTC_ARGCHK(c != NULL); + LTC_ARGCHK(nonce != NULL); + if (noncelen == 0) { + return CRYPT_INVALID_ARG; + } + nls_reloadstate(c); + nls_loadkey(c, nonce, noncelen); + nls_macinit(c); + c->nbuf = 0; + ZEROCOUNTER(c); + return CRYPT_OK; +} + +#if 0 +/* XOR pseudo-random bytes into buffer + * Note: doesn't play well with MAC functions. + */ +#define SROUND(z) STEP(c,z); t = NLFUNC(c,(z+1)); XORWORD(t, buf+(z*4)); +static void +nls_stream(nls_state * c, unsigned char *buf, unsigned long nbytes) +{ + ulong32 t = 0; + + /* handle any previously buffered bytes */ + while (c->nbuf != 0 && nbytes != 0) { + *buf++ ^= c->sbuf & 0xFF; + c->sbuf >>= 8; + c->nbuf -= 8; + --nbytes; + } + + /* do lots at a time, if there's enough to do */ + while (nbytes >= N * 4) { +#if NLS_LONG_OUTPUT + if (c->CtrModF16 < (F16 - 17)) { +#endif /*NLS_LONG_OUTPUT */ + SROUND(0); + SROUND(1); + SROUND(2); + SROUND(3); + SROUND(4); + SROUND(5); + SROUND(6); + SROUND(7); + SROUND(8); + SROUND(9); + SROUND(10); + SROUND(11); + SROUND(12); + SROUND(13); + SROUND(14); + SROUND(15); + SROUND(16); +#if NLS_LONG_OUTPUT + c->CtrModF16 += 17; + } else { + SROUND(0); + FIXCTR(c, 1); + SROUND(1); + FIXCTR(c, 2); + SROUND(2); + FIXCTR(c, 3); + SROUND(3); + FIXCTR(c, 4); + SROUND(4); + FIXCTR(c, 5); + SROUND(5); + FIXCTR(c, 6); + SROUND(6); + FIXCTR(c, 7); + SROUND(7); + FIXCTR(c, 8); + SROUND(8); + FIXCTR(c, 9); + SROUND(9); + FIXCTR(c, 10); + SROUND(10); + FIXCTR(c, 11); + SROUND(11); + FIXCTR(c, 12); + SROUND(12); + FIXCTR(c, 13); + SROUND(13); + FIXCTR(c, 14); + SROUND(14); + FIXCTR(c, 15); + SROUND(15); + FIXCTR(c, 16); + SROUND(16); + FIXCTR(c, 0); + } +#endif /*NLS_LONG_OUTPUT */ + buf += 4 * N; + nbytes -= N * 4; + } + + /* do small or odd size buffers the slow way */ + while (4 <= nbytes) { + cycle(c); + t = nltap(c); + XORWORD(t, buf); + buf += 4; + nbytes -= 4; + } + + /* handle any trailing bytes */ + if (nbytes != 0) { + cycle(c); + c->sbuf = nltap(c); + c->nbuf = 32; + while (c->nbuf != 0 && nbytes != 0) { + *buf++ ^= c->sbuf & 0xFF; + c->sbuf >>= 8; + c->nbuf -= 8; + --nbytes; + } + } +} + +#endif + +/* accumulate words into MAC without encryption + * Note that plaintext is accumulated for MAC. + */ +#define MROUND(z,A,B,C,D,E,F,G,H) \ + t = BYTE2WORD(buf+(z*4)); \ + STEP(c,z); \ + CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \ + SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); +int nls_maconly(nls_state * c, const unsigned char *buf, unsigned long nbytes) +{ + int i; + ulong32 t = 0; + + LTC_ARGCHK(c != NULL); + LTC_ARGCHK(buf != NULL); + + + /* handle any previously buffered bytes */ + if (c->nbuf != 0) { + while (c->nbuf != 0 && nbytes != 0) { + c->mbuf ^= (*buf++) << (32 - c->nbuf); + c->nbuf -= 8; + --nbytes; + } + if (c->nbuf != 0) { /* not a whole word yet */ + return CRYPT_OK; + } + /* LFSR already cycled */ + macfunc(c, c->mbuf); + } + + /* do lots at a time, if there's enough to do */ + while (4 * N <= nbytes) { +#if NLS_LONG_OUTPUT + if (c->CtrModF16 < (F16 - 17)) { +#endif /*NLS_LONG_OUTPUT */ + MROUND(0, A, B, C, D, E, F, G, H); + MROUND(1, H, A, B, C, D, E, F, G); + MROUND(2, G, H, A, B, C, D, E, F); + MROUND(3, F, G, H, A, B, C, D, E); + MROUND(4, E, F, G, H, A, B, C, D); + MROUND(5, D, E, F, G, H, A, B, C); + MROUND(6, C, D, E, F, G, H, A, B); + MROUND(7, B, C, D, E, F, G, H, A); + MROUND(8, A, B, C, D, E, F, G, H); + MROUND(9, H, A, B, C, D, E, F, G); + MROUND(10, G, H, A, B, C, D, E, F); + MROUND(11, F, G, H, A, B, C, D, E); + MROUND(12, E, F, G, H, A, B, C, D); + MROUND(13, D, E, F, G, H, A, B, C); + MROUND(14, C, D, E, F, G, H, A, B); + MROUND(15, B, C, D, E, F, G, H, A); + MROUND(16, A, B, C, D, E, F, G, H); +#if NLS_LONG_OUTPUT + c->CtrModF16 += 17; + } else { + MROUND(0, A, B, C, D, E, F, G, H); + FIXCTR(c, 1); + MROUND(1, H, A, B, C, D, E, F, G); + FIXCTR(c, 2); + MROUND(2, G, H, A, B, C, D, E, F); + FIXCTR(c, 3); + MROUND(3, F, G, H, A, B, C, D, E); + FIXCTR(c, 4); + MROUND(4, E, F, G, H, A, B, C, D); + FIXCTR(c, 5); + MROUND(5, D, E, F, G, H, A, B, C); + FIXCTR(c, 6); + MROUND(6, C, D, E, F, G, H, A, B); + FIXCTR(c, 7); + MROUND(7, B, C, D, E, F, G, H, A); + FIXCTR(c, 8); + MROUND(8, A, B, C, D, E, F, G, H); + FIXCTR(c, 9); + MROUND(9, H, A, B, C, D, E, F, G); + FIXCTR(c, 10); + MROUND(10, G, H, A, B, C, D, E, F); + FIXCTR(c, 11); + MROUND(11, F, G, H, A, B, C, D, E); + FIXCTR(c, 12); + MROUND(12, E, F, G, H, A, B, C, D); + FIXCTR(c, 13); + MROUND(13, D, E, F, G, H, A, B, C); + FIXCTR(c, 14); + MROUND(14, C, D, E, F, G, H, A, B); + FIXCTR(c, 15); + MROUND(15, B, C, D, E, F, G, H, A); + FIXCTR(c, 16); + MROUND(16, A, B, C, D, E, F, G, H); + FIXCTR(c, 0); + } +#endif /*NLS_LONG_OUTPUT */ + buf += 4 * N; + nbytes -= 4 * N; + /* fix alignment of MAC buffer */ + t = c->M[NMAC - 1]; + for (i = NMAC - 1; i > 0; --i) + c->M[i] = c->M[i - 1]; + c->M[0] = t; + /* fix alignment of CRC buffer */ + t = c->CRC[0]; + for (i = 1; i < NMAC; ++i) + c->CRC[i - 1] = c->CRC[i]; + c->CRC[NMAC - 1] = t; + } + + /* do small or odd size buffers the slow way */ + while (4 <= nbytes) { + cycle(c); + macfunc(c, BYTE2WORD(buf)); + buf += 4; + nbytes -= 4; + } + + /* handle any trailing bytes */ + if (nbytes != 0) { + cycle(c); + c->sbuf = nltap(c); + c->mbuf = 0; + c->nbuf = 32; + while (nbytes != 0) { + c->mbuf ^= (*buf++) << (32 - c->nbuf); + c->nbuf -= 8; + --nbytes; + } + } + + return CRYPT_OK; +} + +/* Combined MAC and encryption. + * Note that plaintext is accumulated for MAC. + */ +#define EROUND(z,A,B,C,D,E,F,G,H) \ + STEP(c,z); \ + t3 = BYTE2WORD(buf+(z*4)); \ + CRCFUNC(c,t3,((z)&0x7),(((z)+5)&0x7)); \ + SHAFUNC(c,t3,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \ + t = NLFUNC(c,(z+1)); \ + t ^= t3; \ + WORD2BYTE(t,buf+(z*4)); +int nls_encrypt(nls_state * c, + const unsigned char *pt, unsigned long nbytes, + unsigned char *ct) +{ + ulong32 t = 0, t3 = 0; + int i; + + LTC_ARGCHK(c != NULL); + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + + #define buf ct + + /* do copy as required */ + if (pt != ct) { + XMEMCPY(ct, pt, nbytes); + } + + /* handle any previously buffered bytes */ + if (c->nbuf != 0) { + while (c->nbuf != 0 && nbytes != 0) { + c->mbuf ^= *buf << (32 - c->nbuf); + *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF; + ++buf; + c->nbuf -= 8; + --nbytes; + } + if (c->nbuf != 0) /* not a whole word yet */ + return CRYPT_OK; + /* LFSR already cycled */ + macfunc(c, c->mbuf); + } + + /* do lots at a time, if there's enough to do */ + while (4 * N <= nbytes) { +#if NLS_LONG_OUTPUT + if (c->CtrModF16 < (F16 - 17)) { +#endif /*NLS_LONG_OUTPUT */ + EROUND(0, A, B, C, D, E, F, G, H); + EROUND(1, H, A, B, C, D, E, F, G); + EROUND(2, G, H, A, B, C, D, E, F); + EROUND(3, F, G, H, A, B, C, D, E); + EROUND(4, E, F, G, H, A, B, C, D); + EROUND(5, D, E, F, G, H, A, B, C); + EROUND(6, C, D, E, F, G, H, A, B); + EROUND(7, B, C, D, E, F, G, H, A); + EROUND(8, A, B, C, D, E, F, G, H); + EROUND(9, H, A, B, C, D, E, F, G); + EROUND(10, G, H, A, B, C, D, E, F); + EROUND(11, F, G, H, A, B, C, D, E); + EROUND(12, E, F, G, H, A, B, C, D); + EROUND(13, D, E, F, G, H, A, B, C); + EROUND(14, C, D, E, F, G, H, A, B); + EROUND(15, B, C, D, E, F, G, H, A); + EROUND(16, A, B, C, D, E, F, G, H); +#if NLS_LONG_OUTPUT + c->CtrModF16 += 17; + } else { + EROUND(0, A, B, C, D, E, F, G, H); + FIXCTR(c, 1); + EROUND(1, H, A, B, C, D, E, F, G); + FIXCTR(c, 2); + EROUND(2, G, H, A, B, C, D, E, F); + FIXCTR(c, 3); + EROUND(3, F, G, H, A, B, C, D, E); + FIXCTR(c, 4); + EROUND(4, E, F, G, H, A, B, C, D); + FIXCTR(c, 5); + EROUND(5, D, E, F, G, H, A, B, C); + FIXCTR(c, 6); + EROUND(6, C, D, E, F, G, H, A, B); + FIXCTR(c, 7); + EROUND(7, B, C, D, E, F, G, H, A); + FIXCTR(c, 8); + EROUND(8, A, B, C, D, E, F, G, H); + FIXCTR(c, 9); + EROUND(9, H, A, B, C, D, E, F, G); + FIXCTR(c, 10); + EROUND(10, G, H, A, B, C, D, E, F); + FIXCTR(c, 11); + EROUND(11, F, G, H, A, B, C, D, E); + FIXCTR(c, 12); + EROUND(12, E, F, G, H, A, B, C, D); + FIXCTR(c, 13); + EROUND(13, D, E, F, G, H, A, B, C); + FIXCTR(c, 14); + EROUND(14, C, D, E, F, G, H, A, B); + FIXCTR(c, 15); + EROUND(15, B, C, D, E, F, G, H, A); + FIXCTR(c, 16); + EROUND(16, A, B, C, D, E, F, G, H); + FIXCTR(c, 0); + } +#endif /*NLS_LONG_OUTPUT */ + buf += 4 * N; + nbytes -= 4 * N; + /* fix alignment of MAC buffer */ + t = c->M[7]; + for (i = NMAC - 1; i > 0; --i) + c->M[i] = c->M[i - 1]; + c->M[0] = t; + /* fix alignment of CRC buffer */ + t = c->CRC[0]; + for (i = 1; i < NMAC; ++i) + c->CRC[i - 1] = c->CRC[i]; + c->CRC[NMAC - 1] = t; + } + + /* do small or odd size buffers the slow way */ + while (4 <= nbytes) { + cycle(c); + t = BYTE2WORD(buf); + macfunc(c, t); + t ^= nltap(c); + WORD2BYTE(t, buf); + nbytes -= 4; + buf += 4; + } + + /* handle any trailing bytes */ + if (nbytes != 0) { + cycle(c); + c->sbuf = nltap(c); + c->mbuf = 0; + c->nbuf = 32; + while (c->nbuf != 0 && nbytes != 0) { + c->mbuf ^= *buf << (32 - c->nbuf); + *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF; + ++buf; + c->nbuf -= 8; + --nbytes; + } + } + + #undef buf + + return CRYPT_OK; +} + +/* Combined MAC and decryption. + * Note that plaintext is accumulated for MAC. + */ +#undef DROUND +#define DROUND(z,A,B,C,D,E,F,G,H) \ + STEP(c,z); \ + t = NLFUNC(c,(z+1)); \ + t3 = BYTE2WORD(buf+(z*4)); \ + t ^= t3; \ + CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \ + SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \ + WORD2BYTE(t, buf+(z*4)); +int nls_decrypt(nls_state * c, + const unsigned char *ct, unsigned long nbytes, + unsigned char *pt) +{ + ulong32 t = 0, t3 = 0; + int i; + + LTC_ARGCHK(c != NULL); + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + + #define buf pt + + if (pt != ct) { + XMEMCPY(pt, ct, nbytes); + } + + /* handle any previously buffered bytes */ + if (c->nbuf != 0) { + while (c->nbuf != 0 && nbytes != 0) { + *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF; + c->mbuf ^= *buf << (32 - c->nbuf); + ++buf; + c->nbuf -= 8; + --nbytes; + } + if (c->nbuf != 0) /* not a whole word yet */ + return CRYPT_OK; + /* LFSR already cycled */ + macfunc(c, c->mbuf); + } + + /* now do lots at a time, if there's enough */ + while (4 * N <= nbytes) { +#if NLS_LONG_OUTPUT + if (c->CtrModF16 < (F16 - 17)) { +#endif /*NLS_LONG_OUTPUT */ + DROUND(0, A, B, C, D, E, F, G, H); + DROUND(1, H, A, B, C, D, E, F, G); + DROUND(2, G, H, A, B, C, D, E, F); + DROUND(3, F, G, H, A, B, C, D, E); + DROUND(4, E, F, G, H, A, B, C, D); + DROUND(5, D, E, F, G, H, A, B, C); + DROUND(6, C, D, E, F, G, H, A, B); + DROUND(7, B, C, D, E, F, G, H, A); + DROUND(8, A, B, C, D, E, F, G, H); + DROUND(9, H, A, B, C, D, E, F, G); + DROUND(10, G, H, A, B, C, D, E, F); + DROUND(11, F, G, H, A, B, C, D, E); + DROUND(12, E, F, G, H, A, B, C, D); + DROUND(13, D, E, F, G, H, A, B, C); + DROUND(14, C, D, E, F, G, H, A, B); + DROUND(15, B, C, D, E, F, G, H, A); + DROUND(16, A, B, C, D, E, F, G, H); +#if NLS_LONG_OUTPUT + c->CtrModF16 += 17; + } else { + DROUND(0, A, B, C, D, E, F, G, H); + FIXCTR(c, 1); + DROUND(1, H, A, B, C, D, E, F, G); + FIXCTR(c, 2); + DROUND(2, G, H, A, B, C, D, E, F); + FIXCTR(c, 3); + DROUND(3, F, G, H, A, B, C, D, E); + FIXCTR(c, 4); + DROUND(4, E, F, G, H, A, B, C, D); + FIXCTR(c, 5); + DROUND(5, D, E, F, G, H, A, B, C); + FIXCTR(c, 6); + DROUND(6, C, D, E, F, G, H, A, B); + FIXCTR(c, 7); + DROUND(7, B, C, D, E, F, G, H, A); + FIXCTR(c, 8); + DROUND(8, A, B, C, D, E, F, G, H); + FIXCTR(c, 9); + DROUND(9, H, A, B, C, D, E, F, G); + FIXCTR(c, 10); + DROUND(10, G, H, A, B, C, D, E, F); + FIXCTR(c, 11); + DROUND(11, F, G, H, A, B, C, D, E); + FIXCTR(c, 12); + DROUND(12, E, F, G, H, A, B, C, D); + FIXCTR(c, 13); + DROUND(13, D, E, F, G, H, A, B, C); + FIXCTR(c, 14); + DROUND(14, C, D, E, F, G, H, A, B); + FIXCTR(c, 15); + DROUND(15, B, C, D, E, F, G, H, A); + FIXCTR(c, 16); + DROUND(16, A, B, C, D, E, F, G, H); + FIXCTR(c, 0); + } +#endif /*NLS_LONG_OUTPUT */ + buf += 4 * N; + nbytes -= 4 * N; + /* fix alignment of MAC buffer */ + t = c->M[7]; + for (i = NMAC - 1; i > 0; --i) + c->M[i] = c->M[i - 1]; + c->M[0] = t; + /* fix alignment of CRC buffer */ + t = c->CRC[0]; + for (i = 1; i < NMAC; ++i) + c->CRC[i - 1] = c->CRC[i]; + c->CRC[NMAC - 1] = t; + } + + /* do small or odd size buffers the slow way */ + while (4 <= nbytes) { + cycle(c); + t = nltap(c); + t3 = BYTE2WORD(buf); + t ^= t3; + macfunc(c, t); + WORD2BYTE(t, buf); + nbytes -= 4; + buf += 4; + } + + /* handle any trailing bytes */ + if (nbytes != 0) { + cycle(c); + c->sbuf = nltap(c); + c->mbuf = 0; + c->nbuf = 32; + while (c->nbuf != 0 && nbytes != 0) { + *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF; + c->mbuf ^= *buf << (32 - c->nbuf); + ++buf; + c->nbuf -= 8; + --nbytes; + } + } + return CRYPT_OK; + + #undef buf +} + +/* Having accumulated a MAC, finish processing and return it. + * Note that any unprocessed bytes are treated as if + * they were encrypted zero bytes, so plaintext (zero) is accumulated. + */ +int nls_finish(nls_state * c, unsigned char *buf, unsigned long nbytes) +{ + ulong32 i; + + LTC_ARGCHK(c != NULL); + LTC_ARGCHK(buf != NULL); + + /* handle any previously buffered bytes */ + if (c->nbuf != 0) { + /* LFSR already cycled */ + macfunc(c, c->mbuf); + } + + /* perturb the MAC to mark end of input. + * Note that only the SHA part is updated, not the CRC. This is an + * action that can't be duplicated by passing in plaintext, hence + * defeating any kind of extension attack. + */ + cycle(c); + shafunc(c, INITKONST + (c->nbuf << 24)); + c->nbuf = 0; + + /* now add the CRC to the MAC like input material */ + for (i = 0; i < NMAC; ++i) { + cycle(c); + crcfunc(c, 0); + shafunc(c, c->CRC[7]); + } + + /* continue that process, producing output from the MAC buffer */ + while (nbytes > 0) { + cycle(c); + crcfunc(c, 0); + shafunc(c, c->CRC[7]); + if (nbytes >= 4) { + WORD2BYTE(A, buf); + nbytes -= 4; + buf += 4; + } else { + for (i = 0; i < nbytes; ++i) + buf[i] = Byte(A, i); + break; + } + } + + return CRYPT_OK; +} + +#endif + +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/encauth/nls/nlsmultab.inc b/src/encauth/nls/nlsmultab.inc new file mode 100644 index 0000000..d89032e --- /dev/null +++ b/src/encauth/nls/nlsmultab.inc @@ -0,0 +1,68 @@ +/* Id: nlsmultab.h 333 2005-04-13 05:35:54Z mwp */ +/* Multiplication table for Mundja using 0xD02B4367 */ +static const ulong32 Multab[256] = { + 0x00000000, 0xD02B4367, 0xED5686CE, 0x3D7DC5A9, + 0x97AC41D1, 0x478702B6, 0x7AFAC71F, 0xAAD18478, + 0x631582EF, 0xB33EC188, 0x8E430421, 0x5E684746, + 0xF4B9C33E, 0x24928059, 0x19EF45F0, 0xC9C40697, + 0xC62A4993, 0x16010AF4, 0x2B7CCF5D, 0xFB578C3A, + 0x51860842, 0x81AD4B25, 0xBCD08E8C, 0x6CFBCDEB, + 0xA53FCB7C, 0x7514881B, 0x48694DB2, 0x98420ED5, + 0x32938AAD, 0xE2B8C9CA, 0xDFC50C63, 0x0FEE4F04, + 0xC154926B, 0x117FD10C, 0x2C0214A5, 0xFC2957C2, + 0x56F8D3BA, 0x86D390DD, 0xBBAE5574, 0x6B851613, + 0xA2411084, 0x726A53E3, 0x4F17964A, 0x9F3CD52D, + 0x35ED5155, 0xE5C61232, 0xD8BBD79B, 0x089094FC, + 0x077EDBF8, 0xD755989F, 0xEA285D36, 0x3A031E51, + 0x90D29A29, 0x40F9D94E, 0x7D841CE7, 0xADAF5F80, + 0x646B5917, 0xB4401A70, 0x893DDFD9, 0x59169CBE, + 0xF3C718C6, 0x23EC5BA1, 0x1E919E08, 0xCEBADD6F, + 0xCFA869D6, 0x1F832AB1, 0x22FEEF18, 0xF2D5AC7F, + 0x58042807, 0x882F6B60, 0xB552AEC9, 0x6579EDAE, + 0xACBDEB39, 0x7C96A85E, 0x41EB6DF7, 0x91C02E90, + 0x3B11AAE8, 0xEB3AE98F, 0xD6472C26, 0x066C6F41, + 0x09822045, 0xD9A96322, 0xE4D4A68B, 0x34FFE5EC, + 0x9E2E6194, 0x4E0522F3, 0x7378E75A, 0xA353A43D, + 0x6A97A2AA, 0xBABCE1CD, 0x87C12464, 0x57EA6703, + 0xFD3BE37B, 0x2D10A01C, 0x106D65B5, 0xC04626D2, + 0x0EFCFBBD, 0xDED7B8DA, 0xE3AA7D73, 0x33813E14, + 0x9950BA6C, 0x497BF90B, 0x74063CA2, 0xA42D7FC5, + 0x6DE97952, 0xBDC23A35, 0x80BFFF9C, 0x5094BCFB, + 0xFA453883, 0x2A6E7BE4, 0x1713BE4D, 0xC738FD2A, + 0xC8D6B22E, 0x18FDF149, 0x258034E0, 0xF5AB7787, + 0x5F7AF3FF, 0x8F51B098, 0xB22C7531, 0x62073656, + 0xABC330C1, 0x7BE873A6, 0x4695B60F, 0x96BEF568, + 0x3C6F7110, 0xEC443277, 0xD139F7DE, 0x0112B4B9, + 0xD31DD2E1, 0x03369186, 0x3E4B542F, 0xEE601748, + 0x44B19330, 0x949AD057, 0xA9E715FE, 0x79CC5699, + 0xB008500E, 0x60231369, 0x5D5ED6C0, 0x8D7595A7, + 0x27A411DF, 0xF78F52B8, 0xCAF29711, 0x1AD9D476, + 0x15379B72, 0xC51CD815, 0xF8611DBC, 0x284A5EDB, + 0x829BDAA3, 0x52B099C4, 0x6FCD5C6D, 0xBFE61F0A, + 0x7622199D, 0xA6095AFA, 0x9B749F53, 0x4B5FDC34, + 0xE18E584C, 0x31A51B2B, 0x0CD8DE82, 0xDCF39DE5, + 0x1249408A, 0xC26203ED, 0xFF1FC644, 0x2F348523, + 0x85E5015B, 0x55CE423C, 0x68B38795, 0xB898C4F2, + 0x715CC265, 0xA1778102, 0x9C0A44AB, 0x4C2107CC, + 0xE6F083B4, 0x36DBC0D3, 0x0BA6057A, 0xDB8D461D, + 0xD4630919, 0x04484A7E, 0x39358FD7, 0xE91ECCB0, + 0x43CF48C8, 0x93E40BAF, 0xAE99CE06, 0x7EB28D61, + 0xB7768BF6, 0x675DC891, 0x5A200D38, 0x8A0B4E5F, + 0x20DACA27, 0xF0F18940, 0xCD8C4CE9, 0x1DA70F8E, + 0x1CB5BB37, 0xCC9EF850, 0xF1E33DF9, 0x21C87E9E, + 0x8B19FAE6, 0x5B32B981, 0x664F7C28, 0xB6643F4F, + 0x7FA039D8, 0xAF8B7ABF, 0x92F6BF16, 0x42DDFC71, + 0xE80C7809, 0x38273B6E, 0x055AFEC7, 0xD571BDA0, + 0xDA9FF2A4, 0x0AB4B1C3, 0x37C9746A, 0xE7E2370D, + 0x4D33B375, 0x9D18F012, 0xA06535BB, 0x704E76DC, + 0xB98A704B, 0x69A1332C, 0x54DCF685, 0x84F7B5E2, + 0x2E26319A, 0xFE0D72FD, 0xC370B754, 0x135BF433, + 0xDDE1295C, 0x0DCA6A3B, 0x30B7AF92, 0xE09CECF5, + 0x4A4D688D, 0x9A662BEA, 0xA71BEE43, 0x7730AD24, + 0xBEF4ABB3, 0x6EDFE8D4, 0x53A22D7D, 0x83896E1A, + 0x2958EA62, 0xF973A905, 0xC40E6CAC, 0x14252FCB, + 0x1BCB60CF, 0xCBE023A8, 0xF69DE601, 0x26B6A566, + 0x8C67211E, 0x5C4C6279, 0x6131A7D0, 0xB11AE4B7, + 0x78DEE220, 0xA8F5A147, 0x958864EE, 0x45A32789, + 0xEF72A3F1, 0x3F59E096, 0x0224253F, 0xD20F6658, +}; diff --git a/src/encauth/nls/nlssbox.inc b/src/encauth/nls/nlssbox.inc new file mode 100644 index 0000000..0a5797a --- /dev/null +++ b/src/encauth/nls/nlssbox.inc @@ -0,0 +1,84 @@ +/* Id: nlssbox.h 333 2005-04-13 05:35:54Z mwp */ +/* Sbox for NLS */ +/* + * This is really the combination of two SBoxes; the least significant + * 24 bits comes from: + * 8->32 Sbox generated by Millan et. al. at Queensland University of + * Technology. See: E. Dawson, W. Millan, L. Burnett, G. Carter, + * "On the Design of 8*32 S-boxes". Unpublished report, by the + * Information Systems Research Centre, + * Queensland University of Technology, 1999. + * + * The most significant 8 bits are the Skipjack "F table", which can be + * found at http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf . + * In this optimised table, though, the intent is to XOR the word from + * the table selected by the high byte with the input word. Thus, the + * high byte is actually the Skipjack F-table entry XORED with its + * table index. + */ +static const ulong32 Sbox[256] = { + 0xa3aa1887, 0xd65e435c, 0x0b65c042, 0x800e6ef4, + 0xfc57ee20, 0x4d84fed3, 0xf066c502, 0xf354e8ae, + 0xbb2ee9d9, 0x281f38d4, 0x1f829b5d, 0x735cdf3c, + 0x95864249, 0xbc2e3963, 0xa1f4429f, 0xf6432c35, + 0xf7f40325, 0x3cc0dd70, 0x5f973ded, 0x9902dc5e, + 0xda175b42, 0x590012bf, 0xdc94d78c, 0x39aab26b, + 0x4ac11b9a, 0x8c168146, 0xc3ea8ec5, 0x058ac28f, + 0x52ed5c0f, 0x25b4101c, 0x5a2db082, 0x370929e1, + 0x2a1843de, 0xfe8299fc, 0x202fbc4b, 0x833915dd, + 0x33a803fa, 0xd446b2de, 0x46233342, 0x4fcee7c3, + 0x3ad607ef, 0x9e97ebab, 0x507f859b, 0xe81f2e2f, + 0xc55b71da, 0xd7e2269a, 0x1339c3d1, 0x7ca56b36, + 0xa6c9def2, 0xb5c9fc5f, 0x5927b3a3, 0x89a56ddf, + 0xc625b510, 0x560f85a7, 0xace82e71, 0x2ecb8816, + 0x44951e2a, 0x97f5f6af, 0xdfcbc2b3, 0xce4ff55d, + 0xcb6b6214, 0x2b0b83e3, 0x549ea6f5, 0x9de041af, + 0x792f1f17, 0xf73b99ee, 0x39a65ec0, 0x4c7016c6, + 0x857709a4, 0xd6326e01, 0xc7b280d9, 0x5cfb1418, + 0xa6aff227, 0xfd548203, 0x506b9d96, 0xa117a8c0, + 0x9cd5bf6e, 0xdcee7888, 0x61fcfe64, 0xf7a193cd, + 0x050d0184, 0xe8ae4930, 0x88014f36, 0xd6a87088, + 0x6bad6c2a, 0x1422c678, 0xe9204de7, 0xb7c2e759, + 0x0200248e, 0x013b446b, 0xda0d9fc2, 0x0414a895, + 0x3a6cc3a1, 0x56fef170, 0x86c19155, 0xcf7b8a66, + 0x551b5e69, 0xb4a8623e, 0xa2bdfa35, 0xc4f068cc, + 0x573a6acd, 0x6355e936, 0x03602db9, 0x0edf13c1, + 0x2d0bb16d, 0x6980b83c, 0xfeb23763, 0x3dd8a911, + 0x01b6bc13, 0xf55579d7, 0xf55c2fa8, 0x19f4196e, + 0xe7db5476, 0x8d64a866, 0xc06e16ad, 0xb17fc515, + 0xc46feb3c, 0x8bc8a306, 0xad6799d9, 0x571a9133, + 0x992466dd, 0x92eb5dcd, 0xac118f50, 0x9fafb226, + 0xa1b9cef3, 0x3ab36189, 0x347a19b1, 0x62c73084, + 0xc27ded5c, 0x6c8bc58f, 0x1cdde421, 0xed1e47fb, + 0xcdcc715e, 0xb9c0ff99, 0x4b122f0f, 0xc4d25184, + 0xaf7a5e6c, 0x5bbf18bc, 0x8dd7c6e0, 0x5fb7e420, + 0x521f523f, 0x4ad9b8a2, 0xe9da1a6b, 0x97888c02, + 0x19d1e354, 0x5aba7d79, 0xa2cc7753, 0x8c2d9655, + 0x19829da1, 0x531590a7, 0x19c1c149, 0x3d537f1c, + 0x50779b69, 0xed71f2b7, 0x463c58fa, 0x52dc4418, + 0xc18c8c76, 0xc120d9f0, 0xafa80d4d, 0x3b74c473, + 0xd09410e9, 0x290e4211, 0xc3c8082b, 0x8f6b334a, + 0x3bf68ed2, 0xa843cc1b, 0x8d3c0ff3, 0x20e564a0, + 0xf8f55a4f, 0x2b40f8e7, 0xfea7f15f, 0xcf00fe21, + 0x8a6d37d6, 0xd0d506f1, 0xade00973, 0xefbbde36, + 0x84670fa8, 0xfa31ab9e, 0xaedab618, 0xc01f52f5, + 0x6558eb4f, 0x71b9e343, 0x4b8d77dd, 0x8cb93da6, + 0x740fd52d, 0x425412f8, 0xc5a63360, 0x10e53ad0, + 0x5a700f1c, 0x8324ed0b, 0xe53dc1ec, 0x1a366795, + 0x6d549d15, 0xc5ce46d7, 0xe17abe76, 0x5f48e0a0, + 0xd0f07c02, 0x941249b7, 0xe49ed6ba, 0x37a47f78, + 0xe1cfffbd, 0xb007ca84, 0xbb65f4da, 0xb59f35da, + 0x33d2aa44, 0x417452ac, 0xc0d674a7, 0x2d61a46a, + 0xdc63152a, 0x3e12b7aa, 0x6e615927, 0xa14fb118, + 0xa151758d, 0xba81687b, 0xe152f0b3, 0x764254ed, + 0x34c77271, 0x0a31acab, 0x54f94aec, 0xb9e994cd, + 0x574d9e81, 0x5b623730, 0xce8a21e8, 0x37917f0b, + 0xe8a9b5d6, 0x9697adf8, 0xf3d30431, 0x5dcac921, + 0x76b35d46, 0xaa430a36, 0xc2194022, 0x22bca65e, + 0xdaec70ba, 0xdfaea8cc, 0x777bae8b, 0x242924d5, + 0x1f098a5a, 0x4b396b81, 0x55de2522, 0x435c1cb8, + 0xaeb8fe1d, 0x9db3c697, 0x5b164f83, 0xe0c16376, + 0xa319224c, 0xd0203b35, 0x433ac0fe, 0x1466a19a, + 0x45f0b24f, 0x51fda998, 0xc0d52d71, 0xfa0896a8, + 0xf9e6053f, 0xa4b0d300, 0xd499cbcc, 0xb95e3d40, +}; diff --git a/src/headers/tomcrypt.h b/src/headers/tomcrypt.h index 7c4da8f..04a865b 100644 --- a/src/headers/tomcrypt.h +++ b/src/headers/tomcrypt.h @@ -16,8 +16,8 @@ extern "C" { #endif /* version */ -#define CRYPT 0x0108 -#define SCRYPT "1.08" +#define CRYPT 0x0109 +#define SCRYPT "1.09" /* max size of either a cipher/hash block or symmetric key [largest of the two] */ #define MAXBLOCKSIZE 128 diff --git a/src/headers/tomcrypt_cipher.h b/src/headers/tomcrypt_cipher.h index aae0ad9..601653d 100644 --- a/src/headers/tomcrypt_cipher.h +++ b/src/headers/tomcrypt_cipher.h @@ -167,6 +167,7 @@ typedef union Symmetric_key { void *data; } symmetric_key; +#ifdef ECB /** A block cipher ECB structure */ typedef struct { /** The index of the cipher chosen */ @@ -176,7 +177,9 @@ typedef struct { /** The scheduled key */ symmetric_key key; } symmetric_ECB; +#endif +#ifdef CFB /** A block cipher CFB structure */ typedef struct { /** The index of the cipher chosen */ @@ -192,7 +195,9 @@ typedef struct { /** The scheduled key */ symmetric_key key; } symmetric_CFB; +#endif +#ifdef OFB /** A block cipher OFB structure */ typedef struct { /** The index of the cipher chosen */ @@ -206,7 +211,9 @@ typedef struct { /** The scheduled key */ symmetric_key key; } symmetric_OFB; +#endif +#ifdef CBC /** A block cipher CBC structure */ typedef struct { /** The index of the cipher chosen */ @@ -218,7 +225,10 @@ typedef struct { /** The scheduled key */ symmetric_key key; } symmetric_CBC; +#endif + +#ifdef CTR /** A block cipher CTR structure */ typedef struct { /** The index of the cipher chosen */ @@ -236,6 +246,35 @@ typedef struct { /** The scheduled key */ symmetric_key key; } symmetric_CTR; +#endif + + +#ifdef LRW_MODE +/** A LRW structure */ +typedef struct { + /** The index of the cipher chosen (must be a 128-bit block cipher) */ + int cipher; + + /** The current IV */ + unsigned char IV[16], + + /** the tweak key */ + tweak[16], + + /** The current pad, it's the product of the first 15 bytes against the tweak key */ + pad[16]; + + /** The scheduled symmetric key */ + symmetric_key key; + +#ifdef LRW_TABLES + /** The pre-computed multiplication table */ + unsigned char PC[16][256][16]; +#endif +} symmetric_LRW; +#endif + + /** cipher descriptor table, last entry has "name == NULL" to mark the end of table */ extern struct ltc_cipher_descriptor { @@ -339,6 +378,28 @@ extern struct ltc_cipher_descriptor { */ int (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey); + /** Accelerated LRW + @param pt Plaintext + @param ct Ciphertext + @param blocks The number of complete blocks to process + @param IV The initial value (input/output) + @param tweak The LRW tweak + @param skey The scheduled key context + @return CRYPT_OK if successful + */ + int (*accel_lrw_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey); + + /** Accelerated LRW + @param ct Ciphertext + @param pt Plaintext + @param blocks The number of complete blocks to process + @param IV The initial value (input/output) + @param tweak The LRW tweak + @param skey The scheduled key context + @return CRYPT_OK if successful + */ + int (*accel_lrw_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey); + /** Accelerated CCM packet (one-shot) @param key The secret key to use @param keylen The length of the secret key (octets) @@ -624,7 +685,29 @@ int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr); int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr); int ctr_done(symmetric_CTR *ctr); #endif - + +#ifdef LRW_MODE + +#define LRW_ENCRYPT 0 +#define LRW_DECRYPT 1 + +int lrw_start( int cipher, + const unsigned char *IV, + const unsigned char *key, int keylen, + const unsigned char *tweak, + int num_rounds, + symmetric_LRW *lrw); +int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw); +int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw); +int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw); +int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw); +int lrw_done(symmetric_LRW *lrw); + +/* don't call */ +int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw); + + +#endif int find_cipher(const char *name); int find_cipher_any(const char *name, int blocklen, int keylen); int find_cipher_id(unsigned char ID); diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index 3ec0119..c176271 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -36,6 +36,45 @@ #define XQSORT qsort #endif +/* Easy button? */ +#ifdef LTC_EASY + #define LTC_NO_CIPHERS + #define RIJNDAEL + #define BLOWFISH + #define DES + #define CAST5 + + #define LTC_NO_MODES + #define ECB + #define CBC + #define CTR + + #define LTC_NO_HASHES + #define SHA1 + #define SHA512 + #define SHA384 + #define SHA256 + #define SHA224 + #define WHIRLPOOL + + #define LTC_NO_MACS + #define HMAC + #define OMAC + #define CCM_MODE + + #define LTC_NO_PRNGS + #define SPRNG + #define YARROW + #define DEVRANDOM + #define TRY_URANDOM_FIRST + + #define LTC_NO_PK + #define MRSA + #define MECC +#endif + + + /* Use small code where possible */ /* #define LTC_SMALL_CODE */ @@ -101,6 +140,15 @@ #define CBC #define CTR +/* LRW mode */ +#define LRW_MODE +#ifndef LTC_NO_TABLES + /* like GCM mode this will enable 16 8x128 tables [64KB] that make + * seeking very fast. + */ + #define LRW_TABLES +#endif + #endif /* LTC_NO_MODES */ /* ---> One-Way Hash Functions <--- */ @@ -143,8 +191,9 @@ #define OCB_MODE #define CCM_MODE - #define GCM_MODE +/* disabled waiting on test vectors */ +/* #define NLS_MODE */ /* Use 64KiB tables */ #ifndef LTC_NO_TABLES diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h index a611486..dd9d49c 100644 --- a/src/headers/tomcrypt_mac.h +++ b/src/headers/tomcrypt_mac.h @@ -212,6 +212,10 @@ int ccm_test(void); #endif /* CCM_MODE */ +#if defined(LRW_MODE) || defined(GCM_MODE) +void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c); +#endif + #ifdef GCM_MODE #define GCM_ENCRYPT 0 @@ -243,7 +247,6 @@ typedef struct { } gcm_state; -void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c); void gcm_mult_h(gcm_state *gcm, unsigned char *I); int gcm_init(gcm_state *gcm, int cipher, @@ -297,6 +300,48 @@ int pelican_memory(const unsigned char *key, unsigned long keylen, #endif +#ifdef NLS_MODE + +#define NLS_ENCRYPT 0 +#define NLS_DECRYPT 1 + +typedef struct { + ulong32 R[17]; /* Working storage for the shift register */ + ulong32 M[8]; /* Working storage for MAC accumulation */ + ulong32 CRC[8]; /* Working storage for CRC accumulation */ + ulong32 initR[17]; /* saved register contents */ + ulong32 konst; /* key dependent constant */ + ulong32 sbuf; /* partial ulong32 encryption buffer */ + ulong32 mbuf; /* partial ulong32 MAC buffer */ + int nbuf; /* number of part-ulong32 stream bits buffered */ + ulong32 CtrModF16; /* Multiprecision counter, modulo F16 */ + ulong32 CtrMod232; /* Multiprecision counter, LSW */ +} nls_state; + +/* interface definitions */ +int nls_key(nls_state *c, const unsigned char *key, unsigned long keylen); /* set key */ +int nls_nonce(nls_state *c, const unsigned char *nonce, unsigned long noncelen); /* set IV */ +int nls_maconly(nls_state *c, const unsigned char *buf, unsigned long nbytes); /* accumulate MAC */ +int nls_encrypt(nls_state * c, + const unsigned char *pt, unsigned long nbytes, + unsigned char *ct); /* enc+MAC */ +int nls_decrypt(nls_state * c, + const unsigned char *ct, unsigned long nbytes, + unsigned char *pt); /* dec+MAC */ +int nls_finish(nls_state *c, unsigned char *buf, unsigned long nbytes); /* finalize MAC */ + +int nls_memory(const unsigned char *key, unsigned long keylen, + const unsigned char *IV, unsigned long IVlen, + const unsigned char *adata, unsigned long adatalen, + unsigned char *pt, unsigned long ptlen, + unsigned char *ct, + unsigned char *tag, unsigned long taglen, + int direction); + + +#endif + + /* $Source$ */ /* $Revision$ */ /* $Date$ */ diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c index c138709..a3f6f09 100644 --- a/src/misc/crypt/crypt.c +++ b/src/misc/crypt/crypt.c @@ -168,6 +168,13 @@ const char *crypt_build_settings = #if defined(CTR) " CTR\n" #endif +#if defined(LRW_MODE) + " LRW_MODE" +#if defined(LRW_TABLES) + " (LRW_TABLES) " +#endif + "\n" +#endif "\nMACs:\n" #if defined(HMAC) @@ -314,6 +321,9 @@ const char *crypt_build_settings = #if defined(TFM_DESC) " TFM_DESC " #endif +#if defined(LTC_EASY) + " (easy) " +#endif "\n" "\n\n\n" diff --git a/src/modes/lrw/lrw_decrypt.c b/src/modes/lrw/lrw_decrypt.c new file mode 100644 index 0000000..e7c4afc --- /dev/null +++ b/src/modes/lrw/lrw_decrypt.c @@ -0,0 +1,51 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file lrw_decrypt.c + LRW_MODE implementation, Decrypt blocks, Tom St Denis +*/ + +#ifdef LRW_MODE + +/** + LRW decrypt blocks + @param ct The ciphertext + @param pt [out] The plaintext + @param len The length in octets, must be a multiple of 16 + @param lrw The LRW state +*/ +int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw) +{ + int err; + + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + LTC_ARGCHK(lrw != NULL); + + if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { + return err; + } + + if (cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) { + return cipher_descriptor[lrw->cipher].accel_lrw_decrypt(ct, pt, len, lrw->IV, lrw->tweak, &lrw->key); + } + + return lrw_process(ct, pt, len, LRW_DECRYPT, lrw); +} + + +#endif + +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/modes/lrw/lrw_done.c b/src/modes/lrw/lrw_done.c new file mode 100644 index 0000000..fd3f6e7 --- /dev/null +++ b/src/modes/lrw/lrw_done.c @@ -0,0 +1,42 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file lrw_done.c + LRW_MODE implementation, Free resources, Tom St Denis +*/ + +#ifdef LRW_MODE + +/** + Terminate a LRW state + @param lrw The state to terminate + @return CRYPT_OK if successful +*/ +int lrw_done(symmetric_LRW *lrw) +{ + int err; + + LTC_ARGCHK(lrw != NULL); + + if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { + return err; + } + cipher_descriptor[lrw->cipher].done(&lrw->key); + + return CRYPT_OK; +} + +#endif +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/modes/lrw/lrw_encrypt.c b/src/modes/lrw/lrw_encrypt.c new file mode 100644 index 0000000..e03f554 --- /dev/null +++ b/src/modes/lrw/lrw_encrypt.c @@ -0,0 +1,50 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file lrw_encrypt.c + LRW_MODE implementation, Encrypt blocks, Tom St Denis +*/ + +#ifdef LRW_MODE + +/** + LRW encrypt blocks + @param pt The plaintext + @param ct [out] The ciphertext + @param len The length in octets, must be a multiple of 16 + @param lrw The LRW state +*/ +int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw) +{ + int err; + + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + LTC_ARGCHK(lrw != NULL); + + if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { + return err; + } + + if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL) { + return cipher_descriptor[lrw->cipher].accel_lrw_encrypt(pt, ct, len, lrw->IV, lrw->tweak, &lrw->key); + } + + return lrw_process(pt, ct, len, LRW_ENCRYPT, lrw); +} + + +#endif +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/modes/lrw/lrw_getiv.c b/src/modes/lrw/lrw_getiv.c new file mode 100644 index 0000000..e8ac41c --- /dev/null +++ b/src/modes/lrw/lrw_getiv.c @@ -0,0 +1,44 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file lrw_getiv.c + LRW_MODE implementation, Retrieve the current IV, Tom St Denis +*/ + +#ifdef LRW_MODE + +/** + Get the IV for LRW + @param IV [out] The IV, must be 16 octets + @param len Length ... must be at least 16 :-) + @param lrw The LRW state to read + @return CRYPT_OK if successful +*/ +int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw) +{ + LTC_ARGCHK(IV != NULL); + LTC_ARGCHK(len != NULL); + LTC_ARGCHK(lrw != NULL); + if (*len < 16) { + return CRYPT_BUFFER_OVERFLOW; + } + + XMEMCPY(IV, lrw->IV, 16); + *len = 16; + return CRYPT_OK; +} + +#endif +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/modes/lrw/lrw_process.c b/src/modes/lrw/lrw_process.c new file mode 100644 index 0000000..1d7e892 --- /dev/null +++ b/src/modes/lrw/lrw_process.c @@ -0,0 +1,116 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file lrw_process.c + LRW_MODE implementation, Encrypt/decrypt blocks, Tom St Denis +*/ + +#ifdef LRW_MODE + +/** + Process blocks with LRW, since decrypt/encrypt are largely the same they share this code. + @param pt The "input" data + @param ct [out] The "output" data + @param len The length of the input, must be a multiple of 128-bits (16 octets) + @param mode LRW_ENCRYPT or LRW_DECRYPT + @param lrw The LRW state + @return CRYPT_OK if successful +*/ +int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw) +{ + unsigned char prod[16]; + int x; +#ifdef LRW_TABLES + int y; +#endif + + LTC_ARGCHK(pt != NULL); + LTC_ARGCHK(ct != NULL); + LTC_ARGCHK(lrw != NULL); + + if (len & 15) { + return CRYPT_INVALID_ARG; + } + + while (len) { + /* copy pad */ + XMEMCPY(prod, lrw->pad, 16); + + /* increment IV */ + for (x = 15; x >= 0; x--) { + lrw->IV[x] = (lrw->IV[x] + 1) & 255; + if (lrw->IV[x]) { + break; + } + } + + /* update pad */ +#ifdef LRW_2TABLES + /* for each byte changed we undo it's affect on the pad then add the new product */ + for (; x < 16; x++) { +#ifdef LTC_FAST + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE *)(lrw->pad + y)) ^= *((LTC_FAST_TYPE *)(&lrw->PC[x][lrw->IV[x]][y])) ^ *((LTC_FAST_TYPE *)(&lrw->PC[x][(lrw->IV[x]-1)&255][y])); + } +#else + for (y = 0; y < 16; y++) { + lrw->pad[y] ^= lrw->PC[x][lrw->IV[x]][y] ^ lrw->PC[x][(lrw->IV[x]-1)&255][y]; + } +#endif + } +#else + gcm_gf_mult(lrw->tweak, lrw->IV, lrw->pad); +#endif + + /* xor prod */ +#ifdef LTC_FAST + for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE *)(ct + x)) = *((LTC_FAST_TYPE *)(pt + x)) ^ *((LTC_FAST_TYPE *)(prod + x)); + } +#else + for (x = 0; x < 16; x++) { + ct[x] = pt[x] ^ prod[x]; + } +#endif + + /* send through cipher */ + if (mode == LRW_ENCRYPT) { + cipher_descriptor[lrw->cipher].ecb_encrypt(ct, ct, &lrw->key); + } else { + cipher_descriptor[lrw->cipher].ecb_decrypt(ct, ct, &lrw->key); + } + + /* xor prod */ +#ifdef LTC_FAST + for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE *)(ct + x)) = *((LTC_FAST_TYPE *)(ct + x)) ^ *((LTC_FAST_TYPE *)(prod + x)); + } +#else + for (x = 0; x < 16; x++) { + ct[x] = ct[x] ^ prod[x]; + } +#endif + + /* move to next */ + pt += 16; + ct += 16; + len -= 16; + } + + return CRYPT_OK; +} + +#endif +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/modes/lrw/lrw_setiv.c b/src/modes/lrw/lrw_setiv.c new file mode 100644 index 0000000..f6bd21b --- /dev/null +++ b/src/modes/lrw/lrw_setiv.c @@ -0,0 +1,79 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file lrw_setiv.c + LRW_MODE implementation, Set the current IV, Tom St Denis +*/ + +#ifdef LRW_MODE + +/** + Set the IV for LRW + @param IV The IV, must be 16 octets + @param len Length ... must be 16 :-) + @param lrw The LRW state to update + @return CRYPT_OK if successful +*/ +int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw) +{ + int err; +#ifdef LRW_TABLES + unsigned char T[16]; + int x, y; +#endif + LTC_ARGCHK(IV != NULL); + LTC_ARGCHK(lrw != NULL); + + if (len != 16) { + return CRYPT_INVALID_ARG; + } + + if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { + return err; + } + + /* copy the IV */ + XMEMCPY(lrw->IV, IV, 16); + + /* check if we have to actually do work */ + if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL && cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) { + /* we have accelerators, let's bail since they don't use lrw->pad anyways */ + return CRYPT_OK; + } + +#ifdef LRW_TABLES + XMEMCPY(T, &lrw->PC[0][IV[0]][0], 16); + for (x = 1; x < 16; x++) { +#ifdef LTC_FAST + for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&lrw->PC[x][IV[x]][y])); + } +#else + for (y = 0; y < 16; y++) { + T[y] ^= lrw->PC[x][IV[x]][y]; + } +#endif + } + XMEMCPY(lrw->pad, T, 16); +#else + gcm_gf_mult(lrw->tweak, IV, lrw->pad); +#endif + + return CRYPT_OK; +} + + +#endif +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/modes/lrw/lrw_start.c b/src/modes/lrw/lrw_start.c new file mode 100644 index 0000000..570db57 --- /dev/null +++ b/src/modes/lrw/lrw_start.c @@ -0,0 +1,143 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file lrw_start.c + LRW_MODE implementation, start mode, Tom St Denis +*/ + +#ifdef LRW_MODE + +#ifdef LRW_TABLES + +/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the + * lower 16 bits are not zero'ed I removed the upper 14 bytes */ +static const unsigned char gcm_shift_table[256*2] = { +0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e, +0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e, +0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e, +0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e, +0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e, +0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e, +0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e, +0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e, +0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce, +0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde, +0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee, +0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe, +0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e, +0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e, +0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae, +0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe, +0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e, +0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e, +0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e, +0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e, +0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e, +0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e, +0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e, +0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e, +0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce, +0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde, +0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee, +0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe, +0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e, +0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e, +0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae, +0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe }; + +#endif + +/** + Initialize the LRW context + @param cipher The cipher desired, must be a 128-bit block cipher + @param IV The index value, must be 128-bits + @param key The cipher key + @param keylen The length of the cipher key in octets + @param tweak The tweak value (second key), must be 128-bits + @param num_rounds The number of rounds for the cipher (0 == default) + @param lrw [out] The LRW state + @return CRYPT_OK on success. +*/ +int lrw_start( int cipher, + const unsigned char *IV, + const unsigned char *key, int keylen, + const unsigned char *tweak, + int num_rounds, + symmetric_LRW *lrw) +{ + int err; +#ifdef LRW_TABLES + unsigned char B[16]; + int x, y, z, t; +#endif + + LTC_ARGCHK(IV != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(tweak != NULL); + LTC_ARGCHK(lrw != NULL); + +#ifdef LTC_FAST + if (16 % sizeof(LTC_FAST_TYPE)) { + return CRYPT_INVALID_ARG; + } +#endif + + /* is cipher valid? */ + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { + return err; + } + if (cipher_descriptor[cipher].block_length != 16) { + return CRYPT_INVALID_CIPHER; + } + + /* schedule key */ + if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &lrw->key)) != CRYPT_OK) { + return err; + } + lrw->cipher = cipher; + + /* copy the IV and tweak */ + XMEMCPY(lrw->tweak, tweak, 16); + +#ifdef LRW_TABLES + /* setup tables */ + /* generate the first table as it has no shifting (from which we make the other tables) */ + zeromem(B, 16); + for (y = 0; y < 256; y++) { + B[0] = y; + gcm_gf_mult(tweak, B, &lrw->PC[0][y][0]); + } + + /* now generate the rest of the tables based the previous table */ + for (x = 1; x < 16; x++) { + for (y = 0; y < 256; y++) { + /* now shift it right by 8 bits */ + t = lrw->PC[x-1][y][15]; + for (z = 15; z > 0; z--) { + lrw->PC[x][y][z] = lrw->PC[x-1][y][z-1]; + } + lrw->PC[x][y][0] = gcm_shift_table[t<<1]; + lrw->PC[x][y][1] ^= gcm_shift_table[(t<<1)+1]; + } + } +#endif + + /* generate first pad */ + return lrw_setiv(IV, 16, lrw); +} + + +#endif +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/modes/lrw/lrw_test.c b/src/modes/lrw/lrw_test.c new file mode 100644 index 0000000..5ca7b40 --- /dev/null +++ b/src/modes/lrw/lrw_test.c @@ -0,0 +1,157 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file lrw_test.c + LRW_MODE implementation, test LRW, Tom St Denis +*/ + +#ifdef LRW_MODE + +/** + Test LRW against specs + @return CRYPT_OK if goodly +*/ +int lrw_test(void) +{ +#ifndef LTC_TEST + return CRYPT_NOP; +#else + static const struct { + unsigned char key[16], tweak[16], IV[16], P[16], expected_tweak[16], C[16]; + } tests[] = { + +{ +{ 0x45, 0x62, 0xac, 0x25, 0xf8, 0x28, 0x17, 0x6d, 0x4c, 0x26, 0x84, 0x14, 0xb5, 0x68, 0x01, 0x85 }, +{ 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03, 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 }, +{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, +{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 }, +{ 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03, 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 }, +{ 0xf1, 0xb2, 0x73, 0xcd, 0x65, 0xa3, 0xdf, 0x5f, 0xe9, 0x5d, 0x48, 0x92, 0x54, 0x63, 0x4e, 0xb8 } +}, + +{ +{ 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c, 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44 }, +{ 0x35, 0x23, 0xc2, 0xde, 0xc5, 0x69, 0x4f, 0xa8, 0x72, 0xa9, 0xac, 0xa7, 0x0b, 0x2b, 0xee, 0xbc }, +{ 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, +{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 }, +{ 0x1a, 0x91, 0xe1, 0x6f, 0x62, 0xb4, 0xa7, 0xd4, 0x39, 0x54, 0xd6, 0x53, 0x85, 0x95, 0xf7, 0x5e }, +{ 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5, 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 }, +}, + +{ +{ 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c, 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44 }, +{ 0x67, 0x53, 0xc9, 0x0c, 0xb7, 0xd8, 0xcd, 0xe5, 0x06, 0xa0, 0x47, 0x78, 0x1a, 0xad, 0x85, 0x11 }, +{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 }, +{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 }, +{ 0x1a, 0x91, 0xe1, 0x6f, 0x62, 0xb4, 0xa7, 0xd4, 0x39, 0x54, 0xd6, 0x53, 0x85, 0x95, 0xf7, 0x5e }, +{ 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5, 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 }, +}, + +{ + +{ 0xd8, 0x2a, 0x91, 0x34, 0xb2, 0x6a, 0x56, 0x50, 0x30, 0xfe, 0x69, 0xe2, 0x37, 0x7f, 0x98, 0x47 }, +{ 0x4e, 0xb5, 0x5d, 0x31, 0x05, 0x97, 0x3a, 0x3f, 0x5e, 0x23, 0xda, 0xfb, 0x5a, 0x45, 0xd6, 0xc0 }, +{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 }, +{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 }, +{ 0x18, 0xc9, 0x1f, 0x6d, 0x60, 0x1a, 0x1a, 0x37, 0x5d, 0x0b, 0x0e, 0xf7, 0x3a, 0xd5, 0x74, 0xc4 }, +{ 0x76, 0x32, 0x21, 0x83, 0xed, 0x8f, 0xf1, 0x82, 0xf9, 0x59, 0x62, 0x03, 0x69, 0x0e, 0x5e, 0x01 }, + +} +}; + + int idx, err, x; + symmetric_LRW lrw; + unsigned char buf[2][16]; + + idx = find_cipher("aes"); + if (idx == -1) { + idx = find_cipher("rijndael"); + if (idx == -1) { + return CRYPT_NOP; + } + } + +#define PRINT + + for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) { + /* schedule it */ + if ((err = lrw_start(idx, tests[x].IV, tests[x].key, 16, tests[x].tweak, 0, &lrw)) != CRYPT_OK) { +#ifdef PRINT + printf("\n\nERR at %d\n", __LINE__); +#endif + return err; + } + + /* check pad against expected tweak */ + if (XMEMCMP(tests[x].expected_tweak, lrw.pad, 16)) { + lrw_done(&lrw); +#ifdef PRINT + printf("\n\nERR at %d\n", __LINE__); +#endif + return CRYPT_FAIL_TESTVECTOR; + } + + /* process block */ + if ((err = lrw_encrypt(tests[x].P, buf[0], 16, &lrw)) != CRYPT_OK) { + lrw_done(&lrw); +#ifdef PRINT + printf("\n\nERR at %d\n", __LINE__); +#endif + return err; + } + + if (XMEMCMP(buf[0], tests[x].C, 16)) { + lrw_done(&lrw); +#ifdef PRINT + printf("\n\nERR at %d\n", __LINE__); +#endif + return CRYPT_FAIL_TESTVECTOR; + } + + /* process block */ + if ((err = lrw_setiv(tests[x].IV, 16, &lrw)) != CRYPT_OK) { + lrw_done(&lrw); +#ifdef PRINT + printf("\n\nERR at %d\n", __LINE__); +#endif + return err; + } + + if ((err = lrw_decrypt(buf[0], buf[1], 16, &lrw)) != CRYPT_OK) { + lrw_done(&lrw); +#ifdef PRINT + printf("\n\nERR at %d\n", __LINE__); +#endif + return err; + } + + if (XMEMCMP(buf[1], tests[x].P, 16)) { + lrw_done(&lrw); +#ifdef PRINT + printf("\n\nERR at %d\n", __LINE__); +#endif + return CRYPT_FAIL_TESTVECTOR; + } + lrw_done(&lrw); + } + return CRYPT_OK; +#endif +} + +#endif + + + +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/pk/asn1/der/sequence/der_decode_sequence_multi.c b/src/pk/asn1/der/sequence/der_decode_sequence_multi.c index 56bf253..7c4da1e 100644 --- a/src/pk/asn1/der/sequence/der_decode_sequence_multi.c +++ b/src/pk/asn1/der/sequence/der_decode_sequence_multi.c @@ -19,6 +19,13 @@ #ifdef LTC_DER +/** + Decode a SEQUENCE type using a VA list + @param in Input buffer + @param inlen Length of input in octets + @remark <...> is of the form (int, unsigned long, void*) + @return CRYPT_OK on success +*/ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...) { int err, type; diff --git a/src/pk/asn1/der/sequence/der_encode_sequence_multi.c b/src/pk/asn1/der/sequence/der_encode_sequence_multi.c index 4454b85..e7d89ac 100644 --- a/src/pk/asn1/der/sequence/der_encode_sequence_multi.c +++ b/src/pk/asn1/der/sequence/der_encode_sequence_multi.c @@ -19,6 +19,13 @@ #ifdef LTC_DER +/** + Encode a SEQUENCE type using a VA list + @param out [out] Destination for data + @param outlen [in/out] Length of buffer and resulting length of output + @remark <...> is of the form (int, unsigned long, void*) + @return CRYPT_OK on success +*/ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...) { int err, type; diff --git a/src/pk/asn1/der/set/der_encode_set.c b/src/pk/asn1/der/set/der_encode_set.c index b154c32..12a8bef 100644 --- a/src/pk/asn1/der/set/der_encode_set.c +++ b/src/pk/asn1/der/set/der_encode_set.c @@ -54,6 +54,14 @@ static int qsort_helper(const void *a, const void *b) } } +/* + Encode a SET type + @param list The list of items to encode + @param inlen The number of items in the list + @param out [out] The destination + @param outlen [in/out] The size of the output + @return CRYPT_OK on success +*/ int der_encode_set(ltc_asn1_list *list, unsigned long inlen, unsigned char *out, unsigned long *outlen) { diff --git a/src/pk/asn1/der/set/der_encode_setof.c b/src/pk/asn1/der/set/der_encode_setof.c index 3ff0de9..45cbdd8 100644 --- a/src/pk/asn1/der/set/der_encode_setof.c +++ b/src/pk/asn1/der/set/der_encode_setof.c @@ -50,6 +50,14 @@ static int qsort_helper(const void *a, const void *b) return r; } +/** + Encode a SETOF stucture + @param list The list of items to encode + @param inlen The number of items in the list + @param out [out] The destination + @param outlen [in/out] The size of the output + @return CRYPT_OK on success +*/ int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, unsigned char *out, unsigned long *outlen) { diff --git a/src/pk/asn1/der/short_integer/der_decode_short_integer.c b/src/pk/asn1/der/short_integer/der_decode_short_integer.c index 6e731e1..b6328cd 100644 --- a/src/pk/asn1/der/short_integer/der_decode_short_integer.c +++ b/src/pk/asn1/der/short_integer/der_decode_short_integer.c @@ -19,7 +19,7 @@ #ifdef LTC_DER /** - Read a mp_int integer + Read a short integer @param in The DER encoded data @param inlen Size of data @param num [out] The integer to decode diff --git a/src/pk/asn1/der/short_integer/der_encode_short_integer.c b/src/pk/asn1/der/short_integer/der_encode_short_integer.c index 51f45f7..4199d00 100644 --- a/src/pk/asn1/der/short_integer/der_encode_short_integer.c +++ b/src/pk/asn1/der/short_integer/der_encode_short_integer.c @@ -18,9 +18,8 @@ #ifdef LTC_DER -/* Exports a positive integer as DER format (upto 32-bits in size) */ /** - Store a mp_int integer + Store a short integer in the range (0,2^32-1) @param num The integer to encode @param out [out] The destination for the DER encoded integers @param outlen [in/out] The max size and resulting size of the DER encoded integers diff --git a/src/pk/asn1/der/utctime/der_decode_utctime.c b/src/pk/asn1/der/utctime/der_decode_utctime.c index 45e60a5..80e7a03 100644 --- a/src/pk/asn1/der/utctime/der_decode_utctime.c +++ b/src/pk/asn1/der/utctime/der_decode_utctime.c @@ -39,6 +39,13 @@ static int char_to_int(unsigned char x) if (y >= max) return CRYPT_INVALID_PACKET; \ x += 2; +/** + Decodes a UTC time structure in DER format (reads all 6 valid encoding formats) + @param in Input buffer + @param inlen Length of input buffer in octets + @param out [out] Destination of UTC time structure + @return CRYPT_OK if successful +*/ int der_decode_utctime(const unsigned char *in, unsigned long *inlen, ltc_utctime *out) { diff --git a/testme.sh b/testme.sh index 02f4d1c..b62fda8 100644 --- a/testme.sh +++ b/testme.sh @@ -14,7 +14,6 @@ echo "uname="`uname -a` echo "gcc="`gcc -dumpversion` echo - # stock build bash run.sh "STOCK" " " "$1" "$2" "$3" || exit 1 @@ -42,6 +41,9 @@ bash run.sh "CLEANSTACK+NOTABLES+SMALL" "-DLTC_NO_TABLES -DLTC_CLEAN_STACK -DLTC # NO_FAST bash run.sh "NO_FAST" "-DLTC_NO_FAST" "$1" "$2" "$3" || exit 1 +# NO_FAST + NOTABLES +bash run.sh "NO_FAST+NOTABLES" "-DLTC_NO_FAST -DLTC_NO_TABLES" "$1" "$2" "$3" || exit 1 + # NO_ASM bash run.sh "NO_ASM" "-DLTC_NO_ASM" "$1" "$2" "$3" || exit 1 @@ -52,5 +54,5 @@ bash testbuild.sh "NOTEST" "-DLTC_NO_TEST" "$1" "$2" "$3" || exit 1 bash testbuild.sh "NOFILE" "-DLTC_NO_FILE" "$1" "$2" "$3" || exit 1 # $Source: /cvs/libtom/libtomcrypt/testme.sh,v $ -# $Revision: 1.19 $ -# $Date: 2005/07/28 01:32:41 $ +# $Revision: 1.20 $ +# $Date: 2006/01/26 14:49:43 $ diff --git a/testprof/modes_test.c b/testprof/modes_test.c index da25f85..e6d49f8 100644 --- a/testprof/modes_test.c +++ b/testprof/modes_test.c @@ -5,10 +5,18 @@ int modes_test(void) { unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16]; int cipher_idx; +#ifdef CBC symmetric_CBC cbc; +#endif +#ifdef CFB symmetric_CFB cfb; +#endif +#ifdef OFB symmetric_OFB ofb; +#endif +#ifdef CTR symmetric_CTR ctr; +#endif unsigned long l; /* make a random pt, key and iv */ @@ -23,6 +31,10 @@ int modes_test(void) return 1; } +#ifdef LRW_MODE + DO(lrw_test()); +#endif + #ifdef CBC /* test CBC mode */ /* encode the block */ diff --git a/testprof/x86_prof.c b/testprof/x86_prof.c index e9434de..aa1b004 100644 --- a/testprof/x86_prof.c +++ b/testprof/x86_prof.c @@ -233,7 +233,11 @@ register_prng(&rc4_desc); register_prng(&sober128_desc); #endif -rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL); + if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT_OK) { + fprintf(stderr, "rng_make_prng failed: %s\n", error_to_string(err)); + exit(EXIT_FAILURE); + } + } int time_keysched(void) @@ -886,7 +890,12 @@ void time_macs_(unsigned long MAC_SIZE) } cipher_idx = find_cipher("aes"); - hash_idx = find_hash("md5"); + hash_idx = find_hash("sha1"); + + if (cipher_idx == -1 || hash_idx == -1) { + fprintf(stderr, "Warning the MAC tests requires AES and SHA1 to operate... so sorry\n"); + return; + } yarrow_read(buf, MAC_SIZE*1024, &yarrow_prng); yarrow_read(key, 16, &yarrow_prng); @@ -904,7 +913,7 @@ void time_macs_(unsigned long MAC_SIZE) t1 = t_read() - t1; if (t1 < t2) t2 = t1; } - fprintf(stderr, "OMAC-AES\t\t%9llu\n", t2/(ulong64)(MAC_SIZE*1024)); + fprintf(stderr, "OMAC-%s\t\t%9llu\n", cipher_descriptor[cipher_idx].name, t2/(ulong64)(MAC_SIZE*1024)); #endif #ifdef PMAC @@ -952,7 +961,7 @@ void time_macs_(unsigned long MAC_SIZE) t1 = t_read() - t1; if (t1 < t2) t2 = t1; } - fprintf(stderr, "HMAC-MD5\t\t%9llu\n", t2/(ulong64)(MAC_SIZE*1024)); + fprintf(stderr, "HMAC-%s\t\t%9llu\n", hash_descriptor[hash_idx].name, t2/(ulong64)(MAC_SIZE*1024)); #endif XFREE(buf); diff --git a/updatemakes.sh b/updatemakes.sh new file mode 100644 index 0000000..a6e1906 --- /dev/null +++ b/updatemakes.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +bash genlist.sh > tmplist + +perl filter.pl makefile tmplist +mv -f tmp.delme makefile + +perl filter.pl makefile.icc tmplist +mv -f tmp.delme makefile.icc + +perl filter.pl makefile.shared tmplist +mv -f tmp.delme makefile.shared + +perl filter.pl makefile.msvc tmplist +sed -e 's/\.o /.obj /g' < tmp.delme > makefile.msvc + +rm -f tmplist +rm -f tmp.delme