Commit Graph

1301 Commits

Author SHA1 Message Date
Steffen Jaeckel
21ddcf3568 fix multi2 as proposed by kmx 2012-11-18 18:44:14 +01:00
Steffen Jaeckel
8cda684a0e improved multi2_test() 2012-11-18 18:41:46 +01:00
Steffen Jaeckel
bb8bd034f5 Merge branch 'ppelleti/ltc-fix-noekeon-gmp' into develop 2012-11-18 15:24:52 +01:00
Patrick Pelletier
5b662d6ed8 Fix some small typos in documentation 2012-11-18 15:24:15 +01:00
Patrick Pelletier
80ef95f3c1 Checked in program which generates Noekeon vectors using BouncyCastle. 2012-11-18 15:24:15 +01:00
Patrick Pelletier
e7b4705fca corrected Noekeon vectors 2012-11-18 15:24:14 +01:00
Patrick Pelletier
0e143a5cfe EAX-noekeon vectors from BouncyCastle 2012-11-18 15:24:14 +01:00
Patrick Pelletier
6dc089015a Fix LTC's bug in PI1/PI2 of Noekeon. Add vectors from BouncyCastle. 2012-11-18 15:24:13 +01:00
Patrick Pelletier
5708adb6c1 Add Camellia to the test vectors. 2012-11-18 15:24:12 +01:00
Patrick Pelletier
65254f65bf Fix camellia_keysize() to not change the keysize if it is correct.
It was rounding 32 down to 24, 24 down to 16, and claiming 16 was invalid.
2012-11-18 15:24:12 +01:00
Patrick Pelletier
e3acd4cabe Make GMP use uppercase to match LibTomMath. 2012-11-18 15:24:11 +01:00
Patrick Pelletier
3fbccfcb5c support base 64 for GMP 2012-11-18 15:24:11 +01:00
Steffen Jaeckel
20f0c74d17 Merge branch 'ppelleti/ltc-fixes' into develop 2012-11-18 15:21:51 +01:00
Patrick Pelletier
382c9d4d85 Some fixes necessary to support the Clang compiler
First of all, it had a failure in SEED:

LTC_KSEED failed for x=0, I got:
expected    actual   (ciphertext)
     5e  ==  5e
     ba  ==  ba
     c6  ==  c6
     e0  ==  e0
     05  !=  00
     4e  !=  00
     16  !=  00
     68  !=  00
     19  ==  19
     af  ==  af
     f1  ==  f1
     cc  ==  cc
     6d  !=  00
     34  !=  00
     6c  !=  00
     db  !=  00

Since SEED uses the 32H macros, this is really analogous to the
problem I saw with the 64H macros in Camellia with gcc.  Not sure why
gcc only had a problem with 64H and not 32H, but since this is an
interaction with the optimizer, it's not going to happen every time
the macro is used (hence why the store tests pass; only when you get
into the complexity of a real cipher do you start having problems) and
it makes sense it will vary from compiler to compiler.

Anyway, I went ahead and added the ability to use __builtin_bswap32,
in addition to __builtin_bswap64, which I already did in a previous
commit.  This solves the problem for clang, although I had to add new
logic to detect the bswap builtins in clang, since it has a different
way to detect them than gcc (see the comments in the code).  The
detection logic was complicated enough, and applied to both the 32H
and 64H macros, so I factored out the detection logic into
tomcrypt_cfg.h.
2012-11-18 15:20:12 +01:00
Patrick Pelletier
ad566e1b00 Use __builtin_bswap64 if it is available
This produces slightly better performance than the inline assembly,
and has the added benefit that it should be portable to other systems
that use gcc, not just x86-64.

Here are the results on my "AMD Athlon(tm) 7450 Dual-Core Processor"
with "gcc (Ubuntu 4.3.3-5ubuntu4) 4.3.3":

with portable 64H macros:

camellia            : Schedule at   1659
camellia            [ 23]: Encrypt at   431, Decrypt at   434
whirlpool           : Process at    55

with inline assembly (with "memory clobber" for correctness):

camellia            : Schedule at   1380
camellia            [ 23]: Encrypt at   406, Decrypt at   403
whirlpool           : Process at    50

with __builtin_bswap64:

camellia            : Schedule at   1352
camellia            [ 23]: Encrypt at   396, Decrypt at   391
whirlpool           : Process at    46
2012-11-18 15:20:12 +01:00
Patrick Pelletier
cefff85550 Add "memory" as a clobber for bswap inline assembly.
This had been causing Camellia (the only cipher that uses these
macros) to fail when compiling "out-of-the-box" with gcc version
"4.3.3-5ubuntu4".  I think because the compiler had no idea any memory
access was going on in these macros.

Adding "memory" as a clobber solves the problem, but is probably
overkill.  I suspect that if we specify the constraint for y
differently, we could get rid of both "memory" and __volatile__, which
would allow the compiler to optimize much more.

Also, in gcc versions that support it, we should probably use the
bswap builtins instead.
2012-11-18 15:20:11 +01:00
Patrick Pelletier
ee7c031ddf Added some code (commented out) to print details about Camellia test failure
(and ditto for SEED)

This is modeled after similar commented-out code in sober128_test(),
but slightly fancier.
2012-11-18 15:20:10 +01:00
Patrick Pelletier
cecbbb88fc When a test fails, print the algorithm that it failed on.
As near as I can tell, LibTomCrypt doesn't provide any way to tell
which cipher failed when it reports a cipher test failure.  For
example, I was getting:

Algorithm failed test vectors. (5)
cipher_hash_test.c:14:cipher_descriptor[x].test()

But there's no way to tell what value x has, and even if there was, it
would take a bit of digging to determine which algorithm that
corresponds to.  So, I added a variant of the DO() macro, DOX(), which
takes an additional string argument which is displayed on failure.  So
now I get:

Algorithm failed test vectors. (5) - camellia
cipher_hash_test.c:14:cipher_descriptor[x].test()
2012-11-18 15:20:10 +01:00
Patrick Pelletier
9228cbbd1e don't delete doc/crypt.pdf in "make clean"
"make clean" was deleting "doc/*.pdf", despite the fact that there
were two comments (one above and one below) stating that it did not.

Since doc/crypt.pdf is checked into git, running "make clean" made my
git state dirty, which seems undesirable.

I took sort of a compromise position and had "make clean" continue to
delete any other .pdf files in doc (such as refman.pdf), but
explicitly not delete crypt.pdf.
2012-11-18 15:20:09 +01:00
Patrick Pelletier
4a2b54a446 Changed "make clean" to not delete crypt.lof (which is checked into git)
This line:
rm -f `find . -type f | grep "[.]lo"  | xargs`

was deleting crypt.lof, which seemed undesirable.  One solution would
be to end the grep expression with "$", but it seemed more
straightforward just to pass "-name" to "find", rather than piping
through grep.
2012-11-18 15:20:08 +01:00
Patrick Pelletier
d61c537a2a missing a comma 2012-11-18 15:20:08 +01:00
Patrick Pelletier
233f207c17 Use "GMP_DESC" instead of "GPM_DESC"
This seemed to be the only place in the code that was using this
particular transposition.  And, indeed, when compiling with
"GMP_DESC", it looks like it is necessary to disable Diffie-Hellman.
(Otherwise, the test fails for me.)
2012-11-18 15:20:07 +01:00
Steffen Jaeckel
bd7933cc2b add check for defines of math provider 2012-10-08 10:20:21 +02:00
Steffen Jaeckel
77860ba866 yarrow: prevent access to NULL pointer 2012-05-04 01:01:24 +02:00
Steffen Jaeckel
9c4fc762fc yarrow: trim trailing spaces 2012-05-04 01:00:25 +02:00
Steffen Jaeckel
2cd666f284 rsa_import: prevent double-free 2012-04-24 18:08:13 +02:00
Steffen Jaeckel
5c9fa403ff Merge pull request #3 from gpakosz/patch-1
replaced free(in) by XFREE(in) at line 56
2011-07-12 06:01:19 -07:00
Gregory Pakosz
1346ccdee8 replaced free(in) by XFREE(in) at line 56 2011-07-12 05:56:48 -07:00
Steffen Jaeckel
8859f6e73d fixed wrong return value interpretation of register_crypt/hash/prng function calls 2011-06-14 20:56:42 +02:00
Steffen Jaeckel
2b0ce25778 testme.sh: added parameter checking 2011-05-20 09:41:57 +02:00
Steffen Jaeckel
5ec1e53e02 updated gitignore 2011-03-21 22:59:59 +01:00
Steffen Jaeckel
8dc8a2d551 Added define LTC_RSA_BLINDING to be able to disable rsa blinding 2011-03-21 22:50:49 +01:00
Steffen Jaeckel
380693edd9 fixed error causing segmentation fault 2011-03-21 21:17:59 +01:00
Steffen Jaeckel
496453f289 removed testing of "stripped" rsa key 2011-03-21 21:17:31 +01:00
Steffen Jaeckel
25bd5c1275 added missing handling of new type LTC_ASN1_RAW_BIT_STRING in der_encode_sequence_multi() 2011-03-21 21:12:46 +01:00
Steffen Jaeckel
43c6b5ab89 make build.sh less verbose when test fails 2011-03-21 21:10:23 +01:00
Nikos Mavrogiannopoulos
fa22e791d4 RSA and DSA public keys are stored using the SubjectPublicKeyInfo format. 2011-03-21 19:24:10 +01:00
Nikos Mavrogiannopoulos
8c2850f8d9 Added RSA blinding (requires mp_rand()). 2011-03-21 08:26:41 +01:00
Nikos Mavrogiannopoulos
ed6897d90f DSA private keys are being exported to a compatible with OpenSSL and GnuTLS format. 2011-03-21 08:26:27 +01:00
Steffen Jaeckel
2895c9d7fe updated gitignore 2011-01-25 11:27:28 +01:00
Steffen Jaeckel
5b1c0108c9 updated gitignore and VS2008 project file 2011-01-24 10:41:30 +01:00
Steffen Jaeckel
412b2ee1fc after multiple objections of libtom users [1], we decided to change licensing
to a dual licensing model.

[1] https://groups.google.com/group/libtom/browse_thread/thread/d7b67bc6410250b3
2011-01-19 10:18:15 +01:00
Steffen Jaeckel
4a8927d5c0 updated gitignore to ignore files generated when executing build.sh 2011-01-19 09:21:19 +01:00
Steffen Jaeckel
edf11c62c0 Diffie-Hellman/Math: introduced the proposed changes by Alexander Kurpiers
addmod and submod are moved to the end of the math descriptor, in order
to be able to run existing software against a new version of ltc without need
to rebuild the software.
2011-01-18 21:16:11 +01:00
Steffen Jaeckel
6fecec107d rejoined diffie hellman code from ltc 1.05, thanks to Alexander Kurpiers 2011-01-18 20:06:03 +01:00
Steffen Jaeckel
5039e6520f fixed tests and testvectors 2011-01-18 19:42:38 +01:00
Steffen Jaeckel
77e31fb6a9 Re-licensed all code under WTFPL, c.f. http://sam.zoy.org/wtfpl/ 2010-10-26 16:02:34 +02:00
Steffen Jaeckel
e7ce129e9b flushed content of CVS/SVN tags 2010-06-16 20:02:51 +02:00
Steffen Jaeckel
c3018d69d0 removed gcc compiler warnings 2010-06-16 20:02:11 +02:00
Steffen Jaeckel
59f9c00f98 removed IAR compiler warnings 2010-06-16 20:02:01 +02:00