ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-06-26 18:17:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

propagate from branch 'au.asn.ucc.matt.ltc-orig' (head 9ba8f01f44320e9cb9f19881105ae84f84a43ea9)

Browse Source 
to branch 'au.asn.ucc.matt.dropbear.ltc' (head dbf51c569bc34956ad948e4cc87a0eeb2170b768)

--HG--
branch : libtomcrypt
extra : convert_revision : 47be11e36d7d7aadc687d4adaef6b0cab072c931
This commit is contained in:
Matt Johnston
2005-05-08 06:36:47 +00:00
parent e3cd6c782e 33e7019577
commit b34d2e6b89
308 changed files with 18592 additions and 6674 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1155
Doxyfile Normal file
View File

File diff suppressed because it is too large Load Diff

4
LICENSE
View File

@@ -1,9 +1,5 @@
LibTomCrypt is public domain. As should all quality software be.
All of the software was either written by or donated to Tom St Denis for the purposes
of this project. The only exception is the SAFER.C source which has no known
license status (assumed copyrighted) which is why SAFER.C is shipped as disabled.
Tom St Denis

1
TODO Normal file
View File

@@ -0,0 +1 @@

55
authors
View File

@@ -1,55 +0,0 @@
This is a list of people who have contributed [directly or indirectly] to the project
[in no partcular order]. If you have helped and your name is not here email me at
tomstdenis@yahoo.com.
1) Richard.van.de.Laarschot@ict.nl
Gave help porting the lib to MSVC particularly pointed out various warnings and errors.
2) Richard Heathfield
Gave a lot of help concerning valid C portable code.
3) Ajay K. Agrawal
Helped port the library to MSVC and spotted a few bugs and errors.
4) Brian Gladman
Wrote the AES and Serpent code used. Found a bug in the hash code for certain types of inputs.
5) Svante Seleborg
Submitted the "ampi.c" code as well as many suggestions on improving the readability of the source code.
6) Clay Culver
Submitted a fix for "rsa.c" which cleaned up some code. Submited some other fixes too. :-)
Clay has helped find bugs in various pieces of code including the registry functions, base64 routines
and the make process. He is also now the primary author of the libtomcrypt reference manual and has plan
at making a HTML version.
7) Jason Klapste
Submitted fixes to the yarrow, hash, make process and test code as well as other subtle bug fixes. The
yarrow code can now default to any cipher/hash that is left after you remove them from a build.
8) Dobes Vandermeer <dobes@smartt.com>
Submitted HMAC code that worked flawlessly out of the box... good job! Also submitted a MD4 routine.
Submitted some modified DES code that was merged into the code base [using the libtomcrypt API]
9) Wayne Scott (wscott@bitmover.com)
Submitted base64 that complies with the RFC standards. Submitted some ideas to improve the RSA key generation
as well.
10) Sky Schulz (sky@ogn.com)
Has submitted a set of ideas to improve the library and make it more attractive for professional users.
11) Mike Frysinger
Together with Clay came up with a more "unix friendly" makefile. Mike Frysinger has been keeping copies of
the library for the Gentoo linux distribution.

57
cbc_decrypt.c
View File

@@ -1,57 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CBC
int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc)
{
int x, err;
unsigned char tmp[MAXBLOCKSIZE], tmp2[MAXBLOCKSIZE];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cbc != NULL);
/* decrypt the block from ct into tmp */
if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) {
return err;
}
_ARGCHK(cipher_descriptor[cbc->cipher].ecb_decrypt != NULL);
/* is blocklen valid? */
if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
return CRYPT_INVALID_ARG;
}
/* decrypt and xor IV against the plaintext of the previous step */
cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key);
for (x = 0; x < cbc->blocklen; x++) {
/* copy CT in case ct == pt */
tmp2[x] = ct[x];
/* actually decrypt the byte */
pt[x] = tmp[x] ^ cbc->IV[x];
}
/* replace IV with this current ciphertext */
for (x = 0; x < cbc->blocklen; x++) {
cbc->IV[x] = tmp2[x];
}
#ifdef CLEAN_STACK
zeromem(tmp, sizeof(tmp));
zeromem(tmp2, sizeof(tmp2));
#endif
return CRYPT_OK;
}
#endif

52
cbc_encrypt.c
View File

@@ -1,52 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef CBC
int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc)
{
int x, err;
unsigned char tmp[MAXBLOCKSIZE];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(cbc != NULL);
if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) {
return err;
}
/* is blocklen valid? */
if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
return CRYPT_INVALID_ARG;
}
/* xor IV against plaintext */
for (x = 0; x < cbc->blocklen; x++) {
tmp[x] = pt[x] ^ cbc->IV[x];
}
/* encrypt */
cipher_descriptor[cbc->cipher].ecb_encrypt(tmp, ct, &cbc->key);
/* store IV [ciphertext] for a future block */
for (x = 0; x < cbc->blocklen; x++) {
cbc->IV[x] = ct[x];
}
#ifdef CLEAN_STACK
zeromem(tmp, sizeof(tmp));
#endif
return CRYPT_OK;
}
#endif

135
changes
View File

@@ -1,3 +1,138 @@
April 19th, 2005
v1.02
-- Added LTC_TEST support to gcm_test()
-- "pt/ct" can now be NULL in gcm_process() if you are processing zero bytes
-- Optimized GCM by removing the "double copy" handling of the plaintext/aad
-- Richard Outerbridge pointed out that x86_prof won't build on MACOS and that the manual
erroneously refers to "mycrypt" all over the place. Fixed.
April 17th, 2005
v1.01
** Secure Science Corporation has supported this release cycle by sponsoring the development time taken. Their
continuing support of this project has helped me maintain a steady pace in order to keep LibTomCrypt up to date,
stable and more efficient.
-----------------------------------------------------------------------------------------------------
-- Updated base64_decode.c so if there are more than 3 '=' signs it would stop parsing
-- Merged in latest mpi that fixed a few bugs here and there
-- Updated OAEP encoder/decoder to catch when the hash output is too large
Cleaned up PSS code too
-- Andy Bontoft fixed a bug in my demos/tests/makefile.msvc ... seems "dsa_test.c" isn't an object
afterall. Thanks.
-- Made invalid ECC key sizes (configuration) not hard fault the program (it returns an error code now)
-- SAFER has been re-enabled after I was pointed to http://www.ciphersbyritter.com/NEWS2/95032301.HTM
[Mark Kotiaho]
-- Added CCM mode to the encauth list (now has EAX, OCB and CCM, c'est un treo magnifique!)
-- Added missing ASN.1 header to the RSA keys ... oops... now the rsa_export/import are FULLY compatible
with other libs like OpenSSL (comment: Test vectors would go a long way RSA...)
-- Manually merged in fix to the prime_random_ex() LTM function that ensures the 2nd MSB is set properly. Now
When you say "I want a 1024/8 byte RSA key" the MSB bit of the modulus is set as expected. Note I generally
don't view this as a "huge issue" but it's just one less nit to worry about. [Bryan Klisch]
-- A new CVS has been setup on my Athlon64 box... if you want developer access send me an email (and at this point the email would have to be awesome).
-- Updated API for ECB and CBC shell code. Now can process N whole blocks in one call (like $DEITY intended)
-- Introduced a new "hardware accel" framework that can be used to speed up cipher ECB, CBC and CTR mode
calls. Later on dependent code (e.g. OMAC, CCM) will be re-written to use the generic cbc/ctr functions. But now
if you [say] call ctr_encrypt() with a cipher descriptor that has hardware CTR it will automatically
be used (e.g. no code rewrites)
-- Now ships with 20% more love.
-- x86_prof now uses ECB shell code (hint: accelerators) and outputs cycles per BLOCK not byte. This will make it a bit
easier to compare hardware vs. software cipher implementations. It also emits timings for CBC and CTR modes
-- [Peter LaDow] fixed a typo w.r.t. XREALLOC macro (spelling counts kids!)
-- Fixed bug with __x86_64__ where ROL64/ROR64 with LTC_NO_ROLC would be the 32-bit versions instead...
-- Shipping with preliminary GCM code (disabled). It's buggy (stack overflow hidden somewhere). If anyone can spot it let me know.
-- Added Pelican MAC [it's an AES based fast MAC] to the list of supported MACs
-- Added LTC_FAST [and you can disable by defining LTC_NO_FAST] so that CBC and CTR mode XOR whole words [e.g. 32 or 64 bits] at a time
instead of one byte. On my AMD64 this reduced the overhead for AES-128-CBC from 4.56 cycles/byte to around 1 cycle/byte. This requires
that you either allow unaligned read/writes [e.g. x86_32/x86_64] or align all your data. It won't go out of it's way to ensure
aligned access. Only enabled for x86_* platforms by default since they allow unaligned read/writes.
-- Added LTC_FAST support to PMAC (drops the cycle/byte by about 9 cycles on my AMD64) [note: I later rewrote this prior to release]
-- Updated "profiled" target to work with the new directory layout
-- Added [demo only] optimized RC5-CTR code to x86_prof demo to show off how to make an accelerator
[This has been removed prior to release... It may re-appear later]
-- Added CCM acelerator callbacks to the list [now supports ECB, CTR, CBC and now CCM].
-- Added chapter to manual about accelerators (you know you want it)
-- Added "bswap" optimizations to x86 LOAD/STORE with big endian. Can be disabled by defining LTC_NO_BSWAP
-- LTC_NO_ASM is now the official "disable all non-portable stuff" macro. When defined it will make the code endian-neutral,
disable any form of ASM and disable LTC_FAST load/stores. Essentially build the library with this defined if you're having
trouble building the library (old GCCs for instance dislike the ROLc macro)
-- Added tomcrypt_mac.h and moved MAC/encMAC functions from tomcrypt_hash.h into it
-- Added "done" function to ciphers and the five chaining modes [and things like omac/pmac/etc]
-- Changed install group to "wheel" from "root".
-- Replaced // comments with /**/ so it will build on older UNIX-like platforms
-- x86_prof builds and runs with IntelCC fine now
-- Added "stest" build to intel CC to test static linked from within the dir (so you don't have to install to test)
-- Moved testing/benchmark into testprof directory and build it as part of the build. Now you can link against libtomcrypt_prof.a to get
testing info (hint: hardware developers ;-) )
-- Added CCM to tv_gen
-- Added demos to MSVC makefile
-- Removed -funroll-all-loops from GCC makefile and replaced with -funroll-loops which is a bit more sane (P4 ain't got much cache for the IDATA)
-- Fixed GCM prior to release and re-enabled it. It has not been optimized but it does conform when compiled with optimizations.
-- I've since optimized GCM and CCM. They're close in speed but GCM is more flexible imho (though EAX is more flexible than both)
-- For kicks I optimized the ECC code to use projective points. Gets between 3.21x (Prescott P4) to 4.53x (AMD64) times faster than before at 160-bit keys and the
speedup grows as the keysize grows. Basically removing most practical reasons to "not use the ECC code". Enjoy.
-- Added LTC_FAST support to OMAC/PMAC and doubled it's speed on my amd64 [faster on the P4 too I guess]
-- Added GCM to tv_gen
-- Removed "makefile.cygwin_dll" as it's not really used by anyone and not worth the effort (hell I hardly maintain the MSVC makefiles ...)
-- Updated a few files in the "misc" directory to have correct @file comments for doxygen
-- Removed "profile" target since it was slower anyways (go figure...)
December 31st, 2004
v1.00
-- Added "r,s == 0" check to dsa_verify_hash()
-- Added "multi block" helpers for hash, hmac, pmac and omac routines so you can process multiple non-adjacent
blocks of data with one call (added demos/multi.c to make sure they work)
-- Note these are not documented but they do have doxygen comments inside them
-- Also I don't use them in other functions (like pkcs_5_2()) because I didn't have the time. Job for the new LTC maintainer ;-)
-- Added tweaked Anubis test vectors and made it default (undefined ANUBIS_TWEAK to get original Anubis)
-- Merged in fix for mp_prime_random_ex() to deal with MSB and LSB "bugs"
-- Removed tim_exptmod() completely, updated several RSA functions (notably v15 and the decrypt/verify) so they
don't require a prng now
-- This release brought to you by the fine tunes of Macy Gray. We miss you.
December 23rd, 2004
v1.00rc1
-- Renamed "mycrypt_*" to "tomcrypt_*" to be more specific and professional
Now just include "tomcrypt.h" instead of "mycrypt.h" to get LTC ;-)
-- Cleaned up makefiles to ensure all headers are correctly installed
-- Added "rotate by constant" macros for portable, x86-32 and x86-64
You can disable this new code with LTC_NO_ROLC which is useful for older GCCs
-- Cleaned up detection of x86-64 so it works for ROL/ROR macros
-- Fixed rsa_import() so that it would detect multi-prime RSA keys and error appropriately
-- Sorted the source files by category and updated the makefiles appropriately
-- Added LTC_DER define so you can trim out DER code if not required
-- Fixed up RSA's decrypt functions changing "res" to "stat" to be more in sync
with the signature variables nomenclature. (no code change just renamed the arguments)
-- Removed all labels starting with __ and replaced with LBL_ to avoid namespace conflicts (Randy Howard)
-- Merged in LTM fix to mp_prime_random_ex() which zap'ed the most significant byte if the bit size
requested was a multiple of eight.
-- Made RSA_TIMING off by default as it's not terribly useful [and likely to be deprecated]
-- Renamed SMALL_CODE, CLEAN_STACK and NO_FILE to have a LTC_ prefix to avoid namespace collisions
with other programs. e.g. SMALL_CODE => LTC_SMALL_CODE
-- Zed Shaw pointed out that on certain systems installing libs as "root" isn't possible as the super-user
is not root. Now the makefiles allow this to be changed easily.
-- Renamed "struct _*_descriptor" to "struct ltc_*_descriptor" to avoid using a leading _
Also renamed _ARGCHK to LTC_ARGCHK
-- Zed Shaw pointed out that I still defined the prng structs in tomcrypt_prng.h even if they
weren't defined. This made undef'ing FORTUNA break the build.
-- Added LTC_NO_ASM to disable inline asm macros [ROL/ROR/etc]
-- Changed RSA decrypt functions to change the output length variable name from "keylen" to "outlen" to make
it more consistent.
-- Added the 64-bit Khazad block cipher [NESSIE]
-- Added the 128-bit Anubis block cipher [with key support for 128...320 bit keys] [NESSIE]
-- Changes to several MAC functions to rename input arguments to more sensible names
-- Removed FAST_PK support from dh_sys.c
-- Declared deskey() from des.c as static instead of a global
-- Added pretty much all practical GCC warning tests to the GCC [related] makefiles. These additional
warnings can easily be disabled for those with older copies of GCC [or even non GNU cc's]
-- Added doxygen @ tags to the code... phew that was a hell of a lot of [repetitive] work
-- Also added pre-configured Doxygen script.
-- Cleaned up quite a few functions [ciphers, pk, etc] to make the parameters naming style consistent
E.g. ciphers keys are called "skey" consistently now. The input to PK encryption is called "in", etc.
These changes require no code changes on the behalf of developers fortunately
-- Started a SAFER+ optimizer [does encrypt only] which shaves a good 30 or so cycles/byte on my AMD64
at an expense of huge code. It's in notes/etc/saferp_optimizer.c
-- DSA sign/verify now uses DER encoded output/inputs and no LTC style headers.
-- Matt Johnston found a missing semi-colon in mp_exptmod(). Fix has been merged in.
October 29th, 2004
v0.99 -- Merged in the latest version of LTM which includes all of the recent bug fixes
-- Deprecated LTMSSE and removed it (to be replaced with TFM later on)

1273
crypt.tex
View File

File diff suppressed because it is too large Load Diff

21
crypt_cipher_descriptor.c
View File

@@ -1,21 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
struct _cipher_descriptor cipher_descriptor[TAB_SIZE] = {
/* This is ugly, but OS X's ar seems broken and leaves the
* cipher_descriptor symbol out of the .a if we don't
* initialise it here. */
{NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL},
{NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL},
{NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL},
{NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL},
};

19
crypt_hash_descriptor.c
View File

@@ -1,19 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
struct _hash_descriptor hash_descriptor[TAB_SIZE] = {
/* OS X has a broken ar, so we need to initialise. */
{NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
{NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
{NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
{NULL, 0, 0, 0, NULL, NULL, NULL, NULL},
};

13
crypt_prng_descriptor.c
View File

@@ -1,13 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
struct _prng_descriptor prng_descriptor[TAB_SIZE];

36
crypt_register_hash.c
View File

@@ -1,36 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int register_hash(const struct _hash_descriptor *hash)
{
int x;
_ARGCHK(hash != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor)) == 0) {
return x;
}
}
/* find a blank spot */
for (x = 0; x < TAB_SIZE; x++) {
if (hash_descriptor[x].name == NULL) {
XMEMCPY(&hash_descriptor[x], hash, sizeof(struct _hash_descriptor));
return x;
}
}
/* no spot */
return -1;
}

36
crypt_register_prng.c
View File

@@ -1,36 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int register_prng(const struct _prng_descriptor *prng)
{
int x;
_ARGCHK(prng != NULL);
/* is it already registered? */
for (x = 0; x < TAB_SIZE; x++) {
if (memcmp(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor)) == 0) {
return x;
}
}
/* find a blank spot */
for (x = 0; x < TAB_SIZE; x++) {
if (prng_descriptor[x].name == NULL) {
XMEMCPY(&prng_descriptor[x], prng, sizeof(struct _prng_descriptor));
return x;
}
}
/* no spot */
return -1;
}

219
cscope.tmplst
View File

@@ -1,219 +0,0 @@
./aes.c
./aes_tab.c
./base64_decode.c
./base64_encode.c
./blowfish.c
./burn_stack.c
./cast5.c
./cbc_decrypt.c
./cbc_encrypt.c
./cbc_getiv.c
./cbc_setiv.c
./cbc_start.c
./cfb_decrypt.c
./cfb_encrypt.c
./cfb_getiv.c
./cfb_setiv.c
./cfb_start.c
./chc.c
./crypt.c
./crypt_argchk.c
./crypt_cipher_descriptor.c
./crypt_cipher_is_valid.c
./crypt_find_cipher.c
./crypt_find_cipher_any.c
./crypt_find_cipher_id.c
./crypt_find_hash.c
./crypt_find_hash_any.c
./crypt_find_hash_id.c
./crypt_find_prng.c
./crypt_hash_descriptor.c
./crypt_hash_is_valid.c
./crypt_prng_descriptor.c
./crypt_prng_is_valid.c
./crypt_register_cipher.c
./crypt_register_hash.c
./crypt_register_prng.c
./crypt_unregister_cipher.c
./crypt_unregister_hash.c
./crypt_unregister_prng.c
./ctr_decrypt.c
./ctr_encrypt.c
./ctr_getiv.c
./ctr_setiv.c
./ctr_start.c
./demos/encrypt.c
./demos/hashsum.c
./demos/small.c
./demos/test/base64_test.c
./demos/test/cipher_hash_test.c
./demos/test/der_tests.c
./demos/test/dh_tests.c
./demos/test/dsa_test.c
./demos/test/ecc_test.c
./demos/test/mac_test.c
./demos/test/makefile
./demos/test/makefile.icc
./demos/test/makefile.msvc
./demos/test/makefile.shared
./demos/test/modes_test.c
./demos/test/pkcs_1_test.c
./demos/test/rsa_test.c
./demos/test/store_test.c
./demos/test/test.c
./demos/test/test.h
./demos/tv_gen.c
./demos/x86_prof.c
./der_decode_integer.c
./der_encode_integer.c
./der_get_multi_integer.c
./der_length_integer.c
./der_put_multi_integer.c
./des.c
./dh.c
./dh_sys.c
./dsa_export.c
./dsa_free.c
./dsa_import.c
./dsa_make_key.c
./dsa_sign_hash.c
./dsa_verify_hash.c
./dsa_verify_key.c
./eax_addheader.c
./eax_decrypt.c
./eax_decrypt_verify_memory.c
./eax_done.c
./eax_encrypt.c
./eax_encrypt_authenticate_memory.c
./eax_init.c
./eax_test.c
./ecb_decrypt.c
./ecb_encrypt.c
./ecb_start.c
./ecc.c
./ecc_sys.c
./error_to_string.c
./fortuna.c
./hash_file.c
./hash_filehandle.c
./hash_memory.c
./hmac_done.c
./hmac_file.c
./hmac_init.c
./hmac_memory.c
./hmac_process.c
./hmac_test.c
./is_prime.c
./ltc_tommath.h
./makefile
./makefile.cygwin_dll
./makefile.icc
./makefile.msvc
./makefile.shared
./md2.c
./md4.c
./md5.c
./mpi.c
./mpi_to_ltc_error.c
./mycrypt.h
./mycrypt_argchk.h
./mycrypt_cfg.h
./mycrypt_cipher.h
./mycrypt_custom.h
./mycrypt_hash.h
./mycrypt_macros.h
./mycrypt_misc.h
./mycrypt_pk.h
./mycrypt_pkcs.h
./mycrypt_prng.h
./noekeon.c
./notes/etc/whirlgen.c
./notes/etc/whirltest.c
./ocb_decrypt.c
./ocb_decrypt_verify_memory.c
./ocb_done_decrypt.c
./ocb_done_encrypt.c
./ocb_encrypt.c
./ocb_encrypt_authenticate_memory.c
./ocb_init.c
./ocb_ntz.c
./ocb_shift_xor.c
./ocb_test.c
./ofb_decrypt.c
./ofb_encrypt.c
./ofb_getiv.c
./ofb_setiv.c
./ofb_start.c
./omac_done.c
./omac_file.c
./omac_init.c
./omac_memory.c
./omac_process.c
./omac_test.c
./packet_store_header.c
./packet_valid_header.c
./pkcs_1_i2osp.c
./pkcs_1_mgf1.c
./pkcs_1_oaep_decode.c
./pkcs_1_oaep_encode.c
./pkcs_1_os2ip.c
./pkcs_1_pss_decode.c
./pkcs_1_pss_encode.c
./pkcs_1_v15_es_decode.c
./pkcs_1_v15_es_encode.c
./pkcs_1_v15_sa_decode.c
./pkcs_1_v15_sa_encode.c
./pkcs_5_1.c
./pkcs_5_2.c
./pmac_done.c
./pmac_file.c
./pmac_init.c
./pmac_memory.c
./pmac_ntz.c
./pmac_process.c
./pmac_shift_xor.c
./pmac_test.c
./rand_prime.c
./rc2.c
./rc4.c
./rc5.c
./rc6.c
./rmd128.c
./rmd160.c
./rng_get_bytes.c
./rng_make_prng.c
./rsa_decrypt_key.c
./rsa_encrypt_key.c
./rsa_export.c
./rsa_exptmod.c
./rsa_free.c
./rsa_import.c
./rsa_make_key.c
./rsa_sign_hash.c
./rsa_v15_decrypt_key.c
./rsa_v15_encrypt_key.c
./rsa_v15_sign_hash.c
./rsa_v15_verify_hash.c
./rsa_verify_hash.c
./s_ocb_done.c
./safer.c
./safer_tab.c
./saferp.c
./sha1.c
./sha224.c
./sha256.c
./sha384.c
./sha512.c
./skipjack.c
./sober128.c
./sober128tab.c
./sprng.c
./tiger.c
./tim_exptmod.c
./twofish.c
./twofish_tab.c
./whirl.c
./whirltab.c
./xtea.c
./yarrow.c
./zeromem.c

8
demos/encrypt.c
View File

@@ -7,7 +7,7 @@
/* ie: ./encrypt blowfish story.txt story.ct */
/* ./encrypt -d blowfish story.ct story.pt */
#include <mycrypt.h>
#include <tomcrypt.h>
int errno;
@@ -69,6 +69,12 @@ void register_algs(void)
#ifdef SKIPJACK
register_cipher (&skipjack_desc);
#endif
#ifdef KHAZAD
register_cipher (&khazad_desc);
#endif
#ifdef ANUBIS
register_cipher (&anubis_desc);
#endif
if (register_hash(&sha256_desc) == -1) {
printf("Error registering SHA256\n");

2
demos/hashsum.c
View File

@@ -7,7 +7,7 @@
* more functions ;)
*/
#include <mycrypt.h>
#include <tomcrypt.h>
int errno;

106
demos/multi.c Normal file
View File

@@ -0,0 +1,106 @@
/* test the multi helpers... */
#include <tomcrypt.h>
int main(void)
{
unsigned char key[16], buf[2][MAXBLOCKSIZE];
unsigned long len, len2;
/* register algos */
register_hash(&sha256_desc);
register_cipher(&aes_desc);
/* HASH testing */
len = sizeof(buf[0]);
hash_memory(find_hash("sha256"), "hello", 5, buf[0], &len);
len2 = sizeof(buf[0]);
hash_memory_multi(find_hash("sha256"), buf[1], &len2, "hello", 5, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
hash_memory_multi(find_hash("sha256"), buf[1], &len2, "he", 2, "llo", 3, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
hash_memory_multi(find_hash("sha256"), buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
/* HMAC */
len = sizeof(buf[0]);
hmac_memory(find_hash("sha256"), key, 16, "hello", 5, buf[0], &len);
len2 = sizeof(buf[0]);
hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "hello", 5, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
/* OMAC */
len = sizeof(buf[0]);
omac_memory(find_cipher("aes"), key, 16, "hello", 5, buf[0], &len);
len2 = sizeof(buf[0]);
omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "hello", 5, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
/* PMAC */
len = sizeof(buf[0]);
pmac_memory(find_cipher("aes"), key, 16, "hello", 5, buf[0], &len);
len2 = sizeof(buf[0]);
pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "hello", 5, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
printf("All passed\n");
return EXIT_SUCCESS;
}

3
demos/small.c
View File

@@ -1,6 +1,5 @@
// small demo app that just includes a cipher/hash/prng
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{

19
demos/test.c Normal file
View File

@@ -0,0 +1,19 @@
#include <tomcrypt_test.h>
int main(void)
{
reg_algs();
printf("build == \n%s\n", crypt_build_settings);
printf("\ncipher_test..."); fflush(stdout); printf(cipher_hash_test() ? "failed" : "passed");
printf("\nmodes_test..."); fflush(stdout); printf(modes_test() ? "failed" : "passed");
printf("\nmac_test..."); fflush(stdout); printf(mac_test() ? "failed" : "passed");
printf("\npkcs_1_test..."); fflush(stdout); printf(pkcs_1_test() ? "failed" : "passed");
printf("\nstore_test..."); fflush(stdout); printf(store_test() ? "failed" : "passed");
printf("\nrsa_test..."); fflush(stdout); printf(rsa_test() ? "failed" : "passed");
printf("\necc_test..."); fflush(stdout); printf(ecc_tests() ? "failed" : "passed");
printf("\ndsa_test..."); fflush(stdout); printf(dsa_test() ? "failed" : "passed");
printf("\ndh_test..."); fflush(stdout); printf(dh_tests() ? "failed" : "passed");
printf("\nder_test..."); fflush(stdout); printf(der_tests() ? "failed" : "passed");
return EXIT_SUCCESS;
}

356
demos/test/.ccmalloc
View File

@@ -1,356 +0,0 @@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%% generic configuration file for %%%%
%%%% the ccmalloc memory profiler %%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%-----------------------------------------------------------------%
% COPY THIS FILE TO '.ccmalloc' in your project or home directory %
%-----------------------------------------------------------------%
##############################################################################
## (C) 1997-2003 Armin Biere, 1998 Johannes Keukelaar
## $Id: ccmalloc.cfg,v 1.6 2003/02/03 08:03:54 biere Exp $
##############################################################################
%%% '%' and '#' are comments !!!!!!!
% This file must be called '.ccmalloc' and is searched for in the
% current directory and in the home directory of the user. If it
% does not exist then the default values mentioned below are used.
% It is also the only available user manual yet ;-) So here is a reading
% hint. First have a look at the short one line descriptions of each option
% ...
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% with 'file' the executable is specified [a.out]
% ----------------------------------------------------------------------
% This should not be necessary for Linux and Solaris because the proc
% file system can be used to find argv[0].
%
% (the rest of this comment only applies to other OS)
%
% For other OS you should use this option unless the executable is
% in the current directory or its name is 'a.out'.
%
% If you do not specify this then ccmalloc tries to find an executable
% in the current directory that matches the running program starting
% with 'a.out'. For this process it must call 'nm' on each executable
% file in the directory which may be time consuming. With this option
% you can speed up this process.
%
% You can also specify absolute or relative path names. This is
% necessary if you do not start your program from the current directory.
% But you can also simply link or name your program to 'a.out'.
%file FILE
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'log' specify the logfile [stderr]
% ----------------------------------------------------------------------
% The default is to use stderr. The argument to 'log' is the name of
% the file you want to write to. It can also be 'stdout' or '-' which
% sets stdout as logfile. If the logfile is stdout or stderr and is
% connected to a terminal then the output is slightly different.
%
% For big programs the logfile can be really big. To reduce the size
% you can use a small chain length (see 'chain-length' below). The other
% possibility is to use compressed logfiles. This can be done by
% specifying a logfile name with a '.gz' (or a '.Z') suffix. This means
% that gnuzip (resp. compress) is used to compress the output.
%log FILE
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'logpid' specify the logfile
% ----------------------------------------------------------------------
% Can be used alternatively to the 'log' command if you want to use
% ccmalloc for debugging parallel applications where several copies of
% the program you are debugging must be run simoultaneously. In this
% case you can not use 'log' because you do not want to write to the same
% log file. Using 'logpid' uses a file name ending with the <pid> of
% the process which means the name is unique even if several copies of
% your program are run simoultaneously.
%
% If you use the compressing suffixes then the <pid> is inserted before
% the suffix (e.g. 'logpid ccmalloc.log.gz' uses 'ccmalloc.log.<pid>.gz'
% as the name for the log file).
%logpid FILE
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'dont-log-chain' skip info about certain chains []
% ----------------------------------------------------------------------
% This command may be repeated any number of times. The argument to this
% command is a comma-separated list of function-or-file-and-line
% specifications. Garbage allocated from a callchain that contains this
% subchain anywhere will _not_ be logged.
%
% The ';'-separated list should not contain any spaces. E.g. not:
%
% main ; foo ; bar
%
% but:
%
% main;foo;bar
%
% A function-or-file-and-line specification is a string followed by an
% optional colon and number, for example: main or main:14 or main.c or
% main.c:15. Note that the string is compared with both the function and the
% file name, if available. If main.c happens to be a function name, that
% will cause a match (for that string at least). Not specifying a line
% number will match any line number. If line number information is not
% available, anything will match! Not specifying a name (e.g. ;;;) will
% match an unknown function name. Not giving any parameters at all, will
% match a chain containing at least one unknown function.
%
% Note that if you say 'dont-log-chain wrapper.c' nothing will be logged.
%dont-log-chain
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'only-log-chain' skip info about other chains []
% ----------------------------------------------------------------------
% The obvious counterpart to dont-log-chain. In this case, only matching
% chains will be reported. Non-matching chains will not be reported.
% Can be repeated any number of times; if the chain matches any of the
% instances, it will be reported.
%only-log-chain
########################################################################
# #
# This is the 'flag' section #
# #
# 'set FLAG' is the same as 'set FLAG 1' #
# #
# The default values are those set below. If 'silent' is disabled #
# then you will find the banner in the log file (or it is listed on #
# stdout or stderr). The banner describes the current settings of all #
# these flags. #
# #
########################################################################
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% with 'only-count' ccmalloc only counts garbage - no call chains [0]
% ----------------------------------------------------------------------
% If only-count is set to one then only one additional pointer for
% each allocated data is used and no call chain is generated. This is
% the fasted and most space efficient mode ccmalloc can operate
% in. In this mode you get at least the size of garbage produced.
%
% Note that 'check-free-space' does not work at all with 'only-count'
% set and over writes ('check-overwrites') are only checked when
% calling free.
%set only-count 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'load-dynlibs' load dynamic linked libraries into gdb [0]
% ----------------------------------------------------------------------
% If your program is linked with dynamic libraries, function and file
% name information is not available for addresses in those libraries,
% unless you set 'load-dynlibs' to 1.
%set load-dynlibs 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'keep-deallocated-data' does not recycle deallocated data [0]
% ----------------------------------------------------------------------
% If you enable keep-deallocated-data then all data deallocated with
% 'free' (or 'delete' in C++) is not given back to the free store
% but stays associated with the call chain of its allocation. This is
% very useful if your program does multiple deallocation of the
% same data.
%set keep-deallocated-data 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'check-overwrites' detect overwrites [0]
% ----------------------------------------------------------------------
% If you want to detect 'off by n bytes' errors you should set
% 'checking-overwrites' to n/4 (on 32-Bit machines).
%
% ccmalloc inserts a boundary above allocated data. This boundary
% consists of 'check-overwrites' words. If your program writes to
% this area then ccmalloc can detect this (see also check-start
% and check-interval). 'ccmalloc' also does checking for overwrites
% at non word boundaries (e.g. strcpy(malloc(strlen("hello")),"hello");)
set check-overwrites 1
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'check-underwrites' detect underwrites [0]
% ----------------------------------------------------------------------
% same with writes below allocated data. You do not have to set this
% option if you only want detect 'off (below) by one' errors because
% ccmalloc keeps a magic value just before the user data.
set check-underwrites 1
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'check-free-space' can be used to find dangling pointers. [0]
% ----------------------------------------------------------------------
% A very serious type of bug is to write on data that has already been
% freed. If this happens the free space management of malloc is in
% trouble and you will perhaps encounter non deterministic behaviour of
% your program. To test this first enable 'keep-deallocated-data' and
% restart your program. If the problem goes away and ccmalloc does not
% report anything then you should *also* enable 'check-free-space'. Now
% ccmalloc checks already deallocated data for corruption.
%
% Note that to perform this check 'keep-deallocated-data' also must
% be enabled and 'only-count' disabled.
set check-free-space 1
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'check-interval' can be used to speed up checks [0]
% ----------------------------------------------------------------------
% If check-overwrite, check-underwrites or check-free-space is set then
% the default is to do 'write checks' when data is deallocated and
% to do 'free space checks' when reporting together with
% 'write checks' for garbage. When you want these checks to be
% performed more often then you should set 'check-interval' to a
% positive number. This number is the interval between the number of
% calls to free or malloc without performing the checks.
%set check-interval 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'check-start' can be used to speed up checks [0]
% ----------------------------------------------------------------------
% The flag 'check-start' delays the start of checks until the given
% number of calls to free and malloc have occured. Together with
% 'check-interval' you can use a binary search to find an aproximation
% when a corruption occured! If you simply set check-interval to 1 and
% check-start to 0 then this will slow done your program too much.
%set check-start 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'silent' disables banner [0]
% ----------------------------------------------------------------------
% If you don't want to see the banner of ccmalloc then set
% 'silent' to 1 (f.e. when logging to stderr)
%set silent
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'file-info' en/disables file and line number information [1]
% ----------------------------------------------------------------------
% If your program was compiled with debugging information (-g) then
% ccmalloc can generate line number and file info for call chains opening
% a pipe to gdb. For very big programs this method is slow. In this case
% you can set 'file-info' to zero and you will only get the function
% names. For SunOS 4.3.1 'nm' does not 'demangle' C++ identifiers
% very well. So gdb is called instead but only if 'file-info' is
% not set to 0.
%set file-info 1
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'continue' if ccmalloc aborts when something weired happened [0]
% ----------------------------------------------------------------------
% If the free function of ccmalloc is called with an argument that does
% not make sense to ccmalloc or that has already been freed then you
% probably want the program to stop at this point. This is also
% the default behaviour. But you can force ccmalloc also to ignore
% this if you set 'continue' to 1. This flag also controls the behaviour
% of ccmalloc when free space is found to be corrupted or a write
% boundary has been overwritten.
%set continue 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'chain-length' is the length of the maximal call chain [0 = infinite]
% ----------------------------------------------------------------------
% You can restrict the length of call chains by setting 'chain-length'
% to a number greater than zero. If 'chain-length' is zero (the default)
% then chains are as long as possible (on a non x86 system only call
% chains with a finite maximal length can be generated). For big
% programs especially if keep-deallocated-data is enabled this can
% reduce the size of the log file from over 100MB to several MB!
%set chain-length 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'print-addresses' of data [0]
% ----------------------------------------------------------------------
% If you want to see the addresses of the allocated data (and
% deallocated data if keep-deallocated-data is set to 1) set
% 'print-addresses' to 1.
%set print-addresses 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'print-on-one-line' shortens log file [0]
% ----------------------------------------------------------------------
% The default is to print function names and file/line number info
% on separate lines. With 'print-on-one-line' set 1 all are printed
% on one line.
%set print-on-one-line 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'additional-line' enlarges readability [1]
% ----------------------------------------------------------------------
% When printing call chains an empty line is printed between to
% call points. Set 'additional-line' to 0 to disable this feature.
%set additional-line 1
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% 'statistics' enables more accurate profiling [0]
% ----------------------------------------------------------------------
% Calculate number of allocations and deallocations and bytes also on
% a per call chain basis. This uses 4 additional pointers for each
% call chain.
set statistics 1
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% set order for sorting of call chains [1] [1]
% ----------------------------------------------------------------------
% When printing the report to the log file the call chains are sorted by
% default with respect to the largest accumulated garbage produced by
% that call chain. This can be changed with setting 'sort-by-wasted'
% to 0. In this case they are sorted by the number of allocated bytes.
% If you want the number of allocations (only possible if 'statistics'
% is enabled) as sorting criteria instead then set 'sort-by-size' to 0.
%set sort-by-wasted 1
%set sort-by-size 1
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% report library chains [0]
% ----------------------------------------------------------------------
% Some external libraries (like libg++) have memory leaks. On some
% systems even a call to printf produces a leak. ccmalloc tries to
% detect this (only heuristically!) and with this flag you can control
% if leaks produced by such library calls are reported.
%
% Since version 0.2.1 some similar effect can be achieved by using
% 'dont-log-chain' with no argument.
%set library-chains 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% print debugging information [X] (compile time dependend)
% ----------------------------------------------------------------------
%set debug X
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% align memory on 8 byte boundary [0] (no effect on SunOS or Solaris)
% ----------------------------------------------------------------------
%set align-8-byte 0
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
% only report allocations which ended up being wasted (i.e don't report
% allocations which were completely freed properly. ) [1]
% ----------------------------------------------------------------------
%set only-wasting-alloc 1

12
demos/test/mac_test.c
View File

@@ -1,12 +0,0 @@
/* test pmac/omac/hmac */
#include "test.h"
int mac_test(void)
{
DO(hmac_test());
DO(pmac_test());
DO(omac_test());
DO(eax_test());
DO(ocb_test());
return 0;
}

25
demos/test/makefile
View File

@@ -1,25 +0,0 @@
# make test harness, it is good.
CFLAGS += -Wall -W -Os -I../../ -I./
# add -g3 for ccmalloc debugging
#CFLAGS += -g3
# if you're not debugging
CFLAGS += -fomit-frame-pointer
default: test
OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \
pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o
#uncomment this to get heap checking [e.g. memory leaks]. Note
#that you *MUST* build libtomcrypt.a with -g3 enabled [and make install it]
#
#
#CCMALLOC = -lccmalloc -ldl
test: $(OBJECTS)
$(CC) $(OBJECTS) /usr/lib/libtomcrypt.a $(CCMALLOC) -o test
clean:
rm -rf test *.o *.obj *.exe *~ .libs

14
demos/test/makefile.icc
View File

@@ -1,14 +0,0 @@
# make test harness, it is good.
CFLAGS += -O3 -xN -ip -I../../ -I./
CC=icc
default: test
OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \
pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o
test: $(OBJECTS)
$(CC) $(OBJECTS) -ltomcrypt -o test
clean:
rm -f test *.o *~

14
demos/test/makefile.msvc
View File

@@ -1,14 +0,0 @@
# make test harness, it is good.
CFLAGS = $(CFLAGS) /W3 /Ox -I../../ -I./
default: test.exe
OBJECTS = test.obj cipher_hash_test.obj mac_test.obj modes_test.obj \
pkcs_1_test.obj store_test.obj rsa_test.obj ecc_test.obj dsa_test.c dh_tests.obj der_tests.obj
test.exe: $(OBJECTS)
cl $(OBJECTS) tomcrypt.lib advapi32.lib
clean:
rm -f test.exe *.obj *~

19
demos/test/makefile.shared
View File

@@ -1,19 +0,0 @@
# make test harness, it is good.
CFLAGS += -Wall -W -Os -I../../ -I./
# if you're not debugging
CFLAGS += -fomit-frame-pointer
default: test
#if you don't have mpi.o
#MPISHARED=-ltommath
OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \
pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o
test: $(OBJECTS)
libtool --mode=link gcc $(CFLAGS) $(OBJECTS) -o test -ltomcrypt $(MPISHARED)
clean:
rm -f test *.o *.obj *.exe *~

262
demos/test/test.c
View File

@@ -1,262 +0,0 @@
#include "test.h"
test_entry tests[26];
test_entry test_list[26] = {
/* test name provides requires entry */
{"store_test", "a", "", store_test },
{"cipher_hash_test", "b", "a", cipher_hash_test },
{"modes_test", "c", "b", modes_test },
{"mac_test", "d", "c", mac_test },
{"der_test", "e", "", der_tests },
{"pkcs_1_test", "f", "e", pkcs_1_test },
{"rsa_test", "g", "e", rsa_test },
{"ecc_test", "h", "a", ecc_tests },
{"dsa_test", "i", "a", dsa_test },
{"dh_test", "j", "a", dh_tests },
{NULL, NULL, NULL, NULL}
};
prng_state test_yarrow;
static int current_test;
void run_cmd(int res, int line, char *file, char *cmd)
{
if (res != CRYPT_OK) {
fprintf(stderr, "[%s]: %s (%d)\n%s:%d:%s\n", tests[current_test].name, error_to_string(res), res, file, line, cmd);
exit(EXIT_FAILURE);
}
}
void register_algs(void)
{
int err;
#ifdef RIJNDAEL
register_cipher (&aes_desc);
#endif
#ifdef BLOWFISH
register_cipher (&blowfish_desc);
#endif
#ifdef XTEA
register_cipher (&xtea_desc);
#endif
#ifdef RC5
register_cipher (&rc5_desc);
#endif
#ifdef RC6
register_cipher (&rc6_desc);
#endif
#ifdef SAFERP
register_cipher (&saferp_desc);
#endif
#ifdef TWOFISH
register_cipher (&twofish_desc);
#endif
#ifdef SAFER
register_cipher (&safer_k64_desc);
register_cipher (&safer_sk64_desc);
register_cipher (&safer_k128_desc);
register_cipher (&safer_sk128_desc);
#endif
#ifdef RC2
register_cipher (&rc2_desc);
#endif
#ifdef DES
register_cipher (&des_desc);
register_cipher (&des3_desc);
#endif
#ifdef CAST5
register_cipher (&cast5_desc);
#endif
#ifdef NOEKEON
register_cipher (&noekeon_desc);
#endif
#ifdef SKIPJACK
register_cipher (&skipjack_desc);
#endif
#ifdef TIGER
register_hash (&tiger_desc);
#endif
#ifdef MD2
register_hash (&md2_desc);
#endif
#ifdef MD4
register_hash (&md4_desc);
#endif
#ifdef MD5
register_hash (&md5_desc);
#endif
#ifdef SHA1
register_hash (&sha1_desc);
#endif
#ifdef SHA256
register_hash (&sha256_desc);
#endif
#ifdef SHA224
register_hash (&sha224_desc);
#endif
#ifdef SHA384
register_hash (&sha384_desc);
#endif
#ifdef SHA512
register_hash (&sha512_desc);
#endif
#ifdef RIPEMD128
register_hash (&rmd128_desc);
#endif
#ifdef RIPEMD160
register_hash (&rmd160_desc);
#endif
#ifdef WHIRLPOOL
register_hash (&whirlpool_desc);
#endif
#ifdef CHC_HASH
register_hash(&chc_desc);
if ((err = chc_register(register_cipher(&aes_enc_desc))) != CRYPT_OK) {
printf("chc_register error: %s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
#endif
#ifdef YARROW
register_prng(&yarrow_desc);
#endif
#ifdef FORTUNA
register_prng(&fortuna_desc);
#endif
#ifdef RC4
register_prng(&rc4_desc);
#endif
#ifdef SPRNG
register_prng(&sprng_desc);
#endif
#ifdef SOBER128
register_prng(&sober128_desc);
#endif
}
/* sort tests based on their requirement/services. Helps make sure dependencies are tested first */
void sort(void)
{
unsigned x, y, z, a, pidx[26];
/* find out where things are provided */
zeromem(pidx, sizeof(pidx));
z = 0;
do {
y = 0;
for (x = 0; test_list[x].name != NULL; x++) {
if (test_list[x].entry == NULL) continue;
if (strlen(test_list[x].prov) == 0) {
y = 1;
tests[z++] = test_list[x]; test_list[x].entry = NULL;
pidx[test_list[x].prov[0]-'a'] = 1;
break;
} else {
for (a = 0; a < strlen(test_list[x].req); a++) {
if (pidx[test_list[x].req[a]-'a'] == 0) break;
}
if (a == strlen(test_list[x].req)) {
y = 1;
tests[z++] = test_list[x]; test_list[x].entry = NULL;
pidx[test_list[x].prov[0]-'a'] = 1;
break;
}
}
}
} while (y == 1);
}
#define STACKBLOCK 8
#define STACK_EST_USAGE 32768
unsigned char stack_mask[STACKBLOCK];
unsigned long stack_cur=0;
void stack_masker(void)
{
#ifdef STACK_TEST
volatile unsigned char M[STACK_EST_USAGE];
stack_cur = 0;
for (stack_cur = 0; stack_cur < STACK_EST_USAGE/STACKBLOCK; stack_cur++) {
memcpy(M+(stack_cur*STACKBLOCK), stack_mask, STACKBLOCK);
}
#endif
}
void stack_check(void)
{
#ifdef STACK_TEST
unsigned char M[STACK_EST_USAGE];
stack_cur = 0;
#ifdef STACK_DOWN
while (memcmp(M+(STACK_EST_USAGE-STACKBLOCK-stack_cur), stack_mask, STACKBLOCK) &&
#else
while (memcmp(M+stack_cur, stack_mask, STACKBLOCK) &&
#endif
stack_cur < (STACK_EST_USAGE - STACKBLOCK)) {
++stack_cur;
}
#endif
}
int main(void)
{
int x;
unsigned char buf[16];
/* setup stack checker */
srand(time(NULL));
for (x = 0; x < STACKBLOCK; x++) {
stack_mask[x] = rand() & 255;
}
stack_masker();
printf("Built with\n%s\n", crypt_build_settings);
sort();
register_algs();
// start dummy yarrow for internal use
DO(yarrow_start(&test_yarrow));
sprng_read(buf, 16, NULL);
DO(yarrow_add_entropy(buf, 16, &test_yarrow));
DO(yarrow_ready(&test_yarrow));
// output sizes
printf("Sizes of objects (in bytes)\n");
printf("\tsymmetric_key\t=\t%5lu\n", sizeof(symmetric_key));
printf("\thash_state\t=\t%5lu\n", sizeof(hash_state));
printf("\thmac_state\t=\t%5lu\n", sizeof(hmac_state));
printf("\tomac_state\t=\t%5lu\n", sizeof(omac_state));
printf("\tpmac_state\t=\t%5lu\n", sizeof(pmac_state));
printf("\tocb_state\t=\t%5lu\n", sizeof(ocb_state));
printf("\teax_state\t=\t%5lu\n", sizeof(eax_state));
printf("\tmp_int\t\t=\t%5lu\n", sizeof(mp_int));
#ifdef MRSA
printf("\trsa_key\t\t=\t%5lu\n", sizeof(rsa_key));
#endif
#ifdef MDSA
printf("\tdsa_key\t\t=\t%5lu\n", sizeof(dsa_key));
#endif
#ifdef MDH
printf("\tdh_key\t\t=\t%5lu\n", sizeof(dh_key));
#endif
#ifdef MECC
printf("\tecc_key\t\t=\t%5lu\n", sizeof(ecc_key));
#endif
printf("\n\n");
// do tests
for (current_test = 0; tests[current_test].name != NULL; current_test++) {
printf("[%-20s]: ", tests[current_test].name); fflush(stdout);
printf("\t%s\n", tests[current_test].entry()==0?"passed":"failed");
}
return 0;
}

40
demos/test/test.h
View File

@@ -1,40 +0,0 @@
#ifndef __TEST_H_
#define __TEST_H_
#include "mycrypt.h"
/* enable stack testing */
// #define STACK_TEST
/* stack testing, define this if stack usage goes downwards [e.g. x86] */
#define STACK_DOWN
typedef struct {
char *name, *prov, *req;
int (*entry)(void);
} test_entry;
extern prng_state test_yarrow;
void stack_masker(void);
void stack_check(void);
extern unsigned long stack_cur;
#define stack_chk(x) { stack_check(); if (stack_cur >= 1024) { fprintf(stderr, " Warning: Stack usage of %lu in %s, %s:%d\n", stack_cur, x, __FILE__, __LINE__); } }
void run_cmd(int res, int line, char *file, char *cmd);
#define DO(x) { stack_masker(); run_cmd((x), __LINE__, __FILE__, #x); stack_chk(#x); }
/* TESTS */
int cipher_hash_test(void);
int modes_test(void);
int mac_test(void);
int pkcs_1_test(void);
int store_test(void);
int rsa_test(void);
int ecc_tests(void);
int dsa_test(void);
int dh_tests(void);
int der_tests(void);
#endif

23
demos/timing.c Normal file
View File

@@ -0,0 +1,23 @@
#include <tomcrypt_test.h>
int main(void)
{
init_timer();
reg_algs();
time_keysched();
time_cipher();
time_cipher2();
time_cipher3();
time_hash();
time_macs();
time_encmacs();
time_prng();
time_mult();
time_sqr();
time_rsa();
time_ecc();
time_dh();
return EXIT_SUCCESS;
}

131
demos/tv_gen.c
View File

@@ -1,4 +1,4 @@
#include <mycrypt.h>
#include <tomcrypt.h>
void reg_algs(void)
{
@@ -47,6 +47,12 @@ void reg_algs(void)
#ifdef SKIPJACK
register_cipher (&skipjack_desc);
#endif
#ifdef ANUBIS
register_cipher (&anubis_desc);
#endif
#ifdef KHAZAD
register_cipher (&khazad_desc);
#endif
#ifdef TIGER
register_hash (&tiger_desc);
@@ -495,6 +501,127 @@ void ocb_gen(void)
fclose(out);
}
void ccm_gen(void)
{
int err, kl, x, y1, z;
FILE *out;
unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2],
plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
unsigned long len;
out = fopen("ccm_tv.txt", "w");
fprintf(out, "CCM Test Vectors. Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key. The outputs\n"
"are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous\n"
"step repeated sufficiently. The nonce is fixed throughout at 13 bytes 000102...\n\n");
for (x = 0; cipher_descriptor[x].name != NULL; x++) {
kl = cipher_descriptor[x].block_length;
/* skip ciphers which do not have 128 bit block sizes */
if (kl != 16) continue;
if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
kl = cipher_descriptor[x].max_key_length;
}
fprintf(out, "CCM-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
/* the key */
for (z = 0; z < kl; z++) {
key[z] = (z & 255);
}
/* fixed nonce */
for (z = 0; z < cipher_descriptor[x].block_length; z++) {
nonce[z] = z;
}
for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
for (z = 0; z < y1; z++) {
plaintext[z] = (unsigned char)(z & 255);
}
len = sizeof(tag);
if ((err = ccm_memory(x, key, kl, nonce, 13, plaintext, y1, plaintext, y1, plaintext, tag, &len, CCM_ENCRYPT)) != CRYPT_OK) {
printf("Error CCM'ing: %s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
fprintf(out, "%3d: ", y1);
for (z = 0; z < y1; z++) {
fprintf(out, "%02X", plaintext[z]);
}
fprintf(out, ", ");
for (z = 0; z <(int)len; z++) {
fprintf(out, "%02X", tag[z]);
}
fprintf(out, "\n");
/* forward the key */
for (z = 0; z < kl; z++) {
key[z] = tag[z % len];
}
}
fprintf(out, "\n");
}
fclose(out);
}
void gcm_gen(void)
{
int err, kl, x, y1, z;
FILE *out;
unsigned char key[MAXBLOCKSIZE], plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
unsigned long len;
out = fopen("gcm_tv.txt", "w");
fprintf(out, "GCM Test Vectors. Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key. The outputs\n"
"are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous\n"
"step repeated sufficiently. The nonce is fixed throughout at 13 bytes 000102...\n\n");
for (x = 0; cipher_descriptor[x].name != NULL; x++) {
kl = cipher_descriptor[x].block_length;
/* skip ciphers which do not have 128 bit block sizes */
if (kl != 16) continue;
if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
kl = cipher_descriptor[x].max_key_length;
}
fprintf(out, "GCM-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
/* the key */
for (z = 0; z < kl; z++) {
key[z] = (z & 255);
}
for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
for (z = 0; z < y1; z++) {
plaintext[z] = (unsigned char)(z & 255);
}
len = sizeof(tag);
if ((err = gcm_memory(x, key, kl, plaintext, y1, plaintext, y1, plaintext, y1, plaintext, tag, &len, GCM_ENCRYPT)) != CRYPT_OK) {
printf("Error GCM'ing: %s\n", error_to_string(err));
exit(EXIT_FAILURE);
}
fprintf(out, "%3d: ", y1);
for (z = 0; z < y1; z++) {
fprintf(out, "%02X", plaintext[z]);
}
fprintf(out, ", ");
for (z = 0; z <(int)len; z++) {
fprintf(out, "%02X", tag[z]);
}
fprintf(out, "\n");
/* forward the key */
for (z = 0; z < kl; z++) {
key[z] = tag[z % len];
}
}
fprintf(out, "\n");
}
fclose(out);
}
void base64_gen(void)
{
FILE *out;
@@ -524,6 +651,8 @@ int main(void)
printf("Generating PMAC vectors..."); fflush(stdout); pmac_gen(); printf("done\n");
printf("Generating EAX vectors..."); fflush(stdout); eax_gen(); printf("done\n");
printf("Generating OCB vectors..."); fflush(stdout); ocb_gen(); printf("done\n");
printf("Generating CCM vectors..."); fflush(stdout); ccm_gen(); printf("done\n");
printf("Generating GCM vectors..."); fflush(stdout); gcm_gen(); printf("done\n");
printf("Generating BASE64 vectors..."); fflush(stdout); base64_gen(); printf("done\n");
return 0;
}

4
doc/footer.html Normal file
View File

@@ -0,0 +1,4 @@
<hr width="80%">
Code by <a href="http://www.libtomcrypt.org/">Tom</a><br>
Docs using <img src="doxygen.png" alt="doxygen" align="middle" border=0>
<a href="http://jlcooke.ca/tom/hidden_image.png">

6
doc/header.html Normal file
View File

@@ -0,0 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
<title>LibTomCrypt: Main Page</title>
<link href="doxygen.css" rel="stylesheet" type="text/css">
</head><body>
<!-- Generated by Doxygen 1.3.8 -->

25
eax_addheader.c
View File

@@ -1,25 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
/* add header (metadata) to the stream */
int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length)
{
_ARGCHK(eax != NULL);
_ARGCHK(header != NULL);
return omac_process(&eax->headeromac, header, length);
}
#endif

53
eax_encrypt_authenticate_memory.c
View File

@@ -1,53 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
int eax_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen)
{
int err;
eax_state *eax;
eax = XMALLOC(sizeof(eax_state));
if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = eax_encrypt(eax, pt, ct, ptlen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = eax_done(eax, tag, taglen)) != CRYPT_OK) {
goto __ERR;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
zeromem(eax, sizeof(eax_state));
#endif
XFREE(eax);
return err;
}
#endif

34
ecb_decrypt.c
View File

@@ -1,34 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef ECB
int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb)
{
int err;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(ecb != NULL);
/* valid cipher? */
if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) {
return err;
}
_ARGCHK(cipher_descriptor[ecb->cipher].ecb_decrypt != NULL);
cipher_descriptor[ecb->cipher].ecb_decrypt(ct, pt, &ecb->key);
return CRYPT_OK;
}
#endif

6
genlist.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
# aes_tab.o is a pseudo object as it's made from aes.o and MPI is optional
export a=`echo -n "src/ciphers/aes/aes_enc.o *(MPIOBJECT) " ; find . -type f | sort | grep "[.]/src" | grep "[.]c" | grep -v "sha224" | grep -v "sha384" | grep -v "aes_tab" | grep -v "twofish_tab" | grep -v "whirltab" | grep -v "dh_sys" | grep -v "ecc_sys" | grep -v "mpi[.]c" | grep -v "sober128tab" | sed -e 'sE\./EE' | sed -e 's/\.c/\.o/' | xargs`
perl ./parsenames.pl OBJECTS "$a"
export a=`find . -type f | grep [.]/src | grep [.]h | sed -e 'se\./ee' | xargs`
perl ./parsenames.pl HEADERS "$a"

41
hash_file.c
View File

@@ -1,41 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *outlen)
{
#ifdef NO_FILE
return CRYPT_NOP;
#else
FILE *in;
int err;
_ARGCHK(fname != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
in = fopen(fname, "rb");
if (in == NULL) {
return CRYPT_FILE_NOTFOUND;
}
err = hash_filehandle(hash, in, dst, outlen);
if (fclose(in) != 0) {
return CRYPT_ERROR;
}
return err;
#endif
}

50
hash_memory.c
View File

@@ -1,50 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned char *dst, unsigned long *outlen)
{
hash_state *md;
int err;
_ARGCHK(data != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if (*outlen < hash_descriptor[hash].hashsize) {
return CRYPT_BUFFER_OVERFLOW;
}
md = XMALLOC(sizeof(hash_state));
if (md == NULL) {
return CRYPT_MEM;
}
if ((err = hash_descriptor[hash].init(md)) != CRYPT_OK) {
goto __ERR;
}
if ((err = hash_descriptor[hash].process(md, data, len)) != CRYPT_OK) {
goto __ERR;
}
err = hash_descriptor[hash].done(md, dst);
*outlen = hash_descriptor[hash].hashsize;
__ERR:
#ifdef CLEAN_STACK
zeromem(md, sizeof(hash_state));
#endif
XFREE(md);
return err;
}

58
hmac_memory.c
View File

@@ -1,58 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Submited by Dobes Vandermeer (dobes@smartt.com) */
#include "mycrypt.h"
#ifdef HMAC
int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
const unsigned char *data, unsigned long len,
unsigned char *dst, unsigned long *dstlen)
{
hmac_state *hmac;
int err;
_ARGCHK(key != NULL);
_ARGCHK(data != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(dstlen != NULL);
/* allocate ram for hmac state */
hmac = XMALLOC(sizeof(hmac_state));
if (hmac == NULL) {
return CRYPT_MEM;
}
if ((err = hmac_init(hmac, hash, key, keylen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = hmac_process(hmac, data, len)) != CRYPT_OK) {
goto __ERR;
}
if ((err = hmac_done(hmac, dst, dstlen)) != CRYPT_OK) {
goto __ERR;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
zeromem(hmac, sizeof(hmac_state));
#endif
XFREE(hmac);
return err;
}
#endif

29
hmac_process.c
View File

@@ -1,29 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Submited by Dobes Vandermeer (dobes@smartt.com) */
#include "mycrypt.h"
#ifdef HMAC
int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned long len)
{
int err;
_ARGCHK(hmac != NULL);
_ARGCHK(buf != NULL);
if ((err = hash_is_valid(hmac->hash)) != CRYPT_OK) {
return err;
}
return hash_descriptor[hmac->hash].process(&hmac->md, buf, len);
}
#endif

95
makefile.cygwin_dll
View File

@@ -1,95 +0,0 @@
#makefile for Cygwin [makes a .dll]
default: ltc_dll
# Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -I./ -Wall -Wsign-compare -W -Wno-unused -Wshadow -mno-cygwin -DWIN32
# optimize for SPEED
CFLAGS += -O3 -funroll-all-loops
#add -fomit-frame-pointer. v3.2 is buggy for certain platforms!
CFLAGS += -fomit-frame-pointer
# optimize for SIZE
#CFLAGS += -Os
#Leave MPI built-in or force developer to link against libtommath?
MPIOBJECT=mpi.o
OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
\
crypt.o crypt_find_cipher.o crypt_find_hash_any.o \
crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \
crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \
crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \
crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \
crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \
crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \
\
sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \
\
rand_prime.o is_prime.o \
\
ecc.o dh.o \
\
rsa_decrypt_key.o rsa_encrypt_key.o rsa_exptmod.o rsa_free.o rsa_make_key.o \
rsa_sign_hash.o rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
\
dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o \
dsa_verify_hash.o dsa_verify_key.o \
\
aes.o aes_enc.o \
\
blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
\
md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
rmd128.o rmd160.o chc.o \
\
packet_store_header.o packet_valid_header.o \
\
eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \
eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \
\
ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \
ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \
ocb_shift_xor.o ocb_test.o s_ocb_done.o \
\
omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \
\
pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \
pmac_shift_xor.o pmac_test.o \
\
cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
ecb_start.o ecb_encrypt.o ecb_decrypt.o \
\
hash_file.o hash_filehandle.o hash_memory.o \
\
hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \
\
pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \
pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
\
pkcs_5_1.o pkcs_5_2.o \
\
der_encode_integer.o der_decode_integer.o der_length_integer.o \
der_put_multi_integer.o der_get_multi_integer.o \
\
burn_stack.o zeromem.o \
\
$(MPIOBJECT)
#ciphers come in two flavours... enc+dec and enc
aes_enc.o: aes.c aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c aes.c -o aes_enc.o
ltc_dll: $(OBJECTS) $(MPIOBJECT)
gcc -mno-cygwin -mdll -o libtomcrypt.dll -Wl,--out-implib=libtomcrypt.dll.a -Wl,--export-all-symbols *.o -ladvapi32
ranlib libtomcrypt.dll.a

214
makefile.icc
View File

@@ -22,7 +22,7 @@ CC=icc
#ARFLAGS=r
# Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -c -I./ -DINTEL_CC
CFLAGS += -c -I./src/headers/ -DINTEL_CC
#The default rule for make builds the libtomcrypt library.
default:library
@@ -30,18 +30,18 @@ default:library
# optimize for SPEED
#
# -mcpu= can be pentium, pentiumpro (covers PII through PIII) or pentium4
# -ax? specifies make code specifically for ? but compatible with IA-32
# -x? specifies compile solely for ? [not specifically IA-32 compatible]
# -ax? specifies make code specifically for ? but compatible with IA-32
# -x? specifies compile solely for ? [not specifically IA-32 compatible]
#
# where ? is
# K - PIII
# W - first P4 [Williamette]
# N - P4 Northwood
# P - P4 Prescott
# B - Blend of P4 and PM [mobile]
# K - PIII
# W - first P4 [Williamette]
# N - P4 Northwood
# P - P4 Prescott
# B - Blend of P4 and PM [mobile]
#
# Default to just generic max opts
CFLAGS += -O3 -xN -ip
CFLAGS += -O3 -xP -ip
# want to see stuff?
#CFLAGS += -opt_report
@@ -50,11 +50,15 @@ CFLAGS += -O3 -xN -ip
#Output filenames for various targets.
LIBNAME=libtomcrypt.a
LIBTEST=testprof/libtomcrypt_prof.a
HASH=hashsum
CRYPT=encrypt
SMALL=small
PROF=x86_prof
TV=tv_gen
MULTI=multi
TIMING=timing
TEST=test
#LIBPATH-The directory for libtomcrypt to be installed to.
#INCPATH-The directory to install the header files for libtomcrypt.
@@ -67,76 +71,80 @@ DATAPATH=/usr/share/doc/libtomcrypt/pdf
#List of objects to compile.
#Leave MPI built-in or force developer to link against libtommath?
MPIOBJECT=mpi.o
MPIOBJECT=src/misc/mpi/mpi.o
OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
\
crypt.o crypt_find_cipher.o crypt_find_hash_any.o \
crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \
crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \
crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \
crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \
crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \
crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \
\
sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \
\
rand_prime.o is_prime.o \
\
ecc.o dh.o \
\
rsa_decrypt_key.o rsa_encrypt_key.o rsa_exptmod.o rsa_free.o rsa_make_key.o \
rsa_sign_hash.o rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
\
dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o \
dsa_verify_hash.o dsa_verify_key.o \
\
aes.o aes_enc.o \
\
blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
\
md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
rmd128.o rmd160.o chc.o \
\
packet_store_header.o packet_valid_header.o \
\
eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \
eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \
\
ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \
ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \
ocb_shift_xor.o ocb_test.o s_ocb_done.o \
\
omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \
\
pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \
pmac_shift_xor.o pmac_test.o \
\
cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
ecb_start.o ecb_encrypt.o ecb_decrypt.o \
\
hash_file.o hash_filehandle.o hash_memory.o \
\
hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \
\
pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \
pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
\
pkcs_5_1.o pkcs_5_2.o \
\
der_encode_integer.o der_decode_integer.o der_length_integer.o \
der_put_multi_integer.o der_get_multi_integer.o \
\
burn_stack.o zeromem.o \
\
$(MPIOBJECT)
OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \
src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \
src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \
src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \
src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \
src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \
src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \
src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \
src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
src/modes/ofb/ofb_start.o src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o \
src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v15_es_decode.o \
src/pk/pkcs1/pkcs_1_v15_es_encode.o src/pk/pkcs1/pkcs_1_v15_sa_decode.o \
src/pk/pkcs1/pkcs_1_v15_sa_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_v15_decrypt_key.o \
src/pk/rsa/rsa_v15_encrypt_key.o src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \
src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
#ciphers come in two flavours... enc+dec and enc
aes_enc.o: aes.c aes_tab.c
@@ -145,8 +153,9 @@ aes_enc.o: aes.c aes_tab.c
HASHOBJECTS=demos/hashsum.o
CRYPTOBJECTS=demos/encrypt.o
SMALLOBJECTS=demos/small.o
PROFS=demos/x86_prof.o
TVS=demos/tv_gen.o
TIMINGS=demos/timing.o
TESTS=demos/test.o
#Files left over from making the crypt.pdf.
LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind
@@ -154,25 +163,28 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind
#Compressed filenames
COMPRESSED=crypt.tar.bz2 crypt.zip crypt.tar.gz
#Header files used by libtomcrypt.
HEADERS=ltc_tommath.h mycrypt_cfg.h \
mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \
mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h mycrypt_custom.h
#ciphers come in two flavours... enc+dec and enc
src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
#These are the rules to make certain object files.
rsa.o: rsa.c rsa_sys.c
ecc.o: ecc.c ecc_sys.c
dh.o: dh.c dh_sys.c
aes.o: aes.c aes_tab.c
twofish.o: twofish.c twofish_tab.c
sha512.o: sha512.c sha384.c
sha256.o: sha256.c sha224.c
src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
#This rule makes the libtomcrypt library.
library: $(LIBNAME)
library: $(LIBTEST) $(LIBNAME)
$(LIBTEST):
cd testprof ; make -f makefile.icc
$(LIBNAME): $(OBJECTS)
$(AR) $(ARFLAGS) $@ $(OBJECTS)
$(AR) $(ARFLAGS) $@ $(OBJECTS)
ranlib $(LIBNAME)
#This rule makes the hash program included with libtomcrypt
hashsum: library $(HASHOBJECTS)
@@ -186,19 +198,14 @@ crypt: library $(CRYPTOBJECTS)
small: library $(SMALLOBJECTS)
$(CC) $(SMALLOBJECTS) $(LIBNAME) -o $(SMALL) $(WARN)
x86_prof: library $(PROFS)
$(CC) $(PROFS) $(LIBNAME) -o $(PROF)
tv_gen: library $(TVS)
$(CC) $(TVS) $(LIBNAME) -o $(TV)
profiled:
make clean
make CFLAGS="$(CFLAGS) -prof_gen" x86_prof
./x86_prof
rm *.o *.a x86_prof
make CFLAGS="$(CFLAGS) -prof_use" x86_prof
timing: library $(TIMINGS)
$(CC) $(TIMINGS) $(LIBTEST) $(LIBNAME) -o $(TIMING)
test: library $(TESTS)
$(CC) $(TESTS) $(LIBTEST) $(LIBNAME) -o $(TEST)
#This rule installs the library and the header files. This must be run
#as root in order to have a high enough permission to write to the correct
@@ -208,10 +215,3 @@ install: library
install -d -g root -o root $(DESTDIR)$(INCPATH)
install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH)
install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
#This rule cleans the source tree of all compiled code, not including the pdf
#documentation.
clean:
rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME)
rm -f $(TEST) $(HASH) $(COMPRESSED) $(PROFS) $(PROF) $(TVS) $(TV)
rm -f *.a *.dll *stackdump *.lib *.exe *.obj demos/*.obj demos/*.o *.bat *.txt *.il *.da demos/*.il demos/*.da *.dyn

161
makefile.msvc
View File

@@ -1,93 +1,104 @@
#MSVC Makefile [tested with MSVC 6.00 with SP5]
#
#Tom St Denis
CFLAGS = /I. /Ox /DWIN32 /W3
CFLAGS = /Isrc/headers/ /Itestprof/ /Ox /DWIN32 /W3 /Fo$@
default: library
# leave this blank and link against libtommath if you want better link resolution
MPIOBJECT=mpi.obj
MPIOBJECT=src/misc/mpi/mpi.obj
OBJECTS=error_to_string.obj mpi_to_ltc_error.obj base64_encode.obj base64_decode.obj \
\
crypt.obj crypt_find_cipher.obj crypt_find_hash_any.obj \
crypt_hash_is_valid.obj crypt_register_hash.obj crypt_unregister_prng.obj \
crypt_argchk.obj crypt_find_cipher_any.obj crypt_find_hash_id.obj \
crypt_prng_descriptor.obj crypt_register_prng.obj crypt_cipher_descriptor.obj \
crypt_find_cipher_id.obj crypt_find_prng.obj crypt_prng_is_valid.obj \
crypt_unregister_cipher.obj crypt_cipher_is_valid.obj crypt_find_hash.obj \
crypt_hash_descriptor.obj crypt_register_cipher.obj crypt_unregister_hash.obj \
\
sober128.obj fortuna.obj sprng.obj yarrow.obj rc4.obj rng_get_bytes.obj rng_make_prng.obj \
\
rand_prime.obj is_prime.obj \
\
ecc.obj dh.obj \
\
rsa_decrypt_key.obj rsa_encrypt_key.obj rsa_exptmod.obj rsa_free.obj rsa_make_key.obj \
rsa_sign_hash.obj rsa_verify_hash.obj rsa_export.obj rsa_import.obj tim_exptmod.obj \
rsa_v15_encrypt_key.obj rsa_v15_decrypt_key.obj rsa_v15_sign_hash.obj rsa_v15_verify_hash.obj \
\
dsa_export.obj dsa_free.obj dsa_import.obj dsa_make_key.obj dsa_sign_hash.obj \
dsa_verify_hash.obj dsa_verify_key.obj \
\
aes.obj aes_enc.obj \
\
blowfish.obj des.obj safer_tab.obj safer.obj saferp.obj rc2.obj xtea.obj \
rc6.obj rc5.obj cast5.obj noekeon.obj twofish.obj skipjack.obj \
\
md2.obj md4.obj md5.obj sha1.obj sha256.obj sha512.obj tiger.obj whirl.obj \
rmd128.obj rmd160.obj chc.obj \
\
packet_store_header.obj packet_valid_header.obj \
\
eax_addheader.obj eax_decrypt.obj eax_decrypt_verify_memory.obj eax_done.obj eax_encrypt.obj \
eax_encrypt_authenticate_memory.obj eax_init.obj eax_test.obj \
\
ocb_decrypt.obj ocb_decrypt_verify_memory.obj ocb_done_decrypt.obj ocb_done_encrypt.obj \
ocb_encrypt.obj ocb_encrypt_authenticate_memory.obj ocb_init.obj ocb_ntz.obj \
ocb_shift_xor.obj ocb_test.obj s_ocb_done.obj \
\
omac_done.obj omac_file.obj omac_init.obj omac_memory.obj omac_process.obj omac_test.obj \
\
pmac_done.obj pmac_file.obj pmac_init.obj pmac_memory.obj pmac_ntz.obj pmac_process.obj \
pmac_shift_xor.obj pmac_test.obj \
\
cbc_start.obj cbc_encrypt.obj cbc_decrypt.obj cbc_getiv.obj cbc_setiv.obj \
cfb_start.obj cfb_encrypt.obj cfb_decrypt.obj cfb_getiv.obj cfb_setiv.obj \
ofb_start.obj ofb_encrypt.obj ofb_decrypt.obj ofb_getiv.obj ofb_setiv.obj \
ctr_start.obj ctr_encrypt.obj ctr_decrypt.obj ctr_getiv.obj ctr_setiv.obj \
ecb_start.obj ecb_encrypt.obj ecb_decrypt.obj \
\
hash_file.obj hash_filehandle.obj hash_memory.obj \
\
hmac_done.obj hmac_file.obj hmac_init.obj hmac_memory.obj hmac_process.obj hmac_test.obj \
\
pkcs_1_mgf1.obj pkcs_1_oaep_encode.obj pkcs_1_oaep_decode.obj \
pkcs_1_pss_encode.obj pkcs_1_pss_decode.obj pkcs_1_i2osp.obj pkcs_1_os2ip.obj \
pkcs_1_v15_es_encode.obj pkcs_1_v15_es_decode.obj pkcs_1_v15_sa_encode.obj pkcs_1_v15_sa_decode.obj \
\
pkcs_5_1.obj pkcs_5_2.obj \
\
der_encode_integer.obj der_decode_integer.obj der_length_integer.obj \
der_put_multi_integer.obj der_get_multi_integer.obj \
\
burn_stack.obj zeromem.obj \
\
$(MPIOBJECT)
OBJECTS=src/ciphers/aes/aes_enc.obj $(MPIOBJECT) src/ciphers/aes/aes.obj src/ciphers/anubis.obj \
src/ciphers/blowfish.obj src/ciphers/cast5.obj src/ciphers/des.obj src/ciphers/khazad.obj src/ciphers/noekeon.obj \
src/ciphers/rc2.obj src/ciphers/rc5.obj src/ciphers/rc6.obj src/ciphers/safer/safer.obj \
src/ciphers/safer/safer_tab.obj src/ciphers/safer/saferp.obj src/ciphers/skipjack.obj \
src/ciphers/twofish/twofish.obj src/ciphers/xtea.obj src/encauth/ccm/ccm_memory.obj \
src/encauth/ccm/ccm_test.obj src/encauth/eax/eax_addheader.obj src/encauth/eax/eax_decrypt.obj \
src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj src/encauth/eax/eax_encrypt.obj \
src/encauth/eax/eax_encrypt_authenticate_memory.obj src/encauth/eax/eax_init.obj \
src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj src/encauth/gcm/gcm_add_iv.obj \
src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj src/encauth/gcm/gcm_init.obj \
src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj \
src/encauth/gcm/gcm_test.obj src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \
src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj src/hashes/helper/hash_filehandle.obj \
src/hashes/helper/hash_memory.obj src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \
src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/sha1.obj src/hashes/sha2/sha256.obj \
src/hashes/sha2/sha512.obj src/hashes/tiger.obj src/hashes/whirl/whirl.obj src/mac/hmac/hmac_done.obj \
src/mac/hmac/hmac_file.obj src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \
src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj src/mac/hmac/hmac_test.obj \
src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \
src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj src/mac/omac/omac_test.obj \
src/mac/pelican/pelican.obj src/mac/pelican/pelican_memory.obj src/mac/pelican/pelican_test.obj \
src/mac/pmac/pmac_done.obj src/mac/pmac/pmac_file.obj src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj src/mac/pmac/pmac_process.obj \
src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj src/misc/base64/base64_decode.obj \
src/misc/base64/base64_encode.obj src/misc/burn_stack.obj src/misc/crypt/crypt.obj \
src/misc/crypt/crypt_argchk.obj src/misc/crypt/crypt_cipher_descriptor.obj \
src/misc/crypt/crypt_cipher_is_valid.obj src/misc/crypt/crypt_find_cipher.obj \
src/misc/crypt/crypt_find_cipher_any.obj src/misc/crypt/crypt_find_cipher_id.obj \
src/misc/crypt/crypt_find_hash.obj src/misc/crypt/crypt_find_hash_any.obj \
src/misc/crypt/crypt_find_hash_id.obj src/misc/crypt/crypt_find_prng.obj \
src/misc/crypt/crypt_hash_descriptor.obj src/misc/crypt/crypt_hash_is_valid.obj \
src/misc/crypt/crypt_prng_descriptor.obj src/misc/crypt/crypt_prng_is_valid.obj \
src/misc/crypt/crypt_register_cipher.obj src/misc/crypt/crypt_register_hash.obj \
src/misc/crypt/crypt_register_prng.obj src/misc/crypt/crypt_unregister_cipher.obj \
src/misc/crypt/crypt_unregister_hash.obj src/misc/crypt/crypt_unregister_prng.obj \
src/misc/error_to_string.obj src/misc/mpi/is_prime.obj src/misc/mpi/mpi_to_ltc_error.obj \
src/misc/mpi/rand_prime.obj src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj \
src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj \
src/modes/cbc/cbc_getiv.obj src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj \
src/modes/cfb/cfb_decrypt.obj src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj \
src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj \
src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj \
src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj \
src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \
src/modes/ecb/ecb_start.obj src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj \
src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj \
src/modes/ofb/ofb_start.obj src/pk/asn1/der/der_decode_integer.obj src/pk/asn1/der/der_encode_integer.obj \
src/pk/asn1/der/der_get_multi_integer.obj src/pk/asn1/der/der_length_integer.obj \
src/pk/asn1/der/der_put_multi_integer.obj src/pk/dh/dh.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj \
src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_sign_hash.obj \
src/pk/dsa/dsa_verify_hash.obj src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/packet_store_header.obj \
src/pk/packet_valid_header.obj src/pk/pkcs1/pkcs_1_i2osp.obj src/pk/pkcs1/pkcs_1_mgf1.obj \
src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \
src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/pkcs1/pkcs_1_v15_es_decode.obj \
src/pk/pkcs1/pkcs_1_v15_es_encode.obj src/pk/pkcs1/pkcs_1_v15_sa_decode.obj \
src/pk/pkcs1/pkcs_1_v15_sa_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \
src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_import.obj \
src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_v15_decrypt_key.obj \
src/pk/rsa/rsa_v15_encrypt_key.obj src/pk/rsa/rsa_v15_sign_hash.obj src/pk/rsa/rsa_v15_verify_hash.obj \
src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj src/prngs/rc4.obj src/prngs/rng_get_bytes.obj \
src/prngs/rng_make_prng.obj src/prngs/sober128.obj src/prngs/sprng.obj src/prngs/yarrow.obj
#ciphers come in two flavours... enc+dec and enc
aes_enc.obj: aes.c aes_tab.c
$(CC) $(CFLAGS) /DENCRYPT_ONLY /c aes.c /Foaes_enc.obj
HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \
src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
#ciphers come in two flavours... enc+dec and enc
src/ciphers/aes/aes_enc.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
$(CC) $(CFLAGS) /DENCRYPT_ONLY /c src/ciphers/aes/aes.c /Fosrc/ciphers/aes/aes_enc.obj
library: $(OBJECTS)
lib /out:tomcrypt.lib $(OBJECTS)
cd testprof
nmake -f makefile.msvc
cd ..
x86_prof: demos/x86_prof.c library
cl $(CFLAGS) demos/x86_prof.c tomcrypt.lib advapi32.lib
tv_gen: demos/tv_gen.c library
cl $(CFLAGS) demos/tv_gen.c tomcrypt.lib advapi32.lib
hashsum: demos/hashsum.c library
cl $(CFLAGS) demos/hashsum.c tomcrypt.lib advapi32.lib
test: demos/test.c library
cl $(CFLAGS) demos/test.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib
timing: demos/timing.c library
cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib

238
makefile.shared
View File

@@ -1,25 +1,27 @@
# MAKEFILE for linux GCC
#
# This makefile produces a shared object and requires libtool to be installed.
#
# Thanks to Zed Shaw for helping debug this on BSD/OSX.
# Tom St Denis
# Modified by Clay Culver
# The version
VERSION=0:99
VERSION=0:102
# Compiler and Linker Names
CC=libtool --mode=compile gcc
# Archiver [makes .a files]
AR=libtool --mode=link
# Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wshadow
# -Werror
CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow
# additional warnings (newer GCC 3.4 and higher)
#CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
# -Wmissing-declarations -Wpointer-arith
# optimize for SPEED
CFLAGS += -O3 -funroll-all-loops
#add -fomit-frame-pointer. hinders debugging!
# add -fomit-frame-pointer. hinders debugging!
CFLAGS += -fomit-frame-pointer
# optimize for SIZE
@@ -28,15 +30,21 @@ CFLAGS += -fomit-frame-pointer
# compile for DEBUGING (required for ccmalloc checking!!!)
#CFLAGS += -g3
#These flags control how the library gets built.
# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
# define this to help
#CFLAGS += -DLTC_NO_ROLC
#Output filenames for various targets.
LIBTEST=libtomcrypt_prof.la
LIBNAME=libtomcrypt.la
HASH=hashsum
CRYPT=encrypt
SMALL=small
PROF=x86_prof
TV=tv_gen
TEST=test
TIMING=timing
#LIBPATH-The directory for libtomcrypt to be installed to.
#INCPATH-The directory to install the header files for libtomcrypt.
@@ -46,141 +54,145 @@ LIBPATH=/usr/lib
INCPATH=/usr/include
DATAPATH=/usr/share/doc/libtomcrypt/pdf
#Who do we install as?
USER=root
GROUP=wheel
#List of objects to compile.
#Leave MPI built-in or force developer to link against libtommath?
MPIOBJECT=mpi.o
MPIOBJECT=src/misc/mpi/mpi.o
#If you don't want mpi.o then add this
#MPISHARED=$(LIBPATH)/libtommath.la
OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
\
crypt.o crypt_find_cipher.o crypt_find_hash_any.o \
crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \
crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \
crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \
crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \
crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \
crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \
\
sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \
\
rand_prime.o is_prime.o \
\
ecc.o dh.o \
\
rsa_decrypt_key.o rsa_encrypt_key.o rsa_exptmod.o rsa_free.o rsa_make_key.o \
rsa_sign_hash.o rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
\
dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o \
dsa_verify_hash.o dsa_verify_key.o \
\
aes.o aes_enc.o \
\
blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
\
md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
rmd128.o rmd160.o chc.o \
\
packet_store_header.o packet_valid_header.o \
\
eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \
eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \
\
ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \
ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \
ocb_shift_xor.o ocb_test.o s_ocb_done.o \
\
omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \
\
pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \
pmac_shift_xor.o pmac_test.o \
\
cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
ecb_start.o ecb_encrypt.o ecb_decrypt.o \
\
hash_file.o hash_filehandle.o hash_memory.o \
\
hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \
\
pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \
pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
\
pkcs_5_1.o pkcs_5_2.o \
\
der_encode_integer.o der_decode_integer.o der_length_integer.o \
der_put_multi_integer.o der_get_multi_integer.o \
\
burn_stack.o zeromem.o \
\
$(MPIOBJECT)
OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \
src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \
src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \
src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \
src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \
src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \
src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \
src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \
src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
src/modes/ofb/ofb_start.o src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o \
src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v15_es_decode.o \
src/pk/pkcs1/pkcs_1_v15_es_encode.o src/pk/pkcs1/pkcs_1_v15_sa_decode.o \
src/pk/pkcs1/pkcs_1_v15_sa_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_v15_decrypt_key.o \
src/pk/rsa/rsa_v15_encrypt_key.o src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o
HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \
src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
TESTOBJECTS=demos/test.o
HASHOBJECTS=demos/hashsum.o
CRYPTOBJECTS=demos/encrypt.o
SMALLOBJECTS=demos/small.o
PROFS=demos/x86_prof.o
TVS=demos/tv_gen.o
#Files left over from making the crypt.pdf.
LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
#Compressed filenames
COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip
#Header files used by libtomcrypt.
HEADERS=ltc_tommath.h mycrypt_cfg.h \
mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \
mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h \
mycrypt_custom.h mycrypt_pkcs.h tommath_class.h tommath_superclass.h
TESTS=demos/test.o
TIMINGS=demos/timing.o
#The default rule for make builds the libtomcrypt library.
default:library
#ciphers come in two flavours... enc+dec and enc
aes_enc.o: aes.c aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c aes.c -o aes_enc.o
src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
#These are the rules to make certain object files.
aes.o: aes.c aes_tab.c
twofish.o: twofish.c twofish_tab.c
whirl.o: whirl.c whirltab.c
ecc.o: ecc.c ecc_sys.c
dh.o: dh.c dh_sys.c
sha512.o: sha512.c sha384.c
sha256.o: sha256.c sha224.c
src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
#This rule makes the libtomcrypt library.
library: $(LIBNAME)
library: $(LIBTEST) $(LIBNAME)
$(LIBTEST):
cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBNAME=$(LIBTEST) make -f makefile.shared
$(LIBNAME): $(OBJECTS)
libtool --mode=link gcc $(CFLAGS) *.lo -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION)
libtool --mode=link gcc $(CFLAGS) *.o -o libtomcrypt.a
libtool --mode=install install -c libtomcrypt.la $(LIBPATH)/libtomcrypt.la
install -d -g root -o root $(DESTDIR)$(INCPATH)
install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION)
libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]o" | grep "src/" | xargs` -o libtomcrypt.a
ranlib libtomcrypt.a
libtool --silent --mode=install install -c libtomcrypt.la $(LIBPATH)/libtomcrypt.la
install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
#This rule makes the hash program included with libtomcrypt
hashsum: library
gcc $(CFLAGS) demos/hashsum.c -o hashsum.o
libtool --mode=link gcc -o hashsum hashsum.o -ltomcrypt $(MPISHARED)
gcc -o hashsum hashsum.o -ltomcrypt_prof -ltomcrypt $(MPISHARED)
#makes the crypt program
crypt: library
gcc $(CFLAGS) demos/encrypt.c -o encrypt.o
libtool --mode=link gcc -o crypt encrypt.o -ltomcrypt $(MPISHARED)
x86_prof: library
gcc $(CFLAGS) demos/x86_prof.c -o x86_prof.o
libtool --mode=link gcc -o x86_prof x86_prof.o -ltomcrypt $(MPISHARED) $(EXTRALIBS)
gcc -o crypt encrypt.o -ltomcrypt_prof -ltomcrypt $(MPISHARED)
tv_gen: library $(TVS)
gcc $(CFLAGS) demos/tv_gen.c -o tv_gen.o
libtool --mode=link gcc -o tv_gen tv_gen.o -ltomcrypt $(MPISHARED)
gcc -o tv_gen $(TVS) -ltomcrypt_prof -ltomcrypt $(MPISHARED)
test: library $(TESTS)
gcc -o $(TEST) $(TESTS) -ltomcrypt_prof -ltomcrypt $(MPISHARED)
timing: library $(TIMINGS)
gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(MPISHARED)

396
mycrypt_cipher.h
View File

@@ -1,396 +0,0 @@
/* ---- SYMMETRIC KEY STUFF -----
*
* We put each of the ciphers scheduled keys in their own structs then we put all of
* the key formats in one union. This makes the function prototypes easier to use.
*/
#ifdef BLOWFISH
struct blowfish_key {
ulong32 S[4][256];
ulong32 K[18];
};
#endif
#ifdef RC5
struct rc5_key {
int rounds;
ulong32 K[50];
};
#endif
#ifdef RC6
struct rc6_key {
ulong32 K[44];
};
#endif
#ifdef SAFERP
struct saferp_key {
unsigned char K[33][16];
long rounds;
};
#endif
#ifdef RIJNDAEL
struct rijndael_key {
ulong32 eK[64], dK[64];
int Nr;
};
#endif
#ifdef XTEA
struct xtea_key {
unsigned long A[32], B[32];
};
#endif
#ifdef TWOFISH
#ifndef TWOFISH_SMALL
struct twofish_key {
ulong32 S[4][256], K[40];
};
#else
struct twofish_key {
ulong32 K[40];
unsigned char S[32], start;
};
#endif
#endif
#ifdef SAFER
#define SAFER_K64_DEFAULT_NOF_ROUNDS 6
#define SAFER_K128_DEFAULT_NOF_ROUNDS 10
#define SAFER_SK64_DEFAULT_NOF_ROUNDS 8
#define SAFER_SK128_DEFAULT_NOF_ROUNDS 10
#define SAFER_MAX_NOF_ROUNDS 13
#define SAFER_BLOCK_LEN 8
#define SAFER_KEY_LEN (1 + SAFER_BLOCK_LEN * (1 + 2 * SAFER_MAX_NOF_ROUNDS))
typedef unsigned char safer_block_t[SAFER_BLOCK_LEN];
typedef unsigned char safer_key_t[SAFER_KEY_LEN];
struct safer_key { safer_key_t key; };
#endif
#ifdef RC2
struct rc2_key { unsigned xkey[64]; };
#endif
#ifdef DES
struct des_key {
ulong32 ek[32], dk[32];
};
struct des3_key {
ulong32 ek[3][32], dk[3][32];
};
#endif
#ifdef CAST5
struct cast5_key {
ulong32 K[32], keylen;
};
#endif
#ifdef NOEKEON
struct noekeon_key {
ulong32 K[4], dK[4];
};
#endif
#ifdef SKIPJACK
struct skipjack_key {
unsigned char key[10];
};
#endif
typedef union Symmetric_key {
#ifdef DES
struct des_key des;
struct des3_key des3;
#endif
#ifdef RC2
struct rc2_key rc2;
#endif
#ifdef SAFER
struct safer_key safer;
#endif
#ifdef TWOFISH
struct twofish_key twofish;
#endif
#ifdef BLOWFISH
struct blowfish_key blowfish;
#endif
#ifdef RC5
struct rc5_key rc5;
#endif
#ifdef RC6
struct rc6_key rc6;
#endif
#ifdef SAFERP
struct saferp_key saferp;
#endif
#ifdef RIJNDAEL
struct rijndael_key rijndael;
#endif
#ifdef XTEA
struct xtea_key xtea;
#endif
#ifdef CAST5
struct cast5_key cast5;
#endif
#ifdef NOEKEON
struct noekeon_key noekeon;
#endif
#ifdef SKIPJACK
struct skipjack_key skipjack;
#endif
} symmetric_key;
/* A block cipher ECB structure */
typedef struct {
int cipher, blocklen;
symmetric_key key;
} symmetric_ECB;
/* A block cipher CFB structure */
typedef struct {
int cipher, blocklen, padlen;
unsigned char IV[MAXBLOCKSIZE], pad[MAXBLOCKSIZE];
symmetric_key key;
} symmetric_CFB;
/* A block cipher OFB structure */
typedef struct {
int cipher, blocklen, padlen;
unsigned char IV[MAXBLOCKSIZE];
symmetric_key key;
} symmetric_OFB;
/* A block cipher CBC structure */
typedef struct Symmetric_CBC {
int cipher, blocklen;
unsigned char IV[MAXBLOCKSIZE];
symmetric_key key;
} symmetric_CBC;
/* A block cipher CTR structure */
typedef struct Symmetric_CTR {
int cipher, blocklen, padlen, mode;
unsigned char ctr[MAXBLOCKSIZE], pad[MAXBLOCKSIZE];
symmetric_key key;
} symmetric_CTR;
/* cipher descriptor table, last entry has "name == NULL" to mark the end of table */
extern struct _cipher_descriptor {
char *name;
unsigned char ID;
int min_key_length, max_key_length, block_length, default_rounds;
int (*setup)(const unsigned char *key, int keylength, int num_rounds, symmetric_key *skey);
void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int (*test)(void);
int (*keysize)(int *desired_keysize);
} cipher_descriptor[];
#ifdef BLOWFISH
int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int blowfish_test(void);
int blowfish_keysize(int *desired_keysize);
extern const struct _cipher_descriptor blowfish_desc;
#endif
#ifdef RC5
int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int rc5_test(void);
int rc5_keysize(int *desired_keysize);
extern const struct _cipher_descriptor rc5_desc;
#endif
#ifdef RC6
int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int rc6_test(void);
int rc6_keysize(int *desired_keysize);
extern const struct _cipher_descriptor rc6_desc;
#endif
#ifdef RC2
int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int rc2_test(void);
int rc2_keysize(int *desired_keysize);
extern const struct _cipher_descriptor rc2_desc;
#endif
#ifdef SAFERP
int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int saferp_test(void);
int saferp_keysize(int *desired_keysize);
extern const struct _cipher_descriptor saferp_desc;
#endif
#ifdef SAFER
int safer_k64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
int safer_sk64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
int safer_k128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
int safer_sk128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void safer_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void safer_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int safer_k64_test(void);
int safer_sk64_test(void);
int safer_sk128_test(void);
int safer_64_keysize(int *desired_keysize);
int safer_128_keysize(int *desired_keysize);
extern const struct _cipher_descriptor safer_k64_desc, safer_k128_desc, safer_sk64_desc, safer_sk128_desc;
#endif
#ifdef RIJNDAEL
/* make aes an alias */
#define aes_setup rijndael_setup
#define aes_ecb_encrypt rijndael_ecb_encrypt
#define aes_ecb_decrypt rijndael_ecb_decrypt
#define aes_test rijndael_test
#define aes_keysize rijndael_keysize
#define aes_enc_setup rijndael_enc_setup
#define aes_enc_ecb_encrypt rijndael_enc_ecb_encrypt
#define aes_enc_keysize rijndael_enc_keysize
int rijndael_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int rijndael_test(void);
int rijndael_keysize(int *desired_keysize);
int rijndael_enc_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void rijndael_enc_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
int rijndael_enc_keysize(int *desired_keysize);
extern const struct _cipher_descriptor rijndael_desc, aes_desc;
extern const struct _cipher_descriptor rijndael_enc_desc, aes_enc_desc;
#endif
#ifdef XTEA
int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int xtea_test(void);
int xtea_keysize(int *desired_keysize);
extern const struct _cipher_descriptor xtea_desc;
#endif
#ifdef TWOFISH
int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int twofish_test(void);
int twofish_keysize(int *desired_keysize);
extern const struct _cipher_descriptor twofish_desc;
#endif
#ifdef DES
int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int des_test(void);
int des_keysize(int *desired_keysize);
int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int des3_test(void);
int des3_keysize(int *desired_keysize);
extern const struct _cipher_descriptor des_desc, des3_desc;
#endif
#ifdef CAST5
int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int cast5_test(void);
int cast5_keysize(int *desired_keysize);
extern const struct _cipher_descriptor cast5_desc;
#endif
#ifdef NOEKEON
int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int noekeon_test(void);
int noekeon_keysize(int *desired_keysize);
extern const struct _cipher_descriptor noekeon_desc;
#endif
#ifdef SKIPJACK
int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int skipjack_test(void);
int skipjack_keysize(int *desired_keysize);
extern const struct _cipher_descriptor skipjack_desc;
#endif
#ifdef ECB
int ecb_start(int cipher, const unsigned char *key,
int keylen, int num_rounds, symmetric_ECB *ecb);
int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb);
int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb);
#endif
#ifdef CFB
int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CFB *cfb);
int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb);
int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb);
int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb);
int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb);
#endif
#ifdef OFB
int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_OFB *ofb);
int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb);
int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb);
int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb);
int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb);
#endif
#ifdef CBC
int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CBC *cbc);
int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc);
int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc);
int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc);
int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc);
#endif
#ifdef CTR
int ctr_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CTR *ctr);
int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr);
int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr);
int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr);
int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr);
#endif
int find_cipher(const char *name);
int find_cipher_any(const char *name, int blocklen, int keylen);
int find_cipher_id(unsigned char ID);
int register_cipher(const struct _cipher_descriptor *cipher);
int unregister_cipher(const struct _cipher_descriptor *cipher);
int cipher_is_valid(int idx);

475
mycrypt_hash.h
View File

@@ -1,475 +0,0 @@
/* ---- HASH FUNCTIONS ---- */
#ifdef SHA512
struct sha512_state {
ulong64 length, state[8];
unsigned long curlen;
unsigned char buf[128];
};
#endif
#ifdef SHA256
struct sha256_state {
ulong64 length;
ulong32 state[8], curlen;
unsigned char buf[64];
};
#endif
#ifdef SHA1
struct sha1_state {
ulong64 length;
ulong32 state[5], curlen;
unsigned char buf[64];
};
#endif
#ifdef MD5
struct md5_state {
ulong64 length;
ulong32 state[4], curlen;
unsigned char buf[64];
};
#endif
#ifdef MD4
struct md4_state {
ulong64 length;
ulong32 state[4], curlen;
unsigned char buf[64];
};
#endif
#ifdef TIGER
struct tiger_state {
ulong64 state[3], length;
unsigned long curlen;
unsigned char buf[64];
};
#endif
#ifdef MD2
struct md2_state {
unsigned char chksum[16], X[48], buf[16];
unsigned long curlen;
};
#endif
#ifdef RIPEMD128
struct rmd128_state {
ulong64 length;
unsigned char buf[64];
ulong32 curlen, state[4];
};
#endif
#ifdef RIPEMD160
struct rmd160_state {
ulong64 length;
unsigned char buf[64];
ulong32 curlen, state[5];
};
#endif
#ifdef WHIRLPOOL
struct whirlpool_state {
ulong64 length, state[8];
unsigned char buf[64];
ulong32 curlen;
};
#endif
#ifdef CHC_HASH
struct chc_state {
ulong64 length;
unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE];
ulong32 curlen;
};
#endif
typedef union Hash_state {
#ifdef CHC_HASH
struct chc_state chc;
#endif
#ifdef WHIRLPOOL
struct whirlpool_state whirlpool;
#endif
#ifdef SHA512
struct sha512_state sha512;
#endif
#ifdef SHA256
struct sha256_state sha256;
#endif
#ifdef SHA1
struct sha1_state sha1;
#endif
#ifdef MD5
struct md5_state md5;
#endif
#ifdef MD4
struct md4_state md4;
#endif
#ifdef MD2
struct md2_state md2;
#endif
#ifdef TIGER
struct tiger_state tiger;
#endif
#ifdef RIPEMD128
struct rmd128_state rmd128;
#endif
#ifdef RIPEMD160
struct rmd160_state rmd160;
#endif
} hash_state;
extern struct _hash_descriptor {
char *name;
unsigned char ID;
unsigned long hashsize; /* digest output size in bytes */
unsigned long blocksize; /* the block size the hash uses */
#if 0
/*matt - we don't need these and they make the intialisers more ugly.*/
unsigned char DER[64]; /* DER encoded identifier */
unsigned long DERlen; /* length of DER encoding */
#endif
int (*init)(hash_state *);
int (*process)(hash_state *, const unsigned char *, unsigned long);
int (*done)(hash_state *, unsigned char *);
int (*test)(void);
} hash_descriptor[];
#ifdef CHC_HASH
int chc_register(int cipher);
int chc_init(hash_state * md);
int chc_process(hash_state * md, const unsigned char *buf, unsigned long len);
int chc_done(hash_state * md, unsigned char *hash);
int chc_test(void);
extern const struct _hash_descriptor chc_desc;
#endif
#ifdef WHIRLPOOL
int whirlpool_init(hash_state * md);
int whirlpool_process(hash_state * md, const unsigned char *buf, unsigned long len);
int whirlpool_done(hash_state * md, unsigned char *hash);
int whirlpool_test(void);
extern const struct _hash_descriptor whirlpool_desc;
#endif
#ifdef SHA512
int sha512_init(hash_state * md);
int sha512_process(hash_state * md, const unsigned char *buf, unsigned long len);
int sha512_done(hash_state * md, unsigned char *hash);
int sha512_test(void);
extern const struct _hash_descriptor sha512_desc;
#endif
#ifdef SHA384
#ifndef SHA512
#error SHA512 is required for SHA384
#endif
int sha384_init(hash_state * md);
#define sha384_process sha512_process
int sha384_done(hash_state * md, unsigned char *hash);
int sha384_test(void);
extern const struct _hash_descriptor sha384_desc;
#endif
#ifdef SHA256
int sha256_init(hash_state * md);
int sha256_process(hash_state * md, const unsigned char *buf, unsigned long len);
int sha256_done(hash_state * md, unsigned char *hash);
int sha256_test(void);
extern const struct _hash_descriptor sha256_desc;
#ifdef SHA224
#ifndef SHA256
#error SHA256 is required for SHA224
#endif
int sha224_init(hash_state * md);
#define sha224_process sha256_process
int sha224_done(hash_state * md, unsigned char *hash);
int sha224_test(void);
extern const struct _hash_descriptor sha224_desc;
#endif
#endif
#ifdef SHA1
int sha1_init(hash_state * md);
int sha1_process(hash_state * md, const unsigned char *buf, unsigned long len);
int sha1_done(hash_state * md, unsigned char *hash);
int sha1_test(void);
extern const struct _hash_descriptor sha1_desc;
#endif
#ifdef MD5
int md5_init(hash_state * md);
int md5_process(hash_state * md, const unsigned char *buf, unsigned long len);
int md5_done(hash_state * md, unsigned char *hash);
int md5_test(void);
extern const struct _hash_descriptor md5_desc;
#endif
#ifdef MD4
int md4_init(hash_state * md);
int md4_process(hash_state * md, const unsigned char *buf, unsigned long len);
int md4_done(hash_state * md, unsigned char *hash);
int md4_test(void);
extern const struct _hash_descriptor md4_desc;
#endif
#ifdef MD2
int md2_init(hash_state * md);
int md2_process(hash_state * md, const unsigned char *buf, unsigned long len);
int md2_done(hash_state * md, unsigned char *hash);
int md2_test(void);
extern const struct _hash_descriptor md2_desc;
#endif
#ifdef TIGER
int tiger_init(hash_state * md);
int tiger_process(hash_state * md, const unsigned char *buf, unsigned long len);
int tiger_done(hash_state * md, unsigned char *hash);
int tiger_test(void);
extern const struct _hash_descriptor tiger_desc;
#endif
#ifdef RIPEMD128
int rmd128_init(hash_state * md);
int rmd128_process(hash_state * md, const unsigned char *buf, unsigned long len);
int rmd128_done(hash_state * md, unsigned char *hash);
int rmd128_test(void);
extern const struct _hash_descriptor rmd128_desc;
#endif
#ifdef RIPEMD160
int rmd160_init(hash_state * md);
int rmd160_process(hash_state * md, const unsigned char *buf, unsigned long len);
int rmd160_done(hash_state * md, unsigned char *hash);
int rmd160_test(void);
extern const struct _hash_descriptor rmd160_desc;
#endif
int find_hash(const char *name);
int find_hash_id(unsigned char ID);
int find_hash_any(const char *name, int digestlen);
int register_hash(const struct _hash_descriptor *hash);
int unregister_hash(const struct _hash_descriptor *hash);
int hash_is_valid(int idx);
int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned char *dst, unsigned long *outlen);
int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outlen);
int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *outlen);
/* a simple macro for making hash "process" functions */
#define HASH_PROCESS(func_name, compress_name, state_var, block_size) \
int func_name (hash_state * md, const unsigned char *buf, unsigned long len) \
{ \
unsigned long n; \
int err; \
_ARGCHK(md != NULL); \
_ARGCHK(buf != NULL); \
if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \
return CRYPT_INVALID_ARG; \
} \
while (len > 0) { \
if (md-> state_var .curlen == 0 && len >= block_size) { \
if ((err = compress_name (md, (unsigned char *)buf)) != CRYPT_OK) { \
return err; \
} \
md-> state_var .length += block_size * 8; \
buf += block_size; \
len -= block_size; \
} else { \
n = MIN(len, (block_size - md-> state_var .curlen)); \
memcpy(md-> state_var .buf + md-> state_var.curlen, buf, (size_t)n); \
md-> state_var .curlen += n; \
buf += n; \
len -= n; \
if (md-> state_var .curlen == block_size) { \
if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) {\
return err; \
} \
md-> state_var .length += 8*block_size; \
md-> state_var .curlen = 0; \
} \
} \
} \
return CRYPT_OK; \
}
#ifdef HMAC
typedef struct Hmac_state {
hash_state md;
int hash;
hash_state hashstate;
unsigned char *key;
} hmac_state;
int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen);
int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned long len);
int hmac_done(hmac_state *hmac, unsigned char *hashOut, unsigned long *outlen);
int hmac_test(void);
int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
const unsigned char *data, unsigned long len,
unsigned char *dst, unsigned long *dstlen);
int hmac_file(int hash, const char *fname, const unsigned char *key,
unsigned long keylen,
unsigned char *dst, unsigned long *dstlen);
#endif
#ifdef OMAC
typedef struct {
int cipher_idx,
buflen,
blklen;
unsigned char block[MAXBLOCKSIZE],
prev[MAXBLOCKSIZE],
Lu[2][MAXBLOCKSIZE];
symmetric_key key;
} omac_state;
int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen);
int omac_process(omac_state *state, const unsigned char *buf, unsigned long len);
int omac_done(omac_state *state, unsigned char *out, unsigned long *outlen);
int omac_memory(int cipher, const unsigned char *key, unsigned long keylen,
const unsigned char *msg, unsigned long msglen,
unsigned char *out, unsigned long *outlen);
int omac_file(int cipher, const unsigned char *key, unsigned long keylen,
const char *filename, unsigned char *out, unsigned long *outlen);
int omac_test(void);
#endif /* OMAC */
#ifdef PMAC
typedef struct {
unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
Lr[MAXBLOCKSIZE], /* L * x^-1 */
block[MAXBLOCKSIZE], /* currently accumulated block */
checksum[MAXBLOCKSIZE]; /* current checksum */
symmetric_key key; /* scheduled key for cipher */
unsigned long block_index; /* index # for current block */
int cipher_idx, /* cipher idx */
block_len, /* length of block */
buflen; /* number of bytes in the buffer */
} pmac_state;
int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen);
int pmac_process(pmac_state *state, const unsigned char *buf, unsigned long len);
int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen);
int pmac_memory(int cipher, const unsigned char *key, unsigned long keylen,
const unsigned char *msg, unsigned long msglen,
unsigned char *out, unsigned long *outlen);
int pmac_file(int cipher, const unsigned char *key, unsigned long keylen,
const char *filename, unsigned char *out, unsigned long *outlen);
int pmac_test(void);
/* internal functions */
int pmac_ntz(unsigned long x);
void pmac_shift_xor(pmac_state *pmac);
#endif /* PMAC */
#ifdef EAX_MODE
#if !(defined(OMAC) && defined(CTR))
#error EAX_MODE requires OMAC and CTR
#endif
typedef struct {
unsigned char N[MAXBLOCKSIZE];
symmetric_CTR ctr;
omac_state headeromac, ctomac;
} eax_state;
int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen);
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length);
int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length);
int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length);
int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen);
int eax_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen);
int eax_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
unsigned char *tag, unsigned long taglen,
int *res);
int eax_test(void);
#endif /* EAX MODE */
#ifdef OCB_MODE
typedef struct {
unsigned char L[MAXBLOCKSIZE], /* L value */
Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
Lr[MAXBLOCKSIZE], /* L * x^-1 */
R[MAXBLOCKSIZE], /* R value */
checksum[MAXBLOCKSIZE]; /* current checksum */
symmetric_key key; /* scheduled key for cipher */
unsigned long block_index; /* index # for current block */
int cipher, /* cipher idx */
block_len; /* length of block */
} ocb_state;
int ocb_init(ocb_state *ocb, int cipher,
const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
int ocb_done_encrypt(ocb_state *ocb,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen);
int ocb_done_decrypt(ocb_state *ocb,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
const unsigned char *tag, unsigned long taglen, int *res);
int ocb_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen);
int ocb_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
const unsigned char *tag, unsigned long taglen,
int *res);
int ocb_test(void);
/* internal functions */
void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
int ocb_ntz(unsigned long x);
int __ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
#endif /* OCB_MODE */

20
mycrypt_misc.h
View File

@@ -1,20 +0,0 @@
/* ---- BASE64 Routines ---- */
#ifdef BASE64
int base64_encode(const unsigned char *in, unsigned long len,
unsigned char *out, unsigned long *outlen);
int base64_decode(const unsigned char *in, unsigned long len,
unsigned char *out, unsigned long *outlen);
#endif
/* ---- MEM routines ---- */
void zeromem(void *dst, size_t len);
void burn_stack(unsigned long len);
const char *error_to_string(int err);
int mpi_to_ltc_error(int err);
#if 0
/* Takes up space we don\'t need for Dropbear */
extern const char *crypt_build_settings;
#endif

141
mycrypt_prng.h
View File

@@ -1,141 +0,0 @@
/* ---- PRNG Stuff ---- */
struct yarrow_prng {
int cipher, hash;
unsigned char pool[MAXBLOCKSIZE];
symmetric_CTR ctr;
};
struct rc4_prng {
int x, y;
unsigned char buf[256];
};
struct fortuna_prng {
hash_state pool[FORTUNA_POOLS]; /* the pools */
symmetric_key skey;
unsigned char K[32], /* the current key */
IV[16]; /* IV for CTR mode */
unsigned long pool_idx, /* current pool we will add to */
pool0_len, /* length of 0'th pool */
wd;
ulong64 reset_cnt; /* number of times we have reset */
};
struct sober128_prng {
ulong32 R[17], /* Working storage for the shift register */
initR[17], /* saved register contents */
konst, /* key dependent constant */
sbuf; /* partial word encryption buffer */
int nbuf, /* number of part-word stream bits buffered */
flag, /* first add_entropy call or not? */
set; /* did we call add_entropy to set key? */
};
typedef union Prng_state {
#ifdef YARROW
struct yarrow_prng yarrow;
#endif
#ifdef RC4
struct rc4_prng rc4;
#endif
#ifdef FORTUNA
struct fortuna_prng fortuna;
#endif
#ifdef SOBER128
struct sober128_prng sober128;
#endif
} prng_state;
extern struct _prng_descriptor {
char *name;
int export_size; /* size in bytes of exported state */
int (*start)(prng_state *);
int (*add_entropy)(const unsigned char *, unsigned long, prng_state *);
int (*ready)(prng_state *);
unsigned long (*read)(unsigned char *, unsigned long, prng_state *);
int (*done)(prng_state *);
int (*pexport)(unsigned char *, unsigned long *, prng_state *);
int (*pimport)(const unsigned char *, unsigned long, prng_state *);
int (*test)(void);
} prng_descriptor[];
#ifdef YARROW
int yarrow_start(prng_state *prng);
int yarrow_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int yarrow_ready(prng_state *prng);
unsigned long yarrow_read(unsigned char *buf, unsigned long len, prng_state *prng);
int yarrow_done(prng_state *prng);
int yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int yarrow_test(void);
extern const struct _prng_descriptor yarrow_desc;
#endif
#ifdef FORTUNA
int fortuna_start(prng_state *prng);
int fortuna_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int fortuna_ready(prng_state *prng);
unsigned long fortuna_read(unsigned char *buf, unsigned long len, prng_state *prng);
int fortuna_done(prng_state *prng);
int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int fortuna_test(void);
extern const struct _prng_descriptor fortuna_desc;
#endif
#ifdef RC4
int rc4_start(prng_state *prng);
int rc4_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int rc4_ready(prng_state *prng);
unsigned long rc4_read(unsigned char *buf, unsigned long len, prng_state *prng);
int rc4_done(prng_state *prng);
int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int rc4_test(void);
extern const struct _prng_descriptor rc4_desc;
#endif
#ifdef SPRNG
int sprng_start(prng_state *prng);
int sprng_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int sprng_ready(prng_state *prng);
unsigned long sprng_read(unsigned char *buf, unsigned long len, prng_state *prng);
int sprng_done(prng_state *prng);
int sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int sprng_test(void);
extern const struct _prng_descriptor sprng_desc;
#endif
#ifdef SOBER128
int sober128_start(prng_state *prng);
int sober128_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int sober128_ready(prng_state *prng);
unsigned long sober128_read(unsigned char *buf, unsigned long len, prng_state *prng);
int sober128_done(prng_state *prng);
int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int sober128_test(void);
extern const struct _prng_descriptor sober128_desc;
#endif
int find_prng(const char *name);
int register_prng(const struct _prng_descriptor *prng);
int unregister_prng(const struct _prng_descriptor *prng);
int prng_is_valid(int idx);
/* Slow RNG you **might** be able to use to seed a PRNG with. Be careful as this
* might not work on all platforms as planned
*/
unsigned long rng_get_bytes(unsigned char *buf,
unsigned long len,
void (*callback)(void));
int rng_make_prng(int bits, int wprng, prng_state *prng, void (*callback)(void));

214
notes/ccm_tv.txt Normal file
View File

@@ -0,0 +1,214 @@
CCM Test Vectors. Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key. The outputs
are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous
step repeated sufficiently. The nonce is fixed throughout at 13 bytes 000102...
CCM-aes (16 byte key)
0: , 54C92FE45510D6B3B0D46EAC2FEE8E63
1: DA, 7A8984228DCF944903936CA9D7709ACF
2: B95E, 1056DE0CBBEEA760ED2053FFEB554EA6
3: 58FF3B, A42DE1A812D29BBC6C1C5AC808565437
4: 9D6E6FB6, 5E8E0422792999381ED669CE17601D34
5: 40D49E851D, B076B4ED79BF0155B39A743550593944
6: 015356B9A6E1, 8D62CEFC451CAE4A21C1C579C6CAA128
7: A2CF0A77AE0DE2, 97B9D201740FA59E863513EDACC59FFB
8: A44C68E52F95B48B, A461B79D4D9B8ADF6C6618E6ECDC059A
9: F56B8AD68AA31F22B9, C5C7D2E6FE34D94CE72B86DA55679080
10: 5C17EEBF4E348CBE3278, 29FAE7B470CB652C501343FE23B25894
11: 1EE960BFAE360302D834E3, 8F8F475EB9BAB29CE14A9CF42C30B148
12: EFF6BA1F2B1389237C6C045E, C895302DD8E75096951EF5CA63BFDD67
13: 5A1179A4047334CCD9162F36EB, 110987D37F45422625DEA402BD7580EB
14: F26E2C27E7D287B182FA42879978, 530FDE90C13A01EBCA86449073A3B035
15: 77BFE79B4BC87116EC5232606E890F, 280994EB0E16C7CF10F31BB60DBF52C8
16: 9926A4CE1AD70B89CC0050A58B958742, A635B4272EBFA1F83DAE270452D877E7
17: BAAF99CAE4753E3304D6F8F9C0CD366C68, A6F606AACD0B87923B43C3EB61AC3965
18: F72453C6765352A31494FA02B388E407B1FB, 0A446D28B7C5845C3621B4D3A0FA98DB
19: A7372589A86B2E137F124A96618095EB5E1435, 3C59A6A858947FEBFD32441E37309F1A
20: 5683E13A4E82A1AB8B3DC2051B6DBF2E1F2BB417, 459D1B0D2CF2C30B5ED5C237D07DFC19
21: 33594C4B84536C23DA5AB2117E9267258CCE5DEC3B, 6E4BB70A72343E142AC4E31CE0FE6A77
22: 332EDC9A3BDB90DBCCF317AC55BE5855CA9BCA2A73C4, 9FB310E5FFF5C754EE1E5FFF865F1656
23: 734618677055469335FFD574B008F2C68B78633F79010E, FAD31386E42BB4EA76A643A9004A8CB4
24: BA6F6ABA2AF35895F7F966D71F4E91A0BDD1DD551826F861, 25A3EC1C91C26283BAA5975390285AB2
25: FF519213E858E36AC8D92450F81CA46C8CA8AB129A997EBB36, 0D4AB2B7A5EB02242C01A81CEBF5D84E
26: B1F80058C3B4316EA86E9A898CD0B9C0366DFCB2AEC0799312D5, 0F4FF2759EDDF6349F4E23F284FAAD2E
27: 00BDC15012F8183112D5C3A135DC60DC9C764A04BD39A8E041F1D9, 0C68BC9E6A6BF1B01743F3183C9B7C80
28: 3022FD12969D925365C553D98D59E5D1EC494540909D1FA794F41E18, 05E61844943E78DB9BD417DDDE9C98B2
29: 4F4A4554BFED6BAA09E3D8843C4EA3807B8762799C1D21289A46575389, 3A59A6DC9230020FE061466A92BBCAFD
30: 6AE735EB15D9B39C8AD0E54F45307AAD97DB9F8A2A66BDC9BABCCFBD54A3, 0BDB365E493A9E160EEFD7DE24101870
31: 4AF19F00EAE55FED2304B94FBCA29383042F2BE711041323C1D9F14BA63383, 94561581E496553D068052BA698683D2
32: C2438BC46A92A465E0DB41E638CC6C8E0029C4DA842CA4140D73F90985EABA9C, 0F5A69F52AA8D8508D09E642511E54E5
CCM-rc6 (16 byte key)
0: , D01FACF2BB577BFA6194800E53FB4A00
1: 65, 92E48F7300FA2697E9E0FF80DD187237
2: AF5C, 332863BC515649D5BCAB6A2FE5F5250D
3: E7C89D, 49A641F027C65A15100009D99E79CF3F
4: ACB36D46, 53DE328A8B4B14CAD363BED53DACE8A1
5: C3ADAE6CCF, F713F5079BD77046F95D8685CDF522DC
6: 5A8CABC912DA, FB97B059D2BE1273497FA8D2739A1505
7: 27F101DD6D0894, 266ACEF34476A0E64410D209219335D0
8: 66164DA09BE2F46D, EFC64C01890A5B562AF39ADFC48E1CA9
9: 1B0018895394753995, FA894E1C882D96E35A4C238708931F3D
10: D346062826187BAEFC3B, A036AE1D3C02E2AD23541DE095AC7B84
11: EFB375BA1138339FA1B504, CDD4232FF4664D59D5AC6BE32CBE1B35
12: AFCF494078D7D7E6D9803FD5, 07E06ED923F76150BE82C1DDCB62C4DD
13: 75DF2EC91379408DA426A444E4, 440ACDF2A6567FA3A5009DDFE502A1A1
14: 3B36B62B01E324E702694305DD29, 4093598607DCD9993845D1837D211FE2
15: 7DF6595C9711B164C99CB246B4D57E, F364993B2C187058F466B62D11E0F94D
16: D317EE9EE1746D1B89A4CC52D88F0819, 41856B0B229D38344FA718E04CA57A8B
17: 85252277A97CA7553007995BD5A0DCD372, BDEEAB636BD1ACC8D5A23F658150FA30
18: 36FF305AC6EF662C155A1C15A6C195D3EC88, 9AC48EF07A510E308E06E79C0C80C3A0
19: 51645A614313E978F6DCE7BBDDEDC33E3284AB, E9F7723E763AD50161C0671C4034FD0A
20: 3CB9E6D0730FE05F903D338708AD8E34BFBB3285, 8A12185DAD518049F0FAC945A8FB305A
21: 276E37D246C40ABF32DC83007B95390EE801CDA6E3, 73FA1D310D031E0A0A3A1421661B4697
22: 4444BB070EDFBD1AC59D0BF70D66F48F0830069F3562, 9DCB6A99CBCCE3C8AEF29F06AF5057FB
23: D16BA084CF82EDD2E43349311140BF3A2E37DE40544BF3, CB93C5AD60C700D4EA653136101AACCC
24: 3FBAEBB36E2B74014043BA7D72F899B0D8DED883F592D778, 54DEA31D7EEA863A06A16D6C9B25DC13
25: 3614B5428B790793F31E23670A38A070B65DB8E51C61FEA9C9, A91B750FD7ABFF18376C982DFA0C8872
26: AC15FD90A4C254BA1406BE7DBA5694BB2625F634C69F45CCCD04, E6F97BCC8526BE3C04BA139EB50E65DF
27: B506E83557E48553BD8557411D2C17D64005E734BA5A5FF1CF98B1, 6FA001758A19F783A71C97AF1AA61F94
28: F07721663400838947EA1B9404D9683556F2D911429A9F59E3F5AD31, 376A1165A30C919E96C3706A4AB5DB37
29: 98B5EB8FE0005E515A585D8F44D838FA590054EA5201CD444366B6F71E, D8C58448F601F2C05F24ED2CC349C78B
30: E36E2FC225767CC1E2C388BEBC2C81C340FEF5B504575D5FA49682E1C214, CFED56F38CA4F84E6E1E16CEF50A6154
31: 7A9FDD8E481B822B3D282AAF726944101ED61DAE73782DE055D7D305E36B27, 328B10841E977041CBD13C39CD70F03F
32: 48AE8B5FA027930A7BCEC27468D795D0D8E6099C5F0558361B3AD20C1ECFF89F, B180AA9353E9EB6A22710A4DE872FACB
CCM-safer+ (16 byte key)
0: , E106F41D61402E532662213EBA471BFF
1: 05, 1749600C7045647DCB3293C0724E7A21
2: 2355, 80DD597665723F4AEFFF760C5C6C5EE2
3: 5F4CD8, 59AE54E63A8CF4DBAD050B42CE922013
4: 75F63A43, C31B6BD3125C036C99507DDEE0197201
5: 51D4D87B8D, 0F3872088CDEB0E958C35F343677AC24
6: 8CF6D81A274C, C8E688954E72A052B5F8D1CA46FB44B0
7: 5EB8283B299AB1, 5977CB96C8D439DE3A86AE0452A2EE34
8: 829B1A4EA8643EAA, 1E892D3DFB73A469035CA81DD7F937D1
9: 0FEEF9504CF0F4E282, EDCBED7C61E8E2D24392B4145218F0AB
10: DEF7679D3073D461A94C, D7ABAE561901CBB30FD7D9467C088B3B
11: 625FD679C7354A74D62893, 450E3954857640DDF4C7A95A6E202A1E
12: 3C9E76E4E2D4D95FEABD5C90, CD4467F695B7ED8973AEED5A822B347A
13: B1B6294ECEAE6AEE4853731CA9, 6042302DAE598822BE8554BE038119CF
14: 204BF480582D4BA408BAD23CEB52, 4D6B87334E1BFB9BA2D42B89B24165B2
15: 277591770E3E2DB97A3011D9616991, 75D0A4B9937748EAE7794056F7A8A7FE
16: 5669F75D0C908BFF7B82095231B86DAA, 3E816776A73FB89276534A3646C0F8FB
17: 37E621EF5A043A83FC98A65329891BC031, 159A823EA61B3A47B42EFCF12F304725
18: 18AC6ECF3F478A0797BF813C871235A9D309, 9B415B1B3A933B22C9027E2D72764956
19: 671484C7587DAAB885C7F2FAF030081B452CC6, 574A63D113A5ECEC877D5A368A3160AA
20: D7AB0F7D46B7ED976C8F6E7D0C6AABE3CAAA5A6E, 266C7A025C4EDF657DD42EB82BB6616A
21: D60E4CFC6500E237276A69F35AE4BBAE17371392EF, 6ED2A1673F8B4DB795547D9D93D76D8B
22: FAC6E21979D8D9896C790CB883C29F84D6820AE4FD4B, 1C7B6D73200E3C2DC5C701152F38EE8E
23: 39240DC2B544CA8BEBBB4EA499FD48A5EE707198AE8AC8, E7FFD169552665ADE7B9C0DFFDD04EBD
24: 6BE2C24172CAA192D55CC3E640E34675DD7F441CE5DB0FC0, 760CA976355281F76E49A2856A4EC7A0
25: 0E20427218D6447D6E23FA4832CB8D2A172B23FDC542B41524, 27D0F37E109252FF5E6F6F703CA784F5
26: 0AF75BD89028A5691B8B7993B9CE4FD24334A312DE28212C8B2C, AFE4C6B193B0F1796FC9E6C23292C060
27: 6830D8E2E6DEC1476796DA44C982D36409E268F966283A66E801ED, 9E2C92D5B30EB0943E17869ED4C789EC
28: 75ED280BEECD7768F7E032071F0E06D9D6BF1C9FF8E5DEB536DCD4BA, BF0DD11D633DBA5DCD25F4172765570B
29: DF1FAECC1DB24718236B18B90B354F405FD5DE1257EC43F811F4A43DCD, 48D182E572E794350BBDA91FD76B86BC
30: 176681E38ACACCD3C625F554C1F7A2D7C2C474C9444EAC8929B8C36EC05E, 080E109FFC5D247F1007217DD642BBA3
31: 8A8172C21D88A1FDD43089C545C308507617F7BDB02C47CF2719F1484407E2, 1A0D10B0AF5BE21BF19D570D3FDA5BCE
32: 0A93CAE2B95517773A4009FD3438231A207B9D46AABAE83FC4E1057EA4E2D6B4, 717AEF2F55DC8669F7E2D0298F8A7BE9
CCM-twofish (16 byte key)
0: , 33B3DF1B59C84DD3C15E4FEB66173303
1: BF, 92DCEBF1C11DD0B028DEC944A555E4C6
2: 8A4F, A859C7F76291326D821BB3C7519657C0
3: BAE755, 14D7C2EFBCA1063460FEFCEBAE3AD79A
4: 25695BC6, 9358BC434B14B59ED17F9C0D3F51DCB1
5: 1D9FC70ECE, 2A86578FA3A8C702E2E6723DB9A9893F
6: AC39F1DF3661, 3F9C71EE0506FD2BAFFEE7200D22CD92
7: D330A915EED9D0, 22DC25EDF5ACDEF8358BE2A3082112BC
8: EF913ADAE6380507, E87D72BB6395EEEF2AD4F546B4033DE8
9: 5EC16994E762BCE467, D7700F7BF4FE026A2076F161C3383A0A
10: 7EEB4910B7C2B540B490, 40C88A977E1DCDDABD749ABC9A0C60F8
11: E5DD32FF54D39451CC2AF8, 541B1558B5AFF6E9EFBEE496D60AD65C
12: 242C2900F859966B6627FF5C, 1CED148098350F3A5D1B5634180817A3
13: EEF025B9E4EB867B127EBD19D4, AD0179A07AD1418C25F40E123C2BEF47
14: C5E812B0AE37098686E2C4452C12, 02FC88AAA62E34742BB8577A651E922B
15: 7BCAB32D1A871A62F9C781AFCAC60C, 2CD1C11EE197D9E130359F76E7F49251
16: 1E82D8B8EED9A730D1670F0DCFF17B60, B7730261560EA6CF715FF7006D5FEFE2
17: 0E1966992E360DC81312B28ECA6865B811, 10C40ACD169CB0F2A6FFC99F9A5516EA
18: 5F5418C1322BF7EB828CF27C1F72086515BE, 90F8ED0447171A10476DED39F7518075
19: 6C552506FA167FB8AA12E9F416930031487D4E, C992009F83F31A7BF922BFAE68C4134B
20: 38429D966676406B17638DB7F9F7205250408BB2, 3385A50E9789D2C63835A80EFE9CFAE4
21: 56EF426315EF96BE4C60B49F41C9BDDE2E0CDB3C22, 2D51D5B4F5B04BEF3BC1A7CF1AEA70E9
22: 314B075C097EE531ECCE6AD7CEF22A72AAFCEFB02029, FB7A7D84D23FF524D060871D90FAC106
23: 61CCCF7E2A9B3E46CD0A94D7F4A7617BB0DBA2D989907A, B3F4D46094732F3EDD81E0755F0C52EB
24: 7A812A3BCED4E0A72FB81218BD5A4E33D69CA18834FFAE61, 487F80588B41F4E1198124708987667D
25: DBFAB77EF07AA4C9ED2B05500BDFA00FE3F19F15F97A74880A, 84504D9EECBC6CE11B18BD105DE55E2C
26: E676D4739B01B5101E36BF8D9F4FAE8F767C028E83A6D5B39664, 3141A05669807BCA30F0934F599FD077
27: D8FEBD069D87C1EE504CB8F72ADFF2166B14BA40B17B4DAA439668, 1D99A301943041C2F7A71432DA736FE0
28: D98E2A1CFFAB28341F92C41971A21AD0FDDE733EA25F2607967CD0C3, 42E05A53BF4F1A6C5B7F84742ECE031B
29: 13FA412B484945C1FE8291A7EB8F8FB78D2DC2C72C5132386EA82BF4A6, A1A8E8B026DD116B0F9C73EB14C1C7CD
30: 10ABD2DC25C8BA594FBFA9312E69C1A2DBF326475AF2080E55E3611FBC0E, 49DF8A5171DAC3FB684BA2CF7FBB3D3B
31: F401D2123619B81F54F307B783362CC40FB4FB2433CF51F5543A147BCD1FE5, ACBB670CB3722059B4B9FBEE67703E98
32: 839A9BFA1D3CA37924BC6648DED2291FC61736A3638906D9C5DA28A66AA684AC, CD07B83C8E0C3E6FB4115A149BDF6FDA
CCM-noekeon (16 byte key)
0: , FF73C6775C61DB36D9B5EEC812091FF7
1: 5F, 7D2AEA62A5202E3C4FBE05F33EBE4CC5
2: 0EA5, 312ED15FDDAB6EEEAC6AF9BE9CE698FA
3: 968F95, FA1AD58B85B93B5A4B5096C881F773C3
4: 9A8F4069, 8911063ADDF79E27D9DCEFF3F440E6D7
5: A5C0376E27, 9553F44B0BA8039527F8E05CD70AD8B0
6: 5B097736F3DA, 405B7EC685FC94903B36AC8E700558B8
7: 616810AE303B2C, 64C95A2DF5263F7BE6D1F9F3CF88EADE
8: C8D69A2E1170532C, 073A7E426266237FD73D8109F55AE5D3
9: 3E42CDB7DA4A72F2E0, 48675EA4302CA6BFE5992DE96CE43BB3
10: 88532CC1F3E321F66D64, 528B3516C6D9A4B5390DD32C2A2E6C19
11: 9216A8FC9A961E7F602F7D, B03047186B783844F5B6757057576B38
12: 89B0858D4FDE6795EDE19CCC, F4530A2DCA823307AEDE5AF34E5C4191
13: A676E20BB0A5E84FD0B9149BF7, 11B823B315DA93B0E15780851526D4BD
14: 903AD5C108C43A80436FE2117EF0, EB1C79C7DF20CE2967A99783EA8D6EF8
15: 81774C36F46F67159B7FFC24C080D7, 2E9E4812D9A92977EC34922782B6420D
16: 63FD1C3F692D64B2DA3982FCD474A5D4, 04171AE84857713A9BABBD4564875D33
17: B1BF6AD99F83C9173C6C021ACA74C5431C, 38D17D4F6AA3C24B8F3B465EAACE0A1E
18: 0948D1ED59F07DE44A96A76E05B0B6F7C309, 1848D886FCFF35E85B0DC3CBE5BEE7FA
19: 3458E5911222F9C555A1054C7D9748876DA39A, 584AFAE72FB6065A74BE016CF39D2E86
20: 641F3867185D0605E9D666AB605187E75A1299EF, 6F9332E6FB5EA0CE811E3345593CD163
21: 0676622D07733EF31A765AAB1E713FCE329277FB16, 88547474050FFC986930CC04BA8A03F0
22: 79861EC2FD2BCC5C12B69F30A1575FC66AC1405281BB, FC68EEAC8F39ED69D312AEABF8000084
23: CB2731835A576F7F8F2C2786D786FB6186E2F85D89DA3B, 3ED9E95BC51CF6368E6EF63667B35BD8
24: 3CB1C02FADB6DD5483BC5D3C03D944102CFCEDF82B913402, 1C3F60C989A6FBF41A7AF4F29115C334
25: E69FAEA5E3D0B76EF9E70F99C5918D934D0E9836F248DB9EEE, 7F1916B2CF7C9A5E3F5581D365ADBD31
26: 36779AD755A9DF2DC3C5824DC2F7DD4FFE038628A4E1A1C33AE7, 2BDED3703468D267F8AB7EC0AF8F1E65
27: E9D325646A41EE5AA7DABCDE98DE83440A7DC02714BA0AEE017E22, 972F4D7832F3371C60DCD04A6DEDEA15
28: 0FAAE3F6028A28A80BBFE71FA7AA9042E538B41A0D514D6EB4EE6029, F7B3925495E260249ACC6E1CBE956BC5
29: A9CC39EFFEE354C0E0579256AA85CBAA7B10E670DD3828A7A05DA0F49D, 28D9D20187AFE70AD9DD16759F0EFEB5
30: 032F4BBB4EBF2E65758C541FDAFF2107DDBED399739849F8EBB41AF9711F, A3436981ED637CE5EEE01B380C46ACAD
31: 7B321ED831CE96A603668E3E74BBC7453749A03D04A1B38E95966E6CC488F0, 88D1DADF2C1EE0BA579D0A8A90C1E62A
32: D862B0BD0E2178AE05AEFB14F34C791547C5956F1F3B5BD525926578DE383A94, BF32CFE059F27222DC55D3E7CE7C5F10
CCM-anubis (16 byte key)
0: , C85F41475E06F25682F855C3D45A6523
1: 25, 437BD73ECB8CFFAD9B2876F08D4BDA36
2: 5ADC, 5C762058A5EF71278B69F567F18CBE51
3: 95E541, DF099E8218AEDE8087791B38298334E9
4: 2DAA84E4, 7437094198E4AD2647C2618248769A26
5: B9641C5855, 91B02EC44D22460BFF22BB40C799E20C
6: 102012BCEFA5, E60488DA65D683182F0EFDF9DA52A78C
7: 8F14972CA4F8EA, C26B51F20ACDEC7DCA911500CF1241ED
8: ED2714B652972256, 8BA29459D5D370FC608EE362B55B7633
9: BF58A269A4F59CE0A4, D69080820F836E5B5CA8F393E61ED009
10: 44AF1F715ADAF26C6EF0, FEFBC7DB75ECDDBA4A13CBF9A57873D8
11: 77CDE1B951F0803893642D, FBF8B80B061703504D8D3A7718366B6E
12: DE599BAAC9D3EFD9FCD47E44, F636EC35D172D661F01746FF86688B95
13: A792B8359050C4866572977415, AE67D4EED92E63A14003FBC936EEF43E
14: 62D5A7A4DFB78A175831627987CB, 25F7B440DBE9902C28B28E50BF02C516
15: B6F289459F924C76586F4EEA0C1CAA, 54266B4424C3AF6E81F6CC4F2437F54E
16: 884B7DF3395F063DCA26BDF9F2FEF4EA, E3C2BFA1964EFDF78FDB9559C8031C50
17: 774962377B8731F2F301B930487518801F, F35B54264711D843D23636BA6CFA3E4C
18: E9C8D1164F2B196C7305406179B232E45F1F, 2A13E034A136EBC0ED3361737EAD214C
19: D3DCD242C952C5589E00B65CD826CA87691B8F, 9D624D482042798DB896B55D801EAD98
20: 57065B2655D4799C0478FE7E8463A2215E758875, C8FB052F14F9DF6731A9C8B566E71D53
21: FF736FDBD23593D9BC9A0D8CA7D819F550EF969322, 5CC3023029790BFD43204B27D52D7D7E
22: C562B7387B8F1D3DBA22DD1636C9C4AB443F2FF15F70, 195C928EAF88BB4ACBA8A01B4EBAEE6E
23: D0AC6EA8A804DC261304D4821E6AD7FCC2F0DC1A299B9A, 34FE2034CCF09A98DD50581DA8BCBE39
24: B65933A7D7C8EF19C1BDEAABE2B4CE5E821459D953565EF8, 42B20EF142EB228803D6AF47C6482BEB
25: F1F4FCE842EFEF563F6F047956E6706DC9B178D00D82776D74, 3ECE3050D8C80319821D5F57A7CA7066
26: 4A3F10F4E34210A5CA1B81AD4269CBC3FD68AC662BF0E9DC9935, 0BC0724AA9A194D8C75EE6FC8E7F28F1
27: 077F3C055303FD669BC1A370B18AA7F31D3C8CBFF5A69381404FBB, 872C7946401BE70E677B79EA13FB0F58
28: FD39D32B27FE5BB8E6512C642D490E0AD0866E386580AE115C85ED2B, EE81712EA57DD54DDEE98EAB3285E6EE
29: B45ED179290A6064188AFF6B722B37F8C3E984EC37AB5F47B353229B12, 186B3AD0C9F60D57E84992CBB2B0F71B
30: 83FF1FD179D518A414148C15BE566BE4CC3DBE9FF5319A651E862811F152, 4B2942C66565EB9139A83C2EFD549D55
31: B8176469E6A0D5797ED6421A871FEECDE48ACF011E394981C43AC917E8FFD5, E9B01383DB1A32E6126BD802A6C6F47E
32: AB6A0AA29B687D05735167D78DB697BA2478BD14ECD059AE9D1239E7F2AB48FD, A560A30FD87CF28BA66F5B2638567E4B

428
notes/cipher_tv.txt
View File

@@ -1005,6 +1005,222 @@ Key Size: 32 bytes
49: F8B974A4BC134F39BE9B27BD8B2F1129
Cipher: safer-k64
Key Size: 8 bytes
0: 533F0CD7CCC6DDF6
1: C3CD66BB1E5E5C17
2: 079DFD68F6AF9A79
3: 84EB4922264A1204
4: 31F3A7D739C7E42C
5: 381F88FB46E1DCA2
6: CAF4AC443E50EF47
7: 2914E255DA9BDDBB
8: A160A24120E4FECC
9: F748C6009FFBC465
10: 8B3CB5784846D2B0
11: 4F98C1621473399B
12: B486B0BC365ABEE9
13: 314EAB2B4E9F7840
14: 613FE3637968A8FE
15: 28935352361E1239
16: 0DCB090233B8EB3C
17: CF0BC7F307586C8B
18: 64DF354F96CB0781
19: D2B73C6BAACA7FB1
20: 638FCEEF49A29743
21: 204C4E0E0C0A8B63
22: F041EF6BE046D8AA
23: 76954D822F5E2C32
24: 6700C60971A73C9E
25: 80019293AA929DF2
26: 8EF4DE13F054ED98
27: 41DDF9845ABA2B7A
28: B91834079643850C
29: 8F44EC823D5D70DC
30: EC2FF8DE726C84CE
31: 25DF59DC2EA22CB5
32: FC1130B511794ABB
33: ED3259359D2E68D4
34: D7773C04804033F6
35: C1A32C114589251C
36: 51647E61EE32542E
37: B95A8037457C8425
38: 4F84B3D483F239EE
39: 458401C3787BCA5E
40: F59B5A93FD066F8A
41: 1450E10189CC4000
42: 0F758B71804B3AB3
43: 51B744B271554626
44: B55ADA1ED1B29F0D
45: 585DF794461FEBDA
46: 3790CC4DCA437505
47: 7F7D46616FF05DFA
48: 6AE981921DFCFB13
49: FE89299D55465BC6
Cipher: safer-sk64
Key Size: 8 bytes
0: 14A391FCE1DECD95
1: 16A5418C990D77F4
2: EE33161465F7E2DD
3: AB85A34464D58EC4
4: 3D247C84C1B98737
5: D88D275545132F17
6: 00B45A81780E3441
7: 6830FAE6C4A6D0D3
8: 93DF6918E1975723
9: 15AB9036D02AA290
10: 0933666F0BA4486E
11: 93F42DEE726D949C
12: 756E7BA3A6D4DE2E
13: 4922DCE8EED38CFD
14: 8EC07AFBD42DF21C
15: E82BEBCFB1D7C6B4
16: B3EDB4CB62B8A9BA
17: 5521307CA52DD2F3
18: 54B5D75512E1F8F3
19: 1A736293F2D460A8
20: 778C71384545F710
21: CBC041D3BF742253
22: 9C47FC0FDA1FE8D9
23: B84E290D4BF6EE66
24: FC3E514CE66BB9E3
25: E8742C92E3640AA8
26: 4DA275A571BDE1F0
27: C5698E3F6AC5ED9D
28: AC3E758DBC7425EA
29: B1D316FC0C5A59FD
30: 2861C78CA59069B9
31: E742B9B6525201CF
32: 2072746EDF9B32A6
33: 41EF55A26D66FEBC
34: EC57905E4EED5AC9
35: 5854E6D1C2FB2B88
36: 492D7E4A699EA6D6
37: D3E6B9298813982C
38: 65071A860261288B
39: 401EEF4839AC3C2E
40: 1025CA9BD9109F1D
41: 0C28B570A1AE84EA
42: BFBE239720E4B3C5
43: 09FB0339ACCEC228
44: DFF2E0E2631B556D
45: ECE375020575B084
46: 1C4C14890D44EB42
47: EA9062A14D4E1F7F
48: 82773D9EEFCAB1AB
49: 516C78FF770B6A2F
Cipher: safer-k128
Key Size: 16 bytes
0: 4D791DB28D724E55
1: 53788205114E1200
2: 4472BCCAF3DDEF59
3: FE9B3640ED11589C
4: 4DDD7859819857D7
5: 6BF901C4B46CC9DB
6: 930DBFC0DE0F5007
7: E89F702158A00D82
8: BEB661953BF46D50
9: 6F0DA64C0FD101F9
10: 4EBBCE4E5A37BED8
11: 996EAA0AF92A09AC
12: AED6BB9522E0B00F
13: DF9C643624A271B4
14: 2E5C789DD44EF0CF
15: 86A5BA1060177330
16: 2385DBA4DEBEB4A3
17: 82E2FC765722094D
18: B3CA2161757695EF
19: F8A4C6081F3ABC06
20: 6422316E1BEFFAC8
21: C178511BFBFF380E
22: 049B8CBEDE5942A9
23: 0E181292C1B1DEFC
24: C347BA0632A49E55
25: 32FDA46669714F99
26: 0523743E30C16788
27: 782BE96A93769ED0
28: 9F99C9E8BD4A69D8
29: 104C094F120C926D
30: 1F7EA3C4654D59E6
31: 90C263629BC81D53
32: 1803469BE59FED9E
33: 1478C7C176B86336
34: 362FE111601411FF
35: 6428417432ECC3C8
36: D74C42FCC6946FC5
37: 1A8F3A82C78C2BE6
38: EE22C641DC096375
39: 59D34A0187C5C021
40: F68CC96F09686A30
41: CF8C608BDCC4A7FC
42: D2896AB16C284A85
43: 8375C5B139D93189
44: 0F0462F9D8EBAED0
45: C3359B7CF78B3963
46: E4F7233D6F05DCC9
47: 8533D1062397119B
48: 4B300915F320DFCE
49: A050956A4F705DB9
Cipher: safer-sk128
Key Size: 16 bytes
0: 511E4D5D8D70B37E
1: 3C688F629490B796
2: 41CB15571FE700C6
3: F1CBFE79F0AD23C8
4: 0A0DC4AA14C2E8AA
5: 05740CF7CD1CA039
6: 24E886AD6E0C0A67
7: EEF14D7B967066BC
8: 6ABDF6D8AF85EAA0
9: 0EB947521357ED27
10: BDD2C15957F9EC95
11: 0989B87A74A2D454
12: 04C793BA2FAB7462
13: 3DAD2FACDDFA3C45
14: D1194935CC4E1BD7
15: BAC0A2C8248FF782
16: 7DD5894A82298C64
17: A59F552A4377C08B
18: 8DDDE41AB4586151
19: 7CC4261B38FFA833
20: E99204D6584158EC
21: AACC8ED0803CB5C4
22: C105CA72A7688E79
23: 3D662FDC35B88C09
24: A4BCEDC0AE99E30E
25: EAECF9B6024D353C
26: 214651A3D34AFF40
27: 807099325F9D73C2
28: 45EC21AEB6B90A24
29: DCED39526687F219
30: 2CC248E301D3101D
31: C7F37AB8570BA13C
32: BB9B31A34A39641B
33: 5314570844948CAC
34: 4581F837C02CD4F4
35: 4E036B1B62303BF3
36: 7B3B88DE1F5492A4
37: CEF2865C14875035
38: 14DE8BEE09A155DE
39: 3AA284C74867161B
40: 3616B4607369D597
41: 07512F57E75EDEF7
42: 710D1641FCE64DC2
43: DB2A089E87C867A2
44: A192D7B392AA2E2F
45: 8D797A62FBFE6C81
46: E52CE898E19BF110
47: 72695C25158CB870
48: 29F945B733FB498F
49: 27057037E976F3FB
Cipher: rc2
Key Size: 8 bytes
0: 83B189DE87161805
@@ -1537,3 +1753,215 @@ Key Size: 10 bytes
49: 0AAB29DF65861F4C
Cipher: anubis
Key Size: 16 bytes
0: 30FF064629BF7EF5B010830BF3D4E1E9
1: DD7A8E87CFD352AF9F63EA24ADA7E353
2: 0D0BE8F05510EBD6A3EC842E5BD9FC2A
3: 330F09581FDC897B3FE6EC1A5056A410
4: 30349D965F43C295B9484C389C4D942C
5: 9225343F0056BC355060C0282C638D02
6: E3A85D41B5337533C4D87730948A9D4E
7: 09DA0DDB65FF431081CAB08A28010B76
8: 6C0D0BD6CEAFB9783B31023FD455DAC6
9: FBE6F26B7CA322A45312856D586DE2EE
10: 1F269EC072D0FBA72E87CA77F8B983FB
11: CFFAE9ADE3006BD511ED172D42F16D05
12: 73F0E9DE89F4C7541506F052D181BAC2
13: FCFA3E2E89FF769834295C77431EF7CE
14: 0452360383D56F827C81263F6B0855BC
15: 40744E07299D6A2A210BE5598835221B
16: 2F0FC61148C36F4C7B42DF274AD0DDE0
17: 2EA0E9BE9E4E4DF85488FE6E7CFCD6E3
18: 0AD1254FA64C3996BBD485D41A3687A0
19: 5B55988652DF200348A114F802FD3C03
20: C32906AF76934C1436CA60BAD58A0C66
21: 59D87987DE9DD485C4537F3A95A164A0
22: 0A706ADF488D84632C96F4BEC43D9FA8
23: 0B74E0CDD14D984B37491E2D9FA63CAE
24: 47CB1827D151A60473E67BD5D233102F
25: F455B4B665D3D0AFB25FDE4A3312AFF6
26: F9A0649421D45DF604206854F681DBDB
27: 21477F5546339E4B6D8215368EE9F884
28: 577640F23CA73345701B0906DFABA4B7
29: 89F8D08A6E173759020DD7301E0FE361
30: 44EF7AF7043FD4B8112345CEE42BC969
31: D7CF0CE04A57253F4C63CABC4A5CB034
32: AF73D3F4CED32593B315E27079131D22
33: F6E603E3455359FE43A3B83AAF3AF0C5
34: DCC3FB557F2C301B631DEF499097E4FD
35: 8285A25CF6F7E701644708E12081C62C
36: EC702DD0293F4C646B1C9C2606762816
37: 289491E5A65DCA605B78E88DA8A9F8AB
38: D82FBC14452BE34C5840DAD81FC2A65E
39: B88A340EB1BF8D5ADE6A4E6C16104FC8
40: C9FC3D70D2BA26C4059BD3D34134264C
41: 18CE3D2920E3BDEFA91C369E9DE57BF4
42: 50917AE58278E15A18A47B284D8027A3
43: BDA6F9DE33704302CE056412143B4F82
44: C287898C1451774675EB7A964C004E0D
45: 3BDE73E0D357319AB06D3675F1D3E28D
46: 30FF4326C89C0FFE4D31D2E92CC0BF9B
47: F69816F304ED892232F220F290320A8D
48: 1368153F1A54EFF8D61F93A2D6AF21E3
49: 06DD274894B6EDF3159A1403F47F09C7
Key Size: 28 bytes
0: 7828B1997D3D050201DC6EE45C8521B5
1: 0D77F896F9CEF16DAAFCF962C2257AAE
2: 89C27B0623F5EECCA38BAE1AD86AE156
3: 44EC09834052009CC3CD66E1BA11AF01
4: F922BFDB03FB186A069C1E7B48222E3D
5: 277F7971955D8984AAECF287C32B8211
6: E77ED0144A3ED827B71453B91562FE25
7: 1760EFD04477AE527BC37F72C8BBBCAE
8: 26259425ACD58207AE328B3F1A217AC1
9: 0876C4DC51D22657C4121E9067C2C3BA
10: 0214981592C9CEDD4D654F84AF1793A5
11: 3E11FA027BC4F15048D27B187062259A
12: 24E7D61BB21EA90B5282B43AAFB0DBDC
13: 688F56ECB45B7C242000653460F04A23
14: DFA587501A875ACDE8687A04AE404861
15: 4C21CC3FBB768CC9AF2242FA206FE406
16: 5CA0B03FA7751DEBBE70CB21AA61765A
17: 4879B3AC26270C422645B9CA29CAD8BB
18: 24F941E1B9AF84C18D03885EAACE16E3
19: 05E163A0150123C2664131A81B20AFC1
20: D606CAA85362E23598E5B8BD60C60506
21: 33BD0AE751019BB751C151AE47BD5811
22: 75DA523F5F793F90034144A3599DC5E6
23: CD4709B56521EA306F5AD95CCA878183
24: 6A4EC2EDDEBBBFEB62C1F13F7A59BF20
25: 2A36272DC4EFDFC03F4DCF049ED2ADFF
26: FD4F3904E8E37E7C31508E5829482965
27: BA64BAE1C2ABB8599A31B245DBAD1153
28: 757E0151783A50FC92AE55861DCD797D
29: 5E63BDA3217ECB544972CA14A9074DA5
30: E52F1195921767FA2410BA095EA5C328
31: 6D7E42D67E329D669299B5A590017E8D
32: 0516F6F7D99ADE5DC42E635BB5832E80
33: 57FB4E6B82ED2A3091248DCEF9C27F14
34: 25231D0E9B96534977D2F2AF93DD10AB
35: 847C4C524A586568D19EFA3ECA343F1C
36: 52448814064E0F33A4EA89368C2E1ACC
37: 461275466FAA7BC16ABAD9EC459BD67A
38: 16C8324A383A00DA06DBEC419B69C551
39: 5F26F7CF715FF2649DCC3C71EB6B92DF
40: 575363411FB07C067CD4357A1CD1D695
41: AB70F08BAB51C5F57139A107EE858A12
42: 887F62AE3D700EC5323EDA231C6B4C48
43: 7B9851B01DC9083293F3B226690A54F4
44: 36E03DF51C574E35EF2077DB7A49548E
45: E238A564246B163F97EDD733A235EDEB
46: 30679CE080915DC3BFA91D0DAFF5E82E
47: 7C2E8145D803D4FE18EE32995AAC16B0
48: 24D6F61ECC87206804885D33BFA7B2CA
49: 1F4F81751CB3FAFDC9F9C27E639F370B
Key Size: 40 bytes
0: 31C3221C218E4CA1762B0DE77B964528
1: 0B6E4BD937773597647FFE0A3859BB12
2: 67A116E5F762619DE72F99AD1562A943
3: B6A841663FB466ACAF89C8DA5BA080F0
4: 0442708BF804642B9B1C69F5D905817E
5: BC77391EAB530B96CA35319E510DB306
6: AED37991A50AECB70C1B99137D5B38F2
7: 8735F7AF0BF6C5C7E3C98021E83A31EE
8: A614243B1B871D80BDCE4A23AD00F9FA
9: 16AC67B139A92AD777871C990D3DA571
10: B1774A2A12A8CAB25D28A575B67CEF5D
11: 4C9B1A120BC6A33C62AF903FEEC3AF5F
12: 7B128F00480E497C5754EE333457EE5E
13: AB56D578229492B95ED309C0EC566658
14: 42FAF577855FEDB3446D40B4B6677445
15: 84E0C19B4A4512001F663E22D3184F0A
16: 8B01680D049F5A9421BA9BED100CC272
17: 2B1D70B92A5DF12CE0FA6A7AA43E4CEE
18: C7F61340D1B2321A1884E54D74576657
19: 153C07C56B32530866722C4DEAC86A50
20: 2EACBEFC4A29D1250EEAFD12A1D4AE77
21: FCCB40B0997E47512295066F1A0344DD
22: C149A543345E2A1B8249F71CB9F903A4
23: 3FD0688A8D0BE5F06F157C234C29BF9A
24: 6A3F813F396D77C7F4641ECC3E0BF3AA
25: E2888B9D2A6D819367F61C5792866A8F
26: 1A8A000F91AF4E600DDD88E098BD938B
27: 2283E758C04548EF8C37FA9F5700A7AD
28: 4FD6D8E1678D2B85520B96C038C582BF
29: D13C0B228F792EF88F09ED192C571029
30: 1A2A06B1987BE0DADA4B558AE5E6A128
31: 097B0460C47F1801986F5706A69EB01C
32: DD17BAC0737515C6386ECA6A6D6C02B6
33: 5989BD1D46FD6EC14D4C55D5D6D17F99
34: 431002E0224BD34B0B93988356C19E7C
35: 37DB7570296DCCE45ABDDE36EBE4731D
36: 4731DE78EEBAA1D02568EEEA2E04A2F5
37: 1F879753A7964AF44C84FD5765D8E080
38: 54F120726F68EA4B0501365CD2A84759
39: 366E43BB744C615999E896D01A0D1D0E
40: 18747BD79F1D0529D09CAC70F4D08948
41: 4F9854BAE0834A0C5FD12381225958F2
42: 7C14ADF94A0B61828996D902E4CCFF3E
43: 242F0E9CE96E4E208A9E0C5D76F8E698
44: 27EE179E2A9301B521B2C94ED3D36A77
45: 892C84A5E77E88A67F5F00F3597F4C04
46: FC7880D7860E90DE17E935700FC8C030
47: BC49373F775BF9CD6BDC22C87F71E192
48: 365646D0DE092AF42EC8F12A19840342
49: 62D0E9C210A20ECD2FF191AD3495DE6F
Cipher: khazad
Key Size: 16 bytes
0: 9C4C292A989175FC
1: F49E366AF89BD6B7
2: 9E859C8F323666F9
3: 349EC57A02451059
4: 59E34CF03134A662
5: 436C16BAB80E3E2D
6: 81C35012B08A194C
7: 056CCC9991C1F087
8: 0A59F24C4715B303
9: 3C2CFF98AE8500FD
10: 9136C3FCC332D974
11: FA3FA726E6BEBA65
12: DD84E4F9F39FB7EE
13: A3F397CC9FB771F5
14: E2D6ECC1F40A51C7
15: 6704A1A705163A02
16: BD820F5AF7DEEB04
17: E21E37CC122027FF
18: E319085D8E2C1F4F
19: 0DDFE55B199A49A9
20: B70F39CCCB2BA9A6
21: 3F2F25723AED2E29
22: 751FACD5F517AB2F
23: D32CE55FBF217CE9
24: 91393018EA847012
25: D50F1C54BABE7081
26: C73350FBC5B3A82B
27: E9A054F709FD5C57
28: 94BD5121B25746D4
29: EE19F88B28BEB4B7
30: CE6845FD13A3B78A
31: 566729D0183496BC
32: DC0E1D38CB5E03A8
33: 251AD2B2842C75E3
34: D344AC41190F3594
35: 579B956A36ADA3A8
36: 5F83D3AFEE9A6F25
37: 2D3FF8708A03C600
38: 32A732C7BEEBB693
39: F437276FAA05BB39
40: 58DDD4CD0281C5FD
41: ECC2C84BD8C0A4DC
42: BAB24C2CEFE23531
43: 5244BFA3E2821E7D
44: A4B273E960946B2C
45: 039376D02A8D6788
46: D3EB7074E3B05206
47: 89C18FFA26ED0836
48: 1F05A2D2D78927D9
49: 0133E1745856C44C

130
notes/eax_tv.txt
View File

@@ -199,6 +199,82 @@ EAX-twofish (16 byte key)
31: 2DC26D449379997D110309B2A0DC2760FCE8CADB4B14ED580F86C70F69C9BA, EFCB60EB2B25737E256BC76700B198EF
32: 2B1890EB9FC0B8293E45D42D2126F4072754AA54E220C853C5F20FBA86BE0795, 1A1B15BBC287372FB9AF035FB124B6A1
EAX-safer-k64 (8 byte key)
0: , 9065118C8F6F7842
1: A1, 1926B3F5112C33BA
2: 2E9A, 5FA6078A0AA7B7C8
3: 56FCE2, 984E385F9441FEC8
4: C33ACE8A, 24AC1CBBCCD0D00A
5: 24307E196B, DD2D52EFCA571B68
6: 31471EAA5155, EB41C2B36FAAA774
7: 03D397F6CFFF62, 7DFBC8485C8B169B
8: 8FA39E282C21B5B2, 2C7EC769966B36D7
9: FEA5402D9A8BE34946, A058E165B5FFB556
10: 6CDEF76554CA845193F0, FED516001FFE039A
11: DC50D19E98463543D94820, 8F9CCF32394498A1
12: 42D8DC34F1974FB4EB2535D7, 77F648526BCBB5AF
13: B75F1299EF6211A6318F6A8EAA, C5086AEA1BE7640B
14: 1E28D68373330829DD1FFC5D083E, 33EDA06A7B5929A2
15: 85529CF87C4706751B0D47CC89CEA6, D031905D6141CBED
16: FE5CB61BAF93B30ED3C296EE85F51864, CC484888F0ABD922
EAX-safer-sk64 (8 byte key)
0: , 5254AB3079CDCB78
1: 75, 798DCF14FEF8F4D1
2: 0300, D5FCA75DAC97849C
3: 520F98, 10E357957CE20898
4: 80E2764D, 5C7F46656C6A46EA
5: C48960CDAA, 3CCF44BD41F01CA8
6: E0E60BD9AA2C, EBB493983FCEE79D
7: D13D8804906A1B, 6EDDCA919978F0B6
8: B7AE14C37A343BFB, 2369E38A9B686747
9: 5DE326BBCC7D0D35E9, 041E5EE8568E941C
10: 13494F5B0635BA3D6E53, EAEEA8AFA55141DD
11: A9BB35B14C831FDA0D83F7, 4002A696F1363987
12: E242043A1C355409819FABFC, 63A085B8886C5FDC
13: 204598B889272C6FE694BDBB4D, 194A1530138EFECE
14: EE3F39E0823A82615679C664DEBF, 1EFF8134C8BEFB3A
15: 8579D87FD3B5E2780BC229665F1D1B, A832CD3E1C1C2289
16: 74D7290D72DA67C4A9EAD434AE3A0A85, 96BAA615A5253CB5
EAX-safer-k128 (16 byte key)
0: , 7E32E3F943777EE7
1: D1, BA00336F561731A7
2: F6D7, 8E3862846CD1F482
3: 5323B5, BD1B8C27B061969B
4: A3EC3416, 170BBB9CE17D1D62
5: 0C74D66716, 7BD024B890C5CE01
6: 6158A630EB37, B5C5BD0652ACB712
7: 17F2D0E019947D, F9FF81E2638EC21C
8: 68E135CC154509C8, AA9EAEF8426886AA
9: EDB1ABE0B486749C21, 355C99E4651C0400
10: DB0C30E9367A72E8F5B2, 631B5671B8A1DB9A
11: D4E5453D9A4C9DB5170FCE, 75A2DF0042E14D82
12: 3F429CC9A550CBDA44107AA7, 2C2977EA13FEBD45
13: A7CA22A97C2361171B415E7083, BFE81185F31727A8
14: 170F79D8B0E3F77299C44208C5B1, D5ED9F9459DF9C22
15: 2E24312D2AE5D5F09D5410900A4BBA, 2FC865CA96EA5A7E
16: 8F3C49A316BA27067FF2C6D99EC8C846, 9D840F40CDB62E4B
EAX-safer-sk128 (16 byte key)
0: , 22D90A75BBA5F298
1: 3F, 98C31AB2DE61DE82
2: 584D, F4701D4A1A09928C
3: B9DEAD, 6E221A98505153DA
4: 06D4A6EB, 0E57C51B96BA13B6
5: 7B58B441CA, E28CCF271F5D0A29
6: 7950E0D1EC24, 2ACDDE6E38180C07
7: 65A4F4E098D7C6, 7DC1C9E9602BACF2
8: FEBE4E72BAA0848F, C4607EA3F138BAD9
9: 9B7BD6D6D655985AA3, 8B2C58A9530EA6AC
10: 60C92F925D1478470203, 51E6F5F6DC996F84
11: 7B40769370E651F64AA654, 74F1F8A8D3F4B9AF
12: 7215832C2FB9C54DF7A9C686, 9BF9AEF14F9151D1
13: AD0F9C79008572AB8AE2466EFF, F375D0583D921B69
14: C05076E2C330A0D25D7CEC80597F, 843C12F84B00A8E0
15: D18F0563AB0278140B0CD9A9B07B34, 262B1688E16A171E
16: 650747091F5C532EE37D2D78EE1EC605, 1BAC36144F9A0E8D
EAX-rc2 (8 byte key)
0: , D6CC8632EEE0F46B
1: 4C, EA19572CB8970CB4
@@ -329,3 +405,57 @@ EAX-skipjack (10 byte key)
15: 07AF486D1C458AAB2DBF13C3243FAD, 87288E41A9E64089
16: 84059283DF9A2A8563E7AF69235F26DF, 351652A0DBCE9D6E
EAX-anubis (16 byte key)
0: , 8E20F19D9BA22ABA09FB86FDE6B9EF38
1: 3B, F4201E546A9160F989191942EC8FD1D3
2: 9F38, 4E3CEAE3E1CB954E021A10E814B71732
3: 4F4769, 3E8F35A6A5B11200E9F1AA38590066CD
4: AB41F5FC, EC4C97A8892AAF5433106D4AC8A49843
5: 414F95D61B, BF831E34D1E3FECB973A8C730ECA2E6D
6: 4798322F06D1, 005BBC30BFEDBE6463536C4F80D1A071
7: F256B6CD1BF4F5, 468A28F0661884B846B191B530C8D064
8: 90906F27A633ADDE, 6D9200A37A7F6A456CB103673184C2E5
9: 16CD3C17C9B4EAB135, 6D716E23D7B35109F55B036EDFA7742E
10: 7AD1C22F1F06298DFB25, B076990F8193543C8F3185D3792BCE56
11: 0476F2ABCD057FE6FEE39D, BB2876DB18C00038FADBBD9B264ACC3C
12: B69EDE336407DBC2EE735857, AB63E5906116A8BE22C52B5DA31B1839
13: C3864C1354065A56470669E602, C72BFD3A0BC73BFF051C9AB2F0DFED93
14: 296D8F183A59020D33890420DD7B, C9D90B9EB42C32EDCF6223587D1598A6
15: 256ED8E9D982616680559979BDF2E9, 179FE4E7BA7E966050D35900317E9916
16: D4ED8F30FF9C0470D75B3B16750A3AE4, 5D50F05BB270A292DFF9F67A3BA84675
17: 40CDEB6388274143CA3C4F6020BD9A4875, B27C7DFB1BFBB3FCCEE0171852C7924E
18: 54EF262EC1801D505C7629D038654EBA0594, 9D2060FCD0A2C577511C7752ADE60BBE
19: F39EE54A37F16DD38B624D7AB8F0D9CBD4B981, BC056C7D2C09D813703CDD63C1C69F44
20: F4E7AD474FCA153ABD670E43081ED09EB2C4CC1A, F244BD4D630272F0D98FCA04226C04F1
21: 039ECC36A0A16273E7246CA1FF19D213AC87B53F29, 3056DB6916C925DF220B6C9980EE141A
22: 7DE1DCDEF01447CA2FE83375A48DD84E4A7CB7C01992, 79AFEA4816EAF8DAC8A5E93960F1594F
23: A886C4B914BF0983003272F226F9B2197EF2DC05ACDDE0, B59D85A0FDA5FA4422F7203C055B97A9
24: 00B3E1E91448E250AAFB695C0643A6577AB453EFECFABF53, 4A7EFF1CBC1AB535122A017203616D85
25: 85E972E774D66D0531E40B8FE9E264A77B50FA883AB0943080, B18E164BF89B7E7AB0DC256DFEC7C72F
26: 004849E39334969B392CB0CF3FDEFB3D792DCBBC15F8328C7EDC, 3C51295711F5F878DE8F0B2B5A26A227
27: A0BAD6C2264AB1578993BA49E59D4598822FFED20A57D88F756FF1, 2EB9D525697A419A10DB2A84AEEA5FBC
28: C34DD806EAB5AD823D78BCA78A7709A705FC94ECC521A367D76C9588, 3C57580C7903039D645C06DBAF07B477
29: C447EC77512938CF7862388C32AF22ACE6B5E4CBAA998BE4F5CBC4D215, 43425D09B7ACFD90371C08953946A955
30: 2C16993AAE624CBA4CDAF34FE3D368559E6BE548292B281439866375013B, 3B7360C3FA8FB1C15D19F567153CB46C
31: 538E5DFAF14854A786851E4165F2E01CDDA963E318FCE4FB58E31A6B5CFC33, 2F8EA13B7A6873FE556CA535ABA0968B
32: 5E29CDB7D9695A110043E9C260104BDF020A3A2A139D4112E918AB584BDD7EDA, 9133213AA7BCF062D2BD37F866683D3F
EAX-khazad (16 byte key)
0: , 75968E54452F6781
1: 95, ADAF5949F09B5A22
2: 6B8F, A06B201947424A11
3: 5BE668, 3251416625DF347A
4: 5A92E82B, 33E25772427D9786
5: 62F9F2ABCC, DE714F5F5D17D6D0
6: 0E3CD825BD8D, A7991C8CB8975ED9
7: 4AD0D999503AAD, 53A827D7886F7227
8: BB08E6FAED1DAEE8, 91A118749B7AB9F3
9: 16E30CB12E20D18495, F8F8B8C1280158F9
10: 616DBCC6346959D89E4A, 506BF35A70297D53
11: F86B022D4B28FDB1F0B7D3, EA42220C805FD759
12: 9B8A3D9CDBADD9BBCCCD2B28, BB478D3CE9A229C9
13: CDC4AB4EF2D5B46E87827241F0, 658EDB9497A91823
14: 1A113D96B21B4AEBDB13E34C381A, 63AD0C4084AC84B0
15: 14DA751E5AF7E01F35B3CE74EE1ACF, 3C76AB64E1724DCE
16: A13BBC7E408D2C550634CBC64690B8FE, 3D4BBC0C76536730

173
notes/etc/saferp_optimizer.c Normal file
View File

@@ -0,0 +1,173 @@
/* emits an optimized version of SAFER+ ... only does encrypt so far... */
#include <stdio.h>
#include <string.h>
/* This is the "Armenian" Shuffle. It takes the input from b and stores it in b2 */
#define SHUF\
b2[0] = b[8]; b2[1] = b[11]; b2[2] = b[12]; b2[3] = b[15]; \
b2[4] = b[2]; b2[5] = b[1]; b2[6] = b[6]; b2[7] = b[5]; \
b2[8] = b[10]; b2[9] = b[9]; b2[10] = b[14]; b2[11] = b[13]; \
b2[12] = b[0]; b2[13] = b[7]; b2[14] = b[4]; b2[15] = b[3]; memcpy(b, b2, sizeof(b));
/* This is the inverse shuffle. It takes from b and gives to b2 */
#define iSHUF(b, b2) \
b2[0] = b[12]; b2[1] = b[5]; b2[2] = b[4]; b2[3] = b[15]; \
b2[4] = b[14]; b2[5] = b[7]; b2[6] = b[6]; b2[7] = b[13]; \
b2[8] = b[0]; b2[9] = b[9]; b2[10] = b[8]; b2[11] = b[1]; \
b2[12] = b[2]; b2[13] = b[11]; b2[14] = b[10]; b2[15] = b[3]; memcpy(b, b2, sizeof(b));
#define ROUND(b, i) \
b[0] = (safer_ebox[(b[0] ^ skey->saferp.K[i][0]) & 255] + skey->saferp.K[i+1][0]) & 255; \
b[1] = safer_lbox[(b[1] + skey->saferp.K[i][1]) & 255] ^ skey->saferp.K[i+1][1]; \
b[2] = safer_lbox[(b[2] + skey->saferp.K[i][2]) & 255] ^ skey->saferp.K[i+1][2]; \
b[3] = (safer_ebox[(b[3] ^ skey->saferp.K[i][3]) & 255] + skey->saferp.K[i+1][3]) & 255; \
b[4] = (safer_ebox[(b[4] ^ skey->saferp.K[i][4]) & 255] + skey->saferp.K[i+1][4]) & 255; \
b[5] = safer_lbox[(b[5] + skey->saferp.K[i][5]) & 255] ^ skey->saferp.K[i+1][5]; \
b[6] = safer_lbox[(b[6] + skey->saferp.K[i][6]) & 255] ^ skey->saferp.K[i+1][6]; \
b[7] = (safer_ebox[(b[7] ^ skey->saferp.K[i][7]) & 255] + skey->saferp.K[i+1][7]) & 255; \
b[8] = (safer_ebox[(b[8] ^ skey->saferp.K[i][8]) & 255] + skey->saferp.K[i+1][8]) & 255; \
b[9] = safer_lbox[(b[9] + skey->saferp.K[i][9]) & 255] ^ skey->saferp.K[i+1][9]; \
b[10] = safer_lbox[(b[10] + skey->saferp.K[i][10]) & 255] ^ skey->saferp.K[i+1][10]; \
b[11] = (safer_ebox[(b[11] ^ skey->saferp.K[i][11]) & 255] + skey->saferp.K[i+1][11]) & 255; \
b[12] = (safer_ebox[(b[12] ^ skey->saferp.K[i][12]) & 255] + skey->saferp.K[i+1][12]) & 255; \
b[13] = safer_lbox[(b[13] + skey->saferp.K[i][13]) & 255] ^ skey->saferp.K[i+1][13]; \
b[14] = safer_lbox[(b[14] + skey->saferp.K[i][14]) & 255] ^ skey->saferp.K[i+1][14]; \
b[15] = (safer_ebox[(b[15] ^ skey->saferp.K[i][15]) & 255] + skey->saferp.K[i+1][15]) & 255;
int main(void)
{
int b[16], b2[16], x, y, z;
/* -- ENCRYPT --- */
for (x = 0; x < 16; x++) b[x] = x;
/* emit encrypt preabmle */
printf(
"void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)\n"
"{\n"
" int x;\n"
" unsigned char b[16];\n"
"\n"
" LTC_ARGCHK(pt != NULL);\n"
" LTC_ARGCHK(ct != NULL);\n"
" LTC_ARGCHK(skey != NULL);\n"
"\n"
" /* do eight rounds */\n"
" for (x = 0; x < 16; x++) {\n"
" b[x] = pt[x];\n"
" }\n");
/* do 8 rounds of ROUND; LT; */
for (x = 0; x < 8; x++) {
/* ROUND(..., x*2) */
for (y = 0; y < 16; y++) {
printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
b[y], "elle"[y&3], b[y], "^++^"[y&3], x*2, y, "+^^+"[y&3], x*2+1, y);
}
/* LT */
for (y = 0; y < 4; y++) {
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
if (y < 3) {
SHUF;
}
}
}
printf(
" if (skey->saferp.rounds <= 8) {\n");
/* finish */
for (x = 0; x < 16; x++) {
printf(
" ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
x, b[x], "^++^"[x&3], x);
}
printf(" return;\n }\n");
/* 192-bit keys */
printf(
" /* 192-bit key? */\n"
" if (skey->saferp.rounds > 8) {\n");
/* do 4 rounds of ROUND; LT; */
for (x = 8; x < 12; x++) {
/* ROUND(..., x*2) */
for (y = 0; y < 16; y++) {
printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
b[y], "elle"[y&3], b[y], "^++^"[y&3], x*2, y, "+^^+"[y&3], x*2+1, y);
}
/* LT */
for (y = 0; y < 4; y++) {
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
if (y < 3) {
SHUF;
}
}
}
printf("}\n");
printf(
" if (skey->saferp.rounds <= 12) {\n");
/* finish */
for (x = 0; x < 16; x++) {
printf(
" ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
x, b[x], "^++^"[x&3], x);
}
printf(" return;\n }\n");
/* 256-bit keys */
printf(
" /* 256-bit key? */\n"
" if (skey->saferp.rounds > 12) {\n");
/* do 4 rounds of ROUND; LT; */
for (x = 12; x < 16; x++) {
/* ROUND(..., x*2) */
for (y = 0; y < 16; y++) {
printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
b[y], "elle"[y&3], b[y], "^++^"[y&3], x*2, y, "+^^+"[y&3], x*2+1, y);
}
/* LT */
for (y = 0; y < 4; y++) {
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
if (y < 3) {
SHUF;
}
}
}
/* finish */
for (x = 0; x < 16; x++) {
printf(
" ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
x, b[x], "^++^"[x&3], x);
}
printf(" return;\n");
printf(" }\n}\n\n");
return 0;
}

214
notes/gcm_tv.txt Normal file
View File

@@ -0,0 +1,214 @@
GCM Test Vectors. Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key. The outputs
are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous
step repeated sufficiently. The nonce is fixed throughout at 13 bytes 000102...
GCM-aes (16 byte key)
0: , C6A13B37878F5B826F4F8162A1C8D879
1: F1, 397F649A20F3F89A00F45BF230F26B61
2: D6B8, 1653F67C9C716D0FC59F3B14154DECBF
3: 673456, E82EFC79B30CA5235E2DC8BE4C14265D
4: 26DD7C26, B8D1F4DB845F7D7079DEB8920949C14D
5: DA62AD1487, 828A42329320764E5FB74D44A6108F4B
6: FB79F7D51742, 865415BD049E86F3DA2E0B6E25E1A50C
7: 9D96D1034166BF, 50669247A5B338E183DE5139831CD6A4
8: B466050E1330B20A, CB264FA7853A1FFE86E1A07CFA7C7319
9: CF16F0B3D9FC6183DF, 647DD6E1F40F385E1DFE6676FB036242
10: 14D90928C7236050096F, 930CAAA5536406218885475CA823A973
11: 4F2322D66A7079BD7DF519, 3B3931D47413042FAF1313F1041509A3
12: F1497906F1D8F4F9E47E4BE9, 469FB0D62828427C2E9BA04041A1424F
13: 2FAFA2A3EEA4C000702E58D1D4, C9A484FC4ED8644A06060DAE2C3D1568
14: 5D707F8ACF319413D220AA2FC2B2, 0EE9AAF5B1CF622ECF6C4F5E5FF4656A
15: 2C19DBF966D24B2713F82B69934060, 8676246A2F7795ABD435B3C6B4EA6E7A
16: B3FED6C2315CE6D98729DBE69270A11E, B8AC739AD154744A33E906C34D91BD4B
17: B2BC44CE088BC3F654B9703D9C691F17B3, BAD8314A171BC0119942136C5876AACC
18: C6E958E3E9AC836C9626BD66478974D26B0C, 4E6D61833E9DB839117B665A96DC686C
19: D40FADD078B474EBCE130FB44DDB4824077988, F43E3CD978A6E328AF039CC70E291E1C
20: E177B3DF83A117E55F255A6C2CD78AFDAFDA307F, EEF1ABAAB9CBE0EE317CC79E7E5E24B8
21: DBB4569B3E305E4525F1F7B3D2AFEF226F397E661D, 65ACFB70132EEE1D47319A550A506DB5
22: AC2CAF77718DE59131A6B745DE9F3A9897B17580EC71, D8DB9006A9597F640F2594340D69E551
23: 8F62022F72A0D769D2D095A55E28832950870B2B44B0BE, A7E196F869071B7BB713E8A2D15627E9
24: 37F5640F820384B35F13F8C8C7DC31BDE1E4F29DCFBDA321, D5765C39DBCA72AC89100CCB8864E1DB
25: 25059BFC302D0F8DD41BB22CF2391D456630C06F1DAF4DFA86, DC2FFD153C788C28D251B78AB8B7388C
26: 151F158CC4BA9393FDB153C4C72911C120BAB519FAF64719133D, C61915006038BF15DED603832FD179DE
27: F5DCF4231482F72D02F8B9BE0A41113D35AEA1CD85021CEC978D9C, 9CBD02C557180FBD0868C87A0BEA25AE
28: 5D88B5554A2ED73054226473676FAA7159CE12B5357D635DDED35B5A, 5AD11CD6B14C59E64B5B26DFBD00FB5C
29: 5696C7066EA09A30FC8BCBAD96D48A5E5FBCC8756B770F0A89B8711911, B9EA5F3BEF0599D385A9ACEBE4064498
30: 1240FED47B305AC1883F8CF137D58E79052B4E686DCA1423A6A2BECBD5F5, 036A5EA5F4F2D0BF397E8896EB7AB03D
31: AD9517BF392C1EB56D78EDE1C41F3C73B72304DA47F400C390C86B37A50C2A, EB3E026D518EED47F6C927525746AC54
32: 2AE1CEED83C6490A7E5752E91532406EAC6FF4B11AA770EFFF1B255FDB77C528, 74BFBC7F120B58FA2B5E988A41EAF7AC
GCM-rc6 (16 byte key)
0: , D595FEDAB06C62D8C5290E76ED84601D
1: 4D, 47A6EDEF8286F9C144B7B51C9BCCCACF
2: 0085, 9788DDF89843EC51120B132EB0D0F833
3: 463701, 673CB8D248E6BECD5A6A7B0B08465EF6
4: F5B3222C, 1C424282D7FB427E55285E20FC2ABFF9
5: 3A4A8361B2, BD40E631B054F280C7973E5AB3F06B42
6: A475866BF2C5, 2067F42FAAA6274270CF9E65D833FDED
7: 689D0D407172C8, 3BCCFFC64E56D5B753352E1DDD5CCAA3
8: D9CE4B051202A1D3, 79B0CCDA3D0B9C9BCF640BC9E6D9CE0D
9: 0317D68BE098D276B7, AF35043DB6213DC5D4F3DFB8E29EE537
10: 154CEF0C6F37AA0A73C4, 61E598A8C6D17B639F9E27AF55DD00F3
11: C3DB1B2B6CCC9170B9C05F, 966871DDD6E110711FB9DD733B6B2B3A
12: E4F22383C75BC0FB0E59C5E8, 971536AF878F4EED68F59046C928EAC8
13: 2FBFB99AABC6209FB8664916DD, 68D0BF2144AD1ADECC4074DAE58540C2
14: 5FEEDFD09BF89719A34CDCCD2AAA, 64DEB7D5E6891103AA54C0EB366715D0
15: E063A076E0C770FB010D26C3AC3EB5, 0CA321B2A7448FEEF84D4E0AD5BA2DA4
16: AFB0DB9959F0906BD346C2D81DC5412C, 425627895E2C4C9546D3227975585459
17: 79179C0D4D6C5E0741DD4CA1E8CF28C75C, D0188A344A1CEE52272FE6368DB0FB75
18: 8A75521139B0DE3C08C9EAEB77D8018A39FE, 47FCC200D8A384320D2F1A5E803A9991
19: 0399381D0A975AE3980A9FB75B991C055AF367, 034915370AF94B96A8A4E50FF9B134CC
20: 8C189094DB13FBE62EA5C4A53C29A428ED587BA2, 99C58F838423033298897841ED526347
21: D91F5144B525AF5D47EF4D5F0AF9915447A55927F9, F6750BF7E089515D35B47BC1C65E2E3A
22: A4E26B554AA277057A5FE3FA08A6138CEEC6D69BB1D8, 7BBEBF52D8251108C7AA1025E213EC44
23: 5C1A8C3A46FCA90D73675706313CADFBB90A535A4B3D5A, E35244A2633478BBDAFCC81161F28B80
24: D69F7264FC594057B89181B83582D799AE54E9EE4FE8AD48, D4B29E5C25F9477D9345526DBDE9372A
25: AFD322D0AC4AF38D5B9CBE0DFE85618C001A7A77CD8FFFCB3E, AD06BB9C59D23D258D6A2AEDD946AA20
26: 179CA8395CD8E75B4E5EA07D25C8036AF08B1A1C330492523D36, E3704C4341A834C087500E332B7DEAE9
27: B9178EF7774684F43F1FCE99A4319B5A4D167B0A848551F562CD7C, 5D5082FB02B9B494D5883DF49DB3B84B
28: 830FCD15A09EC61245D7DA258E308E76D3B542F2345DBFC11AE983A3, F50C3332F8D91911BDACCFE228565E5C
29: 179619B8C7EE9B3121405BBED2AC102A027E6C97EAEDB5ECFEB13792EF, 859EBA3BADCE6E5AB271A261B26DE28C
30: 14264C7E0A154119BF24B7FCF434E81440D42D54738F0BAE55836849AB85, 0B6C9B9CADB1B6EC71CEA090C8C72834
31: 0D7A316F8B873F62CF26CFC569179AB11CBF09D3467936A85ADC265B2C9A8F, 866AE7C51EC2D9DEB32748A1C8B61143
32: F8FD1F967CD3632805AD7FA8ECB40F530927DD5C49D31FDBAE49738E2315905D, 9CB1CB84A727C9F42555EB566E0A1DEE
GCM-safer+ (16 byte key)
0: , F769B436C7FB7C0C822E24BB2B2555D3
1: CA, B156298625F5634FA012B23044437807
2: 4960, A64C73E890F3D77B2C3B3C76C2D913C6
3: DBBB8D, 686651A017F89A22F9FE96533C85C52C
4: 150AD99A, 177F7DE9E897DACCAB7EACEE3CDE7601
5: 077055065F, 48B4309C76CAC37BDF11842311BA6CD3
6: B2F8CE062C06, ED04DF96C06959524956E8AC5C338457
7: DCE718211410D8, 3F8D8180BDEAC2F018EA81615177CC8F
8: 0F71E2772402AC83, 2130481B2CA7B4B4C8F3EE73B3B3C28F
9: B69030734E5ADF753C, 8CC4B62BFBC3EA56CCDBF0ED318C784D
10: 6B8A91ABC1BF2F2D0176, 86EAAD80D148A48086987A40A5631DEF
11: 44AD00799EC8E62E34D6A1, 016830D58F06F75E54531B45D9E785F9
12: 0C4B9381D78E0F0A78B3CEAA, 4A79C58DAB131A22F172F9177DC4158B
13: 2C56D4625876524B4D8D5F079B, 7B407F704225B25F1F136C984E564147
14: 36424D69BACC56407D345B3D7B4D, EB126C255A2DCFD32F69DD5CB61876C7
15: FDD3E091C0420D1A4D4A848757FCC2, D319C5C07134D67BA42A4BF312CD874D
16: EFAF6F117EA9A4B4B83052BBF5A07DB9, BB09D473FE82257146E7ABC2EFF6F631
17: 19B71383C414BAC3EF252FFF09F5ACD777, 526DC9AE6895ED33A34A9A4ADB07E1B6
18: 9AB6DFDB930D26E00B3D98DD5AD014E08756, D70B95B20C106A5A03F9B803D2CAC3A0
19: EEB3C236C3031DE4C3F94BD746677AE84B271D, 9483BBCBBFDBA1CC5F6392DABA2ACC19
20: 3A0EBC7536F8717E8FDAFEDAC39E8F1F43C0627A, 3DA7DC2475466CEDF01EB543870A74FA
21: 79D28D2F149E1D97E910342DF383FCEECF5AFD4C6A, 2364F33BCF6F07E381F7E26DAF802D83
22: F1D7C319BAFB740332CA19AB0C9B71728D3AE69BFAC2, 3D4AEE9780A5C98CBC69606CDDDB31F8
23: 1A0D80381A186673FB7B52C40AB6C46A11AB0889333C20, AF5C17E3D0D9724EDC1FC438A16B4EBB
24: 5E503440B22DD6AE6401BA4355C8791BACC598C9E0F1412E, 156D8221BD61F5C108FC18FB2F50D159
25: 7784EFDC6F0FC56FCADAFF17BB52DEB35B64FA19C3F391BDFD, A291E8238EF158A2379692077F70E8D0
26: 184B6E18032D1A70CE5027912E447C357C72EEF7B20EF0FB256C, 0FA0138FB9480E0C4C237BF5D6099777
27: 7AC8FCB64F35B71C5ED0CCD776B1FF76CE352EB57244085ED34FE8, D995B3C1350CC777878108640C1CADAE
28: 86C7A01FB2262A8E37FF38CC99BF3EFAEB8B36166D24913BDD3B91DA, 25EC6D9F69168C5FA32C39631B606B55
29: 91F5D3E3FE0B1976E2915B8DA3E785F4D55768FD727AEF19FA1552F506, AF902DED55E386F0FC4210C97DB9446E
30: 7ABF5BD9CB2EFF8382C6D2B28C1B0B25540E434123AC252046BDDA74DA32, 713259EDDA9B1B63EB68E0283D0259DB
31: 5634B23ACEF2874BE0591BE3268C4538698FF2D93D59B39BC86D0137DACBAD, C4054796AFD335B43C60E7E634122BAF
32: F26C68C36B1E56449595EA4E162391E0C6A306592949F69797B6C2327E533ADB, 7B392AF776A94983078814B6B8428BFE
GCM-twofish (16 byte key)
0: , 6275E8CA35B36C108AD6D5F84F0CC5A3
1: 38, A714210792F9ED12A28F25CAE3B3BC5E
2: 8E2F, 6357C1F125723F2244DAF344CDFCD47B
3: 900A4C, ED4E0B318346D5B9B646441E946204E9
4: 087EAFF8, B871ED95C873F1EFA24EF8B6915F447D
5: 63FC9EFBD4, 650D0ED98CBECA07040AB97B97129360
6: B6081E94AA19, 6A3BDA8030C5A79B6B9087555A1DA67B
7: E10A7B9CBB20C2, 59EB55DFD0A37C55A869834E597373AF
8: 94E947FEE05780EE, 354918527F855264E37DB6892E868050
9: 9A80C567AA50220862, 814EE57CC9D51D7D900AB4840C4B072F
10: A8741BE1E42BE207C416, 2B28AFD8ABE20664D8BAD7535F82F11A
11: 6AB7E3C68B6682023E8190, 5E48B67541FE83969952394F84D29E93
12: 4F66FB634EB258CEE2955D84, F2632C2135B6E1144673B0EF73499818
13: B29042F3877C2F5E694953C5F6, 03268A30499D57A06AA873EF00160C3C
14: DCC7B5D9F58C88F54A9611389B8D, 5515426FF7CF2EEA91BE2B3752371CE0
15: B665488BCD75FC02A0DF7994B7CF98, B721531E2A317C254FA2ED306ADCF96C
16: 9535DC8A72645E34F948B71A5159AA9B, 5CEED93DE128044F0471C65AA8F21D29
17: 5CBFC61A23D28562FCA929375E5B585327, 3AA842B21631968D1B58B72FEE090EE1
18: 2AC3F780B956A933C0B8565EE527173B8CC8, 16EC4B6D8E2CF3CD0D16E7A5F401C78E
19: 5067FD65870A4EBF6C7FA811A15270E7F8F17D, 9A7563BEDADFA6B6E48F5C13FCEAED6E
20: E3A65A188077E5DC171CFF30BE8B27F10F015166, BD5B3D84D0C1DD51A3909F849141B57F
21: 88D0A65C105823E68BE3987CB205AE0C1A27588FCD, B280221AD0BD83E1D6B37F331F326AB5
22: 7C56D987FEF6807EEFAFD4C7EB9D72AA0E037979D91E, 686E1268A8DC9CD0192A383EA6C2D975
23: B23CCD0A076CB122750B634B9E6551E0585EDEA18C3245, 6DF30A7F0728E2D549AA411AE375E569
24: 767BC3AF206E67C9E27A4D7E814F3B3A65D27BB70BA9DD4D, AB2B16C031FB2C8E85B3B2B38A5CBA4E
25: 9ABF34ABD43705D62F377449461C5DC239A2A86E5A98AFB159, 3DEDEDA85E6BFB53C6F18726CD561604
26: FE756344C05CB12AA0673F1C2069A86556E583FF4B7313A0D395, 21CB0E0BABC3C7E547F5CB207295C0EE
27: B70F16AD19A6B0AF6D8DBF4E98D7D5ADB944D91BD889D9390C3E21, 2AE67812A22C1C785D3BFC184A1C74EA
28: A6389032AA9D08BDBAAA5E230E5130665FB4F0CB868F3F20C4C5438B, ECA054EFA3F39400A587839C4F0605C7
29: A55A41315EAF3A67A0FD0E14C6E04D03A5E38D0F756719F4A0800B290A, 7A5277809D4B65E663603099B4DFFBD8
30: E739633579AA6201A024B9873F28412BB08B08B8616D611BC9D07979BD3A, 390038A93AFD326C5CC1525A24CA91AD
31: ED3266F8B0DAA7C3DB7814427E8139831CFC0EDE668F0DA83FF7090154410D, DE440EC2C6080048BFF3C5455E1BB33F
32: 4D0F751B55DA3A2E0B28DE59E9680669FCB5984E9C0DB942DBAACDDEF0879731, 62F96CFE31D3D6AAA0B9F5130ED1B21B
GCM-noekeon (16 byte key)
0: , EB5A8E30D5C16311864E2D8D32859ACB
1: 88, EAB88DE1EB7BC784A706B2D7946798D7
2: BA1F, DC3CEC6AA324AC7D053EFF7A99AD3069
3: 9A1457, 4AB65831DE378DFF71C20249C7BEC05E
4: 2F9496D6, 800745CF95EAE3A698EDF9EC949D92B7
5: 84153177A2, F6A05B654435ABDF5F696C0E0588CB5C
6: F80B7865C766, 2334D0061FD488D15A6AC8E44EA1F4B9
7: 872EA486B4EA9D, 3A49671DE347F675AD7904DDF4255F3D
8: A4EE5750507FC831, 956D09F7C5FE812C6FB982E1DDBE864A
9: B5874AC964FBFC1A97, 90FBC75F45BFF58B3A1100393955D0C2
10: 92FF5FCF1EC675E02E71, 983C96A7BD4A0DB5D3B877911CE8A6B3
11: F7BCA69A9C7033D84A2BA0, D4ECE5BB9FFCBB331A646D9CE8078634
12: 5E1041B4554C8CDD14AAF16D, 1EF777F307CB96788B9120FFF8A8BC2F
13: 7BB7289FCAD209D7992EB7AEDC, E8AEFB830DBAED2B4A790FFEF940A20B
14: 12776A7C937A648F0A8628AD8C5C, F070283852AC030819EA67BF82C719AA
15: 7293476D9E935EAE9DEB66F697F662, D6322603671153A1EC1453CDA5978E15
16: DC12A86C85E7358919BABB15A3BF5FD7, BBBFA467EBA8124DFEC82DB0137D56B9
17: 0CC1DAD00A987F9C57E3660D9417F226E5, BB8AF5A0B5BC79BD11C5D41CA80CDE2C
18: D0049115D6EB5495FB391CDC494022AEAA48, 682FF357B2BC059765C29AE6CA668D0C
19: 48FC54A401B4C06CE8567AD298B672191C7E84, 493A4AF4C2A8828FED8442C4EFF877F6
20: 90779795821CB1B7DBD97028E29DC1CE7D0CFAE0, E126F485F73B6F7B3894B4CF7E1C5DDE
21: 8CA5C246C8B7C04BD7171CAE2D1A892D66302433F8, 5D73149A3635A86B3C34DEA5B95CCBCB
22: DF082B665F7A952B2604C04554B81393FCC7C0B816C8, D3569ED7D431176B286EF22414E4CBA8
23: 761908530C9069E189649ED24B6A68A89B067C31E9868C, A258BCD83D3FBC7AE2AEF7516025AB36
24: 717048F5A31F3C89D3704F90069AC5D5174118770C65BDA1, 067EBF18F7E3DF4EA13F9ABAC682C2A2
25: 08C6FCC5D3099347C3FEBA3858A6C22C51298CB591DDB77827, B57BFBA40BE99DF5031918A1A4E2CA80
26: 2CC53EF7EB954234E64CD4D60FB1D7157A489ABABC10900FFCDB, 236E769611D16EB7F463B7578770F886
27: 2556B46F2E831223D632F2691329A874F517687AF81B8322AC55D7, E213A90DBC31DC261A45A9AE41CFEEC3
28: 71241792728594D69791B80AD6DBC6417D1D14D222DF5E6F834B82C8, 601F97617708B1945BCDA8A82496EFB1
29: 5003DC2EAAA23F9E2221CCBB9E20116692CCC99B3CFBD0DDD3A8491E7C, 3743155B792012845550205C8949B73E
30: D0589675357E850333F854FBA160688F06D122DEC00CC2620DA0B2770765, 20E085752FC4D37791C22501ED1DB6AD
31: 645B46D2D114EE7329F14AC1D94E6817EB385EB80C61F014F90530749079EC, 8A18DE86F9555A1070D0BFEDAC15B14F
32: 068389206D37BF5A41C58075FC98901C3B42E6F2F13C09F4E92524021BB1C1C8, 370B86914D63CFEE8303D538A6BEA0E7
GCM-anubis (16 byte key)
0: , A0061C2F3B2295BFA33BC74C037EA8DA
1: ED, 9E5648DCE40DE37B56C557D26CB18D83
2: 6719, A6605253C59A101FF85C5102CE92BE45
3: B8873D, 13F3E3ED3646BB296EE4ED5D6379A21B
4: 5AA6E2CB, 1812E8385D15B5BAE043E4E860BEF490
5: 4F6F4CD8E9, 8A80BC5E08929C42A5A74C5D9ACC0C6D
6: 2F0D8B483CE4, 316F588F78FC6A9196C97CE59B9B63B6
7: 82D885FDE1F948, 7160BF556614511F53738A92B5277056
8: E4931462AD41B6DC, 7CE24C4D6B499975FCB72B5E2275ED56
9: 503AA70BE698BC5B41, 10EA0C61FDBA8FF7B4E9927BCCEFD911
10: 6B2D213D14B5D25EBE36, DC3222AED12EE26D3D14E2E733EDB2A7
11: 7D8B0BC1B7443E7267371E, FCACFC73E391865BE86E041F51C45E81
12: 9EF3BF8609E133BEB10565AF, D84326D4CAC9D5B74FCFD8CBAFE79E77
13: 59AE7B1FDE1178CEE7F63C4894, E1BCFCDCA86CAB9C684F7D21962D580D
14: 564E7B8BAC5582A3BF1178916569, 54804D8DF4D7577EF65C15487695F840
15: 758A6DC437C8821274B0F16F911BAA, 19DD27500915F425F34F67CC2374DC36
16: 0468C94A88A27AEEE2B3A973065E53CC, C743996C6F49363B2F4613F24703EF7E
17: 3B0CABA5EEE44B7BFF0D726ECED54763FF, 14D9D09815BCD91DCCE2F5AE1A9929CF
18: 5B945D83B98C43B0248F9BC0479E332869AB, 67A275F0313D4245B1965411CFCC8F17
19: 97332441CA96DE8553A3C6D898FC6D90C86DBF, 73150EC3D6327E3FC8015A6192652D3B
20: B9A1778FAF9767160D0D87816ECE1B99AA727087, 0C173D3C4078392CE377313C48D2BAE8
21: 5882B73911C7D26EFDCCA3AED2EDC8A8BFFE75B1F8, 8F8C535639A0B59537E590C7FC9D2E53
22: 70AEBED8CCFFF6E5CF06F3E841D12387EF8D6C7B4BDE, 4B00C27FCA9BEB82331CC8EB13DCC580
23: 345CCB52BC20DC5F1BF5EEDF5D72A6C48F402557FFD342, 1A790A39573B853DBB8E2E73B7331014
24: 0637C78A817E91D63CE18CEAF8D65C6107283A90C5A97842, 52786CB81724E12C76A0D23D4680E36B
25: 59526D1E86A473DFB720FF25E97D6571077845F73C5E8322F1, 369FBA7823FC83D727FFD25D10130987
26: 2933BB4E7603C313B62332827601F8189E14C1F08EA547E15AB5, 204520E365DAFF6551B01562A4CEFDFB
27: A4098CF2A48A1DC2BCCE65CCE8DF825AF51E7E5F94B6186FF85D77, 9833EBB9A1D5CD0356E023E2C3761C2B
28: 26557B942FD6913D806672EB01526DBD5D6F532F78AB6759DE3415C5, EDAACDD101BC40EE6530D8B5DC031F31
29: DB92C3D77DF0C8F4C98845AA9AD43FB800192E57A53E083862B7E3FAF0, 628DEB1E345303A40700289052080FF8
30: FC57BFAC2C77781723C2B721886D44ED67A52D9AD827874BC4EEC0A97281, 9A222DBC47B4AB4E520D3CC5850D4DEF
31: 72DFB9E91A78EAFE758B4542206A4A957B4523A58428398C11BCF2AEAE1938, 307D0B876130E82804C1167E03B69B2F
32: 7275C6EBDC2680DFCB73326A987D2FBCE83E40A9AEFE6351CFDA7251A6FE10A6, 895E6EEAA9BD88594903325A063CA45F

130
notes/ocb_tv.txt
View File

@@ -199,6 +199,82 @@ OCB-twofish (16 byte key)
31: F175230606040ADACEBAFE4D58BBD140B2D45E8BF7E5C904510B58E4B53D3F, DAF579E1A12481D39F4DCFB7C28794B1
32: 261388D491EF1CB92C261FD9B91CAD5B95440DE0A747144EB8697699F600801D, 749056EBEAF4F20CD8746AA8C8846C47
OCB-safer-k64 (8 byte key)
0: , 0EDD2A1AB692AA7A
1: 3E, 306F814F3C2C109E
2: 0593, 063D19B734C34715
3: CA72C6, DF6DAAFAD91BE697
4: 08924AEE, 15095FA49E789483
5: 359908A6CD, 16CB7F0741BA4091
6: 97F3BD820CF4, A59DB15B67B95EE8
7: 0A267201AC039E, B4FFC31DBCD8284A
8: 9F6ACD9705C9ECC5, 6B41A938F0B1CAEB
9: F355D5A937DD1582C2, 9D1F932E521CB955
10: ED39758CAF89E7932E48, 398EF517015F118F
11: D8ACF19363A0E0ADC9321B, F98B2A30217766AA
12: F8F54A8202B0F281ED610F33, 36EF7FA4A20E04B7
13: 0F8677DF64B5982DB6E2299140, 4DED2DA806834C81
14: 0C357A9DC321C93B3872881503B0, 7814D1C0C6A8900A
15: 10B6B1A261C3015A18110AD200A7B6, 9A814D6D2BAD850C
16: AA9EA9D1BA7818C0D2EBF23781A5467D, 236A24FC98826702
OCB-safer-sk64 (8 byte key)
0: , 76F16BDCE55B3E23
1: 63, F34B0B471F6F8F75
2: 8651, D7EFE17943D35193
3: D45504, 263224E50E7E9E75
4: 57B414C3, A553D6CABCA0F285
5: 4976E3B303, AC5E9969F739EBD9
6: F10AB8EB94E0, 8301FFE68848D46D
7: 6E954593AC427D, C1CF93BBC0F92644
8: F48F44441B898C0F, 698FFAED1A95E8E4
9: 1DC60156D62782E3D0, 6AFF0DCC65D4C933
10: 71920ADC8997CB8B3A72, 1C101C6A27CFBBBD
11: 890ED7492ED914AC20391B, F66DCD6205D945C6
12: 1B9FAB84A8748BAC187C7393, B450757FCAFAAD52
13: B4C89E1BB280DBC265E43ACE15, AE6BB3D2E6A371FF
14: 24B0C28944BDF22048E2E86644F5, 84E93E2191CEF17A
15: 8F2D5694D55EE235168AAA735943AF, 514252AEF2F2A2D9
16: 568B7E31FFDA726718E40397CFC8DCC6, 3C80BA7FCA9E419E
OCB-safer-k128 (16 byte key)
0: , 4919F68F6BC44ABC
1: 65, C6785F7BE4DE54D3
2: E1B0, C197C93B63F58355
3: BB7247, DFE092EF8184443B
4: 38C2D022, 943FD999227C5596
5: D71E4FD0ED, 51040FE9A01EA901
6: C4B211EADC2A, 329429BE3366F22F
7: 426DEB3FC3A4BC, CF1C976F6A19CE88
8: A6F813C09CE84800, 98D9FF427B3BD571
9: 4D1A9948FD157814B4, 5A389FAEEB85B8C6
10: EC3EA142C3F07F5A9EEB, 31E26E13F032A48F
11: A75FB14365D1533CD3FBE7, 8EF01ACC568C0591
12: 891582B5853DD546FF3EA071, E013CFFE43219C21
13: 54CA848C49DCDEE076780F21F4, 298EFC7B4D6B6CFE
14: EA7611C69A60F1A2EF71D6A7762D, 7D9AA51CFCEC8101
15: B2D1A211BC524B965A084BB4B21710, 7B2AC0EEB5216892
16: 5E81F1BFA270E804A488C9BFAB75811D, A67F627CE1E37851
OCB-safer-sk128 (16 byte key)
0: , E523C6DBB3CA178D
1: 5E, B1CB7EBE5780DF98
2: F4D8, 8036235F2BE7A817
3: 4FE268, 123320394EAC24F6
4: A5BA02B4, B8276B5E027D45DA
5: 1571859CCC, 29406C5F2DF2CFC4
6: CA1E47447B95, 5D4FAF8FD5341791
7: 8710DB37022D96, E10040FEA9AEA9C2
8: 205990DC9A34DA3C, AE25CB49AA7A697B
9: 757AFCB3191DC811C3, AA8CADA8638D6118
10: 6994F8C153522361BB92, 1BCEE09E928EB18B
11: A86FA0CDD051BB60AF5AA8, 50A38F8E9889354D
12: 8D3FD3EB7FF2269AACFD24BA, CB51CF84CEFC45F0
13: 03D2A313925D9490FC5547F95F, A1FF9D72E11C420B
14: D77C0F0F600FE92F14F479FA457C, 1EBE1B4B9685EDFA
15: 0CAF0A8BEB864E26058C7DF8EBA0EB, 1B153DDAE807561F
16: 113D12716DFE0596A2F30C875EC6BA0E, C61F5AC0245154A6
OCB-rc2 (8 byte key)
0: , 1A073F25FF5690BE
1: F4, 3D3221E92E40F634
@@ -329,3 +405,57 @@ OCB-skipjack (10 byte key)
15: 1D5A7AD556FF3078284BB21A536DAA, 01FAE2F4936ED9D2
16: 4B8B71396924880CB33EA6EC6593F969, A0F4B1BE3B9B4CCE
OCB-anubis (16 byte key)
0: , D22ACF880B297DB0513DFAF0D2DF57D9
1: 59, 210A179469D6568AB9470C760415574E
2: AFA5, 1223F9CD160ABE2F257164C6E5533C87
3: 969BEC, A57EC767543CA2ADBA4F5A7423ECA78A
4: CF8B31F1, 13B5BF9CD87CE15CE696F3AF1B082650
5: 9B22DF3852, 4937FDDA0AFDDA04CCD53CCBB0A82745
6: E11719B2F0F8, 6847931DBF0223F5CEF66AE3F4DFCF9B
7: 5A85E0F6DD2266, A1A0AF45A68A681CC396615FE1E1DFB5
8: 7F2DFCC65ED86976, 13614A3C6E0E08611D8DF8EE5B7D788F
9: 1DAF10DFA3F1D53E50, 673632B6DD553BAE90E9E6CC8CDE0FA5
10: AF74FD9671F9C0A9879C, B8B4DD448FE967207227B84E42126D90
11: 49421CED1167A882E26297, 21C8951A1761E4BD13BC85CBD14D30BD
12: BC0BC779B83F07D30CB340DA, FAABD25E14FFD8D468AD6616021F604C
13: 843D7E00F94E61AE950B9AA191, 08933ED5FBDCAF72F788393CD5422D0F
14: 296F15C383C511C36258F528E331, 8BFFADF5655C1864057D69A6706D1739
15: E31D2E80B2DBA4FBFAF52DB0513838, C4CD36821EC631CCBF1F258EE9931288
16: 87F319FE9A48E2D087EDF95563896EE5, 517960488E5A118D150A1573E76C290A
17: 9632B7DC1740BBE0A7AEEFD0F535B5AE8A, 0C24D0950873621D319A928862D3A6AC
18: 359431ED4B3AC537238CAC2F86126972D403, 4A0CED2F4BFA3355C17D6C5DF9FABFAA
19: E15B50172EE8DA9C552D448A5A48BEEAA2F11D, 8166B2A2D3A0745D1055F9F503FD6C03
20: 75842DDC0D5E3BD80225E4BFBD1298421244D7EF, BB957BB2582B67B63978BCFD7A949EDD
21: 3DD69162716D5F3E096E614991CAD7ED8E01F926B8, 40A954F31F5B0A2C5DD220ACED8D2B3E
22: 8A49AC14F59593D5399A10F9346E2FD36F47F64ED419, 4324D408CE7F86370495AF14FBD1A859
23: 6AA8FA353BCAAB4262211D75F13D27BE173526B8BC3CFC, BA3A27D79EC8ECBC5A78CB9FD095B766
24: B918192BB72CFEF980298EEE570460356A4BA1755576FEAA, EB341ECE0A070E769F498600EE4EBF77
25: BEFAE0B77E42A2FD18958D9E43202E8A338562AFF8317461B0, 444C1D6BDC026A01012BB2CEEAD89C2C
26: 07E86D49CFFE6FB08FDF44584033AF321447003D8AD3862C00C9, DA9355A79B224EF662DA65F19BE494A7
27: 911BB223AC6F6E54082FBFEDEC300D73FCAF715CCA35949212B372, 3496160A46A21DCDB5A4C179F159D860
28: ABB563FC803715F59AA35460E98470E2E94E4270455ACEBF4297641B, 899CFE1946A060DE620879B8A7464718
29: 47D98E83B5849CDE19B14ABCF9EA6CA9684AB49A3AB36BD14F328D808C, 6D76CD5EFF6D4AD3B67A56DF1EB42E05
30: C8BF0B71A95884FFB93D64C57E327A4754EC5A1EE26632CF8E0B6B26CBDE, 2B3BE785263B1A400E5893273AFD09AE
31: 9804D668CF2D75CA58C9671F65630E33909269B9511AF9119BE88EBB35F00C, 3DDA028B1A2339CA817DC8D9371E0FF8
32: F6E038A82A09BCD20BAAC7926B2296B78F9CBA9DD12C497C47EA08DBCD8CEA3A, A203FC1E68E21A52E72224891AC10EE2
OCB-khazad (16 byte key)
0: , BDEDFF7AA0070063
1: 00, 67E951582D66ED93
2: 5FED, 09DC8AEAD70673DE
3: 26A7CC, CE1436CE1E37D4B0
4: 3D2BD063, 574C24395F31511A
5: 597F1AFCB1, 6FBBE820C6F26CDB
6: 202DAE442DF6, 58CA6E5706C9852D
7: 7C20EDA18E9444, AABF0DA252A1BAAD
8: DEC02BF76DFD5B77, A0A97446B80EACB6
9: 5D7A42F73843F9200E, A1DD603372D124CB
10: 0D4710E454C19B68369E, CC78E9D7EAA6A39F
11: 126694191BF09A29DCF40E, 76C9B84FA3E8913F
12: A94EBB86BD325B4FA1942FA5, 613DE312DB1666F7
13: 4F9462386469EA0EFDC1BFAFE9, 5247244FD4BBAA6F
14: 4EB794DFCF3823BDC38FA5EF3B23, 0C12017B5E058398
15: D870479780CC5B3B13A7A39029A56F, 003D3FCD31D497B5
16: A47BF1218AC86A60F6002CE004AF5E50, B4EC27091D5DCD58

130
notes/omac_tv.txt
View File

@@ -199,6 +199,82 @@ OMAC-twofish (16 byte key)
31: C24FCA5DD4AE0DF2BFF17364D17D6743
32: DC6738080478AF9AF7CA833295031E06
OMAC-safer-k64 (8 byte key)
0: 726FE2DD40A43924
1: 2A138B65EB352621
2: 9588A1B53E29616C
3: C025DEFDE1A59850
4: 73D062F1B6D8E003
5: 944598A2FC8A2D76
6: B176C25D8CAFFC98
7: 14F05014DE6A090A
8: A7B9847B2CE22D0F
9: FCD71310CBAA3A62
10: BFF00CE5D4A20331
11: BEE12A2171333ED5
12: 333FD849BEB4A64A
13: D048EC7E93B90435
14: F04960356689CFEF
15: 9E63D9744BF1B61A
16: 7C744982F32F8889
OMAC-safer-sk64 (8 byte key)
0: E96711BA37D53743
1: 7DCFF26A03509FE1
2: 0A20EF19C8EE9BF2
3: FE2883748A6963CF
4: 557060195B820A18
5: 771A7931FBBE5C0F
6: 6BDBCE5F96CF91D8
7: F3B924CCE8724595
8: EC7191286D83C2C3
9: 94F55B19BB7A8AC1
10: 2189F4F2B06A8CA4
11: 99853DAEBCA33A46
12: 66EAC37A033802D7
13: 845D7AA866F8A8AD
14: 33A874DFECAC22AC
15: 63DD9F7A7F3683DF
16: EAC277D951676C44
OMAC-safer-k128 (16 byte key)
0: 8037B89AF193F129
1: FF2314E87BA6AFE1
2: C3243DF896B61D85
3: 0F61C715CE821AB8
4: EBFDC6A9CFD2F5A4
5: AB6497D7AF2C7FFF
6: C920CEEB7C1819C2
7: 3E186951B545A7E5
8: 5EA36A93C94AF4AC
9: 6A2C59FAE33709BE
10: BF1BAFAF9FC39C19
11: 69EB6EF046677B7C
12: CDDCEE6B20453094
13: A3833BD3FED6895C
14: B6C05E51F01E049B
15: 90A2D0EAB739D39B
16: 07BF607A161D0A66
OMAC-safer-sk128 (16 byte key)
0: 5E8B137A3946A557
1: 0228FA66B13F3C7E
2: A6F9BBAFF050DCDD
3: F75880F684A796CE
4: E0AEFB8E32040EBD
5: 9F65D658B86D310F
6: 3FA52804FB46CCAA
7: 2F6D12D199FCD2FB
8: CB56AF60AFB4D2BB
9: 8E6F0FF6FDD262FD
10: 490245BE3CCCEDE2
11: EFD319AE46C73005
12: 43E00E545C848995
13: 10444B41ECA15EBE
14: 521775C389D5BE71
15: 9B683EF8B097FEBA
16: 3C5D746EED09530A
OMAC-rc2 (8 byte key)
0: F001FE9BBC3A97B0
1: 8F8DC9C952897FBD
@@ -329,3 +405,57 @@ OMAC-skipjack (10 byte key)
15: ED91F98DA98F42C4
16: D8D0FA5CE96B08BF
OMAC-anubis (16 byte key)
0: E672617CAA1E641C0E7B4B4CC4787455
1: C0C16E8FD63907C08A8ABBB7B73376D3
2: 23F97CED54939361830396224A7BDD91
3: 7FD87DEA9F05E07212DDF61292D9E13D
4: 929A11A4D0991A6446B1051926A6048D
5: 4EB74F1CC0150D86126BC6FE1FC8253D
6: 33C2C3C072D05BB6D54F87579C23B116
7: DE350181C9E90A79879813A609BE77E2
8: DB519EB9EF0E154D9D248734FD3D3724
9: 4F7F2E6D3FC72BA94FE24EC0ABBF4E66
10: D646389DBCEEDD59EBB6E8F09C422930
11: 8547658AE1CE6A8B8D010A1E1FEA7AF4
12: C9BE2B7F3630EFDFBD3AEA6A108C86EA
13: 290417C57096B8B9A1BA3C20FD91285B
14: 9AF60E99692C5F911CBF969A6E11DC14
15: CDA433BE58C98E49EBA8A7108E50DE2B
16: 7430D0EE631A4659351B8A4489A78D46
17: DCC74C0FD0415768FE00225CA14B7DC2
18: 0CF2432B1B465F2A8C5FACAAF2FEF619
19: DA020680C64E93AE5FCA3D71466D01C1
20: B9C33A86E6ED9FCCDCD973382DD1B6A3
21: 6631236B9F2F810DD4D97E6046F41AF2
22: 0312C322F4D634CF4FBC0C2624E3E9F2
23: 111E3E9F8FBDC1E4364622723F1CB524
24: 6D2608D7AAF243D5219E14513895BFF6
25: 683BD01B43CBC0430A007ACBAB357DC9
26: 01B8FC65C56B0F1A5BFEBEDCCF6748D9
27: 4D6298D63A80D55491697A6DD8E3694C
28: 6F0205E4E083CAB00747D723300510DF
29: 5183BAEEF05E9402A935EB9AFF0AA2A9
30: 1E673BFAD4944643A740C59D96A5925C
31: 940FB4000E34EEE78E8DB402E4A76502
32: 87B0C48F3D155AD85D0502D94A4572DE
OMAC-khazad (16 byte key)
0: 4EBEFA460499424F
1: 97AEEAD51E541D16
2: 29A35212910C9595
3: ABD1577D622074EA
4: 70A537DE14DD765C
5: 240A19016DE99C51
6: 4D42C10A9F803177
7: F464BC3E0DB5A909
8: 1C65A01A7C08DAC7
9: E49A1428C230C209
10: 16DD0FEB7A6505B8
11: 2DDDB3E35A05C220
12: EC88910C799AC6CC
13: B2A65C9EF39BEC8A
14: F0D2366BA91DFFD5
15: BCAB623CAB7AAA23
16: 9BCEAB857596E478

130
notes/pmac_tv.txt
View File

@@ -199,6 +199,82 @@ PMAC-twofish (16 byte key)
31: 0D06F2FAEC5AA404A4087AAEBC4DBB36
32: 0F396FE9E3D9D74D17EB7A0BF603AB51
PMAC-safer-k64 (8 byte key)
0: 2E49792C78C1DA52
1: 7A5136F4FE617C57
2: 6FC8575F6F3D78EC
3: 7C0373CAEAAA640B
4: 9D469E7FF6C35D31
5: 7755D62DD7D88112
6: ADD9E7855A958C9F
7: 752D29BA8150F18E
8: 0954649A99596104
9: 05D4D75A9FAE233D
10: 1AADAFD7B4B250DA
11: E7A8F31ED74DA32B
12: 1A74DF61BDB9DF94
13: C38A67B1955C4E0D
14: EBADAA44746ADF16
15: C0BFBB092CE81D8E
16: 984975657F3FF2B0
PMAC-safer-sk64 (8 byte key)
0: E8917E1629E7403E
1: AE8061A5E412A647
2: C969771CE5A9B0C6
3: 78159C01D0A3A5CB
4: 1DD4382A8FC81921
5: 4086880FD863C048
6: A520B45600A3FA1D
7: 0F0AB5118D7506C4
8: 22E315F2DD03BCC6
9: 5ECB5561EE372016
10: 446A9B2BCB367AD6
11: B2107FE2EB411AE9
12: 5A539B62FB5893DF
13: F44EE1EB3278C2BA
14: 293FEA56D1F6EA81
15: F38F614D2B5F81C4
16: AB23F7F8F4C12A7E
PMAC-safer-k128 (16 byte key)
0: 7E0BDE11EC82FDE6
1: 8942FB017A135520
2: 0B073E6D0F037A02
3: DBF88439D671ED4F
4: B89427ED1121069A
5: AA8573DAC66D2315
6: 12DA3144BEF13FF2
7: EF80413CBA281B3A
8: DFA7114D8505EEBD
9: AE53607F3E6F4A54
10: 3F2C9395CFB9F78F
11: 67EB7C5F02760AED
12: 3EF4CBB4AB5B8D1F
13: 83B63AFA78795A92
14: 5DE400951766992A
15: AA8791A45237CF83
16: 7743B18704B037CF
PMAC-safer-sk128 (16 byte key)
0: 8F1597FFCF6FB7C1
1: AFF8BD8FF9F3888A
2: 65F89D82869D8B42
3: CBE1F06476B2D5BD
4: 4878D47FDFECE23E
5: 4751A9E6D61AB2A2
6: 003AC162AED4DED8
7: 1F617A5555092C22
8: 088EE0C35B607153
9: F840B485086F9908
10: BA99E0FB5D7D0976
11: F04AF6DC4BAF6887
12: 5DBBE40AF2F67E4E
13: 7F52A93E87E29C9D
14: 7B26A14A4BD5B709
15: C34F26E08C64F26B
16: 291A41D479EC1D2A
PMAC-rc2 (8 byte key)
0: E5AF80FAC4580444
1: 6A15D6211EB4FF99
@@ -329,3 +405,57 @@ PMAC-skipjack (10 byte key)
15: 2C5BD475AAC44C77
16: FEB892DA66D31A84
PMAC-anubis (16 byte key)
0: DF33EE541FFEE6A97FE3A1F72F7A38FC
1: 0AB28675AC3923C6DD9F5A8E1E2928D0
2: 2DABF75D6403E1E1CFAB3E6869FB1088
3: 95835D49E09740180B79E394FC2AA744
4: F364D6DC2C2078A519E5BAEFE858AFCA
5: DA4C66A4805FC91FABAECC0D3AEAD850
6: 487660FADCAC7B326C492AA051A1DF49
7: BF07835AA1A548FA7312509AF35CE3F3
8: 3CE8A8B1F324A700923AC0B830D53D99
9: 3C54D99AACFAB26E34FC1B0B6BB9EB22
10: 0A559F9D107ED76FD19227FDD0752B8A
11: BFD9E74ADC40B9C7446FDD09558FA584
12: F1130F663BC0FA3B1066129E0D1910E9
13: 535EAD786F0D211DE7AA78F3CB480803
14: CDF5855F00A4C310D95B26751B01A28B
15: EF6686E999D5A9C35A96D25BB9DBBF57
16: E795733AA0AAF16D8F7AB1A8E9C55E54
17: E03CA85727D5CF06F56BB6465BB3E5C5
18: 6EDDDB6D2292EFF584E382E1BACD1A49
19: 7B7FE0D8821836C1AA95578071FF2FD2
20: 5F8CC568338400746B61A9286B7CF262
21: 32DEE5A11E9EDB04BDF911837CE0FA4D
22: F1A99914F13B17ABF383F36157FEB170
23: 99F541647F382390043CAE5332E3114D
24: 34C5EBB85693A1979F8CFDF8B431A5BB
25: 1BA7266568F1E7B4A77A869D3021AC0F
26: 0FC675C99C24E859F8CE714E86BF5289
27: CBFAB21F5ABC47356A43BED806D873C0
28: 9659AB1A4D334B622629721F98EECE3A
29: 644C8BEE41F03BDE7652B03CAEA31E37
30: 5B3447AFAD934B4D1E4910A8DFD588E7
31: BFF403342E8D50D0447627AEA2F56B23
32: 19F468F0FB05184D00FABD40A18DB7B2
PMAC-khazad (16 byte key)
0: F40CEF2E392BEAEB
1: C6E086BD1CFA0992
2: 513F2851583AD69A
3: 07279D57695D78FF
4: 051E94FE4CC847B6
5: 5E9AAA5989D5C951
6: 310D5D740143369A
7: 9BB1EA8ECD4AF34B
8: CF886800AF0526C8
9: 0B03E2C94729E643
10: 42815B308A900EC7
11: 9A38A58C438D26DD
12: 044BFF68FD2BFF76
13: 7F5ABBDC29852729
14: F81A7D6F7B788A5D
15: 93098DA8A180AA35
16: BACE2F4DA8A89E32

65
ocb_decrypt_verify_memory.c
View File

@@ -1,65 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef OCB_MODE
int ocb_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
const unsigned char *tag, unsigned long taglen,
int *res)
{
int err;
ocb_state *ocb;
_ARGCHK(key != NULL);
_ARGCHK(nonce != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(res != NULL);
/* allocate memory */
ocb = XMALLOC(sizeof(ocb_state));
if (ocb == NULL) {
return CRYPT_MEM;
}
if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
goto __ERR;
}
while (ctlen > (unsigned long)ocb->block_len) {
if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) {
goto __ERR;
}
ctlen -= ocb->block_len;
pt += ocb->block_len;
ct += ocb->block_len;
}
err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, res);
__ERR:
#ifdef CLEAN_STACK
zeromem(ocb, sizeof(ocb_state));
#endif
XFREE(ocb);
return err;
}
#endif

29
ocb_done_encrypt.c
View File

@@ -1,29 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef OCB_MODE
int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen)
{
_ARGCHK(ocb != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(taglen != NULL);
return __ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0);
}
#endif

68
omac_done.c
View File

@@ -1,68 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OMAC1 Support by Tom St Denis (for 64 and 128 bit block ciphers only) */
#include "mycrypt.h"
#ifdef OMAC
int omac_done(omac_state *state, unsigned char *out, unsigned long *outlen)
{
int err, mode;
unsigned x;
_ARGCHK(state != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) {
return err;
}
if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) ||
(state->blklen > (int)sizeof(state->block)) || (state->buflen > state->blklen)) {
return CRYPT_INVALID_ARG;
}
/* figure out mode */
if (state->buflen != state->blklen) {
/* add the 0x80 byte */
state->block[state->buflen++] = 0x80;
/* pad with 0x00 */
while (state->buflen < state->blklen) {
state->block[state->buflen++] = 0x00;
}
mode = 1;
} else {
mode = 0;
}
/* now xor prev + Lu[mode] */
for (x = 0; x < (unsigned)state->blklen; x++) {
state->block[x] ^= state->prev[x] ^ state->Lu[mode][x];
}
/* encrypt it */
cipher_descriptor[state->cipher_idx].ecb_encrypt(state->block, state->block, &state->key);
/* output it */
for (x = 0; x < (unsigned)state->blklen && x < *outlen; x++) {
out[x] = state->block[x];
}
*outlen = x;
#ifdef CLEAN_STACK
zeromem(state, sizeof(*state));
#endif
return CRYPT_OK;
}
#endif

56
omac_memory.c
View File

@@ -1,56 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OMAC1 Support by Tom St Denis (for 64 and 128 bit block ciphers only) */
#include "mycrypt.h"
#ifdef OMAC
int omac_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *msg, unsigned long msglen,
unsigned char *out, unsigned long *outlen)
{
int err;
omac_state *omac;
_ARGCHK(key != NULL);
_ARGCHK(msg != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
/* allocate ram for omac state */
omac = XMALLOC(sizeof(omac_state));
if (omac == NULL) {
return CRYPT_MEM;
}
/* omac process the message */
if ((err = omac_init(omac, cipher, key, keylen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = omac_process(omac, msg, msglen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = omac_done(omac, out, outlen)) != CRYPT_OK) {
goto __ERR;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
zeromem(omac, sizeof(omac_state));
#endif
XFREE(omac);
return err;
}
#endif

53
omac_process.c
View File

@@ -1,53 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OMAC1 Support by Tom St Denis (for 64 and 128 bit block ciphers only) */
#include "mycrypt.h"
#ifdef OMAC
int omac_process(omac_state *state, const unsigned char *buf, unsigned long len)
{
int err, n, x;
_ARGCHK(state != NULL);
_ARGCHK(buf != NULL);
if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) {
return err;
}
if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) ||
(state->blklen > (int)sizeof(state->block)) || (state->buflen > state->blklen)) {
return CRYPT_INVALID_ARG;
}
while (len != 0) {
/* ok if the block is full we xor in prev, encrypt and replace prev */
if (state->buflen == state->blklen) {
for (x = 0; x < state->blklen; x++) {
state->block[x] ^= state->prev[x];
}
cipher_descriptor[state->cipher_idx].ecb_encrypt(state->block, state->prev, &state->key);
state->buflen = 0;
}
/* add bytes */
n = MIN(len, (unsigned long)(state->blklen - state->buflen));
XMEMCPY(state->block + state->buflen, buf, n);
state->buflen += n;
len -= n;
buf += n;
}
return CRYPT_OK;
}
#endif

22
parsenames.pl Normal file
View File

@@ -0,0 +1,22 @@
#!/usr/bin/perl
#
# Splits the list of files and outputs for makefile type files
# wrapped at 80 chars
#
# Tom St Denis
@a = split(" ", $ARGV[1]);
$b = "$ARGV[0]=";
$len = length($b);
print $b;
foreach my $obj (@a) {
$len = $len + length($obj);
$obj =~ s/\*/\$/;
if ($len > 100) {
printf "\\\n";
$len = length($obj);
}
print "$obj ";
}
if ($ARGV[0] eq "HEADERS") { print "testprof/tomcrypt_test.h"; }
print "\n\n";

56
pmac_memory.c
View File

@@ -1,56 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* PMAC implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef PMAC
int pmac_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *msg, unsigned long msglen,
unsigned char *out, unsigned long *outlen)
{
int err;
pmac_state *pmac;
_ARGCHK(key != NULL);
_ARGCHK(msg != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
/* allocate ram for pmac state */
pmac = XMALLOC(sizeof(pmac_state));
if (pmac == NULL) {
return CRYPT_MEM;
}
if ((err = pmac_init(pmac, cipher, key, keylen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = pmac_process(pmac, msg, msglen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = pmac_done(pmac, out, outlen)) != CRYPT_OK) {
goto __ERR;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
zeromem(pmac, sizeof(pmac_state));
#endif
XFREE(pmac);
return err;
}
#endif

62
pmac_process.c
View File

@@ -1,62 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* PMAC implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef PMAC
int pmac_process(pmac_state *state, const unsigned char *buf, unsigned long len)
{
int err, n, x;
unsigned char Z[MAXBLOCKSIZE];
_ARGCHK(state != NULL);
_ARGCHK(buf != NULL);
if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) {
return err;
}
if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) ||
(state->block_len > (int)sizeof(state->block)) || (state->buflen > state->block_len)) {
return CRYPT_INVALID_ARG;
}
while (len != 0) {
/* ok if the block is full we xor in prev, encrypt and replace prev */
if (state->buflen == state->block_len) {
pmac_shift_xor(state);
for (x = 0; x < state->block_len; x++) {
Z[x] = state->Li[x] ^ state->block[x];
}
cipher_descriptor[state->cipher_idx].ecb_encrypt(Z, Z, &state->key);
for (x = 0; x < state->block_len; x++) {
state->checksum[x] ^= Z[x];
}
state->buflen = 0;
}
/* add bytes */
n = MIN(len, (unsigned long)(state->block_len - state->buflen));
XMEMCPY(state->block + state->buflen, buf, n);
state->buflen += n;
len -= n;
buf += n;
}
#ifdef CLEAN_STACK
zeromem(Z, sizeof(Z));
#endif
return CRYPT_OK;
}
#endif

26
pmac_shift_xor.c
View File

@@ -1,26 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* PMAC implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef PMAC
void pmac_shift_xor(pmac_state *pmac)
{
int x, y;
y = pmac_ntz(pmac->block_index++);
for (x = 0; x < pmac->block_len; x++) {
pmac->Li[x] ^= pmac->Ls[y][x];
}
}
#endif

84
pretty.build
View File

@@ -1,84 +0,0 @@
#!/bin/perl -w
#
# Cute little builder for perl
# Total waste of development time...
#
# This will build all the object files and then the archive .a file
# requires GCC, GNU make and a sense of humour.
#
# Tom St Denis
use strict;
my $count = 0;
my $starttime = time;
my $rate = 0;
print "Scanning for source files...\n";
foreach my $filename (glob "*.c") {
if (!($filename =~ "aes_tab.c")) {
if (!($filename =~ "twofish_tab.c")) {
if (!($filename =~ "whirltab.c")) {
if (!($filename =~ "sha224.c")) {
if (!($filename =~ "sha384.c")) {
if (!($filename =~ "dh_sys.c")) {
if (!($filename =~ "ecc_sys.c")) {
if (!($filename =~ "sober128tab.c")) {
++$count;
}}}}}}}}
}
print "Source files to build: $count\nBuilding...\n";
my $i = 0;
my $lines = 0;
my $filesbuilt = 0;
foreach my $filename (glob "*.c") {
if (!($filename =~ "aes_tab.c")) {
if (!($filename =~ "twofish_tab.c")) {
if (!($filename =~ "whirltab.c")) {
if (!($filename =~ "sha224.c")) {
if (!($filename =~ "sha384.c")) {
if (!($filename =~ "dh_sys.c")) {
if (!($filename =~ "ecc_sys.c")) {
if (!($filename =~ "sober128tab.c")) {
printf("Building %3.2f%%, ", (++$i/$count)*100.0);
if ($i % 4 == 0) { print "/, "; }
if ($i % 4 == 1) { print "-, "; }
if ($i % 4 == 2) { print "\\, "; }
if ($i % 4 == 3) { print "|, "; }
if ($rate > 0) {
my $tleft = ($count - $i) / $rate;
my $tsec = $tleft%60;
my $tmin = ($tleft/60)%60;
my $thour = ($tleft/3600)%60;
printf("%2d:%02d:%02d left, ", $thour, $tmin, $tsec);
}
my $cnt = ($i/$count)*30.0;
my $x = 0;
print "[";
for (; $x < $cnt; $x++) { print "#"; }
for (; $x < 30; $x++) { print " "; }
print "]\r";
my $tmp = $filename;
$tmp =~ s/\.c/".o"/ge;
if (open(SRC, "<$tmp")) {
close SRC;
} else {
!system("make $tmp > /dev/null 2>/dev/null") or die "\nERROR: Failed to make $tmp!!!\n";
open( SRC, "<$filename" ) or die "Couldn't open $filename for reading: $!";
++$lines while (<SRC>);
close SRC or die "Error closing $filename after reading: $!";
++$filesbuilt;
}
# update timer
if (time != $starttime) {
my $delay = time - $starttime;
$rate = $i/$delay;
}
}}}}}}}}
}
# finish building the library
printf("\nFinished building source (%d seconds, %3.2f files per second).\n", time - $starttime, $rate);
print "Compiled approximately $filesbuilt files and $lines lines of code.\n";
print "Doing final make (building archive...)\n";
!system("make > /dev/null 2>/dev/null") or die "\nERROR: Failed to perform last make command!!!\n";
print "done.\n";

77
rsa_decrypt_key.c
View File

@@ -1,77 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* (PKCS #1 v2.0) decrypt then OAEP depad */
int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *outkey, unsigned long *keylen,
const unsigned char *lparam, unsigned long lparamlen,
prng_state *prng, int prng_idx,
int hash_idx, int *res,
rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
unsigned char *tmp;
_ARGCHK(outkey != NULL);
_ARGCHK(keylen != NULL);
_ARGCHK(key != NULL);
_ARGCHK(res != NULL);
/* default to invalid */
*res = 0;
/* valid hash/prng ? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits(&(key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size(&(key->N));
if (modulus_bytelen != inlen) {
return CRYPT_INVALID_PACKET;
}
/* allocate ram */
tmp = XMALLOC(inlen);
if (tmp == NULL) {
return CRYPT_MEM;
}
/* rsa decode the packet */
x = inlen;
if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, prng, prng_idx, key)) != CRYPT_OK) {
XFREE(tmp);
return err;
}
/* now OAEP decode the packet */
err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx,
outkey, keylen, res);
XFREE(tmp);
return err;
}
#endif /* MRSA */

56
rsa_export.c
View File

@@ -1,56 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* This will export either an RSAPublicKey or RSAPrivateKey [defined in PKCS #1 v2.1] */
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key)
{
int err;
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(key != NULL);
/* type valid? */
if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) {
return CRYPT_PK_INVALID_TYPE;
}
if (type == PK_PRIVATE) {
/* private key */
mp_int zero;
/* first INTEGER == 0 to signify two-prime RSA */
if ((err = mp_init(&zero)) != MP_OKAY) {
return mpi_to_ltc_error(err);
}
/* output is
Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p
*/
err = der_put_multi_integer(out, outlen, &zero, &key->N, &key->e,
&key->d, &key->p, &key->q, &key->dP,
&key->dQ, &key->qP, NULL);
/* clear zero and return */
mp_clear(&zero);
return err;
} else {
/* public key */
return der_put_multi_integer(out, outlen, &key->N, &key->e, NULL);
}
}
#endif /* MRSA */

59
rsa_sign_hash.c
View File

@@ -1,59 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* (PKCS #1, v2.0) PSS pad then sign */
int rsa_sign_hash(const unsigned char *msghash, unsigned long msghashlen,
unsigned char *sig, unsigned long *siglen,
prng_state *prng, int prng_idx,
int hash_idx, unsigned long saltlen,
rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
_ARGCHK(msghash != NULL);
_ARGCHK(sig != NULL);
_ARGCHK(siglen != NULL);
_ARGCHK(key != NULL);
/* valid prng and hash ? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits(&(key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size(&(key->N));
if (modulus_bytelen > *siglen) {
return CRYPT_BUFFER_OVERFLOW;
}
/* PSS pad the key */
x = *siglen;
if ((err = pkcs_1_pss_encode(msghash, msghashlen, saltlen, prng, prng_idx,
hash_idx, modulus_bitlen, sig, &x)) != CRYPT_OK) {
return err;
}
/* RSA encode it */
return rsa_exptmod(sig, x, sig, siglen, PK_PRIVATE, prng, prng_idx, key);
}
#endif /* MRSA */

66
rsa_v15_decrypt_key.c
View File

@@ -1,66 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* decrypt then PKCS #1 v1.5 depad */
int rsa_v15_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *outkey, unsigned long keylen,
prng_state *prng, int prng_idx,
int *res, rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
unsigned char *tmp;
_ARGCHK(outkey != NULL);
_ARGCHK(key != NULL);
_ARGCHK(res != NULL);
/* default to invalid */
*res = 0;
/* valid prng ? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits(&(key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size(&(key->N));
if (modulus_bytelen != inlen) {
return CRYPT_INVALID_PACKET;
}
/* allocate ram */
tmp = XMALLOC(inlen);
if (tmp == NULL) {
return CRYPT_MEM;
}
/* rsa decode the packet */
x = inlen;
if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, prng, prng_idx, key)) != CRYPT_OK) {
XFREE(tmp);
return err;
}
/* PKCS #1 v1.5 depad */
err = pkcs_1_v15_es_decode(tmp, x, modulus_bitlen, outkey, keylen, res);
XFREE(tmp);
return err;
}
#endif

54
rsa_v15_encrypt_key.c
View File

@@ -1,54 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* PKCS #1 v1.5 pad then encrypt */
int rsa_v15_encrypt_key(const unsigned char *inkey, unsigned long inlen,
unsigned char *outkey, unsigned long *outlen,
prng_state *prng, int prng_idx,
rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
_ARGCHK(inkey != NULL);
_ARGCHK(outkey != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(key != NULL);
/* valid prng? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits(&(key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size(&(key->N));
if (modulus_bytelen > *outlen) {
return CRYPT_BUFFER_OVERFLOW;
}
/* pad it */
x = *outlen;
if ((err = pkcs_1_v15_es_encode(inkey, inlen, modulus_bitlen, prng, prng_idx, outkey, &x)) != CRYPT_OK) {
return err;
}
/* encrypt it */
return rsa_exptmod(outkey, x, outkey, outlen, PK_PUBLIC, prng, prng_idx, key);
}
#endif

57
rsa_v15_sign_hash.c
View File

@@ -1,57 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* PKCS #1 v1.5 pad then sign */
int rsa_v15_sign_hash(const unsigned char *msghash, unsigned long msghashlen,
unsigned char *sig, unsigned long *siglen,
prng_state *prng, int prng_idx,
int hash_idx, rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
_ARGCHK(msghash != NULL);
_ARGCHK(sig != NULL);
_ARGCHK(siglen != NULL);
_ARGCHK(key != NULL);
/* valid prng and hash ? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits(&(key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size(&(key->N));
if (modulus_bytelen > *siglen) {
return CRYPT_BUFFER_OVERFLOW;
}
/* PKCS #1 v1.5 pad the key */
x = *siglen;
if ((err = pkcs_1_v15_sa_encode(msghash, msghashlen, hash_idx, modulus_bitlen, sig, &x)) != CRYPT_OK) {
return err;
}
/* RSA encode it */
return rsa_exptmod(sig, x, sig, siglen, PK_PRIVATE, prng, prng_idx, key);
}
#endif

80
sprng.c
View File

@@ -1,80 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* A secure PRNG using the RNG functions. Basically this is a
* wrapper that allows you to use a secure RNG as a PRNG
* in the various other functions.
*/
#include "mycrypt.h"
#ifdef SPRNG
const struct _prng_descriptor sprng_desc =
{
"sprng", 0,
&sprng_start,
&sprng_add_entropy,
&sprng_ready,
&sprng_read,
&sprng_done,
&sprng_export,
&sprng_import,
&sprng_test
};
int sprng_start(prng_state *prng)
{
return CRYPT_OK;
}
int sprng_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng)
{
return CRYPT_OK;
}
int sprng_ready(prng_state *prng)
{
return CRYPT_OK;
}
unsigned long sprng_read(unsigned char *buf, unsigned long len, prng_state *prng)
{
_ARGCHK(buf != NULL);
return rng_get_bytes(buf, len, NULL);
}
int sprng_done(prng_state *prng)
{
return CRYPT_OK;
}
int sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
{
_ARGCHK(outlen != NULL);
*outlen = 0;
return CRYPT_OK;
}
int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
{
return CRYPT_OK;
}
int sprng_test(void)
{
return CRYPT_OK;
}
#endif

126
aes.c → src/ciphers/aes/aes.c
View File

@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* AES implementation by Tom St Denis
@@ -25,8 +25,12 @@
* @author Paulo Barreto <paulo.barreto@terra.com.br>
---
*/
/**
@file aes.c
Implementation of AES
*/
#include "mycrypt.h"
#include "tomcrypt.h"
#ifdef RIJNDAEL
@@ -35,25 +39,28 @@
#define SETUP rijndael_setup
#define ECB_ENC rijndael_ecb_encrypt
#define ECB_DEC rijndael_ecb_decrypt
#define ECB_DONE rijndael_done
#define ECB_TEST rijndael_test
#define ECB_KS rijndael_keysize
#if 0
const struct _cipher_descriptor rijndael_desc =
const struct ltc_cipher_descriptor rijndael_desc =
{
"rijndael",
6,
16, 32, 16, 10,
SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_KS
SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif
const struct _cipher_descriptor aes_desc =
const struct ltc_cipher_descriptor aes_desc =
{
"aes",
6,
16, 32, 16, 10,
SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_KS
SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#else
@@ -61,21 +68,24 @@ const struct _cipher_descriptor aes_desc =
#define SETUP rijndael_enc_setup
#define ECB_ENC rijndael_enc_ecb_encrypt
#define ECB_KS rijndael_enc_keysize
#define ECB_DONE rijndael_enc_done
const struct _cipher_descriptor rijndael_enc_desc =
const struct ltc_cipher_descriptor rijndael_enc_desc =
{
"rijndael",
6,
16, 32, 16, 10,
SETUP, ECB_ENC, NULL, NULL, ECB_KS
SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
const struct _cipher_descriptor aes_enc_desc =
const struct ltc_cipher_descriptor aes_enc_desc =
{
"aes",
6,
16, 32, 16, 10,
SETUP, ECB_ENC, NULL, NULL, ECB_KS
SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif
@@ -91,7 +101,7 @@ static ulong32 setup_mix(ulong32 temp)
}
#ifndef ENCRYPT_ONLY
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
static ulong32 setup_mix2(ulong32 temp)
{
return Td0(255 & Te4[byte(temp, 3)]) ^
@@ -102,21 +112,29 @@ static ulong32 setup_mix2(ulong32 temp)
#endif
#endif
int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
/**
Initialize the AES (Rijndael) block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int i, j;
ulong32 temp, *rk;
#ifndef ENCRYPT_ONLY
ulong32 *rrk;
#endif
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (keylen != 16 && keylen != 24 && keylen != 32) {
return CRYPT_INVALID_KEYSIZE;
}
if (rounds != 0 && rounds != (10 + ((keylen/8)-2)*2)) {
if (num_rounds != 0 && num_rounds != (10 + ((keylen/8)-2)*2)) {
return CRYPT_INVALID_ROUNDS;
}
@@ -183,7 +201,7 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
break;
}
temp = rk[11];
rk[12] = rk[ 4] ^ setup_mix(ROR(temp, 8));
rk[12] = rk[ 4] ^ setup_mix(RORc(temp, 8));
rk[13] = rk[ 5] ^ rk[12];
rk[14] = rk[ 6] ^ rk[13];
rk[15] = rk[ 7] ^ rk[14];
@@ -191,7 +209,7 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
}
} else {
/* this can't happen */
j = 4;
return CRYPT_ERROR;
}
#ifndef ENCRYPT_ONLY
@@ -210,7 +228,7 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
for (i = 1; i < skey->rijndael.Nr; i++) {
rrk -= 4;
rk += 4;
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
temp = rrk[0];
rk[0] = setup_mix2(temp);
temp = rrk[1];
@@ -260,7 +278,13 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
return CRYPT_OK;
}
#ifdef CLEAN_STACK
/**
Encrypts a block of text with AES
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
@@ -269,9 +293,9 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
int Nr, r;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
Nr = skey->rijndael.Nr;
rk = skey->rijndael.eK;
@@ -286,7 +310,7 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
LOAD32H(s3, pt + 12); s3 ^= rk[3];
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
for (r = 0; ; r++) {
rk += 4;
@@ -420,7 +444,7 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
STORE32H(s3, ct+12);
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_rijndael_ecb_encrypt(pt, ct, skey);
@@ -430,7 +454,13 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#ifndef ENCRYPT_ONLY
#ifdef CLEAN_STACK
/**
Decrypts a block of text with AES
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
@@ -439,9 +469,9 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
int Nr, r;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
Nr = skey->rijndael.Nr;
rk = skey->rijndael.dK;
@@ -455,7 +485,7 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
LOAD32H(s2, ct + 8); s2 ^= rk[2];
LOAD32H(s3, ct + 12); s3 ^= rk[3];
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
for (r = 0; ; r++) {
rk += 4;
t0 =
@@ -590,7 +620,7 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_rijndael_ecb_decrypt(ct, pt, skey);
@@ -598,6 +628,10 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
}
#endif
/**
Performs a self-test of the AES block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int ECB_TEST(void)
{
#ifndef LTC_TEST
@@ -681,20 +715,34 @@ int ECB_TEST(void)
#endif /* ENCRYPT_ONLY */
int ECB_KS(int *desired_keysize)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 16)
/** Terminate the context
@param skey The scheduled key
*/
void ECB_DONE(symmetric_key *skey)
{
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int ECB_KS(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*keysize < 16)
return CRYPT_INVALID_KEYSIZE;
if (*desired_keysize < 24) {
*desired_keysize = 16;
if (*keysize < 24) {
*keysize = 16;
return CRYPT_OK;
} else if (*desired_keysize < 32) {
*desired_keysize = 24;
} else if (*keysize < 32) {
*keysize = 24;
return CRYPT_OK;
} else {
*desired_keysize = 32;
*keysize = 32;
return CRYPT_OK;
}
}

20
aes_tab.c → src/ciphers/aes/aes_tab.c
View File

@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* The precomputed tables for AES */
/*
@@ -23,6 +23,10 @@ Td3[x] = Si[x].[09, 0d, 0b, 0e];
Td4[x] = Si[x].[01, 01, 01, 01];
*/
/**
@file aes_tab.c
AES tables
*/
static const ulong32 TE0[256] = {
0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL,
0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL,
@@ -295,17 +299,17 @@ static const ulong32 Td4[256] = {
#endif /* ENCRYPT_ONLY */
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
#define Te0(x) TE0[x]
#define Te1(x) ROR(TE0[x], 8)
#define Te2(x) ROR(TE0[x], 16)
#define Te3(x) ROR(TE0[x], 24)
#define Te1(x) RORc(TE0[x], 8)
#define Te2(x) RORc(TE0[x], 16)
#define Te3(x) RORc(TE0[x], 24)
#define Td0(x) TD0[x]
#define Td1(x) ROR(TD0[x], 8)
#define Td2(x) ROR(TD0[x], 16)
#define Td3(x) ROR(TD0[x], 24)
#define Td1(x) RORc(TD0[x], 8)
#define Td2(x) RORc(TD0[x], 16)
#define Td3(x) RORc(TD0[x], 24)
#define Te4_0 0x000000FF & Te4
#define Te4_1 0x0000FF00 & Te4

1550
src/ciphers/anubis.c Normal file
View File

File diff suppressed because it is too large Load Diff

144
blowfish.c → src/ciphers/blowfish.c
View File

@@ -6,13 +6,17 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "mycrypt.h"
/**
@file blowfish.c
Implementation of the Blowfish block cipher, Tom St Denis
*/
#include "tomcrypt.h"
#ifdef BLOWFISH
const struct _cipher_descriptor blowfish_desc =
const struct ltc_cipher_descriptor blowfish_desc =
{
"blowfish",
0,
@@ -21,7 +25,9 @@ const struct _cipher_descriptor blowfish_desc =
&blowfish_ecb_encrypt,
&blowfish_ecb_decrypt,
&blowfish_test,
&blowfish_keysize
&blowfish_done,
&blowfish_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 ORIG_P[16 + 2] = {
@@ -291,14 +297,22 @@ static const ulong32 ORIG_S[4][256] = {
0xB74E6132UL, 0xCE77E25BUL, 0x578FDFE3UL, 0x3AC372E6UL }
};
/**
Initialize the Blowfish block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
symmetric_key *skey)
{
ulong32 x, y, z, A;
unsigned char B[8];
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
/* check key length */
if (keylen < 8 || keylen > 56) {
@@ -353,7 +367,7 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
}
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(B, sizeof(B));
#endif
@@ -363,13 +377,19 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
#ifndef __GNUC__
#define F(x) ((S1[byte(x,3)] + S2[byte(x,2)]) ^ S3[byte(x,1)]) + S4[byte(x,0)]
#else
#define F(x) ((key->blowfish.S[0][byte(x,3)] + key->blowfish.S[1][byte(x,2)]) ^ key->blowfish.S[2][byte(x,1)]) + key->blowfish.S[3][byte(x,0)]
#define F(x) ((skey->blowfish.S[0][byte(x,3)] + skey->blowfish.S[1][byte(x,2)]) ^ skey->blowfish.S[2][byte(x,1)]) + skey->blowfish.S[3][byte(x,0)]
#endif
#ifdef CLEAN_STACK
static void _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with Blowfish
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 L, R;
@@ -378,15 +398,15 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
ulong32 *S1, *S2, *S3, *S4;
#endif
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
#ifndef __GNUC__
S1 = key->blowfish.S[0];
S2 = key->blowfish.S[1];
S3 = key->blowfish.S[2];
S4 = key->blowfish.S[3];
S1 = skey->blowfish.S[0];
S2 = skey->blowfish.S[1];
S3 = skey->blowfish.S[2];
S4 = skey->blowfish.S[3];
#endif
/* load it */
@@ -395,33 +415,39 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
/* do 16 rounds */
for (r = 0; r < 16; ) {
L ^= key->blowfish.K[r++]; R ^= F(L);
R ^= key->blowfish.K[r++]; L ^= F(R);
L ^= key->blowfish.K[r++]; R ^= F(L);
R ^= key->blowfish.K[r++]; L ^= F(R);
L ^= skey->blowfish.K[r++]; R ^= F(L);
R ^= skey->blowfish.K[r++]; L ^= F(R);
L ^= skey->blowfish.K[r++]; R ^= F(L);
R ^= skey->blowfish.K[r++]; L ^= F(R);
}
/* last keying */
R ^= key->blowfish.K[17];
L ^= key->blowfish.K[16];
R ^= skey->blowfish.K[17];
L ^= skey->blowfish.K[16];
/* store */
STORE32H(R, &ct[0]);
STORE32H(L, &ct[4]);
}
#ifdef CLEAN_STACK
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_blowfish_ecb_encrypt(pt, ct, key);
_blowfish_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
}
#endif
#ifdef CLEAN_STACK
static void _blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with Blowfish
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 L, R;
@@ -430,15 +456,15 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
ulong32 *S1, *S2, *S3, *S4;
#endif
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
#ifndef __GNUC__
S1 = key->blowfish.S[0];
S2 = key->blowfish.S[1];
S3 = key->blowfish.S[2];
S4 = key->blowfish.S[3];
S1 = skey->blowfish.S[0];
S2 = skey->blowfish.S[1];
S3 = skey->blowfish.S[2];
S4 = skey->blowfish.S[3];
#endif
/* load it */
@@ -446,15 +472,15 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
LOAD32H(L, &ct[4]);
/* undo last keying */
R ^= key->blowfish.K[17];
L ^= key->blowfish.K[16];
R ^= skey->blowfish.K[17];
L ^= skey->blowfish.K[16];
/* do 16 rounds */
for (r = 15; r > 0; ) {
L ^= F(R); R ^= key->blowfish.K[r--];
R ^= F(L); L ^= key->blowfish.K[r--];
L ^= F(R); R ^= key->blowfish.K[r--];
R ^= F(L); L ^= key->blowfish.K[r--];
L ^= F(R); R ^= skey->blowfish.K[r--];
R ^= F(L); L ^= skey->blowfish.K[r--];
L ^= F(R); R ^= skey->blowfish.K[r--];
R ^= F(L); L ^= skey->blowfish.K[r--];
}
/* store */
@@ -462,15 +488,19 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
STORE32H(R, &pt[4]);
}
#ifdef CLEAN_STACK
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_blowfish_ecb_decrypt(ct, pt, key);
_blowfish_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
}
#endif
/**
Performs a self-test of the Blowfish block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int blowfish_test(void)
{
#ifndef LTC_TEST
@@ -525,14 +555,26 @@ int blowfish_test(void)
#endif
}
int blowfish_keysize(int *desired_keysize)
/** Terminate the context
@param skey The scheduled key
*/
void blowfish_done(symmetric_key *skey)
{
_ARGCHK(desired_keysize != NULL);
}
if (*desired_keysize < 8) {
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int blowfish_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 56) {
*desired_keysize = 56;
} else if (*keysize > 56) {
*keysize = 56;
}
return CRYPT_OK;
}

176
cast5.c → src/ciphers/cast5.c
View File

@@ -6,14 +6,18 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* Implementation of CAST5 (RFC 2144) by Tom St Denis */
#include "mycrypt.h"
/**
@file cast5.c
Implementation of CAST5 (RFC 2144) by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef CAST5
const struct _cipher_descriptor cast5_desc = {
const struct ltc_cipher_descriptor cast5_desc = {
"cast5",
15,
5, 16, 8, 16,
@@ -21,7 +25,9 @@ const struct _cipher_descriptor cast5_desc = {
&cast5_ecb_encrypt,
&cast5_ecb_decrypt,
&cast5_test,
&cast5_keysize
&cast5_done,
&cast5_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 S1[256] = {
@@ -391,7 +397,15 @@ static const ulong32 S8[256] = {
#define GB(x, i) (((x[(15-i)>>2])>>(unsigned)(8*((15-i)&3)))&255)
#endif
#ifdef CLEAN_STACK
/**
Initialize the CAST5 block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
static int _cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
#else
int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@@ -401,8 +415,8 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_
unsigned char buf[16];
int y, i;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (num_rounds != 12 && num_rounds != 16 && num_rounds != 0) {
return CRYPT_INVALID_ROUNDS;
@@ -466,7 +480,7 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_
skey->cast5.keylen = keylen;
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(buf, sizeof(buf));
zeromem(x, sizeof(x));
zeromem(z, sizeof(z));
@@ -475,7 +489,7 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_
return CRYPT_OK;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int z;
@@ -515,95 +529,111 @@ INLINE static ulong32 FIII(ulong32 R, ulong32 Km, ulong32 Kr)
return ((S1[byte(I, 3)] + S2[byte(I,2)]) ^ S3[byte(I,1)]) - S4[byte(I,0)];
}
#ifdef CLEAN_STACK
static void _cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with CAST5
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 R, L;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(L,&pt[0]);
LOAD32H(R,&pt[4]);
L ^= FI(R, key->cast5.K[0], key->cast5.K[16]);
R ^= FII(L, key->cast5.K[1], key->cast5.K[17]);
L ^= FIII(R, key->cast5.K[2], key->cast5.K[18]);
R ^= FI(L, key->cast5.K[3], key->cast5.K[19]);
L ^= FII(R, key->cast5.K[4], key->cast5.K[20]);
R ^= FIII(L, key->cast5.K[5], key->cast5.K[21]);
L ^= FI(R, key->cast5.K[6], key->cast5.K[22]);
R ^= FII(L, key->cast5.K[7], key->cast5.K[23]);
L ^= FIII(R, key->cast5.K[8], key->cast5.K[24]);
R ^= FI(L, key->cast5.K[9], key->cast5.K[25]);
L ^= FII(R, key->cast5.K[10], key->cast5.K[26]);
R ^= FIII(L, key->cast5.K[11], key->cast5.K[27]);
if (key->cast5.keylen > 10) {
L ^= FI(R, key->cast5.K[12], key->cast5.K[28]);
R ^= FII(L, key->cast5.K[13], key->cast5.K[29]);
L ^= FIII(R, key->cast5.K[14], key->cast5.K[30]);
R ^= FI(L, key->cast5.K[15], key->cast5.K[31]);
L ^= FI(R, skey->cast5.K[0], skey->cast5.K[16]);
R ^= FII(L, skey->cast5.K[1], skey->cast5.K[17]);
L ^= FIII(R, skey->cast5.K[2], skey->cast5.K[18]);
R ^= FI(L, skey->cast5.K[3], skey->cast5.K[19]);
L ^= FII(R, skey->cast5.K[4], skey->cast5.K[20]);
R ^= FIII(L, skey->cast5.K[5], skey->cast5.K[21]);
L ^= FI(R, skey->cast5.K[6], skey->cast5.K[22]);
R ^= FII(L, skey->cast5.K[7], skey->cast5.K[23]);
L ^= FIII(R, skey->cast5.K[8], skey->cast5.K[24]);
R ^= FI(L, skey->cast5.K[9], skey->cast5.K[25]);
L ^= FII(R, skey->cast5.K[10], skey->cast5.K[26]);
R ^= FIII(L, skey->cast5.K[11], skey->cast5.K[27]);
if (skey->cast5.keylen > 10) {
L ^= FI(R, skey->cast5.K[12], skey->cast5.K[28]);
R ^= FII(L, skey->cast5.K[13], skey->cast5.K[29]);
L ^= FIII(R, skey->cast5.K[14], skey->cast5.K[30]);
R ^= FI(L, skey->cast5.K[15], skey->cast5.K[31]);
}
STORE32H(R,&ct[0]);
STORE32H(L,&ct[4]);
}
#ifdef CLEAN_STACK
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_cast5_ecb_encrypt(pt,ct,key);
_cast5_ecb_encrypt(pt,ct,skey);
burn_stack(sizeof(ulong32)*3);
}
#endif
#ifdef CLEAN_STACK
static void _cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with CAST5
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 R, L;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(R,&ct[0]);
LOAD32H(L,&ct[4]);
if (key->cast5.keylen > 10) {
R ^= FI(L, key->cast5.K[15], key->cast5.K[31]);
L ^= FIII(R, key->cast5.K[14], key->cast5.K[30]);
R ^= FII(L, key->cast5.K[13], key->cast5.K[29]);
L ^= FI(R, key->cast5.K[12], key->cast5.K[28]);
if (skey->cast5.keylen > 10) {
R ^= FI(L, skey->cast5.K[15], skey->cast5.K[31]);
L ^= FIII(R, skey->cast5.K[14], skey->cast5.K[30]);
R ^= FII(L, skey->cast5.K[13], skey->cast5.K[29]);
L ^= FI(R, skey->cast5.K[12], skey->cast5.K[28]);
}
R ^= FIII(L, key->cast5.K[11], key->cast5.K[27]);
L ^= FII(R, key->cast5.K[10], key->cast5.K[26]);
R ^= FI(L, key->cast5.K[9], key->cast5.K[25]);
L ^= FIII(R, key->cast5.K[8], key->cast5.K[24]);
R ^= FII(L, key->cast5.K[7], key->cast5.K[23]);
L ^= FI(R, key->cast5.K[6], key->cast5.K[22]);
R ^= FIII(L, key->cast5.K[5], key->cast5.K[21]);
L ^= FII(R, key->cast5.K[4], key->cast5.K[20]);
R ^= FI(L, key->cast5.K[3], key->cast5.K[19]);
L ^= FIII(R, key->cast5.K[2], key->cast5.K[18]);
R ^= FII(L, key->cast5.K[1], key->cast5.K[17]);
L ^= FI(R, key->cast5.K[0], key->cast5.K[16]);
R ^= FIII(L, skey->cast5.K[11], skey->cast5.K[27]);
L ^= FII(R, skey->cast5.K[10], skey->cast5.K[26]);
R ^= FI(L, skey->cast5.K[9], skey->cast5.K[25]);
L ^= FIII(R, skey->cast5.K[8], skey->cast5.K[24]);
R ^= FII(L, skey->cast5.K[7], skey->cast5.K[23]);
L ^= FI(R, skey->cast5.K[6], skey->cast5.K[22]);
R ^= FIII(L, skey->cast5.K[5], skey->cast5.K[21]);
L ^= FII(R, skey->cast5.K[4], skey->cast5.K[20]);
R ^= FI(L, skey->cast5.K[3], skey->cast5.K[19]);
L ^= FIII(R, skey->cast5.K[2], skey->cast5.K[18]);
R ^= FII(L, skey->cast5.K[1], skey->cast5.K[17]);
L ^= FI(R, skey->cast5.K[0], skey->cast5.K[16]);
STORE32H(L,&pt[0]);
STORE32H(R,&pt[4]);
}
#ifdef CLEAN_STACK
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_cast5_ecb_decrypt(ct,pt,key);
_cast5_ecb_decrypt(ct,pt,skey);
burn_stack(sizeof(ulong32)*3);
}
#endif
/**
Performs a self-test of the CAST5 block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int cast5_test(void)
{
#ifndef LTC_TEST
@@ -655,13 +685,25 @@ int cast5_test(void)
#endif
}
int cast5_keysize(int *desired_keysize)
/** Terminate the context
@param skey The scheduled key
*/
void cast5_done(symmetric_key *skey)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 5) {
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int cast5_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*keysize < 5) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 16) {
*desired_keysize = 16;
} else if (*keysize > 16) {
*keysize = 16;
}
return CRYPT_OK;
}

203
des.c → src/ciphers/des.c
View File

@@ -6,10 +6,14 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* DES code submitted by Dobes Vandermeer */
#include "mycrypt.h"
#include "tomcrypt.h"
/**
@file des.c
DES code submitted by Dobes Vandermeer
*/
#ifdef DES
@@ -17,7 +21,7 @@
#define DE1 1
#if 0
const struct _cipher_descriptor des_desc =
const struct ltc_cipher_descriptor des_desc =
{
"des",
13,
@@ -26,11 +30,13 @@ const struct _cipher_descriptor des_desc =
&des_ecb_encrypt,
&des_ecb_decrypt,
&des_test,
&des_keysize
&des_done,
&des_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif
const struct _cipher_descriptor des3_desc =
const struct ltc_cipher_descriptor des3_desc =
{
"3des",
14,
@@ -39,7 +45,9 @@ const struct _cipher_descriptor des3_desc =
&des3_ecb_encrypt,
&des3_ecb_decrypt,
&des3_test,
&des3_keysize
&des3_done,
&des3_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 bytebit[8] =
@@ -241,7 +249,7 @@ static const ulong32 SP8[64] =
0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL
};
#ifndef SMALL_CODE
#ifndef LTC_SMALL_CODE
static const ulong64 des_ip[8][256] = {
@@ -1294,10 +1302,10 @@ static const ulong64 des_fp[8][256] = {
static void cookey(const ulong32 *raw1, ulong32 *keyout);
#ifdef CLEAN_STACK
void _deskey(const unsigned char *key, short edf, ulong32 *keyout)
#ifdef LTC_CLEAN_STACK
static void _deskey(const unsigned char *key, short edf, ulong32 *keyout)
#else
void deskey(const unsigned char *key, short edf, ulong32 *keyout)
static void deskey(const unsigned char *key, short edf, ulong32 *keyout)
#endif
{
ulong32 i, j, l, m, n, kn[32];
@@ -1346,15 +1354,15 @@ void deskey(const unsigned char *key, short edf, ulong32 *keyout)
cookey(kn, keyout);
}
#ifdef CLEAN_STACK
void deskey(const unsigned char *key, short edf, ulong32 *keyout)
#ifdef LTC_CLEAN_STACK
static void deskey(const unsigned char *key, short edf, ulong32 *keyout)
{
_deskey(key, edf, keyout);
burn_stack(sizeof(int)*5 + sizeof(ulong32)*32 + sizeof(unsigned char)*112);
}
#endif
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void _cookey(const ulong32 *raw1, ulong32 *keyout)
#else
static void cookey(const ulong32 *raw1, ulong32 *keyout)
@@ -1382,7 +1390,7 @@ static void cookey(const ulong32 *raw1, ulong32 *keyout)
XMEMCPY(keyout, dough, sizeof dough);
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void cookey(const ulong32 *raw1, ulong32 *keyout)
{
_cookey(raw1, keyout);
@@ -1390,7 +1398,7 @@ static void cookey(const ulong32 *raw1, ulong32 *keyout)
}
#endif
#ifndef CLEAN_STACK
#ifndef LTC_CLEAN_STACK
static void desfunc(ulong32 *block, const ulong32 *keys)
#else
static void _desfunc(ulong32 *block, const ulong32 *keys)
@@ -1402,7 +1410,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
leftt = block[0];
right = block[1];
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL;
right ^= work;
leftt ^= (work << 4);
@@ -1419,12 +1427,12 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
leftt ^= work;
right ^= (work << 8);
right = ROL(right, 1);
right = ROLc(right, 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = ROL(leftt, 1);
leftt = ROLc(leftt, 1);
#else
{
ulong64 tmp;
@@ -1442,7 +1450,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
#endif
for (cur_round = 0; cur_round < 8; cur_round++) {
work = ROR(right, 4) ^ *keys++;
work = RORc(right, 4) ^ *keys++;
leftt ^= SP7[work & 0x3fL]
^ SP5[(work >> 8) & 0x3fL]
^ SP3[(work >> 16) & 0x3fL]
@@ -1453,7 +1461,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
^ SP4[(work >> 16) & 0x3fL]
^ SP2[(work >> 24) & 0x3fL];
work = ROR(leftt, 4) ^ *keys++;
work = RORc(leftt, 4) ^ *keys++;
right ^= SP7[ work & 0x3fL]
^ SP5[(work >> 8) & 0x3fL]
^ SP3[(work >> 16) & 0x3fL]
@@ -1465,16 +1473,16 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
^ SP2[(work >> 24) & 0x3fL];
}
#ifdef SMALL_CODE
right = ROR(right, 1);
#ifdef LTC_SMALL_CODE
right = RORc(right, 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = ROR(leftt, 1);
leftt = RORc(leftt, 1);
work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
right ^= work;
leftt ^= (work << 8);
// --
/* -- */
work = ((leftt >> 2) ^ right) & 0x33333333L;
right ^= work;
leftt ^= (work << 2);
@@ -1504,7 +1512,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
block[1] = leftt;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void desfunc(ulong32 *block, const ulong32 *keys)
{
_desfunc(block, keys);
@@ -1513,10 +1521,18 @@ static void desfunc(ulong32 *block, const ulong32 *keys)
#endif
#if 0
/**
Initialize the DES block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (num_rounds != 0 && num_rounds != 16) {
return CRYPT_INVALID_ROUNDS;
@@ -1533,10 +1549,18 @@ int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
}
#endif
/**
Initialize the 3DES-EDE block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if(num_rounds != 0 && num_rounds != 16) {
return CRYPT_INVALID_ROUNDS;
@@ -1558,65 +1582,93 @@ int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
}
#if 0
void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with DES
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
ulong32 work[2];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(work[0], pt+0);
LOAD32H(work[1], pt+4);
desfunc(work, key->des.ek);
desfunc(work, skey->des.ek);
STORE32H(work[0],ct+0);
STORE32H(work[1],ct+4);
}
void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with DES
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
ulong32 work[2];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(work[0], ct+0);
LOAD32H(work[1], ct+4);
desfunc(work, key->des.dk);
desfunc(work, skey->des.dk);
STORE32H(work[0],pt+0);
STORE32H(work[1],pt+4);
}
#endif
void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with 3DES-EDE
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
ulong32 work[2];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(work[0], pt+0);
LOAD32H(work[1], pt+4);
desfunc(work, key->des3.ek[0]);
desfunc(work, key->des3.ek[1]);
desfunc(work, key->des3.ek[2]);
desfunc(work, skey->des3.ek[0]);
desfunc(work, skey->des3.ek[1]);
desfunc(work, skey->des3.ek[2]);
STORE32H(work[0],ct+0);
STORE32H(work[1],ct+4);
}
void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with 3DES-EDE
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
ulong32 work[2];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(work[0], ct+0);
LOAD32H(work[1], ct+4);
desfunc(work, key->des3.dk[0]);
desfunc(work, key->des3.dk[1]);
desfunc(work, key->des3.dk[2]);
desfunc(work, skey->des3.dk[0]);
desfunc(work, skey->des3.dk[1]);
desfunc(work, skey->des3.dk[2]);
STORE32H(work[0],pt+0);
STORE32H(work[1],pt+4);
}
#if 0
/**
Performs a self-test of the DES block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int des_test(void)
{
#ifndef LTC_TEST
@@ -1624,7 +1676,7 @@ int des_test(void)
#else
int err;
static const struct des_test_case {
int num, mode; // mode 1 = encrypt
int num, mode; /* mode 1 = encrypt */
unsigned char key[8], txt[8], out[8];
} cases[] = {
{ 1, 1, { 0x10, 0x31, 0x6E, 0x02, 0x8C, 0x8F, 0x3B, 0x4A },
@@ -1798,24 +1850,49 @@ int des3_test(void)
}
#if 0
int des_keysize(int *desired_keysize)
/** Terminate the context
@param skey The scheduled key
*/
void des_done(symmetric_key *skey)
{
_ARGCHK(desired_keysize != NULL);
if(*desired_keysize < 8) {
}
/** Terminate the context
@param skey The scheduled key
*/
void des3_done(symmetric_key *skey)
{
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int des_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if(*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
}
*desired_keysize = 8;
*keysize = 8;
return CRYPT_OK;
}
#endif
int des3_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int des3_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
if(*desired_keysize < 24) {
LTC_ARGCHK(keysize != NULL);
if(*keysize < 24) {
return CRYPT_INVALID_KEYSIZE;
}
*desired_keysize = 24;
*keysize = 24;
return CRYPT_OK;
}

847
src/ciphers/khazad.c Normal file
View File

@@ -0,0 +1,847 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file khazad.c
Khazad implementation derived from public domain source
Authors: Paulo S.L.M. Barreto and Vincent Rijmen.
*/
#ifdef KHAZAD
const struct ltc_cipher_descriptor khazad_desc = {
"khazad",
18,
16, 16, 8, 8,
&khazad_setup,
&khazad_ecb_encrypt,
&khazad_ecb_decrypt,
&khazad_test,
&khazad_done,
&khazad_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#define R 8
#define KEYSIZE 128
#define KEYSIZEB (KEYSIZE/8)
#define BLOCKSIZE 64
#define BLOCKSIZEB (BLOCKSIZE/8)
static const ulong64 T0[256] = {
CONST64(0xbad3d268bbb96a01), CONST64(0x54fc4d19e59a66b1), CONST64(0x2f71bc93e26514cd), CONST64(0x749ccdb925871b51),
CONST64(0x53f55102f7a257a4), CONST64(0xd3686bb8d0d6be03), CONST64(0xd26b6fbdd6deb504), CONST64(0x4dd72964b35285fe),
CONST64(0x50f05d0dfdba4aad), CONST64(0xace98a26cf09e063), CONST64(0x8d8a0e83091c9684), CONST64(0xbfdcc679a5914d1a),
CONST64(0x7090ddad3da7374d), CONST64(0x52f65507f1aa5ca3), CONST64(0x9ab352c87ba417e1), CONST64(0x4cd42d61b55a8ef9),
CONST64(0xea238f65460320ac), CONST64(0xd56273a6c4e68411), CONST64(0x97a466f155cc68c2), CONST64(0xd16e63b2dcc6a80d),
CONST64(0x3355ccffaa85d099), CONST64(0x51f35908fbb241aa), CONST64(0x5bed712ac7e20f9c), CONST64(0xa6f7a204f359ae55),
CONST64(0xde7f5f81febec120), CONST64(0x48d83d75ad7aa2e5), CONST64(0xa8e59a32d729cc7f), CONST64(0x99b65ec771bc0ae8),
CONST64(0xdb704b90e096e63b), CONST64(0x3256c8faac8ddb9e), CONST64(0xb7c4e65195d11522), CONST64(0xfc19d72b32b3aace),
CONST64(0xe338ab48704b7393), CONST64(0x9ebf42dc63843bfd), CONST64(0x91ae7eef41fc52d0), CONST64(0x9bb056cd7dac1ce6),
CONST64(0xe23baf4d76437894), CONST64(0xbbd0d66dbdb16106), CONST64(0x41c319589b32f1da), CONST64(0x6eb2a5cb7957e517),
CONST64(0xa5f2ae0bf941b35c), CONST64(0xcb400bc08016564b), CONST64(0x6bbdb1da677fc20c), CONST64(0x95a26efb59dc7ecc),
CONST64(0xa1febe1fe1619f40), CONST64(0xf308eb1810cbc3e3), CONST64(0xb1cefe4f81e12f30), CONST64(0x0206080a0c10160e),
CONST64(0xcc4917db922e675e), CONST64(0xc45137f3a26e3f66), CONST64(0x1d2774694ee8cf53), CONST64(0x143c504478a09c6c),
CONST64(0xc3582be8b0560e73), CONST64(0x63a591f2573f9a34), CONST64(0xda734f95e69eed3c), CONST64(0x5de76934d3d2358e),
CONST64(0x5fe1613edfc22380), CONST64(0xdc79578bf2aed72e), CONST64(0x7d87e99413cf486e), CONST64(0xcd4a13de94266c59),
CONST64(0x7f81e19e1fdf5e60), CONST64(0x5aee752fc1ea049b), CONST64(0x6cb4adc17547f319), CONST64(0x5ce46d31d5da3e89),
CONST64(0xf704fb0c08ebefff), CONST64(0x266a98bed42d47f2), CONST64(0xff1cdb2438abb7c7), CONST64(0xed2a937e543b11b9),
CONST64(0xe825876f4a1336a2), CONST64(0x9dba4ed3699c26f4), CONST64(0x6fb1a1ce7f5fee10), CONST64(0x8e8f028c03048b8d),
CONST64(0x192b647d56c8e34f), CONST64(0xa0fdba1ae7699447), CONST64(0xf00de7171ad3deea), CONST64(0x89861e97113cba98),
CONST64(0x0f113c332278692d), CONST64(0x07091c1b12383115), CONST64(0xafec8629c511fd6a), CONST64(0xfb10cb30208b9bdb),
CONST64(0x0818202830405838), CONST64(0x153f54417ea8976b), CONST64(0x0d1734392e687f23), CONST64(0x040c101418202c1c),
CONST64(0x0103040506080b07), CONST64(0x64ac8de94507ab21), CONST64(0xdf7c5b84f8b6ca27), CONST64(0x769ac5b329970d5f),
CONST64(0x798bf9800bef6472), CONST64(0xdd7a538ef4a6dc29), CONST64(0x3d47f4c98ef5b2b3), CONST64(0x163a584e74b08a62),
CONST64(0x3f41fcc382e5a4bd), CONST64(0x3759dcebb2a5fc85), CONST64(0x6db7a9c4734ff81e), CONST64(0x3848e0d890dd95a8),
CONST64(0xb9d6de67b1a17708), CONST64(0x7395d1a237bf2a44), CONST64(0xe926836a4c1b3da5), CONST64(0x355fd4e1beb5ea8b),
CONST64(0x55ff491ce3926db6), CONST64(0x7193d9a83baf3c4a), CONST64(0x7b8df18a07ff727c), CONST64(0x8c890a860f149d83),
CONST64(0x7296d5a731b72143), CONST64(0x88851a921734b19f), CONST64(0xf607ff090ee3e4f8), CONST64(0x2a7ea882fc4d33d6),
CONST64(0x3e42f8c684edafba), CONST64(0x5ee2653bd9ca2887), CONST64(0x27699cbbd2254cf5), CONST64(0x46ca0543890ac0cf),
CONST64(0x0c14303c28607424), CONST64(0x65af89ec430fa026), CONST64(0x68b8bdd56d67df05), CONST64(0x61a399f85b2f8c3a),
CONST64(0x03050c0f0a181d09), CONST64(0xc15e23e2bc46187d), CONST64(0x57f94116ef827bb8), CONST64(0xd6677fa9cefe9918),
CONST64(0xd976439aec86f035), CONST64(0x58e87d25cdfa1295), CONST64(0xd875479fea8efb32), CONST64(0x66aa85e34917bd2f),
CONST64(0xd7647bacc8f6921f), CONST64(0x3a4ee8d29ccd83a6), CONST64(0xc84507cf8a0e4b42), CONST64(0x3c44f0cc88fdb9b4),
CONST64(0xfa13cf35268390dc), CONST64(0x96a762f453c463c5), CONST64(0xa7f4a601f551a552), CONST64(0x98b55ac277b401ef),
CONST64(0xec29977b52331abe), CONST64(0xb8d5da62b7a97c0f), CONST64(0xc7543bfca876226f), CONST64(0xaeef822cc319f66d),
CONST64(0x69bbb9d06b6fd402), CONST64(0x4bdd317aa762bfec), CONST64(0xabe0963ddd31d176), CONST64(0xa9e69e37d121c778),
CONST64(0x67a981e64f1fb628), CONST64(0x0a1e28223c504e36), CONST64(0x47c901468f02cbc8), CONST64(0xf20bef1d16c3c8e4),
CONST64(0xb5c2ee5b99c1032c), CONST64(0x226688aacc0d6bee), CONST64(0xe532b356647b4981), CONST64(0xee2f9f715e230cb0),
CONST64(0xbedfc27ca399461d), CONST64(0x2b7dac87fa4538d1), CONST64(0x819e3ebf217ce2a0), CONST64(0x1236485a6c90a67e),
CONST64(0x839836b52d6cf4ae), CONST64(0x1b2d6c775ad8f541), CONST64(0x0e1238362470622a), CONST64(0x23658cafca0560e9),
CONST64(0xf502f30604fbf9f1), CONST64(0x45cf094c8312ddc6), CONST64(0x216384a5c61576e7), CONST64(0xce4f1fd19e3e7150),
CONST64(0x49db3970ab72a9e2), CONST64(0x2c74b09ce87d09c4), CONST64(0xf916c33a2c9b8dd5), CONST64(0xe637bf596e635488),
CONST64(0xb6c7e25493d91e25), CONST64(0x2878a088f05d25d8), CONST64(0x17395c4b72b88165), CONST64(0x829b32b02b64ffa9),
CONST64(0x1a2e68725cd0fe46), CONST64(0x8b80169d1d2cac96), CONST64(0xfe1fdf213ea3bcc0), CONST64(0x8a8312981b24a791),
CONST64(0x091b242d3648533f), CONST64(0xc94603ca8c064045), CONST64(0x879426a1354cd8b2), CONST64(0x4ed2256bb94a98f7),
CONST64(0xe13ea3427c5b659d), CONST64(0x2e72b896e46d1fca), CONST64(0xe431b75362734286), CONST64(0xe03da7477a536e9a),
CONST64(0xeb208b60400b2bab), CONST64(0x90ad7aea47f459d7), CONST64(0xa4f1aa0eff49b85b), CONST64(0x1e22786644f0d25a),
CONST64(0x85922eab395ccebc), CONST64(0x60a09dfd5d27873d), CONST64(0x0000000000000000), CONST64(0x256f94b1de355afb),
CONST64(0xf401f70302f3f2f6), CONST64(0xf10ee3121cdbd5ed), CONST64(0x94a16afe5fd475cb), CONST64(0x0b1d2c273a584531),
CONST64(0xe734bb5c686b5f8f), CONST64(0x759fc9bc238f1056), CONST64(0xef2c9b74582b07b7), CONST64(0x345cd0e4b8bde18c),
CONST64(0x3153c4f5a695c697), CONST64(0xd46177a3c2ee8f16), CONST64(0xd06d67b7dacea30a), CONST64(0x869722a43344d3b5),
CONST64(0x7e82e59b19d75567), CONST64(0xadea8e23c901eb64), CONST64(0xfd1ad32e34bba1c9), CONST64(0x297ba48df6552edf),
CONST64(0x3050c0f0a09dcd90), CONST64(0x3b4decd79ac588a1), CONST64(0x9fbc46d9658c30fa), CONST64(0xf815c73f2a9386d2),
CONST64(0xc6573ff9ae7e2968), CONST64(0x13354c5f6a98ad79), CONST64(0x060a181e14303a12), CONST64(0x050f14111e28271b),
CONST64(0xc55233f6a4663461), CONST64(0x113344556688bb77), CONST64(0x7799c1b62f9f0658), CONST64(0x7c84ed9115c74369),
CONST64(0x7a8ef58f01f7797b), CONST64(0x7888fd850de76f75), CONST64(0x365ad8eeb4adf782), CONST64(0x1c24706c48e0c454),
CONST64(0x394be4dd96d59eaf), CONST64(0x59eb7920cbf21992), CONST64(0x1828607850c0e848), CONST64(0x56fa4513e98a70bf),
CONST64(0xb3c8f6458df1393e), CONST64(0xb0cdfa4a87e92437), CONST64(0x246c90b4d83d51fc), CONST64(0x206080a0c01d7de0),
CONST64(0xb2cbf2408bf93239), CONST64(0x92ab72e04be44fd9), CONST64(0xa3f8b615ed71894e), CONST64(0xc05d27e7ba4e137a),
CONST64(0x44cc0d49851ad6c1), CONST64(0x62a695f751379133), CONST64(0x103040506080b070), CONST64(0xb4c1ea5e9fc9082b),
CONST64(0x84912aae3f54c5bb), CONST64(0x43c511529722e7d4), CONST64(0x93a876e54dec44de), CONST64(0xc25b2fedb65e0574),
CONST64(0x4ade357fa16ab4eb), CONST64(0xbddace73a9815b14), CONST64(0x8f8c0689050c808a), CONST64(0x2d77b499ee7502c3),
CONST64(0xbcd9ca76af895013), CONST64(0x9cb94ad66f942df3), CONST64(0x6abeb5df6177c90b), CONST64(0x40c01d5d9d3afadd),
CONST64(0xcf4c1bd498367a57), CONST64(0xa2fbb210eb798249), CONST64(0x809d3aba2774e9a7), CONST64(0x4fd1216ebf4293f0),
CONST64(0x1f217c6342f8d95d), CONST64(0xca430fc5861e5d4c), CONST64(0xaae39238db39da71), CONST64(0x42c61557912aecd3),
};
static const ulong64 T1[256] = {
CONST64(0xd3ba68d2b9bb016a), CONST64(0xfc54194d9ae5b166), CONST64(0x712f93bc65e2cd14), CONST64(0x9c74b9cd8725511b),
CONST64(0xf5530251a2f7a457), CONST64(0x68d3b86bd6d003be), CONST64(0x6bd2bd6fded604b5), CONST64(0xd74d642952b3fe85),
CONST64(0xf0500d5dbafdad4a), CONST64(0xe9ac268a09cf63e0), CONST64(0x8a8d830e1c098496), CONST64(0xdcbf79c691a51a4d),
CONST64(0x9070addda73d4d37), CONST64(0xf6520755aaf1a35c), CONST64(0xb39ac852a47be117), CONST64(0xd44c612d5ab5f98e),
CONST64(0x23ea658f0346ac20), CONST64(0x62d5a673e6c41184), CONST64(0xa497f166cc55c268), CONST64(0x6ed1b263c6dc0da8),
CONST64(0x5533ffcc85aa99d0), CONST64(0xf3510859b2fbaa41), CONST64(0xed5b2a71e2c79c0f), CONST64(0xf7a604a259f355ae),
CONST64(0x7fde815fbefe20c1), CONST64(0xd848753d7aade5a2), CONST64(0xe5a8329a29d77fcc), CONST64(0xb699c75ebc71e80a),
CONST64(0x70db904b96e03be6), CONST64(0x5632fac88dac9edb), CONST64(0xc4b751e6d1952215), CONST64(0x19fc2bd7b332ceaa),
CONST64(0x38e348ab4b709373), CONST64(0xbf9edc428463fd3b), CONST64(0xae91ef7efc41d052), CONST64(0xb09bcd56ac7de61c),
CONST64(0x3be24daf43769478), CONST64(0xd0bb6dd6b1bd0661), CONST64(0xc3415819329bdaf1), CONST64(0xb26ecba5577917e5),
CONST64(0xf2a50bae41f95cb3), CONST64(0x40cbc00b16804b56), CONST64(0xbd6bdab17f670cc2), CONST64(0xa295fb6edc59cc7e),
CONST64(0xfea11fbe61e1409f), CONST64(0x08f318ebcb10e3c3), CONST64(0xceb14ffee181302f), CONST64(0x06020a08100c0e16),
CONST64(0x49ccdb172e925e67), CONST64(0x51c4f3376ea2663f), CONST64(0x271d6974e84e53cf), CONST64(0x3c144450a0786c9c),
CONST64(0x58c3e82b56b0730e), CONST64(0xa563f2913f57349a), CONST64(0x73da954f9ee63ced), CONST64(0xe75d3469d2d38e35),
CONST64(0xe15f3e61c2df8023), CONST64(0x79dc8b57aef22ed7), CONST64(0x877d94e9cf136e48), CONST64(0x4acdde132694596c),
CONST64(0x817f9ee1df1f605e), CONST64(0xee5a2f75eac19b04), CONST64(0xb46cc1ad477519f3), CONST64(0xe45c316ddad5893e),
CONST64(0x04f70cfbeb08ffef), CONST64(0x6a26be982dd4f247), CONST64(0x1cff24dbab38c7b7), CONST64(0x2aed7e933b54b911),
CONST64(0x25e86f87134aa236), CONST64(0xba9dd34e9c69f426), CONST64(0xb16fcea15f7f10ee), CONST64(0x8f8e8c0204038d8b),
CONST64(0x2b197d64c8564fe3), CONST64(0xfda01aba69e74794), CONST64(0x0df017e7d31aeade), CONST64(0x8689971e3c1198ba),
CONST64(0x110f333c78222d69), CONST64(0x09071b1c38121531), CONST64(0xecaf298611c56afd), CONST64(0x10fb30cb8b20db9b),
CONST64(0x1808282040303858), CONST64(0x3f154154a87e6b97), CONST64(0x170d3934682e237f), CONST64(0x0c04141020181c2c),
CONST64(0x030105040806070b), CONST64(0xac64e98d074521ab), CONST64(0x7cdf845bb6f827ca), CONST64(0x9a76b3c597295f0d),
CONST64(0x8b7980f9ef0b7264), CONST64(0x7add8e53a6f429dc), CONST64(0x473dc9f4f58eb3b2), CONST64(0x3a164e58b074628a),
CONST64(0x413fc3fce582bda4), CONST64(0x5937ebdca5b285fc), CONST64(0xb76dc4a94f731ef8), CONST64(0x4838d8e0dd90a895),
CONST64(0xd6b967dea1b10877), CONST64(0x9573a2d1bf37442a), CONST64(0x26e96a831b4ca53d), CONST64(0x5f35e1d4b5be8bea),
CONST64(0xff551c4992e3b66d), CONST64(0x9371a8d9af3b4a3c), CONST64(0x8d7b8af1ff077c72), CONST64(0x898c860a140f839d),
CONST64(0x9672a7d5b7314321), CONST64(0x8588921a34179fb1), CONST64(0x07f609ffe30ef8e4), CONST64(0x7e2a82a84dfcd633),
CONST64(0x423ec6f8ed84baaf), CONST64(0xe25e3b65cad98728), CONST64(0x6927bb9c25d2f54c), CONST64(0xca4643050a89cfc0),
CONST64(0x140c3c3060282474), CONST64(0xaf65ec890f4326a0), CONST64(0xb868d5bd676d05df), CONST64(0xa361f8992f5b3a8c),
CONST64(0x05030f0c180a091d), CONST64(0x5ec1e22346bc7d18), CONST64(0xf957164182efb87b), CONST64(0x67d6a97ffece1899),
CONST64(0x76d99a4386ec35f0), CONST64(0xe858257dfacd9512), CONST64(0x75d89f478eea32fb), CONST64(0xaa66e38517492fbd),
CONST64(0x64d7ac7bf6c81f92), CONST64(0x4e3ad2e8cd9ca683), CONST64(0x45c8cf070e8a424b), CONST64(0x443cccf0fd88b4b9),
CONST64(0x13fa35cf8326dc90), CONST64(0xa796f462c453c563), CONST64(0xf4a701a651f552a5), CONST64(0xb598c25ab477ef01),
CONST64(0x29ec7b973352be1a), CONST64(0xd5b862daa9b70f7c), CONST64(0x54c7fc3b76a86f22), CONST64(0xefae2c8219c36df6),
CONST64(0xbb69d0b96f6b02d4), CONST64(0xdd4b7a3162a7ecbf), CONST64(0xe0ab3d9631dd76d1), CONST64(0xe6a9379e21d178c7),
CONST64(0xa967e6811f4f28b6), CONST64(0x1e0a2228503c364e), CONST64(0xc9474601028fc8cb), CONST64(0x0bf21defc316e4c8),
CONST64(0xc2b55beec1992c03), CONST64(0x6622aa880dccee6b), CONST64(0x32e556b37b648149), CONST64(0x2fee719f235eb00c),
CONST64(0xdfbe7cc299a31d46), CONST64(0x7d2b87ac45fad138), CONST64(0x9e81bf3e7c21a0e2), CONST64(0x36125a48906c7ea6),
CONST64(0x9883b5366c2daef4), CONST64(0x2d1b776cd85a41f5), CONST64(0x120e363870242a62), CONST64(0x6523af8c05cae960),
CONST64(0x02f506f3fb04f1f9), CONST64(0xcf454c091283c6dd), CONST64(0x6321a58415c6e776), CONST64(0x4fced11f3e9e5071),
CONST64(0xdb49703972abe2a9), CONST64(0x742c9cb07de8c409), CONST64(0x16f93ac39b2cd58d), CONST64(0x37e659bf636e8854),
CONST64(0xc7b654e2d993251e), CONST64(0x782888a05df0d825), CONST64(0x39174b5cb8726581), CONST64(0x9b82b032642ba9ff),
CONST64(0x2e1a7268d05c46fe), CONST64(0x808b9d162c1d96ac), CONST64(0x1ffe21dfa33ec0bc), CONST64(0x838a9812241b91a7),
CONST64(0x1b092d2448363f53), CONST64(0x46c9ca03068c4540), CONST64(0x9487a1264c35b2d8), CONST64(0xd24e6b254ab9f798),
CONST64(0x3ee142a35b7c9d65), CONST64(0x722e96b86de4ca1f), CONST64(0x31e453b773628642), CONST64(0x3de047a7537a9a6e),
CONST64(0x20eb608b0b40ab2b), CONST64(0xad90ea7af447d759), CONST64(0xf1a40eaa49ff5bb8), CONST64(0x221e6678f0445ad2),
CONST64(0x9285ab2e5c39bcce), CONST64(0xa060fd9d275d3d87), CONST64(0x0000000000000000), CONST64(0x6f25b19435defb5a),
CONST64(0x01f403f7f302f6f2), CONST64(0x0ef112e3db1cedd5), CONST64(0xa194fe6ad45fcb75), CONST64(0x1d0b272c583a3145),
CONST64(0x34e75cbb6b688f5f), CONST64(0x9f75bcc98f235610), CONST64(0x2cef749b2b58b707), CONST64(0x5c34e4d0bdb88ce1),
CONST64(0x5331f5c495a697c6), CONST64(0x61d4a377eec2168f), CONST64(0x6dd0b767ceda0aa3), CONST64(0x9786a4224433b5d3),
CONST64(0x827e9be5d7196755), CONST64(0xeaad238e01c964eb), CONST64(0x1afd2ed3bb34c9a1), CONST64(0x7b298da455f6df2e),
CONST64(0x5030f0c09da090cd), CONST64(0x4d3bd7ecc59aa188), CONST64(0xbc9fd9468c65fa30), CONST64(0x15f83fc7932ad286),
CONST64(0x57c6f93f7eae6829), CONST64(0x35135f4c986a79ad), CONST64(0x0a061e183014123a), CONST64(0x0f051114281e1b27),
CONST64(0x52c5f63366a46134), CONST64(0x33115544886677bb), CONST64(0x9977b6c19f2f5806), CONST64(0x847c91edc7156943),
CONST64(0x8e7a8ff5f7017b79), CONST64(0x887885fde70d756f), CONST64(0x5a36eed8adb482f7), CONST64(0x241c6c70e04854c4),
CONST64(0x4b39dde4d596af9e), CONST64(0xeb592079f2cb9219), CONST64(0x28187860c05048e8), CONST64(0xfa5613458ae9bf70),
CONST64(0xc8b345f6f18d3e39), CONST64(0xcdb04afae9873724), CONST64(0x6c24b4903dd8fc51), CONST64(0x6020a0801dc0e07d),
CONST64(0xcbb240f2f98b3932), CONST64(0xab92e072e44bd94f), CONST64(0xf8a315b671ed4e89), CONST64(0x5dc0e7274eba7a13),
CONST64(0xcc44490d1a85c1d6), CONST64(0xa662f79537513391), CONST64(0x30105040806070b0), CONST64(0xc1b45eeac99f2b08),
CONST64(0x9184ae2a543fbbc5), CONST64(0xc54352112297d4e7), CONST64(0xa893e576ec4dde44), CONST64(0x5bc2ed2f5eb67405),
CONST64(0xde4a7f356aa1ebb4), CONST64(0xdabd73ce81a9145b), CONST64(0x8c8f89060c058a80), CONST64(0x772d99b475eec302),
CONST64(0xd9bc76ca89af1350), CONST64(0xb99cd64a946ff32d), CONST64(0xbe6adfb577610bc9), CONST64(0xc0405d1d3a9dddfa),
CONST64(0x4ccfd41b3698577a), CONST64(0xfba210b279eb4982), CONST64(0x9d80ba3a7427a7e9), CONST64(0xd14f6e2142bff093),
CONST64(0x211f637cf8425dd9), CONST64(0x43cac50f1e864c5d), CONST64(0xe3aa389239db71da), CONST64(0xc64257152a91d3ec),
};
static const ulong64 T2[256] = {
CONST64(0xd268bad36a01bbb9), CONST64(0x4d1954fc66b1e59a), CONST64(0xbc932f7114cde265), CONST64(0xcdb9749c1b512587),
CONST64(0x510253f557a4f7a2), CONST64(0x6bb8d368be03d0d6), CONST64(0x6fbdd26bb504d6de), CONST64(0x29644dd785feb352),
CONST64(0x5d0d50f04aadfdba), CONST64(0x8a26ace9e063cf09), CONST64(0x0e838d8a9684091c), CONST64(0xc679bfdc4d1aa591),
CONST64(0xddad7090374d3da7), CONST64(0x550752f65ca3f1aa), CONST64(0x52c89ab317e17ba4), CONST64(0x2d614cd48ef9b55a),
CONST64(0x8f65ea2320ac4603), CONST64(0x73a6d5628411c4e6), CONST64(0x66f197a468c255cc), CONST64(0x63b2d16ea80ddcc6),
CONST64(0xccff3355d099aa85), CONST64(0x590851f341aafbb2), CONST64(0x712a5bed0f9cc7e2), CONST64(0xa204a6f7ae55f359),
CONST64(0x5f81de7fc120febe), CONST64(0x3d7548d8a2e5ad7a), CONST64(0x9a32a8e5cc7fd729), CONST64(0x5ec799b60ae871bc),
CONST64(0x4b90db70e63be096), CONST64(0xc8fa3256db9eac8d), CONST64(0xe651b7c4152295d1), CONST64(0xd72bfc19aace32b3),
CONST64(0xab48e3387393704b), CONST64(0x42dc9ebf3bfd6384), CONST64(0x7eef91ae52d041fc), CONST64(0x56cd9bb01ce67dac),
CONST64(0xaf4de23b78947643), CONST64(0xd66dbbd06106bdb1), CONST64(0x195841c3f1da9b32), CONST64(0xa5cb6eb2e5177957),
CONST64(0xae0ba5f2b35cf941), CONST64(0x0bc0cb40564b8016), CONST64(0xb1da6bbdc20c677f), CONST64(0x6efb95a27ecc59dc),
CONST64(0xbe1fa1fe9f40e161), CONST64(0xeb18f308c3e310cb), CONST64(0xfe4fb1ce2f3081e1), CONST64(0x080a0206160e0c10),
CONST64(0x17dbcc49675e922e), CONST64(0x37f3c4513f66a26e), CONST64(0x74691d27cf534ee8), CONST64(0x5044143c9c6c78a0),
CONST64(0x2be8c3580e73b056), CONST64(0x91f263a59a34573f), CONST64(0x4f95da73ed3ce69e), CONST64(0x69345de7358ed3d2),
CONST64(0x613e5fe12380dfc2), CONST64(0x578bdc79d72ef2ae), CONST64(0xe9947d87486e13cf), CONST64(0x13decd4a6c599426),
CONST64(0xe19e7f815e601fdf), CONST64(0x752f5aee049bc1ea), CONST64(0xadc16cb4f3197547), CONST64(0x6d315ce43e89d5da),
CONST64(0xfb0cf704efff08eb), CONST64(0x98be266a47f2d42d), CONST64(0xdb24ff1cb7c738ab), CONST64(0x937eed2a11b9543b),
CONST64(0x876fe82536a24a13), CONST64(0x4ed39dba26f4699c), CONST64(0xa1ce6fb1ee107f5f), CONST64(0x028c8e8f8b8d0304),
CONST64(0x647d192be34f56c8), CONST64(0xba1aa0fd9447e769), CONST64(0xe717f00ddeea1ad3), CONST64(0x1e978986ba98113c),
CONST64(0x3c330f11692d2278), CONST64(0x1c1b070931151238), CONST64(0x8629afecfd6ac511), CONST64(0xcb30fb109bdb208b),
CONST64(0x2028081858383040), CONST64(0x5441153f976b7ea8), CONST64(0x34390d177f232e68), CONST64(0x1014040c2c1c1820),
CONST64(0x040501030b070608), CONST64(0x8de964acab214507), CONST64(0x5b84df7cca27f8b6), CONST64(0xc5b3769a0d5f2997),
CONST64(0xf980798b64720bef), CONST64(0x538edd7adc29f4a6), CONST64(0xf4c93d47b2b38ef5), CONST64(0x584e163a8a6274b0),
CONST64(0xfcc33f41a4bd82e5), CONST64(0xdceb3759fc85b2a5), CONST64(0xa9c46db7f81e734f), CONST64(0xe0d8384895a890dd),
CONST64(0xde67b9d67708b1a1), CONST64(0xd1a273952a4437bf), CONST64(0x836ae9263da54c1b), CONST64(0xd4e1355fea8bbeb5),
CONST64(0x491c55ff6db6e392), CONST64(0xd9a871933c4a3baf), CONST64(0xf18a7b8d727c07ff), CONST64(0x0a868c899d830f14),
CONST64(0xd5a77296214331b7), CONST64(0x1a928885b19f1734), CONST64(0xff09f607e4f80ee3), CONST64(0xa8822a7e33d6fc4d),
CONST64(0xf8c63e42afba84ed), CONST64(0x653b5ee22887d9ca), CONST64(0x9cbb27694cf5d225), CONST64(0x054346cac0cf890a),
CONST64(0x303c0c1474242860), CONST64(0x89ec65afa026430f), CONST64(0xbdd568b8df056d67), CONST64(0x99f861a38c3a5b2f),
CONST64(0x0c0f03051d090a18), CONST64(0x23e2c15e187dbc46), CONST64(0x411657f97bb8ef82), CONST64(0x7fa9d6679918cefe),
CONST64(0x439ad976f035ec86), CONST64(0x7d2558e81295cdfa), CONST64(0x479fd875fb32ea8e), CONST64(0x85e366aabd2f4917),
CONST64(0x7bacd764921fc8f6), CONST64(0xe8d23a4e83a69ccd), CONST64(0x07cfc8454b428a0e), CONST64(0xf0cc3c44b9b488fd),
CONST64(0xcf35fa1390dc2683), CONST64(0x62f496a763c553c4), CONST64(0xa601a7f4a552f551), CONST64(0x5ac298b501ef77b4),
CONST64(0x977bec291abe5233), CONST64(0xda62b8d57c0fb7a9), CONST64(0x3bfcc754226fa876), CONST64(0x822caeeff66dc319),
CONST64(0xb9d069bbd4026b6f), CONST64(0x317a4bddbfeca762), CONST64(0x963dabe0d176dd31), CONST64(0x9e37a9e6c778d121),
CONST64(0x81e667a9b6284f1f), CONST64(0x28220a1e4e363c50), CONST64(0x014647c9cbc88f02), CONST64(0xef1df20bc8e416c3),
CONST64(0xee5bb5c2032c99c1), CONST64(0x88aa22666beecc0d), CONST64(0xb356e5324981647b), CONST64(0x9f71ee2f0cb05e23),
CONST64(0xc27cbedf461da399), CONST64(0xac872b7d38d1fa45), CONST64(0x3ebf819ee2a0217c), CONST64(0x485a1236a67e6c90),
CONST64(0x36b58398f4ae2d6c), CONST64(0x6c771b2df5415ad8), CONST64(0x38360e12622a2470), CONST64(0x8caf236560e9ca05),
CONST64(0xf306f502f9f104fb), CONST64(0x094c45cfddc68312), CONST64(0x84a5216376e7c615), CONST64(0x1fd1ce4f71509e3e),
CONST64(0x397049dba9e2ab72), CONST64(0xb09c2c7409c4e87d), CONST64(0xc33af9168dd52c9b), CONST64(0xbf59e63754886e63),
CONST64(0xe254b6c71e2593d9), CONST64(0xa088287825d8f05d), CONST64(0x5c4b1739816572b8), CONST64(0x32b0829bffa92b64),
CONST64(0x68721a2efe465cd0), CONST64(0x169d8b80ac961d2c), CONST64(0xdf21fe1fbcc03ea3), CONST64(0x12988a83a7911b24),
CONST64(0x242d091b533f3648), CONST64(0x03cac94640458c06), CONST64(0x26a18794d8b2354c), CONST64(0x256b4ed298f7b94a),
CONST64(0xa342e13e659d7c5b), CONST64(0xb8962e721fcae46d), CONST64(0xb753e43142866273), CONST64(0xa747e03d6e9a7a53),
CONST64(0x8b60eb202bab400b), CONST64(0x7aea90ad59d747f4), CONST64(0xaa0ea4f1b85bff49), CONST64(0x78661e22d25a44f0),
CONST64(0x2eab8592cebc395c), CONST64(0x9dfd60a0873d5d27), CONST64(0x0000000000000000), CONST64(0x94b1256f5afbde35),
CONST64(0xf703f401f2f602f3), CONST64(0xe312f10ed5ed1cdb), CONST64(0x6afe94a175cb5fd4), CONST64(0x2c270b1d45313a58),
CONST64(0xbb5ce7345f8f686b), CONST64(0xc9bc759f1056238f), CONST64(0x9b74ef2c07b7582b), CONST64(0xd0e4345ce18cb8bd),
CONST64(0xc4f53153c697a695), CONST64(0x77a3d4618f16c2ee), CONST64(0x67b7d06da30adace), CONST64(0x22a48697d3b53344),
CONST64(0xe59b7e82556719d7), CONST64(0x8e23adeaeb64c901), CONST64(0xd32efd1aa1c934bb), CONST64(0xa48d297b2edff655),
CONST64(0xc0f03050cd90a09d), CONST64(0xecd73b4d88a19ac5), CONST64(0x46d99fbc30fa658c), CONST64(0xc73ff81586d22a93),
CONST64(0x3ff9c6572968ae7e), CONST64(0x4c5f1335ad796a98), CONST64(0x181e060a3a121430), CONST64(0x1411050f271b1e28),
CONST64(0x33f6c5523461a466), CONST64(0x44551133bb776688), CONST64(0xc1b6779906582f9f), CONST64(0xed917c84436915c7),
CONST64(0xf58f7a8e797b01f7), CONST64(0xfd8578886f750de7), CONST64(0xd8ee365af782b4ad), CONST64(0x706c1c24c45448e0),
CONST64(0xe4dd394b9eaf96d5), CONST64(0x792059eb1992cbf2), CONST64(0x60781828e84850c0), CONST64(0x451356fa70bfe98a),
CONST64(0xf645b3c8393e8df1), CONST64(0xfa4ab0cd243787e9), CONST64(0x90b4246c51fcd83d), CONST64(0x80a020607de0c01d),
CONST64(0xf240b2cb32398bf9), CONST64(0x72e092ab4fd94be4), CONST64(0xb615a3f8894eed71), CONST64(0x27e7c05d137aba4e),
CONST64(0x0d4944ccd6c1851a), CONST64(0x95f762a691335137), CONST64(0x40501030b0706080), CONST64(0xea5eb4c1082b9fc9),
CONST64(0x2aae8491c5bb3f54), CONST64(0x115243c5e7d49722), CONST64(0x76e593a844de4dec), CONST64(0x2fedc25b0574b65e),
CONST64(0x357f4adeb4eba16a), CONST64(0xce73bdda5b14a981), CONST64(0x06898f8c808a050c), CONST64(0xb4992d7702c3ee75),
CONST64(0xca76bcd95013af89), CONST64(0x4ad69cb92df36f94), CONST64(0xb5df6abec90b6177), CONST64(0x1d5d40c0fadd9d3a),
CONST64(0x1bd4cf4c7a579836), CONST64(0xb210a2fb8249eb79), CONST64(0x3aba809de9a72774), CONST64(0x216e4fd193f0bf42),
CONST64(0x7c631f21d95d42f8), CONST64(0x0fc5ca435d4c861e), CONST64(0x9238aae3da71db39), CONST64(0x155742c6ecd3912a),
};
static const ulong64 T3[256] = {
CONST64(0x68d2d3ba016ab9bb), CONST64(0x194dfc54b1669ae5), CONST64(0x93bc712fcd1465e2), CONST64(0xb9cd9c74511b8725),
CONST64(0x0251f553a457a2f7), CONST64(0xb86b68d303bed6d0), CONST64(0xbd6f6bd204b5ded6), CONST64(0x6429d74dfe8552b3),
CONST64(0x0d5df050ad4abafd), CONST64(0x268ae9ac63e009cf), CONST64(0x830e8a8d84961c09), CONST64(0x79c6dcbf1a4d91a5),
CONST64(0xaddd90704d37a73d), CONST64(0x0755f652a35caaf1), CONST64(0xc852b39ae117a47b), CONST64(0x612dd44cf98e5ab5),
CONST64(0x658f23eaac200346), CONST64(0xa67362d51184e6c4), CONST64(0xf166a497c268cc55), CONST64(0xb2636ed10da8c6dc),
CONST64(0xffcc553399d085aa), CONST64(0x0859f351aa41b2fb), CONST64(0x2a71ed5b9c0fe2c7), CONST64(0x04a2f7a655ae59f3),
CONST64(0x815f7fde20c1befe), CONST64(0x753dd848e5a27aad), CONST64(0x329ae5a87fcc29d7), CONST64(0xc75eb699e80abc71),
CONST64(0x904b70db3be696e0), CONST64(0xfac856329edb8dac), CONST64(0x51e6c4b72215d195), CONST64(0x2bd719fcceaab332),
CONST64(0x48ab38e393734b70), CONST64(0xdc42bf9efd3b8463), CONST64(0xef7eae91d052fc41), CONST64(0xcd56b09be61cac7d),
CONST64(0x4daf3be294784376), CONST64(0x6dd6d0bb0661b1bd), CONST64(0x5819c341daf1329b), CONST64(0xcba5b26e17e55779),
CONST64(0x0baef2a55cb341f9), CONST64(0xc00b40cb4b561680), CONST64(0xdab1bd6b0cc27f67), CONST64(0xfb6ea295cc7edc59),
CONST64(0x1fbefea1409f61e1), CONST64(0x18eb08f3e3c3cb10), CONST64(0x4ffeceb1302fe181), CONST64(0x0a0806020e16100c),
CONST64(0xdb1749cc5e672e92), CONST64(0xf33751c4663f6ea2), CONST64(0x6974271d53cfe84e), CONST64(0x44503c146c9ca078),
CONST64(0xe82b58c3730e56b0), CONST64(0xf291a563349a3f57), CONST64(0x954f73da3ced9ee6), CONST64(0x3469e75d8e35d2d3),
CONST64(0x3e61e15f8023c2df), CONST64(0x8b5779dc2ed7aef2), CONST64(0x94e9877d6e48cf13), CONST64(0xde134acd596c2694),
CONST64(0x9ee1817f605edf1f), CONST64(0x2f75ee5a9b04eac1), CONST64(0xc1adb46c19f34775), CONST64(0x316de45c893edad5),
CONST64(0x0cfb04f7ffefeb08), CONST64(0xbe986a26f2472dd4), CONST64(0x24db1cffc7b7ab38), CONST64(0x7e932aedb9113b54),
CONST64(0x6f8725e8a236134a), CONST64(0xd34eba9df4269c69), CONST64(0xcea1b16f10ee5f7f), CONST64(0x8c028f8e8d8b0403),
CONST64(0x7d642b194fe3c856), CONST64(0x1abafda0479469e7), CONST64(0x17e70df0eaded31a), CONST64(0x971e868998ba3c11),
CONST64(0x333c110f2d697822), CONST64(0x1b1c090715313812), CONST64(0x2986ecaf6afd11c5), CONST64(0x30cb10fbdb9b8b20),
CONST64(0x2820180838584030), CONST64(0x41543f156b97a87e), CONST64(0x3934170d237f682e), CONST64(0x14100c041c2c2018),
CONST64(0x05040301070b0806), CONST64(0xe98dac6421ab0745), CONST64(0x845b7cdf27cab6f8), CONST64(0xb3c59a765f0d9729),
CONST64(0x80f98b797264ef0b), CONST64(0x8e537add29dca6f4), CONST64(0xc9f4473db3b2f58e), CONST64(0x4e583a16628ab074),
CONST64(0xc3fc413fbda4e582), CONST64(0xebdc593785fca5b2), CONST64(0xc4a9b76d1ef84f73), CONST64(0xd8e04838a895dd90),
CONST64(0x67ded6b90877a1b1), CONST64(0xa2d19573442abf37), CONST64(0x6a8326e9a53d1b4c), CONST64(0xe1d45f358beab5be),
CONST64(0x1c49ff55b66d92e3), CONST64(0xa8d993714a3caf3b), CONST64(0x8af18d7b7c72ff07), CONST64(0x860a898c839d140f),
CONST64(0xa7d596724321b731), CONST64(0x921a85889fb13417), CONST64(0x09ff07f6f8e4e30e), CONST64(0x82a87e2ad6334dfc),
CONST64(0xc6f8423ebaafed84), CONST64(0x3b65e25e8728cad9), CONST64(0xbb9c6927f54c25d2), CONST64(0x4305ca46cfc00a89),
CONST64(0x3c30140c24746028), CONST64(0xec89af6526a00f43), CONST64(0xd5bdb86805df676d), CONST64(0xf899a3613a8c2f5b),
CONST64(0x0f0c0503091d180a), CONST64(0xe2235ec17d1846bc), CONST64(0x1641f957b87b82ef), CONST64(0xa97f67d61899fece),
CONST64(0x9a4376d935f086ec), CONST64(0x257de8589512facd), CONST64(0x9f4775d832fb8eea), CONST64(0xe385aa662fbd1749),
CONST64(0xac7b64d71f92f6c8), CONST64(0xd2e84e3aa683cd9c), CONST64(0xcf0745c8424b0e8a), CONST64(0xccf0443cb4b9fd88),
CONST64(0x35cf13fadc908326), CONST64(0xf462a796c563c453), CONST64(0x01a6f4a752a551f5), CONST64(0xc25ab598ef01b477),
CONST64(0x7b9729ecbe1a3352), CONST64(0x62dad5b80f7ca9b7), CONST64(0xfc3b54c76f2276a8), CONST64(0x2c82efae6df619c3),
CONST64(0xd0b9bb6902d46f6b), CONST64(0x7a31dd4becbf62a7), CONST64(0x3d96e0ab76d131dd), CONST64(0x379ee6a978c721d1),
CONST64(0xe681a96728b61f4f), CONST64(0x22281e0a364e503c), CONST64(0x4601c947c8cb028f), CONST64(0x1def0bf2e4c8c316),
CONST64(0x5beec2b52c03c199), CONST64(0xaa886622ee6b0dcc), CONST64(0x56b332e581497b64), CONST64(0x719f2feeb00c235e),
CONST64(0x7cc2dfbe1d4699a3), CONST64(0x87ac7d2bd13845fa), CONST64(0xbf3e9e81a0e27c21), CONST64(0x5a4836127ea6906c),
CONST64(0xb5369883aef46c2d), CONST64(0x776c2d1b41f5d85a), CONST64(0x3638120e2a627024), CONST64(0xaf8c6523e96005ca),
CONST64(0x06f302f5f1f9fb04), CONST64(0x4c09cf45c6dd1283), CONST64(0xa5846321e77615c6), CONST64(0xd11f4fce50713e9e),
CONST64(0x7039db49e2a972ab), CONST64(0x9cb0742cc4097de8), CONST64(0x3ac316f9d58d9b2c), CONST64(0x59bf37e68854636e),
CONST64(0x54e2c7b6251ed993), CONST64(0x88a07828d8255df0), CONST64(0x4b5c39176581b872), CONST64(0xb0329b82a9ff642b),
CONST64(0x72682e1a46fed05c), CONST64(0x9d16808b96ac2c1d), CONST64(0x21df1ffec0bca33e), CONST64(0x9812838a91a7241b),
CONST64(0x2d241b093f534836), CONST64(0xca0346c94540068c), CONST64(0xa1269487b2d84c35), CONST64(0x6b25d24ef7984ab9),
CONST64(0x42a33ee19d655b7c), CONST64(0x96b8722eca1f6de4), CONST64(0x53b731e486427362), CONST64(0x47a73de09a6e537a),
CONST64(0x608b20ebab2b0b40), CONST64(0xea7aad90d759f447), CONST64(0x0eaaf1a45bb849ff), CONST64(0x6678221e5ad2f044),
CONST64(0xab2e9285bcce5c39), CONST64(0xfd9da0603d87275d), CONST64(0x0000000000000000), CONST64(0xb1946f25fb5a35de),
CONST64(0x03f701f4f6f2f302), CONST64(0x12e30ef1edd5db1c), CONST64(0xfe6aa194cb75d45f), CONST64(0x272c1d0b3145583a),
CONST64(0x5cbb34e78f5f6b68), CONST64(0xbcc99f7556108f23), CONST64(0x749b2cefb7072b58), CONST64(0xe4d05c348ce1bdb8),
CONST64(0xf5c4533197c695a6), CONST64(0xa37761d4168feec2), CONST64(0xb7676dd00aa3ceda), CONST64(0xa4229786b5d34433),
CONST64(0x9be5827e6755d719), CONST64(0x238eeaad64eb01c9), CONST64(0x2ed31afdc9a1bb34), CONST64(0x8da47b29df2e55f6),
CONST64(0xf0c0503090cd9da0), CONST64(0xd7ec4d3ba188c59a), CONST64(0xd946bc9ffa308c65), CONST64(0x3fc715f8d286932a),
CONST64(0xf93f57c668297eae), CONST64(0x5f4c351379ad986a), CONST64(0x1e180a06123a3014), CONST64(0x11140f051b27281e),
CONST64(0xf63352c5613466a4), CONST64(0x5544331177bb8866), CONST64(0xb6c1997758069f2f), CONST64(0x91ed847c6943c715),
CONST64(0x8ff58e7a7b79f701), CONST64(0x85fd8878756fe70d), CONST64(0xeed85a3682f7adb4), CONST64(0x6c70241c54c4e048),
CONST64(0xdde44b39af9ed596), CONST64(0x2079eb599219f2cb), CONST64(0x7860281848e8c050), CONST64(0x1345fa56bf708ae9),
CONST64(0x45f6c8b33e39f18d), CONST64(0x4afacdb03724e987), CONST64(0xb4906c24fc513dd8), CONST64(0xa0806020e07d1dc0),
CONST64(0x40f2cbb23932f98b), CONST64(0xe072ab92d94fe44b), CONST64(0x15b6f8a34e8971ed), CONST64(0xe7275dc07a134eba),
CONST64(0x490dcc44c1d61a85), CONST64(0xf795a66233913751), CONST64(0x5040301070b08060), CONST64(0x5eeac1b42b08c99f),
CONST64(0xae2a9184bbc5543f), CONST64(0x5211c543d4e72297), CONST64(0xe576a893de44ec4d), CONST64(0xed2f5bc274055eb6),
CONST64(0x7f35de4aebb46aa1), CONST64(0x73cedabd145b81a9), CONST64(0x89068c8f8a800c05), CONST64(0x99b4772dc30275ee),
CONST64(0x76cad9bc135089af), CONST64(0xd64ab99cf32d946f), CONST64(0xdfb5be6a0bc97761), CONST64(0x5d1dc040ddfa3a9d),
CONST64(0xd41b4ccf577a3698), CONST64(0x10b2fba2498279eb), CONST64(0xba3a9d80a7e97427), CONST64(0x6e21d14ff09342bf),
CONST64(0x637c211f5dd9f842), CONST64(0xc50f43ca4c5d1e86), CONST64(0x3892e3aa71da39db), CONST64(0x5715c642d3ec2a91),
};
static const ulong64 T4[256] = {
CONST64(0xbbb96a01bad3d268), CONST64(0xe59a66b154fc4d19), CONST64(0xe26514cd2f71bc93), CONST64(0x25871b51749ccdb9),
CONST64(0xf7a257a453f55102), CONST64(0xd0d6be03d3686bb8), CONST64(0xd6deb504d26b6fbd), CONST64(0xb35285fe4dd72964),
CONST64(0xfdba4aad50f05d0d), CONST64(0xcf09e063ace98a26), CONST64(0x091c96848d8a0e83), CONST64(0xa5914d1abfdcc679),
CONST64(0x3da7374d7090ddad), CONST64(0xf1aa5ca352f65507), CONST64(0x7ba417e19ab352c8), CONST64(0xb55a8ef94cd42d61),
CONST64(0x460320acea238f65), CONST64(0xc4e68411d56273a6), CONST64(0x55cc68c297a466f1), CONST64(0xdcc6a80dd16e63b2),
CONST64(0xaa85d0993355ccff), CONST64(0xfbb241aa51f35908), CONST64(0xc7e20f9c5bed712a), CONST64(0xf359ae55a6f7a204),
CONST64(0xfebec120de7f5f81), CONST64(0xad7aa2e548d83d75), CONST64(0xd729cc7fa8e59a32), CONST64(0x71bc0ae899b65ec7),
CONST64(0xe096e63bdb704b90), CONST64(0xac8ddb9e3256c8fa), CONST64(0x95d11522b7c4e651), CONST64(0x32b3aacefc19d72b),
CONST64(0x704b7393e338ab48), CONST64(0x63843bfd9ebf42dc), CONST64(0x41fc52d091ae7eef), CONST64(0x7dac1ce69bb056cd),
CONST64(0x76437894e23baf4d), CONST64(0xbdb16106bbd0d66d), CONST64(0x9b32f1da41c31958), CONST64(0x7957e5176eb2a5cb),
CONST64(0xf941b35ca5f2ae0b), CONST64(0x8016564bcb400bc0), CONST64(0x677fc20c6bbdb1da), CONST64(0x59dc7ecc95a26efb),
CONST64(0xe1619f40a1febe1f), CONST64(0x10cbc3e3f308eb18), CONST64(0x81e12f30b1cefe4f), CONST64(0x0c10160e0206080a),
CONST64(0x922e675ecc4917db), CONST64(0xa26e3f66c45137f3), CONST64(0x4ee8cf531d277469), CONST64(0x78a09c6c143c5044),
CONST64(0xb0560e73c3582be8), CONST64(0x573f9a3463a591f2), CONST64(0xe69eed3cda734f95), CONST64(0xd3d2358e5de76934),
CONST64(0xdfc223805fe1613e), CONST64(0xf2aed72edc79578b), CONST64(0x13cf486e7d87e994), CONST64(0x94266c59cd4a13de),
CONST64(0x1fdf5e607f81e19e), CONST64(0xc1ea049b5aee752f), CONST64(0x7547f3196cb4adc1), CONST64(0xd5da3e895ce46d31),
CONST64(0x08ebeffff704fb0c), CONST64(0xd42d47f2266a98be), CONST64(0x38abb7c7ff1cdb24), CONST64(0x543b11b9ed2a937e),
CONST64(0x4a1336a2e825876f), CONST64(0x699c26f49dba4ed3), CONST64(0x7f5fee106fb1a1ce), CONST64(0x03048b8d8e8f028c),
CONST64(0x56c8e34f192b647d), CONST64(0xe7699447a0fdba1a), CONST64(0x1ad3deeaf00de717), CONST64(0x113cba9889861e97),
CONST64(0x2278692d0f113c33), CONST64(0x1238311507091c1b), CONST64(0xc511fd6aafec8629), CONST64(0x208b9bdbfb10cb30),
CONST64(0x3040583808182028), CONST64(0x7ea8976b153f5441), CONST64(0x2e687f230d173439), CONST64(0x18202c1c040c1014),
CONST64(0x06080b0701030405), CONST64(0x4507ab2164ac8de9), CONST64(0xf8b6ca27df7c5b84), CONST64(0x29970d5f769ac5b3),
CONST64(0x0bef6472798bf980), CONST64(0xf4a6dc29dd7a538e), CONST64(0x8ef5b2b33d47f4c9), CONST64(0x74b08a62163a584e),
CONST64(0x82e5a4bd3f41fcc3), CONST64(0xb2a5fc853759dceb), CONST64(0x734ff81e6db7a9c4), CONST64(0x90dd95a83848e0d8),
CONST64(0xb1a17708b9d6de67), CONST64(0x37bf2a447395d1a2), CONST64(0x4c1b3da5e926836a), CONST64(0xbeb5ea8b355fd4e1),
CONST64(0xe3926db655ff491c), CONST64(0x3baf3c4a7193d9a8), CONST64(0x07ff727c7b8df18a), CONST64(0x0f149d838c890a86),
CONST64(0x31b721437296d5a7), CONST64(0x1734b19f88851a92), CONST64(0x0ee3e4f8f607ff09), CONST64(0xfc4d33d62a7ea882),
CONST64(0x84edafba3e42f8c6), CONST64(0xd9ca28875ee2653b), CONST64(0xd2254cf527699cbb), CONST64(0x890ac0cf46ca0543),
CONST64(0x286074240c14303c), CONST64(0x430fa02665af89ec), CONST64(0x6d67df0568b8bdd5), CONST64(0x5b2f8c3a61a399f8),
CONST64(0x0a181d0903050c0f), CONST64(0xbc46187dc15e23e2), CONST64(0xef827bb857f94116), CONST64(0xcefe9918d6677fa9),
CONST64(0xec86f035d976439a), CONST64(0xcdfa129558e87d25), CONST64(0xea8efb32d875479f), CONST64(0x4917bd2f66aa85e3),
CONST64(0xc8f6921fd7647bac), CONST64(0x9ccd83a63a4ee8d2), CONST64(0x8a0e4b42c84507cf), CONST64(0x88fdb9b43c44f0cc),
CONST64(0x268390dcfa13cf35), CONST64(0x53c463c596a762f4), CONST64(0xf551a552a7f4a601), CONST64(0x77b401ef98b55ac2),
CONST64(0x52331abeec29977b), CONST64(0xb7a97c0fb8d5da62), CONST64(0xa876226fc7543bfc), CONST64(0xc319f66daeef822c),
CONST64(0x6b6fd40269bbb9d0), CONST64(0xa762bfec4bdd317a), CONST64(0xdd31d176abe0963d), CONST64(0xd121c778a9e69e37),
CONST64(0x4f1fb62867a981e6), CONST64(0x3c504e360a1e2822), CONST64(0x8f02cbc847c90146), CONST64(0x16c3c8e4f20bef1d),
CONST64(0x99c1032cb5c2ee5b), CONST64(0xcc0d6bee226688aa), CONST64(0x647b4981e532b356), CONST64(0x5e230cb0ee2f9f71),
CONST64(0xa399461dbedfc27c), CONST64(0xfa4538d12b7dac87), CONST64(0x217ce2a0819e3ebf), CONST64(0x6c90a67e1236485a),
CONST64(0x2d6cf4ae839836b5), CONST64(0x5ad8f5411b2d6c77), CONST64(0x2470622a0e123836), CONST64(0xca0560e923658caf),
CONST64(0x04fbf9f1f502f306), CONST64(0x8312ddc645cf094c), CONST64(0xc61576e7216384a5), CONST64(0x9e3e7150ce4f1fd1),
CONST64(0xab72a9e249db3970), CONST64(0xe87d09c42c74b09c), CONST64(0x2c9b8dd5f916c33a), CONST64(0x6e635488e637bf59),
CONST64(0x93d91e25b6c7e254), CONST64(0xf05d25d82878a088), CONST64(0x72b8816517395c4b), CONST64(0x2b64ffa9829b32b0),
CONST64(0x5cd0fe461a2e6872), CONST64(0x1d2cac968b80169d), CONST64(0x3ea3bcc0fe1fdf21), CONST64(0x1b24a7918a831298),
CONST64(0x3648533f091b242d), CONST64(0x8c064045c94603ca), CONST64(0x354cd8b2879426a1), CONST64(0xb94a98f74ed2256b),
CONST64(0x7c5b659de13ea342), CONST64(0xe46d1fca2e72b896), CONST64(0x62734286e431b753), CONST64(0x7a536e9ae03da747),
CONST64(0x400b2babeb208b60), CONST64(0x47f459d790ad7aea), CONST64(0xff49b85ba4f1aa0e), CONST64(0x44f0d25a1e227866),
CONST64(0x395ccebc85922eab), CONST64(0x5d27873d60a09dfd), CONST64(0x0000000000000000), CONST64(0xde355afb256f94b1),
CONST64(0x02f3f2f6f401f703), CONST64(0x1cdbd5edf10ee312), CONST64(0x5fd475cb94a16afe), CONST64(0x3a5845310b1d2c27),
CONST64(0x686b5f8fe734bb5c), CONST64(0x238f1056759fc9bc), CONST64(0x582b07b7ef2c9b74), CONST64(0xb8bde18c345cd0e4),
CONST64(0xa695c6973153c4f5), CONST64(0xc2ee8f16d46177a3), CONST64(0xdacea30ad06d67b7), CONST64(0x3344d3b5869722a4),
CONST64(0x19d755677e82e59b), CONST64(0xc901eb64adea8e23), CONST64(0x34bba1c9fd1ad32e), CONST64(0xf6552edf297ba48d),
CONST64(0xa09dcd903050c0f0), CONST64(0x9ac588a13b4decd7), CONST64(0x658c30fa9fbc46d9), CONST64(0x2a9386d2f815c73f),
CONST64(0xae7e2968c6573ff9), CONST64(0x6a98ad7913354c5f), CONST64(0x14303a12060a181e), CONST64(0x1e28271b050f1411),
CONST64(0xa4663461c55233f6), CONST64(0x6688bb7711334455), CONST64(0x2f9f06587799c1b6), CONST64(0x15c743697c84ed91),
CONST64(0x01f7797b7a8ef58f), CONST64(0x0de76f757888fd85), CONST64(0xb4adf782365ad8ee), CONST64(0x48e0c4541c24706c),
CONST64(0x96d59eaf394be4dd), CONST64(0xcbf2199259eb7920), CONST64(0x50c0e84818286078), CONST64(0xe98a70bf56fa4513),
CONST64(0x8df1393eb3c8f645), CONST64(0x87e92437b0cdfa4a), CONST64(0xd83d51fc246c90b4), CONST64(0xc01d7de0206080a0),
CONST64(0x8bf93239b2cbf240), CONST64(0x4be44fd992ab72e0), CONST64(0xed71894ea3f8b615), CONST64(0xba4e137ac05d27e7),
CONST64(0x851ad6c144cc0d49), CONST64(0x5137913362a695f7), CONST64(0x6080b07010304050), CONST64(0x9fc9082bb4c1ea5e),
CONST64(0x3f54c5bb84912aae), CONST64(0x9722e7d443c51152), CONST64(0x4dec44de93a876e5), CONST64(0xb65e0574c25b2fed),
CONST64(0xa16ab4eb4ade357f), CONST64(0xa9815b14bddace73), CONST64(0x050c808a8f8c0689), CONST64(0xee7502c32d77b499),
CONST64(0xaf895013bcd9ca76), CONST64(0x6f942df39cb94ad6), CONST64(0x6177c90b6abeb5df), CONST64(0x9d3afadd40c01d5d),
CONST64(0x98367a57cf4c1bd4), CONST64(0xeb798249a2fbb210), CONST64(0x2774e9a7809d3aba), CONST64(0xbf4293f04fd1216e),
CONST64(0x42f8d95d1f217c63), CONST64(0x861e5d4cca430fc5), CONST64(0xdb39da71aae39238), CONST64(0x912aecd342c61557),
};
static const ulong64 T5[256] = {
CONST64(0xb9bb016ad3ba68d2), CONST64(0x9ae5b166fc54194d), CONST64(0x65e2cd14712f93bc), CONST64(0x8725511b9c74b9cd),
CONST64(0xa2f7a457f5530251), CONST64(0xd6d003be68d3b86b), CONST64(0xded604b56bd2bd6f), CONST64(0x52b3fe85d74d6429),
CONST64(0xbafdad4af0500d5d), CONST64(0x09cf63e0e9ac268a), CONST64(0x1c0984968a8d830e), CONST64(0x91a51a4ddcbf79c6),
CONST64(0xa73d4d379070addd), CONST64(0xaaf1a35cf6520755), CONST64(0xa47be117b39ac852), CONST64(0x5ab5f98ed44c612d),
CONST64(0x0346ac2023ea658f), CONST64(0xe6c4118462d5a673), CONST64(0xcc55c268a497f166), CONST64(0xc6dc0da86ed1b263),
CONST64(0x85aa99d05533ffcc), CONST64(0xb2fbaa41f3510859), CONST64(0xe2c79c0fed5b2a71), CONST64(0x59f355aef7a604a2),
CONST64(0xbefe20c17fde815f), CONST64(0x7aade5a2d848753d), CONST64(0x29d77fcce5a8329a), CONST64(0xbc71e80ab699c75e),
CONST64(0x96e03be670db904b), CONST64(0x8dac9edb5632fac8), CONST64(0xd1952215c4b751e6), CONST64(0xb332ceaa19fc2bd7),
CONST64(0x4b70937338e348ab), CONST64(0x8463fd3bbf9edc42), CONST64(0xfc41d052ae91ef7e), CONST64(0xac7de61cb09bcd56),
CONST64(0x437694783be24daf), CONST64(0xb1bd0661d0bb6dd6), CONST64(0x329bdaf1c3415819), CONST64(0x577917e5b26ecba5),
CONST64(0x41f95cb3f2a50bae), CONST64(0x16804b5640cbc00b), CONST64(0x7f670cc2bd6bdab1), CONST64(0xdc59cc7ea295fb6e),
CONST64(0x61e1409ffea11fbe), CONST64(0xcb10e3c308f318eb), CONST64(0xe181302fceb14ffe), CONST64(0x100c0e1606020a08),
CONST64(0x2e925e6749ccdb17), CONST64(0x6ea2663f51c4f337), CONST64(0xe84e53cf271d6974), CONST64(0xa0786c9c3c144450),
CONST64(0x56b0730e58c3e82b), CONST64(0x3f57349aa563f291), CONST64(0x9ee63ced73da954f), CONST64(0xd2d38e35e75d3469),
CONST64(0xc2df8023e15f3e61), CONST64(0xaef22ed779dc8b57), CONST64(0xcf136e48877d94e9), CONST64(0x2694596c4acdde13),
CONST64(0xdf1f605e817f9ee1), CONST64(0xeac19b04ee5a2f75), CONST64(0x477519f3b46cc1ad), CONST64(0xdad5893ee45c316d),
CONST64(0xeb08ffef04f70cfb), CONST64(0x2dd4f2476a26be98), CONST64(0xab38c7b71cff24db), CONST64(0x3b54b9112aed7e93),
CONST64(0x134aa23625e86f87), CONST64(0x9c69f426ba9dd34e), CONST64(0x5f7f10eeb16fcea1), CONST64(0x04038d8b8f8e8c02),
CONST64(0xc8564fe32b197d64), CONST64(0x69e74794fda01aba), CONST64(0xd31aeade0df017e7), CONST64(0x3c1198ba8689971e),
CONST64(0x78222d69110f333c), CONST64(0x3812153109071b1c), CONST64(0x11c56afdecaf2986), CONST64(0x8b20db9b10fb30cb),
CONST64(0x4030385818082820), CONST64(0xa87e6b973f154154), CONST64(0x682e237f170d3934), CONST64(0x20181c2c0c041410),
CONST64(0x0806070b03010504), CONST64(0x074521abac64e98d), CONST64(0xb6f827ca7cdf845b), CONST64(0x97295f0d9a76b3c5),
CONST64(0xef0b72648b7980f9), CONST64(0xa6f429dc7add8e53), CONST64(0xf58eb3b2473dc9f4), CONST64(0xb074628a3a164e58),
CONST64(0xe582bda4413fc3fc), CONST64(0xa5b285fc5937ebdc), CONST64(0x4f731ef8b76dc4a9), CONST64(0xdd90a8954838d8e0),
CONST64(0xa1b10877d6b967de), CONST64(0xbf37442a9573a2d1), CONST64(0x1b4ca53d26e96a83), CONST64(0xb5be8bea5f35e1d4),
CONST64(0x92e3b66dff551c49), CONST64(0xaf3b4a3c9371a8d9), CONST64(0xff077c728d7b8af1), CONST64(0x140f839d898c860a),
CONST64(0xb73143219672a7d5), CONST64(0x34179fb18588921a), CONST64(0xe30ef8e407f609ff), CONST64(0x4dfcd6337e2a82a8),
CONST64(0xed84baaf423ec6f8), CONST64(0xcad98728e25e3b65), CONST64(0x25d2f54c6927bb9c), CONST64(0x0a89cfc0ca464305),
CONST64(0x60282474140c3c30), CONST64(0x0f4326a0af65ec89), CONST64(0x676d05dfb868d5bd), CONST64(0x2f5b3a8ca361f899),
CONST64(0x180a091d05030f0c), CONST64(0x46bc7d185ec1e223), CONST64(0x82efb87bf9571641), CONST64(0xfece189967d6a97f),
CONST64(0x86ec35f076d99a43), CONST64(0xfacd9512e858257d), CONST64(0x8eea32fb75d89f47), CONST64(0x17492fbdaa66e385),
CONST64(0xf6c81f9264d7ac7b), CONST64(0xcd9ca6834e3ad2e8), CONST64(0x0e8a424b45c8cf07), CONST64(0xfd88b4b9443cccf0),
CONST64(0x8326dc9013fa35cf), CONST64(0xc453c563a796f462), CONST64(0x51f552a5f4a701a6), CONST64(0xb477ef01b598c25a),
CONST64(0x3352be1a29ec7b97), CONST64(0xa9b70f7cd5b862da), CONST64(0x76a86f2254c7fc3b), CONST64(0x19c36df6efae2c82),
CONST64(0x6f6b02d4bb69d0b9), CONST64(0x62a7ecbfdd4b7a31), CONST64(0x31dd76d1e0ab3d96), CONST64(0x21d178c7e6a9379e),
CONST64(0x1f4f28b6a967e681), CONST64(0x503c364e1e0a2228), CONST64(0x028fc8cbc9474601), CONST64(0xc316e4c80bf21def),
CONST64(0xc1992c03c2b55bee), CONST64(0x0dccee6b6622aa88), CONST64(0x7b64814932e556b3), CONST64(0x235eb00c2fee719f),
CONST64(0x99a31d46dfbe7cc2), CONST64(0x45fad1387d2b87ac), CONST64(0x7c21a0e29e81bf3e), CONST64(0x906c7ea636125a48),
CONST64(0x6c2daef49883b536), CONST64(0xd85a41f52d1b776c), CONST64(0x70242a62120e3638), CONST64(0x05cae9606523af8c),
CONST64(0xfb04f1f902f506f3), CONST64(0x1283c6ddcf454c09), CONST64(0x15c6e7766321a584), CONST64(0x3e9e50714fced11f),
CONST64(0x72abe2a9db497039), CONST64(0x7de8c409742c9cb0), CONST64(0x9b2cd58d16f93ac3), CONST64(0x636e885437e659bf),
CONST64(0xd993251ec7b654e2), CONST64(0x5df0d825782888a0), CONST64(0xb872658139174b5c), CONST64(0x642ba9ff9b82b032),
CONST64(0xd05c46fe2e1a7268), CONST64(0x2c1d96ac808b9d16), CONST64(0xa33ec0bc1ffe21df), CONST64(0x241b91a7838a9812),
CONST64(0x48363f531b092d24), CONST64(0x068c454046c9ca03), CONST64(0x4c35b2d89487a126), CONST64(0x4ab9f798d24e6b25),
CONST64(0x5b7c9d653ee142a3), CONST64(0x6de4ca1f722e96b8), CONST64(0x7362864231e453b7), CONST64(0x537a9a6e3de047a7),
CONST64(0x0b40ab2b20eb608b), CONST64(0xf447d759ad90ea7a), CONST64(0x49ff5bb8f1a40eaa), CONST64(0xf0445ad2221e6678),
CONST64(0x5c39bcce9285ab2e), CONST64(0x275d3d87a060fd9d), CONST64(0x0000000000000000), CONST64(0x35defb5a6f25b194),
CONST64(0xf302f6f201f403f7), CONST64(0xdb1cedd50ef112e3), CONST64(0xd45fcb75a194fe6a), CONST64(0x583a31451d0b272c),
CONST64(0x6b688f5f34e75cbb), CONST64(0x8f2356109f75bcc9), CONST64(0x2b58b7072cef749b), CONST64(0xbdb88ce15c34e4d0),
CONST64(0x95a697c65331f5c4), CONST64(0xeec2168f61d4a377), CONST64(0xceda0aa36dd0b767), CONST64(0x4433b5d39786a422),
CONST64(0xd7196755827e9be5), CONST64(0x01c964ebeaad238e), CONST64(0xbb34c9a11afd2ed3), CONST64(0x55f6df2e7b298da4),
CONST64(0x9da090cd5030f0c0), CONST64(0xc59aa1884d3bd7ec), CONST64(0x8c65fa30bc9fd946), CONST64(0x932ad28615f83fc7),
CONST64(0x7eae682957c6f93f), CONST64(0x986a79ad35135f4c), CONST64(0x3014123a0a061e18), CONST64(0x281e1b270f051114),
CONST64(0x66a4613452c5f633), CONST64(0x886677bb33115544), CONST64(0x9f2f58069977b6c1), CONST64(0xc7156943847c91ed),
CONST64(0xf7017b798e7a8ff5), CONST64(0xe70d756f887885fd), CONST64(0xadb482f75a36eed8), CONST64(0xe04854c4241c6c70),
CONST64(0xd596af9e4b39dde4), CONST64(0xf2cb9219eb592079), CONST64(0xc05048e828187860), CONST64(0x8ae9bf70fa561345),
CONST64(0xf18d3e39c8b345f6), CONST64(0xe9873724cdb04afa), CONST64(0x3dd8fc516c24b490), CONST64(0x1dc0e07d6020a080),
CONST64(0xf98b3932cbb240f2), CONST64(0xe44bd94fab92e072), CONST64(0x71ed4e89f8a315b6), CONST64(0x4eba7a135dc0e727),
CONST64(0x1a85c1d6cc44490d), CONST64(0x37513391a662f795), CONST64(0x806070b030105040), CONST64(0xc99f2b08c1b45eea),
CONST64(0x543fbbc59184ae2a), CONST64(0x2297d4e7c5435211), CONST64(0xec4dde44a893e576), CONST64(0x5eb674055bc2ed2f),
CONST64(0x6aa1ebb4de4a7f35), CONST64(0x81a9145bdabd73ce), CONST64(0x0c058a808c8f8906), CONST64(0x75eec302772d99b4),
CONST64(0x89af1350d9bc76ca), CONST64(0x946ff32db99cd64a), CONST64(0x77610bc9be6adfb5), CONST64(0x3a9dddfac0405d1d),
CONST64(0x3698577a4ccfd41b), CONST64(0x79eb4982fba210b2), CONST64(0x7427a7e99d80ba3a), CONST64(0x42bff093d14f6e21),
CONST64(0xf8425dd9211f637c), CONST64(0x1e864c5d43cac50f), CONST64(0x39db71dae3aa3892), CONST64(0x2a91d3ecc6425715),
};
static const ulong64 T6[256] = {
CONST64(0x6a01bbb9d268bad3), CONST64(0x66b1e59a4d1954fc), CONST64(0x14cde265bc932f71), CONST64(0x1b512587cdb9749c),
CONST64(0x57a4f7a2510253f5), CONST64(0xbe03d0d66bb8d368), CONST64(0xb504d6de6fbdd26b), CONST64(0x85feb35229644dd7),
CONST64(0x4aadfdba5d0d50f0), CONST64(0xe063cf098a26ace9), CONST64(0x9684091c0e838d8a), CONST64(0x4d1aa591c679bfdc),
CONST64(0x374d3da7ddad7090), CONST64(0x5ca3f1aa550752f6), CONST64(0x17e17ba452c89ab3), CONST64(0x8ef9b55a2d614cd4),
CONST64(0x20ac46038f65ea23), CONST64(0x8411c4e673a6d562), CONST64(0x68c255cc66f197a4), CONST64(0xa80ddcc663b2d16e),
CONST64(0xd099aa85ccff3355), CONST64(0x41aafbb2590851f3), CONST64(0x0f9cc7e2712a5bed), CONST64(0xae55f359a204a6f7),
CONST64(0xc120febe5f81de7f), CONST64(0xa2e5ad7a3d7548d8), CONST64(0xcc7fd7299a32a8e5), CONST64(0x0ae871bc5ec799b6),
CONST64(0xe63be0964b90db70), CONST64(0xdb9eac8dc8fa3256), CONST64(0x152295d1e651b7c4), CONST64(0xaace32b3d72bfc19),
CONST64(0x7393704bab48e338), CONST64(0x3bfd638442dc9ebf), CONST64(0x52d041fc7eef91ae), CONST64(0x1ce67dac56cd9bb0),
CONST64(0x78947643af4de23b), CONST64(0x6106bdb1d66dbbd0), CONST64(0xf1da9b32195841c3), CONST64(0xe5177957a5cb6eb2),
CONST64(0xb35cf941ae0ba5f2), CONST64(0x564b80160bc0cb40), CONST64(0xc20c677fb1da6bbd), CONST64(0x7ecc59dc6efb95a2),
CONST64(0x9f40e161be1fa1fe), CONST64(0xc3e310cbeb18f308), CONST64(0x2f3081e1fe4fb1ce), CONST64(0x160e0c10080a0206),
CONST64(0x675e922e17dbcc49), CONST64(0x3f66a26e37f3c451), CONST64(0xcf534ee874691d27), CONST64(0x9c6c78a05044143c),
CONST64(0x0e73b0562be8c358), CONST64(0x9a34573f91f263a5), CONST64(0xed3ce69e4f95da73), CONST64(0x358ed3d269345de7),
CONST64(0x2380dfc2613e5fe1), CONST64(0xd72ef2ae578bdc79), CONST64(0x486e13cfe9947d87), CONST64(0x6c59942613decd4a),
CONST64(0x5e601fdfe19e7f81), CONST64(0x049bc1ea752f5aee), CONST64(0xf3197547adc16cb4), CONST64(0x3e89d5da6d315ce4),
CONST64(0xefff08ebfb0cf704), CONST64(0x47f2d42d98be266a), CONST64(0xb7c738abdb24ff1c), CONST64(0x11b9543b937eed2a),
CONST64(0x36a24a13876fe825), CONST64(0x26f4699c4ed39dba), CONST64(0xee107f5fa1ce6fb1), CONST64(0x8b8d0304028c8e8f),
CONST64(0xe34f56c8647d192b), CONST64(0x9447e769ba1aa0fd), CONST64(0xdeea1ad3e717f00d), CONST64(0xba98113c1e978986),
CONST64(0x692d22783c330f11), CONST64(0x311512381c1b0709), CONST64(0xfd6ac5118629afec), CONST64(0x9bdb208bcb30fb10),
CONST64(0x5838304020280818), CONST64(0x976b7ea85441153f), CONST64(0x7f232e6834390d17), CONST64(0x2c1c18201014040c),
CONST64(0x0b07060804050103), CONST64(0xab2145078de964ac), CONST64(0xca27f8b65b84df7c), CONST64(0x0d5f2997c5b3769a),
CONST64(0x64720beff980798b), CONST64(0xdc29f4a6538edd7a), CONST64(0xb2b38ef5f4c93d47), CONST64(0x8a6274b0584e163a),
CONST64(0xa4bd82e5fcc33f41), CONST64(0xfc85b2a5dceb3759), CONST64(0xf81e734fa9c46db7), CONST64(0x95a890dde0d83848),
CONST64(0x7708b1a1de67b9d6), CONST64(0x2a4437bfd1a27395), CONST64(0x3da54c1b836ae926), CONST64(0xea8bbeb5d4e1355f),
CONST64(0x6db6e392491c55ff), CONST64(0x3c4a3bafd9a87193), CONST64(0x727c07fff18a7b8d), CONST64(0x9d830f140a868c89),
CONST64(0x214331b7d5a77296), CONST64(0xb19f17341a928885), CONST64(0xe4f80ee3ff09f607), CONST64(0x33d6fc4da8822a7e),
CONST64(0xafba84edf8c63e42), CONST64(0x2887d9ca653b5ee2), CONST64(0x4cf5d2259cbb2769), CONST64(0xc0cf890a054346ca),
CONST64(0x74242860303c0c14), CONST64(0xa026430f89ec65af), CONST64(0xdf056d67bdd568b8), CONST64(0x8c3a5b2f99f861a3),
CONST64(0x1d090a180c0f0305), CONST64(0x187dbc4623e2c15e), CONST64(0x7bb8ef82411657f9), CONST64(0x9918cefe7fa9d667),
CONST64(0xf035ec86439ad976), CONST64(0x1295cdfa7d2558e8), CONST64(0xfb32ea8e479fd875), CONST64(0xbd2f491785e366aa),
CONST64(0x921fc8f67bacd764), CONST64(0x83a69ccde8d23a4e), CONST64(0x4b428a0e07cfc845), CONST64(0xb9b488fdf0cc3c44),
CONST64(0x90dc2683cf35fa13), CONST64(0x63c553c462f496a7), CONST64(0xa552f551a601a7f4), CONST64(0x01ef77b45ac298b5),
CONST64(0x1abe5233977bec29), CONST64(0x7c0fb7a9da62b8d5), CONST64(0x226fa8763bfcc754), CONST64(0xf66dc319822caeef),
CONST64(0xd4026b6fb9d069bb), CONST64(0xbfeca762317a4bdd), CONST64(0xd176dd31963dabe0), CONST64(0xc778d1219e37a9e6),
CONST64(0xb6284f1f81e667a9), CONST64(0x4e363c5028220a1e), CONST64(0xcbc88f02014647c9), CONST64(0xc8e416c3ef1df20b),
CONST64(0x032c99c1ee5bb5c2), CONST64(0x6beecc0d88aa2266), CONST64(0x4981647bb356e532), CONST64(0x0cb05e239f71ee2f),
CONST64(0x461da399c27cbedf), CONST64(0x38d1fa45ac872b7d), CONST64(0xe2a0217c3ebf819e), CONST64(0xa67e6c90485a1236),
CONST64(0xf4ae2d6c36b58398), CONST64(0xf5415ad86c771b2d), CONST64(0x622a247038360e12), CONST64(0x60e9ca058caf2365),
CONST64(0xf9f104fbf306f502), CONST64(0xddc68312094c45cf), CONST64(0x76e7c61584a52163), CONST64(0x71509e3e1fd1ce4f),
CONST64(0xa9e2ab72397049db), CONST64(0x09c4e87db09c2c74), CONST64(0x8dd52c9bc33af916), CONST64(0x54886e63bf59e637),
CONST64(0x1e2593d9e254b6c7), CONST64(0x25d8f05da0882878), CONST64(0x816572b85c4b1739), CONST64(0xffa92b6432b0829b),
CONST64(0xfe465cd068721a2e), CONST64(0xac961d2c169d8b80), CONST64(0xbcc03ea3df21fe1f), CONST64(0xa7911b2412988a83),
CONST64(0x533f3648242d091b), CONST64(0x40458c0603cac946), CONST64(0xd8b2354c26a18794), CONST64(0x98f7b94a256b4ed2),
CONST64(0x659d7c5ba342e13e), CONST64(0x1fcae46db8962e72), CONST64(0x42866273b753e431), CONST64(0x6e9a7a53a747e03d),
CONST64(0x2bab400b8b60eb20), CONST64(0x59d747f47aea90ad), CONST64(0xb85bff49aa0ea4f1), CONST64(0xd25a44f078661e22),
CONST64(0xcebc395c2eab8592), CONST64(0x873d5d279dfd60a0), CONST64(0x0000000000000000), CONST64(0x5afbde3594b1256f),
CONST64(0xf2f602f3f703f401), CONST64(0xd5ed1cdbe312f10e), CONST64(0x75cb5fd46afe94a1), CONST64(0x45313a582c270b1d),
CONST64(0x5f8f686bbb5ce734), CONST64(0x1056238fc9bc759f), CONST64(0x07b7582b9b74ef2c), CONST64(0xe18cb8bdd0e4345c),
CONST64(0xc697a695c4f53153), CONST64(0x8f16c2ee77a3d461), CONST64(0xa30adace67b7d06d), CONST64(0xd3b5334422a48697),
CONST64(0x556719d7e59b7e82), CONST64(0xeb64c9018e23adea), CONST64(0xa1c934bbd32efd1a), CONST64(0x2edff655a48d297b),
CONST64(0xcd90a09dc0f03050), CONST64(0x88a19ac5ecd73b4d), CONST64(0x30fa658c46d99fbc), CONST64(0x86d22a93c73ff815),
CONST64(0x2968ae7e3ff9c657), CONST64(0xad796a984c5f1335), CONST64(0x3a121430181e060a), CONST64(0x271b1e281411050f),
CONST64(0x3461a46633f6c552), CONST64(0xbb77668844551133), CONST64(0x06582f9fc1b67799), CONST64(0x436915c7ed917c84),
CONST64(0x797b01f7f58f7a8e), CONST64(0x6f750de7fd857888), CONST64(0xf782b4add8ee365a), CONST64(0xc45448e0706c1c24),
CONST64(0x9eaf96d5e4dd394b), CONST64(0x1992cbf2792059eb), CONST64(0xe84850c060781828), CONST64(0x70bfe98a451356fa),
CONST64(0x393e8df1f645b3c8), CONST64(0x243787e9fa4ab0cd), CONST64(0x51fcd83d90b4246c), CONST64(0x7de0c01d80a02060),
CONST64(0x32398bf9f240b2cb), CONST64(0x4fd94be472e092ab), CONST64(0x894eed71b615a3f8), CONST64(0x137aba4e27e7c05d),
CONST64(0xd6c1851a0d4944cc), CONST64(0x9133513795f762a6), CONST64(0xb070608040501030), CONST64(0x082b9fc9ea5eb4c1),
CONST64(0xc5bb3f542aae8491), CONST64(0xe7d49722115243c5), CONST64(0x44de4dec76e593a8), CONST64(0x0574b65e2fedc25b),
CONST64(0xb4eba16a357f4ade), CONST64(0x5b14a981ce73bdda), CONST64(0x808a050c06898f8c), CONST64(0x02c3ee75b4992d77),
CONST64(0x5013af89ca76bcd9), CONST64(0x2df36f944ad69cb9), CONST64(0xc90b6177b5df6abe), CONST64(0xfadd9d3a1d5d40c0),
CONST64(0x7a5798361bd4cf4c), CONST64(0x8249eb79b210a2fb), CONST64(0xe9a727743aba809d), CONST64(0x93f0bf42216e4fd1),
CONST64(0xd95d42f87c631f21), CONST64(0x5d4c861e0fc5ca43), CONST64(0xda71db399238aae3), CONST64(0xecd3912a155742c6),
};
static const ulong64 T7[256] = {
CONST64(0x016ab9bb68d2d3ba), CONST64(0xb1669ae5194dfc54), CONST64(0xcd1465e293bc712f), CONST64(0x511b8725b9cd9c74),
CONST64(0xa457a2f70251f553), CONST64(0x03bed6d0b86b68d3), CONST64(0x04b5ded6bd6f6bd2), CONST64(0xfe8552b36429d74d),
CONST64(0xad4abafd0d5df050), CONST64(0x63e009cf268ae9ac), CONST64(0x84961c09830e8a8d), CONST64(0x1a4d91a579c6dcbf),
CONST64(0x4d37a73daddd9070), CONST64(0xa35caaf10755f652), CONST64(0xe117a47bc852b39a), CONST64(0xf98e5ab5612dd44c),
CONST64(0xac200346658f23ea), CONST64(0x1184e6c4a67362d5), CONST64(0xc268cc55f166a497), CONST64(0x0da8c6dcb2636ed1),
CONST64(0x99d085aaffcc5533), CONST64(0xaa41b2fb0859f351), CONST64(0x9c0fe2c72a71ed5b), CONST64(0x55ae59f304a2f7a6),
CONST64(0x20c1befe815f7fde), CONST64(0xe5a27aad753dd848), CONST64(0x7fcc29d7329ae5a8), CONST64(0xe80abc71c75eb699),
CONST64(0x3be696e0904b70db), CONST64(0x9edb8dacfac85632), CONST64(0x2215d19551e6c4b7), CONST64(0xceaab3322bd719fc),
CONST64(0x93734b7048ab38e3), CONST64(0xfd3b8463dc42bf9e), CONST64(0xd052fc41ef7eae91), CONST64(0xe61cac7dcd56b09b),
CONST64(0x947843764daf3be2), CONST64(0x0661b1bd6dd6d0bb), CONST64(0xdaf1329b5819c341), CONST64(0x17e55779cba5b26e),
CONST64(0x5cb341f90baef2a5), CONST64(0x4b561680c00b40cb), CONST64(0x0cc27f67dab1bd6b), CONST64(0xcc7edc59fb6ea295),
CONST64(0x409f61e11fbefea1), CONST64(0xe3c3cb1018eb08f3), CONST64(0x302fe1814ffeceb1), CONST64(0x0e16100c0a080602),
CONST64(0x5e672e92db1749cc), CONST64(0x663f6ea2f33751c4), CONST64(0x53cfe84e6974271d), CONST64(0x6c9ca07844503c14),
CONST64(0x730e56b0e82b58c3), CONST64(0x349a3f57f291a563), CONST64(0x3ced9ee6954f73da), CONST64(0x8e35d2d33469e75d),
CONST64(0x8023c2df3e61e15f), CONST64(0x2ed7aef28b5779dc), CONST64(0x6e48cf1394e9877d), CONST64(0x596c2694de134acd),
CONST64(0x605edf1f9ee1817f), CONST64(0x9b04eac12f75ee5a), CONST64(0x19f34775c1adb46c), CONST64(0x893edad5316de45c),
CONST64(0xffefeb080cfb04f7), CONST64(0xf2472dd4be986a26), CONST64(0xc7b7ab3824db1cff), CONST64(0xb9113b547e932aed),
CONST64(0xa236134a6f8725e8), CONST64(0xf4269c69d34eba9d), CONST64(0x10ee5f7fcea1b16f), CONST64(0x8d8b04038c028f8e),
CONST64(0x4fe3c8567d642b19), CONST64(0x479469e71abafda0), CONST64(0xeaded31a17e70df0), CONST64(0x98ba3c11971e8689),
CONST64(0x2d697822333c110f), CONST64(0x153138121b1c0907), CONST64(0x6afd11c52986ecaf), CONST64(0xdb9b8b2030cb10fb),
CONST64(0x3858403028201808), CONST64(0x6b97a87e41543f15), CONST64(0x237f682e3934170d), CONST64(0x1c2c201814100c04),
CONST64(0x070b080605040301), CONST64(0x21ab0745e98dac64), CONST64(0x27cab6f8845b7cdf), CONST64(0x5f0d9729b3c59a76),
CONST64(0x7264ef0b80f98b79), CONST64(0x29dca6f48e537add), CONST64(0xb3b2f58ec9f4473d), CONST64(0x628ab0744e583a16),
CONST64(0xbda4e582c3fc413f), CONST64(0x85fca5b2ebdc5937), CONST64(0x1ef84f73c4a9b76d), CONST64(0xa895dd90d8e04838),
CONST64(0x0877a1b167ded6b9), CONST64(0x442abf37a2d19573), CONST64(0xa53d1b4c6a8326e9), CONST64(0x8beab5bee1d45f35),
CONST64(0xb66d92e31c49ff55), CONST64(0x4a3caf3ba8d99371), CONST64(0x7c72ff078af18d7b), CONST64(0x839d140f860a898c),
CONST64(0x4321b731a7d59672), CONST64(0x9fb13417921a8588), CONST64(0xf8e4e30e09ff07f6), CONST64(0xd6334dfc82a87e2a),
CONST64(0xbaafed84c6f8423e), CONST64(0x8728cad93b65e25e), CONST64(0xf54c25d2bb9c6927), CONST64(0xcfc00a894305ca46),
CONST64(0x247460283c30140c), CONST64(0x26a00f43ec89af65), CONST64(0x05df676dd5bdb868), CONST64(0x3a8c2f5bf899a361),
CONST64(0x091d180a0f0c0503), CONST64(0x7d1846bce2235ec1), CONST64(0xb87b82ef1641f957), CONST64(0x1899fecea97f67d6),
CONST64(0x35f086ec9a4376d9), CONST64(0x9512facd257de858), CONST64(0x32fb8eea9f4775d8), CONST64(0x2fbd1749e385aa66),
CONST64(0x1f92f6c8ac7b64d7), CONST64(0xa683cd9cd2e84e3a), CONST64(0x424b0e8acf0745c8), CONST64(0xb4b9fd88ccf0443c),
CONST64(0xdc90832635cf13fa), CONST64(0xc563c453f462a796), CONST64(0x52a551f501a6f4a7), CONST64(0xef01b477c25ab598),
CONST64(0xbe1a33527b9729ec), CONST64(0x0f7ca9b762dad5b8), CONST64(0x6f2276a8fc3b54c7), CONST64(0x6df619c32c82efae),
CONST64(0x02d46f6bd0b9bb69), CONST64(0xecbf62a77a31dd4b), CONST64(0x76d131dd3d96e0ab), CONST64(0x78c721d1379ee6a9),
CONST64(0x28b61f4fe681a967), CONST64(0x364e503c22281e0a), CONST64(0xc8cb028f4601c947), CONST64(0xe4c8c3161def0bf2),
CONST64(0x2c03c1995beec2b5), CONST64(0xee6b0dccaa886622), CONST64(0x81497b6456b332e5), CONST64(0xb00c235e719f2fee),
CONST64(0x1d4699a37cc2dfbe), CONST64(0xd13845fa87ac7d2b), CONST64(0xa0e27c21bf3e9e81), CONST64(0x7ea6906c5a483612),
CONST64(0xaef46c2db5369883), CONST64(0x41f5d85a776c2d1b), CONST64(0x2a6270243638120e), CONST64(0xe96005caaf8c6523),
CONST64(0xf1f9fb0406f302f5), CONST64(0xc6dd12834c09cf45), CONST64(0xe77615c6a5846321), CONST64(0x50713e9ed11f4fce),
CONST64(0xe2a972ab7039db49), CONST64(0xc4097de89cb0742c), CONST64(0xd58d9b2c3ac316f9), CONST64(0x8854636e59bf37e6),
CONST64(0x251ed99354e2c7b6), CONST64(0xd8255df088a07828), CONST64(0x6581b8724b5c3917), CONST64(0xa9ff642bb0329b82),
CONST64(0x46fed05c72682e1a), CONST64(0x96ac2c1d9d16808b), CONST64(0xc0bca33e21df1ffe), CONST64(0x91a7241b9812838a),
CONST64(0x3f5348362d241b09), CONST64(0x4540068cca0346c9), CONST64(0xb2d84c35a1269487), CONST64(0xf7984ab96b25d24e),
CONST64(0x9d655b7c42a33ee1), CONST64(0xca1f6de496b8722e), CONST64(0x8642736253b731e4), CONST64(0x9a6e537a47a73de0),
CONST64(0xab2b0b40608b20eb), CONST64(0xd759f447ea7aad90), CONST64(0x5bb849ff0eaaf1a4), CONST64(0x5ad2f0446678221e),
CONST64(0xbcce5c39ab2e9285), CONST64(0x3d87275dfd9da060), CONST64(0x0000000000000000), CONST64(0xfb5a35deb1946f25),
CONST64(0xf6f2f30203f701f4), CONST64(0xedd5db1c12e30ef1), CONST64(0xcb75d45ffe6aa194), CONST64(0x3145583a272c1d0b),
CONST64(0x8f5f6b685cbb34e7), CONST64(0x56108f23bcc99f75), CONST64(0xb7072b58749b2cef), CONST64(0x8ce1bdb8e4d05c34),
CONST64(0x97c695a6f5c45331), CONST64(0x168feec2a37761d4), CONST64(0x0aa3cedab7676dd0), CONST64(0xb5d34433a4229786),
CONST64(0x6755d7199be5827e), CONST64(0x64eb01c9238eeaad), CONST64(0xc9a1bb342ed31afd), CONST64(0xdf2e55f68da47b29),
CONST64(0x90cd9da0f0c05030), CONST64(0xa188c59ad7ec4d3b), CONST64(0xfa308c65d946bc9f), CONST64(0xd286932a3fc715f8),
CONST64(0x68297eaef93f57c6), CONST64(0x79ad986a5f4c3513), CONST64(0x123a30141e180a06), CONST64(0x1b27281e11140f05),
CONST64(0x613466a4f63352c5), CONST64(0x77bb886655443311), CONST64(0x58069f2fb6c19977), CONST64(0x6943c71591ed847c),
CONST64(0x7b79f7018ff58e7a), CONST64(0x756fe70d85fd8878), CONST64(0x82f7adb4eed85a36), CONST64(0x54c4e0486c70241c),
CONST64(0xaf9ed596dde44b39), CONST64(0x9219f2cb2079eb59), CONST64(0x48e8c05078602818), CONST64(0xbf708ae91345fa56),
CONST64(0x3e39f18d45f6c8b3), CONST64(0x3724e9874afacdb0), CONST64(0xfc513dd8b4906c24), CONST64(0xe07d1dc0a0806020),
CONST64(0x3932f98b40f2cbb2), CONST64(0xd94fe44be072ab92), CONST64(0x4e8971ed15b6f8a3), CONST64(0x7a134ebae7275dc0),
CONST64(0xc1d61a85490dcc44), CONST64(0x33913751f795a662), CONST64(0x70b0806050403010), CONST64(0x2b08c99f5eeac1b4),
CONST64(0xbbc5543fae2a9184), CONST64(0xd4e722975211c543), CONST64(0xde44ec4de576a893), CONST64(0x74055eb6ed2f5bc2),
CONST64(0xebb46aa17f35de4a), CONST64(0x145b81a973cedabd), CONST64(0x8a800c0589068c8f), CONST64(0xc30275ee99b4772d),
CONST64(0x135089af76cad9bc), CONST64(0xf32d946fd64ab99c), CONST64(0x0bc97761dfb5be6a), CONST64(0xddfa3a9d5d1dc040),
CONST64(0x577a3698d41b4ccf), CONST64(0x498279eb10b2fba2), CONST64(0xa7e97427ba3a9d80), CONST64(0xf09342bf6e21d14f),
CONST64(0x5dd9f842637c211f), CONST64(0x4c5d1e86c50f43ca), CONST64(0x71da39db3892e3aa), CONST64(0xd3ec2a915715c642),
};
static const ulong64 c[R + 1] = {
CONST64(0xba542f7453d3d24d),
CONST64(0x50ac8dbf70529a4c),
CONST64(0xead597d133515ba6),
CONST64(0xde48a899db32b7fc),
CONST64(0xe39e919be2bb416e),
CONST64(0xa5cb6b95a1f3b102),
CONST64(0xccc41d14c363da5d),
CONST64(0x5fdc7dcd7f5a6c5c),
CONST64(0xf726ffede89d6f8e),
};
/**
Initialize the Khazad block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int khazad_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int r;
const ulong64 *S;
ulong64 K2, K1;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (keylen != 16) {
return CRYPT_INVALID_KEYSIZE;
}
if (num_rounds != 8 && num_rounds != 0) {
return CRYPT_INVALID_ROUNDS;
}
/* use 7th table */
S = T7;
/*
* map unsigned char array cipher key to initial key state (mu):
*/
K2 =
((ulong64)key[ 0] << 56) ^
((ulong64)key[ 1] << 48) ^
((ulong64)key[ 2] << 40) ^
((ulong64)key[ 3] << 32) ^
((ulong64)key[ 4] << 24) ^
((ulong64)key[ 5] << 16) ^
((ulong64)key[ 6] << 8) ^
((ulong64)key[ 7] );
K1 =
((ulong64)key[ 8] << 56) ^
((ulong64)key[ 9] << 48) ^
((ulong64)key[10] << 40) ^
((ulong64)key[11] << 32) ^
((ulong64)key[12] << 24) ^
((ulong64)key[13] << 16) ^
((ulong64)key[14] << 8) ^
((ulong64)key[15] );
/*
* compute the round keys:
*/
for (r = 0; r <= R; r++) {
/*
* K[r] = rho(c[r], K1) ^ K2;
*/
skey->khazad.roundKeyEnc[r] =
T0[(int)(K1 >> 56) ] ^
T1[(int)(K1 >> 48) & 0xff] ^
T2[(int)(K1 >> 40) & 0xff] ^
T3[(int)(K1 >> 32) & 0xff] ^
T4[(int)(K1 >> 24) & 0xff] ^
T5[(int)(K1 >> 16) & 0xff] ^
T6[(int)(K1 >> 8) & 0xff] ^
T7[(int)(K1 ) & 0xff] ^
c[r] ^ K2;
K2 = K1; K1 = skey->khazad.roundKeyEnc[r];
}
/*
* compute the inverse key schedule:
* K'^0 = K^R, K'^R = K^0, K'^r = theta(K^{R-r})
*/
skey->khazad.roundKeyDec[0] = skey->khazad.roundKeyEnc[R];
for (r = 1; r < R; r++) {
K1 = skey->khazad.roundKeyEnc[R - r];
skey->khazad.roundKeyDec[r] =
T0[(int)S[(int)(K1 >> 56) ] & 0xff] ^
T1[(int)S[(int)(K1 >> 48) & 0xff] & 0xff] ^
T2[(int)S[(int)(K1 >> 40) & 0xff] & 0xff] ^
T3[(int)S[(int)(K1 >> 32) & 0xff] & 0xff] ^
T4[(int)S[(int)(K1 >> 24) & 0xff] & 0xff] ^
T5[(int)S[(int)(K1 >> 16) & 0xff] & 0xff] ^
T6[(int)S[(int)(K1 >> 8) & 0xff] & 0xff] ^
T7[(int)S[(int)(K1 ) & 0xff] & 0xff];
}
skey->khazad.roundKeyDec[R] = skey->khazad.roundKeyEnc[0];
return CRYPT_OK;
}
static void khazad_crypt(const unsigned char *plaintext, unsigned char *ciphertext,
const ulong64 *roundKey) {
int r;
ulong64 state;
/*
* map plaintext block to cipher state (mu)
* and add initial round key (sigma[K^0]):
*/
state =
((ulong64)plaintext[0] << 56) ^
((ulong64)plaintext[1] << 48) ^
((ulong64)plaintext[2] << 40) ^
((ulong64)plaintext[3] << 32) ^
((ulong64)plaintext[4] << 24) ^
((ulong64)plaintext[5] << 16) ^
((ulong64)plaintext[6] << 8) ^
((ulong64)plaintext[7] ) ^
roundKey[0];
/*
* R - 1 full rounds:
*/
for (r = 1; r < R; r++) {
state =
T0[(int)(state >> 56) ] ^
T1[(int)(state >> 48) & 0xff] ^
T2[(int)(state >> 40) & 0xff] ^
T3[(int)(state >> 32) & 0xff] ^
T4[(int)(state >> 24) & 0xff] ^
T5[(int)(state >> 16) & 0xff] ^
T6[(int)(state >> 8) & 0xff] ^
T7[(int)(state ) & 0xff] ^
roundKey[r];
}
/*
* last round:
*/
state =
(T0[(int)(state >> 56) ] & CONST64(0xff00000000000000)) ^
(T1[(int)(state >> 48) & 0xff] & CONST64(0x00ff000000000000)) ^
(T2[(int)(state >> 40) & 0xff] & CONST64(0x0000ff0000000000)) ^
(T3[(int)(state >> 32) & 0xff] & CONST64(0x000000ff00000000)) ^
(T4[(int)(state >> 24) & 0xff] & CONST64(0x00000000ff000000)) ^
(T5[(int)(state >> 16) & 0xff] & CONST64(0x0000000000ff0000)) ^
(T6[(int)(state >> 8) & 0xff] & CONST64(0x000000000000ff00)) ^
(T7[(int)(state ) & 0xff] & CONST64(0x00000000000000ff)) ^
roundKey[R];
/*
* map cipher state to ciphertext block (mu^{-1}):
*/
ciphertext[0] = (unsigned char)(state >> 56);
ciphertext[1] = (unsigned char)(state >> 48);
ciphertext[2] = (unsigned char)(state >> 40);
ciphertext[3] = (unsigned char)(state >> 32);
ciphertext[4] = (unsigned char)(state >> 24);
ciphertext[5] = (unsigned char)(state >> 16);
ciphertext[6] = (unsigned char)(state >> 8);
ciphertext[7] = (unsigned char)(state );
}
/**
Encrypts a block of text with Khazad
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
void khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
khazad_crypt(pt, ct, skey->khazad.roundKeyEnc);
}
/**
Decrypts a block of text with Khazad
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
void khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
khazad_crypt(ct, pt, skey->khazad.roundKeyDec);
}
/**
Performs a self-test of the Khazad block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int khazad_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct test {
unsigned char pt[8], ct[8], key[16];
} tests[] = {
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x49, 0xA4, 0xCE, 0x32, 0xAC, 0x19, 0x0E, 0x3F },
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
}, {
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x64, 0x5D, 0x77, 0x3E, 0x40, 0xAB, 0xDD, 0x53 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
}, {
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x9E, 0x39, 0x98, 0x64, 0xF7, 0x8E, 0xCA, 0x02 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
}, {
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
{ 0xA9, 0xDF, 0x3D, 0x2C, 0x64, 0xD3, 0xEA, 0x28 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
}
};
int x, y;
unsigned char buf[2][8];
symmetric_key skey;
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
khazad_setup(tests[x].key, 16, 0, &skey);
khazad_ecb_encrypt(tests[x].pt, buf[0], &skey);
khazad_ecb_decrypt(buf[0], buf[1], &skey);
if (memcmp(buf[0], tests[x].ct, 8) || memcmp(buf[1], tests[x].pt, 8)) {
return CRYPT_FAIL_TESTVECTOR;
}
for (y = 0; y < 1000; y++) khazad_ecb_encrypt(buf[0], buf[0], &skey);
for (y = 0; y < 1000; y++) khazad_ecb_decrypt(buf[0], buf[0], &skey);
if (memcmp(buf[0], tests[x].ct, 8)) {
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif
}
/** Terminate the context
@param skey The scheduled key
*/
void khazad_done(symmetric_key *skey)
{
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int khazad_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*keysize >= 16) {
*keysize = 16;
return CRYPT_OK;
} else {
return CRYPT_INVALID_KEYSIZE;
}
}
#endif

119
noekeon.c → src/ciphers/noekeon.c
View File

@@ -6,14 +6,17 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* Implementation of the Noekeon block cipher by Tom St Denis */
#include "mycrypt.h"
/**
@file noekeon.c
Implementation of the Noekeon block cipher by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef NOEKEON
const struct _cipher_descriptor noekeon_desc =
const struct ltc_cipher_descriptor noekeon_desc =
{
"noekeon",
16,
@@ -22,7 +25,9 @@ const struct _cipher_descriptor noekeon_desc =
&noekeon_ecb_encrypt,
&noekeon_ecb_decrypt,
&noekeon_test,
&noekeon_keysize
&noekeon_done,
&noekeon_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 RC[] = {
@@ -34,15 +39,15 @@ static const ulong32 RC[] = {
};
#define kTHETA(a, b, c, d) \
temp = a^c; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
temp = a^c; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
b ^= temp; d ^= temp; \
temp = b^d; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
temp = b^d; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
a ^= temp; c ^= temp;
#define THETA(k, a, b, c, d) \
temp = a^c; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
temp = a^c; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
b ^= temp ^ k[1]; d ^= temp ^ k[3]; \
temp = b^d; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
temp = b^d; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
a ^= temp ^ k[0]; c ^= temp ^ k[2];
#define GAMMA(a, b, c, d) \
@@ -54,17 +59,25 @@ static const ulong32 RC[] = {
a ^= c&b;
#define PI1(a, b, c, d) \
a = ROL(a, 1); c = ROL(c, 5); d = ROL(d, 2);
a = ROLc(a, 1); c = ROLc(c, 5); d = ROLc(d, 2);
#define PI2(a, b, c, d) \
a = ROR(a, 1); c = ROR(c, 5); d = ROR(d, 2);
a = RORc(a, 1); c = RORc(c, 5); d = RORc(d, 2);
/**
Initialize the Noekeon block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
ulong32 temp;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (keylen != 16) {
return CRYPT_INVALID_KEYSIZE;
@@ -89,25 +102,31 @@ int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
return CRYPT_OK;
}
#ifdef CLEAN_STACK
static void _noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with Noekeon
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,temp;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32H(a,&pt[0]); LOAD32H(b,&pt[4]);
LOAD32H(c,&pt[8]); LOAD32H(d,&pt[12]);
#define ROUND(i) \
a ^= RC[i]; \
THETA(key->noekeon.K, a,b,c,d); \
THETA(skey->noekeon.K, a,b,c,d); \
PI1(a,b,c,d); \
GAMMA(a,b,c,d); \
PI2(a,b,c,d);
@@ -119,39 +138,45 @@ void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
#undef ROUND
a ^= RC[16];
THETA(key->noekeon.K, a, b, c, d);
THETA(skey->noekeon.K, a, b, c, d);
STORE32H(a,&ct[0]); STORE32H(b,&ct[4]);
STORE32H(c,&ct[8]); STORE32H(d,&ct[12]);
}
#ifdef CLEAN_STACK
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_noekeon_ecb_encrypt(pt, ct, key);
_noekeon_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 5 + sizeof(int));
}
#endif
#ifdef CLEAN_STACK
static void _noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with Noekeon
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d, temp;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32H(a,&ct[0]); LOAD32H(b,&ct[4]);
LOAD32H(c,&ct[8]); LOAD32H(d,&ct[12]);
#define ROUND(i) \
THETA(key->noekeon.dK, a,b,c,d); \
THETA(skey->noekeon.dK, a,b,c,d); \
a ^= RC[i]; \
PI1(a,b,c,d); \
GAMMA(a,b,c,d); \
@@ -163,20 +188,24 @@ void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
#undef ROUND
THETA(key->noekeon.dK, a,b,c,d);
THETA(skey->noekeon.dK, a,b,c,d);
a ^= RC[0];
STORE32H(a,&pt[0]); STORE32H(b, &pt[4]);
STORE32H(c,&pt[8]); STORE32H(d, &pt[12]);
}
#ifdef CLEAN_STACK
void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_noekeon_ecb_decrypt(ct, pt, key);
_noekeon_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 5 + sizeof(int));
}
#endif
/**
Performs a self-test of the Noekeon block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int noekeon_test(void)
{
#ifndef LTC_TEST
@@ -236,13 +265,25 @@ int noekeon_test(void)
#endif
}
int noekeon_keysize(int *desired_keysize)
/** Terminate the context
@param skey The scheduled key
*/
void noekeon_done(symmetric_key *skey)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 16) {
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int noekeon_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*keysize < 16) {
return CRYPT_INVALID_KEYSIZE;
} else {
*desired_keysize = 16;
*keysize = 16;
return CRYPT_OK;
}
}

159
rc2.c → src/ciphers/rc2.c
View File

@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**********************************************************************\
* To commemorate the 1996 RSA Data Security Conference, the following *
@@ -18,19 +18,25 @@
* Thanks to CodeView, SoftIce, and D86 for helping bring this code to *
* the public. *
\**********************************************************************/
#include <tomcrypt.h>
#include <mycrypt.h>
/**
@file rc2.c
Implementation of RC2
*/
#ifdef RC2
const struct _cipher_descriptor rc2_desc = {
const struct ltc_cipher_descriptor rc2_desc = {
"rc2",
12, 8, 128, 8, 16,
&rc2_setup,
&rc2_ecb_encrypt,
&rc2_ecb_decrypt,
&rc2_test,
&rc2_keysize
&rc2_done,
&rc2_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/* 256-entry permutation table, probably derived somehow from pi */
@@ -53,21 +59,29 @@ static const unsigned char permute[256] = {
197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
};
int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
/**
Initialize the RC2 block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
unsigned *xkey = skey->rc2.xkey;
unsigned char tmp[128];
unsigned T8, TM;
int i, bits;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (keylen < 8 || keylen > 128) {
return CRYPT_INVALID_KEYSIZE;
}
if (rounds != 0 && rounds != 16) {
if (num_rounds != 0 && num_rounds != 16) {
return CRYPT_INVALID_ROUNDS;
}
@@ -96,7 +110,7 @@ int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *s
xkey[i] = (unsigned)tmp[2*i] + ((unsigned)tmp[2*i+1] << 8);
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(tmp, sizeof(tmp));
#endif
@@ -106,29 +120,35 @@ int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *s
/**********************************************************************\
* Encrypt an 8-byte block of plaintext using the given key. *
\**********************************************************************/
#ifdef CLEAN_STACK
static void _rc2_ecb_encrypt( const unsigned char *plain,
unsigned char *cipher,
/**
Encrypts a block of text with RC2
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc2_ecb_encrypt( const unsigned char *pt,
unsigned char *ct,
symmetric_key *skey)
#else
void rc2_ecb_encrypt( const unsigned char *plain,
unsigned char *cipher,
void rc2_ecb_encrypt( const unsigned char *pt,
unsigned char *ct,
symmetric_key *skey)
#endif
{
unsigned *xkey;
unsigned x76, x54, x32, x10, i;
_ARGCHK(plain != NULL);
_ARGCHK(cipher != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
xkey = skey->rc2.xkey;
x76 = ((unsigned)plain[7] << 8) + (unsigned)plain[6];
x54 = ((unsigned)plain[5] << 8) + (unsigned)plain[4];
x32 = ((unsigned)plain[3] << 8) + (unsigned)plain[2];
x10 = ((unsigned)plain[1] << 8) + (unsigned)plain[0];
x76 = ((unsigned)pt[7] << 8) + (unsigned)pt[6];
x54 = ((unsigned)pt[5] << 8) + (unsigned)pt[4];
x32 = ((unsigned)pt[3] << 8) + (unsigned)pt[2];
x10 = ((unsigned)pt[1] << 8) + (unsigned)pt[0];
for (i = 0; i < 16; i++) {
x10 = (x10 + (x32 & ~x76) + (x54 & x76) + xkey[4*i+0]) & 0xFFFF;
@@ -151,22 +171,22 @@ void rc2_ecb_encrypt( const unsigned char *plain,
}
}
cipher[0] = (unsigned char)x10;
cipher[1] = (unsigned char)(x10 >> 8);
cipher[2] = (unsigned char)x32;
cipher[3] = (unsigned char)(x32 >> 8);
cipher[4] = (unsigned char)x54;
cipher[5] = (unsigned char)(x54 >> 8);
cipher[6] = (unsigned char)x76;
cipher[7] = (unsigned char)(x76 >> 8);
ct[0] = (unsigned char)x10;
ct[1] = (unsigned char)(x10 >> 8);
ct[2] = (unsigned char)x32;
ct[3] = (unsigned char)(x32 >> 8);
ct[4] = (unsigned char)x54;
ct[5] = (unsigned char)(x54 >> 8);
ct[6] = (unsigned char)x76;
ct[7] = (unsigned char)(x76 >> 8);
}
#ifdef CLEAN_STACK
void rc2_ecb_encrypt( const unsigned char *plain,
unsigned char *cipher,
#ifdef LTC_CLEAN_STACK
void rc2_ecb_encrypt( const unsigned char *pt,
unsigned char *ct,
symmetric_key *skey)
{
_rc2_ecb_encrypt(plain, cipher, skey);
_rc2_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 5);
}
#endif
@@ -174,14 +194,19 @@ void rc2_ecb_encrypt( const unsigned char *plain,
/**********************************************************************\
* Decrypt an 8-byte block of ciphertext using the given key. *
\**********************************************************************/
#ifdef CLEAN_STACK
static void _rc2_ecb_decrypt( const unsigned char *cipher,
unsigned char *plain,
/**
Decrypts a block of text with RC2
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc2_ecb_decrypt( const unsigned char *ct,
unsigned char *pt,
symmetric_key *skey)
#else
void rc2_ecb_decrypt( const unsigned char *cipher,
unsigned char *plain,
void rc2_ecb_decrypt( const unsigned char *ct,
unsigned char *pt,
symmetric_key *skey)
#endif
{
@@ -189,16 +214,16 @@ void rc2_ecb_decrypt( const unsigned char *cipher,
unsigned *xkey;
int i;
_ARGCHK(plain != NULL);
_ARGCHK(cipher != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
xkey = skey->rc2.xkey;
x76 = ((unsigned)cipher[7] << 8) + (unsigned)cipher[6];
x54 = ((unsigned)cipher[5] << 8) + (unsigned)cipher[4];
x32 = ((unsigned)cipher[3] << 8) + (unsigned)cipher[2];
x10 = ((unsigned)cipher[1] << 8) + (unsigned)cipher[0];
x76 = ((unsigned)ct[7] << 8) + (unsigned)ct[6];
x54 = ((unsigned)ct[5] << 8) + (unsigned)ct[4];
x32 = ((unsigned)ct[3] << 8) + (unsigned)ct[2];
x10 = ((unsigned)ct[1] << 8) + (unsigned)ct[0];
for (i = 15; i >= 0; i--) {
if (i == 4 || i == 10) {
@@ -221,26 +246,30 @@ void rc2_ecb_decrypt( const unsigned char *cipher,
x10 = (x10 - ((x32 & ~x76) + (x54 & x76) + xkey[4*i+0])) & 0xFFFF;
}
plain[0] = (unsigned char)x10;
plain[1] = (unsigned char)(x10 >> 8);
plain[2] = (unsigned char)x32;
plain[3] = (unsigned char)(x32 >> 8);
plain[4] = (unsigned char)x54;
plain[5] = (unsigned char)(x54 >> 8);
plain[6] = (unsigned char)x76;
plain[7] = (unsigned char)(x76 >> 8);
pt[0] = (unsigned char)x10;
pt[1] = (unsigned char)(x10 >> 8);
pt[2] = (unsigned char)x32;
pt[3] = (unsigned char)(x32 >> 8);
pt[4] = (unsigned char)x54;
pt[5] = (unsigned char)(x54 >> 8);
pt[6] = (unsigned char)x76;
pt[7] = (unsigned char)(x76 >> 8);
}
#ifdef CLEAN_STACK
void rc2_ecb_decrypt( const unsigned char *cipher,
unsigned char *plain,
#ifdef LTC_CLEAN_STACK
void rc2_ecb_decrypt( const unsigned char *ct,
unsigned char *pt,
symmetric_key *skey)
{
_rc2_ecb_decrypt(cipher, plain, skey);
_rc2_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 4 + sizeof(int));
}
#endif
/**
Performs a self-test of the RC2 block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int rc2_test(void)
{
#ifndef LTC_TEST
@@ -292,9 +321,21 @@ int rc2_test(void)
#endif
}
/** Terminate the context
@param skey The scheduled key
*/
void rc2_done(symmetric_key *skey)
{
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int rc2_keysize(int *keysize)
{
_ARGCHK(keysize != NULL);
LTC_ARGCHK(keysize != NULL);
if (*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
} else if (*keysize > 128) {

131
rc5.c → src/ciphers/rc5.c
View File

@@ -6,16 +6,19 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* RC5 code by Tom St Denis */
/**
@file rc5.c
RC5 code by Tom St Denis
*/
#include "mycrypt.h"
#include "tomcrypt.h"
#ifdef RC5
const struct _cipher_descriptor rc5_desc =
const struct ltc_cipher_descriptor rc5_desc =
{
"rc5",
2,
@@ -24,7 +27,9 @@ const struct _cipher_descriptor rc5_desc =
&rc5_ecb_encrypt,
&rc5_ecb_decrypt,
&rc5_test,
&rc5_keysize
&rc5_done,
&rc5_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 stab[50] = {
@@ -37,7 +42,15 @@ static const ulong32 stab[50] = {
0x62482413UL, 0x007f9dccUL
};
#ifdef CLEAN_STACK
/**
Initialize the RC5 block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
static int _rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
#else
int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@@ -45,8 +58,8 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
{
ulong32 L[64], *S, A, B, i, j, v, s, t, l;
_ARGCHK(skey != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
/* test parameters */
if (num_rounds == 0) {
@@ -87,7 +100,7 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
s = 3 * MAX(t, j);
l = j;
for (A = B = i = j = v = 0; v < s; v++) {
A = S[i] = ROL(S[i] + A + B, 3);
A = S[i] = ROLc(S[i] + A + B, 3);
B = L[j] = ROL(L[j] + A + B, (A+B));
if (++i == t) { i = 0; }
if (++j == l) { j = 0; }
@@ -95,7 +108,7 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
return CRYPT_OK;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int x;
@@ -105,26 +118,32 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
}
#endif
#ifdef CLEAN_STACK
static void _rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with RC5
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 A, B, *K;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32L(A, &pt[0]);
LOAD32L(B, &pt[4]);
A += key->rc5.K[0];
B += key->rc5.K[1];
K = key->rc5.K + 2;
A += skey->rc5.K[0];
B += skey->rc5.K[1];
K = skey->rc5.K + 2;
if ((key->rc5.rounds & 1) == 0) {
for (r = 0; r < key->rc5.rounds; r += 2) {
if ((skey->rc5.rounds & 1) == 0) {
for (r = 0; r < skey->rc5.rounds; r += 2) {
A = ROL(A ^ B, B) + K[0];
B = ROL(B ^ A, A) + K[1];
A = ROL(A ^ B, B) + K[2];
@@ -132,7 +151,7 @@ void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
K += 4;
}
} else {
for (r = 0; r < key->rc5.rounds; r++) {
for (r = 0; r < skey->rc5.rounds; r++) {
A = ROL(A ^ B, B) + K[0];
B = ROL(B ^ A, A) + K[1];
K += 2;
@@ -142,33 +161,39 @@ void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
STORE32L(B, &ct[4]);
}
#ifdef CLEAN_STACK
void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_rc5_ecb_encrypt(pt, ct, key);
_rc5_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
}
#endif
#ifdef CLEAN_STACK
static void _rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with RC5
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 A, B, *K;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32L(A, &ct[0]);
LOAD32L(B, &ct[4]);
K = key->rc5.K + (key->rc5.rounds << 1);
K = skey->rc5.K + (skey->rc5.rounds << 1);
if ((key->rc5.rounds & 1) == 0) {
if ((skey->rc5.rounds & 1) == 0) {
K -= 2;
for (r = key->rc5.rounds - 1; r >= 0; r -= 2) {
for (r = skey->rc5.rounds - 1; r >= 0; r -= 2) {
B = ROR(B - K[3], A) ^ A;
A = ROR(A - K[2], B) ^ B;
B = ROR(B - K[1], A) ^ A;
@@ -176,26 +201,30 @@ void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
K -= 4;
}
} else {
for (r = key->rc5.rounds - 1; r >= 0; r--) {
for (r = skey->rc5.rounds - 1; r >= 0; r--) {
B = ROR(B - K[1], A) ^ A;
A = ROR(A - K[0], B) ^ B;
K -= 2;
}
}
A -= key->rc5.K[0];
B -= key->rc5.K[1];
A -= skey->rc5.K[0];
B -= skey->rc5.K[1];
STORE32L(A, &pt[0]);
STORE32L(B, &pt[4]);
}
#ifdef CLEAN_STACK
void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_rc5_ecb_decrypt(ct, pt, key);
_rc5_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
}
#endif
/**
Performs a self-test of the RC5 block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int rc5_test(void)
{
#ifndef LTC_TEST
@@ -252,13 +281,25 @@ int rc5_test(void)
#endif
}
int rc5_keysize(int *desired_keysize)
/** Terminate the context
@param skey The scheduled key
*/
void rc5_done(symmetric_key *skey)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 8) {
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int rc5_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 128) {
*desired_keysize = 128;
} else if (*keysize > 128) {
*keysize = 128;
}
return CRYPT_OK;
}

135
rc6.c → src/ciphers/rc6.c
View File

@@ -6,15 +6,18 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* RC6 code by Tom St Denis */
#include "mycrypt.h"
/**
@file rc6.c
RC6 code by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef RC6
const struct _cipher_descriptor rc6_desc =
const struct ltc_cipher_descriptor rc6_desc =
{
"rc6",
3,
@@ -23,7 +26,9 @@ const struct _cipher_descriptor rc6_desc =
&rc6_ecb_encrypt,
&rc6_ecb_decrypt,
&rc6_test,
&rc6_keysize
&rc6_done,
&rc6_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 stab[44] = {
@@ -34,7 +39,15 @@ static const ulong32 stab[44] = {
0x7ed08883UL, 0x1d08023cUL, 0xbb3f7bf5UL, 0x5976f5aeUL, 0xf7ae6f67UL, 0x95e5e920UL, 0x341d62d9UL, 0xd254dc92UL,
0x708c564bUL, 0x0ec3d004UL, 0xacfb49bdUL, 0x4b32c376UL };
#ifdef CLEAN_STACK
/**
Initialize the RC6 block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
static int _rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
#else
int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@@ -42,8 +55,8 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
{
ulong32 L[64], S[50], A, B, i, j, v, s, l;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
/* test parameters */
if (num_rounds != 0 && num_rounds != 20) {
@@ -77,7 +90,7 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
s = 3 * MAX(44, j);
l = j;
for (A = B = i = j = v = 0; v < s; v++) {
A = S[i] = ROL(S[i] + A + B, 3);
A = S[i] = ROLc(S[i] + A + B, 3);
B = L[j] = ROL(L[j] + A + B, (A+B));
if (++i == 44) { i = 0; }
if (++j == l) { j = 0; }
@@ -90,7 +103,7 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
return CRYPT_OK;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int x;
@@ -100,30 +113,36 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
}
#endif
#ifdef CLEAN_STACK
static void _rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with RC6
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,t,u, *K;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32L(a,&pt[0]);LOAD32L(b,&pt[4]);LOAD32L(c,&pt[8]);LOAD32L(d,&pt[12]);
b += key->rc6.K[0];
d += key->rc6.K[1];
b += skey->rc6.K[0];
d += skey->rc6.K[1];
#define RND(a,b,c,d) \
t = (b * (b + b + 1)); t = ROL(t, 5); \
u = (d * (d + d + 1)); u = ROL(u, 5); \
t = (b * (b + b + 1)); t = ROLc(t, 5); \
u = (d * (d + d + 1)); u = ROLc(u, 5); \
a = ROL(a^t,u) + K[0]; \
c = ROL(c^u,t) + K[1]; K += 2;
K = key->rc6.K + 2;
K = skey->rc6.K + 2;
for (r = 0; r < 20; r += 4) {
RND(a,b,c,d);
RND(b,c,d,a);
@@ -133,43 +152,49 @@ void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
#undef RND
a += key->rc6.K[42];
c += key->rc6.K[43];
a += skey->rc6.K[42];
c += skey->rc6.K[43];
STORE32L(a,&ct[0]);STORE32L(b,&ct[4]);STORE32L(c,&ct[8]);STORE32L(d,&ct[12]);
}
#ifdef CLEAN_STACK
void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_rc6_ecb_encrypt(pt, ct, key);
_rc6_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 6 + sizeof(int));
}
#endif
#ifdef CLEAN_STACK
static void _rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with RC6
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,t,u, *K;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32L(a,&ct[0]);LOAD32L(b,&ct[4]);LOAD32L(c,&ct[8]);LOAD32L(d,&ct[12]);
a -= key->rc6.K[42];
c -= key->rc6.K[43];
a -= skey->rc6.K[42];
c -= skey->rc6.K[43];
#define RND(a,b,c,d) \
t = (b * (b + b + 1)); t = ROL(t, 5); \
u = (d * (d + d + 1)); u = ROL(u, 5); \
t = (b * (b + b + 1)); t = ROLc(t, 5); \
u = (d * (d + d + 1)); u = ROLc(u, 5); \
c = ROR(c - K[1], t) ^ u; \
a = ROR(a - K[0], u) ^ t; K -= 2;
K = key->rc6.K + 40;
K = skey->rc6.K + 40;
for (r = 0; r < 20; r += 4) {
RND(d,a,b,c);
@@ -180,19 +205,23 @@ void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
#undef RND
b -= key->rc6.K[0];
d -= key->rc6.K[1];
b -= skey->rc6.K[0];
d -= skey->rc6.K[1];
STORE32L(a,&pt[0]);STORE32L(b,&pt[4]);STORE32L(c,&pt[8]);STORE32L(d,&pt[12]);
}
#ifdef CLEAN_STACK
void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_rc6_ecb_decrypt(ct, pt, key);
_rc6_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 6 + sizeof(int));
}
#endif
/**
Performs a self-test of the RC6 block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int rc6_test(void)
{
#ifndef LTC_TEST
@@ -282,13 +311,25 @@ int rc6_test(void)
#endif
}
int rc6_keysize(int *desired_keysize)
/** Terminate the context
@param skey The scheduled key
*/
void rc6_done(symmetric_key *skey)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 8) {
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int rc6_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 128) {
*desired_keysize = 128;
} else if (*keysize > 128) {
*keysize = 128;
}
return CRYPT_OK;
}

77
safer.c → src/ciphers/safer/safer.c
View File

@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/*******************************************************************************
@@ -28,11 +28,11 @@
*
*******************************************************************************/
#include <mycrypt.h>
#include <tomcrypt.h>
#ifdef SAFER
const struct _cipher_descriptor
const struct ltc_cipher_descriptor
safer_k64_desc = {
"safer-k64",
8, 8, 8, 8, SAFER_K64_DEFAULT_NOF_ROUNDS,
@@ -40,7 +40,9 @@ const struct _cipher_descriptor
&safer_ecb_encrypt,
&safer_ecb_decrypt,
&safer_k64_test,
&safer_64_keysize
&safer_done,
&safer_64_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
},
safer_sk64_desc = {
@@ -50,7 +52,9 @@ const struct _cipher_descriptor
&safer_ecb_encrypt,
&safer_ecb_decrypt,
&safer_sk64_test,
&safer_64_keysize
&safer_done,
&safer_64_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
},
safer_k128_desc = {
@@ -60,7 +64,9 @@ const struct _cipher_descriptor
&safer_ecb_encrypt,
&safer_ecb_decrypt,
&safer_sk128_test,
&safer_128_keysize
&safer_done,
&safer_128_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
},
safer_sk128_desc = {
@@ -70,11 +76,13 @@ const struct _cipher_descriptor
&safer_ecb_encrypt,
&safer_ecb_decrypt,
&safer_sk128_test,
&safer_128_keysize
&safer_done,
&safer_128_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/******************* Constants ************************************************/
// #define TAB_LEN 256
/* #define TAB_LEN 256 */
/******************* Assertions ***********************************************/
@@ -89,7 +97,7 @@ const struct _cipher_descriptor
/******************* Types ****************************************************/
extern const unsigned char safer_ebox[], safer_lbox[];
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void _Safer_Expand_Userkey(const unsigned char *userkey_1,
const unsigned char *userkey_2,
unsigned int nof_rounds,
@@ -151,13 +159,13 @@ static void Safer_Expand_Userkey(const unsigned char *userkey_1,
}
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(ka, sizeof(ka));
zeromem(kb, sizeof(kb));
#endif
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void Safer_Expand_Userkey(const unsigned char *userkey_1,
const unsigned char *userkey_2,
unsigned int nof_rounds,
@@ -171,8 +179,8 @@ static void Safer_Expand_Userkey(const unsigned char *userkey_1,
int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
return CRYPT_INVALID_ROUNDS;
@@ -188,8 +196,8 @@ int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetr
int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
return CRYPT_INVALID_ROUNDS;
@@ -205,8 +213,8 @@ int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmet
int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
return CRYPT_INVALID_ROUNDS;
@@ -222,8 +230,8 @@ int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmet
int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
return CRYPT_INVALID_ROUNDS;
@@ -237,7 +245,7 @@ int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symme
return CRYPT_OK;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void _safer_ecb_encrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
@@ -250,9 +258,9 @@ void safer_ecb_encrypt(const unsigned char *block_in,
unsigned int round;
unsigned char *key;
_ARGCHK(block_in != NULL);
_ARGCHK(block_out != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(block_in != NULL);
LTC_ARGCHK(block_out != NULL);
LTC_ARGCHK(skey != NULL);
key = skey->safer.key;
a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3];
@@ -279,7 +287,7 @@ void safer_ecb_encrypt(const unsigned char *block_in,
block_out[6] = g & 0xFF; block_out[7] = h & 0xFF;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
void safer_ecb_encrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
@@ -289,7 +297,7 @@ void safer_ecb_encrypt(const unsigned char *block_in,
}
#endif
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void _safer_ecb_decrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
@@ -302,9 +310,9 @@ void safer_ecb_decrypt(const unsigned char *block_in,
unsigned int round;
unsigned char *key;
_ARGCHK(block_in != NULL);
_ARGCHK(block_out != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(block_in != NULL);
LTC_ARGCHK(block_out != NULL);
LTC_ARGCHK(skey != NULL);
key = skey->safer.key;
a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3];
@@ -332,7 +340,7 @@ void safer_ecb_decrypt(const unsigned char *block_in,
block_out[6] = g & 0xFF; block_out[7] = h & 0xFF;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
void safer_ecb_decrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
@@ -344,7 +352,7 @@ void safer_ecb_decrypt(const unsigned char *block_in,
int safer_64_keysize(int *keysize)
{
_ARGCHK(keysize != NULL);
LTC_ARGCHK(keysize != NULL);
if (*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
} else {
@@ -355,7 +363,7 @@ int safer_64_keysize(int *keysize)
int safer_128_keysize(int *keysize)
{
_ARGCHK(keysize != NULL);
LTC_ARGCHK(keysize != NULL);
if (*keysize < 16) {
return CRYPT_INVALID_KEYSIZE;
} else {
@@ -428,6 +436,13 @@ int safer_sk64_test(void)
#endif
}
/** Terminate the context
@param skey The scheduled key
*/
void safer_done(symmetric_key *skey)
{
}
int safer_sk128_test(void)
{
#ifndef LTC_TEST

9
safer_tab.c → src/ciphers/safer/safer_tab.c
View File

@@ -6,10 +6,15 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "mycrypt.h"
/**
@file safer_tab.c
Tables for SAFER block ciphers
*/
#include "tomcrypt.h"
#if defined(SAFERP) || defined(SAFER)

91
saferp.c → src/ciphers/safer/saferp.c
View File

@@ -6,15 +6,18 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* SAFER+ Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file saferp.c
SAFER+ Implementation by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef SAFERP
const struct _cipher_descriptor saferp_desc =
const struct ltc_cipher_descriptor saferp_desc =
{
"safer+",
4,
@@ -23,7 +26,9 @@ const struct _cipher_descriptor saferp_desc =
&saferp_ecb_encrypt,
&saferp_ecb_decrypt,
&saferp_test,
&saferp_keysize
&saferp_done,
&saferp_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/* ROUND(b,i)
@@ -129,7 +134,7 @@ extern const unsigned char safer_ebox[], safer_lbox[];
iSHUF(b2, b); iPHT(b); \
iSHUF(b, b2); iPHT(b2);
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
static void _round(unsigned char *b, int i, symmetric_key *skey)
{
@@ -200,14 +205,22 @@ static const unsigned char safer_bias[33][16] = {
{ 53, 72, 156, 81, 47, 59, 85, 227, 192, 159, 216, 211, 243, 141, 177, 255},
{ 62, 220, 134, 119, 215, 166, 17, 251, 244, 186, 146, 145, 100, 131, 241, 51}};
/**
Initialize the SAFER+ block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
unsigned x, y, z;
unsigned char t[33];
static const int rounds[3] = { 8, 12, 16 };
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
/* check arguments */
if (keylen != 16 && keylen != 24 && keylen != 32) {
@@ -305,20 +318,26 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric
}
skey->saferp.rounds = 16;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(t, sizeof(t));
#endif
return CRYPT_OK;
}
/**
Encrypts a block of text with SAFER+
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
*/
void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
unsigned char b[16];
int x;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
/* do eight rounds */
for (x = 0; x < 16; x++) {
@@ -362,19 +381,25 @@ void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ke
ct[13] = (b[13] + skey->saferp.K[skey->saferp.rounds*2][13]) & 255;
ct[14] = (b[14] + skey->saferp.K[skey->saferp.rounds*2][14]) & 255;
ct[15] = b[15] ^ skey->saferp.K[skey->saferp.rounds*2][15];
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(b, sizeof(b));
#endif
}
/**
Decrypts a block of text with SAFER+
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
*/
void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
unsigned char b[16];
int x;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
/* do eight rounds */
b[0] = ct[0] ^ skey->saferp.K[skey->saferp.rounds*2][0];
@@ -418,11 +443,15 @@ void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ke
for (x = 0; x < 16; x++) {
pt[x] = b[x];
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(b, sizeof(b));
#endif
}
/**
Performs a self-test of the SAFER+ block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int saferp_test(void)
{
#ifndef LTC_TEST
@@ -489,18 +518,30 @@ int saferp_test(void)
#endif
}
int saferp_keysize(int *desired_keysize)
/** Terminate the context
@param skey The scheduled key
*/
void saferp_done(symmetric_key *skey)
{
_ARGCHK(desired_keysize != NULL);
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int saferp_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*desired_keysize < 16)
if (*keysize < 16)
return CRYPT_INVALID_KEYSIZE;
if (*desired_keysize < 24) {
*desired_keysize = 16;
} else if (*desired_keysize < 32) {
*desired_keysize = 24;
if (*keysize < 24) {
*keysize = 16;
} else if (*keysize < 32) {
*keysize = 24;
} else {
*desired_keysize = 32;
*keysize = 32;
}
return CRYPT_OK;
}

109
skipjack.c → src/ciphers/skipjack.c
View File

@@ -6,15 +6,18 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* Skipjack Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file skipjack.c
Skipjack Implementation by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef SKIPJACK
const struct _cipher_descriptor skipjack_desc =
const struct ltc_cipher_descriptor skipjack_desc =
{
"skipjack",
17,
@@ -23,7 +26,9 @@ const struct _cipher_descriptor skipjack_desc =
&skipjack_ecb_encrypt,
&skipjack_ecb_decrypt,
&skipjack_test,
&skipjack_keysize
&skipjack_done,
&skipjack_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const unsigned char sbox[256] = {
@@ -51,12 +56,20 @@ static const int keystep[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
/* simple x - 1 (mod 10) in one step */
static const int ikeystep[] = { 9, 0, 1, 2, 3, 4, 5, 6, 7, 8 };
/**
Initialize the Skipjack block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int x;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (keylen != 10) {
return CRYPT_INVALID_KEYSIZE;
@@ -75,24 +88,24 @@ int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetr
}
#define RULE_A \
tmp = g_func(w1, &kp, key->skipjack.key); \
tmp = g_func(w1, &kp, skey->skipjack.key); \
w1 = tmp ^ w4 ^ x; \
w4 = w3; w3 = w2; \
w2 = tmp;
#define RULE_B \
tmp = g_func(w1, &kp, key->skipjack.key); \
tmp = g_func(w1, &kp, skey->skipjack.key); \
tmp1 = w4; w4 = w3; \
w3 = w1 ^ w2 ^ x; \
w1 = tmp1; w2 = tmp;
#define RULE_A1 \
tmp = w1 ^ w2 ^ x; \
w1 = ig_func(w2, &kp, key->skipjack.key); \
w1 = ig_func(w2, &kp, skey->skipjack.key); \
w2 = w3; w3 = w4; w4 = tmp;
#define RULE_B1 \
tmp = ig_func(w2, &kp, key->skipjack.key); \
tmp = ig_func(w2, &kp, skey->skipjack.key); \
w2 = tmp ^ w3 ^ x; \
w3 = w4; w4 = w1; w1 = tmp;
@@ -120,18 +133,24 @@ static unsigned ig_func(unsigned w, int *kp, unsigned char *key)
return ((unsigned)g1<<8)|(unsigned)g2;
}
#ifdef CLEAN_STACK
static void _skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with Skipjack
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
unsigned w1,w2,w3,w4,tmp,tmp1;
int x, kp;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
/* load block */
w1 = ((unsigned)pt[0]<<8)|pt[1];
@@ -166,26 +185,32 @@ void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
ct[6] = (w4>>8)&255; ct[7] = w4&255;
}
#ifdef CLEAN_STACK
void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_skipjack_ecb_encrypt(pt, ct, key);
_skipjack_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(unsigned) * 8 + sizeof(int) * 2);
}
#endif
#ifdef CLEAN_STACK
static void _skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with Skipjack
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
unsigned w1,w2,w3,w4,tmp;
int x, kp;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
/* load block */
w1 = ((unsigned)ct[0]<<8)|ct[1];
@@ -224,14 +249,18 @@ void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
pt[6] = (w4>>8)&255; pt[7] = w4&255;
}
#ifdef CLEAN_STACK
void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_skipjack_ecb_decrypt(ct, pt, key);
_skipjack_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(unsigned) * 7 + sizeof(int) * 2);
}
#endif
/**
Performs a self-test of the Skipjack block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int skipjack_test(void)
{
#ifndef LTC_TEST
@@ -276,13 +305,25 @@ int skipjack_test(void)
#endif
}
int skipjack_keysize(int *desired_keysize)
/** Terminate the context
@param skey The scheduled key
*/
void skipjack_done(symmetric_key *skey)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 10) {
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int skipjack_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*keysize < 10) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 10) {
*desired_keysize = 10;
} else if (*keysize > 10) {
*keysize = 10;
}
return CRYPT_OK;
}

219
twofish.c → src/ciphers/twofish/twofish.c
View File

@@ -6,11 +6,14 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* Implementation of Twofish by Tom St Denis */
#include "mycrypt.h"
/**
@file twofish.c
Implementation of Twofish by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef TWOFISH
@@ -21,7 +24,7 @@
#endif
#endif
const struct _cipher_descriptor twofish_desc =
const struct ltc_cipher_descriptor twofish_desc =
{
"twofish",
7,
@@ -30,7 +33,9 @@ const struct _cipher_descriptor twofish_desc =
&twofish_ecb_encrypt,
&twofish_ecb_decrypt,
&twofish_test,
&twofish_keysize
&twofish_done,
&twofish_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/* the two polynomials */
@@ -88,7 +93,7 @@ static const unsigned char qbox[2][4][16] = {
};
/* computes S_i[x] */
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static ulong32 _sbox(int i, ulong32 x)
#else
static ulong32 sbox(int i, ulong32 x)
@@ -127,7 +132,7 @@ static ulong32 sbox(int i, ulong32 x)
return (ulong32)y;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static ulong32 sbox(int i, ulong32 x)
{
ulong32 y;
@@ -135,7 +140,7 @@ static ulong32 sbox(int i, ulong32 x)
burn_stack(sizeof(unsigned char) * 11);
return y;
}
#endif /* CLEAN_STACK */
#endif /* LTC_CLEAN_STACK */
#endif /* TWOFISH_TABLES */
@@ -272,10 +277,10 @@ static void h_func(const unsigned char *in, unsigned char *out, unsigned char *M
/* for GCC we don't use pointer aliases */
#if defined(__GNUC__)
#define S1 key->twofish.S[0]
#define S2 key->twofish.S[1]
#define S3 key->twofish.S[2]
#define S4 key->twofish.S[3]
#define S1 skey->twofish.S[0]
#define S2 skey->twofish.S[1]
#define S3 skey->twofish.S[2]
#define S4 skey->twofish.S[3]
#endif
/* the G function */
@@ -284,7 +289,7 @@ static void h_func(const unsigned char *in, unsigned char *out, unsigned char *M
#else
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static ulong32 _g_func(ulong32 x, symmetric_key *key)
#else
static ulong32 g_func(ulong32 x, symmetric_key *key)
@@ -315,9 +320,9 @@ static ulong32 g_func(ulong32 x, symmetric_key *key)
return res;
}
#define g1_func(x, key) g_func(ROL(x, 8), key)
#define g1_func(x, key) g_func(ROLc(x, 8), key)
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static ulong32 g_func(ulong32 x, symmetric_key *key)
{
ulong32 y;
@@ -325,11 +330,19 @@ static ulong32 g_func(ulong32 x, symmetric_key *key)
burn_stack(sizeof(unsigned char) * 4 + sizeof(ulong32));
return y;
}
#endif /* CLEAN_STACK */
#endif /* LTC_CLEAN_STACK */
#endif /* TWOFISH_SMALL */
#ifdef CLEAN_STACK
/**
Initialize the Twofish block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
static int _twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
#else
int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@@ -342,8 +355,8 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
unsigned char tmp[4], tmp2[4], M[8*4];
ulong32 A, B;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
/* invalid arguments? */
if (num_rounds != 16 && num_rounds != 0) {
@@ -388,13 +401,13 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
}
h_func(tmp, tmp2, M, k, 1);
LOAD32L(B, tmp2);
B = ROL(B, 8);
B = ROLc(B, 8);
/* K[2i] = A + B */
skey->twofish.K[x+x] = (A + B) & 0xFFFFFFFFUL;
/* K[2i+1] = (A + 2B) <<< 9 */
skey->twofish.K[x+x+1] = ROL(B + B + A, 9);
skey->twofish.K[x+x+1] = ROLc(B + B + A, 9);
}
#ifndef TWOFISH_SMALL
@@ -439,7 +452,7 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
return CRYPT_OK;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int x;
@@ -449,10 +462,16 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
}
#endif
#ifdef CLEAN_STACK
static void _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with Twofish
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,ta,tb,tc,td,t1,t2, *k;
@@ -461,61 +480,67 @@ void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
ulong32 *S1, *S2, *S3, *S4;
#endif
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
#if !defined(TWOFISH_SMALL) && !defined(__GNUC__)
S1 = key->twofish.S[0];
S2 = key->twofish.S[1];
S3 = key->twofish.S[2];
S4 = key->twofish.S[3];
S1 = skey->twofish.S[0];
S2 = skey->twofish.S[1];
S3 = skey->twofish.S[2];
S4 = skey->twofish.S[3];
#endif
LOAD32L(a,&pt[0]); LOAD32L(b,&pt[4]);
LOAD32L(c,&pt[8]); LOAD32L(d,&pt[12]);
a ^= key->twofish.K[0];
b ^= key->twofish.K[1];
c ^= key->twofish.K[2];
d ^= key->twofish.K[3];
a ^= skey->twofish.K[0];
b ^= skey->twofish.K[1];
c ^= skey->twofish.K[2];
d ^= skey->twofish.K[3];
k = key->twofish.K + 8;
k = skey->twofish.K + 8;
for (r = 8; r != 0; --r) {
t2 = g1_func(b, key);
t1 = g_func(a, key) + t2;
c = ROR(c ^ (t1 + k[0]), 1);
d = ROL(d, 1) ^ (t2 + t1 + k[1]);
t2 = g1_func(b, skey);
t1 = g_func(a, skey) + t2;
c = RORc(c ^ (t1 + k[0]), 1);
d = ROLc(d, 1) ^ (t2 + t1 + k[1]);
t2 = g1_func(d, key);
t1 = g_func(c, key) + t2;
a = ROR(a ^ (t1 + k[2]), 1);
b = ROL(b, 1) ^ (t2 + t1 + k[3]);
t2 = g1_func(d, skey);
t1 = g_func(c, skey) + t2;
a = RORc(a ^ (t1 + k[2]), 1);
b = ROLc(b, 1) ^ (t2 + t1 + k[3]);
k += 4;
}
/* output with "undo last swap" */
ta = c ^ key->twofish.K[4];
tb = d ^ key->twofish.K[5];
tc = a ^ key->twofish.K[6];
td = b ^ key->twofish.K[7];
ta = c ^ skey->twofish.K[4];
tb = d ^ skey->twofish.K[5];
tc = a ^ skey->twofish.K[6];
td = b ^ skey->twofish.K[7];
/* store output */
STORE32L(ta,&ct[0]); STORE32L(tb,&ct[4]);
STORE32L(tc,&ct[8]); STORE32L(td,&ct[12]);
}
#ifdef CLEAN_STACK
void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_twofish_ecb_encrypt(pt, ct, key);
_twofish_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 10 + sizeof(int));
}
#endif
#ifdef CLEAN_STACK
static void _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with Twofish
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,ta,tb,tc,td,t1,t2, *k;
@@ -524,15 +549,15 @@ void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
ulong32 *S1, *S2, *S3, *S4;
#endif
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
#if !defined(TWOFISH_SMALL) && !defined(__GNUC__)
S1 = key->twofish.S[0];
S2 = key->twofish.S[1];
S3 = key->twofish.S[2];
S4 = key->twofish.S[3];
S1 = skey->twofish.S[0];
S2 = skey->twofish.S[1];
S3 = skey->twofish.S[2];
S4 = skey->twofish.S[3];
#endif
/* load input */
@@ -540,44 +565,48 @@ void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
LOAD32L(tc,&ct[8]); LOAD32L(td,&ct[12]);
/* undo undo final swap */
a = tc ^ key->twofish.K[6];
b = td ^ key->twofish.K[7];
c = ta ^ key->twofish.K[4];
d = tb ^ key->twofish.K[5];
a = tc ^ skey->twofish.K[6];
b = td ^ skey->twofish.K[7];
c = ta ^ skey->twofish.K[4];
d = tb ^ skey->twofish.K[5];
k = key->twofish.K + 36;
k = skey->twofish.K + 36;
for (r = 8; r != 0; --r) {
t2 = g1_func(d, key);
t1 = g_func(c, key) + t2;
a = ROL(a, 1) ^ (t1 + k[2]);
b = ROR(b ^ (t2 + t1 + k[3]), 1);
t2 = g1_func(d, skey);
t1 = g_func(c, skey) + t2;
a = ROLc(a, 1) ^ (t1 + k[2]);
b = RORc(b ^ (t2 + t1 + k[3]), 1);
t2 = g1_func(b, key);
t2 = g1_func(b, skey);
t1 = g_func(a, key) + t2;
c = ROL(c, 1) ^ (t1 + k[0]);
d = ROR(d ^ (t2 + t1 + k[1]), 1);
c = ROLc(c, 1) ^ (t1 + k[0]);
d = RORc(d ^ (t2 + t1 + k[1]), 1);
k -= 4;
}
/* pre-white */
a ^= key->twofish.K[0];
b ^= key->twofish.K[1];
c ^= key->twofish.K[2];
d ^= key->twofish.K[3];
a ^= skey->twofish.K[0];
b ^= skey->twofish.K[1];
c ^= skey->twofish.K[2];
d ^= skey->twofish.K[3];
/* store */
STORE32L(a, &pt[0]); STORE32L(b, &pt[4]);
STORE32L(c, &pt[8]); STORE32L(d, &pt[12]);
}
#ifdef CLEAN_STACK
void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_twofish_ecb_decrypt(ct, pt, key);
_twofish_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 10 + sizeof(int));
}
#endif
/**
Performs a self-test of the Twofish block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int twofish_test(void)
{
#ifndef LTC_TEST
@@ -640,19 +669,31 @@ int twofish_test(void)
#endif
}
int twofish_keysize(int *desired_keysize)
/** Terminate the context
@param skey The scheduled key
*/
void twofish_done(symmetric_key *skey)
{
_ARGCHK(desired_keysize);
if (*desired_keysize < 16)
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int twofish_keysize(int *keysize)
{
LTC_ARGCHK(keysize);
if (*keysize < 16)
return CRYPT_INVALID_KEYSIZE;
if (*desired_keysize < 24) {
*desired_keysize = 16;
if (*keysize < 24) {
*keysize = 16;
return CRYPT_OK;
} else if (*desired_keysize < 32) {
*desired_keysize = 24;
} else if (*keysize < 32) {
*keysize = 24;
return CRYPT_OK;
} else {
*desired_keysize = 32;
*keysize = 32;
return CRYPT_OK;
}
}

6
twofish_tab.c → src/ciphers/twofish/twofish_tab.c
View File

@@ -6,9 +6,13 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file twofish_tab.c
Twofish tables, Tom St Denis
*/
#ifdef TWOFISH_TABLES
/* pre generated 8x8 tables from the four 4x4s */

104
xtea.c → src/ciphers/xtea.c
View File

@@ -6,14 +6,18 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "mycrypt.h"
/**
@file xtea.c
Implementation of XTEA, Tom St Denis
*/
#include "tomcrypt.h"
#ifdef XTEA
const struct _cipher_descriptor xtea_desc =
const struct ltc_cipher_descriptor xtea_desc =
{
"xtea",
1,
@@ -22,15 +26,17 @@ const struct _cipher_descriptor xtea_desc =
&xtea_ecb_encrypt,
&xtea_ecb_decrypt,
&xtea_test,
&xtea_keysize
&xtea_done,
&xtea_keysize,
NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
unsigned long x, sum, K[4];
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
/* check arguments */
if (keylen != 16) {
@@ -53,69 +59,85 @@ int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
skey->xtea.B[x] = (sum + K[(sum>>11)&3]) & 0xFFFFFFFFUL;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(&K, sizeof(K));
#endif
return CRYPT_OK;
}
void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with XTEA
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
unsigned long y, z;
int r;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32L(y, &pt[0]);
LOAD32L(z, &pt[4]);
for (r = 0; r < 32; r += 4) {
y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r+1])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r+1])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r+1])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r+1])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r+2])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r+2])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r+2])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r+2])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r+3])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r+3])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r+3])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r+3])) & 0xFFFFFFFFUL;
}
STORE32L(y, &ct[0]);
STORE32L(z, &ct[4]);
}
void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with XTEA
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
unsigned long y, z;
int r;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32L(y, &ct[0]);
LOAD32L(z, &ct[4]);
for (r = 31; r >= 0; r -= 4) {
z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r-1])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r-1])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r-1])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r-1])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r-2])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r-2])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r-2])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r-2])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r-3])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r-3])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r-3])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r-3])) & 0xFFFFFFFFUL;
}
STORE32L(y, &pt[0]);
STORE32L(z, &pt[4]);
}
/**
Performs a self-test of the XTEA block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int xtea_test(void)
{
#ifndef LTC_TEST
@@ -152,13 +174,25 @@ int xtea_test(void)
#endif
}
int xtea_keysize(int *desired_keysize)
/** Terminate the context
@param skey The scheduled key
*/
void xtea_done(symmetric_key *skey)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 16) {
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int xtea_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*keysize < 16) {
return CRYPT_INVALID_KEYSIZE;
}
*desired_keysize = 16;
*keysize = 16;
return CRYPT_OK;
}

306
src/encauth/ccm/ccm_memory.c Normal file
View File

@@ -0,0 +1,306 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file ccm_memory.c
CCM support, process a block of memory, Tom St Denis
*/
#ifdef CCM_MODE
/**
CCM encrypt/decrypt and produce an authentication tag
@param cipher The index of the cipher desired
@param key The secret key to use
@param keylen The length of the secret key (octets)
@param nonce The session nonce [use once]
@param noncelen The length of the nonce
@param header The header for the session
@param headerlen The length of the header (octets)
@param pt [out] The plaintext
@param ptlen The length of the plaintext (octets)
@param ct [out] The ciphertext
@param tag [out] The destination tag
@param taglen [in/out] The max size and resulting size of the authentication tag
@param direction Encrypt or Decrypt direction (0 or 1)
@return CRYPT_OK if successful
*/
int ccm_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen,
int direction)
{
unsigned char PAD[16], ctr[16], CTRPAD[16], b;
symmetric_key *skey;
int err;
unsigned long len, L, x, y, z, CTRlen;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
if (headerlen > 0) {
LTC_ARGCHK(header != NULL);
}
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
#ifdef LTC_FAST
if (16 % sizeof(LTC_FAST_TYPE)) {
return CRYPT_INVALID_ARG;
}
#endif
/* check cipher input */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
return err;
}
if (cipher_descriptor[cipher].block_length != 16) {
return CRYPT_INVALID_CIPHER;
}
/* make sure the taglen is even and <= 16 */
*taglen &= ~1;
if (*taglen > 16) {
*taglen = 16;
}
/* can't use < 4 */
if (*taglen < 4) {
return CRYPT_INVALID_ARG;
}
/* is there an accelerator? */
if (cipher_descriptor[cipher].accel_ccm_memory != NULL) {
cipher_descriptor[cipher].accel_ccm_memory(
key, keylen,
nonce, noncelen,
header, headerlen,
pt, ptlen,
ct,
tag, taglen,
direction);
return CRYPT_OK;
}
/* let's get the L value */
len = ptlen;
L = 0;
while (len) {
++L;
len >>= 8;
}
if (L <= 1) {
L = 2;
}
/* increase L to match the nonce len */
noncelen = (noncelen > 13) ? 13 : noncelen;
if ((15 - noncelen) > L) {
L = 15 - noncelen;
}
/* allocate mem for the symmetric key */
skey = XMALLOC(sizeof(*skey));
if (skey == NULL) {
return CRYPT_MEM;
}
/* initialize the cipher */
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) {
XFREE(skey);
return err;
}
/* form B_0 == flags | Nonce N | l(m) */
x = 0;
PAD[x++] = ((headerlen > 0) ? (1<<6) : 0) |
(((*taglen - 2)>>1)<<3) |
(L-1);
/* nonce */
for (y = 0; y < (16 - (L + 1)); y++) {
PAD[x++] = nonce[y];
}
/* store len */
len = ptlen;
/* shift len so the upper bytes of len are the contents of the length */
for (y = L; y < 4; y++) {
len <<= 8;
}
/* store l(m) (only store 32-bits) */
for (y = 0; L > 4 && (L-y)>4; y++) {
PAD[x++] = 0;
}
for (; y < L; y++) {
PAD[x++] = (len >> 24) & 255;
len <<= 8;
}
/* encrypt PAD */
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
/* handle header */
if (headerlen > 0) {
x = 0;
/* store length */
if (headerlen < ((1UL<<16) - (1UL<<8))) {
PAD[x++] ^= (headerlen>>8) & 255;
PAD[x++] ^= headerlen & 255;
} else {
PAD[x++] ^= 0xFF;
PAD[x++] ^= 0xFE;
PAD[x++] ^= (headerlen>>24) & 255;
PAD[x++] ^= (headerlen>>16) & 255;
PAD[x++] ^= (headerlen>>8) & 255;
PAD[x++] ^= headerlen & 255;
}
/* now add the data */
for (y = 0; y < headerlen; y++) {
if (x == 16) {
/* full block so let's encrypt it */
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
x = 0;
}
PAD[x++] ^= header[y];
}
/* remainder? */
if (x != 0) {
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
}
}
/* setup the ctr counter */
x = 0;
/* flags */
ctr[x++] = L-1;
/* nonce */
for (y = 0; y < (16 - (L+1)); ++y) {
ctr[x++] = nonce[y];
}
/* offset */
while (x < 16) {
ctr[x++] = 0;
}
x = 0;
CTRlen = 16;
/* now handle the PT */
if (ptlen > 0) {
y = 0;
#ifdef LTC_FAST
if (ptlen & ~15) {
if (direction == CCM_ENCRYPT) {
for (; y < (ptlen & ~15); y += 16) {
/* increment the ctr? */
for (z = 15; z > 15-L; z--) {
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
/* xor the PT against the pad first */
for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&PAD[z])) ^= *((LTC_FAST_TYPE*)(&pt[y+z]));
*((LTC_FAST_TYPE*)(&ct[y+z])) = *((LTC_FAST_TYPE*)(&pt[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z]));
}
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
}
} else {
for (; y < (ptlen & ~15); y += 16) {
/* increment the ctr? */
for (z = 15; z > 15-L; z--) {
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
/* xor the PT against the pad last */
for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&pt[y+z])) = *((LTC_FAST_TYPE*)(&ct[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z]));
*((LTC_FAST_TYPE*)(&PAD[z])) ^= *((LTC_FAST_TYPE*)(&pt[y+z]));
}
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
}
}
}
#endif
for (; y < ptlen; y++) {
/* increment the ctr? */
if (CTRlen == 16) {
for (z = 15; z > 15-L; z--) {
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
CTRlen = 0;
}
/* if we encrypt we add the bytes to the MAC first */
if (direction == CCM_ENCRYPT) {
b = pt[y];
ct[y] = b ^ CTRPAD[CTRlen++];
} else {
b = ct[y] ^ CTRPAD[CTRlen++];
pt[y] = b;
}
if (x == 16) {
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
x = 0;
}
PAD[x++] ^= b;
}
if (x != 0) {
cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
}
}
/* setup CTR for the TAG */
ctr[14] = ctr[15] = 0x00;
cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
cipher_descriptor[cipher].done(skey);
/* store the TAG */
for (x = 0; x < 16 && x < *taglen; x++) {
tag[x] = PAD[x] ^ CTRPAD[x];
}
*taglen = x;
#ifdef LTC_CLEAN_STACK
zeromem(skey, sizeof(*skey));
zeromem(B, sizeof(B));
zeromem(PAD, sizeof(PAD));
zeromem(CTRPAD, sizeof(CTRPAD));
#endif
XFREE(skey);
return CRYPT_OK;
}
#endif

170
src/encauth/ccm/ccm_test.c Normal file
View File

@@ -0,0 +1,170 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file ccm_test.c
CCM support, process a block of memory, Tom St Denis
*/
#ifdef CCM_MODE
int ccm_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct {
unsigned char key[16];
unsigned char nonce[16];
int noncelen;
unsigned char header[64];
int headerlen;
unsigned char pt[64];
int ptlen;
unsigned char ct[64];
unsigned char tag[16];
int taglen;
} tests[] = {
/* 13 byte nonce, 8 byte auth, 23 byte pt */
{
{ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF },
{ 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xA0,
0xA1, 0xA2, 0xA3, 0xA4, 0xA5 },
13,
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 },
8,
{ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E },
23,
{ 0x58, 0x8C, 0x97, 0x9A, 0x61, 0xC6, 0x63, 0xD2,
0xF0, 0x66, 0xD0, 0xC2, 0xC0, 0xF9, 0x89, 0x80,
0x6D, 0x5F, 0x6B, 0x61, 0xDA, 0xC3, 0x84 },
{ 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 },
8
},
/* 13 byte nonce, 12 byte header, 19 byte pt */
{
{ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF },
{ 0x00, 0x00, 0x00, 0x06, 0x05, 0x04, 0x03, 0xA0,
0xA1, 0xA2, 0xA3, 0xA4, 0xA5 },
13,
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B },
12,
{ 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13,
0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B,
0x1C, 0x1D, 0x1E },
19,
{ 0xA2, 0x8C, 0x68, 0x65, 0x93, 0x9A, 0x9A, 0x79,
0xFA, 0xAA, 0x5C, 0x4C, 0x2A, 0x9D, 0x4A, 0x91,
0xCD, 0xAC, 0x8C },
{ 0x96, 0xC8, 0x61, 0xB9, 0xC9, 0xE6, 0x1E, 0xF1 },
8
},
/* supplied by Brian Gladman */
{
{ 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f },
{ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16 },
7,
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 },
8,
{ 0x20, 0x21, 0x22, 0x23 },
4,
{ 0x71, 0x62, 0x01, 0x5b },
{ 0x4d, 0xac, 0x25, 0x5d },
4
},
{
{ 0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85,
0x51, 0x4a, 0x8a, 0x19, 0xf2, 0xbd, 0xd5, 0x2f },
{ 0x00, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0xb5,
0x03, 0x97, 0x76, 0xe7, 0x0c },
13,
{ 0x08, 0x40, 0x0f, 0xd2, 0xe1, 0x28, 0xa5, 0x7c,
0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0xab, 0xae,
0xa5, 0xb8, 0xfc, 0xba, 0x00, 0x00 },
22,
{ 0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae,
0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb,
0x7e, 0x78, 0xa0, 0x50 },
20,
{ 0xf3, 0xd0, 0xa2, 0xfe, 0x9a, 0x3d, 0xbf, 0x23,
0x42, 0xa6, 0x43, 0xe4, 0x32, 0x46, 0xe8, 0x0c,
0x3c, 0x04, 0xd0, 0x19 },
{ 0x78, 0x45, 0xce, 0x0b, 0x16, 0xf9, 0x76, 0x23 },
8
},
};
unsigned long taglen, x;
unsigned char buf[64], buf2[64], tag2[16], tag[16];
int err, idx;
idx = find_cipher("aes");
if (idx == -1) {
idx = find_cipher("rijndael");
if (idx == -1) {
return CRYPT_NOP;
}
}
for (x = 0; x < (sizeof(tests)/sizeof(tests[0])); x++) {
taglen = tests[x].taglen;
if ((err = ccm_memory(idx,
tests[x].key, 16,
tests[x].nonce, tests[x].noncelen,
tests[x].header, tests[x].headerlen,
(unsigned char*)tests[x].pt, tests[x].ptlen,
buf,
tag, &taglen, 0)) != CRYPT_OK) {
return err;
}
if (memcmp(buf, tests[x].ct, tests[x].ptlen)) {
return CRYPT_FAIL_TESTVECTOR;
}
if (memcmp(tag, tests[x].tag, tests[x].taglen)) {
return CRYPT_FAIL_TESTVECTOR;
}
if ((err = ccm_memory(idx,
tests[x].key, 16,
tests[x].nonce, tests[x].noncelen,
tests[x].header, tests[x].headerlen,
buf2, tests[x].ptlen,
buf,
tag2, &taglen, 1 )) != CRYPT_OK) {
return err;
}
if (memcmp(buf2, tests[x].pt, tests[x].ptlen)) {
return CRYPT_FAIL_TESTVECTOR;
}
if (memcmp(tag2, tests[x].tag, tests[x].taglen)) {
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif
}
#endif

34
src/encauth/eax/eax_addheader.c Normal file
View File

@@ -0,0 +1,34 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file eax_addheader.c
EAX implementation, add meta-data, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
add header (metadata) to the stream
@param eax The current EAX state
@param header The header (meta-data) data you wish to add to the state
@param length The length of the header data
@return CRYPT_OK if successful
*/
int eax_addheader(eax_state *eax, const unsigned char *header,
unsigned long length)
{
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(header != NULL);
return omac_process(&eax->headeromac, header, length);
}
#endif

26
eax_decrypt.c → src/encauth/eax/eax_decrypt.c
View File

@@ -6,21 +6,33 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_decrypt.c
EAX implementation, decrypt block, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length)
/**
Decrypt data with the EAX protocol
@param eax The EAX state
@param ct The ciphertext
@param pt [out] The plaintext
@param length The length (octets) of the ciphertext
@return CRYPT_OK if successful
*/
int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt,
unsigned long length)
{
int err;
_ARGCHK(eax != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
/* omac ciphertext */
if ((err = omac_process(&eax->ctomac, ct, length)) != CRYPT_OK) {

52
eax_decrypt_verify_memory.c → src/encauth/eax/eax_decrypt_verify_memory.c
View File

@@ -6,14 +6,34 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_decrypt_verify_memory.c
EAX implementation, decrypt block of memory, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Decrypt a block of memory and verify the provided MAC tag with EAX
@param cipher The index of the cipher desired
@param key The secret key
@param keylen The length of the key (octets)
@param nonce The nonce data (use once) for the session
@param noncelen The length of the nonce data.
@param header The session header data
@param headerlen The length of the header (octets)
@param ct The ciphertext
@param ctlen The length of the ciphertext (octets)
@param pt [out] The plaintext
@param tag The authentication tag provided by the encoder
@param taglen [in/out] The length of the tag (octets)
@param stat [out] The result of the decryption (1==valid tag, 0==invalid)
@return CRYPT_OK if successful regardless of the resulting tag comparison
*/
int eax_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
@@ -21,21 +41,25 @@ int eax_decrypt_verify_memory(int cipher,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
unsigned char *tag, unsigned long taglen,
int *res)
int *stat)
{
int err;
eax_state *eax;
unsigned char *buf;
unsigned long buflen;
_ARGCHK(res != NULL);
LTC_ARGCHK(stat != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
/* default to zero */
*res = 0;
*stat = 0;
/* allocate ram */
buf = XMALLOC(taglen);
eax = XMALLOC(sizeof(eax_state));
eax = XMALLOC(sizeof(*eax));
if (eax == NULL || buf == NULL) {
if (eax != NULL) {
XFREE(eax);
@@ -47,28 +71,28 @@ int eax_decrypt_verify_memory(int cipher,
}
if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
if ((err = eax_decrypt(eax, ct, pt, ctlen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
buflen = taglen;
if ((err = eax_done(eax, buf, &buflen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* compare tags */
if (buflen >= taglen && memcmp(buf, tag, taglen) == 0) {
*res = 1;
*stat = 1;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(buf, taglen);
zeromem(eax, sizeof(eax_state));
zeromem(eax, sizeof(*eax));
#endif
XFREE(eax);

35
eax_done.c → src/encauth/eax/eax_done.c
View File

@@ -6,23 +6,33 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_done.c
EAX implementation, terminate session, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Terminate an EAX session and get the tag.
@param eax The EAX state
@param tag [out] The destination of the authentication tag
@param taglen [in/out] The max length and resulting length of the authentication tag
@return CRYPT_OK if successful
*/
int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
{
int err;
unsigned char *headermac, *ctmac;
unsigned long x, len;
_ARGCHK(eax != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(taglen != NULL);
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
/* allocate ram */
headermac = XMALLOC(MAXBLOCKSIZE);
@@ -41,7 +51,7 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
/* finish ctomac */
len = MAXBLOCKSIZE;
if ((err = omac_done(&eax->ctomac, ctmac, &len)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* finish headeromac */
@@ -49,7 +59,12 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
/* note we specifically don't reset len so the two lens are minimal */
if ((err = omac_done(&eax->headeromac, headermac, &len)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* terminate the CTR chain */
if ((err = ctr_done(&eax->ctr)) != CRYPT_OK) {
goto LBL_ERR;
}
/* compute N xor H xor C */
@@ -59,8 +74,8 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
*taglen = x;
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(ctmac, MAXBLOCKSIZE);
zeromem(headermac, MAXBLOCKSIZE);
zeromem(eax, sizeof(*eax));

26
eax_encrypt.c → src/encauth/eax/eax_encrypt.c
View File

@@ -6,21 +6,33 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_encrypt.c
EAX implementation, encrypt block by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length)
/**
Encrypt with EAX a block of data.
@param eax The EAX state
@param pt The plaintext to encrypt
@param ct [out] The ciphertext as encrypted
@param length The length of the plaintext (octets)
@return CRYPT_OK if successful
*/
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct,
unsigned long length)
{
int err;
_ARGCHK(eax != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
/* encrypt */
if ((err = ctr_encrypt(pt, ct, length, &eax->ctr)) != CRYPT_OK) {

78
src/encauth/eax/eax_encrypt_authenticate_memory.c Normal file
View File

@@ -0,0 +1,78 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/**
@file eax_encrypt_authenticate_memory.c
EAX implementation, encrypt a block of memory, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
EAX encrypt and produce an authentication tag
@param cipher The index of the cipher desired
@param key The secret key to use
@param keylen The length of the secret key (octets)
@param nonce The session nonce [use once]
@param noncelen The length of the nonce
@param header The header for the session
@param headerlen The length of the header (octets)
@param pt The plaintext
@param ptlen The length of the plaintext (octets)
@param ct [out] The ciphertext
@param tag [out] The destination tag
@param taglen [in/out] The max size and resulting size of the authentication tag
@return CRYPT_OK if successful
*/
int eax_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen)
{
int err;
eax_state *eax;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
eax = XMALLOC(sizeof(*eax));
if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = eax_encrypt(eax, pt, ct, ptlen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = eax_done(eax, tag, taglen)) != CRYPT_OK) {
goto LBL_ERR;
}
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(eax, sizeof(*eax));
#endif
XFREE(eax);
return err;
}
#endif

62
eax_init.c → src/encauth/eax/eax_init.c
View File

@@ -6,16 +6,32 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_init.c
EAX implementation, initialized EAX state, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
/**
Initialized an EAX state
@param eax [out] The EAX state to initialize
@param cipher The index of the desired cipher
@param key The secret key
@param keylen The length of the secret key (octets)
@param nonce The use-once nonce for the session
@param noncelen The length of the nonce (octets)
@param header The header for the EAX state
@param headerlen The header length (octets)
@return CRYPT_OK if successful
*/
int eax_init(eax_state *eax, int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen)
{
unsigned char *buf;
@@ -24,11 +40,11 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
unsigned long len;
_ARGCHK(eax != NULL);
_ARGCHK(key != NULL);
_ARGCHK(nonce != NULL);
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
if (headerlen > 0) {
_ARGCHK(header != NULL);
LTC_ARGCHK(header != NULL);
}
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
@@ -38,7 +54,7 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
/* allocate ram */
buf = XMALLOC(MAXBLOCKSIZE);
omac = XMALLOC(sizeof(omac_state));
omac = XMALLOC(sizeof(*omac));
if (buf == NULL || omac == NULL) {
if (buf != NULL) {
@@ -53,21 +69,21 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
/* N = OMAC_0K(nonce) */
zeromem(buf, MAXBLOCKSIZE);
if ((err = omac_init(omac, cipher, key, keylen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* omac the [0]_n */
if ((err = omac_process(omac, buf, blklen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* omac the nonce */
if ((err = omac_process(omac, nonce, noncelen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* store result */
len = sizeof(eax->N);
if ((err = omac_done(omac, eax->N, &len)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* H = OMAC_1K(header) */
@@ -75,17 +91,17 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
buf[blklen - 1] = 1;
if ((err = omac_init(&eax->headeromac, cipher, key, keylen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* omac the [1]_n */
if ((err = omac_process(&eax->headeromac, buf, blklen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* omac the header */
if (headerlen != 0) {
if ((err = omac_process(&eax->headeromac, header, headerlen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
}
@@ -93,28 +109,28 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
/* setup the CTR mode */
if ((err = ctr_start(cipher, eax->N, key, keylen, 0, &eax->ctr)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* use big-endian counter */
eax->ctr.mode = 1;
/* setup the OMAC for the ciphertext */
if ((err = omac_init(&eax->ctomac, cipher, key, keylen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* omac [2]_n */
zeromem(buf, MAXBLOCKSIZE);
buf[blklen-1] = 2;
if ((err = omac_process(&eax->ctomac, buf, blklen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(buf, MAXBLOCKSIZE);
zeromem(omac, sizeof(omac_state));
zeromem(omac, sizeof(*omac));
#endif
XFREE(omac);

13
eax_test.c → src/encauth/eax/eax_test.c
View File

@@ -6,14 +6,21 @@
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_test.c
EAX implementation, self-test, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Test the EAX implementation
@return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
*/
int eax_test(void)
{
#ifndef LTC_TEST

Some files were not shown because too many files have changed in this diff Show More