0.48.1

--HG--
extra : convert_revision : 0501e6f661b5415eb76f3b312d183c3adfbfb712

CHANGES

@@ -1,3 +1,167 @@
+0.48.1 - Sat 11 March 2006
+
+- Compile fix for scp
+
+0.48 - Thurs 9 March 2006
+
+- Check that the circular buffer is properly empty before
+  closing a channel, which could cause truncated transfers
+  (thanks to Tomas Vanek for helping track it down)
+
+- Implement per-IP pre-authentication connection limits 
+  (after some poking from Pablo Fernandez)
+
+- Exit gracefully if trying to connect to as SSH v1 server 
+  (reported by Rushi Lala)
+
+- Only read /dev/random once at startup when in non-inetd mode
+
+- Allow ctrl-c to close a dbclient password prompt (may
+  still have to press enter on some platforms)
+
+- Merged in uClinux patch for inetd mode
+
+- Updated to scp from OpenSSH 4.3p2 - fixes a security issue
+  where use of system() could cause users to execute arbitrary
+  code through malformed filenames, ref CVE-2006-0225
+
+0.47 - Thurs Dec 8 2005
+
+- SECURITY: fix for buffer allocation error in server code, could potentially
+  allow authenticated users to gain elevated privileges. All multi-user systems
+  running the server should upgrade (or apply the patch available on the
+  Dropbear webpage).
+
+- Fix channel handling code so that redirecting to /dev/null doesn't use
+  100% CPU.
+
+- Turn on zlib compression for dbclient.
+
+- Set "low delay" TOS bit, can significantly improve interactivity
+  over some links.
+
+- Added client keyboard-interactive mode support, allows operation with
+  newer OpenSSH servers in default config.
+
+- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
+
+- Improve logging of assertions
+
+- Added aes-256 cipher and sha1-96 hmac.
+
+- Fix twofish so that it actually works.
+
+- Improve PAM prompt comparison.
+
+- Added -g (dbclient) and -a (dropbear server) options to allow
+  connections to listening forwarded ports from remote machines.
+
+- Various other minor fixes
+
+- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
+  (netinet/in_systm.h needs to be included).
+
+0.46 - Sat July 9 2005
+
+- Fix long-standing bug which caused connections to be closed if an ssh-agent
+  socket was no longer available
+
+- Print a warning if we seem to be blocking on /dev/random 
+  (suggested by Paul Fox)
+
+- Fixed a memory leak in DSS code (thanks to Boris Berezovsky for the patch)
+
+- dbclient -L no longer segfaults, allocate correct buffer size (thanks
+  to David Cook for reporting it, and Christopher Faylor for independently
+  sending in a patch)
+
+- Added RSA blinding to signing code (suggested by Dan Kaminsky)
+
+- Rearranged bignum reading/random generation code
+
+- Reset the non-blocking status on stderr and stdout as well as stdin,
+  fixes a problem where the shell running dbclient will exit (thanks to 
+  Brent Roman for reporting it)
+
+- Fix so that all file descriptors are closed so the child shell doesn't
+  inherit descriptors (thanks to Linden May for the patch)
+
+- Change signkey.c to avoid gcc 4 generating incorrect code
+
+- After both sides of a file descriptor have been shutdown(), close()
+  it to avoid leaking descriptors (thanks to Ari Hyttinen for a patch)
+
+- Update to LibTomCrypt 1.05 and LibTomMath 0.35
+
+0.45 - Mon March 7 2005
+
+- Makefile no longer appends 'static' to statically linked binaries
+
+- Add optional SSH_ASKPASS support to the client
+
+- Respect HOST_LOOKUP option
+
+- Fix accidentally removed "return;" statement which was removed in 0.44
+  (causing clients which sent an empty terminal-modes string to fail to
+  connect - including pssh, ssh.com, danger hiptop). (patches
+  independently from Paul Fox, David Horwitt and Sven-Ola Tuecke)
+
+- Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
+  will work with scp.
+
+0.44 - Mon Jan 3 2005
+
+- SECURITY: Fix for PAM auth so that usernames are logged and conversation
+  function responses are allocated correctly - all 0.44test4 users with PAM
+  compiled in (not default) are advised to upgrade.
+
+- Fix calls to getnameinfo() for compatibility with Solaris
+
+- Pristine compilation works (run 'configure' from a fresh dir and make it
+  there)
+
+- Fixes for compiling with most options disabled.
+
+- Upgraded to LibTomCrypt 0.99 and LibTomMath 0.32
+
+- Make sure that zeroing out of values in LTM and LTC won't get optimised away
+
+- Removed unused functions from loginrec.c
+
+- /dev/random is now the default entropy source rather than /dev/urandom
+
+- Logging of IPs in auth success/failure messages for improved greppability
+
+- Fix dbclient so that "scp -i keyfile" works. (It can handle "-ikeyfile
+  properly)
+
+- Avoid a race in server shell-handling code which prevents the exit-code
+  from being returned to the client in some circumstances.
+
+- Makefile modified so that install target works correctly (doesn't try
+  to install "all" binary) - patch from Juergen Daubert
+
+- Various minor fixes and compile warnings.
+
+0.44test4 - Tue Sept 14 2004 21:15:54 +0800
+
+- Fix inetd mode so it actually loads the hostkeys (oops)
+
+- Changed DROPBEAR_DEFPORT properly everywhere
+
+- Fix a small memory leak in the auth code
+
+- WCOREDUMP is only used on systems which support it (ie not cygwin or AIX)
+
+- Check (and fail for) cases when we can't negotiate algorithms with the
+  remote side successfully (rather than bombing out ungracefully)
+
+- Handle authorized_keys files without a terminating newline
+
+- Fiddle the channel receive window size for possibly better performance
+
+- Added in the PAM authentication code (finally! thanks to Martin Carlsson)
+
 0.44test3 - Fri Aug 27 22:20:54 +0800
 
 - Fixed a bunch of warnings.

INSTALL

@@ -28,6 +28,11 @@ Binaries can be strippd with "make strip"
 
 ============================================================================
 
+If you're compiling for a 386-class CPU, you will probably need to add
+CFLAGS=-DLTC_NO_BSWAP so that libtomcrypt doesn't use 486+ instructions.
+
+============================================================================
+
 Compiling with uClibc:
 
 Firstly, make sure you have at least uclibc 0.9.17, as getusershell() in prior

Makefile.in

@@ -1,4 +1,5 @@
 # This Makefile is for Dropbear SSH Server and Client
+# @configure_input@
 
 # invocation:
 # make PROGRAMS="dropbear dbclient scp" MULTI=1 STATIC=1 SCPPROGRESS=1
@@ -24,11 +25,11 @@ COMMONOBJS=dbutil.o buffer.o \
 SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \
 		svr-authpasswd.o svr-authpubkey.o svr-session.o svr-service.o \
 		svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\
-		svr-tcpfwd.o
+		svr-tcpfwd.o svr-authpam.o
 
 CLIOBJS=cli-algo.o cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
 		cli-session.o cli-service.o cli-runopts.o cli-chansession.o \
-		cli-authpubkey.o cli-tcpfwd.o cli-channel.o
+		cli-authpubkey.o cli-tcpfwd.o cli-channel.o cli-authinteract.o
 
 CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
 			common-channel.o common-chansession.o termcodes.o loginrec.o \
@@ -54,6 +55,9 @@ dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
 dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
 scpobjs=$(SCPOBJS)
 
+VPATH=@srcdir@
+srcdir=@srcdir@
+
 prefix=@prefix@
 exec_prefix=${prefix}
 bindir=${exec_prefix}/bin
@@ -65,7 +69,7 @@ AR=@AR@
 RANLIB=@RANLIB@
 STRIP=@STRIP@
 INSTALL=@INSTALL@
-CFLAGS=-Ilibtomcrypt @CFLAGS@
+CFLAGS=-I. -I$(srcdir)/libtomcrypt/src/headers/ @CFLAGS@
 LIBS=$(LTC) $(LTM) @LIBS@
 LDFLAGS=@LDFLAGS@
 
@@ -89,9 +93,6 @@ export RANLIB AR STRIP
 
 ifeq ($(STATIC), 1)
 	LDFLAGS+=-static
-	SPREFIX=static
-else
-	SPREFIX=
 endif
 
 ifeq ($(MULTI), 1)
@@ -112,38 +113,38 @@ endif
 all: $(TARGETS)
 
 strip: $(TARGETS)
-	$(STRIP) $(addsuffix $(EXEEXT), $(addprefix $(SPREFIX), $(TARGETS)))
+	$(STRIP) $(addsuffix $(EXEEXT), $(TARGETS))
 
-install: $(addprefix inst, $(TARGETS))
+install: $(addprefix inst_, $(TARGETS))
 
 installdropbearmulti: insdbmulti $(addprefix insmulti, $(PROGRAMS)) 
 
 insdbmulti: dropbearmulti
 	$(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
-	$(INSTALL) -m 755 $(SPREFIX)dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)
-	-chown root $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT)
-	-chgrp 0 $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT)
+	$(INSTALL) -m 755 dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)
+	-chown root $(DESTDIR)$(bindir)/dropbearmulti$(EXEEXT)
+	-chgrp 0 $(DESTDIR)$(bindir)/dropbearmulti$(EXEEXT)
 
 insmultidropbear: dropbearmulti
-	-rm -f $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT)
-	-ln -s $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT) 
+	-rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
+	-ln -s $(DESTDIR)$(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT) 
 
 insmulti%: dropbearmulti
-	-rm -f $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT) 
-	-ln -s $(DESTDIR)$(bindir)/$(SPREFIX)dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT) 
+	-rm -f $(DESTDIR)$(bindir)/$*$(EXEEXT) 
+	-ln -s $(DESTDIR)$(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(bindir)/$*$(EXEEXT) 
 
 # dropbear should go in sbin, so it needs a seperate rule
-instdropbear: dropbear
+inst_dropbear: dropbear
 	$(INSTALL) -d -m 755 $(DESTDIR)$(sbindir)
-	$(INSTALL) -m 755 $(SPREFIX)dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
-	-chown root $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT)
-	-chgrp 0 $(DESTDIR)$(sbindir)/$(SPREFIX)dropbear$(EXEEXT)
+	$(INSTALL) -m 755 dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
+	-chown root $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
+	-chgrp 0 $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
 
-inst%: $*
+inst_%: $*
 	$(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
-	$(INSTALL) -m 755 $(SPREFIX)$*$(EXEEXT) $(DESTDIR)$(bindir)
-	-chown root $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT)
-	-chgrp 0 $(DESTDIR)$(bindir)/$(SPREFIX)$*$(EXEEXT)
+	$(INSTALL) -m 755 $*$(EXEEXT) $(DESTDIR)$(bindir)
+	-chown root $(DESTDIR)$(bindir)/$*$(EXEEXT)
+	-chgrp 0 $(DESTDIR)$(bindir)/$*$(EXEEXT)
 
 
 # for some reason the rule further down doesn't like $($@objs) as a prereq.
@@ -154,11 +155,11 @@ dropbearconvert: $(dropbearconvertobjs)
 
 dropbear dbclient dropbearkey dropbearconvert: $(HEADERS)  $(LTC) $(LTM) \
 													Makefile
-	$(LD) $(LDFLAGS) -o $(SPREFIX)$@$(EXEEXT) $($@objs) $(LIBS)
+	$(LD) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBS)
 
 # scp doesn't use the libs so is special.
 scp: $(SCPOBJS)  $(HEADERS) Makefile
-	$(LD) $(LDFLAGS) -o $(SPREFIX)$@$(EXEEXT) $(SCPOBJS)
+	$(LD) $(LDFLAGS) -o $@$(EXEEXT) $(SCPOBJS)
 
 
 # multi-binary compilation.
@@ -171,13 +172,13 @@ endif
 dropbearmulti: multilink 
 
 multibinary: $(HEADERS) $(MULTIOBJS) $(LTC) $(LTM) Makefile
-	$(LD) $(LDFLAGS) -o $(SPREFIX)dropbearmulti$(EXEEXT) $(MULTIOBJS) $(LIBS)
+	$(LD) $(LDFLAGS) -o dropbearmulti$(EXEEXT) $(MULTIOBJS) $(LIBS)
 
 multilink: multibinary $(addprefix link, $(PROGRAMS))
 
 link%:
-	-rm -f $(SPREFIX)$*$(EXEEXT)
-	-ln -s $(SPREFIX)dropbearmulti$(EXEEXT) $(SPREFIX)$*$(EXEEXT)
+	-rm -f $*$(EXEEXT)
+	-ln -s dropbearmulti$(EXEEXT) $*$(EXEEXT)
 
 $(LTC): options.h
 	cd libtomcrypt && $(MAKE) clean && $(MAKE)
@@ -197,10 +198,8 @@ sizes: dropbear
 clean: ltc-clean ltm-clean thisclean
 
 thisclean:
-	-rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress
-	-rm -f staticdropbear staticdropbearkey staticdropbearconvert staticscp
-	-rm -f dropbearmulti staticdropbearmulti
-	-rm -f *.o *.da *.bb *.bbg *.prof 
+	-rm -f dropbear dbclient dropbearkey dropbearconvert scp scp-progress \
+			dropbearmulti *.o *.da *.bb *.bbg *.prof 
 
 distclean: clean tidy
 	-rm -f config.h

README

@@ -25,7 +25,7 @@ the key entries in that file. They should be of the form:
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
 
 You must make sure that ~/.ssh, and the key file, are only writable by the
-user.
+user. Beware of editors that split the key into multiple lines.
 
 NOTE: Dropbear ignores authorized_keys options such as those described in the
 OpenSSH sshd manpage, and will not allow a login for these keys. 
@@ -69,6 +69,6 @@ pty, and you cannot login as any user other than that running the daemon
 
 The Dropbear distribution includes a standalone version of OpenSSH's scp
 program. You can compile it with "make scp", you may want to change the path
-of the ssh binary, specified near the top of the scp.c file. By default
+of the ssh binary, specified by _PATH_SSH_PROGRAM in options.h . By default
 the progress meter isn't compiled in to save space, you can enable it by 
 adding 'SCPPROGRESS=1' to the make commandline.

SMALL

@@ -1,25 +1,36 @@
 Tips for a small system:
 
-The following are set in options.h
+If you only want server functionality (for example), compile with
+	make PROGRAMS=dropbear
+rather than just
+	make dropbear
+so that client functionality in shared portions of Dropbear won't be included.
+The same applies if you are compiling just a client.
 
-- You can safely disable blowfish and twofish ciphers, and MD5 hmac, without
-  affecting interoperability
+---
 
-- If you're compiling statically, you can turn off host lookups
+The following are set in options.h:
 
-- You can disable either password or public-key authentication, though note
-  that the IETF draft states that pubkey authentication is required.
+	- You can safely disable blowfish and twofish ciphers, and MD5 hmac, without
+	  affecting interoperability
 
-- Similarly with DSS and RSA, you can disable one of these if you know that
-  all clients will be able to support a particular one. The IETF draft
-  states that DSS is required, however you may prefer to use RSA. 
-  DON'T disable either of these on systems where you aren't 100% sure about
-  who will be connecting and what clients they will be using.
+	- If you're compiling statically, you can turn off host lookups
 
-- Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize
+	- You can disable either password or public-key authentication, though note
+	  that the IETF draft states that pubkey authentication is required.
 
-- You can disable x11, tcp and agent forwarding as desired. None of these are
-  essential, although agent-forwarding is often useful even on firewall boxes.
+	- Similarly with DSS and RSA, you can disable one of these if you know that
+	  all clients will be able to support a particular one. The IETF draft
+	  states that DSS is required, however you may prefer to use RSA. 
+	  DON'T disable either of these on systems where you aren't 100% sure about
+	  who will be connecting and what clients they will be using.
+
+	- Disabling the MOTD code and SFTP-SERVER may save a small amount of codesize
+
+	- You can disable x11, tcp and agent forwarding as desired. None of these are
+	  essential, although agent-forwarding is often useful even on firewall boxes.
+
+---
 
 If you are compiling statically, you may want to disable zlib, as it will use
 a few tens of kB of binary-size (./configure --disable-zlib).

TODO

@@ -2,12 +2,10 @@ Current:
 
 Things which might need doing:
 
+- default private dbclient keys
+
 - Make options.h generated from configure perhaps?
 
-- Improved queueing of unauthed connections
-
-- fix agent fwd problems
-
 - handle /etc/environment in AIX
 
 - check that there aren't timing issues with valid/invalid user authentication
@@ -15,15 +13,15 @@ Things which might need doing:
 
 - Binding to different interfaces
 
-- possible RSA blinding? need to check whether this is vuln to timing attacks
-- check PRNG
-- CTR mode, SSH_MSG_IGNORE sending to improve CBC security
+- CTR mode
+- SSH_MSG_IGNORE sending to improve CBC security
 - DH Group Exchange possibly, or just add group14 (whatever it's called today)
 
-- Use m_burn for clearing sensitive items in LTM/LTC
-
 - fix scp.c for IRIX
 
 - Be able to use OpenSSH keys for the client? or at least have some form of 
   encrypted keys.
+
 - Client agent forwarding
+
+- Handle restrictions in ~/.ssh/authorized_keys ?

algo.h

@@ -51,13 +51,13 @@ extern const struct dropbear_cipher dropbear_nocipher;
 extern const struct dropbear_hash dropbear_nohash;
 
 struct dropbear_cipher {
-	const struct _cipher_descriptor *cipherdesc;
+	const struct ltc_cipher_descriptor *cipherdesc;
 	unsigned long keysize;
 	unsigned char blocksize;
 };
 
 struct dropbear_hash {
-	const struct _hash_descriptor *hashdesc;
+	const struct ltc_hash_descriptor *hashdesc;
 	unsigned long keysize;
 	unsigned char hashsize;
 };

atomicio.c

@@ -1,5 +1,5 @@
 /*
- * Copied from OpenSSH 3.6.1p2, required for loginrec.c
+ * Copied from OpenSSH 3.6.1p2.
  * 
  * Copyright (c) 1995,1999 Theo de Raadt.  All rights reserved.
  * All rights reserved.
@@ -25,8 +25,6 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* Taken from OpenSSH for use with the loginrec code */
-
 /* RCSID("OpenBSD: atomicio.c,v 1.10 2001/05/08 22:48:07 markus Exp "); */
 
 #include "atomicio.h"
@@ -42,7 +40,8 @@ atomicio(f, fd, _s, n)
 	size_t n;
 {
 	char *s = _s;
-	ssize_t res, pos = 0;
+	ssize_t res;
+	size_t pos = 0;
 
 	while (n > pos) {
 		res = (f) (fd, s + pos, n - pos);

auth.h

@@ -36,32 +36,42 @@ void send_msg_userauth_failure(int partial, int incrfail);
 void send_msg_userauth_success();
 void svr_auth_password();
 void svr_auth_pubkey();
+void svr_auth_pam();
 
 /* Client functions */
 void recv_msg_userauth_failure();
 void recv_msg_userauth_success();
+void recv_msg_userauth_specific_60();
 void recv_msg_userauth_pk_ok();
+void recv_msg_userauth_info_request();
 void cli_get_user();
 void cli_auth_getmethods();
 void cli_auth_try();
 void recv_msg_userauth_banner();
 void cli_pubkeyfail();
-int cli_auth_password();
+void cli_auth_password();
 int cli_auth_pubkey();
+void cli_auth_interactive();
+char* getpass_or_cancel();
 
 
 #define MAX_USERNAME_LEN 25 /* arbitrary for the moment */
 
-#define AUTH_TYPE_PUBKEY	1 << 0
-#define AUTH_TYPE_PASSWORD	1 << 1
+#define AUTH_TYPE_NONE      1
+#define AUTH_TYPE_PUBKEY    1 << 1
+#define AUTH_TYPE_PASSWORD  1 << 2
+#define AUTH_TYPE_INTERACT  1 << 3
 
-/* auth types, "none" means we should return list of acceptable types */
-#define AUTH_METHOD_NONE	"none"
+#define AUTH_METHOD_NONE "none"
 #define AUTH_METHOD_NONE_LEN 4
 #define AUTH_METHOD_PUBKEY "publickey"
 #define AUTH_METHOD_PUBKEY_LEN 9
 #define AUTH_METHOD_PASSWORD "password"
 #define AUTH_METHOD_PASSWORD_LEN 8
+#define AUTH_METHOD_INTERACT "keyboard-interactive"
+#define AUTH_METHOD_INTERACT_LEN 20
+
+
 
 /* This structure is shared between server and client - it contains
  * relatively little extraneous bits when used for the client rather than the
@@ -76,6 +86,9 @@ struct AuthState {
 	unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for
 							  client and server (though has differing [obvious]
 							  meanings). */
+	unsigned perm_warn : 1; /* Server only, set if bad permissions on 
+							   ~/.ssh/authorized_keys have already been
+							   logged. */
 
 	/* These are only used for the server */
 	char *printableuser; /* stripped of control chars, used for logs etc */
@@ -83,13 +96,13 @@ struct AuthState {
 
 };
 
-struct PubkeyList;
-/* A singly linked list of pubkeys */
-struct PubkeyList {
+struct SignKeyList;
+/* A singly linked list of signing keys */
+struct SignKeyList {
 
 	sign_key *key;
 	int type; /* The type of key */
-	struct PubkeyList *next;
+	struct SignKeyList *next;
 	/* filename? or the buffer? for encrypted keys, so we can later get
 	 * the private key portion */
 

bignum.c

@@ -52,28 +52,9 @@ void m_mp_init_multi(mp_int *mp, ...)
     va_end(args);
 }
 
-/* convert an unsigned mp into an array of bytes, malloced.
- * This array must be freed after use, len contains the length of the array,
- * if len != NULL */
-unsigned char* mptobytes(mp_int *mp, int *len) {
-	
-	unsigned char* ret;
-	int size;
+void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {
 
-	size = mp_unsigned_bin_size(mp);
-	ret = m_malloc(size);
-	if (mp_to_unsigned_bin(mp, ret) != MP_OKAY) {
-		dropbear_exit("mem alloc error");
-	}
-	if (len != NULL) {
-		*len = size;
-	}
-	return ret;
-}
-
-void bytestomp(mp_int *mp, unsigned char* bytes, unsigned int len) {
-
-	if (mp_read_unsigned_bin(mp, bytes, len) != MP_OKAY) {
+	if (mp_read_unsigned_bin(mp, (unsigned char*)bytes, len) != MP_OKAY) {
 		dropbear_exit("mem alloc error");
 	}
 }

bignum.h

@@ -29,8 +29,7 @@
 
 void m_mp_init(mp_int *mp);
 void m_mp_init_multi(mp_int *mp, ...);
-unsigned char* mptobytes(mp_int *mp, int *len);
-void bytestomp(mp_int *mp, unsigned char* bytes, unsigned int len);
+void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len);
 void sha1_process_mp(hash_state *hs, mp_int *mp);
 
 #endif /* _BIGNUM_H_ */

buffer.c

@@ -153,13 +153,23 @@ void buf_incrpos(buffer* buf,  int incr) {
 unsigned char buf_getbyte(buffer* buf) {
 
 	/* This check is really just ==, but the >= allows us to check for the
-	 * assert()able case of pos > len, which should _never_ happen. */
+	 * bad case of pos > len, which should _never_ happen. */
 	if (buf->pos >= buf->len) {
 		dropbear_exit("bad buf_getbyte");
 	}
 	return buf->data[buf->pos++];
 }
 
+/* Get a bool from the buffer and increment the pos */
+unsigned char buf_getbool(buffer* buf) {
+
+	unsigned char b;
+	b = buf_getbyte(buf);
+	if (b != 0)
+		b = 1;
+	return b;
+}
+
 /* put a byte, incrementing the length if required */
 void buf_putbyte(buffer* buf, unsigned char val) {
 
@@ -258,9 +268,9 @@ void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) {
 void buf_putmpint(buffer* buf, mp_int * mp) {
 
 	unsigned int len, pad = 0;
-	TRACE(("enter buf_putmpint"));
+	TRACE(("enter buf_putmpint"))
 
-	assert(mp != NULL);
+	dropbear_assert(mp != NULL);
 
 	if (SIGN(mp) == MP_NEG) {
 		dropbear_exit("negative bignum");
@@ -294,7 +304,7 @@ void buf_putmpint(buffer* buf, mp_int * mp) {
 		buf_incrwritepos(buf, len-pad);
 	}
 
-	TRACE(("leave buf_putmpint"));
+	TRACE(("leave buf_putmpint"))
 }
 
 /* Retrieve an mp_int from the buffer.

buffer.h

@@ -50,6 +50,7 @@ void buf_setpos(buffer* buf, unsigned int pos);
 void buf_incrpos(buffer* buf, int incr); /* -ve is ok, to go backwards */
 void buf_incrwritepos(buffer* buf, unsigned int incr);
 unsigned char buf_getbyte(buffer* buf);
+unsigned char buf_getbool(buffer* buf);
 void buf_putbyte(buffer* buf, unsigned char val);
 unsigned char* buf_getptr(buffer* buf, unsigned int len);
 unsigned char* buf_getwriteptr(buffer* buf, unsigned int len);

channel.h

@@ -50,8 +50,8 @@
 
 #define CHAN_EXTEND_SIZE 3 /* how many extra slots to add when we need more */
 
-#define RECV_MAXWINDOW 4000 /* tweak */
-#define RECV_WINDOWEXTEND 500 /* We send a "window extend" every
+#define RECV_MAXWINDOW 8000 /* tweak */
+#define RECV_WINDOWEXTEND 1000 /* We send a "window extend" every
 								RECV_WINDOWEXTEND bytes */
 #define RECV_MAXPACKET RECV_MAXWINDOW /* tweak */
 
@@ -65,9 +65,9 @@ struct Channel {
 	unsigned int recvdonelen;
 	unsigned int recvmaxpacket, transmaxpacket;
 	void* typedata; /* a pointer to type specific data */
-	int infd; /* data to send over the wire */
-	int outfd; /* data for consumption, what was in writebuf */
-	int errfd; /* used like infd or errfd, depending if it's client or server.
+	int writefd; /* read from wire, written to insecure side */
+	int readfd; /* read from insecure size, written to wire */
+	int errfd; /* used like writefd or readfd, depending if it's client or server.
 				  Doesn't exactly belong here, but is cleaner here */
 	circbuffer *writebuf; /* data from the wire, for local consumption */
 	circbuffer *extrabuf; /* extended-data for the program - used like writebuf
@@ -81,6 +81,10 @@ struct Channel {
 	int initconn; /* used for TCP forwarding, whether the channel has been
 					 fully initialised */
 
+	int await_open; /* flag indicating whether we've sent an open request
+					   for this channel (and are awaiting a confirmation
+					   or failure). */
+
 	const struct ChanType* type;
 
 };
@@ -96,11 +100,11 @@ struct ChanType {
 
 };
 
-void chaninitialise();
+void chaninitialise(const struct ChanType *chantypes[]);
 void chancleanup();
 void setchannelfds(fd_set *readfd, fd_set *writefd);
 void channelio(fd_set *readfd, fd_set *writefd);
-struct Channel* getchannel(unsigned int chan);
+struct Channel* getchannel();
 struct Channel* newchannel(unsigned int remotechan, 
 		const struct ChanType *type, 
 		unsigned int transwindow, unsigned int transmaxpacket);
@@ -118,9 +122,11 @@ void recv_msg_channel_eof();
 void common_recv_msg_channel_data(struct Channel *channel, int fd, 
 		circbuffer * buf);
 
-const struct ChanType clichansess;
+#ifdef DROPBEAR_CLIENT
+extern const struct ChanType clichansess;
+#endif
 
-#ifdef USING_LISTENERS
+#if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT)
 int send_msg_channel_open_init(int fd, const struct ChanType *type);
 void recv_msg_channel_open_confirmation();
 void recv_msg_channel_open_failure();

chansession.h

@@ -29,6 +29,14 @@
 #include "channel.h"
 #include "listener.h"
 
+struct exitinfo {
+
+	int exitpid; /* -1 if not exited */
+	int exitstatus;
+	int exitsignal;
+	int exitcore;
+};
+
 struct ChanSess {
 
 	unsigned char * cmd; /* command to exec */
@@ -41,10 +49,7 @@ struct ChanSess {
 	unsigned char * term;
 
 	/* exit details */
-	int exited;
-	int exitstatus;
-	int exitsignal;
-	unsigned char exitcore;
+	struct exitinfo exit;
 	
 #ifndef DISABLE_X11FWD
 	struct Listener * x11listener;

circbuffer.c

@@ -66,11 +66,11 @@ unsigned int cbuf_getavail(circbuffer * cbuf) {
 
 unsigned int cbuf_readlen(circbuffer *cbuf) {
 
-	assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
-	assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size);
+	dropbear_assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
+	dropbear_assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size);
 
 	if (cbuf->used == 0) {
-		TRACE(("cbuf_readlen: unused buffer"));
+		TRACE(("cbuf_readlen: unused buffer"))
 		return 0;
 	}
 
@@ -83,12 +83,12 @@ unsigned int cbuf_readlen(circbuffer *cbuf) {
 
 unsigned int cbuf_writelen(circbuffer *cbuf) {
 
-	assert(cbuf->used <= cbuf->size);
-	assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
-	assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size);
+	dropbear_assert(cbuf->used <= cbuf->size);
+	dropbear_assert(((2*cbuf->size)+cbuf->writepos-cbuf->readpos)%cbuf->size == cbuf->used%cbuf->size);
+	dropbear_assert(((2*cbuf->size)+cbuf->readpos-cbuf->writepos)%cbuf->size == (cbuf->size-cbuf->used)%cbuf->size);
 
 	if (cbuf->used == cbuf->size) {
-		TRACE(("cbuf_writelen: full buffer"));
+		TRACE(("cbuf_writelen: full buffer"))
 		return 0; /* full */
 	}
 	
@@ -122,7 +122,7 @@ void cbuf_incrwrite(circbuffer *cbuf, unsigned int len) {
 	}
 
 	cbuf->used += len;
-	assert(cbuf->used <= cbuf->size);
+	dropbear_assert(cbuf->used <= cbuf->size);
 	cbuf->writepos = (cbuf->writepos + len) % cbuf->size;
 }
 
@@ -132,7 +132,7 @@ void cbuf_incrread(circbuffer *cbuf, unsigned int len) {
 		dropbear_exit("bad cbuf read");
 	}
 
-	assert(cbuf->used >= len);
+	dropbear_assert(cbuf->used >= len);
 	cbuf->used -= len;
 	cbuf->readpos = (cbuf->readpos + len) % cbuf->size;
 }

cli-algo.c

@@ -46,7 +46,7 @@ algo_type * cli_buf_match_algo(buffer* buf, algo_type localalgos[],
 
 	/* get the comma-separated list from the buffer ie "algo1,algo2,algo3" */
 	algolist = buf_getstring(buf, &len);
-	TRACE(("cli_buf_match_algo: %s", algolist));
+	TRACE(("cli_buf_match_algo: %s", algolist))
 	if (len > MAX_PROPOSED_ALGO*(MAX_NAME_LEN+1)) {
 		goto out; /* just a sanity check, no other use */
 	}

cli-auth.c

@@ -32,7 +32,6 @@
 #include "packet.h"
 #include "runopts.h"
 
-
 void cli_authinitialise() {
 
 	memset(&ses.authstate, 0, sizeof(ses.authstate));
@@ -42,7 +41,7 @@ void cli_authinitialise() {
 /* Send a "none" auth request to get available methods */
 void cli_auth_getmethods() {
 
-	TRACE(("enter cli_auth_getmethods"));
+	TRACE(("enter cli_auth_getmethods"))
 
 	CHECKCLEARTOWRITE();
 
@@ -54,7 +53,7 @@ void cli_auth_getmethods() {
 	buf_putstring(ses.writepayload, "none", 4); /* 'none' method */
 
 	encrypt_packet();
-	TRACE(("leave cli_auth_getmethods"));
+	TRACE(("leave cli_auth_getmethods"))
 
 }
 
@@ -64,9 +63,9 @@ void recv_msg_userauth_banner() {
 	unsigned int bannerlen;
 	unsigned int i, linecount;
 
-	TRACE(("enter recv_msg_userauth_banner"));
+	TRACE(("enter recv_msg_userauth_banner"))
 	if (ses.authstate.authdone) {
-		TRACE(("leave recv_msg_userauth_banner: banner after auth done"));
+		TRACE(("leave recv_msg_userauth_banner: banner after auth done"))
 		return;
 	}
 
@@ -74,7 +73,7 @@ void recv_msg_userauth_banner() {
 	buf_eatstring(ses.payload); /* The language string */
 
 	if (bannerlen > MAX_BANNER_SIZE) {
-		TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen));
+		TRACE(("recv_msg_userauth_banner: bannerlen too long: %d", bannerlen))
 		goto out;
 	}
 
@@ -96,9 +95,43 @@ void recv_msg_userauth_banner() {
 
 out:
 	m_free(banner);
-	TRACE(("leave recv_msg_userauth_banner"));
+	TRACE(("leave recv_msg_userauth_banner"))
 }
 
+/* This handles the message-specific types which
+ * all have a value of 60. These are
+ * SSH_MSG_USERAUTH_PASSWD_CHANGEREQ,
+ * SSH_MSG_USERAUTH_PK_OK, &
+ * SSH_MSG_USERAUTH_INFO_REQUEST. */
+void recv_msg_userauth_specific_60() {
+
+#ifdef ENABLE_CLI_PUBKEY_AUTH
+	if (cli_ses.lastauthtype == AUTH_TYPE_PUBKEY) {
+		recv_msg_userauth_pk_ok();
+		return;
+	}
+#endif
+
+#ifdef ENABLE_CLI_INTERACT_AUTH
+	if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT) {
+		recv_msg_userauth_info_request();
+		return;
+	}
+#endif
+
+#ifdef ENABLE_CLI_PASSWORD_AUTH
+	if (cli_ses.lastauthtype == AUTH_TYPE_PASSWORD) {
+		/* Eventually there could be proper password-changing
+		 * support. However currently few servers seem to
+		 * implement it, and password auth is last-resort
+		 * regardless - keyboard-interactive is more likely
+		 * to be used anyway. */
+		dropbear_close("Your password has expired.");
+	}
+#endif
+
+	dropbear_exit("Unexpected userauth packet");
+}
 
 void recv_msg_userauth_failure() {
 
@@ -108,13 +141,12 @@ void recv_msg_userauth_failure() {
 	unsigned int partial = 0;
 	unsigned int i = 0;
 
-	TRACE(("<- MSG_USERAUTH_FAILURE"));
-	TRACE(("enter recv_msg_userauth_failure"));
+	TRACE(("<- MSG_USERAUTH_FAILURE"))
+	TRACE(("enter recv_msg_userauth_failure"))
 
 	if (cli_ses.state != USERAUTH_REQ_SENT) {
 		/* Perhaps we should be more fatal? */
-		TRACE(("But we didn't send a userauth request!!!!!!"));
-		return;
+		dropbear_exit("Unexpected userauth failure");
 	}
 
 #ifdef ENABLE_CLI_PUBKEY_AUTH
@@ -125,9 +157,22 @@ void recv_msg_userauth_failure() {
 	}
 #endif
 
+#ifdef ENABLE_CLI_INTERACT_AUTH
+	/* If we get a failure message for keyboard interactive without
+	 * receiving any request info packet, then we don't bother trying
+	 * keyboard interactive again */
+	if (cli_ses.lastauthtype == AUTH_TYPE_INTERACT
+			&& !cli_ses.interact_request_received) {
+		TRACE(("setting auth_interact_failed = 1"))
+		cli_ses.auth_interact_failed = 1;
+	}
+#endif
+
+	cli_ses.lastauthtype = AUTH_TYPE_NONE;
+
 	methods = buf_getstring(ses.payload, &methlen);
 
-	partial = buf_getbyte(ses.payload);
+	partial = buf_getbool(ses.payload);
 
 	if (partial) {
 		dropbear_log(LOG_INFO, "Authentication partially succeeded, more attempts required");
@@ -135,7 +180,7 @@ void recv_msg_userauth_failure() {
 		ses.authstate.failcount++;
 	}
 
-	TRACE(("Methods (len %d): '%s'", methlen, methods));
+	TRACE(("Methods (len %d): '%s'", methlen, methods))
 
 	ses.authstate.authdone=0;
 	ses.authstate.authtypes=0;
@@ -150,13 +195,19 @@ void recv_msg_userauth_failure() {
 	tok = methods; /* tok stores the next method we'll compare */
 	for (i = 0; i <= methlen; i++) {
 		if (methods[i] == '\0') {
-			TRACE(("auth method '%s'", tok));
+			TRACE(("auth method '%s'", tok))
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 			if (strncmp(AUTH_METHOD_PUBKEY, tok,
 				AUTH_METHOD_PUBKEY_LEN) == 0) {
 				ses.authstate.authtypes |= AUTH_TYPE_PUBKEY;
 			}
 #endif
+#ifdef ENABLE_CLI_INTERACT_AUTH
+			if (strncmp(AUTH_METHOD_INTERACT, tok,
+				AUTH_METHOD_INTERACT_LEN) == 0) {
+				ses.authstate.authtypes |= AUTH_TYPE_INTERACT;
+			}
+#endif
 #ifdef ENABLE_CLI_PASSWORD_AUTH
 			if (strncmp(AUTH_METHOD_PASSWORD, tok,
 				AUTH_METHOD_PASSWORD_LEN) == 0) {
@@ -169,25 +220,29 @@ void recv_msg_userauth_failure() {
 		}
 	}
 
+	m_free(methods);
+
 	cli_ses.state = USERAUTH_FAIL_RCVD;
 		
-	TRACE(("leave recv_msg_userauth_failure"));
+	TRACE(("leave recv_msg_userauth_failure"))
 }
 
 void recv_msg_userauth_success() {
-	TRACE(("received msg_userauth_success"));
+	TRACE(("received msg_userauth_success"))
 	ses.authstate.authdone = 1;
 	cli_ses.state = USERAUTH_SUCCESS_RCVD;
+	cli_ses.lastauthtype = AUTH_TYPE_NONE;
 }
 
 void cli_auth_try() {
 
-	TRACE(("enter cli_auth_try"));
+	TRACE(("enter cli_auth_try"))
 	int finished = 0;
 
 	CHECKCLEARTOWRITE();
 	
-	/* XXX We hardcode that we try a pubkey first */
+	/* Order to try is pubkey, interactive, password.
+	 * As soon as "finished" is set for one, we don't do any more. */
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 	if (ses.authstate.authtypes & AUTH_TYPE_PUBKEY) {
 		finished = cli_auth_pubkey();
@@ -195,16 +250,46 @@ void cli_auth_try() {
 	}
 #endif
 
+#ifdef ENABLE_CLI_INTERACT_AUTH
+	if (!finished && ses.authstate.authtypes & AUTH_TYPE_INTERACT) {
+		if (cli_ses.auth_interact_failed) {
+			finished = 0;
+		} else {
+			cli_auth_interactive();
+			cli_ses.lastauthtype = AUTH_TYPE_INTERACT;
+			finished = 1;
+		}
+	}
+#endif
+
 #ifdef ENABLE_CLI_PASSWORD_AUTH
 	if (!finished && ses.authstate.authtypes & AUTH_TYPE_PASSWORD) {
-		finished = cli_auth_password();
+		cli_auth_password();
+		finished = 1;
 		cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
 	}
 #endif
 
+	TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype))
+
 	if (!finished) {
 		dropbear_exit("No auth methods could be used.");
 	}
 
-	TRACE(("leave cli_auth_try"));
+	TRACE(("leave cli_auth_try"))
+}
+
+/* A helper for getpass() that exits if the user cancels. The returned
+ * password is statically allocated by getpass() */
+char* getpass_or_cancel()
+{
+	char* password = NULL;
+
+	password = getpass("Password: ");
+
+	/* 0x03 is a ctrl-c character in the buffer. */
+	if (password == NULL || strchr(password, '\3') != NULL) {
+		dropbear_close("Interrupted.");
+	}
+	return password;
 }

cli-authinteract.c

@@ -0,0 +1,168 @@
+/*
+ * Dropbear SSH
+ * 
+ * Copyright (c) 2005 Matt Johnston
+ * All rights reserved.
+ * 
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ * 
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE. */
+
+#include "includes.h"
+#include "buffer.h"
+#include "dbutil.h"
+#include "session.h"
+#include "ssh.h"
+#include "runopts.h"
+
+#ifdef ENABLE_CLI_INTERACT_AUTH
+
+static unsigned char* get_response(unsigned char* prompt)
+{
+	FILE* tty = NULL;
+	unsigned char* response = NULL;
+	/* not a password, but a reasonable limit */
+	char buf[DROPBEAR_MAX_CLI_PASS];
+	char* ret = NULL;
+
+	fprintf(stderr, "%s", prompt);
+
+	tty = fopen(_PATH_TTY, "r");
+	if (tty) {
+		ret = fgets(buf, sizeof(buf), tty);
+		fclose(tty);
+	} else {
+		ret = fgets(buf, sizeof(buf), stdin);
+	}
+
+	if (ret == NULL) {
+		response = (unsigned char*)m_strdup("");
+	} else {
+		unsigned int buflen = strlen(buf);
+		/* fgets includes newlines */
+		if (buflen > 0 && buf[buflen-1] == '\n')
+			buf[buflen-1] = '\0';
+		response = (unsigned char*)m_strdup(buf);
+	}
+
+	m_burn(buf, sizeof(buf));
+
+	return response;
+}
+
+void recv_msg_userauth_info_request() {
+
+	unsigned char *name = NULL;
+	unsigned char *instruction = NULL;
+	unsigned int num_prompts = 0;
+	unsigned int i;
+
+	unsigned char *prompt = NULL;
+	unsigned int echo = 0;
+	unsigned char *response = NULL;
+
+	TRACE(("enter recv_msg_recv_userauth_info_request"))
+
+	cli_ses.interact_request_received = 1;
+
+	name = buf_getstring(ses.payload, NULL);
+	instruction = buf_getstring(ses.payload, NULL);
+
+	/* language tag */
+	buf_eatstring(ses.payload);
+
+	num_prompts = buf_getint(ses.payload);
+	
+	if (num_prompts >= DROPBEAR_MAX_CLI_INTERACT_PROMPTS) {
+		dropbear_exit("Too many prompts received for keyboard-interactive");
+	}
+
+	/* we'll build the response as we go */
+	CHECKCLEARTOWRITE();
+	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_INFO_RESPONSE);
+	buf_putint(ses.writepayload, num_prompts);
+
+	if (strlen(name) > 0) {
+		cleantext(name);
+		fprintf(stderr, "%s", name);
+		m_free(name);
+	}
+	if (strlen(instruction) > 0) {
+		cleantext(instruction);
+		fprintf(stderr, "%s", instruction);
+		m_free(instruction);
+	}
+
+	for (i = 0; i < num_prompts; i++) {
+		unsigned int response_len = 0;
+		prompt = buf_getstring(ses.payload, NULL);
+		cleantext(prompt);
+
+		echo = buf_getbool(ses.payload);
+
+		if (!echo) {
+			unsigned char* p = getpass_or_cancel(prompt);
+			response = m_strdup(p);
+			m_burn(p, strlen(p));
+		} else {
+			response = get_response(prompt);
+		}
+
+		response_len = strlen(response);
+		buf_putstring(ses.writepayload, response, response_len);
+		m_burn(response, response_len);
+		m_free(response);
+	}
+
+	encrypt_packet();
+
+
+	TRACE(("leave recv_msg_recv_userauth_info_request"))
+}
+
+void cli_auth_interactive() {
+
+	TRACE(("enter cli_auth_interactive"))
+	CHECKCLEARTOWRITE();
+
+	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
+
+	/* username */
+	buf_putstring(ses.writepayload, cli_opts.username,
+			strlen(cli_opts.username));
+
+	/* service name */
+	buf_putstring(ses.writepayload, SSH_SERVICE_CONNECTION, 
+			SSH_SERVICE_CONNECTION_LEN);
+
+	/* method */
+	buf_putstring(ses.writepayload, AUTH_METHOD_INTERACT,
+			AUTH_METHOD_INTERACT_LEN);
+
+	/* empty language tag */
+	buf_putstring(ses.writepayload, "", 0);
+
+	/* empty submethods */
+	buf_putstring(ses.writepayload, "", 0);
+
+	encrypt_packet();
+	cli_ses.interact_request_received = 0;
+
+	TRACE(("leave cli_auth_interactive"))
+
+}
+#endif	/* ENABLE_CLI_INTERACT_AUTH */

cli-authpasswd.c

@@ -30,13 +30,102 @@
 #include "runopts.h"
 
 #ifdef ENABLE_CLI_PASSWORD_AUTH
-int cli_auth_password() {
+
+#ifdef ENABLE_CLI_ASKPASS_HELPER
+/* Returns 1 if we want to use the askpass program, 0 otherwise */
+static int want_askpass()
+{
+	char* askpass_prog = NULL;
+
+	askpass_prog = getenv("SSH_ASKPASS");
+	return askpass_prog && !isatty(STDIN_FILENO) && getenv("DISPLAY");
+}
+
+/* returns a statically allocated password from a helper app, or NULL
+ * on failure */
+static char *gui_getpass(const char *prompt) {
+
+	pid_t pid;
+	int p[2], maxlen, len, status;
+	static char buf[DROPBEAR_MAX_CLI_PASS + 1];
+	char* helper = NULL;
+
+	TRACE(("enter gui_getpass"))
+
+	helper = getenv("SSH_ASKPASS");
+	if (!helper)
+	{
+		TRACE(("leave gui_getpass: no askpass program"))
+		return NULL;
+	}
+
+	if (pipe(p) < 0) {
+		TRACE(("error creating child pipe"))
+		return NULL;
+	}
+
+	pid = fork();
+
+	if (pid < 0) {
+		TRACE(("fork error"))
+		return NULL;
+	}
+
+	if (!pid) {
+		/* child */
+		close(p[0]);
+		if (dup2(p[1], STDOUT_FILENO) < 0) {
+			TRACE(("error redirecting stdout"))
+			exit(1);
+		}
+		close(p[1]);
+		execlp(helper, helper, prompt, (char *)0);
+		TRACE(("execlp error"))
+		exit(1);
+	}
+
+	close(p[1]);
+	maxlen = sizeof(buf);
+	while (maxlen > 0) {
+		len = read(p[0], buf + sizeof(buf) - maxlen, maxlen);
+		if (len > 0) {
+			maxlen -= len;
+		} else {
+			if (errno != EINTR)
+				break;
+		}
+	}
+
+	close(p[0]);
+
+	while (waitpid(pid, &status, 0) < 0 && errno == EINTR)
+		;
+	if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
+		return(NULL);
+
+	len = sizeof(buf) - maxlen;
+	buf[len] = '\0';
+	if (len > 0 && buf[len - 1] == '\n')
+		buf[len - 1] = '\0';
+
+	TRACE(("leave gui_getpass"))
+	return(buf);
+}
+#endif /* ENABLE_CLI_ASKPASS_HELPER */
+
+void cli_auth_password() {
 
 	char* password = NULL;
-	TRACE(("enter cli_auth_password"));
 
+	TRACE(("enter cli_auth_password"))
 	CHECKCLEARTOWRITE();
-	password = getpass("Password: ");
+
+#ifdef ENABLE_CLI_ASKPASS_HELPER
+	if (want_askpass())
+		password = gui_getpass("Password: ");
+	else
+#endif
+		password = getpass_or_cancel("Password: ");
 
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
 
@@ -56,8 +145,6 @@ int cli_auth_password() {
 	encrypt_packet();
 	m_burn(password, strlen(password));
 
-	TRACE(("leave cli_auth_password"));
-	return 1; /* Password auth can always be tried */
-
+	TRACE(("leave cli_auth_password"))
 }
-#endif
+#endif	/* ENABLE_CLI_PASSWORD_AUTH */

cli-authpubkey.c

@@ -38,40 +38,40 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign);
  * We use it to remove the key we tried from the list */
 void cli_pubkeyfail() {
 
-	struct PubkeyList *keyitem;
-	struct PubkeyList **previtem;
+	struct SignKeyList *keyitem;
+	struct SignKeyList **previtem;
 
-	TRACE(("enter cli_pubkeyfail"));
-	previtem = &cli_opts.pubkeys;
+	TRACE(("enter cli_pubkeyfail"))
+	previtem = &cli_opts.privkeys;
 
 	/* Find the key we failed with, and remove it */
-	for (keyitem = cli_opts.pubkeys; keyitem != NULL; keyitem = keyitem->next) {
-		if (keyitem == cli_ses.lastpubkey) {
+	for (keyitem = cli_opts.privkeys; keyitem != NULL; keyitem = keyitem->next) {
+		if (keyitem == cli_ses.lastprivkey) {
 			*previtem = keyitem->next;
 		}
 		previtem = &keyitem;
 	}
 
-	sign_key_free(cli_ses.lastpubkey->key); /* It won't be used again */
-	m_free(cli_ses.lastpubkey);
+	sign_key_free(cli_ses.lastprivkey->key); /* It won't be used again */
+	m_free(cli_ses.lastprivkey);
 
-	TRACE(("leave cli_pubkeyfail"));
+	TRACE(("leave cli_pubkeyfail"))
 }
 
 void recv_msg_userauth_pk_ok() {
 
-	struct PubkeyList *keyitem;
+	struct SignKeyList *keyitem;
 	buffer* keybuf;
 	char* algotype = NULL;
 	unsigned int algolen;
 	int keytype;
 	unsigned int remotelen;
 
-	TRACE(("enter recv_msg_userauth_pk_ok"));
+	TRACE(("enter recv_msg_userauth_pk_ok"))
 
 	algotype = buf_getstring(ses.payload, &algolen);
 	keytype = signkey_type_from_name(algotype, algolen);
-	TRACE(("recv_msg_userauth_pk_ok: type %d", keytype));
+	TRACE(("recv_msg_userauth_pk_ok: type %d", keytype))
 	m_free(algotype);
 
 	keybuf = buf_new(MAX_PUBKEY_SIZE);
@@ -80,11 +80,11 @@ void recv_msg_userauth_pk_ok() {
 
 	/* Iterate through our keys, find which one it was that matched, and
 	 * send a real request with that key */
-	for (keyitem = cli_opts.pubkeys; keyitem != NULL; keyitem = keyitem->next) {
+	for (keyitem = cli_opts.privkeys; keyitem != NULL; keyitem = keyitem->next) {
 
 		if (keyitem->type != keytype) {
 			/* Types differed */
-			TRACE(("types differed"));
+			TRACE(("types differed"))
 			continue;
 		}
 
@@ -98,14 +98,14 @@ void recv_msg_userauth_pk_ok() {
 
 
 		if (keybuf->len-4 != remotelen) {
-			TRACE(("lengths differed: localh %d remote %d", keybuf->len, remotelen));
+			TRACE(("lengths differed: localh %d remote %d", keybuf->len, remotelen))
 			/* Lengths differed */
 			continue;
 		}
 		if (memcmp(buf_getptr(keybuf, remotelen),
 					buf_getptr(ses.payload, remotelen), remotelen) != 0) {
 			/* Data didn't match this key */
-			TRACE(("data differed"));
+			TRACE(("data differed"))
 			continue;
 		}
 
@@ -114,15 +114,15 @@ void recv_msg_userauth_pk_ok() {
 	}
 
 	if (keyitem != NULL) {
-		TRACE(("matching key"));
+		TRACE(("matching key"))
 		/* XXX TODO: if it's an encrypted key, here we ask for their
 		 * password */
 		send_msg_userauth_pubkey(keyitem->key, keytype, 1);
 	} else {
-		TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part"));
+		TRACE(("That was whacky. We got told that a key was valid, but it didn't match our list. Sounds like dodgy code on Dropbear's part"))
 	}
 
-	TRACE(("leave recv_msg_userauth_pk_ok"));
+	TRACE(("leave recv_msg_userauth_pk_ok"))
 }
 
 /* TODO: make it take an agent reference to use as well */
@@ -132,7 +132,7 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
 	int algolen;
 	buffer* sigbuf = NULL;
 
-	TRACE(("enter send_msg_userauth_pubkey"));
+	TRACE(("enter send_msg_userauth_pubkey"))
 	CHECKCLEARTOWRITE();
 
 	buf_putbyte(ses.writepayload, SSH_MSG_USERAUTH_REQUEST);
@@ -154,7 +154,7 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
 	buf_put_pub_key(ses.writepayload, key, type);
 
 	if (realsign) {
-		TRACE(("realsign"));
+		TRACE(("realsign"))
 		/* We put the signature as well - this contains string(session id), then
 		 * the contents of the write payload to this point */
 		sigbuf = buf_new(4 + SHA1_HASH_SIZE + ses.writepayload->len);
@@ -165,22 +165,22 @@ static void send_msg_userauth_pubkey(sign_key *key, int type, int realsign) {
 	}
 
 	encrypt_packet();
-	TRACE(("leave send_msg_userauth_pubkey"));
+	TRACE(("leave send_msg_userauth_pubkey"))
 }
 
 int cli_auth_pubkey() {
 
-	TRACE(("enter cli_auth_pubkey"));
+	TRACE(("enter cli_auth_pubkey"))
 
-	if (cli_opts.pubkeys != NULL) {
+	if (cli_opts.privkeys != NULL) {
 		/* Send a trial request */
-		send_msg_userauth_pubkey(cli_opts.pubkeys->key,
-				cli_opts.pubkeys->type, 0);
-		cli_ses.lastpubkey = cli_opts.pubkeys;
-		TRACE(("leave cli_auth_pubkey-success"));
+		send_msg_userauth_pubkey(cli_opts.privkeys->key,
+				cli_opts.privkeys->type, 0);
+		cli_ses.lastprivkey = cli_opts.privkeys;
+		TRACE(("leave cli_auth_pubkey-success"))
 		return 1;
 	} else {
-		TRACE(("leave cli_auth_pubkey-failure"));
+		TRACE(("leave cli_auth_pubkey-failure"))
 		return 0;
 	}
 }

cli-channel.c

@@ -33,21 +33,18 @@
 /* We receive channel data - only used by the client chansession code*/
 void recv_msg_channel_extended_data() {
 
-	unsigned int chan;
 	struct Channel *channel;
 	unsigned int datatype;
 
-	TRACE(("enter recv_msg_channel_extended_data"));
-
-	chan = buf_getint(ses.payload);
-	channel = getchannel(chan);
+	TRACE(("enter recv_msg_channel_extended_data"))
 
+	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 
 	if (channel->type != &clichansess) {
-		TRACE(("leave recv_msg_channel_extended_data: chantype is wrong"));
+		TRACE(("leave recv_msg_channel_extended_data: chantype is wrong"))
 		return; /* we just ignore it */
 	}
 
@@ -55,11 +52,11 @@ void recv_msg_channel_extended_data() {
 	
 	if (datatype != SSH_EXTENDED_DATA_STDERR) {
 		TRACE(("leave recv_msg_channel_extended_data: wrong datatype: %d",
-					datatype));
+					datatype))
 		return;	
 	}
 
 	common_recv_msg_channel_data(channel, channel->errfd, channel->extrabuf);
 
-	TRACE(("leave recv_msg_channel_extended_data"));
+	TRACE(("leave recv_msg_channel_extended_data"))
 }

cli-chansession.c

@@ -59,20 +59,20 @@ static void cli_chansessreq(struct Channel *channel) {
 	unsigned char* type = NULL;
 	int wantreply;
 
-	TRACE(("enter cli_chansessreq"));
+	TRACE(("enter cli_chansessreq"))
 
 	type = buf_getstring(ses.payload, NULL);
-	wantreply = buf_getbyte(ses.payload);
+	wantreply = buf_getbool(ses.payload);
 
 	if (strcmp(type, "exit-status") != 0) {
-		TRACE(("unknown request '%s'", type));
+		TRACE(("unknown request '%s'", type))
 		send_msg_channel_failure(channel);
 		goto out;
 	}
 		
 	/* We'll just trust what they tell us */
 	cli_ses.retval = buf_getint(ses.payload);
-	TRACE(("got exit-status of '%d'", cli_ses.retval));
+	TRACE(("got exit-status of '%d'", cli_ses.retval))
 
 out:
 	m_free(type);
@@ -108,10 +108,10 @@ static void cli_tty_setup() {
 
 	struct termios tio;
 
-	TRACE(("enter cli_pty_setup"));
+	TRACE(("enter cli_pty_setup"))
 
 	if (cli_ses.tty_raw_mode == 1) {
-		TRACE(("leave cli_tty_setup: already in raw mode!"));
+		TRACE(("leave cli_tty_setup: already in raw mode!"))
 		return;
 	}
 
@@ -139,15 +139,15 @@ static void cli_tty_setup() {
 	}
 
 	cli_ses.tty_raw_mode = 1;
-	TRACE(("leave cli_tty_setup"));
+	TRACE(("leave cli_tty_setup"))
 }
 
 void cli_tty_cleanup() {
 
-	TRACE(("enter cli_tty_cleanup"));
+	TRACE(("enter cli_tty_cleanup"))
 
 	if (cli_ses.tty_raw_mode == 0) {
-		TRACE(("leave cli_tty_cleanup: not in raw mode"));
+		TRACE(("leave cli_tty_cleanup: not in raw mode"))
 		return;
 	}
 
@@ -157,12 +157,12 @@ void cli_tty_cleanup() {
 		cli_ses.tty_raw_mode = 0; 
 	}
 
-	TRACE(("leave cli_tty_cleanup"));
+	TRACE(("leave cli_tty_cleanup"))
 }
 
 static void put_termcodes() {
 
-	TRACE(("enter put_termcodes"));
+	TRACE(("enter put_termcodes"))
 
 	struct termios tio;
 	unsigned int sshcode;
@@ -232,7 +232,7 @@ static void put_termcodes() {
 	buf_putint(ses.writepayload, bufpos2 - bufpos1 - 4); /* len(termcodes) */
 	buf_setpos(ses.writepayload, bufpos2); /* Back where we were */
 
-	TRACE(("leave put_termcodes"));
+	TRACE(("leave put_termcodes"))
 }
 
 static void put_winsize() {
@@ -284,7 +284,7 @@ static void send_chansess_pty_req(struct Channel *channel) {
 
 	unsigned char* term = NULL;
 
-	TRACE(("enter send_chansess_pty_req"));
+	TRACE(("enter send_chansess_pty_req"))
 
 	start_channel_request(channel, "pty-req");
 
@@ -310,14 +310,14 @@ static void send_chansess_pty_req(struct Channel *channel) {
 	if (signal(SIGWINCH, sigwinch_handler) == SIG_ERR) {
 		dropbear_exit("signal error");
 	}
-	TRACE(("leave send_chansess_pty_req"));
+	TRACE(("leave send_chansess_pty_req"))
 }
 
 static void send_chansess_shell_req(struct Channel *channel) {
 
 	unsigned char* reqtype = NULL;
 
-	TRACE(("enter send_chansess_shell_req"));
+	TRACE(("enter send_chansess_shell_req"))
 
 	if (cli_opts.cmd) {
 		reqtype = "exec";
@@ -334,16 +334,16 @@ static void send_chansess_shell_req(struct Channel *channel) {
 	}
 
 	encrypt_packet();
-	TRACE(("leave send_chansess_shell_req"));
+	TRACE(("leave send_chansess_shell_req"))
 }
 
 static int cli_initchansess(struct Channel *channel) {
 
 
-	channel->infd = STDOUT_FILENO;
+	channel->writefd = STDOUT_FILENO;
 	setnonblocking(STDOUT_FILENO);
 
-	channel->outfd = STDIN_FILENO;
+	channel->readfd = STDIN_FILENO;
 	setnonblocking(STDIN_FILENO);
 
 	channel->errfd = STDERR_FILENO;
@@ -367,7 +367,7 @@ static int cli_initchansess(struct Channel *channel) {
 
 void cli_send_chansess_request() {
 
-	TRACE(("enter cli_send_chansess_request"));
+	TRACE(("enter cli_send_chansess_request"))
 	if (send_msg_channel_open_init(STDIN_FILENO, &clichansess) 
 			== DROPBEAR_FAILURE) {
 		dropbear_exit("Couldn't open initial channel");
@@ -375,6 +375,6 @@ void cli_send_chansess_request() {
 
 	/* No special channel request data */
 	encrypt_packet();
-	TRACE(("leave cli_send_chansess_request"));
+	TRACE(("leave cli_send_chansess_request"))
 
 }

cli-kex.c

@@ -65,14 +65,14 @@ void recv_msg_kexdh_reply() {
 	unsigned char* keyblob = NULL;
 
 
-	TRACE(("enter recv_msg_kexdh_reply"));
+	TRACE(("enter recv_msg_kexdh_reply"))
 
 	if (cli_ses.kex_state != KEXDH_INIT_SENT) {
 		dropbear_exit("Received out-of-order kexdhreply");
 	}
 	m_mp_init(&dh_f);
 	type = ses.newkeys->algo_hostkey;
-	TRACE(("type is %d", type));
+	TRACE(("type is %d", type))
 
 	hostkey = new_sign_key();
 	keybloblen = buf_getint(ses.payload);
@@ -84,12 +84,12 @@ void recv_msg_kexdh_reply() {
 	}
 
 	if (buf_get_pub_key(ses.payload, hostkey, &type) != DROPBEAR_SUCCESS) {
-		TRACE(("failed getting pubkey"));
+		TRACE(("failed getting pubkey"))
 		dropbear_exit("Bad KEX packet");
 	}
 
 	if (buf_getmpint(ses.payload, &dh_f) != DROPBEAR_SUCCESS) {
-		TRACE(("failed getting mpint"));
+		TRACE(("failed getting mpint"))
 		dropbear_exit("Bad KEX packet");
 	}
 
@@ -109,19 +109,29 @@ void recv_msg_kexdh_reply() {
 
 	send_msg_newkeys();
 	ses.requirenext = SSH_MSG_NEWKEYS;
-	TRACE(("leave recv_msg_kexdh_init"));
+	TRACE(("leave recv_msg_kexdh_init"))
 }
 
 static void ask_to_confirm(unsigned char* keyblob, unsigned int keybloblen) {
 
 	char* fp = NULL;
+	FILE *tty = NULL;
+	char response = 'z';
 
 	fp = sign_key_fingerprint(keyblob, keybloblen);
 	fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", 
 			cli_opts.remotehost, 
 			fp);
 
-	if (getc(stdin) == 'y') {
+	tty = fopen(_PATH_TTY, "r");
+	if (tty) {
+		response = getc(tty);
+		fclose(tty);
+	} else {
+		response = getc(stdin);
+	}
+
+	if (response == 'y') {
 		m_free(fp);
 		return;
 	}
@@ -156,7 +166,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 		if (errno != EEXIST) {
 			dropbear_log(LOG_INFO, "Warning: failed creating ~/.ssh: %s",
 					strerror(errno));
-			TRACE(("mkdir didn't work: %s", strerror(errno)));
+			TRACE(("mkdir didn't work: %s", strerror(errno)))
 			ask_to_confirm(keyblob, keybloblen);
 			goto out; /* only get here on success */
 		}
@@ -170,14 +180,14 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 	} else {
 		/* We mightn't have been able to open it if it was read-only */
 		if (errno == EACCES || errno == EROFS) {
-				TRACE(("trying readonly: %s", strerror(errno)));
+				TRACE(("trying readonly: %s", strerror(errno)))
 				readonly = 1;
 				hostsfile = fopen(filename, "r");
 		}
 	}
 
 	if (hostsfile == NULL) {
-		TRACE(("hostsfile didn't open: %s", strerror(errno)));
+		TRACE(("hostsfile didn't open: %s", strerror(errno)))
 		ask_to_confirm(keyblob, keybloblen);
 		goto out; /* We only get here on success */
 	}
@@ -188,7 +198,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 
 	do {
 		if (buf_getline(line, hostsfile) == DROPBEAR_FAILURE) {
-			TRACE(("failed reading line: prob EOF"));
+			TRACE(("failed reading line: prob EOF"))
 			break;
 		}
 
@@ -197,32 +207,32 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 		 * buf_getfoo() past the end and die horribly - the base64 parsing
 		 * code is what tiptoes up to the end nicely */
 		if (line->len < (hostlen+30) ) {
-			TRACE(("line is too short to be sensible"));
+			TRACE(("line is too short to be sensible"))
 			continue;
 		}
 
 		/* Compare hostnames */
 		if (strncmp(cli_opts.remotehost, buf_getptr(line, hostlen),
 					hostlen) != 0) {
-			TRACE(("hosts don't match"));
+			TRACE(("hosts don't match"))
 			continue;
 		}
 
 		buf_incrpos(line, hostlen);
 		if (buf_getbyte(line) != ' ') {
 			/* there wasn't a space after the hostname, something dodgy */
-			TRACE(("missing space afte matching hostname"));
+			TRACE(("missing space afte matching hostname"))
 			continue;
 		}
 
 		if ( strncmp(buf_getptr(line, algolen), algoname, algolen) != 0) {
-			TRACE(("algo doesn't match"));
+			TRACE(("algo doesn't match"))
 			continue;
 		}
 
 		buf_incrpos(line, algolen);
 		if (buf_getbyte(line) != ' ') {
-			TRACE(("missing space after algo"));
+			TRACE(("missing space after algo"))
 			continue;
 		}
 
@@ -231,7 +241,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 
 		if (ret == DROPBEAR_SUCCESS) {
 			/* Good matching key */
-			TRACE(("good matching key"));
+			TRACE(("good matching key"))
 			goto out;
 		}
 
@@ -244,7 +254,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 	/* If we get here, they said yes */
 
 	if (readonly) {
-		TRACE(("readonly"));
+		TRACE(("readonly"))
 		goto out;
 	}
 
@@ -257,7 +267,7 @@ static void checkhostkey(unsigned char* keyblob, unsigned int keybloblen) {
 	buf_putbytes(line, algoname, algolen);
 	buf_putbyte(line, ' ');
 	len = line->size - line->pos;
-	TRACE(("keybloblen %d, len %d", keybloblen, len));
+	TRACE(("keybloblen %d, len %d", keybloblen, len))
 	/* The only failure with base64 is buffer_overflow, but buf_getwriteptr
 	 * will die horribly in the case anyway */
 	base64_encode(keyblob, keybloblen, buf_getwriteptr(line, len), &len);

cli-main.c

@@ -50,7 +50,7 @@ int main(int argc, char ** argv) {
 	cli_getopts(argc, argv);
 
 	TRACE(("user='%s' host='%s' port='%s'", cli_opts.username,
-				cli_opts.remotehost, cli_opts.remoteport));
+				cli_opts.remotehost, cli_opts.remoteport))
 
 	if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
 		dropbear_exit("signal() error");

cli-runopts.c

@@ -47,18 +47,19 @@ static void printhelp() {
 					"Usage: %s [options] [user@]host\n"
 					"Options are:\n"
 					"-p <remoteport>\n"
+					"-l <username>\n"
 					"-t    Allocate a pty\n"
 					"-T    Don't allocate a pty\n"
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 					"-i <identityfile>   (multiple allowed)\n"
 #endif
 #ifdef ENABLE_CLI_LOCALTCPFWD
-					"-L <listenport:remotehsot:reportport> Local port forwarding\n"
+					"-L <listenport:remotehost:remoteport> Local port forwarding\n"
+					"-g    Allow remote hosts to connect to forwarded ports\n"
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
 					"-R <listenport:remotehost:remoteport> Remote port forwarding\n"
 #endif
-					"-l <username>\n"
 #ifdef DEBUG_TRACE
 					"-v    verbose\n"
 #endif
@@ -89,16 +90,15 @@ void cli_getopts(int argc, char ** argv) {
 	cli_opts.cmd = NULL;
 	cli_opts.wantpty = 9; /* 9 means "it hasn't been touched", gets set later */
 #ifdef ENABLE_CLI_PUBKEY_AUTH
-	cli_opts.pubkeys = NULL;
+	cli_opts.privkeys = NULL;
 #endif
 #ifdef ENABLE_CLI_LOCALTCPFWD
 	cli_opts.localfwds = NULL;
+	opts.listen_fwd_all = 0;
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
 	cli_opts.remotefwds = NULL;
 #endif
-	opts.nolocaltcp = 0;
-	opts.noremotetcp = 0;
 	/* not yet
 	opts.ipv4 = 1;
 	opts.ipv6 = 1;
@@ -116,7 +116,7 @@ void cli_getopts(int argc, char ** argv) {
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
 		if (nextisremote) {
-			TRACE(("nextisremote true"));
+			TRACE(("nextisremote true"))
 			addforward(argv[i], &cli_opts.remotefwds);
 			nextisremote = 0;
 			continue;
@@ -124,7 +124,7 @@ void cli_getopts(int argc, char ** argv) {
 #endif
 #ifdef ENABLE_CLI_LOCALTCPFWD
 		if (nextislocal) {
-			TRACE(("nextislocal true"));
+			TRACE(("nextislocal true"))
 			addforward(argv[i], &cli_opts.localfwds);
 			nextislocal = 0;
 			continue;
@@ -149,7 +149,12 @@ void cli_getopts(int argc, char ** argv) {
 					break;
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 				case 'i': /* an identityfile */
-					nextiskey = 1;
+					/* Keep scp happy when it changes "-i file" to "-ifile" */
+					if (strlen(argv[i]) > 2) {
+						loadidentityfile(&argv[i][2]);
+					} else  {
+						nextiskey = 1;
+					}
 					break;
 #endif
 				case 't': /* we want a pty */
@@ -162,6 +167,9 @@ void cli_getopts(int argc, char ** argv) {
 				case 'L':
 					nextislocal = 1;
 					break;
+				case 'g':
+					opts.listen_fwd_all = 1;
+					break;
 #endif
 #ifdef ENABLE_CLI_REMOTETCPFWD
 				case 'R':
@@ -209,7 +217,7 @@ void cli_getopts(int argc, char ** argv) {
 			continue; /* next argument */
 
 		} else {
-			TRACE(("non-flag arg: '%s'", argv[i]));
+			TRACE(("non-flag arg: '%s'", argv[i]))
 
 			/* Either the hostname or commands */
 
@@ -266,7 +274,7 @@ void cli_getopts(int argc, char ** argv) {
 #ifdef ENABLE_CLI_PUBKEY_AUTH
 static void loadidentityfile(const char* filename) {
 
-	struct PubkeyList * nextkey;
+	struct SignKeyList * nextkey;
 	sign_key *key;
 	int keytype;
 
@@ -279,11 +287,11 @@ static void loadidentityfile(const char* filename) {
 
 	} else {
 
-		nextkey = (struct PubkeyList*)m_malloc(sizeof(struct PubkeyList));
+		nextkey = (struct SignKeyList*)m_malloc(sizeof(struct SignKeyList));
 		nextkey->key = key;
-		nextkey->next = cli_opts.pubkeys;
+		nextkey->next = cli_opts.privkeys;
 		nextkey->type = keytype;
-		cli_opts.pubkeys = nextkey;
+		cli_opts.privkeys = nextkey;
 	}
 }
 #endif
@@ -338,7 +346,7 @@ static void addforward(char* origstr, struct TCPFwdList** fwdlist) {
 	struct TCPFwdList* newfwd = NULL;
 	char * str = NULL;
 
-	TRACE(("enter addforward"));
+	TRACE(("enter addforward"))
 
 	/* We probably don't want to be editing argvs */
 	str = m_strdup(origstr);
@@ -347,7 +355,7 @@ static void addforward(char* origstr, struct TCPFwdList** fwdlist) {
 
 	connectaddr = strchr(str, ':');
 	if (connectaddr == NULL) {
-		TRACE(("connectaddr == NULL"));
+		TRACE(("connectaddr == NULL"))
 		goto fail;
 	}
 
@@ -356,7 +364,7 @@ static void addforward(char* origstr, struct TCPFwdList** fwdlist) {
 
 	connectport = strchr(connectaddr, ':');
 	if (connectport == NULL) {
-		TRACE(("connectport == NULL"));
+		TRACE(("connectport == NULL"))
 		goto fail;
 	}
 
@@ -369,32 +377,32 @@ static void addforward(char* origstr, struct TCPFwdList** fwdlist) {
 	 * the check later only checks for >= MAX_PORT */
 	newfwd->listenport = strtol(listenport, NULL, 10);
 	if (errno != 0) {
-		TRACE(("bad listenport strtol"));
+		TRACE(("bad listenport strtol"))
 		goto fail;
 	}
 
 	newfwd->connectport = strtol(connectport, NULL, 10);
 	if (errno != 0) {
-		TRACE(("bad connectport strtol"));
+		TRACE(("bad connectport strtol"))
 		goto fail;
 	}
 
 	newfwd->connectaddr = connectaddr;
 
 	if (newfwd->listenport > 65535) {
-		TRACE(("listenport > 65535"));
+		TRACE(("listenport > 65535"))
 		goto badport;
 	}
 		
 	if (newfwd->connectport > 65535) {
-		TRACE(("connectport > 65535"));
+		TRACE(("connectport > 65535"))
 		goto badport;
 	}
 
 	newfwd->next = *fwdlist;
 	*fwdlist = newfwd;
 
-	TRACE(("leave addforward: done"));
+	TRACE(("leave addforward: done"))
 	return;
 
 fail:

cli-service.c

@@ -33,7 +33,7 @@
 
 void send_msg_service_request(char* servicename) {
 
-	TRACE(("enter send_msg_service_request: servicename='%s'", servicename));
+	TRACE(("enter send_msg_service_request: servicename='%s'", servicename))
 
 	CHECKCLEARTOWRITE();
 
@@ -41,7 +41,7 @@ void send_msg_service_request(char* servicename) {
 	buf_putstring(ses.writepayload, servicename, strlen(servicename));
 
 	encrypt_packet();
-	TRACE(("leave send_msg_service_request"));
+	TRACE(("leave send_msg_service_request"))
 }
 
 /* This just sets up the state variables right for the main client session loop
@@ -51,7 +51,7 @@ void recv_msg_service_accept() {
 	unsigned char* servicename;
 	unsigned int len;
 
-	TRACE(("enter recv_msg_service_accept"));
+	TRACE(("enter recv_msg_service_accept"))
 
 	servicename = buf_getstring(ses.payload, &len);
 
@@ -62,7 +62,7 @@ void recv_msg_service_accept() {
 
 		cli_ses.state = SERVICE_AUTH_ACCEPT_RCVD;
 		m_free(servicename);
-		TRACE(("leave recv_msg_service_accept: done ssh-userauth"));
+		TRACE(("leave recv_msg_service_accept: done ssh-userauth"))
 		return;
 	}
 
@@ -77,7 +77,7 @@ void recv_msg_service_accept() {
 
 		cli_ses.state = SERVICE_CONN_ACCEPT_RCVD;
 		m_free(servicename);
-		TRACE(("leave recv_msg_service_accept: done ssh-connection"));
+		TRACE(("leave recv_msg_service_accept: done ssh-connection"))
 		return;
 	}
 

cli-session.c

@@ -63,9 +63,7 @@ static const packettype cli_packettypes[] = {
 	{SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation},
 	{SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure},
 	{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
-#ifdef ENABLE_CLI_PUBKEY_AUTH
-	{SSH_MSG_USERAUTH_PK_OK, recv_msg_userauth_pk_ok}, /* client */
-#endif
+	{SSH_MSG_USERAUTH_SPECIFIC_60, recv_msg_userauth_specific_60}, /* client */
 	{0, 0} /* End */
 };
 
@@ -78,12 +76,14 @@ static const struct ChanType *cli_chantypes[] = {
 
 void cli_session(int sock, char* remotehost) {
 
+	seedrandom();
+
 	crypto_init();
+
 	common_session_init(sock, remotehost);
 
 	chaninitialise(cli_chantypes);
 
-
 	/* Set up cli_ses vars */
 	cli_session_init();
 
@@ -93,12 +93,8 @@ void cli_session(int sock, char* remotehost) {
 	/* Exchange identification */
 	session_identification();
 
-	seedrandom();
-
 	send_msg_kexinit();
 
-	/* XXX here we do stuff differently */
-
 	session_loop(cli_sessionloop);
 
 	/* Not reached */
@@ -113,17 +109,21 @@ static void cli_session_init() {
 	cli_ses.tty_raw_mode = 0;
 	cli_ses.winchange = 0;
 
-	/* We store stdin's flags, so we can set them back on exit (otherwise
-	 * busybox's ash isn't happy */
+	/* We store std{in,out,err}'s flags, so we can set them back on exit
+	 * (otherwise busybox's ash isn't happy */
 	cli_ses.stdincopy = dup(STDIN_FILENO);
 	cli_ses.stdinflags = fcntl(STDIN_FILENO, F_GETFL, 0);
+	cli_ses.stdoutcopy = dup(STDOUT_FILENO);
+	cli_ses.stdoutflags = fcntl(STDOUT_FILENO, F_GETFL, 0);
+	cli_ses.stderrcopy = dup(STDERR_FILENO);
+	cli_ses.stderrflags = fcntl(STDERR_FILENO, F_GETFL, 0);
 
 	cli_ses.retval = EXIT_SUCCESS; /* Assume it's clean if we don't get a
 									  specific exit status */
 
 	/* Auth */
-	cli_ses.lastpubkey = NULL;
-	cli_ses.lastauthtype = NULL;
+	cli_ses.lastprivkey = NULL;
+	cli_ses.lastauthtype = 0;
 
 	/* For printing "remote host closed" for the user */
 	ses.remoteclosed = cli_remoteclosed;
@@ -139,7 +139,7 @@ static void cli_session_init() {
  * service, userauth and channel requests */
 static void cli_sessionloop() {
 
-	TRACE(("enter cli_sessionloop"));
+	TRACE(("enter cli_sessionloop"))
 
 	if (ses.lastpacket == SSH_MSG_KEXINIT && cli_ses.kex_state == KEX_NOTHING) {
 		cli_ses.kex_state = KEXINIT_RCVD;
@@ -151,7 +151,7 @@ static void cli_sessionloop() {
 		 * negotiation would have failed. */
 		send_msg_kexdh_init();
 		cli_ses.kex_state = KEXDH_INIT_SENT;
-		TRACE(("leave cli_sessionloop: done with KEXINIT_RCVD"));
+		TRACE(("leave cli_sessionloop: done with KEXINIT_RCVD"))
 		return;
 	}
 
@@ -163,14 +163,14 @@ static void cli_sessionloop() {
 
 	/* We shouldn't do anything else if a KEX is in progress */
 	if (cli_ses.kex_state != KEX_NOTHING) {
-		TRACE(("leave cli_sessionloop: kex_state != KEX_NOTHING"));
+		TRACE(("leave cli_sessionloop: kex_state != KEX_NOTHING"))
 		return;
 	}
 
 	/* We should exit if we haven't donefirstkex: we shouldn't reach here
 	 * in normal operation */
 	if (ses.kexstate.donefirstkex == 0) {
-		TRACE(("XXX XXX might be bad! leave cli_sessionloop: haven't donefirstkex"));
+		TRACE(("XXX XXX might be bad! leave cli_sessionloop: haven't donefirstkex"))
 		return;
 	}
 
@@ -181,32 +181,32 @@ static void cli_sessionloop() {
 			 * userauth */
 			send_msg_service_request(SSH_SERVICE_USERAUTH);
 			cli_ses.state = SERVICE_AUTH_REQ_SENT;
-			TRACE(("leave cli_sessionloop: sent userauth service req"));
+			TRACE(("leave cli_sessionloop: sent userauth service req"))
 			return;
 
 		/* userauth code */
 		case SERVICE_AUTH_ACCEPT_RCVD:
 			cli_auth_getmethods();
 			cli_ses.state = USERAUTH_REQ_SENT;
-			TRACE(("leave cli_sessionloop: sent userauth methods req"));
+			TRACE(("leave cli_sessionloop: sent userauth methods req"))
 			return;
 			
 		case USERAUTH_FAIL_RCVD:
 			cli_auth_try();
 			cli_ses.state = USERAUTH_REQ_SENT;
-			TRACE(("leave cli_sessionloop: cli_auth_try"));
+			TRACE(("leave cli_sessionloop: cli_auth_try"))
 			return;
 
 			/*
 		case USERAUTH_SUCCESS_RCVD:
 			send_msg_service_request(SSH_SERVICE_CONNECTION);
 			cli_ses.state = SERVICE_CONN_REQ_SENT;
-			TRACE(("leave cli_sessionloop: sent ssh-connection service req"));
+			TRACE(("leave cli_sessionloop: sent ssh-connection service req"))
 			return;
 
 		case SERVICE_CONN_ACCEPT_RCVD:
 			cli_send_chansess_request();
-			TRACE(("leave cli_sessionloop: cli_send_chansess_request"));
+			TRACE(("leave cli_sessionloop: cli_send_chansess_request"))
 			cli_ses.state = SESSION_RUNNING;
 			return;
 			*/
@@ -219,7 +219,7 @@ static void cli_sessionloop() {
 			setup_remotetcp();
 #endif
 			cli_send_chansess_request();
-			TRACE(("leave cli_sessionloop: cli_send_chansess_request"));
+			TRACE(("leave cli_sessionloop: cli_send_chansess_request"))
 			cli_ses.state = SESSION_RUNNING;
 			return;
 
@@ -240,7 +240,7 @@ static void cli_sessionloop() {
 		break;
 	}
 
-	TRACE(("leave cli_sessionloop: fell out"));
+	TRACE(("leave cli_sessionloop: fell out"))
 
 }
 
@@ -250,9 +250,11 @@ void cli_session_cleanup() {
 		return;
 	}
 
-	/* Set stdin back to non-blocking - busybox ash dies nastily
-	 * if we don't revert the flags */
+	/* Set std{in,out,err} back to non-blocking - busybox ash dies nastily if
+	 * we don't revert the flags */
 	fcntl(cli_ses.stdincopy, F_SETFL, cli_ses.stdinflags);
+	fcntl(cli_ses.stdoutcopy, F_SETFL, cli_ses.stdoutflags);
+	fcntl(cli_ses.stderrcopy, F_SETFL, cli_ses.stderrflags);
 
 	cli_tty_cleanup();
 
@@ -279,7 +281,8 @@ static void cli_remoteclosed() {
 }
 
 /* Operates in-place turning dirty (untrusted potentially containing control
- * characters) text into clean text. */
+ * characters) text into clean text. 
+ * Note: this is safe only with ascii - other charsets could have problems. */
 void cleantext(unsigned char* dirtytext) {
 
 	unsigned int i, j;

cli-tcpfwd.c

@@ -31,8 +31,7 @@
 #include "session.h"
 #include "ssh.h"
 
-static int cli_localtcp(unsigned int listenport, const char* remoteaddr,
-		unsigned int remoteport);
+#ifdef ENABLE_CLI_REMOTETCPFWD
 static int newtcpforwarded(struct Channel * channel);
 
 const struct ChanType cli_chan_tcpremote = {
@@ -43,6 +42,11 @@ const struct ChanType cli_chan_tcpremote = {
 	NULL,
 	NULL
 };
+#endif
+
+#ifdef ENABLE_CLI_LOCALTCPFWD
+static int cli_localtcp(unsigned int listenport, const char* remoteaddr,
+		unsigned int remoteport);
 static const struct ChanType cli_chan_tcplocal = {
 	1, /* sepfds */
 	"direct-tcpip",
@@ -51,15 +55,17 @@ static const struct ChanType cli_chan_tcplocal = {
 	NULL,
 	NULL
 };
+#endif
 
+#ifdef ENABLE_CLI_LOCALTCPFWD
 void setup_localtcp() {
 
 	int ret;
 
-	TRACE(("enter setup_localtcp"));
+	TRACE(("enter setup_localtcp"))
 
 	if (cli_opts.localfwds == NULL) {
-		TRACE(("cli_opts.localfwds == NULL"));
+		TRACE(("cli_opts.localfwds == NULL"))
 	}
 
 	while (cli_opts.localfwds != NULL) {
@@ -75,7 +81,7 @@ void setup_localtcp() {
 
 		cli_opts.localfwds = cli_opts.localfwds->next;
 	}
-	TRACE(("leave setup_localtcp"));
+	TRACE(("leave setup_localtcp"))
 
 }
 
@@ -88,45 +94,63 @@ static int cli_localtcp(unsigned int listenport, const char* remoteaddr,
 	TRACE(("enter cli_localtcp: %d %s %d", listenport, remoteaddr,
 				remoteport));
 
-	tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener*));
+	tcpinfo = (struct TCPListener*)m_malloc(sizeof(struct TCPListener));
+
 	tcpinfo->sendaddr = m_strdup(remoteaddr);
 	tcpinfo->sendport = remoteport;
+
+	if (opts.listen_fwd_all) {
+		tcpinfo->listenaddr = m_strdup("");
+	} else {
+		tcpinfo->listenaddr = m_strdup("localhost");
+	}
 	tcpinfo->listenport = listenport;
+
 	tcpinfo->chantype = &cli_chan_tcplocal;
+	tcpinfo->tcp_type = direct;
 
 	ret = listen_tcpfwd(tcpinfo);
 
 	if (ret == DROPBEAR_FAILURE) {
 		m_free(tcpinfo);
 	}
-	TRACE(("leave cli_localtcp: %d", ret));
+	TRACE(("leave cli_localtcp: %d", ret))
 	return ret;
 }
+#endif /* ENABLE_CLI_LOCALTCPFWD */
 
+#ifdef  ENABLE_CLI_REMOTETCPFWD
 static void send_msg_global_request_remotetcp(int port) {
 
-	TRACE(("enter send_msg_global_request_remotetcp"));
+	char* listenspec = NULL;
+	TRACE(("enter send_msg_global_request_remotetcp"))
 
 	CHECKCLEARTOWRITE();
 	buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST);
 	buf_putstring(ses.writepayload, "tcpip-forward", 13);
 	buf_putbyte(ses.writepayload, 0);
-	buf_putstring(ses.writepayload, "0.0.0.0", 7); /* TODO: IPv6? */
+	if (opts.listen_fwd_all) {
+		listenspec = "";
+	} else {
+		listenspec = "localhost";
+	}
+	/* TODO: IPv6? */;
+	buf_putstring(ses.writepayload, listenspec, strlen(listenspec));
 	buf_putint(ses.writepayload, port);
 
 	encrypt_packet();
 
-	TRACE(("leave send_msg_global_request_remotetcp"));
+	TRACE(("leave send_msg_global_request_remotetcp"))
 }
 
 void setup_remotetcp() {
 
 	struct TCPFwdList * iter = NULL;
 
-	TRACE(("enter setup_remotetcp"));
+	TRACE(("enter setup_remotetcp"))
 
 	if (cli_opts.remotefwds == NULL) {
-		TRACE(("cli_opts.remotefwds == NULL"));
+		TRACE(("cli_opts.remotefwds == NULL"))
 	}
 
 	iter = cli_opts.remotefwds;
@@ -135,7 +159,7 @@ void setup_remotetcp() {
 		send_msg_global_request_remotetcp(iter->listenport);
 		iter = iter->next;
 	}
-	TRACE(("leave setup_remotetcp"));
+	TRACE(("leave setup_remotetcp"))
 }
 
 static int newtcpforwarded(struct Channel * channel) {
@@ -171,23 +195,22 @@ static int newtcpforwarded(struct Channel * channel) {
 	snprintf(portstring, sizeof(portstring), "%d", iter->connectport);
 	sock = connect_remote(iter->connectaddr, portstring, 1, NULL);
 	if (sock < 0) {
-		TRACE(("leave newtcpdirect: sock failed"));
+		TRACE(("leave newtcpdirect: sock failed"))
 		err = SSH_OPEN_CONNECT_FAILED;
 		goto out;
 	}
 
 	ses.maxfd = MAX(ses.maxfd, sock);
 
-	/* Note that infd is actually the "outgoing" direction on the
-	 * tcp connection, vice versa for outfd.
-	 * We don't set outfd, that will get set after the connection's
+	/* We don't set readfd, that will get set after the connection's
 	 * progress succeeds */
-	channel->infd = sock;
+	channel->writefd = sock;
 	channel->initconn = 1;
 	
 	err = SSH_OPEN_IN_PROGRESS;
 
 out:
-	TRACE(("leave newtcpdirect: err %d", err));
+	TRACE(("leave newtcpdirect: err %d", err))
 	return err;
 }
+#endif /* ENABLE_CLI_REMOTETCPFWD */

common-algo.c

@@ -32,20 +32,28 @@
 /* Mappings for ciphers, parameters are
    {&cipher_desc, keysize, blocksize} */
 
+#ifdef DROPBEAR_AES256_CBC
+static const struct dropbear_cipher dropbear_aes256 = 
+	{&aes_desc, 32, 16};
+#endif
 #ifdef DROPBEAR_AES128_CBC
-const struct dropbear_cipher dropbear_aes128 = 
-	{&rijndael_desc, 16, 16};
+static const struct dropbear_cipher dropbear_aes128 = 
+	{&aes_desc, 16, 16};
 #endif
 #ifdef DROPBEAR_BLOWFISH_CBC
-const struct dropbear_cipher dropbear_blowfish = 
+static const struct dropbear_cipher dropbear_blowfish = 
 	{&blowfish_desc, 16, 8};
 #endif
+#ifdef DROPBEAR_TWOFISH256_CBC
+static const struct dropbear_cipher dropbear_twofish256 = 
+	{&twofish_desc, 32, 16};
+#endif
 #ifdef DROPBEAR_TWOFISH128_CBC
-const struct dropbear_cipher dropbear_twofish128 = 
+static const struct dropbear_cipher dropbear_twofish128 = 
 	{&twofish_desc, 16, 16};
 #endif
 #ifdef DROPBEAR_3DES_CBC
-const struct dropbear_cipher dropbear_3des = 
+static const struct dropbear_cipher dropbear_3des = 
 	{&des3_desc, 24, 8};
 #endif
 
@@ -57,11 +65,15 @@ const struct dropbear_cipher dropbear_nocipher =
    {&hash_desc, keysize, hashsize} */
 
 #ifdef DROPBEAR_SHA1_HMAC
-const struct dropbear_hash dropbear_sha1 = 
+static const struct dropbear_hash dropbear_sha1 = 
 	{&sha1_desc, 20, 20};
 #endif
+#ifdef DROPBEAR_SHA1_96_HMAC
+static const struct dropbear_hash dropbear_sha1_96 = 
+	{&sha1_desc, 20, 12};
+#endif
 #ifdef DROPBEAR_MD5_HMAC
-const struct dropbear_hash dropbear_md5 = 
+static const struct dropbear_hash dropbear_md5 = 
 	{&md5_desc, 16, 16};
 #endif
 
@@ -75,19 +87,29 @@ algo_type sshciphers[] = {
 #ifdef DROPBEAR_AES128_CBC
 	{"aes128-cbc", 0, (void*)&dropbear_aes128, 1},
 #endif
-#ifdef DROPBEAR_BLOWFISH_CBC
-	{"blowfish-cbc", 0, (void*)&dropbear_blowfish, 1},
-#endif
-#ifdef DROPBEAR_TWOFISH128_CBC
-	{"twofish-cbc", 0, (void*)&dropbear_twofish128, 1},
-#endif
 #ifdef DROPBEAR_3DES_CBC
 	{"3des-cbc", 0, (void*)&dropbear_3des, 1},
+#endif
+#ifdef DROPBEAR_AES256_CBC
+	{"aes256-cbc", 0, (void*)&dropbear_aes256, 1},
+#endif
+#ifdef DROPBEAR_TWOFISH256_CBC
+	{"twofish256-cbc", 0, (void*)&dropbear_twofish256, 1},
+	{"twofish-cbc", 0, (void*)&dropbear_twofish256, 1},
+#endif
+#ifdef DROPBEAR_TWOFISH128_CBC
+	{"twofish128-cbc", 0, (void*)&dropbear_twofish128, 1},
+#endif
+#ifdef DROPBEAR_BLOWFISH_CBC
+	{"blowfish-cbc", 0, (void*)&dropbear_blowfish, 1},
 #endif
 	{NULL, 0, NULL, 0}
 };
 
 algo_type sshhashes[] = {
+#ifdef DROPBEAR_SHA1_96_HMAC
+	{"hmac-sha1-96", 0, (void*)&dropbear_sha1_96, 1},
+#endif
 #ifdef DROPBEAR_SHA1_HMAC
 	{"hmac-sha1", 0, (void*)&dropbear_sha1, 1},
 #endif
@@ -98,10 +120,10 @@ algo_type sshhashes[] = {
 };
 
 algo_type sshcompress[] = {
-	{"none", DROPBEAR_COMP_NONE, NULL, 1},
 #ifndef DISABLE_ZLIB
 	{"zlib", DROPBEAR_COMP_ZLIB, NULL, 1},
 #endif
+	{"none", DROPBEAR_COMP_NONE, NULL, 1},
 	{NULL, 0, NULL, 0}
 };
 
@@ -125,14 +147,14 @@ algo_type sshkex[] = {
  * This should be run before using any of the ciphers/hashes */
 void crypto_init() {
 
-	const struct _cipher_descriptor *regciphers[] = {
-#ifdef DROPBEAR_AES128_CBC
-		&rijndael_desc,
+	const struct ltc_cipher_descriptor *regciphers[] = {
+#ifdef DROPBEAR_AES_CBC
+		&aes_desc,
 #endif
 #ifdef DROPBEAR_BLOWFISH_CBC
 		&blowfish_desc,
 #endif
-#ifdef DROPBEAR_TWOFISH128_CBC
+#ifdef DROPBEAR_TWOFISH_CBC
 		&twofish_desc,
 #endif
 #ifdef DROPBEAR_3DES_CBC
@@ -141,7 +163,7 @@ void crypto_init() {
 		NULL
 	};
 
-	const struct _hash_descriptor *reghashes[] = {
+	const struct ltc_hash_descriptor *reghashes[] = {
 		/* we need sha1 for hostkey stuff regardless */
 		&sha1_desc,
 #ifdef DROPBEAR_MD5_HMAC
@@ -187,21 +209,20 @@ int have_algo(char* algo, size_t algolen, algo_type algos[]) {
 /* Output a comma separated list of algorithms to a buffer */
 void buf_put_algolist(buffer * buf, algo_type localalgos[]) {
 
-	unsigned int pos = 0, i, len;
-	char str[50]; /* enough for local algo storage */
+	unsigned int i, len;
+	unsigned int donefirst = 0;
+	buffer *algolist = NULL;
 
+	algolist = buf_new(100);
 	for (i = 0; localalgos[i].name != NULL; i++) {
 		if (localalgos[i].usable) {
-			/* Avoid generating a trailing comma */
-			if (pos)
-			    str[pos++] = ',';
+			if (donefirst)
+				buf_putbyte(algolist, ',');
+			donefirst = 1;
 			len = strlen(localalgos[i].name);
-			memcpy(&str[pos], localalgos[i].name, len);
-			pos += len;
+			buf_putbytes(algolist, localalgos[i].name, len);
 		}
 	}
-	str[pos]=0;
-	/* Debug this */
-	TRACE(("buf_put_algolist: %s", str));
-	buf_putstring(buf, str, pos);
+	buf_putstring(buf, algolist->data, algolist->len);
+	buf_free(algolist);
 }

common-channel.c

@@ -52,8 +52,8 @@ static void deletechannel(struct Channel *channel);
 static void checkinitdone(struct Channel *channel);
 static void checkclose(struct Channel *channel);
 
-static void closeinfd(struct Channel * channel);
-static void closeoutfd(struct Channel * channel, int fd);
+static void closewritefd(struct Channel * channel);
+static void closereadfd(struct Channel * channel, int fd);
 static void closechanfd(struct Channel *channel, int fd, int how);
 
 #define FD_UNINIT (-2)
@@ -81,15 +81,15 @@ void chancleanup() {
 
 	unsigned int i;
 
-	TRACE(("enter chancleanup"));
+	TRACE(("enter chancleanup"))
 	for (i = 0; i < ses.chansize; i++) {
 		if (ses.channels[i] != NULL) {
-			TRACE(("channel %d closing", i));
+			TRACE(("channel %d closing", i))
 			removechannel(ses.channels[i]);
 		}
 	}
 	m_free(ses.channels);
-	TRACE(("leave chancleanup"));
+	TRACE(("leave chancleanup"))
 }
 
 /* Create a new channel entry, send a reply confirm or failure */
@@ -103,7 +103,7 @@ struct Channel* newchannel(unsigned int remotechan,
 	struct Channel * newchan;
 	unsigned int i, j;
 
-	TRACE(("enter newchannel"));
+	TRACE(("enter newchannel"))
 	
 	/* first see if we can use existing channels */
 	for (i = 0; i < ses.chansize; i++) {
@@ -115,7 +115,7 @@ struct Channel* newchannel(unsigned int remotechan,
 	/* otherwise extend the list */
 	if (i == ses.chansize) {
 		if (ses.chansize >= MAX_CHANNELS) {
-			TRACE(("leave newchannel: max chans reached"));
+			TRACE(("leave newchannel: max chans reached"))
 			return NULL;
 		}
 
@@ -143,10 +143,11 @@ struct Channel* newchannel(unsigned int remotechan,
 	newchan->transmaxpacket = transmaxpacket;
 	
 	newchan->typedata = NULL;
-	newchan->infd = FD_UNINIT;
-	newchan->outfd = FD_UNINIT;
+	newchan->writefd = FD_UNINIT;
+	newchan->readfd = FD_UNINIT;
 	newchan->errfd = FD_CLOSED; /* this isn't always set to start with */
 	newchan->initconn = 0;
+	newchan->await_open = 0;
 
 	newchan->writebuf = cbuf_new(RECV_MAXWINDOW);
 	newchan->extrabuf = NULL; /* The user code can set it up */
@@ -157,13 +158,18 @@ struct Channel* newchannel(unsigned int remotechan,
 	ses.channels[i] = newchan;
 	ses.chancount++;
 
-	TRACE(("leave newchannel"));
+	TRACE(("leave newchannel"))
 
 	return newchan;
 }
 
-/* Get the channel structure corresponding to a channel number */
-struct Channel* getchannel(unsigned int chan) {
+/* Returns the channel structure corresponding to the channel in the current
+ * data packet (ses.payload must be positioned appropriately) */
+struct Channel* getchannel() {
+
+	unsigned int chan;
+
+	chan = buf_getint(ses.payload);
 	if (chan >= ses.chansize || ses.channels[chan] == NULL) {
 		return NULL;
 	}
@@ -171,11 +177,10 @@ struct Channel* getchannel(unsigned int chan) {
 }
 
 /* Iterate through the channels, performing IO if available */
-void channelio(fd_set *readfd, fd_set *writefd) {
+void channelio(fd_set *readfds, fd_set *writefds) {
 
 	struct Channel *channel;
 	unsigned int i;
-	int ret;
 
 	/* iterate through all the possible channels */
 	for (i = 0; i < ses.chansize; i++) {
@@ -186,48 +191,30 @@ void channelio(fd_set *readfd, fd_set *writefd) {
 			continue;
 		}
 
-		/* read from program/pipe stdout */
-		if (channel->outfd >= 0 && FD_ISSET(channel->outfd, readfd)) {
+		/* read data and send it over the wire */
+		if (channel->readfd >= 0 && FD_ISSET(channel->readfd, readfds)) {
 			send_msg_channel_data(channel, 0, 0);
 		}
 
-		/* read from program/pipe stderr */
+		/* read stderr data and send it over the wire */
 		if (channel->extrabuf == NULL &&
-				channel->errfd >= 0 && FD_ISSET(channel->errfd, readfd)) {
+				channel->errfd >= 0 && FD_ISSET(channel->errfd, readfds)) {
 				send_msg_channel_data(channel, 1, SSH_EXTENDED_DATA_STDERR);
 		}
 
-		/* if we can read from the infd, it might be closed, so we try to
-		 * see if it has errors */
-		if (channel->infd >= 0 && channel->infd != channel->outfd
-				&& FD_ISSET(channel->infd, readfd)) {
-			if (channel->initconn) {
-				/* Handling for "in progress" connection - this is needed
-				 * to avoid spinning 100% CPU when we connect to a server
-				 * which doesn't send anything (tcpfwding) */
-				checkinitdone(channel);
-				continue; /* Important not to use the channel after 
-							 checkinitdone(), as it may be NULL */
-			}
-			ret = write(channel->infd, NULL, 0); /* Fake write */
-			if (ret < 0 && errno != EINTR && errno != EAGAIN) {
-				closeinfd(channel);
-			}
-		}
-
 		/* write to program/pipe stdin */
-		if (channel->infd >= 0 && FD_ISSET(channel->infd, writefd)) {
+		if (channel->writefd >= 0 && FD_ISSET(channel->writefd, writefds)) {
 			if (channel->initconn) {
 				checkinitdone(channel);
 				continue; /* Important not to use the channel after
 							 checkinitdone(), as it may be NULL */
 			}
-			writechannel(channel, channel->infd, channel->writebuf);
+			writechannel(channel, channel->writefd, channel->writebuf);
 		}
 		
 		/* stderr for client mode */
 		if (channel->extrabuf != NULL 
-				&& channel->errfd >= 0 && FD_ISSET(channel->errfd, writefd)) {
+				&& channel->errfd >= 0 && FD_ISSET(channel->errfd, writefds)) {
 			writechannel(channel, channel->errfd, channel->extrabuf);
 		}
 	
@@ -238,7 +225,7 @@ void channelio(fd_set *readfd, fd_set *writefd) {
 
 	/* Listeners such as TCP, X11, agent-auth */
 #ifdef USING_LISTENERS
-	handle_listeners(readfd);
+	handle_listeners(readfds);
 #endif
 }
 
@@ -246,13 +233,13 @@ void channelio(fd_set *readfd, fd_set *writefd) {
 /* do all the EOF/close type stuff checking for a channel */
 static void checkclose(struct Channel *channel) {
 
-	TRACE(("checkclose: infd %d, outfd %d, errfd %d, sentclosed %d, recvclosed %d", 
-				channel->infd, channel->outfd,
-				channel->errfd, channel->sentclosed, channel->recvclosed));
+	TRACE(("checkclose: writefd %d, readfd %d, errfd %d, sentclosed %d, recvclosed %d",
+				channel->writefd, channel->readfd,
+				channel->errfd, channel->sentclosed, channel->recvclosed))
 	TRACE(("writebuf %d extrabuf %s extrabuf %d",
 				cbuf_getused(channel->writebuf),
 				channel->writebuf,
-				channel->writebuf ? 0 : cbuf_getused(channel->extrabuf)));
+				channel->writebuf ? 0 : cbuf_getused(channel->extrabuf)))
 
 	if (!channel->sentclosed) {
 
@@ -260,18 +247,18 @@ static void checkclose(struct Channel *channel) {
 		 * if the shell has exited etc */
 		if (channel->type->checkclose) {
 			if (channel->type->checkclose(channel)) {
-				closeinfd(channel);
+				closewritefd(channel);
 			}
 		}
 
 		if (!channel->senteof
-			&& channel->outfd == FD_CLOSED 
+			&& channel->readfd == FD_CLOSED 
 			&& (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) {
 			send_msg_channel_eof(channel);
 		}
 
-		if (channel->infd == FD_CLOSED
-			&& channel->outfd == FD_CLOSED
+		if (channel->writefd == FD_CLOSED
+			&& channel->readfd == FD_CLOSED
 			&& (channel->extrabuf != NULL || channel->errfd == FD_CLOSED)) {
 			send_msg_channel_close(channel);
 		}
@@ -289,7 +276,7 @@ static void checkclose(struct Channel *channel) {
 	 */
 	if (channel->recvclosed) {
 		if (! channel->sentclosed) {
-			TRACE(("Sending MSG_CHANNEL_CLOSE in response to same."));
+			TRACE(("Sending MSG_CHANNEL_CLOSE in response to same."))
 			send_msg_channel_close(channel);
 		}
 		removechannel(channel);
@@ -306,21 +293,21 @@ static void checkinitdone(struct Channel *channel) {
 	int val;
 	socklen_t vallen = sizeof(val);
 
-	TRACE(("enter checkinitdone"));
+	TRACE(("enter checkinitdone"))
 
-	if (getsockopt(channel->infd, SOL_SOCKET, SO_ERROR, &val, &vallen)
+	if (getsockopt(channel->writefd, SOL_SOCKET, SO_ERROR, &val, &vallen)
 			|| val != 0) {
 		send_msg_channel_open_failure(channel->remotechan,
 				SSH_OPEN_CONNECT_FAILED, "", "");
-		close(channel->infd);
+		close(channel->writefd);
 		deletechannel(channel);
-		TRACE(("leave checkinitdone: fail"));
+		TRACE(("leave checkinitdone: fail"))
 	} else {
 		send_msg_channel_open_confirmation(channel, channel->recvwindow,
 				channel->recvmaxpacket);
-		channel->outfd = channel->infd;
+		channel->readfd = channel->writefd;
 		channel->initconn = 0;
-		TRACE(("leave checkinitdone: success"));
+		TRACE(("leave checkinitdone: success"))
 	}
 }
 
@@ -329,7 +316,7 @@ static void checkinitdone(struct Channel *channel) {
 /* Send the close message and set the channel as closed */
 static void send_msg_channel_close(struct Channel *channel) {
 
-	TRACE(("enter send_msg_channel_close"));
+	TRACE(("enter send_msg_channel_close"))
 	/* XXX server */
 	if (channel->type->closehandler) {
 		channel->type->closehandler(channel);
@@ -344,13 +331,13 @@ static void send_msg_channel_close(struct Channel *channel) {
 
 	channel->senteof = 1;
 	channel->sentclosed = 1;
-	TRACE(("leave send_msg_channel_close"));
+	TRACE(("leave send_msg_channel_close"))
 }
 
 /* call this when trans/eof channels are closed */
 static void send_msg_channel_eof(struct Channel *channel) {
 
-	TRACE(("enter send_msg_channel_eof"));
+	TRACE(("enter send_msg_channel_eof"))
 	CHECKCLEARTOWRITE();
 
 	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_EOF);
@@ -360,7 +347,7 @@ static void send_msg_channel_eof(struct Channel *channel) {
 
 	channel->senteof = 1;
 
-	TRACE(("leave send_msg_channel_eof"));
+	TRACE(("leave send_msg_channel_eof"))
 }
 
 /* Called to write data out to the local side of the channel. 
@@ -370,7 +357,7 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) {
 
 	int len, maxlen;
 
-	TRACE(("enter writechannel"));
+	TRACE(("enter writechannel"))
 
 	maxlen = cbuf_readlen(cbuf);
 
@@ -380,19 +367,19 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) {
 		if (len < 0 && errno != EINTR) {
 			/* no more to write - we close it even if the fd was stderr, since
 			 * that's a nasty failure too */
-			closeinfd(channel);
+			closewritefd(channel);
 		}
-		TRACE(("leave writechannel: len <= 0"));
+		TRACE(("leave writechannel: len <= 0"))
 		return;
 	}
 
 	cbuf_incrread(cbuf, len);
 	channel->recvdonelen += len;
 
-	if (fd == channel->infd && len == maxlen && channel->recveof) { 
+	if (fd == channel->writefd && cbuf_getused(cbuf) == 0 && channel->recveof) { 
 		/* Check if we're closing up */
-		closeinfd(channel);
-		TRACE(("leave writechannel: recveof set"));
+		closewritefd(channel);
+		TRACE(("leave writechannel: recveof set"))
 		return;
 	}
 
@@ -404,18 +391,18 @@ static void writechannel(struct Channel* channel, int fd, circbuffer *cbuf) {
 		channel->recvdonelen = 0;
 	}
 
-	assert(channel->recvwindow <= RECV_MAXWINDOW);
-	assert(channel->recvwindow <= cbuf_getavail(channel->writebuf));
-	assert(channel->extrabuf == NULL ||
+	dropbear_assert(channel->recvwindow <= RECV_MAXWINDOW);
+	dropbear_assert(channel->recvwindow <= cbuf_getavail(channel->writebuf));
+	dropbear_assert(channel->extrabuf == NULL ||
 			channel->recvwindow <= cbuf_getavail(channel->extrabuf));
 	
 	
-	TRACE(("leave writechannel"));
+	TRACE(("leave writechannel"))
 }
 
 /* Set the file descriptors for the main select in session.c
  * This avoid channels which don't have any window available, are closed, etc*/
-void setchannelfds(fd_set *readfd, fd_set *writefd) {
+void setchannelfds(fd_set *readfds, fd_set *writefds) {
 	
 	unsigned int i;
 	struct Channel * channel;
@@ -430,41 +417,31 @@ void setchannelfds(fd_set *readfd, fd_set *writefd) {
 		/* Stuff to put over the wire */
 		if (channel->transwindow > 0) {
 
-			if (channel->outfd >= 0) {
-				FD_SET(channel->outfd, readfd);
+			if (channel->readfd >= 0) {
+				FD_SET(channel->readfd, readfds);
 			}
 			
 			if (channel->extrabuf == NULL && channel->errfd >= 0) {
-					FD_SET(channel->errfd, readfd);
+					FD_SET(channel->errfd, readfds);
 			}
 		}
 
-		/* For checking FD status (ie closure etc) - we don't actually
-		 * read data from infd */
-		TRACE(("infd = %d, outfd %d, errfd %d, bufused %d", 
-					channel->infd, channel->outfd,
-					channel->errfd,
-					cbuf_getused(channel->writebuf) ));
-		if (channel->infd >= 0 && channel->infd != channel->outfd) {
-			FD_SET(channel->infd, readfd);
-		}
-
-		/* Stuff from the wire, to local program/shell/user etc */
-		if ((channel->infd >= 0 && cbuf_getused(channel->writebuf) > 0 )
+		/* Stuff from the wire */
+		if ((channel->writefd >= 0 && cbuf_getused(channel->writebuf) > 0 )
 				|| channel->initconn) {
 
-				FD_SET(channel->infd, writefd);
+				FD_SET(channel->writefd, writefds);
 		}
 
 		if (channel->extrabuf != NULL && channel->errfd >= 0 
 				&& cbuf_getused(channel->extrabuf) > 0 ) {
-				FD_SET(channel->errfd, writefd);
+				FD_SET(channel->errfd, writefds);
 		}
 
 	} /* foreach channel */
 
 #ifdef USING_LISTENERS
-	set_listener_fds(readfd);
+	set_listener_fds(readfds);
 #endif
 
 }
@@ -474,14 +451,11 @@ void setchannelfds(fd_set *readfd, fd_set *writefd) {
  * etc) FD is also EOF */
 void recv_msg_channel_eof() {
 
-	unsigned int chan;
 	struct Channel * channel;
 
-	TRACE(("enter recv_msg_channel_eof"));
-
-	chan = buf_getint(ses.payload);
-	channel = getchannel(chan);
+	TRACE(("enter recv_msg_channel_eof"))
 
+	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("EOF for unknown channel");
 	}
@@ -490,25 +464,21 @@ void recv_msg_channel_eof() {
 	if (cbuf_getused(channel->writebuf) == 0
 			&& (channel->extrabuf == NULL 
 					|| cbuf_getused(channel->extrabuf) == 0)) {
-		closeinfd(channel);
+		closewritefd(channel);
 	}
 
-	TRACE(("leave recv_msg_channel_eof"));
+	TRACE(("leave recv_msg_channel_eof"))
 }
 
 
 /* Handle channel closure(), respond in kind and close the channels */
 void recv_msg_channel_close() {
 
-	unsigned int chan;
 	struct Channel * channel;
 
-	TRACE(("enter recv_msg_channel_close"));
-
-	chan = buf_getint(ses.payload);
-	TRACE(("close channel = %d", chan));
-	channel = getchannel(chan);
+	TRACE(("enter recv_msg_channel_close"))
 
+	channel = getchannel();
 	if (channel == NULL) {
 		/* disconnect ? */
 		dropbear_exit("Close for unknown channel");
@@ -521,15 +491,15 @@ void recv_msg_channel_close() {
 		removechannel(channel);
 	}
 
-	TRACE(("leave recv_msg_channel_close"));
+	TRACE(("leave recv_msg_channel_close"))
 }
 
 /* Remove a channel entry, this is only executed after both sides have sent
  * channel close */
 static void removechannel(struct Channel * channel) {
 
-	TRACE(("enter removechannel"));
-	TRACE(("channel index is %d", channel->index));
+	TRACE(("enter removechannel"))
+	TRACE(("channel index is %d", channel->index))
 
 	cbuf_free(channel->writebuf);
 	channel->writebuf = NULL;
@@ -542,15 +512,15 @@ static void removechannel(struct Channel * channel) {
 
 	/* close the FDs in case they haven't been done
 	 * yet (ie they were shutdown etc */
-	close(channel->infd);
-	close(channel->outfd);
+	close(channel->writefd);
+	close(channel->readfd);
 	close(channel->errfd);
 
 	channel->typedata = NULL;
 
 	deletechannel(channel);
 
-	TRACE(("leave removechannel"));
+	TRACE(("leave removechannel"))
 }
 
 /* Remove a channel entry */
@@ -567,14 +537,11 @@ static void deletechannel(struct Channel *channel) {
  * such as chansession or x11fwd */
 void recv_msg_channel_request() {
 
-	unsigned int chan;
 	struct Channel *channel;
 
-	TRACE(("enter recv_msg_channel_request"));
+	TRACE(("enter recv_msg_channel_request"))
 	
-	chan = buf_getint(ses.payload);
-	channel = getchannel(chan);
-
+	channel = getchannel();
 	if (channel == NULL) {
 		/* disconnect ? */
 		dropbear_exit("Unknown channel");
@@ -586,7 +553,7 @@ void recv_msg_channel_request() {
 		send_msg_channel_failure(channel);
 	}
 
-	TRACE(("leave recv_msg_channel_request"));
+	TRACE(("leave recv_msg_channel_request"))
 
 }
 
@@ -603,19 +570,19 @@ static void send_msg_channel_data(struct Channel *channel, int isextended,
 	unsigned int maxlen;
 	int fd;
 
-/*	TRACE(("enter send_msg_channel_data"));
-	TRACE(("extended = %d type = %d", isextended, exttype));*/
+/*	TRACE(("enter send_msg_channel_data"))
+	TRACE(("extended = %d type = %d", isextended, exttype))*/
 
 	CHECKCLEARTOWRITE();
 
-	assert(!channel->sentclosed);
+	dropbear_assert(!channel->sentclosed);
 
 	if (isextended) {
 		fd = channel->errfd;
 	} else {
-		fd = channel->outfd;
+		fd = channel->readfd;
 	}
-	assert(fd >= 0);
+	dropbear_assert(fd >= 0);
 
 	maxlen = MIN(channel->transwindow, channel->transmaxpacket);
 	/* -(1+4+4) is SSH_MSG_CHANNEL_DATA, channel number, string length, and 
@@ -623,19 +590,19 @@ static void send_msg_channel_data(struct Channel *channel, int isextended,
 	maxlen = MIN(maxlen, 
 			ses.writepayload->size - 1 - 4 - 4 - (isextended ? 4 : 0));
 	if (maxlen == 0) {
-		TRACE(("leave send_msg_channel_data: no window"));
+		TRACE(("leave send_msg_channel_data: no window"))
 		return; /* the data will get written later */
 	}
 
 	/* read the data */
-	TRACE(("maxlen %d", maxlen));
+	TRACE(("maxlen %d", maxlen))
 	buf = buf_new(maxlen);
-	TRACE(("buf pos %d data %x", buf->pos, buf->data));
+	TRACE(("buf pos %d data %x", buf->pos, buf->data))
 	len = read(fd, buf_getwriteptr(buf, maxlen), maxlen);
 	if (len <= 0) {
 		/* on error/eof, send eof */
 		if (len == 0 || errno != EINTR) {
-			closeoutfd(channel, fd);
+			closereadfd(channel, fd);
 		}
 		buf_free(buf);
 		buf = NULL;
@@ -660,23 +627,20 @@ static void send_msg_channel_data(struct Channel *channel, int isextended,
 	channel->transwindow -= len;
 
 	encrypt_packet();
-	TRACE(("leave send_msg_channel_data"));
+	TRACE(("leave send_msg_channel_data"))
 }
 
 /* We receive channel data */
 void recv_msg_channel_data() {
 
-	unsigned int chan;
 	struct Channel *channel;
 
-	chan = buf_getint(ses.payload);
-	channel = getchannel(chan);
-
+	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 
-	common_recv_msg_channel_data(channel, channel->infd, channel->writebuf);
+	common_recv_msg_channel_data(channel, channel->writefd, channel->writebuf);
 }
 
 /* Shared for data and stderr data - when we receive data, put it in a buffer
@@ -689,14 +653,14 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd,
 	unsigned int buflen;
 	unsigned int len;
 
-	TRACE(("enter recv_msg_channel_data"));
+	TRACE(("enter recv_msg_channel_data"))
 
 	if (channel->recveof) {
 		dropbear_exit("received data after eof");
 	}
 
  	if (fd < 0) {
-		dropbear_exit("received data with bad infd");
+		dropbear_exit("received data with bad writefd");
 	}
 
 	datalen = buf_getint(ses.payload);
@@ -726,11 +690,11 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd,
 		len -= buflen;
 	}
 
-	assert(channel->recvwindow >= datalen);
+	dropbear_assert(channel->recvwindow >= datalen);
 	channel->recvwindow -= datalen;
-	assert(channel->recvwindow <= RECV_MAXWINDOW);
+	dropbear_assert(channel->recvwindow <= RECV_MAXWINDOW);
 
-	TRACE(("leave recv_msg_channel_data"));
+	TRACE(("leave recv_msg_channel_data"))
 }
 
 /* Increment the outgoing data window for a channel - the remote end limits
@@ -738,19 +702,16 @@ void common_recv_msg_channel_data(struct Channel *channel, int fd,
  * as data is sent, and incremented upon receiving window-adjust messages */
 void recv_msg_channel_window_adjust() {
 
-	unsigned int chan;
 	struct Channel * channel;
 	unsigned int incr;
 	
-	chan = buf_getint(ses.payload);
-	channel = getchannel(chan);
-
+	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 	
 	incr = buf_getint(ses.payload);
-	TRACE(("received window increment %d", incr));
+	TRACE(("received window increment %d", incr))
 	incr = MIN(incr, MAX_TRANS_WIN_INCR);
 	
 	channel->transwindow += incr;
@@ -763,7 +724,7 @@ void recv_msg_channel_window_adjust() {
 static void send_msg_channel_window_adjust(struct Channel* channel, 
 		unsigned int incr) {
 
-	TRACE(("sending window adjust %d", incr));
+	TRACE(("sending window adjust %d", incr))
 	CHECKCLEARTOWRITE();
 
 	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_WINDOW_ADJUST);
@@ -787,7 +748,7 @@ void recv_msg_channel_open() {
 	int ret;
 
 
-	TRACE(("enter recv_msg_channel_open"));
+	TRACE(("enter recv_msg_channel_open"))
 
 	/* get the packet contents */
 	type = buf_getstring(ses.payload, &typelen);
@@ -815,17 +776,17 @@ void recv_msg_channel_open() {
 	}
 
 	if (chantype == NULL) {
-		TRACE(("No matching type for '%s'", type));
+		TRACE(("No matching type for '%s'", type))
 		goto failure;
 	}
 
-	TRACE(("matched type '%s'", type));
+	TRACE(("matched type '%s'", type))
 
 	/* create the channel */
 	channel = newchannel(remotechan, chantype, transwindow, transmaxpacket);
 
 	if (channel == NULL) {
-		TRACE(("newchannel returned NULL"));
+		TRACE(("newchannel returned NULL"))
 		goto failure;
 	}
 
@@ -838,7 +799,7 @@ void recv_msg_channel_open() {
 			}
 			errtype = ret;
 			deletechannel(channel);
-			TRACE(("inithandler returned failure %d", ret));
+			TRACE(("inithandler returned failure %d", ret))
 			goto failure;
 		}
 	}
@@ -849,39 +810,39 @@ void recv_msg_channel_open() {
 	goto cleanup;
 
 failure:
-	TRACE(("recv_msg_channel_open failure"));
+	TRACE(("recv_msg_channel_open failure"))
 	send_msg_channel_open_failure(remotechan, errtype, "", "");
 
 cleanup:
 	m_free(type);
 
-	TRACE(("leave recv_msg_channel_open"));
+	TRACE(("leave recv_msg_channel_open"))
 }
 
 /* Send a failure message */
 void send_msg_channel_failure(struct Channel *channel) {
 
-	TRACE(("enter send_msg_channel_failure"));
+	TRACE(("enter send_msg_channel_failure"))
 	CHECKCLEARTOWRITE();
 
 	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_FAILURE);
 	buf_putint(ses.writepayload, channel->remotechan);
 
 	encrypt_packet();
-	TRACE(("leave send_msg_channel_failure"));
+	TRACE(("leave send_msg_channel_failure"))
 }
 
 /* Send a success message */
 void send_msg_channel_success(struct Channel *channel) {
 
-	TRACE(("enter send_msg_channel_success"));
+	TRACE(("enter send_msg_channel_success"))
 	CHECKCLEARTOWRITE();
 
 	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_SUCCESS);
 	buf_putint(ses.writepayload, channel->remotechan);
 
 	encrypt_packet();
-	TRACE(("leave send_msg_channel_success"));
+	TRACE(("leave send_msg_channel_success"))
 }
 
 /* Send a channel open failure message, with a corresponding reason
@@ -889,7 +850,7 @@ void send_msg_channel_success(struct Channel *channel) {
 static void send_msg_channel_open_failure(unsigned int remotechan, 
 		int reason, const unsigned char *text, const unsigned char *lang) {
 
-	TRACE(("enter send_msg_channel_open_failure"));
+	TRACE(("enter send_msg_channel_open_failure"))
 	CHECKCLEARTOWRITE();
 	
 	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN_FAILURE);
@@ -899,7 +860,7 @@ static void send_msg_channel_open_failure(unsigned int remotechan,
 	buf_putstring(ses.writepayload, lang, strlen((char*)lang));
 
 	encrypt_packet();
-	TRACE(("leave send_msg_channel_open_failure"));
+	TRACE(("leave send_msg_channel_open_failure"))
 }
 
 /* Confirm a channel open, and let the remote end know what number we've
@@ -908,7 +869,7 @@ static void send_msg_channel_open_confirmation(struct Channel* channel,
 		unsigned int recvwindow, 
 		unsigned int recvmaxpacket) {
 
-	TRACE(("enter send_msg_channel_open_confirmation"));
+	TRACE(("enter send_msg_channel_open_confirmation"))
 	CHECKCLEARTOWRITE();
 
 	buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_OPEN_CONFIRMATION);
@@ -918,10 +879,10 @@ static void send_msg_channel_open_confirmation(struct Channel* channel,
 	buf_putint(ses.writepayload, recvmaxpacket);
 
 	encrypt_packet();
-	TRACE(("leave send_msg_channel_open_confirmation"));
+	TRACE(("leave send_msg_channel_open_confirmation"))
 }
 
-#ifdef USING_LISTENERS
+#if defined(USING_LISTENERS) || defined(DROPBEAR_CLIENT)
 /* Create a new channel, and start the open request. This is intended
  * for X11, agent, tcp forwarding, and should be filled with channel-specific
  * options, with the calling function calling encrypt_packet() after
@@ -931,19 +892,21 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type) {
 
 	struct Channel* chan;
 
-	TRACE(("enter send_msg_channel_open_init()"));
+	TRACE(("enter send_msg_channel_open_init()"))
 	chan = newchannel(0, type, 0, 0);
 	if (!chan) {
-		TRACE(("leave send_msg_channel_open_init() - FAILED in newchannel()"));
+		TRACE(("leave send_msg_channel_open_init() - FAILED in newchannel()"))
 		return DROPBEAR_FAILURE;
 	}
 
 	/* set fd non-blocking */
 	setnonblocking(fd);
 
-	chan->infd = chan->outfd = fd;
+	chan->writefd = chan->readfd = fd;
 	ses.maxfd = MAX(ses.maxfd, fd);
 
+	chan->await_open = 1;
+
 	/* now open the channel connection */
 	CHECKCLEARTOWRITE();
 
@@ -953,7 +916,7 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type) {
 	buf_putint(ses.writepayload, RECV_MAXWINDOW);
 	buf_putint(ses.writepayload, RECV_MAXPACKET);
 
-	TRACE(("leave send_msg_channel_open_init()"));
+	TRACE(("leave send_msg_channel_open_init()"))
 	return DROPBEAR_SUCCESS;
 }
 
@@ -961,68 +924,76 @@ int send_msg_channel_open_init(int fd, const struct ChanType *type) {
  * successful*/
 void recv_msg_channel_open_confirmation() {
 
-	unsigned int chan;
 	struct Channel * channel;
 	int ret;
 
-	TRACE(("enter recv_msg_channel_open_confirmation"));
-	chan = buf_getint(ses.payload);
+	TRACE(("enter recv_msg_channel_open_confirmation"))
 
-	channel = getchannel(chan);
+	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 
+	if (!channel->await_open) {
+		dropbear_exit("unexpected channel reply");
+	}
+	channel->await_open = 0;
+
 	channel->remotechan =  buf_getint(ses.payload);
 	channel->transwindow = buf_getint(ses.payload);
 	channel->transmaxpacket = buf_getint(ses.payload);
 	
-	TRACE(("new chan remote %d localho %d", channel->remotechan, chan));
+	TRACE(("new chan remote %d local %d", 
+				channel->remotechan, channel->index))
 
 	/* Run the inithandler callback */
 	if (channel->type->inithandler) {
 		ret = channel->type->inithandler(channel);
 		if (ret > 0) {
 			removechannel(channel);
-			TRACE(("inithandler returned failure %d", ret));
+			TRACE(("inithandler returned failure %d", ret))
 		}
 	}
 
 	
-	TRACE(("leave recv_msg_channel_open_confirmation"));
+	TRACE(("leave recv_msg_channel_open_confirmation"))
 }
 
 /* Notification that our channel open request failed */
 void recv_msg_channel_open_failure() {
 
-	unsigned int chan;
 	struct Channel * channel;
-	chan = buf_getbyte(ses.payload);
 
-	channel = getchannel(chan);
+	channel = getchannel();
 	if (channel == NULL) {
 		dropbear_exit("Unknown channel");
 	}
 
+	if (!channel->await_open) {
+		dropbear_exit("unexpected channel reply");
+	}
+	channel->await_open = 0;
+
 	removechannel(channel);
 }
+#endif /* USING_LISTENERS */
 
 /* close a stdout/stderr fd */
-static void closeoutfd(struct Channel * channel, int fd) {
+static void closereadfd(struct Channel * channel, int fd) {
 
-	/* don't close it if it is the same as infd,
-	 * unless infd is already set -1 */
-	TRACE(("enter closeoutfd"));
+	/* don't close it if it is the same as writefd,
+	 * unless writefd is already set -1 */
+	TRACE(("enter closereadfd"))
 	closechanfd(channel, fd, 0);
-	TRACE(("leave closeoutfd"));
+	TRACE(("leave closereadfd"))
 }
 
 /* close a stdin fd */
-static void closeinfd(struct Channel * channel) {
+static void closewritefd(struct Channel * channel) {
 
-	TRACE(("enter closeinfd"));
-	closechanfd(channel, channel->infd, 1);
-	TRACE(("leave closeinfd"));
+	TRACE(("enter closewritefd"))
+	closechanfd(channel, channel->writefd, 1);
+	TRACE(("leave closewritefd"))
 }
 
 /* close a fd, how is 0 for stdout/stderr, 1 for stdin */
@@ -1032,6 +1003,7 @@ static void closechanfd(struct Channel *channel, int fd, int how) {
 
 	/* XXX server */
 	if (channel->type->sepfds) {
+		TRACE(("shutdown((%d), %d)", fd, how))
 		shutdown(fd, how);
 		if (how == 0) {
 			closeout = 1;
@@ -1043,19 +1015,24 @@ static void closechanfd(struct Channel *channel, int fd, int how) {
 		closein = closeout = 1;
 	}
 
-	if (closeout && fd == channel->outfd) {
-		channel->outfd = FD_CLOSED;
+	if (closeout && fd == channel->readfd) {
+		channel->readfd = FD_CLOSED;
 	}
 	if (closeout && (channel->extrabuf == NULL) && (fd == channel->errfd)) {
 		channel->errfd = FD_CLOSED;
 	}
 
-	if (closein && fd == channel->infd) {
-		channel->infd = FD_CLOSED;
+	if (closein && fd == channel->writefd) {
+		channel->writefd = FD_CLOSED;
 	}
 	if (closein && (channel->extrabuf != NULL) && (fd == channel->errfd)) {
 		channel->errfd = FD_CLOSED;
 	}
-}
 
-#endif /* USING_LISTENERS */
+	/* if we called shutdown on it and all references are gone, then we 
+	 * need to close() it to stop it lingering */
+	if (channel->type->sepfds && channel->readfd == FD_CLOSED 
+		&& channel->writefd == FD_CLOSED && channel->errfd == FD_CLOSED) {
+		close(fd);
+	}
+}

common-kex.c

@@ -35,7 +35,7 @@
 #include "random.h"
 
 /* diffie-hellman-group1-sha1 value for p */
-const unsigned char dh_p_val[] = {
+static const unsigned char dh_p_val[] = {
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2,
     0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
 	0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6,
@@ -47,8 +47,9 @@ const unsigned char dh_p_val[] = {
 	0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11,
 	0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF};
+#define DH_P_LEN sizeof(dh_p_val)
 
-const int DH_G_VAL = 2;
+static const int DH_G_VAL = 2;
 
 static void kexinitialise();
 void gen_new_keys();
@@ -114,8 +115,8 @@ void send_msg_kexinit() {
 	encrypt_packet();
 	ses.dataallowed = 0; /* don't send other packets during kex */
 
-	TRACE(("DATAALLOWED=0"));
-	TRACE(("-> KEXINIT"));
+	TRACE(("DATAALLOWED=0"))
+	TRACE(("-> KEXINIT"))
 	ses.kexstate.sentkexinit = 1;
 }
 
@@ -128,7 +129,7 @@ void send_msg_kexinit() {
 /* Bring new keys into use after a key exchange, and let the client know*/
 void send_msg_newkeys() {
 
-	TRACE(("enter send_msg_newkeys"));
+	TRACE(("enter send_msg_newkeys"))
 
 	/* generate the kexinit request */
 	CHECKCLEARTOWRITE();
@@ -138,42 +139,42 @@ void send_msg_newkeys() {
 
 	/* set up our state */
 	if (ses.kexstate.recvnewkeys) {
-		TRACE(("while RECVNEWKEYS=1"));
+		TRACE(("while RECVNEWKEYS=1"))
 		gen_new_keys();
 		kexinitialise(); /* we've finished with this kex */
-		TRACE((" -> DATAALLOWED=1"));
+		TRACE((" -> DATAALLOWED=1"))
 		ses.dataallowed = 1; /* we can send other packets again now */
 		ses.kexstate.donefirstkex = 1;
 	} else {
 		ses.kexstate.sentnewkeys = 1;
-		TRACE(("SENTNEWKEYS=1"));
+		TRACE(("SENTNEWKEYS=1"))
 	}
 
-	TRACE(("-> MSG_NEWKEYS"));
-	TRACE(("leave send_msg_newkeys"));
+	TRACE(("-> MSG_NEWKEYS"))
+	TRACE(("leave send_msg_newkeys"))
 }
 
 /* Bring the new keys into use after a key exchange */
 void recv_msg_newkeys() {
 
-	TRACE(("<- MSG_NEWKEYS"));
-	TRACE(("enter recv_msg_newkeys"));
+	TRACE(("<- MSG_NEWKEYS"))
+	TRACE(("enter recv_msg_newkeys"))
 
 	/* simply check if we've sent SSH_MSG_NEWKEYS, and if so,
 	 * switch to the new keys */
 	if (ses.kexstate.sentnewkeys) {
-		TRACE(("while SENTNEWKEYS=1"));
+		TRACE(("while SENTNEWKEYS=1"))
 		gen_new_keys();
 		kexinitialise(); /* we've finished with this kex */
-	    TRACE((" -> DATAALLOWED=1"));
+	    TRACE((" -> DATAALLOWED=1"))
 	    ses.dataallowed = 1; /* we can send other packets again now */
 		ses.kexstate.donefirstkex = 1;
 	} else {
-		TRACE(("RECVNEWKEYS=1"));
+		TRACE(("RECVNEWKEYS=1"))
 		ses.kexstate.recvnewkeys = 1;
 	}
 	
-	TRACE(("leave recv_msg_newkeys"));
+	TRACE(("leave recv_msg_newkeys"))
 }
 
 
@@ -189,7 +190,7 @@ static void kexinitialise() {
 
 	struct timeval tv;
 
-	TRACE(("kexinitialise()"));
+	TRACE(("kexinitialise()"))
 
 	/* sent/recv'd MSG_KEXINIT */
 	ses.kexstate.sentkexinit = 0;
@@ -262,7 +263,7 @@ void gen_new_keys() {
 	unsigned int C2S_keysize, S2C_keysize;
 	char mactransletter, macrecvletter; /* Client or server specific */
 
-	TRACE(("enter gen_new_keys"));
+	TRACE(("enter gen_new_keys"))
 	/* the dh_K and hash are the start of all hashes, we make use of that */
 
 	sha1_init(&hs);
@@ -329,7 +330,7 @@ void gen_new_keys() {
 	ses.keys = ses.newkeys;
 	ses.newkeys = NULL;
 
-	TRACE(("leave gen_new_keys"));
+	TRACE(("leave gen_new_keys"))
 }
 
 #ifndef DISABLE_ZLIB
@@ -393,18 +394,28 @@ static void gen_new_zstreams() {
 /* Belongs in common_kex.c where it should be moved after review */
 void recv_msg_kexinit() {
 	
-	TRACE(("<- KEXINIT"));
-	TRACE(("enter recv_msg_kexinit"));
-	
-	/* start the kex hash */
-	ses.kexhashbuf = buf_new(MAX_KEXHASHBUF);
+	unsigned int kexhashbuf_len = 0;
+	unsigned int remote_ident_len = 0;
+	unsigned int local_ident_len = 0;
 
+	TRACE(("<- KEXINIT"))
+	TRACE(("enter recv_msg_kexinit"))
+	
 	if (!ses.kexstate.sentkexinit) {
 		/* we need to send a kex packet */
 		send_msg_kexinit();
-		TRACE(("continue recv_msg_kexinit: sent kexinit"));
+		TRACE(("continue recv_msg_kexinit: sent kexinit"))
 	}
 
+	/* start the kex hash */
+	local_ident_len = strlen(LOCAL_IDENT);
+	remote_ident_len = strlen((char*)ses.remoteident);
+
+	kexhashbuf_len = local_ident_len + remote_ident_len
+		+ ses.transkexinit->len + ses.payload->len
+		+ KEXHASHBUF_MAX_INTS;
+
+	ses.kexhashbuf = buf_new(kexhashbuf_len);
 
 	if (IS_DROPBEAR_CLIENT) {
 
@@ -413,20 +424,16 @@ void recv_msg_kexinit() {
 
 		/* V_C, the client's version string (CR and NL excluded) */
 	    buf_putstring(ses.kexhashbuf,
-			(unsigned char*)LOCAL_IDENT, strlen(LOCAL_IDENT));
+			(unsigned char*)LOCAL_IDENT, local_ident_len);
 		/* V_S, the server's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, 
-			ses.remoteident, strlen((char*)ses.remoteident));
+	    buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
 
 		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
 	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.transkexinit, ses.transkexinit->len),
-			ses.transkexinit->len);
+			ses.transkexinit->data, ses.transkexinit->len);
 		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
 	    buf_setpos(ses.payload, 0);
-	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.payload, ses.payload->len),
-			ses.payload->len);
+	    buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len);
 
 	} else {
 		/* SERVER */
@@ -434,21 +441,19 @@ void recv_msg_kexinit() {
 		/* read the peer's choice of algos */
 		read_kex_algos();
 		/* V_C, the client's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf, 
-			ses.remoteident, strlen((char*)ses.remoteident));
+	    buf_putstring(ses.kexhashbuf, ses.remoteident, remote_ident_len);
 		/* V_S, the server's version string (CR and NL excluded) */
-	    buf_putstring(ses.kexhashbuf,
-			(unsigned char*)LOCAL_IDENT, strlen(LOCAL_IDENT));
+	    buf_putstring(ses.kexhashbuf, 
+				(unsigned char*)LOCAL_IDENT, local_ident_len);
 
 		/* I_C, the payload of the client's SSH_MSG_KEXINIT */
 	    buf_setpos(ses.payload, 0);
-	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.payload, ses.payload->len),
-			ses.payload->len);
+	    buf_putstring(ses.kexhashbuf, ses.payload->data, ses.payload->len);
+
 		/* I_S, the payload of the server's SSH_MSG_KEXINIT */
 	    buf_putstring(ses.kexhashbuf,
-			buf_getptr(ses.transkexinit, ses.transkexinit->len),
-			ses.transkexinit->len);
+			ses.transkexinit->data, ses.transkexinit->len);
+
 		ses.requirenext = SSH_MSG_KEXDH_INIT;
 	}
 
@@ -457,9 +462,8 @@ void recv_msg_kexinit() {
 	/* the rest of ses.kexhashbuf will be done after DH exchange */
 
 	ses.kexstate.recvkexinit = 1;
-//	ses.expecting = 0; // client matt
 
-	TRACE(("leave recv_msg_kexinit"));
+	TRACE(("leave recv_msg_kexinit"))
 }
 
 /* Initialises and generate one side of the diffie-hellman key exchange values.
@@ -470,18 +474,13 @@ void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv) {
 	DEF_MP_INT(dh_p);
 	DEF_MP_INT(dh_q);
 	DEF_MP_INT(dh_g);
-	unsigned char randbuf[DH_P_LEN];
-	int dh_q_len;
 
-	TRACE(("enter send_msg_kexdh_reply"));
+	TRACE(("enter send_msg_kexdh_reply"))
 	
 	m_mp_init_multi(&dh_g, &dh_p, &dh_q, NULL);
 
 	/* read the prime and generator*/
-	if (mp_read_unsigned_bin(&dh_p, (unsigned char*)dh_p_val, DH_P_LEN)
-			!= MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
+	bytes_to_mp(&dh_p, (unsigned char*)dh_p_val, DH_P_LEN);
 	
 	if (mp_set_int(&dh_g, DH_G_VAL) != MP_OKAY) {
 		dropbear_exit("Diffie-Hellman error");
@@ -496,16 +495,8 @@ void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv) {
 		dropbear_exit("Diffie-Hellman error");
 	}
 
-	dh_q_len = mp_unsigned_bin_size(&dh_q);
-
-	/* calculate our random value dh_y */
-	do {
-		assert((unsigned int)dh_q_len <= sizeof(randbuf));
-		genrandom(randbuf, dh_q_len);
-		if (mp_read_unsigned_bin(dh_priv, randbuf, dh_q_len) != MP_OKAY) {
-			dropbear_exit("Diffie-Hellman error");
-		}
-	} while (mp_cmp(dh_priv, &dh_q) == MP_GT || mp_cmp_d(dh_priv, 0) != MP_GT);
+	/* Generate a private portion 0 < dh_priv < dh_q */
+	gen_random_mpint(&dh_q, dh_priv);
 
 	/* f = g^y mod p */
 	if (mp_exptmod(&dh_g, dh_priv, &dh_p, dh_pub) != MP_OKAY) {
@@ -527,10 +518,7 @@ void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
 
 	/* read the prime and generator*/
 	mp_init(&dh_p);
-	if (mp_read_unsigned_bin(&dh_p, (unsigned char*)dh_p_val, DH_P_LEN)
-			!= MP_OKAY) {
-		dropbear_exit("Diffie-Hellman error");
-	}
+	bytes_to_mp(&dh_p, dh_p_val, DH_P_LEN);
 
 	/* Check that dh_pub_them (dh_e or dh_f) is in the range [1, p-1] */
 	if (mp_cmp(dh_pub_them, &dh_p) != MP_LT 
@@ -619,7 +607,7 @@ static void read_kex_algos() {
 		erralgo = "kex";
 		goto error;
 	}
-	TRACE(("kex algo %s", algo->name));
+	TRACE(("kex algo %s", algo->name))
 	ses.newkeys->algo_kex = algo->val;
 
 	/* server_host_key_algorithms */
@@ -629,50 +617,56 @@ static void read_kex_algos() {
 		erralgo = "hostkey";
 		goto error;
 	}
-	TRACE(("hostkey algo %s", algo->name));
+	TRACE(("hostkey algo %s", algo->name))
 	ses.newkeys->algo_hostkey = algo->val;
 
 	/* encryption_algorithms_client_to_server */
 	c2s_cipher_algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess);
-	if (algo == NULL) {
+	if (c2s_cipher_algo == NULL) {
 		erralgo = "enc c->s";
 		goto error;
 	}
+	TRACE(("enc c2s is  %s", c2s_cipher_algo->name))
 
 	/* encryption_algorithms_server_to_client */
 	s2c_cipher_algo = ses.buf_match_algo(ses.payload, sshciphers, &goodguess);
-	if (algo == NULL) {
+	if (s2c_cipher_algo == NULL) {
 		erralgo = "enc s->c";
 		goto error;
 	}
+	TRACE(("enc s2c is  %s", s2c_cipher_algo->name))
 
 	/* mac_algorithms_client_to_server */
 	c2s_hash_algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess);
-	if (algo == NULL) {
+	if (c2s_hash_algo == NULL) {
 		erralgo = "mac c->s";
 		goto error;
 	}
+	TRACE(("hash c2s is  %s", c2s_hash_algo->name))
 
 	/* mac_algorithms_server_to_client */
 	s2c_hash_algo = ses.buf_match_algo(ses.payload, sshhashes, &goodguess);
-	if (algo == NULL) {
+	if (s2c_hash_algo == NULL) {
 		erralgo = "mac s->c";
 		goto error;
 	}
+	TRACE(("hash s2c is  %s", s2c_hash_algo->name))
 
 	/* compression_algorithms_client_to_server */
 	c2s_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
-	if (algo == NULL) {
+	if (c2s_comp_algo == NULL) {
 		erralgo = "comp c->s";
 		goto error;
 	}
+	TRACE(("hash c2s is  %s", c2s_comp_algo->name))
 
 	/* compression_algorithms_server_to_client */
 	s2c_comp_algo = ses.buf_match_algo(ses.payload, sshcompress, &goodguess);
-	if (algo == NULL) {
+	if (s2c_comp_algo == NULL) {
 		erralgo = "comp s->c";
 		goto error;
 	}
+	TRACE(("hash s2c is  %s", s2c_comp_algo->name))
 
 	/* languages_client_to_server */
 	buf_eatstring(ses.payload);
@@ -681,7 +675,7 @@ static void read_kex_algos() {
 	buf_eatstring(ses.payload);
 
 	/* first_kex_packet_follows */
-	if (buf_getbyte(ses.payload)) {
+	if (buf_getbool(ses.payload)) {
 		ses.kexstate.firstfollows = 1;
 		/* if the guess wasn't good, we ignore the packet sent */
 		if (!allgood) {
@@ -715,13 +709,6 @@ static void read_kex_algos() {
 		ses.newkeys->trans_algo_comp = s2c_comp_algo->val;
 	}
 
-	TRACE(("enc algo recv %s", algo->name));
-	TRACE(("enc algo trans %s", algo->name));
-	TRACE(("mac algo recv %s", algo->name));
-	TRACE(("mac algo trans %s", algo->name));
-	TRACE(("comp algo recv %s", algo->name));
-	TRACE(("comp algo trans %s", algo->name));
-
 	/* reserved for future extensions */
 	buf_getint(ses.payload);
 	return;

common-session.c

@@ -52,7 +52,7 @@ int exitflag = 0; /* GLOBAL */
 /* called only at the start of a session, set up initial state */
 void common_session_init(int sock, char* remotehost) {
 
-	TRACE(("enter session_init"));
+	TRACE(("enter session_init"))
 
 	ses.remotehost = remotehost;
 
@@ -62,7 +62,6 @@ void common_session_init(int sock, char* remotehost) {
 	ses.connecttimeout = 0;
 	
 	kexfirstinitialise(); /* initialise the kex state */
-	chaninitialise(); /* initialise the channel state */
 
 	ses.writepayload = buf_new(MAX_TRANS_PAYLOAD_LEN);
 	ses.transseq = 0;
@@ -72,6 +71,8 @@ void common_session_init(int sock, char* remotehost) {
 	ses.payload = NULL;
 	ses.recvseq = 0;
 
+	initqueue(&ses.writequeue);
+
 	ses.requirenext = SSH_MSG_KEXINIT;
 	ses.dataallowed = 0; /* don't send data yet, we'll wait until after kex */
 	ses.ignorenext = 0;
@@ -108,7 +109,7 @@ void common_session_init(int sock, char* remotehost) {
 	ses.allowprivport = 0;
 
 
-	TRACE(("leave session_init"));
+	TRACE(("leave session_init"))
 }
 
 void session_loop(void(*loophandler)()) {
@@ -124,7 +125,7 @@ void session_loop(void(*loophandler)()) {
 		timeout.tv_usec = 0;
 		FD_ZERO(&writefd);
 		FD_ZERO(&readfd);
-		assert(ses.payload == NULL);
+		dropbear_assert(ses.payload == NULL);
 		if (ses.sock != -1) {
 			FD_SET(ses.sock, &readfd);
 			if (!isempty(&ses.writequeue)) {
@@ -160,7 +161,7 @@ void session_loop(void(*loophandler)()) {
 		
 		if (val == 0) {
 			/* timeout */
-			TRACE(("select timeout"));
+			TRACE(("select timeout"))
 			continue;
 		}
 
@@ -199,11 +200,11 @@ void session_loop(void(*loophandler)()) {
 /* clean up a session on exit */
 void common_session_cleanup() {
 	
-	TRACE(("enter session_cleanup"));
+	TRACE(("enter session_cleanup"))
 	
 	/* we can't cleanup if we don't know the session state */
 	if (!sessinitdone) {
-		TRACE(("leave session_cleanup: !sessinitdone"));
+		TRACE(("leave session_cleanup: !sessinitdone"))
 		return;
 	}
 	
@@ -213,7 +214,7 @@ void common_session_cleanup() {
 
 	chancleanup();
 
-	TRACE(("leave session_cleanup"));
+	TRACE(("leave session_cleanup"))
 }
 
 
@@ -231,10 +232,8 @@ void session_identification() {
 		dropbear_exit("Error writing ident string");
 	}
 
-	/* We allow up to 9 lines before the actual version string, to
-	 * account for wrappers/cruft etc. According to the spec only the client
-	 * needs to handle this, but no harm in letting the server handle it too */
-	for (i = 0; i < 10; i++) {
+    /* If they send more than 50 lines, something is wrong */
+	for (i = 0; i < 50; i++) {
 		len = ident_readln(ses.sock, linebuf, sizeof(linebuf));
 
 		if (len < 0 && errno != EINTR) {
@@ -250,7 +249,7 @@ void session_identification() {
 	}
 
 	if (!done) {
-		TRACE(("err: %s for '%s'\n", strerror(errno), linebuf));
+		TRACE(("err: %s for '%s'\n", strerror(errno), linebuf))
 		dropbear_exit("Failed to get remote version");
 	} else {
 		/* linebuf is already null terminated */
@@ -258,7 +257,13 @@ void session_identification() {
 		memcpy(ses.remoteident, linebuf, len);
 	}
 
-	TRACE(("remoteident: %s", ses.remoteident));
+    /* Shall assume that 2.x will be backwards compatible. */
+    if (strncmp(ses.remoteident, "SSH-2.", 6) != 0
+            && strncmp(ses.remoteident, "SSH-1.99-", 9) != 0) {
+        dropbear_exit("Incompatible remote version '%s'", ses.remoteident);
+    }
+
+	TRACE(("remoteident: %s", ses.remoteident))
 
 }
 
@@ -272,7 +277,7 @@ static int ident_readln(int fd, char* buf, int count) {
 	fd_set fds;
 	struct timeval timeout;
 
-	TRACE(("enter ident_readln"));
+	TRACE(("enter ident_readln"))
 
 	if (count < 1) {
 		return -1;
@@ -293,7 +298,7 @@ static int ident_readln(int fd, char* buf, int count) {
 			if (errno == EINTR) {
 				continue;
 			}
-			TRACE(("leave ident_readln: select error"));
+			TRACE(("leave ident_readln: select error"))
 			return -1;
 		}
 
@@ -311,12 +316,12 @@ static int ident_readln(int fd, char* buf, int count) {
 				if (errno == EINTR) {
 					continue; /* not a real error */
 				}
-				TRACE(("leave ident_readln: read error"));
+				TRACE(("leave ident_readln: read error"))
 				return -1;
 			}
 			if (num == 0) {
 				/* EOF */
-				TRACE(("leave ident_readln: EOF"));
+				TRACE(("leave ident_readln: EOF"))
 				return -1;
 			}
 			if (in == '\n') {
@@ -332,7 +337,7 @@ static int ident_readln(int fd, char* buf, int count) {
 	}
 
 	buf[pos] = '\0';
-	TRACE(("leave ident_readln: return %d", pos+1));
+	TRACE(("leave ident_readln: return %d", pos+1))
 	return pos+1;
 }
 
@@ -361,7 +366,7 @@ static void checktimeouts() {
 	if (!ses.kexstate.sentkexinit
 			&& (secs - ses.kexstate.lastkextime >= KEX_REKEY_TIMEOUT
 			|| ses.kexstate.datarecv+ses.kexstate.datatrans >= KEX_REKEY_DATA)){
-		TRACE(("rekeying after timeout or max data reached"));
+		TRACE(("rekeying after timeout or max data reached"))
 		send_msg_kexinit();
 	}
 }

configure.in

@@ -19,7 +19,7 @@ fi
 AC_SUBST(LD)	
 
 if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then
-	AC_MSG_RESULT(No \$CFLAGS set... using "-Os -W -Wall for GCC")
+	AC_MSG_RESULT(No \$CFLAGS set... using "-Os -W -Wall" for GCC)
 	CFLAGS="-Os -W -Wall"
 fi
 
@@ -117,6 +117,43 @@ AC_ARG_ENABLE(zlib,
 	]
 )
 
+# Check if pam is needed
+AC_ARG_WITH(pam,
+	[  --with-pam=PATH        Use pam in PATH],
+	[
+		# option is given
+		if test -d "$withval/lib"; then
+			LDFLAGS="-L${withval}/lib ${LDFLAGS}"
+		else
+			LDFLAGS="-L${withval} ${LDFLAGS}"
+		fi
+		if test -d "$withval/include"; then
+			CPPFLAGS="-I${withval}/include ${CPPFLAGS}"
+		else
+			CPPFLAGS="-I${withval} ${CPPFLAGS}"
+		fi
+	]
+)
+
+
+AC_ARG_ENABLE(pam,
+	[  --enable-pam          Try to include PAM support],
+	[
+		if test "x$enableval" = "xyes"; then
+			AC_CHECK_LIB(pam, pam_authenticate, , AC_MSG_ERROR([*** PAM missing - install first or check config.log ***]))
+			AC_MSG_RESULT(Enabling PAM)
+		else
+			AC_DEFINE(DISABLE_PAM,, Use PAM)
+			AC_MSG_RESULT(Disabling PAM)
+		fi
+	],
+	[
+		# disable it by default
+		AC_DEFINE(DISABLE_PAM,, Use PAM)
+		AC_MSG_RESULT(Disabling PAM)
+	]
+)
+
 AC_ARG_ENABLE(openpty,
 	[  --disable-openpty       Don't use openpty, use alternative method],
 	[
@@ -169,7 +206,7 @@ AC_ARG_ENABLE(shadow,
 # Checks for header files.
 AC_HEADER_STDC
 AC_HEADER_SYS_WAIT
-AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h string.h sys/socket.h sys/time.h termios.h unistd.h crypt.h pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h utmpx.h lastlog.h paths.h util.h netdb.h])
+AC_CHECK_HEADERS([fcntl.h limits.h netinet/in.h netinet/tcp.h stdlib.h string.h sys/socket.h sys/time.h termios.h unistd.h crypt.h pty.h ioctl.h libutil.h libgen.h inttypes.h stropts.h utmp.h utmpx.h lastlog.h paths.h util.h netdb.h security/pam_appl.h pam/pam_appl.h netinet/in_systm.h])
 
 # Checks for typedefs, structures, and compiler characteristics.
 AC_C_CONST
@@ -302,8 +339,9 @@ AC_CHECK_MEMBERS([struct utmp.ut_host, struct utmp.ut_pid, struct utmp.ut_type,
 #endif
 ])
 
-AC_CHECK_MEMBERS([struct utmpx.ut_host, struct utmpx.ut_syslen, struct utmpx.ut_type, struct utmpx.ut_id, struct utmpx.ut_addr, struct utmpx.ut_addr_v6, struct utmpx.ut_time, struct utmpx.ut_tv],,,[
+AC_CHECK_MEMBERS([struct utmpx.ut_host, struct utmpx.ut_syslen, struct utmpx.ut_type, struct utmpx.ut_id, struct utmpx.ut_addr, struct utmpx.ut_addr_v6, struct utmpx.ut_time, struct utmpx.ut_tv, struct sockaddr_storage.ss_family, struct sockadd_storage.__family],,,[
 #include <sys/types.h>
+#include <sys/socket.h>
 #if HAVE_UTMPX_H
 #include <utmpx.h>
 #endif
@@ -573,5 +611,7 @@ fi
 AC_EXEEXT
 AC_CONFIG_HEADER(config.h)
 AC_OUTPUT(Makefile)
+AC_OUTPUT(libtomcrypt/Makefile)
+AC_OUTPUT(libtommath/Makefile)
 AC_MSG_RESULT()
 AC_MSG_RESULT(Now edit options.h to choose features.)

dbclient.1

@@ -0,0 +1,74 @@
+.TH dbclient 1
+.SH NAME
+dbclient \- lightweight SSH2 client
+.SH SYNOPSIS
+.B dbclient
+[\-Tt] [\-p
+.I port\fR] [\-i
+.I id\fR] [\-L
+.I l\fR:\fIh\fR:\fIr\fR] [\-R
+.I l\fR:\fIh\fR:\fIr\fR] [\-l
+.IR user ]
+.I host
+.SH DESCRIPTION
+.B dbclient
+is a SSH 2 client designed to be small enough to be used in small memory
+environments, while still being functional and secure enough for general use.
+.SH OPTIONS
+.TP
+.B \-p \fIport
+Remote port.
+Connect to port
+.I port
+on the remote host.
+Default is 22.
+.TP
+.B \-i \fIidfile
+Identity file.
+Read the identity from file
+.I idfile
+(multiple allowed).
+.TP
+.B \-L \fIlocalport\fR:\fIremotehost\fR:\fIremoteport\fR
+Local port forwarding.
+Forward the port
+.I localport
+on the local host to port
+.I remoteport
+on the remote host
+.IR remotehost .
+.TP
+.B \-R \fIlocalport\fR:\fIremotehost\fR:\fIremoteport\fR
+Remote port forwarding.
+Forward the port
+.I remoteport
+on the remote host
+.I remotehost
+to port
+.I localport
+on the local host.
+.TP
+.B \-l \fIuser
+Username.
+Login as
+.I user
+on the remote host.
+.TP
+.B \-t
+Allocate a pty.
+.TP
+.B \-T
+Don't allocate a pty.
+.TP
+.B \-g
+Allow non-local hosts to connect to forwarded ports. Applies to -L and -R
+forwarded ports, though remote connections to -R forwarded ports may be limited
+by the ssh server.
+.SH AUTHOR
+Matt Johnston (matt@ucc.asn.au).
+.br
+Gerrit Pape (pape@smarden.org) wrote this manual page.
+.SH SEE ALSO
+dropbear(8), dropbearkey(8)
+.P
+http://matt.ucc.asn.au/dropbear/dropbear.html

dbutil.c

@@ -70,7 +70,6 @@ void (*_dropbear_log)(int priority, const char* format, va_list param)
 int debug_trace = 0;
 #endif
 
-int usingsyslog = 0; /* set by runopts, but required externally to sessions */
 #ifndef DISABLE_SYSLOG
 void startsyslog() {
 
@@ -111,6 +110,10 @@ static void generic_dropbear_exit(int exitcode, const char* format,
 	exit(exitcode);
 }
 
+void fail_assert(const char* expr, const char* file, int line) {
+	dropbear_exit("failed assertion (%s:%d): `%s'", file, line, expr);
+}
+
 static void generic_dropbear_log(int UNUSED(priority), const char* format, 
 		va_list param) {
 
@@ -150,8 +153,33 @@ void dropbear_trace(const char* format, ...) {
 }
 #endif /* DEBUG_TRACE */
 
-/* Listen on address:port. Unless address is NULL, in which case listen on
- * everything. If called with address == "", we'll listen on localhost/loopback.
+static void set_sock_priority(int sock) {
+
+	int val;
+
+	/* disable nagle */
+	val = 1;
+	setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val));
+
+	/* set the TOS bit. note that this will fail for ipv6, I can't find any
+	 * equivalent. */
+#ifdef IPTOS_LOWDELAY
+	val = IPTOS_LOWDELAY;
+	setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&val, sizeof(val));
+#endif
+
+#ifdef SO_PRIORITY
+	/* linux specific, sets QoS class.
+	 * 6 looks to be optimal for interactive traffic (see tc-prio(8) ). */
+	val = 6;
+	setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &val, sizeof(val));
+#endif
+
+}
+
+/* Listen on address:port. 
+ * Special cases are address of "" listening on everything,
+ * and address of NULL listening on localhost only.
  * Returns the number of sockets bound on success, or -1 on failure. On
  * failure, if errstring wasn't NULL, it'll be a newly malloced error
  * string.*/
@@ -165,17 +193,23 @@ int dropbear_listen(const char* address, const char* port,
 	int val;
 	int sock;
 
-	TRACE(("enter dropbear_listen"));
+	TRACE(("enter dropbear_listen"))
 	
 	memset(&hints, 0, sizeof(hints));
 	hints.ai_family = AF_UNSPEC; /* TODO: let them flag v4 only etc */
 	hints.ai_socktype = SOCK_STREAM;
 
-	if (address && address[0] == '\0') {
-		TRACE(("dropbear_listen: local loopback"));
-		address = NULL;
+	// for calling getaddrinfo:
+	// address == NULL and !AI_PASSIVE: local loopback
+	// address == NULL and AI_PASSIVE: all interfaces
+	// address != NULL: whatever the address says
+	if (!address) {
+		TRACE(("dropbear_listen: local loopback"))
 	} else {
-		TRACE(("dropbear_listen: not local loopback"));
+		if (address[0] == '\0') {
+			TRACE(("dropbear_listen: all interfaces"))
+			address = NULL;
+		}
 		hints.ai_flags = AI_PASSIVE;
 	}
 	err = getaddrinfo(address, port, &hints, &res0);
@@ -187,7 +221,11 @@ int dropbear_listen(const char* address, const char* port,
 			*errstring = (char*)m_malloc(len);
 			snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err));
 		}
-		TRACE(("leave dropbear_listen: failed resolving"));
+		if (res0) {
+			freeaddrinfo(res0);
+			res0 = NULL;
+		}
+		TRACE(("leave dropbear_listen: failed resolving"))
 		return -1;
 	}
 
@@ -204,7 +242,7 @@ int dropbear_listen(const char* address, const char* port,
 
 		if (sock < 0) {
 			err = errno;
-			TRACE(("socket() failed"));
+			TRACE(("socket() failed"))
 			continue;
 		}
 
@@ -216,20 +254,19 @@ int dropbear_listen(const char* address, const char* port,
 		linger.l_linger = 5;
 		setsockopt(sock, SOL_SOCKET, SO_LINGER, (void*)&linger, sizeof(linger));
 
-		/* disable nagle */
-		setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&val, sizeof(val));
+		set_sock_priority(sock);
 
 		if (bind(sock, res->ai_addr, res->ai_addrlen) < 0) {
 			err = errno;
 			close(sock);
-			TRACE(("bind(%s) failed", port));
+			TRACE(("bind(%s) failed", port))
 			continue;
 		}
 
 		if (listen(sock, 20) < 0) {
 			err = errno;
 			close(sock);
-			TRACE(("listen() failed"));
+			TRACE(("listen() failed"))
 			continue;
 		}
 
@@ -238,18 +275,23 @@ int dropbear_listen(const char* address, const char* port,
 		nsock++;
 	}
 
+	if (res0) {
+		freeaddrinfo(res0);
+		res0 = NULL;
+	}
+
 	if (nsock == 0) {
 		if (errstring != NULL && *errstring == NULL) {
 			int len;
 			len = 20 + strlen(strerror(err));
 			*errstring = (char*)m_malloc(len);
 			snprintf(*errstring, len, "Error listening: %s", strerror(err));
-			TRACE(("leave dropbear_listen: failure, %s", strerror(err)));
+			TRACE(("leave dropbear_listen: failure, %s", strerror(err)))
 			return -1;
 		}
 	}
 
-	TRACE(("leave dropbear_listen: success, %d socks bound", nsock));
+	TRACE(("leave dropbear_listen: success, %d socks bound", nsock))
 	return nsock;
 }
 
@@ -265,7 +307,7 @@ int connect_remote(const char* remotehost, const char* remoteport,
 	int sock;
 	int err;
 
-	TRACE(("enter connect_remote"));
+	TRACE(("enter connect_remote"))
 
 	if (errstring != NULL) {
 		*errstring = NULL;
@@ -283,7 +325,7 @@ int connect_remote(const char* remotehost, const char* remoteport,
 			*errstring = (char*)m_malloc(len);
 			snprintf(*errstring, len, "Error resolving: %s", gai_strerror(err));
 		}
-		TRACE(("Error resolving: %s", gai_strerror(err)));
+		TRACE(("Error resolving: %s", gai_strerror(err)))
 		return -1;
 	}
 
@@ -304,14 +346,14 @@ int connect_remote(const char* remotehost, const char* remoteport,
 				if (errstring != NULL && *errstring == NULL) {
 					*errstring = m_strdup("Failed non-blocking");
 				}
-				TRACE(("Failed non-blocking: %s", strerror(errno)));
+				TRACE(("Failed non-blocking: %s", strerror(errno)))
 				continue;
 			}
 		}
 
 		if (connect(sock, res->ai_addr, res->ai_addrlen) < 0) {
 			if (errno == EINPROGRESS && nonblocking) {
-				TRACE(("Connect in progress"));
+				TRACE(("Connect in progress"))
 				break;
 			} else {
 				err = errno;
@@ -332,11 +374,10 @@ int connect_remote(const char* remotehost, const char* remoteport,
 			*errstring = (char*)m_malloc(len);
 			snprintf(*errstring, len, "Error connecting: %s", strerror(err));
 		}
-		TRACE(("Error connecting: %s", strerror(err)));
+		TRACE(("Error connecting: %s", strerror(err)))
 	} else {
 		/* Success */
-		/* (err is used as a dummy var here) */
-		setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void*)&err, sizeof(err));
+		set_sock_priority(sock);
 	}
 
 	freeaddrinfo(res0);
@@ -344,7 +385,7 @@ int connect_remote(const char* remotehost, const char* remoteport,
 		m_free(*errstring);
 	}
 
-	TRACE(("leave connect_remote: sock %d\n", sock));
+	TRACE(("leave connect_remote: sock %d\n", sock))
 	return sock;
 }
 
@@ -358,6 +399,16 @@ unsigned char * getaddrstring(struct sockaddr_storage* addr, int withport) {
 	unsigned int len;
 
 	len = sizeof(struct sockaddr_storage);
+	/* Some platforms such as Solaris 8 require that len is the length
+	 * of the specific structure. */
+	if (addr->ss_family == AF_INET) {
+		len = sizeof(struct sockaddr_in);
+	}
+#ifdef AF_INET6
+	if (addr->ss_family == AF_INET6) {
+		len = sizeof(struct sockaddr_in6);
+	}
+#endif
 
 	ret = getnameinfo((struct sockaddr*)addr, len, hbuf, sizeof(hbuf), 
 			sbuf, sizeof(sbuf), NI_NUMERICSERV | NI_NUMERICHOST);
@@ -388,11 +439,27 @@ char* getaddrhostname(struct sockaddr_storage * addr) {
 	char sbuf[NI_MAXSERV];
 	int ret;
 	unsigned int len;
+#ifdef DO_HOST_LOOKUP
+	const int flags = NI_NUMERICSERV;
+#else
+	const int flags = NI_NUMERICHOST | NI_NUMERICSERV;
+#endif
 
 	len = sizeof(struct sockaddr_storage);
+	/* Some platforms such as Solaris 8 require that len is the length
+	 * of the specific structure. */
+	if (addr->ss_family == AF_INET) {
+		len = sizeof(struct sockaddr_in);
+	}
+#ifdef AF_INET6
+	if (addr->ss_family == AF_INET6) {
+		len = sizeof(struct sockaddr_in6);
+	}
+#endif
+
 
 	ret = getnameinfo((struct sockaddr*)addr, len, hbuf, sizeof(hbuf),
-			sbuf, sizeof(sbuf), NI_NUMERICSERV);
+			sbuf, sizeof(sbuf), flags);
 
 	if (ret != 0) {
 		/* On some systems (Darwin does it) we get EINTR from getnameinfo
@@ -405,10 +472,11 @@ char* getaddrhostname(struct sockaddr_storage * addr) {
 }
 
 #ifdef DEBUG_TRACE
-void printhex(unsigned char* buf, int len) {
+void printhex(const char * label, const unsigned char * buf, int len) {
 
 	int i;
 
+	fprintf(stderr, "%s\n", label);
 	for (i = 0; i < len; i++) {
 		fprintf(stderr, "%02x", buf[i]);
 		if (i % 16 == 15) {
@@ -484,7 +552,7 @@ int buf_getline(buffer * line, FILE * authfile) {
 
 	int c = EOF;
 
-	TRACE(("enter buf_getline"));
+	TRACE(("enter buf_getline"))
 
 	buf_setpos(line, 0);
 	buf_setlen(line, 0);
@@ -499,42 +567,38 @@ int buf_getline(buffer * line, FILE * authfile) {
 		buf_putbyte(line, (unsigned char)c);
 	}
 
-	TRACE(("leave getauthline: line too long"));
+	TRACE(("leave getauthline: line too long"))
 	/* We return success, but the line length will be zeroed - ie we just
 	 * ignore that line */
 	buf_setlen(line, 0);
 
 out:
 
-	buf_setpos(line, 0);
 
 	/* if we didn't read anything before EOF or error, exit */
 	if (c == EOF && line->pos == 0) {
-		TRACE(("leave getauthline: failure"));
+		TRACE(("leave buf_getline: failure"))
 		return DROPBEAR_FAILURE;
 	} else {
-		TRACE(("leave getauthline: success"));
+		TRACE(("leave buf_getline: success"))
+		buf_setpos(line, 0);
 		return DROPBEAR_SUCCESS;
 	}
 
-	TRACE(("leave buf_getline"));
 }	
 #endif
 
-/* loop until the socket is closed (in case of EINTR) or
- * we get and error.
- * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
-int m_close(int fd) {
+/* make sure that the socket closes */
+void m_close(int fd) {
 
 	int val;
 	do {
 		val = close(fd);
 	} while (val < 0 && errno == EINTR);
 
-	if (val == 0 || errno == EBADF) {
-		return DROPBEAR_SUCCESS;
-	} else {
-		return DROPBEAR_FAILURE;
+	if (val < 0 && errno != EBADF) {
+		/* Linux says EIO can happen */
+		dropbear_exit("Error closing fd %d, %s", fd, strerror(errno));
 	}
 }
 	
@@ -545,7 +609,7 @@ void * m_malloc(size_t size) {
 	if (size == 0) {
 		dropbear_exit("m_malloc failed");
 	}
-	ret = malloc(size);
+	ret = calloc(1, size);
 	if (ret == NULL) {
 		dropbear_exit("m_malloc failed");
 	}
@@ -585,6 +649,8 @@ void * m_realloc(void* ptr, size_t size) {
 
 /* Clear the data, based on the method in David Wheeler's
  * "Secure Programming for Linux and Unix HOWTO" */
+/* Beware of calling this from within dbutil.c - things might get
+ * optimised away */
 void m_burn(void *data, unsigned int len) {
 	volatile char *p = data;
 
@@ -598,10 +664,16 @@ void m_burn(void *data, unsigned int len) {
 
 void setnonblocking(int fd) {
 
-	TRACE(("setnonblocking: %d", fd));
+	TRACE(("setnonblocking: %d", fd))
 
 	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0) {
-		dropbear_exit("Couldn't set nonblocking");
+		if (errno == ENODEV) {
+			/* Some devices (like /dev/null redirected in)
+			 * can't be set to non-blocking */
+			TRACE(("ignoring ENODEV for setnonblocking"))
+		} else {
+			dropbear_exit("Couldn't set nonblocking");
+		}
 	}
-	TRACE(("leave setnonblocking"));
+	TRACE(("leave setnonblocking"))
 }

dbutil.h

@@ -39,9 +39,10 @@ extern void (*_dropbear_log)(int priority, const char* format, va_list param);
 void dropbear_exit(const char* format, ...);
 void dropbear_close(const char* format, ...);
 void dropbear_log(int priority, const char* format, ...);
+void fail_assert(const char* expr, const char* file, int line);
 #ifdef DEBUG_TRACE
 void dropbear_trace(const char* format, ...);
-void printhex(unsigned char* buf, int len);
+void printhex(const char * label, const unsigned char * buf, int len);
 extern int debug_trace;
 #endif
 char * stripcontrol(const char * text);
@@ -54,7 +55,7 @@ char* getaddrhostname(struct sockaddr_storage * addr);
 int buf_readfile(buffer* buf, const char* filename);
 int buf_getline(buffer * line, FILE * authfile);
 
-int m_close(int fd);
+void m_close(int fd);
 void * m_malloc(size_t size);
 void * m_strdup(const char * str);
 void * m_realloc(void* ptr, size_t size);
@@ -66,4 +67,7 @@ void setnonblocking(int fd);
 /* Used to force mp_ints to be initialised */
 #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
 
+/* Dropbear assertion */
+#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
+
 #endif /* _DBUTIL_H_ */

debian/README.Debian.diet

@@ -0,0 +1,15 @@
+Building with the diet libc
+---------------------------
+
+This package optionally can be built with the diet libc instead of the
+glibc to provide small statically linked programs.  The resulting package
+has no dependency on any other package.
+
+To use the diet libc, make sure the latest versions of the dietlibc-dev
+package is installed, and set DEB_BUILD_OPTIONS=diet in the environment
+when building the package, e.g.:
+
+ # apt-get install dietlibc-dev
+ $ DEB_BUILD_OPTIONS=diet fakeroot apt-get source -b dropbear
+
+ -- Gerrit Pape <pape@smarden.org>, Sat, 17 Jul 2004 19:09:34 +0000

debian/changelog

@@ -1,35 +1,86 @@
-dropbear (0.44test3-1) unstable; urgency=medium
+dropbear (0.48-0.1) unstable; urgency=high
 
-  * New upstream beta, various useful fixes.
+  * New upstream release.
+  * SECURITY: Improve handling of denial of service attempts from a single IP.
 
- -- Matt Johnston <matt@ucc.asn.au>  Fri, 27 August 2004 22:20:00 +0800
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 8 Mar 2006 19:20:21 +0800
 
-dropbear (0.44test2-1) unstable; urgency=low
+dropbear (0.47-0.1) unstable; urgency=high
 
-  * New upstream beta, various minor fixes.
+  * New upstream release.
+  * SECURITY: Fix incorrect buffer sizing.
 
- -- Matt Johnston <matt@ucc.asn.au>  Tues, 17 August 2004 19:00:00 +0800
+ -- Matt Johnston <matt@ucc.asn.au>  Thu, 8 Dec 2005 19:20:21 +0800
 
-dropbear (0.44test1-1) unstable; urgency=low
+dropbear (0.46-2) unstable; urgency=low
 
-  * Upstream beta 0.44test1
-  * Huge changes to allow client functionality
+  * debian/control: Standards-Version: 3.6.2.1; update descriptions to
+    mention included server and client (thx Tino Keitel).
+  * debian/dropbear.init: allow '/etc/init.d/dropbear stop' even though
+    'NO_START is not set to zero.' (closes: #336723).
 
- -- Matt Johnston <matt@ucc.asn.au>  Sat, 14 August 2004 23:00:00 +0800
+ -- Gerrit Pape <pape@smarden.org>  Tue,  6 Dec 2005 13:30:49 +0000
 
-dropbear (0.43-1) unstable; urgency=high
+dropbear (0.46-1) unstable; urgency=medium
 
-  * New upstream release 0.43
-  * SECURITY: Don't attempt to free uninitialised buffers in DSS verification
-    code
-  * Handle portforwarding to servers which don't send any initial data
-    (Closes: #258426)
+  * New upstream release, various fixes.
+  * debian/diff/dbclient-usage-typo.diff, debian/diff/manpages.diff: remove;
+    obsolete.
+  * debian/dbclient.1: move to ./dbclient.1.
 
- -- Matt Johnston <matt@ucc.asn.au>  Fri, 16 July 2004 17:44:54 +0800
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 8 July 2005 21:32:55 +0800
+
+dropbear (0.45-3) unstable; urgency=low
+
+  * debian/dropbear.init: init script prints human readable message in case
+    it's disabled (closes: #309099).
+  * debian/dropbear.postinst: configure: restart service through init script
+    instead of start.
+  * debian/dropbear.prerm: set -u -> set -e.
+
+ -- Gerrit Pape <pape@smarden.org>  Wed, 25 May 2005 22:38:17 +0000
+
+dropbear (0.45-2) unstable; urgency=low
+
+  * Matt Johnston:
+    * New upstream release, various fixes.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat, 12 Mar 2005 15:17:55 +0000
+
+dropbear (0.44-1) unstable; urgency=low
+
+  * New upstream release.
+  * debian/rules: install /usr/bin/dbclient; handle possible patches more
+    gracefully; install debian/dbclient.1 man page; enable target patch;
+    minor.
+  * debian/implicit: update to revision 1.10.
+  * debian/dbclient.1: new; man page.
+  * debian/diff/dbclient-usage-typo.diff: new; fix typo.
+  * debian/diff/manpages.diff: new; add references to dbclient man page.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat,  8 Jan 2005 22:50:43 +0000
+
+dropbear (0.43-2) unstable; urgency=high
+
+  * Matt Johnston:
+    * New upstream release 0.43
+    * SECURITY: Don't attempt to free uninitialised buffers in DSS verification
+      code
+    * Handle portforwarding to servers which don't send any initial data
+      (Closes: #258426)
+  * debian/dropbear.postinst: remove code causing bothersome warning on
+    package install (closes: #256752).
+  * debian/README.Debian.diet: new; how to build with the diet libc.
+  * debian/dropbear.docs: add debian/README.Debian.diet.
+  * debian/rules: support "diet" in DEB_BUILD_OPTIONS; minor cleanup.
+
+ -- Gerrit Pape <pape@smarden.org>  Sat, 17 Jul 2004 19:31:19 +0000
 
 dropbear (0.42-1) unstable; urgency=low
 
-  * New upstream release 0.42
+  * New upstream release 0.42.
+  * debian/diff/cvs-20040520.diff: remove; obsolete.
+  * debian/rules: disable target patch.
 
  -- Matt Johnston <matt@ucc.asn.au>  Wed, 16 June 2004 12:44:54 +0800
 

debian/control

@@ -3,16 +3,16 @@ Section: net
 Priority: optional
 Maintainer: Gerrit Pape <pape@smarden.org>
 Build-Depends: libz-dev
-Standards-Version: 3.6.1.0
+Standards-Version: 3.6.2.1
 
 Package: dropbear
 Architecture: any
 Depends: ${shlibs:Depends}
 Suggests: ssh, runit
-Description: lightweight SSH2 server
- dropbear is a SSH 2 server designed to be small enough to be used in small
- memory environments, while still being functional and secure enough for
- general use.
+Description: lightweight SSH2 server and client
+ dropbear is a SSH 2 server and client designed to be small enough to
+ be used in small memory environments, while still being functional and
+ secure enough for general use.
  .
  It implements most required features of the SSH 2 protocol, and other
  features such as X11 and authentication agent forwarding.

debian/dropbear.docs

@@ -1,3 +1,4 @@
 README
 TODO
 debian/README.runit
+debian/README.Debian.diet

debian/dropbear.init

@@ -14,10 +14,11 @@ NO_START=0
 
 set -e
 
+cancel() { echo "$1" >&2; exit 0; };
 test ! -r /etc/default/dropbear || . /etc/default/dropbear
-test "$NO_START" = "0" || exit 0
-test -x "$DAEMON" || exit 0
-test ! -h /var/service/dropbear || exit 0
+test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable."
+test ! -h /var/service/dropbear || \
+  cancel '/var/service/dropbear exists, service is controlled through runit.'
 
 test -z "$DROPBEAR_BANNER" || \
   DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
@@ -28,6 +29,7 @@ test -n "$DROPBEAR_DSSKEY" || \
 
 case "$1" in
   start)
+	test "$NO_START" = "0" || cancel 'NO_START is not set to zero.'
 	echo -n "Starting $DESC: "
 	start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \
 	  --exec "$DAEMON" -- -d "$DROPBEAR_DSSKEY" -r "$DROPBEAR_RSAKEY" \
@@ -40,6 +42,7 @@ case "$1" in
 	echo "$NAME."
 	;;
   restart|force-reload)
+	test "$NO_START" = "0" || cancel 'NO_START is not set to zero.'
 	echo -n "Restarting $DESC: "
 	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid
 	sleep 1

debian/dropbear.postinst

@@ -2,7 +2,6 @@
 set -e
 
 test "$1" = 'configure' || exit 0
-test -n "$2" || chown log /etc/dropbear/log/main || true
 
 if test ! -e /etc/dropbear/dropbear_rsa_host_key; then
   if test -f /etc/ssh/ssh_host_rsa_key; then
@@ -61,8 +60,8 @@ fi
 if test -x /etc/init.d/dropbear; then
   update-rc.d dropbear defaults >/dev/null
   if test -x /usr/sbin/invoke-rc.d; then
-    invoke-rc.d dropbear start
+    invoke-rc.d dropbear restart
   else
-    /etc/init.d/dropbear start
+    /etc/init.d/dropbear restart
   fi
 fi

debian/dropbear.prerm

@@ -1,5 +1,5 @@
 #!/bin/sh
-set -u
+set -e
 
 test "$1" = 'remove' || test "$1" = 'deconfigure' || exit 0
 if test -x /etc/init.d/dropbear; then

debian/implicit

@@ -1,4 +1,4 @@
-# $Id: implicit,v 1.1 2004/06/16 05:08:32 matt Exp $
+# $Id: implicit,v 1.10 2004/07/03 15:20:00 pape Exp $
 
 .PHONY: deb-checkdir deb-checkuid
 
@@ -12,6 +12,10 @@ deb-checkuid:
 	  $*.deb-docs-docs $*.deb-docs-examples $*.deb-DEBIAN \
 	  $*.deb-DEBIAN-dir $*.deb-DEBIAN-scripts $*.deb-DEBIAN-md5sums
 
+%.udeb: %.deb-DEBIAN
+	@rm -f $*.deb $*.deb-checkdir $*.deb-DEBIAN $*.deb-DEBIAN-dir \
+	  $*.deb-DEBIAN-scripts $*.deb-DEBIAN-md5sums
+
 %.deb-checkdir:
 	@test -d debian/$* || sh -cx '! : directory debian/$* missing'
 	@test "`id -u`" -eq 0 || sh -cx '! : need root privileges'
@@ -29,6 +33,8 @@ deb-checkuid:
 	@test -r debian/$*/usr/share/doc/$*/changelog || \
 	  sh -cx 'mv debian/$*/usr/share/doc/$*/changelog.Debian \
 	    debian/$*/usr/share/doc/$*/changelog'
+	@test -s debian/$*/usr/share/doc/$*/changelog || \
+	  sh -cx 'rm -f debian/$*/usr/share/doc/$*/changelog'
 	@gzip -9 debian/$*/usr/share/doc/$*/changelog*
 %.deb-docs-docs:
 	@for i in `cat debian/$*.docs 2>/dev/null || :`; do \
@@ -58,13 +64,13 @@ deb-checkuid:
 	@rm -rf debian/$*/DEBIAN
 	: debian/$*/DEBIAN/
 	@install -d -m0755 debian/$*/DEBIAN
-	@for i in conffiles shlibs; do \
+	@for i in conffiles shlibs templates; do \
 	  test ! -r debian/$*.$$i || \
 	    sh -cx "install -m0644 debian/$*.$$i debian/$*/DEBIAN/$$i" \
 	      || exit 1; \
 	done
 %.deb-DEBIAN-scripts:
-	@for i in preinst prerm postinst postrm; do \
+	@for i in preinst prerm postinst postrm config; do \
 	  test ! -r debian/$*.$$i || \
 	    sh -cx "install -m0755 debian/$*.$$i debian/$*/DEBIAN/$$i" \
 	      || exit 1; \

debian/rules

@@ -16,79 +16,89 @@ else
   CFLAGS +=-O2
 endif
 
+CONFFLAGS =
 CC =gcc
 ifneq (,$(findstring diet,$(DEB_BUILD_OPTIONS)))
-  CC =diet -v -Os gcc
+  CONFFLAGS =--disable-zlib
+  CC =diet -v -Os gcc -nostdinc
 endif
 
-DIR=`pwd`/debian/dropbear
+DIR =$(shell pwd)/debian/dropbear
 
 patch: deb-checkdir patch-stamp
 patch-stamp:
-#	no patches for now
-#	for i in debian/diff/*.diff; do patch -p0 <$$i || exit 1; done
+	for i in `ls -1 debian/diff/*.diff || :`; do \
+	  patch -p0 <$$i || exit 1; \
+	done
 	touch patch-stamp
 
 config.status: patch-stamp configure
-	CFLAGS="$(CFLAGS)"' -DSFTPSERVER_PATH="\"/usr/lib/sftp-server\""' \
-	  ./configure --host="$(DEB_HOST_GNU_TYPE)" \
-	    --build="$(DEB_BUILD_GNU_TYPE)" --prefix=/usr \
-	    --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info
+	CC='$(CC)' \
+	CFLAGS='$(CFLAGS)'' -DSFTPSERVER_PATH="\"/usr/lib/sftp-server\""' \
+	  ./configure --host='$(DEB_HOST_GNU_TYPE)' \
+	    --build='$(DEB_BUILD_GNU_TYPE)' --prefix=/usr \
+	    --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \
+	    $(CONFFLAGS)
 
 build: deb-checkdir build-stamp
 build-stamp: config.status
-	$(MAKE) CC="$(CC)" LD="$(CC)"
+	$(MAKE) CC='$(CC)' LD='$(CC)'
 	touch build-stamp
 
 clean: deb-checkdir deb-checkuid
 	-$(MAKE) distclean
-#	test ! -e patch-stamp || \
-#	  for i in debian/diff/*.diff; do patch -p0 -R <$$i; done
+	test ! -e patch-stamp || \
+	  for i in `ls -1r debian/diff/*.diff || :`; do \
+	    patch -p0 -R <$$i; \
+	  done
 	rm -f patch-stamp build-stamp config.log config.status
-	rm -rf "$(DIR)"
+	rm -rf '$(DIR)'
 	rm -f debian/files debian/substvars debian/copyright changelog
 
 install: deb-checkdir deb-checkuid build-stamp
-	rm -rf "$(DIR)"
-	install -d -m0755 "$(DIR)"/etc/dropbear
+	rm -rf '$(DIR)'
+	install -d -m0755 '$(DIR)'/etc/dropbear
 	# programs
-	install -d -m0755 "$(DIR)"/usr/sbin
-	install -m0755 dropbear "$(DIR)"/usr/sbin/dropbear
-	install -d -m0755 "$(DIR)"/usr/bin
-	install -m0755 dbclient "$(DIR)"/usr/bin/dbclient
-	install -m0755 dropbearkey "$(DIR)"/usr/bin/dropbearkey
-	install -d -m0755 "$(DIR)"/usr/lib/dropbear
+	install -d -m0755 '$(DIR)'/usr/sbin
+	install -m0755 dropbear '$(DIR)'/usr/sbin/dropbear
+	install -d -m0755 '$(DIR)'/usr/bin
+	install -m0755 dbclient '$(DIR)'/usr/bin/dbclient
+	install -m0755 dropbearkey '$(DIR)'/usr/bin/dropbearkey
+	install -d -m0755 '$(DIR)'/usr/lib/dropbear
 	install -m0755 dropbearconvert \
-	  "$(DIR)"/usr/lib/dropbear/dropbearconvert
-	$(STRIP) -R .comment -R .note "$(DIR)"/usr/sbin/* \
-	  "$(DIR)"/usr/bin/* "$(DIR)"/usr/lib/dropbear/*
+	  '$(DIR)'/usr/lib/dropbear/dropbearconvert
+	$(STRIP) -R .comment -R .note '$(DIR)'/usr/sbin/* \
+	  '$(DIR)'/usr/bin/* '$(DIR)'/usr/lib/dropbear/*
 	# init and run scripts
-	install -d -m0755 "$(DIR)"/etc/init.d
-	install -m0755 debian/dropbear.init "$(DIR)"/etc/init.d/dropbear
-	install -m0755 debian/service/run "$(DIR)"/etc/dropbear/run
-	install -d -m0755 "$(DIR)"/etc/dropbear/log
-	install -m0755 debian/service/log "$(DIR)"/etc/dropbear/log/run
-	ln -s /var/log/dropbear "$(DIR)"/etc/dropbear/log/main
-	ln -s /var/run/dropbear "$(DIR)"/etc/dropbear/supervise
-	ln -s /var/run/dropbear.log "$(DIR)"/etc/dropbear/log/supervise
+	install -d -m0755 '$(DIR)'/etc/init.d
+	install -m0755 debian/dropbear.init '$(DIR)'/etc/init.d/dropbear
+	install -m0755 debian/service/run '$(DIR)'/etc/dropbear/run
+	install -d -m0755 '$(DIR)'/etc/dropbear/log
+	install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run
+	ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main
+	ln -s /var/run/dropbear '$(DIR)'/etc/dropbear/supervise
+	ln -s /var/run/dropbear.log '$(DIR)'/etc/dropbear/log/supervise
 	# man pages
-	install -d -m0755 "$(DIR)"/usr/share/man/man8
+	install -d -m0755 '$(DIR)'/usr/share/man/man8
 	for i in dropbear.8 dropbearkey.8; do \
-	  install -m644 $$i "$(DIR)"/usr/share/man/man8/ || exit 1; \
+	  install -m644 $$i '$(DIR)'/usr/share/man/man8/ || exit 1; \
 	done
-	gzip -9 "$(DIR)"/usr/share/man/man8/*.8
+	gzip -9 '$(DIR)'/usr/share/man/man8/*.8
+	install -d -m0755 '$(DIR)'/usr/share/man/man1
+	install -m644 dbclient.1 '$(DIR)'/usr/share/man/man1/
+	gzip -9 '$(DIR)'/usr/share/man/man1/*.1
 	# copyright, changelog
 	cat debian/copyright.in LICENSE >debian/copyright
-	ln -s CHANGES changelog
+	test -r changelog || ln -s CHANGES changelog
 
 binary-indep:
 
 binary-arch: install dropbear.deb
-	test "$(CC)" != 'gcc' || \
-	  dpkg-shlibdeps "$(DIR)"/usr/sbin/* "$(DIR)"/usr/bin/* \
-	    "$(DIR)"/usr/lib/dropbear/*
-	dpkg-gencontrol -isp -pdropbear -P"$(DIR)"
-	dpkg -b "$(DIR)" ..
+	test '$(CC)' != 'gcc' || \
+	  dpkg-shlibdeps '$(DIR)'/usr/sbin/* '$(DIR)'/usr/bin/* \
+	    '$(DIR)'/usr/lib/dropbear/*
+	dpkg-gencontrol -isp -pdropbear -P'$(DIR)'
+	dpkg -b '$(DIR)' ..
 
 binary: binary-arch binary-indep
 

debug.h

@@ -39,7 +39,7 @@
  * Caution: Don't use this in an unfriendly environment (ie unfirewalled),
  * since the printing may not sanitise strings etc. This will add a reasonable
  * amount to your executable size. */
-/* #define DEBUG_TRACE */
+/*#define DEBUG_TRACE */
 
 /* All functions writing to the cleartext payload buffer call
  * CHECKCLEARTOWRITE() before writing. This is only really useful if you're
@@ -60,7 +60,7 @@
 
 /* you don't need to touch this block */
 #ifdef DEBUG_TRACE
-#define TRACE(X) (dropbear_trace X)
+#define TRACE(X) dropbear_trace X;
 #else /*DEBUG_TRACE*/
 #define TRACE(X)
 #endif /*DEBUG_TRACE*/

dropbear.8

@@ -0,0 +1,84 @@
+.TH dropbear 8
+.SH NAME
+dropbear \- lightweight SSH2 server
+.SH SYNOPSIS
+.B dropbear
+[\-FEmwsgjki] [\-b
+.I banner\fR] [\-d
+.I dsskey\fR] [\-r
+.I rsakey\fR] [\-p
+.IR port ]
+.SH DESCRIPTION
+.B dropbear
+is a SSH 2 server designed to be small enough to be used in small memory
+environments, while still being functional and secure enough for general use.
+.SH OPTIONS
+.TP
+.B \-b \fIbanner
+bannerfile.
+Display the contents of the file
+.I banner
+before user login (default: none).
+.TP
+.B \-d \fIdsskey
+dsskeyfile.
+Use the contents of the file
+.I dsskey
+for the dss host key (default: /etc/dropbear/dropbear_dss_host_key).
+This file is generated with
+.BR dropbearkey (8).
+.TP
+.B \-r \fIrsakey
+rsakeyfile.
+Use the contents of the file
+.I rsakey
+for the rsa host key (default: /etc/dropbear/dropbear_rsa_host_key).
+This file is generated with
+.BR dropbearkey (8).
+.TP
+.B \-F
+Don't fork into background.
+.TP
+.B \-E
+Log to standard error rather than syslog.
+.TP
+.B \-m
+Don't display the message of the day on login.
+.TP
+.B \-w
+Disallow root logins.
+.TP
+.B \-s
+Disable password logins.
+.TP
+.B \-g
+Disable password logins for root.
+.TP
+.B \-j
+Disable local port forwarding.
+.TP
+.B \-k
+Disable remote port forwarding.
+.TP
+.B \-p \fIport
+Listen on specified tcp port
+.IR port ;
+up to 10 can be specified (default 22 if none specified).
+.TP
+.B \-i
+Service program mode.
+Use this option to run
+.B dropbear
+under TCP/IP servers like inetd, tcpsvd, or tcpserver.
+In program mode the \-F option is implied, and \-p options are ignored.
+.TP
+.B \-a
+Allow remote hosts to connect to forwarded ports.
+.SH AUTHOR
+Matt Johnston (matt@ucc.asn.au).
+.br
+Gerrit Pape (pape@smarden.org) wrote this manual page.
+.SH SEE ALSO
+dropbearkey(8), dbclient(1)
+.P
+http://matt.ucc.asn.au/dropbear/dropbear.html

dropbearkey.8

@@ -0,0 +1,47 @@
+.TH dropbearkey 8
+.SH NAME
+dropbearkey \- create private keys for the use with dropbear(8)
+.SH SYNOPSIS
+.B dropbearkey
+\-t
+.I type
+\-f
+.I file
+[\-s
+.IR bits ]
+.SH DESCRIPTION
+.B dropbearkey
+generates a type
+.I rsa
+or
+.I dss
+SSH private key, and saves it to a file for the use with the
+.BR dropbear (8)
+SSH 2 server.
+.SH OPTIONS
+.TP
+.B \-t \fItype
+Type of key to generate.
+Must be one of
+.I rsa
+or
+.IR dss .
+.TP
+.B \-f \fIfile
+Write the secret key to the file
+.IR file .
+.TP
+.B \-s \fIbits
+Set the key size to
+.I bits
+bits, should be multiple of 8 (optional).
+.SH EXAMPLE
+ # dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
+.SH AUTHOR
+Matt Johnston (matt@ucc.asn.au).
+.br
+Gerrit Pape (pape@smarden.org) wrote this manual page.
+.SH SEE ALSO
+dropbear(8), dbclient(1)
+.P
+http://matt.ucc.asn.au/dropbear/dropbear.html

dropbearkey.c

@@ -166,13 +166,13 @@ int main(int argc, char ** argv) {
 #ifdef DROPBEAR_RSA
 		if (strncmp(typetext, "rsa", 3) == 0) {
 			keytype = DROPBEAR_SIGNKEY_RSA;
-			TRACE(("type is rsa"));
+			TRACE(("type is rsa"))
 		}
 #endif
 #ifdef DROPBEAR_DSS
 		if (strncmp(typetext, "dss", 3) == 0) {
 			keytype = DROPBEAR_SIGNKEY_DSS;
-			TRACE(("type is dss"));
+			TRACE(("type is dss"))
 		}
 #endif
 	}

dss.c

@@ -45,8 +45,8 @@
  * Returns DROPBEAR_SUCCESS or DROPBEAR_FAILURE */
 int buf_get_dss_pub_key(buffer* buf, dss_key *key) {
 
-	TRACE(("enter buf_get_dss_pub_key"));
-	assert(key != NULL);
+	TRACE(("enter buf_get_dss_pub_key"))
+	dropbear_assert(key != NULL);
 	key->p = m_malloc(sizeof(mp_int));
 	key->q = m_malloc(sizeof(mp_int));
 	key->g = m_malloc(sizeof(mp_int));
@@ -59,17 +59,17 @@ int buf_get_dss_pub_key(buffer* buf, dss_key *key) {
 	 || buf_getmpint(buf, key->q) == DROPBEAR_FAILURE
 	 || buf_getmpint(buf, key->g) == DROPBEAR_FAILURE
 	 || buf_getmpint(buf, key->y) == DROPBEAR_FAILURE) {
-		TRACE(("leave buf_get_dss_pub_key: failed reading mpints"));
+		TRACE(("leave buf_get_dss_pub_key: failed reading mpints"))
 		return DROPBEAR_FAILURE;
 	}
 
 	if (mp_count_bits(key->p) < MIN_DSS_KEYLEN) {
 		dropbear_log(LOG_WARNING, "DSS key too short");
-		TRACE(("leave buf_get_dss_pub_key: short key"));
+		TRACE(("leave buf_get_dss_pub_key: short key"))
 		return DROPBEAR_FAILURE;
 	}
 
-	TRACE(("leave buf_get_dss_pub_key: success"));
+	TRACE(("leave buf_get_dss_pub_key: success"))
 	return DROPBEAR_SUCCESS;
 }
 
@@ -80,7 +80,7 @@ int buf_get_dss_priv_key(buffer* buf, dss_key *key) {
 
 	int ret = DROPBEAR_FAILURE;
 
-	assert(key != NULL);
+	dropbear_assert(key != NULL);
 
 	ret = buf_get_dss_pub_key(buf, key);
 	if (ret == DROPBEAR_FAILURE) {
@@ -98,9 +98,9 @@ int buf_get_dss_priv_key(buffer* buf, dss_key *key) {
 /* Clear and free the memory used by a public or private key */
 void dss_key_free(dss_key *key) {
 
-	TRACE(("enter dsa_key_free"));
+	TRACE(("enter dsa_key_free"))
 	if (key == NULL) {
-		TRACE(("enter dsa_key_free: key == NULL"));
+		TRACE(("enter dsa_key_free: key == NULL"))
 		return;
 	}
 	if (key->p) {
@@ -124,7 +124,7 @@ void dss_key_free(dss_key *key) {
 		m_free(key->x);
 	}
 	m_free(key);
-	TRACE(("leave dsa_key_free"));
+	TRACE(("leave dsa_key_free"))
 }
 
 /* put the dss public key into the buffer in the required format:
@@ -137,7 +137,7 @@ void dss_key_free(dss_key *key) {
  */
 void buf_put_dss_pub_key(buffer* buf, dss_key *key) {
 
-	assert(key != NULL);
+	dropbear_assert(key != NULL);
 	buf_putstring(buf, SSH_SIGNKEY_DSS, SSH_SIGNKEY_DSS_LEN);
 	buf_putmpint(buf, key->p);
 	buf_putmpint(buf, key->q);
@@ -149,7 +149,7 @@ void buf_put_dss_pub_key(buffer* buf, dss_key *key) {
 /* Same as buf_put_dss_pub_key, but with the private "x" key appended */
 void buf_put_dss_priv_key(buffer* buf, dss_key *key) {
 
-	assert(key != NULL);
+	dropbear_assert(key != NULL);
 	buf_put_dss_pub_key(buf, key);
 	buf_putmpint(buf, key->x);
 
@@ -171,8 +171,8 @@ int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data,
 	char * string = NULL;
 	int stringlen;
 
-	TRACE(("enter buf_dss_verify"));
-	assert(key != NULL);
+	TRACE(("enter buf_dss_verify"))
+	dropbear_assert(key != NULL);
 
 	m_mp_init_multi(&val1, &val2, &val3, &val4, NULL);
 
@@ -190,12 +190,10 @@ int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data,
 	/* create the signature - s' and r' are the received signatures in buf */
 	/* w = (s')-1 mod q */
 	/* let val1 = s' */
-	if (mp_read_unsigned_bin(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE)
-			!= MP_OKAY) {
-		goto out;
-	}
+	bytes_to_mp(&val1, &string[SHA1_HASH_SIZE], SHA1_HASH_SIZE);
+
 	if (mp_cmp(&val1, key->q) != MP_LT) {
-		TRACE(("verify failed, s' >= q"));
+		TRACE(("verify failed, s' >= q"))
 		goto out;
 	}
 	/* let val2 = w = (s')^-1 mod q*/
@@ -205,9 +203,8 @@ int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data,
 
 	/* u1 = ((SHA(M')w) mod q */
 	/* let val1 = SHA(M') = msghash */
-	if (mp_read_unsigned_bin(&val1, msghash, SHA1_HASH_SIZE) != MP_OKAY) {
-		goto out;
-	}
+	bytes_to_mp(&val1, msghash, SHA1_HASH_SIZE);
+
 	/* let val3 = u1 = ((SHA(M')w) mod q */
 	if (mp_mulmod(&val1, &val2, key->q, &val3) != MP_OKAY) {
 		goto out;
@@ -215,12 +212,9 @@ int buf_dss_verify(buffer* buf, dss_key *key, const unsigned char* data,
 
 	/* u2 = ((r')w) mod q */
 	/* let val1 = r' */
-	if (mp_read_unsigned_bin(&val1, &string[0], SHA1_HASH_SIZE)
-			!= MP_OKAY) {
-		goto out;
-	}
+	bytes_to_mp(&val1, &string[0], SHA1_HASH_SIZE);
 	if (mp_cmp(&val1, key->q) != MP_LT) {
-		TRACE(("verify failed, r' >= q"));
+		TRACE(("verify failed, r' >= q"))
 		goto out;
 	}
 	/* let val4 = u2 = ((r')w) mod q */
@@ -261,6 +255,27 @@ out:
 }
 #endif /* DROPBEAR_SIGNKEY_VERIFY */
 
+#ifdef DSS_PROTOK	
+/* convert an unsigned mp into an array of bytes, malloced.
+ * This array must be freed after use, len contains the length of the array,
+ * if len != NULL */
+static unsigned char* mptobytes(mp_int *mp, int *len) {
+	
+	unsigned char* ret;
+	int size;
+
+	size = mp_unsigned_bin_size(mp);
+	ret = m_malloc(size);
+	if (mp_to_unsigned_bin(mp, ret) != MP_OKAY) {
+		dropbear_exit("mem alloc error");
+	}
+	if (len != NULL) {
+		*len = size;
+	}
+	return ret;
+}
+#endif
+
 /* Sign the data presented with key, writing the signature contents
  * to the buffer
  *
@@ -285,8 +300,6 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data,
 	unsigned char *privkeytmp;
 	unsigned char proto_k[SHA512_HASH_SIZE];
 	DEF_MP_INT(dss_protok);
-#else
-	unsigned char kbuf[SHA1_HASH_SIZE];
 #endif
 	DEF_MP_INT(dss_k);
 	DEF_MP_INT(dss_m);
@@ -296,8 +309,8 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data,
 	DEF_MP_INT(dss_s);
 	hash_state hs;
 	
-	TRACE(("enter buf_put_dss_sign"));
-	assert(key != NULL);
+	TRACE(("enter buf_put_dss_sign"))
+	dropbear_assert(key != NULL);
 	
 	/* hash the data */
 	sha1_init(&hs);
@@ -324,22 +337,16 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data,
 
 	/* generate k */
 	m_mp_init(&dss_protok);
-	bytestomp(&dss_protok, proto_k, SHA512_HASH_SIZE);
+	bytes_to_mp(&dss_protok, proto_k, SHA512_HASH_SIZE);
 	mp_mod(&dss_protok, key->q, &dss_k);
 	mp_clear(&dss_protok);
 	m_burn(proto_k, SHA512_HASH_SIZE);
 #else /* DSS_PROTOK not defined*/
-	do {
-		genrandom(kbuf, SHA1_HASH_SIZE);
-		if (mp_read_unsigned_bin(&dss_k, kbuf, SHA1_HASH_SIZE) != MP_OKAY) {
-			dropbear_exit("dss error");
-		}
-	} while (mp_cmp(&dss_k, key->q) == MP_GT || mp_cmp_d(&dss_k, 0) != MP_GT);
-	m_burn(kbuf, SHA1_HASH_SIZE);
+	gen_random_mpint(key->q, &dss_k);
 #endif
 
 	/* now generate the actual signature */
-	bytestomp(&dss_m, msghash, SHA1_HASH_SIZE);
+	bytes_to_mp(&dss_m, msghash, SHA1_HASH_SIZE);
 
 	/* g^k mod p */
 	if (mp_exptmod(key->g, &dss_k, key->p, &dss_temp1) !=  MP_OKAY) {
@@ -373,7 +380,7 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data,
 	buf_putint(buf, 2*SHA1_HASH_SIZE);
 
 	writelen = mp_unsigned_bin_size(&dss_r);
-	assert(writelen <= SHA1_HASH_SIZE);
+	dropbear_assert(writelen <= SHA1_HASH_SIZE);
 	/* need to pad to 160 bits with leading zeros */
 	for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
 		buf_putbyte(buf, 0);
@@ -386,7 +393,7 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data,
 	buf_incrwritepos(buf, writelen);
 
 	writelen = mp_unsigned_bin_size(&dss_s);
-	assert(writelen <= SHA1_HASH_SIZE);
+	dropbear_assert(writelen <= SHA1_HASH_SIZE);
 	/* need to pad to 160 bits with leading zeros */
 	for (i = 0; i < SHA1_HASH_SIZE - writelen; i++) {
 		buf_putbyte(buf, 0);
@@ -398,12 +405,12 @@ void buf_put_dss_sign(buffer* buf, dss_key *key, const unsigned char* data,
 	mp_clear(&dss_s);
 	buf_incrwritepos(buf, writelen);
 
-	mp_clear_multi(&dss_k, &dss_temp1, &dss_temp1, &dss_r, &dss_s,
+	mp_clear_multi(&dss_k, &dss_temp1, &dss_temp2, &dss_r, &dss_s,
 			&dss_m, NULL);
 	
 	/* create the signature to return */
 
-	TRACE(("leave buf_put_dss_sign"));
+	TRACE(("leave buf_put_dss_sign"))
 }
 
 #endif /* DROPBEAR_DSS */

gendss.c

@@ -77,10 +77,7 @@ static void getq(dss_key *key) {
 	buf[0] |= 0x80; /* top bit high */
 	buf[QSIZE-1] |= 0x01; /* bottom bit high */
 
-	if (mp_read_unsigned_bin(key->q, buf, QSIZE) != MP_OKAY) {
-		fprintf(stderr, "dss key generation failed\n");
-		exit(1);
-	}
+	bytes_to_mp(key->q, buf, QSIZE);
 
 	/* 18 rounds are required according to HAC */
 	if (mp_prime_next_prime(key->q, 18, 0) != MP_OKAY) {
@@ -116,10 +113,7 @@ static void getp(dss_key *key, unsigned int size) {
 		buf[0] |= 0x80; /* set the top bit high */
 
 		/* X is a random mp_int */
-		if (mp_read_unsigned_bin(&tempX, buf, size) != MP_OKAY) {
-			fprintf(stderr, "dss key generation failed\n");
-			exit(1);
-		}
+		bytes_to_mp(&tempX, buf, size);
 
 		/* C = X mod 2q */
 		if (mp_mod(&tempX, &temp2q, &tempC) != MP_OKAY) {
@@ -147,6 +141,7 @@ static void getp(dss_key *key, unsigned int size) {
 	} while (!result);
 
 	mp_clear_multi(&tempX, &tempC, &tempP, &temp2q, NULL);
+	m_burn(buf, size);
 	m_free(buf);
 }
 
@@ -189,22 +184,7 @@ static void getg(dss_key * key) {
 
 static void getx(dss_key *key) {
 
-	DEF_MP_INT(val);
-	char buf[QSIZE];
-	
-	m_mp_init(&val);
-	
-	do {
-		genrandom(buf, QSIZE);
-
-		if (mp_read_unsigned_bin(&val, buf, QSIZE) != MP_OKAY) {
-			fprintf(stderr, "dss key generation failed\n");
-		}
-	} while ((mp_cmp_d(&val, 1) == MP_GT) && (mp_cmp(&val, key->q) == MP_LT));
-
-	mp_copy(&val, key->x);
-	mp_clear(&val);
-
+	gen_random_mpint(key->q, key->x);
 }
 
 static void gety(dss_key *key) {

genrsa.c

@@ -108,10 +108,7 @@ static void getrsaprime(mp_int* prime, mp_int *primeminus,
 		genrandom(buf, size+1);
 		buf[0] |= 0x80; /* MSB set */
 
-		if (mp_read_unsigned_bin(prime, buf, size+1) != MP_OKAY) {
-			fprintf(stderr, "rsa generation failed\n");
-			exit(1);
-		}
+		bytes_to_mp(prime, buf, size+1);
 
 		/* find the next integer which is prime, 8 round of miller-rabin */
 		if (mp_prime_next_prime(prime, 8, 0) != MP_OKAY) {

includes.h

@@ -44,7 +44,6 @@
 #include <fcntl.h>
 #include <grp.h>
 #include <limits.h>
-#include <netinet/in.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdlib.h>
@@ -57,8 +56,6 @@
 #include <stdarg.h>
 #include <dirent.h>
 
-#include <arpa/inet.h>
-
 #ifdef HAVE_UTMP_H
 #include <utmp.h>
 #endif
@@ -75,10 +72,20 @@
 #include <lastlog.h>
 #endif
 
+#include <arpa/inet.h>
+
 #ifdef HAVE_NETINET_IN_H
 #include <netinet/in.h>
 #endif
 
+/* netbsd 1.6 needs this to be included before netinet/ip.h for some
+ * undocumented reason */
+#ifdef HAVE_NETINET_IN_SYSTM_H
+#include <netinet/in_systm.h>
+#endif
+
+#include <netinet/ip.h>
+
 #ifdef HAVE_NETINET_TCP_H
 #include <netinet/tcp.h>
 #endif
@@ -111,7 +118,7 @@
 #include <libgen.h>
 #endif
 
-#include "libtomcrypt/mycrypt_custom.h"
+#include "libtomcrypt/src/headers/tomcrypt.h"
 #include "libtommath/tommath.h"
 
 #include "compat.h"
@@ -128,6 +135,13 @@ typedef u_int16_t uint16_t;
 #define LOG_AUTHPRIV LOG_AUTH
 #endif
 
+/* glibc 2.1.3 systems have sockaddr_storage.__ss_family rather than
+ * sockaddr_storage.ss_family */
+#if !defined(HAVE_STRUCT_SOCKADDR_STORAGE_SS_FAMILY) \
+    && defined(HAVE_STRUCT_SOCKADDR_STORAGE___SS_FAMILY)
+#define ss_family __ss_family
+#endif
+
 /* so we can avoid warnings about unused params (ie in signal handlers etc) */
 #ifdef UNUSED 
 #elif defined(__GNUC__) 

kex.h

@@ -37,15 +37,10 @@ void gen_kexdh_vals(mp_int *dh_pub, mp_int *dh_priv);
 void kexdh_comb_key(mp_int *dh_pub_us, mp_int *dh_priv, mp_int *dh_pub_them,
 		sign_key *hostkey);
 
-void recv_msg_kexdh_init(); // server
+void recv_msg_kexdh_init(); /* server */
 
-void send_msg_kexdh_init(); // client
-void recv_msg_kexdh_reply(); // client
-
-extern const unsigned char dh_p_val[];
-#define DH_P_LEN 128 /* The length of the dh_p_val array */
-
-extern const int DH_G_VAL; /* == 2 */
+void send_msg_kexdh_init(); /* client */
+void recv_msg_kexdh_reply(); /* client */
 
 struct KEXState {
 

keyimport.c

@@ -173,6 +173,8 @@ static int dropbear_write(const char*filename, sign_key * key) {
 		buf_incrpos(buf, len);
 	} while (len > 0 && buf->len != buf->pos);
 
+	fclose(fp);
+
 	if (buf->pos != buf->len) {
 		ret = 0;
 	} else {
@@ -203,7 +205,7 @@ static void base64_encode_fp(FILE * fp, unsigned char *data,
 	unsigned long outlen;
 	int rawcpl;
 	rawcpl = cpl * 3 / 4;
-	assert((unsigned int)cpl < sizeof(out));
+	dropbear_assert((unsigned int)cpl < sizeof(out));
 
     while (datalen > 0) {
 		n = (datalen < rawcpl ? datalen : rawcpl);
@@ -714,7 +716,7 @@ static int openssh_write(const char *filename, sign_key *key,
 	}
 #endif
 
-	assert(keytype != -1);
+	dropbear_assert(keytype != -1);
 
 	/*
 	 * Fetch the key blobs.
@@ -913,7 +915,7 @@ static int openssh_write(const char *filename, sign_key *key,
 	 * with the same value. Those are all removed and the rest is
 	 * returned.
 	 */
-	assert(pos == len);
+	dropbear_assert(pos == len);
 	while (pos < outlen) {
 		outblob[pos++] = outlen - len;
 	}
@@ -1491,7 +1493,7 @@ sign_key *sshcom_read(const char *filename, char *passphrase)
 		privlen = pos - publen;
 	}
 
-	assert(privlen > 0);			   /* should have bombed by now if not */
+	dropbear_assert(privlen > 0);			   /* should have bombed by now if not */
 
 	retkey = snew(struct ssh2_userkey);
 	retkey->alg = alg;
@@ -1557,7 +1559,7 @@ int sshcom_write(const char *filename, sign_key *key,
 		pos += ssh2_read_mpint(privblob+pos, privlen-pos, &q);
 		pos += ssh2_read_mpint(privblob+pos, privlen-pos, &iqmp);
 
-		assert(e.start && iqmp.start); /* can't go wrong */
+		dropbear_assert(e.start && iqmp.start); /* can't go wrong */
 
 		numbers[0] = e;
 		numbers[1] = d;
@@ -1581,7 +1583,7 @@ int sshcom_write(const char *filename, sign_key *key,
 		pos = 0;
 		pos += ssh2_read_mpint(privblob+pos, privlen-pos, &x);
 
-		assert(y.start && x.start); /* can't go wrong */
+		dropbear_assert(y.start && x.start); /* can't go wrong */
 
 		numbers[0] = p;
 		numbers[1] = g;
@@ -1593,7 +1595,7 @@ int sshcom_write(const char *filename, sign_key *key,
 		initial_zero = 1;
 		type = "dl-modp{sign{dsa-nist-sha1},dh{plain}}";
 	} else {
-		assert(0);					 /* zoinks! */
+		dropbear_assert(0);					 /* zoinks! */
 	}
 
 	/*
@@ -1637,13 +1639,13 @@ int sshcom_write(const char *filename, sign_key *key,
 	}
 	ciphertext = (char *)outblob+lenpos+4;
 	cipherlen = pos - (lenpos+4);
-	assert(!passphrase || cipherlen % 8 == 0);
+	dropbear_assert(!passphrase || cipherlen % 8 == 0);
 	/* Wrap up the encrypted blob string. */
 	PUT_32BIT(outblob+lenpos, cipherlen);
 	/* And finally fill in the total length field. */
 	PUT_32BIT(outblob+4, pos);
 
-	assert(pos < outlen);
+	dropbear_assert(pos < outlen);
 
 	/*
 	 * Encrypt the key.

libtomcrypt/LICENSE

@@ -0,0 +1,5 @@
+LibTomCrypt is public domain.  As should all quality software be.
+
+Tom St Denis
+
+

libtomcrypt/Makefile.in

@@ -0,0 +1,282 @@
+# MAKEFILE for linux GCC
+#
+# Tom St Denis
+# Modified by Clay Culver
+
+# The version
+VERSION=1.05
+
+VPATH=@srcdir@
+srcdir=@srcdir@
+
+# Compiler and Linker Names
+#CC=gcc
+#LD=ld
+
+# Archiver [makes .a files]
+#AR=ar
+#ARFLAGS=r
+
+# Compilation flags. Note the += does not write over the user's CFLAGS!
+# The rest of the flags come from the parent Dropbear makefile
+CFLAGS += -c -I$(srcdir)/src/headers/ -I$(srcdir)/../
+
+# additional warnings (newer GCC 3.4 and higher)
+#CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
+#		  -Wmissing-declarations -Wpointer-arith 
+
+# optimize for SPEED
+#CFLAGS += -O3 -funroll-loops
+
+# add -fomit-frame-pointer.  hinders debugging!
+#CFLAGS += -fomit-frame-pointer
+
+# optimize for SIZE
+#CFLAGS += -Os -DLTC_SMALL_CODE
+
+# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
+# define this to help
+#CFLAGS += -DLTC_NO_ROLC
+
+# compile for DEBUGING (required for ccmalloc checking!!!)
+#CFLAGS += -g3 -DLTC_NO_ASM
+
+#Output filenames for various targets.
+LIBNAME=libtomcrypt.a
+LIBTEST=testprof/libtomcrypt_prof.a
+HASH=hashsum
+CRYPT=encrypt
+SMALL=small
+PROF=x86_prof
+TV=tv_gen
+MULTI=multi
+TIMING=timing
+TEST=test
+
+#LIBPATH-The directory for libtomcrypt to be installed to.
+#INCPATH-The directory to install the header files for libtomcrypt.
+#DATAPATH-The directory to install the pdf docs.
+DESTDIR=
+LIBPATH=/usr/lib
+INCPATH=/usr/include
+DATAPATH=/usr/share/doc/libtomcrypt/pdf
+
+#Who do we install as?
+ifdef INSTALL_USER
+USER=$(INSTALL_USER)
+else
+USER=root
+endif
+
+ifdef INSTALL_GROUP
+GROUP=$(INSTALL_GROUP)
+else
+GROUP=wheel
+endif
+
+#List of objects to compile.
+
+#Leave MPI built-in or force developer to link against libtommath?
+#MPIOBJECT=src/misc/mpi/mpi.o
+#Dropbear uses libtommath
+MPIOBJECT=
+
+OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \
+src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \
+src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
+src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
+src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
+src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
+src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
+src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \
+src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
+src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \
+src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \
+src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
+src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
+src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
+src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
+src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
+src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
+src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \
+src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
+src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
+src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
+src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
+src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
+src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \
+src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
+src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
+src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
+src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
+src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
+src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
+src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o 
+
+HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h \
+src/headers/tomcrypt_macros.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h src/headers/tommath_class.h \
+src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_misc.h \
+src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+
+TESTOBJECTS=demos/test.o
+HASHOBJECTS=demos/hashsum.o
+CRYPTOBJECTS=demos/encrypt.o
+SMALLOBJECTS=demos/small.o
+TVS=demos/tv_gen.o
+MULTIS=demos/multi.o
+TIMINGS=demos/timing.o
+TESTS=demos/test.o
+
+#Files left over from making the crypt.pdf.
+LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
+
+#Compressed filenames
+COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip
+
+#The default rule for make builds the libtomcrypt library.
+default:library
+
+#ciphers come in two flavours... enc+dec and enc 
+src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
+
+#These are the rules to make certain object files.
+src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
+src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
+src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
+src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
+
+#This rule makes the libtomcrypt library.
+library: $(LIBNAME)
+
+$(LIBTEST): 
+	cd testprof ; CFLAGS="$(CFLAGS)" make 
+
+$(LIBNAME): $(OBJECTS)
+	$(AR) $(ARFLAGS) $@ $(OBJECTS) 
+	$(RANLIB) $(LIBNAME)
+
+#This rule makes the hash program included with libtomcrypt
+hashsum: library $(HASHOBJECTS)
+	$(CC) $(HASHOBJECTS) $(LIBNAME) -o $(HASH) $(WARN)
+
+#makes the crypt program
+crypt: library $(CRYPTOBJECTS)
+	$(CC) $(CRYPTOBJECTS) $(LIBNAME) -o $(CRYPT) $(WARN)
+
+#makes the small program
+small: library $(SMALLOBJECTS)
+	$(CC) $(SMALLOBJECTS) $(LIBNAME) -o $(SMALL) $(WARN)
+	
+tv_gen: library $(TVS)
+	$(CC) $(TVS) $(LIBNAME) -o $(TV)
+
+multi: library $(MULTIS)
+	$(CC) $(MULTIS) $(LIBNAME) -o $(MULTI)
+
+timing: library $(LIBTEST) $(TIMINGS)
+	$(CC) $(TIMINGS) $(LIBTEST) $(LIBNAME) $(EXTRALIBS) -o $(TIMING)
+
+test: library $(LIBTEST) $(TESTS)
+	$(CC) $(TESTS) $(LIBTEST) $(LIBNAME) -o $(TEST)
+
+
+#This rule installs the library and the header files. This must be run
+#as root in order to have a high enough permission to write to the correct
+#directories and to set the owner and group to root.
+install: library docs
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(DATAPATH)
+	install -g $(GROUP) -o $(USER) $(LIBNAME) $(DESTDIR)$(LIBPATH)
+	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
+	install -g $(GROUP) -o $(USER) doc/crypt.pdf $(DESTDIR)$(DATAPATH)
+
+install_test: $(LIBTEST)
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
+	install -g $(GROUP) -o $(USER) $(LIBTEST) $(DESTDIR)$(LIBPATH)
+
+profile:
+	CFLAGS="$(CFLAGS) -fprofile-generate" make timing EXTRALIBS=-lgcov
+	./timing
+	rm -f timing `find . -type f | grep [.][ao] | xargs`
+	CFLAGS="$(CFLAGS) -fprofile-use" make timing EXTRALIBS=-lgcov
+
+
+#This rule cleans the source tree of all compiled code, not including the pdf
+#documentation.
+clean:
+	-rm -f $(OBJECTS)
+	-rm -f libtomcrypt.a
+
+#build the doxy files (requires Doxygen, tetex and patience)
+doxy:
+	doxygen
+	cd doc/doxygen/latex ; make ; mv -f refman.pdf ../../.
+	echo The huge doxygen PDF should be available as doc/refman.pdf
+	
+#This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed
+#from the clean command! This is because most people would like to keep the
+#nice pre-compiled crypt.pdf that comes with libtomcrypt! We only need to
+#delete it if we are rebuilding it.
+docs: crypt.tex
+	rm -f doc/crypt.pdf $(LEFTOVERS)
+	echo "hello" > crypt.ind
+	latex crypt > /dev/null
+	latex crypt > /dev/null
+	makeindex crypt.idx > /dev/null
+	latex crypt > /dev/null
+	dvipdf crypt
+	mv -ivf crypt.pdf doc/crypt.pdf
+	rm -f $(LEFTOVERS)
+
+docdvi: crypt.tex
+	echo hello > crypt.ind
+	latex crypt > /dev/null
+	latex crypt > /dev/null
+	makeindex crypt.idx
+	latex crypt > /dev/null
+
+#zipup the project (take that!)
+no_oops: clean
+	cd .. ; cvs commit 
+	echo Scanning for scratch/dirty files
+	find . -type f | grep -v CVS | xargs -n 1 bash mess.sh
+
+zipup: no_oops docs
+	cd .. ; rm -rf crypt* libtomcrypt-$(VERSION) ; mkdir libtomcrypt-$(VERSION) ; \
+	cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)/ ; \
+	cd libtomcrypt-$(VERSION) ; rm -rf `find . -type d | grep CVS | xargs` ; cd .. ; \
+	tar -cjvf crypt-$(VERSION).tar.bz2 libtomcrypt-$(VERSION) ; \
+	zip -9r crypt-$(VERSION).zip libtomcrypt-$(VERSION) ; \
+	gpg -b -a crypt-$(VERSION).tar.bz2 ; gpg -b -a crypt-$(VERSION).zip ; \
+	mv -fv crypt* ~ ; rm -rf libtomcrypt-$(VERSION)
+
+
+# $Source: /cvs/libtom/libtomcrypt/makefile,v $ 
+# $Revision: 1.70 $ 
+# $Date: 2005/06/19 18:03:24 $ 

libtomcrypt/TODO

@@ -0,0 +1,10 @@
+For 1.06
+
+1. export ECC functions globally [e.g. mulmod and the sets]
+   - goal is tv_gen module and test vectors
+2. ASN.1 SET and T61String
+3. phase out DH code [RSA/ECC/DSA is enough]
+4. Some ASN.1 demo programs [for now read the source code!]
+5. Start working towards making the bignum code plugable
+6. Look into other ECC point muls and consider a "precomp" interface 
+7. Add OID for ciphers and PRNGs to their descriptors

libtomcrypt/build.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+echo "$1 ($2, $3)..."
+make clean 1>/dev/null 2>/dev/null
+echo -n "building..."
+CFLAGS="$2 $CFLAGS" make -j3 -f $3 test tv_gen 1>gcc_1.txt 2>gcc_2.txt || (echo "build $1 failed see gcc_2.txt for more information" && cat gcc_2.txt && exit 1)
+echo -n "testing..."
+if [ -a test ] && [ -f test ] && [ -x test ]; then
+   ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed" && cat test_err.txt && exit 1)
+   if find *_tv.txt -type f 1>/dev/null 2>/dev/null ; then
+      for f in *_tv.txt; do if (diff $f notes/$f) then true; else (echo "tv_gen $f failed" && rm -f testok.txt && exit 1); fi; done
+   fi
+fi
+if [ -a testok.txt ] && [ -f testok.txt ]; then
+   exit 0
+fi
+exit 1
+
+# $Source: /cvs/libtom/libtomcrypt/build.sh,v $   
+# $Revision: 1.5 $   
+# $Date: 2005/06/27 13:04:05 $ 

libtomcrypt/demos/encrypt.c

@@ -0,0 +1,241 @@
+/* encrypt V1.1 Fri Oct 18 04:28:03 NZDT 2002 */
+/* File de/encryption, using libtomcrypt */
+/* Written by Daniel Richards <kyhwana@world-net.co.nz> */
+/* Help from Tom St Denis with various bits */
+/* This code is public domain, no rights reserved. */
+/* Encrypts by default, -d flag enables decryption */
+/* ie: ./encrypt blowfish story.txt story.ct */
+/* ./encrypt -d blowfish story.ct story.pt */
+
+#include <tomcrypt.h>
+
+int errno;
+
+int usage(char *name) 
+{
+   int x;
+
+   printf("Usage: %s [-d](ecrypt) cipher infile outfile\nCiphers:\n", name);
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      printf("%s\n",cipher_descriptor[x].name);
+   }
+   exit(1);
+}
+
+void register_algs(void)
+{
+   int x;
+   
+#ifdef RIJNDAEL
+  register_cipher (&aes_desc);
+#endif
+#ifdef BLOWFISH
+  register_cipher (&blowfish_desc);
+#endif
+#ifdef XTEA
+  register_cipher (&xtea_desc);
+#endif
+#ifdef RC5
+  register_cipher (&rc5_desc);
+#endif
+#ifdef RC6
+  register_cipher (&rc6_desc);
+#endif
+#ifdef SAFERP
+  register_cipher (&saferp_desc);
+#endif
+#ifdef TWOFISH
+  register_cipher (&twofish_desc);
+#endif
+#ifdef SAFER
+  register_cipher (&safer_k64_desc);
+  register_cipher (&safer_sk64_desc);
+  register_cipher (&safer_k128_desc);
+  register_cipher (&safer_sk128_desc);
+#endif
+#ifdef RC2
+  register_cipher (&rc2_desc);
+#endif
+#ifdef DES
+  register_cipher (&des_desc);
+  register_cipher (&des3_desc);
+#endif
+#ifdef CAST5
+  register_cipher (&cast5_desc);
+#endif
+#ifdef NOEKEON
+  register_cipher (&noekeon_desc);
+#endif
+#ifdef SKIPJACK
+  register_cipher (&skipjack_desc);
+#endif
+#ifdef KHAZAD
+  register_cipher (&khazad_desc);
+#endif
+#ifdef ANUBIS
+  register_cipher (&anubis_desc);
+#endif
+
+   if (register_hash(&sha256_desc) == -1) {
+      printf("Error registering SHA256\n");
+      exit(-1);
+   } 
+
+   if (register_prng(&yarrow_desc) == -1) {
+      printf("Error registering yarrow PRNG\n");
+      exit(-1);
+   }
+
+   if (register_prng(&sprng_desc) == -1) {
+      printf("Error registering sprng PRNG\n");
+      exit(-1);
+   }
+}
+
+int main(int argc, char *argv[]) 
+{
+   unsigned char plaintext[512],ciphertext[512];
+   unsigned char tmpkey[512], key[MAXBLOCKSIZE], IV[MAXBLOCKSIZE];
+   unsigned char inbuf[512]; /* i/o block size */
+   unsigned long outlen, y, ivsize, x, decrypt;
+   symmetric_CTR ctr;
+   int cipher_idx, hash_idx, ks;
+   char *infile, *outfile, *cipher;
+   prng_state prng;
+   FILE *fdin, *fdout;
+
+   /* register algs, so they can be printed */
+   register_algs();
+
+   if (argc < 4) {
+      return usage(argv[0]);
+   }
+
+   if (!strcmp(argv[1], "-d")) {
+      decrypt = 1;
+      cipher  = argv[2];
+      infile  = argv[3];
+      outfile = argv[4];
+   } else {
+      decrypt = 0;
+      cipher  = argv[1];
+      infile  = argv[2];
+      outfile = argv[3];
+   }   
+
+   /* file handles setup */
+   fdin = fopen(infile,"rb");
+   if (fdin == NULL) {
+      perror("Can't open input for reading");
+      exit(-1);
+   }
+
+   fdout = fopen(outfile,"wb");
+   if (fdout == NULL) { 
+      perror("Can't open output for writing");
+      exit(-1);
+   }
+ 
+   cipher_idx = find_cipher(cipher);
+   if (cipher_idx == -1) {
+      printf("Invalid cipher entered on command line.\n");
+      exit(-1);
+   }
+
+   hash_idx = find_hash("sha256");
+   if (hash_idx == -1) {
+      printf("SHA256 not found...?\n");
+      exit(-1);
+   }
+
+   ivsize = cipher_descriptor[cipher_idx].block_length;
+   ks = hash_descriptor[hash_idx].hashsize;
+   if (cipher_descriptor[cipher_idx].keysize(&ks) != CRYPT_OK) { 
+      printf("Invalid keysize???\n");
+      exit(-1);
+   }
+
+   printf("\nEnter key: ");
+   fgets((char *)tmpkey,sizeof(tmpkey), stdin);
+   outlen = sizeof(key);
+   if ((errno = hash_memory(hash_idx,tmpkey,strlen((char *)tmpkey),key,&outlen)) != CRYPT_OK) {
+      printf("Error hashing key: %s\n", error_to_string(errno));
+      exit(-1);
+   }
+   
+   if (decrypt) {
+      /* Need to read in IV */
+      if (fread(IV,1,ivsize,fdin) != ivsize) {
+         printf("Error reading IV from input.\n");
+         exit(-1);
+      }
+   
+      if ((errno = ctr_start(cipher_idx,IV,key,ks,0,&ctr)) != CRYPT_OK) {
+         printf("ctr_start error: %s\n",error_to_string(errno));
+         exit(-1);
+      }
+
+      /* IV done */
+      do {
+         y = fread(inbuf,1,sizeof(inbuf),fdin);
+
+         if ((errno = ctr_decrypt(inbuf,plaintext,y,&ctr)) != CRYPT_OK) {
+            printf("ctr_decrypt error: %s\n", error_to_string(errno));
+            exit(-1);
+         }
+
+         if (fwrite(plaintext,1,y,fdout) != y) {
+            printf("Error writing to file.\n");
+            exit(-1);
+         }
+      } while (y == sizeof(inbuf));
+      fclose(fdin);
+      fclose(fdout);
+
+   } else {  /* encrypt */
+      /* Setup yarrow for random bytes for IV */
+      
+      if ((errno = rng_make_prng(128, find_prng("yarrow"), &prng, NULL)) != CRYPT_OK) {
+         printf("Error setting up PRNG, %s\n", error_to_string(errno));
+      }      
+
+      /* You can use rng_get_bytes on platforms that support it */
+      /* x = rng_get_bytes(IV,ivsize,NULL);*/
+      x = yarrow_read(IV,ivsize,&prng);
+      if (x != ivsize) {
+         printf("Error reading PRNG for IV required.\n");
+         exit(-1);
+      }
+   
+      if (fwrite(IV,1,ivsize,fdout) != ivsize) {
+         printf("Error writing IV to output.\n");
+         exit(-1);
+      }
+
+      if ((errno = ctr_start(cipher_idx,IV,key,ks,0,&ctr)) != CRYPT_OK) {
+         printf("ctr_start error: %s\n",error_to_string(errno));
+         exit(-1);
+      }
+
+      do {
+         y = fread(inbuf,1,sizeof(inbuf),fdin);
+
+         if ((errno = ctr_encrypt(inbuf,ciphertext,y,&ctr)) != CRYPT_OK) {
+            printf("ctr_encrypt error: %s\n", error_to_string(errno));
+            exit(-1);
+         }
+
+         if (fwrite(ciphertext,1,y,fdout) != y) {
+            printf("Error writing to output.\n");
+            exit(-1);
+         }
+      } while (y == sizeof(inbuf));   
+      fclose(fdout);
+      fclose(fdin);
+   }
+   return 0;
+}
+
+/* $Source: /cvs/libtom/libtomcrypt/demos/encrypt.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2005/05/05 14:35:56 $ */

libtomcrypt/demos/hashsum.c

@@ -0,0 +1,119 @@
+/*
+ * Written by Daniel Richards <kyhwana@world-net.co.nz> 6/7/2002
+ * hash.c: This app uses libtomcrypt to hash either stdin or a file
+ * This file is Public Domain. No rights are reserved.
+ * Compile with 'gcc hashsum.c -o hashsum -ltomcrypt'
+ * This example isn't really big enough to warrent splitting into
+ * more functions ;)
+*/
+
+#include <tomcrypt.h>
+
+int errno;
+
+void register_algs();
+
+int main(int argc, char **argv)
+{
+   int idx, x, z;
+   unsigned long w;
+   unsigned char hash_buffer[MAXBLOCKSIZE];
+   hash_state md;
+
+   /* You need to register algorithms before using them */
+   register_algs();
+   if (argc < 2) {
+      printf("usage: ./hash algorithm file [file ...]\n");
+      printf("Algorithms:\n");
+      for (x = 0; hash_descriptor[x].name != NULL; x++) {
+         printf(" %s (%d)\n", hash_descriptor[x].name, hash_descriptor[x].ID);
+      }
+      exit(EXIT_SUCCESS);
+   }
+
+   idx = find_hash(argv[1]);
+   if (idx == -1) {
+      fprintf(stderr, "\nInvalid hash specified on command line.\n");
+      return -1;
+   }
+
+   if (argc == 2) {
+      hash_descriptor[idx].init(&md);
+      do {
+         x = fread(hash_buffer, 1, sizeof(hash_buffer), stdin);
+         hash_descriptor[idx].process(&md, hash_buffer, x);
+      } while (x == sizeof(hash_buffer));
+      hash_descriptor[idx].done(&md, hash_buffer);
+      for (x = 0; x < (int)hash_descriptor[idx].hashsize; x++) {
+          printf("%02x",hash_buffer[x]);
+      }
+      printf("  (stdin)\n");
+   } else {
+      for (z = 2; z < argc; z++) {
+         w = sizeof(hash_buffer);
+         if ((errno = hash_file(idx,argv[z],hash_buffer,&w)) != CRYPT_OK) {
+            printf("File hash error: %s\n", error_to_string(errno));
+         } else {
+             for (x = 0; x < (int)hash_descriptor[idx].hashsize; x++) {
+                 printf("%02x",hash_buffer[x]);
+             }
+             printf("  %s\n", argv[z]);
+         }
+      }
+   }
+   return EXIT_SUCCESS;
+}
+
+void register_algs(void)
+{
+  int err;
+
+#ifdef TIGER
+  register_hash (&tiger_desc);
+#endif
+#ifdef MD2
+  register_hash (&md2_desc);
+#endif
+#ifdef MD4
+  register_hash (&md4_desc);
+#endif
+#ifdef MD5
+  register_hash (&md5_desc);
+#endif
+#ifdef SHA1
+  register_hash (&sha1_desc);
+#endif
+#ifdef SHA224
+  register_hash (&sha224_desc);
+#endif
+#ifdef SHA256
+  register_hash (&sha256_desc);
+#endif
+#ifdef SHA384
+  register_hash (&sha384_desc);
+#endif
+#ifdef SHA512
+  register_hash (&sha512_desc);
+#endif
+#ifdef RIPEMD128
+  register_hash (&rmd128_desc);
+#endif
+#ifdef RIPEMD160
+  register_hash (&rmd160_desc);
+#endif
+#ifdef WHIRLPOOL
+  register_hash (&whirlpool_desc);
+#endif
+#ifdef CHC_HASH
+  register_hash(&chc_desc);
+  if ((err = chc_register(register_cipher(&aes_enc_desc))) != CRYPT_OK) {
+     printf("chc_register error: %s\n", error_to_string(err));
+     exit(EXIT_FAILURE);
+  }
+#endif
+
+}
+
+/* $Source: /cvs/libtom/libtomcrypt/demos/hashsum.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2005/05/05 14:35:56 $ */

libtomcrypt/demos/multi.c

@@ -0,0 +1,110 @@
+/* test the multi helpers... */
+#include <tomcrypt.h>
+
+int main(void)
+{
+   unsigned char key[16], buf[2][MAXBLOCKSIZE];
+   unsigned long len, len2;
+
+
+/* register algos */
+   register_hash(&sha256_desc);
+   register_cipher(&aes_desc);
+
+/* HASH testing */
+   len = sizeof(buf[0]);
+   hash_memory(find_hash("sha256"), "hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   hash_memory_multi(find_hash("sha256"), buf[1], &len2, "hello", 5, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hash_memory_multi(find_hash("sha256"), buf[1], &len2, "he", 2, "llo", 3, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hash_memory_multi(find_hash("sha256"), buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+/* HMAC */
+   len = sizeof(buf[0]);
+   hmac_memory(find_hash("sha256"), key, 16, "hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "hello", 5, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+/* OMAC */
+   len = sizeof(buf[0]);
+   omac_memory(find_cipher("aes"), key, 16, "hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "hello", 5, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+/* PMAC */
+   len = sizeof(buf[0]);
+   pmac_memory(find_cipher("aes"), key, 16, "hello", 5, buf[0], &len);
+   len2 = sizeof(buf[0]);
+   pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "hello", 5, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+   len2 = sizeof(buf[0]);
+   pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
+   if (len != len2 || memcmp(buf[0], buf[1], len)) {
+      printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
+      return EXIT_FAILURE;
+   }
+
+
+   printf("All passed\n");
+   return EXIT_SUCCESS;
+}
+
+
+/* $Source: /cvs/libtom/libtomcrypt/demos/multi.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2005/05/05 14:35:56 $ */

libtomcrypt/demos/small.c

@@ -0,0 +1,14 @@
+// small demo app that just includes a cipher/hash/prng
+#include <tomcrypt.h>
+
+int main(void)
+{
+   register_cipher(&rijndael_enc_desc);
+   register_prng(&yarrow_desc);
+   register_hash(&sha256_desc);
+   return 0;
+}
+
+/* $Source: /cvs/libtom/libtomcrypt/demos/small.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2005/05/05 14:35:56 $ */

libtomcrypt/demos/test.c

@@ -0,0 +1,24 @@
+#include <tomcrypt_test.h>
+
+int main(void)
+{
+   int x;
+   reg_algs();
+   printf("build == \n%s\n", crypt_build_settings);
+   printf("\nstore_test...."); fflush(stdout); x = store_test();       printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE);
+   printf("\ncipher_test..."); fflush(stdout); x = cipher_hash_test(); printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE);
+   printf("\nmodes_test...."); fflush(stdout); x = modes_test();       printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE);
+   printf("\nder_test......"); fflush(stdout); x = der_tests();        printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE);
+   printf("\nmac_test......"); fflush(stdout); x = mac_test();         printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE);
+   printf("\npkcs_1_test..."); fflush(stdout); x = pkcs_1_test();      printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE);
+   printf("\nrsa_test......"); fflush(stdout); x = rsa_test();         printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE);
+   printf("\necc_test......"); fflush(stdout); x = ecc_tests();        printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE);
+   printf("\ndsa_test......"); fflush(stdout); x = dsa_test();         printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE);
+   printf("\ndh_test......."); fflush(stdout); x = dh_tests();         printf(x ? "failed" : "passed");if (x) exit(EXIT_FAILURE);
+   printf("\n");
+   return EXIT_SUCCESS;
+}
+
+/* $Source: /cvs/libtom/libtomcrypt/demos/test.c,v $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2005/06/19 12:06:58 $ */

libtomcrypt/demos/timing.c

@@ -0,0 +1,26 @@
+#include <tomcrypt_test.h>
+
+int main(void)
+{
+init_timer();
+reg_algs();
+time_keysched();
+time_cipher();
+time_cipher2();
+time_cipher3();
+time_hash();
+time_macs();
+time_encmacs();
+time_prng();
+time_mult();
+time_sqr();
+time_rsa();
+time_ecc();
+time_dh();
+return EXIT_SUCCESS;
+
+}
+
+/* $Source: /cvs/libtom/libtomcrypt/demos/timing.c,v $ */
+/* $Revision: 1.17 $ */
+/* $Date: 2005/06/23 02:16:26 $ */

libtomcrypt/demos/tv_gen.c

@@ -0,0 +1,670 @@
+#include <tomcrypt.h>
+
+void reg_algs(void)
+{
+  int err;
+
+#ifdef RIJNDAEL
+  register_cipher (&aes_desc);
+#endif
+#ifdef BLOWFISH
+  register_cipher (&blowfish_desc);
+#endif
+#ifdef XTEA
+  register_cipher (&xtea_desc);
+#endif
+#ifdef RC5
+  register_cipher (&rc5_desc);
+#endif
+#ifdef RC6
+  register_cipher (&rc6_desc);
+#endif
+#ifdef SAFERP
+  register_cipher (&saferp_desc);
+#endif
+#ifdef TWOFISH
+  register_cipher (&twofish_desc);
+#endif
+#ifdef SAFER
+  register_cipher (&safer_k64_desc);
+  register_cipher (&safer_sk64_desc);
+  register_cipher (&safer_k128_desc);
+  register_cipher (&safer_sk128_desc);
+#endif
+#ifdef RC2
+  register_cipher (&rc2_desc);
+#endif
+#ifdef DES
+  register_cipher (&des_desc);
+  register_cipher (&des3_desc);
+#endif
+#ifdef CAST5
+  register_cipher (&cast5_desc);
+#endif
+#ifdef NOEKEON
+  register_cipher (&noekeon_desc);
+#endif
+#ifdef SKIPJACK
+  register_cipher (&skipjack_desc);
+#endif
+#ifdef ANUBIS
+  register_cipher (&anubis_desc);
+#endif
+#ifdef KHAZAD
+  register_cipher (&khazad_desc);
+#endif
+
+#ifdef TIGER
+  register_hash (&tiger_desc);
+#endif
+#ifdef MD2
+  register_hash (&md2_desc);
+#endif
+#ifdef MD4
+  register_hash (&md4_desc);
+#endif
+#ifdef MD5
+  register_hash (&md5_desc);
+#endif
+#ifdef SHA1
+  register_hash (&sha1_desc);
+#endif
+#ifdef SHA224
+  register_hash (&sha224_desc);
+#endif
+#ifdef SHA256
+  register_hash (&sha256_desc);
+#endif
+#ifdef SHA384
+  register_hash (&sha384_desc);
+#endif
+#ifdef SHA512
+  register_hash (&sha512_desc);
+#endif
+#ifdef RIPEMD128
+  register_hash (&rmd128_desc);
+#endif
+#ifdef RIPEMD160
+  register_hash (&rmd160_desc);
+#endif
+#ifdef WHIRLPOOL
+  register_hash (&whirlpool_desc);
+#endif
+#ifdef CHC_HASH
+  register_hash(&chc_desc);
+  if ((err = chc_register(register_cipher(&aes_desc))) != CRYPT_OK) {
+     printf("chc_register error: %s\n", error_to_string(err));
+     exit(EXIT_FAILURE);
+  }
+#endif
+
+}
+
+void hash_gen(void)
+{
+   unsigned char md[MAXBLOCKSIZE], *buf;
+   unsigned long outlen, x, y, z;
+   FILE *out;
+   int   err;
+   
+   out = fopen("hash_tv.txt", "w");
+   if (out == NULL) {
+      perror("can't open hash_tv");
+   }
+   
+   fprintf(out, "Hash Test Vectors:\n\nThese are the hashes of nn bytes '00 01 02 03 .. (nn-1)'\n\n");
+   for (x = 0; hash_descriptor[x].name != NULL; x++) {
+      buf = XMALLOC(2 * hash_descriptor[x].blocksize + 1);
+      if (buf == NULL) {
+         perror("can't alloc mem");
+         exit(EXIT_FAILURE);
+      }
+      fprintf(out, "Hash: %s\n", hash_descriptor[x].name);
+      for (y = 0; y <= (hash_descriptor[x].blocksize * 2); y++) {
+         for (z = 0; z < y; z++) {
+            buf[z] = (unsigned char)(z & 255);
+         }
+         outlen = sizeof(md);
+         if ((err = hash_memory(x, buf, y, md, &outlen)) != CRYPT_OK) {
+            printf("hash_memory error: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3lu: ", y);
+         for (z = 0; z < outlen; z++) {
+            fprintf(out, "%02X", md[z]);
+         }
+         fprintf(out, "\n");
+      }
+      fprintf(out, "\n");
+      XFREE(buf);
+   }
+   fclose(out);
+}
+
+void cipher_gen(void)
+{
+   unsigned char *key, pt[MAXBLOCKSIZE];
+   unsigned long x, y, z, w;
+   int err, kl, lastkl;
+   FILE *out;
+   symmetric_key skey;
+   
+   out = fopen("cipher_tv.txt", "w");
+   
+   fprintf(out, 
+"Cipher Test Vectors\n\nThese are test encryptions with key of nn bytes '00 01 02 03 .. (nn-1)' and original PT of the same style.\n"
+"The output of step N is used as the key and plaintext for step N+1 (key bytes repeated as required to fill the key)\n\n");
+                   
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      fprintf(out, "Cipher: %s\n", cipher_descriptor[x].name);
+      
+      /* three modes, smallest, medium, large keys */
+      lastkl = 10000;
+      for (y = 0; y < 3; y++) {
+         switch (y) {
+            case 0: kl = cipher_descriptor[x].min_key_length; break;
+            case 1: kl = (cipher_descriptor[x].min_key_length + cipher_descriptor[x].max_key_length)/2; break;
+            case 2: kl = cipher_descriptor[x].max_key_length; break;
+         }
+         if ((err = cipher_descriptor[x].keysize(&kl)) != CRYPT_OK) {
+            printf("keysize error: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         if (kl == lastkl) break;
+         lastkl = kl;
+         fprintf(out, "Key Size: %d bytes\n", kl);
+
+         key = XMALLOC(kl);
+         if (key == NULL) {
+            perror("can't malloc memory");
+            exit(EXIT_FAILURE);
+         }
+
+         for (z = 0; (int)z < kl; z++) {
+             key[z] = (unsigned char)z;
+         }
+         if ((err = cipher_descriptor[x].setup(key, kl, 0, &skey)) != CRYPT_OK) {
+            printf("setup error: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         
+         for (z = 0; (int)z < cipher_descriptor[x].block_length; z++) {
+            pt[z] = (unsigned char)z;
+         }
+         for (w = 0; w < 50; w++) {
+             cipher_descriptor[x].ecb_encrypt(pt, pt, &skey);
+             fprintf(out, "%2lu: ", w);
+             for (z = 0; (int)z < cipher_descriptor[x].block_length; z++) {
+                fprintf(out, "%02X", pt[z]);
+             }
+             fprintf(out, "\n");
+
+             /* reschedule a new key */
+             for (z = 0; z < (unsigned long)kl; z++) {
+                 key[z] = pt[z % cipher_descriptor[x].block_length];
+             }
+             if ((err = cipher_descriptor[x].setup(key, kl, 0, &skey)) != CRYPT_OK) {
+                printf("cipher setup2 error: %s\n", error_to_string(err));
+                exit(EXIT_FAILURE);
+             }
+         }
+         fprintf(out, "\n");
+         XFREE(key);
+     }
+     fprintf(out, "\n");
+  }
+  fclose(out);
+}  
+
+void hmac_gen(void)
+{
+   unsigned char key[MAXBLOCKSIZE], output[MAXBLOCKSIZE], *input;
+   int x, y, z, err;
+   FILE *out;
+   unsigned long len;
+  
+   out = fopen("hmac_tv.txt", "w");
+
+   fprintf(out, 
+"HMAC Tests.  In these tests messages of N bytes long (00,01,02,...,NN-1) are HMACed.  The initial key is\n"
+"of the same format (the same length as the HASH output size).  The HMAC key in step N+1 is the HMAC output of\n"
+"step N.\n\n");
+
+   for (x = 0; hash_descriptor[x].name != NULL; x++) {
+      fprintf(out, "HMAC-%s\n", hash_descriptor[x].name);
+      
+      /* initial key */
+      for (y = 0; y < (int)hash_descriptor[x].hashsize; y++) {
+          key[y] = (y&255);
+      }
+
+      input = XMALLOC(hash_descriptor[x].blocksize * 2 + 1);
+      if (input == NULL) {
+         perror("Can't malloc memory");
+         exit(EXIT_FAILURE);
+      }
+      
+      for (y = 0; y <= (int)(hash_descriptor[x].blocksize * 2); y++) {
+         for (z = 0; z < y; z++) {
+            input[z] = (unsigned char)(z & 255);
+         }
+         len = sizeof(output);
+         if ((err = hmac_memory(x, key, hash_descriptor[x].hashsize, input, y, output, &len)) != CRYPT_OK) {
+            printf("Error hmacing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y);
+         for (z = 0; z <(int) len; z++) {
+            fprintf(out, "%02X", output[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         memcpy(key, output, hash_descriptor[x].hashsize);
+      }
+      XFREE(input);
+      fprintf(out, "\n");
+   }
+   fclose(out);
+}
+   
+void omac_gen(void)
+{
+   unsigned char key[MAXBLOCKSIZE], output[MAXBLOCKSIZE], input[MAXBLOCKSIZE*2+2];
+   int err, x, y, z, kl;
+   FILE *out;
+   unsigned long len;
+  
+   out = fopen("omac_tv.txt", "w");
+
+   fprintf(out, 
+"OMAC Tests.  In these tests messages of N bytes long (00,01,02,...,NN-1) are OMAC'ed.  The initial key is\n"
+"of the same format (length specified per cipher).  The OMAC key in step N+1 is the OMAC output of\n"
+"step N (repeated as required to fill the array).\n\n");
+
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      kl = cipher_descriptor[x].block_length;
+
+      /* skip ciphers which do not have 64 or 128 bit block sizes */
+      if (kl != 8 && kl != 16) continue;
+
+      if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
+         kl = cipher_descriptor[x].max_key_length;
+      }
+      fprintf(out, "OMAC-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+      
+      /* initial key/block */
+      for (y = 0; y < kl; y++) {
+          key[y] = (y & 255);
+      }
+      
+      for (y = 0; y <= (int)(cipher_descriptor[x].block_length*2); y++) {
+         for (z = 0; z < y; z++) {
+            input[z] = (unsigned char)(z & 255);
+         }
+         len = sizeof(output);
+         if ((err = omac_memory(x, key, kl, input, y, output, &len)) != CRYPT_OK) {
+            printf("Error omacing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y);
+         for (z = 0; z <(int)len; z++) {
+            fprintf(out, "%02X", output[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         for (z = 0; z < kl; z++) {
+             key[z] = output[z % len];
+         }
+      }
+      fprintf(out, "\n");
+   }
+   fclose(out);
+}
+
+void pmac_gen(void)
+{
+   unsigned char key[MAXBLOCKSIZE], output[MAXBLOCKSIZE], input[MAXBLOCKSIZE*2+2];
+   int err, x, y, z, kl;
+   FILE *out;
+   unsigned long len;
+  
+   out = fopen("pmac_tv.txt", "w");
+
+   fprintf(out, 
+"PMAC Tests.  In these tests messages of N bytes long (00,01,02,...,NN-1) are OMAC'ed.  The initial key is\n"
+"of the same format (length specified per cipher).  The OMAC key in step N+1 is the OMAC output of\n"
+"step N (repeated as required to fill the array).\n\n");
+
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      kl = cipher_descriptor[x].block_length;
+
+      /* skip ciphers which do not have 64 or 128 bit block sizes */
+      if (kl != 8 && kl != 16) continue;
+
+      if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
+         kl = cipher_descriptor[x].max_key_length;
+      }
+      fprintf(out, "PMAC-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+      
+      /* initial key/block */
+      for (y = 0; y < kl; y++) {
+          key[y] = (y & 255);
+      }
+      
+      for (y = 0; y <= (int)(cipher_descriptor[x].block_length*2); y++) {
+         for (z = 0; z < y; z++) {
+            input[z] = (unsigned char)(z & 255);
+         }
+         len = sizeof(output);
+         if ((err = pmac_memory(x, key, kl, input, y, output, &len)) != CRYPT_OK) {
+            printf("Error omacing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y);
+         for (z = 0; z <(int)len; z++) {
+            fprintf(out, "%02X", output[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         for (z = 0; z < kl; z++) {
+             key[z] = output[z % len];
+         }
+      }
+      fprintf(out, "\n");
+   }
+   fclose(out);
+}
+
+void eax_gen(void)
+{
+   int err, kl, x, y1, z;
+   FILE *out;
+   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], header[MAXBLOCKSIZE*2], 
+                 plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
+   unsigned long len;
+
+   out = fopen("eax_tv.txt", "w");
+   fprintf(out, "EAX Test Vectors.  Uses the 00010203...NN-1 pattern for header/nonce/plaintext/key.  The outputs\n"
+                "are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous\n"
+                "step repeated sufficiently.\n\n");
+
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      kl = cipher_descriptor[x].block_length;
+
+      /* skip ciphers which do not have 64 or 128 bit block sizes */
+      if (kl != 8 && kl != 16) continue;
+
+      if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
+         kl = cipher_descriptor[x].max_key_length;
+      }
+      fprintf(out, "EAX-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+
+      /* the key */
+      for (z = 0; z < kl; z++) {
+          key[z] = (z & 255);
+      }
+      
+      for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
+         for (z = 0; z < y1; z++) {
+            plaintext[z] = (unsigned char)(z & 255);
+            nonce[z]     = (unsigned char)(z & 255);
+            header[z]    = (unsigned char)(z & 255);
+         }
+         len = sizeof(tag);
+         if ((err = eax_encrypt_authenticate_memory(x, key, kl, nonce, y1, header, y1, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
+            printf("Error EAX'ing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y1);
+         for (z = 0; z < y1; z++) {
+            fprintf(out, "%02X", plaintext[z]);
+         }
+         fprintf(out, ", ");
+         for (z = 0; z <(int)len; z++) {
+            fprintf(out, "%02X", tag[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         for (z = 0; z < kl; z++) {
+             key[z] = tag[z % len];
+         }
+      }
+      fprintf(out, "\n");
+   }
+   fclose(out);
+}
+
+void ocb_gen(void)
+{
+   int err, kl, x, y1, z;
+   FILE *out;
+   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], 
+                 plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
+   unsigned long len;
+
+   out = fopen("ocb_tv.txt", "w");
+   fprintf(out, "OCB Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/plaintext/key.  The outputs\n"
+                "are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous\n"
+                "step repeated sufficiently.  The nonce is fixed throughout.\n\n");
+
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      kl = cipher_descriptor[x].block_length;
+
+      /* skip ciphers which do not have 64 or 128 bit block sizes */
+      if (kl != 8 && kl != 16) continue;
+
+      if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
+         kl = cipher_descriptor[x].max_key_length;
+      }
+      fprintf(out, "OCB-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+
+      /* the key */
+      for (z = 0; z < kl; z++) {
+          key[z] = (z & 255);
+      }
+
+      /* fixed nonce */
+      for (z = 0; z < cipher_descriptor[x].block_length; z++) {
+          nonce[z] = z;
+      }
+      
+      for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
+         for (z = 0; z < y1; z++) {
+            plaintext[z] = (unsigned char)(z & 255);
+         }
+         len = sizeof(tag);
+         if ((err = ocb_encrypt_authenticate_memory(x, key, kl, nonce, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
+            printf("Error OCB'ing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y1);
+         for (z = 0; z < y1; z++) {
+            fprintf(out, "%02X", plaintext[z]);
+         }
+         fprintf(out, ", ");
+         for (z = 0; z <(int)len; z++) {
+            fprintf(out, "%02X", tag[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         for (z = 0; z < kl; z++) {
+             key[z] = tag[z % len];
+         }
+      }
+      fprintf(out, "\n");
+   }
+   fclose(out);
+}
+
+
+void ccm_gen(void)
+{
+   int err, kl, x, y1, z;
+   FILE *out;
+   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], 
+                 plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
+   unsigned long len;
+
+   out = fopen("ccm_tv.txt", "w");
+   fprintf(out, "CCM Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key.  The outputs\n"
+                "are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous\n"
+                "step repeated sufficiently.  The nonce is fixed throughout at 13 bytes 000102...\n\n");
+
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      kl = cipher_descriptor[x].block_length;
+
+      /* skip ciphers which do not have 128 bit block sizes */
+      if (kl != 16) continue;
+
+      if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
+         kl = cipher_descriptor[x].max_key_length;
+      }
+      fprintf(out, "CCM-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+
+      /* the key */
+      for (z = 0; z < kl; z++) {
+          key[z] = (z & 255);
+      }
+
+      /* fixed nonce */
+      for (z = 0; z < cipher_descriptor[x].block_length; z++) {
+          nonce[z] = z;
+      }
+      
+      for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
+         for (z = 0; z < y1; z++) {
+            plaintext[z] = (unsigned char)(z & 255);
+         }
+         len = sizeof(tag);
+         if ((err = ccm_memory(x, key, kl, nonce, 13, plaintext, y1, plaintext, y1, plaintext, tag, &len, CCM_ENCRYPT)) != CRYPT_OK) {
+            printf("Error CCM'ing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y1);
+         for (z = 0; z < y1; z++) {
+            fprintf(out, "%02X", plaintext[z]);
+         }
+         fprintf(out, ", ");
+         for (z = 0; z <(int)len; z++) {
+            fprintf(out, "%02X", tag[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         for (z = 0; z < kl; z++) {
+             key[z] = tag[z % len];
+         }
+      }
+      fprintf(out, "\n");
+   }
+   fclose(out);
+}
+
+void gcm_gen(void)
+{
+   int err, kl, x, y1, z;
+   FILE *out;
+   unsigned char key[MAXBLOCKSIZE], plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
+   unsigned long len;
+
+   out = fopen("gcm_tv.txt", "w");
+   fprintf(out, "GCM Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key.  The outputs\n"
+                "are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous\n"
+                "step repeated sufficiently.  The nonce is fixed throughout at 13 bytes 000102...\n\n");
+
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      kl = cipher_descriptor[x].block_length;
+
+      /* skip ciphers which do not have 128 bit block sizes */
+      if (kl != 16) continue;
+
+      if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
+         kl = cipher_descriptor[x].max_key_length;
+      }
+      fprintf(out, "GCM-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+
+      /* the key */
+      for (z = 0; z < kl; z++) {
+          key[z] = (z & 255);
+      }
+     
+      for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
+         for (z = 0; z < y1; z++) {
+            plaintext[z] = (unsigned char)(z & 255);
+         }
+         len = sizeof(tag);
+         if ((err = gcm_memory(x, key, kl, plaintext, y1, plaintext, y1, plaintext, y1, plaintext, tag, &len, GCM_ENCRYPT)) != CRYPT_OK) {
+            printf("Error GCM'ing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y1);
+         for (z = 0; z < y1; z++) {
+            fprintf(out, "%02X", plaintext[z]);
+         }
+         fprintf(out, ", ");
+         for (z = 0; z <(int)len; z++) {
+            fprintf(out, "%02X", tag[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         for (z = 0; z < kl; z++) {
+             key[z] = tag[z % len];
+         }
+      }
+      fprintf(out, "\n");
+   }
+   fclose(out);
+}
+
+void base64_gen(void)
+{
+   FILE *out;
+   unsigned char dst[256], src[32];
+   unsigned long x, y, len;
+   
+   out = fopen("base64_tv.txt", "w");
+   fprintf(out, "Base64 vectors.  These are the base64 encodings of the strings 00,01,02...NN-1\n\n");
+   for (x = 0; x <= 32; x++) {
+       for (y = 0; y < x; y++) {
+           src[y] = y;
+       }
+       len = sizeof(dst);
+       base64_encode(src, x, dst, &len);
+       fprintf(out, "%2lu: %s\n", x, dst);
+   }
+   fclose(out);
+}
+
+int main(void)
+{
+   reg_algs();
+   printf("Generating hash   vectors..."); fflush(stdout); hash_gen(); printf("done\n");
+   printf("Generating cipher vectors..."); fflush(stdout); cipher_gen(); printf("done\n");
+   printf("Generating HMAC   vectors..."); fflush(stdout); hmac_gen(); printf("done\n");
+   printf("Generating OMAC   vectors..."); fflush(stdout); omac_gen(); printf("done\n");
+   printf("Generating PMAC   vectors..."); fflush(stdout); pmac_gen(); printf("done\n");
+   printf("Generating EAX    vectors..."); fflush(stdout); eax_gen(); printf("done\n");
+   printf("Generating OCB    vectors..."); fflush(stdout); ocb_gen(); printf("done\n");
+   printf("Generating CCM    vectors..."); fflush(stdout); ccm_gen(); printf("done\n");
+   printf("Generating GCM    vectors..."); fflush(stdout); gcm_gen(); printf("done\n");
+   printf("Generating BASE64 vectors..."); fflush(stdout); base64_gen(); printf("done\n");
+   return 0;
+}
+
+
+         
+      
+      
+      
+    
+   
+
+/* $Source: /cvs/libtom/libtomcrypt/demos/tv_gen.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2005/05/05 14:35:56 $ */

libtomcrypt/doc/footer.html

@@ -0,0 +1,10 @@
+<hr width="80%">
+Code by <a href="http://www.libtomcrypt.org/">Tom</a><br>
+Docs using <img src="doxygen.png" alt="doxygen" align="middle" border=0>
+<a href="http://jlcooke.ca/tom/hidden_image.png">
+
+<!--
+/* $Source: /cvs/libtom/libtomcrypt/doc/footer.html,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2005/05/07 10:09:20 $ */
+-->

libtomcrypt/doc/header.html

@@ -0,0 +1,12 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
+<title>LibTomCrypt: Main Page</title>
+<link href="doxygen.css" rel="stylesheet" type="text/css">
+</head><body>
+<!-- Generated by Doxygen 1.3.8 -->
+
+<!--
+/* $Source: /cvs/libtom/libtomcrypt/doc/header.html,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2005/05/07 10:09:20 $ */
+-->

libtomcrypt/genlist.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+# aes_tab.o is a pseudo object as it's made from aes.o and MPI is optional
+export a=`echo -n "src/ciphers/aes/aes_enc.o *(MPIOBJECT) " ; find . -type f | sort | grep "[.]/src" | grep "[.]c" | grep -v "sha224" | grep -v "sha384" | grep -v "aes_tab" | grep -v "twofish_tab" | grep -v "whirltab" | grep -v "dh_sys" | grep -v "ecc_sys" | grep -v "mpi[.]c" | grep -v "sober128tab" | sed -e 'sE\./EE' | sed -e 's/\.c/\.o/' | xargs`
+perl ./parsenames.pl OBJECTS "$a"
+export a=`find . -type f | grep [.]/src | grep [.]h | sed -e 'se\./ee' | xargs`
+perl ./parsenames.pl HEADERS "$a"
+
+# $Source: /cvs/libtom/libtomcrypt/genlist.sh,v $   
+# $Revision: 1.3 $   
+# $Date: 2005/05/05 14:49:27 $ 

libtomcrypt/makefile.icc

@@ -0,0 +1,242 @@
+# MAKEFILE for linux ICC (Intel C compiler)
+#
+# Tested with ICC v8....
+#
+# Be aware that ICC isn't quite as stable as GCC and several optimization switches
+# seem to break the code (that GCC and MSVC compile just fine).  In particular
+# "-ip" and "-x*" seem to break the code (ROL/ROR macro problems).  As the makefile 
+# is shipped the code will build and execute properly.
+#
+# Also note that ICC often makes code that is slower than GCC.  This is probably due to 
+# a mix of not being able to use "-ip" and just having fewer optimization algos than GCC.
+#
+# Tom St Denis
+
+#ch1-01-1
+# Compiler and Linker Names
+CC=icc
+#LD=ld
+
+# Archiver [makes .a files]
+#AR=ar
+#ARFLAGS=r
+
+# Compilation flags. Note the += does not write over the user's CFLAGS!
+CFLAGS += -c -Isrc/headers/ -Itestprof/ -DINTEL_CC
+
+#The default rule for make builds the libtomcrypt library.
+default:library
+
+# optimize for SPEED
+#
+# -mcpu= can be pentium, pentiumpro (covers PII through PIII) or pentium4
+# -ax?	specifies make code specifically for ? but compatible with IA-32
+# -x?	 specifies compile solely for ? [not specifically IA-32 compatible]
+#
+# where ? is 
+#	K - PIII
+#	W - first P4 [Williamette]
+#	N - P4 Northwood
+#	P - P4 Prescott
+#	B - Blend of P4 and PM [mobile]
+#
+# Default to just generic max opts
+ifdef LTC_SMALL
+CFLAGS += -O2 -xP -ip
+endif
+
+ifndef IGNORE_SPEED
+CFLAGS += -O3 -xP -ip 
+endif
+
+# want to see stuff?
+#CFLAGS += -opt_report
+
+#These flags control how the library gets built.
+
+#Output filenames for various targets.
+LIBNAME=libtomcrypt.a
+LIBTEST=testprof/libtomcrypt_prof.a
+HASH=hashsum
+CRYPT=encrypt
+SMALL=small
+PROF=x86_prof
+TV=tv_gen
+MULTI=multi
+TIMING=timing
+TEST=test
+
+#LIBPATH-The directory for libtomcrypt to be installed to.
+#INCPATH-The directory to install the header files for libtomcrypt.
+#DATAPATH-The directory to install the pdf docs.
+DESTDIR=
+LIBPATH=/usr/lib
+INCPATH=/usr/include
+DATAPATH=/usr/share/doc/libtomcrypt/pdf
+
+#List of objects to compile.
+
+#Leave MPI built-in or force developer to link against libtommath?
+MPIOBJECT=src/misc/mpi/mpi.o
+
+OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \
+src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \
+src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
+src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
+src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
+src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
+src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
+src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \
+src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
+src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \
+src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \
+src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
+src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
+src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
+src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
+src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
+src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
+src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \
+src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
+src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
+src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
+src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
+src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
+src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \
+src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
+src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
+src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
+src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
+src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
+src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
+src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
+src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
+src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
+src/pk/asn1/der/integer/der_length_integer.o \
+src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
+src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
+src/pk/asn1/der/octet/der_length_octet_string.o \
+src/pk/asn1/der/printable_string/der_decode_printable_string.o \
+src/pk/asn1/der/printable_string/der_encode_printable_string.o \
+src/pk/asn1/der/printable_string/der_length_printable_string.o \
+src/pk/asn1/der/sequence/der_decode_sequence.o src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_sequence.o src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_length_sequence.o \
+src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/short_integer/der_encode_short_integer.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o src/pk/asn1/der/utctime/der_decode_utctime.o \
+src/pk/asn1/der/utctime/der_encode_utctime.o src/pk/asn1/der/utctime/der_length_utctime.o \
+src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
+src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o src/pk/packet_valid_header.o \
+src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
+src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o src/pk/pkcs1/pkcs_1_pss_decode.o \
+src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o \
+src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
+src/prngs/sprng.o src/prngs/yarrow.o 
+
+HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h \
+src/headers/tomcrypt_macros.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h src/headers/tommath_class.h \
+src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_misc.h \
+src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+
+#ciphers come in two flavours... enc+dec and enc 
+aes_enc.o: aes.c aes_tab.c
+	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c aes.c -o aes_enc.o
+
+HASHOBJECTS=demos/hashsum.o
+CRYPTOBJECTS=demos/encrypt.o
+SMALLOBJECTS=demos/small.o
+TVS=demos/tv_gen.o
+TIMINGS=demos/timing.o
+TESTS=demos/test.o
+
+#Files left over from making the crypt.pdf.
+LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind
+
+#Compressed filenames
+COMPRESSED=crypt.tar.bz2 crypt.zip crypt.tar.gz
+
+#ciphers come in two flavours... enc+dec and enc 
+src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
+
+#These are the rules to make certain object files.
+src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
+src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
+src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
+src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
+
+#This rule makes the libtomcrypt library.
+library: $(LIBTEST) $(LIBNAME)
+
+$(LIBTEST):
+	cd testprof ; make -f makefile.icc
+
+$(LIBNAME): $(OBJECTS)
+	$(AR) $(ARFLAGS) $@ $(OBJECTS)
+	ranlib $(LIBNAME)
+
+#This rule makes the hash program included with libtomcrypt
+hashsum: library $(HASHOBJECTS)
+	$(CC) $(HASHOBJECTS) $(LIBNAME) -o $(HASH) $(WARN)
+
+#makes the crypt program
+crypt: library $(CRYPTOBJECTS)
+	$(CC) $(CRYPTOBJECTS) $(LIBNAME) -o $(CRYPT) $(WARN)
+
+#makes the small program
+small: library $(SMALLOBJECTS)
+	$(CC) $(SMALLOBJECTS) $(LIBNAME) -o $(SMALL) $(WARN)
+	
+tv_gen: library $(TVS)
+	$(CC) $(TVS) $(LIBNAME) -o $(TV)
+
+timing: library $(TIMINGS)
+	$(CC) $(TIMINGS) $(LIBTEST) $(LIBNAME) -o $(TIMING)
+
+test: library $(TESTS)
+	$(CC) $(TESTS) $(LIBTEST) $(LIBNAME) -o $(TEST)
+  
+#This rule installs the library and the header files. This must be run
+#as root in order to have a high enough permission to write to the correct
+#directories and to set the owner and group to root.
+install: library
+	install -d -g root -o root $(DESTDIR)$(LIBPATH)
+	install -d -g root -o root $(DESTDIR)$(INCPATH)
+	install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH)
+	install -g root -o root $(LIBTEST) $(DESTDIR)$(LIBPATH)
+	install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
+
+# $Source: /cvs/libtom/libtomcrypt/makefile.icc,v $   
+# $Revision: 1.33 $   
+# $Date: 2005/06/19 18:22:31 $ 

libtomcrypt/makefile.msvc

@@ -0,0 +1,122 @@
+#MSVC Makefile [tested with MSVC 6.00 with SP5]
+#
+#Tom St Denis
+CFLAGS = /Isrc/headers/ /Itestprof/ /Ox /DWIN32 /W3 /Fo$@
+
+default: library
+
+# leave this blank and link against libtommath if you want better link resolution
+MPIOBJECT=src/misc/mpi/mpi.obj
+
+OBJECTS=src/ciphers/aes/aes_enc.obj $(MPIOBJECT) src/ciphers/aes/aes.obj src/ciphers/anubis.obj \
+src/ciphers/blowfish.obj src/ciphers/cast5.obj src/ciphers/des.obj src/ciphers/khazad.obj src/ciphers/noekeon.obj \
+src/ciphers/rc2.obj src/ciphers/rc5.obj src/ciphers/rc6.obj src/ciphers/safer/safer.obj \
+src/ciphers/safer/safer_tab.obj src/ciphers/safer/saferp.obj src/ciphers/skipjack.obj \
+src/ciphers/twofish/twofish.obj src/ciphers/xtea.obj src/encauth/ccm/ccm_memory.obj \
+src/encauth/ccm/ccm_test.obj src/encauth/eax/eax_addheader.obj src/encauth/eax/eax_decrypt.obj \
+src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj src/encauth/eax/eax_encrypt.obj \
+src/encauth/eax/eax_encrypt_authenticate_memory.obj src/encauth/eax/eax_init.obj \
+src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj src/encauth/gcm/gcm_add_iv.obj \
+src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj src/encauth/gcm/gcm_init.obj \
+src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj \
+src/encauth/gcm/gcm_test.obj src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
+src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
+src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \
+src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj src/hashes/helper/hash_filehandle.obj \
+src/hashes/helper/hash_memory.obj src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \
+src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/sha1.obj src/hashes/sha2/sha256.obj \
+src/hashes/sha2/sha512.obj src/hashes/tiger.obj src/hashes/whirl/whirl.obj src/mac/hmac/hmac_done.obj \
+src/mac/hmac/hmac_file.obj src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \
+src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj src/mac/hmac/hmac_test.obj \
+src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \
+src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj src/mac/omac/omac_test.obj \
+src/mac/pelican/pelican.obj src/mac/pelican/pelican_memory.obj src/mac/pelican/pelican_test.obj \
+src/mac/pmac/pmac_done.obj src/mac/pmac/pmac_file.obj src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
+src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj src/mac/pmac/pmac_process.obj \
+src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj src/misc/base64/base64_decode.obj \
+src/misc/base64/base64_encode.obj src/misc/burn_stack.obj src/misc/crypt/crypt.obj \
+src/misc/crypt/crypt_argchk.obj src/misc/crypt/crypt_cipher_descriptor.obj \
+src/misc/crypt/crypt_cipher_is_valid.obj src/misc/crypt/crypt_find_cipher.obj \
+src/misc/crypt/crypt_find_cipher_any.obj src/misc/crypt/crypt_find_cipher_id.obj \
+src/misc/crypt/crypt_find_hash.obj src/misc/crypt/crypt_find_hash_any.obj \
+src/misc/crypt/crypt_find_hash_id.obj src/misc/crypt/crypt_find_prng.obj \
+src/misc/crypt/crypt_hash_descriptor.obj src/misc/crypt/crypt_hash_is_valid.obj \
+src/misc/crypt/crypt_prng_descriptor.obj src/misc/crypt/crypt_prng_is_valid.obj \
+src/misc/crypt/crypt_register_cipher.obj src/misc/crypt/crypt_register_hash.obj \
+src/misc/crypt/crypt_register_prng.obj src/misc/crypt/crypt_unregister_cipher.obj \
+src/misc/crypt/crypt_unregister_hash.obj src/misc/crypt/crypt_unregister_prng.obj \
+src/misc/error_to_string.obj src/misc/mpi/is_prime.obj src/misc/mpi/mpi_to_ltc_error.obj \
+src/misc/mpi/rand_prime.obj src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj \
+src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj \
+src/modes/cbc/cbc_getiv.obj src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj \
+src/modes/cfb/cfb_decrypt.obj src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj \
+src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj \
+src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj \
+src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj \
+src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \
+src/modes/ecb/ecb_start.obj src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj \
+src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj \
+src/modes/ofb/ofb_start.obj src/pk/asn1/der/bit/der_decode_bit_string.obj \
+src/pk/asn1/der/bit/der_encode_bit_string.obj src/pk/asn1/der/bit/der_length_bit_string.obj \
+src/pk/asn1/der/choice/der_decode_choice.obj src/pk/asn1/der/ia5/der_decode_ia5_string.obj \
+src/pk/asn1/der/ia5/der_encode_ia5_string.obj src/pk/asn1/der/ia5/der_length_ia5_string.obj \
+src/pk/asn1/der/integer/der_decode_integer.obj src/pk/asn1/der/integer/der_encode_integer.obj \
+src/pk/asn1/der/integer/der_length_integer.obj \
+src/pk/asn1/der/object_identifier/der_decode_object_identifier.obj \
+src/pk/asn1/der/object_identifier/der_encode_object_identifier.obj \
+src/pk/asn1/der/object_identifier/der_length_object_identifier.obj \
+src/pk/asn1/der/octet/der_decode_octet_string.obj src/pk/asn1/der/octet/der_encode_octet_string.obj \
+src/pk/asn1/der/octet/der_length_octet_string.obj \
+src/pk/asn1/der/printable_string/der_decode_printable_string.obj \
+src/pk/asn1/der/printable_string/der_encode_printable_string.obj \
+src/pk/asn1/der/printable_string/der_length_printable_string.obj \
+src/pk/asn1/der/sequence/der_decode_sequence.obj src/pk/asn1/der/sequence/der_decode_sequence_multi.obj \
+src/pk/asn1/der/sequence/der_encode_sequence.obj src/pk/asn1/der/sequence/der_encode_sequence_multi.obj \
+src/pk/asn1/der/sequence/der_length_sequence.obj \
+src/pk/asn1/der/short_integer/der_decode_short_integer.obj \
+src/pk/asn1/der/short_integer/der_encode_short_integer.obj \
+src/pk/asn1/der/short_integer/der_length_short_integer.obj src/pk/asn1/der/utctime/der_decode_utctime.obj \
+src/pk/asn1/der/utctime/der_encode_utctime.obj src/pk/asn1/der/utctime/der_length_utctime.obj \
+src/pk/dh/dh.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_import.obj \
+src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj \
+src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/packet_store_header.obj src/pk/packet_valid_header.obj \
+src/pk/pkcs1/pkcs_1_i2osp.obj src/pk/pkcs1/pkcs_1_mgf1.obj src/pk/pkcs1/pkcs_1_oaep_decode.obj \
+src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj src/pk/pkcs1/pkcs_1_pss_decode.obj \
+src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \
+src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_import.obj \
+src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj \
+src/prngs/rc4.obj src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj \
+src/prngs/sprng.obj src/prngs/yarrow.obj 
+
+HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h \
+src/headers/tomcrypt_macros.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h src/headers/tommath_class.h \
+src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_misc.h \
+src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+
+#ciphers come in two flavours... enc+dec and enc
+src/ciphers/aes/aes_enc.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+	$(CC) $(CFLAGS) /DENCRYPT_ONLY /c src/ciphers/aes/aes.c /Fosrc/ciphers/aes/aes_enc.obj
+
+library: $(OBJECTS)
+	lib /out:tomcrypt.lib $(OBJECTS)
+	cd testprof 
+	nmake -f makefile.msvc
+	cd ..
+	
+tv_gen: demos/tv_gen.c library
+	cl $(CFLAGS) demos/tv_gen.c tomcrypt.lib advapi32.lib 
+
+hashsum: demos/hashsum.c library
+	cl $(CFLAGS) demos/hashsum.c tomcrypt.lib advapi32.lib
+
+test: demos/test.c library
+	cl $(CFLAGS) demos/test.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib
+
+timing: demos/timing.c library
+	cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib
+
+# $Source: /cvs/libtom/libtomcrypt/makefile.msvc,v $   
+# $Revision: 1.15 $   
+# $Date: 2005/06/27 12:37:06 $ 

libtomcrypt/makefile.shared

@@ -0,0 +1,229 @@
+# MAKEFILE for linux GCC
+#
+# This makefile produces a shared object and requires libtool to be installed.
+#
+# Thanks to Zed Shaw for helping debug this on BSD/OSX.  
+# Tom St Denis
+
+# The version
+VERSION=0:105
+
+# Compiler and Linker Names
+CC=libtool --mode=compile gcc
+
+# Compilation flags. Note the += does not write over the user's CFLAGS!
+CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow 
+
+# additional warnings (newer GCC 3.4 and higher)
+#CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
+#			 -Wmissing-declarations -Wpointer-arith 
+
+ifndef IGNORE_SPEED
+
+# optimize for SPEED
+CFLAGS += -O3 -funroll-loops
+
+# add -fomit-frame-pointer.  hinders debugging!
+CFLAGS += -fomit-frame-pointer
+
+# optimize for SIZE
+#CFLAGS += -Os -DLTC_SMALL_CODE
+
+endif
+
+# compile for DEBUGING (required for ccmalloc checking!!!)
+#CFLAGS += -g3
+
+# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
+# define this to help
+#CFLAGS += -DLTC_NO_ROLC
+
+#Output filenames for various targets.
+LIBTEST=libtomcrypt_prof.la
+LIBNAME=libtomcrypt.la
+HASH=hashsum
+CRYPT=encrypt
+SMALL=small
+PROF=x86_prof
+TV=tv_gen
+TEST=test
+TIMING=timing
+
+#LIBPATH-The directory for libtomcrypt to be installed to.
+#INCPATH-The directory to install the header files for libtomcrypt.
+#DATAPATH-The directory to install the pdf docs.
+DESTDIR=
+LIBPATH=/usr/lib
+INCPATH=/usr/include
+DATAPATH=/usr/share/doc/libtomcrypt/pdf
+
+#Who do we install as?
+ifdef INSTALL_USER
+USER=$(INSTALL_USER)
+else
+USER=root
+endif
+
+ifdef INSTALL_GROUP
+GROUP=$(INSTALL_GROUP)   
+else
+GROUP=wheel  
+endif
+
+#List of objects to compile.
+
+#Leave MPI built-in or force developer to link against libtommath?
+ifndef IGNORE_MPI
+MPIOBJECT=src/misc/mpi/mpi.o
+else 
+#If you don't want mpi.o then add this
+MPISHARED=$(LIBPATH)/libtommath.la
+endif
+
+OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \
+src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \
+src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
+src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
+src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
+src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
+src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
+src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \
+src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
+src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \
+src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \
+src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
+src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
+src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
+src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
+src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
+src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
+src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \
+src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
+src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
+src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
+src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
+src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
+src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \
+src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
+src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
+src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
+src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
+src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
+src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
+src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
+src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
+src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
+src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
+src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
+src/pk/asn1/der/integer/der_length_integer.o \
+src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
+src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
+src/pk/asn1/der/octet/der_decode_octet_string.o src/pk/asn1/der/octet/der_encode_octet_string.o \
+src/pk/asn1/der/octet/der_length_octet_string.o \
+src/pk/asn1/der/printable_string/der_decode_printable_string.o \
+src/pk/asn1/der/printable_string/der_encode_printable_string.o \
+src/pk/asn1/der/printable_string/der_length_printable_string.o \
+src/pk/asn1/der/sequence/der_decode_sequence.o src/pk/asn1/der/sequence/der_decode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_encode_sequence.o src/pk/asn1/der/sequence/der_encode_sequence_multi.o \
+src/pk/asn1/der/sequence/der_length_sequence.o \
+src/pk/asn1/der/short_integer/der_decode_short_integer.o \
+src/pk/asn1/der/short_integer/der_encode_short_integer.o \
+src/pk/asn1/der/short_integer/der_length_short_integer.o src/pk/asn1/der/utctime/der_decode_utctime.o \
+src/pk/asn1/der/utctime/der_encode_utctime.o src/pk/asn1/der/utctime/der_length_utctime.o \
+src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \
+src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
+src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o src/pk/packet_valid_header.o \
+src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
+src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o src/pk/pkcs1/pkcs_1_pss_decode.o \
+src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o \
+src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
+src/prngs/sprng.o src/prngs/yarrow.o 
+
+HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h src/headers/tomcrypt_mac.h \
+src/headers/tomcrypt_macros.h src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h src/headers/tommath_class.h \
+src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_misc.h \
+src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+
+TESTOBJECTS=demos/test.o
+HASHOBJECTS=demos/hashsum.o
+CRYPTOBJECTS=demos/encrypt.o
+SMALLOBJECTS=demos/small.o
+TVS=demos/tv_gen.o
+TESTS=demos/test.o
+TIMINGS=demos/timing.o
+
+#The default rule for make builds the libtomcrypt library.
+default:library
+
+#ciphers come in two flavours... enc+dec and enc 
+src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
+
+#These are the rules to make certain object files.
+src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
+src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
+src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
+src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
+src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
+src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
+src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
+
+#This rule makes the libtomcrypt library.
+library: $(LIBNAME)
+
+$(LIBTEST):
+	cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBNAME=$(LIBTEST) make -f makefile.shared
+
+$(LIBNAME): $(OBJECTS)
+	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION)
+	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]o" | grep "src/" | xargs`  -o libtomcrypt.a
+	ranlib libtomcrypt.a
+	libtool --silent --mode=install install -c libtomcrypt.la $(LIBPATH)/libtomcrypt.la
+	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
+	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
+
+#This rule makes the hash program included with libtomcrypt
+hashsum: library
+	gcc $(CFLAGS) demos/hashsum.c -o hashsum.o
+	gcc -o hashsum hashsum.o -ltomcrypt $(MPISHARED)
+
+#makes the crypt program
+crypt: library 
+	gcc $(CFLAGS) demos/encrypt.c -o encrypt.o
+	gcc -o crypt encrypt.o -ltomcrypt $(MPISHARED)
+
+tv_gen: library $(TVS)
+	gcc -o tv_gen $(TVS) -ltomcrypt $(MPISHARED)
+
+test: library $(LIBTEST) $(TESTS)
+	gcc -o $(TEST) $(TESTS) -ltomcrypt_prof -ltomcrypt $(MPISHARED)
+
+timing: library $(LIBTEST) $(TIMINGS)
+	gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(MPISHARED)
+
+# $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $   
+# $Revision: 1.19 $   
+# $Date: 2005/06/27 12:37:06 $ 

libtomcrypt/mess.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+if cvs log $1 >/dev/null 2>/dev/null; then exit 0; else echo "$1 shouldn't be here" ; exit 1; fi
+
+

libtomcrypt/notes/base64_tv.txt

@@ -0,0 +1,35 @@
+Base64 vectors.  These are the base64 encodings of the strings 00,01,02...NN-1
+
+ 0: 
+ 1: AA==
+ 2: AAE=
+ 3: AAEC
+ 4: AAECAw==
+ 5: AAECAwQ=
+ 6: AAECAwQF
+ 7: AAECAwQFBg==
+ 8: AAECAwQFBgc=
+ 9: AAECAwQFBgcI
+10: AAECAwQFBgcICQ==
+11: AAECAwQFBgcICQo=
+12: AAECAwQFBgcICQoL
+13: AAECAwQFBgcICQoLDA==
+14: AAECAwQFBgcICQoLDA0=
+15: AAECAwQFBgcICQoLDA0O
+16: AAECAwQFBgcICQoLDA0ODw==
+17: AAECAwQFBgcICQoLDA0ODxA=
+18: AAECAwQFBgcICQoLDA0ODxAR
+19: AAECAwQFBgcICQoLDA0ODxAREg==
+20: AAECAwQFBgcICQoLDA0ODxAREhM=
+21: AAECAwQFBgcICQoLDA0ODxAREhMU
+22: AAECAwQFBgcICQoLDA0ODxAREhMUFQ==
+23: AAECAwQFBgcICQoLDA0ODxAREhMUFRY=
+24: AAECAwQFBgcICQoLDA0ODxAREhMUFRYX
+25: AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGA==
+26: AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBk=
+27: AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBka
+28: AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGw==
+29: AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxw=
+30: AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwd
+31: AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHg==
+32: AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8=

libtomcrypt/notes/ccm_tv.txt

@@ -0,0 +1,214 @@
+CCM Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key.  The outputs
+are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous
+step repeated sufficiently.  The nonce is fixed throughout at 13 bytes 000102...
+
+CCM-aes (16 byte key)
+  0: , 54C92FE45510D6B3B0D46EAC2FEE8E63
+  1: DA, 7A8984228DCF944903936CA9D7709ACF
+  2: B95E, 1056DE0CBBEEA760ED2053FFEB554EA6
+  3: 58FF3B, A42DE1A812D29BBC6C1C5AC808565437
+  4: 9D6E6FB6, 5E8E0422792999381ED669CE17601D34
+  5: 40D49E851D, B076B4ED79BF0155B39A743550593944
+  6: 015356B9A6E1, 8D62CEFC451CAE4A21C1C579C6CAA128
+  7: A2CF0A77AE0DE2, 97B9D201740FA59E863513EDACC59FFB
+  8: A44C68E52F95B48B, A461B79D4D9B8ADF6C6618E6ECDC059A
+  9: F56B8AD68AA31F22B9, C5C7D2E6FE34D94CE72B86DA55679080
+ 10: 5C17EEBF4E348CBE3278, 29FAE7B470CB652C501343FE23B25894
+ 11: 1EE960BFAE360302D834E3, 8F8F475EB9BAB29CE14A9CF42C30B148
+ 12: EFF6BA1F2B1389237C6C045E, C895302DD8E75096951EF5CA63BFDD67
+ 13: 5A1179A4047334CCD9162F36EB, 110987D37F45422625DEA402BD7580EB
+ 14: F26E2C27E7D287B182FA42879978, 530FDE90C13A01EBCA86449073A3B035
+ 15: 77BFE79B4BC87116EC5232606E890F, 280994EB0E16C7CF10F31BB60DBF52C8
+ 16: 9926A4CE1AD70B89CC0050A58B958742, A635B4272EBFA1F83DAE270452D877E7
+ 17: BAAF99CAE4753E3304D6F8F9C0CD366C68, A6F606AACD0B87923B43C3EB61AC3965
+ 18: F72453C6765352A31494FA02B388E407B1FB, 0A446D28B7C5845C3621B4D3A0FA98DB
+ 19: A7372589A86B2E137F124A96618095EB5E1435, 3C59A6A858947FEBFD32441E37309F1A
+ 20: 5683E13A4E82A1AB8B3DC2051B6DBF2E1F2BB417, 459D1B0D2CF2C30B5ED5C237D07DFC19
+ 21: 33594C4B84536C23DA5AB2117E9267258CCE5DEC3B, 6E4BB70A72343E142AC4E31CE0FE6A77
+ 22: 332EDC9A3BDB90DBCCF317AC55BE5855CA9BCA2A73C4, 9FB310E5FFF5C754EE1E5FFF865F1656
+ 23: 734618677055469335FFD574B008F2C68B78633F79010E, FAD31386E42BB4EA76A643A9004A8CB4
+ 24: BA6F6ABA2AF35895F7F966D71F4E91A0BDD1DD551826F861, 25A3EC1C91C26283BAA5975390285AB2
+ 25: FF519213E858E36AC8D92450F81CA46C8CA8AB129A997EBB36, 0D4AB2B7A5EB02242C01A81CEBF5D84E
+ 26: B1F80058C3B4316EA86E9A898CD0B9C0366DFCB2AEC0799312D5, 0F4FF2759EDDF6349F4E23F284FAAD2E
+ 27: 00BDC15012F8183112D5C3A135DC60DC9C764A04BD39A8E041F1D9, 0C68BC9E6A6BF1B01743F3183C9B7C80
+ 28: 3022FD12969D925365C553D98D59E5D1EC494540909D1FA794F41E18, 05E61844943E78DB9BD417DDDE9C98B2
+ 29: 4F4A4554BFED6BAA09E3D8843C4EA3807B8762799C1D21289A46575389, 3A59A6DC9230020FE061466A92BBCAFD
+ 30: 6AE735EB15D9B39C8AD0E54F45307AAD97DB9F8A2A66BDC9BABCCFBD54A3, 0BDB365E493A9E160EEFD7DE24101870
+ 31: 4AF19F00EAE55FED2304B94FBCA29383042F2BE711041323C1D9F14BA63383, 94561581E496553D068052BA698683D2
+ 32: C2438BC46A92A465E0DB41E638CC6C8E0029C4DA842CA4140D73F90985EABA9C, 0F5A69F52AA8D8508D09E642511E54E5
+
+CCM-rc6 (16 byte key)
+  0: , D01FACF2BB577BFA6194800E53FB4A00
+  1: 65, 92E48F7300FA2697E9E0FF80DD187237
+  2: AF5C, 332863BC515649D5BCAB6A2FE5F5250D
+  3: E7C89D, 49A641F027C65A15100009D99E79CF3F
+  4: ACB36D46, 53DE328A8B4B14CAD363BED53DACE8A1
+  5: C3ADAE6CCF, F713F5079BD77046F95D8685CDF522DC
+  6: 5A8CABC912DA, FB97B059D2BE1273497FA8D2739A1505
+  7: 27F101DD6D0894, 266ACEF34476A0E64410D209219335D0
+  8: 66164DA09BE2F46D, EFC64C01890A5B562AF39ADFC48E1CA9
+  9: 1B0018895394753995, FA894E1C882D96E35A4C238708931F3D
+ 10: D346062826187BAEFC3B, A036AE1D3C02E2AD23541DE095AC7B84
+ 11: EFB375BA1138339FA1B504, CDD4232FF4664D59D5AC6BE32CBE1B35
+ 12: AFCF494078D7D7E6D9803FD5, 07E06ED923F76150BE82C1DDCB62C4DD
+ 13: 75DF2EC91379408DA426A444E4, 440ACDF2A6567FA3A5009DDFE502A1A1
+ 14: 3B36B62B01E324E702694305DD29, 4093598607DCD9993845D1837D211FE2
+ 15: 7DF6595C9711B164C99CB246B4D57E, F364993B2C187058F466B62D11E0F94D
+ 16: D317EE9EE1746D1B89A4CC52D88F0819, 41856B0B229D38344FA718E04CA57A8B
+ 17: 85252277A97CA7553007995BD5A0DCD372, BDEEAB636BD1ACC8D5A23F658150FA30
+ 18: 36FF305AC6EF662C155A1C15A6C195D3EC88, 9AC48EF07A510E308E06E79C0C80C3A0
+ 19: 51645A614313E978F6DCE7BBDDEDC33E3284AB, E9F7723E763AD50161C0671C4034FD0A
+ 20: 3CB9E6D0730FE05F903D338708AD8E34BFBB3285, 8A12185DAD518049F0FAC945A8FB305A
+ 21: 276E37D246C40ABF32DC83007B95390EE801CDA6E3, 73FA1D310D031E0A0A3A1421661B4697
+ 22: 4444BB070EDFBD1AC59D0BF70D66F48F0830069F3562, 9DCB6A99CBCCE3C8AEF29F06AF5057FB
+ 23: D16BA084CF82EDD2E43349311140BF3A2E37DE40544BF3, CB93C5AD60C700D4EA653136101AACCC
+ 24: 3FBAEBB36E2B74014043BA7D72F899B0D8DED883F592D778, 54DEA31D7EEA863A06A16D6C9B25DC13
+ 25: 3614B5428B790793F31E23670A38A070B65DB8E51C61FEA9C9, A91B750FD7ABFF18376C982DFA0C8872
+ 26: AC15FD90A4C254BA1406BE7DBA5694BB2625F634C69F45CCCD04, E6F97BCC8526BE3C04BA139EB50E65DF
+ 27: B506E83557E48553BD8557411D2C17D64005E734BA5A5FF1CF98B1, 6FA001758A19F783A71C97AF1AA61F94
+ 28: F07721663400838947EA1B9404D9683556F2D911429A9F59E3F5AD31, 376A1165A30C919E96C3706A4AB5DB37
+ 29: 98B5EB8FE0005E515A585D8F44D838FA590054EA5201CD444366B6F71E, D8C58448F601F2C05F24ED2CC349C78B
+ 30: E36E2FC225767CC1E2C388BEBC2C81C340FEF5B504575D5FA49682E1C214, CFED56F38CA4F84E6E1E16CEF50A6154
+ 31: 7A9FDD8E481B822B3D282AAF726944101ED61DAE73782DE055D7D305E36B27, 328B10841E977041CBD13C39CD70F03F
+ 32: 48AE8B5FA027930A7BCEC27468D795D0D8E6099C5F0558361B3AD20C1ECFF89F, B180AA9353E9EB6A22710A4DE872FACB
+
+CCM-safer+ (16 byte key)
+  0: , E106F41D61402E532662213EBA471BFF
+  1: 05, 1749600C7045647DCB3293C0724E7A21
+  2: 2355, 80DD597665723F4AEFFF760C5C6C5EE2
+  3: 5F4CD8, 59AE54E63A8CF4DBAD050B42CE922013
+  4: 75F63A43, C31B6BD3125C036C99507DDEE0197201
+  5: 51D4D87B8D, 0F3872088CDEB0E958C35F343677AC24
+  6: 8CF6D81A274C, C8E688954E72A052B5F8D1CA46FB44B0
+  7: 5EB8283B299AB1, 5977CB96C8D439DE3A86AE0452A2EE34
+  8: 829B1A4EA8643EAA, 1E892D3DFB73A469035CA81DD7F937D1
+  9: 0FEEF9504CF0F4E282, EDCBED7C61E8E2D24392B4145218F0AB
+ 10: DEF7679D3073D461A94C, D7ABAE561901CBB30FD7D9467C088B3B
+ 11: 625FD679C7354A74D62893, 450E3954857640DDF4C7A95A6E202A1E
+ 12: 3C9E76E4E2D4D95FEABD5C90, CD4467F695B7ED8973AEED5A822B347A
+ 13: B1B6294ECEAE6AEE4853731CA9, 6042302DAE598822BE8554BE038119CF
+ 14: 204BF480582D4BA408BAD23CEB52, 4D6B87334E1BFB9BA2D42B89B24165B2
+ 15: 277591770E3E2DB97A3011D9616991, 75D0A4B9937748EAE7794056F7A8A7FE
+ 16: 5669F75D0C908BFF7B82095231B86DAA, 3E816776A73FB89276534A3646C0F8FB
+ 17: 37E621EF5A043A83FC98A65329891BC031, 159A823EA61B3A47B42EFCF12F304725
+ 18: 18AC6ECF3F478A0797BF813C871235A9D309, 9B415B1B3A933B22C9027E2D72764956
+ 19: 671484C7587DAAB885C7F2FAF030081B452CC6, 574A63D113A5ECEC877D5A368A3160AA
+ 20: D7AB0F7D46B7ED976C8F6E7D0C6AABE3CAAA5A6E, 266C7A025C4EDF657DD42EB82BB6616A
+ 21: D60E4CFC6500E237276A69F35AE4BBAE17371392EF, 6ED2A1673F8B4DB795547D9D93D76D8B
+ 22: FAC6E21979D8D9896C790CB883C29F84D6820AE4FD4B, 1C7B6D73200E3C2DC5C701152F38EE8E
+ 23: 39240DC2B544CA8BEBBB4EA499FD48A5EE707198AE8AC8, E7FFD169552665ADE7B9C0DFFDD04EBD
+ 24: 6BE2C24172CAA192D55CC3E640E34675DD7F441CE5DB0FC0, 760CA976355281F76E49A2856A4EC7A0
+ 25: 0E20427218D6447D6E23FA4832CB8D2A172B23FDC542B41524, 27D0F37E109252FF5E6F6F703CA784F5
+ 26: 0AF75BD89028A5691B8B7993B9CE4FD24334A312DE28212C8B2C, AFE4C6B193B0F1796FC9E6C23292C060
+ 27: 6830D8E2E6DEC1476796DA44C982D36409E268F966283A66E801ED, 9E2C92D5B30EB0943E17869ED4C789EC
+ 28: 75ED280BEECD7768F7E032071F0E06D9D6BF1C9FF8E5DEB536DCD4BA, BF0DD11D633DBA5DCD25F4172765570B
+ 29: DF1FAECC1DB24718236B18B90B354F405FD5DE1257EC43F811F4A43DCD, 48D182E572E794350BBDA91FD76B86BC
+ 30: 176681E38ACACCD3C625F554C1F7A2D7C2C474C9444EAC8929B8C36EC05E, 080E109FFC5D247F1007217DD642BBA3
+ 31: 8A8172C21D88A1FDD43089C545C308507617F7BDB02C47CF2719F1484407E2, 1A0D10B0AF5BE21BF19D570D3FDA5BCE
+ 32: 0A93CAE2B95517773A4009FD3438231A207B9D46AABAE83FC4E1057EA4E2D6B4, 717AEF2F55DC8669F7E2D0298F8A7BE9
+
+CCM-twofish (16 byte key)
+  0: , 33B3DF1B59C84DD3C15E4FEB66173303
+  1: BF, 92DCEBF1C11DD0B028DEC944A555E4C6
+  2: 8A4F, A859C7F76291326D821BB3C7519657C0
+  3: BAE755, 14D7C2EFBCA1063460FEFCEBAE3AD79A
+  4: 25695BC6, 9358BC434B14B59ED17F9C0D3F51DCB1
+  5: 1D9FC70ECE, 2A86578FA3A8C702E2E6723DB9A9893F
+  6: AC39F1DF3661, 3F9C71EE0506FD2BAFFEE7200D22CD92
+  7: D330A915EED9D0, 22DC25EDF5ACDEF8358BE2A3082112BC
+  8: EF913ADAE6380507, E87D72BB6395EEEF2AD4F546B4033DE8
+  9: 5EC16994E762BCE467, D7700F7BF4FE026A2076F161C3383A0A
+ 10: 7EEB4910B7C2B540B490, 40C88A977E1DCDDABD749ABC9A0C60F8
+ 11: E5DD32FF54D39451CC2AF8, 541B1558B5AFF6E9EFBEE496D60AD65C
+ 12: 242C2900F859966B6627FF5C, 1CED148098350F3A5D1B5634180817A3
+ 13: EEF025B9E4EB867B127EBD19D4, AD0179A07AD1418C25F40E123C2BEF47
+ 14: C5E812B0AE37098686E2C4452C12, 02FC88AAA62E34742BB8577A651E922B
+ 15: 7BCAB32D1A871A62F9C781AFCAC60C, 2CD1C11EE197D9E130359F76E7F49251
+ 16: 1E82D8B8EED9A730D1670F0DCFF17B60, B7730261560EA6CF715FF7006D5FEFE2
+ 17: 0E1966992E360DC81312B28ECA6865B811, 10C40ACD169CB0F2A6FFC99F9A5516EA
+ 18: 5F5418C1322BF7EB828CF27C1F72086515BE, 90F8ED0447171A10476DED39F7518075
+ 19: 6C552506FA167FB8AA12E9F416930031487D4E, C992009F83F31A7BF922BFAE68C4134B
+ 20: 38429D966676406B17638DB7F9F7205250408BB2, 3385A50E9789D2C63835A80EFE9CFAE4
+ 21: 56EF426315EF96BE4C60B49F41C9BDDE2E0CDB3C22, 2D51D5B4F5B04BEF3BC1A7CF1AEA70E9
+ 22: 314B075C097EE531ECCE6AD7CEF22A72AAFCEFB02029, FB7A7D84D23FF524D060871D90FAC106
+ 23: 61CCCF7E2A9B3E46CD0A94D7F4A7617BB0DBA2D989907A, B3F4D46094732F3EDD81E0755F0C52EB
+ 24: 7A812A3BCED4E0A72FB81218BD5A4E33D69CA18834FFAE61, 487F80588B41F4E1198124708987667D
+ 25: DBFAB77EF07AA4C9ED2B05500BDFA00FE3F19F15F97A74880A, 84504D9EECBC6CE11B18BD105DE55E2C
+ 26: E676D4739B01B5101E36BF8D9F4FAE8F767C028E83A6D5B39664, 3141A05669807BCA30F0934F599FD077
+ 27: D8FEBD069D87C1EE504CB8F72ADFF2166B14BA40B17B4DAA439668, 1D99A301943041C2F7A71432DA736FE0
+ 28: D98E2A1CFFAB28341F92C41971A21AD0FDDE733EA25F2607967CD0C3, 42E05A53BF4F1A6C5B7F84742ECE031B
+ 29: 13FA412B484945C1FE8291A7EB8F8FB78D2DC2C72C5132386EA82BF4A6, A1A8E8B026DD116B0F9C73EB14C1C7CD
+ 30: 10ABD2DC25C8BA594FBFA9312E69C1A2DBF326475AF2080E55E3611FBC0E, 49DF8A5171DAC3FB684BA2CF7FBB3D3B
+ 31: F401D2123619B81F54F307B783362CC40FB4FB2433CF51F5543A147BCD1FE5, ACBB670CB3722059B4B9FBEE67703E98
+ 32: 839A9BFA1D3CA37924BC6648DED2291FC61736A3638906D9C5DA28A66AA684AC, CD07B83C8E0C3E6FB4115A149BDF6FDA
+
+CCM-noekeon (16 byte key)
+  0: , FF73C6775C61DB36D9B5EEC812091FF7
+  1: 5F, 7D2AEA62A5202E3C4FBE05F33EBE4CC5
+  2: 0EA5, 312ED15FDDAB6EEEAC6AF9BE9CE698FA
+  3: 968F95, FA1AD58B85B93B5A4B5096C881F773C3
+  4: 9A8F4069, 8911063ADDF79E27D9DCEFF3F440E6D7
+  5: A5C0376E27, 9553F44B0BA8039527F8E05CD70AD8B0
+  6: 5B097736F3DA, 405B7EC685FC94903B36AC8E700558B8
+  7: 616810AE303B2C, 64C95A2DF5263F7BE6D1F9F3CF88EADE
+  8: C8D69A2E1170532C, 073A7E426266237FD73D8109F55AE5D3
+  9: 3E42CDB7DA4A72F2E0, 48675EA4302CA6BFE5992DE96CE43BB3
+ 10: 88532CC1F3E321F66D64, 528B3516C6D9A4B5390DD32C2A2E6C19
+ 11: 9216A8FC9A961E7F602F7D, B03047186B783844F5B6757057576B38
+ 12: 89B0858D4FDE6795EDE19CCC, F4530A2DCA823307AEDE5AF34E5C4191
+ 13: A676E20BB0A5E84FD0B9149BF7, 11B823B315DA93B0E15780851526D4BD
+ 14: 903AD5C108C43A80436FE2117EF0, EB1C79C7DF20CE2967A99783EA8D6EF8
+ 15: 81774C36F46F67159B7FFC24C080D7, 2E9E4812D9A92977EC34922782B6420D
+ 16: 63FD1C3F692D64B2DA3982FCD474A5D4, 04171AE84857713A9BABBD4564875D33
+ 17: B1BF6AD99F83C9173C6C021ACA74C5431C, 38D17D4F6AA3C24B8F3B465EAACE0A1E
+ 18: 0948D1ED59F07DE44A96A76E05B0B6F7C309, 1848D886FCFF35E85B0DC3CBE5BEE7FA
+ 19: 3458E5911222F9C555A1054C7D9748876DA39A, 584AFAE72FB6065A74BE016CF39D2E86
+ 20: 641F3867185D0605E9D666AB605187E75A1299EF, 6F9332E6FB5EA0CE811E3345593CD163
+ 21: 0676622D07733EF31A765AAB1E713FCE329277FB16, 88547474050FFC986930CC04BA8A03F0
+ 22: 79861EC2FD2BCC5C12B69F30A1575FC66AC1405281BB, FC68EEAC8F39ED69D312AEABF8000084
+ 23: CB2731835A576F7F8F2C2786D786FB6186E2F85D89DA3B, 3ED9E95BC51CF6368E6EF63667B35BD8
+ 24: 3CB1C02FADB6DD5483BC5D3C03D944102CFCEDF82B913402, 1C3F60C989A6FBF41A7AF4F29115C334
+ 25: E69FAEA5E3D0B76EF9E70F99C5918D934D0E9836F248DB9EEE, 7F1916B2CF7C9A5E3F5581D365ADBD31
+ 26: 36779AD755A9DF2DC3C5824DC2F7DD4FFE038628A4E1A1C33AE7, 2BDED3703468D267F8AB7EC0AF8F1E65
+ 27: E9D325646A41EE5AA7DABCDE98DE83440A7DC02714BA0AEE017E22, 972F4D7832F3371C60DCD04A6DEDEA15
+ 28: 0FAAE3F6028A28A80BBFE71FA7AA9042E538B41A0D514D6EB4EE6029, F7B3925495E260249ACC6E1CBE956BC5
+ 29: A9CC39EFFEE354C0E0579256AA85CBAA7B10E670DD3828A7A05DA0F49D, 28D9D20187AFE70AD9DD16759F0EFEB5
+ 30: 032F4BBB4EBF2E65758C541FDAFF2107DDBED399739849F8EBB41AF9711F, A3436981ED637CE5EEE01B380C46ACAD
+ 31: 7B321ED831CE96A603668E3E74BBC7453749A03D04A1B38E95966E6CC488F0, 88D1DADF2C1EE0BA579D0A8A90C1E62A
+ 32: D862B0BD0E2178AE05AEFB14F34C791547C5956F1F3B5BD525926578DE383A94, BF32CFE059F27222DC55D3E7CE7C5F10
+
+CCM-anubis (16 byte key)
+  0: , C85F41475E06F25682F855C3D45A6523
+  1: 25, 437BD73ECB8CFFAD9B2876F08D4BDA36
+  2: 5ADC, 5C762058A5EF71278B69F567F18CBE51
+  3: 95E541, DF099E8218AEDE8087791B38298334E9
+  4: 2DAA84E4, 7437094198E4AD2647C2618248769A26
+  5: B9641C5855, 91B02EC44D22460BFF22BB40C799E20C
+  6: 102012BCEFA5, E60488DA65D683182F0EFDF9DA52A78C
+  7: 8F14972CA4F8EA, C26B51F20ACDEC7DCA911500CF1241ED
+  8: ED2714B652972256, 8BA29459D5D370FC608EE362B55B7633
+  9: BF58A269A4F59CE0A4, D69080820F836E5B5CA8F393E61ED009
+ 10: 44AF1F715ADAF26C6EF0, FEFBC7DB75ECDDBA4A13CBF9A57873D8
+ 11: 77CDE1B951F0803893642D, FBF8B80B061703504D8D3A7718366B6E
+ 12: DE599BAAC9D3EFD9FCD47E44, F636EC35D172D661F01746FF86688B95
+ 13: A792B8359050C4866572977415, AE67D4EED92E63A14003FBC936EEF43E
+ 14: 62D5A7A4DFB78A175831627987CB, 25F7B440DBE9902C28B28E50BF02C516
+ 15: B6F289459F924C76586F4EEA0C1CAA, 54266B4424C3AF6E81F6CC4F2437F54E
+ 16: 884B7DF3395F063DCA26BDF9F2FEF4EA, E3C2BFA1964EFDF78FDB9559C8031C50
+ 17: 774962377B8731F2F301B930487518801F, F35B54264711D843D23636BA6CFA3E4C
+ 18: E9C8D1164F2B196C7305406179B232E45F1F, 2A13E034A136EBC0ED3361737EAD214C
+ 19: D3DCD242C952C5589E00B65CD826CA87691B8F, 9D624D482042798DB896B55D801EAD98
+ 20: 57065B2655D4799C0478FE7E8463A2215E758875, C8FB052F14F9DF6731A9C8B566E71D53
+ 21: FF736FDBD23593D9BC9A0D8CA7D819F550EF969322, 5CC3023029790BFD43204B27D52D7D7E
+ 22: C562B7387B8F1D3DBA22DD1636C9C4AB443F2FF15F70, 195C928EAF88BB4ACBA8A01B4EBAEE6E
+ 23: D0AC6EA8A804DC261304D4821E6AD7FCC2F0DC1A299B9A, 34FE2034CCF09A98DD50581DA8BCBE39
+ 24: B65933A7D7C8EF19C1BDEAABE2B4CE5E821459D953565EF8, 42B20EF142EB228803D6AF47C6482BEB
+ 25: F1F4FCE842EFEF563F6F047956E6706DC9B178D00D82776D74, 3ECE3050D8C80319821D5F57A7CA7066
+ 26: 4A3F10F4E34210A5CA1B81AD4269CBC3FD68AC662BF0E9DC9935, 0BC0724AA9A194D8C75EE6FC8E7F28F1
+ 27: 077F3C055303FD669BC1A370B18AA7F31D3C8CBFF5A69381404FBB, 872C7946401BE70E677B79EA13FB0F58
+ 28: FD39D32B27FE5BB8E6512C642D490E0AD0866E386580AE115C85ED2B, EE81712EA57DD54DDEE98EAB3285E6EE
+ 29: B45ED179290A6064188AFF6B722B37F8C3E984EC37AB5F47B353229B12, 186B3AD0C9F60D57E84992CBB2B0F71B
+ 30: 83FF1FD179D518A414148C15BE566BE4CC3DBE9FF5319A651E862811F152, 4B2942C66565EB9139A83C2EFD549D55
+ 31: B8176469E6A0D5797ED6421A871FEECDE48ACF011E394981C43AC917E8FFD5, E9B01383DB1A32E6126BD802A6C6F47E
+ 32: AB6A0AA29B687D05735167D78DB697BA2478BD14ECD059AE9D1239E7F2AB48FD, A560A30FD87CF28BA66F5B2638567E4B
+

libtomcrypt/notes/eax_tv.txt

@@ -0,0 +1,461 @@
+EAX Test Vectors.  Uses the 00010203...NN-1 pattern for header/nonce/plaintext/key.  The outputs
+are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous
+step repeated sufficiently.
+
+EAX-aes (16 byte key)
+  0: , 9AD07E7DBFF301F505DE596B9615DFFF
+  1: 47, 57C4AC75A42D05260AFA093ACD4499ED
+  2: C4E2, 26C5AB00325306772E6F6E4C8093F3D2
+  3: 16177B, 852260F91F27898D4FC176E311F6E1D1
+  4: F09F68BE, 700766CA231643B5D60C3B91B1B700C1
+  5: 8472705EDF, AC4C3359326EEA4CF71FC03E0E0292F2
+  6: 14C25EB5FD0D, 8DBD749CA79CCF11C1B370F8C975858C
+  7: F6A37F60670A85, AFBD1D5921557187504ADE61014C9622
+  8: 1AACFEAE8FBAD833, 82F477325D6F76BB81940AE25F9801C2
+  9: 069414324EC293697C, B980E21C09CA129B69E9032D980A9DC5
+ 10: D8174DE9A2FC92B7DA9C, 1E42CC58BA2C8BFD83806444EA29DB61
+ 11: 2C087DEA30F8B7EE510990, 83DB400A080C4D43CAA6EC3F1085A923
+ 12: F36B93C272A703D3422C6A11, 1370C3AF2F3392916364BBBCC2C62EC1
+ 13: A0F33477BAE2E28E6747AA3193, B626DC719528CAC65DB0EF94E35422CE
+ 14: FCF5193506052E8BFA095C1A5205, F5BD02E0B3C91CC7D6FAAA8A9A76CE6A
+ 15: 3797D7F8599B8EEAB39C56241880DC, 0B70003E77146B903F06EF294FECD517
+ 16: C4BAD0E0356FFD369110C048D45D81BE, DE7C2B1D83BE2CC8EA402ABE1038BB79
+ 17: AF5C358BD31CDCAC2F0EA5252F1C3BE1E4, 2D700986F93B22DFE6695C2A243B4E42
+ 18: 7DEF9056FBDAF491D7206B26B19DEF617AA1, E71A7D00BE972D85C77931D7591B2151
+ 19: 6E9B2C0A90BF9D38A6EA3B5D2B9B2D97F938EB, 5B483D7F15C39602C2918181E57DA341
+ 20: 7C5F68DEE9BBA3B04F11D5FC7C9C7FE6E8B5025C, 0AE6A12D37A9C10BB1A494E16705DC05
+ 21: AF0A886BF673BC72045FC074F06A0176C96105E2E6, 06B2DC9A2868C23F86D710E01E37E07B
+ 22: 5F228A986DFE4301EDBAF07A02E114F1B30932995CD1, 74EBF68627C78B1FD024A59B56B2A8FA
+ 23: 911322F60555118CBECD8DD82F186AC19514316E8D48BA, B6A8BAF2F175CD0C71B63B1EF37E185E
+ 24: E7F52730CFB808EFDB376A5D5DF31A7EF8292DC5FC37E9BC, BA2AD158A2D2E5CE01296402B592E1DB
+ 25: B3F8D7CA47D8D86E94D670AFBAFA3B8D9E186C97DC029D4705, 709D2D2B9975D4729C19D4EAC430E65E
+ 26: 7178FEC027AFADDC2C03518E75CF34D207CAC2EB1537A0DBA520, A315F034CE5E66601444402520F55DE2
+ 27: FC230B2B8522F53459D0B968421469BBA7E683ACB0190393B2870F, 48679A78E470E175CF3D3E9B46CEDFCE
+ 28: 35A641127C78C721ECDC50866C21637FDC9515E41CE60F09015EA713, 0062987222F6412B7AAF8A9ABF6FBF98
+ 29: 3D42D6C113421743C08A6F682CFA0E517D5531BB66241C02EC4DCC26F7, B1AAFE11FA2D6E0C870177DDD7F98FF0
+ 30: DAD065B4669B7C59C8392D8E7BD7E64BC01CEFFF27E335B25A328D356F0E, 8973B9B9ECF26DAB58CCF0787EE928E5
+ 31: EBE626F9E241FD233D9781C359430C982667AA26921B62E98FAEC502C01B0B, 2AC0D7052A2CDCCE8E26FEA7595198AA
+ 32: 64D842B66796A797C2B4C6905742FDF2148FFC445E192F9E03B53810C082F788, 9778B345EC12D222DCC6DBABD2651750
+
+EAX-blowfish (8 byte key)
+  0: , D8C4C23A6AC0B7B7
+  1: 2A, 5E0E4BDDB60772FB
+  2: 7695, 7581B16CCC9C45F1
+  3: EB14C8, 6223A121CFA216C7
+  4: 5A5C809C, 4A47658796337D6A
+  5: 8BC2041181, E1FBA8DBA00571FC
+  6: 89C666F015FA, 2B4A76A0E699FCFE
+  7: 86C1FA92484AF6, 31B3B738A261D6F5
+  8: D1F401C145C9328B, 4C4A045EB489F59C
+  9: 70C9C7753698324A73, AB298B5B20567EB4
+ 10: A50D9D88DC101B6DC8D2, 529DFCBFD13B8E6C
+ 11: 7CC2885C2BE79C44F28FF2, 566255022B40C81C
+ 12: 6902D58347C29250EE07981C, 34619AF18E14C690
+ 13: AB6C3C4AD3EC45143392B642DA, E6D2DD323DA175BB
+ 14: 7065B28BA8AB67B2FB7B6D5E3FAF, AEDCAA54F4B0772F
+ 15: CBBA14A74AD4ADC0EF036EDAE42D51, F2BFFA4D81BAC034
+ 16: 60A315193F58144F5701D547C79FEEED, 912FDBDB05467DF5
+
+EAX-xtea (16 byte key)
+  0: , 86881D824E3BC561
+  1: EE, 4C3505F04611D9C2
+  2: 80C8, 6A3428BEEAD60738
+  3: BF88E7, 04F1E99E9F5906C2
+  4: E06574B7, 33B0153AAEF9776F
+  5: 42D950AF63, 4A0F415640322FDF
+  6: C30F6AD46EC9, 9646FE909D2B95CB
+  7: A0049FCA856A14, A0257289C6BBF278
+  8: 2814B0C1358440E0, C4B0A2354925E887
+  9: BF4F062B52C1E489CF, B56442A3CA57A041
+ 10: 63DF433956831B8780FC, ADF9ED0B46DCA19E
+ 11: C317FD079817F50E0E8A16, 2EA0EC993FC603AE
+ 12: 2BD12FDDD81EB11660346D2A, FBC6F69125BBA88D
+ 13: 85D356536FE2843C6BBE60EDBC, BB2FEFD04F230E79
+ 14: 22493009DB01B4746F4927A8C4FB, 64CC08471D93C9AC
+ 15: C0F3C0DB08DC93FBA725D1E02DE084, 77B762213DDCCFFE
+ 16: 568B66D3112556BD98FF9339E9C002E5, C8355F508219FE0C
+
+EAX-rc5 (8 byte key)
+  0: , 169C7954341EF44D
+  1: 22, DABFDA9A0B0BA067
+  2: 2E54, 6A3D6D9AA5877C5A
+  3: 2A6ECF, 2A34A3AF5DE8919E
+  4: 9CC5F84F, D3F673EDAF75E3B5
+  5: FF5611756C, CC647FAAC8D49BF1
+  6: 74C939BEB31C, C335999CCFE8F5FA
+  7: 7976B6F7709B5F, 2A7969C5FD063A88
+  8: 421EEC5022276174, 2C9BFB1EAC3C54A2
+  9: 6A4761CD266B1C0ECB, 3EA3CCEBC85FAC4E
+ 10: 7C09201098E764239A2E, 8043ABA9BF4D5AEE
+ 11: 8CE26277562F646DE33C88, D72AED48895E3B40
+ 12: 52150F44D37D121560DA87F6, 58E865E22B485906
+ 13: BA0A73B45F93ECFBFC3AB3D8D0, 683D52FA47FB1A52
+ 14: 96546CBE01054AD24CC95DB54724, D80D0D530E5D1DDE
+ 15: 61E654BB18CD26FC36C09F874DC2C7, C65884CB9D9FEC1E
+ 16: 1D77B8BF02CDEAB4A707C07628826D5B, F18D1730C3D64701
+
+EAX-rc6 (16 byte key)
+  0: , 1DF8B0B92A3F0C951C425AF4830E63FD
+  1: 1A, 8A2959EBBE90180999994DEB7036DB85
+  2: 435D, 7EF00CB57DB7B4155DB530D75CE6B025
+  3: 08A6CF, 2ED6AF0F2D5BAB05F623D389480A01F2
+  4: A86E54D3, FC69547C8BD922A5BF2F7B26C4D20F98
+  5: ED0822E439, 0007A3C6DEFC6C912C0E5B853B520368
+  6: 7BEFC7FD4054, D32C43A4D1086D57C5BCFAEE04EBC600
+  7: 5235E58E79287C, A27E9C781327C0FC7C55410EB0C828A9
+  8: CEB5EE99BE521F4D, 547F46383987F2A3582A81A3BCF9B280
+  9: 0358B063D5F99C3770, C0A73730512CDA6AD49599775D59EDA1
+ 10: 434B9AEE07DFADD0A332, 499BD88881E558E09A8E822BE27D2496
+ 11: D47849E650F350BB622D74, 638E37A84E7FAAF8F5D77F1B061773DC
+ 12: 814592F568284085E79A024B, 9EB1405E8422FE50BC0D88D837A2C650
+ 13: 6F2B55EC91B591082053AF692E, C48F91EF01AA43A1EE3B36D233DDD48B
+ 14: 506CBDD2901838EE2F178B6953DA, 03778957F536509BFCA577B23A18F726
+ 15: 446EE435D3D1848B51BB8C5F7BE4A1, 1129EAEAADE534940546D43242A4C839
+ 16: FB9D2B150C42465B1685D8F069CC06DB, 41E2940F5DC63CB4E2FBEC25ED8A31E6
+ 17: 9684F683260107BE8FEBBEE1D3EEDAA7BD, BAE7C116F7FF96631F4ACEE95C65CEF3
+ 18: 5082B1FE48CD3AB58F63C2DCFDD4069AC736, 19AC7B8EE315CBB7131A283851B32266
+ 19: 8C72AE495B6F003A3C784D144E84E88885F78E, FA4CEC023740A8D670E351FBCF62C1CB
+ 20: 815D6361C7AE34C9D796ADF9C71ABC46AEF88BC9, 9A1F7288C61A6623B9A82748137ED7CC
+ 21: 904A853E2E96BD2B85AAB3F5DFB900E9B3642EE667, 9AA90DBDD461CAD20495DCFBCB513DD2
+ 22: 79D738A462F727B3D3C529ED999B6FDCCD991D1C5A4D, BF0987BEDDE650D73CAE7D380FED3431
+ 23: B2DEFDB7D503A84E83155A04B8DE8C8DBB68C2FC475007, B7CE900CF43CD518024123C76F6DA328
+ 24: 9E723E15439E12F6C46DF8A309AE1E97B6FD18436259CFB0, DF8B6E1E23512CC4CF5FF531A1908F69
+ 25: A7F0AD03CEBCC9202718AA164886E1026975306A664C5AC7A9, 4A771BF8B9A4325705C85E5499FD98E9
+ 26: A53A92AD1C6835F28E04EF591E783D36F3D76E489B31B87BEB7A, AA263B52A6E6A043DE4D7029D4DC73F5
+ 27: 79BE3C38291A7F77E932C8A9DEAC08DE6442EA9B3895B101A14E7B, 33B84DE06342E675E019CD0237292ED0
+ 28: FA108123C5A69571CFDFE8C3D00535121FDE3096DDC0D700F8F26A5A, 764025D7CA1A3F2C54D28956423B0C77
+ 29: 36EC2D67FD977BD2B73DB6D8EB756B3EADA13690E1B6DFC12A4781B34B, 4BC6B38DE3B02283D92F4DF19A5C48C5
+ 30: 96D3243C945905C9732B5927E46F00886D511463B38C86002FC26B65AB8C, 5B5511CDEC35687AB8425AB22D58B4F1
+ 31: 9CF83B87BEA3374AF7722E999863E3DABB858B0383383EAC7757F5B80FD44B, 1E0CBC961940FDA93B73A92DACFD67F3
+ 32: CE3BC3C9FA5EF4AFE5272B3EDD24B1B003FED2C2E501528CFF44D3FABFF52CB4, DC94FDDC78AAB2B7CAA1E1EF149AC355
+
+EAX-safer+ (16 byte key)
+  0: , B120C7B37450C46189712E4DFD1F0C44
+  1: CA, 82BA1869C5FF1EF2A4F6ADC1E7DC1F1D
+  2: DD20, 6BD5601B16C9943A84AC1F99A176E6D1
+  3: C1C09F, 0911DC63AA414C004E2BD825BECDC93B
+  4: 27E43F59, BD858F084B082F76814DC385E1FB20D1
+  5: 2A9A92F246, 5ADC4A32491934AC0BD00FCE686B26F1
+  6: 52C78C0CD6F4, F35886F46C03EDCA10B3D01CF07B1E0A
+  7: 23E0D3CED3795F, FE33D96FC98B78A30C0A412C60E93992
+  8: CD3FC9961559F239, 9982364A61609FC41068260267231EE9
+  9: 6EA46CB7AD7505C1BC, BB15053EF0F78B9091B3064118F3E9BF
+ 10: 05D9BA230A56CCA0703A, 1338E68E3DC992B6EB2685C668E75869
+ 11: 7AAD6049DFDCA6771AE42B, 35267E431051E1812495615324C4CBE6
+ 12: 8695091532B83B23C296F620, 7B2EEA861E9A91E6B6A911E10FC3FDD1
+ 13: D909DA4BC7372ACAEA78E6A0EE, EA6C1CD16180DF0B07F4E204A4B4FACB
+ 14: 7DEC8443600D0563AEFE87A2064F, DA454728069B3B409889664783588189
+ 15: C042FE656742CD2FE5D9C212D18C6C, 5929E4AECC2CA047BAE948E7023FE4D0
+ 16: 0B84D3CF59EEF7319633F4A397D47CF8, 31F892FFDB7535DF5D9143456E404163
+ 17: 8C9E57AAFA7969B142742B63AB73286600, C418231C44F96660DDBA8C26B3BB3681
+ 18: E9EED66D370A3A6A39C7E0E570D96F807EAC, A4AFE8D1D3C31B956A3BDBD043E7A665
+ 19: 1A5D47992DA5597D1449B4C8DD47B7404C7657, F3ECEE5182014FC3365FDBC4C33CC06A
+ 20: E7C7945FD1AFD3F5DCE666D8A5A2E8A3C11A7A5F, 86D78B2FBA7597B8806BED505B52BDF6
+ 21: 9E2165B47B29CBC4ACD50660E011D691F061209969, E9B1E860BD02085177E1A94E1EE6F3F0
+ 22: 48EA2945C8DD3FE09407BAC8973A861DB15B788C8FFD, 502926712EDB1B3DD13806052C6C75D7
+ 23: F37D46B35B60819EA52B00457D79155C04B55972D0DFA9, BB2B7D210BF0570F422640BF81F39B9E
+ 24: 12E85C0C78227205CC682360C79E35BF58EC6551CF8FE2D0, 042990D7A58D458C570A15DD375DB4E7
+ 25: 4F6C15109DE980DD14A7F4C27F48671E4787C53A564232F427, B097A5990D8067DD89C21473150C070F
+ 26: AAC472E49DB101B564A8A01E2C80C0C6AE9065D332C2DE79FAB6, ACDD587A7DB86542E195DF73AF1C1CBC
+ 27: B9912CE18019C31692A1F7E11D9CCB20297ACCB9DC62C47C01D2C2, B0ACBF028CA5B15E0035D2EB8CA916BE
+ 28: B4F2B1FE14A1ECDC9C8EA1A0120395E6ED1E69D3FC85DD0F3F90F350, 9A561EBC769369B95B9CB74FC6AC27D3
+ 29: 3FE397C8AD02689B7437A37861F0907AF1F6014A293B46419348771C5A, 6B7BEB9BD5018FECD71BE5081C7C2544
+ 30: 5019089142199F7207E1B7731B8B247A18A685B231499DF12A73F5D67D37, 307E93446777005BA1B088F178A0DB6E
+ 31: EAE8F9F02F8DB3D70B78B08CFB0949D99F1A86C958A8E3823736BCEAB86BE1, 6C94F48591C18BF9C450515B73379973
+ 32: B9C795F7A87305B4AD36DBA10B3B1C70B329D29E49C8C6A932D96A74334AEE4A, D18E6E233FEFD6E5C7148BDC1504299C
+
+EAX-twofish (16 byte key)
+  0: , DB0C02CB069E3773296D3BD4A87A381B
+  1: 99, 7D21D19E9C440F68E99F1F2EA2668694
+  2: 0696, EA590EC417C88E23FD23917F9ECFB0C6
+  3: B9B082, 82D4C9B68DDB02C906496413E13A2D68
+  4: D6B29D74, 5BCE5CA4F662E883BF7FCAAE5FB2CE01
+  5: A59C9CB009, CBFB04226D1029A7EC9D64A48A6729BE
+  6: F4924FE3E355, 3D85B3900DECA0528C815F1447A1F209
+  7: 679C88D52FB519, 931C7A863C3701D8015FDBD8696C6C30
+  8: 26DA41C0D115375E, 7627E23E791A4DCB0FA5ED71B1ED2288
+  9: 8FEC6EB7016AD2B178, F65ED0286A724F0CB2EA317D5022B0D8
+ 10: B5F22415B1334133C531, 87C4F3A8991BBB85984BC4D3305A5CF1
+ 11: 23E1D0ED2E820AFE7DA2FE, 100499F1093FAB2ECF73B643594E98E3
+ 12: 79519ABA91F46B8DAD6D5335, FBDCD1FCDB20AB99135F28A714C6992F
+ 13: 5968D0B4198A0AAD3D0395018F, 781F22E2DA98F83398FCF911B2010057
+ 14: 4E55B14432B601E3EF2EF567CB15, 8BF6E53D7657E56EA3DA1BFD9C9EC06E
+ 15: 6ED89651CE19B3DD1EE5C8780B5015, 131CFD657D32D4E1B35140ADDCA0E13A
+ 16: 2295A968B4D072D12757756247554850, F35FAC95C2AA4155450EAAA6E2E789B5
+ 17: F9B2AA2AA502EA79BBA0C5EAD932B8E1EE, 0ED81AA40B9BF39A9AAEDDDB7A04BEA6
+ 18: 385055F1C1C26C0472A504B4CD225DCA55FE, 24831680B56368231AC54227D737F582
+ 19: 771529585C741A3F8B1C973709892F255A99EE, 2A132B4BF96FD5109DB04459103F5E84
+ 20: E7A2197D9FAA8AB8B303B5EC71AE34AD5EC5DD66, CCAB6518371EC8E0A9E9EE4F7CA5878B
+ 21: 279E54F755EAC6B57375B9EC4406E43DB3139D740C, 7B6F26F2C0ECC9F2DF4EDD7513E6E0B7
+ 22: 27816AA94CBA2BF98E49E595AF5B3FAD12BF1D6F1AC6, D04876C5492D275F15C834E3CF794F0E
+ 23: B5658DC148855F68B282211D879F688F3C142FE555CF81, 4539CDA8A65DB9047AAD76B421B81120
+ 24: 72F0BD4F939C2C9B4FA734DCB0AE4FB9BD342BC8459ED2FE, CEA8469BC0457EBF3418C1114288C904
+ 25: 70568245E6E6BD5D11AD0C74030D7AE08BA05057DEA0FBF4AD, 71554FDE6B87477A51EE4499D78783D2
+ 26: 8702D35BE07D7ADF70684046CC6C72FBBBF821E0BBCCBC973601, 33CC6FBFDA15E306919E0C3BB2E22BB6
+ 27: 0BA23F4A6174165D4A8BA80B7C875340B0F8B2A6967D34E106BC22, 00E6679496714236EECEC84B9AF3072E
+ 28: B9E25ABA84C6BD95B5149E7616FE2E1D6FAACEAAD77A636C60279176, 8D8AD0B9D4C709E1DA370EE01611482A
+ 29: 74759711F6D542581F9F83498FB616638D092732BA07109BF4B5BE045C, 71A40DC777BD09F75362F7B20E0B7576
+ 30: ADBF7E98926484BA2C7F6CD7CD9734FC19265F68AF3BFCAEB025F6296E37, 8DF15B5F69B67F7DABE44E3666B55047
+ 31: 2DC26D449379997D110309B2A0DC2760FCE8CADB4B14ED580F86C70F69C9BA, EFCB60EB2B25737E256BC76700B198EF
+ 32: 2B1890EB9FC0B8293E45D42D2126F4072754AA54E220C853C5F20FBA86BE0795, 1A1B15BBC287372FB9AF035FB124B6A1
+
+EAX-safer-k64 (8 byte key)
+  0: , 9065118C8F6F7842
+  1: A1, 1926B3F5112C33BA
+  2: 2E9A, 5FA6078A0AA7B7C8
+  3: 56FCE2, 984E385F9441FEC8
+  4: C33ACE8A, 24AC1CBBCCD0D00A
+  5: 24307E196B, DD2D52EFCA571B68
+  6: 31471EAA5155, EB41C2B36FAAA774
+  7: 03D397F6CFFF62, 7DFBC8485C8B169B
+  8: 8FA39E282C21B5B2, 2C7EC769966B36D7
+  9: FEA5402D9A8BE34946, A058E165B5FFB556
+ 10: 6CDEF76554CA845193F0, FED516001FFE039A
+ 11: DC50D19E98463543D94820, 8F9CCF32394498A1
+ 12: 42D8DC34F1974FB4EB2535D7, 77F648526BCBB5AF
+ 13: B75F1299EF6211A6318F6A8EAA, C5086AEA1BE7640B
+ 14: 1E28D68373330829DD1FFC5D083E, 33EDA06A7B5929A2
+ 15: 85529CF87C4706751B0D47CC89CEA6, D031905D6141CBED
+ 16: FE5CB61BAF93B30ED3C296EE85F51864, CC484888F0ABD922
+
+EAX-safer-sk64 (8 byte key)
+  0: , 5254AB3079CDCB78
+  1: 75, 798DCF14FEF8F4D1
+  2: 0300, D5FCA75DAC97849C
+  3: 520F98, 10E357957CE20898
+  4: 80E2764D, 5C7F46656C6A46EA
+  5: C48960CDAA, 3CCF44BD41F01CA8
+  6: E0E60BD9AA2C, EBB493983FCEE79D
+  7: D13D8804906A1B, 6EDDCA919978F0B6
+  8: B7AE14C37A343BFB, 2369E38A9B686747
+  9: 5DE326BBCC7D0D35E9, 041E5EE8568E941C
+ 10: 13494F5B0635BA3D6E53, EAEEA8AFA55141DD
+ 11: A9BB35B14C831FDA0D83F7, 4002A696F1363987
+ 12: E242043A1C355409819FABFC, 63A085B8886C5FDC
+ 13: 204598B889272C6FE694BDBB4D, 194A1530138EFECE
+ 14: EE3F39E0823A82615679C664DEBF, 1EFF8134C8BEFB3A
+ 15: 8579D87FD3B5E2780BC229665F1D1B, A832CD3E1C1C2289
+ 16: 74D7290D72DA67C4A9EAD434AE3A0A85, 96BAA615A5253CB5
+
+EAX-safer-k128 (16 byte key)
+  0: , 7E32E3F943777EE7
+  1: D1, BA00336F561731A7
+  2: F6D7, 8E3862846CD1F482
+  3: 5323B5, BD1B8C27B061969B
+  4: A3EC3416, 170BBB9CE17D1D62
+  5: 0C74D66716, 7BD024B890C5CE01
+  6: 6158A630EB37, B5C5BD0652ACB712
+  7: 17F2D0E019947D, F9FF81E2638EC21C
+  8: 68E135CC154509C8, AA9EAEF8426886AA
+  9: EDB1ABE0B486749C21, 355C99E4651C0400
+ 10: DB0C30E9367A72E8F5B2, 631B5671B8A1DB9A
+ 11: D4E5453D9A4C9DB5170FCE, 75A2DF0042E14D82
+ 12: 3F429CC9A550CBDA44107AA7, 2C2977EA13FEBD45
+ 13: A7CA22A97C2361171B415E7083, BFE81185F31727A8
+ 14: 170F79D8B0E3F77299C44208C5B1, D5ED9F9459DF9C22
+ 15: 2E24312D2AE5D5F09D5410900A4BBA, 2FC865CA96EA5A7E
+ 16: 8F3C49A316BA27067FF2C6D99EC8C846, 9D840F40CDB62E4B
+
+EAX-safer-sk128 (16 byte key)
+  0: , 22D90A75BBA5F298
+  1: 3F, 98C31AB2DE61DE82
+  2: 584D, F4701D4A1A09928C
+  3: B9DEAD, 6E221A98505153DA
+  4: 06D4A6EB, 0E57C51B96BA13B6
+  5: 7B58B441CA, E28CCF271F5D0A29
+  6: 7950E0D1EC24, 2ACDDE6E38180C07
+  7: 65A4F4E098D7C6, 7DC1C9E9602BACF2
+  8: FEBE4E72BAA0848F, C4607EA3F138BAD9
+  9: 9B7BD6D6D655985AA3, 8B2C58A9530EA6AC
+ 10: 60C92F925D1478470203, 51E6F5F6DC996F84
+ 11: 7B40769370E651F64AA654, 74F1F8A8D3F4B9AF
+ 12: 7215832C2FB9C54DF7A9C686, 9BF9AEF14F9151D1
+ 13: AD0F9C79008572AB8AE2466EFF, F375D0583D921B69
+ 14: C05076E2C330A0D25D7CEC80597F, 843C12F84B00A8E0
+ 15: D18F0563AB0278140B0CD9A9B07B34, 262B1688E16A171E
+ 16: 650747091F5C532EE37D2D78EE1EC605, 1BAC36144F9A0E8D
+
+EAX-rc2 (8 byte key)
+  0: , D6CC8632EEE0F46B
+  1: 4C, EA19572CB8970CB4
+  2: 5537, 3EDD3253F6D0C1A8
+  3: 206FA6, 20FA88F03F240D31
+  4: 17EE8B40, 702E8194F1FCBFDE
+  5: 2A89287136, 31C5534786E15FB3
+  6: 3A6AEDC7066B, 3C663A4081E1D243
+  7: 8BC5203947A644, 6AAC806C92BFBD6E
+  8: 2E0274BBE14D21A3, CEB0E0CB73C3664C
+  9: 9C4B292B0CF17E3A29, F23CD535559023EC
+ 10: 8E322734308F85662877, 46363D7EFC322821
+ 11: C413C405767FF5F98E3667, E7BA35D8F3678E7E
+ 12: D77806B7A218098B1569EADC, BA67C306E5C0181B
+ 13: 4BE5EF74F9E9799A4D636FEA9F, 4C511C44ADBA4030
+ 14: 7E19969170C2C8D8AEBA8C7FBC2C, 54CC6D466A2DF6DA
+ 15: 2EF1CEDC1DD3403CF440FC5561BE33, 61C6FB277E93701F
+ 16: DE052719153EBACE9D7B19F52AC4282F, 4AC2A96F2FA8634C
+
+EAX-des (8 byte key)
+  0: , 44048B7F240B6F5F
+  1: 0A, 37009B7D4E09953A
+  2: 03BA, BFD2FD7758961728
+  3: 37EE10, 16A6AF96DE888A19
+  4: 07F44290, 100CA84AA0EDAA1D
+  5: 389EF0023B, 9614FB800A533268
+  6: 3F4DBA8AA01C, EFA6B55B7ED5E40F
+  7: 8C7B837896EAE7, C113CE8F664CE3D4
+  8: 7011D993D8EDB0C7, B4C370A919F60497
+  9: 0DEB30A31351B13D7B, 00ABC82DC5F3A1AF
+ 10: 8D3897B2CBE323D6EE1C, 7A2D15627CA1441B
+ 11: DBC002C817DEBFB419F94B, D8EB87F86D6ACDEF
+ 12: 17048E2976FA85AA849E9A80, 229FCD1C9D1E3B9C
+ 13: 30B989EF646544885A478AC198, C1B7EB4F799105C8
+ 14: 5C2E12A7F118A08D6FD585F9C839, C358679FEE6FE7D7
+ 15: 8D1A1E888BBB8648E638C4E74E11B8, 685E006C441448B8
+ 16: 93AE906B8BE4EAC8ED6D8F48F04A7AFF, 71DD7AF752FE28FB
+
+EAX-3des (24 byte key)
+  0: , 8914311BB990B725
+  1: D8, 2094EDC5D03E54B1
+  2: FEE5, 781CFB0EBE3895CA
+  3: DECF5E, 59918E8A5C4B459B
+  4: BD583AAD, 2013BEEBEEA795A1
+  5: 2BC01C6C78, 0B1134DBBEAB5D3F
+  6: 4D5EAF01A895, AB4D17516ECBA50A
+  7: AF229F90614480, D3113C0A9D133CD4
+  8: BCA6F375DF4568E0, 8E9EAEC8E77786BC
+  9: 575F34219E6DD8DB4C, B40C75139E5D1860
+ 10: A199B8AC433B615EC96F, 774AF803698ADE3D
+ 11: 718A2975DD9A872A68AE10, 3B9460F849CBA7FB
+ 12: AB38E148180F6E2FFBB96F91, E3EE3B8FC50DADBC
+ 13: EB10E0233507459D4A6C29EE80, 8D90B46BB1EAB27E
+ 14: EB48559C320DFB056C37458E19B5, 9315F0C4AF8500EB
+ 15: 9E8C73EADA105749B5D8D97392EDC3, 2E749EE66C1E6A16
+ 16: 600FA4149AF252C87B828C780AEFF8BC, 33D7D11DCDC19936
+
+EAX-cast5 (8 byte key)
+  0: , 382FB8F7E9F69FDC
+  1: 99, 20DA959849B3F7AB
+  2: C54B, D05547C6AFA3484A
+  3: 579836, AAA92B2321FC50C5
+  4: FEB7AE55, 639EDF01C4FB965D
+  5: EA8A6023FA, 01274B3ED5CE102C
+  6: B7C4E995121F, 712BFE27CAFF6DDE
+  7: F44236660B0004, FAC51D1DF8EC7093
+  8: 01CD7E3D0BF29E8A, 049C47A45D868D0B
+  9: DAB170493DFD6E0365, 6F3AEDD9A3ECF4FD
+ 10: 82C9EEC4803D9CD11FA8, 32683C0A9128C6EA
+ 11: 324AC59E87B244ECE0F32F, F6B095AAB49353CF
+ 12: DBDDAB11D02C9CA5843C406E, EA728FC46DDD3B04
+ 13: D67376C2A4AD92E7DD80E39303, CAF72B7E7C237EB3
+ 14: F2B9BBEF08036C2982C6DDD06918, 70A29D780C22752C
+ 15: 96E3D9141F8EBF520540C2BC9A9C23, CEFC86A1CD48203D
+ 16: 70CABBA983179106AE7FCD5F1F31D5C3, BF7F9168F4F82F56
+
+EAX-noekeon (16 byte key)
+  0: , 556805EEA595CFB9A30FAD196103D7FD
+  1: F5, 0A7DAEDFB656526CEF4DDBA8087A227A
+  2: 7B8C, 249895D79962D5B4D18FE07366281B72
+  3: ACFF15, DCC489D24832EB106F576AE6B6EB957A
+  4: 08ADE7DB, 0D3215999E9960EDAB29B78744C7F139
+  5: 66139213F6, 505E1E7141D043E903C26EE0959EEECD
+  6: 078B79F880A8, 35B7EB326A55E50332866EEDB682EC20
+  7: 2809E34D9667D4, FFDEC555F68524A09A6ABACA372077D9
+  8: 93D267DE1EC635D3, 4FF3561990A56E4B374618722EF850FF
+  9: F377A4D93FF32F4A51, 91D4070423A90FC54D305169C03F49ED
+ 10: 6244B717E082993EB7A1, 2E3A8A354AFA9473667ED7FDD46BE9FC
+ 11: E917559625D25E6E5F2EDA, 19295C37A70314CC9A1D11FDE8D23C92
+ 12: 1E6DF2EE112A893AB14DFA92, 12C4A89D4CD65F8116A03A135AFD3701
+ 13: 47B18CD762E011770E203CF605, 434909A97E118B20D3AEDC79AFE33A9E
+ 14: 72D9A1A7DA6F33D5E0B927F9F32C, 779C23714FCAA2B2321EC7FB5B03E222
+ 15: DA8B830FFCB3DB274807F780D33240, EDC2F1C8A401F328A53392597730B007
+ 16: B53DD2BB840AD933D36A7B5FFDCCFBBB, 4EC0E6D1F916BF633869239B672B37A1
+ 17: 42936BB9A936C30408660855F4F47F3314, F0DAA6DDA15585E1697ABBB4790B15B5
+ 18: 00372E47F5BA016F1B2A1E680B76AB02052A, CDBF3D241BF7FF96D3DFBEDDB872E901
+ 19: 8AA236B0C8BEF6F67A97C2DF90628F6E5838FF, 731DCD61F7F26004C03519F9500EA824
+ 20: 55338647812FC9D86CBDDCED7120268A4D43F8BA, 0E61B3C835CAD95FD49FEF002C014E72
+ 21: 435820B28E52154B47A04D5E635D8FE37FA47FC985, F6A96DCE4917E8D7C610923627E80970
+ 22: 0D30C15B6FEB4A48B14DD15D41A4B25D442AA677B25C, 28E15CCB74AE992C68BDDC8D87802050
+ 23: D9D701F9AD6B0E13D2CDDA15A5194E7CE8BD2C02137391, 2DB9A15884E9C996C3D6B5BDA44B9598
+ 24: E2390AC5CE10CCFBC72106A52C7F180CB477E3C193CBACA8, 22D3F7DCD6947EA4E78DF57A8E1A9A59
+ 25: ADEFB7D9500658D34996AF6BE6336CD78891064EA1DB8E9785, F239D67D039A15C620A7CD4BE4796B3F
+ 26: 89964C90ABF54A6DF9F13C3681E70C702D80A17BE79F8160F30E, 6336F729ECE1ED7368669D75B7E2DCBA
+ 27: 576B2813CECDA4F905BD5D58349EF070FF41B7EB6BB2B01B061B0B, 125324CBF2ACF1011A44A99A11EC8AFC
+ 28: 430B957481748519A60494F0B5F698F34B1A8235B00AC0D1F0A4442E, 1E80A7FCEBBB8E1E12D6831906154485
+ 29: E781BFE5FCDE0BFC056CC86C4A0B9DD3B815BE8CA678204CF47289B5B5, 190D5AAA9EC1CB4CC86FACE53BF1201B
+ 30: 78BFAC07A9B7B2AE9329BF9F9BF18A1A49DD9587001EFCA00E9AD9752764, 4FB5ECBEEB0995C150EBC66508FA19C1
+ 31: 7D6C20694109DE21F7955855A8FF832347518DD496C2A114DF142C68ACDEAA, B25D4BB34056DC091A7A3950D46C32EC
+ 32: 3E1E4395DEC1AFEA9212B95F37E679B6E2D14DF23C5DE49018C2C8038CC4AD45, 9A6DE7BD41A21918AD504490EF4E581D
+
+EAX-skipjack (10 byte key)
+  0: , 85F74B6AFFB10ACD
+  1: 3F, 604DF8BDD98A0B3F
+  2: EA87, 792374FE07588BF9
+  3: 0169CA, 489AB8AF69DA3306
+  4: A7AC3EB1, 428DAF508E24B583
+  5: AA9028D5B3, C0A44EDA71FB2C86
+  6: DA97BA88A061, DA2EC34077F42585
+  7: 7E25FAA41CEBC8, 36D4987551E06D5B
+  8: F662DA6C9001CBFE, B7DEF76680C316A9
+  9: 6D3F73EC716E1DA897, 5F0F83BAE4D3513B
+ 10: 2A300F585BEE9C889743, F4756C24DEB72A9C
+ 11: 80518B010DD77C82D19106, 50FF5CAA365F4A70
+ 12: 6E579A2173C861B6F37B4CD3, 81E3E5ABBA8F0292
+ 13: 5B04829880A72C38871C7021F3, 6B26F463708A3294
+ 14: 934177878E9A9A9FB4DEB3895922, EBC1C32F0A2A3E96
+ 15: 07AF486D1C458AAB2DBF13C3243FAD, 87288E41A9E64089
+ 16: 84059283DF9A2A8563E7AF69235F26DF, 351652A0DBCE9D6E
+
+EAX-anubis (16 byte key)
+  0: , 8E20F19D9BA22ABA09FB86FDE6B9EF38
+  1: 3B, F4201E546A9160F989191942EC8FD1D3
+  2: 9F38, 4E3CEAE3E1CB954E021A10E814B71732
+  3: 4F4769, 3E8F35A6A5B11200E9F1AA38590066CD
+  4: AB41F5FC, EC4C97A8892AAF5433106D4AC8A49843
+  5: 414F95D61B, BF831E34D1E3FECB973A8C730ECA2E6D
+  6: 4798322F06D1, 005BBC30BFEDBE6463536C4F80D1A071
+  7: F256B6CD1BF4F5, 468A28F0661884B846B191B530C8D064
+  8: 90906F27A633ADDE, 6D9200A37A7F6A456CB103673184C2E5
+  9: 16CD3C17C9B4EAB135, 6D716E23D7B35109F55B036EDFA7742E
+ 10: 7AD1C22F1F06298DFB25, B076990F8193543C8F3185D3792BCE56
+ 11: 0476F2ABCD057FE6FEE39D, BB2876DB18C00038FADBBD9B264ACC3C
+ 12: B69EDE336407DBC2EE735857, AB63E5906116A8BE22C52B5DA31B1839
+ 13: C3864C1354065A56470669E602, C72BFD3A0BC73BFF051C9AB2F0DFED93
+ 14: 296D8F183A59020D33890420DD7B, C9D90B9EB42C32EDCF6223587D1598A6
+ 15: 256ED8E9D982616680559979BDF2E9, 179FE4E7BA7E966050D35900317E9916
+ 16: D4ED8F30FF9C0470D75B3B16750A3AE4, 5D50F05BB270A292DFF9F67A3BA84675
+ 17: 40CDEB6388274143CA3C4F6020BD9A4875, B27C7DFB1BFBB3FCCEE0171852C7924E
+ 18: 54EF262EC1801D505C7629D038654EBA0594, 9D2060FCD0A2C577511C7752ADE60BBE
+ 19: F39EE54A37F16DD38B624D7AB8F0D9CBD4B981, BC056C7D2C09D813703CDD63C1C69F44
+ 20: F4E7AD474FCA153ABD670E43081ED09EB2C4CC1A, F244BD4D630272F0D98FCA04226C04F1
+ 21: 039ECC36A0A16273E7246CA1FF19D213AC87B53F29, 3056DB6916C925DF220B6C9980EE141A
+ 22: 7DE1DCDEF01447CA2FE83375A48DD84E4A7CB7C01992, 79AFEA4816EAF8DAC8A5E93960F1594F
+ 23: A886C4B914BF0983003272F226F9B2197EF2DC05ACDDE0, B59D85A0FDA5FA4422F7203C055B97A9
+ 24: 00B3E1E91448E250AAFB695C0643A6577AB453EFECFABF53, 4A7EFF1CBC1AB535122A017203616D85
+ 25: 85E972E774D66D0531E40B8FE9E264A77B50FA883AB0943080, B18E164BF89B7E7AB0DC256DFEC7C72F
+ 26: 004849E39334969B392CB0CF3FDEFB3D792DCBBC15F8328C7EDC, 3C51295711F5F878DE8F0B2B5A26A227
+ 27: A0BAD6C2264AB1578993BA49E59D4598822FFED20A57D88F756FF1, 2EB9D525697A419A10DB2A84AEEA5FBC
+ 28: C34DD806EAB5AD823D78BCA78A7709A705FC94ECC521A367D76C9588, 3C57580C7903039D645C06DBAF07B477
+ 29: C447EC77512938CF7862388C32AF22ACE6B5E4CBAA998BE4F5CBC4D215, 43425D09B7ACFD90371C08953946A955
+ 30: 2C16993AAE624CBA4CDAF34FE3D368559E6BE548292B281439866375013B, 3B7360C3FA8FB1C15D19F567153CB46C
+ 31: 538E5DFAF14854A786851E4165F2E01CDDA963E318FCE4FB58E31A6B5CFC33, 2F8EA13B7A6873FE556CA535ABA0968B
+ 32: 5E29CDB7D9695A110043E9C260104BDF020A3A2A139D4112E918AB584BDD7EDA, 9133213AA7BCF062D2BD37F866683D3F
+
+EAX-khazad (16 byte key)
+  0: , 75968E54452F6781
+  1: 95, ADAF5949F09B5A22
+  2: 6B8F, A06B201947424A11
+  3: 5BE668, 3251416625DF347A
+  4: 5A92E82B, 33E25772427D9786
+  5: 62F9F2ABCC, DE714F5F5D17D6D0
+  6: 0E3CD825BD8D, A7991C8CB8975ED9
+  7: 4AD0D999503AAD, 53A827D7886F7227
+  8: BB08E6FAED1DAEE8, 91A118749B7AB9F3
+  9: 16E30CB12E20D18495, F8F8B8C1280158F9
+ 10: 616DBCC6346959D89E4A, 506BF35A70297D53
+ 11: F86B022D4B28FDB1F0B7D3, EA42220C805FD759
+ 12: 9B8A3D9CDBADD9BBCCCD2B28, BB478D3CE9A229C9
+ 13: CDC4AB4EF2D5B46E87827241F0, 658EDB9497A91823
+ 14: 1A113D96B21B4AEBDB13E34C381A, 63AD0C4084AC84B0
+ 15: 14DA751E5AF7E01F35B3CE74EE1ACF, 3C76AB64E1724DCE
+ 16: A13BBC7E408D2C550634CBC64690B8FE, 3D4BBC0C76536730
+

libtomcrypt/notes/etc/saferp_optimizer.c

@@ -0,0 +1,177 @@
+/* emits an optimized version of SAFER+ ... only does encrypt so far... */
+
+#include <stdio.h>
+#include <string.h>
+
+/* This is the "Armenian" Shuffle.  It takes the input from b and stores it in b2 */
+#define SHUF\
+    b2[0] = b[8]; b2[1] = b[11]; b2[2] = b[12]; b2[3] = b[15];   \
+    b2[4] = b[2]; b2[5] = b[1]; b2[6] = b[6]; b2[7] = b[5];      \
+    b2[8] = b[10]; b2[9] = b[9]; b2[10] = b[14]; b2[11] = b[13]; \
+    b2[12] = b[0]; b2[13] = b[7]; b2[14] = b[4]; b2[15] = b[3]; memcpy(b, b2, sizeof(b));
+
+/* This is the inverse shuffle.  It takes from b and gives to b2 */
+#define iSHUF(b, b2)                                               \
+    b2[0] = b[12]; b2[1] = b[5]; b2[2] = b[4]; b2[3] = b[15];      \
+    b2[4] = b[14]; b2[5] = b[7]; b2[6] = b[6]; b2[7] = b[13];      \
+    b2[8] = b[0]; b2[9] = b[9]; b2[10] = b[8]; b2[11] = b[1];      \
+    b2[12] = b[2]; b2[13] = b[11]; b2[14] = b[10]; b2[15] = b[3]; memcpy(b, b2, sizeof(b));
+    
+#define ROUND(b, i)                                                                        \
+    b[0]  = (safer_ebox[(b[0] ^ skey->saferp.K[i][0]) & 255] + skey->saferp.K[i+1][0]) & 255;    \
+    b[1]  = safer_lbox[(b[1] + skey->saferp.K[i][1]) & 255] ^ skey->saferp.K[i+1][1];            \
+    b[2]  = safer_lbox[(b[2] + skey->saferp.K[i][2]) & 255] ^ skey->saferp.K[i+1][2];            \
+    b[3]  = (safer_ebox[(b[3] ^ skey->saferp.K[i][3]) & 255] + skey->saferp.K[i+1][3]) & 255;    \
+    b[4]  = (safer_ebox[(b[4] ^ skey->saferp.K[i][4]) & 255] + skey->saferp.K[i+1][4]) & 255;    \
+    b[5]  = safer_lbox[(b[5] + skey->saferp.K[i][5]) & 255] ^ skey->saferp.K[i+1][5];            \
+    b[6]  = safer_lbox[(b[6] + skey->saferp.K[i][6]) & 255] ^ skey->saferp.K[i+1][6];            \
+    b[7]  = (safer_ebox[(b[7] ^ skey->saferp.K[i][7]) & 255] + skey->saferp.K[i+1][7]) & 255;    \
+    b[8]  = (safer_ebox[(b[8] ^ skey->saferp.K[i][8]) & 255] + skey->saferp.K[i+1][8]) & 255;    \
+    b[9]  = safer_lbox[(b[9] + skey->saferp.K[i][9]) & 255] ^ skey->saferp.K[i+1][9];            \
+    b[10] = safer_lbox[(b[10] + skey->saferp.K[i][10]) & 255] ^ skey->saferp.K[i+1][10];         \
+    b[11] = (safer_ebox[(b[11] ^ skey->saferp.K[i][11]) & 255] + skey->saferp.K[i+1][11]) & 255; \
+    b[12] = (safer_ebox[(b[12] ^ skey->saferp.K[i][12]) & 255] + skey->saferp.K[i+1][12]) & 255; \
+    b[13] = safer_lbox[(b[13] + skey->saferp.K[i][13]) & 255] ^ skey->saferp.K[i+1][13];         \
+    b[14] = safer_lbox[(b[14] + skey->saferp.K[i][14]) & 255] ^ skey->saferp.K[i+1][14];         \
+    b[15] = (safer_ebox[(b[15] ^ skey->saferp.K[i][15]) & 255] + skey->saferp.K[i+1][15]) & 255;        
+
+int main(void)
+{
+   int b[16], b2[16], x, y, z;
+   
+/* -- ENCRYPT ---  */
+   for (x = 0; x < 16; x++) b[x] = x;
+   /* emit encrypt preabmle  */
+printf(
+"void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)\n"
+"{\n"
+"   int x;\n"
+"   unsigned char b[16];\n"
+"\n"
+"   LTC_ARGCHK(pt   != NULL);\n"
+"   LTC_ARGCHK(ct   != NULL);\n"
+"   LTC_ARGCHK(skey != NULL);\n"
+"\n"
+"   /* do eight rounds */\n"
+"   for (x = 0; x < 16; x++) {\n"
+"       b[x] = pt[x];\n"
+"   }\n");   
+
+   /* do 8 rounds of ROUND; LT; */
+   for (x = 0; x < 8; x++) {
+       /* ROUND(..., x*2) */
+       for (y = 0; y < 16; y++) {
+printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
+          b[y], "elle"[y&3], b[y], "^++^"[y&3],      x*2, y, "+^^+"[y&3], x*2+1, y);
+       }
+       
+       /* LT */
+       for (y = 0; y < 4; y++) {
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
+      if (y < 3) {
+         SHUF;
+      }         
+      }   
+  }
+  
+printf(
+"   if (skey->saferp.rounds <= 8) {\n");
+/* finish */
+   for (x = 0; x < 16; x++) {
+   printf(
+"      ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
+       x, b[x], "^++^"[x&3], x);
+   }   
+   printf("      return;\n   }\n");
+  
+  /* 192-bit keys */
+printf(  
+"   /* 192-bit key? */\n"
+"   if (skey->saferp.rounds > 8) {\n");
+  
+   /* do 4 rounds of ROUND; LT; */
+   for (x = 8; x < 12; x++) {
+       /* ROUND(..., x*2) */
+       for (y = 0; y < 16; y++) {
+printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
+          b[y], "elle"[y&3], b[y], "^++^"[y&3],      x*2, y, "+^^+"[y&3], x*2+1, y);
+       }
+       
+       /* LT */
+       for (y = 0; y < 4; y++) {
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
+      if (y < 3) {
+         SHUF;
+      }         
+      }   
+  }
+printf("}\n");
+  
+printf(
+"   if (skey->saferp.rounds <= 12) {\n");
+/* finish */
+   for (x = 0; x < 16; x++) {
+   printf(
+"      ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
+       x, b[x], "^++^"[x&3], x);
+   }   
+   printf("      return;\n   }\n");
+
+  /* 256-bit keys */
+printf(  
+"   /* 256-bit key? */\n"
+"   if (skey->saferp.rounds > 12) {\n");
+  
+   /* do 4 rounds of ROUND; LT; */
+   for (x = 12; x < 16; x++) {
+       /* ROUND(..., x*2) */
+       for (y = 0; y < 16; y++) {
+printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
+          b[y], "elle"[y&3], b[y], "^++^"[y&3],      x*2, y, "+^^+"[y&3], x*2+1, y);
+       }
+       
+       /* LT */
+       for (y = 0; y < 4; y++) {
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
+printf("   b[%d]  = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
+      if (y < 3) {
+         SHUF;
+      }         
+      }   
+  }
+/* finish */
+   for (x = 0; x < 16; x++) {
+   printf(
+"      ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
+       x, b[x], "^++^"[x&3], x);
+   }   
+   printf("   return;\n");
+printf("   }\n}\n\n");
+
+   return 0;
+}
+
+
+/* $Source: /cvs/libtom/libtomcrypt/notes/etc/saferp_optimizer.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2005/05/05 14:35:58 $ */

libtomcrypt/notes/etc/whirlgen.c

@@ -0,0 +1,95 @@
+#include <stdio.h>
+
+unsigned E[16] =  { 1, 0xb, 9, 0xc, 0xd, 6, 0xf, 3, 0xe, 8, 7, 4, 0xa, 2, 5, 0 };
+unsigned Ei[16];
+unsigned R[16] =  { 7, 0xc, 0xb, 0xd, 0xe, 4, 9, 0xf, 6, 3, 8, 0xa, 2, 5, 1, 0 };
+unsigned cir[8][8] = { 
+ {1, 1, 4, 1, 8, 5, 2, 9 },
+}; 
+
+
+unsigned gf_mul(unsigned a, unsigned b)
+{
+   unsigned r;
+   
+   r = 0;
+   while (a) {
+      if (a & 1) r ^= b;
+      a >>= 1;
+      b = (b << 1) ^ (b & 0x80 ? 0x11d : 0x00);
+   }
+   return r;
+}
+
+unsigned sbox(unsigned x)
+{
+   unsigned a, b, w;
+   
+   a = x >> 4;
+   b = x & 15;
+   
+   a = E[a]; b = Ei[b];
+   w = a ^ b; w = R[w];
+   a = E[a ^ w]; b = Ei[b ^ w];
+   
+   
+   return (a << 4) | b;
+}
+
+int main(void)
+{
+   unsigned x, y;
+   
+   for (x = 0; x < 16; x++) Ei[E[x]] = x;
+   
+//   for (x = 0; x < 16; x++) printf("%2x ", sbox(x));
+   for (y = 1; y < 8; y++) {
+      for (x = 0; x < 8; x++) {
+          cir[y][x] = cir[y-1][(x-1)&7];
+      }
+   }
+
+/*   
+   printf("\n");
+   for (y = 0; y < 8; y++) {
+       for (x = 0; x < 8; x++) printf("%2d ", cir[y][x]);
+       printf("\n");
+   }
+*/
+
+   for (y = 0; y < 8; y++) {
+       printf("static const ulong64 sbox%d[] = {\n", y);
+       for (x = 0; x < 256; ) {
+           printf("CONST64(0x%02x%02x%02x%02x%02x%02x%02x%02x)",
+              gf_mul(sbox(x), cir[y][0]),
+              gf_mul(sbox(x), cir[y][1]),
+              gf_mul(sbox(x), cir[y][2]),
+              gf_mul(sbox(x), cir[y][3]),
+              gf_mul(sbox(x), cir[y][4]),
+              gf_mul(sbox(x), cir[y][5]),
+              gf_mul(sbox(x), cir[y][6]),
+              gf_mul(sbox(x), cir[y][7]));
+           if (x < 255) printf(", ");
+           if (!(++x & 3)) printf("\n");
+       }
+       printf("};\n\n");
+  }
+  
+  printf("static const ulong64 cont[] = {\n");
+  for (y = 0; y <= 10; y++) {
+      printf("CONST64(0x");
+      for (x = 0; x < 8; x++) {
+         printf("%02x", sbox((8*y + x)&255));
+      }
+      printf("),\n");
+  }
+  printf("};\n\n");
+  return 0;
+   
+}
+
+
+
+/* $Source: /cvs/libtom/libtomcrypt/notes/etc/whirlgen.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2005/05/05 14:35:58 $ */

libtomcrypt/notes/etc/whirltest.c

@@ -0,0 +1,19 @@
+#include <stdio.h>
+
+int main(void)
+{
+   char buf[4096];
+   int x;
+   
+   while (fgets(buf, sizeof(buf)-2, stdin) != NULL) {
+        for (x = 0; x < 128; ) {
+            printf("0x%c%c, ", buf[x], buf[x+1]);
+            if (!((x += 2) & 31)) printf("\n");
+        }
+   }
+}
+
+
+/* $Source: /cvs/libtom/libtomcrypt/notes/etc/whirltest.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2005/05/05 14:35:58 $ */

libtomcrypt/notes/gcm_tv.txt

@@ -0,0 +1,214 @@
+GCM Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key.  The outputs
+are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous
+step repeated sufficiently.  The nonce is fixed throughout at 13 bytes 000102...
+
+GCM-aes (16 byte key)
+  0: , C6A13B37878F5B826F4F8162A1C8D879
+  1: F1, 397F649A20F3F89A00F45BF230F26B61
+  2: D6B8, 1653F67C9C716D0FC59F3B14154DECBF
+  3: 673456, E82EFC79B30CA5235E2DC8BE4C14265D
+  4: 26DD7C26, B8D1F4DB845F7D7079DEB8920949C14D
+  5: DA62AD1487, 828A42329320764E5FB74D44A6108F4B
+  6: FB79F7D51742, 865415BD049E86F3DA2E0B6E25E1A50C
+  7: 9D96D1034166BF, 50669247A5B338E183DE5139831CD6A4
+  8: B466050E1330B20A, CB264FA7853A1FFE86E1A07CFA7C7319
+  9: CF16F0B3D9FC6183DF, 647DD6E1F40F385E1DFE6676FB036242
+ 10: 14D90928C7236050096F, 930CAAA5536406218885475CA823A973
+ 11: 4F2322D66A7079BD7DF519, 3B3931D47413042FAF1313F1041509A3
+ 12: F1497906F1D8F4F9E47E4BE9, 469FB0D62828427C2E9BA04041A1424F
+ 13: 2FAFA2A3EEA4C000702E58D1D4, C9A484FC4ED8644A06060DAE2C3D1568
+ 14: 5D707F8ACF319413D220AA2FC2B2, 0EE9AAF5B1CF622ECF6C4F5E5FF4656A
+ 15: 2C19DBF966D24B2713F82B69934060, 8676246A2F7795ABD435B3C6B4EA6E7A
+ 16: B3FED6C2315CE6D98729DBE69270A11E, B8AC739AD154744A33E906C34D91BD4B
+ 17: B2BC44CE088BC3F654B9703D9C691F17B3, BAD8314A171BC0119942136C5876AACC
+ 18: C6E958E3E9AC836C9626BD66478974D26B0C, 4E6D61833E9DB839117B665A96DC686C
+ 19: D40FADD078B474EBCE130FB44DDB4824077988, F43E3CD978A6E328AF039CC70E291E1C
+ 20: E177B3DF83A117E55F255A6C2CD78AFDAFDA307F, EEF1ABAAB9CBE0EE317CC79E7E5E24B8
+ 21: DBB4569B3E305E4525F1F7B3D2AFEF226F397E661D, 65ACFB70132EEE1D47319A550A506DB5
+ 22: AC2CAF77718DE59131A6B745DE9F3A9897B17580EC71, D8DB9006A9597F640F2594340D69E551
+ 23: 8F62022F72A0D769D2D095A55E28832950870B2B44B0BE, A7E196F869071B7BB713E8A2D15627E9
+ 24: 37F5640F820384B35F13F8C8C7DC31BDE1E4F29DCFBDA321, D5765C39DBCA72AC89100CCB8864E1DB
+ 25: 25059BFC302D0F8DD41BB22CF2391D456630C06F1DAF4DFA86, DC2FFD153C788C28D251B78AB8B7388C
+ 26: 151F158CC4BA9393FDB153C4C72911C120BAB519FAF64719133D, C61915006038BF15DED603832FD179DE
+ 27: F5DCF4231482F72D02F8B9BE0A41113D35AEA1CD85021CEC978D9C, 9CBD02C557180FBD0868C87A0BEA25AE
+ 28: 5D88B5554A2ED73054226473676FAA7159CE12B5357D635DDED35B5A, 5AD11CD6B14C59E64B5B26DFBD00FB5C
+ 29: 5696C7066EA09A30FC8BCBAD96D48A5E5FBCC8756B770F0A89B8711911, B9EA5F3BEF0599D385A9ACEBE4064498
+ 30: 1240FED47B305AC1883F8CF137D58E79052B4E686DCA1423A6A2BECBD5F5, 036A5EA5F4F2D0BF397E8896EB7AB03D
+ 31: AD9517BF392C1EB56D78EDE1C41F3C73B72304DA47F400C390C86B37A50C2A, EB3E026D518EED47F6C927525746AC54
+ 32: 2AE1CEED83C6490A7E5752E91532406EAC6FF4B11AA770EFFF1B255FDB77C528, 74BFBC7F120B58FA2B5E988A41EAF7AC
+
+GCM-rc6 (16 byte key)
+  0: , D595FEDAB06C62D8C5290E76ED84601D
+  1: 4D, 47A6EDEF8286F9C144B7B51C9BCCCACF
+  2: 0085, 9788DDF89843EC51120B132EB0D0F833
+  3: 463701, 673CB8D248E6BECD5A6A7B0B08465EF6
+  4: F5B3222C, 1C424282D7FB427E55285E20FC2ABFF9
+  5: 3A4A8361B2, BD40E631B054F280C7973E5AB3F06B42
+  6: A475866BF2C5, 2067F42FAAA6274270CF9E65D833FDED
+  7: 689D0D407172C8, 3BCCFFC64E56D5B753352E1DDD5CCAA3
+  8: D9CE4B051202A1D3, 79B0CCDA3D0B9C9BCF640BC9E6D9CE0D
+  9: 0317D68BE098D276B7, AF35043DB6213DC5D4F3DFB8E29EE537
+ 10: 154CEF0C6F37AA0A73C4, 61E598A8C6D17B639F9E27AF55DD00F3
+ 11: C3DB1B2B6CCC9170B9C05F, 966871DDD6E110711FB9DD733B6B2B3A
+ 12: E4F22383C75BC0FB0E59C5E8, 971536AF878F4EED68F59046C928EAC8
+ 13: 2FBFB99AABC6209FB8664916DD, 68D0BF2144AD1ADECC4074DAE58540C2
+ 14: 5FEEDFD09BF89719A34CDCCD2AAA, 64DEB7D5E6891103AA54C0EB366715D0
+ 15: E063A076E0C770FB010D26C3AC3EB5, 0CA321B2A7448FEEF84D4E0AD5BA2DA4
+ 16: AFB0DB9959F0906BD346C2D81DC5412C, 425627895E2C4C9546D3227975585459
+ 17: 79179C0D4D6C5E0741DD4CA1E8CF28C75C, D0188A344A1CEE52272FE6368DB0FB75
+ 18: 8A75521139B0DE3C08C9EAEB77D8018A39FE, 47FCC200D8A384320D2F1A5E803A9991
+ 19: 0399381D0A975AE3980A9FB75B991C055AF367, 034915370AF94B96A8A4E50FF9B134CC
+ 20: 8C189094DB13FBE62EA5C4A53C29A428ED587BA2, 99C58F838423033298897841ED526347
+ 21: D91F5144B525AF5D47EF4D5F0AF9915447A55927F9, F6750BF7E089515D35B47BC1C65E2E3A
+ 22: A4E26B554AA277057A5FE3FA08A6138CEEC6D69BB1D8, 7BBEBF52D8251108C7AA1025E213EC44
+ 23: 5C1A8C3A46FCA90D73675706313CADFBB90A535A4B3D5A, E35244A2633478BBDAFCC81161F28B80
+ 24: D69F7264FC594057B89181B83582D799AE54E9EE4FE8AD48, D4B29E5C25F9477D9345526DBDE9372A
+ 25: AFD322D0AC4AF38D5B9CBE0DFE85618C001A7A77CD8FFFCB3E, AD06BB9C59D23D258D6A2AEDD946AA20
+ 26: 179CA8395CD8E75B4E5EA07D25C8036AF08B1A1C330492523D36, E3704C4341A834C087500E332B7DEAE9
+ 27: B9178EF7774684F43F1FCE99A4319B5A4D167B0A848551F562CD7C, 5D5082FB02B9B494D5883DF49DB3B84B
+ 28: 830FCD15A09EC61245D7DA258E308E76D3B542F2345DBFC11AE983A3, F50C3332F8D91911BDACCFE228565E5C
+ 29: 179619B8C7EE9B3121405BBED2AC102A027E6C97EAEDB5ECFEB13792EF, 859EBA3BADCE6E5AB271A261B26DE28C
+ 30: 14264C7E0A154119BF24B7FCF434E81440D42D54738F0BAE55836849AB85, 0B6C9B9CADB1B6EC71CEA090C8C72834
+ 31: 0D7A316F8B873F62CF26CFC569179AB11CBF09D3467936A85ADC265B2C9A8F, 866AE7C51EC2D9DEB32748A1C8B61143
+ 32: F8FD1F967CD3632805AD7FA8ECB40F530927DD5C49D31FDBAE49738E2315905D, 9CB1CB84A727C9F42555EB566E0A1DEE
+
+GCM-safer+ (16 byte key)
+  0: , F769B436C7FB7C0C822E24BB2B2555D3
+  1: CA, B156298625F5634FA012B23044437807
+  2: 4960, A64C73E890F3D77B2C3B3C76C2D913C6
+  3: DBBB8D, 686651A017F89A22F9FE96533C85C52C
+  4: 150AD99A, 177F7DE9E897DACCAB7EACEE3CDE7601
+  5: 077055065F, 48B4309C76CAC37BDF11842311BA6CD3
+  6: B2F8CE062C06, ED04DF96C06959524956E8AC5C338457
+  7: DCE718211410D8, 3F8D8180BDEAC2F018EA81615177CC8F
+  8: 0F71E2772402AC83, 2130481B2CA7B4B4C8F3EE73B3B3C28F
+  9: B69030734E5ADF753C, 8CC4B62BFBC3EA56CCDBF0ED318C784D
+ 10: 6B8A91ABC1BF2F2D0176, 86EAAD80D148A48086987A40A5631DEF
+ 11: 44AD00799EC8E62E34D6A1, 016830D58F06F75E54531B45D9E785F9
+ 12: 0C4B9381D78E0F0A78B3CEAA, 4A79C58DAB131A22F172F9177DC4158B
+ 13: 2C56D4625876524B4D8D5F079B, 7B407F704225B25F1F136C984E564147
+ 14: 36424D69BACC56407D345B3D7B4D, EB126C255A2DCFD32F69DD5CB61876C7
+ 15: FDD3E091C0420D1A4D4A848757FCC2, D319C5C07134D67BA42A4BF312CD874D
+ 16: EFAF6F117EA9A4B4B83052BBF5A07DB9, BB09D473FE82257146E7ABC2EFF6F631
+ 17: 19B71383C414BAC3EF252FFF09F5ACD777, 526DC9AE6895ED33A34A9A4ADB07E1B6
+ 18: 9AB6DFDB930D26E00B3D98DD5AD014E08756, D70B95B20C106A5A03F9B803D2CAC3A0
+ 19: EEB3C236C3031DE4C3F94BD746677AE84B271D, 9483BBCBBFDBA1CC5F6392DABA2ACC19
+ 20: 3A0EBC7536F8717E8FDAFEDAC39E8F1F43C0627A, 3DA7DC2475466CEDF01EB543870A74FA
+ 21: 79D28D2F149E1D97E910342DF383FCEECF5AFD4C6A, 2364F33BCF6F07E381F7E26DAF802D83
+ 22: F1D7C319BAFB740332CA19AB0C9B71728D3AE69BFAC2, 3D4AEE9780A5C98CBC69606CDDDB31F8
+ 23: 1A0D80381A186673FB7B52C40AB6C46A11AB0889333C20, AF5C17E3D0D9724EDC1FC438A16B4EBB
+ 24: 5E503440B22DD6AE6401BA4355C8791BACC598C9E0F1412E, 156D8221BD61F5C108FC18FB2F50D159
+ 25: 7784EFDC6F0FC56FCADAFF17BB52DEB35B64FA19C3F391BDFD, A291E8238EF158A2379692077F70E8D0
+ 26: 184B6E18032D1A70CE5027912E447C357C72EEF7B20EF0FB256C, 0FA0138FB9480E0C4C237BF5D6099777
+ 27: 7AC8FCB64F35B71C5ED0CCD776B1FF76CE352EB57244085ED34FE8, D995B3C1350CC777878108640C1CADAE
+ 28: 86C7A01FB2262A8E37FF38CC99BF3EFAEB8B36166D24913BDD3B91DA, 25EC6D9F69168C5FA32C39631B606B55
+ 29: 91F5D3E3FE0B1976E2915B8DA3E785F4D55768FD727AEF19FA1552F506, AF902DED55E386F0FC4210C97DB9446E
+ 30: 7ABF5BD9CB2EFF8382C6D2B28C1B0B25540E434123AC252046BDDA74DA32, 713259EDDA9B1B63EB68E0283D0259DB
+ 31: 5634B23ACEF2874BE0591BE3268C4538698FF2D93D59B39BC86D0137DACBAD, C4054796AFD335B43C60E7E634122BAF
+ 32: F26C68C36B1E56449595EA4E162391E0C6A306592949F69797B6C2327E533ADB, 7B392AF776A94983078814B6B8428BFE
+
+GCM-twofish (16 byte key)
+  0: , 6275E8CA35B36C108AD6D5F84F0CC5A3
+  1: 38, A714210792F9ED12A28F25CAE3B3BC5E
+  2: 8E2F, 6357C1F125723F2244DAF344CDFCD47B
+  3: 900A4C, ED4E0B318346D5B9B646441E946204E9
+  4: 087EAFF8, B871ED95C873F1EFA24EF8B6915F447D
+  5: 63FC9EFBD4, 650D0ED98CBECA07040AB97B97129360
+  6: B6081E94AA19, 6A3BDA8030C5A79B6B9087555A1DA67B
+  7: E10A7B9CBB20C2, 59EB55DFD0A37C55A869834E597373AF
+  8: 94E947FEE05780EE, 354918527F855264E37DB6892E868050
+  9: 9A80C567AA50220862, 814EE57CC9D51D7D900AB4840C4B072F
+ 10: A8741BE1E42BE207C416, 2B28AFD8ABE20664D8BAD7535F82F11A
+ 11: 6AB7E3C68B6682023E8190, 5E48B67541FE83969952394F84D29E93
+ 12: 4F66FB634EB258CEE2955D84, F2632C2135B6E1144673B0EF73499818
+ 13: B29042F3877C2F5E694953C5F6, 03268A30499D57A06AA873EF00160C3C
+ 14: DCC7B5D9F58C88F54A9611389B8D, 5515426FF7CF2EEA91BE2B3752371CE0
+ 15: B665488BCD75FC02A0DF7994B7CF98, B721531E2A317C254FA2ED306ADCF96C
+ 16: 9535DC8A72645E34F948B71A5159AA9B, 5CEED93DE128044F0471C65AA8F21D29
+ 17: 5CBFC61A23D28562FCA929375E5B585327, 3AA842B21631968D1B58B72FEE090EE1
+ 18: 2AC3F780B956A933C0B8565EE527173B8CC8, 16EC4B6D8E2CF3CD0D16E7A5F401C78E
+ 19: 5067FD65870A4EBF6C7FA811A15270E7F8F17D, 9A7563BEDADFA6B6E48F5C13FCEAED6E
+ 20: E3A65A188077E5DC171CFF30BE8B27F10F015166, BD5B3D84D0C1DD51A3909F849141B57F
+ 21: 88D0A65C105823E68BE3987CB205AE0C1A27588FCD, B280221AD0BD83E1D6B37F331F326AB5
+ 22: 7C56D987FEF6807EEFAFD4C7EB9D72AA0E037979D91E, 686E1268A8DC9CD0192A383EA6C2D975
+ 23: B23CCD0A076CB122750B634B9E6551E0585EDEA18C3245, 6DF30A7F0728E2D549AA411AE375E569
+ 24: 767BC3AF206E67C9E27A4D7E814F3B3A65D27BB70BA9DD4D, AB2B16C031FB2C8E85B3B2B38A5CBA4E
+ 25: 9ABF34ABD43705D62F377449461C5DC239A2A86E5A98AFB159, 3DEDEDA85E6BFB53C6F18726CD561604
+ 26: FE756344C05CB12AA0673F1C2069A86556E583FF4B7313A0D395, 21CB0E0BABC3C7E547F5CB207295C0EE
+ 27: B70F16AD19A6B0AF6D8DBF4E98D7D5ADB944D91BD889D9390C3E21, 2AE67812A22C1C785D3BFC184A1C74EA
+ 28: A6389032AA9D08BDBAAA5E230E5130665FB4F0CB868F3F20C4C5438B, ECA054EFA3F39400A587839C4F0605C7
+ 29: A55A41315EAF3A67A0FD0E14C6E04D03A5E38D0F756719F4A0800B290A, 7A5277809D4B65E663603099B4DFFBD8
+ 30: E739633579AA6201A024B9873F28412BB08B08B8616D611BC9D07979BD3A, 390038A93AFD326C5CC1525A24CA91AD
+ 31: ED3266F8B0DAA7C3DB7814427E8139831CFC0EDE668F0DA83FF7090154410D, DE440EC2C6080048BFF3C5455E1BB33F
+ 32: 4D0F751B55DA3A2E0B28DE59E9680669FCB5984E9C0DB942DBAACDDEF0879731, 62F96CFE31D3D6AAA0B9F5130ED1B21B
+
+GCM-noekeon (16 byte key)
+  0: , EB5A8E30D5C16311864E2D8D32859ACB
+  1: 88, EAB88DE1EB7BC784A706B2D7946798D7
+  2: BA1F, DC3CEC6AA324AC7D053EFF7A99AD3069
+  3: 9A1457, 4AB65831DE378DFF71C20249C7BEC05E
+  4: 2F9496D6, 800745CF95EAE3A698EDF9EC949D92B7
+  5: 84153177A2, F6A05B654435ABDF5F696C0E0588CB5C
+  6: F80B7865C766, 2334D0061FD488D15A6AC8E44EA1F4B9
+  7: 872EA486B4EA9D, 3A49671DE347F675AD7904DDF4255F3D
+  8: A4EE5750507FC831, 956D09F7C5FE812C6FB982E1DDBE864A
+  9: B5874AC964FBFC1A97, 90FBC75F45BFF58B3A1100393955D0C2
+ 10: 92FF5FCF1EC675E02E71, 983C96A7BD4A0DB5D3B877911CE8A6B3
+ 11: F7BCA69A9C7033D84A2BA0, D4ECE5BB9FFCBB331A646D9CE8078634
+ 12: 5E1041B4554C8CDD14AAF16D, 1EF777F307CB96788B9120FFF8A8BC2F
+ 13: 7BB7289FCAD209D7992EB7AEDC, E8AEFB830DBAED2B4A790FFEF940A20B
+ 14: 12776A7C937A648F0A8628AD8C5C, F070283852AC030819EA67BF82C719AA
+ 15: 7293476D9E935EAE9DEB66F697F662, D6322603671153A1EC1453CDA5978E15
+ 16: DC12A86C85E7358919BABB15A3BF5FD7, BBBFA467EBA8124DFEC82DB0137D56B9
+ 17: 0CC1DAD00A987F9C57E3660D9417F226E5, BB8AF5A0B5BC79BD11C5D41CA80CDE2C
+ 18: D0049115D6EB5495FB391CDC494022AEAA48, 682FF357B2BC059765C29AE6CA668D0C
+ 19: 48FC54A401B4C06CE8567AD298B672191C7E84, 493A4AF4C2A8828FED8442C4EFF877F6
+ 20: 90779795821CB1B7DBD97028E29DC1CE7D0CFAE0, E126F485F73B6F7B3894B4CF7E1C5DDE
+ 21: 8CA5C246C8B7C04BD7171CAE2D1A892D66302433F8, 5D73149A3635A86B3C34DEA5B95CCBCB
+ 22: DF082B665F7A952B2604C04554B81393FCC7C0B816C8, D3569ED7D431176B286EF22414E4CBA8
+ 23: 761908530C9069E189649ED24B6A68A89B067C31E9868C, A258BCD83D3FBC7AE2AEF7516025AB36
+ 24: 717048F5A31F3C89D3704F90069AC5D5174118770C65BDA1, 067EBF18F7E3DF4EA13F9ABAC682C2A2
+ 25: 08C6FCC5D3099347C3FEBA3858A6C22C51298CB591DDB77827, B57BFBA40BE99DF5031918A1A4E2CA80
+ 26: 2CC53EF7EB954234E64CD4D60FB1D7157A489ABABC10900FFCDB, 236E769611D16EB7F463B7578770F886
+ 27: 2556B46F2E831223D632F2691329A874F517687AF81B8322AC55D7, E213A90DBC31DC261A45A9AE41CFEEC3
+ 28: 71241792728594D69791B80AD6DBC6417D1D14D222DF5E6F834B82C8, 601F97617708B1945BCDA8A82496EFB1
+ 29: 5003DC2EAAA23F9E2221CCBB9E20116692CCC99B3CFBD0DDD3A8491E7C, 3743155B792012845550205C8949B73E
+ 30: D0589675357E850333F854FBA160688F06D122DEC00CC2620DA0B2770765, 20E085752FC4D37791C22501ED1DB6AD
+ 31: 645B46D2D114EE7329F14AC1D94E6817EB385EB80C61F014F90530749079EC, 8A18DE86F9555A1070D0BFEDAC15B14F
+ 32: 068389206D37BF5A41C58075FC98901C3B42E6F2F13C09F4E92524021BB1C1C8, 370B86914D63CFEE8303D538A6BEA0E7
+
+GCM-anubis (16 byte key)
+  0: , A0061C2F3B2295BFA33BC74C037EA8DA
+  1: ED, 9E5648DCE40DE37B56C557D26CB18D83
+  2: 6719, A6605253C59A101FF85C5102CE92BE45
+  3: B8873D, 13F3E3ED3646BB296EE4ED5D6379A21B
+  4: 5AA6E2CB, 1812E8385D15B5BAE043E4E860BEF490
+  5: 4F6F4CD8E9, 8A80BC5E08929C42A5A74C5D9ACC0C6D
+  6: 2F0D8B483CE4, 316F588F78FC6A9196C97CE59B9B63B6
+  7: 82D885FDE1F948, 7160BF556614511F53738A92B5277056
+  8: E4931462AD41B6DC, 7CE24C4D6B499975FCB72B5E2275ED56
+  9: 503AA70BE698BC5B41, 10EA0C61FDBA8FF7B4E9927BCCEFD911
+ 10: 6B2D213D14B5D25EBE36, DC3222AED12EE26D3D14E2E733EDB2A7
+ 11: 7D8B0BC1B7443E7267371E, FCACFC73E391865BE86E041F51C45E81
+ 12: 9EF3BF8609E133BEB10565AF, D84326D4CAC9D5B74FCFD8CBAFE79E77
+ 13: 59AE7B1FDE1178CEE7F63C4894, E1BCFCDCA86CAB9C684F7D21962D580D
+ 14: 564E7B8BAC5582A3BF1178916569, 54804D8DF4D7577EF65C15487695F840
+ 15: 758A6DC437C8821274B0F16F911BAA, 19DD27500915F425F34F67CC2374DC36
+ 16: 0468C94A88A27AEEE2B3A973065E53CC, C743996C6F49363B2F4613F24703EF7E
+ 17: 3B0CABA5EEE44B7BFF0D726ECED54763FF, 14D9D09815BCD91DCCE2F5AE1A9929CF
+ 18: 5B945D83B98C43B0248F9BC0479E332869AB, 67A275F0313D4245B1965411CFCC8F17
+ 19: 97332441CA96DE8553A3C6D898FC6D90C86DBF, 73150EC3D6327E3FC8015A6192652D3B
+ 20: B9A1778FAF9767160D0D87816ECE1B99AA727087, 0C173D3C4078392CE377313C48D2BAE8
+ 21: 5882B73911C7D26EFDCCA3AED2EDC8A8BFFE75B1F8, 8F8C535639A0B59537E590C7FC9D2E53
+ 22: 70AEBED8CCFFF6E5CF06F3E841D12387EF8D6C7B4BDE, 4B00C27FCA9BEB82331CC8EB13DCC580
+ 23: 345CCB52BC20DC5F1BF5EEDF5D72A6C48F402557FFD342, 1A790A39573B853DBB8E2E73B7331014
+ 24: 0637C78A817E91D63CE18CEAF8D65C6107283A90C5A97842, 52786CB81724E12C76A0D23D4680E36B
+ 25: 59526D1E86A473DFB720FF25E97D6571077845F73C5E8322F1, 369FBA7823FC83D727FFD25D10130987
+ 26: 2933BB4E7603C313B62332827601F8189E14C1F08EA547E15AB5, 204520E365DAFF6551B01562A4CEFDFB
+ 27: A4098CF2A48A1DC2BCCE65CCE8DF825AF51E7E5F94B6186FF85D77, 9833EBB9A1D5CD0356E023E2C3761C2B
+ 28: 26557B942FD6913D806672EB01526DBD5D6F532F78AB6759DE3415C5, EDAACDD101BC40EE6530D8B5DC031F31
+ 29: DB92C3D77DF0C8F4C98845AA9AD43FB800192E57A53E083862B7E3FAF0, 628DEB1E345303A40700289052080FF8
+ 30: FC57BFAC2C77781723C2B721886D44ED67A52D9AD827874BC4EEC0A97281, 9A222DBC47B4AB4E520D3CC5850D4DEF
+ 31: 72DFB9E91A78EAFE758B4542206A4A957B4523A58428398C11BCF2AEAE1938, 307D0B876130E82804C1167E03B69B2F
+ 32: 7275C6EBDC2680DFCB73326A987D2FBCE83E40A9AEFE6351CFDA7251A6FE10A6, 895E6EEAA9BD88594903325A063CA45F
+

libtomcrypt/notes/ocb_tv.txt

@@ -0,0 +1,461 @@
+OCB Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/plaintext/key.  The outputs
+are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous
+step repeated sufficiently.  The nonce is fixed throughout.
+
+OCB-aes (16 byte key)
+  0: , 04ADA45E947BC5B6E00F4C8B8053902D
+  1: 07, 987354C062CD6251CAA6D93280EFE9BE
+  2: 1CB7, B9F1620EA8374E1C2D05110878D93069
+  3: B98C59, 3793FB737C2DFB29E73DD1AD8B8F71C7
+  4: 8978F240, 5E25316ED13D3300F2EC12D718A0BA8E
+  5: CB4D261594, EDA252A1A5C7D0A4AB4620F771446DD3
+  6: 30D6B6688D59, 684037DE07832C6FC38CA42BDF2A7D53
+  7: D0583F9741BFA4, 3DF53DFF73431C0245982F4EEEAD432F
+  8: EE3B9596CBEFF520, D283D1B9D990739EA05F4BAE2E96BE4E
+  9: 6570FC25E6103AC125, 90D3F1FA6595B775749FAE7B00A8E5B1
+ 10: F56750C98C370DFDC4A0, 19389A6875FAB432B72D64BCDD6BD26C
+ 11: 3344AE6D9528603CC1E4E1, 87AB6FBC7F919125A7DB0D17D19056B8
+ 12: F3D9D816A727D3E67330C779, 07AC0F3841DFCFEC58A5AAC22270538C
+ 13: 976651E63ABC3B276799BC1FE4, EE603A8C66099AD6FF8667B3F34ABF29
+ 14: A48E3ABC31336C6B717A96170A9B, A9D1B973D84D3125F5F9D7923BA0A8FF
+ 15: F60E9B2A911FAFB0080FAA3ECDEE42, 4902F8AEB7685F7B255ECC45B5B7D3D4
+ 16: 0855DE488940144AF18C65A9966DDB66, A66B3E7A75D394273AC196FFD062F9DD
+ 17: 172DC1740F75AB2A27B2B80895961A69AB, D6986BB95F7E4137430CAC67F773623B
+ 18: A414234DCCC61B65A79B7C618A6B91ACA410, 6CE32E55E158BC3E51E94116A615F3A2
+ 19: 16A1B16BC0F63D63179901F1CBC772D612C102, 54007EF9822E0E4A4F953838577C76FA
+ 20: 539788EBF85C15B3A638017B4054D71315BFF25F, 9B2511322E16CECD53E3241F3D51EB97
+ 21: 7E74595A3DCFE1EA2C91B67738765463D50A22924A, AC9C9B526251C16F112E769F9FBE74E4
+ 22: A2B61792102B2E44F1DC0E48B40472CE883730504FEB, 76452A49C2524404C8A4B098D6390F98
+ 23: F58174BC06A022AB7D81991E9346F5E4B0AEC535D93473, 47F96374BC094BB2C1A5D1D291806912
+ 24: A3A7713895D178A85D9092EA6138323DC2FF9090D7F01AC5, 3814208FA7009A2934F9A172D029667D
+ 25: 385525DAF9949DCDEB22F7518AF96438E40F7D94933706A9F2, 1249F3DF50084A6D1A76AA350FD85B0B
+ 26: 6838E207D98A5BF8D8E41454CF51663D8F8B76FD26092D45D1D9, 301723D0F49BF8CF37828340B894689C
+ 27: 736413C025A549CB2550E93139DFD5DC3CE241C296C9FE641FF520, BE07259963F251743A85DF51EB1B47FB
+ 28: 7F2CD26367A885BD9E2B515D4E871272AC1BEA1C650B530E5616B2D3, EEB37E8451597E5A53CB49072EDA9346
+ 29: 68F23DCDEF223B60B46E3D724A93BEEF8B110D4394C990AC3D0E34E1B6, 9A60344982F852EFE02CBE9CBBAB60F1
+ 30: 66C5DE3EB27139983D48BED81D0E5FCE6BA1AB402C357062FE989D31C69C, BAFA0A7997A529039F0CE8528E670415
+ 31: D3B9009C1A930EE288C61B0B15C7E92CB73484C345594DC5A3F377147981DB, 1EDAACF7F1F3AC7EA613F94DA4DEF930
+ 32: F7818DF15FE6FBC42A28FDE1D55A2C07EC8D82AA0E7A680DBD3CF26C13448F9B, 67FEB344108008A88067E92B210766D5
+
+OCB-blowfish (8 byte key)
+  0: , 07B7752047F9E0AE
+  1: CE, 7D69017C42B06204
+  2: 1D6F, 4DFD4BD58439062F
+  3: 30A011, DB49D988798F8842
+  4: B71C8951, AA3261584B0C20FD
+  5: 06F89957DA, 88BFA80D36427F64
+  6: 45BC4CE5FABD, 4CAF71136ED166A7
+  7: A7405F124D0296, 5D8993CE64FFF0E7
+  8: ECABEFD9E6574E4D, B69349673CF86E41
+  9: F7D26A7E82A34ACC71, AFFDEE843ABEA68A
+ 10: E225C5F0FA1D649F81A3, 03AC1D5DF1323EF8
+ 11: 58722FBFB86C2697061217, CE731D80E6355710
+ 12: E577EB8FA70225C5A18D31DC, 2F08B140F0D3A255
+ 13: 92154A94CD7D42EBADB6CFEE14, DC949170E84D3CA2
+ 14: 5A3C08744FD85CA262D51AC6CD25, E83CE45547403BAD
+ 15: 8B2E4980ABA10A20573A402D89AD12, E3D978611DD831D0
+ 16: 3EDC4A0FA95BD8F944BCE4F252B6470C, 87B54BBEA86A5B5C
+
+OCB-xtea (16 byte key)
+  0: , 56722ECFE6ED1300
+  1: CA, DF53479333DB86AA
+  2: 9529, D0B5A859106FCC9B
+  3: DDBAB2, 3B31FFDA57CF51C8
+  4: 22EB7DD4, 2BB34D04FFF810CB
+  5: 108693761A, 7AFF6F52574A019A
+  6: 391FB7C61E76, 616C5E66297F2CCE
+  7: 3E22E4A4A0BD13, E84C385ABE25C8D8
+  8: 94FA11D5243EE34F, 8F017DE96049D0F9
+  9: DADB6B5D27049240A7, CA69E14047C6BBA7
+ 10: F79C8EA83C69DE914DAC, 1EF042DA68106C64
+ 11: C5B6E04AB8B9491E6A99F8, 143515779A55C972
+ 12: 33F493AB7AE62DADA38C5B24, 531BF7799A778620
+ 13: 6DAA66BF02E66DF8C0B6C1CC24, 6CDF72786C5EC761
+ 14: 4940E22F083A0F3EC01B3D468928, 185EE9CD2D7521AB
+ 15: 5D100BF55708147A9537C7DB6E42A6, 78984C682124E904
+ 16: 744033532DDB372BA4AFADEA1959251E, 438EB9F6B939844C
+
+OCB-rc5 (8 byte key)
+  0: , E7462C3C0C95A73E
+  1: C5, 83CB00E780937259
+  2: 1533, 022FF70566E0BA87
+  3: 57543B, AC4EF15FC83BDF2D
+  4: 01E4474B, BD817C06AC2141E0
+  5: 4CD7E850EE, 7BB6B3BDA5373422
+  6: 489C0CD1502A, 23DD4406F87EB164
+  7: 0CBAAE08E07EFF, 92569C958B722413
+  8: 073612F283F8A6E4, 1DD978D01CE8D1DF
+  9: CDE676B1A3AC98B00E, C033F099E2620668
+ 10: AD3BC88EEEDA40A83685, 36DA44E13C0C8A4D
+ 11: CA60E8B918F73E99986021, 45634CA0E43E4B13
+ 12: 3B3CF82157ECEACAD8658EF5, E681F57616146CC7
+ 13: EBC1A7068346EC1B7EB815A7DC, 2C806D2A909CCAF1
+ 14: 97CDB3EF8276F1E7D6B6677DA2DB, 53F00B9A2E43DE08
+ 15: 44169B3EDAD9506C51A6DA055EF9C2, 5BB6DD996130896B
+ 16: 35EC29065B1FC640015B0F779E7A358A, 867EBD0E86823F09
+
+OCB-rc6 (16 byte key)
+  0: , 27B9E3F544B8F567EEBF98ED5FD55C76
+  1: 92, 219FD2D74D7E3F21AA6C2A507C0A546B
+  2: BECF, 96A656A16FB3C4579E6955D592AECAE1
+  3: 4DDE09, 7D1882879B5D6FD8C151502BD8AB220A
+  4: 0D6B4FCC, E01FBD1ECA2A6A8DC6697A06AB12BDB0
+  5: E5E19C973B, E5A86AADF2F333D5DEDCE410688CC6A4
+  6: 90BA7D2A6965, 80523A2CAB2A7BB2E90B121DE80F46A9
+  7: 6FE258148EC8D0, B7254B11276A77C5F99FE5EC91D81F57
+  8: D887080095DF8817, F3FB938068A01EF89DE0F1226C544362
+  9: D9823313289D597614, A547764EF20BD4B4B303882B64FAF2C5
+ 10: FF68942112CF01701E86, 94F3860D4438428EE296CEACB3EB67F5
+ 11: FFD390D3E0B64F64D3192F, 99D2E424C67EBACCD4E2EB9A0CDB8CDD
+ 12: 3162235748BDDECC84FC8C94, BDD400A58AF59100A731DD5B4386444E
+ 13: D2A0EC8B1F20672289F7236C56, B245CF42644BDAC5F077143AF2A57BA7
+ 14: 830929B2850E22F6C1BA2027248C, B6B522F7D6BA3CFFA92D093B383542FE
+ 15: 2A5FCCCCF43F845AA77750D3BC6B1E, 53A0A0882C7844636900509921661FCA
+ 16: 8480234796F9EAC313140CE014B0265C, 0656CA8D851B53FD5C1AAC303B264E43
+ 17: F011A67C22F16A42CEA5E493CB766964AA, 830B8158B7A96224A53FB7F3A08CD128
+ 18: F76274A730A608C2AB37497A049C3699882E, 4DC4DD4DF39D0E68D6169F9DC7F4A6D5
+ 19: 7B38DD237DE552A72E4369A81C30AFEA5E5063, 01A62CBD30153702A5B29FB2A1683899
+ 20: 58EB866F1FCB060ACC821D776AAC4AD9E87C326A, 25AFB8FC48605E1396EA8471F55C1294
+ 21: A25F2C0FAD66B3580627498EC66C994B49C5445911, 0182A951D9A3DA53675612DE8EED1FB9
+ 22: 8813977F092F07F251A1497C898967F3F98F5CB878CB, 80BC353E310880A83DD4DE4FE96AB6F0
+ 23: 52DC8B76F5A6F78D51FB7DB51048E2663563335EC876A5, DC3689AA079C04C19D83646B272F9DEC
+ 24: 965437D3FDF91784B63C73C8CD001BD9372167963DF36B89, 9FF84E2845E3C1E3E6711D1646B18F21
+ 25: ADD40F674BD56FFC8F9B4047FAAD2471F0A48F4544C894F806, 9D684F74F9734F1C497E33D96A27E00C
+ 26: 7B049B688839BC62785082397DEC7AA94B837D094AECA4B14571, EE711DF1C15B5C9E36B6E38B6F7152D2
+ 27: DD4681F9C498A3CF69A9AC876E02BD9CDC4FB1F6798F772013B62D, C5A50676EFAA2A56CBDBE55CFED3050D
+ 28: 471B5E89A1337E75E88AFBAACA1C011790F1657425483229E55C34EE, 20F73F2AC452FFEA423BE2EBDF33CFA1
+ 29: 71812C83DE34DB329C8DCD98890AFB1F7719E890DAE5CEB7AC9668CAD0, 6FAA03E10C6FB67D425C683C6D85FD76
+ 30: 4BC2DB33786CFD29B5CA5B804454169906138E90E29E7BE9197971027AF7, 75053C433EF5572A70C58EEC96F56C53
+ 31: 5E3A0AB41264AB65365458ED3B7E6A25827E50075A9E347F1622ED0723E229, C8F1ECD19AD5FC970CF0D31BF46B0F2B
+ 32: 2E48DEE4B379CD59F5367D17DC397C1BFD53B8C4CE46A8202518614076174EB6, EFCE758ECCB6BE875D16B7E03A498D31
+
+OCB-safer+ (16 byte key)
+  0: , 88618DEF98FE588E23107E9A5D89C26B
+  1: 39, 2B01B202E751F957E331ECD1CEDE3456
+  2: 13CB, 17071E5AFD5D8CE953A73F49412BE8C4
+  3: DC4428, 4B0B1881C2540FF92E7DE63C479A7750
+  4: 120382B0, 0BB11D57B5BD9D846CF31033CD4CCB92
+  5: 97F332F95B, 335E0424D0A820F60DBB968B8B5AA057
+  6: 3C7AAE72037B, C8034C2C76C1CCD7C1B3F36DD8907E1D
+  7: 8A99E4A1B89B6D, 06A8165DFADF1EA5ABD89E574422DF7F
+  8: 676587065F0342B8, 93ADE63994DF2189079234DC204BF92B
+  9: 8EC394CBC6877B245A, 1A89F0AB0B44BC708EBD9DE489E2EEB8
+ 10: 5FB5366E5CAE4DB72411, 5CA5881A5805D53ACA4904A5EEC01550
+ 11: 72A1994028F09ED6A4E45C, 0FFC0052996CE45DF4A28F7A6E9CFEA6
+ 12: 1D5EF20F52A9B72386D1A601, A697DF1179628DE1120D5E8D9F39DA6E
+ 13: 79BD002AA59D74F125AD9E32DE, 2F02CB6F70BF57BBA0DF100DE503F633
+ 14: 442C6F9016DF4C090056258756A9, 58C6FD3180B9B74459D70B5684BE3F4C
+ 15: 4FC5543D9A892B44ED04EE8B25E232, B8B858B3D3EB4B26E867E429F88A56B4
+ 16: F06E7503167C2210AB332259BAFD6AB4, 73CE2589D1DF34CA3DC2B14CC9FA6276
+ 17: BCCC260BD4823B64090FB33E6816F9C330, 81ABBDC83B2544907840FEB5AF4479EC
+ 18: 450C1105B76F960D1A5F33D7F9D37DAE20C3, C41DDC8980E88E3986D9C84857BBE1E7
+ 19: C9F36EF3A990E0554EDB59E6788F8E9BF1DBC7, 90DD543E148D9A0B79A8B376C5509E09
+ 20: 3666FEEA98A4FC434EDB7517E7FCEE2320C69BCB, 99F11B360DDB3A15C42110831CCBF21C
+ 21: 126F39C19D1E0B87F1180F6589A75712B66209E2CE, B4D268FB8EF5C048CA9A35337D57828A
+ 22: C1B6D14EE8B6D0A653BFCC295D5F94E6BCA09E181D8A, 4B4883B614D5CC412B53ED4203EA93B7
+ 23: D1F2A10F1A9DAB738C61CD0EF66FE5F6D1DA95DC671128, 3F1EFDA55EFEF1A0B24708E132BC4D25
+ 24: 9D457216C584F43DBA1DD55C54822A8B6A86D22DBFFA14D4, 53402970B128E98A5F0D62476A38F959
+ 25: 012828614B5D67C9A1EE24A1EBCD322FE9C8BE0C3F20A53714, 2BFF288D90DBDC638084F80F3F7AADF3
+ 26: B1904AECF599F6C74557475E409E75E646271DEDEC7A830260DB, BF119BDBDA27773E038B7067D2B0EECD
+ 27: ED831771C4346FC19435354AE29F7A9436D6E8D4D42CFF26207DBD, C3F029FC8AE690E84FBD0EF806B801F3
+ 28: E051B958601223FECEADF932A277BCF18C25025AE4DA791155B85035, EB75E56BE7856F1B5ED3D125C092D38A
+ 29: AB3449537C5E22125BC32D483F74C3A3DBDBD5232839A85D300F65B4FD, 851B0FBABD080F783BDE4F47ADCD6D76
+ 30: 4E68550837130652795A8C9D68530717D2B0AA5A17F3AEF92FFB502E46AC, 10E222706527A64E757EDE4B9EFC09DD
+ 31: C2D7033DA7A1857D79497EA6C64779EB969046CCEE6C74E6592FEE6E7C94C4, 2015674ECA80AC9B67AE854E18A7D56E
+ 32: 2F3F0374DDC24AE21F02D4DA74D46C71F0CD2269A68F32F7FAA0BAB64AA8E9BC, 737C8BA1677A8CE97D42FBB07530EE99
+
+OCB-twofish (16 byte key)
+  0: , 2CD8EF22E5457C7FE4016B0FB82FD204
+  1: 64, EB7BB60E4932C0E97A7A5906BD044ACF
+  2: 3A59, E3D2024241666369BB542ED096F20C71
+  3: 67C038, 7E6F1EB3F2088F6416BB675DCAC0D484
+  4: BB36BF02, BDEEEF07EBB7A50A5201C8A2D72C0036
+  5: 6F06C0E293, C63557681D84ACCFFBFEE87D82EF1D3C
+  6: 2015F94CC5AA, EF1DEAD4134D2A1A47A20F26FAA3554D
+  7: A5F8CDD07964B0, 672B74D88C8AA7567C6AC4A896E0F6D1
+  8: 5EFC9D8C3B9E7F3F, DB9160C53AD429D4C22BC0E2E6C509C5
+  9: B62CB80F75594BC54F, 20020A798FF59F0472E750C796B5CC94
+ 10: 970983B0F889760EEEF0, 360AE43CEBCC27755548D4984CEEA10C
+ 11: 75C3A8CCB30A94CD57D1F8, 79820F3B1625E216B5BC1D1A22B198F9
+ 12: 033DA41CCBFE3C6897230FCE, CFE3EDD11627270CD63916508B058B7A
+ 13: 15358032F30043A66F49D3F76A, 98B8056A7991D5EF498E7C09DAC7B25D
+ 14: 71FBA7D6C2C8DC4A0E2773766F26, 22BA0ECEF19532554335D8F1A1C7DEFC
+ 15: BD761CD92C6F9FB651B38555CDFDC7, 8E3C7E1D8C4702B85C6FCD04184739E4
+ 16: EB6D310E2B7F84C24872EC48BFAA6BD7, 12DE548D982A122716CEDF5B5D2176D9
+ 17: 8DDF6CE25A67B409D3FB42A25C3AA7A842, 3E9FA2C6C65341A8E1101C15E1BBD936
+ 18: 5563DFC29B750FBC647E427C5480B65846DB, 90881C6820901BD41F7B3C2DF529B8A9
+ 19: 93343C1E9624321C2A0A155BA8B4E66FD92BE2, 71A641DDCD49825E10880D54BEF30E91
+ 20: C256BCA0CF0ACCEEC1AA4B9372AF27D2C3C65AFC, 91D45C4DA49BBAD1809A11F4041C7D09
+ 21: 3DE69FDB72C93518A3E317F7B26C425EE3DD42DA7E, 85E37B3E8EC3AF476DB7819D739D07D5
+ 22: 676AC7885C7C8FBE9862242FCCC46C181440EE49AE59, BCDB42B53AC4FDDF9C3BF8849AB96EEC
+ 23: D71B98B88F46CC47D90BB931564CDF0157F0ABCB5E6954, 289CD5799D9E49F36D70F67726A59610
+ 24: 669C16DB9DC175200C08476832155DAA52F1F8969DF3B79A, 835B210EBBE5C9D34C2E052E1843C1F8
+ 25: 2F39346E14A34BBED0491929CD9F1FB3CEC412C25AB703372A, DC4B42E8BA676BA100B87BEE328C5229
+ 26: 1FD0F8BD0AC95E91881635EB0CF0E4FB099CBB214CE556422E2D, 898CEB3CA8FCA565CE5B01EF932FD391
+ 27: 7FBD32B3D88B7E002BA6055585B5D0E1CC648315A81CFECA363CC8, 804820B1E3813D244164F778B9C2A8C8
+ 28: 877A5F336A1D33AB94751A33E285C21666F0D8F103AC1187FC205372, AF9F0AC165EAFCEE8C2A831608F166B4
+ 29: ECCA297705B0395E71B9E4263343D486B29207DA188C2F1BA626EDBF46, A05DC873406B236E4DDBC038DC4D2627
+ 30: FF3BD8D4E1108E98FBAE2E28BC12819CD7956BC491C0B3A291FBEE739599, 68DFE58473BA2818A23095D1D6EC065C
+ 31: F175230606040ADACEBAFE4D58BBD140B2D45E8BF7E5C904510B58E4B53D3F, DAF579E1A12481D39F4DCFB7C28794B1
+ 32: 261388D491EF1CB92C261FD9B91CAD5B95440DE0A747144EB8697699F600801D, 749056EBEAF4F20CD8746AA8C8846C47
+
+OCB-safer-k64 (8 byte key)
+  0: , 0EDD2A1AB692AA7A
+  1: 3E, 306F814F3C2C109E
+  2: 0593, 063D19B734C34715
+  3: CA72C6, DF6DAAFAD91BE697
+  4: 08924AEE, 15095FA49E789483
+  5: 359908A6CD, 16CB7F0741BA4091
+  6: 97F3BD820CF4, A59DB15B67B95EE8
+  7: 0A267201AC039E, B4FFC31DBCD8284A
+  8: 9F6ACD9705C9ECC5, 6B41A938F0B1CAEB
+  9: F355D5A937DD1582C2, 9D1F932E521CB955
+ 10: ED39758CAF89E7932E48, 398EF517015F118F
+ 11: D8ACF19363A0E0ADC9321B, F98B2A30217766AA
+ 12: F8F54A8202B0F281ED610F33, 36EF7FA4A20E04B7
+ 13: 0F8677DF64B5982DB6E2299140, 4DED2DA806834C81
+ 14: 0C357A9DC321C93B3872881503B0, 7814D1C0C6A8900A
+ 15: 10B6B1A261C3015A18110AD200A7B6, 9A814D6D2BAD850C
+ 16: AA9EA9D1BA7818C0D2EBF23781A5467D, 236A24FC98826702
+
+OCB-safer-sk64 (8 byte key)
+  0: , 76F16BDCE55B3E23
+  1: 63, F34B0B471F6F8F75
+  2: 8651, D7EFE17943D35193
+  3: D45504, 263224E50E7E9E75
+  4: 57B414C3, A553D6CABCA0F285
+  5: 4976E3B303, AC5E9969F739EBD9
+  6: F10AB8EB94E0, 8301FFE68848D46D
+  7: 6E954593AC427D, C1CF93BBC0F92644
+  8: F48F44441B898C0F, 698FFAED1A95E8E4
+  9: 1DC60156D62782E3D0, 6AFF0DCC65D4C933
+ 10: 71920ADC8997CB8B3A72, 1C101C6A27CFBBBD
+ 11: 890ED7492ED914AC20391B, F66DCD6205D945C6
+ 12: 1B9FAB84A8748BAC187C7393, B450757FCAFAAD52
+ 13: B4C89E1BB280DBC265E43ACE15, AE6BB3D2E6A371FF
+ 14: 24B0C28944BDF22048E2E86644F5, 84E93E2191CEF17A
+ 15: 8F2D5694D55EE235168AAA735943AF, 514252AEF2F2A2D9
+ 16: 568B7E31FFDA726718E40397CFC8DCC6, 3C80BA7FCA9E419E
+
+OCB-safer-k128 (16 byte key)
+  0: , 4919F68F6BC44ABC
+  1: 65, C6785F7BE4DE54D3
+  2: E1B0, C197C93B63F58355
+  3: BB7247, DFE092EF8184443B
+  4: 38C2D022, 943FD999227C5596
+  5: D71E4FD0ED, 51040FE9A01EA901
+  6: C4B211EADC2A, 329429BE3366F22F
+  7: 426DEB3FC3A4BC, CF1C976F6A19CE88
+  8: A6F813C09CE84800, 98D9FF427B3BD571
+  9: 4D1A9948FD157814B4, 5A389FAEEB85B8C6
+ 10: EC3EA142C3F07F5A9EEB, 31E26E13F032A48F
+ 11: A75FB14365D1533CD3FBE7, 8EF01ACC568C0591
+ 12: 891582B5853DD546FF3EA071, E013CFFE43219C21
+ 13: 54CA848C49DCDEE076780F21F4, 298EFC7B4D6B6CFE
+ 14: EA7611C69A60F1A2EF71D6A7762D, 7D9AA51CFCEC8101
+ 15: B2D1A211BC524B965A084BB4B21710, 7B2AC0EEB5216892
+ 16: 5E81F1BFA270E804A488C9BFAB75811D, A67F627CE1E37851
+
+OCB-safer-sk128 (16 byte key)
+  0: , E523C6DBB3CA178D
+  1: 5E, B1CB7EBE5780DF98
+  2: F4D8, 8036235F2BE7A817
+  3: 4FE268, 123320394EAC24F6
+  4: A5BA02B4, B8276B5E027D45DA
+  5: 1571859CCC, 29406C5F2DF2CFC4
+  6: CA1E47447B95, 5D4FAF8FD5341791
+  7: 8710DB37022D96, E10040FEA9AEA9C2
+  8: 205990DC9A34DA3C, AE25CB49AA7A697B
+  9: 757AFCB3191DC811C3, AA8CADA8638D6118
+ 10: 6994F8C153522361BB92, 1BCEE09E928EB18B
+ 11: A86FA0CDD051BB60AF5AA8, 50A38F8E9889354D
+ 12: 8D3FD3EB7FF2269AACFD24BA, CB51CF84CEFC45F0
+ 13: 03D2A313925D9490FC5547F95F, A1FF9D72E11C420B
+ 14: D77C0F0F600FE92F14F479FA457C, 1EBE1B4B9685EDFA
+ 15: 0CAF0A8BEB864E26058C7DF8EBA0EB, 1B153DDAE807561F
+ 16: 113D12716DFE0596A2F30C875EC6BA0E, C61F5AC0245154A6
+
+OCB-rc2 (8 byte key)
+  0: , 1A073F25FF5690BE
+  1: F4, 3D3221E92E40F634
+  2: 2C76, C22C20B7231A0DB9
+  3: C647CB, 3E6348D996399629
+  4: 2021891A, 8EF76B24E9D55FDA
+  5: 1966CBCBBF, 310D24024D573E8D
+  6: 42C15AC9AAF0, 217E83C0CDE4F077
+  7: AB70F3F73DF0B6, 16AB2679D96A591B
+  8: B7C7DD845D7E76DD, F33065EA531545CA
+  9: 468CC16A37CF63EA73, 88879733F70AE3D3
+ 10: 4F769E25A7346E22A932, 26E1A92FEDEE0597
+ 11: 304A8B53B1CD24C6C27C17, 48B46E9F091B0B2E
+ 12: 4E3DF867FEFF0B8E06D5FA70, 53BB48BFB8AB4750
+ 13: 2BAB3F0A8C38A3BD3C49DBBA5A, 52303CADCBB6D312
+ 14: 3D04A29924589AAEF93A29003EE7, 120EF9364B83748F
+ 15: 486127A80E4EC599C461451CF1D79B, 2245D51599CAD629
+ 16: AF8FB3FD2DB343F1AFF564FCBEA58785, 805BF441E660B0B0
+
+OCB-des (8 byte key)
+  0: , 8A65BD7DE54082AD
+  1: A8, 3A83897CC8EC7CF6
+  2: 9256, DC66C39C7DD87D93
+  3: C145A0, 45967F3764F62F48
+  4: CD314BAB, EF38B0213259C3D4
+  5: 7074014741, 6748F4BAF06DD7BD
+  6: 9A874CAE01F1, E382DB7235624104
+  7: DFA0D86DC4CA84, 627ABB432E50455E
+  8: 685C2B2CBDD8D144, D166082E085063BA
+  9: 53515DAAC7F7B8CE1D, 6680B6C26E1B0994
+ 10: 2B3967812BF4155A8D36, AFED7F38AFEFC543
+ 11: F4E5AC3CC5913B8A7F35FB, 6181DD3C46A6C24F
+ 12: F3EC89AD4235287D53715A81, 12CC354833FE5BD8
+ 13: 66D554AC2CA85C079F051B8459, 097F31088CFBA239
+ 14: 8746061C26D72771A7586949A3E4, 6CEF3565D0E45C6B
+ 15: FB3BCC650B29F418930A467EA4FB73, 64D12723E100F08B
+ 16: DE1C27E9B3C391AF5DF403291F2C084A, 6BADE4638AE46BE2
+
+OCB-3des (24 byte key)
+  0: , 9CB7074F93CD37DD
+  1: 4D, 51541A838A154E0B
+  2: 5C77, 60E86F2F1F4C6F96
+  3: B3D2F0, 7D74A9E6A061457D
+  4: B3556075, EAF7A89A07453460
+  5: 1B61CE7230, F90D18620E1AB877
+  6: 3987FEC8D0D7, B5EF04DEE2E528F9
+  7: EBD0A7EBEEFF3B, A72CA24DD77A5DDA
+  8: 429FB38DDABF76D4, D0578484C37227C8
+  9: F8DF28BF5C4CD28B1B, 5E7C4DC8E694E3B4
+ 10: 2BF436BBE063F7E830C2, 8D919637C973C71B
+ 11: ED21656C8878319F1B7D29, 8813280C1277DF26
+ 12: F45F90980D38EDF5D0FEC926, F9619341E273A31F
+ 13: 52F2D3CACC294B141B35D73BBF, 7BBC3F1A0D38F61F
+ 14: 2E6DA0FB55962F79B8E890E8DD8D, 8060799DCAB802E4
+ 15: D6F9A6B2420174C499F9FE91178784, D3AAF969ED2F7215
+ 16: 4F1CF285B8748C4F8F4D201C06B343CA, 203A2692C077F1B5
+
+OCB-cast5 (8 byte key)
+  0: , 77E8002236021687
+  1: 52, D57DF1037B6A799D
+  2: 31C9, 7E781759B057D695
+  3: 5C8324, 56965D6CB2C97C0C
+  4: 17D99099, 7C52B5D09475F5D3
+  5: 400082C475, 3CA5CDB9B4A0FAE9
+  6: 4DF0E4000C24, DCFEE2C3384F9731
+  7: 10004C3CE32255, 0A6832F985F61658
+  8: FFA6EA76B346893C, 6202693B153254D6
+  9: E96378C94D246AB51C, 5B259FEB715B9159
+ 10: A9BED2D59A92D3D9418A, 1E7E066C098A023D
+ 11: 4EF144B7D4622BAD4DC840, 5DAB2C1D0DF56B08
+ 12: 6DBCDF56E57CE47DD3D0CF44, 2A24F2A224368F55
+ 13: 43241A0AD933635D7C8EAD47DC, 86B4B5AC22177F19
+ 14: 920D6BDBE073F3C75052420C883D, 10943DBB23BD894D
+ 15: B2C75DF024269833B039CAB19EC865, 84B7DBB425E45855
+ 16: 6A9424B6A873BB7155C01DC87E23EC52, 82C5047655952B01
+
+OCB-noekeon (16 byte key)
+  0: , 72751E743D0B7A07EFB23444F1492DDC
+  1: 61, 41BDE9478A47B2B612A23752B5A42915
+  2: F4EB, 90EF542D89F867CDFB1A0807F8AA3CC6
+  3: F5A59B, 1BED873B613096546D4C201347CC3858
+  4: F454610B, FB4035F28AA75221F599668ABBE21782
+  5: 382FC932F1, B40270E2084E8DCEB14C6603D080D7C2
+  6: 18F921441119, 47F1F889B307298150750E81E94AB360
+  7: EF01C70C9D1810, AE0439DBB3825F27CF846B43E4C3AA80
+  8: 89863EDCAD471C3A, F4E8AF73BFC4CB79AECBBB3774DAF8C2
+  9: A6F494092E066A70F6, F73D3B04752B7D913420C17E656C7F86
+ 10: 342459682E0A8D53AF4F, 61E7CF14E9878E0726C64B1E8CA08BFF
+ 11: 65E520D5A99825DE2441D1, 7A2AA740D786EB7015C61B31959E55D9
+ 12: 2F96D0BB72E37DA202410302, 1A313242527FB522289094B9AFDB5F7B
+ 13: 3E8F8A1FCEE3F866EC29128BA0, B8065DA2DABF04129E5AE28ECC11A15B
+ 14: C2C15976D3C2499ACB9454878131, 372CAD486E104098EB1AA78A2922A1BE
+ 15: 1F12CADABAEE80E448B7EDCB42F8FE, 86A38DE5363787F55B16462C684E08DC
+ 16: 3B9ABB3304E75BF5B63E7F5B5A3F3980, 1FBD6B93E457B9779E2D12D78301EFA9
+ 17: DC0CD805E43675A4317452E378AD48AC4C, 40AE4AFA4B3E580EFDB4AD0AF5BC4E4A
+ 18: E9DD52EA7264C6C7BBA39B761B6E87B65687, 4061DD65D5E7FFFE8D3D4261494D4F8C
+ 19: 80A9735CA1175072823828123413CCE772D521, D3378A12E79C49A37378DF527A460AB2
+ 20: 09AD495AFFBF7CB8841262E7E5E8952878D4391A, C25D7A98C6F260B5FBCA3B8B5F7F33C1
+ 21: 3925615707CC40C351D4A49794778545BC1F683175, 97622437A7208383A4A8D276D5551876
+ 22: 5BB0D41ECD7BD2CF0B12A933255D95A3FE35E4C896BB, 4B8AD84EEA3156765A46AC19C68B6F88
+ 23: 1EE71FE23CBFD5683AB1B391FC12B4E5952E4E6AA3D189, B0FD75996F28E071EB6C86BD7102BAA5
+ 24: 0AA3D8C98AADEEE1867B13B017DD263BD16E960DA64FD071, 5204780963A62C2F4F7B3555BFF73836
+ 25: 3A88B6F2AE321B226DA90B98E04A6A1589411BEDBE994632D5, 5638AF04EACF1EB986AC0702B4373A22
+ 26: C2731661AC634A4DC0345F040DA7AEE507A3B9D019B5958543BA, 4C67D3FE37ABEE928B3BB812E7346823
+ 27: D3E7651AA6DA035D05D599EFB806E8FD45177224593B5974758419, 5814E84258E1B9BD56A188AAE6F25138
+ 28: 17818E7102B8C123230C5D64F18BE94C3159B85C8F7B64A7D4712CDA, FAA905B587A93DCF600BA8589A985432
+ 29: BCA4335C6C29D978032C216114D39C01C6F161BF69D5A1CE55FBA8C575, BE24424A162E43A19755E2EFD274DBED
+ 30: 24C33CEE022F8A633DE9DFD009F535B52BCF64F390D2375E5BED65B70D08, 138F21D54B6B7E34628397DCDE0D33BF
+ 31: 838FE950C8165ADBBD6B61E9732F9A727CA7AE74376981382F0C531C331915, 0742E769CCBA2D1CAC7CAD4E0F012810
+ 32: 57CD778DAD477271794FBF763662D97F8A10B17D70A69FDCB974FFE67E558519, 942C7D1C200C3845748F8131DF71AE26
+
+OCB-skipjack (10 byte key)
+  0: , 90EAAB5131AEB43B
+  1: 2F, 6274B82063314006
+  2: DAF6, 6A6BCCE84FD4EF02
+  3: 5C2A88, C83D54C562A62852
+  4: B6E8FB5E, C44459EF41C8F296
+  5: 6C0888C119, 269DD7657BD0225F
+  6: 1FD9AD7ECCC3, 3CA090F46B107839
+  7: 1EDBFF8AE458A3, 440380BF9745132B
+  8: 04DBECC1F31F9F96, 2653620A4877B0E6
+  9: 908AE5648AF988A896, 00180FF33C1DD249
+ 10: 53E63E0C297C1FC7859B, 36616209504C4230
+ 11: 407BE16144187B4BEBD3A3, 4754B7DD4DB2927B
+ 12: 9961D87CFEDDF9CC22F2C806, 5947FC41E6B9CEC9
+ 13: 9F5254962E4D210ED8AC301252, 97A392BEAF9B3B04
+ 14: 379FDA76ECCFDAAC10F67FBF624C, 1D895ABD932BD5EC
+ 15: 1D5A7AD556FF3078284BB21A536DAA, 01FAE2F4936ED9D2
+ 16: 4B8B71396924880CB33EA6EC6593F969, A0F4B1BE3B9B4CCE
+
+OCB-anubis (16 byte key)
+  0: , D22ACF880B297DB0513DFAF0D2DF57D9
+  1: 59, 210A179469D6568AB9470C760415574E
+  2: AFA5, 1223F9CD160ABE2F257164C6E5533C87
+  3: 969BEC, A57EC767543CA2ADBA4F5A7423ECA78A
+  4: CF8B31F1, 13B5BF9CD87CE15CE696F3AF1B082650
+  5: 9B22DF3852, 4937FDDA0AFDDA04CCD53CCBB0A82745
+  6: E11719B2F0F8, 6847931DBF0223F5CEF66AE3F4DFCF9B
+  7: 5A85E0F6DD2266, A1A0AF45A68A681CC396615FE1E1DFB5
+  8: 7F2DFCC65ED86976, 13614A3C6E0E08611D8DF8EE5B7D788F
+  9: 1DAF10DFA3F1D53E50, 673632B6DD553BAE90E9E6CC8CDE0FA5
+ 10: AF74FD9671F9C0A9879C, B8B4DD448FE967207227B84E42126D90
+ 11: 49421CED1167A882E26297, 21C8951A1761E4BD13BC85CBD14D30BD
+ 12: BC0BC779B83F07D30CB340DA, FAABD25E14FFD8D468AD6616021F604C
+ 13: 843D7E00F94E61AE950B9AA191, 08933ED5FBDCAF72F788393CD5422D0F
+ 14: 296F15C383C511C36258F528E331, 8BFFADF5655C1864057D69A6706D1739
+ 15: E31D2E80B2DBA4FBFAF52DB0513838, C4CD36821EC631CCBF1F258EE9931288
+ 16: 87F319FE9A48E2D087EDF95563896EE5, 517960488E5A118D150A1573E76C290A
+ 17: 9632B7DC1740BBE0A7AEEFD0F535B5AE8A, 0C24D0950873621D319A928862D3A6AC
+ 18: 359431ED4B3AC537238CAC2F86126972D403, 4A0CED2F4BFA3355C17D6C5DF9FABFAA
+ 19: E15B50172EE8DA9C552D448A5A48BEEAA2F11D, 8166B2A2D3A0745D1055F9F503FD6C03
+ 20: 75842DDC0D5E3BD80225E4BFBD1298421244D7EF, BB957BB2582B67B63978BCFD7A949EDD
+ 21: 3DD69162716D5F3E096E614991CAD7ED8E01F926B8, 40A954F31F5B0A2C5DD220ACED8D2B3E
+ 22: 8A49AC14F59593D5399A10F9346E2FD36F47F64ED419, 4324D408CE7F86370495AF14FBD1A859
+ 23: 6AA8FA353BCAAB4262211D75F13D27BE173526B8BC3CFC, BA3A27D79EC8ECBC5A78CB9FD095B766
+ 24: B918192BB72CFEF980298EEE570460356A4BA1755576FEAA, EB341ECE0A070E769F498600EE4EBF77
+ 25: BEFAE0B77E42A2FD18958D9E43202E8A338562AFF8317461B0, 444C1D6BDC026A01012BB2CEEAD89C2C
+ 26: 07E86D49CFFE6FB08FDF44584033AF321447003D8AD3862C00C9, DA9355A79B224EF662DA65F19BE494A7
+ 27: 911BB223AC6F6E54082FBFEDEC300D73FCAF715CCA35949212B372, 3496160A46A21DCDB5A4C179F159D860
+ 28: ABB563FC803715F59AA35460E98470E2E94E4270455ACEBF4297641B, 899CFE1946A060DE620879B8A7464718
+ 29: 47D98E83B5849CDE19B14ABCF9EA6CA9684AB49A3AB36BD14F328D808C, 6D76CD5EFF6D4AD3B67A56DF1EB42E05
+ 30: C8BF0B71A95884FFB93D64C57E327A4754EC5A1EE26632CF8E0B6B26CBDE, 2B3BE785263B1A400E5893273AFD09AE
+ 31: 9804D668CF2D75CA58C9671F65630E33909269B9511AF9119BE88EBB35F00C, 3DDA028B1A2339CA817DC8D9371E0FF8
+ 32: F6E038A82A09BCD20BAAC7926B2296B78F9CBA9DD12C497C47EA08DBCD8CEA3A, A203FC1E68E21A52E72224891AC10EE2
+
+OCB-khazad (16 byte key)
+  0: , BDEDFF7AA0070063
+  1: 00, 67E951582D66ED93
+  2: 5FED, 09DC8AEAD70673DE
+  3: 26A7CC, CE1436CE1E37D4B0
+  4: 3D2BD063, 574C24395F31511A
+  5: 597F1AFCB1, 6FBBE820C6F26CDB
+  6: 202DAE442DF6, 58CA6E5706C9852D
+  7: 7C20EDA18E9444, AABF0DA252A1BAAD
+  8: DEC02BF76DFD5B77, A0A97446B80EACB6
+  9: 5D7A42F73843F9200E, A1DD603372D124CB
+ 10: 0D4710E454C19B68369E, CC78E9D7EAA6A39F
+ 11: 126694191BF09A29DCF40E, 76C9B84FA3E8913F
+ 12: A94EBB86BD325B4FA1942FA5, 613DE312DB1666F7
+ 13: 4F9462386469EA0EFDC1BFAFE9, 5247244FD4BBAA6F
+ 14: 4EB794DFCF3823BDC38FA5EF3B23, 0C12017B5E058398
+ 15: D870479780CC5B3B13A7A39029A56F, 003D3FCD31D497B5
+ 16: A47BF1218AC86A60F6002CE004AF5E50, B4EC27091D5DCD58
+

libtomcrypt/notes/omac_tv.txt

@@ -0,0 +1,461 @@
+OMAC Tests.  In these tests messages of N bytes long (00,01,02,...,NN-1) are OMAC'ed.  The initial key is
+of the same format (length specified per cipher).  The OMAC key in step N+1 is the OMAC output of
+step N (repeated as required to fill the array).
+
+OMAC-aes (16 byte key)
+  0: 97DD6E5A882CBD564C39AE7D1C5A31AA
+  1: F69346EEB9A76553172FC20E9DB18C63
+  2: 996B17202E2EDEBD63F414DD5E84F3AF
+  3: D00D7DA967A2873589A7496503B3DBAB
+  4: B43C24C0A82DAA12D328395C2ABD7CAE
+  5: 9B902B6663B5FEDC6F9DCE74B35B91F2
+  6: 06A9678C65D7CE225E082ECA31788335
+  7: 7D67866CDB313DF65DED113DB02D6362
+  8: 259E28CF3E578AC47A21A77BA9EA8261
+  9: 32F23C8F93EA301C6D3FE0840CA8DB4B
+ 10: C2B06388AD6F8C43D19FE4F6A8ED21AE
+ 11: FA8622485DB2F62F84FF46E532A1A141
+ 12: F312D9B2E6272578F406B66C79F30A0E
+ 13: 7A5DE06B2BFB75ADA665E96F680AC098
+ 14: C3B00380F0BD8E2F5C9DD9945E0F36EE
+ 15: DDD87974A5FB2E7A4514241E94526B5B
+ 16: AD24FC47A0FEA84C54696DE997A94F4B
+ 17: 7538713D8AA2AE3726307EFF087BBF5E
+ 18: 7619A52B4C34A98440812F5F28F8DC4F
+ 19: 7E797B8846554888622CC5E400B2FA44
+ 20: 61E8DD3E09145F5657DB4B8F7BD2D7D8
+ 21: FDAE2A3FE60DDF1871C2613A293AB6F1
+ 22: A186D6EFD10DFFD2C088480B0A784185
+ 23: 3119D337865618CDA55C06FB992427CF
+ 24: 413E3EAD7E3F169A37C49F9CA92E235E
+ 25: 37A55AF22373B9A1E2F8368B2FB992CA
+ 26: 4941F604C40EEEE1A16CFE073C12D1FE
+ 27: 3E8F4A0876BF12A2DCA87157F15DC884
+ 28: 5DFAE292D8EEB13D8FE5725E5D169742
+ 29: 59160455E0C0B35D950BA67C77F9FB05
+ 30: 5AC0D736A06A7DD146B137ADEE78EE06
+ 31: 0CA1178F28B953045EE76E2E760036CA
+ 32: 025616215F870D1EF838AD1D2AE0C649
+
+OMAC-blowfish (8 byte key)
+  0: 2CFB5DE451FFE8CC
+  1: A5AC339DB44D020C
+  2: A3CE0CF62249444D
+  3: 3076B7129CE3F6A1
+  4: 9E091A637DDF70E3
+  5: 275199AB20A5F09C
+  6: CDEDA8D16A401E62
+  7: FC980516CF5C9E30
+  8: 659D0B31D21B622B
+  9: 8306847B5E72E018
+ 10: 7AD029BBF1D2919F
+ 11: 133181425C6808C9
+ 12: FC5AC60E367F413A
+ 13: E0DF8BCCF0AD01D9
+ 14: AC5015398FA64A85
+ 15: 1F068F22AFFECEE1
+ 16: 8E6831D5370678EF
+
+OMAC-xtea (16 byte key)
+  0: 4A0B6160602E6C69
+  1: 1B797D5E14237F21
+  2: 938300C83B99D0AC
+  3: F989B99B3DE563C6
+  4: F65DEA2A6AD45D1E
+  5: 1DB329F0239E162E
+  6: C0C148C4EE8B4E1F
+  7: D82B387D5DFFE1FB
+  8: 1D027A4493898DF2
+  9: 196369F6B0AF971A
+ 10: 2A37A2655191D10A
+ 11: BD514BE32718EB4A
+ 12: B4DBC978F8EE74ED
+ 13: 8ACCAD35C3D436AE
+ 14: 73ABDC1956630C9B
+ 15: 73410D3D169373CE
+ 16: 23D797B3C7919374
+
+OMAC-rc5 (8 byte key)
+  0: E374E40562C3CB23
+  1: B46D83F69233E236
+  2: 7CB72B1D335F04B0
+  3: 94457CBC97B31328
+  4: 543D0EDFCDCD7C76
+  5: 5164EFA8412EAA5D
+  6: 13CA0717EF95F9A7
+  7: 2AA49A7AA7719700
+  8: C9E7C56125C3D90F
+  9: 2BE3E15FE58648AA
+ 10: 77D0B90372D6D0FD
+ 11: 17408F62ECD62F57
+ 12: 7864EFFA59DC059B
+ 13: 3212E76E25E5DEA8
+ 14: E2424C083CDE5A6A
+ 15: DE86FFDBDA65D138
+ 16: 85482C24D61B8950
+
+OMAC-rc6 (16 byte key)
+  0: E103BD8BA47B7C1C010E1561712E6722
+  1: E51AEECFED3AF40443B3A1C011407736
+  2: FA6506C5ABE03381B045D28D1D828966
+  3: FAC4237FFE7772E2299D3D983BB130DD
+  4: 3A7E24D41121A5D4F96FCECF0C2A4A10
+  5: AA44291E5500C1C8E1A14CB56E4F979A
+  6: 4B8FDA6DA6B3266E39111F403C31754E
+  7: 4DF5F1A1C8EBC7F56D0D12EEB63FF585
+  8: 46A6DDE419355EDE14D31045FCA1BA35
+  9: 71756D4D3DF59578B7F93FD4B5C08187
+ 10: ADA292A19F8636A03A8BC58C26D65B0D
+ 11: 703190DAF17F8D08A67A11FDF0C2A622
+ 12: D2B94CAD1AFC5CD012575964D1425BE6
+ 13: 45FD0069FCA6F72E23E4DB41AA543091
+ 14: 36F652600F5C9F226721400A7199E2BA
+ 15: E8CC6389ECF8EF1DBB90A0FD051B7570
+ 16: 8125446B975DBDA742A903340D6B96C7
+ 17: 00B55E4399EB930E592F507F896BF3DC
+ 18: 33E58F42A47C9543A851D6CA9324FEE0
+ 19: 9F28FDEA3EC7F515128F5D0C0EB684C5
+ 20: AC1DAF6C01AA28BCC0A819189FA949D7
+ 21: D0532B5F54A179444D052A4D2AD6E4F9
+ 22: 58B80A66549404C7B9F64D5AE3F798AB
+ 23: D0D6D586477F92311DDF667E0749D338
+ 24: 0DFC0FAA67FF114398CE94D0688AE146
+ 25: E163B8C00CF5CC9FA23ACACD62B53D64
+ 26: ACE9270456AF9BD388BA72E98825CFE8
+ 27: 4302EED9BAA19C7A296585E23A066A44
+ 28: B3EEABEFAB25C7478419265564715387
+ 29: 9F0630ADE9C74AB2981D63F3B69E85BF
+ 30: 1215A9446A275CCE2714F94F3C213BB7
+ 31: AF43D7F748DE0E3458DB970BAC37E98D
+ 32: BF871AC9E892CE0DCD7C8C7ADDD854C6
+
+OMAC-safer+ (16 byte key)
+  0: A2C8C7FEA5529D01C3FF4E9359EF74F4
+  1: EAB87021118FF24FE79B69ABCCB14A8F
+  2: 789566F467BAA68F4CC3C4B61901D6D4
+  3: 369F41EEAF7D628F9E0D77BE43BFC1D2
+  4: DC46A20E1F36F45006ED5B43BEC20DA6
+  5: 8F150CE34F57BBA2E6CE3431B78E4ACD
+  6: 61CD154478BE20F33B26CD8FC58091A5
+  7: 4E6DAA575CF28F1F48B256262B7D558C
+  8: D21FA4F1859571DB91E92767C5487AA2
+  9: E3D009DC7E71FBBB030B8FF0B544A2C9
+ 10: 094C236EA48ABF7DBAE5A88AA3DE07D7
+ 11: 00C401996F8224359566660AC1CEDAA1
+ 12: D580EC60F712558D875F01643D96653F
+ 13: 8482298027C7B4D5969787A1DB1B1F2F
+ 14: AB726AE3DA95CB242E63EF876A4BC446
+ 15: D668ED4919003F5E45590663FAED41DA
+ 16: E4CFFD7E0E7B176867C386001849FD6F
+ 17: 37B3C6DEFC5573879006D15F982A397C
+ 18: 0AB8847EE6A41A0E960080EF0D1BF1C5
+ 19: 2C94FCA2A685F276A65ED286AE12FD9F
+ 20: 23383032032D7B5165A31ECA156DBD23
+ 21: E1EECFB3D671DF694FFB05AE4305AD4C
+ 22: A0F6CA99B96CD1EDD04C52828C8A4D74
+ 23: 12D6B7053417AF3E407EFD6EE1CC38FE
+ 24: A566D1C39AE7A1A0A77D5A1F56C5FAAB
+ 25: 81C9FAECEAEA326140AFCD569668F669
+ 26: 6A00BF1D0DC893868378E4347CB4A1B9
+ 27: 98842956DBE7AFB1BF49C46497BD54C7
+ 28: 88EFCD5A1644B75BB0B3F5DD338849CE
+ 29: 77EC62C278C61163B1BEC595A11F047A
+ 30: 147424E817DC69413CC657E0CB292F7F
+ 31: A2946CBB910743EF62D8A3C7391B9B9B
+ 32: 00EEDA55520B8A5B88B76487E80EB6E1
+
+OMAC-twofish (16 byte key)
+  0: 0158EB365FCCFDD94EBA6BE42B6659C4
+  1: 17DA580917D147D10CB73DB6800B0E59
+  2: 3F185CC15EF3328D3E075665308C07C8
+  3: 5712A97ACC9D08FE9D2087D0CA16B0AD
+  4: 90425A8CC1C026DDD896FC2131AF654B
+  5: 30A43D4FEAE71F5396308C16DA081B4A
+  6: 6839FEF605704D49F1A379A9E9595E6F
+  7: 56A8F06DFEE543971B351B07430E2026
+  8: 36DD0E4B55C5314F9F2753D7EB6F0849
+  9: 8E319249A3CD456460F410F518F8CEDB
+ 10: 463978BE2A063C22E71DC71520723517
+ 11: 1B735E45FD3DF636E0A6104D4A2E9CB8
+ 12: 628A82213148AD9791153D5AAFBDDFDC
+ 13: 21AFDF08A36ADB6659B656C8EA0800E5
+ 14: E5C3E58803DDBE174E0D4C2B8171AEF0
+ 15: FC6981F2B4359BA05988D61822C0FA88
+ 16: 7B03498FAFB04A6542248852225F9DAE
+ 17: 9B173E91E59A940186E57BB867B8307B
+ 18: 470BF2EE614C8423AA3FDF323F1C103E
+ 19: 6E664AFDFD8306547BBEDA036D267B79
+ 20: F61AEC1144C3DD646169E16073700AC6
+ 21: AE503B139707AFA494F7F2DE933EE81A
+ 22: A0A8BDD4ED0DCAE4A8E1DCEE56368FF0
+ 23: 460B8207930DA434AE6AFECC305D9A26
+ 24: 7F03F8C7BA5365CC65F7864A42693BC8
+ 25: 31448849D6190484192F29A221700011
+ 26: BDA941019C75551D858F70FB1362EB23
+ 27: 2880CB3E62447AE8EACA76C17971BB18
+ 28: FC8D710FA3990B56357E61C2A302EB84
+ 29: 793CD15348D7DFF301C47BC6E6235E22
+ 30: 6FB0CE69A15A3B6A933324A480077D35
+ 31: C24FCA5DD4AE0DF2BFF17364D17D6743
+ 32: DC6738080478AF9AF7CA833295031E06
+
+OMAC-safer-k64 (8 byte key)
+  0: 726FE2DD40A43924
+  1: 2A138B65EB352621
+  2: 9588A1B53E29616C
+  3: C025DEFDE1A59850
+  4: 73D062F1B6D8E003
+  5: 944598A2FC8A2D76
+  6: B176C25D8CAFFC98
+  7: 14F05014DE6A090A
+  8: A7B9847B2CE22D0F
+  9: FCD71310CBAA3A62
+ 10: BFF00CE5D4A20331
+ 11: BEE12A2171333ED5
+ 12: 333FD849BEB4A64A
+ 13: D048EC7E93B90435
+ 14: F04960356689CFEF
+ 15: 9E63D9744BF1B61A
+ 16: 7C744982F32F8889
+
+OMAC-safer-sk64 (8 byte key)
+  0: E96711BA37D53743
+  1: 7DCFF26A03509FE1
+  2: 0A20EF19C8EE9BF2
+  3: FE2883748A6963CF
+  4: 557060195B820A18
+  5: 771A7931FBBE5C0F
+  6: 6BDBCE5F96CF91D8
+  7: F3B924CCE8724595
+  8: EC7191286D83C2C3
+  9: 94F55B19BB7A8AC1
+ 10: 2189F4F2B06A8CA4
+ 11: 99853DAEBCA33A46
+ 12: 66EAC37A033802D7
+ 13: 845D7AA866F8A8AD
+ 14: 33A874DFECAC22AC
+ 15: 63DD9F7A7F3683DF
+ 16: EAC277D951676C44
+
+OMAC-safer-k128 (16 byte key)
+  0: 8037B89AF193F129
+  1: FF2314E87BA6AFE1
+  2: C3243DF896B61D85
+  3: 0F61C715CE821AB8
+  4: EBFDC6A9CFD2F5A4
+  5: AB6497D7AF2C7FFF
+  6: C920CEEB7C1819C2
+  7: 3E186951B545A7E5
+  8: 5EA36A93C94AF4AC
+  9: 6A2C59FAE33709BE
+ 10: BF1BAFAF9FC39C19
+ 11: 69EB6EF046677B7C
+ 12: CDDCEE6B20453094
+ 13: A3833BD3FED6895C
+ 14: B6C05E51F01E049B
+ 15: 90A2D0EAB739D39B
+ 16: 07BF607A161D0A66
+
+OMAC-safer-sk128 (16 byte key)
+  0: 5E8B137A3946A557
+  1: 0228FA66B13F3C7E
+  2: A6F9BBAFF050DCDD
+  3: F75880F684A796CE
+  4: E0AEFB8E32040EBD
+  5: 9F65D658B86D310F
+  6: 3FA52804FB46CCAA
+  7: 2F6D12D199FCD2FB
+  8: CB56AF60AFB4D2BB
+  9: 8E6F0FF6FDD262FD
+ 10: 490245BE3CCCEDE2
+ 11: EFD319AE46C73005
+ 12: 43E00E545C848995
+ 13: 10444B41ECA15EBE
+ 14: 521775C389D5BE71
+ 15: 9B683EF8B097FEBA
+ 16: 3C5D746EED09530A
+
+OMAC-rc2 (8 byte key)
+  0: F001FE9BBC3A97B0
+  1: 8F8DC9C952897FBD
+  2: EC82EAD195AAC38C
+  3: 53DD52269B19E9A4
+  4: 9B86F64BF72A0647
+  5: 664A88A29F2898C6
+  6: AFEC3F71C1415666
+  7: 9BA1F2C1A2E765F9
+  8: 402A12120908B436
+  9: 03ECCD4C6AF44144
+ 10: E8CA3529B5D9D6FC
+ 11: 951EE10779CC585D
+ 12: B9083CA88E7E819B
+ 13: AFFB9E884DACC5B7
+ 14: E942E8BC241343D6
+ 15: 9B190489091344FB
+ 16: 9330A9E05554A15A
+
+OMAC-des (8 byte key)
+  0: C9085E99D74DF01D
+  1: FAC84F0EFBEF8630
+  2: C37C5FECE671CF16
+  3: 45B2CBEE8701A5B1
+  4: 53665E1F024EB001
+  5: 357123CEDFC9FF61
+  6: BD2CFD33FB1F832B
+  7: 1AAA9D8C9120BDBF
+  8: EB9F589AE9D4E78F
+  9: C8F9D2ACE691922D
+ 10: 81ED6F3611DDC0FD
+ 11: 2965ABEAC46839EE
+ 12: 2208B1E095F7AE2E
+ 13: C0414FE41800113E
+ 14: 653A24119CF43D97
+ 15: 7FB7CE0862958B37
+ 16: 55097816B10C549B
+
+OMAC-3des (24 byte key)
+  0: 7F07A9EA8ECEDF9E
+  1: 4E2A652EB5FBF5F8
+  2: 4F84E3779ACCB9F5
+  3: 7134AB3463115DC6
+  4: 82327BE8EA2D7E0B
+  5: 24950B9C14D87CD9
+  6: B25A097BB7E0E18A
+  7: ED51BAE55ED925E7
+  8: 56B79E7644556975
+  9: A65BD98E4D4E31E2
+ 10: 11145BB51514482D
+ 11: 397486787E676BA6
+ 12: BD1F6DEBAF6D9AEF
+ 13: 5CC3921F7DB815CF
+ 14: B0C0E60DA5F727F3
+ 15: F8637AEEFF10F470
+ 16: 0EA19531D42706EA
+
+OMAC-cast5 (8 byte key)
+  0: 7413DCDB9F0C3100
+  1: 423799EDF1472B79
+  2: 03856F0CB4F11606
+  3: F152AE6360813DE0
+  4: 853998BD980AD146
+  5: AE6C3D667DB8B414
+  6: B5A4986A34BDE20F
+  7: E5ABE5B979798942
+  8: BEE8DFED4555F405
+  9: 6B5339E952AF61BE
+ 10: 5E867CF34D9C1149
+ 11: F9C55CB3BC655E08
+ 12: EA09A2929AC7D915
+ 13: CE8EB0E4370E1933
+ 14: 749A424B2AA91B98
+ 15: 8DDA93C2B814D5D1
+ 16: E8B0B219D4CB699B
+
+OMAC-noekeon (16 byte key)
+  0: EC61647B281C47C1B43F9815064BF953
+  1: B100B1B6CD96DCED8F47A77E70670A92
+  2: A96CDE3C48831A6B0A5ADFECA6399BDB
+  3: 14E75E7CAD840208834918B29A5D4430
+  4: 9577083713AE6E44EEC987C77C93C072
+  5: 2A738C02841E461238C02F5CFC8E66A6
+  6: A901327E451BE0D2D9DEC83DEEA9A022
+  7: 5ED7EE1BE04A64A689D15F6970A821A6
+  8: BA053E24FCFD02C731A8CFCA19EE66A0
+  9: 57139CA8C91072555B29F85A19E2C84D
+ 10: 4585EAC7EFB84869FD96EE7A5FDD350B
+ 11: 62AF6C415CA73E54E82EA306254C1BDE
+ 12: 75304F9724BD364F84371EE154F5210E
+ 13: 7FE5DBCEE826760434745D417453182B
+ 14: EC98DA2A580E9131218D1CDE835423D4
+ 15: 631BD9EAFD1AE445F2C1C35E2B4416ED
+ 16: CA2D902A1D83388FE35BAB7C29F359BA
+ 17: 0DBF0AF7FCBEEE21FB6159C0A2FFCD4C
+ 18: BD7CD2C49241032DA33B1975EE2EE982
+ 19: B30B090EE8626D77D310EDB957552D46
+ 20: 64F608AC5707C381AC6878AA38345144
+ 21: 28513CA7795B23A02B37DC3732413D23
+ 22: 9F440700094517847E9E013C8915C433
+ 23: 8CA483F313D20BFE7E0C089DAA4145BD
+ 24: FA44872743E20E5E0A069B3C4578DB50
+ 25: F6DE8FFBECD52CC1F213CD9E406DF3BC
+ 26: B9702B7E846735A3DCC0724255F88FEC
+ 27: A1DDAFED2B1732C7BA89C2F194AF039E
+ 28: 2549C5F0E30F8F4002431D2C098805B8
+ 29: 52E3836181BF5C9B09A507D5330CD14F
+ 30: 01C55DCBCCFD9D7A4D27BDE2A89AA8EF
+ 31: 3CF721A0CF006702CDA91F2FF3E4D5E3
+ 32: 6D264B9065BE98C170E68E9D2A4DE86E
+
+OMAC-skipjack (10 byte key)
+  0: 84EDFA769040603C
+  1: 7DA58A4CBD642627
+  2: 118F60115CFC8229
+  3: A7F7346D34DB2F0E
+  4: 35615CCD526CD57F
+  5: DE471601A3660844
+  6: 15FCCE6D6D883D1F
+  7: C6F694861233151B
+  8: 3B762B397F16E807
+  9: 976C6AB59FB3AB12
+ 10: 6810791F2C595961
+ 11: 7FA3478286917F17
+ 12: 73DEE44A51C6B610
+ 13: 89EE8B253B1ACE81
+ 14: CDF2586A56C8A0B5
+ 15: ED91F98DA98F42C4
+ 16: D8D0FA5CE96B08BF
+
+OMAC-anubis (16 byte key)
+  0: E672617CAA1E641C0E7B4B4CC4787455
+  1: C0C16E8FD63907C08A8ABBB7B73376D3
+  2: 23F97CED54939361830396224A7BDD91
+  3: 7FD87DEA9F05E07212DDF61292D9E13D
+  4: 929A11A4D0991A6446B1051926A6048D
+  5: 4EB74F1CC0150D86126BC6FE1FC8253D
+  6: 33C2C3C072D05BB6D54F87579C23B116
+  7: DE350181C9E90A79879813A609BE77E2
+  8: DB519EB9EF0E154D9D248734FD3D3724
+  9: 4F7F2E6D3FC72BA94FE24EC0ABBF4E66
+ 10: D646389DBCEEDD59EBB6E8F09C422930
+ 11: 8547658AE1CE6A8B8D010A1E1FEA7AF4
+ 12: C9BE2B7F3630EFDFBD3AEA6A108C86EA
+ 13: 290417C57096B8B9A1BA3C20FD91285B
+ 14: 9AF60E99692C5F911CBF969A6E11DC14
+ 15: CDA433BE58C98E49EBA8A7108E50DE2B
+ 16: 7430D0EE631A4659351B8A4489A78D46
+ 17: DCC74C0FD0415768FE00225CA14B7DC2
+ 18: 0CF2432B1B465F2A8C5FACAAF2FEF619
+ 19: DA020680C64E93AE5FCA3D71466D01C1
+ 20: B9C33A86E6ED9FCCDCD973382DD1B6A3
+ 21: 6631236B9F2F810DD4D97E6046F41AF2
+ 22: 0312C322F4D634CF4FBC0C2624E3E9F2
+ 23: 111E3E9F8FBDC1E4364622723F1CB524
+ 24: 6D2608D7AAF243D5219E14513895BFF6
+ 25: 683BD01B43CBC0430A007ACBAB357DC9
+ 26: 01B8FC65C56B0F1A5BFEBEDCCF6748D9
+ 27: 4D6298D63A80D55491697A6DD8E3694C
+ 28: 6F0205E4E083CAB00747D723300510DF
+ 29: 5183BAEEF05E9402A935EB9AFF0AA2A9
+ 30: 1E673BFAD4944643A740C59D96A5925C
+ 31: 940FB4000E34EEE78E8DB402E4A76502
+ 32: 87B0C48F3D155AD85D0502D94A4572DE
+
+OMAC-khazad (16 byte key)
+  0: 4EBEFA460499424F
+  1: 97AEEAD51E541D16
+  2: 29A35212910C9595
+  3: ABD1577D622074EA
+  4: 70A537DE14DD765C
+  5: 240A19016DE99C51
+  6: 4D42C10A9F803177
+  7: F464BC3E0DB5A909
+  8: 1C65A01A7C08DAC7
+  9: E49A1428C230C209
+ 10: 16DD0FEB7A6505B8
+ 11: 2DDDB3E35A05C220
+ 12: EC88910C799AC6CC
+ 13: B2A65C9EF39BEC8A
+ 14: F0D2366BA91DFFD5
+ 15: BCAB623CAB7AAA23
+ 16: 9BCEAB857596E478
+

libtomcrypt/notes/pmac_tv.txt

@@ -0,0 +1,461 @@
+PMAC Tests.  In these tests messages of N bytes long (00,01,02,...,NN-1) are OMAC'ed.  The initial key is
+of the same format (length specified per cipher).  The OMAC key in step N+1 is the OMAC output of
+step N (repeated as required to fill the array).
+
+PMAC-aes (16 byte key)
+  0: 4399572CD6EA5341B8D35876A7098AF7
+  1: 580F7AA4AA45857C79BA2FB892228893
+  2: 24D2D1DBABDB25F9F2D391BB61F4204A
+  3: 083BF95E310B42A89751BC8E65ABA8B5
+  4: 69BEB9268CD7FD3D7AB820BD7E226955
+  5: FD71B0E647ADB4BB3F587E82B8B3401A
+  6: 07EA46271081840737CEB1AC9E5E22E3
+  7: FFA12AD9A9FDB5EE126084F82B381B10
+  8: 8A11AF301AAFEAC8A75984ED16BB3292
+  9: 368BDC3F4220E89B54C5F9D09FFB8F34
+ 10: 8B6DBFF776FD526147D1C4655626374F
+ 11: C538C09FC10DF38217CD8E799D8D1DC9
+ 12: FC1264A2051DEF73339432EA39443CFD
+ 13: 8AF37ED2FB2E8E30E9C4B75C1F1363E1
+ 14: 4295541FC62F6774068B8194CC9D9A46
+ 15: CFAF4D8EA09BB342F07131344DB0AA52
+ 16: B6CBD6E95959B2A8E22DE07E38B64D8D
+ 17: 3124E42DE3273B0F4806FB72A50F3E54
+ 18: 252D49403509B618AB3A6A1D99F9E9FA
+ 19: 9CDA75594CB696EB19C022DDA7324C10
+ 20: 33BB8AE43B7BC179E85F157FA19607D0
+ 21: 12FE91BCF2F2875379DC671C6F1B403E
+ 22: 416A3E519D1E406C92F8BB0DDBBBB6BF
+ 23: 6F98DCCD5A8D60DEAF612ACCEDD7E465
+ 24: FFCE7604609B2C3C050921854C638B7E
+ 25: DD2BB10AA07A5EC8D326BB7BF8D407F4
+ 26: 468BFE669FCDF354E4F9768FE1EAF8F6
+ 27: 01724D2F2C61EB4F380852218212E892
+ 28: 2D90EC658F57138505598C659C539A3E
+ 29: 6301EAA0E1500FFEB86752744EFFF23D
+ 30: 3CCB177486377616056D835F6F857F7C
+ 31: BFB3C7755C1F4543B516EB8610CB219F
+ 32: D5C505847D7CFFD8CED848F6CB613105
+
+PMAC-blowfish (8 byte key)
+  0: 3B7E4EFE92FA46AF
+  1: 746840017C38C892
+  2: 3B6A92C731465B64
+  3: D89D3B05143B6704
+  4: 43F70D54B808B7CE
+  5: 84E4063AB32F046C
+  6: A7E78CD5CCD23805
+  7: A78FB083475FEF10
+  8: D4F6C26B5386BA25
+  9: 184768A079853C90
+ 10: 0702E6C8140C5D3B
+ 11: 786D94565AA0DF4B
+ 12: F6D36D3A2F4FB2C1
+ 13: 7BB3A0592E02B391
+ 14: 5B575C77A470946B
+ 15: 686DAD633B5A8CC3
+ 16: BDFE0C7F0254BAD5
+
+PMAC-xtea (16 byte key)
+  0: A7EF6BB667216DDA
+  1: B039E53812C4ABDC
+  2: 87D2F8EA5FB6864D
+  3: F85E3F4C1D9F5EFC
+  4: 4EB749D982FB5FE2
+  5: 0BFA0F172027441A
+  6: FF82D01F36A6EC91
+  7: 3BC2AA2028EBBD7A
+  8: 15AA03A97A971E2A
+  9: C974691F5D66B835
+ 10: 4FC7AA8F399A79ED
+ 11: 2633DA9E94673BAE
+ 12: 82A9FD48C5B60902
+ 13: 31BF6DA9EE0CE7E4
+ 14: 26B2538601B7620E
+ 15: D103F3C0B4579BE5
+ 16: 031346BA20CD87BC
+
+PMAC-rc5 (8 byte key)
+  0: C6B48F8DEC631F7C
+  1: F7AA62C39972C358
+  2: 0E26EC105D99F417
+  3: 7D3C942798F20B8C
+  4: 415CDA53E1DE3888
+  5: A314BA5BCA9A67AC
+  6: 02A5D00A3E371326
+  7: E210F0A597A639E5
+  8: D4A15EED872B78A2
+  9: AC5F99886123F7DC
+ 10: 69AEB2478B58FFDF
+ 11: 8AB167DFC9EF7854
+ 12: 945786A136B98E07
+ 13: F3822AB46627CAB5
+ 14: 23833793C3A83DA9
+ 15: 70E6AB9E6734E5A6
+ 16: 0705C312A4BB6EDE
+
+PMAC-rc6 (16 byte key)
+  0: C7715A17012401DE248DC944DEEBD551
+  1: 5B804C6CCDF97BB28811C9ED24FE6157
+  2: 7528378C052F4346253CB0DFA3D251C7
+  3: 6DA86EE0B28606861B1A954D7429A93C
+  4: B4DFF84C25937FB50EE79D4037323160
+  5: A60FD9BE5E1FF67EC9734776C8781096
+  6: 81D3F8EDC0A197DD3739EAE648F38580
+  7: 8BAF47F02120E898916D678DBD0C1641
+  8: 7A9EEC96F10B7CF557B61EF35BB55B08
+  9: B88C11221014F8AE048E56C427DF4A46
+ 10: 4BBA8EED89F357861A265006816D9B04
+ 11: 8497C1D55010A65ED8C3688B75A7CABF
+ 12: 95E1720C06A373CAD1A22F432F26BCCA
+ 13: A175FB732692831E96AFB587BC49E18C
+ 14: 54EBC04FCFD90302907BF77C4D8AC77C
+ 15: EA9F13EE5548CDF771C354527CDDA09B
+ 16: 4EDBCFD0E2E6B321530EB31B3E8C2FE4
+ 17: F412304C1A5B9005CC3B7900A597DFB5
+ 18: 3B9247C12BB25DF048BF5541E91E1A78
+ 19: 39626488635D0A6224CD23C13B25AE8E
+ 20: 40305F5C2FCEF34E764E33EF635A3DC5
+ 21: F84499804086033E85633A1EF9908617
+ 22: C4D263CDC7E0969B8AC6FA9AD9D65CB8
+ 23: 6137DC840E61EA6A288D017EFB9646FC
+ 24: 8619960428EB29B1D5390F40173C152F
+ 25: F0464509D0FBDBECEC9DFC57A820016D
+ 26: 630EED23E87059051E564194831BAEF6
+ 27: 4B792B412458DC9411F281D5DD3A8DF6
+ 28: F2349FA4418BC89853706B35A9F887BA
+ 29: FEAC41D48AEAB0955745DC2BE1E024D5
+ 30: A67A135B4E6043CB7C9CAFBFA25D1828
+ 31: EC12C9574BDE5B0001EE3895B53716E2
+ 32: 44903C5737EE6B08FD7D7A3937CC840D
+
+PMAC-safer+ (16 byte key)
+  0: E8603C78F9324E9D294DA13C1C6E6E9B
+  1: 3F1178DFC2A10567D4BCC817D35D1E16
+  2: 27FE01F90E09237B4B888746199908EE
+  3: 4F5172E3D8A58CD775CD480D85E70835
+  4: 74BED75EFAAB3E8AA0027D6730318521
+  5: 54B003AB0BE29B7C69F7C7494E4E9623
+  6: 8A2DAD967747AEA24670141B52494E2F
+  7: 69EB054A24EE814E1FB7E78395339781
+  8: E59C2D16B76B700DC62093F0A7F716CC
+  9: AB227D6303007FD2001D0B6A9E2BFEB7
+ 10: AE107117D9457A1166C6DFD27A819B44
+ 11: F84DE551B480CED350458851BAE20541
+ 12: B0EB5103E7559B967D06A081665421E0
+ 13: CDB14F3AD1170CE8C6091947BE89DE7B
+ 14: 24FA2F476407094152D528FCF124E438
+ 15: 440144B31EC09BD8791BFE02E24EA170
+ 16: 697D268A46E8B33CEC0BAB8CAF43F52D
+ 17: 587CBDE7608449BD162184020FBFCC8D
+ 18: 3EA999C2169CC65735737F50FCD7956B
+ 19: C6D692698CD8BEEBF2387C6A35A261B0
+ 20: 46DAB3AD3C4E2EF712FAC38F846C63E1
+ 21: 7261E68B530D10DDC9AD4C9AB5D95693
+ 22: 4D0BA5773E988C2B7B2302BBA0A9D368
+ 23: 8617154626362736698613151D1FD03A
+ 24: 23CF25F68B281E21777DC409FE3B774A
+ 25: CA626956C97DC4207D968A8CC85940B8
+ 26: 24C39BE160BDBB753513F949C238014E
+ 27: 83CD65C010FB69A77EEDEA022A650530
+ 28: 1A72DC8438B927464125C0DFEACDE75D
+ 29: 546054936A2CB5BFBB5E25FFD07C9B51
+ 30: 0EB81A268F1BB91997CB9809D7F9F2AD
+ 31: 7D08B4DE960CADC483D55745BB4B2C17
+ 32: FD45061D378A31D0186598B088F6261B
+
+PMAC-twofish (16 byte key)
+  0: D2D40F078CEDC1A330279CB71B0FF12B
+  1: D1C1E80FD5F38212C3527DA3797DA71D
+  2: 071118A5A87F637D627E27CB581AD58C
+  3: C8CFA166A9B300F720590382CE503B94
+  4: 3965342C5A6AC5F7B0A40DC3B89ED4EB
+  5: 6830AB8969796682C3705E368B2BDF74
+  6: FF4DCC4D16B71AFEEA405D0097AD6B89
+  7: ADB77760B079C010889F79AA02190D70
+  8: 5F2FCD6AA2A22CEECAA4671EE0403B88
+  9: 70DD6D396330904A0A03E19046F4C0BF
+ 10: 8A2C9D88FA0303123275C704445A7F47
+ 11: BA0B2F6D029DCD72566821AB884A8427
+ 12: C8DF45FF13D7A2E4CFE1546279172300
+ 13: 512659AD40DC2B9D31D299A1B00B3DAD
+ 14: A8A0E99D2E231180949FC4DFB4B79ED4
+ 15: CA161AFB2BC7D891AAE268D167897EF2
+ 16: D6C19BBDFFC5822663B604B1F836D8BD
+ 17: 4BF115F409A41A26E89C8D758BBF5F68
+ 18: 02E3196D888D5A8DE818DBCBAD6E6DC7
+ 19: 995C9DD698EC711A73BD41CAAE8EB633
+ 20: A031857FADC8C8AFEABF14EF663A712D
+ 21: 124695C9A8132618B10E9800A4EFACC5
+ 22: 997E5E41798648B8CE0C398EF9135A2C
+ 23: 42C92154B71FB4E133F8F5B2A2007AB2
+ 24: 945DC568188D036AC91051A11AC92BBF
+ 25: D5A860CC4C3087E9F4988B25D1F7FAAE
+ 26: 6CD6ABF8EDF3102659AFFBE476E2CBE8
+ 27: 45ECD0C37091414E28153AA5AFA3E0B2
+ 28: CBA6FE296DDE36FE689C65667F67A038
+ 29: C4022281633F2FC438625540B2EE4EB8
+ 30: 864E27045F9CC79B5377FDF80A6199CF
+ 31: 0D06F2FAEC5AA404A4087AAEBC4DBB36
+ 32: 0F396FE9E3D9D74D17EB7A0BF603AB51
+
+PMAC-safer-k64 (8 byte key)
+  0: 2E49792C78C1DA52
+  1: 7A5136F4FE617C57
+  2: 6FC8575F6F3D78EC
+  3: 7C0373CAEAAA640B
+  4: 9D469E7FF6C35D31
+  5: 7755D62DD7D88112
+  6: ADD9E7855A958C9F
+  7: 752D29BA8150F18E
+  8: 0954649A99596104
+  9: 05D4D75A9FAE233D
+ 10: 1AADAFD7B4B250DA
+ 11: E7A8F31ED74DA32B
+ 12: 1A74DF61BDB9DF94
+ 13: C38A67B1955C4E0D
+ 14: EBADAA44746ADF16
+ 15: C0BFBB092CE81D8E
+ 16: 984975657F3FF2B0
+
+PMAC-safer-sk64 (8 byte key)
+  0: E8917E1629E7403E
+  1: AE8061A5E412A647
+  2: C969771CE5A9B0C6
+  3: 78159C01D0A3A5CB
+  4: 1DD4382A8FC81921
+  5: 4086880FD863C048
+  6: A520B45600A3FA1D
+  7: 0F0AB5118D7506C4
+  8: 22E315F2DD03BCC6
+  9: 5ECB5561EE372016
+ 10: 446A9B2BCB367AD6
+ 11: B2107FE2EB411AE9
+ 12: 5A539B62FB5893DF
+ 13: F44EE1EB3278C2BA
+ 14: 293FEA56D1F6EA81
+ 15: F38F614D2B5F81C4
+ 16: AB23F7F8F4C12A7E
+
+PMAC-safer-k128 (16 byte key)
+  0: 7E0BDE11EC82FDE6
+  1: 8942FB017A135520
+  2: 0B073E6D0F037A02
+  3: DBF88439D671ED4F
+  4: B89427ED1121069A
+  5: AA8573DAC66D2315
+  6: 12DA3144BEF13FF2
+  7: EF80413CBA281B3A
+  8: DFA7114D8505EEBD
+  9: AE53607F3E6F4A54
+ 10: 3F2C9395CFB9F78F
+ 11: 67EB7C5F02760AED
+ 12: 3EF4CBB4AB5B8D1F
+ 13: 83B63AFA78795A92
+ 14: 5DE400951766992A
+ 15: AA8791A45237CF83
+ 16: 7743B18704B037CF
+
+PMAC-safer-sk128 (16 byte key)
+  0: 8F1597FFCF6FB7C1
+  1: AFF8BD8FF9F3888A
+  2: 65F89D82869D8B42
+  3: CBE1F06476B2D5BD
+  4: 4878D47FDFECE23E
+  5: 4751A9E6D61AB2A2
+  6: 003AC162AED4DED8
+  7: 1F617A5555092C22
+  8: 088EE0C35B607153
+  9: F840B485086F9908
+ 10: BA99E0FB5D7D0976
+ 11: F04AF6DC4BAF6887
+ 12: 5DBBE40AF2F67E4E
+ 13: 7F52A93E87E29C9D
+ 14: 7B26A14A4BD5B709
+ 15: C34F26E08C64F26B
+ 16: 291A41D479EC1D2A
+
+PMAC-rc2 (8 byte key)
+  0: E5AF80FAC4580444
+  1: 6A15D6211EB4FF99
+  2: DDB95E9486C4B034
+  3: 9764761DC2AAD5C0
+  4: 1B1CD2E799D44B4F
+  5: 4F80FE32256CF2EC
+  6: 7B70CF31C81CD384
+  7: 9BC10DD9332CF3BB
+  8: 628189801879FDD8
+  9: 5FC17C555E2AE28B
+ 10: E20E68327ABEAC32
+ 11: 5D375CA59E7E2A7C
+ 12: A9F4CFC684113161
+ 13: 3A0E069940DDD13C
+ 14: EAC25B6351941674
+ 15: CB8B5CF885D838CF
+ 16: DCBCDDFC06D3DB9A
+
+PMAC-des (8 byte key)
+  0: 086A2A7CFC08E28E
+  1: F66A1FB75AF18EC9
+  2: B58561DE2BEB96DF
+  3: 9C50856F571B3167
+  4: 6CC645BF3FB00754
+  5: 0E4BEE62B2972C5A
+  6: D2215E451649F11F
+  7: E83DDC61D12F3995
+  8: 155B20BDA899D2CF
+  9: 2567071973052B1D
+ 10: DB9C20237A2D8575
+ 11: DAF4041E5674A48C
+ 12: 552DB7A627E8ECC4
+ 13: 1E8B7F823488DEC0
+ 14: 84AA15713793B25D
+ 15: FCE22E6CAD528B49
+ 16: 993884FB9B3FB620
+
+PMAC-3des (24 byte key)
+  0: E42CCBC9C9457DF6
+  1: FE766F7930557708
+  2: B9011E8AF7CD1E16
+  3: 5AE38B037BEA850B
+  4: A6B2C586E1875116
+  5: BF8BA4F1D53A4473
+  6: 3EB4A079E4E39AD5
+  7: 80293018AC36EDBF
+  8: CC3F5F62C2CEE93C
+  9: EE6AA24CE39BE821
+ 10: 487A6EAF915966EA
+ 11: D94AD6393DF44F00
+ 12: F4BFCCC818B4E20D
+ 13: 2BE9BC57412591AA
+ 14: 7F7CC8D87F2CDAB7
+ 15: B13BFD07E7A202CB
+ 16: 58A6931335B4B2C2
+
+PMAC-cast5 (8 byte key)
+  0: 0654F2F4BC1F7470
+  1: 3F725B162A1C8E6B
+  2: BCFBDC680A20F379
+  3: 027922705BCACDEE
+  4: 44E2F4BE59774BA4
+  5: 3ABD1AFC8EE291F7
+  6: D96347E717921E96
+  7: 96257299FCE55BC6
+  8: C2C1DA176EE98170
+  9: FD415C122E604589
+ 10: DCBCA228D45AEDA4
+ 11: 7801FBCFAAB9DF75
+ 12: D38CB38574474B7F
+ 13: F5C5A23FF3E80F37
+ 14: 83FA4DAD55D092F5
+ 15: BDC0A27EE0CB1657
+ 16: 87D907CACA80A138
+
+PMAC-noekeon (16 byte key)
+  0: A1E4C84B5958726557DF0855B37AA551
+  1: 5DE20299CA919D3365B493D3D4895F92
+  2: AF7E70C336571A857F62A18649EDB197
+  3: C5F55CFE1AA119C352B64252AD246CBD
+  4: FEF68A0CE08E8BA315B73B62F861824F
+  5: 8321C2958DE4903DC12C42A8845ECC20
+  6: 370466D1324AECF1F5B42E0E01381613
+  7: 5CB900190F5CACBACFE5EAB0CC289D87
+  8: A13C043E6CAAA1E34601A93C497446A4
+  9: 865E11622A4CC8A9E1408E00F56C4543
+ 10: 9DC42C26868374649BD17D69D025CA1B
+ 11: 37D33C11B433C91DA09925CA9E86757A
+ 12: 1373D769C270E7137C953AC0F8F37941
+ 13: 7E81DEC583348B1E2F6267ECF82CB994
+ 14: 505B6329338556518FF364CAA730F5E8
+ 15: 0C085AEEB315968B0BDE904E8BBC6FD0
+ 16: 5FED63259364BE7E5133FF0507DD2D4C
+ 17: F7EE5C80A99AAEADB49E7CC69BFFF679
+ 18: 4388FA5E763A641130940EB705BEFD08
+ 19: 1BC31CA79EBE1674CEBE01BC9988267B
+ 20: BE88961637EFFE2D6905D104FEDD51A4
+ 21: 9C341004FB22AFCC496094E3207CA761
+ 22: B9DAA3620E38FFC7C5D5E7D2D8FE3DE4
+ 23: A38D2E571F037061B4400F1131FDBDEA
+ 24: 61DB71AE77A6EB47F2E9E14E8CBF2F4B
+ 25: 9903A072274CC048EF2C51493266D9ED
+ 26: 1EBEA421DD08859C17DDF39B20A82102
+ 27: F425858618E1A86F4912E4714EFB9E75
+ 28: 3B3D4EA07F7FE6DDFDD02D624ACDFC9F
+ 29: CEEE256591D701514EB17DF73B08A970
+ 30: 5CC56D5D46120C530A23B6C511C685FC
+ 31: 68E484CE18BE28EADD0BBF23291B8237
+ 32: ABD58A9CDF8AA68168A1A402074CF520
+
+PMAC-skipjack (10 byte key)
+  0: 9CD94B75BC43B647
+  1: B069ACB82B12BC7B
+  2: 6DD40E71EB03E311
+  3: 74CBED61D77DBA7D
+  4: DD1B7E0D181537FE
+  5: ACB5B96FA0AD1786
+  6: B34E01EB2567D381
+  7: 9623DAADE57B9549
+  8: 8BA384BABB798344
+  9: B147AA9D5C5C67CF
+ 10: 0033C520F4C67523
+ 11: 42DAC184BEABC3E5
+ 12: 428029311004AEBB
+ 13: AC2BB1C0F0ED649B
+ 14: F7CAA9A3BF749C1A
+ 15: 2C5BD475AAC44C77
+ 16: FEB892DA66D31A84
+
+PMAC-anubis (16 byte key)
+  0: DF33EE541FFEE6A97FE3A1F72F7A38FC
+  1: 0AB28675AC3923C6DD9F5A8E1E2928D0
+  2: 2DABF75D6403E1E1CFAB3E6869FB1088
+  3: 95835D49E09740180B79E394FC2AA744
+  4: F364D6DC2C2078A519E5BAEFE858AFCA
+  5: DA4C66A4805FC91FABAECC0D3AEAD850
+  6: 487660FADCAC7B326C492AA051A1DF49
+  7: BF07835AA1A548FA7312509AF35CE3F3
+  8: 3CE8A8B1F324A700923AC0B830D53D99
+  9: 3C54D99AACFAB26E34FC1B0B6BB9EB22
+ 10: 0A559F9D107ED76FD19227FDD0752B8A
+ 11: BFD9E74ADC40B9C7446FDD09558FA584
+ 12: F1130F663BC0FA3B1066129E0D1910E9
+ 13: 535EAD786F0D211DE7AA78F3CB480803
+ 14: CDF5855F00A4C310D95B26751B01A28B
+ 15: EF6686E999D5A9C35A96D25BB9DBBF57
+ 16: E795733AA0AAF16D8F7AB1A8E9C55E54
+ 17: E03CA85727D5CF06F56BB6465BB3E5C5
+ 18: 6EDDDB6D2292EFF584E382E1BACD1A49
+ 19: 7B7FE0D8821836C1AA95578071FF2FD2
+ 20: 5F8CC568338400746B61A9286B7CF262
+ 21: 32DEE5A11E9EDB04BDF911837CE0FA4D
+ 22: F1A99914F13B17ABF383F36157FEB170
+ 23: 99F541647F382390043CAE5332E3114D
+ 24: 34C5EBB85693A1979F8CFDF8B431A5BB
+ 25: 1BA7266568F1E7B4A77A869D3021AC0F
+ 26: 0FC675C99C24E859F8CE714E86BF5289
+ 27: CBFAB21F5ABC47356A43BED806D873C0
+ 28: 9659AB1A4D334B622629721F98EECE3A
+ 29: 644C8BEE41F03BDE7652B03CAEA31E37
+ 30: 5B3447AFAD934B4D1E4910A8DFD588E7
+ 31: BFF403342E8D50D0447627AEA2F56B23
+ 32: 19F468F0FB05184D00FABD40A18DB7B2
+
+PMAC-khazad (16 byte key)
+  0: F40CEF2E392BEAEB
+  1: C6E086BD1CFA0992
+  2: 513F2851583AD69A
+  3: 07279D57695D78FF
+  4: 051E94FE4CC847B6
+  5: 5E9AAA5989D5C951
+  6: 310D5D740143369A
+  7: 9BB1EA8ECD4AF34B
+  8: CF886800AF0526C8
+  9: 0B03E2C94729E643
+ 10: 42815B308A900EC7
+ 11: 9A38A58C438D26DD
+ 12: 044BFF68FD2BFF76
+ 13: 7F5ABBDC29852729
+ 14: F81A7D6F7B788A5D
+ 15: 93098DA8A180AA35
+ 16: BACE2F4DA8A89E32
+

libtomcrypt/notes/tech0001.txt

@@ -0,0 +1,73 @@
+Tech Note 0001
+How to Gather Entropy on Embedded Systems
+Tom St Denis
+
+Introduction
+------------
+
+This tech note explains a relatively simple way to gather entropy for a PRNG (Yarrow in this case) in embedded systems
+where there are few sources of entropy or physical sources.
+
+When trying to setup a secure random number generator a fresh source of random data (entropy) is required to ensure the
+deterministic state of the PRNG is not known or predetermined with respect to an attacker.
+
+At the very least the system requires one timer and one source of un-timed interrupts.  by "un-timed" I mean interrupts
+that do not occur at regular intervals [e.g. joypad/keypad input, network packets, etc...].
+
+First we shall begin by taking an overview of how the Yarrow PRNG works within libtomcrypt.  At the heart of all
+PRNGs is the "prng_state" data type.  This is a union of structures that hold the PRNG state for the various prngs.  The 
+first thing we require is a state... 
+
+   prng_state myPrng;
+
+Next we must initialize the state once to get the ball rolling
+
+   if (yarrow_start(&myPrng) != CRYPT_OK) {
+      // error should never happen!
+   }
+
+At this point the PRNG is ready to accept fresh entropy which is added with
+
+   int yarrow_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng)
+
+This function is **NOT** thread safe which will come under consideration later.  To add entropy to our PRNG we must 
+call this function with fresh data as its sampled.  Lets say we have a timer counter called "uTimer" which is a 32-bit 
+long and say a 32-bit joyPad state called "uPad".  An example interrupt handler would look like
+
+   void joypad_interrupt(...) {
+       unsigned char buf[8];
+
+       STORE32L(uTimer, buf);
+       STORE32L(uPad, buf+4)
+       if (yarrow_add_entropy(buf, 8, &myPrng) != CRYPT_OK) {
+          // this should never occur either unless you didn't call yarrow_start
+       }
+ 
+       // handle interrupt
+   }
+
+In this snippet the timer count and state of the joypad are added together into the entropy pool.  The timer is important
+because with respect to the joypad it is a good source of entropy (on its own its not).  For example, the probability of
+the user pushing the up arrow is fairly high, but at a specific time is not.
+
+This method doesn't gather alot of entropy and has to be used to for quite a while.  One way to speed it up is to tap
+multiple sources.  If you have a network adapter and other sources of events (keyboard, mouse, etc...) trapping their
+data is ideal as well.  Its important to gather the timer along with the event data.
+
+As mentioned the "yarrow_add_entropy()" function is not thread safe.  If your system allows interrupt handlers to be 
+interrupted themselves then you could have trouble.  One simple way is to detect when an interrupt is in progress and
+simply not add entropy during the call (jump over the yarrow_add_entropy() call)
+
+Once you feel that there has been enough entropy added to the pool then within a single thread you can call
+
+    int yarrow_ready(prng_state *prng)
+
+Now the PRNG is ready to read via the 
+
+    unsigned long yarrow_read(unsigned char *buf, unsigned long len, prng_state *prng)
+
+It is a very good idea that once you call the yarrow_ready() function that you stop harvesting entropy in your interrupt
+functions.  This will free up alot of CPU time.  Also one more final note.  The yarrow_read() function is not thread
+safe either.  This means if you have multiple threads or processes that read from it you will have to add your own semaphores
+around calls to it.
+

libtomcrypt/notes/tech0002.txt

@@ -0,0 +1,52 @@
+Tech Note 0002
+How to avoid non-intrusive timing attacks with online computations
+Tom St Denis
+
+Introduction
+------------
+
+A timing attack is when an attacker can observe a side channel of the device (in this case time).  In this tech note
+we consider only non-intrusive timing attacks with respect to online computations.  That is an attacker can
+determine when a computation (such as a public key encryption) begins and ends but cannot observe the device 
+directly.  This is specifically important for applications which transmit data via a public network.
+
+Consider a Diffie-Hellman encryption which requires the sender to make up a public key "y = g^x mod p".  Libtomcrypt
+uses the MPI bignum library to perform the operation.  The time it takes to compute y is controlled by the number
+of 1 bits in the exponent 'x'.  To a large extent there will be the same number of squaring operations.  "1" bits in
+the exponent require the sender to perform a multiplication.  This means to a certain extent an attacker can 
+determine not only the magnitude of 'x' but the number of one bits.  With this information the attacker cannot directly
+learn the key used.  However, good cryptography mandates the close scrutiny of any practical side channel.
+
+Similar logic applies to the other various routines.  Fortunately for this case there is a simple solution.  First, 
+determine the maximum time the particular operation can require.  For instance, on an Athlon 1.53Ghz XP processor a
+DH-768 encryption requires roughly 50 milliseconds.  Take that time and round it up.  Now place a delay after the call.
+
+For example, 
+
+void demo(void) {
+   clock_t t1;
+
+   // get initial clock
+   t1 = clock();
+   
+   // some PK function
+   
+   // now delay 
+   while (clock() < (t1 + 100));
+   
+   // transmit data...
+   
+}
+
+This code has the effect of taking at least 100 ms always.  In effect someone analyzing the traffic will see that the
+operations always take a fixed amount of time.  Since no two platforms are the same this type of fix has not been 
+incorporated into libtomcrypt (nor is it desired for many platforms).  This requires on the developers part to profile
+the code to determine the delays required.
+
+Note that this "quick" fix has no effect against an intrusive attacker.  For example, power consumption will drop
+significantly in the loop after the operation.  However, this type of fix is more important to secure the user of the 
+application/device.  For example, a user placing an order online won't try to cheat themselves by cracking open their
+device and performing side-channel cryptanalysis.  An attacker over a network might try to use the timing information
+against the user.
+
+

libtomcrypt/notes/tech0003.txt

@@ -0,0 +1,52 @@
+Tech Note 0003
+Minimizing Memory Usage
+Tom St Denis
+
+Introduction
+------------
+
+For the most part the library can get by with around 20KB of stack and about 32KB of heap even if you use the
+public key functions.  If all you plan on using are the hashes and ciphers than only about 1KB of stack is required
+and no heap.
+
+To save space all of the symmetric key scheduled keys are stored in a union called "symmetric_key".  This means the 
+size of a symmetric_key is the size of the largest scheduled key.  By removing the ciphers you don't use from
+the build you can minimize the size of this structure.  For instance, by removing both Twofish and Blowfish the
+size reduces to 768 bytes from the 4,256 bytes it would have been (on a 32-bit platform).  Or if you remove
+Blowfish and use Twofish with TWOFISH_SMALL defined its still 768 bytes.  Even at its largest the structure is only 
+4KB which is normally not a problem for any platform.  
+
+
+Cipher Name | Size of scheduled key (bytes) |
+------------+-------------------------------|
+Twofish     | 4,256                         |
+Blowfish    | 4,168                         |
+3DES        | 768                           |
+SAFER+      | 532                           |
+Serpent     | 528                           |
+Rijndael    | 516                           |
+XTEA        | 256                           |
+RC2         | 256                           |
+DES         | 256                           |
+SAFER [#]   | 217                           |
+RC5         | 204                           |
+Twofish [*] | 193                           |
+RC6         | 176                           |
+CAST5       | 132                           |
+Noekeon     | 32                            |
+Skipjack    | 10                            |
+------------+-------------------------------/
+Memory used per cipher on a 32-bit platform.
+
+[*] For Twofish with TWOFISH_SMALL defined
+[#] For all 64-bit SAFER ciphers.
+
+Noekeon is a fairly fast cipher and uses very little memory.  Ideally in low-ram platforms all other ciphers should be
+left undefined and Noekeon should remain.  While Noekeon is generally considered a secure block cipher (it is insecure
+as a hash) CAST5 is perhaps a "runner-up" choice.  CAST5 has been around longer (it is also known as CAST-128) and is 
+fairly fast as well.
+
+You can easily accomplish this via the "config.pl" script. Simply answer "n" to all of the ciphers except the one you want
+and then rebuild the library.  [or you can hand edit mycrypt_custom.h]
+
+

libtomcrypt/notes/tech0004.txt

@@ -0,0 +1,91 @@
+Tech Note 0004
+Using Yarrow, Fortuna and SOBER-128
+Tom St Denis
+
+Introduction
+------------
+
+This tech note explains how to use three of the more useful pseudo random number generators and their 
+own little "issues".  While all of the PRNGs have the same API and are roughly used in the same 
+manner their effectiveness really depends on the user knowing how they work.
+
+
+Yarrow
+------
+
+Yarrow is by far the simplest of the PRNGs.  It gathers bits of entropy by hashing the pool state
+plus the additional bits storing the message digest back in the pool.  E.g.
+
+pool = hash(pool || newbits)
+
+Simply dump bits into the PRNG via yarrow_add_entropy() and call yarrow_ready() when you want to 
+put them to use.  This PRNG while simple is not entirely safe.  An attacker who learns the state
+of the pool and can control future events can control the PRNG.  This requires an active attacker but 
+isn't entire impossible.
+
+The pool is then used as a key for a cipher that is used in CTR mode.  
+
+Yarrow is mostly meant for short-term programs [e.g. like file utils].  This particular implementation
+is not meant for long-term usage.
+
+Fortuna
+-------
+
+Fortuna was designed by Niels Fergusson and Bruce Schneier [Bruce is also the guy who invented Yarrow].  It
+operates on a more defensive level than Yarrow.  Instead of 1 entropy pool it has 32 and the new entropy 
+is spread [round robin] in all of the pools. 
+
+That is, each call to fortuna_add_entropy() puts the bits in the next [in the sequenece] pool of entropy.  
+Effective bits are added to the pool by sending them through a hash [but not terminating the hash].  
+
+Here's the main catch though.  When the PRNG must be reseeded [so that you can extract bits from it] only
+certain pools are used.  More precisely the i'th pool is used every 2**i'th reseeding.  For example, pool[0]
+is always used.  pool[1] is used every second reseeding, pool[2] every fourth.
+
+The pools are hashed together along with the current key and the result is the new key for a cipher which
+operates in CTR mode [more about that in a sec].
+
+Now this may seem odd at first however there is a good reason behind it.  An attacker who learns pool[0] won't
+strictly know the other pools.  So the recovery rate of is not 0.  In fact pool[0] can be completely 
+compromised and the PRNG will still eventually recover.  The value FORTUNA_WD is the "WatchDog" counter.
+Every FORTUNA_WD calls to fortuna_read will invoke the reseed operation.  By default this is set to 10 which 
+means after 10 calls the PRNG will reseed itself.  
+
+The pools are combined with the running cipher key [256 bits] so that a cipher in CTR mode can produce 
+the stream.  Unlike Yarrow the cipher is re-keyed after every call to fortuna_read() [so one big call 
+would be faster than many smaller calls].  This prevents too much data being encrypted under the same
+key [and mitigates a flaw in CTR mode that the same block can't be emitted twice under the same key].
+
+Fortuna is really meant for a kernel-level PRNG.  The more sources [and often] you feed into it the 
+healthier it will be.  It's also meant to be used for long term purposes.  Since it can recover from
+compromises it is harder to control it.  
+
+SOBER-128
+------
+
+SOBER-128 is actually a stream cipher but like most ciphers can easily be modelled in the context of a PRNG.
+This PRNG is extremely fast [4 cycles/byte on a P4] and was designed by a well known cryptographer [Greg Rose].
+
+SOBER-128 doesn't really "act" like the other two PRNGs.  It's meant to be seeded once and then read as 
+required.  In such a sense it isn't a "system PRNG" but useful short term purposes.  In particular
+the sober128_read() function actually XORs against the input buffer you specify.  This allows the 
+read() function to be used as an "encrypt" function as well.  
+
+You can only key SOBER-128 once [by calling sober128_add_entropy()].  Once it it is keyed subsequent
+calls to add_entropy() will be considered a "re-IV" operation.  Changing the IV allows you to use same
+initial key and not produce the same output stream.  It also lets you differentiate packets.  E.g. each
+packet has it's own IV.
+
+All inputs to sober128_add_entropy() must have a length that is a multiple of four.
+
+Overall
+-------
+
+Since SOBER-128 is *much* faster than the other two PRNGs a good setup would be to use Fortuna as your 
+system-wide PRNG and use SOBER-128 [key'ed from Fortuna] for encrypting streams or as a PRNG for 
+simulations.
+
+Yarrow is still a good candidate but only for "short lived" programs.  However, since Fortuna is faster
+[by about 10 cycles/byte on a P4] I'd use Fortuna anyways...
+
+Tom

libtomcrypt/notes/tech0005.txt

@@ -0,0 +1,18 @@
+Tech Note 0005
+Minimizing Code Space
+Tom St Denis
+
+Introduction
+------------
+
+Tweaking...
+
+You can disable whole classes of algorithms on the command line with the LTC_NO_* defines.  From there you can manually turn on what you want to enable.  
+
+The following build with GCC 3.4.3 on an AMD64 box gets you AES, CTR mode, SHA-256, HMAC, Yarrow, full RSA PKCS #1, PKCS #5, ASN.1 DER and MPI in 
+roughly 80KB of code.
+
+CFLAGS="-DSC_RSA_1 -DLTC_NO_CIPHERS -DLTC_NO_HASHES -DLTC_NO_PRNGS -DLTC_NO_MACS -DLTC_NO_MODES -DLTC_NO_PK -DRIJNDAEL -DCTR -DSHA256 \
+-DHMAC -DYARROW -DMRSA -DMPI -Os -fomit-frame-pointer" make IGNORE_SPEED=1
+
+Neato eh?

libtomcrypt/notes/tech0006.txt

@@ -0,0 +1,91 @@
+Tech Note 0006
+PK Standards Compliance
+Tom St Denis
+
+RSA
+----
+
+PKCS #1 compliance.
+
+Key Format:  RSAPublicKey and RSAPrivateKey as per PKCS #1 v2.1
+Encryption:  OAEP as per PKCS #1
+Signature :  PSS  as per PKCS #1
+
+DSA
+----
+
+The NIST DSA algorithm
+
+Key Format:  HomeBrew [see below]
+Signature :  ANSI X9.62 format [see below].
+
+Keys are stored as 
+
+DSAPublicKey ::= SEQUENCE {
+    publicFlags    BIT STRING(1), -- must be 0
+    g              INTEGER      , -- base generator, check that g^q mod p == 1
+                                  -- and that 1 < g < p - 1
+    p              INTEGER      , -- prime modulus 
+    q              INTEGER      , -- order of sub-group (must be prime)
+    y              INTEGER      , -- public key, specifically, g^x mod p, 
+                                  -- check that y^q mod p == 1
+                                  -- and that 1 < y < p - 1
+}
+
+DSAPrivateKey ::= SEQUENCE {
+    publicFlags    BIT STRING(1), -- must be 1
+    g              INTEGER      , -- base generator, check that g^q mod p == 1
+                                  -- and that 1 < g < p - 1
+    p              INTEGER      , -- prime modulus 
+    q              INTEGER      , -- order of sub-group (must be prime)
+    y              INTEGER      , -- public key, specifically, g^x mod p, 
+                                  -- check that y^q mod p == 1
+                                  -- and that 1 < y < p - 1
+    x              INTEGER        -- private key
+}
+
+Signatures are stored as 
+
+DSASignature ::= SEQUENCE {
+    r, s           INTEGER        -- signature parameters
+}
+
+ECC
+----
+
+The ANSI X9.62 and X9.63 algorithms [partial].  Supports all NIST GF(p) curves.
+
+Key Format   :  Homebrew [see below, only GF(p) NIST curves supported]
+Signature    :  X9.62 compliant
+Encryption   :  Homebrew [based on X9.63, differs in that the public point is stored as an ECCPublicKey]
+Shared Secret:  X9.63 compliant
+
+ECCPublicKey ::= SEQUENCE {
+    flags       BIT STRING(1), -- public/private flag (always zero), 
+    keySize     INTEGER,       -- Curve size (in bits) divided by eight 
+                               -- and rounded down, e.g. 521 => 65
+    pubkey.x    INTEGER,       -- The X co-ordinate of the public key point
+    pubkey.y    INTEGER,       -- The Y co-ordinate of the public key point
+}
+
+ECCPrivateKey ::= SEQUENCE {
+    flags       BIT STRING(1), -- public/private flag (always one), 
+    keySize     INTEGER,       -- Curve size (in bits) divided by eight 
+                               -- and rounded down, e.g. 521 => 65
+    pubkey.x    INTEGER,       -- The X co-ordinate of the public key point
+    pubkey.y    INTEGER,       -- The Y co-ordinate of the public key point
+    secret.k    INTEGER,       -- The secret key scalar
+}
+
+The encryption works by finding the X9.63 shared secret and hashing it.  The hash is then simply XOR'ed against the message [which must be at most the size
+of the hash digest].  The format of the encrypted text is as follows
+
+ECCEncrypted ::= SEQUENCE {
+    hashOID     OBJECT IDENTIFIER,   -- The OID of the hash used
+    pubkey      OCTET STRING     ,   -- Encapsulation of a random ECCPublicKey
+    skey        OCTET STRING         -- The encrypted text (which the hash was XOR'ed against)
+}
+
+% $Source: /cvs/libtom/libtomcrypt/notes/tech0006.txt,v $   
+% $Revision: 1.2 $   
+% $Date: 2005/06/18 02:26:27 $ 

libtomcrypt/parsenames.pl

@@ -0,0 +1,26 @@
+#!/usr/bin/perl
+#
+# Splits the list of files and outputs for makefile type files 
+# wrapped at 80 chars 
+# 
+# Tom St Denis
+@a = split(" ", $ARGV[1]);
+$b = "$ARGV[0]=";
+$len = length($b);
+print $b;
+foreach my $obj (@a) {
+   $len = $len + length($obj);
+   $obj =~ s/\*/\$/;
+   if ($len > 100) {
+      printf "\\\n";
+      $len = length($obj);
+   }
+   print "$obj ";
+}
+if ($ARGV[0] eq "HEADERS") { print "testprof/tomcrypt_test.h"; }
+
+print "\n\n";
+
+# $Source: /cvs/libtom/libtomcrypt/parsenames.pl,v $   
+# $Revision: 1.3 $   
+# $Date: 2005/05/05 14:49:27 $ 

libtomcrypt/run.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+bash build.sh " $1" "$2 -O2" "$3 IGNORE_SPEED=1"
+if [ -a testok.txt ] && [ -f testok.txt ]; then
+   echo
+else
+	echo
+	echo "Test failed"
+	exit 1
+fi
+
+rm -f testok.txt
+bash build.sh " $1" "$2 -Os" " $3 IGNORE_SPEED=1 LTC_SMALL=1"
+if [ -a testok.txt ] && [ -f testok.txt ]; then
+   echo
+else
+	echo
+	echo "Test failed"
+	exit 1
+fi
+
+rm -f testok.txt
+bash build.sh " $1" " $2" " $3"
+if [ -a testok.txt ] && [ -f testok.txt ]; then
+   echo
+else
+	echo
+	echo "Test failed"
+	exit 1
+fi
+
+exit 0
+
+# $Source: /cvs/libtom/libtomcrypt/run.sh,v $   
+# $Revision: 1.13 $   
+# $Date: 2005/05/11 18:59:53 $ 

libtomcrypt/src/ciphers/aes/aes.c

@@ -0,0 +1,755 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ */
+
+/* AES implementation by Tom St Denis
+ *
+ * Derived from the Public Domain source code by
+ 
+---  
+  * rijndael-alg-fst.c
+  *
+  * @version 3.0 (December 2000)
+  *
+  * Optimised ANSI C code for the Rijndael cipher (now AES)
+  *
+  * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
+  * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
+  * @author Paulo Barreto <paulo.barreto@terra.com.br>
+---
+ */
+/**
+  @file aes.c
+  Implementation of AES
+*/   
+
+#include "tomcrypt.h"
+
+#ifdef RIJNDAEL
+
+#ifndef ENCRYPT_ONLY 
+
+#define SETUP    rijndael_setup
+#define ECB_ENC  rijndael_ecb_encrypt
+#define ECB_DEC  rijndael_ecb_decrypt
+#define ECB_DONE rijndael_done
+#define ECB_TEST rijndael_test
+#define ECB_KS   rijndael_keysize
+
+#if 0
+const struct ltc_cipher_descriptor rijndael_desc =
+{
+    "rijndael",
+    6,
+    16, 32, 16, 10,
+    SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+#endif
+
+const struct ltc_cipher_descriptor aes_desc =
+{
+    "aes",
+    6,
+    16, 32, 16, 10,
+    SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+#else
+
+#define SETUP    rijndael_enc_setup
+#define ECB_ENC  rijndael_enc_ecb_encrypt
+#define ECB_KS   rijndael_enc_keysize
+#define ECB_DONE rijndael_enc_done
+
+const struct ltc_cipher_descriptor rijndael_enc_desc =
+{
+    "rijndael",
+    6,
+    16, 32, 16, 10,
+    SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+const struct ltc_cipher_descriptor aes_enc_desc =
+{
+    "aes",
+    6,
+    16, 32, 16, 10,
+    SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+#endif
+
+#include "aes_tab.c"
+
+static ulong32 setup_mix(ulong32 temp)
+{
+   return (Te4_3[byte(temp, 2)]) ^
+          (Te4_2[byte(temp, 1)]) ^
+          (Te4_1[byte(temp, 0)]) ^
+          (Te4_0[byte(temp, 3)]);
+}
+
+#ifndef ENCRYPT_ONLY
+#ifdef LTC_SMALL_CODE
+static ulong32 setup_mix2(ulong32 temp)
+{
+   return Td0(255 & Te4[byte(temp, 3)]) ^
+          Td1(255 & Te4[byte(temp, 2)]) ^
+          Td2(255 & Te4[byte(temp, 1)]) ^
+          Td3(255 & Te4[byte(temp, 0)]);
+}
+#endif
+#endif
+
+ /**
+    Initialize the AES (Rijndael) block cipher
+    @param key The symmetric key you wish to pass
+    @param keylen The key length in bytes
+    @param num_rounds The number of rounds desired (0 for default)
+    @param skey The key in as scheduled by this function.
+    @return CRYPT_OK if successful
+ */
+int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+{
+    int i, j;
+    ulong32 temp, *rk;
+#ifndef ENCRYPT_ONLY
+    ulong32 *rrk;
+#endif    
+    LTC_ARGCHK(key  != NULL);
+    LTC_ARGCHK(skey != NULL);
+  
+    if (keylen != 16 && keylen != 24 && keylen != 32) {
+       return CRYPT_INVALID_KEYSIZE;
+    }
+    
+    if (num_rounds != 0 && num_rounds != (10 + ((keylen/8)-2)*2)) {
+       return CRYPT_INVALID_ROUNDS;
+    }
+    
+    skey->rijndael.Nr = 10 + ((keylen/8)-2)*2;
+        
+    /* setup the forward key */
+    i                 = 0;
+    rk                = skey->rijndael.eK;
+    LOAD32H(rk[0], key     );
+    LOAD32H(rk[1], key +  4);
+    LOAD32H(rk[2], key +  8);
+    LOAD32H(rk[3], key + 12);
+    if (keylen == 16) {
+        j = 44;
+        for (;;) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+               break;
+            }
+            rk += 4;
+        }
+    } else if (keylen == 24) {
+        j = 52;   
+        LOAD32H(rk[4], key + 16);
+        LOAD32H(rk[5], key + 20);
+        for (;;) {
+        #ifdef _MSC_VER
+            temp = skey->rijndael.eK[rk - skey->rijndael.eK + 5]; 
+        #else
+            temp = rk[5];
+        #endif
+            rk[ 6] = rk[ 0] ^ setup_mix(temp) ^ rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                break;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    } else if (keylen == 32) {
+        j = 60;
+        LOAD32H(rk[4], key + 16);
+        LOAD32H(rk[5], key + 20);
+        LOAD32H(rk[6], key + 24);
+        LOAD32H(rk[7], key + 28);
+        for (;;) {
+        #ifdef _MSC_VER
+            temp = skey->rijndael.eK[rk - skey->rijndael.eK + 7]; 
+        #else
+            temp = rk[7];
+        #endif
+            rk[ 8] = rk[ 0] ^ setup_mix(temp) ^ rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                break;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^ setup_mix(RORc(temp, 8));
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
+            rk += 8;
+        }
+    } else {
+       /* this can't happen */
+       return CRYPT_ERROR;
+    }
+
+#ifndef ENCRYPT_ONLY    
+    /* setup the inverse key now */
+    rk   = skey->rijndael.dK;
+    rrk  = skey->rijndael.eK + j - 4; 
+    
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    /* copy first */
+    *rk++ = *rrk++;
+    *rk++ = *rrk++;
+    *rk++ = *rrk++;
+    *rk   = *rrk;
+    rk -= 3; rrk -= 3;
+    
+    for (i = 1; i < skey->rijndael.Nr; i++) {
+        rrk -= 4;
+        rk  += 4;
+    #ifdef LTC_SMALL_CODE        
+        temp = rrk[0];
+        rk[0] = setup_mix2(temp);
+        temp = rrk[1];
+        rk[1] = setup_mix2(temp);
+        temp = rrk[2];
+        rk[2] = setup_mix2(temp);
+        temp = rrk[3];
+        rk[3] = setup_mix2(temp);
+     #else
+        temp = rrk[0];
+        rk[0] =
+            Tks0[byte(temp, 3)] ^
+            Tks1[byte(temp, 2)] ^
+            Tks2[byte(temp, 1)] ^
+            Tks3[byte(temp, 0)];
+        temp = rrk[1];
+        rk[1] =
+            Tks0[byte(temp, 3)] ^
+            Tks1[byte(temp, 2)] ^
+            Tks2[byte(temp, 1)] ^
+            Tks3[byte(temp, 0)];
+        temp = rrk[2];
+        rk[2] =
+            Tks0[byte(temp, 3)] ^
+            Tks1[byte(temp, 2)] ^
+            Tks2[byte(temp, 1)] ^
+            Tks3[byte(temp, 0)];
+        temp = rrk[3];
+        rk[3] =
+            Tks0[byte(temp, 3)] ^
+            Tks1[byte(temp, 2)] ^
+            Tks2[byte(temp, 1)] ^
+            Tks3[byte(temp, 0)];
+      #endif            
+     
+    }
+
+    /* copy last */
+    rrk -= 4;
+    rk  += 4;
+    *rk++ = *rrk++;
+    *rk++ = *rrk++;
+    *rk++ = *rrk++;
+    *rk   = *rrk;
+#endif /* ENCRYPT_ONLY */
+
+    return CRYPT_OK;   
+}
+
+/**
+  Encrypts a block of text with AES
+  @param pt The input plaintext (16 bytes)
+  @param ct The output ciphertext (16 bytes)
+  @param skey The key as scheduled
+*/
+#ifdef LTC_CLEAN_STACK
+static void _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) 
+#else
+void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+#endif
+{
+    ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
+    int Nr, r;
+   
+    LTC_ARGCHK(pt != NULL);
+    LTC_ARGCHK(ct != NULL);
+    LTC_ARGCHK(skey != NULL);
+    
+    Nr = skey->rijndael.Nr;
+    rk = skey->rijndael.eK;
+    
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    LOAD32H(s0, pt      ); s0 ^= rk[0];
+    LOAD32H(s1, pt  +  4); s1 ^= rk[1];
+    LOAD32H(s2, pt  +  8); s2 ^= rk[2];
+    LOAD32H(s3, pt  + 12); s3 ^= rk[3];
+
+
+#ifdef LTC_SMALL_CODE
+
+    for (r = 0; ; r++) {
+        rk += 4;
+        t0 =
+            Te0(byte(s0, 3)) ^
+            Te1(byte(s1, 2)) ^
+            Te2(byte(s2, 1)) ^
+            Te3(byte(s3, 0)) ^
+            rk[0];
+        t1 =
+            Te0(byte(s1, 3)) ^
+            Te1(byte(s2, 2)) ^
+            Te2(byte(s3, 1)) ^
+            Te3(byte(s0, 0)) ^
+            rk[1];
+        t2 =
+            Te0(byte(s2, 3)) ^
+            Te1(byte(s3, 2)) ^
+            Te2(byte(s0, 1)) ^
+            Te3(byte(s1, 0)) ^
+            rk[2];
+        t3 =
+            Te0(byte(s3, 3)) ^
+            Te1(byte(s0, 2)) ^
+            Te2(byte(s1, 1)) ^
+            Te3(byte(s2, 0)) ^
+            rk[3];
+        if (r == Nr-2) { 
+           break;
+        }
+        s0 = t0; s1 = t1; s2 = t2; s3 = t3;
+    }
+    rk += 4;
+
+#else
+
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = Nr >> 1;
+    for (;;) {
+        t0 =
+            Te0(byte(s0, 3)) ^
+            Te1(byte(s1, 2)) ^
+            Te2(byte(s2, 1)) ^
+            Te3(byte(s3, 0)) ^
+            rk[4];
+        t1 =
+            Te0(byte(s1, 3)) ^
+            Te1(byte(s2, 2)) ^
+            Te2(byte(s3, 1)) ^
+            Te3(byte(s0, 0)) ^
+            rk[5];
+        t2 =
+            Te0(byte(s2, 3)) ^
+            Te1(byte(s3, 2)) ^
+            Te2(byte(s0, 1)) ^
+            Te3(byte(s1, 0)) ^
+            rk[6];
+        t3 =
+            Te0(byte(s3, 3)) ^
+            Te1(byte(s0, 2)) ^
+            Te2(byte(s1, 1)) ^
+            Te3(byte(s2, 0)) ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+        s0 =
+            Te0(byte(t0, 3)) ^
+            Te1(byte(t1, 2)) ^
+            Te2(byte(t2, 1)) ^
+            Te3(byte(t3, 0)) ^
+            rk[0];
+        s1 =
+            Te0(byte(t1, 3)) ^
+            Te1(byte(t2, 2)) ^
+            Te2(byte(t3, 1)) ^
+            Te3(byte(t0, 0)) ^
+            rk[1];
+        s2 =
+            Te0(byte(t2, 3)) ^
+            Te1(byte(t3, 2)) ^
+            Te2(byte(t0, 1)) ^
+            Te3(byte(t1, 0)) ^
+            rk[2];
+        s3 =
+            Te0(byte(t3, 3)) ^
+            Te1(byte(t0, 2)) ^
+            Te2(byte(t1, 1)) ^
+            Te3(byte(t2, 0)) ^
+            rk[3];
+    }
+
+#endif
+
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Te4_3[byte(t0, 3)]) ^
+        (Te4_2[byte(t1, 2)]) ^
+        (Te4_1[byte(t2, 1)]) ^
+        (Te4_0[byte(t3, 0)]) ^
+        rk[0];
+    STORE32H(s0, ct);
+    s1 =
+        (Te4_3[byte(t1, 3)]) ^
+        (Te4_2[byte(t2, 2)]) ^
+        (Te4_1[byte(t3, 1)]) ^
+        (Te4_0[byte(t0, 0)]) ^
+        rk[1];
+    STORE32H(s1, ct+4);
+    s2 =
+        (Te4_3[byte(t2, 3)]) ^
+        (Te4_2[byte(t3, 2)]) ^
+        (Te4_1[byte(t0, 1)]) ^
+        (Te4_0[byte(t1, 0)]) ^
+        rk[2];
+    STORE32H(s2, ct+8);
+    s3 =
+        (Te4_3[byte(t3, 3)]) ^
+        (Te4_2[byte(t0, 2)]) ^
+        (Te4_1[byte(t1, 1)]) ^
+        (Te4_0[byte(t2, 0)]) ^ 
+        rk[3];
+    STORE32H(s3, ct+12);
+}
+
+#ifdef LTC_CLEAN_STACK
+void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) 
+{
+   _rijndael_ecb_encrypt(pt, ct, skey);
+   burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2);
+}
+#endif
+
+#ifndef ENCRYPT_ONLY 
+
+/**
+  Decrypts a block of text with AES
+  @param ct The input ciphertext (16 bytes)
+  @param pt The output plaintext (16 bytes)
+  @param skey The key as scheduled 
+*/
+#ifdef LTC_CLEAN_STACK
+static void _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) 
+#else
+void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+#endif
+{
+    ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
+    int Nr, r;
+
+    LTC_ARGCHK(pt != NULL);
+    LTC_ARGCHK(ct != NULL);
+    LTC_ARGCHK(skey != NULL);
+    
+    Nr = skey->rijndael.Nr;
+    rk = skey->rijndael.dK;
+
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    LOAD32H(s0, ct      ); s0 ^= rk[0];
+    LOAD32H(s1, ct  +  4); s1 ^= rk[1];
+    LOAD32H(s2, ct  +  8); s2 ^= rk[2];
+    LOAD32H(s3, ct  + 12); s3 ^= rk[3];
+
+#ifdef LTC_SMALL_CODE
+    for (r = 0; ; r++) {
+        rk += 4;
+        t0 =
+            Td0(byte(s0, 3)) ^
+            Td1(byte(s3, 2)) ^
+            Td2(byte(s2, 1)) ^
+            Td3(byte(s1, 0)) ^
+            rk[0];
+        t1 =
+            Td0(byte(s1, 3)) ^
+            Td1(byte(s0, 2)) ^
+            Td2(byte(s3, 1)) ^
+            Td3(byte(s2, 0)) ^
+            rk[1];
+        t2 =
+            Td0(byte(s2, 3)) ^
+            Td1(byte(s1, 2)) ^
+            Td2(byte(s0, 1)) ^
+            Td3(byte(s3, 0)) ^
+            rk[2];
+        t3 =
+            Td0(byte(s3, 3)) ^
+            Td1(byte(s2, 2)) ^
+            Td2(byte(s1, 1)) ^
+            Td3(byte(s0, 0)) ^
+            rk[3];
+        if (r == Nr-2) {
+           break; 
+        }
+        s0 = t0; s1 = t1; s2 = t2; s3 = t3;
+    }
+    rk += 4;
+
+#else       
+
+    /*
+     * Nr - 1 full rounds:
+     */
+    r = Nr >> 1;
+    for (;;) {
+
+        t0 =
+            Td0(byte(s0, 3)) ^
+            Td1(byte(s3, 2)) ^
+            Td2(byte(s2, 1)) ^
+            Td3(byte(s1, 0)) ^
+            rk[4];
+        t1 =
+            Td0(byte(s1, 3)) ^
+            Td1(byte(s0, 2)) ^
+            Td2(byte(s3, 1)) ^
+            Td3(byte(s2, 0)) ^
+            rk[5];
+        t2 =
+            Td0(byte(s2, 3)) ^
+            Td1(byte(s1, 2)) ^
+            Td2(byte(s0, 1)) ^
+            Td3(byte(s3, 0)) ^
+            rk[6];
+        t3 =
+            Td0(byte(s3, 3)) ^
+            Td1(byte(s2, 2)) ^
+            Td2(byte(s1, 1)) ^
+            Td3(byte(s0, 0)) ^
+            rk[7];
+
+        rk += 8;
+        if (--r == 0) {
+            break;
+        }
+
+
+        s0 =
+            Td0(byte(t0, 3)) ^
+            Td1(byte(t3, 2)) ^
+            Td2(byte(t2, 1)) ^
+            Td3(byte(t1, 0)) ^
+            rk[0];
+        s1 =
+            Td0(byte(t1, 3)) ^
+            Td1(byte(t0, 2)) ^
+            Td2(byte(t3, 1)) ^
+            Td3(byte(t2, 0)) ^
+            rk[1];
+        s2 =
+            Td0(byte(t2, 3)) ^
+            Td1(byte(t1, 2)) ^
+            Td2(byte(t0, 1)) ^
+            Td3(byte(t3, 0)) ^
+            rk[2];
+        s3 =
+            Td0(byte(t3, 3)) ^
+            Td1(byte(t2, 2)) ^
+            Td2(byte(t1, 1)) ^
+            Td3(byte(t0, 0)) ^
+            rk[3];
+    }
+#endif
+
+    /*
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Td4[byte(t0, 3)] & 0xff000000) ^
+        (Td4[byte(t3, 2)] & 0x00ff0000) ^
+        (Td4[byte(t2, 1)] & 0x0000ff00) ^
+        (Td4[byte(t1, 0)] & 0x000000ff) ^
+        rk[0];
+    STORE32H(s0, pt);
+    s1 =
+        (Td4[byte(t1, 3)] & 0xff000000) ^
+        (Td4[byte(t0, 2)] & 0x00ff0000) ^
+        (Td4[byte(t3, 1)] & 0x0000ff00) ^
+        (Td4[byte(t2, 0)] & 0x000000ff) ^
+        rk[1];
+    STORE32H(s1, pt+4);
+    s2 =
+        (Td4[byte(t2, 3)] & 0xff000000) ^
+        (Td4[byte(t1, 2)] & 0x00ff0000) ^
+        (Td4[byte(t0, 1)] & 0x0000ff00) ^
+        (Td4[byte(t3, 0)] & 0x000000ff) ^
+        rk[2];
+    STORE32H(s2, pt+8);
+    s3 =
+        (Td4[byte(t3, 3)] & 0xff000000) ^
+        (Td4[byte(t2, 2)] & 0x00ff0000) ^
+        (Td4[byte(t1, 1)] & 0x0000ff00) ^
+        (Td4[byte(t0, 0)] & 0x000000ff) ^
+        rk[3];
+    STORE32H(s3, pt+12);
+}
+
+
+#ifdef LTC_CLEAN_STACK
+void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) 
+{
+   _rijndael_ecb_decrypt(ct, pt, skey);
+   burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2);
+}
+#endif
+
+/**
+  Performs a self-test of the AES block cipher
+  @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
+int ECB_TEST(void)
+{
+ #ifndef LTC_TEST
+    return CRYPT_NOP;
+ #else    
+ int err;
+ static const struct {
+     int keylen;
+     unsigned char key[32], pt[16], ct[16];
+ } tests[] = {
+    { 16,
+      { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 
+      { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
+      { 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, 
+        0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a }
+    }, { 
+      24,
+      { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 },
+      { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
+      { 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0, 
+        0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91 }
+    }, {
+      32,
+      { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
+      { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
+      { 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf, 
+        0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89 }
+    }
+ };
+ 
+ symmetric_key key;
+ unsigned char tmp[2][16];
+ int i, y;
+ 
+ for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
+    zeromem(&key, sizeof(key));
+    if ((err = rijndael_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) { 
+       return err;
+    }
+  
+    rijndael_ecb_encrypt(tests[i].pt, tmp[0], &key);
+    rijndael_ecb_decrypt(tmp[0], tmp[1], &key);
+    if (memcmp(tmp[0], tests[i].ct, 16) || memcmp(tmp[1], tests[i].pt, 16)) { 
+#if 0
+       printf("\n\nTest %d failed\n", i);
+       if (memcmp(tmp[0], tests[i].ct, 16)) {
+          printf("CT: ");
+          for (i = 0; i < 16; i++) {
+             printf("%02x ", tmp[0][i]);
+          }
+          printf("\n");
+       } else {
+          printf("PT: ");
+          for (i = 0; i < 16; i++) {
+             printf("%02x ", tmp[1][i]);
+          }
+          printf("\n");
+       }
+#endif       
+        return CRYPT_FAIL_TESTVECTOR;
+    }
+
+      /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
+      for (y = 0; y < 16; y++) tmp[0][y] = 0;
+      for (y = 0; y < 1000; y++) rijndael_ecb_encrypt(tmp[0], tmp[0], &key);
+      for (y = 0; y < 1000; y++) rijndael_ecb_decrypt(tmp[0], tmp[0], &key);
+      for (y = 0; y < 16; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR;
+ }       
+ return CRYPT_OK;
+ #endif
+}
+
+#endif /* ENCRYPT_ONLY */
+
+
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void ECB_DONE(symmetric_key *skey)
+{
+}
+
+
+/**
+  Gets suitable key size
+  @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.
+  @return CRYPT_OK if the input key size is acceptable.
+*/
+int ECB_KS(int *keysize)
+{
+   LTC_ARGCHK(keysize != NULL);
+
+   if (*keysize < 16)
+      return CRYPT_INVALID_KEYSIZE;
+   if (*keysize < 24) {
+      *keysize = 16;
+      return CRYPT_OK;
+   } else if (*keysize < 32) {
+      *keysize = 24;
+      return CRYPT_OK;
+   } else {
+      *keysize = 32;
+      return CRYPT_OK;
+   }
+}
+
+#endif
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/aes/aes.c,v $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2005/05/05 14:35:58 $ */