diff --git a/Doxyfile b/Doxyfile index 1a6f7fb..8c7731d 100644 --- a/Doxyfile +++ b/Doxyfile @@ -23,7 +23,7 @@ PROJECT_NAME = LibTomCrypt # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 1.09 +PROJECT_NUMBER = 1.10 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. diff --git a/changes b/changes index c06f245..0f07e94 100644 --- a/changes +++ b/changes @@ -1,3 +1,11 @@ +February 11th, 2006 +v1.10 -- Free ecb/cbc/ctr/lrw structures in timing code by calling the "done" function + -- fixed bug in lrw_process() which would always use the slow update ... + -- vastly sped up gcm_gf_mult() when LTC_FAST is defined. This speeds up LRW and GCM state creation, useful for servers with GCM + -- Removed NLS since there are some attacks against it. + -- fixed memory leak in rsa_import reported by John Kuhns + ++ re-released as the rsa fix was incorrect (bad John bad ... hehehe) and I missed some NULLs in the static descriptor entry for ciphers + January 26th, 2006 v1.09 -- Added missing doxygen comments to some of the ASN.1 routines -- Added "easy button" define LTC_EASY and LTC will build with a subset of all the algos. Reduces build times for typical @@ -1405,6 +1413,6 @@ v0.02 -- Changed RC5 to only allow 12 to 24 rounds v0.01 -- We will call this the first version. /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */ -/* $Revision: 1.168 $ */ -/* $Date: 2006/01/26 18:15:51 $ */ +/* $Revision: 1.173 $ */ +/* $Date: 2006/02/11 09:18:11 $ */ diff --git a/crypt.tex b/crypt.tex index 7c65080..a8bf83a 100644 --- a/crypt.tex +++ b/crypt.tex @@ -47,7 +47,7 @@ \def\gap{\vspace{0.5ex}} \makeindex \begin{document} -\title{LibTomCrypt \\ Version 1.09} +\title{LibTomCrypt \\ Version 1.10} \author{Tom St Denis \\ \\ tomstdenis@gmail.com \\ @@ -5181,5 +5181,5 @@ Since the function is given the entire RSA key (for private keys only) CRT is po \end{document} % $Source: /cvs/libtom/libtomcrypt/crypt.tex,v $ -% $Revision: 1.62 $ -% $Date: 2006/01/26 18:29:02 $ +% $Revision: 1.63 $ +% $Date: 2006/01/26 19:20:46 $ diff --git a/demos/timing.c b/demos/timing.c index dd35995..dfedba1 100644 --- a/demos/timing.c +++ b/demos/timing.c @@ -18,6 +18,7 @@ time_keysched(); time_cipher(); time_cipher2(); time_cipher3(); +time_cipher4(); time_hash(); time_macs(); time_encmacs(); diff --git a/doc/crypt.pdf b/doc/crypt.pdf index f8bb716..cdd7880 100644 Binary files a/doc/crypt.pdf and b/doc/crypt.pdf differ diff --git a/makefile b/makefile index f5248de..fed72b3 100644 --- a/makefile +++ b/makefile @@ -4,7 +4,7 @@ # Modified by Clay Culver # The version -VERSION=1.09 +VERSION=1.10 # Compiler and Linker Names #CC=gcc @@ -113,9 +113,8 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ -src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \ -src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \ -src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ +src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ +src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \ @@ -365,5 +364,5 @@ zipup: no_oops docs # $Source: /cvs/libtom/libtomcrypt/makefile,v $ -# $Revision: 1.114 $ -# $Date: 2006/01/26 06:12:31 $ +# $Revision: 1.116 $ +# $Date: 2006/01/29 15:53:38 $ diff --git a/makefile.icc b/makefile.icc index 9a4462f..f8c415b 100644 --- a/makefile.icc +++ b/makefile.icc @@ -100,9 +100,8 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ -src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \ -src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \ -src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ +src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ +src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \ @@ -270,6 +269,6 @@ install: library install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH) # $Source: /cvs/libtom/libtomcrypt/makefile.icc,v $ -# $Revision: 1.49 $ -# $Date: 2006/01/26 06:12:31 $ +# $Revision: 1.50 $ +# $Date: 2006/01/29 15:53:38 $ diff --git a/makefile.msvc b/makefile.msvc index c73c43f..0bfcc97 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -15,9 +15,8 @@ src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_ad src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \ src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \ src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \ -src/encauth/nls/nls_memory.obj src/encauth/nls/nlsfast.obj src/encauth/ocb/ocb_decrypt.obj \ -src/encauth/ocb/ocb_decrypt_verify_memory.obj src/encauth/ocb/ocb_done_decrypt.obj \ -src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \ +src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \ +src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \ src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \ src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \ src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj src/hashes/helper/hash_filehandle.obj \ @@ -133,5 +132,5 @@ timing: demos/timing.c library cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib $(EXTRALIBS) # $Source: /cvs/libtom/libtomcrypt/makefile.msvc,v $ -# $Revision: 1.29 $ -# $Date: 2006/01/26 06:12:31 $ +# $Revision: 1.30 $ +# $Date: 2006/01/29 15:53:38 $ diff --git a/makefile.shared b/makefile.shared index ce404b0..0fb64d3 100644 --- a/makefile.shared +++ b/makefile.shared @@ -6,7 +6,7 @@ # Tom St Denis # The version -VERSION=0:109 +VERSION=0:110 # Compiler and Linker Names CC=libtool --mode=compile gcc @@ -107,9 +107,8 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \ src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \ src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \ -src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \ -src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \ -src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ +src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \ +src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \ src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \ src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \ src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \ @@ -259,5 +258,5 @@ timing: library testprof/$(LIBTEST) $(TIMINGS) gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS) # $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $ -# $Revision: 1.43 $ -# $Date: 2006/01/26 06:12:31 $ +# $Revision: 1.45 $ +# $Date: 2006/01/29 15:53:38 $ diff --git a/src/encauth/gcm/gcm_gf_mult.c b/src/encauth/gcm/gcm_gf_mult.c index e4ffe4e..a81a632 100644 --- a/src/encauth/gcm/gcm_gf_mult.c +++ b/src/encauth/gcm/gcm_gf_mult.c @@ -15,8 +15,50 @@ */ #include "tomcrypt.h" +#if defined(GCM_TABLES) || defined(LRW_TABLES) || ((defined(GCM_MODE) || defined(GCM_MODE)) && defined(LTC_FAST)) + +/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the + * lower 16 bits are not zero'ed I removed the upper 14 bytes */ +const unsigned char gcm_shift_table[256*2] = { +0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e, +0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e, +0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e, +0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e, +0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e, +0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e, +0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e, +0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e, +0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce, +0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde, +0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee, +0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe, +0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e, +0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e, +0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae, +0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe, +0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e, +0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e, +0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e, +0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e, +0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e, +0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e, +0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e, +0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e, +0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce, +0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde, +0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee, +0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe, +0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e, +0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e, +0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae, +0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe }; + +#endif + + #if defined(GCM_MODE) || defined(LRW_MODE) +#ifndef LTC_FAST /* right shift */ static void gcm_rightshift(unsigned char *a) { @@ -33,7 +75,7 @@ static const unsigned char poly[] = { 0x00, 0xE1 }; /** - GCM GF multiplier (internal use only) + GCM GF multiplier (internal use only) bitserial @param a First value @param b Second value @param c Destination for a * b @@ -57,8 +99,123 @@ void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char * } XMEMCPY(c, Z, 16); } + +#else + +/* map normal numbers to "ieee" way ... e.g. bit reversed */ +#define M(x) ( ((x&8)>>3) | ((x&4)>>1) | ((x&2)<<1) | ((x&1)<<3) ) + +#define BPD (sizeof(LTC_FAST_TYPE) * 8) +#define WPV (1 + (16 / sizeof(LTC_FAST_TYPE))) + +/** + GCM GF multiplier (internal use only) word oriented + @param a First value + @param b Second value + @param c Destination for a * b + */ +void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c) +{ + int i, j, k, u; + LTC_FAST_TYPE B[16][WPV], tmp[32 / sizeof(LTC_FAST_TYPE)], pB[16 / sizeof(LTC_FAST_TYPE)], zz, z; + unsigned char pTmp[32]; + + /* create simple tables */ + zeromem(B[0], sizeof(B[0])); + zeromem(B[M(1)], sizeof(B[M(1)])); + +#ifdef ENDIAN_32BITWORD + for (i = 0; i < 4; i++) { + LOAD32H(B[M(1)][i], a + (i<<2)); + LOAD32L(pB[i], b + (i<<2)); + } +#else + for (i = 0; i < 2; i++) { + LOAD64H(B[M(1)][i], a + (i<<3)); + LOAD64L(pB[i], b + (i<<3)); + } +#endif + + /* now create 2, 4 and 8 */ + B[M(2)][0] = B[M(1)][0] >> 1; + B[M(4)][0] = B[M(1)][0] >> 2; + B[M(8)][0] = B[M(1)][0] >> 3; + for (i = 1; i < (int)WPV; i++) { + B[M(2)][i] = (B[M(1)][i-1] << (BPD-1)) | (B[M(1)][i] >> 1); + B[M(4)][i] = (B[M(1)][i-1] << (BPD-2)) | (B[M(1)][i] >> 2); + B[M(8)][i] = (B[M(1)][i-1] << (BPD-3)) | (B[M(1)][i] >> 3); + } + + /* now all values with two bits which are 3, 5, 6, 9, 10, 12 */ + for (i = 0; i < (int)WPV; i++) { + B[M(3)][i] = B[M(1)][i] ^ B[M(2)][i]; + B[M(5)][i] = B[M(1)][i] ^ B[M(4)][i]; + B[M(6)][i] = B[M(2)][i] ^ B[M(4)][i]; + B[M(9)][i] = B[M(1)][i] ^ B[M(8)][i]; + B[M(10)][i] = B[M(2)][i] ^ B[M(8)][i]; + B[M(12)][i] = B[M(8)][i] ^ B[M(4)][i]; + + /* now all 3 bit values and the only 4 bit value: 7, 11, 13, 14, 15 */ + B[M(7)][i] = B[M(3)][i] ^ B[M(4)][i]; + B[M(11)][i] = B[M(3)][i] ^ B[M(8)][i]; + B[M(13)][i] = B[M(1)][i] ^ B[M(12)][i]; + B[M(14)][i] = B[M(6)][i] ^ B[M(8)][i]; + B[M(15)][i] = B[M(7)][i] ^ B[M(8)][i]; + } + + zeromem(tmp, sizeof(tmp)); + + /* compute product four bits of each word at a time */ + /* for each nibble */ + for (i = (BPD/4)-1; i >= 0; i--) { + /* for each word */ + for (j = 0; j < (int)(WPV-1); j++) { + /* grab the 4 bits recall the nibbles are backwards so it's a shift by (i^1)*4 */ + u = (pB[j] >> ((i^1)<<2)) & 15; + + /* add offset by the word count the table looked up value to the result */ + for (k = 0; k < (int)WPV; k++) { + tmp[k+j] ^= B[u][k]; + } + } + /* shift result up by 4 bits */ + if (i != 0) { + for (z = j = 0; j < (int)(32 / sizeof(LTC_FAST_TYPE)); j++) { + zz = tmp[j] << (BPD-4); + tmp[j] = (tmp[j] >> 4) | z; + z = zz; + } + } + } + + /* store product */ +#ifdef ENDIAN_32BITWORD + for (i = 0; i < 8; i++) { + STORE32H(tmp[i], pTmp + (i<<2)); + } +#else + for (i = 0; i < 4; i++) { + STORE64H(tmp[i], pTmp + (i<<3)); + } +#endif + + /* reduce by taking most significant byte and adding the appropriate two byte sequence 16 bytes down */ + for (i = 31; i >= 16; i--) { + pTmp[i-16] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)]; + pTmp[i-15] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)+1]; + } + + for (i = 0; i < 16; i++) { + c[i] = pTmp[i]; + } + +} + +#endif + #endif /* $Source$ */ /* $Revision$ */ /* $Date$ */ + diff --git a/src/encauth/gcm/gcm_init.c b/src/encauth/gcm/gcm_init.c index 2a95ba4..3e525ca 100644 --- a/src/encauth/gcm/gcm_init.c +++ b/src/encauth/gcm/gcm_init.c @@ -17,46 +17,6 @@ #ifdef GCM_MODE -#ifdef GCM_TABLES - -/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the - * lower 16 bits are not zero'ed I removed the upper 14 bytes */ -static const unsigned char gcm_shift_table[256*2] = { -0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e, -0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e, -0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e, -0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e, -0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e, -0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e, -0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e, -0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e, -0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce, -0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde, -0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee, -0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe, -0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e, -0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e, -0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae, -0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe, -0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e, -0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e, -0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e, -0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e, -0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e, -0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e, -0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e, -0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e, -0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce, -0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde, -0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee, -0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe, -0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e, -0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e, -0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae, -0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe }; - -#endif - /** Initialize a GCM state @param gcm The GCM state to initialize diff --git a/src/encauth/nls/nls_memory.c b/src/encauth/nls/nls_memory.c deleted file mode 100644 index 60c3445..0000000 --- a/src/encauth/nls/nls_memory.c +++ /dev/null @@ -1,94 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org - */ - -/** - @file nls_memory.c - NLS support, process a block of memory, Tom St Denis -*/ - -#ifdef NLS_MODE - -int nls_memory(const unsigned char *key, unsigned long keylen, - const unsigned char *IV, unsigned long IVlen, - const unsigned char *adata, unsigned long adatalen, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long taglen, - int direction) -{ - nls_state *nls; - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(IV != NULL); - if (adatalen > 0) { - LTC_ARGCHK(adata != NULL); - } - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - if (taglen > 0) { - LTC_ARGCHK(tag != NULL); - } - - /* alloc NLS state */ - nls = XCALLOC(1, sizeof(*nls)); - if (nls == NULL) { - return CRYPT_MEM; - } - - /* init key and IV */ - if ((err = nls_key(nls, key, keylen)) != CRYPT_OK) { - goto done; - } - if ((err = nls_nonce(nls, IV, IVlen)) != CRYPT_OK) { - goto done; - } - - /* process adata */ - if (adatalen > 0) { - if ((err = nls_maconly(nls, adata, adatalen)) != CRYPT_OK) { - goto done; - } - } - - /* process msg */ - if (direction == NLS_ENCRYPT) { - if ((err = nls_encrypt(nls, pt, nbytes, ct)) != CRYPT_OK) { - goto done; - } - } else { - if ((err = nls_decrypt(nls, ct, nbytes, pt)) != CRYPT_OK) { - goto done; - } - } - - /* grab tag */ - if (taglen > 0) { - if ((err = nls_finish(nls, tag, taglen)) != CRYPT_OK) { - goto done; - } - } - - err = CRYPT_OK; -done: -#ifdef LTC_CLEAN_STACK - zeromem(nls, sizeof(*nls)); -#endif - XFREE(nls); - - return err; -} - -#endif - -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ diff --git a/src/encauth/nls/nlsfast.c b/src/encauth/nls/nlsfast.c deleted file mode 100644 index c4758b8..0000000 --- a/src/encauth/nls/nlsfast.c +++ /dev/null @@ -1,981 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org - */ - -/** - @file nlsfast.c - NLS support, entire suite, Tom St Denis -*/ - - -/* Id: nlsfast.c 346 2005-04-22 18:36:12Z mwp */ -/* nlsfast: NLS stream cipher and Mundja MAC -- fast implementation */ - -/* -THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED -WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND AGAINST -INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR -CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -*/ - - -/* This source has been modified from the original source for the LibTomCrypt project - * by Tom St Denis. (Warnings fixed and code GNU indented) - */ - -#include "tomcrypt.h" - -#ifdef NLS_MODE - -#define NLS_LONG_OUTPUT 1 -#define N 17 -#define NMAC 8 -#define WORDSIZE 32 -#define F16 0x10001ul -#define MACKONST 8 - -/* interface, multiplication table and SBox */ -#include "nlssbox.inc" -#include "nlsmultab.inc" -/* - * FOLD is how many register cycles need to be performed after combining the - * last byte of key and non-linear feedback, before every byte depends on every - * byte of the key. This depends on the feedback and nonlinear functions, and - * on where they are combined into the register. - */ -#define FOLD N /* how many iterations of folding to do */ -#define INITKONST 0x6996c53a /* value of KONST to use during key loading */ -#define KEYP 15 /* where to insert key words */ -#define FOLDP 4 /* where to insert non-linear feedback */ -#if NLS_LONG_OUTPUT -#define CTRP 2 /* where to insert counter to avoid small cycles */ -#endif /*NLS_LONG_OUTPUT */ - -#define Byte(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF)) - -/* define IS_LITTLE_ENDIAN for faster operation when appropriate */ -#if defined(ENDIAN_LITTLE) && defined(ENDIAN_32BITWORD) -/* Useful macros -- little endian words on a little endian machine */ -#define BYTE2WORD(b) (*(ulong32 *)(b)) -#define WORD2BYTE(w, b) ((*(ulong32 *)(b)) = w) -#define XORWORD(w, b) ((*(ulong32 *)(b)) ^= w) -#else -/* Useful macros -- machine independent little-endian version */ -#define BYTE2WORD(b) ( \ - (((ulong32)(b)[3] & 0xFF)<<24) | \ - (((ulong32)(b)[2] & 0xFF)<<16) | \ - (((ulong32)(b)[1] & 0xFF)<<8) | \ - (((ulong32)(b)[0] & 0xFF)) \ -) -#define WORD2BYTE(w, b) { \ - (b)[3] = Byte(w,3); \ - (b)[2] = Byte(w,2); \ - (b)[1] = Byte(w,1); \ - (b)[0] = Byte(w,0); \ -} -#define XORWORD(w, b) { \ - (b)[3] ^= Byte(w,3); \ - (b)[2] ^= Byte(w,2); \ - (b)[1] ^= Byte(w,1); \ - (b)[0] ^= Byte(w,0); \ -} -#endif - -#if NLS_LONG_OUTPUT -#define ZEROCOUNTER(c) c->CtrModF16 = c->CtrMod232 = 0 -#else -#define ZEROCOUNTER(c) /* nothing */ -#endif /*NLS_LONG_OUTPUT */ - -/* give correct offset for the current position of the register, - * where logically R[0] is at position "zero". - */ -#define OFF(zero, i) (((zero)+(i)) % N) - -#if NLS_LONG_OUTPUT -/* Increment counter and mix into register every so often */ -#define FIXCTR(c,z) \ -{ \ - if (++c->CtrModF16 == F16) { \ - c->CtrMod232 += c->CtrModF16; \ - c->R[OFF(z,CTRP)] += c->CtrMod232; \ - c->CtrMod232 = 0; \ - } \ -} -#endif /*NLS_LONG_OUTPUT */ - -/* step the shift register */ -/* After stepping, "zero" moves right one place */ -#define STEP(c,z) \ - { register ulong32 tt; \ - tt = ROL(c->R[OFF(z,0)],19) + ROL(c->R[OFF(z,15)],9) + c->konst; \ - tt ^= Sbox[(tt >> 24) & 0xFF]; \ - c->R[OFF(z,0)] = tt ^ c->R[OFF(z,4)]; \ - } -static void cycle(nls_state * c) -{ - ulong32 t; - int i; - - /* nonlinear feedback function */ - STEP(c, 0); - /* shift register */ - t = c->R[0]; - for (i = 1; i < N; ++i) - c->R[i - 1] = c->R[i]; - c->R[N - 1] = t; -#if NLS_LONG_OUTPUT - FIXCTR(c, 0); -#endif /*NLS_LONG_OUTPUT */ -} - -/* Return a non-linear function of some parts of the register. - */ -#define NLFUNC(c,z) \ - (c->R[OFF(z,0)] + c->R[OFF(z,16)]) \ - ^ (c->R[OFF(z,1)] + c->konst) \ - ^ (c->R[OFF(z,6)] + c->R[OFF(z,13)]) - -static ulong32 nltap(nls_state * c) -{ - return NLFUNC(c, 0); -} - -/* The Mundja MAC function is modelled after the round function of SHA-256. - * The following lines establish aliases for the MAC accumulator, just - * so that the definition of that function looks more like FIPS-180-2. - */ -#define A c->M[0] -#define B c->M[1] -#define C c->M[2] -#define D c->M[3] -#define E c->M[4] -#define F c->M[5] -#define G c->M[6] -#define H c->M[7] -#define SIGMA0(x) (ROR((x), 2) ^ ROR((x), 13) ^ ROR((x), 22)) -#define SIGMA1(x) (ROR((x), 6) ^ ROR((x), 11) ^ ROR((x), 25)) -#define CHOOSE(x,y,z) (z ^ (x & (y ^ z))) -#define MAJORITY(x,y,z) ((x & y) | (z & (x | y))) - -/* Accumulate a nonlinear function of a register word and an input word for MAC. - * Except for the added S-Box and SOBER LFSR input instead of constants, - * this is exactly a round of SHA-256. - */ -#define SHAFUNC(c,i,k,A,B,C,D,E,F,G,H) \ - { \ - ulong32 t1; \ - t1 = H + k + i; \ - t1 ^= Sbox[(t1 >> 24) & 0xFF]; \ - t1 += SIGMA1(E) + CHOOSE(E, F, G); \ - D += t1; \ - t1 += SIGMA0(A) + MAJORITY(A, B, C); \ - H = t1; \ - } - -static void shafunc(nls_state * c, ulong32 i) -{ - ulong32 t; - - SHAFUNC(c, i, c->R[MACKONST], A, B, C, D, E, F, G, H); - /* now correct alignment of MAC accumulator */ - t = c->M[NMAC - 1]; - for (i = NMAC - 1; i > 0; --i) - c->M[i] = c->M[i - 1]; - c->M[0] = t; -} - -/* Accumulate a CRC of input words, later to be fed into MAC. - */ -#define CRCFUNC(c,i,zero,five) \ - { \ - ulong32 t1; \ - t1 = (c->CRC[zero] << 8) ^ Multab[(c->CRC[zero] >> 24) & 0xFF] \ - ^ c->CRC[five] ^ i; \ - c->CRC[zero] = t1; \ - } - -static void crcfunc(nls_state * c, ulong32 i) -{ - ulong32 t; - - CRCFUNC(c, i, 0, 5); - /* now correct alignment of CRC accumulator */ - t = c->CRC[0]; - for (i = 1; i < NMAC; ++i) - c->CRC[i - 1] = c->CRC[i]; - c->CRC[NMAC - 1] = t; -} - -/* Normal MAC word processing: do both SHA and CRC. - */ -static void macfunc(nls_state * c, ulong32 i) -{ - crcfunc(c, i); - shafunc(c, i); -} - -/* initialise to known state - */ -static void nls_initstate(nls_state * c) -{ - int i; - - /* Register initialised to Fibonacci numbers */ - c->R[0] = 1; - c->R[1] = 1; - for (i = 2; i < N; ++i) - c->R[i] = c->R[i - 1] + c->R[i - 2]; - c->konst = INITKONST; - ZEROCOUNTER(c); -} - -/* Save the current register state - */ -static void nls_savestate(nls_state * c) -{ - int i; - - for (i = 0; i < N; ++i) - c->initR[i] = c->R[i]; -} - -/* initialise to previously saved register state - */ -static void nls_reloadstate(nls_state * c) -{ - int i; - - for (i = 0; i < N; ++i) - c->R[i] = c->initR[i]; - ZEROCOUNTER(c); -} - -/* Initialise "konst" - */ -static void nls_genkonst(nls_state * c) -{ - ulong32 newkonst; - - do { - cycle(c); - newkonst = nltap(c); - } - while ((newkonst & 0xFF000000) == 0); - c->konst = newkonst; -} - -/* Load key material into the register - */ -#define ADDKEY(k) \ - c->R[KEYP] += (k); - -#define XORNL(nl) \ - c->R[FOLDP] ^= (nl); - -/* nonlinear diffusion of register for key and MAC */ -#define DROUND(z) STEP(c,z); c->R[OFF((z+1),FOLDP)] ^= NLFUNC(c,(z+1)); -static void nls_diffuse(nls_state * c) -{ - /* relies on FOLD == N! */ - DROUND(0); - DROUND(1); - DROUND(2); - DROUND(3); - DROUND(4); - DROUND(5); - DROUND(6); - DROUND(7); - DROUND(8); - DROUND(9); - DROUND(10); - DROUND(11); - DROUND(12); - DROUND(13); - DROUND(14); - DROUND(15); - DROUND(16); -} - -/* common actions for loading key material */ -static void -nls_loadkey(nls_state * c, const unsigned char *key, unsigned long keylen) -{ - ulong32 i, k; - - /* start folding in key, reject odd sized keys */ - if ((keylen & 3) != 0) - abort(); - for (i = 0; i < keylen; i += 4) { - k = BYTE2WORD(&key[i]); - ADDKEY(k); - cycle(c); - XORNL(nltap(c)); - } - - /* also fold in the length of the key */ - ADDKEY(keylen); - - /* now diffuse */ - nls_diffuse(c); -} - -/* initialise MAC related registers - */ -static void nls_macinit(nls_state * c) -{ - int i; - - for (i = 0; i < NMAC; ++i) { - c->M[i] = c->R[i]; - c->CRC[i] = c->R[i + NMAC]; - } -} - -/* Published "key" interface - */ -int nls_key(nls_state * c, const unsigned char *key, unsigned long keylen) -{ - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(key != NULL); - - if (keylen == 0) { - return CRYPT_INVALID_ARG; - } - nls_initstate(c); - nls_loadkey(c, key, keylen); - nls_genkonst(c); - nls_savestate(c); - nls_macinit(c); - c->nbuf = 0; - ZEROCOUNTER(c); - return CRYPT_OK; -} - -/* Published "nonce" interface - */ -int -nls_nonce(nls_state * c, const unsigned char *nonce, unsigned long noncelen) -{ - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(nonce != NULL); - if (noncelen == 0) { - return CRYPT_INVALID_ARG; - } - nls_reloadstate(c); - nls_loadkey(c, nonce, noncelen); - nls_macinit(c); - c->nbuf = 0; - ZEROCOUNTER(c); - return CRYPT_OK; -} - -#if 0 -/* XOR pseudo-random bytes into buffer - * Note: doesn't play well with MAC functions. - */ -#define SROUND(z) STEP(c,z); t = NLFUNC(c,(z+1)); XORWORD(t, buf+(z*4)); -static void -nls_stream(nls_state * c, unsigned char *buf, unsigned long nbytes) -{ - ulong32 t = 0; - - /* handle any previously buffered bytes */ - while (c->nbuf != 0 && nbytes != 0) { - *buf++ ^= c->sbuf & 0xFF; - c->sbuf >>= 8; - c->nbuf -= 8; - --nbytes; - } - - /* do lots at a time, if there's enough to do */ - while (nbytes >= N * 4) { -#if NLS_LONG_OUTPUT - if (c->CtrModF16 < (F16 - 17)) { -#endif /*NLS_LONG_OUTPUT */ - SROUND(0); - SROUND(1); - SROUND(2); - SROUND(3); - SROUND(4); - SROUND(5); - SROUND(6); - SROUND(7); - SROUND(8); - SROUND(9); - SROUND(10); - SROUND(11); - SROUND(12); - SROUND(13); - SROUND(14); - SROUND(15); - SROUND(16); -#if NLS_LONG_OUTPUT - c->CtrModF16 += 17; - } else { - SROUND(0); - FIXCTR(c, 1); - SROUND(1); - FIXCTR(c, 2); - SROUND(2); - FIXCTR(c, 3); - SROUND(3); - FIXCTR(c, 4); - SROUND(4); - FIXCTR(c, 5); - SROUND(5); - FIXCTR(c, 6); - SROUND(6); - FIXCTR(c, 7); - SROUND(7); - FIXCTR(c, 8); - SROUND(8); - FIXCTR(c, 9); - SROUND(9); - FIXCTR(c, 10); - SROUND(10); - FIXCTR(c, 11); - SROUND(11); - FIXCTR(c, 12); - SROUND(12); - FIXCTR(c, 13); - SROUND(13); - FIXCTR(c, 14); - SROUND(14); - FIXCTR(c, 15); - SROUND(15); - FIXCTR(c, 16); - SROUND(16); - FIXCTR(c, 0); - } -#endif /*NLS_LONG_OUTPUT */ - buf += 4 * N; - nbytes -= N * 4; - } - - /* do small or odd size buffers the slow way */ - while (4 <= nbytes) { - cycle(c); - t = nltap(c); - XORWORD(t, buf); - buf += 4; - nbytes -= 4; - } - - /* handle any trailing bytes */ - if (nbytes != 0) { - cycle(c); - c->sbuf = nltap(c); - c->nbuf = 32; - while (c->nbuf != 0 && nbytes != 0) { - *buf++ ^= c->sbuf & 0xFF; - c->sbuf >>= 8; - c->nbuf -= 8; - --nbytes; - } - } -} - -#endif - -/* accumulate words into MAC without encryption - * Note that plaintext is accumulated for MAC. - */ -#define MROUND(z,A,B,C,D,E,F,G,H) \ - t = BYTE2WORD(buf+(z*4)); \ - STEP(c,z); \ - CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \ - SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); -int nls_maconly(nls_state * c, const unsigned char *buf, unsigned long nbytes) -{ - int i; - ulong32 t = 0; - - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(buf != NULL); - - - /* handle any previously buffered bytes */ - if (c->nbuf != 0) { - while (c->nbuf != 0 && nbytes != 0) { - c->mbuf ^= (*buf++) << (32 - c->nbuf); - c->nbuf -= 8; - --nbytes; - } - if (c->nbuf != 0) { /* not a whole word yet */ - return CRYPT_OK; - } - /* LFSR already cycled */ - macfunc(c, c->mbuf); - } - - /* do lots at a time, if there's enough to do */ - while (4 * N <= nbytes) { -#if NLS_LONG_OUTPUT - if (c->CtrModF16 < (F16 - 17)) { -#endif /*NLS_LONG_OUTPUT */ - MROUND(0, A, B, C, D, E, F, G, H); - MROUND(1, H, A, B, C, D, E, F, G); - MROUND(2, G, H, A, B, C, D, E, F); - MROUND(3, F, G, H, A, B, C, D, E); - MROUND(4, E, F, G, H, A, B, C, D); - MROUND(5, D, E, F, G, H, A, B, C); - MROUND(6, C, D, E, F, G, H, A, B); - MROUND(7, B, C, D, E, F, G, H, A); - MROUND(8, A, B, C, D, E, F, G, H); - MROUND(9, H, A, B, C, D, E, F, G); - MROUND(10, G, H, A, B, C, D, E, F); - MROUND(11, F, G, H, A, B, C, D, E); - MROUND(12, E, F, G, H, A, B, C, D); - MROUND(13, D, E, F, G, H, A, B, C); - MROUND(14, C, D, E, F, G, H, A, B); - MROUND(15, B, C, D, E, F, G, H, A); - MROUND(16, A, B, C, D, E, F, G, H); -#if NLS_LONG_OUTPUT - c->CtrModF16 += 17; - } else { - MROUND(0, A, B, C, D, E, F, G, H); - FIXCTR(c, 1); - MROUND(1, H, A, B, C, D, E, F, G); - FIXCTR(c, 2); - MROUND(2, G, H, A, B, C, D, E, F); - FIXCTR(c, 3); - MROUND(3, F, G, H, A, B, C, D, E); - FIXCTR(c, 4); - MROUND(4, E, F, G, H, A, B, C, D); - FIXCTR(c, 5); - MROUND(5, D, E, F, G, H, A, B, C); - FIXCTR(c, 6); - MROUND(6, C, D, E, F, G, H, A, B); - FIXCTR(c, 7); - MROUND(7, B, C, D, E, F, G, H, A); - FIXCTR(c, 8); - MROUND(8, A, B, C, D, E, F, G, H); - FIXCTR(c, 9); - MROUND(9, H, A, B, C, D, E, F, G); - FIXCTR(c, 10); - MROUND(10, G, H, A, B, C, D, E, F); - FIXCTR(c, 11); - MROUND(11, F, G, H, A, B, C, D, E); - FIXCTR(c, 12); - MROUND(12, E, F, G, H, A, B, C, D); - FIXCTR(c, 13); - MROUND(13, D, E, F, G, H, A, B, C); - FIXCTR(c, 14); - MROUND(14, C, D, E, F, G, H, A, B); - FIXCTR(c, 15); - MROUND(15, B, C, D, E, F, G, H, A); - FIXCTR(c, 16); - MROUND(16, A, B, C, D, E, F, G, H); - FIXCTR(c, 0); - } -#endif /*NLS_LONG_OUTPUT */ - buf += 4 * N; - nbytes -= 4 * N; - /* fix alignment of MAC buffer */ - t = c->M[NMAC - 1]; - for (i = NMAC - 1; i > 0; --i) - c->M[i] = c->M[i - 1]; - c->M[0] = t; - /* fix alignment of CRC buffer */ - t = c->CRC[0]; - for (i = 1; i < NMAC; ++i) - c->CRC[i - 1] = c->CRC[i]; - c->CRC[NMAC - 1] = t; - } - - /* do small or odd size buffers the slow way */ - while (4 <= nbytes) { - cycle(c); - macfunc(c, BYTE2WORD(buf)); - buf += 4; - nbytes -= 4; - } - - /* handle any trailing bytes */ - if (nbytes != 0) { - cycle(c); - c->sbuf = nltap(c); - c->mbuf = 0; - c->nbuf = 32; - while (nbytes != 0) { - c->mbuf ^= (*buf++) << (32 - c->nbuf); - c->nbuf -= 8; - --nbytes; - } - } - - return CRYPT_OK; -} - -/* Combined MAC and encryption. - * Note that plaintext is accumulated for MAC. - */ -#define EROUND(z,A,B,C,D,E,F,G,H) \ - STEP(c,z); \ - t3 = BYTE2WORD(buf+(z*4)); \ - CRCFUNC(c,t3,((z)&0x7),(((z)+5)&0x7)); \ - SHAFUNC(c,t3,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \ - t = NLFUNC(c,(z+1)); \ - t ^= t3; \ - WORD2BYTE(t,buf+(z*4)); -int nls_encrypt(nls_state * c, - const unsigned char *pt, unsigned long nbytes, - unsigned char *ct) -{ - ulong32 t = 0, t3 = 0; - int i; - - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - #define buf ct - - /* do copy as required */ - if (pt != ct) { - XMEMCPY(ct, pt, nbytes); - } - - /* handle any previously buffered bytes */ - if (c->nbuf != 0) { - while (c->nbuf != 0 && nbytes != 0) { - c->mbuf ^= *buf << (32 - c->nbuf); - *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF; - ++buf; - c->nbuf -= 8; - --nbytes; - } - if (c->nbuf != 0) /* not a whole word yet */ - return CRYPT_OK; - /* LFSR already cycled */ - macfunc(c, c->mbuf); - } - - /* do lots at a time, if there's enough to do */ - while (4 * N <= nbytes) { -#if NLS_LONG_OUTPUT - if (c->CtrModF16 < (F16 - 17)) { -#endif /*NLS_LONG_OUTPUT */ - EROUND(0, A, B, C, D, E, F, G, H); - EROUND(1, H, A, B, C, D, E, F, G); - EROUND(2, G, H, A, B, C, D, E, F); - EROUND(3, F, G, H, A, B, C, D, E); - EROUND(4, E, F, G, H, A, B, C, D); - EROUND(5, D, E, F, G, H, A, B, C); - EROUND(6, C, D, E, F, G, H, A, B); - EROUND(7, B, C, D, E, F, G, H, A); - EROUND(8, A, B, C, D, E, F, G, H); - EROUND(9, H, A, B, C, D, E, F, G); - EROUND(10, G, H, A, B, C, D, E, F); - EROUND(11, F, G, H, A, B, C, D, E); - EROUND(12, E, F, G, H, A, B, C, D); - EROUND(13, D, E, F, G, H, A, B, C); - EROUND(14, C, D, E, F, G, H, A, B); - EROUND(15, B, C, D, E, F, G, H, A); - EROUND(16, A, B, C, D, E, F, G, H); -#if NLS_LONG_OUTPUT - c->CtrModF16 += 17; - } else { - EROUND(0, A, B, C, D, E, F, G, H); - FIXCTR(c, 1); - EROUND(1, H, A, B, C, D, E, F, G); - FIXCTR(c, 2); - EROUND(2, G, H, A, B, C, D, E, F); - FIXCTR(c, 3); - EROUND(3, F, G, H, A, B, C, D, E); - FIXCTR(c, 4); - EROUND(4, E, F, G, H, A, B, C, D); - FIXCTR(c, 5); - EROUND(5, D, E, F, G, H, A, B, C); - FIXCTR(c, 6); - EROUND(6, C, D, E, F, G, H, A, B); - FIXCTR(c, 7); - EROUND(7, B, C, D, E, F, G, H, A); - FIXCTR(c, 8); - EROUND(8, A, B, C, D, E, F, G, H); - FIXCTR(c, 9); - EROUND(9, H, A, B, C, D, E, F, G); - FIXCTR(c, 10); - EROUND(10, G, H, A, B, C, D, E, F); - FIXCTR(c, 11); - EROUND(11, F, G, H, A, B, C, D, E); - FIXCTR(c, 12); - EROUND(12, E, F, G, H, A, B, C, D); - FIXCTR(c, 13); - EROUND(13, D, E, F, G, H, A, B, C); - FIXCTR(c, 14); - EROUND(14, C, D, E, F, G, H, A, B); - FIXCTR(c, 15); - EROUND(15, B, C, D, E, F, G, H, A); - FIXCTR(c, 16); - EROUND(16, A, B, C, D, E, F, G, H); - FIXCTR(c, 0); - } -#endif /*NLS_LONG_OUTPUT */ - buf += 4 * N; - nbytes -= 4 * N; - /* fix alignment of MAC buffer */ - t = c->M[7]; - for (i = NMAC - 1; i > 0; --i) - c->M[i] = c->M[i - 1]; - c->M[0] = t; - /* fix alignment of CRC buffer */ - t = c->CRC[0]; - for (i = 1; i < NMAC; ++i) - c->CRC[i - 1] = c->CRC[i]; - c->CRC[NMAC - 1] = t; - } - - /* do small or odd size buffers the slow way */ - while (4 <= nbytes) { - cycle(c); - t = BYTE2WORD(buf); - macfunc(c, t); - t ^= nltap(c); - WORD2BYTE(t, buf); - nbytes -= 4; - buf += 4; - } - - /* handle any trailing bytes */ - if (nbytes != 0) { - cycle(c); - c->sbuf = nltap(c); - c->mbuf = 0; - c->nbuf = 32; - while (c->nbuf != 0 && nbytes != 0) { - c->mbuf ^= *buf << (32 - c->nbuf); - *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF; - ++buf; - c->nbuf -= 8; - --nbytes; - } - } - - #undef buf - - return CRYPT_OK; -} - -/* Combined MAC and decryption. - * Note that plaintext is accumulated for MAC. - */ -#undef DROUND -#define DROUND(z,A,B,C,D,E,F,G,H) \ - STEP(c,z); \ - t = NLFUNC(c,(z+1)); \ - t3 = BYTE2WORD(buf+(z*4)); \ - t ^= t3; \ - CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \ - SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \ - WORD2BYTE(t, buf+(z*4)); -int nls_decrypt(nls_state * c, - const unsigned char *ct, unsigned long nbytes, - unsigned char *pt) -{ - ulong32 t = 0, t3 = 0; - int i; - - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - #define buf pt - - if (pt != ct) { - XMEMCPY(pt, ct, nbytes); - } - - /* handle any previously buffered bytes */ - if (c->nbuf != 0) { - while (c->nbuf != 0 && nbytes != 0) { - *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF; - c->mbuf ^= *buf << (32 - c->nbuf); - ++buf; - c->nbuf -= 8; - --nbytes; - } - if (c->nbuf != 0) /* not a whole word yet */ - return CRYPT_OK; - /* LFSR already cycled */ - macfunc(c, c->mbuf); - } - - /* now do lots at a time, if there's enough */ - while (4 * N <= nbytes) { -#if NLS_LONG_OUTPUT - if (c->CtrModF16 < (F16 - 17)) { -#endif /*NLS_LONG_OUTPUT */ - DROUND(0, A, B, C, D, E, F, G, H); - DROUND(1, H, A, B, C, D, E, F, G); - DROUND(2, G, H, A, B, C, D, E, F); - DROUND(3, F, G, H, A, B, C, D, E); - DROUND(4, E, F, G, H, A, B, C, D); - DROUND(5, D, E, F, G, H, A, B, C); - DROUND(6, C, D, E, F, G, H, A, B); - DROUND(7, B, C, D, E, F, G, H, A); - DROUND(8, A, B, C, D, E, F, G, H); - DROUND(9, H, A, B, C, D, E, F, G); - DROUND(10, G, H, A, B, C, D, E, F); - DROUND(11, F, G, H, A, B, C, D, E); - DROUND(12, E, F, G, H, A, B, C, D); - DROUND(13, D, E, F, G, H, A, B, C); - DROUND(14, C, D, E, F, G, H, A, B); - DROUND(15, B, C, D, E, F, G, H, A); - DROUND(16, A, B, C, D, E, F, G, H); -#if NLS_LONG_OUTPUT - c->CtrModF16 += 17; - } else { - DROUND(0, A, B, C, D, E, F, G, H); - FIXCTR(c, 1); - DROUND(1, H, A, B, C, D, E, F, G); - FIXCTR(c, 2); - DROUND(2, G, H, A, B, C, D, E, F); - FIXCTR(c, 3); - DROUND(3, F, G, H, A, B, C, D, E); - FIXCTR(c, 4); - DROUND(4, E, F, G, H, A, B, C, D); - FIXCTR(c, 5); - DROUND(5, D, E, F, G, H, A, B, C); - FIXCTR(c, 6); - DROUND(6, C, D, E, F, G, H, A, B); - FIXCTR(c, 7); - DROUND(7, B, C, D, E, F, G, H, A); - FIXCTR(c, 8); - DROUND(8, A, B, C, D, E, F, G, H); - FIXCTR(c, 9); - DROUND(9, H, A, B, C, D, E, F, G); - FIXCTR(c, 10); - DROUND(10, G, H, A, B, C, D, E, F); - FIXCTR(c, 11); - DROUND(11, F, G, H, A, B, C, D, E); - FIXCTR(c, 12); - DROUND(12, E, F, G, H, A, B, C, D); - FIXCTR(c, 13); - DROUND(13, D, E, F, G, H, A, B, C); - FIXCTR(c, 14); - DROUND(14, C, D, E, F, G, H, A, B); - FIXCTR(c, 15); - DROUND(15, B, C, D, E, F, G, H, A); - FIXCTR(c, 16); - DROUND(16, A, B, C, D, E, F, G, H); - FIXCTR(c, 0); - } -#endif /*NLS_LONG_OUTPUT */ - buf += 4 * N; - nbytes -= 4 * N; - /* fix alignment of MAC buffer */ - t = c->M[7]; - for (i = NMAC - 1; i > 0; --i) - c->M[i] = c->M[i - 1]; - c->M[0] = t; - /* fix alignment of CRC buffer */ - t = c->CRC[0]; - for (i = 1; i < NMAC; ++i) - c->CRC[i - 1] = c->CRC[i]; - c->CRC[NMAC - 1] = t; - } - - /* do small or odd size buffers the slow way */ - while (4 <= nbytes) { - cycle(c); - t = nltap(c); - t3 = BYTE2WORD(buf); - t ^= t3; - macfunc(c, t); - WORD2BYTE(t, buf); - nbytes -= 4; - buf += 4; - } - - /* handle any trailing bytes */ - if (nbytes != 0) { - cycle(c); - c->sbuf = nltap(c); - c->mbuf = 0; - c->nbuf = 32; - while (c->nbuf != 0 && nbytes != 0) { - *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF; - c->mbuf ^= *buf << (32 - c->nbuf); - ++buf; - c->nbuf -= 8; - --nbytes; - } - } - return CRYPT_OK; - - #undef buf -} - -/* Having accumulated a MAC, finish processing and return it. - * Note that any unprocessed bytes are treated as if - * they were encrypted zero bytes, so plaintext (zero) is accumulated. - */ -int nls_finish(nls_state * c, unsigned char *buf, unsigned long nbytes) -{ - ulong32 i; - - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(buf != NULL); - - /* handle any previously buffered bytes */ - if (c->nbuf != 0) { - /* LFSR already cycled */ - macfunc(c, c->mbuf); - } - - /* perturb the MAC to mark end of input. - * Note that only the SHA part is updated, not the CRC. This is an - * action that can't be duplicated by passing in plaintext, hence - * defeating any kind of extension attack. - */ - cycle(c); - shafunc(c, INITKONST + (c->nbuf << 24)); - c->nbuf = 0; - - /* now add the CRC to the MAC like input material */ - for (i = 0; i < NMAC; ++i) { - cycle(c); - crcfunc(c, 0); - shafunc(c, c->CRC[7]); - } - - /* continue that process, producing output from the MAC buffer */ - while (nbytes > 0) { - cycle(c); - crcfunc(c, 0); - shafunc(c, c->CRC[7]); - if (nbytes >= 4) { - WORD2BYTE(A, buf); - nbytes -= 4; - buf += 4; - } else { - for (i = 0; i < nbytes; ++i) - buf[i] = Byte(A, i); - break; - } - } - - return CRYPT_OK; -} - -#endif - -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ diff --git a/src/encauth/nls/nlsmultab.inc b/src/encauth/nls/nlsmultab.inc deleted file mode 100644 index d89032e..0000000 --- a/src/encauth/nls/nlsmultab.inc +++ /dev/null @@ -1,68 +0,0 @@ -/* Id: nlsmultab.h 333 2005-04-13 05:35:54Z mwp */ -/* Multiplication table for Mundja using 0xD02B4367 */ -static const ulong32 Multab[256] = { - 0x00000000, 0xD02B4367, 0xED5686CE, 0x3D7DC5A9, - 0x97AC41D1, 0x478702B6, 0x7AFAC71F, 0xAAD18478, - 0x631582EF, 0xB33EC188, 0x8E430421, 0x5E684746, - 0xF4B9C33E, 0x24928059, 0x19EF45F0, 0xC9C40697, - 0xC62A4993, 0x16010AF4, 0x2B7CCF5D, 0xFB578C3A, - 0x51860842, 0x81AD4B25, 0xBCD08E8C, 0x6CFBCDEB, - 0xA53FCB7C, 0x7514881B, 0x48694DB2, 0x98420ED5, - 0x32938AAD, 0xE2B8C9CA, 0xDFC50C63, 0x0FEE4F04, - 0xC154926B, 0x117FD10C, 0x2C0214A5, 0xFC2957C2, - 0x56F8D3BA, 0x86D390DD, 0xBBAE5574, 0x6B851613, - 0xA2411084, 0x726A53E3, 0x4F17964A, 0x9F3CD52D, - 0x35ED5155, 0xE5C61232, 0xD8BBD79B, 0x089094FC, - 0x077EDBF8, 0xD755989F, 0xEA285D36, 0x3A031E51, - 0x90D29A29, 0x40F9D94E, 0x7D841CE7, 0xADAF5F80, - 0x646B5917, 0xB4401A70, 0x893DDFD9, 0x59169CBE, - 0xF3C718C6, 0x23EC5BA1, 0x1E919E08, 0xCEBADD6F, - 0xCFA869D6, 0x1F832AB1, 0x22FEEF18, 0xF2D5AC7F, - 0x58042807, 0x882F6B60, 0xB552AEC9, 0x6579EDAE, - 0xACBDEB39, 0x7C96A85E, 0x41EB6DF7, 0x91C02E90, - 0x3B11AAE8, 0xEB3AE98F, 0xD6472C26, 0x066C6F41, - 0x09822045, 0xD9A96322, 0xE4D4A68B, 0x34FFE5EC, - 0x9E2E6194, 0x4E0522F3, 0x7378E75A, 0xA353A43D, - 0x6A97A2AA, 0xBABCE1CD, 0x87C12464, 0x57EA6703, - 0xFD3BE37B, 0x2D10A01C, 0x106D65B5, 0xC04626D2, - 0x0EFCFBBD, 0xDED7B8DA, 0xE3AA7D73, 0x33813E14, - 0x9950BA6C, 0x497BF90B, 0x74063CA2, 0xA42D7FC5, - 0x6DE97952, 0xBDC23A35, 0x80BFFF9C, 0x5094BCFB, - 0xFA453883, 0x2A6E7BE4, 0x1713BE4D, 0xC738FD2A, - 0xC8D6B22E, 0x18FDF149, 0x258034E0, 0xF5AB7787, - 0x5F7AF3FF, 0x8F51B098, 0xB22C7531, 0x62073656, - 0xABC330C1, 0x7BE873A6, 0x4695B60F, 0x96BEF568, - 0x3C6F7110, 0xEC443277, 0xD139F7DE, 0x0112B4B9, - 0xD31DD2E1, 0x03369186, 0x3E4B542F, 0xEE601748, - 0x44B19330, 0x949AD057, 0xA9E715FE, 0x79CC5699, - 0xB008500E, 0x60231369, 0x5D5ED6C0, 0x8D7595A7, - 0x27A411DF, 0xF78F52B8, 0xCAF29711, 0x1AD9D476, - 0x15379B72, 0xC51CD815, 0xF8611DBC, 0x284A5EDB, - 0x829BDAA3, 0x52B099C4, 0x6FCD5C6D, 0xBFE61F0A, - 0x7622199D, 0xA6095AFA, 0x9B749F53, 0x4B5FDC34, - 0xE18E584C, 0x31A51B2B, 0x0CD8DE82, 0xDCF39DE5, - 0x1249408A, 0xC26203ED, 0xFF1FC644, 0x2F348523, - 0x85E5015B, 0x55CE423C, 0x68B38795, 0xB898C4F2, - 0x715CC265, 0xA1778102, 0x9C0A44AB, 0x4C2107CC, - 0xE6F083B4, 0x36DBC0D3, 0x0BA6057A, 0xDB8D461D, - 0xD4630919, 0x04484A7E, 0x39358FD7, 0xE91ECCB0, - 0x43CF48C8, 0x93E40BAF, 0xAE99CE06, 0x7EB28D61, - 0xB7768BF6, 0x675DC891, 0x5A200D38, 0x8A0B4E5F, - 0x20DACA27, 0xF0F18940, 0xCD8C4CE9, 0x1DA70F8E, - 0x1CB5BB37, 0xCC9EF850, 0xF1E33DF9, 0x21C87E9E, - 0x8B19FAE6, 0x5B32B981, 0x664F7C28, 0xB6643F4F, - 0x7FA039D8, 0xAF8B7ABF, 0x92F6BF16, 0x42DDFC71, - 0xE80C7809, 0x38273B6E, 0x055AFEC7, 0xD571BDA0, - 0xDA9FF2A4, 0x0AB4B1C3, 0x37C9746A, 0xE7E2370D, - 0x4D33B375, 0x9D18F012, 0xA06535BB, 0x704E76DC, - 0xB98A704B, 0x69A1332C, 0x54DCF685, 0x84F7B5E2, - 0x2E26319A, 0xFE0D72FD, 0xC370B754, 0x135BF433, - 0xDDE1295C, 0x0DCA6A3B, 0x30B7AF92, 0xE09CECF5, - 0x4A4D688D, 0x9A662BEA, 0xA71BEE43, 0x7730AD24, - 0xBEF4ABB3, 0x6EDFE8D4, 0x53A22D7D, 0x83896E1A, - 0x2958EA62, 0xF973A905, 0xC40E6CAC, 0x14252FCB, - 0x1BCB60CF, 0xCBE023A8, 0xF69DE601, 0x26B6A566, - 0x8C67211E, 0x5C4C6279, 0x6131A7D0, 0xB11AE4B7, - 0x78DEE220, 0xA8F5A147, 0x958864EE, 0x45A32789, - 0xEF72A3F1, 0x3F59E096, 0x0224253F, 0xD20F6658, -}; diff --git a/src/encauth/nls/nlssbox.inc b/src/encauth/nls/nlssbox.inc deleted file mode 100644 index 0a5797a..0000000 --- a/src/encauth/nls/nlssbox.inc +++ /dev/null @@ -1,84 +0,0 @@ -/* Id: nlssbox.h 333 2005-04-13 05:35:54Z mwp */ -/* Sbox for NLS */ -/* - * This is really the combination of two SBoxes; the least significant - * 24 bits comes from: - * 8->32 Sbox generated by Millan et. al. at Queensland University of - * Technology. See: E. Dawson, W. Millan, L. Burnett, G. Carter, - * "On the Design of 8*32 S-boxes". Unpublished report, by the - * Information Systems Research Centre, - * Queensland University of Technology, 1999. - * - * The most significant 8 bits are the Skipjack "F table", which can be - * found at http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf . - * In this optimised table, though, the intent is to XOR the word from - * the table selected by the high byte with the input word. Thus, the - * high byte is actually the Skipjack F-table entry XORED with its - * table index. - */ -static const ulong32 Sbox[256] = { - 0xa3aa1887, 0xd65e435c, 0x0b65c042, 0x800e6ef4, - 0xfc57ee20, 0x4d84fed3, 0xf066c502, 0xf354e8ae, - 0xbb2ee9d9, 0x281f38d4, 0x1f829b5d, 0x735cdf3c, - 0x95864249, 0xbc2e3963, 0xa1f4429f, 0xf6432c35, - 0xf7f40325, 0x3cc0dd70, 0x5f973ded, 0x9902dc5e, - 0xda175b42, 0x590012bf, 0xdc94d78c, 0x39aab26b, - 0x4ac11b9a, 0x8c168146, 0xc3ea8ec5, 0x058ac28f, - 0x52ed5c0f, 0x25b4101c, 0x5a2db082, 0x370929e1, - 0x2a1843de, 0xfe8299fc, 0x202fbc4b, 0x833915dd, - 0x33a803fa, 0xd446b2de, 0x46233342, 0x4fcee7c3, - 0x3ad607ef, 0x9e97ebab, 0x507f859b, 0xe81f2e2f, - 0xc55b71da, 0xd7e2269a, 0x1339c3d1, 0x7ca56b36, - 0xa6c9def2, 0xb5c9fc5f, 0x5927b3a3, 0x89a56ddf, - 0xc625b510, 0x560f85a7, 0xace82e71, 0x2ecb8816, - 0x44951e2a, 0x97f5f6af, 0xdfcbc2b3, 0xce4ff55d, - 0xcb6b6214, 0x2b0b83e3, 0x549ea6f5, 0x9de041af, - 0x792f1f17, 0xf73b99ee, 0x39a65ec0, 0x4c7016c6, - 0x857709a4, 0xd6326e01, 0xc7b280d9, 0x5cfb1418, - 0xa6aff227, 0xfd548203, 0x506b9d96, 0xa117a8c0, - 0x9cd5bf6e, 0xdcee7888, 0x61fcfe64, 0xf7a193cd, - 0x050d0184, 0xe8ae4930, 0x88014f36, 0xd6a87088, - 0x6bad6c2a, 0x1422c678, 0xe9204de7, 0xb7c2e759, - 0x0200248e, 0x013b446b, 0xda0d9fc2, 0x0414a895, - 0x3a6cc3a1, 0x56fef170, 0x86c19155, 0xcf7b8a66, - 0x551b5e69, 0xb4a8623e, 0xa2bdfa35, 0xc4f068cc, - 0x573a6acd, 0x6355e936, 0x03602db9, 0x0edf13c1, - 0x2d0bb16d, 0x6980b83c, 0xfeb23763, 0x3dd8a911, - 0x01b6bc13, 0xf55579d7, 0xf55c2fa8, 0x19f4196e, - 0xe7db5476, 0x8d64a866, 0xc06e16ad, 0xb17fc515, - 0xc46feb3c, 0x8bc8a306, 0xad6799d9, 0x571a9133, - 0x992466dd, 0x92eb5dcd, 0xac118f50, 0x9fafb226, - 0xa1b9cef3, 0x3ab36189, 0x347a19b1, 0x62c73084, - 0xc27ded5c, 0x6c8bc58f, 0x1cdde421, 0xed1e47fb, - 0xcdcc715e, 0xb9c0ff99, 0x4b122f0f, 0xc4d25184, - 0xaf7a5e6c, 0x5bbf18bc, 0x8dd7c6e0, 0x5fb7e420, - 0x521f523f, 0x4ad9b8a2, 0xe9da1a6b, 0x97888c02, - 0x19d1e354, 0x5aba7d79, 0xa2cc7753, 0x8c2d9655, - 0x19829da1, 0x531590a7, 0x19c1c149, 0x3d537f1c, - 0x50779b69, 0xed71f2b7, 0x463c58fa, 0x52dc4418, - 0xc18c8c76, 0xc120d9f0, 0xafa80d4d, 0x3b74c473, - 0xd09410e9, 0x290e4211, 0xc3c8082b, 0x8f6b334a, - 0x3bf68ed2, 0xa843cc1b, 0x8d3c0ff3, 0x20e564a0, - 0xf8f55a4f, 0x2b40f8e7, 0xfea7f15f, 0xcf00fe21, - 0x8a6d37d6, 0xd0d506f1, 0xade00973, 0xefbbde36, - 0x84670fa8, 0xfa31ab9e, 0xaedab618, 0xc01f52f5, - 0x6558eb4f, 0x71b9e343, 0x4b8d77dd, 0x8cb93da6, - 0x740fd52d, 0x425412f8, 0xc5a63360, 0x10e53ad0, - 0x5a700f1c, 0x8324ed0b, 0xe53dc1ec, 0x1a366795, - 0x6d549d15, 0xc5ce46d7, 0xe17abe76, 0x5f48e0a0, - 0xd0f07c02, 0x941249b7, 0xe49ed6ba, 0x37a47f78, - 0xe1cfffbd, 0xb007ca84, 0xbb65f4da, 0xb59f35da, - 0x33d2aa44, 0x417452ac, 0xc0d674a7, 0x2d61a46a, - 0xdc63152a, 0x3e12b7aa, 0x6e615927, 0xa14fb118, - 0xa151758d, 0xba81687b, 0xe152f0b3, 0x764254ed, - 0x34c77271, 0x0a31acab, 0x54f94aec, 0xb9e994cd, - 0x574d9e81, 0x5b623730, 0xce8a21e8, 0x37917f0b, - 0xe8a9b5d6, 0x9697adf8, 0xf3d30431, 0x5dcac921, - 0x76b35d46, 0xaa430a36, 0xc2194022, 0x22bca65e, - 0xdaec70ba, 0xdfaea8cc, 0x777bae8b, 0x242924d5, - 0x1f098a5a, 0x4b396b81, 0x55de2522, 0x435c1cb8, - 0xaeb8fe1d, 0x9db3c697, 0x5b164f83, 0xe0c16376, - 0xa319224c, 0xd0203b35, 0x433ac0fe, 0x1466a19a, - 0x45f0b24f, 0x51fda998, 0xc0d52d71, 0xfa0896a8, - 0xf9e6053f, 0xa4b0d300, 0xd499cbcc, 0xb95e3d40, -}; diff --git a/src/headers/tomcrypt.h b/src/headers/tomcrypt.h index 04a865b..58755f8 100644 --- a/src/headers/tomcrypt.h +++ b/src/headers/tomcrypt.h @@ -16,8 +16,8 @@ extern "C" { #endif /* version */ -#define CRYPT 0x0109 -#define SCRYPT "1.09" +#define CRYPT 0x0110 +#define SCRYPT "1.10" /* max size of either a cipher/hash block or symmetric key [largest of the two] */ #define MAXBLOCKSIZE 128 diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h index c176271..95c48d9 100644 --- a/src/headers/tomcrypt_custom.h +++ b/src/headers/tomcrypt_custom.h @@ -192,8 +192,6 @@ #define OCB_MODE #define CCM_MODE #define GCM_MODE -/* disabled waiting on test vectors */ -/* #define NLS_MODE */ /* Use 64KiB tables */ #ifndef LTC_NO_TABLES diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h index dd9d49c..98b72b4 100644 --- a/src/headers/tomcrypt_mac.h +++ b/src/headers/tomcrypt_mac.h @@ -216,6 +216,12 @@ int ccm_test(void); void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c); #endif + +/* table shared between GCM and LRW */ +#if defined(GCM_TABLES) || defined(LRW_TABLES) || ((defined(GCM_MODE) || defined(GCM_MODE)) && defined(LTC_FAST)) +extern const unsigned char gcm_shift_table[]; +#endif + #ifdef GCM_MODE #define GCM_ENCRYPT 0 @@ -300,48 +306,6 @@ int pelican_memory(const unsigned char *key, unsigned long keylen, #endif -#ifdef NLS_MODE - -#define NLS_ENCRYPT 0 -#define NLS_DECRYPT 1 - -typedef struct { - ulong32 R[17]; /* Working storage for the shift register */ - ulong32 M[8]; /* Working storage for MAC accumulation */ - ulong32 CRC[8]; /* Working storage for CRC accumulation */ - ulong32 initR[17]; /* saved register contents */ - ulong32 konst; /* key dependent constant */ - ulong32 sbuf; /* partial ulong32 encryption buffer */ - ulong32 mbuf; /* partial ulong32 MAC buffer */ - int nbuf; /* number of part-ulong32 stream bits buffered */ - ulong32 CtrModF16; /* Multiprecision counter, modulo F16 */ - ulong32 CtrMod232; /* Multiprecision counter, LSW */ -} nls_state; - -/* interface definitions */ -int nls_key(nls_state *c, const unsigned char *key, unsigned long keylen); /* set key */ -int nls_nonce(nls_state *c, const unsigned char *nonce, unsigned long noncelen); /* set IV */ -int nls_maconly(nls_state *c, const unsigned char *buf, unsigned long nbytes); /* accumulate MAC */ -int nls_encrypt(nls_state * c, - const unsigned char *pt, unsigned long nbytes, - unsigned char *ct); /* enc+MAC */ -int nls_decrypt(nls_state * c, - const unsigned char *ct, unsigned long nbytes, - unsigned char *pt); /* dec+MAC */ -int nls_finish(nls_state *c, unsigned char *buf, unsigned long nbytes); /* finalize MAC */ - -int nls_memory(const unsigned char *key, unsigned long keylen, - const unsigned char *IV, unsigned long IVlen, - const unsigned char *adata, unsigned long adatalen, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long taglen, - int direction); - - -#endif - - /* $Source$ */ /* $Revision$ */ /* $Date$ */ diff --git a/src/misc/crypt/crypt_cipher_descriptor.c b/src/misc/crypt/crypt_cipher_descriptor.c index 5dd25e5..7dff97f 100644 --- a/src/misc/crypt/crypt_cipher_descriptor.c +++ b/src/misc/crypt/crypt_cipher_descriptor.c @@ -16,7 +16,7 @@ */ struct ltc_cipher_descriptor cipher_descriptor[TAB_SIZE] = { -{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } +{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } }; LTC_MUTEX_GLOBAL(ltc_cipher_mutex) diff --git a/src/modes/lrw/lrw_process.c b/src/modes/lrw/lrw_process.c index 1d7e892..f3bb29e 100644 --- a/src/modes/lrw/lrw_process.c +++ b/src/modes/lrw/lrw_process.c @@ -55,7 +55,7 @@ int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, i } /* update pad */ -#ifdef LRW_2TABLES +#ifdef LRW_TABLES /* for each byte changed we undo it's affect on the pad then add the new product */ for (; x < 16; x++) { #ifdef LTC_FAST diff --git a/src/modes/lrw/lrw_start.c b/src/modes/lrw/lrw_start.c index 570db57..c972144 100644 --- a/src/modes/lrw/lrw_start.c +++ b/src/modes/lrw/lrw_start.c @@ -17,46 +17,6 @@ #ifdef LRW_MODE -#ifdef LRW_TABLES - -/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the - * lower 16 bits are not zero'ed I removed the upper 14 bytes */ -static const unsigned char gcm_shift_table[256*2] = { -0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e, -0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e, -0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e, -0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e, -0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e, -0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e, -0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e, -0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e, -0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce, -0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde, -0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee, -0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe, -0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e, -0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e, -0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae, -0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe, -0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e, -0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e, -0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e, -0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e, -0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e, -0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e, -0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e, -0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e, -0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce, -0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde, -0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee, -0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe, -0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e, -0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e, -0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae, -0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe }; - -#endif - /** Initialize the LRW context @param cipher The cipher desired, must be a 128-bit block cipher diff --git a/src/pk/rsa/rsa_import.c b/src/pk/rsa/rsa_import.c index 6e75a41..2b8b76a 100644 --- a/src/pk/rsa/rsa_import.c +++ b/src/pk/rsa/rsa_import.c @@ -38,7 +38,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - if ((err = mp_init_multi(&zero, &key->e, &key->d, &key->N, &key->dQ, + if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { return err; } @@ -95,6 +95,9 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) } if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { + if ((err = mp_init(&zero)) != CRYPT_OK) { + goto LBL_ERR; + } /* it's a private key */ if ((err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, zero, @@ -107,8 +110,10 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) LTC_ASN1_INTEGER, 1UL, key->dQ, LTC_ASN1_INTEGER, 1UL, key->qP, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + mp_clear(zero); goto LBL_ERR; } + mp_clear(zero); key->type = PK_PRIVATE; } else if (mp_cmp_d(key->N, 1) == LTC_MP_EQ) { /* we don't support multi-prime RSA */ @@ -126,7 +131,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) } return CRYPT_OK; LBL_ERR: - mp_clear_multi(zero, key->d, key->e, key->N, key->dQ, key->dP, + mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); return err; } diff --git a/testprof/x86_prof.c b/testprof/x86_prof.c index aa1b004..0fbc7ad 100644 --- a/testprof/x86_prof.c +++ b/testprof/x86_prof.c @@ -330,6 +330,7 @@ int time_cipher(void) c2 = (t2 > c2 ? c2 : t2); } a2 = c2 - c1 - skew; + ecb_done(&ecb); results[no_results].id = x; results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length); @@ -401,6 +402,7 @@ int time_cipher2(void) c2 = (t2 > c2 ? c2 : t2); } a2 = c2 - c1 - skew; + cbc_done(&cbc); results[no_results].id = x; results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length); @@ -475,6 +477,7 @@ int time_cipher3(void) c2 = (t2 > c2 ? c2 : t2); } a2 = c2 - c1 - skew; + ctr_done(&ctr); results[no_results].id = x; results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length); @@ -494,6 +497,84 @@ int time_cipher3(void) int time_cipher3(void) { fprintf(stderr, "NO CTR\n"); return 0; } #endif +#ifdef LRW_MODE +int time_cipher4(void) +{ + unsigned long x, y1; + ulong64 t1, t2, c1, c2, a1, a2; + symmetric_LRW lrw; + unsigned char key[MAXBLOCKSIZE], pt[4096]; + int err; + + fprintf(stderr, "\n\nLRW Time Trials for the Symmetric Ciphers:\n"); + no_results = 0; + for (x = 0; cipher_descriptor[x].name != NULL; x++) { + if (cipher_descriptor[x].block_length != 16) continue; + lrw_start(x, pt, key, cipher_descriptor[x].min_key_length, key, 0, &lrw); + + /* sanity check on cipher */ + if ((err = cipher_descriptor[x].test()) != CRYPT_OK) { + fprintf(stderr, "\n\nERROR: Cipher %s failed self-test %s\n", cipher_descriptor[x].name, error_to_string(err)); + exit(EXIT_FAILURE); + } + +#define DO1 lrw_encrypt(pt, pt, sizeof(pt), &lrw); +#define DO2 DO1 DO1 + + c1 = c2 = (ulong64)-1; + for (y1 = 0; y1 < 100; y1++) { + t_start(); + DO1; + t1 = t_read(); + DO2; + t2 = t_read(); + t2 -= t1; + + c1 = (t1 > c1 ? c1 : t1); + c2 = (t2 > c2 ? c2 : t2); + } + a1 = c2 - c1 - skew; + +#undef DO1 +#undef DO2 +#define DO1 lrw_decrypt(pt, pt, sizeof(pt), &lrw); +#define DO2 DO1 DO1 + + c1 = c2 = (ulong64)-1; + for (y1 = 0; y1 < 100; y1++) { + t_start(); + DO1; + t1 = t_read(); + DO2; + t2 = t_read(); + t2 -= t1; + + c1 = (t1 > c1 ? c1 : t1); + c2 = (t2 > c2 ? c2 : t2); + } + a2 = c2 - c1 - skew; + + lrw_done(&lrw); + + results[no_results].id = x; + results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length); + results[no_results].spd2 = a2/(sizeof(pt)/cipher_descriptor[x].block_length); + results[no_results].avg = (results[no_results].spd1 + results[no_results].spd2+1)/2; + ++no_results; + fprintf(stderr, "."); fflush(stdout); + +#undef DO2 +#undef DO1 + } + tally_results(1); + + return 0; +} +#else +int time_cipher4(void) { fprintf(stderr, "NO LRW\n"); return 0; } +#endif + + int time_hash(void) { unsigned long x, y1, len;