TeaSpeak/tomcrypt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added libtomcrypt-1.00

Browse Source
This commit is contained in:
Tom St Denis 2004-12-30 23:55:53 +00:00 committed by Steffen Jaeckel
parent 1c1822d510
commit bfc2f5b078
257 changed files with 12657 additions and 5352 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1155
Doxyfile Normal file
View File

File diff suppressed because it is too large Load Diff

55
authors
View File

@ -1,55 +0,0 @@
This is a list of people who have contributed [directly or indirectly] to the project
[in no partcular order]. If you have helped and your name is not here email me at
tomstdenis@yahoo.com.
1) Richard.van.de.Laarschot@ict.nl
Gave help porting the lib to MSVC particularly pointed out various warnings and errors.
2) Richard Heathfield
Gave a lot of help concerning valid C portable code.
3) Ajay K. Agrawal
Helped port the library to MSVC and spotted a few bugs and errors.
4) Brian Gladman
Wrote the AES and Serpent code used. Found a bug in the hash code for certain types of inputs.
5) Svante Seleborg
Submitted the "ampi.c" code as well as many suggestions on improving the readability of the source code.
6) Clay Culver
Submitted a fix for "rsa.c" which cleaned up some code. Submited some other fixes too. :-)
Clay has helped find bugs in various pieces of code including the registry functions, base64 routines
and the make process. He is also now the primary author of the libtomcrypt reference manual and has plan
at making a HTML version.
7) Jason Klapste
Submitted fixes to the yarrow, hash, make process and test code as well as other subtle bug fixes. The
yarrow code can now default to any cipher/hash that is left after you remove them from a build.
8) Dobes Vandermeer <dobes@smartt.com>
Submitted HMAC code that worked flawlessly out of the box... good job! Also submitted a MD4 routine.
Submitted some modified DES code that was merged into the code base [using the libtomcrypt API]
9) Wayne Scott (wscott@bitmover.com)
Submitted base64 that complies with the RFC standards. Submitted some ideas to improve the RSA key generation
as well.
10) Sky Schulz (sky@ogn.com)
Has submitted a set of ideas to improve the library and make it more attractive for professional users.
11) Mike Frysinger
Together with Clay came up with a more "unix friendly" makefile. Mike Frysinger has been keeping copies of
the library for the Gentoo linux distribution.

58
changes
View File

@ -1,3 +1,61 @@
December 31st, 2004
v1.00
-- Added "r,s == 0" check to dsa_verify_hash()
-- Added "multi block" helpers for hash, hmac, pmac and omac routines so you can process multiple non-adjacent
blocks of data with one call (added demos/multi.c to make sure they work)
-- Note these are not documented but they do have doxygen comments inside them
-- Also I don't use them in other functions (like pkcs_5_2()) because I didn't have the time. Job for the new LTC maintainer ;-)
-- Added tweaked Anubis test vectors and made it default (undefined ANUBIS_TWEAK to get original Anubis)
-- Merged in fix for mp_prime_random_ex() to deal with MSB and LSB "bugs"
-- Removed tim_exptmod() completely, updated several RSA functions (notably v15 and the decrypt/verify) so they
don't require a prng now
-- This release brought to you by the fine tunes of Macy Gray. We miss you.
December 23rd, 2004
v1.00rc1
-- Renamed "mycrypt_*" to "tomcrypt_*" to be more specific and professional
Now just include "tomcrypt.h" instead of "mycrypt.h" to get LTC ;-)
-- Cleaned up makefiles to ensure all headers are correctly installed
-- Added "rotate by constant" macros for portable, x86-32 and x86-64
You can disable this new code with LTC_NO_ROLC which is useful for older GCCs
-- Cleaned up detection of x86-64 so it works for ROL/ROR macros
-- Fixed rsa_import() so that it would detect multi-prime RSA keys and error appropriately
-- Sorted the source files by category and updated the makefiles appropriately
-- Added LTC_DER define so you can trim out DER code if not required
-- Fixed up RSA's decrypt functions changing "res" to "stat" to be more in sync
with the signature variables nomenclature. (no code change just renamed the arguments)
-- Removed all labels starting with __ and replaced with LBL_ to avoid namespace conflicts (Randy Howard)
-- Merged in LTM fix to mp_prime_random_ex() which zap'ed the most significant byte if the bit size
requested was a multiple of eight.
-- Made RSA_TIMING off by default as it's not terribly useful [and likely to be deprecated]
-- Renamed SMALL_CODE, CLEAN_STACK and NO_FILE to have a LTC_ prefix to avoid namespace collisions
with other programs. e.g. SMALL_CODE => LTC_SMALL_CODE
-- Zed Shaw pointed out that on certain systems installing libs as "root" isn't possible as the super-user
is not root. Now the makefiles allow this to be changed easily.
-- Renamed "struct _*_descriptor" to "struct ltc_*_descriptor" to avoid using a leading _
Also renamed _ARGCHK to LTC_ARGCHK
-- Zed Shaw pointed out that I still defined the prng structs in tomcrypt_prng.h even if they
weren't defined. This made undef'ing FORTUNA break the build.
-- Added LTC_NO_ASM to disable inline asm macros [ROL/ROR/etc]
-- Changed RSA decrypt functions to change the output length variable name from "keylen" to "outlen" to make
it more consistent.
-- Added the 64-bit Khazad block cipher [NESSIE]
-- Added the 128-bit Anubis block cipher [with key support for 128...320 bit keys] [NESSIE]
-- Changes to several MAC functions to rename input arguments to more sensible names
-- Removed FAST_PK support from dh_sys.c
-- Declared deskey() from des.c as static instead of a global
-- Added pretty much all practical GCC warning tests to the GCC [related] makefiles. These additional
warnings can easily be disabled for those with older copies of GCC [or even non GNU cc's]
-- Added doxygen @ tags to the code... phew that was a hell of a lot of [repetitive] work
-- Also added pre-configured Doxygen script.
-- Cleaned up quite a few functions [ciphers, pk, etc] to make the parameters naming style consistent
E.g. ciphers keys are called "skey" consistently now. The input to PK encryption is called "in", etc.
These changes require no code changes on the behalf of developers fortunately
-- Started a SAFER+ optimizer [does encrypt only] which shaves a good 30 or so cycles/byte on my AMD64
at an expense of huge code. It's in notes/etc/saferp_optimizer.c
-- DSA sign/verify now uses DER encoded output/inputs and no LTC style headers.
-- Matt Johnston found a missing semi-colon in mp_exptmod(). Fix has been merged in.
October 29th, 2004
v0.99 -- Merged in the latest version of LTM which includes all of the recent bug fixes
-- Deprecated LTMSSE and removed it (to be replaced with TFM later on)

383
crypt.tex
View File

@ -47,7 +47,7 @@
\def\gap{\vspace{0.5ex}}
\makeindex
\begin{document}
\title{LibTomCrypt \\ Version 0.99}
\title{LibTomCrypt \\ Version 1.00}
\author{Tom St Denis \\
\\
tomstdenis@iahu.ca \\
@ -79,56 +79,22 @@ Canada
\tableofcontents
\chapter{Introduction}
\section{What is the LibTomCrypt?}
LibTomCrypt is a portable ANSI C cryptographic library that supports symmetric ciphers, one-way hashes,
pseudo-random number generators, public key cryptography (via RSA,DH or ECC/DH) and a plethora of support
routines. It is designed to compile out of the box with the GNU C Compiler (GCC) version 2.95.3 (and higher)
and with MSVC version 6 in win32.
LibTomCrypt is a portable ISO C cryptographic library that is meant to be a toolset for cryptographers who are
designing a cryptosystem. It supports symmetric ciphers, one-way hashes, pseudo-random number generators,
public key cryptography (via PKCS \#1 RSA, DH or ECCDH) and a plethora of support
routines.
The library has been successfully tested on quite a few other platforms ranging from the ARM7TDMI in a
Gameboy Advanced to various PowerPC processors and even the MIPS processor in the PlayStation 2. Suffice it
to say the code is portable.
The library is designed so new ciphers/hashes/PRNGs can be added at runtime and the existing API (and helper API functions) will
be able to use the new designs automatically. There exist self-check functions for each cipher and hash to ensure that
they compile and execute to the published design specifications. The library also performs extensive parameter error checking
and will give verbose error messages when possible.
Essentially the library saves the time of having to implement the ciphers, hashes, prngs yourself. Typically implementing
useful cryptography is an error prone business which means anything that can save considerable time and effort is a good
thing.
The library was designed such that new ciphers/hashes/PRNGs can be added at runtime and the existing API
(and helper API functions) are able to use the new designs automatically. There exists self-check functions for each
block cipher and hash function to ensure that they compile and execute to the published design specifications. The library
also performs extensive parameter error checking to prevent any number of runtime exploits or errors.
\subsection{What the library IS for?}
The library typically serves as a basis for other protocols and message formats. For example, it should be possible to
take the RSA routines out of this library, apply the appropriate message padding and get PKCS compliant RSA routines.
Similarly SSL protocols could be formed on top of the low-level symmetric cipher functions. The goal of this package is
to provide these low level core functions in a robust and easy to use fashion.
The library also serves well as a toolkit for applications where they don't need to be OpenPGP, PKCS, etc. compliant.
Included are fully operational public key routines for encryption, decryption, signature generation and verification.
These routines are fully portable but are not conformant to any known set of standards\footnote{With the exception of
the RSA code which is based on the PKCS \#1 standards.}. They are all based on established
number theory and cryptography.
\subsection{What the library IS NOT for?}
The library is not designed to be in anyway an implementation of the SSL or OpenPGP standards. The library
is not designed to be compliant with any known form of API or programming hierarchy. It is not a port of any other
library and it is not platform specific (like the MS CSP). So if you're looking to drop in some buzzword
compliant crypto library this is not for you. The library has been written from scratch to provide basic functions as
well as non-standard higher level functions.
This is not to say that the library is a ``homebrew'' project. All of the symmetric ciphers and one-way hash functions
conform to published test vectors. The public key functions are derived from publicly available material and the majority
of the code has been reviewed by a growing community of developers.
\subsubsection{Why not?}
You may be asking why I didn't choose to go all out and support standards like P1363, PKCS and the whole lot. The reason
is quite simple too much money gets in the way. When I tried to access the P1363 draft documents and was denied (it
requires a password) I realized that they're just a business anyways. See what happens is a company will sit down and
invent a ``standard''. Then they try to sell it to as many people as they can. All of a sudden this ``standard'' is
everywhere. Then the standard is updated every so often to keep people dependent. Then you become RSA. If people are
supposed to support these standards they had better make them more accessible.
The library serves as a toolkit for developers who have to solve cryptographic problems. Out of the box LibTomCrypt
does not process SSL or OpenPGP messages, it doesn't read x.591 certificates or write PEM encoded data. It does, however,
provide all of the tools required to build such functionality. LibTomCrypt was designed to be a flexible library that
was not tied to any particular cryptographic problem.
\section{Why did I write it?}
You may be wondering, ``Tom, why did you write a crypto library. I already have one.''. Well the reason falls into
@ -143,24 +109,35 @@ The idea is that I am not striving to replace OpenSSL or Crypto++ or Cryptlib or
With this library all core functions (ciphers, hashes, prngs) have the {\bf exact} same prototype definition. They all load
and store data in a format independent of the platform. This means if you encrypt with Blowfish on a PPC it should decrypt
on an x86 with zero problems. The consistent API also means that if you learn how to use blowfish with my library you
on an x86 with zero problems. The consistent API also means that if you learn how to use Blowfish with my library you
know how to use Safer+ or RC6 or Serpent or ... as well. With all of the core functions there are central descriptor tables
that can be used to make a program automatically pick between ciphers, hashes and PRNGs at runtime. That means your
application can support all ciphers/hashes/prngs without changing the source code.
Not only did I strive to make a consistent and simple API to work with but I also strived to make the library
configurable in terms of its build options. Out of the box the library will build with any modern version of GCC
without having to use configure scripts. This means that the library will work with platforms where development
tools may be limited (e.g. no autoconf).
On top of making the build simple and the API approachable I've also strived for a reasonably high level of
robustness and efficiency. LibTomCrypt traps and returns a series of errors ranging from invalid
arguments to buffer overflows/overruns. It is mostly thread safe and has been clocked on various platforms
with ``cycles per byte'' timings that are comparable (and often favourable) to other libraries such as OpenSSL and
Crypto++.
\subsection{Modular}
The LibTomCrypt package has also been written to be very modular. The block ciphers, one-way hashes and
pseudo-random number generators (PRNG) are all used within the API through ``descriptor'' tables which
The LibTomCrypt package has also been written to be very modular. The block ciphers, one--way hashes and
pseudo--random number generators (PRNG) are all used within the API through ``descriptor'' tables which
are essentially structures with pointers to functions. While you can still call particular functions
directly (\textit{e.g. sha256\_process()}) this descriptor interface allows the developer to customize their
usage of the library.
For example, consider a hardware platform with a specialized RNG device. Obviously one would like to tap
that for the PRNG needs within the library (\textit{e.g. making a RSA key}). All the developer has todo
that for the PRNG needs within the library (\textit{e.g. making a RSA key}). All the developer has to do
is write a descriptor and the few support routines required for the device. After that the rest of the
API can make use of it without change. Similiarly imagine a few years down the road when AES2 (\textit{or whatever they call it}) is
invented. It can be added to the library and used within applications with zero modifications to the
end applications provided they are written properly.
API can make use of it without change. Similiarly imagine a few years down the road when AES2
(\textit{or whatever they call it}) has been invented. It can be added to the library and used within applications
with zero modifications to the end applications provided they are written properly.
This flexibility within the library means it can be used with any combination of primitive algorithms and
unlike libraries like OpenSSL is not tied to direct routines. For instance, in OpenSSL there are CBC block
@ -170,7 +147,6 @@ are not directly tied to the ciphers. That is a new cipher can be added to the
the key setup, ECB decrypt and encrypt and test vector routines. After that all five chaining mode routines
can make use of the cipher right away.
\section{License}
All of the source code except for the following files have been written by the author or donated to the project
@ -181,8 +157,8 @@ under a public domain license:
\item safer.c
\end{enumerate}
`mpi.c'' was originally written by Michael Fromberger (sting@linguist.dartmouth.edu) but has since been replaced with my LibTomMath
library.
`mpi.c'' was originally written by Michael Fromberger (sting@linguist.dartmouth.edu) but has since been replaced with
my LibTomMath library which is public domain.
``rc2.c'' is based on publicly available code that is not attributed to a person from the given source. ``safer.c''
was written by Richard De Moliner (demoliner@isi.ee.ethz.ch) and seems to be free for use.
@ -221,7 +197,6 @@ early on:
There have been quite a few other people as well. Please check the change log to see who else has contributed from
time to time.
\chapter{The Application Programming Interface (API)}
\section{Introduction}
\index{CRYPT\_ERROR} \index{CRYPT\_OK}
@ -255,16 +230,16 @@ There is no initialization routine for the library and for the most part the cod
related issue is if you use the same symmetric cipher, hash or public key state data in multiple threads. Normally
that is not an issue.
To include the prototypes for ``LibTomCrypt.a'' into your own program simply include ``mycrypt.h'' like so:
To include the prototypes for ``LibTomCrypt.a'' into your own program simply include ``tomcrypt.h'' like so:
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void) {
return 0;
}
\end{verbatim}
The header file ``mycrypt.h'' also includes ``stdio.h'', ``string.h'', ``stdlib.h'', ``time.h'', ``ctype.h'' and ``mpi.h''
(the bignum library routines).
The header file ``tomcrypt.h'' also includes ``stdio.h'', ``string.h'', ``stdlib.h'', ``time.h'', ``ctype.h'' and
``ltc\_tommath.h'' (the bignum library routines).
\section{Macros}
@ -290,12 +265,19 @@ There are a few helper macros to make the coding process a bit easier. The firs
\end{center}
\end{small}
There are 32-bit cyclic rotations as well:
There are 32 and 64-bit cyclic rotations as well:
\index{ROL} \index{ROR}
\begin{center}
\begin{tabular}{|c|c|c|}
\hline ROL(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x << y$ \\
\hline ROR(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x >> y$ \\
\hline ROL(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x << y, 0 \le y \le 31$ \\
\hline ROLc(x, y) & {\bf unsigned long} x, {\bf const unsigned long} y & $x << y, 0 \le y \le 31$ \\
\hline ROR(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x >> y, 0 \le y \le 31$ \\
\hline RORc(x, y) & {\bf unsigned long} x, {\bf const unsigned long} y & $x >> y, 0 \le y \le 31$ \\
\hline && \\
\hline ROL64(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x << y, 0 \le y \le 63$ \\
\hline ROL64c(x, y) & {\bf unsigned long} x, {\bf const unsigned long} y & $x << y, 0 \le y \le 63$ \\
\hline ROR64(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x >> y, 0 \le y \le 63$ \\
\hline ROR64c(x, y) & {\bf unsigned long} x, {\bf const unsigned long} y & $x >> y, 0 \le y \le 63$ \\
\hline
\end{tabular}
\end{center}
@ -306,7 +288,7 @@ must pass it the length of the buffer\footnote{Extensive error checking is not i
the output will be stored. For example:
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void) {
rsa_key key;
unsigned char buffer[1024];
@ -331,13 +313,17 @@ int main(void) {
}
\end{verbatim}
\end{small}
In the above example if the size of the RSA public key was more than 1024 bytes this function would not store anything in
either ``buffer'' or ``x'' and simply return an error code. If the function suceeds it stores the length of the output
back into ``x'' so that the calling application will know how many bytes used.
In the above example if the size of the RSA public key was more than 1024 bytes this function would return an error code
indicating a buffer overflow would have occurred. If the function succeeds it stores the length of the output
back into ``x'' so that the calling application will know how many bytes were used.
\section{Functions that need a PRNG}
Certain functions such as ``rsa\_make\_key()'' require a PRNG. These functions do not setup the PRNG themselves so it is
the responsibility of the calling function to initialize the PRNG before calling them.
\index{Pseudo Random Number Generator} \index{PRNG}
Certain functions such as ``rsa\_make\_key()'' require a Pseudo Random Number Generator (PRNG). These functions do not setup
the PRNG themselves so it is the responsibility of the calling function to initialize the PRNG before calling them.
Certain PRNG algorithms do not require a ``prng\_state'' argument (sprng for example). The ``prng\_state'' argument
may be passed as \textbf{NULL} in such situations.
\section{Functions that use Arrays of Octets}
Most functions require inputs that are arrays of the data type ``unsigned char''. Whether it is a symmetric key, IV
@ -352,14 +338,15 @@ type ``byte'' will be synonymous with an array of type ``unsigned char''.
\chapter{Symmetric Block Ciphers}
\section{Core Functions}
Libtomcrypt provides several block ciphers all in a plain vanilla ECB block mode. Its important to first note that you
LibTomCrypt provides several block ciphers with an ECB block mode interface. It's important to first note that you
should never use the ECB modes directly to encrypt data. Instead you should use the ECB functions to make a chaining mode
or use one of the provided chaining modes. All of the ciphers are written as ECB interfaces since it allows the rest of
the API to grow in a modular fashion.
All ciphers store their scheduled keys in a single data type called ``symmetric\_key''. This allows all ciphers to
have the same prototype and store their keys as naturally as possible. All ciphers provide five visible functions which
are (given that XXX is the name of the cipher):
have the same prototype and store their keys as naturally as possible. This also removes the need for dynamic memory
allocation and allows you to allocate a fixed sized buffer for storing scheduled keys. All ciphers provide five visible
functions which are (given that XXX is the name of the cipher):
\index{Cipher Setup}
\begin{verbatim}
int XXX_setup(const unsigned char *key, int keylen, int rounds,
@ -369,12 +356,12 @@ int XXX_setup(const unsigned char *key, int keylen, int rounds,
The XXX\_setup() routine will setup the cipher to be used with a given number of rounds and a given key length (in bytes).
The number of rounds can be set to zero to use the default, which is generally a good idea.
If the function returns successfully the variable ``skey'' will have a scheduled key stored in it. Its important to note
that you should only used this scheduled key with the intended cipher. For example, if you call
``blowfish\_setup()'' do not pass the scheduled key onto ``rc5\_ecb\_encrypt()''. All setup functions do not allocate
memory off the heap so when you are done with a key you can simply discard it (e.g. they can be on the stack).
If the function returns successfully the variable ``skey'' will have a scheduled key stored in it. It's important to note
that you should only used this scheduled key with the intended cipher. For example, if you call ``blowfish\_setup()'' do not
pass the scheduled key onto ``rc5\_ecb\_encrypt()''. All setup functions do not allocate memory off the heap so when you are
done with a key you can simply discard it (e.g. they can be on the stack).
To encrypt or decrypt a block in ECB mode there are these two functions:
To encrypt or decrypt a block in ECB mode there are these two function classes
\index{Cipher Encrypt} \index{Cipher Decrypt}
\begin{verbatim}
void XXX_ecb_encrypt(const unsigned char *pt, unsigned char *ct,
@ -385,8 +372,11 @@ void XXX_ecb_decrypt(const unsigned char *ct, unsigned char *pt,
\end{verbatim}
These two functions will encrypt or decrypt (respectively) a single block of text\footnote{The size of which depends on
which cipher you are using.} and store the result where you want it. It is possible that the input and output buffer are
the same buffer. For the encrypt function ``pt''\footnote{pt stands for plaintext.} is the input and ``ct'' is the output.
For the decryption function its the opposite. To test a particular cipher against test vectors\footnote{As published in their design papers.} call: \index{Cipher Testing}
the same buffer. For the encrypt function ``pt''\footnote{pt stands for plaintext.} is the input and
``ct''\footnote{ct stands for ciphertext.} is the output. For the decryption function it's the opposite. To test a particular
cipher against test vectors\footnote{As published in their design papers.} call the self-test function
\index{Cipher Testing}
\begin{verbatim}
int XXX_test(void);
\end{verbatim}
@ -399,7 +389,7 @@ Essentially it will round the input keysize in ``keysize'' down to the next appr
return {\bf CRYPT\_OK} if the key size specified is acceptable. For example:
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
int keysize, err;
@ -415,12 +405,14 @@ int main(void)
}
\end{verbatim}
\end{small}
This should indicate a keysize of sixteen bytes is suggested. An example snippet that encodes a block with
Blowfish in ECB mode is below.
This should indicate a keysize of sixteen bytes is suggested.
\subsection{Simple Encryption Demonstration}
An example snippet that encodes a block with Blowfish in ECB mode is below.
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
unsigned char pt[8], ct[8], key[8];
@ -444,12 +436,15 @@ int main(void)
blowfish_ecb_encrypt(pt, /* encrypt this 8-byte array */
ct, /* store encrypted data here */
&skey); /* our previously scheduled key */
/* now ct holds the encrypted version of pt */
/* decrypt the block */
blowfish_ecb_decrypt(ct, /* decrypt this 8-byte array */
pt, /* store decrypted data here */
&skey); /* our previously scheduled key */
/* now we have decrypted ct to the original plaintext in pt */
return 0;
}
\end{verbatim}
@ -459,7 +454,7 @@ int main(void)
\index{Symmetric Keys}
As a general rule of thumb do not use symmetric keys under 80 bits if you can. Only a few of the ciphers support smaller
keys (mainly for test vectors anyways). Ideally your application should be making at least 256 bit keys. This is not
because you're supposed to be paranoid. Its because if your PRNG has a bias of any sort the more bits the better. For
because you're supposed to be paranoid. It's because if your PRNG has a bias of any sort the more bits the better. For
example, if you have $\mbox{Pr}\left[X = 1\right] = {1 \over 2} \pm \gamma$ where $\vert \gamma \vert > 0$ then the
total amount of entropy in N bits is $N \cdot -log_2\left ({1 \over 2} + \vert \gamma \vert \right)$. So if $\gamma$
were $0.25$ (a severe bias) a 256-bit string would have about 106 bits of entropy whereas a 128-bit string would have
@ -467,7 +462,8 @@ only 53 bits of entropy.
The number of rounds of most ciphers is not an option you can change. Only RC5 allows you to change the number of
rounds. By passing zero as the number of rounds all ciphers will use their default number of rounds. Generally the
ciphers are configured such that the default number of rounds provide adequate security for the given block size.
ciphers are configured such that the default number of rounds provide adequate security for the given block and key
size.
\section{The Cipher Descriptors}
\index{Cipher Descriptor}
@ -477,21 +473,25 @@ of this array has the following format:
\begin{verbatim}
struct _cipher_descriptor {
char *name;
unsigned long min_key_length, max_key_length,
block_length, default_rounds;
int (*setup) (const unsigned char *key, int keylength,
int num_rounds, symmetric_key *skey);
unsigned char ID;
int min_key_length,
max_key_length,
block_length,
default_rounds;
int (*setup)(const unsigned char *key, int keylen, int num_rounds,
symmetric_key *skey);
void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct,
symmetric_key *key);
void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt,
symmetric_key *key);
int (*test) (void);
int (*keysize) (int *desired_keysize);
symmetric_key *skey);
void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt,
symmetric_key *skey);
int (*test)(void);
int (*keysize)(int *keysize);
};
\end{verbatim}
Where ``name'' is the lower case ASCII version of the name. The fields ``min\_key\_length'', ``max\_key\_length'' and
``block\_length'' are all the number of bytes not bits. As a good rule of thumb it is assumed that the cipher supports
Where ``name'' is the lower case ASCII version of the name. The fields ``min\_key\_length'' and ``max\_key\_length''
are the minimum and maximum key sizes in bytes. The ``block\_length'' member is the block size of the cipher
in bytes. As a good rule of thumb it is assumed that the cipher supports
the min and max key lengths but not always everything in between. The ``default\_rounds'' field is the default number
of rounds that will be used.
@ -511,10 +511,6 @@ As of this release the current cipher\_descriptors elements are
\hline RC5-32/12/b & rc5\_desc & 8 & 8 $\ldots$ 128 & 12 $\ldots$ 24 \\
\hline RC6-32/20/b & rc6\_desc & 16 & 8 $\ldots$ 128 & 20 \\
\hline SAFER+ & saferp\_desc &16 & 16, 24, 32 & 8, 12, 16 \\
\hline Safer K64 & safer\_k64\_desc & 8 & 8 & 6 $\ldots$ 13 \\
\hline Safer SK64 & safer\_sk64\_desc & 8 & 8 & 6 $\ldots$ 13 \\
\hline Safer K128 & safer\_k128\_desc & 8 & 16 & 6 $\ldots$ 13 \\
\hline Safer SK128 & safer\_sk128\_desc & 8 & 16 & 6 $\ldots$ 13 \\
\hline AES & aes\_desc & 16 & 16, 24, 32 & 10, 12, 14 \\
& aes\_enc\_desc & 16 & 16, 24, 32 & 10, 12, 14 \\
\hline Twofish & twofish\_desc & 16 & 16, 24, 32 & 16 \\
@ -523,6 +519,8 @@ As of this release the current cipher\_descriptors elements are
\hline CAST5 (CAST-128) & cast5\_desc & 8 & 5 $\ldots$ 16 & 12, 16 \\
\hline Noekeon & noekeon\_desc & 16 & 16 & 16 \\
\hline Skipjack & skipjack\_desc & 8 & 10 & 32 \\
\hline Anubis & anubis\_desc & 16 & 16 $\ldots$ 40 & 12 $\ldots$ 18 \\
\hline Khazad & khazad\_desc & 8 & 16 & 8 \\
\hline
\end{tabular}
\end{center}
@ -544,11 +542,6 @@ The ``encrypt only'' descriptors are useful for applications that only use the e
as EAX, PMAC and OMAC only require the encryption function. So far this ``encrypt only'' functionality has only been implemented for
Rijndael as it makes the most sense for this cipher.
\item
For the 64-bit SAFER famliy of ciphers (e.g K64, SK64, K128, SK128) the ecb\_encrypt() and ecb\_decrypt()
functions are the same. So if you want to use those functions directly just call safer\_ecb\_encrypt()
or safer\_ecb\_decrypt() respectively.
\item
Note that for ``DES'' and ``3DES'' they use 8 and 24 byte keys but only 7 and 21 [respectively] bytes of the keys are in
fact used for the purposes of encryption. My suggestion is just to use random 8/24 byte keys instead of trying to make a 8/24
@ -590,7 +583,7 @@ Which will search for a given name in the array. It returns negative one if the
the location in the array where the cipher was found. For example, to indirectly setup Blowfish you can also use:
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
unsigned char key[8];
@ -631,7 +624,7 @@ int unregister_cipher(const struct _cipher_descriptor *cipher);
Which returns {\bf CRYPT\_OK} if it removes it otherwise it returns {\bf CRYPT\_ERROR}. Consider:
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
int err;
@ -794,7 +787,7 @@ The XXX\_setiv functions are handy if you wish to change the IV without re--keyi
\newpage
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
unsigned char key[16], IV[16], buffer[512];
@ -944,7 +937,7 @@ int eax_test(void);
This requires that the AES (or Rijndael) block cipher be registered with the cipher\_descriptor table first.
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
int err;
@ -1132,7 +1125,7 @@ void XXX_init(hash_state *md);
This simply sets up the hash to the default state governed by the specifications of the hash. To add data to the
message being hashed call:
\begin{verbatim}
int XXX_process(hash_state *md, const unsigned char *in, unsigned long len);
int XXX_process(hash_state *md, const unsigned char *in, unsigned long inlen);
\end{verbatim}
Essentially all hash messages are virtually infinitely\footnote{Most hashes are limited to $2^{64}$ bits or 2,305,843,009,213,693,952 bytes.} long message which
@ -1167,7 +1160,7 @@ This will return {\bf CRYPTO\_OK} if the hash matches the test vectors, otherwis
example snippet that hashes a message with md5 is given below.
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
hash_state md;
@ -1195,9 +1188,10 @@ struct _hash_descriptor {
char *name;
unsigned long hashsize; /* digest output size in bytes */
unsigned long blocksize; /* the block size the hash uses */
void (*init) (hash_state *);
int (*process)(hash_state *, const unsigned char *, unsigned long);
int (*done) (hash_state *, unsigned char *);
void (*init) (hash_state *hash);
int (*process)(hash_state *hash,
const unsigned char *in, unsigned long inlen);
int (*done) (hash_state *hash, unsigned char *out);
int (*test) (void);
};
\end{verbatim}
@ -1210,7 +1204,7 @@ position in the descriptor table of the hash.
You can use the table to indirectly call a hash function that is chosen at runtime. For example:
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
unsigned char buffer[100], hash[MAXBLOCKSIZE];
@ -1258,29 +1252,27 @@ length. This provides a simple size you can set your automatic arrays to that w
There are three helper functions as well:
\index{hash\_memory()} \index{hash\_file()}
\begin{verbatim}
int hash_memory(int hash, const unsigned char *data,
unsigned long len, unsigned char *dst,
unsigned long *outlen);
int hash_memory(int hash,
const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen);
int hash_file(int hash, const char *fname,
unsigned char *dst,
unsigned long *outlen);
unsigned char *out, unsigned long *outlen);
int hash_filehandle(int hash, FILE *in,
unsigned char *dst, unsigned long *outlen);
unsigned char *out, unsigned long *outlen);
\end{verbatim}
The ``hash'' parameter is the location in the descriptor table of the hash (\textit{e.g. the return of find\_hash()}).
The ``*outlen'' variable is used to keep track of the output size. You
must set it to the size of your output buffer before calling the functions. When they complete succesfully they store
the length of the message digest back in it. The functions are otherwise straightforward. The ``hash\_filehandle''
function assumes that ``in'' is an file handle opened in binary mode. It will hash to the end of file and not reset
the file position when finished.
The ``*outlen'' variable is used to keep track of the output size. You must set it to the size of your output buffer before
calling the functions. When they complete succesfully they store the length of the message digest back in it. The functions
are otherwise straightforward. The ``hash\_filehandle'' function assumes that ``in'' is an file handle opened in binary mode.
It will hash to the end of file and not reset the file position when finished.
To perform the above hash with md5 the following code could be used:
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
int idx, err;
@ -1364,7 +1356,7 @@ be bound to the CHC hash at a time. There are additional requirements for the s
Example of using CHC with the AES block cipher.
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
int err;
@ -1417,18 +1409,18 @@ to use to authenticate the message. ``key'' is the pointer to the array of char
length (in octets) of the key you want to use to authenticate the message. To send octets of a message through the HMAC system you must use the following function:
\index{hmac\_process()}
\begin{verbatim}
int hmac_process(hmac_state *hmac, const unsigned char *buf,
unsigned long len);
int hmac_process(hmac_state *hmac,
const unsigned char *in, unsigned long inlen);
\end{verbatim}
``hmac'' is the HMAC state you are working with. ``buf'' is the array of octets to send into the HMAC process. ``len'' is the
number of octets to process. Like the hash process routines you can send the data in arbitrarly sized chunks. When you
are finished with the HMAC process you must call the following function to get the HMAC code:
\index{hmac\_done()}
\begin{verbatim}
int hmac_done(hmac_state *hmac, unsigned char *hashOut,
unsigned long *outlen);
int hmac_done(hmac_state *hmac,
unsigned char *out, unsigned long *outlen);
\end{verbatim}
``hmac'' is the HMAC state you are working with. ``hashOut'' is the array of octets where the HMAC code should be stored. You must
``hmac'' is the HMAC state you are working with. ``out'' is the array of octets where the HMAC code should be stored. You must
set ``outlen'' to the size of the destination buffer before calling this function. It is updated with the length of the HMAC code
produced (depending on which hash was picked). If ``outlen'' is less than the size of the message digest (and ultimately
the HMAC code) then the HMAC code is truncated as per FIPS-198 specifications (e.g. take the first ``outlen'' bytes).
@ -1439,22 +1431,23 @@ calling the three step process yourself.
\index{hmac\_memory()}
\begin{verbatim}
int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
const unsigned char *data, unsigned long len,
unsigned char *dst, unsigned long *dstlen);
int hmac_memory(int hash,
const unsigned char *key, unsigned long keylen,
const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen);
\end{verbatim}
This will produce an HMAC code for the array of octets in ``data'' of length ``len''. The index into the hash descriptor
This will produce an HMAC code for the array of octets in ``in'' of length ``inlen''. The index into the hash descriptor
table must be provided in ``hash''. It uses the key from ``key'' with a key length of ``keylen''.
The result is stored in the array of octets ``dst'' and the length in ``dstlen''. The value of ``dstlen'' must be set
The result is stored in the array of octets ``out'' and the length in ``outlen''. The value of ``outlen'' must be set
to the size of the destination buffer before calling this function. Similarly for files there is the following function:
\index{hmac\_file()}
\begin{verbatim}
int hmac_file(int hash, const char *fname, const unsigned char *key,
unsigned long keylen,
unsigned char *dst, unsigned long *dstlen);
int hmac_file(int hash, const char *fname,
const unsigned char *key, unsigned long keylen,
unsigned char *out, unsigned long *outlen);
\end{verbatim}
``hash'' is the index into the hash descriptor table of the hash you want to use. ``fname'' is the filename to process.
``key'' is the array of octets to use as the key of length ``keylen''. ``dst'' is the array of octets where the
``key'' is the array of octets to use as the key of length ``keylen''. ``out'' is the array of octets where the
result should be stored.
To test if the HMAC code is working there is the following function:
@ -1467,7 +1460,7 @@ HMAC system is given below.
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
int idx, err;
@ -1531,9 +1524,9 @@ To send data through the algorithm call
\index{omac\_process()}
\begin{verbatim}
int omac_process(omac_state *state,
const unsigned char *buf, unsigned long len);
const unsigned char *in, unsigned long inlen);
\end{verbatim}
This will send ``len'' bytes from ``buf'' through the active OMAC state ``state''. Returns \textbf{CRYPT\_OK} if the
This will send ``inlen'' bytes from ``in'' through the active OMAC state ``state''. Returns \textbf{CRYPT\_OK} if the
function succeeds. The function is not sensitive to the granularity of the data. For example,
\begin{verbatim}
@ -1567,10 +1560,10 @@ following function.
\begin{verbatim}
int omac_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *msg, unsigned long msglen,
unsigned char *out, unsigned long *outlen);
const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen);
\end{verbatim}
This will compute the OMAC of ``msglen'' bytes of ``msg'' using the key ``key'' of length ``keylen'' bytes and the cipher
This will compute the OMAC of ``inlen'' bytes of ``in'' using the key ``key'' of length ``keylen'' bytes and the cipher
specified by the ``cipher'''th entry in the cipher\_descriptor table. It will store the MAC in ``out'' with the same
rules as omac\_done.
@ -1580,7 +1573,7 @@ To OMAC a file use
int omac_file(int cipher,
const unsigned char *key, unsigned long keylen,
const char *filename,
unsigned char *out, unsigned long *outlen);
unsigned char *out, unsigned long *outlen);
\end{verbatim}
Which will OMAC the entire contents of the file specified by ``filename'' using the key ``key'' of length ``keylen'' bytes
@ -1597,7 +1590,7 @@ OMAC system is given below.
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
int idx, err;
@ -1662,9 +1655,9 @@ To MAC data simply send it through the process function.
\index{pmac\_process()}
\begin{verbatim}
int pmac_process(pmac_state *state,
const unsigned char *buf, unsigned long len);
const unsigned char *in, unsigned long inlen);
\end{verbatim}
This will process ``len'' bytes of ``buf'' in the given ``state''. The function is not sensitive to the granularity of the
This will process ``inlen'' bytes of ``in'' in the given ``state''. The function is not sensitive to the granularity of the
data. For example,
\begin{verbatim}
@ -1694,9 +1687,9 @@ following function.
\index{pmac\_memory()}
\begin{verbatim}
int pmac_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *msg, unsigned long msglen,
unsigned char *out, unsigned long *outlen);
const unsigned char *key, unsigned long keylen,
const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen);
\end{verbatim}
This will compute the PMAC of ``msglen'' bytes of ``msg'' using the key ``key'' of length ``keylen'' bytes and the cipher
specified by the ``cipher'''th entry in the cipher\_descriptor table. It will store the MAC in ``out'' with the same
@ -1722,9 +1715,6 @@ int pmac_test(void);
Which returns {\bf CRYPT\_OK} if the code passes otherwise it returns an error code.
\chapter{Pseudo-Random Number Generators}
\section{Core Functions}
The library provides an array of core functions for Pseudo-Random Number Generators (PRNGs) as well. A cryptographic PRNG is
@ -1735,12 +1725,11 @@ key generation. There is a universal structure called ``prng\_state''. To init
int XXX_start(prng_state *prng);
\end{verbatim}
This will setup the PRNG for future use and not seed it. In order
for the PRNG to be cryptographically useful you must give it entropy. Ideally you'd have some OS level source to tap
like in UNIX (see section 5.3). To add entropy to the PRNG call:
This will setup the PRNG for future use and not seed it. In order for the PRNG to be cryptographically useful you must give it
entropy. Ideally you'd have some OS level source to tap like in UNIX. To add entropy to the PRNG call:
\index{PRNG add\_entropy}
\begin{verbatim}
int XXX_add_entropy(const unsigned char *in, unsigned long len,
int XXX_add_entropy(const unsigned char *in, unsigned long inlen,
prng_state *prng);
\end{verbatim}
@ -1754,7 +1743,7 @@ int XXX_ready(prng_state *prng);
Which returns {\bf CRYPTO\_OK} if it is ready. Finally to actually read bytes call:
\index{PRNG read}
\begin{verbatim}
unsigned long XXX_read(unsigned char *out, unsigned long len,
unsigned long XXX_read(unsigned char *out, unsigned long outlen,
prng_state *prng);
\end{verbatim}
@ -1831,7 +1820,7 @@ Below is a simple snippet to read 10 bytes from yarrow. Its important to note t
{\bf NOT} secure since the entropy added is not random.
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
prng_state prng;
@ -1961,7 +1950,7 @@ simulations which need a high quality (and fast) stream of bytes.
\subsubsection{Example Usage}
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
prng_state prng;
@ -2029,7 +2018,7 @@ platform where the RNG doesn't work well. Example usage of this function is giv
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
ecc_key mykey;
@ -2066,7 +2055,7 @@ the previous example using this PRNG.
\begin{small}
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
ecc_key mykey;
@ -2088,6 +2077,8 @@ int main(void)
\end{verbatim}
\end{small}
\chapter{RSA Public Key Cryptography}
\section{Introduction}
@ -2307,8 +2298,8 @@ To do raw work with the RSA function call:
\index{rsa\_exptmod()}
\begin{verbatim}
int rsa_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
prng_state *prng, int prng_idx,
unsigned char *out, unsigned long *outlen,
int which, prng_state *prng, int prng_idx,
rsa_key *key);
\end{verbatim}
This loads the bignum from ``in'' as a big endian word in the format PKCS specifies, raises it to either ``e'' or ``d'' and stores the result
@ -2324,26 +2315,26 @@ To facilitate encrypting short keys the following functions have been provided.
\index{rsa\_encrypt\_key()}
\begin{verbatim}
int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen,
unsigned char *outkey, unsigned long *outlen,
int rsa_encrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
const unsigned char *lparam, unsigned long lparamlen,
prng_state *prng, int prng_idx, int hash_idx, rsa_key *key);
\end{verbatim}
This function will OAEP pad ``inkey'' of length inlen bytes then RSA encrypt it and store the ciphertext
in ``outkey'' of length ``outlen''. The ``lparam'' and ``lparamlen'' are the same parameters you would pass
This function will OAEP pad ``in'' of length inlen bytes then RSA encrypt it and store the ciphertext
in ``out'' of length ``outlen''. The ``lparam'' and ``lparamlen'' are the same parameters you would pass
to pkcs\_1\_oaep\_encode().
\index{rsa\_decrypt\_key()}
\begin{verbatim}
int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *outkey, unsigned long *keylen,
int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
const unsigned char *lparam, unsigned long lparamlen,
prng_state *prng, int prng_idx,
int hash_idx, int *res,
rsa_key *key);
\end{verbatim}
This function will RSA decrypt ``in'' of length ``inlen'' then OAEP depad the resulting data and store it in
``outkey'' of length ``outlen''. The ``lparam'' and ``lparamlen'' are the same parameters you would pass
``out'' of length ``outlen''. The ``lparam'' and ``lparamlen'' are the same parameters you would pass
to pkcs\_1\_oaep\_decode().
If the RSA decrypted data isn't a valid OAEP packet then ``res'' is set to $0$. Otherwise, it is set to $1$.
@ -2354,15 +2345,15 @@ process the following functions have been provided.
\index{rsa\_sign\_hash()}
\begin{verbatim}
int rsa_sign_hash(const unsigned char *msghash, unsigned long msghashlen,
unsigned char *sig, unsigned long *siglen,
int rsa_sign_hash(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
prng_state *prng, int prng_idx,
int hash_idx, unsigned long saltlen,
rsa_key *key);
\end{verbatim}
This will PSS encode the message hash ``msghash'' of length ``msghashlen''. Next the PSS encoded message is
RSA ``signed'' and the output is stored in ``sig'' of length ``siglen''.
This will PSS encode the message hash ``in'' of length ``inlen''. Next the PSS encoded message will be RSA ``signed'' and
the output is stored in ``out'' of length ``outlen''.
\index{rsa\_verify\_hash()}
@ -2382,7 +2373,7 @@ the value ``res'' is set to $0$. Otherwise, if the function succeeds and signat
to $1$.
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
int err, hash_idx, prng_idx, res;
@ -2646,16 +2637,16 @@ Similar to the RSA related functions there are functions to encrypt or decrypt s
algorithms.
\index{dh\_encrypt\_key()} \index{dh\_decrypt\_key()}
\begin{verbatim}
int dh_encrypt_key(const unsigned char *inkey, unsigned long keylen,
int dh_encrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *len,
prng_state *prng, int wprng, int hash,
dh_key *key);
int dh_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *outkey, unsigned long *keylen,
int dh_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
dh_key *key);
\end{verbatim}
Where ``inkey'' is an input symmetric key of no more than 32 bytes. Essentially these routines created a random public key
Where ``in'' is an input symmetric key of no more than 32 bytes. Essentially these routines created a random public key
and find the hash of the shared secret. The message digest is than XOR'ed against the symmetric key. All of the
required data is placed in ``out'' by ``dh\_encrypt\_key()''. The hash must produce a message digest at least as large
as the symmetric key you are trying to share.
@ -2759,17 +2750,17 @@ algorithms.
\index{ecc\_encrypt\_key()} \index{ecc\_decrypt\_key()}
\begin{verbatim}
int ecc_encrypt_key(const unsigned char *inkey, unsigned long keylen,
unsigned char *out, unsigned long *len,
int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
prng_state *prng, int wprng, int hash,
ecc_key *key);
int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *outkey, unsigned long *keylen,
int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
ecc_key *key);
\end{verbatim}
Where ``inkey'' is an input symmetric key of no more than 32 bytes. Essentially these routines created a random public key
Where ``in'' is an input symmetric key of no more than 32 bytes. Essentially these routines created a random public key
and find the hash of the shared secret. The message digest is than XOR'ed against the symmetric key. All of the required
data is placed in ``out'' by ``ecc\_encrypt\_key()''. The hash chosen must produce a message digest at least as large
as the symmetric key you are trying to share.
@ -2975,7 +2966,7 @@ These will handle multiple encodings/decodings at once. They work like their si
except they handle a \textbf{NULL} terminated list of operands.
\begin{verbatim}
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{
mp_int a, b, c, d;
@ -3047,7 +3038,7 @@ on the password. The ``hash\_idx'' is the index of the hash you wish to use in
\begin{alltt}
/* demo to show how to make session state material from a password */
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
\{
unsigned char password[100], salt[100],
@ -3115,7 +3106,7 @@ for all uses and is distributed freely.
At the heart of all the functions is the data type ``mp\_int'' (defined in tommath.h). This data type is what
will hold all large integers. In order to use an mp\_int one must initialize it first, for example:
\begin{verbatim}
#include <mycrypt.h> /* mycrypt.h includes mpi.h automatically */
#include <tomcrypt.h> /* tomcrypt.h includes mpi.h automatically */
int main(void)
{
mp_int bignum;
@ -3327,7 +3318,7 @@ make install_lib
Which will build the library and install it in /usr/lib (as well as the headers in /usr/include). The destination
directory of the library and headers can be changed by editing ``makefile''. The variable LIBNAME controls
where the library is to be installed and INCNAME controls where the headers are to be installed. A developer can
then use the library by including ``mycrypt.h'' in their program and linking against ``libtomcrypt.a''.
then use the library by including ``tomcrypt.h'' in their program and linking against ``libtomcrypt.a''.
A static library can also be built with the Intel C Compiler (ICC) by issuing the following

219
cscope.tmplst
View File

@ -1,219 +0,0 @@
./aes.c
./aes_tab.c
./base64_decode.c
./base64_encode.c
./blowfish.c
./burn_stack.c
./cast5.c
./cbc_decrypt.c
./cbc_encrypt.c
./cbc_getiv.c
./cbc_setiv.c
./cbc_start.c
./cfb_decrypt.c
./cfb_encrypt.c
./cfb_getiv.c
./cfb_setiv.c
./cfb_start.c
./chc.c
./crypt.c
./crypt_argchk.c
./crypt_cipher_descriptor.c
./crypt_cipher_is_valid.c
./crypt_find_cipher.c
./crypt_find_cipher_any.c
./crypt_find_cipher_id.c
./crypt_find_hash.c
./crypt_find_hash_any.c
./crypt_find_hash_id.c
./crypt_find_prng.c
./crypt_hash_descriptor.c
./crypt_hash_is_valid.c
./crypt_prng_descriptor.c
./crypt_prng_is_valid.c
./crypt_register_cipher.c
./crypt_register_hash.c
./crypt_register_prng.c
./crypt_unregister_cipher.c
./crypt_unregister_hash.c
./crypt_unregister_prng.c
./ctr_decrypt.c
./ctr_encrypt.c
./ctr_getiv.c
./ctr_setiv.c
./ctr_start.c
./demos/encrypt.c
./demos/hashsum.c
./demos/small.c
./demos/test/base64_test.c
./demos/test/cipher_hash_test.c
./demos/test/der_tests.c
./demos/test/dh_tests.c
./demos/test/dsa_test.c
./demos/test/ecc_test.c
./demos/test/mac_test.c
./demos/test/makefile
./demos/test/makefile.icc
./demos/test/makefile.msvc
./demos/test/makefile.shared
./demos/test/modes_test.c
./demos/test/pkcs_1_test.c
./demos/test/rsa_test.c
./demos/test/store_test.c
./demos/test/test.c
./demos/test/test.h
./demos/tv_gen.c
./demos/x86_prof.c
./der_decode_integer.c
./der_encode_integer.c
./der_get_multi_integer.c
./der_length_integer.c
./der_put_multi_integer.c
./des.c
./dh.c
./dh_sys.c
./dsa_export.c
./dsa_free.c
./dsa_import.c
./dsa_make_key.c
./dsa_sign_hash.c
./dsa_verify_hash.c
./dsa_verify_key.c
./eax_addheader.c
./eax_decrypt.c
./eax_decrypt_verify_memory.c
./eax_done.c
./eax_encrypt.c
./eax_encrypt_authenticate_memory.c
./eax_init.c
./eax_test.c
./ecb_decrypt.c
./ecb_encrypt.c
./ecb_start.c
./ecc.c
./ecc_sys.c
./error_to_string.c
./fortuna.c
./hash_file.c
./hash_filehandle.c
./hash_memory.c
./hmac_done.c
./hmac_file.c
./hmac_init.c
./hmac_memory.c
./hmac_process.c
./hmac_test.c
./is_prime.c
./ltc_tommath.h
./makefile
./makefile.cygwin_dll
./makefile.icc
./makefile.msvc
./makefile.shared
./md2.c
./md4.c
./md5.c
./mpi.c
./mpi_to_ltc_error.c
./mycrypt.h
./mycrypt_argchk.h
./mycrypt_cfg.h
./mycrypt_cipher.h
./mycrypt_custom.h
./mycrypt_hash.h
./mycrypt_macros.h
./mycrypt_misc.h
./mycrypt_pk.h
./mycrypt_pkcs.h
./mycrypt_prng.h
./noekeon.c
./notes/etc/whirlgen.c
./notes/etc/whirltest.c
./ocb_decrypt.c
./ocb_decrypt_verify_memory.c
./ocb_done_decrypt.c
./ocb_done_encrypt.c
./ocb_encrypt.c
./ocb_encrypt_authenticate_memory.c
./ocb_init.c
./ocb_ntz.c
./ocb_shift_xor.c
./ocb_test.c
./ofb_decrypt.c
./ofb_encrypt.c
./ofb_getiv.c
./ofb_setiv.c
./ofb_start.c
./omac_done.c
./omac_file.c
./omac_init.c
./omac_memory.c
./omac_process.c
./omac_test.c
./packet_store_header.c
./packet_valid_header.c
./pkcs_1_i2osp.c
./pkcs_1_mgf1.c
./pkcs_1_oaep_decode.c
./pkcs_1_oaep_encode.c
./pkcs_1_os2ip.c
./pkcs_1_pss_decode.c
./pkcs_1_pss_encode.c
./pkcs_1_v15_es_decode.c
./pkcs_1_v15_es_encode.c
./pkcs_1_v15_sa_decode.c
./pkcs_1_v15_sa_encode.c
./pkcs_5_1.c
./pkcs_5_2.c
./pmac_done.c
./pmac_file.c
./pmac_init.c
./pmac_memory.c
./pmac_ntz.c
./pmac_process.c
./pmac_shift_xor.c
./pmac_test.c
./rand_prime.c
./rc2.c
./rc4.c
./rc5.c
./rc6.c
./rmd128.c
./rmd160.c
./rng_get_bytes.c
./rng_make_prng.c
./rsa_decrypt_key.c
./rsa_encrypt_key.c
./rsa_export.c
./rsa_exptmod.c
./rsa_free.c
./rsa_import.c
./rsa_make_key.c
./rsa_sign_hash.c
./rsa_v15_decrypt_key.c
./rsa_v15_encrypt_key.c
./rsa_v15_sign_hash.c
./rsa_v15_verify_hash.c
./rsa_verify_hash.c
./s_ocb_done.c
./safer.c
./safer_tab.c
./saferp.c
./sha1.c
./sha224.c
./sha256.c
./sha384.c
./sha512.c
./skipjack.c
./sober128.c
./sober128tab.c
./sprng.c
./tiger.c
./tim_exptmod.c
./twofish.c
./twofish_tab.c
./whirl.c
./whirltab.c
./xtea.c
./yarrow.c
./zeromem.c

8
demos/encrypt.c
View File

@ -7,7 +7,7 @@
/* ie: ./encrypt blowfish story.txt story.ct */
/* ./encrypt -d blowfish story.ct story.pt */
#include <mycrypt.h>
#include <tomcrypt.h>
int errno;
@ -69,6 +69,12 @@ void register_algs(void)
#ifdef SKIPJACK
register_cipher (&skipjack_desc);
#endif
#ifdef KHAZAD
register_cipher (&khazad_desc);
#endif
#ifdef ANUBIS
register_cipher (&anubis_desc);
#endif
if (register_hash(&sha256_desc) == -1) {
printf("Error registering SHA256\n");

2
demos/hashsum.c
View File

@ -7,7 +7,7 @@
* more functions ;)
*/
#include <mycrypt.h>
#include <tomcrypt.h>
int errno;

106
demos/multi.c Normal file
View File

@ -0,0 +1,106 @@
/* test the multi helpers... */
#include <tomcrypt.h>
int main(void)
{
unsigned char key[16], buf[2][MAXBLOCKSIZE];
unsigned long len, len2;
/* register algos */
register_hash(&sha256_desc);
register_cipher(&aes_desc);
/* HASH testing */
len = sizeof(buf[0]);
hash_memory(find_hash("sha256"), "hello", 5, buf[0], &len);
len2 = sizeof(buf[0]);
hash_memory_multi(find_hash("sha256"), buf[1], &len2, "hello", 5, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
hash_memory_multi(find_hash("sha256"), buf[1], &len2, "he", 2, "llo", 3, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
hash_memory_multi(find_hash("sha256"), buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
/* HMAC */
len = sizeof(buf[0]);
hmac_memory(find_hash("sha256"), key, 16, "hello", 5, buf[0], &len);
len2 = sizeof(buf[0]);
hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "hello", 5, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
hmac_memory_multi(find_hash("sha256"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
/* OMAC */
len = sizeof(buf[0]);
omac_memory(find_cipher("aes"), key, 16, "hello", 5, buf[0], &len);
len2 = sizeof(buf[0]);
omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "hello", 5, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
omac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
/* PMAC */
len = sizeof(buf[0]);
pmac_memory(find_cipher("aes"), key, 16, "hello", 5, buf[0], &len);
len2 = sizeof(buf[0]);
pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "hello", 5, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "he", 2, "llo", 3, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
len2 = sizeof(buf[0]);
pmac_memory_multi(find_cipher("aes"), key, 16, buf[1], &len2, "h", 1, "e", 1, "l", 1, "l", 1, "o", 1, NULL);
if (len != len2 || memcmp(buf[0], buf[1], len)) {
printf("Failed: %d %lu %lu\n", __LINE__, len, len2);
return EXIT_FAILURE;
}
printf("All passed\n");
return EXIT_SUCCESS;
}

3
demos/small.c
View File

@ -1,6 +1,5 @@
// small demo app that just includes a cipher/hash/prng
#include <mycrypt.h>
#include <tomcrypt.h>
int main(void)
{

12
demos/test/der_tests.c
View File

@ -1,5 +1,15 @@
#include "test.h"
#ifndef LTC_DER
int der_tests(void)
{
printf("NOP");
return 0;
}
#else
int der_tests(void)
{
unsigned long x, y, z, zz;
@ -80,3 +90,5 @@ int der_tests(void)
mp_clear_multi(&a, &b, &c, &d, &e, &f, &g, NULL);
return 0;
}
#endif

27
demos/test/ecc_test.c
View File

@ -7,7 +7,7 @@ int ecc_tests (void)
unsigned char buf[4][4096];
unsigned long x, y, z;
int stat, stat2;
ecc_key usera, userb;
ecc_key usera, userb, pubKey, privKey;
DO(ecc_test ());
@ -55,15 +55,24 @@ int ecc_tests (void)
ecc_free (&userb);
/* test encrypt_key */
ecc_make_key (&test_yarrow, find_prng ("yarrow"), 65, &usera);
DO(ecc_make_key (&test_yarrow, find_prng ("yarrow"), 65, &usera));
/* export key */
x = sizeof(buf[0]);
DO(ecc_export(buf[0], &x, PK_PUBLIC, &usera));
DO(ecc_import(buf[0], x, &pubKey));
x = sizeof(buf[0]);
DO(ecc_export(buf[0], &x, PK_PRIVATE, &usera));
DO(ecc_import(buf[0], x, &privKey));
for (x = 0; x < 32; x++) {
buf[0][x] = x;
}
y = sizeof (buf[1]);
DO(ecc_encrypt_key (buf[0], 32, buf[1], &y, &test_yarrow, find_prng ("yarrow"), find_hash ("sha256"), &usera));
DO(ecc_encrypt_key (buf[0], 32, buf[1], &y, &test_yarrow, find_prng ("yarrow"), find_hash ("sha256"), &pubKey));
zeromem (buf[0], sizeof (buf[0]));
x = sizeof (buf[0]);
DO(ecc_decrypt_key (buf[1], y, buf[0], &x, &usera));
DO(ecc_decrypt_key (buf[1], y, buf[0], &x, &privKey));
if (x != 32) {
printf ("Failed (length)");
return 1;
@ -78,15 +87,17 @@ int ecc_tests (void)
buf[0][x] = x;
}
x = sizeof (buf[1]);
DO(ecc_sign_hash (buf[0], 16, buf[1], &x, &test_yarrow, find_prng ("yarrow"), &usera));
DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat, &usera));
DO(ecc_sign_hash (buf[0], 16, buf[1], &x, &test_yarrow, find_prng ("yarrow"), &privKey));
DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat, &pubKey));
buf[0][0] ^= 1;
DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat2, &usera));
DO(ecc_verify_hash (buf[1], x, buf[0], 16, &stat2, &privKey));
if (!(stat == 1 && stat2 == 0)) {
printf("ecc_verify_hash failed");
return 1;
}
ecc_free (&usera);
ecc_free (&usera);
ecc_free (&pubKey);
ecc_free (&privKey);
return 0;
}

4
demos/test/makefile
View File

@ -1,5 +1,5 @@
# make test harness, it is good.
CFLAGS += -Wall -W -Os -I../../ -I./
CFLAGS += -Wall -W -Os -I../../src/headers/ -I./
# add -g3 for ccmalloc debugging
#CFLAGS += -g3
@ -19,7 +19,7 @@ pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests
#CCMALLOC = -lccmalloc -ldl
test: $(OBJECTS)
$(CC) $(OBJECTS) /usr/lib/libtomcrypt.a $(CCMALLOC) -o test
$(CC) $(CFLAGS) $(OBJECTS) /usr/lib/libtomcrypt.a $(CCMALLOC) -o test
clean:
rm -rf test *.o *.obj *.exe *~ .libs

2
demos/test/makefile.icc
View File

@ -1,5 +1,5 @@
# make test harness, it is good.
CFLAGS += -O3 -xN -ip -I../../ -I./
CFLAGS += -O3 -xN -ip -I../../src/headers/ -I./
CC=icc
default: test

2
demos/test/makefile.msvc
View File

@ -1,5 +1,5 @@
# make test harness, it is good.
CFLAGS = $(CFLAGS) /W3 /Ox -I../../ -I./
CFLAGS = $(CFLAGS) /W3 /Ox /I../../src/headers/ /I./
default: test.exe

2
demos/test/makefile.shared
View File

@ -1,5 +1,5 @@
# make test harness, it is good.
CFLAGS += -Wall -W -Os -I../../ -I./
CFLAGS += -Wall -W -Os -I../../src/headers/ -I./
# if you're not debugging
CFLAGS += -fomit-frame-pointer

42
demos/test/rsa_test.c
View File

@ -8,7 +8,7 @@ int rsa_test(void)
{
unsigned char in[1024], out[1024], tmp[1024];
rsa_key key, privKey, pubKey;
int hash_idx, prng_idx, stat, stat2;
int hash_idx, prng_idx, stat, stat2, cnt;
unsigned long rsa_msgsize, len, len2;
static unsigned char lparam[] = { 0x01, 0x02, 0x03, 0x04 };
@ -23,6 +23,7 @@ int rsa_test(void)
DO(rsa_make_key(&test_yarrow, prng_idx, 1024/8, 65537, &key));
/* test PKCS #1 v1.5 */
for (cnt = 0; cnt < 4; cnt++) {
for (rsa_msgsize = 1; rsa_msgsize <= 117; rsa_msgsize++) {
/* make a random key/msg */
yarrow_read(in, rsa_msgsize, &test_yarrow);
@ -32,26 +33,28 @@ int rsa_test(void)
/* encrypt */
DO(rsa_v15_encrypt_key(in, rsa_msgsize, out, &len, &test_yarrow, prng_idx, &key));
DO(rsa_v15_decrypt_key(out, len, tmp, rsa_msgsize, &test_yarrow, prng_idx, &stat, &key));
DO(rsa_v15_decrypt_key(out, len, tmp, rsa_msgsize, &stat, &key));
if (stat != 1 || memcmp(tmp, in, rsa_msgsize)) {
printf("PKCS #1 v1.5 encrypt/decrypt failure (rsa_msgsize: %lu, stat: %d)\n", rsa_msgsize, stat);
return 1;
return 1;
}
}
}
/* signature */
len = sizeof(out);
DO(rsa_v15_sign_hash(in, 20, out, &len, &test_yarrow, prng_idx, hash_idx, &key));
DO(rsa_v15_sign_hash(in, 20, out, &len, hash_idx, &key));
in[1] ^= 1;
DO(rsa_v15_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, &stat, &key));
DO(rsa_v15_verify_hash(out, len, in, 20, hash_idx, &stat, &key));
in[1] ^= 1;
DO(rsa_v15_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, &stat2, &key));
DO(rsa_v15_verify_hash(out, len, in, 20, hash_idx, &stat2, &key));
if (!(stat == 0 && stat2 == 1)) {
printf("PKCS #1 v1.5 sign/verify failure (stat %d, stat2 %d)\n", stat, stat2);
return 1;
}
/* encrypt the key (without lparam) */
for (cnt = 0; cnt < 4; cnt++) {
for (rsa_msgsize = 1; rsa_msgsize <= 86; rsa_msgsize++) {
/* make a random key/msg */
yarrow_read(in, rsa_msgsize, &test_yarrow);
@ -62,7 +65,7 @@ int rsa_test(void)
DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, NULL, 0, &test_yarrow, prng_idx, hash_idx, &key));
/* change a byte */
out[8] ^= 1;
DO(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, &test_yarrow, prng_idx, hash_idx, &stat2, &key));
DO(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat2, &key));
/* change a byte back */
out[8] ^= 1;
if (len2 != rsa_msgsize) {
@ -71,7 +74,7 @@ int rsa_test(void)
}
len2 = rsa_msgsize;
DO(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, &test_yarrow, prng_idx, hash_idx, &stat, &key));
DO(rsa_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat, &key));
if (!(stat == 1 && stat2 == 0)) {
printf("rsa_decrypt_key failed");
return 1;
@ -98,6 +101,7 @@ int rsa_test(void)
return 1;
}
}
}
/* encrypt the key (with lparam) */
for (rsa_msgsize = 1; rsa_msgsize <= 86; rsa_msgsize++) {
@ -106,7 +110,7 @@ int rsa_test(void)
DO(rsa_encrypt_key(in, rsa_msgsize, out, &len, lparam, sizeof(lparam), &test_yarrow, prng_idx, hash_idx, &key));
/* change a byte */
out[8] ^= 1;
DO(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), &test_yarrow, prng_idx, hash_idx, &stat2, &key));
DO(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat2, &key));
if (len2 != rsa_msgsize) {
printf("\nrsa_decrypt_key mismatch len %lu (first decrypt)", len2);
return 1;
@ -115,7 +119,7 @@ int rsa_test(void)
out[8] ^= 1;
len2 = rsa_msgsize;
DO(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), &test_yarrow, prng_idx, hash_idx, &stat, &key));
DO(rsa_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat, &key));
if (!(stat == 1 && stat2 == 0)) {
printf("rsa_decrypt_key failed");
return 1;
@ -139,10 +143,10 @@ int rsa_test(void)
DO(rsa_import(tmp, len2, &pubKey));
/* verify with original */
DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat, &key));
DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &key));
/* change a byte */
in[0] ^= 1;
DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat2, &key));
DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &key));
if (!(stat == 1 && stat2 == 0)) {
printf("rsa_verify_hash (unsalted, origKey) failed, %d, %d", stat, stat2);
@ -155,10 +159,10 @@ int rsa_test(void)
/* verify with privKey */
/* change a byte */
in[0] ^= 1;
DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat, &privKey));
DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &privKey));
/* change a byte */
in[0] ^= 1;
DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat2, &privKey));
DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &privKey));
if (!(stat == 1 && stat2 == 0)) {
printf("rsa_verify_hash (unsalted, privKey) failed, %d, %d", stat, stat2);
@ -171,10 +175,10 @@ int rsa_test(void)
/* verify with pubKey */
/* change a byte */
in[0] ^= 1;
DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat, &pubKey));
DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &pubKey));
/* change a byte */
in[0] ^= 1;
DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 0, &stat2, &pubKey));
DO(rsa_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &pubKey));
if (!(stat == 1 && stat2 == 0)) {
printf("rsa_verify_hash (unsalted, pubkey) failed, %d, %d", stat, stat2);
@ -187,10 +191,10 @@ int rsa_test(void)
/* sign a message (salted) now (use privKey to make, pubKey to verify) */
len = sizeof(out);
DO(rsa_sign_hash(in, 20, out, &len, &test_yarrow, prng_idx, hash_idx, 8, &privKey));
DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 8, &stat, &pubKey));
DO(rsa_verify_hash(out, len, in, 20, hash_idx, 8, &stat, &pubKey));
/* change a byte */
in[0] ^= 1;
DO(rsa_verify_hash(out, len, in, 20, &test_yarrow, prng_idx, hash_idx, 8, &stat2, &pubKey));
DO(rsa_verify_hash(out, len, in, 20, hash_idx, 8, &stat2, &pubKey));
if (!(stat == 1 && stat2 == 0)) {
printf("rsa_verify_hash (salted) failed, %d, %d", stat, stat2);

37
demos/test/test.c
View File

@ -78,6 +78,13 @@ void register_algs(void)
#ifdef SKIPJACK
register_cipher (&skipjack_desc);
#endif
#ifdef KHAZAD
register_cipher (&khazad_desc);
#endif
#ifdef ANUBIS
register_cipher (&anubis_desc);
#endif
#ifdef TIGER
register_hash (&tiger_desc);
#endif
@ -228,30 +235,32 @@ int main(void)
DO(yarrow_add_entropy(buf, 16, &test_yarrow));
DO(yarrow_ready(&test_yarrow));
// output sizes
// output sizes (this will crash MSVC... go figure.)
#ifndef _MSC_VER
printf("Sizes of objects (in bytes)\n");
printf("\tsymmetric_key\t=\t%5lu\n", sizeof(symmetric_key));
printf("\thash_state\t=\t%5lu\n", sizeof(hash_state));
printf("\thmac_state\t=\t%5lu\n", sizeof(hmac_state));
printf("\tomac_state\t=\t%5lu\n", sizeof(omac_state));
printf("\tpmac_state\t=\t%5lu\n", sizeof(pmac_state));
printf("\tocb_state\t=\t%5lu\n", sizeof(ocb_state));
printf("\teax_state\t=\t%5lu\n", sizeof(eax_state));
printf("\tmp_int\t\t=\t%5lu\n", sizeof(mp_int));
printf("\tsymmetric_key\t=\t%5Zu\n", sizeof(symmetric_key));
printf("\thash_state\t=\t%5Zu\n", sizeof(hash_state));
printf("\thmac_state\t=\t%5Zu\n", sizeof(hmac_state));
printf("\tomac_state\t=\t%5Zu\n", sizeof(omac_state));
printf("\tpmac_state\t=\t%5Zu\n", sizeof(pmac_state));
printf("\tocb_state\t=\t%5Zu\n", sizeof(ocb_state));
printf("\teax_state\t=\t%5Zu\n", sizeof(eax_state));
printf("\tmp_int\t\t=\t%5Zu\n", sizeof(mp_int));
#ifdef MRSA
printf("\trsa_key\t\t=\t%5lu\n", sizeof(rsa_key));
printf("\trsa_key\t\t=\t%5Zu\n", sizeof(rsa_key));
#endif
#ifdef MDSA
printf("\tdsa_key\t\t=\t%5lu\n", sizeof(dsa_key));
printf("\tdsa_key\t\t=\t%5Zu\n", sizeof(dsa_key));
#endif
#ifdef MDH
printf("\tdh_key\t\t=\t%5lu\n", sizeof(dh_key));
printf("\tdh_key\t\t=\t%5Zu\n", sizeof(dh_key));
#endif
#ifdef MECC
printf("\tecc_key\t\t=\t%5lu\n", sizeof(ecc_key));
printf("\tecc_key\t\t=\t%5Zu\n", sizeof(ecc_key));
#endif
printf("\n\n");
#endif
printf("\n\n");
// do tests
for (current_test = 0; tests[current_test].name != NULL; current_test++) {
printf("[%-20s]: ", tests[current_test].name); fflush(stdout);

3
demos/test/test.h
View File

@ -1,7 +1,8 @@
#ifndef __TEST_H_
#define __TEST_H_
#include "mycrypt.h"
#include "tomcrypt.h"
/* enable stack testing */
// #define STACK_TEST

8
demos/tv_gen.c
View File

@ -1,4 +1,4 @@
#include <mycrypt.h>
#include <tomcrypt.h>
void reg_algs(void)
{
@ -47,6 +47,12 @@ void reg_algs(void)
#ifdef SKIPJACK
register_cipher (&skipjack_desc);
#endif
#ifdef ANUBIS
register_cipher (&anubis_desc);
#endif
#ifdef KHAZAD
register_cipher (&khazad_desc);
#endif
#ifdef TIGER
register_hash (&tiger_desc);

12
demos/tv_gen.lo
View File

@ -1,12 +0,0 @@
# demos/tv_gen.lo - a libtool object file
# Generated by ltmain.sh - GNU libtool 1.5.2 (1.1220.2.60 2004/01/25 12:25:08)
#
# Please DO NOT delete this file!
# It is necessary for linking the library.
# Name of the PIC object.
pic_object='.libs/tv_gen.o'
# Name of the non-PIC object.
non_pic_object='tv_gen.o'

21
demos/x86_prof.c
View File

@ -1,4 +1,4 @@
#include <mycrypt.h>
#include <tomcrypt.h>
#define KTIMES 25
#define TIMES 100000
@ -35,7 +35,7 @@ void tally_results(int type)
} else if (type == 1) {
for (x = 0; x < no_results; x++) {
printf
("%-20s: Encrypt at %5lu, Decrypt at %5lu\n", cipher_descriptor[results[x].id].name, results[x].spd1, results[x].spd2);
("%-20s[%2d]: Encrypt at %5lu, Decrypt at %5lu\n", cipher_descriptor[results[x].id].name, cipher_descriptor[results[x].id].ID, results[x].spd1, results[x].spd2);
}
} else {
for (x = 0; x < no_results; x++) {
@ -154,6 +154,12 @@ void reg_algs(void)
#ifdef SKIPJACK
register_cipher (&skipjack_desc);
#endif
#ifdef KHAZAD
register_cipher (&khazad_desc);
#endif
#ifdef ANUBIS
register_cipher (&anubis_desc);
#endif
#ifdef TIGER
register_hash (&tiger_desc);
@ -382,7 +388,7 @@ void time_mult(void)
printf("Timing Multiplying:\n");
mp_init_multi(&a,&b,&c,NULL);
for (x = 128/DIGIT_BIT; x <= 1024/DIGIT_BIT; x += 128/DIGIT_BIT) {
for (x = 128/DIGIT_BIT; x <= 1536/DIGIT_BIT; x += 128/DIGIT_BIT) {
mp_rand(&a, x);
mp_rand(&b, x);
@ -397,7 +403,7 @@ void time_mult(void)
t1 = (t_read() - t1)>>1;
if (t1 < t2) t2 = t1;
}
printf("%3lu digits: %9llu cycles\n", x, t2);
printf("%4lu bits: %9llu cycles\n", x*DIGIT_BIT, t2);
}
mp_clear_multi(&a,&b,&c,NULL);
@ -413,7 +419,7 @@ void time_sqr(void)
printf("Timing Squaring:\n");
mp_init_multi(&a,&b,NULL);
for (x = 128/DIGIT_BIT; x <= 1024/DIGIT_BIT; x += 128/DIGIT_BIT) {
for (x = 128/DIGIT_BIT; x <= 1536/DIGIT_BIT; x += 128/DIGIT_BIT) {
mp_rand(&a, x);
#define DO1 mp_sqr(&a, &b);
@ -427,7 +433,7 @@ void time_sqr(void)
t1 = (t_read() - t1)>>1;
if (t1 < t2) t2 = t1;
}
printf("%3lu digits: %9llu cycles\n", x, t2);
printf("%4lu bits: %9llu cycles\n", x*DIGIT_BIT, t2);
}
mp_clear_multi(&a,&b,NULL);
@ -537,8 +543,7 @@ void time_rsa(void)
t_start();
t1 = t_read();
zzz = sizeof(buf[0]);
if ((err = rsa_decrypt_key(buf[1], z, buf[0], &zzz, "testprog", 8, &prng,
find_prng("yarrow"), find_hash("sha1"),
if ((err = rsa_decrypt_key(buf[1], z, buf[0], &zzz, "testprog", 8, find_hash("sha1"),
&zz, &key)) != CRYPT_OK) {
fprintf(stderr, "\n\nrsa_decrypt_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK));
exit(EXIT_FAILURE);

BIN
doc/crypt.pdf
View File

Binary file not shown.

4
doc/footer.html Normal file
View File

@ -0,0 +1,4 @@
<hr width="80%">
Code by <a href="http://www.libtomcrypt.org/">Tom</a><br>
Docs using <img src="doxygen.png" alt="doxygen" align="middle" border=0>
<a href="http://jlcooke.ca/tom/hidden_image.png">

6
doc/header.html Normal file
View File

@ -0,0 +1,6 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
<title>LibTomCrypt: Main Page</title>
<link href="doxygen.css" rel="stylesheet" type="text/css">
</head><body>
<!-- Generated by Doxygen 1.3.8 -->

25
eax_addheader.c
View File

@ -1,25 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
/* add header (metadata) to the stream */
int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length)
{
_ARGCHK(eax != NULL);
_ARGCHK(header != NULL);
return omac_process(&eax->headeromac, header, length);
}
#endif

53
eax_encrypt_authenticate_memory.c
View File

@ -1,53 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef EAX_MODE
int eax_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen)
{
int err;
eax_state *eax;
eax = XMALLOC(sizeof(eax_state));
if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = eax_encrypt(eax, pt, ct, ptlen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = eax_done(eax, tag, taglen)) != CRYPT_OK) {
goto __ERR;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
zeromem(eax, sizeof(eax_state));
#endif
XFREE(eax);
return err;
}
#endif

6
genlist.sh Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# aes_tab.o is a pseudo object as it's made from aes.o and MPI is optional
export a=`echo -n "src/ciphers/aes/aes_enc.o *(MPIOBJECT) " ; find . -type f | sort | grep "[.]/src" | grep "[.]c" | grep -v "sha224" | grep -v "sha384" | grep -v "aes_tab" | grep -v "twofish_tab" | grep -v "whirltab" | grep -v "dh_sys" | grep -v "ecc_sys" | grep -v "mpi[.]c" | grep -v "sober128tab" | sed -e 'sE\./EE' | sed -e 's/\.c/\.o/' | xargs`
./parsenames.pl OBJECTS "$a"
export a=`find . -type f | grep [.]/src | grep [.]h | sed -e 'se\./ee' | xargs`
./parsenames.pl HEADERS "$a"

58
hmac_memory.c
View File

@ -1,58 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Submited by Dobes Vandermeer (dobes@smartt.com) */
#include "mycrypt.h"
#ifdef HMAC
int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
const unsigned char *data, unsigned long len,
unsigned char *dst, unsigned long *dstlen)
{
hmac_state *hmac;
int err;
_ARGCHK(key != NULL);
_ARGCHK(data != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(dstlen != NULL);
/* allocate ram for hmac state */
hmac = XMALLOC(sizeof(hmac_state));
if (hmac == NULL) {
return CRYPT_MEM;
}
if ((err = hmac_init(hmac, hash, key, keylen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = hmac_process(hmac, data, len)) != CRYPT_OK) {
goto __ERR;
}
if ((err = hmac_done(hmac, dst, dstlen)) != CRYPT_OK) {
goto __ERR;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
zeromem(hmac, sizeof(hmac_state));
#endif
XFREE(hmac);
return err;
}
#endif

29
hmac_process.c
View File

@ -1,29 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Submited by Dobes Vandermeer (dobes@smartt.com) */
#include "mycrypt.h"
#ifdef HMAC
int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned long len)
{
int err;
_ARGCHK(hmac != NULL);
_ARGCHK(buf != NULL);
if ((err = hash_is_valid(hmac->hash)) != CRYPT_OK) {
return err;
}
return hash_descriptor[hmac->hash].process(&hmac->md, buf, len);
}
#endif

254
makefile
View File

@ -4,7 +4,7 @@
# Modified by Clay Culver
# The version
VERSION=0.99
VERSION=1.00
# Compiler and Linker Names
#CC=gcc
@ -15,22 +15,27 @@ VERSION=0.99
#ARFLAGS=r
# Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wshadow
# -Werror
CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow
# additional warnings (newer GCC 3.4 and higher)
#CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
# -Wmissing-declarations -Wpointer-arith
# optimize for SPEED
#CFLAGS += -O3 -funroll-all-loops
#add -fomit-frame-pointer. hinders debugging!
#CFLAGS += -fomit-frame-pointer
# add -fomit-frame-pointer. hinders debugging!
CFLAGS += -fomit-frame-pointer
# optimize for SIZE
CFLAGS += -Os -DSMALL_CODE
CFLAGS += -Os -DLTC_SMALL_CODE
# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
# define this to help
#CFLAGS += -DLTC_NO_ROLC
# compile for DEBUGING (required for ccmalloc checking!!!)
#CFLAGS += -g3
#These flags control how the library gets built.
#CFLAGS += -g3 -DLTC_NO_ASM
#Output filenames for various targets.
LIBNAME=libtomcrypt.a
@ -39,6 +44,7 @@ CRYPT=encrypt
SMALL=small
PROF=x86_prof
TV=tv_gen
MULTI=multi
#LIBPATH-The directory for libtomcrypt to be installed to.
#INCPATH-The directory to install the header files for libtomcrypt.
@ -48,78 +54,87 @@ LIBPATH=/usr/lib
INCPATH=/usr/include
DATAPATH=/usr/share/doc/libtomcrypt/pdf
#Who do we install as?
USER=root
GROUP=root
#List of objects to compile.
#Leave MPI built-in or force developer to link against libtommath?
MPIOBJECT=mpi.o
MPIOBJECT=src/misc/mpi/mpi.o
OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
\
crypt.o crypt_find_cipher.o crypt_find_hash_any.o \
crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \
crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \
crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \
crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \
crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \
crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \
\
sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \
\
rand_prime.o is_prime.o \
\
ecc.o dh.o \
\
rsa_decrypt_key.o rsa_encrypt_key.o rsa_exptmod.o rsa_free.o rsa_make_key.o \
rsa_sign_hash.o rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
\
dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o \
dsa_verify_hash.o dsa_verify_key.o \
\
aes.o aes_enc.o \
\
blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
\
md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
rmd128.o rmd160.o chc.o \
\
packet_store_header.o packet_valid_header.o \
\
eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \
eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \
\
ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \
ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \
ocb_shift_xor.o ocb_test.o s_ocb_done.o \
\
omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \
\
pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \
pmac_shift_xor.o pmac_test.o \
\
cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
ecb_start.o ecb_encrypt.o ecb_decrypt.o \
\
hash_file.o hash_filehandle.o hash_memory.o \
\
hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \
\
pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \
pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
\
pkcs_5_1.o pkcs_5_2.o \
\
der_encode_integer.o der_decode_integer.o der_length_integer.o \
der_put_multi_integer.o der_get_multi_integer.o \
\
burn_stack.o zeromem.o \
\
$(MPIOBJECT)
OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
src/prngs/sprng.o src/prngs/yarrow.o
TESTOBJECTS=demos/test.o
HASHOBJECTS=demos/hashsum.o
@ -127,6 +142,7 @@ CRYPTOBJECTS=demos/encrypt.o
SMALLOBJECTS=demos/small.o
PROFS=demos/x86_prof.o
TVS=demos/tv_gen.o
MULTIS=demos/multi.o
#Files left over from making the crypt.pdf.
LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
@ -135,32 +151,33 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip
#Header files used by libtomcrypt.
HEADERS=ltc_tommath.h mycrypt_cfg.h \
mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \
mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h \
mycrypt_custom.h mycrypt_pkcs.h tommath_class.h tommath_superclass.h
HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h src/headers/tomcrypt_hash.h \
src/headers/tomcrypt_macros.h src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
#The default rule for make builds the libtomcrypt library.
default:library
#ciphers come in two flavours... enc+dec and enc
aes_enc.o: aes.c aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c aes.c -o aes_enc.o
src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
#These are the rules to make certain object files.
aes.o: aes.c aes_tab.c
twofish.o: twofish.c twofish_tab.c
whirl.o: whirl.c whirltab.c
ecc.o: ecc.c ecc_sys.c
dh.o: dh.c dh_sys.c
sha512.o: sha512.c sha384.c
sha256.o: sha256.c sha224.c
src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
#This rule makes the libtomcrypt library.
library: $(LIBNAME)
$(LIBNAME): $(OBJECTS)
$(AR) $(ARFLAGS) $@ $(OBJECTS)
ranlib $(LIBNAME)
#This rule makes the hash program included with libtomcrypt
hashsum: library $(HASHOBJECTS)
@ -180,32 +197,48 @@ x86_prof: library $(PROFS)
tv_gen: library $(TVS)
$(CC) $(TVS) $(LIBNAME) $(EXTRALIBS) -o $(TV)
multi: library $(MULTIS)
$(CC) $(MULTIS) $(LIBNAME) -o multi
#This rule installs the library and the header files. This must be run
#as root in order to have a high enough permission to write to the correct
#directories and to set the owner and group to root.
install: library docs
install -d -g root -o root $(DESTDIR)$(LIBPATH)
install -d -g root -o root $(DESTDIR)$(INCPATH)
install -d -g root -o root $(DESTDIR)$(DATAPATH)
install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH)
install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
install -g root -o root doc/crypt.pdf $(DESTDIR)$(DATAPATH)
install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(DATAPATH)
install -g $(GROUP) -o $(USER) $(LIBNAME) $(DESTDIR)$(LIBPATH)
install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
install -g $(GROUP) -o $(USER) doc/crypt.pdf $(DESTDIR)$(DATAPATH)
install_lib: library
install -d -g root -o root $(DESTDIR)$(LIBPATH)
install -d -g root -o root $(DESTDIR)$(INCPATH)
install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH)
install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(LIBPATH)
install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
install -g $(GROUP) -o $(USER) $(LIBNAME) $(DESTDIR)$(LIBPATH)
install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
#This rule cleans the source tree of all compiled code, not including the pdf
#documentation.
clean:
rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME)
rm -f $(TEST) $(HASH) $(COMPRESSED) $(PROFS) $(PROF) $(TVS) $(TV)
rm -f *.la *.lo *.o *.a *.dll *stackdump *.lib *.exe *.obj demos/*.obj demos/*.o *.bat *.txt *.il *.da demos/*.il demos/*.da *.dyn *.dpi \
*.gcda *.gcno demos/*.gcno demos/*.gcda *~ doc/*
cd demos/test ; make clean
rm -rf .libs demos/.libs demos/test/.libs
rm -f `find . -type f | grep "[.]o" | xargs`
rm -f `find . -type f | grep "[.]lo" | xargs`
rm -f `find . -type f | grep "[.]a" | xargs`
rm -f `find . -type f | grep "[.]la" | xargs`
rm -f `find . -type f | grep "[.]obj" | xargs`
rm -f `find . -type f | grep "[.]lib" | xargs`
rm -f `find . -type f | grep "[.]exe" | xargs`
rm -rf `find . -type d | grep "[.]libs" | xargs`
rm -f crypt.aux crypt.dvi crypt.idx crypt.ilg crypt.ind crypt.log crypt.toc
rm -f $(TV) $(PROF) $(SMALL) $(CRYPT) $(HASHSUM) $(MULTI)
cd demos/test ; make clean
rm -rf doc/doxygen
rm -f doc/*.pdf
#build the doxy files (requires Doxygen, tetex and patience)
doxy:
doxygen
cd doc/doxygen/latex ; make ; mv -f refman.pdf ../../.
echo The huge doxygen PDF should be available as doc/refman.pdf
#This builds the crypt.pdf file. Note that the rm -f *.pdf has been removed
#from the clean command! This is because most people would like to keep the
@ -229,10 +262,6 @@ docdvi: crypt.tex
makeindex crypt.idx
latex crypt > /dev/null
#pretty build
pretty:
perl pretty.build
#for GCC 3.4+
profiled:
make clean
@ -244,6 +273,7 @@ profiled:
#zipup the project (take that!)
zipup: clean docs
cd .. ; rm -rf crypt* libtomcrypt-$(VERSION) ; mkdir libtomcrypt-$(VERSION) ; \
cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)/ ; tar -c libtomcrypt-$(VERSION)/* > crypt-$(VERSION).tar ; \
bzip2 -9vv crypt-$(VERSION).tar ; zip -9 -r crypt-$(VERSION).zip libtomcrypt-$(VERSION)/* ; \
cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)/ ; \
tar -cjvf crypt-$(VERSION).tar.bz2 libtomcrypt-$(VERSION)/* ; \
zip -9 -r crypt-$(VERSION).zip libtomcrypt-$(VERSION)/* ; \
gpg -b -a crypt-$(VERSION).tar.bz2 ; gpg -b -a crypt-$(VERSION).zip

166
makefile.cygwin_dll
View File

@ -4,7 +4,7 @@ default: ltc_dll
# Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -I./ -Wall -Wsign-compare -W -Wno-unused -Wshadow -mno-cygwin -DWIN32
CFLAGS += -I./src/headers/ -Wall -Wsign-compare -W -Wno-unused -Wshadow -mno-cygwin -DWIN32 -DLTC_NO_ROLC
# optimize for SPEED
CFLAGS += -O3 -funroll-all-loops
@ -16,80 +16,102 @@ CFLAGS += -fomit-frame-pointer
#CFLAGS += -Os
#Leave MPI built-in or force developer to link against libtommath?
MPIOBJECT=mpi.o
MPIOBJECT=src/misc/mpi/mpi.o
OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
\
crypt.o crypt_find_cipher.o crypt_find_hash_any.o \
crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \
crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \
crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \
crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \
crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \
crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \
\
sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \
\
rand_prime.o is_prime.o \
\
ecc.o dh.o \
\
rsa_decrypt_key.o rsa_encrypt_key.o rsa_exptmod.o rsa_free.o rsa_make_key.o \
rsa_sign_hash.o rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
\
dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o \
dsa_verify_hash.o dsa_verify_key.o \
\
aes.o aes_enc.o \
\
blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
\
md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
rmd128.o rmd160.o chc.o \
\
packet_store_header.o packet_valid_header.o \
\
eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \
eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \
\
ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \
ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \
ocb_shift_xor.o ocb_test.o s_ocb_done.o \
\
omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \
\
pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \
pmac_shift_xor.o pmac_test.o \
\
cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
ecb_start.o ecb_encrypt.o ecb_decrypt.o \
\
hash_file.o hash_filehandle.o hash_memory.o \
\
hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \
\
pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \
pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
\
pkcs_5_1.o pkcs_5_2.o \
\
der_encode_integer.o der_decode_integer.o der_length_integer.o \
der_put_multi_integer.o der_get_multi_integer.o \
\
burn_stack.o zeromem.o \
\
$(MPIOBJECT)
OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
src/prngs/sprng.o src/prngs/yarrow.o
#Header files used by libtomcrypt.
HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h src/headers/tomcrypt_hash.h \
src/headers/tomcrypt_macros.h src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
#ciphers come in two flavours... enc+dec and enc
aes_enc.o: aes.c aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c aes.c -o aes_enc.o
src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
#These are the rules to make certain object files.
src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
ltc_dll: $(OBJECTS) $(MPIOBJECT)
gcc -mno-cygwin -mdll -o libtomcrypt.dll -Wl,--out-implib=libtomcrypt.dll.a -Wl,--export-all-symbols *.o -ladvapi32
gcc -mno-cygwin -mdll -o libtomcrypt.dll -Wl,--out-implib=libtomcrypt.dll.a -Wl,--export-all-symbols `find . -type f | grep [.]o | xargs` -ladvapi32
ranlib libtomcrypt.dll.a
cp -fv src/headers/* /usr/include
cp -fv *.a /usr/lib
cp -fv *.dll /usr/bin

196
makefile.icc
View File

@ -22,7 +22,7 @@ CC=icc
#ARFLAGS=r
# Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -c -I./ -DINTEL_CC
CFLAGS += -c -I./src/headers/ -DINTEL_CC
#The default rule for make builds the libtomcrypt library.
default:library
@ -30,15 +30,15 @@ default:library
# optimize for SPEED
#
# -mcpu= can be pentium, pentiumpro (covers PII through PIII) or pentium4
# -ax? specifies make code specifically for ? but compatible with IA-32
# -x? specifies compile solely for ? [not specifically IA-32 compatible]
# -ax? specifies make code specifically for ? but compatible with IA-32
# -x? specifies compile solely for ? [not specifically IA-32 compatible]
#
# where ? is
# K - PIII
# W - first P4 [Williamette]
# N - P4 Northwood
# P - P4 Prescott
# B - Blend of P4 and PM [mobile]
# K - PIII
# W - first P4 [Williamette]
# N - P4 Northwood
# P - P4 Prescott
# B - Blend of P4 and PM [mobile]
#
# Default to just generic max opts
CFLAGS += -O3 -xN -ip
@ -67,76 +67,79 @@ DATAPATH=/usr/share/doc/libtomcrypt/pdf
#List of objects to compile.
#Leave MPI built-in or force developer to link against libtommath?
MPIOBJECT=mpi.o
OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
\
crypt.o crypt_find_cipher.o crypt_find_hash_any.o \
crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \
crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \
crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \
crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \
crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \
crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \
\
sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \
\
rand_prime.o is_prime.o \
\
ecc.o dh.o \
\
rsa_decrypt_key.o rsa_encrypt_key.o rsa_exptmod.o rsa_free.o rsa_make_key.o \
rsa_sign_hash.o rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
\
dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o \
dsa_verify_hash.o dsa_verify_key.o \
\
aes.o aes_enc.o \
\
blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
\
md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
rmd128.o rmd160.o chc.o \
\
packet_store_header.o packet_valid_header.o \
\
eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \
eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \
\
ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \
ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \
ocb_shift_xor.o ocb_test.o s_ocb_done.o \
\
omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \
\
pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \
pmac_shift_xor.o pmac_test.o \
\
cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
ecb_start.o ecb_encrypt.o ecb_decrypt.o \
\
hash_file.o hash_filehandle.o hash_memory.o \
\
hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \
\
pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \
pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
\
pkcs_5_1.o pkcs_5_2.o \
\
der_encode_integer.o der_decode_integer.o der_length_integer.o \
der_put_multi_integer.o der_get_multi_integer.o \
\
burn_stack.o zeromem.o \
\
$(MPIOBJECT)
MPIOBJECT=src/misc/mpi/mpi.o
OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
src/prngs/sprng.o src/prngs/yarrow.o
#ciphers come in two flavours... enc+dec and enc
aes_enc.o: aes.c aes_tab.c
@ -155,24 +158,30 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind
COMPRESSED=crypt.tar.bz2 crypt.zip crypt.tar.gz
#Header files used by libtomcrypt.
HEADERS=ltc_tommath.h mycrypt_cfg.h \
mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \
mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h mycrypt_custom.h
HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h src/headers/tomcrypt_hash.h \
src/headers/tomcrypt_macros.h src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
#ciphers come in two flavours... enc+dec and enc
src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
#These are the rules to make certain object files.
rsa.o: rsa.c rsa_sys.c
ecc.o: ecc.c ecc_sys.c
dh.o: dh.c dh_sys.c
aes.o: aes.c aes_tab.c
twofish.o: twofish.c twofish_tab.c
sha512.o: sha512.c sha384.c
sha256.o: sha256.c sha224.c
src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
#This rule makes the libtomcrypt library.
library: $(LIBNAME)
$(LIBNAME): $(OBJECTS)
$(AR) $(ARFLAGS) $@ $(OBJECTS)
$(AR) $(ARFLAGS) $@ $(OBJECTS)
ranlib $(LIBNAME)
#This rule makes the hash program included with libtomcrypt
hashsum: library $(HASHOBJECTS)
@ -194,10 +203,10 @@ tv_gen: library $(TVS)
profiled:
make clean
make CFLAGS="$(CFLAGS) -prof_gen" x86_prof
make -f makefile.icc CFLAGS="$(CFLAGS) -prof_gen" x86_prof
./x86_prof
rm *.o *.a x86_prof
make CFLAGS="$(CFLAGS) -prof_use" x86_prof
make -f makefile.icc CFLAGS="$(CFLAGS) -prof_use" x86_prof
#This rule installs the library and the header files. This must be run
@ -208,10 +217,3 @@ install: library
install -d -g root -o root $(DESTDIR)$(INCPATH)
install -g root -o root $(LIBNAME) $(DESTDIR)$(LIBPATH)
install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
#This rule cleans the source tree of all compiled code, not including the pdf
#documentation.
clean:
rm -f $(OBJECTS) $(TESTOBJECTS) $(HASHOBJECTS) $(CRYPTOBJECTS) $(SMALLOBJECTS) $(LEFTOVERS) $(LIBNAME)
rm -f $(TEST) $(HASH) $(COMPRESSED) $(PROFS) $(PROF) $(TVS) $(TV)
rm -f *.a *.dll *stackdump *.lib *.exe *.obj demos/*.obj demos/*.o *.bat *.txt *.il *.da demos/*.il demos/*.da *.dyn

148
makefile.msvc
View File

@ -1,84 +1,88 @@
#MSVC Makefile [tested with MSVC 6.00 with SP5]
#
#Tom St Denis
CFLAGS = /I. /Ox /DWIN32 /W3
CFLAGS = /Isrc/headers/ /Ox /DWIN32 /W3 /Fo$@
default: library
# leave this blank and link against libtommath if you want better link resolution
MPIOBJECT=mpi.obj
MPIOBJECT=src/misc/mpi/mpi.obj
OBJECTS=error_to_string.obj mpi_to_ltc_error.obj base64_encode.obj base64_decode.obj \
\
crypt.obj crypt_find_cipher.obj crypt_find_hash_any.obj \
crypt_hash_is_valid.obj crypt_register_hash.obj crypt_unregister_prng.obj \
crypt_argchk.obj crypt_find_cipher_any.obj crypt_find_hash_id.obj \
crypt_prng_descriptor.obj crypt_register_prng.obj crypt_cipher_descriptor.obj \
crypt_find_cipher_id.obj crypt_find_prng.obj crypt_prng_is_valid.obj \
crypt_unregister_cipher.obj crypt_cipher_is_valid.obj crypt_find_hash.obj \
crypt_hash_descriptor.obj crypt_register_cipher.obj crypt_unregister_hash.obj \
\
sober128.obj fortuna.obj sprng.obj yarrow.obj rc4.obj rng_get_bytes.obj rng_make_prng.obj \
\
rand_prime.obj is_prime.obj \
\
ecc.obj dh.obj \
\
rsa_decrypt_key.obj rsa_encrypt_key.obj rsa_exptmod.obj rsa_free.obj rsa_make_key.obj \
rsa_sign_hash.obj rsa_verify_hash.obj rsa_export.obj rsa_import.obj tim_exptmod.obj \
rsa_v15_encrypt_key.obj rsa_v15_decrypt_key.obj rsa_v15_sign_hash.obj rsa_v15_verify_hash.obj \
\
dsa_export.obj dsa_free.obj dsa_import.obj dsa_make_key.obj dsa_sign_hash.obj \
dsa_verify_hash.obj dsa_verify_key.obj \
\
aes.obj aes_enc.obj \
\
blowfish.obj des.obj safer_tab.obj safer.obj saferp.obj rc2.obj xtea.obj \
rc6.obj rc5.obj cast5.obj noekeon.obj twofish.obj skipjack.obj \
\
md2.obj md4.obj md5.obj sha1.obj sha256.obj sha512.obj tiger.obj whirl.obj \
rmd128.obj rmd160.obj chc.obj \
\
packet_store_header.obj packet_valid_header.obj \
\
eax_addheader.obj eax_decrypt.obj eax_decrypt_verify_memory.obj eax_done.obj eax_encrypt.obj \
eax_encrypt_authenticate_memory.obj eax_init.obj eax_test.obj \
\
ocb_decrypt.obj ocb_decrypt_verify_memory.obj ocb_done_decrypt.obj ocb_done_encrypt.obj \
ocb_encrypt.obj ocb_encrypt_authenticate_memory.obj ocb_init.obj ocb_ntz.obj \
ocb_shift_xor.obj ocb_test.obj s_ocb_done.obj \
\
omac_done.obj omac_file.obj omac_init.obj omac_memory.obj omac_process.obj omac_test.obj \
\
pmac_done.obj pmac_file.obj pmac_init.obj pmac_memory.obj pmac_ntz.obj pmac_process.obj \
pmac_shift_xor.obj pmac_test.obj \
\
cbc_start.obj cbc_encrypt.obj cbc_decrypt.obj cbc_getiv.obj cbc_setiv.obj \
cfb_start.obj cfb_encrypt.obj cfb_decrypt.obj cfb_getiv.obj cfb_setiv.obj \
ofb_start.obj ofb_encrypt.obj ofb_decrypt.obj ofb_getiv.obj ofb_setiv.obj \
ctr_start.obj ctr_encrypt.obj ctr_decrypt.obj ctr_getiv.obj ctr_setiv.obj \
ecb_start.obj ecb_encrypt.obj ecb_decrypt.obj \
\
hash_file.obj hash_filehandle.obj hash_memory.obj \
\
hmac_done.obj hmac_file.obj hmac_init.obj hmac_memory.obj hmac_process.obj hmac_test.obj \
\
pkcs_1_mgf1.obj pkcs_1_oaep_encode.obj pkcs_1_oaep_decode.obj \
pkcs_1_pss_encode.obj pkcs_1_pss_decode.obj pkcs_1_i2osp.obj pkcs_1_os2ip.obj \
pkcs_1_v15_es_encode.obj pkcs_1_v15_es_decode.obj pkcs_1_v15_sa_encode.obj pkcs_1_v15_sa_decode.obj \
\
pkcs_5_1.obj pkcs_5_2.obj \
\
der_encode_integer.obj der_decode_integer.obj der_length_integer.obj \
der_put_multi_integer.obj der_get_multi_integer.obj \
\
burn_stack.obj zeromem.obj \
\
$(MPIOBJECT)
OBJECTS=src/ciphers/aes/aes_enc.obj $(MPIOBJECT) src/ciphers/aes/aes.obj \
src/ciphers/anubis.obj src/ciphers/blowfish.obj src/ciphers/cast5.obj src/ciphers/des.obj \
src/ciphers/khazad.obj src/ciphers/noekeon.obj src/ciphers/rc2.obj src/ciphers/rc5.obj \
src/ciphers/rc6.obj src/ciphers/safer/safer.obj src/ciphers/safer/safer_tab.obj \
src/ciphers/safer/saferp.obj src/ciphers/skipjack.obj src/ciphers/twofish/twofish.obj \
src/ciphers/xtea.obj src/encauth/eax/eax_addheader.obj src/encauth/eax/eax_decrypt.obj \
src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj \
src/encauth/eax/eax_encrypt.obj src/encauth/eax/eax_encrypt_authenticate_memory.obj \
src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj \
src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj \
src/encauth/ocb/ocb_encrypt.obj src/encauth/ocb/ocb_encrypt_authenticate_memory.obj \
src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj \
src/encauth/ocb/s_ocb_done.obj src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj \
src/hashes/helper/hash_filehandle.obj src/hashes/helper/hash_memory.obj \
src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \
src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/sha1.obj \
src/hashes/sha2/sha256.obj src/hashes/sha2/sha512.obj src/hashes/tiger.obj \
src/hashes/whirl/whirl.obj src/mac/hmac/hmac_done.obj src/mac/hmac/hmac_file.obj \
src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \
src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj \
src/mac/hmac/hmac_test.obj src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj \
src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \
src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj \
src/mac/omac/omac_test.obj src/mac/pmac/pmac_done.obj src/mac/pmac/pmac_file.obj \
src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj \
src/mac/pmac/pmac_process.obj src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj \
src/misc/base64/base64_decode.obj src/misc/base64/base64_encode.obj \
src/misc/burn_stack.obj src/misc/crypt/crypt.obj src/misc/crypt/crypt_argchk.obj \
src/misc/crypt/crypt_cipher_descriptor.obj src/misc/crypt/crypt_cipher_is_valid.obj \
src/misc/crypt/crypt_find_cipher.obj src/misc/crypt/crypt_find_cipher_any.obj \
src/misc/crypt/crypt_find_cipher_id.obj src/misc/crypt/crypt_find_hash.obj \
src/misc/crypt/crypt_find_hash_any.obj src/misc/crypt/crypt_find_hash_id.obj \
src/misc/crypt/crypt_find_prng.obj src/misc/crypt/crypt_hash_descriptor.obj \
src/misc/crypt/crypt_hash_is_valid.obj src/misc/crypt/crypt_prng_descriptor.obj \
src/misc/crypt/crypt_prng_is_valid.obj src/misc/crypt/crypt_register_cipher.obj \
src/misc/crypt/crypt_register_hash.obj src/misc/crypt/crypt_register_prng.obj \
src/misc/crypt/crypt_unregister_cipher.obj src/misc/crypt/crypt_unregister_hash.obj \
src/misc/crypt/crypt_unregister_prng.obj src/misc/error_to_string.obj \
src/misc/mpi/is_prime.obj src/misc/mpi/mpi_to_ltc_error.obj src/misc/mpi/rand_prime.obj \
src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj \
src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_encrypt.obj src/modes/cbc/cbc_getiv.obj \
src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj src/modes/cfb/cfb_decrypt.obj \
src/modes/cfb/cfb_encrypt.obj src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj \
src/modes/cfb/cfb_start.obj src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_encrypt.obj \
src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj \
src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_encrypt.obj src/modes/ecb/ecb_start.obj \
src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj \
src/modes/ofb/ofb_setiv.obj src/modes/ofb/ofb_start.obj \
src/pk/asn1/der/der_decode_integer.obj src/pk/asn1/der/der_encode_integer.obj \
src/pk/asn1/der/der_get_multi_integer.obj src/pk/asn1/der/der_length_integer.obj \
src/pk/asn1/der/der_put_multi_integer.obj src/pk/dh/dh.obj src/pk/dsa/dsa_export.obj \
src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_make_key.obj \
src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj \
src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/packet_store_header.obj \
src/pk/packet_valid_header.obj src/pk/pkcs1/pkcs_1_i2osp.obj \
src/pk/pkcs1/pkcs_1_mgf1.obj src/pk/pkcs1/pkcs_1_oaep_decode.obj \
src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \
src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj \
src/pk/pkcs1/pkcs_1_v15_es_decode.obj src/pk/pkcs1/pkcs_1_v15_es_encode.obj \
src/pk/pkcs1/pkcs_1_v15_sa_decode.obj src/pk/pkcs1/pkcs_1_v15_sa_encode.obj \
src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj src/pk/rsa/rsa_export.obj \
src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_import.obj \
src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj \
src/pk/rsa/rsa_v15_decrypt_key.obj src/pk/rsa/rsa_v15_encrypt_key.obj \
src/pk/rsa/rsa_v15_sign_hash.obj src/pk/rsa/rsa_v15_verify_hash.obj \
src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj src/prngs/rc4.obj \
src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj \
src/prngs/sprng.obj src/prngs/yarrow.obj
#ciphers come in two flavours... enc+dec and enc
aes_enc.obj: aes.c aes_tab.c
$(CC) $(CFLAGS) /DENCRYPT_ONLY /c aes.c /Foaes_enc.obj
#ciphers come in two flavours... enc+dec and enc
src/ciphers/aes/aes_enc.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
$(CC) $(CFLAGS) /DENCRYPT_ONLY /c src/ciphers/aes/aes.c /Fosrc/ciphers/aes/aes_enc.obj
library: $(OBJECTS)
lib /out:tomcrypt.lib $(OBJECTS)

211
makefile.shared
View File

@ -1,25 +1,27 @@
# MAKEFILE for linux GCC
#
# This makefile produces a shared object and requires libtool to be installed.
#
# Thanks to Zed Shaw for helping debug this on BSD/OSX.
# Tom St Denis
# Modified by Clay Culver
# The version
VERSION=0:99
VERSION=0:100
# Compiler and Linker Names
CC=libtool --mode=compile gcc
# Archiver [makes .a files]
AR=libtool --mode=link
CC=libtool --silent --mode=compile gcc
# Compilation flags. Note the += does not write over the user's CFLAGS!
CFLAGS += -c -I./ -Wall -Wsign-compare -W -Wshadow
# -Werror
CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow
# additional warnings (newer GCC 3.4 and higher)
#CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
# -Wmissing-declarations -Wpointer-arith
# optimize for SPEED
CFLAGS += -O3 -funroll-all-loops
#add -fomit-frame-pointer. hinders debugging!
# add -fomit-frame-pointer. hinders debugging!
CFLAGS += -fomit-frame-pointer
# optimize for SIZE
@ -28,7 +30,9 @@ CFLAGS += -fomit-frame-pointer
# compile for DEBUGING (required for ccmalloc checking!!!)
#CFLAGS += -g3
#These flags control how the library gets built.
# older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
# define this to help
#CFLAGS += -DLTC_NO_ROLC
#Output filenames for various targets.
LIBNAME=libtomcrypt.la
@ -46,81 +50,89 @@ LIBPATH=/usr/lib
INCPATH=/usr/include
DATAPATH=/usr/share/doc/libtomcrypt/pdf
#Who do we install as?
USER=root
GROUP=root
#List of objects to compile.
#Leave MPI built-in or force developer to link against libtommath?
MPIOBJECT=mpi.o
MPIOBJECT=src/misc/mpi/mpi.o
#If you don't want mpi.o then add this
#MPISHARED=$(LIBPATH)/libtommath.la
OBJECTS=error_to_string.o mpi_to_ltc_error.o base64_encode.o base64_decode.o \
\
crypt.o crypt_find_cipher.o crypt_find_hash_any.o \
crypt_hash_is_valid.o crypt_register_hash.o crypt_unregister_prng.o \
crypt_argchk.o crypt_find_cipher_any.o crypt_find_hash_id.o \
crypt_prng_descriptor.o crypt_register_prng.o crypt_cipher_descriptor.o \
crypt_find_cipher_id.o crypt_find_prng.o crypt_prng_is_valid.o \
crypt_unregister_cipher.o crypt_cipher_is_valid.o crypt_find_hash.o \
crypt_hash_descriptor.o crypt_register_cipher.o crypt_unregister_hash.o \
\
sober128.o fortuna.o sprng.o yarrow.o rc4.o rng_get_bytes.o rng_make_prng.o \
\
rand_prime.o is_prime.o \
\
ecc.o dh.o \
\
rsa_decrypt_key.o rsa_encrypt_key.o rsa_exptmod.o rsa_free.o rsa_make_key.o \
rsa_sign_hash.o rsa_verify_hash.o rsa_export.o rsa_import.o tim_exptmod.o \
rsa_v15_encrypt_key.o rsa_v15_decrypt_key.o rsa_v15_sign_hash.o rsa_v15_verify_hash.o \
\
dsa_export.o dsa_free.o dsa_import.o dsa_make_key.o dsa_sign_hash.o \
dsa_verify_hash.o dsa_verify_key.o \
\
aes.o aes_enc.o \
\
blowfish.o des.o safer_tab.o safer.o saferp.o rc2.o xtea.o \
rc6.o rc5.o cast5.o noekeon.o twofish.o skipjack.o \
\
md2.o md4.o md5.o sha1.o sha256.o sha512.o tiger.o whirl.o \
rmd128.o rmd160.o chc.o \
\
packet_store_header.o packet_valid_header.o \
\
eax_addheader.o eax_decrypt.o eax_decrypt_verify_memory.o eax_done.o eax_encrypt.o \
eax_encrypt_authenticate_memory.o eax_init.o eax_test.o \
\
ocb_decrypt.o ocb_decrypt_verify_memory.o ocb_done_decrypt.o ocb_done_encrypt.o \
ocb_encrypt.o ocb_encrypt_authenticate_memory.o ocb_init.o ocb_ntz.o \
ocb_shift_xor.o ocb_test.o s_ocb_done.o \
\
omac_done.o omac_file.o omac_init.o omac_memory.o omac_process.o omac_test.o \
\
pmac_done.o pmac_file.o pmac_init.o pmac_memory.o pmac_ntz.o pmac_process.o \
pmac_shift_xor.o pmac_test.o \
\
cbc_start.o cbc_encrypt.o cbc_decrypt.o cbc_getiv.o cbc_setiv.o \
cfb_start.o cfb_encrypt.o cfb_decrypt.o cfb_getiv.o cfb_setiv.o \
ofb_start.o ofb_encrypt.o ofb_decrypt.o ofb_getiv.o ofb_setiv.o \
ctr_start.o ctr_encrypt.o ctr_decrypt.o ctr_getiv.o ctr_setiv.o \
ecb_start.o ecb_encrypt.o ecb_decrypt.o \
\
hash_file.o hash_filehandle.o hash_memory.o \
\
hmac_done.o hmac_file.o hmac_init.o hmac_memory.o hmac_process.o hmac_test.o \
\
pkcs_1_mgf1.o pkcs_1_oaep_encode.o pkcs_1_oaep_decode.o \
pkcs_1_pss_encode.o pkcs_1_pss_decode.o pkcs_1_i2osp.o pkcs_1_os2ip.o \
pkcs_1_v15_es_encode.o pkcs_1_v15_es_decode.o pkcs_1_v15_sa_encode.o pkcs_1_v15_sa_decode.o \
\
pkcs_5_1.o pkcs_5_2.o \
\
der_encode_integer.o der_decode_integer.o der_length_integer.o \
der_put_multi_integer.o der_get_multi_integer.o \
\
burn_stack.o zeromem.o \
\
$(MPIOBJECT)
OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
src/prngs/sprng.o src/prngs/yarrow.o
TESTOBJECTS=demos/test.o
HASHOBJECTS=demos/hashsum.o
@ -129,43 +141,38 @@ SMALLOBJECTS=demos/small.o
PROFS=demos/x86_prof.o
TVS=demos/tv_gen.o
#Files left over from making the crypt.pdf.
LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
#Compressed filenames
COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip
#Header files used by libtomcrypt.
HEADERS=ltc_tommath.h mycrypt_cfg.h \
mycrypt_misc.h mycrypt_prng.h mycrypt_cipher.h mycrypt_hash.h \
mycrypt_macros.h mycrypt_pk.h mycrypt.h mycrypt_argchk.h \
mycrypt_custom.h mycrypt_pkcs.h tommath_class.h tommath_superclass.h
HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
src/headers/tomcrypt_misc.h src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h src/headers/tomcrypt_hash.h \
src/headers/tomcrypt_macros.h src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
#The default rule for make builds the libtomcrypt library.
default:library
#ciphers come in two flavours... enc+dec and enc
aes_enc.o: aes.c aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c aes.c -o aes_enc.o
src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
#These are the rules to make certain object files.
aes.o: aes.c aes_tab.c
twofish.o: twofish.c twofish_tab.c
whirl.o: whirl.c whirltab.c
ecc.o: ecc.c ecc_sys.c
dh.o: dh.c dh_sys.c
sha512.o: sha512.c sha384.c
sha256.o: sha256.c sha224.c
src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
#This rule makes the libtomcrypt library.
library: $(LIBNAME)
$(LIBNAME): $(OBJECTS)
libtool --mode=link gcc $(CFLAGS) *.lo -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION)
libtool --mode=link gcc $(CFLAGS) *.o -o libtomcrypt.a
libtool --mode=install install -c libtomcrypt.la $(LIBPATH)/libtomcrypt.la
install -d -g root -o root $(DESTDIR)$(INCPATH)
install -g root -o root $(HEADERS) $(DESTDIR)$(INCPATH)
libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | xargs` -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION)
libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]o" | xargs` -o libtomcrypt.a
ranlib libtomcrypt.a
libtool --silent --mode=install install -c libtomcrypt.la $(LIBPATH)/libtomcrypt.la
install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
#This rule makes the hash program included with libtomcrypt
hashsum: library

396
mycrypt_cipher.h
View File

@ -1,396 +0,0 @@
/* ---- SYMMETRIC KEY STUFF -----
*
* We put each of the ciphers scheduled keys in their own structs then we put all of
* the key formats in one union. This makes the function prototypes easier to use.
*/
#ifdef BLOWFISH
struct blowfish_key {
ulong32 S[4][256];
ulong32 K[18];
};
#endif
#ifdef RC5
struct rc5_key {
int rounds;
ulong32 K[50];
};
#endif
#ifdef RC6
struct rc6_key {
ulong32 K[44];
};
#endif
#ifdef SAFERP
struct saferp_key {
unsigned char K[33][16];
long rounds;
};
#endif
#ifdef RIJNDAEL
struct rijndael_key {
ulong32 eK[64], dK[64];
int Nr;
};
#endif
#ifdef XTEA
struct xtea_key {
unsigned long A[32], B[32];
};
#endif
#ifdef TWOFISH
#ifndef TWOFISH_SMALL
struct twofish_key {
ulong32 S[4][256], K[40];
};
#else
struct twofish_key {
ulong32 K[40];
unsigned char S[32], start;
};
#endif
#endif
#ifdef SAFER
#define SAFER_K64_DEFAULT_NOF_ROUNDS 6
#define SAFER_K128_DEFAULT_NOF_ROUNDS 10
#define SAFER_SK64_DEFAULT_NOF_ROUNDS 8
#define SAFER_SK128_DEFAULT_NOF_ROUNDS 10
#define SAFER_MAX_NOF_ROUNDS 13
#define SAFER_BLOCK_LEN 8
#define SAFER_KEY_LEN (1 + SAFER_BLOCK_LEN * (1 + 2 * SAFER_MAX_NOF_ROUNDS))
typedef unsigned char safer_block_t[SAFER_BLOCK_LEN];
typedef unsigned char safer_key_t[SAFER_KEY_LEN];
struct safer_key { safer_key_t key; };
#endif
#ifdef RC2
struct rc2_key { unsigned xkey[64]; };
#endif
#ifdef DES
struct des_key {
ulong32 ek[32], dk[32];
};
struct des3_key {
ulong32 ek[3][32], dk[3][32];
};
#endif
#ifdef CAST5
struct cast5_key {
ulong32 K[32], keylen;
};
#endif
#ifdef NOEKEON
struct noekeon_key {
ulong32 K[4], dK[4];
};
#endif
#ifdef SKIPJACK
struct skipjack_key {
unsigned char key[10];
};
#endif
typedef union Symmetric_key {
#ifdef DES
struct des_key des;
struct des3_key des3;
#endif
#ifdef RC2
struct rc2_key rc2;
#endif
#ifdef SAFER
struct safer_key safer;
#endif
#ifdef TWOFISH
struct twofish_key twofish;
#endif
#ifdef BLOWFISH
struct blowfish_key blowfish;
#endif
#ifdef RC5
struct rc5_key rc5;
#endif
#ifdef RC6
struct rc6_key rc6;
#endif
#ifdef SAFERP
struct saferp_key saferp;
#endif
#ifdef RIJNDAEL
struct rijndael_key rijndael;
#endif
#ifdef XTEA
struct xtea_key xtea;
#endif
#ifdef CAST5
struct cast5_key cast5;
#endif
#ifdef NOEKEON
struct noekeon_key noekeon;
#endif
#ifdef SKIPJACK
struct skipjack_key skipjack;
#endif
} symmetric_key;
/* A block cipher ECB structure */
typedef struct {
int cipher, blocklen;
symmetric_key key;
} symmetric_ECB;
/* A block cipher CFB structure */
typedef struct {
int cipher, blocklen, padlen;
unsigned char IV[MAXBLOCKSIZE], pad[MAXBLOCKSIZE];
symmetric_key key;
} symmetric_CFB;
/* A block cipher OFB structure */
typedef struct {
int cipher, blocklen, padlen;
unsigned char IV[MAXBLOCKSIZE];
symmetric_key key;
} symmetric_OFB;
/* A block cipher CBC structure */
typedef struct Symmetric_CBC {
int cipher, blocklen;
unsigned char IV[MAXBLOCKSIZE];
symmetric_key key;
} symmetric_CBC;
/* A block cipher CTR structure */
typedef struct Symmetric_CTR {
int cipher, blocklen, padlen, mode;
unsigned char ctr[MAXBLOCKSIZE], pad[MAXBLOCKSIZE];
symmetric_key key;
} symmetric_CTR;
/* cipher descriptor table, last entry has "name == NULL" to mark the end of table */
extern struct _cipher_descriptor {
char *name;
unsigned char ID;
int min_key_length, max_key_length, block_length, default_rounds;
int (*setup)(const unsigned char *key, int keylength, int num_rounds, symmetric_key *skey);
void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int (*test)(void);
int (*keysize)(int *desired_keysize);
} cipher_descriptor[];
#ifdef BLOWFISH
int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int blowfish_test(void);
int blowfish_keysize(int *desired_keysize);
extern const struct _cipher_descriptor blowfish_desc;
#endif
#ifdef RC5
int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int rc5_test(void);
int rc5_keysize(int *desired_keysize);
extern const struct _cipher_descriptor rc5_desc;
#endif
#ifdef RC6
int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int rc6_test(void);
int rc6_keysize(int *desired_keysize);
extern const struct _cipher_descriptor rc6_desc;
#endif
#ifdef RC2
int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int rc2_test(void);
int rc2_keysize(int *desired_keysize);
extern const struct _cipher_descriptor rc2_desc;
#endif
#ifdef SAFERP
int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int saferp_test(void);
int saferp_keysize(int *desired_keysize);
extern const struct _cipher_descriptor saferp_desc;
#endif
#ifdef SAFER
int safer_k64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
int safer_sk64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
int safer_k128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
int safer_sk128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void safer_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void safer_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int safer_k64_test(void);
int safer_sk64_test(void);
int safer_sk128_test(void);
int safer_64_keysize(int *desired_keysize);
int safer_128_keysize(int *desired_keysize);
extern const struct _cipher_descriptor safer_k64_desc, safer_k128_desc, safer_sk64_desc, safer_sk128_desc;
#endif
#ifdef RIJNDAEL
/* make aes an alias */
#define aes_setup rijndael_setup
#define aes_ecb_encrypt rijndael_ecb_encrypt
#define aes_ecb_decrypt rijndael_ecb_decrypt
#define aes_test rijndael_test
#define aes_keysize rijndael_keysize
#define aes_enc_setup rijndael_enc_setup
#define aes_enc_ecb_encrypt rijndael_enc_ecb_encrypt
#define aes_enc_keysize rijndael_enc_keysize
int rijndael_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int rijndael_test(void);
int rijndael_keysize(int *desired_keysize);
int rijndael_enc_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void rijndael_enc_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
int rijndael_enc_keysize(int *desired_keysize);
extern const struct _cipher_descriptor rijndael_desc, aes_desc;
extern const struct _cipher_descriptor rijndael_enc_desc, aes_enc_desc;
#endif
#ifdef XTEA
int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int xtea_test(void);
int xtea_keysize(int *desired_keysize);
extern const struct _cipher_descriptor xtea_desc;
#endif
#ifdef TWOFISH
int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int twofish_test(void);
int twofish_keysize(int *desired_keysize);
extern const struct _cipher_descriptor twofish_desc;
#endif
#ifdef DES
int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int des_test(void);
int des_keysize(int *desired_keysize);
int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int des3_test(void);
int des3_keysize(int *desired_keysize);
extern const struct _cipher_descriptor des_desc, des3_desc;
#endif
#ifdef CAST5
int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int cast5_test(void);
int cast5_keysize(int *desired_keysize);
extern const struct _cipher_descriptor cast5_desc;
#endif
#ifdef NOEKEON
int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int noekeon_test(void);
int noekeon_keysize(int *desired_keysize);
extern const struct _cipher_descriptor noekeon_desc;
#endif
#ifdef SKIPJACK
int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int skipjack_test(void);
int skipjack_keysize(int *desired_keysize);
extern const struct _cipher_descriptor skipjack_desc;
#endif
#ifdef ECB
int ecb_start(int cipher, const unsigned char *key,
int keylen, int num_rounds, symmetric_ECB *ecb);
int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb);
int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb);
#endif
#ifdef CFB
int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CFB *cfb);
int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb);
int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb);
int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb);
int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb);
#endif
#ifdef OFB
int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_OFB *ofb);
int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb);
int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb);
int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb);
int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb);
#endif
#ifdef CBC
int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CBC *cbc);
int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc);
int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc);
int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc);
int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc);
#endif
#ifdef CTR
int ctr_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CTR *ctr);
int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr);
int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr);
int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr);
int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr);
#endif
int find_cipher(const char *name);
int find_cipher_any(const char *name, int blocklen, int keylen);
int find_cipher_id(unsigned char ID);
int register_cipher(const struct _cipher_descriptor *cipher);
int unregister_cipher(const struct _cipher_descriptor *cipher);
int cipher_is_valid(int idx);

472
mycrypt_hash.h
View File

@ -1,472 +0,0 @@
/* ---- HASH FUNCTIONS ---- */
#ifdef SHA512
struct sha512_state {
ulong64 length, state[8];
unsigned long curlen;
unsigned char buf[128];
};
#endif
#ifdef SHA256
struct sha256_state {
ulong64 length;
ulong32 state[8], curlen;
unsigned char buf[64];
};
#endif
#ifdef SHA1
struct sha1_state {
ulong64 length;
ulong32 state[5], curlen;
unsigned char buf[64];
};
#endif
#ifdef MD5
struct md5_state {
ulong64 length;
ulong32 state[4], curlen;
unsigned char buf[64];
};
#endif
#ifdef MD4
struct md4_state {
ulong64 length;
ulong32 state[4], curlen;
unsigned char buf[64];
};
#endif
#ifdef TIGER
struct tiger_state {
ulong64 state[3], length;
unsigned long curlen;
unsigned char buf[64];
};
#endif
#ifdef MD2
struct md2_state {
unsigned char chksum[16], X[48], buf[16];
unsigned long curlen;
};
#endif
#ifdef RIPEMD128
struct rmd128_state {
ulong64 length;
unsigned char buf[64];
ulong32 curlen, state[4];
};
#endif
#ifdef RIPEMD160
struct rmd160_state {
ulong64 length;
unsigned char buf[64];
ulong32 curlen, state[5];
};
#endif
#ifdef WHIRLPOOL
struct whirlpool_state {
ulong64 length, state[8];
unsigned char buf[64];
ulong32 curlen;
};
#endif
#ifdef CHC_HASH
struct chc_state {
ulong64 length;
unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE];
ulong32 curlen;
};
#endif
typedef union Hash_state {
#ifdef CHC_HASH
struct chc_state chc;
#endif
#ifdef WHIRLPOOL
struct whirlpool_state whirlpool;
#endif
#ifdef SHA512
struct sha512_state sha512;
#endif
#ifdef SHA256
struct sha256_state sha256;
#endif
#ifdef SHA1
struct sha1_state sha1;
#endif
#ifdef MD5
struct md5_state md5;
#endif
#ifdef MD4
struct md4_state md4;
#endif
#ifdef MD2
struct md2_state md2;
#endif
#ifdef TIGER
struct tiger_state tiger;
#endif
#ifdef RIPEMD128
struct rmd128_state rmd128;
#endif
#ifdef RIPEMD160
struct rmd160_state rmd160;
#endif
} hash_state;
extern struct _hash_descriptor {
char *name;
unsigned char ID;
unsigned long hashsize; /* digest output size in bytes */
unsigned long blocksize; /* the block size the hash uses */
unsigned char DER[64]; /* DER encoded identifier */
unsigned long DERlen; /* length of DER encoding */
int (*init)(hash_state *);
int (*process)(hash_state *, const unsigned char *, unsigned long);
int (*done)(hash_state *, unsigned char *);
int (*test)(void);
} hash_descriptor[];
#ifdef CHC_HASH
int chc_register(int cipher);
int chc_init(hash_state * md);
int chc_process(hash_state * md, const unsigned char *buf, unsigned long len);
int chc_done(hash_state * md, unsigned char *hash);
int chc_test(void);
extern const struct _hash_descriptor chc_desc;
#endif
#ifdef WHIRLPOOL
int whirlpool_init(hash_state * md);
int whirlpool_process(hash_state * md, const unsigned char *buf, unsigned long len);
int whirlpool_done(hash_state * md, unsigned char *hash);
int whirlpool_test(void);
extern const struct _hash_descriptor whirlpool_desc;
#endif
#ifdef SHA512
int sha512_init(hash_state * md);
int sha512_process(hash_state * md, const unsigned char *buf, unsigned long len);
int sha512_done(hash_state * md, unsigned char *hash);
int sha512_test(void);
extern const struct _hash_descriptor sha512_desc;
#endif
#ifdef SHA384
#ifndef SHA512
#error SHA512 is required for SHA384
#endif
int sha384_init(hash_state * md);
#define sha384_process sha512_process
int sha384_done(hash_state * md, unsigned char *hash);
int sha384_test(void);
extern const struct _hash_descriptor sha384_desc;
#endif
#ifdef SHA256
int sha256_init(hash_state * md);
int sha256_process(hash_state * md, const unsigned char *buf, unsigned long len);
int sha256_done(hash_state * md, unsigned char *hash);
int sha256_test(void);
extern const struct _hash_descriptor sha256_desc;
#ifdef SHA224
#ifndef SHA256
#error SHA256 is required for SHA224
#endif
int sha224_init(hash_state * md);
#define sha224_process sha256_process
int sha224_done(hash_state * md, unsigned char *hash);
int sha224_test(void);
extern const struct _hash_descriptor sha224_desc;
#endif
#endif
#ifdef SHA1
int sha1_init(hash_state * md);
int sha1_process(hash_state * md, const unsigned char *buf, unsigned long len);
int sha1_done(hash_state * md, unsigned char *hash);
int sha1_test(void);
extern const struct _hash_descriptor sha1_desc;
#endif
#ifdef MD5
int md5_init(hash_state * md);
int md5_process(hash_state * md, const unsigned char *buf, unsigned long len);
int md5_done(hash_state * md, unsigned char *hash);
int md5_test(void);
extern const struct _hash_descriptor md5_desc;
#endif
#ifdef MD4
int md4_init(hash_state * md);
int md4_process(hash_state * md, const unsigned char *buf, unsigned long len);
int md4_done(hash_state * md, unsigned char *hash);
int md4_test(void);
extern const struct _hash_descriptor md4_desc;
#endif
#ifdef MD2
int md2_init(hash_state * md);
int md2_process(hash_state * md, const unsigned char *buf, unsigned long len);
int md2_done(hash_state * md, unsigned char *hash);
int md2_test(void);
extern const struct _hash_descriptor md2_desc;
#endif
#ifdef TIGER
int tiger_init(hash_state * md);
int tiger_process(hash_state * md, const unsigned char *buf, unsigned long len);
int tiger_done(hash_state * md, unsigned char *hash);
int tiger_test(void);
extern const struct _hash_descriptor tiger_desc;
#endif
#ifdef RIPEMD128
int rmd128_init(hash_state * md);
int rmd128_process(hash_state * md, const unsigned char *buf, unsigned long len);
int rmd128_done(hash_state * md, unsigned char *hash);
int rmd128_test(void);
extern const struct _hash_descriptor rmd128_desc;
#endif
#ifdef RIPEMD160
int rmd160_init(hash_state * md);
int rmd160_process(hash_state * md, const unsigned char *buf, unsigned long len);
int rmd160_done(hash_state * md, unsigned char *hash);
int rmd160_test(void);
extern const struct _hash_descriptor rmd160_desc;
#endif
int find_hash(const char *name);
int find_hash_id(unsigned char ID);
int find_hash_any(const char *name, int digestlen);
int register_hash(const struct _hash_descriptor *hash);
int unregister_hash(const struct _hash_descriptor *hash);
int hash_is_valid(int idx);
int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned char *dst, unsigned long *outlen);
int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outlen);
int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *outlen);
/* a simple macro for making hash "process" functions */
#define HASH_PROCESS(func_name, compress_name, state_var, block_size) \
int func_name (hash_state * md, const unsigned char *buf, unsigned long len) \
{ \
unsigned long n; \
int err; \
_ARGCHK(md != NULL); \
_ARGCHK(buf != NULL); \
if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \
return CRYPT_INVALID_ARG; \
} \
while (len > 0) { \
if (md-> state_var .curlen == 0 && len >= block_size) { \
if ((err = compress_name (md, (unsigned char *)buf)) != CRYPT_OK) { \
return err; \
} \
md-> state_var .length += block_size * 8; \
buf += block_size; \
len -= block_size; \
} else { \
n = MIN(len, (block_size - md-> state_var .curlen)); \
memcpy(md-> state_var .buf + md-> state_var.curlen, buf, (size_t)n); \
md-> state_var .curlen += n; \
buf += n; \
len -= n; \
if (md-> state_var .curlen == block_size) { \
if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) {\
return err; \
} \
md-> state_var .length += 8*block_size; \
md-> state_var .curlen = 0; \
} \
} \
} \
return CRYPT_OK; \
}
#ifdef HMAC
typedef struct Hmac_state {
hash_state md;
int hash;
hash_state hashstate;
unsigned char *key;
} hmac_state;
int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen);
int hmac_process(hmac_state *hmac, const unsigned char *buf, unsigned long len);
int hmac_done(hmac_state *hmac, unsigned char *hashOut, unsigned long *outlen);
int hmac_test(void);
int hmac_memory(int hash, const unsigned char *key, unsigned long keylen,
const unsigned char *data, unsigned long len,
unsigned char *dst, unsigned long *dstlen);
int hmac_file(int hash, const char *fname, const unsigned char *key,
unsigned long keylen,
unsigned char *dst, unsigned long *dstlen);
#endif
#ifdef OMAC
typedef struct {
int cipher_idx,
buflen,
blklen;
unsigned char block[MAXBLOCKSIZE],
prev[MAXBLOCKSIZE],
Lu[2][MAXBLOCKSIZE];
symmetric_key key;
} omac_state;
int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen);
int omac_process(omac_state *state, const unsigned char *buf, unsigned long len);
int omac_done(omac_state *state, unsigned char *out, unsigned long *outlen);
int omac_memory(int cipher, const unsigned char *key, unsigned long keylen,
const unsigned char *msg, unsigned long msglen,
unsigned char *out, unsigned long *outlen);
int omac_file(int cipher, const unsigned char *key, unsigned long keylen,
const char *filename, unsigned char *out, unsigned long *outlen);
int omac_test(void);
#endif /* OMAC */
#ifdef PMAC
typedef struct {
unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
Lr[MAXBLOCKSIZE], /* L * x^-1 */
block[MAXBLOCKSIZE], /* currently accumulated block */
checksum[MAXBLOCKSIZE]; /* current checksum */
symmetric_key key; /* scheduled key for cipher */
unsigned long block_index; /* index # for current block */
int cipher_idx, /* cipher idx */
block_len, /* length of block */
buflen; /* number of bytes in the buffer */
} pmac_state;
int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen);
int pmac_process(pmac_state *state, const unsigned char *buf, unsigned long len);
int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen);
int pmac_memory(int cipher, const unsigned char *key, unsigned long keylen,
const unsigned char *msg, unsigned long msglen,
unsigned char *out, unsigned long *outlen);
int pmac_file(int cipher, const unsigned char *key, unsigned long keylen,
const char *filename, unsigned char *out, unsigned long *outlen);
int pmac_test(void);
/* internal functions */
int pmac_ntz(unsigned long x);
void pmac_shift_xor(pmac_state *pmac);
#endif /* PMAC */
#ifdef EAX_MODE
#if !(defined(OMAC) && defined(CTR))
#error EAX_MODE requires OMAC and CTR
#endif
typedef struct {
unsigned char N[MAXBLOCKSIZE];
symmetric_CTR ctr;
omac_state headeromac, ctomac;
} eax_state;
int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen);
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length);
int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length);
int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length);
int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen);
int eax_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen);
int eax_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
unsigned char *tag, unsigned long taglen,
int *res);
int eax_test(void);
#endif /* EAX MODE */
#ifdef OCB_MODE
typedef struct {
unsigned char L[MAXBLOCKSIZE], /* L value */
Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
Lr[MAXBLOCKSIZE], /* L * x^-1 */
R[MAXBLOCKSIZE], /* R value */
checksum[MAXBLOCKSIZE]; /* current checksum */
symmetric_key key; /* scheduled key for cipher */
unsigned long block_index; /* index # for current block */
int cipher, /* cipher idx */
block_len; /* length of block */
} ocb_state;
int ocb_init(ocb_state *ocb, int cipher,
const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
int ocb_done_encrypt(ocb_state *ocb,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen);
int ocb_done_decrypt(ocb_state *ocb,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
const unsigned char *tag, unsigned long taglen, int *res);
int ocb_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen);
int ocb_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
const unsigned char *tag, unsigned long taglen,
int *res);
int ocb_test(void);
/* internal functions */
void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
int ocb_ntz(unsigned long x);
int __ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
#endif /* OCB_MODE */

17
mycrypt_misc.h
View File

@ -1,17 +0,0 @@
/* ---- BASE64 Routines ---- */
#ifdef BASE64
int base64_encode(const unsigned char *in, unsigned long len,
unsigned char *out, unsigned long *outlen);
int base64_decode(const unsigned char *in, unsigned long len,
unsigned char *out, unsigned long *outlen);
#endif
/* ---- MEM routines ---- */
void zeromem(void *dst, size_t len);
void burn_stack(unsigned long len);
const char *error_to_string(int err);
int mpi_to_ltc_error(int err);
extern const char *crypt_build_settings;

141
mycrypt_prng.h
View File

@ -1,141 +0,0 @@
/* ---- PRNG Stuff ---- */
struct yarrow_prng {
int cipher, hash;
unsigned char pool[MAXBLOCKSIZE];
symmetric_CTR ctr;
};
struct rc4_prng {
int x, y;
unsigned char buf[256];
};
struct fortuna_prng {
hash_state pool[FORTUNA_POOLS]; /* the pools */
symmetric_key skey;
unsigned char K[32], /* the current key */
IV[16]; /* IV for CTR mode */
unsigned long pool_idx, /* current pool we will add to */
pool0_len, /* length of 0'th pool */
wd;
ulong64 reset_cnt; /* number of times we have reset */
};
struct sober128_prng {
ulong32 R[17], /* Working storage for the shift register */
initR[17], /* saved register contents */
konst, /* key dependent constant */
sbuf; /* partial word encryption buffer */
int nbuf, /* number of part-word stream bits buffered */
flag, /* first add_entropy call or not? */
set; /* did we call add_entropy to set key? */
};
typedef union Prng_state {
#ifdef YARROW
struct yarrow_prng yarrow;
#endif
#ifdef RC4
struct rc4_prng rc4;
#endif
#ifdef FORTUNA
struct fortuna_prng fortuna;
#endif
#ifdef SOBER128
struct sober128_prng sober128;
#endif
} prng_state;
extern struct _prng_descriptor {
char *name;
int export_size; /* size in bytes of exported state */
int (*start)(prng_state *);
int (*add_entropy)(const unsigned char *, unsigned long, prng_state *);
int (*ready)(prng_state *);
unsigned long (*read)(unsigned char *, unsigned long, prng_state *);
int (*done)(prng_state *);
int (*pexport)(unsigned char *, unsigned long *, prng_state *);
int (*pimport)(const unsigned char *, unsigned long, prng_state *);
int (*test)(void);
} prng_descriptor[];
#ifdef YARROW
int yarrow_start(prng_state *prng);
int yarrow_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int yarrow_ready(prng_state *prng);
unsigned long yarrow_read(unsigned char *buf, unsigned long len, prng_state *prng);
int yarrow_done(prng_state *prng);
int yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int yarrow_test(void);
extern const struct _prng_descriptor yarrow_desc;
#endif
#ifdef FORTUNA
int fortuna_start(prng_state *prng);
int fortuna_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int fortuna_ready(prng_state *prng);
unsigned long fortuna_read(unsigned char *buf, unsigned long len, prng_state *prng);
int fortuna_done(prng_state *prng);
int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int fortuna_test(void);
extern const struct _prng_descriptor fortuna_desc;
#endif
#ifdef RC4
int rc4_start(prng_state *prng);
int rc4_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int rc4_ready(prng_state *prng);
unsigned long rc4_read(unsigned char *buf, unsigned long len, prng_state *prng);
int rc4_done(prng_state *prng);
int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int rc4_test(void);
extern const struct _prng_descriptor rc4_desc;
#endif
#ifdef SPRNG
int sprng_start(prng_state *prng);
int sprng_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int sprng_ready(prng_state *prng);
unsigned long sprng_read(unsigned char *buf, unsigned long len, prng_state *prng);
int sprng_done(prng_state *prng);
int sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int sprng_test(void);
extern const struct _prng_descriptor sprng_desc;
#endif
#ifdef SOBER128
int sober128_start(prng_state *prng);
int sober128_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng);
int sober128_ready(prng_state *prng);
unsigned long sober128_read(unsigned char *buf, unsigned long len, prng_state *prng);
int sober128_done(prng_state *prng);
int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
int sober128_test(void);
extern const struct _prng_descriptor sober128_desc;
#endif
int find_prng(const char *name);
int register_prng(const struct _prng_descriptor *prng);
int unregister_prng(const struct _prng_descriptor *prng);
int prng_is_valid(int idx);
/* Slow RNG you **might** be able to use to seed a PRNG with. Be careful as this
* might not work on all platforms as planned
*/
unsigned long rng_get_bytes(unsigned char *buf,
unsigned long len,
void (*callback)(void));
int rng_make_prng(int bits, int wprng, prng_state *prng, void (*callback)(void));

212
notes/cipher_tv.txt
View File

@ -1537,3 +1537,215 @@ Key Size: 10 bytes
49: 0AAB29DF65861F4C
Cipher: anubis
Key Size: 16 bytes
0: 30FF064629BF7EF5B010830BF3D4E1E9
1: DD7A8E87CFD352AF9F63EA24ADA7E353
2: 0D0BE8F05510EBD6A3EC842E5BD9FC2A
3: 330F09581FDC897B3FE6EC1A5056A410
4: 30349D965F43C295B9484C389C4D942C
5: 9225343F0056BC355060C0282C638D02
6: E3A85D41B5337533C4D87730948A9D4E
7: 09DA0DDB65FF431081CAB08A28010B76
8: 6C0D0BD6CEAFB9783B31023FD455DAC6
9: FBE6F26B7CA322A45312856D586DE2EE
10: 1F269EC072D0FBA72E87CA77F8B983FB
11: CFFAE9ADE3006BD511ED172D42F16D05
12: 73F0E9DE89F4C7541506F052D181BAC2
13: FCFA3E2E89FF769834295C77431EF7CE
14: 0452360383D56F827C81263F6B0855BC
15: 40744E07299D6A2A210BE5598835221B
16: 2F0FC61148C36F4C7B42DF274AD0DDE0
17: 2EA0E9BE9E4E4DF85488FE6E7CFCD6E3
18: 0AD1254FA64C3996BBD485D41A3687A0
19: 5B55988652DF200348A114F802FD3C03
20: C32906AF76934C1436CA60BAD58A0C66
21: 59D87987DE9DD485C4537F3A95A164A0
22: 0A706ADF488D84632C96F4BEC43D9FA8
23: 0B74E0CDD14D984B37491E2D9FA63CAE
24: 47CB1827D151A60473E67BD5D233102F
25: F455B4B665D3D0AFB25FDE4A3312AFF6
26: F9A0649421D45DF604206854F681DBDB
27: 21477F5546339E4B6D8215368EE9F884
28: 577640F23CA73345701B0906DFABA4B7
29: 89F8D08A6E173759020DD7301E0FE361
30: 44EF7AF7043FD4B8112345CEE42BC969
31: D7CF0CE04A57253F4C63CABC4A5CB034
32: AF73D3F4CED32593B315E27079131D22
33: F6E603E3455359FE43A3B83AAF3AF0C5
34: DCC3FB557F2C301B631DEF499097E4FD
35: 8285A25CF6F7E701644708E12081C62C
36: EC702DD0293F4C646B1C9C2606762816
37: 289491E5A65DCA605B78E88DA8A9F8AB
38: D82FBC14452BE34C5840DAD81FC2A65E
39: B88A340EB1BF8D5ADE6A4E6C16104FC8
40: C9FC3D70D2BA26C4059BD3D34134264C
41: 18CE3D2920E3BDEFA91C369E9DE57BF4
42: 50917AE58278E15A18A47B284D8027A3
43: BDA6F9DE33704302CE056412143B4F82
44: C287898C1451774675EB7A964C004E0D
45: 3BDE73E0D357319AB06D3675F1D3E28D
46: 30FF4326C89C0FFE4D31D2E92CC0BF9B
47: F69816F304ED892232F220F290320A8D
48: 1368153F1A54EFF8D61F93A2D6AF21E3
49: 06DD274894B6EDF3159A1403F47F09C7
Key Size: 28 bytes
0: 7828B1997D3D050201DC6EE45C8521B5
1: 0D77F896F9CEF16DAAFCF962C2257AAE
2: 89C27B0623F5EECCA38BAE1AD86AE156
3: 44EC09834052009CC3CD66E1BA11AF01
4: F922BFDB03FB186A069C1E7B48222E3D
5: 277F7971955D8984AAECF287C32B8211
6: E77ED0144A3ED827B71453B91562FE25
7: 1760EFD04477AE527BC37F72C8BBBCAE
8: 26259425ACD58207AE328B3F1A217AC1
9: 0876C4DC51D22657C4121E9067C2C3BA
10: 0214981592C9CEDD4D654F84AF1793A5
11: 3E11FA027BC4F15048D27B187062259A
12: 24E7D61BB21EA90B5282B43AAFB0DBDC
13: 688F56ECB45B7C242000653460F04A23
14: DFA587501A875ACDE8687A04AE404861
15: 4C21CC3FBB768CC9AF2242FA206FE406
16: 5CA0B03FA7751DEBBE70CB21AA61765A
17: 4879B3AC26270C422645B9CA29CAD8BB
18: 24F941E1B9AF84C18D03885EAACE16E3
19: 05E163A0150123C2664131A81B20AFC1
20: D606CAA85362E23598E5B8BD60C60506
21: 33BD0AE751019BB751C151AE47BD5811
22: 75DA523F5F793F90034144A3599DC5E6
23: CD4709B56521EA306F5AD95CCA878183
24: 6A4EC2EDDEBBBFEB62C1F13F7A59BF20
25: 2A36272DC4EFDFC03F4DCF049ED2ADFF
26: FD4F3904E8E37E7C31508E5829482965
27: BA64BAE1C2ABB8599A31B245DBAD1153
28: 757E0151783A50FC92AE55861DCD797D
29: 5E63BDA3217ECB544972CA14A9074DA5
30: E52F1195921767FA2410BA095EA5C328
31: 6D7E42D67E329D669299B5A590017E8D
32: 0516F6F7D99ADE5DC42E635BB5832E80
33: 57FB4E6B82ED2A3091248DCEF9C27F14
34: 25231D0E9B96534977D2F2AF93DD10AB
35: 847C4C524A586568D19EFA3ECA343F1C
36: 52448814064E0F33A4EA89368C2E1ACC
37: 461275466FAA7BC16ABAD9EC459BD67A
38: 16C8324A383A00DA06DBEC419B69C551
39: 5F26F7CF715FF2649DCC3C71EB6B92DF
40: 575363411FB07C067CD4357A1CD1D695
41: AB70F08BAB51C5F57139A107EE858A12
42: 887F62AE3D700EC5323EDA231C6B4C48
43: 7B9851B01DC9083293F3B226690A54F4
44: 36E03DF51C574E35EF2077DB7A49548E
45: E238A564246B163F97EDD733A235EDEB
46: 30679CE080915DC3BFA91D0DAFF5E82E
47: 7C2E8145D803D4FE18EE32995AAC16B0
48: 24D6F61ECC87206804885D33BFA7B2CA
49: 1F4F81751CB3FAFDC9F9C27E639F370B
Key Size: 40 bytes
0: 31C3221C218E4CA1762B0DE77B964528
1: 0B6E4BD937773597647FFE0A3859BB12
2: 67A116E5F762619DE72F99AD1562A943
3: B6A841663FB466ACAF89C8DA5BA080F0
4: 0442708BF804642B9B1C69F5D905817E
5: BC77391EAB530B96CA35319E510DB306
6: AED37991A50AECB70C1B99137D5B38F2
7: 8735F7AF0BF6C5C7E3C98021E83A31EE
8: A614243B1B871D80BDCE4A23AD00F9FA
9: 16AC67B139A92AD777871C990D3DA571
10: B1774A2A12A8CAB25D28A575B67CEF5D
11: 4C9B1A120BC6A33C62AF903FEEC3AF5F
12: 7B128F00480E497C5754EE333457EE5E
13: AB56D578229492B95ED309C0EC566658
14: 42FAF577855FEDB3446D40B4B6677445
15: 84E0C19B4A4512001F663E22D3184F0A
16: 8B01680D049F5A9421BA9BED100CC272
17: 2B1D70B92A5DF12CE0FA6A7AA43E4CEE
18: C7F61340D1B2321A1884E54D74576657
19: 153C07C56B32530866722C4DEAC86A50
20: 2EACBEFC4A29D1250EEAFD12A1D4AE77
21: FCCB40B0997E47512295066F1A0344DD
22: C149A543345E2A1B8249F71CB9F903A4
23: 3FD0688A8D0BE5F06F157C234C29BF9A
24: 6A3F813F396D77C7F4641ECC3E0BF3AA
25: E2888B9D2A6D819367F61C5792866A8F
26: 1A8A000F91AF4E600DDD88E098BD938B
27: 2283E758C04548EF8C37FA9F5700A7AD
28: 4FD6D8E1678D2B85520B96C038C582BF
29: D13C0B228F792EF88F09ED192C571029
30: 1A2A06B1987BE0DADA4B558AE5E6A128
31: 097B0460C47F1801986F5706A69EB01C
32: DD17BAC0737515C6386ECA6A6D6C02B6
33: 5989BD1D46FD6EC14D4C55D5D6D17F99
34: 431002E0224BD34B0B93988356C19E7C
35: 37DB7570296DCCE45ABDDE36EBE4731D
36: 4731DE78EEBAA1D02568EEEA2E04A2F5
37: 1F879753A7964AF44C84FD5765D8E080
38: 54F120726F68EA4B0501365CD2A84759
39: 366E43BB744C615999E896D01A0D1D0E
40: 18747BD79F1D0529D09CAC70F4D08948
41: 4F9854BAE0834A0C5FD12381225958F2
42: 7C14ADF94A0B61828996D902E4CCFF3E
43: 242F0E9CE96E4E208A9E0C5D76F8E698
44: 27EE179E2A9301B521B2C94ED3D36A77
45: 892C84A5E77E88A67F5F00F3597F4C04
46: FC7880D7860E90DE17E935700FC8C030
47: BC49373F775BF9CD6BDC22C87F71E192
48: 365646D0DE092AF42EC8F12A19840342
49: 62D0E9C210A20ECD2FF191AD3495DE6F
Cipher: khazad
Key Size: 16 bytes
0: 9C4C292A989175FC
1: F49E366AF89BD6B7
2: 9E859C8F323666F9
3: 349EC57A02451059
4: 59E34CF03134A662
5: 436C16BAB80E3E2D
6: 81C35012B08A194C
7: 056CCC9991C1F087
8: 0A59F24C4715B303
9: 3C2CFF98AE8500FD
10: 9136C3FCC332D974
11: FA3FA726E6BEBA65
12: DD84E4F9F39FB7EE
13: A3F397CC9FB771F5
14: E2D6ECC1F40A51C7
15: 6704A1A705163A02
16: BD820F5AF7DEEB04
17: E21E37CC122027FF
18: E319085D8E2C1F4F
19: 0DDFE55B199A49A9
20: B70F39CCCB2BA9A6
21: 3F2F25723AED2E29
22: 751FACD5F517AB2F
23: D32CE55FBF217CE9
24: 91393018EA847012
25: D50F1C54BABE7081
26: C73350FBC5B3A82B
27: E9A054F709FD5C57
28: 94BD5121B25746D4
29: EE19F88B28BEB4B7
30: CE6845FD13A3B78A
31: 566729D0183496BC
32: DC0E1D38CB5E03A8
33: 251AD2B2842C75E3
34: D344AC41190F3594
35: 579B956A36ADA3A8
36: 5F83D3AFEE9A6F25
37: 2D3FF8708A03C600
38: 32A732C7BEEBB693
39: F437276FAA05BB39
40: 58DDD4CD0281C5FD
41: ECC2C84BD8C0A4DC
42: BAB24C2CEFE23531
43: 5244BFA3E2821E7D
44: A4B273E960946B2C
45: 039376D02A8D6788
46: D3EB7074E3B05206
47: 89C18FFA26ED0836
48: 1F05A2D2D78927D9
49: 0133E1745856C44C

54
notes/eax_tv.txt
View File

@ -329,3 +329,57 @@ EAX-skipjack (10 byte key)
15: 07AF486D1C458AAB2DBF13C3243FAD, 87288E41A9E64089
16: 84059283DF9A2A8563E7AF69235F26DF, 351652A0DBCE9D6E
EAX-anubis (16 byte key)
0: , 8E20F19D9BA22ABA09FB86FDE6B9EF38
1: 3B, F4201E546A9160F989191942EC8FD1D3
2: 9F38, 4E3CEAE3E1CB954E021A10E814B71732
3: 4F4769, 3E8F35A6A5B11200E9F1AA38590066CD
4: AB41F5FC, EC4C97A8892AAF5433106D4AC8A49843
5: 414F95D61B, BF831E34D1E3FECB973A8C730ECA2E6D
6: 4798322F06D1, 005BBC30BFEDBE6463536C4F80D1A071
7: F256B6CD1BF4F5, 468A28F0661884B846B191B530C8D064
8: 90906F27A633ADDE, 6D9200A37A7F6A456CB103673184C2E5
9: 16CD3C17C9B4EAB135, 6D716E23D7B35109F55B036EDFA7742E
10: 7AD1C22F1F06298DFB25, B076990F8193543C8F3185D3792BCE56
11: 0476F2ABCD057FE6FEE39D, BB2876DB18C00038FADBBD9B264ACC3C
12: B69EDE336407DBC2EE735857, AB63E5906116A8BE22C52B5DA31B1839
13: C3864C1354065A56470669E602, C72BFD3A0BC73BFF051C9AB2F0DFED93
14: 296D8F183A59020D33890420DD7B, C9D90B9EB42C32EDCF6223587D1598A6
15: 256ED8E9D982616680559979BDF2E9, 179FE4E7BA7E966050D35900317E9916
16: D4ED8F30FF9C0470D75B3B16750A3AE4, 5D50F05BB270A292DFF9F67A3BA84675
17: 40CDEB6388274143CA3C4F6020BD9A4875, B27C7DFB1BFBB3FCCEE0171852C7924E
18: 54EF262EC1801D505C7629D038654EBA0594, 9D2060FCD0A2C577511C7752ADE60BBE
19: F39EE54A37F16DD38B624D7AB8F0D9CBD4B981, BC056C7D2C09D813703CDD63C1C69F44
20: F4E7AD474FCA153ABD670E43081ED09EB2C4CC1A, F244BD4D630272F0D98FCA04226C04F1
21: 039ECC36A0A16273E7246CA1FF19D213AC87B53F29, 3056DB6916C925DF220B6C9980EE141A
22: 7DE1DCDEF01447CA2FE83375A48DD84E4A7CB7C01992, 79AFEA4816EAF8DAC8A5E93960F1594F
23: A886C4B914BF0983003272F226F9B2197EF2DC05ACDDE0, B59D85A0FDA5FA4422F7203C055B97A9
24: 00B3E1E91448E250AAFB695C0643A6577AB453EFECFABF53, 4A7EFF1CBC1AB535122A017203616D85
25: 85E972E774D66D0531E40B8FE9E264A77B50FA883AB0943080, B18E164BF89B7E7AB0DC256DFEC7C72F
26: 004849E39334969B392CB0CF3FDEFB3D792DCBBC15F8328C7EDC, 3C51295711F5F878DE8F0B2B5A26A227
27: A0BAD6C2264AB1578993BA49E59D4598822FFED20A57D88F756FF1, 2EB9D525697A419A10DB2A84AEEA5FBC
28: C34DD806EAB5AD823D78BCA78A7709A705FC94ECC521A367D76C9588, 3C57580C7903039D645C06DBAF07B477
29: C447EC77512938CF7862388C32AF22ACE6B5E4CBAA998BE4F5CBC4D215, 43425D09B7ACFD90371C08953946A955
30: 2C16993AAE624CBA4CDAF34FE3D368559E6BE548292B281439866375013B, 3B7360C3FA8FB1C15D19F567153CB46C
31: 538E5DFAF14854A786851E4165F2E01CDDA963E318FCE4FB58E31A6B5CFC33, 2F8EA13B7A6873FE556CA535ABA0968B
32: 5E29CDB7D9695A110043E9C260104BDF020A3A2A139D4112E918AB584BDD7EDA, 9133213AA7BCF062D2BD37F866683D3F
EAX-khazad (16 byte key)
0: , 75968E54452F6781
1: 95, ADAF5949F09B5A22
2: 6B8F, A06B201947424A11
3: 5BE668, 3251416625DF347A
4: 5A92E82B, 33E25772427D9786
5: 62F9F2ABCC, DE714F5F5D17D6D0
6: 0E3CD825BD8D, A7991C8CB8975ED9
7: 4AD0D999503AAD, 53A827D7886F7227
8: BB08E6FAED1DAEE8, 91A118749B7AB9F3
9: 16E30CB12E20D18495, F8F8B8C1280158F9
10: 616DBCC6346959D89E4A, 506BF35A70297D53
11: F86B022D4B28FDB1F0B7D3, EA42220C805FD759
12: 9B8A3D9CDBADD9BBCCCD2B28, BB478D3CE9A229C9
13: CDC4AB4EF2D5B46E87827241F0, 658EDB9497A91823
14: 1A113D96B21B4AEBDB13E34C381A, 63AD0C4084AC84B0
15: 14DA751E5AF7E01F35B3CE74EE1ACF, 3C76AB64E1724DCE
16: A13BBC7E408D2C550634CBC64690B8FE, 3D4BBC0C76536730

173
notes/etc/saferp_optimizer.c Normal file
View File

@ -0,0 +1,173 @@
/* emits an optimized version of SAFER+ ... only does encrypt so far... */
#include <stdio.h>
#include <string.h>
/* This is the "Armenian" Shuffle. It takes the input from b and stores it in b2 */
#define SHUF\
b2[0] = b[8]; b2[1] = b[11]; b2[2] = b[12]; b2[3] = b[15]; \
b2[4] = b[2]; b2[5] = b[1]; b2[6] = b[6]; b2[7] = b[5]; \
b2[8] = b[10]; b2[9] = b[9]; b2[10] = b[14]; b2[11] = b[13]; \
b2[12] = b[0]; b2[13] = b[7]; b2[14] = b[4]; b2[15] = b[3]; memcpy(b, b2, sizeof(b));
/* This is the inverse shuffle. It takes from b and gives to b2 */
#define iSHUF(b, b2) \
b2[0] = b[12]; b2[1] = b[5]; b2[2] = b[4]; b2[3] = b[15]; \
b2[4] = b[14]; b2[5] = b[7]; b2[6] = b[6]; b2[7] = b[13]; \
b2[8] = b[0]; b2[9] = b[9]; b2[10] = b[8]; b2[11] = b[1]; \
b2[12] = b[2]; b2[13] = b[11]; b2[14] = b[10]; b2[15] = b[3]; memcpy(b, b2, sizeof(b));
#define ROUND(b, i) \
b[0] = (safer_ebox[(b[0] ^ skey->saferp.K[i][0]) & 255] + skey->saferp.K[i+1][0]) & 255; \
b[1] = safer_lbox[(b[1] + skey->saferp.K[i][1]) & 255] ^ skey->saferp.K[i+1][1]; \
b[2] = safer_lbox[(b[2] + skey->saferp.K[i][2]) & 255] ^ skey->saferp.K[i+1][2]; \
b[3] = (safer_ebox[(b[3] ^ skey->saferp.K[i][3]) & 255] + skey->saferp.K[i+1][3]) & 255; \
b[4] = (safer_ebox[(b[4] ^ skey->saferp.K[i][4]) & 255] + skey->saferp.K[i+1][4]) & 255; \
b[5] = safer_lbox[(b[5] + skey->saferp.K[i][5]) & 255] ^ skey->saferp.K[i+1][5]; \
b[6] = safer_lbox[(b[6] + skey->saferp.K[i][6]) & 255] ^ skey->saferp.K[i+1][6]; \
b[7] = (safer_ebox[(b[7] ^ skey->saferp.K[i][7]) & 255] + skey->saferp.K[i+1][7]) & 255; \
b[8] = (safer_ebox[(b[8] ^ skey->saferp.K[i][8]) & 255] + skey->saferp.K[i+1][8]) & 255; \
b[9] = safer_lbox[(b[9] + skey->saferp.K[i][9]) & 255] ^ skey->saferp.K[i+1][9]; \
b[10] = safer_lbox[(b[10] + skey->saferp.K[i][10]) & 255] ^ skey->saferp.K[i+1][10]; \
b[11] = (safer_ebox[(b[11] ^ skey->saferp.K[i][11]) & 255] + skey->saferp.K[i+1][11]) & 255; \
b[12] = (safer_ebox[(b[12] ^ skey->saferp.K[i][12]) & 255] + skey->saferp.K[i+1][12]) & 255; \
b[13] = safer_lbox[(b[13] + skey->saferp.K[i][13]) & 255] ^ skey->saferp.K[i+1][13]; \
b[14] = safer_lbox[(b[14] + skey->saferp.K[i][14]) & 255] ^ skey->saferp.K[i+1][14]; \
b[15] = (safer_ebox[(b[15] ^ skey->saferp.K[i][15]) & 255] + skey->saferp.K[i+1][15]) & 255;
int main(void)
{
int b[16], b2[16], x, y, z;
/* -- ENCRYPT --- */
for (x = 0; x < 16; x++) b[x] = x;
/* emit encrypt preabmle */
printf(
"void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)\n"
"{\n"
" int x;\n"
" unsigned char b[16];\n"
"\n"
" LTC_ARGCHK(pt != NULL);\n"
" LTC_ARGCHK(ct != NULL);\n"
" LTC_ARGCHK(skey != NULL);\n"
"\n"
" /* do eight rounds */\n"
" for (x = 0; x < 16; x++) {\n"
" b[x] = pt[x];\n"
" }\n");
/* do 8 rounds of ROUND; LT; */
for (x = 0; x < 8; x++) {
/* ROUND(..., x*2) */
for (y = 0; y < 16; y++) {
printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
b[y], "elle"[y&3], b[y], "^++^"[y&3], x*2, y, "+^^+"[y&3], x*2+1, y);
}
/* LT */
for (y = 0; y < 4; y++) {
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
if (y < 3) {
SHUF;
}
}
}
printf(
" if (skey->saferp.rounds <= 8) {\n");
/* finish */
for (x = 0; x < 16; x++) {
printf(
" ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
x, b[x], "^++^"[x&3], x);
}
printf(" return;\n }\n");
/* 192-bit keys */
printf(
" /* 192-bit key? */\n"
" if (skey->saferp.rounds > 8) {\n");
/* do 4 rounds of ROUND; LT; */
for (x = 8; x < 12; x++) {
/* ROUND(..., x*2) */
for (y = 0; y < 16; y++) {
printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
b[y], "elle"[y&3], b[y], "^++^"[y&3], x*2, y, "+^^+"[y&3], x*2+1, y);
}
/* LT */
for (y = 0; y < 4; y++) {
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
if (y < 3) {
SHUF;
}
}
}
printf("}\n");
printf(
" if (skey->saferp.rounds <= 12) {\n");
/* finish */
for (x = 0; x < 16; x++) {
printf(
" ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
x, b[x], "^++^"[x&3], x);
}
printf(" return;\n }\n");
/* 256-bit keys */
printf(
" /* 256-bit key? */\n"
" if (skey->saferp.rounds > 12) {\n");
/* do 4 rounds of ROUND; LT; */
for (x = 12; x < 16; x++) {
/* ROUND(..., x*2) */
for (y = 0; y < 16; y++) {
printf("b[%d] = (safer_%cbox[(b[%d] %c skey->saferp.K[%d][%d]) & 255] %c skey->saferp.K[%d][%d]) & 255;\n",
b[y], "elle"[y&3], b[y], "^++^"[y&3], x*2, y, "+^^+"[y&3], x*2+1, y);
}
/* LT */
for (y = 0; y < 4; y++) {
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[0], b[0], b[1], b[0], b[1]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[2], b[2], b[3], b[3], b[2]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[4], b[4], b[5], b[5], b[4]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[6], b[6], b[7], b[7], b[6]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[8], b[8], b[9], b[9], b[8]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[10], b[10], b[11], b[11], b[10]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[12], b[12], b[13], b[13], b[12]);
printf(" b[%d] = (b[%d] + (b[%d] = (b[%d] + b[%d]) & 255)) & 255;\n", b[14], b[14], b[15], b[15], b[14]);
if (y < 3) {
SHUF;
}
}
}
/* finish */
for (x = 0; x < 16; x++) {
printf(
" ct[%d] = (b[%d] %c skey->saferp.K[skey->saferp.rounds*2][%d]) & 255;\n",
x, b[x], "^++^"[x&3], x);
}
printf(" return;\n");
printf(" }\n}\n\n");
return 0;
}

54
notes/ocb_tv.txt
View File

@ -329,3 +329,57 @@ OCB-skipjack (10 byte key)
15: 1D5A7AD556FF3078284BB21A536DAA, 01FAE2F4936ED9D2
16: 4B8B71396924880CB33EA6EC6593F969, A0F4B1BE3B9B4CCE
OCB-anubis (16 byte key)
0: , D22ACF880B297DB0513DFAF0D2DF57D9
1: 59, 210A179469D6568AB9470C760415574E
2: AFA5, 1223F9CD160ABE2F257164C6E5533C87
3: 969BEC, A57EC767543CA2ADBA4F5A7423ECA78A
4: CF8B31F1, 13B5BF9CD87CE15CE696F3AF1B082650
5: 9B22DF3852, 4937FDDA0AFDDA04CCD53CCBB0A82745
6: E11719B2F0F8, 6847931DBF0223F5CEF66AE3F4DFCF9B
7: 5A85E0F6DD2266, A1A0AF45A68A681CC396615FE1E1DFB5
8: 7F2DFCC65ED86976, 13614A3C6E0E08611D8DF8EE5B7D788F
9: 1DAF10DFA3F1D53E50, 673632B6DD553BAE90E9E6CC8CDE0FA5
10: AF74FD9671F9C0A9879C, B8B4DD448FE967207227B84E42126D90
11: 49421CED1167A882E26297, 21C8951A1761E4BD13BC85CBD14D30BD
12: BC0BC779B83F07D30CB340DA, FAABD25E14FFD8D468AD6616021F604C
13: 843D7E00F94E61AE950B9AA191, 08933ED5FBDCAF72F788393CD5422D0F
14: 296F15C383C511C36258F528E331, 8BFFADF5655C1864057D69A6706D1739
15: E31D2E80B2DBA4FBFAF52DB0513838, C4CD36821EC631CCBF1F258EE9931288
16: 87F319FE9A48E2D087EDF95563896EE5, 517960488E5A118D150A1573E76C290A
17: 9632B7DC1740BBE0A7AEEFD0F535B5AE8A, 0C24D0950873621D319A928862D3A6AC
18: 359431ED4B3AC537238CAC2F86126972D403, 4A0CED2F4BFA3355C17D6C5DF9FABFAA
19: E15B50172EE8DA9C552D448A5A48BEEAA2F11D, 8166B2A2D3A0745D1055F9F503FD6C03
20: 75842DDC0D5E3BD80225E4BFBD1298421244D7EF, BB957BB2582B67B63978BCFD7A949EDD
21: 3DD69162716D5F3E096E614991CAD7ED8E01F926B8, 40A954F31F5B0A2C5DD220ACED8D2B3E
22: 8A49AC14F59593D5399A10F9346E2FD36F47F64ED419, 4324D408CE7F86370495AF14FBD1A859
23: 6AA8FA353BCAAB4262211D75F13D27BE173526B8BC3CFC, BA3A27D79EC8ECBC5A78CB9FD095B766
24: B918192BB72CFEF980298EEE570460356A4BA1755576FEAA, EB341ECE0A070E769F498600EE4EBF77
25: BEFAE0B77E42A2FD18958D9E43202E8A338562AFF8317461B0, 444C1D6BDC026A01012BB2CEEAD89C2C
26: 07E86D49CFFE6FB08FDF44584033AF321447003D8AD3862C00C9, DA9355A79B224EF662DA65F19BE494A7
27: 911BB223AC6F6E54082FBFEDEC300D73FCAF715CCA35949212B372, 3496160A46A21DCDB5A4C179F159D860
28: ABB563FC803715F59AA35460E98470E2E94E4270455ACEBF4297641B, 899CFE1946A060DE620879B8A7464718
29: 47D98E83B5849CDE19B14ABCF9EA6CA9684AB49A3AB36BD14F328D808C, 6D76CD5EFF6D4AD3B67A56DF1EB42E05
30: C8BF0B71A95884FFB93D64C57E327A4754EC5A1EE26632CF8E0B6B26CBDE, 2B3BE785263B1A400E5893273AFD09AE
31: 9804D668CF2D75CA58C9671F65630E33909269B9511AF9119BE88EBB35F00C, 3DDA028B1A2339CA817DC8D9371E0FF8
32: F6E038A82A09BCD20BAAC7926B2296B78F9CBA9DD12C497C47EA08DBCD8CEA3A, A203FC1E68E21A52E72224891AC10EE2
OCB-khazad (16 byte key)
0: , BDEDFF7AA0070063
1: 00, 67E951582D66ED93
2: 5FED, 09DC8AEAD70673DE
3: 26A7CC, CE1436CE1E37D4B0
4: 3D2BD063, 574C24395F31511A
5: 597F1AFCB1, 6FBBE820C6F26CDB
6: 202DAE442DF6, 58CA6E5706C9852D
7: 7C20EDA18E9444, AABF0DA252A1BAAD
8: DEC02BF76DFD5B77, A0A97446B80EACB6
9: 5D7A42F73843F9200E, A1DD603372D124CB
10: 0D4710E454C19B68369E, CC78E9D7EAA6A39F
11: 126694191BF09A29DCF40E, 76C9B84FA3E8913F
12: A94EBB86BD325B4FA1942FA5, 613DE312DB1666F7
13: 4F9462386469EA0EFDC1BFAFE9, 5247244FD4BBAA6F
14: 4EB794DFCF3823BDC38FA5EF3B23, 0C12017B5E058398
15: D870479780CC5B3B13A7A39029A56F, 003D3FCD31D497B5
16: A47BF1218AC86A60F6002CE004AF5E50, B4EC27091D5DCD58

54
notes/omac_tv.txt
View File

@ -329,3 +329,57 @@ OMAC-skipjack (10 byte key)
15: ED91F98DA98F42C4
16: D8D0FA5CE96B08BF
OMAC-anubis (16 byte key)
0: E672617CAA1E641C0E7B4B4CC4787455
1: C0C16E8FD63907C08A8ABBB7B73376D3
2: 23F97CED54939361830396224A7BDD91
3: 7FD87DEA9F05E07212DDF61292D9E13D
4: 929A11A4D0991A6446B1051926A6048D
5: 4EB74F1CC0150D86126BC6FE1FC8253D
6: 33C2C3C072D05BB6D54F87579C23B116
7: DE350181C9E90A79879813A609BE77E2
8: DB519EB9EF0E154D9D248734FD3D3724
9: 4F7F2E6D3FC72BA94FE24EC0ABBF4E66
10: D646389DBCEEDD59EBB6E8F09C422930
11: 8547658AE1CE6A8B8D010A1E1FEA7AF4
12: C9BE2B7F3630EFDFBD3AEA6A108C86EA
13: 290417C57096B8B9A1BA3C20FD91285B
14: 9AF60E99692C5F911CBF969A6E11DC14
15: CDA433BE58C98E49EBA8A7108E50DE2B
16: 7430D0EE631A4659351B8A4489A78D46
17: DCC74C0FD0415768FE00225CA14B7DC2
18: 0CF2432B1B465F2A8C5FACAAF2FEF619
19: DA020680C64E93AE5FCA3D71466D01C1
20: B9C33A86E6ED9FCCDCD973382DD1B6A3
21: 6631236B9F2F810DD4D97E6046F41AF2
22: 0312C322F4D634CF4FBC0C2624E3E9F2
23: 111E3E9F8FBDC1E4364622723F1CB524
24: 6D2608D7AAF243D5219E14513895BFF6
25: 683BD01B43CBC0430A007ACBAB357DC9
26: 01B8FC65C56B0F1A5BFEBEDCCF6748D9
27: 4D6298D63A80D55491697A6DD8E3694C
28: 6F0205E4E083CAB00747D723300510DF
29: 5183BAEEF05E9402A935EB9AFF0AA2A9
30: 1E673BFAD4944643A740C59D96A5925C
31: 940FB4000E34EEE78E8DB402E4A76502
32: 87B0C48F3D155AD85D0502D94A4572DE
OMAC-khazad (16 byte key)
0: 4EBEFA460499424F
1: 97AEEAD51E541D16
2: 29A35212910C9595
3: ABD1577D622074EA
4: 70A537DE14DD765C
5: 240A19016DE99C51
6: 4D42C10A9F803177
7: F464BC3E0DB5A909
8: 1C65A01A7C08DAC7
9: E49A1428C230C209
10: 16DD0FEB7A6505B8
11: 2DDDB3E35A05C220
12: EC88910C799AC6CC
13: B2A65C9EF39BEC8A
14: F0D2366BA91DFFD5
15: BCAB623CAB7AAA23
16: 9BCEAB857596E478

54
notes/pmac_tv.txt
View File

@ -329,3 +329,57 @@ PMAC-skipjack (10 byte key)
15: 2C5BD475AAC44C77
16: FEB892DA66D31A84
PMAC-anubis (16 byte key)
0: DF33EE541FFEE6A97FE3A1F72F7A38FC
1: 0AB28675AC3923C6DD9F5A8E1E2928D0
2: 2DABF75D6403E1E1CFAB3E6869FB1088
3: 95835D49E09740180B79E394FC2AA744
4: F364D6DC2C2078A519E5BAEFE858AFCA
5: DA4C66A4805FC91FABAECC0D3AEAD850
6: 487660FADCAC7B326C492AA051A1DF49
7: BF07835AA1A548FA7312509AF35CE3F3
8: 3CE8A8B1F324A700923AC0B830D53D99
9: 3C54D99AACFAB26E34FC1B0B6BB9EB22
10: 0A559F9D107ED76FD19227FDD0752B8A
11: BFD9E74ADC40B9C7446FDD09558FA584
12: F1130F663BC0FA3B1066129E0D1910E9
13: 535EAD786F0D211DE7AA78F3CB480803
14: CDF5855F00A4C310D95B26751B01A28B
15: EF6686E999D5A9C35A96D25BB9DBBF57
16: E795733AA0AAF16D8F7AB1A8E9C55E54
17: E03CA85727D5CF06F56BB6465BB3E5C5
18: 6EDDDB6D2292EFF584E382E1BACD1A49
19: 7B7FE0D8821836C1AA95578071FF2FD2
20: 5F8CC568338400746B61A9286B7CF262
21: 32DEE5A11E9EDB04BDF911837CE0FA4D
22: F1A99914F13B17ABF383F36157FEB170
23: 99F541647F382390043CAE5332E3114D
24: 34C5EBB85693A1979F8CFDF8B431A5BB
25: 1BA7266568F1E7B4A77A869D3021AC0F
26: 0FC675C99C24E859F8CE714E86BF5289
27: CBFAB21F5ABC47356A43BED806D873C0
28: 9659AB1A4D334B622629721F98EECE3A
29: 644C8BEE41F03BDE7652B03CAEA31E37
30: 5B3447AFAD934B4D1E4910A8DFD588E7
31: BFF403342E8D50D0447627AEA2F56B23
32: 19F468F0FB05184D00FABD40A18DB7B2
PMAC-khazad (16 byte key)
0: F40CEF2E392BEAEB
1: C6E086BD1CFA0992
2: 513F2851583AD69A
3: 07279D57695D78FF
4: 051E94FE4CC847B6
5: 5E9AAA5989D5C951
6: 310D5D740143369A
7: 9BB1EA8ECD4AF34B
8: CF886800AF0526C8
9: 0B03E2C94729E643
10: 42815B308A900EC7
11: 9A38A58C438D26DD
12: 044BFF68FD2BFF76
13: 7F5ABBDC29852729
14: F81A7D6F7B788A5D
15: 93098DA8A180AA35
16: BACE2F4DA8A89E32

65
ocb_decrypt_verify_memory.c
View File

@ -1,65 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef OCB_MODE
int ocb_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
const unsigned char *tag, unsigned long taglen,
int *res)
{
int err;
ocb_state *ocb;
_ARGCHK(key != NULL);
_ARGCHK(nonce != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(res != NULL);
/* allocate memory */
ocb = XMALLOC(sizeof(ocb_state));
if (ocb == NULL) {
return CRYPT_MEM;
}
if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
goto __ERR;
}
while (ctlen > (unsigned long)ocb->block_len) {
if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) {
goto __ERR;
}
ctlen -= ocb->block_len;
pt += ocb->block_len;
ct += ocb->block_len;
}
err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, res);
__ERR:
#ifdef CLEAN_STACK
zeromem(ocb, sizeof(ocb_state));
#endif
XFREE(ocb);
return err;
}
#endif

29
ocb_done_encrypt.c
View File

@ -1,29 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef OCB_MODE
int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen)
{
_ARGCHK(ocb != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(taglen != NULL);
return __ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0);
}
#endif

68
omac_done.c
View File

@ -1,68 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OMAC1 Support by Tom St Denis (for 64 and 128 bit block ciphers only) */
#include "mycrypt.h"
#ifdef OMAC
int omac_done(omac_state *state, unsigned char *out, unsigned long *outlen)
{
int err, mode;
unsigned x;
_ARGCHK(state != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) {
return err;
}
if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) ||
(state->blklen > (int)sizeof(state->block)) || (state->buflen > state->blklen)) {
return CRYPT_INVALID_ARG;
}
/* figure out mode */
if (state->buflen != state->blklen) {
/* add the 0x80 byte */
state->block[state->buflen++] = 0x80;
/* pad with 0x00 */
while (state->buflen < state->blklen) {
state->block[state->buflen++] = 0x00;
}
mode = 1;
} else {
mode = 0;
}
/* now xor prev + Lu[mode] */
for (x = 0; x < (unsigned)state->blklen; x++) {
state->block[x] ^= state->prev[x] ^ state->Lu[mode][x];
}
/* encrypt it */
cipher_descriptor[state->cipher_idx].ecb_encrypt(state->block, state->block, &state->key);
/* output it */
for (x = 0; x < (unsigned)state->blklen && x < *outlen; x++) {
out[x] = state->block[x];
}
*outlen = x;
#ifdef CLEAN_STACK
zeromem(state, sizeof(*state));
#endif
return CRYPT_OK;
}
#endif

53
omac_process.c
View File

@ -1,53 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OMAC1 Support by Tom St Denis (for 64 and 128 bit block ciphers only) */
#include "mycrypt.h"
#ifdef OMAC
int omac_process(omac_state *state, const unsigned char *buf, unsigned long len)
{
int err, n, x;
_ARGCHK(state != NULL);
_ARGCHK(buf != NULL);
if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) {
return err;
}
if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) ||
(state->blklen > (int)sizeof(state->block)) || (state->buflen > state->blklen)) {
return CRYPT_INVALID_ARG;
}
while (len != 0) {
/* ok if the block is full we xor in prev, encrypt and replace prev */
if (state->buflen == state->blklen) {
for (x = 0; x < state->blklen; x++) {
state->block[x] ^= state->prev[x];
}
cipher_descriptor[state->cipher_idx].ecb_encrypt(state->block, state->prev, &state->key);
state->buflen = 0;
}
/* add bytes */
n = MIN(len, (unsigned long)(state->blklen - state->buflen));
XMEMCPY(state->block + state->buflen, buf, n);
state->buflen += n;
len -= n;
buf += n;
}
return CRYPT_OK;
}
#endif

20
parsenames.pl Normal file
View File

@ -0,0 +1,20 @@
#!/usr/bin/perl
#
# Splits the list of files and outputs for makefile type files
# wrapped at 80 chars
#
# Tom St Denis
@a = split(" ", $ARGV[1]);
$b = "$ARGV[0]=";
$len = length($b);
print $b;
foreach my $obj (@a) {
$len = $len + length($obj);
$obj =~ s/\*/\$/;
if ($len > 80) {
printf "\\\n";
$len = length($obj);
}
print "$obj ";
}
print "\n\n";

56
pmac_memory.c
View File

@ -1,56 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* PMAC implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef PMAC
int pmac_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *msg, unsigned long msglen,
unsigned char *out, unsigned long *outlen)
{
int err;
pmac_state *pmac;
_ARGCHK(key != NULL);
_ARGCHK(msg != NULL);
_ARGCHK(out != NULL);
_ARGCHK(outlen != NULL);
/* allocate ram for pmac state */
pmac = XMALLOC(sizeof(pmac_state));
if (pmac == NULL) {
return CRYPT_MEM;
}
if ((err = pmac_init(pmac, cipher, key, keylen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = pmac_process(pmac, msg, msglen)) != CRYPT_OK) {
goto __ERR;
}
if ((err = pmac_done(pmac, out, outlen)) != CRYPT_OK) {
goto __ERR;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
zeromem(pmac, sizeof(pmac_state));
#endif
XFREE(pmac);
return err;
}
#endif

62
pmac_process.c
View File

@ -1,62 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* PMAC implementation by Tom St Denis */
#include "mycrypt.h"
#ifdef PMAC
int pmac_process(pmac_state *state, const unsigned char *buf, unsigned long len)
{
int err, n, x;
unsigned char Z[MAXBLOCKSIZE];
_ARGCHK(state != NULL);
_ARGCHK(buf != NULL);
if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) {
return err;
}
if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) ||
(state->block_len > (int)sizeof(state->block)) || (state->buflen > state->block_len)) {
return CRYPT_INVALID_ARG;
}
while (len != 0) {
/* ok if the block is full we xor in prev, encrypt and replace prev */
if (state->buflen == state->block_len) {
pmac_shift_xor(state);
for (x = 0; x < state->block_len; x++) {
Z[x] = state->Li[x] ^ state->block[x];
}
cipher_descriptor[state->cipher_idx].ecb_encrypt(Z, Z, &state->key);
for (x = 0; x < state->block_len; x++) {
state->checksum[x] ^= Z[x];
}
state->buflen = 0;
}
/* add bytes */
n = MIN(len, (unsigned long)(state->block_len - state->buflen));
XMEMCPY(state->block + state->buflen, buf, n);
state->buflen += n;
len -= n;
buf += n;
}
#ifdef CLEAN_STACK
zeromem(Z, sizeof(Z));
#endif
return CRYPT_OK;
}
#endif

84
pretty.build
View File

@ -1,84 +0,0 @@
#!/bin/perl -w
#
# Cute little builder for perl
# Total waste of development time...
#
# This will build all the object files and then the archive .a file
# requires GCC, GNU make and a sense of humour.
#
# Tom St Denis
use strict;
my $count = 0;
my $starttime = time;
my $rate = 0;
print "Scanning for source files...\n";
foreach my $filename (glob "*.c") {
if (!($filename =~ "aes_tab.c")) {
if (!($filename =~ "twofish_tab.c")) {
if (!($filename =~ "whirltab.c")) {
if (!($filename =~ "sha224.c")) {
if (!($filename =~ "sha384.c")) {
if (!($filename =~ "dh_sys.c")) {
if (!($filename =~ "ecc_sys.c")) {
if (!($filename =~ "sober128tab.c")) {
++$count;
}}}}}}}}
}
print "Source files to build: $count\nBuilding...\n";
my $i = 0;
my $lines = 0;
my $filesbuilt = 0;
foreach my $filename (glob "*.c") {
if (!($filename =~ "aes_tab.c")) {
if (!($filename =~ "twofish_tab.c")) {
if (!($filename =~ "whirltab.c")) {
if (!($filename =~ "sha224.c")) {
if (!($filename =~ "sha384.c")) {
if (!($filename =~ "dh_sys.c")) {
if (!($filename =~ "ecc_sys.c")) {
if (!($filename =~ "sober128tab.c")) {
printf("Building %3.2f%%, ", (++$i/$count)*100.0);
if ($i % 4 == 0) { print "/, "; }
if ($i % 4 == 1) { print "-, "; }
if ($i % 4 == 2) { print "\\, "; }
if ($i % 4 == 3) { print "|, "; }
if ($rate > 0) {
my $tleft = ($count - $i) / $rate;
my $tsec = $tleft%60;
my $tmin = ($tleft/60)%60;
my $thour = ($tleft/3600)%60;
printf("%2d:%02d:%02d left, ", $thour, $tmin, $tsec);
}
my $cnt = ($i/$count)*30.0;
my $x = 0;
print "[";
for (; $x < $cnt; $x++) { print "#"; }
for (; $x < 30; $x++) { print " "; }
print "]\r";
my $tmp = $filename;
$tmp =~ s/\.c/".o"/ge;
if (open(SRC, "<$tmp")) {
close SRC;
} else {
!system("make $tmp > /dev/null 2>/dev/null") or die "\nERROR: Failed to make $tmp!!!\n";
open( SRC, "<$filename" ) or die "Couldn't open $filename for reading: $!";
++$lines while (<SRC>);
close SRC or die "Error closing $filename after reading: $!";
++$filesbuilt;
}
# update timer
if (time != $starttime) {
my $delay = time - $starttime;
$rate = $i/$delay;
}
}}}}}}}}
}
# finish building the library
printf("\nFinished building source (%d seconds, %3.2f files per second).\n", time - $starttime, $rate);
print "Compiled approximately $filesbuilt files and $lines lines of code.\n";
print "Doing final make (building archive...)\n";
!system("make > /dev/null 2>/dev/null") or die "\nERROR: Failed to perform last make command!!!\n";
print "done.\n";

77
rsa_decrypt_key.c
View File

@ -1,77 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* (PKCS #1 v2.0) decrypt then OAEP depad */
int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *outkey, unsigned long *keylen,
const unsigned char *lparam, unsigned long lparamlen,
prng_state *prng, int prng_idx,
int hash_idx, int *res,
rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
unsigned char *tmp;
_ARGCHK(outkey != NULL);
_ARGCHK(keylen != NULL);
_ARGCHK(key != NULL);
_ARGCHK(res != NULL);
/* default to invalid */
*res = 0;
/* valid hash/prng ? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits(&(key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size(&(key->N));
if (modulus_bytelen != inlen) {
return CRYPT_INVALID_PACKET;
}
/* allocate ram */
tmp = XMALLOC(inlen);
if (tmp == NULL) {
return CRYPT_MEM;
}
/* rsa decode the packet */
x = inlen;
if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, prng, prng_idx, key)) != CRYPT_OK) {
XFREE(tmp);
return err;
}
/* now OAEP decode the packet */
err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx,
outkey, keylen, res);
XFREE(tmp);
return err;
}
#endif /* MRSA */

59
rsa_sign_hash.c
View File

@ -1,59 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* (PKCS #1, v2.0) PSS pad then sign */
int rsa_sign_hash(const unsigned char *msghash, unsigned long msghashlen,
unsigned char *sig, unsigned long *siglen,
prng_state *prng, int prng_idx,
int hash_idx, unsigned long saltlen,
rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
_ARGCHK(msghash != NULL);
_ARGCHK(sig != NULL);
_ARGCHK(siglen != NULL);
_ARGCHK(key != NULL);
/* valid prng and hash ? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits(&(key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size(&(key->N));
if (modulus_bytelen > *siglen) {
return CRYPT_BUFFER_OVERFLOW;
}
/* PSS pad the key */
x = *siglen;
if ((err = pkcs_1_pss_encode(msghash, msghashlen, saltlen, prng, prng_idx,
hash_idx, modulus_bitlen, sig, &x)) != CRYPT_OK) {
return err;
}
/* RSA encode it */
return rsa_exptmod(sig, x, sig, siglen, PK_PRIVATE, prng, prng_idx, key);
}
#endif /* MRSA */

66
rsa_v15_decrypt_key.c
View File

@ -1,66 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* decrypt then PKCS #1 v1.5 depad */
int rsa_v15_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *outkey, unsigned long keylen,
prng_state *prng, int prng_idx,
int *res, rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
unsigned char *tmp;
_ARGCHK(outkey != NULL);
_ARGCHK(key != NULL);
_ARGCHK(res != NULL);
/* default to invalid */
*res = 0;
/* valid prng ? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits(&(key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size(&(key->N));
if (modulus_bytelen != inlen) {
return CRYPT_INVALID_PACKET;
}
/* allocate ram */
tmp = XMALLOC(inlen);
if (tmp == NULL) {
return CRYPT_MEM;
}
/* rsa decode the packet */
x = inlen;
if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, prng, prng_idx, key)) != CRYPT_OK) {
XFREE(tmp);
return err;
}
/* PKCS #1 v1.5 depad */
err = pkcs_1_v15_es_decode(tmp, x, modulus_bitlen, outkey, keylen, res);
XFREE(tmp);
return err;
}
#endif

54
rsa_v15_encrypt_key.c
View File

@ -1,54 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* PKCS #1 v1.5 pad then encrypt */
int rsa_v15_encrypt_key(const unsigned char *inkey, unsigned long inlen,
unsigned char *outkey, unsigned long *outlen,
prng_state *prng, int prng_idx,
rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
_ARGCHK(inkey != NULL);
_ARGCHK(outkey != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(key != NULL);
/* valid prng? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits(&(key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size(&(key->N));
if (modulus_bytelen > *outlen) {
return CRYPT_BUFFER_OVERFLOW;
}
/* pad it */
x = *outlen;
if ((err = pkcs_1_v15_es_encode(inkey, inlen, modulus_bitlen, prng, prng_idx, outkey, &x)) != CRYPT_OK) {
return err;
}
/* encrypt it */
return rsa_exptmod(outkey, x, outkey, outlen, PK_PUBLIC, prng, prng_idx, key);
}
#endif

57
rsa_v15_sign_hash.c
View File

@ -1,57 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#ifdef MRSA
/* PKCS #1 v1.5 pad then sign */
int rsa_v15_sign_hash(const unsigned char *msghash, unsigned long msghashlen,
unsigned char *sig, unsigned long *siglen,
prng_state *prng, int prng_idx,
int hash_idx, rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
_ARGCHK(msghash != NULL);
_ARGCHK(sig != NULL);
_ARGCHK(siglen != NULL);
_ARGCHK(key != NULL);
/* valid prng and hash ? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits(&(key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size(&(key->N));
if (modulus_bytelen > *siglen) {
return CRYPT_BUFFER_OVERFLOW;
}
/* PKCS #1 v1.5 pad the key */
x = *siglen;
if ((err = pkcs_1_v15_sa_encode(msghash, msghashlen, hash_idx, modulus_bitlen, sig, &x)) != CRYPT_OK) {
return err;
}
/* RSA encode it */
return rsa_exptmod(sig, x, sig, siglen, PK_PRIVATE, prng, prng_idx, key);
}
#endif

80
sprng.c
View File

@ -1,80 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* A secure PRNG using the RNG functions. Basically this is a
* wrapper that allows you to use a secure RNG as a PRNG
* in the various other functions.
*/
#include "mycrypt.h"
#ifdef SPRNG
const struct _prng_descriptor sprng_desc =
{
"sprng", 0,
&sprng_start,
&sprng_add_entropy,
&sprng_ready,
&sprng_read,
&sprng_done,
&sprng_export,
&sprng_import,
&sprng_test
};
int sprng_start(prng_state *prng)
{
return CRYPT_OK;
}
int sprng_add_entropy(const unsigned char *buf, unsigned long len, prng_state *prng)
{
return CRYPT_OK;
}
int sprng_ready(prng_state *prng)
{
return CRYPT_OK;
}
unsigned long sprng_read(unsigned char *buf, unsigned long len, prng_state *prng)
{
_ARGCHK(buf != NULL);
return rng_get_bytes(buf, len, NULL);
}
int sprng_done(prng_state *prng)
{
return CRYPT_OK;
}
int sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
{
_ARGCHK(outlen != NULL);
*outlen = 0;
return CRYPT_OK;
}
int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
{
return CRYPT_OK;
}
int sprng_test(void)
{
return CRYPT_OK;
}
#endif

99
aes.c → src/ciphers/aes/aes.c
View File

@ -25,8 +25,12 @@
* @author Paulo Barreto <paulo.barreto@terra.com.br>
---
*/
/**
@file aes.c
Implementation of AES
*/
#include "mycrypt.h"
#include "tomcrypt.h"
#ifdef RIJNDAEL
@ -38,7 +42,7 @@
#define ECB_TEST rijndael_test
#define ECB_KS rijndael_keysize
const struct _cipher_descriptor rijndael_desc =
const struct ltc_cipher_descriptor rijndael_desc =
{
"rijndael",
6,
@ -46,7 +50,7 @@ const struct _cipher_descriptor rijndael_desc =
SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_KS
};
const struct _cipher_descriptor aes_desc =
const struct ltc_cipher_descriptor aes_desc =
{
"aes",
6,
@ -60,7 +64,7 @@ const struct _cipher_descriptor aes_desc =
#define ECB_ENC rijndael_enc_ecb_encrypt
#define ECB_KS rijndael_enc_keysize
const struct _cipher_descriptor rijndael_enc_desc =
const struct ltc_cipher_descriptor rijndael_enc_desc =
{
"rijndael",
6,
@ -68,7 +72,7 @@ const struct _cipher_descriptor rijndael_enc_desc =
SETUP, ECB_ENC, NULL, NULL, ECB_KS
};
const struct _cipher_descriptor aes_enc_desc =
const struct ltc_cipher_descriptor aes_enc_desc =
{
"aes",
6,
@ -89,7 +93,7 @@ static ulong32 setup_mix(ulong32 temp)
}
#ifndef ENCRYPT_ONLY
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
static ulong32 setup_mix2(ulong32 temp)
{
return Td0(255 & Te4[byte(temp, 3)]) ^
@ -100,21 +104,29 @@ static ulong32 setup_mix2(ulong32 temp)
#endif
#endif
int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
/**
Initialize the AES (Rijndael) block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int i, j;
ulong32 temp, *rk;
#ifndef ENCRYPT_ONLY
ulong32 *rrk;
#endif
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (keylen != 16 && keylen != 24 && keylen != 32) {
return CRYPT_INVALID_KEYSIZE;
}
if (rounds != 0 && rounds != (10 + ((keylen/8)-2)*2)) {
if (num_rounds != 0 && num_rounds != (10 + ((keylen/8)-2)*2)) {
return CRYPT_INVALID_ROUNDS;
}
@ -181,7 +193,7 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
break;
}
temp = rk[11];
rk[12] = rk[ 4] ^ setup_mix(ROR(temp, 8));
rk[12] = rk[ 4] ^ setup_mix(RORc(temp, 8));
rk[13] = rk[ 5] ^ rk[12];
rk[14] = rk[ 6] ^ rk[13];
rk[15] = rk[ 7] ^ rk[14];
@ -189,7 +201,7 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
}
} else {
/* this can't happen */
j = 4;
return CRYPT_ERROR;
}
#ifndef ENCRYPT_ONLY
@ -208,7 +220,7 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
for (i = 1; i < skey->rijndael.Nr; i++) {
rrk -= 4;
rk += 4;
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
temp = rrk[0];
rk[0] = setup_mix2(temp);
temp = rrk[1];
@ -258,7 +270,13 @@ int SETUP(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
return CRYPT_OK;
}
#ifdef CLEAN_STACK
/**
Encrypts a block of text with AES
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
@ -267,9 +285,9 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
int Nr, r;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
Nr = skey->rijndael.Nr;
rk = skey->rijndael.eK;
@ -284,7 +302,7 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
LOAD32H(s3, pt + 12); s3 ^= rk[3];
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
for (r = 0; ; r++) {
rk += 4;
@ -418,7 +436,7 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
STORE32H(s3, ct+12);
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_rijndael_ecb_encrypt(pt, ct, skey);
@ -428,7 +446,13 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#ifndef ENCRYPT_ONLY
#ifdef CLEAN_STACK
/**
Decrypts a block of text with AES
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
@ -437,9 +461,9 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
int Nr, r;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
Nr = skey->rijndael.Nr;
rk = skey->rijndael.dK;
@ -453,7 +477,7 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
LOAD32H(s2, ct + 8); s2 ^= rk[2];
LOAD32H(s3, ct + 12); s3 ^= rk[3];
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
for (r = 0; ; r++) {
rk += 4;
t0 =
@ -588,7 +612,7 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_rijndael_ecb_decrypt(ct, pt, skey);
@ -596,6 +620,10 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
}
#endif
/**
Performs a self-test of the AES block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int ECB_TEST(void)
{
#ifndef LTC_TEST
@ -679,20 +707,25 @@ int ECB_TEST(void)
#endif /* ENCRYPT_ONLY */
int ECB_KS(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int ECB_KS(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
LTC_ARGCHK(keysize != NULL);
if (*desired_keysize < 16)
if (*keysize < 16)
return CRYPT_INVALID_KEYSIZE;
if (*desired_keysize < 24) {
*desired_keysize = 16;
if (*keysize < 24) {
*keysize = 16;
return CRYPT_OK;
} else if (*desired_keysize < 32) {
*desired_keysize = 24;
} else if (*keysize < 32) {
*keysize = 24;
return CRYPT_OK;
} else {
*desired_keysize = 32;
*keysize = 32;
return CRYPT_OK;
}
}

18
aes_tab.c → src/ciphers/aes/aes_tab.c
View File

@ -23,6 +23,10 @@ Td3[x] = Si[x].[09, 0d, 0b, 0e];
Td4[x] = Si[x].[01, 01, 01, 01];
*/
/**
@file aes_tab.c
AES tables
*/
static const ulong32 TE0[256] = {
0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL,
0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL,
@ -295,17 +299,17 @@ static const ulong32 Td4[256] = {
#endif /* ENCRYPT_ONLY */
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
#define Te0(x) TE0[x]
#define Te1(x) ROR(TE0[x], 8)
#define Te2(x) ROR(TE0[x], 16)
#define Te3(x) ROR(TE0[x], 24)
#define Te1(x) RORc(TE0[x], 8)
#define Te2(x) RORc(TE0[x], 16)
#define Te3(x) RORc(TE0[x], 24)
#define Td0(x) TD0[x]
#define Td1(x) ROR(TD0[x], 8)
#define Td2(x) ROR(TD0[x], 16)
#define Td3(x) ROR(TD0[x], 24)
#define Td1(x) RORc(TD0[x], 8)
#define Td2(x) RORc(TD0[x], 16)
#define Td3(x) RORc(TD0[x], 24)
#define Te4_0 0x000000FF & Te4
#define Te4_1 0x0000FF00 & Te4

1541
src/ciphers/anubis.c Normal file
View File

File diff suppressed because it is too large Load Diff

131
blowfish.c → src/ciphers/blowfish.c
View File

@ -8,11 +8,15 @@
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
/**
@file blowfish.c
Implementation of the Blowfish block cipher, Tom St Denis
*/
#include "tomcrypt.h"
#ifdef BLOWFISH
const struct _cipher_descriptor blowfish_desc =
const struct ltc_cipher_descriptor blowfish_desc =
{
"blowfish",
0,
@ -291,14 +295,22 @@ static const ulong32 ORIG_S[4][256] = {
0xB74E6132UL, 0xCE77E25BUL, 0x578FDFE3UL, 0x3AC372E6UL }
};
/**
Initialize the Blowfish block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
symmetric_key *skey)
{
ulong32 x, y, z, A;
unsigned char B[8];
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
/* check key length */
if (keylen < 8 || keylen > 56) {
@ -353,7 +365,7 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
}
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(B, sizeof(B));
#endif
@ -363,13 +375,19 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
#ifndef __GNUC__
#define F(x) ((S1[byte(x,3)] + S2[byte(x,2)]) ^ S3[byte(x,1)]) + S4[byte(x,0)]
#else
#define F(x) ((key->blowfish.S[0][byte(x,3)] + key->blowfish.S[1][byte(x,2)]) ^ key->blowfish.S[2][byte(x,1)]) + key->blowfish.S[3][byte(x,0)]
#define F(x) ((skey->blowfish.S[0][byte(x,3)] + skey->blowfish.S[1][byte(x,2)]) ^ skey->blowfish.S[2][byte(x,1)]) + skey->blowfish.S[3][byte(x,0)]
#endif
#ifdef CLEAN_STACK
static void _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with Blowfish
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 L, R;
@ -378,15 +396,15 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
ulong32 *S1, *S2, *S3, *S4;
#endif
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
#ifndef __GNUC__
S1 = key->blowfish.S[0];
S2 = key->blowfish.S[1];
S3 = key->blowfish.S[2];
S4 = key->blowfish.S[3];
S1 = skey->blowfish.S[0];
S2 = skey->blowfish.S[1];
S3 = skey->blowfish.S[2];
S4 = skey->blowfish.S[3];
#endif
/* load it */
@ -395,33 +413,39 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
/* do 16 rounds */
for (r = 0; r < 16; ) {
L ^= key->blowfish.K[r++]; R ^= F(L);
R ^= key->blowfish.K[r++]; L ^= F(R);
L ^= key->blowfish.K[r++]; R ^= F(L);
R ^= key->blowfish.K[r++]; L ^= F(R);
L ^= skey->blowfish.K[r++]; R ^= F(L);
R ^= skey->blowfish.K[r++]; L ^= F(R);
L ^= skey->blowfish.K[r++]; R ^= F(L);
R ^= skey->blowfish.K[r++]; L ^= F(R);
}
/* last keying */
R ^= key->blowfish.K[17];
L ^= key->blowfish.K[16];
R ^= skey->blowfish.K[17];
L ^= skey->blowfish.K[16];
/* store */
STORE32H(R, &ct[0]);
STORE32H(L, &ct[4]);
}
#ifdef CLEAN_STACK
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_blowfish_ecb_encrypt(pt, ct, key);
_blowfish_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
}
#endif
#ifdef CLEAN_STACK
static void _blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with Blowfish
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 L, R;
@ -430,15 +454,15 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
ulong32 *S1, *S2, *S3, *S4;
#endif
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
#ifndef __GNUC__
S1 = key->blowfish.S[0];
S2 = key->blowfish.S[1];
S3 = key->blowfish.S[2];
S4 = key->blowfish.S[3];
S1 = skey->blowfish.S[0];
S2 = skey->blowfish.S[1];
S3 = skey->blowfish.S[2];
S4 = skey->blowfish.S[3];
#endif
/* load it */
@ -446,15 +470,15 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
LOAD32H(L, &ct[4]);
/* undo last keying */
R ^= key->blowfish.K[17];
L ^= key->blowfish.K[16];
R ^= skey->blowfish.K[17];
L ^= skey->blowfish.K[16];
/* do 16 rounds */
for (r = 15; r > 0; ) {
L ^= F(R); R ^= key->blowfish.K[r--];
R ^= F(L); L ^= key->blowfish.K[r--];
L ^= F(R); R ^= key->blowfish.K[r--];
R ^= F(L); L ^= key->blowfish.K[r--];
L ^= F(R); R ^= skey->blowfish.K[r--];
R ^= F(L); L ^= skey->blowfish.K[r--];
L ^= F(R); R ^= skey->blowfish.K[r--];
R ^= F(L); L ^= skey->blowfish.K[r--];
}
/* store */
@ -462,15 +486,19 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
STORE32H(R, &pt[4]);
}
#ifdef CLEAN_STACK
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_blowfish_ecb_decrypt(ct, pt, key);
_blowfish_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
}
#endif
/**
Performs a self-test of the Blowfish block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int blowfish_test(void)
{
#ifndef LTC_TEST
@ -525,14 +553,19 @@ int blowfish_test(void)
#endif
}
int blowfish_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int blowfish_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
LTC_ARGCHK(keysize != NULL);
if (*desired_keysize < 8) {
if (*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 56) {
*desired_keysize = 56;
} else if (*keysize > 56) {
*keysize = 56;
}
return CRYPT_OK;
}

163
cast5.c → src/ciphers/cast5.c
View File

@ -8,12 +8,16 @@
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Implementation of CAST5 (RFC 2144) by Tom St Denis */
#include "mycrypt.h"
/**
@file cast5.c
Implementation of CAST5 (RFC 2144) by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef CAST5
const struct _cipher_descriptor cast5_desc = {
const struct ltc_cipher_descriptor cast5_desc = {
"cast5",
15,
5, 16, 8, 16,
@ -391,7 +395,15 @@ static const ulong32 S8[256] = {
#define GB(x, i) (((x[(15-i)>>2])>>(unsigned)(8*((15-i)&3)))&255)
#endif
#ifdef CLEAN_STACK
/**
Initialize the CAST5 block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
static int _cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
#else
int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@ -401,8 +413,8 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_
unsigned char buf[16];
int y, i;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (num_rounds != 12 && num_rounds != 16 && num_rounds != 0) {
return CRYPT_INVALID_ROUNDS;
@ -466,7 +478,7 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_
skey->cast5.keylen = keylen;
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(buf, sizeof(buf));
zeromem(x, sizeof(x));
zeromem(z, sizeof(z));
@ -475,7 +487,7 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_
return CRYPT_OK;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int z;
@ -515,95 +527,111 @@ INLINE static ulong32 FIII(ulong32 R, ulong32 Km, ulong32 Kr)
return ((S1[byte(I, 3)] + S2[byte(I,2)]) ^ S3[byte(I,1)]) - S4[byte(I,0)];
}
#ifdef CLEAN_STACK
static void _cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with CAST5
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 R, L;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(L,&pt[0]);
LOAD32H(R,&pt[4]);
L ^= FI(R, key->cast5.K[0], key->cast5.K[16]);
R ^= FII(L, key->cast5.K[1], key->cast5.K[17]);
L ^= FIII(R, key->cast5.K[2], key->cast5.K[18]);
R ^= FI(L, key->cast5.K[3], key->cast5.K[19]);
L ^= FII(R, key->cast5.K[4], key->cast5.K[20]);
R ^= FIII(L, key->cast5.K[5], key->cast5.K[21]);
L ^= FI(R, key->cast5.K[6], key->cast5.K[22]);
R ^= FII(L, key->cast5.K[7], key->cast5.K[23]);
L ^= FIII(R, key->cast5.K[8], key->cast5.K[24]);
R ^= FI(L, key->cast5.K[9], key->cast5.K[25]);
L ^= FII(R, key->cast5.K[10], key->cast5.K[26]);
R ^= FIII(L, key->cast5.K[11], key->cast5.K[27]);
if (key->cast5.keylen > 10) {
L ^= FI(R, key->cast5.K[12], key->cast5.K[28]);
R ^= FII(L, key->cast5.K[13], key->cast5.K[29]);
L ^= FIII(R, key->cast5.K[14], key->cast5.K[30]);
R ^= FI(L, key->cast5.K[15], key->cast5.K[31]);
L ^= FI(R, skey->cast5.K[0], skey->cast5.K[16]);
R ^= FII(L, skey->cast5.K[1], skey->cast5.K[17]);
L ^= FIII(R, skey->cast5.K[2], skey->cast5.K[18]);
R ^= FI(L, skey->cast5.K[3], skey->cast5.K[19]);
L ^= FII(R, skey->cast5.K[4], skey->cast5.K[20]);
R ^= FIII(L, skey->cast5.K[5], skey->cast5.K[21]);
L ^= FI(R, skey->cast5.K[6], skey->cast5.K[22]);
R ^= FII(L, skey->cast5.K[7], skey->cast5.K[23]);
L ^= FIII(R, skey->cast5.K[8], skey->cast5.K[24]);
R ^= FI(L, skey->cast5.K[9], skey->cast5.K[25]);
L ^= FII(R, skey->cast5.K[10], skey->cast5.K[26]);
R ^= FIII(L, skey->cast5.K[11], skey->cast5.K[27]);
if (skey->cast5.keylen > 10) {
L ^= FI(R, skey->cast5.K[12], skey->cast5.K[28]);
R ^= FII(L, skey->cast5.K[13], skey->cast5.K[29]);
L ^= FIII(R, skey->cast5.K[14], skey->cast5.K[30]);
R ^= FI(L, skey->cast5.K[15], skey->cast5.K[31]);
}
STORE32H(R,&ct[0]);
STORE32H(L,&ct[4]);
}
#ifdef CLEAN_STACK
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_cast5_ecb_encrypt(pt,ct,key);
_cast5_ecb_encrypt(pt,ct,skey);
burn_stack(sizeof(ulong32)*3);
}
#endif
#ifdef CLEAN_STACK
static void _cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with CAST5
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 R, L;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(R,&ct[0]);
LOAD32H(L,&ct[4]);
if (key->cast5.keylen > 10) {
R ^= FI(L, key->cast5.K[15], key->cast5.K[31]);
L ^= FIII(R, key->cast5.K[14], key->cast5.K[30]);
R ^= FII(L, key->cast5.K[13], key->cast5.K[29]);
L ^= FI(R, key->cast5.K[12], key->cast5.K[28]);
if (skey->cast5.keylen > 10) {
R ^= FI(L, skey->cast5.K[15], skey->cast5.K[31]);
L ^= FIII(R, skey->cast5.K[14], skey->cast5.K[30]);
R ^= FII(L, skey->cast5.K[13], skey->cast5.K[29]);
L ^= FI(R, skey->cast5.K[12], skey->cast5.K[28]);
}
R ^= FIII(L, key->cast5.K[11], key->cast5.K[27]);
L ^= FII(R, key->cast5.K[10], key->cast5.K[26]);
R ^= FI(L, key->cast5.K[9], key->cast5.K[25]);
L ^= FIII(R, key->cast5.K[8], key->cast5.K[24]);
R ^= FII(L, key->cast5.K[7], key->cast5.K[23]);
L ^= FI(R, key->cast5.K[6], key->cast5.K[22]);
R ^= FIII(L, key->cast5.K[5], key->cast5.K[21]);
L ^= FII(R, key->cast5.K[4], key->cast5.K[20]);
R ^= FI(L, key->cast5.K[3], key->cast5.K[19]);
L ^= FIII(R, key->cast5.K[2], key->cast5.K[18]);
R ^= FII(L, key->cast5.K[1], key->cast5.K[17]);
L ^= FI(R, key->cast5.K[0], key->cast5.K[16]);
R ^= FIII(L, skey->cast5.K[11], skey->cast5.K[27]);
L ^= FII(R, skey->cast5.K[10], skey->cast5.K[26]);
R ^= FI(L, skey->cast5.K[9], skey->cast5.K[25]);
L ^= FIII(R, skey->cast5.K[8], skey->cast5.K[24]);
R ^= FII(L, skey->cast5.K[7], skey->cast5.K[23]);
L ^= FI(R, skey->cast5.K[6], skey->cast5.K[22]);
R ^= FIII(L, skey->cast5.K[5], skey->cast5.K[21]);
L ^= FII(R, skey->cast5.K[4], skey->cast5.K[20]);
R ^= FI(L, skey->cast5.K[3], skey->cast5.K[19]);
L ^= FIII(R, skey->cast5.K[2], skey->cast5.K[18]);
R ^= FII(L, skey->cast5.K[1], skey->cast5.K[17]);
L ^= FI(R, skey->cast5.K[0], skey->cast5.K[16]);
STORE32H(L,&pt[0]);
STORE32H(R,&pt[4]);
}
#ifdef CLEAN_STACK
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_cast5_ecb_decrypt(ct,pt,key);
_cast5_ecb_decrypt(ct,pt,skey);
burn_stack(sizeof(ulong32)*3);
}
#endif
/**
Performs a self-test of the CAST5 block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int cast5_test(void)
{
#ifndef LTC_TEST
@ -655,13 +683,18 @@ int cast5_test(void)
#endif
}
int cast5_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int cast5_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 5) {
LTC_ARGCHK(keysize != NULL);
if (*keysize < 5) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 16) {
*desired_keysize = 16;
} else if (*keysize > 16) {
*keysize = 16;
}
return CRYPT_OK;
}

174
des.c → src/ciphers/des.c
View File

@ -8,15 +8,19 @@
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* DES code submitted by Dobes Vandermeer */
#include "mycrypt.h"
#include "tomcrypt.h"
/**
@file des.c
DES code submitted by Dobes Vandermeer
*/
#ifdef DES
#define EN0 0
#define DE1 1
const struct _cipher_descriptor des_desc =
const struct ltc_cipher_descriptor des_desc =
{
"des",
13,
@ -28,7 +32,7 @@ const struct _cipher_descriptor des_desc =
&des_keysize
};
const struct _cipher_descriptor des3_desc =
const struct ltc_cipher_descriptor des3_desc =
{
"3des",
14,
@ -239,7 +243,7 @@ static const ulong32 SP8[64] =
0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL
};
#ifndef SMALL_CODE
#ifndef LTC_SMALL_CODE
static const ulong64 des_ip[8][256] = {
@ -1292,10 +1296,10 @@ static const ulong64 des_fp[8][256] = {
static void cookey(const ulong32 *raw1, ulong32 *keyout);
#ifdef CLEAN_STACK
void _deskey(const unsigned char *key, short edf, ulong32 *keyout)
#ifdef LTC_CLEAN_STACK
static void _deskey(const unsigned char *key, short edf, ulong32 *keyout)
#else
void deskey(const unsigned char *key, short edf, ulong32 *keyout)
static void deskey(const unsigned char *key, short edf, ulong32 *keyout)
#endif
{
ulong32 i, j, l, m, n, kn[32];
@ -1344,15 +1348,15 @@ void deskey(const unsigned char *key, short edf, ulong32 *keyout)
cookey(kn, keyout);
}
#ifdef CLEAN_STACK
void deskey(const unsigned char *key, short edf, ulong32 *keyout)
#ifdef LTC_CLEAN_STACK
static void deskey(const unsigned char *key, short edf, ulong32 *keyout)
{
_deskey(key, edf, keyout);
burn_stack(sizeof(int)*5 + sizeof(ulong32)*32 + sizeof(unsigned char)*112);
}
#endif
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void _cookey(const ulong32 *raw1, ulong32 *keyout)
#else
static void cookey(const ulong32 *raw1, ulong32 *keyout)
@ -1380,7 +1384,7 @@ static void cookey(const ulong32 *raw1, ulong32 *keyout)
XMEMCPY(keyout, dough, sizeof dough);
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void cookey(const ulong32 *raw1, ulong32 *keyout)
{
_cookey(raw1, keyout);
@ -1388,7 +1392,7 @@ static void cookey(const ulong32 *raw1, ulong32 *keyout)
}
#endif
#ifndef CLEAN_STACK
#ifndef LTC_CLEAN_STACK
static void desfunc(ulong32 *block, const ulong32 *keys)
#else
static void _desfunc(ulong32 *block, const ulong32 *keys)
@ -1400,7 +1404,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
leftt = block[0];
right = block[1];
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL;
right ^= work;
leftt ^= (work << 4);
@ -1417,12 +1421,12 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
leftt ^= work;
right ^= (work << 8);
right = ROL(right, 1);
right = ROLc(right, 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = ROL(leftt, 1);
leftt = ROLc(leftt, 1);
#else
{
ulong64 tmp;
@ -1440,7 +1444,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
#endif
for (cur_round = 0; cur_round < 8; cur_round++) {
work = ROR(right, 4) ^ *keys++;
work = RORc(right, 4) ^ *keys++;
leftt ^= SP7[work & 0x3fL]
^ SP5[(work >> 8) & 0x3fL]
^ SP3[(work >> 16) & 0x3fL]
@ -1451,7 +1455,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
^ SP4[(work >> 16) & 0x3fL]
^ SP2[(work >> 24) & 0x3fL];
work = ROR(leftt, 4) ^ *keys++;
work = RORc(leftt, 4) ^ *keys++;
right ^= SP7[ work & 0x3fL]
^ SP5[(work >> 8) & 0x3fL]
^ SP3[(work >> 16) & 0x3fL]
@ -1463,12 +1467,12 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
^ SP2[(work >> 24) & 0x3fL];
}
#ifdef SMALL_CODE
right = ROR(right, 1);
#ifdef LTC_SMALL_CODE
right = RORc(right, 1);
work = (leftt ^ right) & 0xaaaaaaaaL;
leftt ^= work;
right ^= work;
leftt = ROR(leftt, 1);
leftt = RORc(leftt, 1);
work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
right ^= work;
leftt ^= (work << 8);
@ -1502,7 +1506,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
block[1] = leftt;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void desfunc(ulong32 *block, const ulong32 *keys)
{
_desfunc(block, keys);
@ -1510,10 +1514,18 @@ static void desfunc(ulong32 *block, const ulong32 *keys)
}
#endif
/**
Initialize the DES block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (num_rounds != 0 && num_rounds != 16) {
return CRYPT_INVALID_ROUNDS;
@ -1529,10 +1541,18 @@ int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
return CRYPT_OK;
}
/**
Initialize the 3DES-EDE block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if(num_rounds != 0 && num_rounds != 16) {
return CRYPT_INVALID_ROUNDS;
@ -1553,63 +1573,91 @@ int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
return CRYPT_OK;
}
void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with DES
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
ulong32 work[2];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(work[0], pt+0);
LOAD32H(work[1], pt+4);
desfunc(work, key->des.ek);
desfunc(work, skey->des.ek);
STORE32H(work[0],ct+0);
STORE32H(work[1],ct+4);
}
void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with DES
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
ulong32 work[2];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(work[0], ct+0);
LOAD32H(work[1], ct+4);
desfunc(work, key->des.dk);
desfunc(work, skey->des.dk);
STORE32H(work[0],pt+0);
STORE32H(work[1],pt+4);
}
void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with 3DES-EDE
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
ulong32 work[2];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(work[0], pt+0);
LOAD32H(work[1], pt+4);
desfunc(work, key->des3.ek[0]);
desfunc(work, key->des3.ek[1]);
desfunc(work, key->des3.ek[2]);
desfunc(work, skey->des3.ek[0]);
desfunc(work, skey->des3.ek[1]);
desfunc(work, skey->des3.ek[2]);
STORE32H(work[0],ct+0);
STORE32H(work[1],ct+4);
}
void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with 3DES-EDE
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
ulong32 work[2];
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32H(work[0], ct+0);
LOAD32H(work[1], ct+4);
desfunc(work, key->des3.dk[0]);
desfunc(work, key->des3.dk[1]);
desfunc(work, key->des3.dk[2]);
desfunc(work, skey->des3.dk[0]);
desfunc(work, skey->des3.dk[1]);
desfunc(work, skey->des3.dk[2]);
STORE32H(work[0],pt+0);
STORE32H(work[1],pt+4);
}
/**
Performs a self-test of the DES block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int des_test(void)
{
#ifndef LTC_TEST
@ -1789,23 +1837,33 @@ int des3_test(void)
#endif
}
int des_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int des_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
if(*desired_keysize < 8) {
LTC_ARGCHK(keysize != NULL);
if(*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
}
*desired_keysize = 8;
*keysize = 8;
return CRYPT_OK;
}
int des3_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int des3_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
if(*desired_keysize < 24) {
LTC_ARGCHK(keysize != NULL);
if(*keysize < 24) {
return CRYPT_INVALID_KEYSIZE;
}
*desired_keysize = 24;
*keysize = 24;
return CRYPT_OK;
}

838
src/ciphers/khazad.c Normal file
View File

@ -0,0 +1,838 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "tomcrypt.h"
/**
@file khazad.c
Khazad implementation derived from public domain source
Authors: Paulo S.L.M. Barreto and Vincent Rijmen.
*/
#ifdef KHAZAD
const struct ltc_cipher_descriptor khazad_desc = {
"khazad",
18,
16, 16, 8, 8,
&khazad_setup,
&khazad_ecb_encrypt,
&khazad_ecb_decrypt,
&khazad_test,
&khazad_keysize
};
#define R 8
#define KEYSIZE 128
#define KEYSIZEB (KEYSIZE/8)
#define BLOCKSIZE 64
#define BLOCKSIZEB (BLOCKSIZE/8)
static const ulong64 T0[256] = {
CONST64(0xbad3d268bbb96a01), CONST64(0x54fc4d19e59a66b1), CONST64(0x2f71bc93e26514cd), CONST64(0x749ccdb925871b51),
CONST64(0x53f55102f7a257a4), CONST64(0xd3686bb8d0d6be03), CONST64(0xd26b6fbdd6deb504), CONST64(0x4dd72964b35285fe),
CONST64(0x50f05d0dfdba4aad), CONST64(0xace98a26cf09e063), CONST64(0x8d8a0e83091c9684), CONST64(0xbfdcc679a5914d1a),
CONST64(0x7090ddad3da7374d), CONST64(0x52f65507f1aa5ca3), CONST64(0x9ab352c87ba417e1), CONST64(0x4cd42d61b55a8ef9),
CONST64(0xea238f65460320ac), CONST64(0xd56273a6c4e68411), CONST64(0x97a466f155cc68c2), CONST64(0xd16e63b2dcc6a80d),
CONST64(0x3355ccffaa85d099), CONST64(0x51f35908fbb241aa), CONST64(0x5bed712ac7e20f9c), CONST64(0xa6f7a204f359ae55),
CONST64(0xde7f5f81febec120), CONST64(0x48d83d75ad7aa2e5), CONST64(0xa8e59a32d729cc7f), CONST64(0x99b65ec771bc0ae8),
CONST64(0xdb704b90e096e63b), CONST64(0x3256c8faac8ddb9e), CONST64(0xb7c4e65195d11522), CONST64(0xfc19d72b32b3aace),
CONST64(0xe338ab48704b7393), CONST64(0x9ebf42dc63843bfd), CONST64(0x91ae7eef41fc52d0), CONST64(0x9bb056cd7dac1ce6),
CONST64(0xe23baf4d76437894), CONST64(0xbbd0d66dbdb16106), CONST64(0x41c319589b32f1da), CONST64(0x6eb2a5cb7957e517),
CONST64(0xa5f2ae0bf941b35c), CONST64(0xcb400bc08016564b), CONST64(0x6bbdb1da677fc20c), CONST64(0x95a26efb59dc7ecc),
CONST64(0xa1febe1fe1619f40), CONST64(0xf308eb1810cbc3e3), CONST64(0xb1cefe4f81e12f30), CONST64(0x0206080a0c10160e),
CONST64(0xcc4917db922e675e), CONST64(0xc45137f3a26e3f66), CONST64(0x1d2774694ee8cf53), CONST64(0x143c504478a09c6c),
CONST64(0xc3582be8b0560e73), CONST64(0x63a591f2573f9a34), CONST64(0xda734f95e69eed3c), CONST64(0x5de76934d3d2358e),
CONST64(0x5fe1613edfc22380), CONST64(0xdc79578bf2aed72e), CONST64(0x7d87e99413cf486e), CONST64(0xcd4a13de94266c59),
CONST64(0x7f81e19e1fdf5e60), CONST64(0x5aee752fc1ea049b), CONST64(0x6cb4adc17547f319), CONST64(0x5ce46d31d5da3e89),
CONST64(0xf704fb0c08ebefff), CONST64(0x266a98bed42d47f2), CONST64(0xff1cdb2438abb7c7), CONST64(0xed2a937e543b11b9),
CONST64(0xe825876f4a1336a2), CONST64(0x9dba4ed3699c26f4), CONST64(0x6fb1a1ce7f5fee10), CONST64(0x8e8f028c03048b8d),
CONST64(0x192b647d56c8e34f), CONST64(0xa0fdba1ae7699447), CONST64(0xf00de7171ad3deea), CONST64(0x89861e97113cba98),
CONST64(0x0f113c332278692d), CONST64(0x07091c1b12383115), CONST64(0xafec8629c511fd6a), CONST64(0xfb10cb30208b9bdb),
CONST64(0x0818202830405838), CONST64(0x153f54417ea8976b), CONST64(0x0d1734392e687f23), CONST64(0x040c101418202c1c),
CONST64(0x0103040506080b07), CONST64(0x64ac8de94507ab21), CONST64(0xdf7c5b84f8b6ca27), CONST64(0x769ac5b329970d5f),
CONST64(0x798bf9800bef6472), CONST64(0xdd7a538ef4a6dc29), CONST64(0x3d47f4c98ef5b2b3), CONST64(0x163a584e74b08a62),
CONST64(0x3f41fcc382e5a4bd), CONST64(0x3759dcebb2a5fc85), CONST64(0x6db7a9c4734ff81e), CONST64(0x3848e0d890dd95a8),
CONST64(0xb9d6de67b1a17708), CONST64(0x7395d1a237bf2a44), CONST64(0xe926836a4c1b3da5), CONST64(0x355fd4e1beb5ea8b),
CONST64(0x55ff491ce3926db6), CONST64(0x7193d9a83baf3c4a), CONST64(0x7b8df18a07ff727c), CONST64(0x8c890a860f149d83),
CONST64(0x7296d5a731b72143), CONST64(0x88851a921734b19f), CONST64(0xf607ff090ee3e4f8), CONST64(0x2a7ea882fc4d33d6),
CONST64(0x3e42f8c684edafba), CONST64(0x5ee2653bd9ca2887), CONST64(0x27699cbbd2254cf5), CONST64(0x46ca0543890ac0cf),
CONST64(0x0c14303c28607424), CONST64(0x65af89ec430fa026), CONST64(0x68b8bdd56d67df05), CONST64(0x61a399f85b2f8c3a),
CONST64(0x03050c0f0a181d09), CONST64(0xc15e23e2bc46187d), CONST64(0x57f94116ef827bb8), CONST64(0xd6677fa9cefe9918),
CONST64(0xd976439aec86f035), CONST64(0x58e87d25cdfa1295), CONST64(0xd875479fea8efb32), CONST64(0x66aa85e34917bd2f),
CONST64(0xd7647bacc8f6921f), CONST64(0x3a4ee8d29ccd83a6), CONST64(0xc84507cf8a0e4b42), CONST64(0x3c44f0cc88fdb9b4),
CONST64(0xfa13cf35268390dc), CONST64(0x96a762f453c463c5), CONST64(0xa7f4a601f551a552), CONST64(0x98b55ac277b401ef),
CONST64(0xec29977b52331abe), CONST64(0xb8d5da62b7a97c0f), CONST64(0xc7543bfca876226f), CONST64(0xaeef822cc319f66d),
CONST64(0x69bbb9d06b6fd402), CONST64(0x4bdd317aa762bfec), CONST64(0xabe0963ddd31d176), CONST64(0xa9e69e37d121c778),
CONST64(0x67a981e64f1fb628), CONST64(0x0a1e28223c504e36), CONST64(0x47c901468f02cbc8), CONST64(0xf20bef1d16c3c8e4),
CONST64(0xb5c2ee5b99c1032c), CONST64(0x226688aacc0d6bee), CONST64(0xe532b356647b4981), CONST64(0xee2f9f715e230cb0),
CONST64(0xbedfc27ca399461d), CONST64(0x2b7dac87fa4538d1), CONST64(0x819e3ebf217ce2a0), CONST64(0x1236485a6c90a67e),
CONST64(0x839836b52d6cf4ae), CONST64(0x1b2d6c775ad8f541), CONST64(0x0e1238362470622a), CONST64(0x23658cafca0560e9),
CONST64(0xf502f30604fbf9f1), CONST64(0x45cf094c8312ddc6), CONST64(0x216384a5c61576e7), CONST64(0xce4f1fd19e3e7150),
CONST64(0x49db3970ab72a9e2), CONST64(0x2c74b09ce87d09c4), CONST64(0xf916c33a2c9b8dd5), CONST64(0xe637bf596e635488),
CONST64(0xb6c7e25493d91e25), CONST64(0x2878a088f05d25d8), CONST64(0x17395c4b72b88165), CONST64(0x829b32b02b64ffa9),
CONST64(0x1a2e68725cd0fe46), CONST64(0x8b80169d1d2cac96), CONST64(0xfe1fdf213ea3bcc0), CONST64(0x8a8312981b24a791),
CONST64(0x091b242d3648533f), CONST64(0xc94603ca8c064045), CONST64(0x879426a1354cd8b2), CONST64(0x4ed2256bb94a98f7),
CONST64(0xe13ea3427c5b659d), CONST64(0x2e72b896e46d1fca), CONST64(0xe431b75362734286), CONST64(0xe03da7477a536e9a),
CONST64(0xeb208b60400b2bab), CONST64(0x90ad7aea47f459d7), CONST64(0xa4f1aa0eff49b85b), CONST64(0x1e22786644f0d25a),
CONST64(0x85922eab395ccebc), CONST64(0x60a09dfd5d27873d), CONST64(0x0000000000000000), CONST64(0x256f94b1de355afb),
CONST64(0xf401f70302f3f2f6), CONST64(0xf10ee3121cdbd5ed), CONST64(0x94a16afe5fd475cb), CONST64(0x0b1d2c273a584531),
CONST64(0xe734bb5c686b5f8f), CONST64(0x759fc9bc238f1056), CONST64(0xef2c9b74582b07b7), CONST64(0x345cd0e4b8bde18c),
CONST64(0x3153c4f5a695c697), CONST64(0xd46177a3c2ee8f16), CONST64(0xd06d67b7dacea30a), CONST64(0x869722a43344d3b5),
CONST64(0x7e82e59b19d75567), CONST64(0xadea8e23c901eb64), CONST64(0xfd1ad32e34bba1c9), CONST64(0x297ba48df6552edf),
CONST64(0x3050c0f0a09dcd90), CONST64(0x3b4decd79ac588a1), CONST64(0x9fbc46d9658c30fa), CONST64(0xf815c73f2a9386d2),
CONST64(0xc6573ff9ae7e2968), CONST64(0x13354c5f6a98ad79), CONST64(0x060a181e14303a12), CONST64(0x050f14111e28271b),
CONST64(0xc55233f6a4663461), CONST64(0x113344556688bb77), CONST64(0x7799c1b62f9f0658), CONST64(0x7c84ed9115c74369),
CONST64(0x7a8ef58f01f7797b), CONST64(0x7888fd850de76f75), CONST64(0x365ad8eeb4adf782), CONST64(0x1c24706c48e0c454),
CONST64(0x394be4dd96d59eaf), CONST64(0x59eb7920cbf21992), CONST64(0x1828607850c0e848), CONST64(0x56fa4513e98a70bf),
CONST64(0xb3c8f6458df1393e), CONST64(0xb0cdfa4a87e92437), CONST64(0x246c90b4d83d51fc), CONST64(0x206080a0c01d7de0),
CONST64(0xb2cbf2408bf93239), CONST64(0x92ab72e04be44fd9), CONST64(0xa3f8b615ed71894e), CONST64(0xc05d27e7ba4e137a),
CONST64(0x44cc0d49851ad6c1), CONST64(0x62a695f751379133), CONST64(0x103040506080b070), CONST64(0xb4c1ea5e9fc9082b),
CONST64(0x84912aae3f54c5bb), CONST64(0x43c511529722e7d4), CONST64(0x93a876e54dec44de), CONST64(0xc25b2fedb65e0574),
CONST64(0x4ade357fa16ab4eb), CONST64(0xbddace73a9815b14), CONST64(0x8f8c0689050c808a), CONST64(0x2d77b499ee7502c3),
CONST64(0xbcd9ca76af895013), CONST64(0x9cb94ad66f942df3), CONST64(0x6abeb5df6177c90b), CONST64(0x40c01d5d9d3afadd),
CONST64(0xcf4c1bd498367a57), CONST64(0xa2fbb210eb798249), CONST64(0x809d3aba2774e9a7), CONST64(0x4fd1216ebf4293f0),
CONST64(0x1f217c6342f8d95d), CONST64(0xca430fc5861e5d4c), CONST64(0xaae39238db39da71), CONST64(0x42c61557912aecd3),
};
static const ulong64 T1[256] = {
CONST64(0xd3ba68d2b9bb016a), CONST64(0xfc54194d9ae5b166), CONST64(0x712f93bc65e2cd14), CONST64(0x9c74b9cd8725511b),
CONST64(0xf5530251a2f7a457), CONST64(0x68d3b86bd6d003be), CONST64(0x6bd2bd6fded604b5), CONST64(0xd74d642952b3fe85),
CONST64(0xf0500d5dbafdad4a), CONST64(0xe9ac268a09cf63e0), CONST64(0x8a8d830e1c098496), CONST64(0xdcbf79c691a51a4d),
CONST64(0x9070addda73d4d37), CONST64(0xf6520755aaf1a35c), CONST64(0xb39ac852a47be117), CONST64(0xd44c612d5ab5f98e),
CONST64(0x23ea658f0346ac20), CONST64(0x62d5a673e6c41184), CONST64(0xa497f166cc55c268), CONST64(0x6ed1b263c6dc0da8),
CONST64(0x5533ffcc85aa99d0), CONST64(0xf3510859b2fbaa41), CONST64(0xed5b2a71e2c79c0f), CONST64(0xf7a604a259f355ae),
CONST64(0x7fde815fbefe20c1), CONST64(0xd848753d7aade5a2), CONST64(0xe5a8329a29d77fcc), CONST64(0xb699c75ebc71e80a),
CONST64(0x70db904b96e03be6), CONST64(0x5632fac88dac9edb), CONST64(0xc4b751e6d1952215), CONST64(0x19fc2bd7b332ceaa),
CONST64(0x38e348ab4b709373), CONST64(0xbf9edc428463fd3b), CONST64(0xae91ef7efc41d052), CONST64(0xb09bcd56ac7de61c),
CONST64(0x3be24daf43769478), CONST64(0xd0bb6dd6b1bd0661), CONST64(0xc3415819329bdaf1), CONST64(0xb26ecba5577917e5),
CONST64(0xf2a50bae41f95cb3), CONST64(0x40cbc00b16804b56), CONST64(0xbd6bdab17f670cc2), CONST64(0xa295fb6edc59cc7e),
CONST64(0xfea11fbe61e1409f), CONST64(0x08f318ebcb10e3c3), CONST64(0xceb14ffee181302f), CONST64(0x06020a08100c0e16),
CONST64(0x49ccdb172e925e67), CONST64(0x51c4f3376ea2663f), CONST64(0x271d6974e84e53cf), CONST64(0x3c144450a0786c9c),
CONST64(0x58c3e82b56b0730e), CONST64(0xa563f2913f57349a), CONST64(0x73da954f9ee63ced), CONST64(0xe75d3469d2d38e35),
CONST64(0xe15f3e61c2df8023), CONST64(0x79dc8b57aef22ed7), CONST64(0x877d94e9cf136e48), CONST64(0x4acdde132694596c),
CONST64(0x817f9ee1df1f605e), CONST64(0xee5a2f75eac19b04), CONST64(0xb46cc1ad477519f3), CONST64(0xe45c316ddad5893e),
CONST64(0x04f70cfbeb08ffef), CONST64(0x6a26be982dd4f247), CONST64(0x1cff24dbab38c7b7), CONST64(0x2aed7e933b54b911),
CONST64(0x25e86f87134aa236), CONST64(0xba9dd34e9c69f426), CONST64(0xb16fcea15f7f10ee), CONST64(0x8f8e8c0204038d8b),
CONST64(0x2b197d64c8564fe3), CONST64(0xfda01aba69e74794), CONST64(0x0df017e7d31aeade), CONST64(0x8689971e3c1198ba),
CONST64(0x110f333c78222d69), CONST64(0x09071b1c38121531), CONST64(0xecaf298611c56afd), CONST64(0x10fb30cb8b20db9b),
CONST64(0x1808282040303858), CONST64(0x3f154154a87e6b97), CONST64(0x170d3934682e237f), CONST64(0x0c04141020181c2c),
CONST64(0x030105040806070b), CONST64(0xac64e98d074521ab), CONST64(0x7cdf845bb6f827ca), CONST64(0x9a76b3c597295f0d),
CONST64(0x8b7980f9ef0b7264), CONST64(0x7add8e53a6f429dc), CONST64(0x473dc9f4f58eb3b2), CONST64(0x3a164e58b074628a),
CONST64(0x413fc3fce582bda4), CONST64(0x5937ebdca5b285fc), CONST64(0xb76dc4a94f731ef8), CONST64(0x4838d8e0dd90a895),
CONST64(0xd6b967dea1b10877), CONST64(0x9573a2d1bf37442a), CONST64(0x26e96a831b4ca53d), CONST64(0x5f35e1d4b5be8bea),
CONST64(0xff551c4992e3b66d), CONST64(0x9371a8d9af3b4a3c), CONST64(0x8d7b8af1ff077c72), CONST64(0x898c860a140f839d),
CONST64(0x9672a7d5b7314321), CONST64(0x8588921a34179fb1), CONST64(0x07f609ffe30ef8e4), CONST64(0x7e2a82a84dfcd633),
CONST64(0x423ec6f8ed84baaf), CONST64(0xe25e3b65cad98728), CONST64(0x6927bb9c25d2f54c), CONST64(0xca4643050a89cfc0),
CONST64(0x140c3c3060282474), CONST64(0xaf65ec890f4326a0), CONST64(0xb868d5bd676d05df), CONST64(0xa361f8992f5b3a8c),
CONST64(0x05030f0c180a091d), CONST64(0x5ec1e22346bc7d18), CONST64(0xf957164182efb87b), CONST64(0x67d6a97ffece1899),
CONST64(0x76d99a4386ec35f0), CONST64(0xe858257dfacd9512), CONST64(0x75d89f478eea32fb), CONST64(0xaa66e38517492fbd),
CONST64(0x64d7ac7bf6c81f92), CONST64(0x4e3ad2e8cd9ca683), CONST64(0x45c8cf070e8a424b), CONST64(0x443cccf0fd88b4b9),
CONST64(0x13fa35cf8326dc90), CONST64(0xa796f462c453c563), CONST64(0xf4a701a651f552a5), CONST64(0xb598c25ab477ef01),
CONST64(0x29ec7b973352be1a), CONST64(0xd5b862daa9b70f7c), CONST64(0x54c7fc3b76a86f22), CONST64(0xefae2c8219c36df6),
CONST64(0xbb69d0b96f6b02d4), CONST64(0xdd4b7a3162a7ecbf), CONST64(0xe0ab3d9631dd76d1), CONST64(0xe6a9379e21d178c7),
CONST64(0xa967e6811f4f28b6), CONST64(0x1e0a2228503c364e), CONST64(0xc9474601028fc8cb), CONST64(0x0bf21defc316e4c8),
CONST64(0xc2b55beec1992c03), CONST64(0x6622aa880dccee6b), CONST64(0x32e556b37b648149), CONST64(0x2fee719f235eb00c),
CONST64(0xdfbe7cc299a31d46), CONST64(0x7d2b87ac45fad138), CONST64(0x9e81bf3e7c21a0e2), CONST64(0x36125a48906c7ea6),
CONST64(0x9883b5366c2daef4), CONST64(0x2d1b776cd85a41f5), CONST64(0x120e363870242a62), CONST64(0x6523af8c05cae960),
CONST64(0x02f506f3fb04f1f9), CONST64(0xcf454c091283c6dd), CONST64(0x6321a58415c6e776), CONST64(0x4fced11f3e9e5071),
CONST64(0xdb49703972abe2a9), CONST64(0x742c9cb07de8c409), CONST64(0x16f93ac39b2cd58d), CONST64(0x37e659bf636e8854),
CONST64(0xc7b654e2d993251e), CONST64(0x782888a05df0d825), CONST64(0x39174b5cb8726581), CONST64(0x9b82b032642ba9ff),
CONST64(0x2e1a7268d05c46fe), CONST64(0x808b9d162c1d96ac), CONST64(0x1ffe21dfa33ec0bc), CONST64(0x838a9812241b91a7),
CONST64(0x1b092d2448363f53), CONST64(0x46c9ca03068c4540), CONST64(0x9487a1264c35b2d8), CONST64(0xd24e6b254ab9f798),
CONST64(0x3ee142a35b7c9d65), CONST64(0x722e96b86de4ca1f), CONST64(0x31e453b773628642), CONST64(0x3de047a7537a9a6e),
CONST64(0x20eb608b0b40ab2b), CONST64(0xad90ea7af447d759), CONST64(0xf1a40eaa49ff5bb8), CONST64(0x221e6678f0445ad2),
CONST64(0x9285ab2e5c39bcce), CONST64(0xa060fd9d275d3d87), CONST64(0x0000000000000000), CONST64(0x6f25b19435defb5a),
CONST64(0x01f403f7f302f6f2), CONST64(0x0ef112e3db1cedd5), CONST64(0xa194fe6ad45fcb75), CONST64(0x1d0b272c583a3145),
CONST64(0x34e75cbb6b688f5f), CONST64(0x9f75bcc98f235610), CONST64(0x2cef749b2b58b707), CONST64(0x5c34e4d0bdb88ce1),
CONST64(0x5331f5c495a697c6), CONST64(0x61d4a377eec2168f), CONST64(0x6dd0b767ceda0aa3), CONST64(0x9786a4224433b5d3),
CONST64(0x827e9be5d7196755), CONST64(0xeaad238e01c964eb), CONST64(0x1afd2ed3bb34c9a1), CONST64(0x7b298da455f6df2e),
CONST64(0x5030f0c09da090cd), CONST64(0x4d3bd7ecc59aa188), CONST64(0xbc9fd9468c65fa30), CONST64(0x15f83fc7932ad286),
CONST64(0x57c6f93f7eae6829), CONST64(0x35135f4c986a79ad), CONST64(0x0a061e183014123a), CONST64(0x0f051114281e1b27),
CONST64(0x52c5f63366a46134), CONST64(0x33115544886677bb), CONST64(0x9977b6c19f2f5806), CONST64(0x847c91edc7156943),
CONST64(0x8e7a8ff5f7017b79), CONST64(0x887885fde70d756f), CONST64(0x5a36eed8adb482f7), CONST64(0x241c6c70e04854c4),
CONST64(0x4b39dde4d596af9e), CONST64(0xeb592079f2cb9219), CONST64(0x28187860c05048e8), CONST64(0xfa5613458ae9bf70),
CONST64(0xc8b345f6f18d3e39), CONST64(0xcdb04afae9873724), CONST64(0x6c24b4903dd8fc51), CONST64(0x6020a0801dc0e07d),
CONST64(0xcbb240f2f98b3932), CONST64(0xab92e072e44bd94f), CONST64(0xf8a315b671ed4e89), CONST64(0x5dc0e7274eba7a13),
CONST64(0xcc44490d1a85c1d6), CONST64(0xa662f79537513391), CONST64(0x30105040806070b0), CONST64(0xc1b45eeac99f2b08),
CONST64(0x9184ae2a543fbbc5), CONST64(0xc54352112297d4e7), CONST64(0xa893e576ec4dde44), CONST64(0x5bc2ed2f5eb67405),
CONST64(0xde4a7f356aa1ebb4), CONST64(0xdabd73ce81a9145b), CONST64(0x8c8f89060c058a80), CONST64(0x772d99b475eec302),
CONST64(0xd9bc76ca89af1350), CONST64(0xb99cd64a946ff32d), CONST64(0xbe6adfb577610bc9), CONST64(0xc0405d1d3a9dddfa),
CONST64(0x4ccfd41b3698577a), CONST64(0xfba210b279eb4982), CONST64(0x9d80ba3a7427a7e9), CONST64(0xd14f6e2142bff093),
CONST64(0x211f637cf8425dd9), CONST64(0x43cac50f1e864c5d), CONST64(0xe3aa389239db71da), CONST64(0xc64257152a91d3ec),
};
static const ulong64 T2[256] = {
CONST64(0xd268bad36a01bbb9), CONST64(0x4d1954fc66b1e59a), CONST64(0xbc932f7114cde265), CONST64(0xcdb9749c1b512587),
CONST64(0x510253f557a4f7a2), CONST64(0x6bb8d368be03d0d6), CONST64(0x6fbdd26bb504d6de), CONST64(0x29644dd785feb352),
CONST64(0x5d0d50f04aadfdba), CONST64(0x8a26ace9e063cf09), CONST64(0x0e838d8a9684091c), CONST64(0xc679bfdc4d1aa591),
CONST64(0xddad7090374d3da7), CONST64(0x550752f65ca3f1aa), CONST64(0x52c89ab317e17ba4), CONST64(0x2d614cd48ef9b55a),
CONST64(0x8f65ea2320ac4603), CONST64(0x73a6d5628411c4e6), CONST64(0x66f197a468c255cc), CONST64(0x63b2d16ea80ddcc6),
CONST64(0xccff3355d099aa85), CONST64(0x590851f341aafbb2), CONST64(0x712a5bed0f9cc7e2), CONST64(0xa204a6f7ae55f359),
CONST64(0x5f81de7fc120febe), CONST64(0x3d7548d8a2e5ad7a), CONST64(0x9a32a8e5cc7fd729), CONST64(0x5ec799b60ae871bc),
CONST64(0x4b90db70e63be096), CONST64(0xc8fa3256db9eac8d), CONST64(0xe651b7c4152295d1), CONST64(0xd72bfc19aace32b3),
CONST64(0xab48e3387393704b), CONST64(0x42dc9ebf3bfd6384), CONST64(0x7eef91ae52d041fc), CONST64(0x56cd9bb01ce67dac),
CONST64(0xaf4de23b78947643), CONST64(0xd66dbbd06106bdb1), CONST64(0x195841c3f1da9b32), CONST64(0xa5cb6eb2e5177957),
CONST64(0xae0ba5f2b35cf941), CONST64(0x0bc0cb40564b8016), CONST64(0xb1da6bbdc20c677f), CONST64(0x6efb95a27ecc59dc),
CONST64(0xbe1fa1fe9f40e161), CONST64(0xeb18f308c3e310cb), CONST64(0xfe4fb1ce2f3081e1), CONST64(0x080a0206160e0c10),
CONST64(0x17dbcc49675e922e), CONST64(0x37f3c4513f66a26e), CONST64(0x74691d27cf534ee8), CONST64(0x5044143c9c6c78a0),
CONST64(0x2be8c3580e73b056), CONST64(0x91f263a59a34573f), CONST64(0x4f95da73ed3ce69e), CONST64(0x69345de7358ed3d2),
CONST64(0x613e5fe12380dfc2), CONST64(0x578bdc79d72ef2ae), CONST64(0xe9947d87486e13cf), CONST64(0x13decd4a6c599426),
CONST64(0xe19e7f815e601fdf), CONST64(0x752f5aee049bc1ea), CONST64(0xadc16cb4f3197547), CONST64(0x6d315ce43e89d5da),
CONST64(0xfb0cf704efff08eb), CONST64(0x98be266a47f2d42d), CONST64(0xdb24ff1cb7c738ab), CONST64(0x937eed2a11b9543b),
CONST64(0x876fe82536a24a13), CONST64(0x4ed39dba26f4699c), CONST64(0xa1ce6fb1ee107f5f), CONST64(0x028c8e8f8b8d0304),
CONST64(0x647d192be34f56c8), CONST64(0xba1aa0fd9447e769), CONST64(0xe717f00ddeea1ad3), CONST64(0x1e978986ba98113c),
CONST64(0x3c330f11692d2278), CONST64(0x1c1b070931151238), CONST64(0x8629afecfd6ac511), CONST64(0xcb30fb109bdb208b),
CONST64(0x2028081858383040), CONST64(0x5441153f976b7ea8), CONST64(0x34390d177f232e68), CONST64(0x1014040c2c1c1820),
CONST64(0x040501030b070608), CONST64(0x8de964acab214507), CONST64(0x5b84df7cca27f8b6), CONST64(0xc5b3769a0d5f2997),
CONST64(0xf980798b64720bef), CONST64(0x538edd7adc29f4a6), CONST64(0xf4c93d47b2b38ef5), CONST64(0x584e163a8a6274b0),
CONST64(0xfcc33f41a4bd82e5), CONST64(0xdceb3759fc85b2a5), CONST64(0xa9c46db7f81e734f), CONST64(0xe0d8384895a890dd),
CONST64(0xde67b9d67708b1a1), CONST64(0xd1a273952a4437bf), CONST64(0x836ae9263da54c1b), CONST64(0xd4e1355fea8bbeb5),
CONST64(0x491c55ff6db6e392), CONST64(0xd9a871933c4a3baf), CONST64(0xf18a7b8d727c07ff), CONST64(0x0a868c899d830f14),
CONST64(0xd5a77296214331b7), CONST64(0x1a928885b19f1734), CONST64(0xff09f607e4f80ee3), CONST64(0xa8822a7e33d6fc4d),
CONST64(0xf8c63e42afba84ed), CONST64(0x653b5ee22887d9ca), CONST64(0x9cbb27694cf5d225), CONST64(0x054346cac0cf890a),
CONST64(0x303c0c1474242860), CONST64(0x89ec65afa026430f), CONST64(0xbdd568b8df056d67), CONST64(0x99f861a38c3a5b2f),
CONST64(0x0c0f03051d090a18), CONST64(0x23e2c15e187dbc46), CONST64(0x411657f97bb8ef82), CONST64(0x7fa9d6679918cefe),
CONST64(0x439ad976f035ec86), CONST64(0x7d2558e81295cdfa), CONST64(0x479fd875fb32ea8e), CONST64(0x85e366aabd2f4917),
CONST64(0x7bacd764921fc8f6), CONST64(0xe8d23a4e83a69ccd), CONST64(0x07cfc8454b428a0e), CONST64(0xf0cc3c44b9b488fd),
CONST64(0xcf35fa1390dc2683), CONST64(0x62f496a763c553c4), CONST64(0xa601a7f4a552f551), CONST64(0x5ac298b501ef77b4),
CONST64(0x977bec291abe5233), CONST64(0xda62b8d57c0fb7a9), CONST64(0x3bfcc754226fa876), CONST64(0x822caeeff66dc319),
CONST64(0xb9d069bbd4026b6f), CONST64(0x317a4bddbfeca762), CONST64(0x963dabe0d176dd31), CONST64(0x9e37a9e6c778d121),
CONST64(0x81e667a9b6284f1f), CONST64(0x28220a1e4e363c50), CONST64(0x014647c9cbc88f02), CONST64(0xef1df20bc8e416c3),
CONST64(0xee5bb5c2032c99c1), CONST64(0x88aa22666beecc0d), CONST64(0xb356e5324981647b), CONST64(0x9f71ee2f0cb05e23),
CONST64(0xc27cbedf461da399), CONST64(0xac872b7d38d1fa45), CONST64(0x3ebf819ee2a0217c), CONST64(0x485a1236a67e6c90),
CONST64(0x36b58398f4ae2d6c), CONST64(0x6c771b2df5415ad8), CONST64(0x38360e12622a2470), CONST64(0x8caf236560e9ca05),
CONST64(0xf306f502f9f104fb), CONST64(0x094c45cfddc68312), CONST64(0x84a5216376e7c615), CONST64(0x1fd1ce4f71509e3e),
CONST64(0x397049dba9e2ab72), CONST64(0xb09c2c7409c4e87d), CONST64(0xc33af9168dd52c9b), CONST64(0xbf59e63754886e63),
CONST64(0xe254b6c71e2593d9), CONST64(0xa088287825d8f05d), CONST64(0x5c4b1739816572b8), CONST64(0x32b0829bffa92b64),
CONST64(0x68721a2efe465cd0), CONST64(0x169d8b80ac961d2c), CONST64(0xdf21fe1fbcc03ea3), CONST64(0x12988a83a7911b24),
CONST64(0x242d091b533f3648), CONST64(0x03cac94640458c06), CONST64(0x26a18794d8b2354c), CONST64(0x256b4ed298f7b94a),
CONST64(0xa342e13e659d7c5b), CONST64(0xb8962e721fcae46d), CONST64(0xb753e43142866273), CONST64(0xa747e03d6e9a7a53),
CONST64(0x8b60eb202bab400b), CONST64(0x7aea90ad59d747f4), CONST64(0xaa0ea4f1b85bff49), CONST64(0x78661e22d25a44f0),
CONST64(0x2eab8592cebc395c), CONST64(0x9dfd60a0873d5d27), CONST64(0x0000000000000000), CONST64(0x94b1256f5afbde35),
CONST64(0xf703f401f2f602f3), CONST64(0xe312f10ed5ed1cdb), CONST64(0x6afe94a175cb5fd4), CONST64(0x2c270b1d45313a58),
CONST64(0xbb5ce7345f8f686b), CONST64(0xc9bc759f1056238f), CONST64(0x9b74ef2c07b7582b), CONST64(0xd0e4345ce18cb8bd),
CONST64(0xc4f53153c697a695), CONST64(0x77a3d4618f16c2ee), CONST64(0x67b7d06da30adace), CONST64(0x22a48697d3b53344),
CONST64(0xe59b7e82556719d7), CONST64(0x8e23adeaeb64c901), CONST64(0xd32efd1aa1c934bb), CONST64(0xa48d297b2edff655),
CONST64(0xc0f03050cd90a09d), CONST64(0xecd73b4d88a19ac5), CONST64(0x46d99fbc30fa658c), CONST64(0xc73ff81586d22a93),
CONST64(0x3ff9c6572968ae7e), CONST64(0x4c5f1335ad796a98), CONST64(0x181e060a3a121430), CONST64(0x1411050f271b1e28),
CONST64(0x33f6c5523461a466), CONST64(0x44551133bb776688), CONST64(0xc1b6779906582f9f), CONST64(0xed917c84436915c7),
CONST64(0xf58f7a8e797b01f7), CONST64(0xfd8578886f750de7), CONST64(0xd8ee365af782b4ad), CONST64(0x706c1c24c45448e0),
CONST64(0xe4dd394b9eaf96d5), CONST64(0x792059eb1992cbf2), CONST64(0x60781828e84850c0), CONST64(0x451356fa70bfe98a),
CONST64(0xf645b3c8393e8df1), CONST64(0xfa4ab0cd243787e9), CONST64(0x90b4246c51fcd83d), CONST64(0x80a020607de0c01d),
CONST64(0xf240b2cb32398bf9), CONST64(0x72e092ab4fd94be4), CONST64(0xb615a3f8894eed71), CONST64(0x27e7c05d137aba4e),
CONST64(0x0d4944ccd6c1851a), CONST64(0x95f762a691335137), CONST64(0x40501030b0706080), CONST64(0xea5eb4c1082b9fc9),
CONST64(0x2aae8491c5bb3f54), CONST64(0x115243c5e7d49722), CONST64(0x76e593a844de4dec), CONST64(0x2fedc25b0574b65e),
CONST64(0x357f4adeb4eba16a), CONST64(0xce73bdda5b14a981), CONST64(0x06898f8c808a050c), CONST64(0xb4992d7702c3ee75),
CONST64(0xca76bcd95013af89), CONST64(0x4ad69cb92df36f94), CONST64(0xb5df6abec90b6177), CONST64(0x1d5d40c0fadd9d3a),
CONST64(0x1bd4cf4c7a579836), CONST64(0xb210a2fb8249eb79), CONST64(0x3aba809de9a72774), CONST64(0x216e4fd193f0bf42),
CONST64(0x7c631f21d95d42f8), CONST64(0x0fc5ca435d4c861e), CONST64(0x9238aae3da71db39), CONST64(0x155742c6ecd3912a),
};
static const ulong64 T3[256] = {
CONST64(0x68d2d3ba016ab9bb), CONST64(0x194dfc54b1669ae5), CONST64(0x93bc712fcd1465e2), CONST64(0xb9cd9c74511b8725),
CONST64(0x0251f553a457a2f7), CONST64(0xb86b68d303bed6d0), CONST64(0xbd6f6bd204b5ded6), CONST64(0x6429d74dfe8552b3),
CONST64(0x0d5df050ad4abafd), CONST64(0x268ae9ac63e009cf), CONST64(0x830e8a8d84961c09), CONST64(0x79c6dcbf1a4d91a5),
CONST64(0xaddd90704d37a73d), CONST64(0x0755f652a35caaf1), CONST64(0xc852b39ae117a47b), CONST64(0x612dd44cf98e5ab5),
CONST64(0x658f23eaac200346), CONST64(0xa67362d51184e6c4), CONST64(0xf166a497c268cc55), CONST64(0xb2636ed10da8c6dc),
CONST64(0xffcc553399d085aa), CONST64(0x0859f351aa41b2fb), CONST64(0x2a71ed5b9c0fe2c7), CONST64(0x04a2f7a655ae59f3),
CONST64(0x815f7fde20c1befe), CONST64(0x753dd848e5a27aad), CONST64(0x329ae5a87fcc29d7), CONST64(0xc75eb699e80abc71),
CONST64(0x904b70db3be696e0), CONST64(0xfac856329edb8dac), CONST64(0x51e6c4b72215d195), CONST64(0x2bd719fcceaab332),
CONST64(0x48ab38e393734b70), CONST64(0xdc42bf9efd3b8463), CONST64(0xef7eae91d052fc41), CONST64(0xcd56b09be61cac7d),
CONST64(0x4daf3be294784376), CONST64(0x6dd6d0bb0661b1bd), CONST64(0x5819c341daf1329b), CONST64(0xcba5b26e17e55779),
CONST64(0x0baef2a55cb341f9), CONST64(0xc00b40cb4b561680), CONST64(0xdab1bd6b0cc27f67), CONST64(0xfb6ea295cc7edc59),
CONST64(0x1fbefea1409f61e1), CONST64(0x18eb08f3e3c3cb10), CONST64(0x4ffeceb1302fe181), CONST64(0x0a0806020e16100c),
CONST64(0xdb1749cc5e672e92), CONST64(0xf33751c4663f6ea2), CONST64(0x6974271d53cfe84e), CONST64(0x44503c146c9ca078),
CONST64(0xe82b58c3730e56b0), CONST64(0xf291a563349a3f57), CONST64(0x954f73da3ced9ee6), CONST64(0x3469e75d8e35d2d3),
CONST64(0x3e61e15f8023c2df), CONST64(0x8b5779dc2ed7aef2), CONST64(0x94e9877d6e48cf13), CONST64(0xde134acd596c2694),
CONST64(0x9ee1817f605edf1f), CONST64(0x2f75ee5a9b04eac1), CONST64(0xc1adb46c19f34775), CONST64(0x316de45c893edad5),
CONST64(0x0cfb04f7ffefeb08), CONST64(0xbe986a26f2472dd4), CONST64(0x24db1cffc7b7ab38), CONST64(0x7e932aedb9113b54),
CONST64(0x6f8725e8a236134a), CONST64(0xd34eba9df4269c69), CONST64(0xcea1b16f10ee5f7f), CONST64(0x8c028f8e8d8b0403),
CONST64(0x7d642b194fe3c856), CONST64(0x1abafda0479469e7), CONST64(0x17e70df0eaded31a), CONST64(0x971e868998ba3c11),
CONST64(0x333c110f2d697822), CONST64(0x1b1c090715313812), CONST64(0x2986ecaf6afd11c5), CONST64(0x30cb10fbdb9b8b20),
CONST64(0x2820180838584030), CONST64(0x41543f156b97a87e), CONST64(0x3934170d237f682e), CONST64(0x14100c041c2c2018),
CONST64(0x05040301070b0806), CONST64(0xe98dac6421ab0745), CONST64(0x845b7cdf27cab6f8), CONST64(0xb3c59a765f0d9729),
CONST64(0x80f98b797264ef0b), CONST64(0x8e537add29dca6f4), CONST64(0xc9f4473db3b2f58e), CONST64(0x4e583a16628ab074),
CONST64(0xc3fc413fbda4e582), CONST64(0xebdc593785fca5b2), CONST64(0xc4a9b76d1ef84f73), CONST64(0xd8e04838a895dd90),
CONST64(0x67ded6b90877a1b1), CONST64(0xa2d19573442abf37), CONST64(0x6a8326e9a53d1b4c), CONST64(0xe1d45f358beab5be),
CONST64(0x1c49ff55b66d92e3), CONST64(0xa8d993714a3caf3b), CONST64(0x8af18d7b7c72ff07), CONST64(0x860a898c839d140f),
CONST64(0xa7d596724321b731), CONST64(0x921a85889fb13417), CONST64(0x09ff07f6f8e4e30e), CONST64(0x82a87e2ad6334dfc),
CONST64(0xc6f8423ebaafed84), CONST64(0x3b65e25e8728cad9), CONST64(0xbb9c6927f54c25d2), CONST64(0x4305ca46cfc00a89),
CONST64(0x3c30140c24746028), CONST64(0xec89af6526a00f43), CONST64(0xd5bdb86805df676d), CONST64(0xf899a3613a8c2f5b),
CONST64(0x0f0c0503091d180a), CONST64(0xe2235ec17d1846bc), CONST64(0x1641f957b87b82ef), CONST64(0xa97f67d61899fece),
CONST64(0x9a4376d935f086ec), CONST64(0x257de8589512facd), CONST64(0x9f4775d832fb8eea), CONST64(0xe385aa662fbd1749),
CONST64(0xac7b64d71f92f6c8), CONST64(0xd2e84e3aa683cd9c), CONST64(0xcf0745c8424b0e8a), CONST64(0xccf0443cb4b9fd88),
CONST64(0x35cf13fadc908326), CONST64(0xf462a796c563c453), CONST64(0x01a6f4a752a551f5), CONST64(0xc25ab598ef01b477),
CONST64(0x7b9729ecbe1a3352), CONST64(0x62dad5b80f7ca9b7), CONST64(0xfc3b54c76f2276a8), CONST64(0x2c82efae6df619c3),
CONST64(0xd0b9bb6902d46f6b), CONST64(0x7a31dd4becbf62a7), CONST64(0x3d96e0ab76d131dd), CONST64(0x379ee6a978c721d1),
CONST64(0xe681a96728b61f4f), CONST64(0x22281e0a364e503c), CONST64(0x4601c947c8cb028f), CONST64(0x1def0bf2e4c8c316),
CONST64(0x5beec2b52c03c199), CONST64(0xaa886622ee6b0dcc), CONST64(0x56b332e581497b64), CONST64(0x719f2feeb00c235e),
CONST64(0x7cc2dfbe1d4699a3), CONST64(0x87ac7d2bd13845fa), CONST64(0xbf3e9e81a0e27c21), CONST64(0x5a4836127ea6906c),
CONST64(0xb5369883aef46c2d), CONST64(0x776c2d1b41f5d85a), CONST64(0x3638120e2a627024), CONST64(0xaf8c6523e96005ca),
CONST64(0x06f302f5f1f9fb04), CONST64(0x4c09cf45c6dd1283), CONST64(0xa5846321e77615c6), CONST64(0xd11f4fce50713e9e),
CONST64(0x7039db49e2a972ab), CONST64(0x9cb0742cc4097de8), CONST64(0x3ac316f9d58d9b2c), CONST64(0x59bf37e68854636e),
CONST64(0x54e2c7b6251ed993), CONST64(0x88a07828d8255df0), CONST64(0x4b5c39176581b872), CONST64(0xb0329b82a9ff642b),
CONST64(0x72682e1a46fed05c), CONST64(0x9d16808b96ac2c1d), CONST64(0x21df1ffec0bca33e), CONST64(0x9812838a91a7241b),
CONST64(0x2d241b093f534836), CONST64(0xca0346c94540068c), CONST64(0xa1269487b2d84c35), CONST64(0x6b25d24ef7984ab9),
CONST64(0x42a33ee19d655b7c), CONST64(0x96b8722eca1f6de4), CONST64(0x53b731e486427362), CONST64(0x47a73de09a6e537a),
CONST64(0x608b20ebab2b0b40), CONST64(0xea7aad90d759f447), CONST64(0x0eaaf1a45bb849ff), CONST64(0x6678221e5ad2f044),
CONST64(0xab2e9285bcce5c39), CONST64(0xfd9da0603d87275d), CONST64(0x0000000000000000), CONST64(0xb1946f25fb5a35de),
CONST64(0x03f701f4f6f2f302), CONST64(0x12e30ef1edd5db1c), CONST64(0xfe6aa194cb75d45f), CONST64(0x272c1d0b3145583a),
CONST64(0x5cbb34e78f5f6b68), CONST64(0xbcc99f7556108f23), CONST64(0x749b2cefb7072b58), CONST64(0xe4d05c348ce1bdb8),
CONST64(0xf5c4533197c695a6), CONST64(0xa37761d4168feec2), CONST64(0xb7676dd00aa3ceda), CONST64(0xa4229786b5d34433),
CONST64(0x9be5827e6755d719), CONST64(0x238eeaad64eb01c9), CONST64(0x2ed31afdc9a1bb34), CONST64(0x8da47b29df2e55f6),
CONST64(0xf0c0503090cd9da0), CONST64(0xd7ec4d3ba188c59a), CONST64(0xd946bc9ffa308c65), CONST64(0x3fc715f8d286932a),
CONST64(0xf93f57c668297eae), CONST64(0x5f4c351379ad986a), CONST64(0x1e180a06123a3014), CONST64(0x11140f051b27281e),
CONST64(0xf63352c5613466a4), CONST64(0x5544331177bb8866), CONST64(0xb6c1997758069f2f), CONST64(0x91ed847c6943c715),
CONST64(0x8ff58e7a7b79f701), CONST64(0x85fd8878756fe70d), CONST64(0xeed85a3682f7adb4), CONST64(0x6c70241c54c4e048),
CONST64(0xdde44b39af9ed596), CONST64(0x2079eb599219f2cb), CONST64(0x7860281848e8c050), CONST64(0x1345fa56bf708ae9),
CONST64(0x45f6c8b33e39f18d), CONST64(0x4afacdb03724e987), CONST64(0xb4906c24fc513dd8), CONST64(0xa0806020e07d1dc0),
CONST64(0x40f2cbb23932f98b), CONST64(0xe072ab92d94fe44b), CONST64(0x15b6f8a34e8971ed), CONST64(0xe7275dc07a134eba),
CONST64(0x490dcc44c1d61a85), CONST64(0xf795a66233913751), CONST64(0x5040301070b08060), CONST64(0x5eeac1b42b08c99f),
CONST64(0xae2a9184bbc5543f), CONST64(0x5211c543d4e72297), CONST64(0xe576a893de44ec4d), CONST64(0xed2f5bc274055eb6),
CONST64(0x7f35de4aebb46aa1), CONST64(0x73cedabd145b81a9), CONST64(0x89068c8f8a800c05), CONST64(0x99b4772dc30275ee),
CONST64(0x76cad9bc135089af), CONST64(0xd64ab99cf32d946f), CONST64(0xdfb5be6a0bc97761), CONST64(0x5d1dc040ddfa3a9d),
CONST64(0xd41b4ccf577a3698), CONST64(0x10b2fba2498279eb), CONST64(0xba3a9d80a7e97427), CONST64(0x6e21d14ff09342bf),
CONST64(0x637c211f5dd9f842), CONST64(0xc50f43ca4c5d1e86), CONST64(0x3892e3aa71da39db), CONST64(0x5715c642d3ec2a91),
};
static const ulong64 T4[256] = {
CONST64(0xbbb96a01bad3d268), CONST64(0xe59a66b154fc4d19), CONST64(0xe26514cd2f71bc93), CONST64(0x25871b51749ccdb9),
CONST64(0xf7a257a453f55102), CONST64(0xd0d6be03d3686bb8), CONST64(0xd6deb504d26b6fbd), CONST64(0xb35285fe4dd72964),
CONST64(0xfdba4aad50f05d0d), CONST64(0xcf09e063ace98a26), CONST64(0x091c96848d8a0e83), CONST64(0xa5914d1abfdcc679),
CONST64(0x3da7374d7090ddad), CONST64(0xf1aa5ca352f65507), CONST64(0x7ba417e19ab352c8), CONST64(0xb55a8ef94cd42d61),
CONST64(0x460320acea238f65), CONST64(0xc4e68411d56273a6), CONST64(0x55cc68c297a466f1), CONST64(0xdcc6a80dd16e63b2),
CONST64(0xaa85d0993355ccff), CONST64(0xfbb241aa51f35908), CONST64(0xc7e20f9c5bed712a), CONST64(0xf359ae55a6f7a204),
CONST64(0xfebec120de7f5f81), CONST64(0xad7aa2e548d83d75), CONST64(0xd729cc7fa8e59a32), CONST64(0x71bc0ae899b65ec7),
CONST64(0xe096e63bdb704b90), CONST64(0xac8ddb9e3256c8fa), CONST64(0x95d11522b7c4e651), CONST64(0x32b3aacefc19d72b),
CONST64(0x704b7393e338ab48), CONST64(0x63843bfd9ebf42dc), CONST64(0x41fc52d091ae7eef), CONST64(0x7dac1ce69bb056cd),
CONST64(0x76437894e23baf4d), CONST64(0xbdb16106bbd0d66d), CONST64(0x9b32f1da41c31958), CONST64(0x7957e5176eb2a5cb),
CONST64(0xf941b35ca5f2ae0b), CONST64(0x8016564bcb400bc0), CONST64(0x677fc20c6bbdb1da), CONST64(0x59dc7ecc95a26efb),
CONST64(0xe1619f40a1febe1f), CONST64(0x10cbc3e3f308eb18), CONST64(0x81e12f30b1cefe4f), CONST64(0x0c10160e0206080a),
CONST64(0x922e675ecc4917db), CONST64(0xa26e3f66c45137f3), CONST64(0x4ee8cf531d277469), CONST64(0x78a09c6c143c5044),
CONST64(0xb0560e73c3582be8), CONST64(0x573f9a3463a591f2), CONST64(0xe69eed3cda734f95), CONST64(0xd3d2358e5de76934),
CONST64(0xdfc223805fe1613e), CONST64(0xf2aed72edc79578b), CONST64(0x13cf486e7d87e994), CONST64(0x94266c59cd4a13de),
CONST64(0x1fdf5e607f81e19e), CONST64(0xc1ea049b5aee752f), CONST64(0x7547f3196cb4adc1), CONST64(0xd5da3e895ce46d31),
CONST64(0x08ebeffff704fb0c), CONST64(0xd42d47f2266a98be), CONST64(0x38abb7c7ff1cdb24), CONST64(0x543b11b9ed2a937e),
CONST64(0x4a1336a2e825876f), CONST64(0x699c26f49dba4ed3), CONST64(0x7f5fee106fb1a1ce), CONST64(0x03048b8d8e8f028c),
CONST64(0x56c8e34f192b647d), CONST64(0xe7699447a0fdba1a), CONST64(0x1ad3deeaf00de717), CONST64(0x113cba9889861e97),
CONST64(0x2278692d0f113c33), CONST64(0x1238311507091c1b), CONST64(0xc511fd6aafec8629), CONST64(0x208b9bdbfb10cb30),
CONST64(0x3040583808182028), CONST64(0x7ea8976b153f5441), CONST64(0x2e687f230d173439), CONST64(0x18202c1c040c1014),
CONST64(0x06080b0701030405), CONST64(0x4507ab2164ac8de9), CONST64(0xf8b6ca27df7c5b84), CONST64(0x29970d5f769ac5b3),
CONST64(0x0bef6472798bf980), CONST64(0xf4a6dc29dd7a538e), CONST64(0x8ef5b2b33d47f4c9), CONST64(0x74b08a62163a584e),
CONST64(0x82e5a4bd3f41fcc3), CONST64(0xb2a5fc853759dceb), CONST64(0x734ff81e6db7a9c4), CONST64(0x90dd95a83848e0d8),
CONST64(0xb1a17708b9d6de67), CONST64(0x37bf2a447395d1a2), CONST64(0x4c1b3da5e926836a), CONST64(0xbeb5ea8b355fd4e1),
CONST64(0xe3926db655ff491c), CONST64(0x3baf3c4a7193d9a8), CONST64(0x07ff727c7b8df18a), CONST64(0x0f149d838c890a86),
CONST64(0x31b721437296d5a7), CONST64(0x1734b19f88851a92), CONST64(0x0ee3e4f8f607ff09), CONST64(0xfc4d33d62a7ea882),
CONST64(0x84edafba3e42f8c6), CONST64(0xd9ca28875ee2653b), CONST64(0xd2254cf527699cbb), CONST64(0x890ac0cf46ca0543),
CONST64(0x286074240c14303c), CONST64(0x430fa02665af89ec), CONST64(0x6d67df0568b8bdd5), CONST64(0x5b2f8c3a61a399f8),
CONST64(0x0a181d0903050c0f), CONST64(0xbc46187dc15e23e2), CONST64(0xef827bb857f94116), CONST64(0xcefe9918d6677fa9),
CONST64(0xec86f035d976439a), CONST64(0xcdfa129558e87d25), CONST64(0xea8efb32d875479f), CONST64(0x4917bd2f66aa85e3),
CONST64(0xc8f6921fd7647bac), CONST64(0x9ccd83a63a4ee8d2), CONST64(0x8a0e4b42c84507cf), CONST64(0x88fdb9b43c44f0cc),
CONST64(0x268390dcfa13cf35), CONST64(0x53c463c596a762f4), CONST64(0xf551a552a7f4a601), CONST64(0x77b401ef98b55ac2),
CONST64(0x52331abeec29977b), CONST64(0xb7a97c0fb8d5da62), CONST64(0xa876226fc7543bfc), CONST64(0xc319f66daeef822c),
CONST64(0x6b6fd40269bbb9d0), CONST64(0xa762bfec4bdd317a), CONST64(0xdd31d176abe0963d), CONST64(0xd121c778a9e69e37),
CONST64(0x4f1fb62867a981e6), CONST64(0x3c504e360a1e2822), CONST64(0x8f02cbc847c90146), CONST64(0x16c3c8e4f20bef1d),
CONST64(0x99c1032cb5c2ee5b), CONST64(0xcc0d6bee226688aa), CONST64(0x647b4981e532b356), CONST64(0x5e230cb0ee2f9f71),
CONST64(0xa399461dbedfc27c), CONST64(0xfa4538d12b7dac87), CONST64(0x217ce2a0819e3ebf), CONST64(0x6c90a67e1236485a),
CONST64(0x2d6cf4ae839836b5), CONST64(0x5ad8f5411b2d6c77), CONST64(0x2470622a0e123836), CONST64(0xca0560e923658caf),
CONST64(0x04fbf9f1f502f306), CONST64(0x8312ddc645cf094c), CONST64(0xc61576e7216384a5), CONST64(0x9e3e7150ce4f1fd1),
CONST64(0xab72a9e249db3970), CONST64(0xe87d09c42c74b09c), CONST64(0x2c9b8dd5f916c33a), CONST64(0x6e635488e637bf59),
CONST64(0x93d91e25b6c7e254), CONST64(0xf05d25d82878a088), CONST64(0x72b8816517395c4b), CONST64(0x2b64ffa9829b32b0),
CONST64(0x5cd0fe461a2e6872), CONST64(0x1d2cac968b80169d), CONST64(0x3ea3bcc0fe1fdf21), CONST64(0x1b24a7918a831298),
CONST64(0x3648533f091b242d), CONST64(0x8c064045c94603ca), CONST64(0x354cd8b2879426a1), CONST64(0xb94a98f74ed2256b),
CONST64(0x7c5b659de13ea342), CONST64(0xe46d1fca2e72b896), CONST64(0x62734286e431b753), CONST64(0x7a536e9ae03da747),
CONST64(0x400b2babeb208b60), CONST64(0x47f459d790ad7aea), CONST64(0xff49b85ba4f1aa0e), CONST64(0x44f0d25a1e227866),
CONST64(0x395ccebc85922eab), CONST64(0x5d27873d60a09dfd), CONST64(0x0000000000000000), CONST64(0xde355afb256f94b1),
CONST64(0x02f3f2f6f401f703), CONST64(0x1cdbd5edf10ee312), CONST64(0x5fd475cb94a16afe), CONST64(0x3a5845310b1d2c27),
CONST64(0x686b5f8fe734bb5c), CONST64(0x238f1056759fc9bc), CONST64(0x582b07b7ef2c9b74), CONST64(0xb8bde18c345cd0e4),
CONST64(0xa695c6973153c4f5), CONST64(0xc2ee8f16d46177a3), CONST64(0xdacea30ad06d67b7), CONST64(0x3344d3b5869722a4),
CONST64(0x19d755677e82e59b), CONST64(0xc901eb64adea8e23), CONST64(0x34bba1c9fd1ad32e), CONST64(0xf6552edf297ba48d),
CONST64(0xa09dcd903050c0f0), CONST64(0x9ac588a13b4decd7), CONST64(0x658c30fa9fbc46d9), CONST64(0x2a9386d2f815c73f),
CONST64(0xae7e2968c6573ff9), CONST64(0x6a98ad7913354c5f), CONST64(0x14303a12060a181e), CONST64(0x1e28271b050f1411),
CONST64(0xa4663461c55233f6), CONST64(0x6688bb7711334455), CONST64(0x2f9f06587799c1b6), CONST64(0x15c743697c84ed91),
CONST64(0x01f7797b7a8ef58f), CONST64(0x0de76f757888fd85), CONST64(0xb4adf782365ad8ee), CONST64(0x48e0c4541c24706c),
CONST64(0x96d59eaf394be4dd), CONST64(0xcbf2199259eb7920), CONST64(0x50c0e84818286078), CONST64(0xe98a70bf56fa4513),
CONST64(0x8df1393eb3c8f645), CONST64(0x87e92437b0cdfa4a), CONST64(0xd83d51fc246c90b4), CONST64(0xc01d7de0206080a0),
CONST64(0x8bf93239b2cbf240), CONST64(0x4be44fd992ab72e0), CONST64(0xed71894ea3f8b615), CONST64(0xba4e137ac05d27e7),
CONST64(0x851ad6c144cc0d49), CONST64(0x5137913362a695f7), CONST64(0x6080b07010304050), CONST64(0x9fc9082bb4c1ea5e),
CONST64(0x3f54c5bb84912aae), CONST64(0x9722e7d443c51152), CONST64(0x4dec44de93a876e5), CONST64(0xb65e0574c25b2fed),
CONST64(0xa16ab4eb4ade357f), CONST64(0xa9815b14bddace73), CONST64(0x050c808a8f8c0689), CONST64(0xee7502c32d77b499),
CONST64(0xaf895013bcd9ca76), CONST64(0x6f942df39cb94ad6), CONST64(0x6177c90b6abeb5df), CONST64(0x9d3afadd40c01d5d),
CONST64(0x98367a57cf4c1bd4), CONST64(0xeb798249a2fbb210), CONST64(0x2774e9a7809d3aba), CONST64(0xbf4293f04fd1216e),
CONST64(0x42f8d95d1f217c63), CONST64(0x861e5d4cca430fc5), CONST64(0xdb39da71aae39238), CONST64(0x912aecd342c61557),
};
static const ulong64 T5[256] = {
CONST64(0xb9bb016ad3ba68d2), CONST64(0x9ae5b166fc54194d), CONST64(0x65e2cd14712f93bc), CONST64(0x8725511b9c74b9cd),
CONST64(0xa2f7a457f5530251), CONST64(0xd6d003be68d3b86b), CONST64(0xded604b56bd2bd6f), CONST64(0x52b3fe85d74d6429),
CONST64(0xbafdad4af0500d5d), CONST64(0x09cf63e0e9ac268a), CONST64(0x1c0984968a8d830e), CONST64(0x91a51a4ddcbf79c6),
CONST64(0xa73d4d379070addd), CONST64(0xaaf1a35cf6520755), CONST64(0xa47be117b39ac852), CONST64(0x5ab5f98ed44c612d),
CONST64(0x0346ac2023ea658f), CONST64(0xe6c4118462d5a673), CONST64(0xcc55c268a497f166), CONST64(0xc6dc0da86ed1b263),
CONST64(0x85aa99d05533ffcc), CONST64(0xb2fbaa41f3510859), CONST64(0xe2c79c0fed5b2a71), CONST64(0x59f355aef7a604a2),
CONST64(0xbefe20c17fde815f), CONST64(0x7aade5a2d848753d), CONST64(0x29d77fcce5a8329a), CONST64(0xbc71e80ab699c75e),
CONST64(0x96e03be670db904b), CONST64(0x8dac9edb5632fac8), CONST64(0xd1952215c4b751e6), CONST64(0xb332ceaa19fc2bd7),
CONST64(0x4b70937338e348ab), CONST64(0x8463fd3bbf9edc42), CONST64(0xfc41d052ae91ef7e), CONST64(0xac7de61cb09bcd56),
CONST64(0x437694783be24daf), CONST64(0xb1bd0661d0bb6dd6), CONST64(0x329bdaf1c3415819), CONST64(0x577917e5b26ecba5),
CONST64(0x41f95cb3f2a50bae), CONST64(0x16804b5640cbc00b), CONST64(0x7f670cc2bd6bdab1), CONST64(0xdc59cc7ea295fb6e),
CONST64(0x61e1409ffea11fbe), CONST64(0xcb10e3c308f318eb), CONST64(0xe181302fceb14ffe), CONST64(0x100c0e1606020a08),
CONST64(0x2e925e6749ccdb17), CONST64(0x6ea2663f51c4f337), CONST64(0xe84e53cf271d6974), CONST64(0xa0786c9c3c144450),
CONST64(0x56b0730e58c3e82b), CONST64(0x3f57349aa563f291), CONST64(0x9ee63ced73da954f), CONST64(0xd2d38e35e75d3469),
CONST64(0xc2df8023e15f3e61), CONST64(0xaef22ed779dc8b57), CONST64(0xcf136e48877d94e9), CONST64(0x2694596c4acdde13),
CONST64(0xdf1f605e817f9ee1), CONST64(0xeac19b04ee5a2f75), CONST64(0x477519f3b46cc1ad), CONST64(0xdad5893ee45c316d),
CONST64(0xeb08ffef04f70cfb), CONST64(0x2dd4f2476a26be98), CONST64(0xab38c7b71cff24db), CONST64(0x3b54b9112aed7e93),
CONST64(0x134aa23625e86f87), CONST64(0x9c69f426ba9dd34e), CONST64(0x5f7f10eeb16fcea1), CONST64(0x04038d8b8f8e8c02),
CONST64(0xc8564fe32b197d64), CONST64(0x69e74794fda01aba), CONST64(0xd31aeade0df017e7), CONST64(0x3c1198ba8689971e),
CONST64(0x78222d69110f333c), CONST64(0x3812153109071b1c), CONST64(0x11c56afdecaf2986), CONST64(0x8b20db9b10fb30cb),
CONST64(0x4030385818082820), CONST64(0xa87e6b973f154154), CONST64(0x682e237f170d3934), CONST64(0x20181c2c0c041410),
CONST64(0x0806070b03010504), CONST64(0x074521abac64e98d), CONST64(0xb6f827ca7cdf845b), CONST64(0x97295f0d9a76b3c5),
CONST64(0xef0b72648b7980f9), CONST64(0xa6f429dc7add8e53), CONST64(0xf58eb3b2473dc9f4), CONST64(0xb074628a3a164e58),
CONST64(0xe582bda4413fc3fc), CONST64(0xa5b285fc5937ebdc), CONST64(0x4f731ef8b76dc4a9), CONST64(0xdd90a8954838d8e0),
CONST64(0xa1b10877d6b967de), CONST64(0xbf37442a9573a2d1), CONST64(0x1b4ca53d26e96a83), CONST64(0xb5be8bea5f35e1d4),
CONST64(0x92e3b66dff551c49), CONST64(0xaf3b4a3c9371a8d9), CONST64(0xff077c728d7b8af1), CONST64(0x140f839d898c860a),
CONST64(0xb73143219672a7d5), CONST64(0x34179fb18588921a), CONST64(0xe30ef8e407f609ff), CONST64(0x4dfcd6337e2a82a8),
CONST64(0xed84baaf423ec6f8), CONST64(0xcad98728e25e3b65), CONST64(0x25d2f54c6927bb9c), CONST64(0x0a89cfc0ca464305),
CONST64(0x60282474140c3c30), CONST64(0x0f4326a0af65ec89), CONST64(0x676d05dfb868d5bd), CONST64(0x2f5b3a8ca361f899),
CONST64(0x180a091d05030f0c), CONST64(0x46bc7d185ec1e223), CONST64(0x82efb87bf9571641), CONST64(0xfece189967d6a97f),
CONST64(0x86ec35f076d99a43), CONST64(0xfacd9512e858257d), CONST64(0x8eea32fb75d89f47), CONST64(0x17492fbdaa66e385),
CONST64(0xf6c81f9264d7ac7b), CONST64(0xcd9ca6834e3ad2e8), CONST64(0x0e8a424b45c8cf07), CONST64(0xfd88b4b9443cccf0),
CONST64(0x8326dc9013fa35cf), CONST64(0xc453c563a796f462), CONST64(0x51f552a5f4a701a6), CONST64(0xb477ef01b598c25a),
CONST64(0x3352be1a29ec7b97), CONST64(0xa9b70f7cd5b862da), CONST64(0x76a86f2254c7fc3b), CONST64(0x19c36df6efae2c82),
CONST64(0x6f6b02d4bb69d0b9), CONST64(0x62a7ecbfdd4b7a31), CONST64(0x31dd76d1e0ab3d96), CONST64(0x21d178c7e6a9379e),
CONST64(0x1f4f28b6a967e681), CONST64(0x503c364e1e0a2228), CONST64(0x028fc8cbc9474601), CONST64(0xc316e4c80bf21def),
CONST64(0xc1992c03c2b55bee), CONST64(0x0dccee6b6622aa88), CONST64(0x7b64814932e556b3), CONST64(0x235eb00c2fee719f),
CONST64(0x99a31d46dfbe7cc2), CONST64(0x45fad1387d2b87ac), CONST64(0x7c21a0e29e81bf3e), CONST64(0x906c7ea636125a48),
CONST64(0x6c2daef49883b536), CONST64(0xd85a41f52d1b776c), CONST64(0x70242a62120e3638), CONST64(0x05cae9606523af8c),
CONST64(0xfb04f1f902f506f3), CONST64(0x1283c6ddcf454c09), CONST64(0x15c6e7766321a584), CONST64(0x3e9e50714fced11f),
CONST64(0x72abe2a9db497039), CONST64(0x7de8c409742c9cb0), CONST64(0x9b2cd58d16f93ac3), CONST64(0x636e885437e659bf),
CONST64(0xd993251ec7b654e2), CONST64(0x5df0d825782888a0), CONST64(0xb872658139174b5c), CONST64(0x642ba9ff9b82b032),
CONST64(0xd05c46fe2e1a7268), CONST64(0x2c1d96ac808b9d16), CONST64(0xa33ec0bc1ffe21df), CONST64(0x241b91a7838a9812),
CONST64(0x48363f531b092d24), CONST64(0x068c454046c9ca03), CONST64(0x4c35b2d89487a126), CONST64(0x4ab9f798d24e6b25),
CONST64(0x5b7c9d653ee142a3), CONST64(0x6de4ca1f722e96b8), CONST64(0x7362864231e453b7), CONST64(0x537a9a6e3de047a7),
CONST64(0x0b40ab2b20eb608b), CONST64(0xf447d759ad90ea7a), CONST64(0x49ff5bb8f1a40eaa), CONST64(0xf0445ad2221e6678),
CONST64(0x5c39bcce9285ab2e), CONST64(0x275d3d87a060fd9d), CONST64(0x0000000000000000), CONST64(0x35defb5a6f25b194),
CONST64(0xf302f6f201f403f7), CONST64(0xdb1cedd50ef112e3), CONST64(0xd45fcb75a194fe6a), CONST64(0x583a31451d0b272c),
CONST64(0x6b688f5f34e75cbb), CONST64(0x8f2356109f75bcc9), CONST64(0x2b58b7072cef749b), CONST64(0xbdb88ce15c34e4d0),
CONST64(0x95a697c65331f5c4), CONST64(0xeec2168f61d4a377), CONST64(0xceda0aa36dd0b767), CONST64(0x4433b5d39786a422),
CONST64(0xd7196755827e9be5), CONST64(0x01c964ebeaad238e), CONST64(0xbb34c9a11afd2ed3), CONST64(0x55f6df2e7b298da4),
CONST64(0x9da090cd5030f0c0), CONST64(0xc59aa1884d3bd7ec), CONST64(0x8c65fa30bc9fd946), CONST64(0x932ad28615f83fc7),
CONST64(0x7eae682957c6f93f), CONST64(0x986a79ad35135f4c), CONST64(0x3014123a0a061e18), CONST64(0x281e1b270f051114),
CONST64(0x66a4613452c5f633), CONST64(0x886677bb33115544), CONST64(0x9f2f58069977b6c1), CONST64(0xc7156943847c91ed),
CONST64(0xf7017b798e7a8ff5), CONST64(0xe70d756f887885fd), CONST64(0xadb482f75a36eed8), CONST64(0xe04854c4241c6c70),
CONST64(0xd596af9e4b39dde4), CONST64(0xf2cb9219eb592079), CONST64(0xc05048e828187860), CONST64(0x8ae9bf70fa561345),
CONST64(0xf18d3e39c8b345f6), CONST64(0xe9873724cdb04afa), CONST64(0x3dd8fc516c24b490), CONST64(0x1dc0e07d6020a080),
CONST64(0xf98b3932cbb240f2), CONST64(0xe44bd94fab92e072), CONST64(0x71ed4e89f8a315b6), CONST64(0x4eba7a135dc0e727),
CONST64(0x1a85c1d6cc44490d), CONST64(0x37513391a662f795), CONST64(0x806070b030105040), CONST64(0xc99f2b08c1b45eea),
CONST64(0x543fbbc59184ae2a), CONST64(0x2297d4e7c5435211), CONST64(0xec4dde44a893e576), CONST64(0x5eb674055bc2ed2f),
CONST64(0x6aa1ebb4de4a7f35), CONST64(0x81a9145bdabd73ce), CONST64(0x0c058a808c8f8906), CONST64(0x75eec302772d99b4),
CONST64(0x89af1350d9bc76ca), CONST64(0x946ff32db99cd64a), CONST64(0x77610bc9be6adfb5), CONST64(0x3a9dddfac0405d1d),
CONST64(0x3698577a4ccfd41b), CONST64(0x79eb4982fba210b2), CONST64(0x7427a7e99d80ba3a), CONST64(0x42bff093d14f6e21),
CONST64(0xf8425dd9211f637c), CONST64(0x1e864c5d43cac50f), CONST64(0x39db71dae3aa3892), CONST64(0x2a91d3ecc6425715),
};
static const ulong64 T6[256] = {
CONST64(0x6a01bbb9d268bad3), CONST64(0x66b1e59a4d1954fc), CONST64(0x14cde265bc932f71), CONST64(0x1b512587cdb9749c),
CONST64(0x57a4f7a2510253f5), CONST64(0xbe03d0d66bb8d368), CONST64(0xb504d6de6fbdd26b), CONST64(0x85feb35229644dd7),
CONST64(0x4aadfdba5d0d50f0), CONST64(0xe063cf098a26ace9), CONST64(0x9684091c0e838d8a), CONST64(0x4d1aa591c679bfdc),
CONST64(0x374d3da7ddad7090), CONST64(0x5ca3f1aa550752f6), CONST64(0x17e17ba452c89ab3), CONST64(0x8ef9b55a2d614cd4),
CONST64(0x20ac46038f65ea23), CONST64(0x8411c4e673a6d562), CONST64(0x68c255cc66f197a4), CONST64(0xa80ddcc663b2d16e),
CONST64(0xd099aa85ccff3355), CONST64(0x41aafbb2590851f3), CONST64(0x0f9cc7e2712a5bed), CONST64(0xae55f359a204a6f7),
CONST64(0xc120febe5f81de7f), CONST64(0xa2e5ad7a3d7548d8), CONST64(0xcc7fd7299a32a8e5), CONST64(0x0ae871bc5ec799b6),
CONST64(0xe63be0964b90db70), CONST64(0xdb9eac8dc8fa3256), CONST64(0x152295d1e651b7c4), CONST64(0xaace32b3d72bfc19),
CONST64(0x7393704bab48e338), CONST64(0x3bfd638442dc9ebf), CONST64(0x52d041fc7eef91ae), CONST64(0x1ce67dac56cd9bb0),
CONST64(0x78947643af4de23b), CONST64(0x6106bdb1d66dbbd0), CONST64(0xf1da9b32195841c3), CONST64(0xe5177957a5cb6eb2),
CONST64(0xb35cf941ae0ba5f2), CONST64(0x564b80160bc0cb40), CONST64(0xc20c677fb1da6bbd), CONST64(0x7ecc59dc6efb95a2),
CONST64(0x9f40e161be1fa1fe), CONST64(0xc3e310cbeb18f308), CONST64(0x2f3081e1fe4fb1ce), CONST64(0x160e0c10080a0206),
CONST64(0x675e922e17dbcc49), CONST64(0x3f66a26e37f3c451), CONST64(0xcf534ee874691d27), CONST64(0x9c6c78a05044143c),
CONST64(0x0e73b0562be8c358), CONST64(0x9a34573f91f263a5), CONST64(0xed3ce69e4f95da73), CONST64(0x358ed3d269345de7),
CONST64(0x2380dfc2613e5fe1), CONST64(0xd72ef2ae578bdc79), CONST64(0x486e13cfe9947d87), CONST64(0x6c59942613decd4a),
CONST64(0x5e601fdfe19e7f81), CONST64(0x049bc1ea752f5aee), CONST64(0xf3197547adc16cb4), CONST64(0x3e89d5da6d315ce4),
CONST64(0xefff08ebfb0cf704), CONST64(0x47f2d42d98be266a), CONST64(0xb7c738abdb24ff1c), CONST64(0x11b9543b937eed2a),
CONST64(0x36a24a13876fe825), CONST64(0x26f4699c4ed39dba), CONST64(0xee107f5fa1ce6fb1), CONST64(0x8b8d0304028c8e8f),
CONST64(0xe34f56c8647d192b), CONST64(0x9447e769ba1aa0fd), CONST64(0xdeea1ad3e717f00d), CONST64(0xba98113c1e978986),
CONST64(0x692d22783c330f11), CONST64(0x311512381c1b0709), CONST64(0xfd6ac5118629afec), CONST64(0x9bdb208bcb30fb10),
CONST64(0x5838304020280818), CONST64(0x976b7ea85441153f), CONST64(0x7f232e6834390d17), CONST64(0x2c1c18201014040c),
CONST64(0x0b07060804050103), CONST64(0xab2145078de964ac), CONST64(0xca27f8b65b84df7c), CONST64(0x0d5f2997c5b3769a),
CONST64(0x64720beff980798b), CONST64(0xdc29f4a6538edd7a), CONST64(0xb2b38ef5f4c93d47), CONST64(0x8a6274b0584e163a),
CONST64(0xa4bd82e5fcc33f41), CONST64(0xfc85b2a5dceb3759), CONST64(0xf81e734fa9c46db7), CONST64(0x95a890dde0d83848),
CONST64(0x7708b1a1de67b9d6), CONST64(0x2a4437bfd1a27395), CONST64(0x3da54c1b836ae926), CONST64(0xea8bbeb5d4e1355f),
CONST64(0x6db6e392491c55ff), CONST64(0x3c4a3bafd9a87193), CONST64(0x727c07fff18a7b8d), CONST64(0x9d830f140a868c89),
CONST64(0x214331b7d5a77296), CONST64(0xb19f17341a928885), CONST64(0xe4f80ee3ff09f607), CONST64(0x33d6fc4da8822a7e),
CONST64(0xafba84edf8c63e42), CONST64(0x2887d9ca653b5ee2), CONST64(0x4cf5d2259cbb2769), CONST64(0xc0cf890a054346ca),
CONST64(0x74242860303c0c14), CONST64(0xa026430f89ec65af), CONST64(0xdf056d67bdd568b8), CONST64(0x8c3a5b2f99f861a3),
CONST64(0x1d090a180c0f0305), CONST64(0x187dbc4623e2c15e), CONST64(0x7bb8ef82411657f9), CONST64(0x9918cefe7fa9d667),
CONST64(0xf035ec86439ad976), CONST64(0x1295cdfa7d2558e8), CONST64(0xfb32ea8e479fd875), CONST64(0xbd2f491785e366aa),
CONST64(0x921fc8f67bacd764), CONST64(0x83a69ccde8d23a4e), CONST64(0x4b428a0e07cfc845), CONST64(0xb9b488fdf0cc3c44),
CONST64(0x90dc2683cf35fa13), CONST64(0x63c553c462f496a7), CONST64(0xa552f551a601a7f4), CONST64(0x01ef77b45ac298b5),
CONST64(0x1abe5233977bec29), CONST64(0x7c0fb7a9da62b8d5), CONST64(0x226fa8763bfcc754), CONST64(0xf66dc319822caeef),
CONST64(0xd4026b6fb9d069bb), CONST64(0xbfeca762317a4bdd), CONST64(0xd176dd31963dabe0), CONST64(0xc778d1219e37a9e6),
CONST64(0xb6284f1f81e667a9), CONST64(0x4e363c5028220a1e), CONST64(0xcbc88f02014647c9), CONST64(0xc8e416c3ef1df20b),
CONST64(0x032c99c1ee5bb5c2), CONST64(0x6beecc0d88aa2266), CONST64(0x4981647bb356e532), CONST64(0x0cb05e239f71ee2f),
CONST64(0x461da399c27cbedf), CONST64(0x38d1fa45ac872b7d), CONST64(0xe2a0217c3ebf819e), CONST64(0xa67e6c90485a1236),
CONST64(0xf4ae2d6c36b58398), CONST64(0xf5415ad86c771b2d), CONST64(0x622a247038360e12), CONST64(0x60e9ca058caf2365),
CONST64(0xf9f104fbf306f502), CONST64(0xddc68312094c45cf), CONST64(0x76e7c61584a52163), CONST64(0x71509e3e1fd1ce4f),
CONST64(0xa9e2ab72397049db), CONST64(0x09c4e87db09c2c74), CONST64(0x8dd52c9bc33af916), CONST64(0x54886e63bf59e637),
CONST64(0x1e2593d9e254b6c7), CONST64(0x25d8f05da0882878), CONST64(0x816572b85c4b1739), CONST64(0xffa92b6432b0829b),
CONST64(0xfe465cd068721a2e), CONST64(0xac961d2c169d8b80), CONST64(0xbcc03ea3df21fe1f), CONST64(0xa7911b2412988a83),
CONST64(0x533f3648242d091b), CONST64(0x40458c0603cac946), CONST64(0xd8b2354c26a18794), CONST64(0x98f7b94a256b4ed2),
CONST64(0x659d7c5ba342e13e), CONST64(0x1fcae46db8962e72), CONST64(0x42866273b753e431), CONST64(0x6e9a7a53a747e03d),
CONST64(0x2bab400b8b60eb20), CONST64(0x59d747f47aea90ad), CONST64(0xb85bff49aa0ea4f1), CONST64(0xd25a44f078661e22),
CONST64(0xcebc395c2eab8592), CONST64(0x873d5d279dfd60a0), CONST64(0x0000000000000000), CONST64(0x5afbde3594b1256f),
CONST64(0xf2f602f3f703f401), CONST64(0xd5ed1cdbe312f10e), CONST64(0x75cb5fd46afe94a1), CONST64(0x45313a582c270b1d),
CONST64(0x5f8f686bbb5ce734), CONST64(0x1056238fc9bc759f), CONST64(0x07b7582b9b74ef2c), CONST64(0xe18cb8bdd0e4345c),
CONST64(0xc697a695c4f53153), CONST64(0x8f16c2ee77a3d461), CONST64(0xa30adace67b7d06d), CONST64(0xd3b5334422a48697),
CONST64(0x556719d7e59b7e82), CONST64(0xeb64c9018e23adea), CONST64(0xa1c934bbd32efd1a), CONST64(0x2edff655a48d297b),
CONST64(0xcd90a09dc0f03050), CONST64(0x88a19ac5ecd73b4d), CONST64(0x30fa658c46d99fbc), CONST64(0x86d22a93c73ff815),
CONST64(0x2968ae7e3ff9c657), CONST64(0xad796a984c5f1335), CONST64(0x3a121430181e060a), CONST64(0x271b1e281411050f),
CONST64(0x3461a46633f6c552), CONST64(0xbb77668844551133), CONST64(0x06582f9fc1b67799), CONST64(0x436915c7ed917c84),
CONST64(0x797b01f7f58f7a8e), CONST64(0x6f750de7fd857888), CONST64(0xf782b4add8ee365a), CONST64(0xc45448e0706c1c24),
CONST64(0x9eaf96d5e4dd394b), CONST64(0x1992cbf2792059eb), CONST64(0xe84850c060781828), CONST64(0x70bfe98a451356fa),
CONST64(0x393e8df1f645b3c8), CONST64(0x243787e9fa4ab0cd), CONST64(0x51fcd83d90b4246c), CONST64(0x7de0c01d80a02060),
CONST64(0x32398bf9f240b2cb), CONST64(0x4fd94be472e092ab), CONST64(0x894eed71b615a3f8), CONST64(0x137aba4e27e7c05d),
CONST64(0xd6c1851a0d4944cc), CONST64(0x9133513795f762a6), CONST64(0xb070608040501030), CONST64(0x082b9fc9ea5eb4c1),
CONST64(0xc5bb3f542aae8491), CONST64(0xe7d49722115243c5), CONST64(0x44de4dec76e593a8), CONST64(0x0574b65e2fedc25b),
CONST64(0xb4eba16a357f4ade), CONST64(0x5b14a981ce73bdda), CONST64(0x808a050c06898f8c), CONST64(0x02c3ee75b4992d77),
CONST64(0x5013af89ca76bcd9), CONST64(0x2df36f944ad69cb9), CONST64(0xc90b6177b5df6abe), CONST64(0xfadd9d3a1d5d40c0),
CONST64(0x7a5798361bd4cf4c), CONST64(0x8249eb79b210a2fb), CONST64(0xe9a727743aba809d), CONST64(0x93f0bf42216e4fd1),
CONST64(0xd95d42f87c631f21), CONST64(0x5d4c861e0fc5ca43), CONST64(0xda71db399238aae3), CONST64(0xecd3912a155742c6),
};
static const ulong64 T7[256] = {
CONST64(0x016ab9bb68d2d3ba), CONST64(0xb1669ae5194dfc54), CONST64(0xcd1465e293bc712f), CONST64(0x511b8725b9cd9c74),
CONST64(0xa457a2f70251f553), CONST64(0x03bed6d0b86b68d3), CONST64(0x04b5ded6bd6f6bd2), CONST64(0xfe8552b36429d74d),
CONST64(0xad4abafd0d5df050), CONST64(0x63e009cf268ae9ac), CONST64(0x84961c09830e8a8d), CONST64(0x1a4d91a579c6dcbf),
CONST64(0x4d37a73daddd9070), CONST64(0xa35caaf10755f652), CONST64(0xe117a47bc852b39a), CONST64(0xf98e5ab5612dd44c),
CONST64(0xac200346658f23ea), CONST64(0x1184e6c4a67362d5), CONST64(0xc268cc55f166a497), CONST64(0x0da8c6dcb2636ed1),
CONST64(0x99d085aaffcc5533), CONST64(0xaa41b2fb0859f351), CONST64(0x9c0fe2c72a71ed5b), CONST64(0x55ae59f304a2f7a6),
CONST64(0x20c1befe815f7fde), CONST64(0xe5a27aad753dd848), CONST64(0x7fcc29d7329ae5a8), CONST64(0xe80abc71c75eb699),
CONST64(0x3be696e0904b70db), CONST64(0x9edb8dacfac85632), CONST64(0x2215d19551e6c4b7), CONST64(0xceaab3322bd719fc),
CONST64(0x93734b7048ab38e3), CONST64(0xfd3b8463dc42bf9e), CONST64(0xd052fc41ef7eae91), CONST64(0xe61cac7dcd56b09b),
CONST64(0x947843764daf3be2), CONST64(0x0661b1bd6dd6d0bb), CONST64(0xdaf1329b5819c341), CONST64(0x17e55779cba5b26e),
CONST64(0x5cb341f90baef2a5), CONST64(0x4b561680c00b40cb), CONST64(0x0cc27f67dab1bd6b), CONST64(0xcc7edc59fb6ea295),
CONST64(0x409f61e11fbefea1), CONST64(0xe3c3cb1018eb08f3), CONST64(0x302fe1814ffeceb1), CONST64(0x0e16100c0a080602),
CONST64(0x5e672e92db1749cc), CONST64(0x663f6ea2f33751c4), CONST64(0x53cfe84e6974271d), CONST64(0x6c9ca07844503c14),
CONST64(0x730e56b0e82b58c3), CONST64(0x349a3f57f291a563), CONST64(0x3ced9ee6954f73da), CONST64(0x8e35d2d33469e75d),
CONST64(0x8023c2df3e61e15f), CONST64(0x2ed7aef28b5779dc), CONST64(0x6e48cf1394e9877d), CONST64(0x596c2694de134acd),
CONST64(0x605edf1f9ee1817f), CONST64(0x9b04eac12f75ee5a), CONST64(0x19f34775c1adb46c), CONST64(0x893edad5316de45c),
CONST64(0xffefeb080cfb04f7), CONST64(0xf2472dd4be986a26), CONST64(0xc7b7ab3824db1cff), CONST64(0xb9113b547e932aed),
CONST64(0xa236134a6f8725e8), CONST64(0xf4269c69d34eba9d), CONST64(0x10ee5f7fcea1b16f), CONST64(0x8d8b04038c028f8e),
CONST64(0x4fe3c8567d642b19), CONST64(0x479469e71abafda0), CONST64(0xeaded31a17e70df0), CONST64(0x98ba3c11971e8689),
CONST64(0x2d697822333c110f), CONST64(0x153138121b1c0907), CONST64(0x6afd11c52986ecaf), CONST64(0xdb9b8b2030cb10fb),
CONST64(0x3858403028201808), CONST64(0x6b97a87e41543f15), CONST64(0x237f682e3934170d), CONST64(0x1c2c201814100c04),
CONST64(0x070b080605040301), CONST64(0x21ab0745e98dac64), CONST64(0x27cab6f8845b7cdf), CONST64(0x5f0d9729b3c59a76),
CONST64(0x7264ef0b80f98b79), CONST64(0x29dca6f48e537add), CONST64(0xb3b2f58ec9f4473d), CONST64(0x628ab0744e583a16),
CONST64(0xbda4e582c3fc413f), CONST64(0x85fca5b2ebdc5937), CONST64(0x1ef84f73c4a9b76d), CONST64(0xa895dd90d8e04838),
CONST64(0x0877a1b167ded6b9), CONST64(0x442abf37a2d19573), CONST64(0xa53d1b4c6a8326e9), CONST64(0x8beab5bee1d45f35),
CONST64(0xb66d92e31c49ff55), CONST64(0x4a3caf3ba8d99371), CONST64(0x7c72ff078af18d7b), CONST64(0x839d140f860a898c),
CONST64(0x4321b731a7d59672), CONST64(0x9fb13417921a8588), CONST64(0xf8e4e30e09ff07f6), CONST64(0xd6334dfc82a87e2a),
CONST64(0xbaafed84c6f8423e), CONST64(0x8728cad93b65e25e), CONST64(0xf54c25d2bb9c6927), CONST64(0xcfc00a894305ca46),
CONST64(0x247460283c30140c), CONST64(0x26a00f43ec89af65), CONST64(0x05df676dd5bdb868), CONST64(0x3a8c2f5bf899a361),
CONST64(0x091d180a0f0c0503), CONST64(0x7d1846bce2235ec1), CONST64(0xb87b82ef1641f957), CONST64(0x1899fecea97f67d6),
CONST64(0x35f086ec9a4376d9), CONST64(0x9512facd257de858), CONST64(0x32fb8eea9f4775d8), CONST64(0x2fbd1749e385aa66),
CONST64(0x1f92f6c8ac7b64d7), CONST64(0xa683cd9cd2e84e3a), CONST64(0x424b0e8acf0745c8), CONST64(0xb4b9fd88ccf0443c),
CONST64(0xdc90832635cf13fa), CONST64(0xc563c453f462a796), CONST64(0x52a551f501a6f4a7), CONST64(0xef01b477c25ab598),
CONST64(0xbe1a33527b9729ec), CONST64(0x0f7ca9b762dad5b8), CONST64(0x6f2276a8fc3b54c7), CONST64(0x6df619c32c82efae),
CONST64(0x02d46f6bd0b9bb69), CONST64(0xecbf62a77a31dd4b), CONST64(0x76d131dd3d96e0ab), CONST64(0x78c721d1379ee6a9),
CONST64(0x28b61f4fe681a967), CONST64(0x364e503c22281e0a), CONST64(0xc8cb028f4601c947), CONST64(0xe4c8c3161def0bf2),
CONST64(0x2c03c1995beec2b5), CONST64(0xee6b0dccaa886622), CONST64(0x81497b6456b332e5), CONST64(0xb00c235e719f2fee),
CONST64(0x1d4699a37cc2dfbe), CONST64(0xd13845fa87ac7d2b), CONST64(0xa0e27c21bf3e9e81), CONST64(0x7ea6906c5a483612),
CONST64(0xaef46c2db5369883), CONST64(0x41f5d85a776c2d1b), CONST64(0x2a6270243638120e), CONST64(0xe96005caaf8c6523),
CONST64(0xf1f9fb0406f302f5), CONST64(0xc6dd12834c09cf45), CONST64(0xe77615c6a5846321), CONST64(0x50713e9ed11f4fce),
CONST64(0xe2a972ab7039db49), CONST64(0xc4097de89cb0742c), CONST64(0xd58d9b2c3ac316f9), CONST64(0x8854636e59bf37e6),
CONST64(0x251ed99354e2c7b6), CONST64(0xd8255df088a07828), CONST64(0x6581b8724b5c3917), CONST64(0xa9ff642bb0329b82),
CONST64(0x46fed05c72682e1a), CONST64(0x96ac2c1d9d16808b), CONST64(0xc0bca33e21df1ffe), CONST64(0x91a7241b9812838a),
CONST64(0x3f5348362d241b09), CONST64(0x4540068cca0346c9), CONST64(0xb2d84c35a1269487), CONST64(0xf7984ab96b25d24e),
CONST64(0x9d655b7c42a33ee1), CONST64(0xca1f6de496b8722e), CONST64(0x8642736253b731e4), CONST64(0x9a6e537a47a73de0),
CONST64(0xab2b0b40608b20eb), CONST64(0xd759f447ea7aad90), CONST64(0x5bb849ff0eaaf1a4), CONST64(0x5ad2f0446678221e),
CONST64(0xbcce5c39ab2e9285), CONST64(0x3d87275dfd9da060), CONST64(0x0000000000000000), CONST64(0xfb5a35deb1946f25),
CONST64(0xf6f2f30203f701f4), CONST64(0xedd5db1c12e30ef1), CONST64(0xcb75d45ffe6aa194), CONST64(0x3145583a272c1d0b),
CONST64(0x8f5f6b685cbb34e7), CONST64(0x56108f23bcc99f75), CONST64(0xb7072b58749b2cef), CONST64(0x8ce1bdb8e4d05c34),
CONST64(0x97c695a6f5c45331), CONST64(0x168feec2a37761d4), CONST64(0x0aa3cedab7676dd0), CONST64(0xb5d34433a4229786),
CONST64(0x6755d7199be5827e), CONST64(0x64eb01c9238eeaad), CONST64(0xc9a1bb342ed31afd), CONST64(0xdf2e55f68da47b29),
CONST64(0x90cd9da0f0c05030), CONST64(0xa188c59ad7ec4d3b), CONST64(0xfa308c65d946bc9f), CONST64(0xd286932a3fc715f8),
CONST64(0x68297eaef93f57c6), CONST64(0x79ad986a5f4c3513), CONST64(0x123a30141e180a06), CONST64(0x1b27281e11140f05),
CONST64(0x613466a4f63352c5), CONST64(0x77bb886655443311), CONST64(0x58069f2fb6c19977), CONST64(0x6943c71591ed847c),
CONST64(0x7b79f7018ff58e7a), CONST64(0x756fe70d85fd8878), CONST64(0x82f7adb4eed85a36), CONST64(0x54c4e0486c70241c),
CONST64(0xaf9ed596dde44b39), CONST64(0x9219f2cb2079eb59), CONST64(0x48e8c05078602818), CONST64(0xbf708ae91345fa56),
CONST64(0x3e39f18d45f6c8b3), CONST64(0x3724e9874afacdb0), CONST64(0xfc513dd8b4906c24), CONST64(0xe07d1dc0a0806020),
CONST64(0x3932f98b40f2cbb2), CONST64(0xd94fe44be072ab92), CONST64(0x4e8971ed15b6f8a3), CONST64(0x7a134ebae7275dc0),
CONST64(0xc1d61a85490dcc44), CONST64(0x33913751f795a662), CONST64(0x70b0806050403010), CONST64(0x2b08c99f5eeac1b4),
CONST64(0xbbc5543fae2a9184), CONST64(0xd4e722975211c543), CONST64(0xde44ec4de576a893), CONST64(0x74055eb6ed2f5bc2),
CONST64(0xebb46aa17f35de4a), CONST64(0x145b81a973cedabd), CONST64(0x8a800c0589068c8f), CONST64(0xc30275ee99b4772d),
CONST64(0x135089af76cad9bc), CONST64(0xf32d946fd64ab99c), CONST64(0x0bc97761dfb5be6a), CONST64(0xddfa3a9d5d1dc040),
CONST64(0x577a3698d41b4ccf), CONST64(0x498279eb10b2fba2), CONST64(0xa7e97427ba3a9d80), CONST64(0xf09342bf6e21d14f),
CONST64(0x5dd9f842637c211f), CONST64(0x4c5d1e86c50f43ca), CONST64(0x71da39db3892e3aa), CONST64(0xd3ec2a915715c642),
};
static const ulong64 c[R + 1] = {
CONST64(0xba542f7453d3d24d),
CONST64(0x50ac8dbf70529a4c),
CONST64(0xead597d133515ba6),
CONST64(0xde48a899db32b7fc),
CONST64(0xe39e919be2bb416e),
CONST64(0xa5cb6b95a1f3b102),
CONST64(0xccc41d14c363da5d),
CONST64(0x5fdc7dcd7f5a6c5c),
CONST64(0xf726ffede89d6f8e),
};
/**
Initialize the Khazad block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int khazad_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int r;
const ulong64 *S;
ulong64 K2, K1;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (keylen != 16) {
return CRYPT_INVALID_KEYSIZE;
}
if (num_rounds != 8 && num_rounds != 0) {
return CRYPT_INVALID_ROUNDS;
}
/* use 7th table */
S = T7;
/*
* map unsigned char array cipher key to initial key state (mu):
*/
K2 =
((ulong64)key[ 0] << 56) ^
((ulong64)key[ 1] << 48) ^
((ulong64)key[ 2] << 40) ^
((ulong64)key[ 3] << 32) ^
((ulong64)key[ 4] << 24) ^
((ulong64)key[ 5] << 16) ^
((ulong64)key[ 6] << 8) ^
((ulong64)key[ 7] );
K1 =
((ulong64)key[ 8] << 56) ^
((ulong64)key[ 9] << 48) ^
((ulong64)key[10] << 40) ^
((ulong64)key[11] << 32) ^
((ulong64)key[12] << 24) ^
((ulong64)key[13] << 16) ^
((ulong64)key[14] << 8) ^
((ulong64)key[15] );
/*
* compute the round keys:
*/
for (r = 0; r <= R; r++) {
/*
* K[r] = rho(c[r], K1) ^ K2;
*/
skey->khazad.roundKeyEnc[r] =
T0[(int)(K1 >> 56) ] ^
T1[(int)(K1 >> 48) & 0xff] ^
T2[(int)(K1 >> 40) & 0xff] ^
T3[(int)(K1 >> 32) & 0xff] ^
T4[(int)(K1 >> 24) & 0xff] ^
T5[(int)(K1 >> 16) & 0xff] ^
T6[(int)(K1 >> 8) & 0xff] ^
T7[(int)(K1 ) & 0xff] ^
c[r] ^ K2;
K2 = K1; K1 = skey->khazad.roundKeyEnc[r];
}
/*
* compute the inverse key schedule:
* K'^0 = K^R, K'^R = K^0, K'^r = theta(K^{R-r})
*/
skey->khazad.roundKeyDec[0] = skey->khazad.roundKeyEnc[R];
for (r = 1; r < R; r++) {
K1 = skey->khazad.roundKeyEnc[R - r];
skey->khazad.roundKeyDec[r] =
T0[(int)S[(int)(K1 >> 56) ] & 0xff] ^
T1[(int)S[(int)(K1 >> 48) & 0xff] & 0xff] ^
T2[(int)S[(int)(K1 >> 40) & 0xff] & 0xff] ^
T3[(int)S[(int)(K1 >> 32) & 0xff] & 0xff] ^
T4[(int)S[(int)(K1 >> 24) & 0xff] & 0xff] ^
T5[(int)S[(int)(K1 >> 16) & 0xff] & 0xff] ^
T6[(int)S[(int)(K1 >> 8) & 0xff] & 0xff] ^
T7[(int)S[(int)(K1 ) & 0xff] & 0xff];
}
skey->khazad.roundKeyDec[R] = skey->khazad.roundKeyEnc[0];
return CRYPT_OK;
}
static void khazad_crypt(const unsigned char *plaintext, unsigned char *ciphertext,
const ulong64 *roundKey) {
int r;
ulong64 state;
/*
* map plaintext block to cipher state (mu)
* and add initial round key (sigma[K^0]):
*/
state =
((ulong64)plaintext[0] << 56) ^
((ulong64)plaintext[1] << 48) ^
((ulong64)plaintext[2] << 40) ^
((ulong64)plaintext[3] << 32) ^
((ulong64)plaintext[4] << 24) ^
((ulong64)plaintext[5] << 16) ^
((ulong64)plaintext[6] << 8) ^
((ulong64)plaintext[7] ) ^
roundKey[0];
/*
* R - 1 full rounds:
*/
for (r = 1; r < R; r++) {
state =
T0[(int)(state >> 56) ] ^
T1[(int)(state >> 48) & 0xff] ^
T2[(int)(state >> 40) & 0xff] ^
T3[(int)(state >> 32) & 0xff] ^
T4[(int)(state >> 24) & 0xff] ^
T5[(int)(state >> 16) & 0xff] ^
T6[(int)(state >> 8) & 0xff] ^
T7[(int)(state ) & 0xff] ^
roundKey[r];
}
/*
* last round:
*/
state =
(T0[(int)(state >> 56) ] & CONST64(0xff00000000000000)) ^
(T1[(int)(state >> 48) & 0xff] & CONST64(0x00ff000000000000)) ^
(T2[(int)(state >> 40) & 0xff] & CONST64(0x0000ff0000000000)) ^
(T3[(int)(state >> 32) & 0xff] & CONST64(0x000000ff00000000)) ^
(T4[(int)(state >> 24) & 0xff] & CONST64(0x00000000ff000000)) ^
(T5[(int)(state >> 16) & 0xff] & CONST64(0x0000000000ff0000)) ^
(T6[(int)(state >> 8) & 0xff] & CONST64(0x000000000000ff00)) ^
(T7[(int)(state ) & 0xff] & CONST64(0x00000000000000ff)) ^
roundKey[R];
/*
* map cipher state to ciphertext block (mu^{-1}):
*/
ciphertext[0] = (unsigned char)(state >> 56);
ciphertext[1] = (unsigned char)(state >> 48);
ciphertext[2] = (unsigned char)(state >> 40);
ciphertext[3] = (unsigned char)(state >> 32);
ciphertext[4] = (unsigned char)(state >> 24);
ciphertext[5] = (unsigned char)(state >> 16);
ciphertext[6] = (unsigned char)(state >> 8);
ciphertext[7] = (unsigned char)(state );
}
/**
Encrypts a block of text with Khazad
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
void khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
khazad_crypt(pt, ct, skey->khazad.roundKeyEnc);
}
/**
Decrypts a block of text with Khazad
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
void khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
khazad_crypt(ct, pt, skey->khazad.roundKeyDec);
}
/**
Performs a self-test of the Khazad block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int khazad_test(void)
{
#ifndef LTC_TEST
return CRYPT_NOP;
#else
static const struct test {
unsigned char pt[8], ct[8], key[16];
} tests[] = {
{
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x49, 0xA4, 0xCE, 0x32, 0xAC, 0x19, 0x0E, 0x3F },
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
}, {
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x64, 0x5D, 0x77, 0x3E, 0x40, 0xAB, 0xDD, 0x53 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
}, {
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
{ 0x9E, 0x39, 0x98, 0x64, 0xF7, 0x8E, 0xCA, 0x02 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
}, {
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
{ 0xA9, 0xDF, 0x3D, 0x2C, 0x64, 0xD3, 0xEA, 0x28 },
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
}
};
int x, y;
unsigned char buf[2][8];
symmetric_key skey;
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
khazad_setup(tests[x].key, 16, 0, &skey);
khazad_ecb_encrypt(tests[x].pt, buf[0], &skey);
khazad_ecb_decrypt(buf[0], buf[1], &skey);
if (memcmp(buf[0], tests[x].ct, 8) || memcmp(buf[1], tests[x].pt, 8)) {
return CRYPT_FAIL_TESTVECTOR;
}
for (y = 0; y < 1000; y++) khazad_ecb_encrypt(buf[0], buf[0], &skey);
for (y = 0; y < 1000; y++) khazad_ecb_decrypt(buf[0], buf[0], &skey);
if (memcmp(buf[0], tests[x].ct, 8)) {
return CRYPT_FAIL_TESTVECTOR;
}
}
return CRYPT_OK;
#endif
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int khazad_keysize(int *keysize)
{
LTC_ARGCHK(keysize != NULL);
if (*keysize >= 16) {
*keysize = 16;
return CRYPT_OK;
} else {
return CRYPT_INVALID_KEYSIZE;
}
}
#endif

106
noekeon.c → src/ciphers/noekeon.c
View File

@ -8,12 +8,15 @@
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Implementation of the Noekeon block cipher by Tom St Denis */
#include "mycrypt.h"
/**
@file noekeon.c
Implementation of the Noekeon block cipher by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef NOEKEON
const struct _cipher_descriptor noekeon_desc =
const struct ltc_cipher_descriptor noekeon_desc =
{
"noekeon",
16,
@ -34,15 +37,15 @@ static const ulong32 RC[] = {
};
#define kTHETA(a, b, c, d) \
temp = a^c; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
temp = a^c; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
b ^= temp; d ^= temp; \
temp = b^d; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
temp = b^d; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
a ^= temp; c ^= temp;
#define THETA(k, a, b, c, d) \
temp = a^c; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
temp = a^c; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
b ^= temp ^ k[1]; d ^= temp ^ k[3]; \
temp = b^d; temp = temp ^ ROL(temp, 8) ^ ROR(temp, 8); \
temp = b^d; temp = temp ^ ROLc(temp, 8) ^ RORc(temp, 8); \
a ^= temp ^ k[0]; c ^= temp ^ k[2];
#define GAMMA(a, b, c, d) \
@ -54,17 +57,25 @@ static const ulong32 RC[] = {
a ^= c&b;
#define PI1(a, b, c, d) \
a = ROL(a, 1); c = ROL(c, 5); d = ROL(d, 2);
a = ROLc(a, 1); c = ROLc(c, 5); d = ROLc(d, 2);
#define PI2(a, b, c, d) \
a = ROR(a, 1); c = ROR(c, 5); d = ROR(d, 2);
a = RORc(a, 1); c = RORc(c, 5); d = RORc(d, 2);
/**
Initialize the Noekeon block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
ulong32 temp;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (keylen != 16) {
return CRYPT_INVALID_KEYSIZE;
@ -89,25 +100,31 @@ int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
return CRYPT_OK;
}
#ifdef CLEAN_STACK
static void _noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with Noekeon
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,temp;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32H(a,&pt[0]); LOAD32H(b,&pt[4]);
LOAD32H(c,&pt[8]); LOAD32H(d,&pt[12]);
#define ROUND(i) \
a ^= RC[i]; \
THETA(key->noekeon.K, a,b,c,d); \
THETA(skey->noekeon.K, a,b,c,d); \
PI1(a,b,c,d); \
GAMMA(a,b,c,d); \
PI2(a,b,c,d);
@ -119,39 +136,45 @@ void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
#undef ROUND
a ^= RC[16];
THETA(key->noekeon.K, a, b, c, d);
THETA(skey->noekeon.K, a, b, c, d);
STORE32H(a,&ct[0]); STORE32H(b,&ct[4]);
STORE32H(c,&ct[8]); STORE32H(d,&ct[12]);
}
#ifdef CLEAN_STACK
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_noekeon_ecb_encrypt(pt, ct, key);
_noekeon_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 5 + sizeof(int));
}
#endif
#ifdef CLEAN_STACK
static void _noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with Noekeon
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d, temp;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32H(a,&ct[0]); LOAD32H(b,&ct[4]);
LOAD32H(c,&ct[8]); LOAD32H(d,&ct[12]);
#define ROUND(i) \
THETA(key->noekeon.dK, a,b,c,d); \
THETA(skey->noekeon.dK, a,b,c,d); \
a ^= RC[i]; \
PI1(a,b,c,d); \
GAMMA(a,b,c,d); \
@ -163,20 +186,24 @@ void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
#undef ROUND
THETA(key->noekeon.dK, a,b,c,d);
THETA(skey->noekeon.dK, a,b,c,d);
a ^= RC[0];
STORE32H(a,&pt[0]); STORE32H(b, &pt[4]);
STORE32H(c,&pt[8]); STORE32H(d, &pt[12]);
}
#ifdef CLEAN_STACK
void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_noekeon_ecb_decrypt(ct, pt, key);
_noekeon_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 5 + sizeof(int));
}
#endif
/**
Performs a self-test of the Noekeon block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int noekeon_test(void)
{
#ifndef LTC_TEST
@ -236,13 +263,18 @@ int noekeon_test(void)
#endif
}
int noekeon_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int noekeon_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 16) {
LTC_ARGCHK(keysize != NULL);
if (*keysize < 16) {
return CRYPT_INVALID_KEYSIZE;
} else {
*desired_keysize = 16;
*keysize = 16;
return CRYPT_OK;
}
}

146
rc2.c → src/ciphers/rc2.c
View File

@ -18,12 +18,16 @@
* Thanks to CodeView, SoftIce, and D86 for helping bring this code to *
* the public. *
\**********************************************************************/
#include <tomcrypt.h>
#include <mycrypt.h>
/**
@file rc2.c
Implementation of RC2
*/
#ifdef RC2
const struct _cipher_descriptor rc2_desc = {
const struct ltc_cipher_descriptor rc2_desc = {
"rc2",
12, 8, 128, 8, 16,
&rc2_setup,
@ -53,21 +57,29 @@ static const unsigned char permute[256] = {
197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173
};
int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *skey)
/**
Initialize the RC2 block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
unsigned *xkey = skey->rc2.xkey;
unsigned char tmp[128];
unsigned T8, TM;
int i, bits;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (keylen < 8 || keylen > 128) {
return CRYPT_INVALID_KEYSIZE;
}
if (rounds != 0 && rounds != 16) {
if (num_rounds != 0 && num_rounds != 16) {
return CRYPT_INVALID_ROUNDS;
}
@ -96,7 +108,7 @@ int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *s
xkey[i] = (unsigned)tmp[2*i] + ((unsigned)tmp[2*i+1] << 8);
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(tmp, sizeof(tmp));
#endif
@ -106,29 +118,35 @@ int rc2_setup(const unsigned char *key, int keylen, int rounds, symmetric_key *s
/**********************************************************************\
* Encrypt an 8-byte block of plaintext using the given key. *
\**********************************************************************/
#ifdef CLEAN_STACK
static void _rc2_ecb_encrypt( const unsigned char *plain,
unsigned char *cipher,
/**
Encrypts a block of text with RC2
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc2_ecb_encrypt( const unsigned char *pt,
unsigned char *ct,
symmetric_key *skey)
#else
void rc2_ecb_encrypt( const unsigned char *plain,
unsigned char *cipher,
void rc2_ecb_encrypt( const unsigned char *pt,
unsigned char *ct,
symmetric_key *skey)
#endif
{
unsigned *xkey;
unsigned x76, x54, x32, x10, i;
_ARGCHK(plain != NULL);
_ARGCHK(cipher != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
xkey = skey->rc2.xkey;
x76 = ((unsigned)plain[7] << 8) + (unsigned)plain[6];
x54 = ((unsigned)plain[5] << 8) + (unsigned)plain[4];
x32 = ((unsigned)plain[3] << 8) + (unsigned)plain[2];
x10 = ((unsigned)plain[1] << 8) + (unsigned)plain[0];
x76 = ((unsigned)pt[7] << 8) + (unsigned)pt[6];
x54 = ((unsigned)pt[5] << 8) + (unsigned)pt[4];
x32 = ((unsigned)pt[3] << 8) + (unsigned)pt[2];
x10 = ((unsigned)pt[1] << 8) + (unsigned)pt[0];
for (i = 0; i < 16; i++) {
x10 = (x10 + (x32 & ~x76) + (x54 & x76) + xkey[4*i+0]) & 0xFFFF;
@ -151,22 +169,22 @@ void rc2_ecb_encrypt( const unsigned char *plain,
}
}
cipher[0] = (unsigned char)x10;
cipher[1] = (unsigned char)(x10 >> 8);
cipher[2] = (unsigned char)x32;
cipher[3] = (unsigned char)(x32 >> 8);
cipher[4] = (unsigned char)x54;
cipher[5] = (unsigned char)(x54 >> 8);
cipher[6] = (unsigned char)x76;
cipher[7] = (unsigned char)(x76 >> 8);
ct[0] = (unsigned char)x10;
ct[1] = (unsigned char)(x10 >> 8);
ct[2] = (unsigned char)x32;
ct[3] = (unsigned char)(x32 >> 8);
ct[4] = (unsigned char)x54;
ct[5] = (unsigned char)(x54 >> 8);
ct[6] = (unsigned char)x76;
ct[7] = (unsigned char)(x76 >> 8);
}
#ifdef CLEAN_STACK
void rc2_ecb_encrypt( const unsigned char *plain,
unsigned char *cipher,
#ifdef LTC_CLEAN_STACK
void rc2_ecb_encrypt( const unsigned char *pt,
unsigned char *ct,
symmetric_key *skey)
{
_rc2_ecb_encrypt(plain, cipher, skey);
_rc2_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 5);
}
#endif
@ -174,14 +192,19 @@ void rc2_ecb_encrypt( const unsigned char *plain,
/**********************************************************************\
* Decrypt an 8-byte block of ciphertext using the given key. *
\**********************************************************************/
#ifdef CLEAN_STACK
static void _rc2_ecb_decrypt( const unsigned char *cipher,
unsigned char *plain,
/**
Decrypts a block of text with RC2
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc2_ecb_decrypt( const unsigned char *ct,
unsigned char *pt,
symmetric_key *skey)
#else
void rc2_ecb_decrypt( const unsigned char *cipher,
unsigned char *plain,
void rc2_ecb_decrypt( const unsigned char *ct,
unsigned char *pt,
symmetric_key *skey)
#endif
{
@ -189,16 +212,16 @@ void rc2_ecb_decrypt( const unsigned char *cipher,
unsigned *xkey;
int i;
_ARGCHK(plain != NULL);
_ARGCHK(cipher != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
xkey = skey->rc2.xkey;
x76 = ((unsigned)cipher[7] << 8) + (unsigned)cipher[6];
x54 = ((unsigned)cipher[5] << 8) + (unsigned)cipher[4];
x32 = ((unsigned)cipher[3] << 8) + (unsigned)cipher[2];
x10 = ((unsigned)cipher[1] << 8) + (unsigned)cipher[0];
x76 = ((unsigned)ct[7] << 8) + (unsigned)ct[6];
x54 = ((unsigned)ct[5] << 8) + (unsigned)ct[4];
x32 = ((unsigned)ct[3] << 8) + (unsigned)ct[2];
x10 = ((unsigned)ct[1] << 8) + (unsigned)ct[0];
for (i = 15; i >= 0; i--) {
if (i == 4 || i == 10) {
@ -221,26 +244,30 @@ void rc2_ecb_decrypt( const unsigned char *cipher,
x10 = (x10 - ((x32 & ~x76) + (x54 & x76) + xkey[4*i+0])) & 0xFFFF;
}
plain[0] = (unsigned char)x10;
plain[1] = (unsigned char)(x10 >> 8);
plain[2] = (unsigned char)x32;
plain[3] = (unsigned char)(x32 >> 8);
plain[4] = (unsigned char)x54;
plain[5] = (unsigned char)(x54 >> 8);
plain[6] = (unsigned char)x76;
plain[7] = (unsigned char)(x76 >> 8);
pt[0] = (unsigned char)x10;
pt[1] = (unsigned char)(x10 >> 8);
pt[2] = (unsigned char)x32;
pt[3] = (unsigned char)(x32 >> 8);
pt[4] = (unsigned char)x54;
pt[5] = (unsigned char)(x54 >> 8);
pt[6] = (unsigned char)x76;
pt[7] = (unsigned char)(x76 >> 8);
}
#ifdef CLEAN_STACK
void rc2_ecb_decrypt( const unsigned char *cipher,
unsigned char *plain,
#ifdef LTC_CLEAN_STACK
void rc2_ecb_decrypt( const unsigned char *ct,
unsigned char *pt,
symmetric_key *skey)
{
_rc2_ecb_decrypt(cipher, plain, skey);
_rc2_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 4 + sizeof(int));
}
#endif
/**
Performs a self-test of the RC2 block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int rc2_test(void)
{
#ifndef LTC_TEST
@ -292,9 +319,14 @@ int rc2_test(void)
#endif
}
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int rc2_keysize(int *keysize)
{
_ARGCHK(keysize != NULL);
LTC_ARGCHK(keysize != NULL);
if (*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
} else if (*keysize > 128) {

118
rc5.c → src/ciphers/rc5.c
View File

@ -9,13 +9,16 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* RC5 code by Tom St Denis */
/**
@file rc5.c
RC5 code by Tom St Denis
*/
#include "mycrypt.h"
#include "tomcrypt.h"
#ifdef RC5
const struct _cipher_descriptor rc5_desc =
const struct ltc_cipher_descriptor rc5_desc =
{
"rc5",
2,
@ -37,7 +40,15 @@ static const ulong32 stab[50] = {
0x62482413UL, 0x007f9dccUL
};
#ifdef CLEAN_STACK
/**
Initialize the RC5 block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
static int _rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
#else
int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@ -45,8 +56,8 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
{
ulong32 L[64], *S, A, B, i, j, v, s, t, l;
_ARGCHK(skey != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
/* test parameters */
if (num_rounds == 0) {
@ -87,7 +98,7 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
s = 3 * MAX(t, j);
l = j;
for (A = B = i = j = v = 0; v < s; v++) {
A = S[i] = ROL(S[i] + A + B, 3);
A = S[i] = ROLc(S[i] + A + B, 3);
B = L[j] = ROL(L[j] + A + B, (A+B));
if (++i == t) { i = 0; }
if (++j == l) { j = 0; }
@ -95,7 +106,7 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
return CRYPT_OK;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int x;
@ -105,26 +116,32 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
}
#endif
#ifdef CLEAN_STACK
static void _rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with RC5
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 A, B, *K;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32L(A, &pt[0]);
LOAD32L(B, &pt[4]);
A += key->rc5.K[0];
B += key->rc5.K[1];
K = key->rc5.K + 2;
A += skey->rc5.K[0];
B += skey->rc5.K[1];
K = skey->rc5.K + 2;
if ((key->rc5.rounds & 1) == 0) {
for (r = 0; r < key->rc5.rounds; r += 2) {
if ((skey->rc5.rounds & 1) == 0) {
for (r = 0; r < skey->rc5.rounds; r += 2) {
A = ROL(A ^ B, B) + K[0];
B = ROL(B ^ A, A) + K[1];
A = ROL(A ^ B, B) + K[2];
@ -132,7 +149,7 @@ void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
K += 4;
}
} else {
for (r = 0; r < key->rc5.rounds; r++) {
for (r = 0; r < skey->rc5.rounds; r++) {
A = ROL(A ^ B, B) + K[0];
B = ROL(B ^ A, A) + K[1];
K += 2;
@ -142,33 +159,39 @@ void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
STORE32L(B, &ct[4]);
}
#ifdef CLEAN_STACK
void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_rc5_ecb_encrypt(pt, ct, key);
_rc5_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
}
#endif
#ifdef CLEAN_STACK
static void _rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with RC5
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 A, B, *K;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32L(A, &ct[0]);
LOAD32L(B, &ct[4]);
K = key->rc5.K + (key->rc5.rounds << 1);
K = skey->rc5.K + (skey->rc5.rounds << 1);
if ((key->rc5.rounds & 1) == 0) {
if ((skey->rc5.rounds & 1) == 0) {
K -= 2;
for (r = key->rc5.rounds - 1; r >= 0; r -= 2) {
for (r = skey->rc5.rounds - 1; r >= 0; r -= 2) {
B = ROR(B - K[3], A) ^ A;
A = ROR(A - K[2], B) ^ B;
B = ROR(B - K[1], A) ^ A;
@ -176,26 +199,30 @@ void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
K -= 4;
}
} else {
for (r = key->rc5.rounds - 1; r >= 0; r--) {
for (r = skey->rc5.rounds - 1; r >= 0; r--) {
B = ROR(B - K[1], A) ^ A;
A = ROR(A - K[0], B) ^ B;
K -= 2;
}
}
A -= key->rc5.K[0];
B -= key->rc5.K[1];
A -= skey->rc5.K[0];
B -= skey->rc5.K[1];
STORE32L(A, &pt[0]);
STORE32L(B, &pt[4]);
}
#ifdef CLEAN_STACK
void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_rc5_ecb_decrypt(ct, pt, key);
_rc5_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
}
#endif
/**
Performs a self-test of the RC5 block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int rc5_test(void)
{
#ifndef LTC_TEST
@ -252,13 +279,18 @@ int rc5_test(void)
#endif
}
int rc5_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int rc5_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 8) {
LTC_ARGCHK(keysize != NULL);
if (*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 128) {
*desired_keysize = 128;
} else if (*keysize > 128) {
*keysize = 128;
}
return CRYPT_OK;
}

122
rc6.c → src/ciphers/rc6.c
View File

@ -9,12 +9,15 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* RC6 code by Tom St Denis */
#include "mycrypt.h"
/**
@file rc6.c
RC6 code by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef RC6
const struct _cipher_descriptor rc6_desc =
const struct ltc_cipher_descriptor rc6_desc =
{
"rc6",
3,
@ -34,7 +37,15 @@ static const ulong32 stab[44] = {
0x7ed08883UL, 0x1d08023cUL, 0xbb3f7bf5UL, 0x5976f5aeUL, 0xf7ae6f67UL, 0x95e5e920UL, 0x341d62d9UL, 0xd254dc92UL,
0x708c564bUL, 0x0ec3d004UL, 0xacfb49bdUL, 0x4b32c376UL };
#ifdef CLEAN_STACK
/**
Initialize the RC6 block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
static int _rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
#else
int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@ -42,8 +53,8 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
{
ulong32 L[64], S[50], A, B, i, j, v, s, l;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
/* test parameters */
if (num_rounds != 0 && num_rounds != 20) {
@ -77,7 +88,7 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
s = 3 * MAX(44, j);
l = j;
for (A = B = i = j = v = 0; v < s; v++) {
A = S[i] = ROL(S[i] + A + B, 3);
A = S[i] = ROLc(S[i] + A + B, 3);
B = L[j] = ROL(L[j] + A + B, (A+B));
if (++i == 44) { i = 0; }
if (++j == l) { j = 0; }
@ -90,7 +101,7 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
return CRYPT_OK;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int x;
@ -100,30 +111,36 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
}
#endif
#ifdef CLEAN_STACK
static void _rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with RC6
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,t,u, *K;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32L(a,&pt[0]);LOAD32L(b,&pt[4]);LOAD32L(c,&pt[8]);LOAD32L(d,&pt[12]);
b += key->rc6.K[0];
d += key->rc6.K[1];
b += skey->rc6.K[0];
d += skey->rc6.K[1];
#define RND(a,b,c,d) \
t = (b * (b + b + 1)); t = ROL(t, 5); \
u = (d * (d + d + 1)); u = ROL(u, 5); \
t = (b * (b + b + 1)); t = ROLc(t, 5); \
u = (d * (d + d + 1)); u = ROLc(u, 5); \
a = ROL(a^t,u) + K[0]; \
c = ROL(c^u,t) + K[1]; K += 2;
K = key->rc6.K + 2;
K = skey->rc6.K + 2;
for (r = 0; r < 20; r += 4) {
RND(a,b,c,d);
RND(b,c,d,a);
@ -133,43 +150,49 @@ void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
#undef RND
a += key->rc6.K[42];
c += key->rc6.K[43];
a += skey->rc6.K[42];
c += skey->rc6.K[43];
STORE32L(a,&ct[0]);STORE32L(b,&ct[4]);STORE32L(c,&ct[8]);STORE32L(d,&ct[12]);
}
#ifdef CLEAN_STACK
void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_rc6_ecb_encrypt(pt, ct, key);
_rc6_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 6 + sizeof(int));
}
#endif
#ifdef CLEAN_STACK
static void _rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with RC6
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,t,u, *K;
int r;
_ARGCHK(key != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LOAD32L(a,&ct[0]);LOAD32L(b,&ct[4]);LOAD32L(c,&ct[8]);LOAD32L(d,&ct[12]);
a -= key->rc6.K[42];
c -= key->rc6.K[43];
a -= skey->rc6.K[42];
c -= skey->rc6.K[43];
#define RND(a,b,c,d) \
t = (b * (b + b + 1)); t = ROL(t, 5); \
u = (d * (d + d + 1)); u = ROL(u, 5); \
t = (b * (b + b + 1)); t = ROLc(t, 5); \
u = (d * (d + d + 1)); u = ROLc(u, 5); \
c = ROR(c - K[1], t) ^ u; \
a = ROR(a - K[0], u) ^ t; K -= 2;
K = key->rc6.K + 40;
K = skey->rc6.K + 40;
for (r = 0; r < 20; r += 4) {
RND(d,a,b,c);
@ -180,19 +203,23 @@ void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
#undef RND
b -= key->rc6.K[0];
d -= key->rc6.K[1];
b -= skey->rc6.K[0];
d -= skey->rc6.K[1];
STORE32L(a,&pt[0]);STORE32L(b,&pt[4]);STORE32L(c,&pt[8]);STORE32L(d,&pt[12]);
}
#ifdef CLEAN_STACK
void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_rc6_ecb_decrypt(ct, pt, key);
_rc6_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 6 + sizeof(int));
}
#endif
/**
Performs a self-test of the RC6 block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int rc6_test(void)
{
#ifndef LTC_TEST
@ -282,13 +309,18 @@ int rc6_test(void)
#endif
}
int rc6_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int rc6_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 8) {
LTC_ARGCHK(keysize != NULL);
if (*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 128) {
*desired_keysize = 128;
} else if (*keysize > 128) {
*keysize = 128;
}
return CRYPT_OK;
}

50
safer.c → src/ciphers/safer/safer.c
View File

@ -28,11 +28,11 @@
*
*******************************************************************************/
#include <mycrypt.h>
#include <tomcrypt.h>
#ifdef SAFER
const struct _cipher_descriptor
const struct ltc_cipher_descriptor
safer_k64_desc = {
"safer-k64",
8, 8, 8, 8, SAFER_K64_DEFAULT_NOF_ROUNDS,
@ -89,7 +89,7 @@ const struct _cipher_descriptor
/******************* Types ****************************************************/
extern const unsigned char safer_ebox[], safer_lbox[];
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void _Safer_Expand_Userkey(const unsigned char *userkey_1,
const unsigned char *userkey_2,
unsigned int nof_rounds,
@ -151,13 +151,13 @@ static void Safer_Expand_Userkey(const unsigned char *userkey_1,
}
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(ka, sizeof(ka));
zeromem(kb, sizeof(kb));
#endif
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void Safer_Expand_Userkey(const unsigned char *userkey_1,
const unsigned char *userkey_2,
unsigned int nof_rounds,
@ -171,8 +171,8 @@ static void Safer_Expand_Userkey(const unsigned char *userkey_1,
int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
return CRYPT_INVALID_ROUNDS;
@ -188,8 +188,8 @@ int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetr
int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
return CRYPT_INVALID_ROUNDS;
@ -205,8 +205,8 @@ int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmet
int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
return CRYPT_INVALID_ROUNDS;
@ -222,8 +222,8 @@ int safer_k128_setup(const unsigned char *key, int keylen, int numrounds, symmet
int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey)
{
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (numrounds != 0 && (numrounds < 6 || numrounds > SAFER_MAX_NOF_ROUNDS)) {
return CRYPT_INVALID_ROUNDS;
@ -237,7 +237,7 @@ int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symme
return CRYPT_OK;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void _safer_ecb_encrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
@ -250,9 +250,9 @@ void safer_ecb_encrypt(const unsigned char *block_in,
unsigned int round;
unsigned char *key;
_ARGCHK(block_in != NULL);
_ARGCHK(block_out != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(block_in != NULL);
LTC_ARGCHK(block_out != NULL);
LTC_ARGCHK(skey != NULL);
key = skey->safer.key;
a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3];
@ -279,7 +279,7 @@ void safer_ecb_encrypt(const unsigned char *block_in,
block_out[6] = g & 0xFF; block_out[7] = h & 0xFF;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
void safer_ecb_encrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
@ -289,7 +289,7 @@ void safer_ecb_encrypt(const unsigned char *block_in,
}
#endif
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static void _safer_ecb_decrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
@ -302,9 +302,9 @@ void safer_ecb_decrypt(const unsigned char *block_in,
unsigned int round;
unsigned char *key;
_ARGCHK(block_in != NULL);
_ARGCHK(block_out != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(block_in != NULL);
LTC_ARGCHK(block_out != NULL);
LTC_ARGCHK(skey != NULL);
key = skey->safer.key;
a = block_in[0]; b = block_in[1]; c = block_in[2]; d = block_in[3];
@ -332,7 +332,7 @@ void safer_ecb_decrypt(const unsigned char *block_in,
block_out[6] = g & 0xFF; block_out[7] = h & 0xFF;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
void safer_ecb_decrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
@ -344,7 +344,7 @@ void safer_ecb_decrypt(const unsigned char *block_in,
int safer_64_keysize(int *keysize)
{
_ARGCHK(keysize != NULL);
LTC_ARGCHK(keysize != NULL);
if (*keysize < 8) {
return CRYPT_INVALID_KEYSIZE;
} else {
@ -355,7 +355,7 @@ int safer_64_keysize(int *keysize)
int safer_128_keysize(int *keysize)
{
_ARGCHK(keysize != NULL);
LTC_ARGCHK(keysize != NULL);
if (*keysize < 16) {
return CRYPT_INVALID_KEYSIZE;
} else {

7
safer_tab.c → src/ciphers/safer/safer_tab.c
View File

@ -9,7 +9,12 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
/**
@file safer_tab.c
Tables for SAFER block ciphers
*/
#include "tomcrypt.h"
#if defined(SAFERP) || defined(SAFER)

78
saferp.c → src/ciphers/safer/saferp.c
View File

@ -9,12 +9,15 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* SAFER+ Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file saferp.c
SAFER+ Implementation by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef SAFERP
const struct _cipher_descriptor saferp_desc =
const struct ltc_cipher_descriptor saferp_desc =
{
"safer+",
4,
@ -129,7 +132,7 @@ extern const unsigned char safer_ebox[], safer_lbox[];
iSHUF(b2, b); iPHT(b); \
iSHUF(b, b2); iPHT(b2);
#ifdef SMALL_CODE
#ifdef LTC_SMALL_CODE
static void _round(unsigned char *b, int i, symmetric_key *skey)
{
@ -200,14 +203,22 @@ static const unsigned char safer_bias[33][16] = {
{ 53, 72, 156, 81, 47, 59, 85, 227, 192, 159, 216, 211, 243, 141, 177, 255},
{ 62, 220, 134, 119, 215, 166, 17, 251, 244, 186, 146, 145, 100, 131, 241, 51}};
/**
Initialize the SAFER+ block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
unsigned x, y, z;
unsigned char t[33];
static const int rounds[3] = { 8, 12, 16 };
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
/* check arguments */
if (keylen != 16 && keylen != 24 && keylen != 32) {
@ -305,20 +316,26 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric
}
skey->saferp.rounds = 16;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(t, sizeof(t));
#endif
return CRYPT_OK;
}
/**
Encrypts a block of text with SAFER+
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
*/
void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
unsigned char b[16];
int x;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
/* do eight rounds */
for (x = 0; x < 16; x++) {
@ -362,19 +379,25 @@ void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ke
ct[13] = (b[13] + skey->saferp.K[skey->saferp.rounds*2][13]) & 255;
ct[14] = (b[14] + skey->saferp.K[skey->saferp.rounds*2][14]) & 255;
ct[15] = b[15] ^ skey->saferp.K[skey->saferp.rounds*2][15];
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(b, sizeof(b));
#endif
}
/**
Decrypts a block of text with SAFER+
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
*/
void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
unsigned char b[16];
int x;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
/* do eight rounds */
b[0] = ct[0] ^ skey->saferp.K[skey->saferp.rounds*2][0];
@ -418,11 +441,15 @@ void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ke
for (x = 0; x < 16; x++) {
pt[x] = b[x];
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(b, sizeof(b));
#endif
}
/**
Performs a self-test of the SAFER+ block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int saferp_test(void)
{
#ifndef LTC_TEST
@ -489,18 +516,23 @@ int saferp_test(void)
#endif
}
int saferp_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int saferp_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
LTC_ARGCHK(keysize != NULL);
if (*desired_keysize < 16)
if (*keysize < 16)
return CRYPT_INVALID_KEYSIZE;
if (*desired_keysize < 24) {
*desired_keysize = 16;
} else if (*desired_keysize < 32) {
*desired_keysize = 24;
if (*keysize < 24) {
*keysize = 16;
} else if (*keysize < 32) {
*keysize = 24;
} else {
*desired_keysize = 32;
*keysize = 32;
}
return CRYPT_OK;
}

96
skipjack.c → src/ciphers/skipjack.c
View File

@ -9,12 +9,15 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Skipjack Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file skipjack.c
Skipjack Implementation by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef SKIPJACK
const struct _cipher_descriptor skipjack_desc =
const struct ltc_cipher_descriptor skipjack_desc =
{
"skipjack",
17,
@ -51,12 +54,20 @@ static const int keystep[] = { 1, 2, 3, 4, 5, 6, 7, 8, 9, 0 };
/* simple x - 1 (mod 10) in one step */
static const int ikeystep[] = { 9, 0, 1, 2, 3, 4, 5, 6, 7, 8 };
/**
Initialize the Skipjack block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int x;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
if (keylen != 10) {
return CRYPT_INVALID_KEYSIZE;
@ -75,24 +86,24 @@ int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetr
}
#define RULE_A \
tmp = g_func(w1, &kp, key->skipjack.key); \
tmp = g_func(w1, &kp, skey->skipjack.key); \
w1 = tmp ^ w4 ^ x; \
w4 = w3; w3 = w2; \
w2 = tmp;
#define RULE_B \
tmp = g_func(w1, &kp, key->skipjack.key); \
tmp = g_func(w1, &kp, skey->skipjack.key); \
tmp1 = w4; w4 = w3; \
w3 = w1 ^ w2 ^ x; \
w1 = tmp1; w2 = tmp;
#define RULE_A1 \
tmp = w1 ^ w2 ^ x; \
w1 = ig_func(w2, &kp, key->skipjack.key); \
w1 = ig_func(w2, &kp, skey->skipjack.key); \
w2 = w3; w3 = w4; w4 = tmp;
#define RULE_B1 \
tmp = ig_func(w2, &kp, key->skipjack.key); \
tmp = ig_func(w2, &kp, skey->skipjack.key); \
w2 = tmp ^ w3 ^ x; \
w3 = w4; w4 = w1; w1 = tmp;
@ -120,18 +131,24 @@ static unsigned ig_func(unsigned w, int *kp, unsigned char *key)
return ((unsigned)g1<<8)|(unsigned)g2;
}
#ifdef CLEAN_STACK
static void _skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with Skipjack
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
unsigned w1,w2,w3,w4,tmp,tmp1;
int x, kp;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
/* load block */
w1 = ((unsigned)pt[0]<<8)|pt[1];
@ -166,26 +183,32 @@ void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
ct[6] = (w4>>8)&255; ct[7] = w4&255;
}
#ifdef CLEAN_STACK
void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_skipjack_ecb_encrypt(pt, ct, key);
_skipjack_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(unsigned) * 8 + sizeof(int) * 2);
}
#endif
#ifdef CLEAN_STACK
static void _skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with Skipjack
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
unsigned w1,w2,w3,w4,tmp;
int x, kp;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
/* load block */
w1 = ((unsigned)ct[0]<<8)|ct[1];
@ -224,14 +247,18 @@ void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
pt[6] = (w4>>8)&255; pt[7] = w4&255;
}
#ifdef CLEAN_STACK
void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_skipjack_ecb_decrypt(ct, pt, key);
_skipjack_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(unsigned) * 7 + sizeof(int) * 2);
}
#endif
/**
Performs a self-test of the Skipjack block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int skipjack_test(void)
{
#ifndef LTC_TEST
@ -276,13 +303,18 @@ int skipjack_test(void)
#endif
}
int skipjack_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int skipjack_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 10) {
LTC_ARGCHK(keysize != NULL);
if (*keysize < 10) {
return CRYPT_INVALID_KEYSIZE;
} else if (*desired_keysize > 10) {
*desired_keysize = 10;
} else if (*keysize > 10) {
*keysize = 10;
}
return CRYPT_OK;
}

206
twofish.c → src/ciphers/twofish/twofish.c
View File

@ -9,8 +9,11 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* Implementation of Twofish by Tom St Denis */
#include "mycrypt.h"
/**
@file twofish.c
Implementation of Twofish by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef TWOFISH
@ -21,7 +24,7 @@
#endif
#endif
const struct _cipher_descriptor twofish_desc =
const struct ltc_cipher_descriptor twofish_desc =
{
"twofish",
7,
@ -86,7 +89,7 @@ static const unsigned char qbox[2][4][16] = {
};
/* computes S_i[x] */
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static ulong32 _sbox(int i, ulong32 x)
#else
static ulong32 sbox(int i, ulong32 x)
@ -125,7 +128,7 @@ static ulong32 sbox(int i, ulong32 x)
return (ulong32)y;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static ulong32 sbox(int i, ulong32 x)
{
ulong32 y;
@ -133,7 +136,7 @@ static ulong32 sbox(int i, ulong32 x)
burn_stack(sizeof(unsigned char) * 11);
return y;
}
#endif /* CLEAN_STACK */
#endif /* LTC_CLEAN_STACK */
#endif /* TWOFISH_TABLES */
@ -270,10 +273,10 @@ static void h_func(const unsigned char *in, unsigned char *out, unsigned char *M
/* for GCC we don't use pointer aliases */
#if defined(__GNUC__)
#define S1 key->twofish.S[0]
#define S2 key->twofish.S[1]
#define S3 key->twofish.S[2]
#define S4 key->twofish.S[3]
#define S1 skey->twofish.S[0]
#define S2 skey->twofish.S[1]
#define S3 skey->twofish.S[2]
#define S4 skey->twofish.S[3]
#endif
/* the G function */
@ -282,7 +285,7 @@ static void h_func(const unsigned char *in, unsigned char *out, unsigned char *M
#else
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static ulong32 _g_func(ulong32 x, symmetric_key *key)
#else
static ulong32 g_func(ulong32 x, symmetric_key *key)
@ -313,9 +316,9 @@ static ulong32 g_func(ulong32 x, symmetric_key *key)
return res;
}
#define g1_func(x, key) g_func(ROL(x, 8), key)
#define g1_func(x, key) g_func(ROLc(x, 8), key)
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
static ulong32 g_func(ulong32 x, symmetric_key *key)
{
ulong32 y;
@ -323,11 +326,19 @@ static ulong32 g_func(ulong32 x, symmetric_key *key)
burn_stack(sizeof(unsigned char) * 4 + sizeof(ulong32));
return y;
}
#endif /* CLEAN_STACK */
#endif /* LTC_CLEAN_STACK */
#endif /* TWOFISH_SMALL */
#ifdef CLEAN_STACK
/**
Initialize the Twofish block cipher
@param key The symmetric key you wish to pass
@param keylen The key length in bytes
@param num_rounds The number of rounds desired (0 for default)
@param skey The key in as scheduled by this function.
@return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
static int _twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
#else
int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@ -340,8 +351,8 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
unsigned char tmp[4], tmp2[4], M[8*4];
ulong32 A, B;
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
/* invalid arguments? */
if (num_rounds != 16 && num_rounds != 0) {
@ -386,13 +397,13 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
}
h_func(tmp, tmp2, M, k, 1);
LOAD32L(B, tmp2);
B = ROL(B, 8);
B = ROLc(B, 8);
/* K[2i] = A + B */
skey->twofish.K[x+x] = (A + B) & 0xFFFFFFFFUL;
/* K[2i+1] = (A + 2B) <<< 9 */
skey->twofish.K[x+x+1] = ROL(B + B + A, 9);
skey->twofish.K[x+x+1] = ROLc(B + B + A, 9);
}
#ifndef TWOFISH_SMALL
@ -437,7 +448,7 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
return CRYPT_OK;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
{
int x;
@ -447,10 +458,16 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
}
#endif
#ifdef CLEAN_STACK
static void _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with Twofish
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,ta,tb,tc,td,t1,t2, *k;
@ -459,61 +476,67 @@ void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
ulong32 *S1, *S2, *S3, *S4;
#endif
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
#if !defined(TWOFISH_SMALL) && !defined(__GNUC__)
S1 = key->twofish.S[0];
S2 = key->twofish.S[1];
S3 = key->twofish.S[2];
S4 = key->twofish.S[3];
S1 = skey->twofish.S[0];
S2 = skey->twofish.S[1];
S3 = skey->twofish.S[2];
S4 = skey->twofish.S[3];
#endif
LOAD32L(a,&pt[0]); LOAD32L(b,&pt[4]);
LOAD32L(c,&pt[8]); LOAD32L(d,&pt[12]);
a ^= key->twofish.K[0];
b ^= key->twofish.K[1];
c ^= key->twofish.K[2];
d ^= key->twofish.K[3];
a ^= skey->twofish.K[0];
b ^= skey->twofish.K[1];
c ^= skey->twofish.K[2];
d ^= skey->twofish.K[3];
k = key->twofish.K + 8;
k = skey->twofish.K + 8;
for (r = 8; r != 0; --r) {
t2 = g1_func(b, key);
t1 = g_func(a, key) + t2;
c = ROR(c ^ (t1 + k[0]), 1);
d = ROL(d, 1) ^ (t2 + t1 + k[1]);
t2 = g1_func(b, skey);
t1 = g_func(a, skey) + t2;
c = RORc(c ^ (t1 + k[0]), 1);
d = ROLc(d, 1) ^ (t2 + t1 + k[1]);
t2 = g1_func(d, key);
t1 = g_func(c, key) + t2;
a = ROR(a ^ (t1 + k[2]), 1);
b = ROL(b, 1) ^ (t2 + t1 + k[3]);
t2 = g1_func(d, skey);
t1 = g_func(c, skey) + t2;
a = RORc(a ^ (t1 + k[2]), 1);
b = ROLc(b, 1) ^ (t2 + t1 + k[3]);
k += 4;
}
/* output with "undo last swap" */
ta = c ^ key->twofish.K[4];
tb = d ^ key->twofish.K[5];
tc = a ^ key->twofish.K[6];
td = b ^ key->twofish.K[7];
ta = c ^ skey->twofish.K[4];
tb = d ^ skey->twofish.K[5];
tc = a ^ skey->twofish.K[6];
td = b ^ skey->twofish.K[7];
/* store output */
STORE32L(ta,&ct[0]); STORE32L(tb,&ct[4]);
STORE32L(tc,&ct[8]); STORE32L(td,&ct[12]);
}
#ifdef CLEAN_STACK
void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
_twofish_ecb_encrypt(pt, ct, key);
_twofish_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 10 + sizeof(int));
}
#endif
#ifdef CLEAN_STACK
static void _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with Twofish
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
static void _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,ta,tb,tc,td,t1,t2, *k;
@ -522,15 +545,15 @@ void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
ulong32 *S1, *S2, *S3, *S4;
#endif
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
#if !defined(TWOFISH_SMALL) && !defined(__GNUC__)
S1 = key->twofish.S[0];
S2 = key->twofish.S[1];
S3 = key->twofish.S[2];
S4 = key->twofish.S[3];
S1 = skey->twofish.S[0];
S2 = skey->twofish.S[1];
S3 = skey->twofish.S[2];
S4 = skey->twofish.S[3];
#endif
/* load input */
@ -538,44 +561,48 @@ void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
LOAD32L(tc,&ct[8]); LOAD32L(td,&ct[12]);
/* undo undo final swap */
a = tc ^ key->twofish.K[6];
b = td ^ key->twofish.K[7];
c = ta ^ key->twofish.K[4];
d = tb ^ key->twofish.K[5];
a = tc ^ skey->twofish.K[6];
b = td ^ skey->twofish.K[7];
c = ta ^ skey->twofish.K[4];
d = tb ^ skey->twofish.K[5];
k = key->twofish.K + 36;
k = skey->twofish.K + 36;
for (r = 8; r != 0; --r) {
t2 = g1_func(d, key);
t1 = g_func(c, key) + t2;
a = ROL(a, 1) ^ (t1 + k[2]);
b = ROR(b ^ (t2 + t1 + k[3]), 1);
t2 = g1_func(d, skey);
t1 = g_func(c, skey) + t2;
a = ROLc(a, 1) ^ (t1 + k[2]);
b = RORc(b ^ (t2 + t1 + k[3]), 1);
t2 = g1_func(b, key);
t2 = g1_func(b, skey);
t1 = g_func(a, key) + t2;
c = ROL(c, 1) ^ (t1 + k[0]);
d = ROR(d ^ (t2 + t1 + k[1]), 1);
c = ROLc(c, 1) ^ (t1 + k[0]);
d = RORc(d ^ (t2 + t1 + k[1]), 1);
k -= 4;
}
/* pre-white */
a ^= key->twofish.K[0];
b ^= key->twofish.K[1];
c ^= key->twofish.K[2];
d ^= key->twofish.K[3];
a ^= skey->twofish.K[0];
b ^= skey->twofish.K[1];
c ^= skey->twofish.K[2];
d ^= skey->twofish.K[3];
/* store */
STORE32L(a, &pt[0]); STORE32L(b, &pt[4]);
STORE32L(c, &pt[8]); STORE32L(d, &pt[12]);
}
#ifdef CLEAN_STACK
void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
#ifdef LTC_CLEAN_STACK
void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
_twofish_ecb_decrypt(ct, pt, key);
_twofish_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 10 + sizeof(int));
}
#endif
/**
Performs a self-test of the Twofish block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int twofish_test(void)
{
#ifndef LTC_TEST
@ -638,19 +665,24 @@ int twofish_test(void)
#endif
}
int twofish_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int twofish_keysize(int *keysize)
{
_ARGCHK(desired_keysize);
if (*desired_keysize < 16)
LTC_ARGCHK(keysize);
if (*keysize < 16)
return CRYPT_INVALID_KEYSIZE;
if (*desired_keysize < 24) {
*desired_keysize = 16;
if (*keysize < 24) {
*keysize = 16;
return CRYPT_OK;
} else if (*desired_keysize < 32) {
*desired_keysize = 24;
} else if (*keysize < 32) {
*keysize = 24;
return CRYPT_OK;
} else {
*desired_keysize = 32;
*keysize = 32;
return CRYPT_OK;
}
}

4
twofish_tab.c → src/ciphers/twofish/twofish_tab.c
View File

@ -9,6 +9,10 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/**
@file twofish_tab.c
Twofish tables, Tom St Denis
*/
#ifdef TWOFISH_TABLES
/* pre generated 8x8 tables from the four 4x4s */

91
xtea.c → src/ciphers/xtea.c
View File

@ -9,11 +9,15 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
/**
@file xtea.c
Implementation of XTEA, Tom St Denis
*/
#include "tomcrypt.h"
#ifdef XTEA
const struct _cipher_descriptor xtea_desc =
const struct ltc_cipher_descriptor xtea_desc =
{
"xtea",
1,
@ -29,8 +33,8 @@ int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
{
unsigned long x, sum, K[4];
_ARGCHK(key != NULL);
_ARGCHK(skey != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(skey != NULL);
/* check arguments */
if (keylen != 16) {
@ -53,69 +57,85 @@ int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
skey->xtea.B[x] = (sum + K[(sum>>11)&3]) & 0xFFFFFFFFUL;
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(&K, sizeof(K));
#endif
return CRYPT_OK;
}
void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
/**
Encrypts a block of text with XTEA
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
*/
void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
unsigned long y, z;
int r;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32L(y, &pt[0]);
LOAD32L(z, &pt[4]);
for (r = 0; r < 32; r += 4) {
y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r+1])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r+1])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r+1])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r+1])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r+2])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r+2])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r+2])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r+2])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r+3])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r+3])) & 0xFFFFFFFFUL;
y = (y + ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r+3])) & 0xFFFFFFFFUL;
z = (z + ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r+3])) & 0xFFFFFFFFUL;
}
STORE32L(y, &ct[0]);
STORE32L(z, &ct[4]);
}
void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key)
/**
Decrypts a block of text with XTEA
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
*/
void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
unsigned long y, z;
int r;
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
LOAD32L(y, &ct[0]);
LOAD32L(z, &ct[4]);
for (r = 31; r >= 0; r -= 4) {
z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r-1])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r-1])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r-1])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r-1])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r-2])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r-2])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r-2])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r-2])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ key->xtea.B[r-3])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ key->xtea.A[r-3])) & 0xFFFFFFFFUL;
z = (z - ((((y<<4)^(y>>5)) + y) ^ skey->xtea.B[r-3])) & 0xFFFFFFFFUL;
y = (y - ((((z<<4)^(z>>5)) + z) ^ skey->xtea.A[r-3])) & 0xFFFFFFFFUL;
}
STORE32L(y, &pt[0]);
STORE32L(z, &pt[4]);
}
/**
Performs a self-test of the XTEA block cipher
@return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
*/
int xtea_test(void)
{
#ifndef LTC_TEST
@ -152,13 +172,18 @@ int xtea_test(void)
#endif
}
int xtea_keysize(int *desired_keysize)
/**
Gets suitable key size
@param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
@return CRYPT_OK if the input key size is acceptable.
*/
int xtea_keysize(int *keysize)
{
_ARGCHK(desired_keysize != NULL);
if (*desired_keysize < 16) {
LTC_ARGCHK(keysize != NULL);
if (*keysize < 16) {
return CRYPT_INVALID_KEYSIZE;
}
*desired_keysize = 16;
*keysize = 16;
return CRYPT_OK;
}

34
src/encauth/eax/eax_addheader.c Normal file
View File

@ -0,0 +1,34 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/**
@file eax_addheader.c
EAX implementation, add meta-data, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
add header (metadata) to the stream
@param eax The current EAX state
@param header The header (meta-data) data you wish to add to the state
@param length The length of the header data
@return CRYPT_OK if successful
*/
int eax_addheader(eax_state *eax, const unsigned char *header,
unsigned long length)
{
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(header != NULL);
return omac_process(&eax->headeromac, header, length);
}
#endif

24
eax_decrypt.c → src/encauth/eax/eax_decrypt.c
View File

@ -9,18 +9,30 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_decrypt.c
EAX implementation, decrypt block, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length)
/**
Decrypt data with the EAX protocol
@param eax The EAX state
@param ct The ciphertext
@param pt [out] The plaintext
@param length The length (octets) of the ciphertext
@return CRYPT_OK if successful
*/
int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt,
unsigned long length)
{
int err;
_ARGCHK(eax != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
/* omac ciphertext */
if ((err = omac_process(&eax->ctomac, ct, length)) != CRYPT_OK) {

50
eax_decrypt_verify_memory.c → src/encauth/eax/eax_decrypt_verify_memory.c
View File

@ -9,11 +9,31 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_decrypt_verify_memory.c
EAX implementation, decrypt block of memory, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Decrypt a block of memory and verify the provided MAC tag with EAX
@param cipher The index of the cipher desired
@param key The secret key
@param keylen The length of the key (octets)
@param nonce The nonce data (use once) for the session
@param noncelen The length of the nonce data.
@param header The session header data
@param headerlen The length of the header (octets)
@param ct The ciphertext
@param ctlen The length of the ciphertext (octets)
@param pt [out] The plaintext
@param tag The authentication tag provided by the encoder
@param taglen [in/out] The length of the tag (octets)
@param stat [out] The result of the decryption (1==valid tag, 0==invalid)
@return CRYPT_OK if successful regardless of the resulting tag comparison
*/
int eax_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
@ -21,21 +41,25 @@ int eax_decrypt_verify_memory(int cipher,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
unsigned char *tag, unsigned long taglen,
int *res)
int *stat)
{
int err;
eax_state *eax;
unsigned char *buf;
unsigned long buflen;
_ARGCHK(res != NULL);
LTC_ARGCHK(stat != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
/* default to zero */
*res = 0;
*stat = 0;
/* allocate ram */
buf = XMALLOC(taglen);
eax = XMALLOC(sizeof(eax_state));
eax = XMALLOC(sizeof(*eax));
if (eax == NULL || buf == NULL) {
if (eax != NULL) {
XFREE(eax);
@ -47,28 +71,28 @@ int eax_decrypt_verify_memory(int cipher,
}
if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
if ((err = eax_decrypt(eax, ct, pt, ctlen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
buflen = taglen;
if ((err = eax_done(eax, buf, &buflen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* compare tags */
if (buflen >= taglen && memcmp(buf, tag, taglen) == 0) {
*res = 1;
*stat = 1;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(buf, taglen);
zeromem(eax, sizeof(eax_state));
zeromem(eax, sizeof(*eax));
#endif
XFREE(eax);

28
eax_done.c → src/encauth/eax/eax_done.c
View File

@ -9,20 +9,30 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_done.c
EAX implementation, terminate session, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Terminate an EAX session and get the tag.
@param eax The EAX state
@param tag [out] The destination of the authentication tag
@param taglen [in/out] The max length and resulting length of the authentication tag
@return CRYPT_OK if successful
*/
int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
{
int err;
unsigned char *headermac, *ctmac;
unsigned long x, len;
_ARGCHK(eax != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(taglen != NULL);
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
/* allocate ram */
headermac = XMALLOC(MAXBLOCKSIZE);
@ -41,7 +51,7 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
/* finish ctomac */
len = MAXBLOCKSIZE;
if ((err = omac_done(&eax->ctomac, ctmac, &len)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* finish headeromac */
@ -49,7 +59,7 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
/* note we specifically don't reset len so the two lens are minimal */
if ((err = omac_done(&eax->headeromac, headermac, &len)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* compute N xor H xor C */
@ -59,8 +69,8 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
*taglen = x;
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(ctmac, MAXBLOCKSIZE);
zeromem(headermac, MAXBLOCKSIZE);
zeromem(eax, sizeof(*eax));

24
eax_encrypt.c → src/encauth/eax/eax_encrypt.c
View File

@ -9,18 +9,30 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_encrypt.c
EAX implementation, encrypt block by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length)
/**
Encrypt with EAX a block of data.
@param eax The EAX state
@param pt The plaintext to encrypt
@param ct [out] The ciphertext as encrypted
@param length The length of the plaintext (octets)
@return CRYPT_OK if successful
*/
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct,
unsigned long length)
{
int err;
_ARGCHK(eax != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
/* encrypt */
if ((err = ctr_encrypt(pt, ct, length, &eax->ctr)) != CRYPT_OK) {

78
src/encauth/eax/eax_encrypt_authenticate_memory.c Normal file
View File

@ -0,0 +1,78 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/**
@file eax_encrypt_authenticate_memory.c
EAX implementation, encrypt a block of memory, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
EAX encrypt and produce an authentication tag
@param cipher The index of the cipher desired
@param key The secret key to use
@param keylen The length of the secret key (octets)
@param nonce The session nonce [use once]
@param noncelen The length of the nonce
@param header The header for the session
@param headerlen The length of the header (octets)
@param pt The plaintext
@param ptlen The length of the plaintext (octets)
@param ct [out] The ciphertext
@param tag [out] The destination tag
@param taglen [in/out] The max size and resulting size of the authentication tag
@return CRYPT_OK if successful
*/
int eax_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
const unsigned char *pt, unsigned long ptlen,
unsigned char *ct,
unsigned char *tag, unsigned long *taglen)
{
int err;
eax_state *eax;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
eax = XMALLOC(sizeof(*eax));
if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = eax_encrypt(eax, pt, ct, ptlen)) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = eax_done(eax, tag, taglen)) != CRYPT_OK) {
goto LBL_ERR;
}
err = CRYPT_OK;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(eax, sizeof(*eax));
#endif
XFREE(eax);
return err;
}
#endif

60
eax_init.c → src/encauth/eax/eax_init.c
View File

@ -9,13 +9,29 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_init.c
EAX implementation, initialized EAX state, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
/**
Initialized an EAX state
@param eax [out] The EAX state to initialize
@param cipher The index of the desired cipher
@param key The secret key
@param keylen The length of the secret key (octets)
@param nonce The use-once nonce for the session
@param noncelen The length of the nonce (octets)
@param header The header for the EAX state
@param headerlen The header length (octets)
@return CRYPT_OK if successful
*/
int eax_init(eax_state *eax, int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen)
{
unsigned char *buf;
@ -24,11 +40,11 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
unsigned long len;
_ARGCHK(eax != NULL);
_ARGCHK(key != NULL);
_ARGCHK(nonce != NULL);
LTC_ARGCHK(eax != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
if (headerlen > 0) {
_ARGCHK(header != NULL);
LTC_ARGCHK(header != NULL);
}
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
@ -38,7 +54,7 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
/* allocate ram */
buf = XMALLOC(MAXBLOCKSIZE);
omac = XMALLOC(sizeof(omac_state));
omac = XMALLOC(sizeof(*omac));
if (buf == NULL || omac == NULL) {
if (buf != NULL) {
@ -53,21 +69,21 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
/* N = OMAC_0K(nonce) */
zeromem(buf, MAXBLOCKSIZE);
if ((err = omac_init(omac, cipher, key, keylen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* omac the [0]_n */
if ((err = omac_process(omac, buf, blklen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* omac the nonce */
if ((err = omac_process(omac, nonce, noncelen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* store result */
len = sizeof(eax->N);
if ((err = omac_done(omac, eax->N, &len)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* H = OMAC_1K(header) */
@ -75,17 +91,17 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
buf[blklen - 1] = 1;
if ((err = omac_init(&eax->headeromac, cipher, key, keylen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* omac the [1]_n */
if ((err = omac_process(&eax->headeromac, buf, blklen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* omac the header */
if (headerlen != 0) {
if ((err = omac_process(&eax->headeromac, header, headerlen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
}
@ -93,28 +109,28 @@ int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long
/* setup the CTR mode */
if ((err = ctr_start(cipher, eax->N, key, keylen, 0, &eax->ctr)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* use big-endian counter */
eax->ctr.mode = 1;
/* setup the OMAC for the ciphertext */
if ((err = omac_init(&eax->ctomac, cipher, key, keylen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
/* omac [2]_n */
zeromem(buf, MAXBLOCKSIZE);
buf[blklen-1] = 2;
if ((err = omac_process(&eax->ctomac, buf, blklen)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(buf, MAXBLOCKSIZE);
zeromem(omac, sizeof(omac_state));
zeromem(omac, sizeof(*omac));
#endif
XFREE(omac);

11
eax_test.c → src/encauth/eax/eax_test.c
View File

@ -9,11 +9,18 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* EAX Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file eax_test.c
EAX implementation, self-test, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef EAX_MODE
/**
Test the EAX implementation
@return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
*/
int eax_test(void)
{
#ifndef LTC_TEST

24
ocb_decrypt.c → src/encauth/ocb/ocb_decrypt.c
View File

@ -9,25 +9,35 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file ocb_decrypt.c
OCB implementation, decrypt data, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Decrypt a block with OCB.
@param ocb The OCB state
@param ct The ciphertext (length of the block size of the block cipher)
@param pt [out] The plaintext (length of ct)
@return CRYPT_OK if successful
*/
int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt)
{
unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
int err, x;
_ARGCHK(ocb != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
/* check if valid cipher */
if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
return err;
}
_ARGCHK(cipher_descriptor[ocb->cipher].ecb_decrypt != NULL);
LTC_ARGCHK(cipher_descriptor[ocb->cipher].ecb_decrypt != NULL);
/* check length */
if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
@ -52,7 +62,7 @@ int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt)
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(Z, sizeof(Z));
zeromem(tmp, sizeof(tmp));
#endif

82
src/encauth/ocb/ocb_decrypt_verify_memory.c Normal file
View File

@ -0,0 +1,82 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/**
@file ocb_decrypt_verify_memory.c
OCB implementation, helper to decrypt block of memory, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Decrypt and compare the tag with OCB.
@param cipher The index of the cipher desired
@param key The secret key
@param keylen The length of the secret key (octets)
@param nonce The session nonce (length of the block size of the block cipher)
@param ct The ciphertext
@param ctlen The length of the ciphertext (octets)
@param pt [out] The plaintext
@param tag The tag to compare against
@param taglen The length of the tag (octets)
@param stat [out] The result of the tag comparison (1==valid, 0==invalid)
@return CRYPT_OK if successful regardless of the tag comparison
*/
int ocb_decrypt_verify_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
const unsigned char *tag, unsigned long taglen,
int *stat)
{
int err;
ocb_state *ocb;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(stat != NULL);
/* allocate memory */
ocb = XMALLOC(sizeof(ocb_state));
if (ocb == NULL) {
return CRYPT_MEM;
}
if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
goto LBL_ERR;
}
while (ctlen > (unsigned long)ocb->block_len) {
if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) {
goto LBL_ERR;
}
ctlen -= ocb->block_len;
pt += ocb->block_len;
ct += ocb->block_len;
}
err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, stat);
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(ocb, sizeof(ocb_state));
#endif
XFREE(ocb);
return err;
}
#endif

42
ocb_done_decrypt.c → src/encauth/ocb/ocb_done_decrypt.c
View File

@ -9,28 +9,42 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file ocb_done_decrypt.c
OCB implementation, terminate decryption, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Terminate a decrypting OCB state
@param ocb The OCB state
@param ct The ciphertext (if any)
@param ctlen The length of the ciphertext (octets)
@param pt [out] The plaintext
@param tag The authentication tag (to compare against)
@param taglen The length of the authentication tag provided
@param stat [out] The result of the tag comparison
@return CRYPT_OK if the process was successful regardless if the tag is valid
*/
int ocb_done_decrypt(ocb_state *ocb,
const unsigned char *ct, unsigned long ctlen,
unsigned char *pt,
const unsigned char *tag, unsigned long taglen, int *res)
const unsigned char *tag, unsigned long taglen, int *stat)
{
int err;
unsigned char *tagbuf;
unsigned long tagbuflen;
_ARGCHK(ocb != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(res != NULL);
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(stat != NULL);
/* default to failed */
*res = 0;
*stat = 0;
/* allocate memory */
tagbuf = XMALLOC(MAXBLOCKSIZE);
@ -39,17 +53,17 @@ int ocb_done_decrypt(ocb_state *ocb,
}
tagbuflen = MAXBLOCKSIZE;
if ((err = __ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) {
goto __ERR;
if ((err = s_ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) {
goto LBL_ERR;
}
if (taglen <= tagbuflen && memcmp(tagbuf, tag, taglen) == 0) {
*res = 1;
*stat = 1;
}
err = CRYPT_OK;
__ERR:
#ifdef CLEAN_STACK
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(tagbuf, MAXBLOCKSIZE);
#endif

42
src/encauth/ocb/ocb_done_encrypt.c Normal file
View File

@ -0,0 +1,42 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/**
@file ocb_done_encrypt.c
OCB implementation, terminate encryption, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Terminate an encryption OCB state
@param ocb The OCB state
@param pt Remaining plaintext (if any)
@param ptlen The length of the plaintext (octets)
@param ct [out] The ciphertext (if any)
@param tag [out] The tag for the OCB stream
@param taglen [in/out] The max size and resulting size of the tag
@return CRYPT_OK if successful
*/
int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen)
{
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
return s_ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0);
}
#endif

22
ocb_encrypt.c → src/encauth/ocb/ocb_encrypt.c
View File

@ -9,19 +9,29 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file ocb_encrypt.c
OCB implementation, encrypt data, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Encrypt a block of data with OCB.
@param ocb The OCB state
@param pt The plaintext (length of the block size of the block cipher)
@param ct [out] The ciphertext (same size as the pt)
@return CRYPT_OK if successful
*/
int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct)
{
unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
int err, x;
_ARGCHK(ocb != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
return err;
}
@ -46,7 +56,7 @@ int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct)
ct[x] ^= Z[x];
}
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(Z, sizeof(Z));
zeromem(tmp, sizeof(tmp));
#endif

40
ocb_encrypt_authenticate_memory.c → src/encauth/ocb/ocb_encrypt_authenticate_memory.c
View File

@ -9,11 +9,27 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file ocb_encrypt_authenticate_memory.c
OCB implementation, encrypt block of memory, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Encrypt and generate an authentication code for a buffer of memory
@param cipher The index of the cipher desired
@param key The secret key
@param keylen The length of the secret key (octets)
@param nonce The session nonce (length of the block ciphers block size)
@param pt The plaintext
@param ptlen The length of the plaintext (octets)
@param ct [out] The ciphertext
@param tag [out] The authentication tag
@param taglen [in/out] The max size and resulting size of the authentication tag
@return CRYPT_OK if successful
*/
int ocb_encrypt_authenticate_memory(int cipher,
const unsigned char *key, unsigned long keylen,
const unsigned char *nonce,
@ -24,12 +40,12 @@ int ocb_encrypt_authenticate_memory(int cipher,
int err;
ocb_state *ocb;
_ARGCHK(key != NULL);
_ARGCHK(nonce != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(taglen != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
/* allocate ram */
ocb = XMALLOC(sizeof(ocb_state));
@ -38,12 +54,12 @@ int ocb_encrypt_authenticate_memory(int cipher,
}
if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
while (ptlen > (unsigned long)ocb->block_len) {
if ((err = ocb_encrypt(ocb, pt, ct)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
ptlen -= ocb->block_len;
pt += ocb->block_len;
@ -51,8 +67,8 @@ int ocb_encrypt_authenticate_memory(int cipher,
}
err = ocb_done_encrypt(ocb, pt, ptlen, ct, tag, taglen);
__ERR:
#ifdef CLEAN_STACK
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(ocb, sizeof(ocb_state));
#endif

22
ocb_init.c → src/encauth/ocb/ocb_init.c
View File

@ -9,8 +9,11 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file ocb_init.c
OCB implementation, initialize state, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
@ -32,14 +35,23 @@ static const struct {
}
};
/**
Initialize an OCB context.
@param ocb [out] The destination of the OCB state
@param cipher The index of the desired cipher
@param key The secret key
@param keylen The length of the secret key (octets)
@param nonce The session nonce (length of the block size of the cipher)
@return CRYPT_OK if successful
*/
int ocb_init(ocb_state *ocb, int cipher,
const unsigned char *key, unsigned long keylen, const unsigned char *nonce)
{
int poly, x, y, m, err;
_ARGCHK(ocb != NULL);
_ARGCHK(key != NULL);
_ARGCHK(nonce != NULL);
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(nonce != NULL);
/* valid cipher? */
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {

13
ocb_ntz.c → src/encauth/ocb/ocb_ntz.c
View File

@ -9,11 +9,20 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file ocb_ntz.c
OCB implementation, internal function, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Returns the number of leading zero bits [from lsb up]
@param x The 32-bit value to observe
@return The number of bits [from the lsb up] that are zero
*/
int ocb_ntz(unsigned long x)
{
int c;

12
ocb_shift_xor.c → src/encauth/ocb/ocb_shift_xor.c
View File

@ -9,11 +9,19 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file ocb_shift_xor.c
OCB implementation, internal function, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Compute the shift/xor for OCB (internal function)
@param ocb The OCB state
@param Z The destination of the shift
*/
void ocb_shift_xor(ocb_state *ocb, unsigned char *Z)
{
int x, y;

11
ocb_test.c → src/encauth/ocb/ocb_test.c
View File

@ -9,11 +9,18 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file ocb_test.c
OCB implementation, self-test by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
/**
Test the OCB protocol
@return CRYPT_OK if successful
*/
int ocb_test(void)
{
#ifndef LTC_TEST

35
s_ocb_done.c → src/encauth/ocb/s_ocb_done.c
View File

@ -9,8 +9,11 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
/* OCB Implementation by Tom St Denis */
#include "mycrypt.h"
/**
@file s_ocb_done.c
OCB implementation, internal helper, by Tom St Denis
*/
#include "tomcrypt.h"
#ifdef OCB_MODE
@ -21,18 +24,30 @@
*
* the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it...
*/
int __ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode)
/**
Shared code to finish an OCB stream
@param ocb The OCB state
@param pt The remaining plaintext [or input]
@param ptlen The length of the input (octets)
@param ct [out] The output buffer
@param tag [out] The destination for the authentication tag
@param taglen [in/out] The max size and resulting size of the authentication tag
@param mode The mode we are terminating, 0==encrypt, 1==decrypt
@return CRYPT_OK if successful
*/
int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode)
{
unsigned char *Z, *Y, *X;
int err, x;
_ARGCHK(ocb != NULL);
_ARGCHK(pt != NULL);
_ARGCHK(ct != NULL);
_ARGCHK(tag != NULL);
_ARGCHK(taglen != NULL);
LTC_ARGCHK(ocb != NULL);
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(tag != NULL);
LTC_ARGCHK(taglen != NULL);
if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
return err;
}
@ -106,7 +121,7 @@ int __ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
}
*taglen = x;
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(X, MAXBLOCKSIZE);
zeromem(Y, MAXBLOCKSIZE);
zeromem(Z, MAXBLOCKSIZE);

64
chc.c → src/hashes/chc/chc.c
View File

@ -9,7 +9,12 @@
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#include "tomcrypt.h"
/**
@file chc.c
CHC support. (Tom St Denis)
*/
#ifdef CHC_HASH
@ -20,7 +25,7 @@ static int cipher_idx=UNDEFED_HASH, /* which cipher */
cipher_blocksize; /* blocksize of cipher */
const struct _hash_descriptor chc_desc = {
const struct ltc_hash_descriptor chc_desc = {
"chc_hash", 12, 0, 0, { 0 }, 0,
&chc_init,
&chc_process,
@ -28,7 +33,11 @@ const struct _hash_descriptor chc_desc = {
&chc_test
};
/* initialize the CHC state with a given cipher */
/**
Initialize the CHC state with a given cipher
@param cipher The index of the cipher you wish to bind
@return CRYPT_OK if successful
*/
int chc_register(int cipher)
{
int err, kl, idx;
@ -69,14 +78,18 @@ int chc_register(int cipher)
return CRYPT_OK;
}
/* "hash init" is simply encrypt 0 with the 0 key. Simple way to make an IV */
/**
Initialize the hash state
@param md The hash state you wish to initialize
@return CRYPT_OK if successful
*/
int chc_init(hash_state *md)
{
symmetric_key *key;
unsigned char buf[MAXBLOCKSIZE];
int err;
_ARGCHK(md != NULL);
LTC_ARGCHK(md != NULL);
/* is the cipher valid? */
if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
@ -134,21 +147,30 @@ static int chc_compress(hash_state *md, unsigned char *buf)
md->chc.state[x] ^= T[0][x] ^ T[1][x];
}
XFREE(key);
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(T, sizeof(T));
zeromem(&key, sizeof(key));
#endif
return CRYPT_OK;
}
/* function for processing blocks */
int _chc_process(hash_state * md, const unsigned char *buf, unsigned long len);
HASH_PROCESS(_chc_process, chc_compress, chc, (unsigned long)cipher_blocksize)
int chc_process(hash_state * md, const unsigned char *buf, unsigned long len)
/**
Process a block of memory though the hash
@param md The hash state
@param in The data to hash
@param inlen The length of the data (octets)
@return CRYPT_OK if successful
*/
int chc_process(hash_state * md, const unsigned char *in, unsigned long inlen)
{
int err;
_ARGCHK(md != NULL);
_ARGCHK(buf != NULL);
LTC_ARGCHK(md != NULL);
LTC_ARGCHK(in != NULL);
/* is the cipher valid? */
if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
@ -158,15 +180,21 @@ int chc_process(hash_state * md, const unsigned char *buf, unsigned long len)
return CRYPT_INVALID_CIPHER;
}
return _chc_process(md, buf, len);
return _chc_process(md, in, inlen);
}
int chc_done(hash_state *md, unsigned char *buf)
/**
Terminate the hash to get the digest
@param md The hash state
@param out [out] The destination of the hash (length of the block size of the block cipher)
@return CRYPT_OK if successful
*/
int chc_done(hash_state *md, unsigned char *out)
{
int err;
_ARGCHK(md != NULL);
_ARGCHK(buf != NULL);
LTC_ARGCHK(md != NULL);
LTC_ARGCHK(out != NULL);
/* is the cipher valid? */
if ((err = cipher_is_valid(cipher_idx)) != CRYPT_OK) {
@ -208,19 +236,23 @@ int chc_done(hash_state *md, unsigned char *buf)
chc_compress(md, md->chc.buf);
/* copy output */
XMEMCPY(buf, md->chc.state, cipher_blocksize);
XMEMCPY(out, md->chc.state, cipher_blocksize);
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(md, sizeof(hash_state));
#endif
return CRYPT_OK;
}
/**
Self-test the hash
@return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
*/
int chc_test(void)
{
static const struct {
unsigned char *msg,
md[MAXBLOCKSIZE];
md[MAXBLOCKSIZE];
int len;
} tests[] = {
{

26
hash_file.c → src/hashes/helper/hash_file.c
View File

@ -8,18 +8,30 @@
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#include "tomcrypt.h"
int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *outlen)
/**
@file hash_file.c
Hash a file, Tom St Denis
*/
/**
@param hash The index of the hash desired
@param fname The name of the file you wish to hash
@param out [out] The destination of the digest
@param outlen [in/out] The max size and resulting size of the message digest
@result CRYPT_OK if successful
*/
int hash_file(int hash, const char *fname, unsigned char *out, unsigned long *outlen)
{
#ifdef NO_FILE
#ifdef LTC_NO_FILE
return CRYPT_NOP;
#else
FILE *in;
int err;
_ARGCHK(fname != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
LTC_ARGCHK(fname != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
@ -30,7 +42,7 @@ int hash_file(int hash, const char *fname, unsigned char *dst, unsigned long *ou
return CRYPT_FILE_NOTFOUND;
}
err = hash_filehandle(hash, in, dst, outlen);
err = hash_filehandle(hash, in, out, outlen);
if (fclose(in) != 0) {
return CRYPT_ERROR;
}

29
hash_filehandle.c → src/hashes/helper/hash_filehandle.c
View File

@ -8,11 +8,24 @@
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#include "tomcrypt.h"
int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outlen)
/**
@file hash_filehandle.c
Hash open files, Tom St Denis
*/
/**
Hash data from an open file handle.
@param hash The index of the hash you want to use
@param in The FILE* handle of the file you want to hash
@param out [out] The destination of the digest
@param outlen [in/out] The max size and resulting size of the digest
@result CRYPT_OK if successful
*/
int hash_filehandle(int hash, FILE *in, unsigned char *out, unsigned long *outlen)
{
#ifdef NO_FILE
#ifdef LTC_NO_FILE
return CRYPT_NOP;
#else
hash_state md;
@ -20,9 +33,9 @@ int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outle
size_t x;
int err;
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(in != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
@ -42,9 +55,9 @@ int hash_filehandle(int hash, FILE *in, unsigned char *dst, unsigned long *outle
return err;
}
} while (x == sizeof(buf));
err = hash_descriptor[hash].done(&md, dst);
err = hash_descriptor[hash].done(&md, out);
#ifdef CLEAN_STACK
#ifdef LTC_CLEAN_STACK
zeromem(buf, sizeof(buf));
#endif
return err;

36
hash_memory.c → src/hashes/helper/hash_memory.c
View File

@ -8,16 +8,30 @@
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "mycrypt.h"
#include "tomcrypt.h"
int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned char *dst, unsigned long *outlen)
/**
@file hash_memory.c
Hash memory helper, Tom St Denis
*/
/**
Hash a block of memory and store the digest.
@param hash The index of the hash you wish to use
@param in The data you wish to hash
@param inlen The length of the data to hash (octets)
@param out [out] Where to store the digest
@param outlen [in/out] Max size and resulting size of the digest
@return CRYPT_OK if successful
*/
int hash_memory(int hash, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen)
{
hash_state *md;
int err;
_ARGCHK(data != NULL);
_ARGCHK(dst != NULL);
_ARGCHK(outlen != NULL);
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
@ -33,15 +47,15 @@ int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned
}
if ((err = hash_descriptor[hash].init(md)) != CRYPT_OK) {
goto __ERR;
goto LBL_ERR;
}
if ((err = hash_descriptor[hash].process(md, data, len)) != CRYPT_OK) {
goto __ERR;
if ((err = hash_descriptor[hash].process(md, in, inlen)) != CRYPT_OK) {
goto LBL_ERR;
}
err = hash_descriptor[hash].done(md, dst);
err = hash_descriptor[hash].done(md, out);
*outlen = hash_descriptor[hash].hashsize;
__ERR:
#ifdef CLEAN_STACK
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(md, sizeof(hash_state));
#endif
XFREE(md);

82
src/hashes/helper/hash_memory_multi.c Normal file
View File

@ -0,0 +1,82 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
*/
#include "tomcrypt.h"
#include <stdarg.h>
/**
@file hash_memory_multi.c
Hash (multiple buffers) memory helper, Tom St Denis
*/
/**
Hash multiple (non-adjacent) blocks of memory at once.
@param hash The index of the hash you wish to use
@param out [out] Where to store the digest
@param outlen [in/out] Max size and resulting size of the digest
@param in The data you wish to hash
@param inlen The length of the data to hash (octets)
@param ... tuples of (data,len) pairs to hash, terminated with a (NULL,x) (x=don't care)
@return CRYPT_OK if successful
*/
int hash_memory_multi(int hash, unsigned char *out, unsigned long *outlen,
const unsigned char *in, unsigned long inlen, ...)
{
hash_state *md;
int err;
va_list args;
const unsigned char *curptr;
unsigned long curlen;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
if ((err = hash_is_valid(hash)) != CRYPT_OK) {
return err;
}
if (*outlen < hash_descriptor[hash].hashsize) {
return CRYPT_BUFFER_OVERFLOW;
}
md = XMALLOC(sizeof(hash_state));
if (md == NULL) {
return CRYPT_MEM;
}
if ((err = hash_descriptor[hash].init(md)) != CRYPT_OK) {
goto LBL_ERR;
}
va_start(args, inlen);
curptr = in;
curlen = inlen;
for (;;) {
/* process buf */
if ((err = hash_descriptor[hash].process(md, curptr, curlen)) != CRYPT_OK) {
goto LBL_ERR;
}
/* step to next */
curptr = va_arg(args, const unsigned char*);
if (curptr == NULL) {
break;
}
curlen = va_arg(args, unsigned long);
}
err = hash_descriptor[hash].done(md, out);
*outlen = hash_descriptor[hash].hashsize;
LBL_ERR:
#ifdef LTC_CLEAN_STACK
zeromem(md, sizeof(hash_state));
#endif
XFREE(md);
va_end(args);
return err;
}

Some files were not shown because too many files have changed in this diff Show More