summaryrefslogtreecommitdiffhomepage
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/ciphers/aes/aes.c43
-rw-r--r--src/ciphers/aes/aes_tab.c10
-rw-r--r--src/ciphers/anubis.c3108
-rw-r--r--src/ciphers/blowfish.c33
-rw-r--r--src/ciphers/cast5.c31
-rw-r--r--src/ciphers/des.c32
-rw-r--r--src/ciphers/kasumi.c318
-rw-r--r--src/ciphers/khazad.c20
-rw-r--r--src/ciphers/kseed.c376
-rw-r--r--src/ciphers/noekeon.c35
-rw-r--r--src/ciphers/rc2.c34
-rw-r--r--src/ciphers/rc5.c34
-rw-r--r--src/ciphers/rc6.c35
-rw-r--r--src/ciphers/safer/safer.c40
-rw-r--r--src/ciphers/safer/safer_tab.c6
-rw-r--r--src/ciphers/safer/saferp.c18
-rw-r--r--src/ciphers/skipjack.c34
-rw-r--r--src/ciphers/twofish/twofish.c48
-rw-r--r--src/ciphers/twofish/twofish_tab.c6
-rw-r--r--src/ciphers/xtea.c18
-rw-r--r--src/encauth/ccm/ccm_memory.c112
-rw-r--r--src/encauth/ccm/ccm_test.c28
-rw-r--r--src/encauth/eax/eax_addheader.c6
-rw-r--r--src/encauth/eax/eax_decrypt.c6
-rw-r--r--src/encauth/eax/eax_decrypt_verify_memory.c8
-rw-r--r--src/encauth/eax/eax_done.c6
-rw-r--r--src/encauth/eax/eax_encrypt.c6
-rw-r--r--src/encauth/eax/eax_encrypt_authenticate_memory.c6
-rw-r--r--src/encauth/eax/eax_init.c6
-rw-r--r--src/encauth/eax/eax_test.c10
-rw-r--r--src/encauth/gcm/gcm_add_aad.c8
-rw-r--r--src/encauth/gcm/gcm_add_iv.c6
-rw-r--r--src/encauth/gcm/gcm_done.c10
-rw-r--r--src/encauth/gcm/gcm_gf_mult.c179
-rw-r--r--src/encauth/gcm/gcm_init.c50
-rw-r--r--src/encauth/gcm/gcm_memory.c30
-rw-r--r--src/encauth/gcm/gcm_mult_h.c58
-rw-r--r--src/encauth/gcm/gcm_process.c37
-rw-r--r--src/encauth/gcm/gcm_reset.c6
-rw-r--r--src/encauth/gcm/gcm_test.c69
-rw-r--r--src/encauth/ocb/ocb_decrypt.c10
-rw-r--r--src/encauth/ocb/ocb_decrypt_verify_memory.c6
-rw-r--r--src/encauth/ocb/ocb_done_decrypt.c8
-rw-r--r--src/encauth/ocb/ocb_done_encrypt.c6
-rw-r--r--src/encauth/ocb/ocb_encrypt.c10
-rw-r--r--src/encauth/ocb/ocb_encrypt_authenticate_memory.c6
-rw-r--r--src/encauth/ocb/ocb_init.c14
-rw-r--r--src/encauth/ocb/ocb_ntz.c6
-rw-r--r--src/encauth/ocb/ocb_shift_xor.c6
-rw-r--r--src/encauth/ocb/ocb_test.c10
-rw-r--r--src/encauth/ocb/s_ocb_done.c18
-rw-r--r--src/hashes/chc/chc.c13
-rw-r--r--src/hashes/helper/hash_file.c6
-rw-r--r--src/hashes/helper/hash_filehandle.c7
-rw-r--r--src/hashes/helper/hash_memory.c7
-rw-r--r--src/hashes/helper/hash_memory_multi.c7
-rw-r--r--src/hashes/md2.c11
-rw-r--r--src/hashes/md4.c11
-rw-r--r--src/hashes/md5.c11
-rw-r--r--src/hashes/rmd128.c11
-rw-r--r--src/hashes/rmd160.c11
-rw-r--r--src/hashes/rmd256.c431
-rw-r--r--src/hashes/rmd320.c495
-rw-r--r--src/hashes/sha1.c11
-rw-r--r--src/hashes/sha2/sha224.c11
-rw-r--r--src/hashes/sha2/sha256.c13
-rw-r--r--src/hashes/sha2/sha384.c11
-rw-r--r--src/hashes/sha2/sha512.c11
-rw-r--r--src/hashes/tiger.c11
-rw-r--r--src/hashes/whirl/whirl.c11
-rw-r--r--src/headers/ltc_tommath.h581
-rw-r--r--src/headers/tomcrypt.h12
-rw-r--r--src/headers/tomcrypt_argchk.h17
-rw-r--r--src/headers/tomcrypt_cfg.h92
-rw-r--r--src/headers/tomcrypt_cipher.h348
-rw-r--r--src/headers/tomcrypt_custom.h63
-rw-r--r--src/headers/tomcrypt_hash.h54
-rw-r--r--src/headers/tomcrypt_mac.h98
-rw-r--r--src/headers/tomcrypt_macros.h105
-rw-r--r--src/headers/tomcrypt_math.h500
-rw-r--r--src/headers/tomcrypt_misc.h8
-rw-r--r--src/headers/tomcrypt_pk.h507
-rw-r--r--src/headers/tomcrypt_pkcs.h43
-rw-r--r--src/headers/tomcrypt_prng.h10
-rw-r--r--src/headers/tommath_class.h998
-rw-r--r--src/headers/tommath_superclass.h80
-rw-r--r--src/mac/f9/f9_done.c77
-rw-r--r--src/mac/f9/f9_file.c83
-rw-r--r--src/mac/f9/f9_init.c70
-rw-r--r--src/mac/f9/f9_memory.c71
-rw-r--r--src/mac/f9/f9_memory_multi.c90
-rw-r--r--src/mac/f9/f9_process.c78
-rw-r--r--src/mac/f9/f9_test.c78
-rw-r--r--src/mac/hmac/hmac_done.c8
-rw-r--r--src/mac/hmac/hmac_file.c8
-rw-r--r--src/mac/hmac/hmac_init.c8
-rw-r--r--src/mac/hmac/hmac_memory.c23
-rw-r--r--src/mac/hmac/hmac_memory_multi.c8
-rw-r--r--src/mac/hmac/hmac_process.c8
-rw-r--r--src/mac/hmac/hmac_test.c12
-rw-r--r--src/mac/omac/omac_done.c12
-rw-r--r--src/mac/omac/omac_file.c8
-rw-r--r--src/mac/omac/omac_init.c12
-rw-r--r--src/mac/omac/omac_memory.c18
-rw-r--r--src/mac/omac/omac_memory_multi.c8
-rw-r--r--src/mac/omac/omac_process.c16
-rw-r--r--src/mac/omac/omac_test.c10
-rw-r--r--src/mac/pelican/pelican.c8
-rw-r--r--src/mac/pelican/pelican_memory.c6
-rw-r--r--src/mac/pelican/pelican_test.c10
-rw-r--r--src/mac/pmac/pmac_done.c14
-rw-r--r--src/mac/pmac/pmac_file.c8
-rw-r--r--src/mac/pmac/pmac_init.c17
-rw-r--r--src/mac/pmac/pmac_memory.c8
-rw-r--r--src/mac/pmac/pmac_memory_multi.c8
-rw-r--r--src/mac/pmac/pmac_ntz.c8
-rw-r--r--src/mac/pmac/pmac_process.c16
-rw-r--r--src/mac/pmac/pmac_shift_xor.c8
-rw-r--r--src/mac/pmac/pmac_test.c10
-rw-r--r--src/mac/xcbc/xcbc_done.c77
-rw-r--r--src/mac/xcbc/xcbc_file.c83
-rw-r--r--src/mac/xcbc/xcbc_init.c86
-rw-r--r--src/mac/xcbc/xcbc_memory.c71
-rw-r--r--src/mac/xcbc/xcbc_memory_multi.c90
-rw-r--r--src/mac/xcbc/xcbc_process.c75
-rw-r--r--src/mac/xcbc/xcbc_test.c128
-rw-r--r--src/math/fp/ltc_ecc_fp_mulmod.c1314
-rw-r--r--src/math/gmp_desc.c478
-rw-r--r--src/math/ltm_desc.c483
-rw-r--r--src/math/multi.c61
-rw-r--r--src/math/rand_prime.c87
-rw-r--r--src/math/tfm_desc.c777
-rw-r--r--src/misc/base64/base64_decode.c6
-rw-r--r--src/misc/base64/base64_encode.c7
-rw-r--r--src/misc/burn_stack.c6
-rw-r--r--src/misc/crypt/crypt.c87
-rw-r--r--src/misc/crypt/crypt_argchk.c6
-rw-r--r--src/misc/crypt/crypt_cipher_descriptor.c10
-rw-r--r--src/misc/crypt/crypt_cipher_is_valid.c6
-rw-r--r--src/misc/crypt/crypt_find_cipher.c8
-rw-r--r--src/misc/crypt/crypt_find_cipher_any.c6
-rw-r--r--src/misc/crypt/crypt_find_cipher_id.c6
-rw-r--r--src/misc/crypt/crypt_find_hash.c8
-rw-r--r--src/misc/crypt/crypt_find_hash_any.c6
-rw-r--r--src/misc/crypt/crypt_find_hash_id.c6
-rw-r--r--src/misc/crypt/crypt_find_hash_oid.c35
-rw-r--r--src/misc/crypt/crypt_find_prng.c8
-rw-r--r--src/misc/crypt/crypt_fsa.c59
-rw-r--r--src/misc/crypt/crypt_hash_descriptor.c10
-rw-r--r--src/misc/crypt/crypt_hash_is_valid.c6
-rw-r--r--src/misc/crypt/crypt_ltc_mp_descriptor.c13
-rw-r--r--src/misc/crypt/crypt_prng_descriptor.c8
-rw-r--r--src/misc/crypt/crypt_prng_is_valid.c6
-rw-r--r--src/misc/crypt/crypt_register_cipher.c6
-rw-r--r--src/misc/crypt/crypt_register_hash.c8
-rw-r--r--src/misc/crypt/crypt_register_prng.c8
-rw-r--r--src/misc/crypt/crypt_unregister_cipher.c8
-rw-r--r--src/misc/crypt/crypt_unregister_hash.c8
-rw-r--r--src/misc/crypt/crypt_unregister_prng.c8
-rw-r--r--src/misc/error_to_string.c6
-rw-r--r--src/misc/mpi/is_prime.c36
-rw-r--r--src/misc/mpi/mpi_to_ltc_error.c48
-rw-r--r--src/misc/mpi/rand_prime.c70
-rw-r--r--src/misc/pkcs5/pkcs_5_1.c6
-rw-r--r--src/misc/pkcs5/pkcs_5_2.c6
-rw-r--r--src/misc/zeromem.c8
-rw-r--r--src/modes/cbc/cbc_decrypt.c32
-rw-r--r--src/modes/cbc/cbc_done.c8
-rw-r--r--src/modes/cbc/cbc_encrypt.c38
-rw-r--r--src/modes/cbc/cbc_getiv.c9
-rw-r--r--src/modes/cbc/cbc_setiv.c8
-rw-r--r--src/modes/cbc/cbc_start.c8
-rw-r--r--src/modes/cfb/cfb_decrypt.c14
-rw-r--r--src/modes/cfb/cfb_done.c8
-rw-r--r--src/modes/cfb/cfb_encrypt.c14
-rw-r--r--src/modes/cfb/cfb_getiv.c9
-rw-r--r--src/modes/cfb/cfb_setiv.c13
-rw-r--r--src/modes/cfb/cfb_start.c12
-rw-r--r--src/modes/ctr/ctr_decrypt.c8
-rw-r--r--src/modes/ctr/ctr_done.c8
-rw-r--r--src/modes/ctr/ctr_encrypt.c36
-rw-r--r--src/modes/ctr/ctr_getiv.c9
-rw-r--r--src/modes/ctr/ctr_setiv.c12
-rw-r--r--src/modes/ctr/ctr_start.c35
-rw-r--r--src/modes/ctr/ctr_test.c85
-rw-r--r--src/modes/ecb/ecb_decrypt.c14
-rw-r--r--src/modes/ecb/ecb_done.c8
-rw-r--r--src/modes/ecb/ecb_encrypt.c14
-rw-r--r--src/modes/ecb/ecb_start.c8
-rw-r--r--src/modes/f8/f8_decrypt.c43
-rw-r--r--src/modes/f8/f8_done.c42
-rw-r--r--src/modes/f8/f8_encrypt.c103
-rw-r--r--src/modes/f8/f8_getiv.c46
-rw-r--r--src/modes/f8/f8_setiv.c52
-rw-r--r--src/modes/f8/f8_start.c98
-rw-r--r--src/modes/f8/f8_test_mode.c76
-rw-r--r--src/modes/lrw/lrw_decrypt.c51
-rw-r--r--src/modes/lrw/lrw_done.c42
-rw-r--r--src/modes/lrw/lrw_encrypt.c50
-rw-r--r--src/modes/lrw/lrw_getiv.c45
-rw-r--r--src/modes/lrw/lrw_process.c120
-rw-r--r--src/modes/lrw/lrw_setiv.c79
-rw-r--r--src/modes/lrw/lrw_start.c103
-rw-r--r--src/modes/lrw/lrw_test.c136
-rw-r--r--src/modes/ofb/ofb_decrypt.c8
-rw-r--r--src/modes/ofb/ofb_done.c8
-rw-r--r--src/modes/ofb/ofb_encrypt.c14
-rw-r--r--src/modes/ofb/ofb_getiv.c9
-rw-r--r--src/modes/ofb/ofb_setiv.c11
-rw-r--r--src/modes/ofb/ofb_start.c8
-rw-r--r--src/pk/asn1/der/bit/der_decode_bit_string.c11
-rw-r--r--src/pk/asn1/der/bit/der_encode_bit_string.c20
-rw-r--r--src/pk/asn1/der/bit/der_length_bit_string.c6
-rw-r--r--src/pk/asn1/der/boolean/der_decode_boolean.c47
-rw-r--r--src/pk/asn1/der/boolean/der_encode_boolean.c51
-rw-r--r--src/pk/asn1/der/boolean/der_length_boolean.c35
-rw-r--r--src/pk/asn1/der/choice/der_decode_choice.c20
-rw-r--r--src/pk/asn1/der/ia5/der_decode_ia5_string.c7
-rw-r--r--src/pk/asn1/der/ia5/der_encode_ia5_string.c21
-rw-r--r--src/pk/asn1/der/ia5/der_length_ia5_string.c6
-rw-r--r--src/pk/asn1/der/integer/der_decode_integer.c22
-rw-r--r--src/pk/asn1/der/integer/der_encode_integer.c54
-rw-r--r--src/pk/asn1/der/integer/der_length_integer.c15
-rw-r--r--src/pk/asn1/der/object_identifier/der_decode_object_identifier.c24
-rw-r--r--src/pk/asn1/der/object_identifier/der_encode_object_identifier.c44
-rw-r--r--src/pk/asn1/der/object_identifier/der_length_object_identifier.c27
-rw-r--r--src/pk/asn1/der/octet/der_decode_octet_string.c7
-rw-r--r--src/pk/asn1/der/octet/der_encode_octet_string.c21
-rw-r--r--src/pk/asn1/der/octet/der_length_octet_string.c6
-rw-r--r--src/pk/asn1/der/printable_string/der_decode_printable_string.c7
-rw-r--r--src/pk/asn1/der/printable_string/der_encode_printable_string.c21
-rw-r--r--src/pk/asn1/der/printable_string/der_length_printable_string.c6
-rw-r--r--src/pk/asn1/der/sequence/der_decode_sequence_ex.c (renamed from src/pk/asn1/der/sequence/der_decode_sequence.c)121
-rw-r--r--src/pk/asn1/der/sequence/der_decode_sequence_flexi.c386
-rw-r--r--src/pk/asn1/der/sequence/der_decode_sequence_multi.c21
-rw-r--r--src/pk/asn1/der/sequence/der_encode_sequence_ex.c (renamed from src/pk/asn1/der/sequence/der_encode_sequence.c)84
-rw-r--r--src/pk/asn1/der/sequence/der_encode_sequence_multi.c21
-rw-r--r--src/pk/asn1/der/sequence/der_length_sequence.c31
-rw-r--r--src/pk/asn1/der/sequence/der_sequence_free.c65
-rw-r--r--src/pk/asn1/der/set/der_encode_set.c103
-rw-r--r--src/pk/asn1/der/set/der_encode_setof.c162
-rw-r--r--src/pk/asn1/der/short_integer/der_decode_short_integer.c8
-rw-r--r--src/pk/asn1/der/short_integer/der_encode_short_integer.c14
-rw-r--r--src/pk/asn1/der/short_integer/der_length_short_integer.c9
-rw-r--r--src/pk/asn1/der/utctime/der_decode_utctime.c13
-rw-r--r--src/pk/asn1/der/utctime/der_encode_utctime.c15
-rw-r--r--src/pk/asn1/der/utctime/der_length_utctime.c7
-rw-r--r--src/pk/asn1/der/utf8/der_decode_utf8_string.c111
-rw-r--r--src/pk/asn1/der/utf8/der_encode_utf8_string.c105
-rw-r--r--src/pk/asn1/der/utf8/der_length_utf8_string.c83
-rw-r--r--src/pk/dh/dh.c524
-rw-r--r--src/pk/dh/dh_sys.c499
-rw-r--r--src/pk/dsa/dsa_decrypt_key.c139
-rw-r--r--src/pk/dsa/dsa_encrypt_key.c135
-rw-r--r--src/pk/dsa/dsa_export.c24
-rw-r--r--src/pk/dsa/dsa_free.c10
-rw-r--r--src/pk/dsa/dsa_import.c33
-rw-r--r--src/pk/dsa/dsa_make_key.c69
-rw-r--r--src/pk/dsa/dsa_shared_secret.c72
-rw-r--r--src/pk/dsa/dsa_sign_hash.c63
-rw-r--r--src/pk/dsa/dsa_verify_hash.c52
-rw-r--r--src/pk/dsa/dsa_verify_key.c50
-rw-r--r--src/pk/ecc/ecc.c1055
-rw-r--r--src/pk/ecc/ecc_ansi_x963_export.c72
-rw-r--r--src/pk/ecc/ecc_ansi_x963_import.c104
-rw-r--r--src/pk/ecc/ecc_decrypt_key.c150
-rw-r--r--src/pk/ecc/ecc_encrypt_key.c136
-rw-r--r--src/pk/ecc/ecc_export.c82
-rw-r--r--src/pk/ecc/ecc_free.c40
-rw-r--r--src/pk/ecc/ecc_get_size.c44
-rw-r--r--src/pk/ecc/ecc_import.c172
-rw-r--r--src/pk/ecc/ecc_make_key.c125
-rw-r--r--src/pk/ecc/ecc_shared_secret.c95
-rw-r--r--src/pk/ecc/ecc_sign_hash.c114
-rw-r--r--src/pk/ecc/ecc_sizes.c48
-rw-r--r--src/pk/ecc/ecc_sys.c462
-rw-r--r--src/pk/ecc/ecc_test.c95
-rw-r--r--src/pk/ecc/ecc_verify_hash.c165
-rw-r--r--src/pk/ecc/ltc_ecc_is_valid_idx.c46
-rw-r--r--src/pk/ecc/ltc_ecc_map.c76
-rw-r--r--src/pk/ecc/ltc_ecc_mul2add.c207
-rw-r--r--src/pk/ecc/ltc_ecc_mulmod.c222
-rw-r--r--src/pk/ecc/ltc_ecc_mulmod_timing.c167
-rw-r--r--src/pk/ecc/ltc_ecc_points.c60
-rw-r--r--src/pk/ecc/ltc_ecc_projective_add_point.c196
-rw-r--r--src/pk/ecc/ltc_ecc_projective_dbl_point.c147
-rw-r--r--src/pk/katja/katja_decrypt_key.c105
-rw-r--r--src/pk/katja/katja_encrypt_key.c87
-rw-r--r--src/pk/katja/katja_export.c75
-rw-r--r--src/pk/katja/katja_exptmod.c115
-rw-r--r--src/pk/katja/katja_free.c35
-rw-r--r--src/pk/katja/katja_import.c81
-rw-r--r--src/pk/katja/katja_make_key.c101
-rw-r--r--src/pk/packet_store_header.c33
-rw-r--r--src/pk/packet_valid_header.c41
-rw-r--r--src/pk/pkcs1/pkcs_1_i2osp.c14
-rw-r--r--src/pk/pkcs1/pkcs_1_mgf1.c10
-rw-r--r--src/pk/pkcs1/pkcs_1_oaep_decode.c19
-rw-r--r--src/pk/pkcs1/pkcs_1_oaep_encode.c11
-rw-r--r--src/pk/pkcs1/pkcs_1_os2ip.c15
-rw-r--r--src/pk/pkcs1/pkcs_1_pss_decode.c18
-rw-r--r--src/pk/pkcs1/pkcs_1_pss_encode.c9
-rw-r--r--src/pk/pkcs1/pkcs_1_v1_5_decode.c110
-rw-r--r--src/pk/pkcs1/pkcs_1_v1_5_encode.c111
-rw-r--r--src/pk/rsa/rsa_decrypt_key.c64
-rw-r--r--src/pk/rsa/rsa_encrypt_key.c78
-rw-r--r--src/pk/rsa/rsa_export.c37
-rw-r--r--src/pk/rsa/rsa_exptmod.c48
-rw-r--r--src/pk/rsa/rsa_free.c11
-rw-r--r--src/pk/rsa/rsa_import.c107
-rw-r--r--src/pk/rsa/rsa_make_key.c89
-rw-r--r--src/pk/rsa/rsa_sign_hash.c129
-rw-r--r--src/pk/rsa/rsa_verify_hash.c141
-rw-r--r--src/prngs/fortuna.c59
-rw-r--r--src/prngs/rc4.c15
-rw-r--r--src/prngs/rng_get_bytes.c14
-rw-r--r--src/prngs/rng_make_prng.c6
-rw-r--r--src/prngs/sober128.c21
-rw-r--r--src/prngs/sprng.c6
-rw-r--r--src/prngs/yarrow.c59
320 files changed, 17932 insertions, 7901 deletions
diff --git a/src/ciphers/aes/aes.c b/src/ciphers/aes/aes.c
index 0e4933f..74798e8 100644
--- a/src/ciphers/aes/aes.c
+++ b/src/ciphers/aes/aes.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/* AES implementation by Tom St Denis
@@ -50,7 +50,7 @@ const struct ltc_cipher_descriptor rijndael_desc =
6,
16, 32, 16, 10,
SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif
@@ -60,7 +60,7 @@ const struct ltc_cipher_descriptor aes_desc =
6,
16, 32, 16, 10,
SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#else
@@ -76,7 +76,7 @@ const struct ltc_cipher_descriptor rijndael_enc_desc =
6,
16, 32, 16, 10,
SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
const struct ltc_cipher_descriptor aes_enc_desc =
@@ -85,7 +85,7 @@ const struct ltc_cipher_descriptor aes_enc_desc =
6,
16, 32, 16, 10,
SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif
@@ -283,11 +283,12 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+static int _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
-void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
@@ -309,7 +310,6 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
LOAD32H(s2, pt + 8); s2 ^= rk[2];
LOAD32H(s3, pt + 12); s3 ^= rk[3];
-
#ifdef LTC_SMALL_CODE
for (r = 0; ; r++) {
@@ -442,13 +442,16 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
(Te4_0[byte(t2, 0)]) ^
rk[3];
STORE32H(s3, ct+12);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
- _rijndael_ecb_encrypt(pt, ct, skey);
+ int err = _rijndael_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2);
+ return err;
}
#endif
@@ -459,11 +462,12 @@ void ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+static int _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
-void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
@@ -617,14 +621,17 @@ void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
(Td4[byte(t0, 0)] & 0x000000ff) ^
rk[3];
STORE32H(s3, pt+12);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
- _rijndael_ecb_decrypt(ct, pt, skey);
+ int err = _rijndael_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2);
+ return err;
}
#endif
@@ -683,10 +690,10 @@ int ECB_TEST(void)
rijndael_ecb_encrypt(tests[i].pt, tmp[0], &key);
rijndael_ecb_decrypt(tmp[0], tmp[1], &key);
- if (memcmp(tmp[0], tests[i].ct, 16) || memcmp(tmp[1], tests[i].pt, 16)) {
+ if (XMEMCMP(tmp[0], tests[i].ct, 16) || XMEMCMP(tmp[1], tests[i].pt, 16)) {
#if 0
printf("\n\nTest %d failed\n", i);
- if (memcmp(tmp[0], tests[i].ct, 16)) {
+ if (XMEMCMP(tmp[0], tests[i].ct, 16)) {
printf("CT: ");
for (i = 0; i < 16; i++) {
printf("%02x ", tmp[0][i]);
@@ -751,5 +758,5 @@ int ECB_KS(int *keysize)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/aes/aes.c,v $ */
-/* $Revision: 1.8 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.14 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/aes/aes_tab.c b/src/ciphers/aes/aes_tab.c
index 31d276e..0ef9731 100644
--- a/src/ciphers/aes/aes_tab.c
+++ b/src/ciphers/aes/aes_tab.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/* The precomputed tables for AES */
/*
@@ -94,6 +94,7 @@ static const ulong32 TE0[256] = {
0x7bb0b0cbUL, 0xa85454fcUL, 0x6dbbbbd6UL, 0x2c16163aUL,
};
+#ifndef PELI_TAB
static const ulong32 Te4[256] = {
0x63636363UL, 0x7c7c7c7cUL, 0x77777777UL, 0x7b7b7b7bUL,
0xf2f2f2f2UL, 0x6b6b6b6bUL, 0x6f6f6f6fUL, 0xc5c5c5c5UL,
@@ -160,6 +161,7 @@ static const ulong32 Te4[256] = {
0x41414141UL, 0x99999999UL, 0x2d2d2d2dUL, 0x0f0f0f0fUL,
0xb0b0b0b0UL, 0x54545454UL, 0xbbbbbbbbUL, 0x16161616UL,
};
+#endif
#ifndef ENCRYPT_ONLY
@@ -528,6 +530,7 @@ static const ulong32 TE3[256] = {
0xb0b0cb7bUL, 0x5454fca8UL, 0xbbbbd66dUL, 0x16163a2cUL,
};
+#ifndef PELI_TAB
static const ulong32 Te4_0[] = {
0x00000063UL, 0x0000007cUL, 0x00000077UL, 0x0000007bUL, 0x000000f2UL, 0x0000006bUL, 0x0000006fUL, 0x000000c5UL,
0x00000030UL, 0x00000001UL, 0x00000067UL, 0x0000002bUL, 0x000000feUL, 0x000000d7UL, 0x000000abUL, 0x00000076UL,
@@ -667,6 +670,7 @@ static const ulong32 Te4_3[] = {
0x8c000000UL, 0xa1000000UL, 0x89000000UL, 0x0d000000UL, 0xbf000000UL, 0xe6000000UL, 0x42000000UL, 0x68000000UL,
0x41000000UL, 0x99000000UL, 0x2d000000UL, 0x0f000000UL, 0xb0000000UL, 0x54000000UL, 0xbb000000UL, 0x16000000UL
};
+#endif /* pelimac */
#ifndef ENCRYPT_ONLY
@@ -1020,5 +1024,5 @@ static const ulong32 rcon[] = {
};
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/aes/aes_tab.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/04/02 13:19:09 $ */
diff --git a/src/ciphers/anubis.c b/src/ciphers/anubis.c
index 511eac2..9a0722c 100644
--- a/src/ciphers/anubis.c
+++ b/src/ciphers/anubis.c
@@ -1,1554 +1,1558 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-
-/**
- @file anubis.c
- Anubis implementation derived from public domain source
- Authors: Paulo S.L.M. Barreto and Vincent Rijmen.
-*/
-
-#include "tomcrypt.h"
-
-#ifdef ANUBIS
-
-const struct ltc_cipher_descriptor anubis_desc = {
- "anubis",
- 19,
- 16, 40, 16, 12,
- &anubis_setup,
- &anubis_ecb_encrypt,
- &anubis_ecb_decrypt,
- &anubis_test,
- &anubis_done,
- &anubis_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
-};
-
-#define MIN_N 4
-#define MAX_N 10
-#define MIN_ROUNDS (8 + MIN_N)
-#define MAX_ROUNDS (8 + MAX_N)
-#define MIN_KEYSIZEB (4*MIN_N)
-#define MAX_KEYSIZEB (4*MAX_N)
-#define BLOCKSIZE 128
-#define BLOCKSIZEB (BLOCKSIZE/8)
-
-
-/*
- * Though Anubis is endianness-neutral, the encryption tables are listed
- * in BIG-ENDIAN format, which is adopted throughout this implementation
- * (but little-endian notation would be equally suitable if consistently
- * employed).
- */
-#if defined(ANUBIS_TWEAK)
-
-static const ulong32 T0[256] = {
- 0xba69d2bbU, 0x54a84de5U, 0x2f5ebce2U, 0x74e8cd25U,
- 0x53a651f7U, 0xd3bb6bd0U, 0xd2b96fd6U, 0x4d9a29b3U,
- 0x50a05dfdU, 0xac458acfU, 0x8d070e09U, 0xbf63c6a5U,
- 0x70e0dd3dU, 0x52a455f1U, 0x9a29527bU, 0x4c982db5U,
- 0xeac98f46U, 0xd5b773c4U, 0x97336655U, 0xd1bf63dcU,
- 0x3366ccaaU, 0x51a259fbU, 0x5bb671c7U, 0xa651a2f3U,
- 0xdea15ffeU, 0x48903dadU, 0xa84d9ad7U, 0x992f5e71U,
- 0xdbab4be0U, 0x3264c8acU, 0xb773e695U, 0xfce5d732U,
- 0xe3dbab70U, 0x9e214263U, 0x913f7e41U, 0x9b2b567dU,
- 0xe2d9af76U, 0xbb6bd6bdU, 0x4182199bU, 0x6edca579U,
- 0xa557aef9U, 0xcb8b0b80U, 0x6bd6b167U, 0x95376e59U,
- 0xa15fbee1U, 0xf3fbeb10U, 0xb17ffe81U, 0x0204080cU,
- 0xcc851792U, 0xc49537a2U, 0x1d3a744eU, 0x14285078U,
- 0xc39b2bb0U, 0x63c69157U, 0xdaa94fe6U, 0x5dba69d3U,
- 0x5fbe61dfU, 0xdca557f2U, 0x7dfae913U, 0xcd871394U,
- 0x7ffee11fU, 0x5ab475c1U, 0x6cd8ad75U, 0x5cb86dd5U,
- 0xf7f3fb08U, 0x264c98d4U, 0xffe3db38U, 0xedc79354U,
- 0xe8cd874aU, 0x9d274e69U, 0x6fdea17fU, 0x8e010203U,
- 0x19326456U, 0xa05dbae7U, 0xf0fde71aU, 0x890f1e11U,
- 0x0f1e3c22U, 0x070e1c12U, 0xaf4386c5U, 0xfbebcb20U,
- 0x08102030U, 0x152a547eU, 0x0d1a342eU, 0x04081018U,
- 0x01020406U, 0x64c88d45U, 0xdfa35bf8U, 0x76ecc529U,
- 0x79f2f90bU, 0xdda753f4U, 0x3d7af48eU, 0x162c5874U,
- 0x3f7efc82U, 0x376edcb2U, 0x6ddaa973U, 0x3870e090U,
- 0xb96fdeb1U, 0x73e6d137U, 0xe9cf834cU, 0x356ad4beU,
- 0x55aa49e3U, 0x71e2d93bU, 0x7bf6f107U, 0x8c050a0fU,
- 0x72e4d531U, 0x880d1a17U, 0xf6f1ff0eU, 0x2a54a8fcU,
- 0x3e7cf884U, 0x5ebc65d9U, 0x274e9cd2U, 0x468c0589U,
- 0x0c183028U, 0x65ca8943U, 0x68d0bd6dU, 0x61c2995bU,
- 0x03060c0aU, 0xc19f23bcU, 0x57ae41efU, 0xd6b17fceU,
- 0xd9af43ecU, 0x58b07dcdU, 0xd8ad47eaU, 0x66cc8549U,
- 0xd7b37bc8U, 0x3a74e89cU, 0xc88d078aU, 0x3c78f088U,
- 0xfae9cf26U, 0x96316253U, 0xa753a6f5U, 0x982d5a77U,
- 0xecc59752U, 0xb86ddab7U, 0xc7933ba8U, 0xae4182c3U,
- 0x69d2b96bU, 0x4b9631a7U, 0xab4b96ddU, 0xa94f9ed1U,
- 0x67ce814fU, 0x0a14283cU, 0x478e018fU, 0xf2f9ef16U,
- 0xb577ee99U, 0x224488ccU, 0xe5d7b364U, 0xeec19f5eU,
- 0xbe61c2a3U, 0x2b56acfaU, 0x811f3e21U, 0x1224486cU,
- 0x831b362dU, 0x1b366c5aU, 0x0e1c3824U, 0x23468ccaU,
- 0xf5f7f304U, 0x458a0983U, 0x214284c6U, 0xce811f9eU,
- 0x499239abU, 0x2c58b0e8U, 0xf9efc32cU, 0xe6d1bf6eU,
- 0xb671e293U, 0x2850a0f0U, 0x172e5c72U, 0x8219322bU,
- 0x1a34685cU, 0x8b0b161dU, 0xfee1df3eU, 0x8a09121bU,
- 0x09122436U, 0xc98f038cU, 0x87132635U, 0x4e9c25b9U,
- 0xe1dfa37cU, 0x2e5cb8e4U, 0xe4d5b762U, 0xe0dda77aU,
- 0xebcb8b40U, 0x903d7a47U, 0xa455aaffU, 0x1e3c7844U,
- 0x85172e39U, 0x60c09d5dU, 0x00000000U, 0x254a94deU,
- 0xf4f5f702U, 0xf1ffe31cU, 0x94356a5fU, 0x0b162c3aU,
- 0xe7d3bb68U, 0x75eac923U, 0xefc39b58U, 0x3468d0b8U,
- 0x3162c4a6U, 0xd4b577c2U, 0xd0bd67daU, 0x86112233U,
- 0x7efce519U, 0xad478ec9U, 0xfde7d334U, 0x2952a4f6U,
- 0x3060c0a0U, 0x3b76ec9aU, 0x9f234665U, 0xf8edc72aU,
- 0xc6913faeU, 0x13264c6aU, 0x060c1814U, 0x050a141eU,
- 0xc59733a4U, 0x11224466U, 0x77eec12fU, 0x7cf8ed15U,
- 0x7af4f501U, 0x78f0fd0dU, 0x366cd8b4U, 0x1c387048U,
- 0x3972e496U, 0x59b279cbU, 0x18306050U, 0x56ac45e9U,
- 0xb37bf68dU, 0xb07dfa87U, 0x244890d8U, 0x204080c0U,
- 0xb279f28bU, 0x9239724bU, 0xa35bb6edU, 0xc09d27baU,
- 0x44880d85U, 0x62c49551U, 0x10204060U, 0xb475ea9fU,
- 0x84152a3fU, 0x43861197U, 0x933b764dU, 0xc2992fb6U,
- 0x4a9435a1U, 0xbd67cea9U, 0x8f030605U, 0x2d5ab4eeU,
- 0xbc65caafU, 0x9c254a6fU, 0x6ad4b561U, 0x40801d9dU,
- 0xcf831b98U, 0xa259b2ebU, 0x801d3a27U, 0x4f9e21bfU,
- 0x1f3e7c42U, 0xca890f86U, 0xaa4992dbU, 0x42841591U,
-};
-
-static const ulong32 T1[256] = {
- 0x69babbd2U, 0xa854e54dU, 0x5e2fe2bcU, 0xe87425cdU,
- 0xa653f751U, 0xbbd3d06bU, 0xb9d2d66fU, 0x9a4db329U,
- 0xa050fd5dU, 0x45accf8aU, 0x078d090eU, 0x63bfa5c6U,
- 0xe0703dddU, 0xa452f155U, 0x299a7b52U, 0x984cb52dU,
- 0xc9ea468fU, 0xb7d5c473U, 0x33975566U, 0xbfd1dc63U,
- 0x6633aaccU, 0xa251fb59U, 0xb65bc771U, 0x51a6f3a2U,
- 0xa1defe5fU, 0x9048ad3dU, 0x4da8d79aU, 0x2f99715eU,
- 0xabdbe04bU, 0x6432acc8U, 0x73b795e6U, 0xe5fc32d7U,
- 0xdbe370abU, 0x219e6342U, 0x3f91417eU, 0x2b9b7d56U,
- 0xd9e276afU, 0x6bbbbdd6U, 0x82419b19U, 0xdc6e79a5U,
- 0x57a5f9aeU, 0x8bcb800bU, 0xd66b67b1U, 0x3795596eU,
- 0x5fa1e1beU, 0xfbf310ebU, 0x7fb181feU, 0x04020c08U,
- 0x85cc9217U, 0x95c4a237U, 0x3a1d4e74U, 0x28147850U,
- 0x9bc3b02bU, 0xc6635791U, 0xa9dae64fU, 0xba5dd369U,
- 0xbe5fdf61U, 0xa5dcf257U, 0xfa7d13e9U, 0x87cd9413U,
- 0xfe7f1fe1U, 0xb45ac175U, 0xd86c75adU, 0xb85cd56dU,
- 0xf3f708fbU, 0x4c26d498U, 0xe3ff38dbU, 0xc7ed5493U,
- 0xcde84a87U, 0x279d694eU, 0xde6f7fa1U, 0x018e0302U,
- 0x32195664U, 0x5da0e7baU, 0xfdf01ae7U, 0x0f89111eU,
- 0x1e0f223cU, 0x0e07121cU, 0x43afc586U, 0xebfb20cbU,
- 0x10083020U, 0x2a157e54U, 0x1a0d2e34U, 0x08041810U,
- 0x02010604U, 0xc864458dU, 0xa3dff85bU, 0xec7629c5U,
- 0xf2790bf9U, 0xa7ddf453U, 0x7a3d8ef4U, 0x2c167458U,
- 0x7e3f82fcU, 0x6e37b2dcU, 0xda6d73a9U, 0x703890e0U,
- 0x6fb9b1deU, 0xe67337d1U, 0xcfe94c83U, 0x6a35bed4U,
- 0xaa55e349U, 0xe2713bd9U, 0xf67b07f1U, 0x058c0f0aU,
- 0xe47231d5U, 0x0d88171aU, 0xf1f60effU, 0x542afca8U,
- 0x7c3e84f8U, 0xbc5ed965U, 0x4e27d29cU, 0x8c468905U,
- 0x180c2830U, 0xca654389U, 0xd0686dbdU, 0xc2615b99U,
- 0x06030a0cU, 0x9fc1bc23U, 0xae57ef41U, 0xb1d6ce7fU,
- 0xafd9ec43U, 0xb058cd7dU, 0xadd8ea47U, 0xcc664985U,
- 0xb3d7c87bU, 0x743a9ce8U, 0x8dc88a07U, 0x783c88f0U,
- 0xe9fa26cfU, 0x31965362U, 0x53a7f5a6U, 0x2d98775aU,
- 0xc5ec5297U, 0x6db8b7daU, 0x93c7a83bU, 0x41aec382U,
- 0xd2696bb9U, 0x964ba731U, 0x4babdd96U, 0x4fa9d19eU,
- 0xce674f81U, 0x140a3c28U, 0x8e478f01U, 0xf9f216efU,
- 0x77b599eeU, 0x4422cc88U, 0xd7e564b3U, 0xc1ee5e9fU,
- 0x61bea3c2U, 0x562bfaacU, 0x1f81213eU, 0x24126c48U,
- 0x1b832d36U, 0x361b5a6cU, 0x1c0e2438U, 0x4623ca8cU,
- 0xf7f504f3U, 0x8a458309U, 0x4221c684U, 0x81ce9e1fU,
- 0x9249ab39U, 0x582ce8b0U, 0xeff92cc3U, 0xd1e66ebfU,
- 0x71b693e2U, 0x5028f0a0U, 0x2e17725cU, 0x19822b32U,
- 0x341a5c68U, 0x0b8b1d16U, 0xe1fe3edfU, 0x098a1b12U,
- 0x12093624U, 0x8fc98c03U, 0x13873526U, 0x9c4eb925U,
- 0xdfe17ca3U, 0x5c2ee4b8U, 0xd5e462b7U, 0xdde07aa7U,
- 0xcbeb408bU, 0x3d90477aU, 0x55a4ffaaU, 0x3c1e4478U,
- 0x1785392eU, 0xc0605d9dU, 0x00000000U, 0x4a25de94U,
- 0xf5f402f7U, 0xfff11ce3U, 0x35945f6aU, 0x160b3a2cU,
- 0xd3e768bbU, 0xea7523c9U, 0xc3ef589bU, 0x6834b8d0U,
- 0x6231a6c4U, 0xb5d4c277U, 0xbdd0da67U, 0x11863322U,
- 0xfc7e19e5U, 0x47adc98eU, 0xe7fd34d3U, 0x5229f6a4U,
- 0x6030a0c0U, 0x763b9aecU, 0x239f6546U, 0xedf82ac7U,
- 0x91c6ae3fU, 0x26136a4cU, 0x0c061418U, 0x0a051e14U,
- 0x97c5a433U, 0x22116644U, 0xee772fc1U, 0xf87c15edU,
- 0xf47a01f5U, 0xf0780dfdU, 0x6c36b4d8U, 0x381c4870U,
- 0x723996e4U, 0xb259cb79U, 0x30185060U, 0xac56e945U,
- 0x7bb38df6U, 0x7db087faU, 0x4824d890U, 0x4020c080U,
- 0x79b28bf2U, 0x39924b72U, 0x5ba3edb6U, 0x9dc0ba27U,
- 0x8844850dU, 0xc4625195U, 0x20106040U, 0x75b49feaU,
- 0x15843f2aU, 0x86439711U, 0x3b934d76U, 0x99c2b62fU,
- 0x944aa135U, 0x67bda9ceU, 0x038f0506U, 0x5a2deeb4U,
- 0x65bcafcaU, 0x259c6f4aU, 0xd46a61b5U, 0x80409d1dU,
- 0x83cf981bU, 0x59a2ebb2U, 0x1d80273aU, 0x9e4fbf21U,
- 0x3e1f427cU, 0x89ca860fU, 0x49aadb92U, 0x84429115U,
-};
-
-static const ulong32 T2[256] = {
- 0xd2bbba69U, 0x4de554a8U, 0xbce22f5eU, 0xcd2574e8U,
- 0x51f753a6U, 0x6bd0d3bbU, 0x6fd6d2b9U, 0x29b34d9aU,
- 0x5dfd50a0U, 0x8acfac45U, 0x0e098d07U, 0xc6a5bf63U,
- 0xdd3d70e0U, 0x55f152a4U, 0x527b9a29U, 0x2db54c98U,
- 0x8f46eac9U, 0x73c4d5b7U, 0x66559733U, 0x63dcd1bfU,
- 0xccaa3366U, 0x59fb51a2U, 0x71c75bb6U, 0xa2f3a651U,
- 0x5ffedea1U, 0x3dad4890U, 0x9ad7a84dU, 0x5e71992fU,
- 0x4be0dbabU, 0xc8ac3264U, 0xe695b773U, 0xd732fce5U,
- 0xab70e3dbU, 0x42639e21U, 0x7e41913fU, 0x567d9b2bU,
- 0xaf76e2d9U, 0xd6bdbb6bU, 0x199b4182U, 0xa5796edcU,
- 0xaef9a557U, 0x0b80cb8bU, 0xb1676bd6U, 0x6e599537U,
- 0xbee1a15fU, 0xeb10f3fbU, 0xfe81b17fU, 0x080c0204U,
- 0x1792cc85U, 0x37a2c495U, 0x744e1d3aU, 0x50781428U,
- 0x2bb0c39bU, 0x915763c6U, 0x4fe6daa9U, 0x69d35dbaU,
- 0x61df5fbeU, 0x57f2dca5U, 0xe9137dfaU, 0x1394cd87U,
- 0xe11f7ffeU, 0x75c15ab4U, 0xad756cd8U, 0x6dd55cb8U,
- 0xfb08f7f3U, 0x98d4264cU, 0xdb38ffe3U, 0x9354edc7U,
- 0x874ae8cdU, 0x4e699d27U, 0xa17f6fdeU, 0x02038e01U,
- 0x64561932U, 0xbae7a05dU, 0xe71af0fdU, 0x1e11890fU,
- 0x3c220f1eU, 0x1c12070eU, 0x86c5af43U, 0xcb20fbebU,
- 0x20300810U, 0x547e152aU, 0x342e0d1aU, 0x10180408U,
- 0x04060102U, 0x8d4564c8U, 0x5bf8dfa3U, 0xc52976ecU,
- 0xf90b79f2U, 0x53f4dda7U, 0xf48e3d7aU, 0x5874162cU,
- 0xfc823f7eU, 0xdcb2376eU, 0xa9736ddaU, 0xe0903870U,
- 0xdeb1b96fU, 0xd13773e6U, 0x834ce9cfU, 0xd4be356aU,
- 0x49e355aaU, 0xd93b71e2U, 0xf1077bf6U, 0x0a0f8c05U,
- 0xd53172e4U, 0x1a17880dU, 0xff0ef6f1U, 0xa8fc2a54U,
- 0xf8843e7cU, 0x65d95ebcU, 0x9cd2274eU, 0x0589468cU,
- 0x30280c18U, 0x894365caU, 0xbd6d68d0U, 0x995b61c2U,
- 0x0c0a0306U, 0x23bcc19fU, 0x41ef57aeU, 0x7fced6b1U,
- 0x43ecd9afU, 0x7dcd58b0U, 0x47ead8adU, 0x854966ccU,
- 0x7bc8d7b3U, 0xe89c3a74U, 0x078ac88dU, 0xf0883c78U,
- 0xcf26fae9U, 0x62539631U, 0xa6f5a753U, 0x5a77982dU,
- 0x9752ecc5U, 0xdab7b86dU, 0x3ba8c793U, 0x82c3ae41U,
- 0xb96b69d2U, 0x31a74b96U, 0x96ddab4bU, 0x9ed1a94fU,
- 0x814f67ceU, 0x283c0a14U, 0x018f478eU, 0xef16f2f9U,
- 0xee99b577U, 0x88cc2244U, 0xb364e5d7U, 0x9f5eeec1U,
- 0xc2a3be61U, 0xacfa2b56U, 0x3e21811fU, 0x486c1224U,
- 0x362d831bU, 0x6c5a1b36U, 0x38240e1cU, 0x8cca2346U,
- 0xf304f5f7U, 0x0983458aU, 0x84c62142U, 0x1f9ece81U,
- 0x39ab4992U, 0xb0e82c58U, 0xc32cf9efU, 0xbf6ee6d1U,
- 0xe293b671U, 0xa0f02850U, 0x5c72172eU, 0x322b8219U,
- 0x685c1a34U, 0x161d8b0bU, 0xdf3efee1U, 0x121b8a09U,
- 0x24360912U, 0x038cc98fU, 0x26358713U, 0x25b94e9cU,
- 0xa37ce1dfU, 0xb8e42e5cU, 0xb762e4d5U, 0xa77ae0ddU,
- 0x8b40ebcbU, 0x7a47903dU, 0xaaffa455U, 0x78441e3cU,
- 0x2e398517U, 0x9d5d60c0U, 0x00000000U, 0x94de254aU,
- 0xf702f4f5U, 0xe31cf1ffU, 0x6a5f9435U, 0x2c3a0b16U,
- 0xbb68e7d3U, 0xc92375eaU, 0x9b58efc3U, 0xd0b83468U,
- 0xc4a63162U, 0x77c2d4b5U, 0x67dad0bdU, 0x22338611U,
- 0xe5197efcU, 0x8ec9ad47U, 0xd334fde7U, 0xa4f62952U,
- 0xc0a03060U, 0xec9a3b76U, 0x46659f23U, 0xc72af8edU,
- 0x3faec691U, 0x4c6a1326U, 0x1814060cU, 0x141e050aU,
- 0x33a4c597U, 0x44661122U, 0xc12f77eeU, 0xed157cf8U,
- 0xf5017af4U, 0xfd0d78f0U, 0xd8b4366cU, 0x70481c38U,
- 0xe4963972U, 0x79cb59b2U, 0x60501830U, 0x45e956acU,
- 0xf68db37bU, 0xfa87b07dU, 0x90d82448U, 0x80c02040U,
- 0xf28bb279U, 0x724b9239U, 0xb6eda35bU, 0x27bac09dU,
- 0x0d854488U, 0x955162c4U, 0x40601020U, 0xea9fb475U,
- 0x2a3f8415U, 0x11974386U, 0x764d933bU, 0x2fb6c299U,
- 0x35a14a94U, 0xcea9bd67U, 0x06058f03U, 0xb4ee2d5aU,
- 0xcaafbc65U, 0x4a6f9c25U, 0xb5616ad4U, 0x1d9d4080U,
- 0x1b98cf83U, 0xb2eba259U, 0x3a27801dU, 0x21bf4f9eU,
- 0x7c421f3eU, 0x0f86ca89U, 0x92dbaa49U, 0x15914284U,
-};
-
-static const ulong32 T3[256] = {
- 0xbbd269baU, 0xe54da854U, 0xe2bc5e2fU, 0x25cde874U,
- 0xf751a653U, 0xd06bbbd3U, 0xd66fb9d2U, 0xb3299a4dU,
- 0xfd5da050U, 0xcf8a45acU, 0x090e078dU, 0xa5c663bfU,
- 0x3ddde070U, 0xf155a452U, 0x7b52299aU, 0xb52d984cU,
- 0x468fc9eaU, 0xc473b7d5U, 0x55663397U, 0xdc63bfd1U,
- 0xaacc6633U, 0xfb59a251U, 0xc771b65bU, 0xf3a251a6U,
- 0xfe5fa1deU, 0xad3d9048U, 0xd79a4da8U, 0x715e2f99U,
- 0xe04babdbU, 0xacc86432U, 0x95e673b7U, 0x32d7e5fcU,
- 0x70abdbe3U, 0x6342219eU, 0x417e3f91U, 0x7d562b9bU,
- 0x76afd9e2U, 0xbdd66bbbU, 0x9b198241U, 0x79a5dc6eU,
- 0xf9ae57a5U, 0x800b8bcbU, 0x67b1d66bU, 0x596e3795U,
- 0xe1be5fa1U, 0x10ebfbf3U, 0x81fe7fb1U, 0x0c080402U,
- 0x921785ccU, 0xa23795c4U, 0x4e743a1dU, 0x78502814U,
- 0xb02b9bc3U, 0x5791c663U, 0xe64fa9daU, 0xd369ba5dU,
- 0xdf61be5fU, 0xf257a5dcU, 0x13e9fa7dU, 0x941387cdU,
- 0x1fe1fe7fU, 0xc175b45aU, 0x75add86cU, 0xd56db85cU,
- 0x08fbf3f7U, 0xd4984c26U, 0x38dbe3ffU, 0x5493c7edU,
- 0x4a87cde8U, 0x694e279dU, 0x7fa1de6fU, 0x0302018eU,
- 0x56643219U, 0xe7ba5da0U, 0x1ae7fdf0U, 0x111e0f89U,
- 0x223c1e0fU, 0x121c0e07U, 0xc58643afU, 0x20cbebfbU,
- 0x30201008U, 0x7e542a15U, 0x2e341a0dU, 0x18100804U,
- 0x06040201U, 0x458dc864U, 0xf85ba3dfU, 0x29c5ec76U,
- 0x0bf9f279U, 0xf453a7ddU, 0x8ef47a3dU, 0x74582c16U,
- 0x82fc7e3fU, 0xb2dc6e37U, 0x73a9da6dU, 0x90e07038U,
- 0xb1de6fb9U, 0x37d1e673U, 0x4c83cfe9U, 0xbed46a35U,
- 0xe349aa55U, 0x3bd9e271U, 0x07f1f67bU, 0x0f0a058cU,
- 0x31d5e472U, 0x171a0d88U, 0x0efff1f6U, 0xfca8542aU,
- 0x84f87c3eU, 0xd965bc5eU, 0xd29c4e27U, 0x89058c46U,
- 0x2830180cU, 0x4389ca65U, 0x6dbdd068U, 0x5b99c261U,
- 0x0a0c0603U, 0xbc239fc1U, 0xef41ae57U, 0xce7fb1d6U,
- 0xec43afd9U, 0xcd7db058U, 0xea47add8U, 0x4985cc66U,
- 0xc87bb3d7U, 0x9ce8743aU, 0x8a078dc8U, 0x88f0783cU,
- 0x26cfe9faU, 0x53623196U, 0xf5a653a7U, 0x775a2d98U,
- 0x5297c5ecU, 0xb7da6db8U, 0xa83b93c7U, 0xc38241aeU,
- 0x6bb9d269U, 0xa731964bU, 0xdd964babU, 0xd19e4fa9U,
- 0x4f81ce67U, 0x3c28140aU, 0x8f018e47U, 0x16eff9f2U,
- 0x99ee77b5U, 0xcc884422U, 0x64b3d7e5U, 0x5e9fc1eeU,
- 0xa3c261beU, 0xfaac562bU, 0x213e1f81U, 0x6c482412U,
- 0x2d361b83U, 0x5a6c361bU, 0x24381c0eU, 0xca8c4623U,
- 0x04f3f7f5U, 0x83098a45U, 0xc6844221U, 0x9e1f81ceU,
- 0xab399249U, 0xe8b0582cU, 0x2cc3eff9U, 0x6ebfd1e6U,
- 0x93e271b6U, 0xf0a05028U, 0x725c2e17U, 0x2b321982U,
- 0x5c68341aU, 0x1d160b8bU, 0x3edfe1feU, 0x1b12098aU,
- 0x36241209U, 0x8c038fc9U, 0x35261387U, 0xb9259c4eU,
- 0x7ca3dfe1U, 0xe4b85c2eU, 0x62b7d5e4U, 0x7aa7dde0U,
- 0x408bcbebU, 0x477a3d90U, 0xffaa55a4U, 0x44783c1eU,
- 0x392e1785U, 0x5d9dc060U, 0x00000000U, 0xde944a25U,
- 0x02f7f5f4U, 0x1ce3fff1U, 0x5f6a3594U, 0x3a2c160bU,
- 0x68bbd3e7U, 0x23c9ea75U, 0x589bc3efU, 0xb8d06834U,
- 0xa6c46231U, 0xc277b5d4U, 0xda67bdd0U, 0x33221186U,
- 0x19e5fc7eU, 0xc98e47adU, 0x34d3e7fdU, 0xf6a45229U,
- 0xa0c06030U, 0x9aec763bU, 0x6546239fU, 0x2ac7edf8U,
- 0xae3f91c6U, 0x6a4c2613U, 0x14180c06U, 0x1e140a05U,
- 0xa43397c5U, 0x66442211U, 0x2fc1ee77U, 0x15edf87cU,
- 0x01f5f47aU, 0x0dfdf078U, 0xb4d86c36U, 0x4870381cU,
- 0x96e47239U, 0xcb79b259U, 0x50603018U, 0xe945ac56U,
- 0x8df67bb3U, 0x87fa7db0U, 0xd8904824U, 0xc0804020U,
- 0x8bf279b2U, 0x4b723992U, 0xedb65ba3U, 0xba279dc0U,
- 0x850d8844U, 0x5195c462U, 0x60402010U, 0x9fea75b4U,
- 0x3f2a1584U, 0x97118643U, 0x4d763b93U, 0xb62f99c2U,
- 0xa135944aU, 0xa9ce67bdU, 0x0506038fU, 0xeeb45a2dU,
- 0xafca65bcU, 0x6f4a259cU, 0x61b5d46aU, 0x9d1d8040U,
- 0x981b83cfU, 0xebb259a2U, 0x273a1d80U, 0xbf219e4fU,
- 0x427c3e1fU, 0x860f89caU, 0xdb9249aaU, 0x91158442U,
-};
-
-static const ulong32 T4[256] = {
- 0xbabababaU, 0x54545454U, 0x2f2f2f2fU, 0x74747474U,
- 0x53535353U, 0xd3d3d3d3U, 0xd2d2d2d2U, 0x4d4d4d4dU,
- 0x50505050U, 0xacacacacU, 0x8d8d8d8dU, 0xbfbfbfbfU,
- 0x70707070U, 0x52525252U, 0x9a9a9a9aU, 0x4c4c4c4cU,
- 0xeaeaeaeaU, 0xd5d5d5d5U, 0x97979797U, 0xd1d1d1d1U,
- 0x33333333U, 0x51515151U, 0x5b5b5b5bU, 0xa6a6a6a6U,
- 0xdedededeU, 0x48484848U, 0xa8a8a8a8U, 0x99999999U,
- 0xdbdbdbdbU, 0x32323232U, 0xb7b7b7b7U, 0xfcfcfcfcU,
- 0xe3e3e3e3U, 0x9e9e9e9eU, 0x91919191U, 0x9b9b9b9bU,
- 0xe2e2e2e2U, 0xbbbbbbbbU, 0x41414141U, 0x6e6e6e6eU,
- 0xa5a5a5a5U, 0xcbcbcbcbU, 0x6b6b6b6bU, 0x95959595U,
- 0xa1a1a1a1U, 0xf3f3f3f3U, 0xb1b1b1b1U, 0x02020202U,
- 0xccccccccU, 0xc4c4c4c4U, 0x1d1d1d1dU, 0x14141414U,
- 0xc3c3c3c3U, 0x63636363U, 0xdadadadaU, 0x5d5d5d5dU,
- 0x5f5f5f5fU, 0xdcdcdcdcU, 0x7d7d7d7dU, 0xcdcdcdcdU,
- 0x7f7f7f7fU, 0x5a5a5a5aU, 0x6c6c6c6cU, 0x5c5c5c5cU,
- 0xf7f7f7f7U, 0x26262626U, 0xffffffffU, 0xededededU,
- 0xe8e8e8e8U, 0x9d9d9d9dU, 0x6f6f6f6fU, 0x8e8e8e8eU,
- 0x19191919U, 0xa0a0a0a0U, 0xf0f0f0f0U, 0x89898989U,
- 0x0f0f0f0fU, 0x07070707U, 0xafafafafU, 0xfbfbfbfbU,
- 0x08080808U, 0x15151515U, 0x0d0d0d0dU, 0x04040404U,
- 0x01010101U, 0x64646464U, 0xdfdfdfdfU, 0x76767676U,
- 0x79797979U, 0xddddddddU, 0x3d3d3d3dU, 0x16161616U,
- 0x3f3f3f3fU, 0x37373737U, 0x6d6d6d6dU, 0x38383838U,
- 0xb9b9b9b9U, 0x73737373U, 0xe9e9e9e9U, 0x35353535U,
- 0x55555555U, 0x71717171U, 0x7b7b7b7bU, 0x8c8c8c8cU,
- 0x72727272U, 0x88888888U, 0xf6f6f6f6U, 0x2a2a2a2aU,
- 0x3e3e3e3eU, 0x5e5e5e5eU, 0x27272727U, 0x46464646U,
- 0x0c0c0c0cU, 0x65656565U, 0x68686868U, 0x61616161U,
- 0x03030303U, 0xc1c1c1c1U, 0x57575757U, 0xd6d6d6d6U,
- 0xd9d9d9d9U, 0x58585858U, 0xd8d8d8d8U, 0x66666666U,
- 0xd7d7d7d7U, 0x3a3a3a3aU, 0xc8c8c8c8U, 0x3c3c3c3cU,
- 0xfafafafaU, 0x96969696U, 0xa7a7a7a7U, 0x98989898U,
- 0xececececU, 0xb8b8b8b8U, 0xc7c7c7c7U, 0xaeaeaeaeU,
- 0x69696969U, 0x4b4b4b4bU, 0xababababU, 0xa9a9a9a9U,
- 0x67676767U, 0x0a0a0a0aU, 0x47474747U, 0xf2f2f2f2U,
- 0xb5b5b5b5U, 0x22222222U, 0xe5e5e5e5U, 0xeeeeeeeeU,
- 0xbebebebeU, 0x2b2b2b2bU, 0x81818181U, 0x12121212U,
- 0x83838383U, 0x1b1b1b1bU, 0x0e0e0e0eU, 0x23232323U,
- 0xf5f5f5f5U, 0x45454545U, 0x21212121U, 0xcecececeU,
- 0x49494949U, 0x2c2c2c2cU, 0xf9f9f9f9U, 0xe6e6e6e6U,
- 0xb6b6b6b6U, 0x28282828U, 0x17171717U, 0x82828282U,
- 0x1a1a1a1aU, 0x8b8b8b8bU, 0xfefefefeU, 0x8a8a8a8aU,
- 0x09090909U, 0xc9c9c9c9U, 0x87878787U, 0x4e4e4e4eU,
- 0xe1e1e1e1U, 0x2e2e2e2eU, 0xe4e4e4e4U, 0xe0e0e0e0U,
- 0xebebebebU, 0x90909090U, 0xa4a4a4a4U, 0x1e1e1e1eU,
- 0x85858585U, 0x60606060U, 0x00000000U, 0x25252525U,
- 0xf4f4f4f4U, 0xf1f1f1f1U, 0x94949494U, 0x0b0b0b0bU,
- 0xe7e7e7e7U, 0x75757575U, 0xefefefefU, 0x34343434U,
- 0x31313131U, 0xd4d4d4d4U, 0xd0d0d0d0U, 0x86868686U,
- 0x7e7e7e7eU, 0xadadadadU, 0xfdfdfdfdU, 0x29292929U,
- 0x30303030U, 0x3b3b3b3bU, 0x9f9f9f9fU, 0xf8f8f8f8U,
- 0xc6c6c6c6U, 0x13131313U, 0x06060606U, 0x05050505U,
- 0xc5c5c5c5U, 0x11111111U, 0x77777777U, 0x7c7c7c7cU,
- 0x7a7a7a7aU, 0x78787878U, 0x36363636U, 0x1c1c1c1cU,
- 0x39393939U, 0x59595959U, 0x18181818U, 0x56565656U,
- 0xb3b3b3b3U, 0xb0b0b0b0U, 0x24242424U, 0x20202020U,
- 0xb2b2b2b2U, 0x92929292U, 0xa3a3a3a3U, 0xc0c0c0c0U,
- 0x44444444U, 0x62626262U, 0x10101010U, 0xb4b4b4b4U,
- 0x84848484U, 0x43434343U, 0x93939393U, 0xc2c2c2c2U,
- 0x4a4a4a4aU, 0xbdbdbdbdU, 0x8f8f8f8fU, 0x2d2d2d2dU,
- 0xbcbcbcbcU, 0x9c9c9c9cU, 0x6a6a6a6aU, 0x40404040U,
- 0xcfcfcfcfU, 0xa2a2a2a2U, 0x80808080U, 0x4f4f4f4fU,
- 0x1f1f1f1fU, 0xcacacacaU, 0xaaaaaaaaU, 0x42424242U,
-};
-
-static const ulong32 T5[256] = {
- 0x00000000U, 0x01020608U, 0x02040c10U, 0x03060a18U,
- 0x04081820U, 0x050a1e28U, 0x060c1430U, 0x070e1238U,
- 0x08103040U, 0x09123648U, 0x0a143c50U, 0x0b163a58U,
- 0x0c182860U, 0x0d1a2e68U, 0x0e1c2470U, 0x0f1e2278U,
- 0x10206080U, 0x11226688U, 0x12246c90U, 0x13266a98U,
- 0x142878a0U, 0x152a7ea8U, 0x162c74b0U, 0x172e72b8U,
- 0x183050c0U, 0x193256c8U, 0x1a345cd0U, 0x1b365ad8U,
- 0x1c3848e0U, 0x1d3a4ee8U, 0x1e3c44f0U, 0x1f3e42f8U,
- 0x2040c01dU, 0x2142c615U, 0x2244cc0dU, 0x2346ca05U,
- 0x2448d83dU, 0x254ade35U, 0x264cd42dU, 0x274ed225U,
- 0x2850f05dU, 0x2952f655U, 0x2a54fc4dU, 0x2b56fa45U,
- 0x2c58e87dU, 0x2d5aee75U, 0x2e5ce46dU, 0x2f5ee265U,
- 0x3060a09dU, 0x3162a695U, 0x3264ac8dU, 0x3366aa85U,
- 0x3468b8bdU, 0x356abeb5U, 0x366cb4adU, 0x376eb2a5U,
- 0x387090ddU, 0x397296d5U, 0x3a749ccdU, 0x3b769ac5U,
- 0x3c7888fdU, 0x3d7a8ef5U, 0x3e7c84edU, 0x3f7e82e5U,
- 0x40809d3aU, 0x41829b32U, 0x4284912aU, 0x43869722U,
- 0x4488851aU, 0x458a8312U, 0x468c890aU, 0x478e8f02U,
- 0x4890ad7aU, 0x4992ab72U, 0x4a94a16aU, 0x4b96a762U,
- 0x4c98b55aU, 0x4d9ab352U, 0x4e9cb94aU, 0x4f9ebf42U,
- 0x50a0fdbaU, 0x51a2fbb2U, 0x52a4f1aaU, 0x53a6f7a2U,
- 0x54a8e59aU, 0x55aae392U, 0x56ace98aU, 0x57aeef82U,
- 0x58b0cdfaU, 0x59b2cbf2U, 0x5ab4c1eaU, 0x5bb6c7e2U,
- 0x5cb8d5daU, 0x5dbad3d2U, 0x5ebcd9caU, 0x5fbedfc2U,
- 0x60c05d27U, 0x61c25b2fU, 0x62c45137U, 0x63c6573fU,
- 0x64c84507U, 0x65ca430fU, 0x66cc4917U, 0x67ce4f1fU,
- 0x68d06d67U, 0x69d26b6fU, 0x6ad46177U, 0x6bd6677fU,
- 0x6cd87547U, 0x6dda734fU, 0x6edc7957U, 0x6fde7f5fU,
- 0x70e03da7U, 0x71e23bafU, 0x72e431b7U, 0x73e637bfU,
- 0x74e82587U, 0x75ea238fU, 0x76ec2997U, 0x77ee2f9fU,
- 0x78f00de7U, 0x79f20befU, 0x7af401f7U, 0x7bf607ffU,
- 0x7cf815c7U, 0x7dfa13cfU, 0x7efc19d7U, 0x7ffe1fdfU,
- 0x801d2774U, 0x811f217cU, 0x82192b64U, 0x831b2d6cU,
- 0x84153f54U, 0x8517395cU, 0x86113344U, 0x8713354cU,
- 0x880d1734U, 0x890f113cU, 0x8a091b24U, 0x8b0b1d2cU,
- 0x8c050f14U, 0x8d07091cU, 0x8e010304U, 0x8f03050cU,
- 0x903d47f4U, 0x913f41fcU, 0x92394be4U, 0x933b4decU,
- 0x94355fd4U, 0x953759dcU, 0x963153c4U, 0x973355ccU,
- 0x982d77b4U, 0x992f71bcU, 0x9a297ba4U, 0x9b2b7dacU,
- 0x9c256f94U, 0x9d27699cU, 0x9e216384U, 0x9f23658cU,
- 0xa05de769U, 0xa15fe161U, 0xa259eb79U, 0xa35bed71U,
- 0xa455ff49U, 0xa557f941U, 0xa651f359U, 0xa753f551U,
- 0xa84dd729U, 0xa94fd121U, 0xaa49db39U, 0xab4bdd31U,
- 0xac45cf09U, 0xad47c901U, 0xae41c319U, 0xaf43c511U,
- 0xb07d87e9U, 0xb17f81e1U, 0xb2798bf9U, 0xb37b8df1U,
- 0xb4759fc9U, 0xb57799c1U, 0xb67193d9U, 0xb77395d1U,
- 0xb86db7a9U, 0xb96fb1a1U, 0xba69bbb9U, 0xbb6bbdb1U,
- 0xbc65af89U, 0xbd67a981U, 0xbe61a399U, 0xbf63a591U,
- 0xc09dba4eU, 0xc19fbc46U, 0xc299b65eU, 0xc39bb056U,
- 0xc495a26eU, 0xc597a466U, 0xc691ae7eU, 0xc793a876U,
- 0xc88d8a0eU, 0xc98f8c06U, 0xca89861eU, 0xcb8b8016U,
- 0xcc85922eU, 0xcd879426U, 0xce819e3eU, 0xcf839836U,
- 0xd0bddaceU, 0xd1bfdcc6U, 0xd2b9d6deU, 0xd3bbd0d6U,
- 0xd4b5c2eeU, 0xd5b7c4e6U, 0xd6b1cefeU, 0xd7b3c8f6U,
- 0xd8adea8eU, 0xd9afec86U, 0xdaa9e69eU, 0xdbabe096U,
- 0xdca5f2aeU, 0xdda7f4a6U, 0xdea1febeU, 0xdfa3f8b6U,
- 0xe0dd7a53U, 0xe1df7c5bU, 0xe2d97643U, 0xe3db704bU,
- 0xe4d56273U, 0xe5d7647bU, 0xe6d16e63U, 0xe7d3686bU,
- 0xe8cd4a13U, 0xe9cf4c1bU, 0xeac94603U, 0xebcb400bU,
- 0xecc55233U, 0xedc7543bU, 0xeec15e23U, 0xefc3582bU,
- 0xf0fd1ad3U, 0xf1ff1cdbU, 0xf2f916c3U, 0xf3fb10cbU,
- 0xf4f502f3U, 0xf5f704fbU, 0xf6f10ee3U, 0xf7f308ebU,
- 0xf8ed2a93U, 0xf9ef2c9bU, 0xfae92683U, 0xfbeb208bU,
- 0xfce532b3U, 0xfde734bbU, 0xfee13ea3U, 0xffe338abU,
-};
-
-/**
- * The round constants.
- */
-static const ulong32 rc[] = {
- 0xba542f74U, 0x53d3d24dU, 0x50ac8dbfU, 0x70529a4cU,
- 0xead597d1U, 0x33515ba6U, 0xde48a899U, 0xdb32b7fcU,
- 0xe39e919bU, 0xe2bb416eU, 0xa5cb6b95U, 0xa1f3b102U,
- 0xccc41d14U, 0xc363da5dU, 0x5fdc7dcdU, 0x7f5a6c5cU,
- 0xf726ffedU, 0xe89d6f8eU, 0x19a0f089U,
-};
-
-
-
-#else
-
-
-static const ulong32 T0[256] = {
- 0xa753a6f5U, 0xd3bb6bd0U, 0xe6d1bf6eU, 0x71e2d93bU,
- 0xd0bd67daU, 0xac458acfU, 0x4d9a29b3U, 0x79f2f90bU,
- 0x3a74e89cU, 0xc98f038cU, 0x913f7e41U, 0xfce5d732U,
- 0x1e3c7844U, 0x478e018fU, 0x54a84de5U, 0xbd67cea9U,
- 0x8c050a0fU, 0xa557aef9U, 0x7af4f501U, 0xfbebcb20U,
- 0x63c69157U, 0xb86ddab7U, 0xdda753f4U, 0xd4b577c2U,
- 0xe5d7b364U, 0xb37bf68dU, 0xc59733a4U, 0xbe61c2a3U,
- 0xa94f9ed1U, 0x880d1a17U, 0x0c183028U, 0xa259b2ebU,
- 0x3972e496U, 0xdfa35bf8U, 0x2952a4f6U, 0xdaa94fe6U,
- 0x2b56acfaU, 0xa84d9ad7U, 0xcb8b0b80U, 0x4c982db5U,
- 0x4b9631a7U, 0x224488ccU, 0xaa4992dbU, 0x244890d8U,
- 0x4182199bU, 0x70e0dd3dU, 0xa651a2f3U, 0xf9efc32cU,
- 0x5ab475c1U, 0xe2d9af76U, 0xb07dfa87U, 0x366cd8b4U,
- 0x7dfae913U, 0xe4d5b762U, 0x3366ccaaU, 0xffe3db38U,
- 0x60c09d5dU, 0x204080c0U, 0x08102030U, 0x8b0b161dU,
- 0x5ebc65d9U, 0xab4b96ddU, 0x7ffee11fU, 0x78f0fd0dU,
- 0x7cf8ed15U, 0x2c58b0e8U, 0x57ae41efU, 0xd2b96fd6U,
- 0xdca557f2U, 0x6ddaa973U, 0x7efce519U, 0x0d1a342eU,
- 0x53a651f7U, 0x94356a5fU, 0xc39b2bb0U, 0x2850a0f0U,
- 0x274e9cd2U, 0x060c1814U, 0x5fbe61dfU, 0xad478ec9U,
- 0x67ce814fU, 0x5cb86dd5U, 0x55aa49e3U, 0x48903dadU,
- 0x0e1c3824U, 0x52a455f1U, 0xeac98f46U, 0x42841591U,
- 0x5bb671c7U, 0x5dba69d3U, 0x3060c0a0U, 0x58b07dcdU,
- 0x51a259fbU, 0x59b279cbU, 0x3c78f088U, 0x4e9c25b9U,
- 0x3870e090U, 0x8a09121bU, 0x72e4d531U, 0x14285078U,
- 0xe7d3bb68U, 0xc6913faeU, 0xdea15ffeU, 0x50a05dfdU,
- 0x8e010203U, 0x9239724bU, 0xd1bf63dcU, 0x77eec12fU,
- 0x933b764dU, 0x458a0983U, 0x9a29527bU, 0xce811f9eU,
- 0x2d5ab4eeU, 0x03060c0aU, 0x62c49551U, 0xb671e293U,
- 0xb96fdeb1U, 0xbf63c6a5U, 0x96316253U, 0x6bd6b167U,
- 0x3f7efc82U, 0x070e1c12U, 0x1224486cU, 0xae4182c3U,
- 0x40801d9dU, 0x3468d0b8U, 0x468c0589U, 0x3e7cf884U,
- 0xdbab4be0U, 0xcf831b98U, 0xecc59752U, 0xcc851792U,
- 0xc19f23bcU, 0xa15fbee1U, 0xc09d27baU, 0xd6b17fceU,
- 0x1d3a744eU, 0xf4f5f702U, 0x61c2995bU, 0x3b76ec9aU,
- 0x10204060U, 0xd8ad47eaU, 0x68d0bd6dU, 0xa05dbae7U,
- 0xb17ffe81U, 0x0a14283cU, 0x69d2b96bU, 0x6cd8ad75U,
- 0x499239abU, 0xfae9cf26U, 0x76ecc529U, 0xc49537a2U,
- 0x9e214263U, 0x9b2b567dU, 0x6edca579U, 0x992f5e71U,
- 0xc2992fb6U, 0xb773e695U, 0x982d5a77U, 0xbc65caafU,
- 0x8f030605U, 0x85172e39U, 0x1f3e7c42U, 0xb475ea9fU,
- 0xf8edc72aU, 0x11224466U, 0x2e5cb8e4U, 0x00000000U,
- 0x254a94deU, 0x1c387048U, 0x2a54a8fcU, 0x3d7af48eU,
- 0x050a141eU, 0x4f9e21bfU, 0x7bf6f107U, 0xb279f28bU,
- 0x3264c8acU, 0x903d7a47U, 0xaf4386c5U, 0x19326456U,
- 0xa35bb6edU, 0xf7f3fb08U, 0x73e6d137U, 0x9d274e69U,
- 0x152a547eU, 0x74e8cd25U, 0xeec19f5eU, 0xca890f86U,
- 0x9f234665U, 0x0f1e3c22U, 0x1b366c5aU, 0x75eac923U,
- 0x86112233U, 0x84152a3fU, 0x9c254a6fU, 0x4a9435a1U,
- 0x97336655U, 0x1a34685cU, 0x65ca8943U, 0xf6f1ff0eU,
- 0xedc79354U, 0x09122436U, 0xbb6bd6bdU, 0x264c98d4U,
- 0x831b362dU, 0xebcb8b40U, 0x6fdea17fU, 0x811f3e21U,
- 0x04081018U, 0x6ad4b561U, 0x43861197U, 0x01020406U,
- 0x172e5c72U, 0xe1dfa37cU, 0x87132635U, 0xf5f7f304U,
- 0x8d070e09U, 0xe3dbab70U, 0x23468ccaU, 0x801d3a27U,
- 0x44880d85U, 0x162c5874U, 0x66cc8549U, 0x214284c6U,
- 0xfee1df3eU, 0xd5b773c4U, 0x3162c4a6U, 0xd9af43ecU,
- 0x356ad4beU, 0x18306050U, 0x0204080cU, 0x64c88d45U,
- 0xf2f9ef16U, 0xf1ffe31cU, 0x56ac45e9U, 0xcd871394U,
- 0x8219322bU, 0xc88d078aU, 0xba69d2bbU, 0xf0fde71aU,
- 0xefc39b58U, 0xe9cf834cU, 0xe8cd874aU, 0xfde7d334U,
- 0x890f1e11U, 0xd7b37bc8U, 0xc7933ba8U, 0xb577ee99U,
- 0xa455aaffU, 0x2f5ebce2U, 0x95376e59U, 0x13264c6aU,
- 0x0b162c3aU, 0xf3fbeb10U, 0xe0dda77aU, 0x376edcb2U,
-};
-
-static const ulong32 T1[256] = {
- 0x53a7f5a6U, 0xbbd3d06bU, 0xd1e66ebfU, 0xe2713bd9U,
- 0xbdd0da67U, 0x45accf8aU, 0x9a4db329U, 0xf2790bf9U,
- 0x743a9ce8U, 0x8fc98c03U, 0x3f91417eU, 0xe5fc32d7U,
- 0x3c1e4478U, 0x8e478f01U, 0xa854e54dU, 0x67bda9ceU,
- 0x058c0f0aU, 0x57a5f9aeU, 0xf47a01f5U, 0xebfb20cbU,
- 0xc6635791U, 0x6db8b7daU, 0xa7ddf453U, 0xb5d4c277U,
- 0xd7e564b3U, 0x7bb38df6U, 0x97c5a433U, 0x61bea3c2U,
- 0x4fa9d19eU, 0x0d88171aU, 0x180c2830U, 0x59a2ebb2U,
- 0x723996e4U, 0xa3dff85bU, 0x5229f6a4U, 0xa9dae64fU,
- 0x562bfaacU, 0x4da8d79aU, 0x8bcb800bU, 0x984cb52dU,
- 0x964ba731U, 0x4422cc88U, 0x49aadb92U, 0x4824d890U,
- 0x82419b19U, 0xe0703dddU, 0x51a6f3a2U, 0xeff92cc3U,
- 0xb45ac175U, 0xd9e276afU, 0x7db087faU, 0x6c36b4d8U,
- 0xfa7d13e9U, 0xd5e462b7U, 0x6633aaccU, 0xe3ff38dbU,
- 0xc0605d9dU, 0x4020c080U, 0x10083020U, 0x0b8b1d16U,
- 0xbc5ed965U, 0x4babdd96U, 0xfe7f1fe1U, 0xf0780dfdU,
- 0xf87c15edU, 0x582ce8b0U, 0xae57ef41U, 0xb9d2d66fU,
- 0xa5dcf257U, 0xda6d73a9U, 0xfc7e19e5U, 0x1a0d2e34U,
- 0xa653f751U, 0x35945f6aU, 0x9bc3b02bU, 0x5028f0a0U,
- 0x4e27d29cU, 0x0c061418U, 0xbe5fdf61U, 0x47adc98eU,
- 0xce674f81U, 0xb85cd56dU, 0xaa55e349U, 0x9048ad3dU,
- 0x1c0e2438U, 0xa452f155U, 0xc9ea468fU, 0x84429115U,
- 0xb65bc771U, 0xba5dd369U, 0x6030a0c0U, 0xb058cd7dU,
- 0xa251fb59U, 0xb259cb79U, 0x783c88f0U, 0x9c4eb925U,
- 0x703890e0U, 0x098a1b12U, 0xe47231d5U, 0x28147850U,
- 0xd3e768bbU, 0x91c6ae3fU, 0xa1defe5fU, 0xa050fd5dU,
- 0x018e0302U, 0x39924b72U, 0xbfd1dc63U, 0xee772fc1U,
- 0x3b934d76U, 0x8a458309U, 0x299a7b52U, 0x81ce9e1fU,
- 0x5a2deeb4U, 0x06030a0cU, 0xc4625195U, 0x71b693e2U,
- 0x6fb9b1deU, 0x63bfa5c6U, 0x31965362U, 0xd66b67b1U,
- 0x7e3f82fcU, 0x0e07121cU, 0x24126c48U, 0x41aec382U,
- 0x80409d1dU, 0x6834b8d0U, 0x8c468905U, 0x7c3e84f8U,
- 0xabdbe04bU, 0x83cf981bU, 0xc5ec5297U, 0x85cc9217U,
- 0x9fc1bc23U, 0x5fa1e1beU, 0x9dc0ba27U, 0xb1d6ce7fU,
- 0x3a1d4e74U, 0xf5f402f7U, 0xc2615b99U, 0x763b9aecU,
- 0x20106040U, 0xadd8ea47U, 0xd0686dbdU, 0x5da0e7baU,
- 0x7fb181feU, 0x140a3c28U, 0xd2696bb9U, 0xd86c75adU,
- 0x9249ab39U, 0xe9fa26cfU, 0xec7629c5U, 0x95c4a237U,
- 0x219e6342U, 0x2b9b7d56U, 0xdc6e79a5U, 0x2f99715eU,
- 0x99c2b62fU, 0x73b795e6U, 0x2d98775aU, 0x65bcafcaU,
- 0x038f0506U, 0x1785392eU, 0x3e1f427cU, 0x75b49feaU,
- 0xedf82ac7U, 0x22116644U, 0x5c2ee4b8U, 0x00000000U,
- 0x4a25de94U, 0x381c4870U, 0x542afca8U, 0x7a3d8ef4U,
- 0x0a051e14U, 0x9e4fbf21U, 0xf67b07f1U, 0x79b28bf2U,
- 0x6432acc8U, 0x3d90477aU, 0x43afc586U, 0x32195664U,
- 0x5ba3edb6U, 0xf3f708fbU, 0xe67337d1U, 0x279d694eU,
- 0x2a157e54U, 0xe87425cdU, 0xc1ee5e9fU, 0x89ca860fU,
- 0x239f6546U, 0x1e0f223cU, 0x361b5a6cU, 0xea7523c9U,
- 0x11863322U, 0x15843f2aU, 0x259c6f4aU, 0x944aa135U,
- 0x33975566U, 0x341a5c68U, 0xca654389U, 0xf1f60effU,
- 0xc7ed5493U, 0x12093624U, 0x6bbbbdd6U, 0x4c26d498U,
- 0x1b832d36U, 0xcbeb408bU, 0xde6f7fa1U, 0x1f81213eU,
- 0x08041810U, 0xd46a61b5U, 0x86439711U, 0x02010604U,
- 0x2e17725cU, 0xdfe17ca3U, 0x13873526U, 0xf7f504f3U,
- 0x078d090eU, 0xdbe370abU, 0x4623ca8cU, 0x1d80273aU,
- 0x8844850dU, 0x2c167458U, 0xcc664985U, 0x4221c684U,
- 0xe1fe3edfU, 0xb7d5c473U, 0x6231a6c4U, 0xafd9ec43U,
- 0x6a35bed4U, 0x30185060U, 0x04020c08U, 0xc864458dU,
- 0xf9f216efU, 0xfff11ce3U, 0xac56e945U, 0x87cd9413U,
- 0x19822b32U, 0x8dc88a07U, 0x69babbd2U, 0xfdf01ae7U,
- 0xc3ef589bU, 0xcfe94c83U, 0xcde84a87U, 0xe7fd34d3U,
- 0x0f89111eU, 0xb3d7c87bU, 0x93c7a83bU, 0x77b599eeU,
- 0x55a4ffaaU, 0x5e2fe2bcU, 0x3795596eU, 0x26136a4cU,
- 0x160b3a2cU, 0xfbf310ebU, 0xdde07aa7U, 0x6e37b2dcU,
-};
-
-static const ulong32 T2[256] = {
- 0xa6f5a753U, 0x6bd0d3bbU, 0xbf6ee6d1U, 0xd93b71e2U,
- 0x67dad0bdU, 0x8acfac45U, 0x29b34d9aU, 0xf90b79f2U,
- 0xe89c3a74U, 0x038cc98fU, 0x7e41913fU, 0xd732fce5U,
- 0x78441e3cU, 0x018f478eU, 0x4de554a8U, 0xcea9bd67U,
- 0x0a0f8c05U, 0xaef9a557U, 0xf5017af4U, 0xcb20fbebU,
- 0x915763c6U, 0xdab7b86dU, 0x53f4dda7U, 0x77c2d4b5U,
- 0xb364e5d7U, 0xf68db37bU, 0x33a4c597U, 0xc2a3be61U,
- 0x9ed1a94fU, 0x1a17880dU, 0x30280c18U, 0xb2eba259U,
- 0xe4963972U, 0x5bf8dfa3U, 0xa4f62952U, 0x4fe6daa9U,
- 0xacfa2b56U, 0x9ad7a84dU, 0x0b80cb8bU, 0x2db54c98U,
- 0x31a74b96U, 0x88cc2244U, 0x92dbaa49U, 0x90d82448U,
- 0x199b4182U, 0xdd3d70e0U, 0xa2f3a651U, 0xc32cf9efU,
- 0x75c15ab4U, 0xaf76e2d9U, 0xfa87b07dU, 0xd8b4366cU,
- 0xe9137dfaU, 0xb762e4d5U, 0xccaa3366U, 0xdb38ffe3U,
- 0x9d5d60c0U, 0x80c02040U, 0x20300810U, 0x161d8b0bU,
- 0x65d95ebcU, 0x96ddab4bU, 0xe11f7ffeU, 0xfd0d78f0U,
- 0xed157cf8U, 0xb0e82c58U, 0x41ef57aeU, 0x6fd6d2b9U,
- 0x57f2dca5U, 0xa9736ddaU, 0xe5197efcU, 0x342e0d1aU,
- 0x51f753a6U, 0x6a5f9435U, 0x2bb0c39bU, 0xa0f02850U,
- 0x9cd2274eU, 0x1814060cU, 0x61df5fbeU, 0x8ec9ad47U,
- 0x814f67ceU, 0x6dd55cb8U, 0x49e355aaU, 0x3dad4890U,
- 0x38240e1cU, 0x55f152a4U, 0x8f46eac9U, 0x15914284U,
- 0x71c75bb6U, 0x69d35dbaU, 0xc0a03060U, 0x7dcd58b0U,
- 0x59fb51a2U, 0x79cb59b2U, 0xf0883c78U, 0x25b94e9cU,
- 0xe0903870U, 0x121b8a09U, 0xd53172e4U, 0x50781428U,
- 0xbb68e7d3U, 0x3faec691U, 0x5ffedea1U, 0x5dfd50a0U,
- 0x02038e01U, 0x724b9239U, 0x63dcd1bfU, 0xc12f77eeU,
- 0x764d933bU, 0x0983458aU, 0x527b9a29U, 0x1f9ece81U,
- 0xb4ee2d5aU, 0x0c0a0306U, 0x955162c4U, 0xe293b671U,
- 0xdeb1b96fU, 0xc6a5bf63U, 0x62539631U, 0xb1676bd6U,
- 0xfc823f7eU, 0x1c12070eU, 0x486c1224U, 0x82c3ae41U,
- 0x1d9d4080U, 0xd0b83468U, 0x0589468cU, 0xf8843e7cU,
- 0x4be0dbabU, 0x1b98cf83U, 0x9752ecc5U, 0x1792cc85U,
- 0x23bcc19fU, 0xbee1a15fU, 0x27bac09dU, 0x7fced6b1U,
- 0x744e1d3aU, 0xf702f4f5U, 0x995b61c2U, 0xec9a3b76U,
- 0x40601020U, 0x47ead8adU, 0xbd6d68d0U, 0xbae7a05dU,
- 0xfe81b17fU, 0x283c0a14U, 0xb96b69d2U, 0xad756cd8U,
- 0x39ab4992U, 0xcf26fae9U, 0xc52976ecU, 0x37a2c495U,
- 0x42639e21U, 0x567d9b2bU, 0xa5796edcU, 0x5e71992fU,
- 0x2fb6c299U, 0xe695b773U, 0x5a77982dU, 0xcaafbc65U,
- 0x06058f03U, 0x2e398517U, 0x7c421f3eU, 0xea9fb475U,
- 0xc72af8edU, 0x44661122U, 0xb8e42e5cU, 0x00000000U,
- 0x94de254aU, 0x70481c38U, 0xa8fc2a54U, 0xf48e3d7aU,
- 0x141e050aU, 0x21bf4f9eU, 0xf1077bf6U, 0xf28bb279U,
- 0xc8ac3264U, 0x7a47903dU, 0x86c5af43U, 0x64561932U,
- 0xb6eda35bU, 0xfb08f7f3U, 0xd13773e6U, 0x4e699d27U,
- 0x547e152aU, 0xcd2574e8U, 0x9f5eeec1U, 0x0f86ca89U,
- 0x46659f23U, 0x3c220f1eU, 0x6c5a1b36U, 0xc92375eaU,
- 0x22338611U, 0x2a3f8415U, 0x4a6f9c25U, 0x35a14a94U,
- 0x66559733U, 0x685c1a34U, 0x894365caU, 0xff0ef6f1U,
- 0x9354edc7U, 0x24360912U, 0xd6bdbb6bU, 0x98d4264cU,
- 0x362d831bU, 0x8b40ebcbU, 0xa17f6fdeU, 0x3e21811fU,
- 0x10180408U, 0xb5616ad4U, 0x11974386U, 0x04060102U,
- 0x5c72172eU, 0xa37ce1dfU, 0x26358713U, 0xf304f5f7U,
- 0x0e098d07U, 0xab70e3dbU, 0x8cca2346U, 0x3a27801dU,
- 0x0d854488U, 0x5874162cU, 0x854966ccU, 0x84c62142U,
- 0xdf3efee1U, 0x73c4d5b7U, 0xc4a63162U, 0x43ecd9afU,
- 0xd4be356aU, 0x60501830U, 0x080c0204U, 0x8d4564c8U,
- 0xef16f2f9U, 0xe31cf1ffU, 0x45e956acU, 0x1394cd87U,
- 0x322b8219U, 0x078ac88dU, 0xd2bbba69U, 0xe71af0fdU,
- 0x9b58efc3U, 0x834ce9cfU, 0x874ae8cdU, 0xd334fde7U,
- 0x1e11890fU, 0x7bc8d7b3U, 0x3ba8c793U, 0xee99b577U,
- 0xaaffa455U, 0xbce22f5eU, 0x6e599537U, 0x4c6a1326U,
- 0x2c3a0b16U, 0xeb10f3fbU, 0xa77ae0ddU, 0xdcb2376eU,
-};
-
-static const ulong32 T3[256] = {
- 0xf5a653a7U, 0xd06bbbd3U, 0x6ebfd1e6U, 0x3bd9e271U,
- 0xda67bdd0U, 0xcf8a45acU, 0xb3299a4dU, 0x0bf9f279U,
- 0x9ce8743aU, 0x8c038fc9U, 0x417e3f91U, 0x32d7e5fcU,
- 0x44783c1eU, 0x8f018e47U, 0xe54da854U, 0xa9ce67bdU,
- 0x0f0a058cU, 0xf9ae57a5U, 0x01f5f47aU, 0x20cbebfbU,
- 0x5791c663U, 0xb7da6db8U, 0xf453a7ddU, 0xc277b5d4U,
- 0x64b3d7e5U, 0x8df67bb3U, 0xa43397c5U, 0xa3c261beU,
- 0xd19e4fa9U, 0x171a0d88U, 0x2830180cU, 0xebb259a2U,
- 0x96e47239U, 0xf85ba3dfU, 0xf6a45229U, 0xe64fa9daU,
- 0xfaac562bU, 0xd79a4da8U, 0x800b8bcbU, 0xb52d984cU,
- 0xa731964bU, 0xcc884422U, 0xdb9249aaU, 0xd8904824U,
- 0x9b198241U, 0x3ddde070U, 0xf3a251a6U, 0x2cc3eff9U,
- 0xc175b45aU, 0x76afd9e2U, 0x87fa7db0U, 0xb4d86c36U,
- 0x13e9fa7dU, 0x62b7d5e4U, 0xaacc6633U, 0x38dbe3ffU,
- 0x5d9dc060U, 0xc0804020U, 0x30201008U, 0x1d160b8bU,
- 0xd965bc5eU, 0xdd964babU, 0x1fe1fe7fU, 0x0dfdf078U,
- 0x15edf87cU, 0xe8b0582cU, 0xef41ae57U, 0xd66fb9d2U,
- 0xf257a5dcU, 0x73a9da6dU, 0x19e5fc7eU, 0x2e341a0dU,
- 0xf751a653U, 0x5f6a3594U, 0xb02b9bc3U, 0xf0a05028U,
- 0xd29c4e27U, 0x14180c06U, 0xdf61be5fU, 0xc98e47adU,
- 0x4f81ce67U, 0xd56db85cU, 0xe349aa55U, 0xad3d9048U,
- 0x24381c0eU, 0xf155a452U, 0x468fc9eaU, 0x91158442U,
- 0xc771b65bU, 0xd369ba5dU, 0xa0c06030U, 0xcd7db058U,
- 0xfb59a251U, 0xcb79b259U, 0x88f0783cU, 0xb9259c4eU,
- 0x90e07038U, 0x1b12098aU, 0x31d5e472U, 0x78502814U,
- 0x68bbd3e7U, 0xae3f91c6U, 0xfe5fa1deU, 0xfd5da050U,
- 0x0302018eU, 0x4b723992U, 0xdc63bfd1U, 0x2fc1ee77U,
- 0x4d763b93U, 0x83098a45U, 0x7b52299aU, 0x9e1f81ceU,
- 0xeeb45a2dU, 0x0a0c0603U, 0x5195c462U, 0x93e271b6U,
- 0xb1de6fb9U, 0xa5c663bfU, 0x53623196U, 0x67b1d66bU,
- 0x82fc7e3fU, 0x121c0e07U, 0x6c482412U, 0xc38241aeU,
- 0x9d1d8040U, 0xb8d06834U, 0x89058c46U, 0x84f87c3eU,
- 0xe04babdbU, 0x981b83cfU, 0x5297c5ecU, 0x921785ccU,
- 0xbc239fc1U, 0xe1be5fa1U, 0xba279dc0U, 0xce7fb1d6U,
- 0x4e743a1dU, 0x02f7f5f4U, 0x5b99c261U, 0x9aec763bU,
- 0x60402010U, 0xea47add8U, 0x6dbdd068U, 0xe7ba5da0U,
- 0x81fe7fb1U, 0x3c28140aU, 0x6bb9d269U, 0x75add86cU,
- 0xab399249U, 0x26cfe9faU, 0x29c5ec76U, 0xa23795c4U,
- 0x6342219eU, 0x7d562b9bU, 0x79a5dc6eU, 0x715e2f99U,
- 0xb62f99c2U, 0x95e673b7U, 0x775a2d98U, 0xafca65bcU,
- 0x0506038fU, 0x392e1785U, 0x427c3e1fU, 0x9fea75b4U,
- 0x2ac7edf8U, 0x66442211U, 0xe4b85c2eU, 0x00000000U,
- 0xde944a25U, 0x4870381cU, 0xfca8542aU, 0x8ef47a3dU,
- 0x1e140a05U, 0xbf219e4fU, 0x07f1f67bU, 0x8bf279b2U,
- 0xacc86432U, 0x477a3d90U, 0xc58643afU, 0x56643219U,
- 0xedb65ba3U, 0x08fbf3f7U, 0x37d1e673U, 0x694e279dU,
- 0x7e542a15U, 0x25cde874U, 0x5e9fc1eeU, 0x860f89caU,
- 0x6546239fU, 0x223c1e0fU, 0x5a6c361bU, 0x23c9ea75U,
- 0x33221186U, 0x3f2a1584U, 0x6f4a259cU, 0xa135944aU,
- 0x55663397U, 0x5c68341aU, 0x4389ca65U, 0x0efff1f6U,
- 0x5493c7edU, 0x36241209U, 0xbdd66bbbU, 0xd4984c26U,
- 0x2d361b83U, 0x408bcbebU, 0x7fa1de6fU, 0x213e1f81U,
- 0x18100804U, 0x61b5d46aU, 0x97118643U, 0x06040201U,
- 0x725c2e17U, 0x7ca3dfe1U, 0x35261387U, 0x04f3f7f5U,
- 0x090e078dU, 0x70abdbe3U, 0xca8c4623U, 0x273a1d80U,
- 0x850d8844U, 0x74582c16U, 0x4985cc66U, 0xc6844221U,
- 0x3edfe1feU, 0xc473b7d5U, 0xa6c46231U, 0xec43afd9U,
- 0xbed46a35U, 0x50603018U, 0x0c080402U, 0x458dc864U,
- 0x16eff9f2U, 0x1ce3fff1U, 0xe945ac56U, 0x941387cdU,
- 0x2b321982U, 0x8a078dc8U, 0xbbd269baU, 0x1ae7fdf0U,
- 0x589bc3efU, 0x4c83cfe9U, 0x4a87cde8U, 0x34d3e7fdU,
- 0x111e0f89U, 0xc87bb3d7U, 0xa83b93c7U, 0x99ee77b5U,
- 0xffaa55a4U, 0xe2bc5e2fU, 0x596e3795U, 0x6a4c2613U,
- 0x3a2c160bU, 0x10ebfbf3U, 0x7aa7dde0U, 0xb2dc6e37U,
-};
-
-static const ulong32 T4[256] = {
- 0xa7a7a7a7U, 0xd3d3d3d3U, 0xe6e6e6e6U, 0x71717171U,
- 0xd0d0d0d0U, 0xacacacacU, 0x4d4d4d4dU, 0x79797979U,
- 0x3a3a3a3aU, 0xc9c9c9c9U, 0x91919191U, 0xfcfcfcfcU,
- 0x1e1e1e1eU, 0x47474747U, 0x54545454U, 0xbdbdbdbdU,
- 0x8c8c8c8cU, 0xa5a5a5a5U, 0x7a7a7a7aU, 0xfbfbfbfbU,
- 0x63636363U, 0xb8b8b8b8U, 0xddddddddU, 0xd4d4d4d4U,
- 0xe5e5e5e5U, 0xb3b3b3b3U, 0xc5c5c5c5U, 0xbebebebeU,
- 0xa9a9a9a9U, 0x88888888U, 0x0c0c0c0cU, 0xa2a2a2a2U,
- 0x39393939U, 0xdfdfdfdfU, 0x29292929U, 0xdadadadaU,
- 0x2b2b2b2bU, 0xa8a8a8a8U, 0xcbcbcbcbU, 0x4c4c4c4cU,
- 0x4b4b4b4bU, 0x22222222U, 0xaaaaaaaaU, 0x24242424U,
- 0x41414141U, 0x70707070U, 0xa6a6a6a6U, 0xf9f9f9f9U,
- 0x5a5a5a5aU, 0xe2e2e2e2U, 0xb0b0b0b0U, 0x36363636U,
- 0x7d7d7d7dU, 0xe4e4e4e4U, 0x33333333U, 0xffffffffU,
- 0x60606060U, 0x20202020U, 0x08080808U, 0x8b8b8b8bU,
- 0x5e5e5e5eU, 0xababababU, 0x7f7f7f7fU, 0x78787878U,
- 0x7c7c7c7cU, 0x2c2c2c2cU, 0x57575757U, 0xd2d2d2d2U,
- 0xdcdcdcdcU, 0x6d6d6d6dU, 0x7e7e7e7eU, 0x0d0d0d0dU,
- 0x53535353U, 0x94949494U, 0xc3c3c3c3U, 0x28282828U,
- 0x27272727U, 0x06060606U, 0x5f5f5f5fU, 0xadadadadU,
- 0x67676767U, 0x5c5c5c5cU, 0x55555555U, 0x48484848U,
- 0x0e0e0e0eU, 0x52525252U, 0xeaeaeaeaU, 0x42424242U,
- 0x5b5b5b5bU, 0x5d5d5d5dU, 0x30303030U, 0x58585858U,
- 0x51515151U, 0x59595959U, 0x3c3c3c3cU, 0x4e4e4e4eU,
- 0x38383838U, 0x8a8a8a8aU, 0x72727272U, 0x14141414U,
- 0xe7e7e7e7U, 0xc6c6c6c6U, 0xdedededeU, 0x50505050U,
- 0x8e8e8e8eU, 0x92929292U, 0xd1d1d1d1U, 0x77777777U,
- 0x93939393U, 0x45454545U, 0x9a9a9a9aU, 0xcecececeU,
- 0x2d2d2d2dU, 0x03030303U, 0x62626262U, 0xb6b6b6b6U,
- 0xb9b9b9b9U, 0xbfbfbfbfU, 0x96969696U, 0x6b6b6b6bU,
- 0x3f3f3f3fU, 0x07070707U, 0x12121212U, 0xaeaeaeaeU,
- 0x40404040U, 0x34343434U, 0x46464646U, 0x3e3e3e3eU,
- 0xdbdbdbdbU, 0xcfcfcfcfU, 0xececececU, 0xccccccccU,
- 0xc1c1c1c1U, 0xa1a1a1a1U, 0xc0c0c0c0U, 0xd6d6d6d6U,
- 0x1d1d1d1dU, 0xf4f4f4f4U, 0x61616161U, 0x3b3b3b3bU,
- 0x10101010U, 0xd8d8d8d8U, 0x68686868U, 0xa0a0a0a0U,
- 0xb1b1b1b1U, 0x0a0a0a0aU, 0x69696969U, 0x6c6c6c6cU,
- 0x49494949U, 0xfafafafaU, 0x76767676U, 0xc4c4c4c4U,
- 0x9e9e9e9eU, 0x9b9b9b9bU, 0x6e6e6e6eU, 0x99999999U,
- 0xc2c2c2c2U, 0xb7b7b7b7U, 0x98989898U, 0xbcbcbcbcU,
- 0x8f8f8f8fU, 0x85858585U, 0x1f1f1f1fU, 0xb4b4b4b4U,
- 0xf8f8f8f8U, 0x11111111U, 0x2e2e2e2eU, 0x00000000U,
- 0x25252525U, 0x1c1c1c1cU, 0x2a2a2a2aU, 0x3d3d3d3dU,
- 0x05050505U, 0x4f4f4f4fU, 0x7b7b7b7bU, 0xb2b2b2b2U,
- 0x32323232U, 0x90909090U, 0xafafafafU, 0x19191919U,
- 0xa3a3a3a3U, 0xf7f7f7f7U, 0x73737373U, 0x9d9d9d9dU,
- 0x15151515U, 0x74747474U, 0xeeeeeeeeU, 0xcacacacaU,
- 0x9f9f9f9fU, 0x0f0f0f0fU, 0x1b1b1b1bU, 0x75757575U,
- 0x86868686U, 0x84848484U, 0x9c9c9c9cU, 0x4a4a4a4aU,
- 0x97979797U, 0x1a1a1a1aU, 0x65656565U, 0xf6f6f6f6U,
- 0xededededU, 0x09090909U, 0xbbbbbbbbU, 0x26262626U,
- 0x83838383U, 0xebebebebU, 0x6f6f6f6fU, 0x81818181U,
- 0x04040404U, 0x6a6a6a6aU, 0x43434343U, 0x01010101U,
- 0x17171717U, 0xe1e1e1e1U, 0x87878787U, 0xf5f5f5f5U,
- 0x8d8d8d8dU, 0xe3e3e3e3U, 0x23232323U, 0x80808080U,
- 0x44444444U, 0x16161616U, 0x66666666U, 0x21212121U,
- 0xfefefefeU, 0xd5d5d5d5U, 0x31313131U, 0xd9d9d9d9U,
- 0x35353535U, 0x18181818U, 0x02020202U, 0x64646464U,
- 0xf2f2f2f2U, 0xf1f1f1f1U, 0x56565656U, 0xcdcdcdcdU,
- 0x82828282U, 0xc8c8c8c8U, 0xbabababaU, 0xf0f0f0f0U,
- 0xefefefefU, 0xe9e9e9e9U, 0xe8e8e8e8U, 0xfdfdfdfdU,
- 0x89898989U, 0xd7d7d7d7U, 0xc7c7c7c7U, 0xb5b5b5b5U,
- 0xa4a4a4a4U, 0x2f2f2f2fU, 0x95959595U, 0x13131313U,
- 0x0b0b0b0bU, 0xf3f3f3f3U, 0xe0e0e0e0U, 0x37373737U,
-};
-
-static const ulong32 T5[256] = {
- 0x00000000U, 0x01020608U, 0x02040c10U, 0x03060a18U,
- 0x04081820U, 0x050a1e28U, 0x060c1430U, 0x070e1238U,
- 0x08103040U, 0x09123648U, 0x0a143c50U, 0x0b163a58U,
- 0x0c182860U, 0x0d1a2e68U, 0x0e1c2470U, 0x0f1e2278U,
- 0x10206080U, 0x11226688U, 0x12246c90U, 0x13266a98U,
- 0x142878a0U, 0x152a7ea8U, 0x162c74b0U, 0x172e72b8U,
- 0x183050c0U, 0x193256c8U, 0x1a345cd0U, 0x1b365ad8U,
- 0x1c3848e0U, 0x1d3a4ee8U, 0x1e3c44f0U, 0x1f3e42f8U,
- 0x2040c01dU, 0x2142c615U, 0x2244cc0dU, 0x2346ca05U,
- 0x2448d83dU, 0x254ade35U, 0x264cd42dU, 0x274ed225U,
- 0x2850f05dU, 0x2952f655U, 0x2a54fc4dU, 0x2b56fa45U,
- 0x2c58e87dU, 0x2d5aee75U, 0x2e5ce46dU, 0x2f5ee265U,
- 0x3060a09dU, 0x3162a695U, 0x3264ac8dU, 0x3366aa85U,
- 0x3468b8bdU, 0x356abeb5U, 0x366cb4adU, 0x376eb2a5U,
- 0x387090ddU, 0x397296d5U, 0x3a749ccdU, 0x3b769ac5U,
- 0x3c7888fdU, 0x3d7a8ef5U, 0x3e7c84edU, 0x3f7e82e5U,
- 0x40809d3aU, 0x41829b32U, 0x4284912aU, 0x43869722U,
- 0x4488851aU, 0x458a8312U, 0x468c890aU, 0x478e8f02U,
- 0x4890ad7aU, 0x4992ab72U, 0x4a94a16aU, 0x4b96a762U,
- 0x4c98b55aU, 0x4d9ab352U, 0x4e9cb94aU, 0x4f9ebf42U,
- 0x50a0fdbaU, 0x51a2fbb2U, 0x52a4f1aaU, 0x53a6f7a2U,
- 0x54a8e59aU, 0x55aae392U, 0x56ace98aU, 0x57aeef82U,
- 0x58b0cdfaU, 0x59b2cbf2U, 0x5ab4c1eaU, 0x5bb6c7e2U,
- 0x5cb8d5daU, 0x5dbad3d2U, 0x5ebcd9caU, 0x5fbedfc2U,
- 0x60c05d27U, 0x61c25b2fU, 0x62c45137U, 0x63c6573fU,
- 0x64c84507U, 0x65ca430fU, 0x66cc4917U, 0x67ce4f1fU,
- 0x68d06d67U, 0x69d26b6fU, 0x6ad46177U, 0x6bd6677fU,
- 0x6cd87547U, 0x6dda734fU, 0x6edc7957U, 0x6fde7f5fU,
- 0x70e03da7U, 0x71e23bafU, 0x72e431b7U, 0x73e637bfU,
- 0x74e82587U, 0x75ea238fU, 0x76ec2997U, 0x77ee2f9fU,
- 0x78f00de7U, 0x79f20befU, 0x7af401f7U, 0x7bf607ffU,
- 0x7cf815c7U, 0x7dfa13cfU, 0x7efc19d7U, 0x7ffe1fdfU,
- 0x801d2774U, 0x811f217cU, 0x82192b64U, 0x831b2d6cU,
- 0x84153f54U, 0x8517395cU, 0x86113344U, 0x8713354cU,
- 0x880d1734U, 0x890f113cU, 0x8a091b24U, 0x8b0b1d2cU,
- 0x8c050f14U, 0x8d07091cU, 0x8e010304U, 0x8f03050cU,
- 0x903d47f4U, 0x913f41fcU, 0x92394be4U, 0x933b4decU,
- 0x94355fd4U, 0x953759dcU, 0x963153c4U, 0x973355ccU,
- 0x982d77b4U, 0x992f71bcU, 0x9a297ba4U, 0x9b2b7dacU,
- 0x9c256f94U, 0x9d27699cU, 0x9e216384U, 0x9f23658cU,
- 0xa05de769U, 0xa15fe161U, 0xa259eb79U, 0xa35bed71U,
- 0xa455ff49U, 0xa557f941U, 0xa651f359U, 0xa753f551U,
- 0xa84dd729U, 0xa94fd121U, 0xaa49db39U, 0xab4bdd31U,
- 0xac45cf09U, 0xad47c901U, 0xae41c319U, 0xaf43c511U,
- 0xb07d87e9U, 0xb17f81e1U, 0xb2798bf9U, 0xb37b8df1U,
- 0xb4759fc9U, 0xb57799c1U, 0xb67193d9U, 0xb77395d1U,
- 0xb86db7a9U, 0xb96fb1a1U, 0xba69bbb9U, 0xbb6bbdb1U,
- 0xbc65af89U, 0xbd67a981U, 0xbe61a399U, 0xbf63a591U,
- 0xc09dba4eU, 0xc19fbc46U, 0xc299b65eU, 0xc39bb056U,
- 0xc495a26eU, 0xc597a466U, 0xc691ae7eU, 0xc793a876U,
- 0xc88d8a0eU, 0xc98f8c06U, 0xca89861eU, 0xcb8b8016U,
- 0xcc85922eU, 0xcd879426U, 0xce819e3eU, 0xcf839836U,
- 0xd0bddaceU, 0xd1bfdcc6U, 0xd2b9d6deU, 0xd3bbd0d6U,
- 0xd4b5c2eeU, 0xd5b7c4e6U, 0xd6b1cefeU, 0xd7b3c8f6U,
- 0xd8adea8eU, 0xd9afec86U, 0xdaa9e69eU, 0xdbabe096U,
- 0xdca5f2aeU, 0xdda7f4a6U, 0xdea1febeU, 0xdfa3f8b6U,
- 0xe0dd7a53U, 0xe1df7c5bU, 0xe2d97643U, 0xe3db704bU,
- 0xe4d56273U, 0xe5d7647bU, 0xe6d16e63U, 0xe7d3686bU,
- 0xe8cd4a13U, 0xe9cf4c1bU, 0xeac94603U, 0xebcb400bU,
- 0xecc55233U, 0xedc7543bU, 0xeec15e23U, 0xefc3582bU,
- 0xf0fd1ad3U, 0xf1ff1cdbU, 0xf2f916c3U, 0xf3fb10cbU,
- 0xf4f502f3U, 0xf5f704fbU, 0xf6f10ee3U, 0xf7f308ebU,
- 0xf8ed2a93U, 0xf9ef2c9bU, 0xfae92683U, 0xfbeb208bU,
- 0xfce532b3U, 0xfde734bbU, 0xfee13ea3U, 0xffe338abU,
-};
-
-/**
- * The round constants.
- */
-static const ulong32 rc[] = {
- 0xa7d3e671U, 0xd0ac4d79U, 0x3ac991fcU, 0x1e4754bdU,
- 0x8ca57afbU, 0x63b8ddd4U, 0xe5b3c5beU, 0xa9880ca2U,
- 0x39df29daU, 0x2ba8cb4cU, 0x4b22aa24U, 0x4170a6f9U,
- 0x5ae2b036U, 0x7de433ffU, 0x6020088bU, 0x5eab7f78U,
- 0x7c2c57d2U, 0xdc6d7e0dU, 0x5394c328U,
-};
-
-#endif
-
- /**
- Initialize the Anubis block cipher
- @param key The symmetric key you wish to pass
- @param keylen The key length in bytes
- @param num_rounds The number of rounds desired (0 for default)
- @param skey The key in as scheduled by this function.
- @return CRYPT_OK if successful
- */
-#ifdef CLEAN_STACK
-static int _anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
-#else
-int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
-#endif
-{
- int N, R, i, pos, r;
- ulong32 kappa[MAX_N];
- ulong32 inter[MAX_N];
- ulong32 v, K0, K1, K2, K3;
-
- LTC_ARGCHK(key != NULL);
- LTC_ARGCHK(skey != NULL);
-
- /* Valid sizes (in bytes) are 16, 20, 24, 28, 32, 36, and 40. */
- if ((keylen & 3) || (keylen < 16) || (keylen > 40)) {
- return CRYPT_INVALID_KEYSIZE;
- }
- skey->anubis.keyBits = keylen*8;
-
- /*
- * determine the N length parameter:
- * (N.B. it is assumed that the key length is valid!)
- */
- N = skey->anubis.keyBits >> 5;
-
- /*
- * determine number of rounds from key size:
- */
- skey->anubis.R = R = 8 + N;
-
- if (num_rounds != 0 && num_rounds != skey->anubis.R) {
- return CRYPT_INVALID_ROUNDS;
- }
-
- /*
- * map cipher key to initial key state (mu):
- */
- for (i = 0, pos = 0; i < N; i++, pos += 4) {
- kappa[i] =
- (key[pos ] << 24) ^
- (key[pos + 1] << 16) ^
- (key[pos + 2] << 8) ^
- (key[pos + 3] );
- }
-
- /*
- * generate R + 1 round keys:
- */
- for (r = 0; r <= R; r++) {
- /*
- * generate r-th round key K^r:
- */
- K0 = T4[(kappa[N - 1] >> 24) ];
- K1 = T4[(kappa[N - 1] >> 16) & 0xff];
- K2 = T4[(kappa[N - 1] >> 8) & 0xff];
- K3 = T4[(kappa[N - 1] ) & 0xff];
- for (i = N - 2; i >= 0; i--) {
- K0 = T4[(kappa[i] >> 24) ] ^
- (T5[(K0 >> 24) ] & 0xff000000U) ^
- (T5[(K0 >> 16) & 0xff] & 0x00ff0000U) ^
- (T5[(K0 >> 8) & 0xff] & 0x0000ff00U) ^
- (T5[(K0 ) & 0xff] & 0x000000ffU);
- K1 = T4[(kappa[i] >> 16) & 0xff] ^
- (T5[(K1 >> 24) ] & 0xff000000U) ^
- (T5[(K1 >> 16) & 0xff] & 0x00ff0000U) ^
- (T5[(K1 >> 8) & 0xff] & 0x0000ff00U) ^
- (T5[(K1 ) & 0xff] & 0x000000ffU);
- K2 = T4[(kappa[i] >> 8) & 0xff] ^
- (T5[(K2 >> 24) ] & 0xff000000U) ^
- (T5[(K2 >> 16) & 0xff] & 0x00ff0000U) ^
- (T5[(K2 >> 8) & 0xff] & 0x0000ff00U) ^
- (T5[(K2 ) & 0xff] & 0x000000ffU);
- K3 = T4[(kappa[i] ) & 0xff] ^
- (T5[(K3 >> 24) ] & 0xff000000U) ^
- (T5[(K3 >> 16) & 0xff] & 0x00ff0000U) ^
- (T5[(K3 >> 8) & 0xff] & 0x0000ff00U) ^
- (T5[(K3 ) & 0xff] & 0x000000ffU);
- }
- /*
- -- this is the code to use with the large U tables:
- K0 = K1 = K2 = K3 = 0;
- for (i = 0; i < N; i++) {
- K0 ^= U[i][(kappa[i] >> 24) ];
- K1 ^= U[i][(kappa[i] >> 16) & 0xff];
- K2 ^= U[i][(kappa[i] >> 8) & 0xff];
- K3 ^= U[i][(kappa[i] ) & 0xff];
- }
- */
- skey->anubis.roundKeyEnc[r][0] = K0;
- skey->anubis.roundKeyEnc[r][1] = K1;
- skey->anubis.roundKeyEnc[r][2] = K2;
- skey->anubis.roundKeyEnc[r][3] = K3;
-
- /*
- * compute kappa^{r+1} from kappa^r:
- */
- if (r == R) {
- break;
- }
- for (i = 0; i < N; i++) {
- int j = i;
- inter[i] = T0[(kappa[j--] >> 24) ]; if (j < 0) j = N - 1;
- inter[i] ^= T1[(kappa[j--] >> 16) & 0xff]; if (j < 0) j = N - 1;
- inter[i] ^= T2[(kappa[j--] >> 8) & 0xff]; if (j < 0) j = N - 1;
- inter[i] ^= T3[(kappa[j ] ) & 0xff];
- }
- kappa[0] = inter[0] ^ rc[r];
- for (i = 1; i < N; i++) {
- kappa[i] = inter[i];
- }
- }
-
- /*
- * generate inverse key schedule: K'^0 = K^R, K'^R = K^0, K'^r = theta(K^{R-r}):
- */
- for (i = 0; i < 4; i++) {
- skey->anubis.roundKeyDec[0][i] = skey->anubis.roundKeyEnc[R][i];
- skey->anubis.roundKeyDec[R][i] = skey->anubis.roundKeyEnc[0][i];
- }
- for (r = 1; r < R; r++) {
- for (i = 0; i < 4; i++) {
- v = skey->anubis.roundKeyEnc[R - r][i];
- skey->anubis.roundKeyDec[r][i] =
- T0[T4[(v >> 24) ] & 0xff] ^
- T1[T4[(v >> 16) & 0xff] & 0xff] ^
- T2[T4[(v >> 8) & 0xff] & 0xff] ^
- T3[T4[(v ) & 0xff] & 0xff];
- }
- }
-
- return CRYPT_OK;
-}
-
-#ifdef CLEAN_STACK
-int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
-{
- int err;
- err = _anubis_setup(key, keylen, num_rounds, skey);
- burn_stack(sizeof(int) * 5 + sizeof(ulong32) * (MAX_N + MAX_N + 5));
- return err;
-}
-#endif
-
-
-static void anubis_crypt(const unsigned char *plaintext, unsigned char *ciphertext,
- ulong32 roundKey[18 + 1][4], int R) {
- int i, pos, r;
- ulong32 state[4];
- ulong32 inter[4];
-
- /*
- * map plaintext block to cipher state (mu)
- * and add initial round key (sigma[K^0]):
- */
- for (i = 0, pos = 0; i < 4; i++, pos += 4) {
- state[i] =
- (plaintext[pos ] << 24) ^
- (plaintext[pos + 1] << 16) ^
- (plaintext[pos + 2] << 8) ^
- (plaintext[pos + 3] ) ^
- roundKey[0][i];
- }
-
- /*
- * R - 1 full rounds:
- */
- for (r = 1; r < R; r++) {
- inter[0] =
- T0[(state[0] >> 24) ] ^
- T1[(state[1] >> 24) ] ^
- T2[(state[2] >> 24) ] ^
- T3[(state[3] >> 24) ] ^
- roundKey[r][0];
- inter[1] =
- T0[(state[0] >> 16) & 0xff] ^
- T1[(state[1] >> 16) & 0xff] ^
- T2[(state[2] >> 16) & 0xff] ^
- T3[(state[3] >> 16) & 0xff] ^
- roundKey[r][1];
- inter[2] =
- T0[(state[0] >> 8) & 0xff] ^
- T1[(state[1] >> 8) & 0xff] ^
- T2[(state[2] >> 8) & 0xff] ^
- T3[(state[3] >> 8) & 0xff] ^
- roundKey[r][2];
- inter[3] =
- T0[(state[0] ) & 0xff] ^
- T1[(state[1] ) & 0xff] ^
- T2[(state[2] ) & 0xff] ^
- T3[(state[3] ) & 0xff] ^
- roundKey[r][3];
- state[0] = inter[0];
- state[1] = inter[1];
- state[2] = inter[2];
- state[3] = inter[3];
- }
-
- /*
- * last round:
- */
- inter[0] =
- (T0[(state[0] >> 24) ] & 0xff000000U) ^
- (T1[(state[1] >> 24) ] & 0x00ff0000U) ^
- (T2[(state[2] >> 24) ] & 0x0000ff00U) ^
- (T3[(state[3] >> 24) ] & 0x000000ffU) ^
- roundKey[R][0];
- inter[1] =
- (T0[(state[0] >> 16) & 0xff] & 0xff000000U) ^
- (T1[(state[1] >> 16) & 0xff] & 0x00ff0000U) ^
- (T2[(state[2] >> 16) & 0xff] & 0x0000ff00U) ^
- (T3[(state[3] >> 16) & 0xff] & 0x000000ffU) ^
- roundKey[R][1];
- inter[2] =
- (T0[(state[0] >> 8) & 0xff] & 0xff000000U) ^
- (T1[(state[1] >> 8) & 0xff] & 0x00ff0000U) ^
- (T2[(state[2] >> 8) & 0xff] & 0x0000ff00U) ^
- (T3[(state[3] >> 8) & 0xff] & 0x000000ffU) ^
- roundKey[R][2];
- inter[3] =
- (T0[(state[0] ) & 0xff] & 0xff000000U) ^
- (T1[(state[1] ) & 0xff] & 0x00ff0000U) ^
- (T2[(state[2] ) & 0xff] & 0x0000ff00U) ^
- (T3[(state[3] ) & 0xff] & 0x000000ffU) ^
- roundKey[R][3];
-
- /*
- * map cipher state to ciphertext block (mu^{-1}):
- */
- for (i = 0, pos = 0; i < 4; i++, pos += 4) {
- ulong32 w = inter[i];
- ciphertext[pos ] = (unsigned char)(w >> 24);
- ciphertext[pos + 1] = (unsigned char)(w >> 16);
- ciphertext[pos + 2] = (unsigned char)(w >> 8);
- ciphertext[pos + 3] = (unsigned char)(w );
- }
-}
-
-/**
- Encrypts a block of text with Anubis
- @param pt The input plaintext (16 bytes)
- @param ct The output ciphertext (16 bytes)
- @param skey The key as scheduled
-*/
-void anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
-{
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(skey != NULL);
- anubis_crypt(pt, ct, skey->anubis.roundKeyEnc, skey->anubis.R);
-}
-
-/**
- Decrypts a block of text with Anubis
- @param ct The input ciphertext (16 bytes)
- @param pt The output plaintext (16 bytes)
- @param skey The key as scheduled
-*/
-void anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
-{
- LTC_ARGCHK(pt != NULL);
- LTC_ARGCHK(ct != NULL);
- LTC_ARGCHK(skey != NULL);
- anubis_crypt(ct, pt, skey->anubis.roundKeyDec, skey->anubis.R);
-}
-
-/**
- Performs a self-test of the Anubis block cipher
- @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
-*/
-int anubis_test(void)
-{
-#if !defined(LTC_TEST)
- return CRYPT_NOP;
-#else
- static const struct test {
- int keylen;
- unsigned char pt[16], ct[16], key[40];
- } tests[] = {
-#ifndef ANUBIS_TWEAK
- /**** ORIGINAL ANUBIS ****/
- /* 128 bit keys */
-{
- 16,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xF0, 0x68, 0x60, 0xFC, 0x67, 0x30, 0xE8, 0x18,
- 0xF1, 0x32, 0xC7, 0x8A, 0xF4, 0x13, 0x2A, 0xFE },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-}, {
- 16,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xA8, 0x66, 0x84, 0x80, 0x07, 0x74, 0x5C, 0x89,
- 0xFC, 0x5E, 0xB5, 0xBA, 0xD4, 0xFE, 0x32, 0x6D },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 160-bit keys */
-{
- 20,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xBD, 0x5E, 0x32, 0xBE, 0x51, 0x67, 0xA8, 0xE2,
- 0x72, 0xD7, 0x95, 0x0F, 0x83, 0xC6, 0x8C, 0x31 },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 }
-}, {
- 20,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x4C, 0x1F, 0x86, 0x2E, 0x11, 0xEB, 0xCE, 0xEB,
- 0xFE, 0xB9, 0x73, 0xC9, 0xDF, 0xEF, 0x7A, 0xDB },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 192-bit keys */
-{
- 24,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x17, 0xAC, 0x57, 0x44, 0x9D, 0x59, 0x61, 0x66,
- 0xD0, 0xC7, 0x9E, 0x04, 0x7C, 0xC7, 0x58, 0xF0 },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-}, {
- 24,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x71, 0x52, 0xB4, 0xEB, 0x1D, 0xAA, 0x36, 0xFD,
- 0x57, 0x14, 0x5F, 0x57, 0x04, 0x9F, 0x70, 0x74 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 224-bit keys */
-{
- 28,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xA2, 0xF0, 0xA6, 0xB9, 0x17, 0x93, 0x2A, 0x3B,
- 0xEF, 0x08, 0xE8, 0x7A, 0x58, 0xD6, 0xF8, 0x53 },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 }
-}, {
- 28,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xF0, 0xCA, 0xFC, 0x78, 0x8B, 0x4B, 0x4E, 0x53,
- 0x8B, 0xC4, 0x32, 0x6A, 0xF5, 0xB9, 0x1B, 0x5F },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 256-bit keys */
-{
- 32,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xE0, 0x86, 0xAC, 0x45, 0x6B, 0x3C, 0xE5, 0x13,
- 0xED, 0xF5, 0xDF, 0xDD, 0xD6, 0x3B, 0x71, 0x93 },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-}, {
- 32,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x50, 0x01, 0xB9, 0xF5, 0x21, 0xC1, 0xC1, 0x29,
- 0x00, 0xD5, 0xEC, 0x98, 0x2B, 0x9E, 0xE8, 0x21 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 288-bit keys */
-{
- 36,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xE8, 0xF4, 0xAF, 0x2B, 0x21, 0xA0, 0x87, 0x9B,
- 0x41, 0x95, 0xB9, 0x71, 0x75, 0x79, 0x04, 0x7C },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 }
-}, {
- 36,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xE6, 0xA6, 0xA5, 0xBC, 0x8B, 0x63, 0x6F, 0xE2,
- 0xBD, 0xA7, 0xA7, 0x53, 0xAB, 0x40, 0x22, 0xE0 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 320-bit keys */
-{
- 40,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x17, 0x04, 0xD7, 0x2C, 0xC6, 0x85, 0x76, 0x02,
- 0x4B, 0xCC, 0x39, 0x80, 0xD8, 0x22, 0xEA, 0xA4 },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-}, {
- 40,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x7A, 0x41, 0xE6, 0x7D, 0x4F, 0xD8, 0x64, 0xF0,
- 0x44, 0xA8, 0x3C, 0x73, 0x81, 0x7E, 0x53, 0xD8 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
-}
-#else
- /**** Tweaked ANUBIS ****/
- /* 128 bit keys */
-{
- 16,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xB8, 0x35, 0xBD, 0xC3, 0x34, 0x82, 0x9D, 0x83,
- 0x71, 0xBF, 0xA3, 0x71, 0xE4, 0xB3, 0xC4, 0xFD },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-}, {
- 16,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xE6, 0x14, 0x1E, 0xAF, 0xEB, 0xE0, 0x59, 0x3C,
- 0x48, 0xE1, 0xCD, 0xF2, 0x1B, 0xBA, 0xA1, 0x89 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 160-bit keys */
-{
- 20,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x97, 0x59, 0x79, 0x4B, 0x5C, 0xA0, 0x70, 0x73,
- 0x24, 0xEF, 0xB3, 0x58, 0x67, 0xCA, 0xD4, 0xB3 },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 }
-}, {
- 20,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xB8, 0x0D, 0xFB, 0x9B, 0xE4, 0xA1, 0x58, 0x87,
- 0xB3, 0x76, 0xD5, 0x02, 0x18, 0x95, 0xC1, 0x2E },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 192-bit keys */
-{
- 24,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x7D, 0x62, 0x3B, 0x52, 0xC7, 0x4C, 0x64, 0xD8,
- 0xEB, 0xC7, 0x2D, 0x57, 0x97, 0x85, 0x43, 0x8F },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-}, {
- 24,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xB1, 0x0A, 0x59, 0xDD, 0x5D, 0x5D, 0x8D, 0x67,
- 0xEC, 0xEE, 0x4A, 0xC4, 0xBE, 0x4F, 0xA8, 0x4F },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 224-bit keys */
-{
- 28,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x68, 0x9E, 0x05, 0x94, 0x6A, 0x94, 0x43, 0x8F,
- 0xE7, 0x8E, 0x37, 0x3D, 0x24, 0x97, 0x92, 0xF5 },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 }
-}, {
- 28,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xDD, 0xB7, 0xB0, 0xB4, 0xE9, 0xB4, 0x9B, 0x9C,
- 0x38, 0x20, 0x25, 0x0B, 0x47, 0xC2, 0x1F, 0x89 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 256-bit keys */
-{
- 32,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x96, 0x00, 0xF0, 0x76, 0x91, 0x69, 0x29, 0x87,
- 0xF5, 0xE5, 0x97, 0xDB, 0xDB, 0xAF, 0x1B, 0x0A },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-}, {
- 32,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x69, 0x9C, 0xAF, 0xDD, 0x94, 0xC7, 0xBC, 0x60,
- 0x44, 0xFE, 0x02, 0x05, 0x8A, 0x6E, 0xEF, 0xBD },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 288-bit keys */
-{
- 36,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x0F, 0xC7, 0xA2, 0xC0, 0x11, 0x17, 0xAC, 0x43,
- 0x52, 0x5E, 0xDF, 0x6C, 0xF3, 0x96, 0x33, 0x6C },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00 }
-}, {
- 36,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xAD, 0x08, 0x4F, 0xED, 0x55, 0xA6, 0x94, 0x3E,
- 0x7E, 0x5E, 0xED, 0x05, 0xA1, 0x9D, 0x41, 0xB4 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x01 }
-},
-
- /* 320-bit keys */
-{
- 40,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0xFE, 0xE2, 0x0E, 0x2A, 0x9D, 0xC5, 0x83, 0xBA,
- 0xA3, 0xA6, 0xD6, 0xA6, 0xF2, 0xE8, 0x06, 0xA5 },
- { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
-}, {
- 40,
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
- { 0x86, 0x3D, 0xCC, 0x4A, 0x60, 0x34, 0x9C, 0x28,
- 0xA7, 0xDA, 0xA4, 0x3B, 0x0A, 0xD7, 0xFD, 0xC7 },
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
-}
-#endif
-};
- int x, y;
- unsigned char buf[2][16];
- symmetric_key skey;
-
- for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
- anubis_setup(tests[x].key, tests[x].keylen, 0, &skey);
- anubis_ecb_encrypt(tests[x].pt, buf[0], &skey);
- anubis_ecb_decrypt(buf[0], buf[1], &skey);
- if (memcmp(buf[0], tests[x].ct, 16) || memcmp(buf[1], tests[x].pt, 16)) {
- return CRYPT_FAIL_TESTVECTOR;
- }
-
- for (y = 0; y < 1000; y++) anubis_ecb_encrypt(buf[0], buf[0], &skey);
- for (y = 0; y < 1000; y++) anubis_ecb_decrypt(buf[0], buf[0], &skey);
- if (memcmp(buf[0], tests[x].ct, 16)) {
- return CRYPT_FAIL_TESTVECTOR;
- }
-
- }
- return CRYPT_OK;
-#endif
-}
-
-/** Terminate the context
- @param skey The scheduled key
-*/
-void anubis_done(symmetric_key *skey)
-{
-}
-
-/**
- Gets suitable key size
- @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
- @return CRYPT_OK if the input key size is acceptable.
-*/
-int anubis_keysize(int *keysize)
-{
- LTC_ARGCHK(keysize != NULL);
- if (*keysize >= 40) {
- *keysize = 40;
- } else if (*keysize >= 36) {
- *keysize = 36;
- } else if (*keysize >= 32) {
- *keysize = 32;
- } else if (*keysize >= 28) {
- *keysize = 28;
- } else if (*keysize >= 24) {
- *keysize = 24;
- } else if (*keysize >= 20) {
- *keysize = 20;
- } else if (*keysize >= 16) {
- *keysize = 16;
- } else {
- return CRYPT_INVALID_KEYSIZE;
- }
- return CRYPT_OK;
-}
-
-#endif
-
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/**
+ @file anubis.c
+ Anubis implementation derived from public domain source
+ Authors: Paulo S.L.M. Barreto and Vincent Rijmen.
+*/
+
+#include "tomcrypt.h"
+
+#ifdef ANUBIS
+
+const struct ltc_cipher_descriptor anubis_desc = {
+ "anubis",
+ 19,
+ 16, 40, 16, 12,
+ &anubis_setup,
+ &anubis_ecb_encrypt,
+ &anubis_ecb_decrypt,
+ &anubis_test,
+ &anubis_done,
+ &anubis_keysize,
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+#define MIN_N 4
+#define MAX_N 10
+#define MIN_ROUNDS (8 + MIN_N)
+#define MAX_ROUNDS (8 + MAX_N)
+#define MIN_KEYSIZEB (4*MIN_N)
+#define MAX_KEYSIZEB (4*MAX_N)
+#define BLOCKSIZE 128
+#define BLOCKSIZEB (BLOCKSIZE/8)
+
+
+/*
+ * Though Anubis is endianness-neutral, the encryption tables are listed
+ * in BIG-ENDIAN format, which is adopted throughout this implementation
+ * (but little-endian notation would be equally suitable if consistently
+ * employed).
+ */
+#if defined(ANUBIS_TWEAK)
+
+static const ulong32 T0[256] = {
+ 0xba69d2bbU, 0x54a84de5U, 0x2f5ebce2U, 0x74e8cd25U,
+ 0x53a651f7U, 0xd3bb6bd0U, 0xd2b96fd6U, 0x4d9a29b3U,
+ 0x50a05dfdU, 0xac458acfU, 0x8d070e09U, 0xbf63c6a5U,
+ 0x70e0dd3dU, 0x52a455f1U, 0x9a29527bU, 0x4c982db5U,
+ 0xeac98f46U, 0xd5b773c4U, 0x97336655U, 0xd1bf63dcU,
+ 0x3366ccaaU, 0x51a259fbU, 0x5bb671c7U, 0xa651a2f3U,
+ 0xdea15ffeU, 0x48903dadU, 0xa84d9ad7U, 0x992f5e71U,
+ 0xdbab4be0U, 0x3264c8acU, 0xb773e695U, 0xfce5d732U,
+ 0xe3dbab70U, 0x9e214263U, 0x913f7e41U, 0x9b2b567dU,
+ 0xe2d9af76U, 0xbb6bd6bdU, 0x4182199bU, 0x6edca579U,
+ 0xa557aef9U, 0xcb8b0b80U, 0x6bd6b167U, 0x95376e59U,
+ 0xa15fbee1U, 0xf3fbeb10U, 0xb17ffe81U, 0x0204080cU,
+ 0xcc851792U, 0xc49537a2U, 0x1d3a744eU, 0x14285078U,
+ 0xc39b2bb0U, 0x63c69157U, 0xdaa94fe6U, 0x5dba69d3U,
+ 0x5fbe61dfU, 0xdca557f2U, 0x7dfae913U, 0xcd871394U,
+ 0x7ffee11fU, 0x5ab475c1U, 0x6cd8ad75U, 0x5cb86dd5U,
+ 0xf7f3fb08U, 0x264c98d4U, 0xffe3db38U, 0xedc79354U,
+ 0xe8cd874aU, 0x9d274e69U, 0x6fdea17fU, 0x8e010203U,
+ 0x19326456U, 0xa05dbae7U, 0xf0fde71aU, 0x890f1e11U,
+ 0x0f1e3c22U, 0x070e1c12U, 0xaf4386c5U, 0xfbebcb20U,
+ 0x08102030U, 0x152a547eU, 0x0d1a342eU, 0x04081018U,
+ 0x01020406U, 0x64c88d45U, 0xdfa35bf8U, 0x76ecc529U,
+ 0x79f2f90bU, 0xdda753f4U, 0x3d7af48eU, 0x162c5874U,
+ 0x3f7efc82U, 0x376edcb2U, 0x6ddaa973U, 0x3870e090U,
+ 0xb96fdeb1U, 0x73e6d137U, 0xe9cf834cU, 0x356ad4beU,
+ 0x55aa49e3U, 0x71e2d93bU, 0x7bf6f107U, 0x8c050a0fU,
+ 0x72e4d531U, 0x880d1a17U, 0xf6f1ff0eU, 0x2a54a8fcU,
+ 0x3e7cf884U, 0x5ebc65d9U, 0x274e9cd2U, 0x468c0589U,
+ 0x0c183028U, 0x65ca8943U, 0x68d0bd6dU, 0x61c2995bU,
+ 0x03060c0aU, 0xc19f23bcU, 0x57ae41efU, 0xd6b17fceU,
+ 0xd9af43ecU, 0x58b07dcdU, 0xd8ad47eaU, 0x66cc8549U,
+ 0xd7b37bc8U, 0x3a74e89cU, 0xc88d078aU, 0x3c78f088U,
+ 0xfae9cf26U, 0x96316253U, 0xa753a6f5U, 0x982d5a77U,
+ 0xecc59752U, 0xb86ddab7U, 0xc7933ba8U, 0xae4182c3U,
+ 0x69d2b96bU, 0x4b9631a7U, 0xab4b96ddU, 0xa94f9ed1U,
+ 0x67ce814fU, 0x0a14283cU, 0x478e018fU, 0xf2f9ef16U,
+ 0xb577ee99U, 0x224488ccU, 0xe5d7b364U, 0xeec19f5eU,
+ 0xbe61c2a3U, 0x2b56acfaU, 0x811f3e21U, 0x1224486cU,
+ 0x831b362dU, 0x1b366c5aU, 0x0e1c3824U, 0x23468ccaU,
+ 0xf5f7f304U, 0x458a0983U, 0x214284c6U, 0xce811f9eU,
+ 0x499239abU, 0x2c58b0e8U, 0xf9efc32cU, 0xe6d1bf6eU,
+ 0xb671e293U, 0x2850a0f0U, 0x172e5c72U, 0x8219322bU,
+ 0x1a34685cU, 0x8b0b161dU, 0xfee1df3eU, 0x8a09121bU,
+ 0x09122436U, 0xc98f038cU, 0x87132635U, 0x4e9c25b9U,
+ 0xe1dfa37cU, 0x2e5cb8e4U, 0xe4d5b762U, 0xe0dda77aU,
+ 0xebcb8b40U, 0x903d7a47U, 0xa455aaffU, 0x1e3c7844U,
+ 0x85172e39U, 0x60c09d5dU, 0x00000000U, 0x254a94deU,
+ 0xf4f5f702U, 0xf1ffe31cU, 0x94356a5fU, 0x0b162c3aU,
+ 0xe7d3bb68U, 0x75eac923U, 0xefc39b58U, 0x3468d0b8U,
+ 0x3162c4a6U, 0xd4b577c2U, 0xd0bd67daU, 0x86112233U,
+ 0x7efce519U, 0xad478ec9U, 0xfde7d334U, 0x2952a4f6U,
+ 0x3060c0a0U, 0x3b76ec9aU, 0x9f234665U, 0xf8edc72aU,
+ 0xc6913faeU, 0x13264c6aU, 0x060c1814U, 0x050a141eU,
+ 0xc59733a4U, 0x11224466U, 0x77eec12fU, 0x7cf8ed15U,
+ 0x7af4f501U, 0x78f0fd0dU, 0x366cd8b4U, 0x1c387048U,
+ 0x3972e496U, 0x59b279cbU, 0x18306050U, 0x56ac45e9U,
+ 0xb37bf68dU, 0xb07dfa87U, 0x244890d8U, 0x204080c0U,
+ 0xb279f28bU, 0x9239724bU, 0xa35bb6edU, 0xc09d27baU,
+ 0x44880d85U, 0x62c49551U, 0x10204060U, 0xb475ea9fU,
+ 0x84152a3fU, 0x43861197U, 0x933b764dU, 0xc2992fb6U,
+ 0x4a9435a1U, 0xbd67cea9U, 0x8f030605U, 0x2d5ab4eeU,
+ 0xbc65caafU, 0x9c254a6fU, 0x6ad4b561U, 0x40801d9dU,
+ 0xcf831b98U, 0xa259b2ebU, 0x801d3a27U, 0x4f9e21bfU,
+ 0x1f3e7c42U, 0xca890f86U, 0xaa4992dbU, 0x42841591U,
+};
+
+static const ulong32 T1[256] = {
+ 0x69babbd2U, 0xa854e54dU, 0x5e2fe2bcU, 0xe87425cdU,
+ 0xa653f751U, 0xbbd3d06bU, 0xb9d2d66fU, 0x9a4db329U,
+ 0xa050fd5dU, 0x45accf8aU, 0x078d090eU, 0x63bfa5c6U,
+ 0xe0703dddU, 0xa452f155U, 0x299a7b52U, 0x984cb52dU,
+ 0xc9ea468fU, 0xb7d5c473U, 0x33975566U, 0xbfd1dc63U,
+ 0x6633aaccU, 0xa251fb59U, 0xb65bc771U, 0x51a6f3a2U,
+ 0xa1defe5fU, 0x9048ad3dU, 0x4da8d79aU, 0x2f99715eU,
+ 0xabdbe04bU, 0x6432acc8U, 0x73b795e6U, 0xe5fc32d7U,
+ 0xdbe370abU, 0x219e6342U, 0x3f91417eU, 0x2b9b7d56U,
+ 0xd9e276afU, 0x6bbbbdd6U, 0x82419b19U, 0xdc6e79a5U,
+ 0x57a5f9aeU, 0x8bcb800bU, 0xd66b67b1U, 0x3795596eU,
+ 0x5fa1e1beU, 0xfbf310ebU, 0x7fb181feU, 0x04020c08U,
+ 0x85cc9217U, 0x95c4a237U, 0x3a1d4e74U, 0x28147850U,
+ 0x9bc3b02bU, 0xc6635791U, 0xa9dae64fU, 0xba5dd369U,
+ 0xbe5fdf61U, 0xa5dcf257U, 0xfa7d13e9U, 0x87cd9413U,
+ 0xfe7f1fe1U, 0xb45ac175U, 0xd86c75adU, 0xb85cd56dU,
+ 0xf3f708fbU, 0x4c26d498U, 0xe3ff38dbU, 0xc7ed5493U,
+ 0xcde84a87U, 0x279d694eU, 0xde6f7fa1U, 0x018e0302U,
+ 0x32195664U, 0x5da0e7baU, 0xfdf01ae7U, 0x0f89111eU,
+ 0x1e0f223cU, 0x0e07121cU, 0x43afc586U, 0xebfb20cbU,
+ 0x10083020U, 0x2a157e54U, 0x1a0d2e34U, 0x08041810U,
+ 0x02010604U, 0xc864458dU, 0xa3dff85bU, 0xec7629c5U,
+ 0xf2790bf9U, 0xa7ddf453U, 0x7a3d8ef4U, 0x2c167458U,
+ 0x7e3f82fcU, 0x6e37b2dcU, 0xda6d73a9U, 0x703890e0U,
+ 0x6fb9b1deU, 0xe67337d1U, 0xcfe94c83U, 0x6a35bed4U,
+ 0xaa55e349U, 0xe2713bd9U, 0xf67b07f1U, 0x058c0f0aU,
+ 0xe47231d5U, 0x0d88171aU, 0xf1f60effU, 0x542afca8U,
+ 0x7c3e84f8U, 0xbc5ed965U, 0x4e27d29cU, 0x8c468905U,
+ 0x180c2830U, 0xca654389U, 0xd0686dbdU, 0xc2615b99U,
+ 0x06030a0cU, 0x9fc1bc23U, 0xae57ef41U, 0xb1d6ce7fU,
+ 0xafd9ec43U, 0xb058cd7dU, 0xadd8ea47U, 0xcc664985U,
+ 0xb3d7c87bU, 0x743a9ce8U, 0x8dc88a07U, 0x783c88f0U,
+ 0xe9fa26cfU, 0x31965362U, 0x53a7f5a6U, 0x2d98775aU,
+ 0xc5ec5297U, 0x6db8b7daU, 0x93c7a83bU, 0x41aec382U,
+ 0xd2696bb9U, 0x964ba731U, 0x4babdd96U, 0x4fa9d19eU,
+ 0xce674f81U, 0x140a3c28U, 0x8e478f01U, 0xf9f216efU,
+ 0x77b599eeU, 0x4422cc88U, 0xd7e564b3U, 0xc1ee5e9fU,
+ 0x61bea3c2U, 0x562bfaacU, 0x1f81213eU, 0x24126c48U,
+ 0x1b832d36U, 0x361b5a6cU, 0x1c0e2438U, 0x4623ca8cU,
+ 0xf7f504f3U, 0x8a458309U, 0x4221c684U, 0x81ce9e1fU,
+ 0x9249ab39U, 0x582ce8b0U, 0xeff92cc3U, 0xd1e66ebfU,
+ 0x71b693e2U, 0x5028f0a0U, 0x2e17725cU, 0x19822b32U,
+ 0x341a5c68U, 0x0b8b1d16U, 0xe1fe3edfU, 0x098a1b12U,
+ 0x12093624U, 0x8fc98c03U, 0x13873526U, 0x9c4eb925U,
+ 0xdfe17ca3U, 0x5c2ee4b8U, 0xd5e462b7U, 0xdde07aa7U,
+ 0xcbeb408bU, 0x3d90477aU, 0x55a4ffaaU, 0x3c1e4478U,
+ 0x1785392eU, 0xc0605d9dU, 0x00000000U, 0x4a25de94U,
+ 0xf5f402f7U, 0xfff11ce3U, 0x35945f6aU, 0x160b3a2cU,
+ 0xd3e768bbU, 0xea7523c9U, 0xc3ef589bU, 0x6834b8d0U,
+ 0x6231a6c4U, 0xb5d4c277U, 0xbdd0da67U, 0x11863322U,
+ 0xfc7e19e5U, 0x47adc98eU, 0xe7fd34d3U, 0x5229f6a4U,
+ 0x6030a0c0U, 0x763b9aecU, 0x239f6546U, 0xedf82ac7U,
+ 0x91c6ae3fU, 0x26136a4cU, 0x0c061418U, 0x0a051e14U,
+ 0x97c5a433U, 0x22116644U, 0xee772fc1U, 0xf87c15edU,
+ 0xf47a01f5U, 0xf0780dfdU, 0x6c36b4d8U, 0x381c4870U,
+ 0x723996e4U, 0xb259cb79U, 0x30185060U, 0xac56e945U,
+ 0x7bb38df6U, 0x7db087faU, 0x4824d890U, 0x4020c080U,
+ 0x79b28bf2U, 0x39924b72U, 0x5ba3edb6U, 0x9dc0ba27U,
+ 0x8844850dU, 0xc4625195U, 0x20106040U, 0x75b49feaU,
+ 0x15843f2aU, 0x86439711U, 0x3b934d76U, 0x99c2b62fU,
+ 0x944aa135U, 0x67bda9ceU, 0x038f0506U, 0x5a2deeb4U,
+ 0x65bcafcaU, 0x259c6f4aU, 0xd46a61b5U, 0x80409d1dU,
+ 0x83cf981bU, 0x59a2ebb2U, 0x1d80273aU, 0x9e4fbf21U,
+ 0x3e1f427cU, 0x89ca860fU, 0x49aadb92U, 0x84429115U,
+};
+
+static const ulong32 T2[256] = {
+ 0xd2bbba69U, 0x4de554a8U, 0xbce22f5eU, 0xcd2574e8U,
+ 0x51f753a6U, 0x6bd0d3bbU, 0x6fd6d2b9U, 0x29b34d9aU,
+ 0x5dfd50a0U, 0x8acfac45U, 0x0e098d07U, 0xc6a5bf63U,
+ 0xdd3d70e0U, 0x55f152a4U, 0x527b9a29U, 0x2db54c98U,
+ 0x8f46eac9U, 0x73c4d5b7U, 0x66559733U, 0x63dcd1bfU,
+ 0xccaa3366U, 0x59fb51a2U, 0x71c75bb6U, 0xa2f3a651U,
+ 0x5ffedea1U, 0x3dad4890U, 0x9ad7a84dU, 0x5e71992fU,
+ 0x4be0dbabU, 0xc8ac3264U, 0xe695b773U, 0xd732fce5U,
+ 0xab70e3dbU, 0x42639e21U, 0x7e41913fU, 0x567d9b2bU,
+ 0xaf76e2d9U, 0xd6bdbb6bU, 0x199b4182U, 0xa5796edcU,
+ 0xaef9a557U, 0x0b80cb8bU, 0xb1676bd6U, 0x6e599537U,
+ 0xbee1a15fU, 0xeb10f3fbU, 0xfe81b17fU, 0x080c0204U,
+ 0x1792cc85U, 0x37a2c495U, 0x744e1d3aU, 0x50781428U,
+ 0x2bb0c39bU, 0x915763c6U, 0x4fe6daa9U, 0x69d35dbaU,
+ 0x61df5fbeU, 0x57f2dca5U, 0xe9137dfaU, 0x1394cd87U,
+ 0xe11f7ffeU, 0x75c15ab4U, 0xad756cd8U, 0x6dd55cb8U,
+ 0xfb08f7f3U, 0x98d4264cU, 0xdb38ffe3U, 0x9354edc7U,
+ 0x874ae8cdU, 0x4e699d27U, 0xa17f6fdeU, 0x02038e01U,
+ 0x64561932U, 0xbae7a05dU, 0xe71af0fdU, 0x1e11890fU,
+ 0x3c220f1eU, 0x1c12070eU, 0x86c5af43U, 0xcb20fbebU,
+ 0x20300810U, 0x547e152aU, 0x342e0d1aU, 0x10180408U,
+ 0x04060102U, 0x8d4564c8U, 0x5bf8dfa3U, 0xc52976ecU,
+ 0xf90b79f2U, 0x53f4dda7U, 0xf48e3d7aU, 0x5874162cU,
+ 0xfc823f7eU, 0xdcb2376eU, 0xa9736ddaU, 0xe0903870U,
+ 0xdeb1b96fU, 0xd13773e6U, 0x834ce9cfU, 0xd4be356aU,
+ 0x49e355aaU, 0xd93b71e2U, 0xf1077bf6U, 0x0a0f8c05U,
+ 0xd53172e4U, 0x1a17880dU, 0xff0ef6f1U, 0xa8fc2a54U,
+ 0xf8843e7cU, 0x65d95ebcU, 0x9cd2274eU, 0x0589468cU,
+ 0x30280c18U, 0x894365caU, 0xbd6d68d0U, 0x995b61c2U,
+ 0x0c0a0306U, 0x23bcc19fU, 0x41ef57aeU, 0x7fced6b1U,
+ 0x43ecd9afU, 0x7dcd58b0U, 0x47ead8adU, 0x854966ccU,
+ 0x7bc8d7b3U, 0xe89c3a74U, 0x078ac88dU, 0xf0883c78U,
+ 0xcf26fae9U, 0x62539631U, 0xa6f5a753U, 0x5a77982dU,
+ 0x9752ecc5U, 0xdab7b86dU, 0x3ba8c793U, 0x82c3ae41U,
+ 0xb96b69d2U, 0x31a74b96U, 0x96ddab4bU, 0x9ed1a94fU,
+ 0x814f67ceU, 0x283c0a14U, 0x018f478eU, 0xef16f2f9U,
+ 0xee99b577U, 0x88cc2244U, 0xb364e5d7U, 0x9f5eeec1U,
+ 0xc2a3be61U, 0xacfa2b56U, 0x3e21811fU, 0x486c1224U,
+ 0x362d831bU, 0x6c5a1b36U, 0x38240e1cU, 0x8cca2346U,
+ 0xf304f5f7U, 0x0983458aU, 0x84c62142U, 0x1f9ece81U,
+ 0x39ab4992U, 0xb0e82c58U, 0xc32cf9efU, 0xbf6ee6d1U,
+ 0xe293b671U, 0xa0f02850U, 0x5c72172eU, 0x322b8219U,
+ 0x685c1a34U, 0x161d8b0bU, 0xdf3efee1U, 0x121b8a09U,
+ 0x24360912U, 0x038cc98fU, 0x26358713U, 0x25b94e9cU,
+ 0xa37ce1dfU, 0xb8e42e5cU, 0xb762e4d5U, 0xa77ae0ddU,
+ 0x8b40ebcbU, 0x7a47903dU, 0xaaffa455U, 0x78441e3cU,
+ 0x2e398517U, 0x9d5d60c0U, 0x00000000U, 0x94de254aU,
+ 0xf702f4f5U, 0xe31cf1ffU, 0x6a5f9435U, 0x2c3a0b16U,
+ 0xbb68e7d3U, 0xc92375eaU, 0x9b58efc3U, 0xd0b83468U,
+ 0xc4a63162U, 0x77c2d4b5U, 0x67dad0bdU, 0x22338611U,
+ 0xe5197efcU, 0x8ec9ad47U, 0xd334fde7U, 0xa4f62952U,
+ 0xc0a03060U, 0xec9a3b76U, 0x46659f23U, 0xc72af8edU,
+ 0x3faec691U, 0x4c6a1326U, 0x1814060cU, 0x141e050aU,
+ 0x33a4c597U, 0x44661122U, 0xc12f77eeU, 0xed157cf8U,
+ 0xf5017af4U, 0xfd0d78f0U, 0xd8b4366cU, 0x70481c38U,
+ 0xe4963972U, 0x79cb59b2U, 0x60501830U, 0x45e956acU,
+ 0xf68db37bU, 0xfa87b07dU, 0x90d82448U, 0x80c02040U,
+ 0xf28bb279U, 0x724b9239U, 0xb6eda35bU, 0x27bac09dU,
+ 0x0d854488U, 0x955162c4U, 0x40601020U, 0xea9fb475U,
+ 0x2a3f8415U, 0x11974386U, 0x764d933bU, 0x2fb6c299U,
+ 0x35a14a94U, 0xcea9bd67U, 0x06058f03U, 0xb4ee2d5aU,
+ 0xcaafbc65U, 0x4a6f9c25U, 0xb5616ad4U, 0x1d9d4080U,
+ 0x1b98cf83U, 0xb2eba259U, 0x3a27801dU, 0x21bf4f9eU,
+ 0x7c421f3eU, 0x0f86ca89U, 0x92dbaa49U, 0x15914284U,
+};
+
+static const ulong32 T3[256] = {
+ 0xbbd269baU, 0xe54da854U, 0xe2bc5e2fU, 0x25cde874U,
+ 0xf751a653U, 0xd06bbbd3U, 0xd66fb9d2U, 0xb3299a4dU,
+ 0xfd5da050U, 0xcf8a45acU, 0x090e078dU, 0xa5c663bfU,
+ 0x3ddde070U, 0xf155a452U, 0x7b52299aU, 0xb52d984cU,
+ 0x468fc9eaU, 0xc473b7d5U, 0x55663397U, 0xdc63bfd1U,
+ 0xaacc6633U, 0xfb59a251U, 0xc771b65bU, 0xf3a251a6U,
+ 0xfe5fa1deU, 0xad3d9048U, 0xd79a4da8U, 0x715e2f99U,
+ 0xe04babdbU, 0xacc86432U, 0x95e673b7U, 0x32d7e5fcU,
+ 0x70abdbe3U, 0x6342219eU, 0x417e3f91U, 0x7d562b9bU,
+ 0x76afd9e2U, 0xbdd66bbbU, 0x9b198241U, 0x79a5dc6eU,
+ 0xf9ae57a5U, 0x800b8bcbU, 0x67b1d66bU, 0x596e3795U,
+ 0xe1be5fa1U, 0x10ebfbf3U, 0x81fe7fb1U, 0x0c080402U,
+ 0x921785ccU, 0xa23795c4U, 0x4e743a1dU, 0x78502814U,
+ 0xb02b9bc3U, 0x5791c663U, 0xe64fa9daU, 0xd369ba5dU,
+ 0xdf61be5fU, 0xf257a5dcU, 0x13e9fa7dU, 0x941387cdU,
+ 0x1fe1fe7fU, 0xc175b45aU, 0x75add86cU, 0xd56db85cU,
+ 0x08fbf3f7U, 0xd4984c26U, 0x38dbe3ffU, 0x5493c7edU,
+ 0x4a87cde8U, 0x694e279dU, 0x7fa1de6fU, 0x0302018eU,
+ 0x56643219U, 0xe7ba5da0U, 0x1ae7fdf0U, 0x111e0f89U,
+ 0x223c1e0fU, 0x121c0e07U, 0xc58643afU, 0x20cbebfbU,
+ 0x30201008U, 0x7e542a15U, 0x2e341a0dU, 0x18100804U,
+ 0x06040201U, 0x458dc864U, 0xf85ba3dfU, 0x29c5ec76U,
+ 0x0bf9f279U, 0xf453a7ddU, 0x8ef47a3dU, 0x74582c16U,
+ 0x82fc7e3fU, 0xb2dc6e37U, 0x73a9da6dU, 0x90e07038U,
+ 0xb1de6fb9U, 0x37d1e673U, 0x4c83cfe9U, 0xbed46a35U,
+ 0xe349aa55U, 0x3bd9e271U, 0x07f1f67bU, 0x0f0a058cU,
+ 0x31d5e472U, 0x171a0d88U, 0x0efff1f6U, 0xfca8542aU,
+ 0x84f87c3eU, 0xd965bc5eU, 0xd29c4e27U, 0x89058c46U,
+ 0x2830180cU, 0x4389ca65U, 0x6dbdd068U, 0x5b99c261U,
+ 0x0a0c0603U, 0xbc239fc1U, 0xef41ae57U, 0xce7fb1d6U,
+ 0xec43afd9U, 0xcd7db058U, 0xea47add8U, 0x4985cc66U,
+ 0xc87bb3d7U, 0x9ce8743aU, 0x8a078dc8U, 0x88f0783cU,
+ 0x26cfe9faU, 0x53623196U, 0xf5a653a7U, 0x775a2d98U,
+ 0x5297c5ecU, 0xb7da6db8U, 0xa83b93c7U, 0xc38241aeU,
+ 0x6bb9d269U, 0xa731964bU, 0xdd964babU, 0xd19e4fa9U,
+ 0x4f81ce67U, 0x3c28140aU, 0x8f018e47U, 0x16eff9f2U,
+ 0x99ee77b5U, 0xcc884422U, 0x64b3d7e5U, 0x5e9fc1eeU,
+ 0xa3c261beU, 0xfaac562bU, 0x213e1f81U, 0x6c482412U,
+ 0x2d361b83U, 0x5a6c361bU, 0x24381c0eU, 0xca8c4623U,
+ 0x04f3f7f5U, 0x83098a45U, 0xc6844221U, 0x9e1f81ceU,
+ 0xab399249U, 0xe8b0582cU, 0x2cc3eff9U, 0x6ebfd1e6U,
+ 0x93e271b6U, 0xf0a05028U, 0x725c2e17U, 0x2b321982U,
+ 0x5c68341aU, 0x1d160b8bU, 0x3edfe1feU, 0x1b12098aU,
+ 0x36241209U, 0x8c038fc9U, 0x35261387U, 0xb9259c4eU,
+ 0x7ca3dfe1U, 0xe4b85c2eU, 0x62b7d5e4U, 0x7aa7dde0U,
+ 0x408bcbebU, 0x477a3d90U, 0xffaa55a4U, 0x44783c1eU,
+ 0x392e1785U, 0x5d9dc060U, 0x00000000U, 0xde944a25U,
+ 0x02f7f5f4U, 0x1ce3fff1U, 0x5f6a3594U, 0x3a2c160bU,
+ 0x68bbd3e7U, 0x23c9ea75U, 0x589bc3efU, 0xb8d06834U,
+ 0xa6c46231U, 0xc277b5d4U, 0xda67bdd0U, 0x33221186U,
+ 0x19e5fc7eU, 0xc98e47adU, 0x34d3e7fdU, 0xf6a45229U,
+ 0xa0c06030U, 0x9aec763bU, 0x6546239fU, 0x2ac7edf8U,
+ 0xae3f91c6U, 0x6a4c2613U, 0x14180c06U, 0x1e140a05U,
+ 0xa43397c5U, 0x66442211U, 0x2fc1ee77U, 0x15edf87cU,
+ 0x01f5f47aU, 0x0dfdf078U, 0xb4d86c36U, 0x4870381cU,
+ 0x96e47239U, 0xcb79b259U, 0x50603018U, 0xe945ac56U,
+ 0x8df67bb3U, 0x87fa7db0U, 0xd8904824U, 0xc0804020U,
+ 0x8bf279b2U, 0x4b723992U, 0xedb65ba3U, 0xba279dc0U,
+ 0x850d8844U, 0x5195c462U, 0x60402010U, 0x9fea75b4U,
+ 0x3f2a1584U, 0x97118643U, 0x4d763b93U, 0xb62f99c2U,
+ 0xa135944aU, 0xa9ce67bdU, 0x0506038fU, 0xeeb45a2dU,
+ 0xafca65bcU, 0x6f4a259cU, 0x61b5d46aU, 0x9d1d8040U,
+ 0x981b83cfU, 0xebb259a2U, 0x273a1d80U, 0xbf219e4fU,
+ 0x427c3e1fU, 0x860f89caU, 0xdb9249aaU, 0x91158442U,
+};
+
+static const ulong32 T4[256] = {
+ 0xbabababaU, 0x54545454U, 0x2f2f2f2fU, 0x74747474U,
+ 0x53535353U, 0xd3d3d3d3U, 0xd2d2d2d2U, 0x4d4d4d4dU,
+ 0x50505050U, 0xacacacacU, 0x8d8d8d8dU, 0xbfbfbfbfU,
+ 0x70707070U, 0x52525252U, 0x9a9a9a9aU, 0x4c4c4c4cU,
+ 0xeaeaeaeaU, 0xd5d5d5d5U, 0x97979797U, 0xd1d1d1d1U,
+ 0x33333333U, 0x51515151U, 0x5b5b5b5bU, 0xa6a6a6a6U,
+ 0xdedededeU, 0x48484848U, 0xa8a8a8a8U, 0x99999999U,
+ 0xdbdbdbdbU, 0x32323232U, 0xb7b7b7b7U, 0xfcfcfcfcU,
+ 0xe3e3e3e3U, 0x9e9e9e9eU, 0x91919191U, 0x9b9b9b9bU,
+ 0xe2e2e2e2U, 0xbbbbbbbbU, 0x41414141U, 0x6e6e6e6eU,
+ 0xa5a5a5a5U, 0xcbcbcbcbU, 0x6b6b6b6bU, 0x95959595U,
+ 0xa1a1a1a1U, 0xf3f3f3f3U, 0xb1b1b1b1U, 0x02020202U,
+ 0xccccccccU, 0xc4c4c4c4U, 0x1d1d1d1dU, 0x14141414U,
+ 0xc3c3c3c3U, 0x63636363U, 0xdadadadaU, 0x5d5d5d5dU,
+ 0x5f5f5f5fU, 0xdcdcdcdcU, 0x7d7d7d7dU, 0xcdcdcdcdU,
+ 0x7f7f7f7fU, 0x5a5a5a5aU, 0x6c6c6c6cU, 0x5c5c5c5cU,
+ 0xf7f7f7f7U, 0x26262626U, 0xffffffffU, 0xededededU,
+ 0xe8e8e8e8U, 0x9d9d9d9dU, 0x6f6f6f6fU, 0x8e8e8e8eU,
+ 0x19191919U, 0xa0a0a0a0U, 0xf0f0f0f0U, 0x89898989U,
+ 0x0f0f0f0fU, 0x07070707U, 0xafafafafU, 0xfbfbfbfbU,
+ 0x08080808U, 0x15151515U, 0x0d0d0d0dU, 0x04040404U,
+ 0x01010101U, 0x64646464U, 0xdfdfdfdfU, 0x76767676U,
+ 0x79797979U, 0xddddddddU, 0x3d3d3d3dU, 0x16161616U,
+ 0x3f3f3f3fU, 0x37373737U, 0x6d6d6d6dU, 0x38383838U,
+ 0xb9b9b9b9U, 0x73737373U, 0xe9e9e9e9U, 0x35353535U,
+ 0x55555555U, 0x71717171U, 0x7b7b7b7bU, 0x8c8c8c8cU,
+ 0x72727272U, 0x88888888U, 0xf6f6f6f6U, 0x2a2a2a2aU,
+ 0x3e3e3e3eU, 0x5e5e5e5eU, 0x27272727U, 0x46464646U,
+ 0x0c0c0c0cU, 0x65656565U, 0x68686868U, 0x61616161U,
+ 0x03030303U, 0xc1c1c1c1U, 0x57575757U, 0xd6d6d6d6U,
+ 0xd9d9d9d9U, 0x58585858U, 0xd8d8d8d8U, 0x66666666U,
+ 0xd7d7d7d7U, 0x3a3a3a3aU, 0xc8c8c8c8U, 0x3c3c3c3cU,
+ 0xfafafafaU, 0x96969696U, 0xa7a7a7a7U, 0x98989898U,
+ 0xececececU, 0xb8b8b8b8U, 0xc7c7c7c7U, 0xaeaeaeaeU,
+ 0x69696969U, 0x4b4b4b4bU, 0xababababU, 0xa9a9a9a9U,
+ 0x67676767U, 0x0a0a0a0aU, 0x47474747U, 0xf2f2f2f2U,
+ 0xb5b5b5b5U, 0x22222222U, 0xe5e5e5e5U, 0xeeeeeeeeU,
+ 0xbebebebeU, 0x2b2b2b2bU, 0x81818181U, 0x12121212U,
+ 0x83838383U, 0x1b1b1b1bU, 0x0e0e0e0eU, 0x23232323U,
+ 0xf5f5f5f5U, 0x45454545U, 0x21212121U, 0xcecececeU,
+ 0x49494949U, 0x2c2c2c2cU, 0xf9f9f9f9U, 0xe6e6e6e6U,
+ 0xb6b6b6b6U, 0x28282828U, 0x17171717U, 0x82828282U,
+ 0x1a1a1a1aU, 0x8b8b8b8bU, 0xfefefefeU, 0x8a8a8a8aU,
+ 0x09090909U, 0xc9c9c9c9U, 0x87878787U, 0x4e4e4e4eU,
+ 0xe1e1e1e1U, 0x2e2e2e2eU, 0xe4e4e4e4U, 0xe0e0e0e0U,
+ 0xebebebebU, 0x90909090U, 0xa4a4a4a4U, 0x1e1e1e1eU,
+ 0x85858585U, 0x60606060U, 0x00000000U, 0x25252525U,
+ 0xf4f4f4f4U, 0xf1f1f1f1U, 0x94949494U, 0x0b0b0b0bU,
+ 0xe7e7e7e7U, 0x75757575U, 0xefefefefU, 0x34343434U,
+ 0x31313131U, 0xd4d4d4d4U, 0xd0d0d0d0U, 0x86868686U,
+ 0x7e7e7e7eU, 0xadadadadU, 0xfdfdfdfdU, 0x29292929U,
+ 0x30303030U, 0x3b3b3b3bU, 0x9f9f9f9fU, 0xf8f8f8f8U,
+ 0xc6c6c6c6U, 0x13131313U, 0x06060606U, 0x05050505U,
+ 0xc5c5c5c5U, 0x11111111U, 0x77777777U, 0x7c7c7c7cU,
+ 0x7a7a7a7aU, 0x78787878U, 0x36363636U, 0x1c1c1c1cU,
+ 0x39393939U, 0x59595959U, 0x18181818U, 0x56565656U,
+ 0xb3b3b3b3U, 0xb0b0b0b0U, 0x24242424U, 0x20202020U,
+ 0xb2b2b2b2U, 0x92929292U, 0xa3a3a3a3U, 0xc0c0c0c0U,
+ 0x44444444U, 0x62626262U, 0x10101010U, 0xb4b4b4b4U,
+ 0x84848484U, 0x43434343U, 0x93939393U, 0xc2c2c2c2U,
+ 0x4a4a4a4aU, 0xbdbdbdbdU, 0x8f8f8f8fU, 0x2d2d2d2dU,
+ 0xbcbcbcbcU, 0x9c9c9c9cU, 0x6a6a6a6aU, 0x40404040U,
+ 0xcfcfcfcfU, 0xa2a2a2a2U, 0x80808080U, 0x4f4f4f4fU,
+ 0x1f1f1f1fU, 0xcacacacaU, 0xaaaaaaaaU, 0x42424242U,
+};
+
+static const ulong32 T5[256] = {
+ 0x00000000U, 0x01020608U, 0x02040c10U, 0x03060a18U,
+ 0x04081820U, 0x050a1e28U, 0x060c1430U, 0x070e1238U,
+ 0x08103040U, 0x09123648U, 0x0a143c50U, 0x0b163a58U,
+ 0x0c182860U, 0x0d1a2e68U, 0x0e1c2470U, 0x0f1e2278U,
+ 0x10206080U, 0x11226688U, 0x12246c90U, 0x13266a98U,
+ 0x142878a0U, 0x152a7ea8U, 0x162c74b0U, 0x172e72b8U,
+ 0x183050c0U, 0x193256c8U, 0x1a345cd0U, 0x1b365ad8U,
+ 0x1c3848e0U, 0x1d3a4ee8U, 0x1e3c44f0U, 0x1f3e42f8U,
+ 0x2040c01dU, 0x2142c615U, 0x2244cc0dU, 0x2346ca05U,
+ 0x2448d83dU, 0x254ade35U, 0x264cd42dU, 0x274ed225U,
+ 0x2850f05dU, 0x2952f655U, 0x2a54fc4dU, 0x2b56fa45U,
+ 0x2c58e87dU, 0x2d5aee75U, 0x2e5ce46dU, 0x2f5ee265U,
+ 0x3060a09dU, 0x3162a695U, 0x3264ac8dU, 0x3366aa85U,
+ 0x3468b8bdU, 0x356abeb5U, 0x366cb4adU, 0x376eb2a5U,
+ 0x387090ddU, 0x397296d5U, 0x3a749ccdU, 0x3b769ac5U,
+ 0x3c7888fdU, 0x3d7a8ef5U, 0x3e7c84edU, 0x3f7e82e5U,
+ 0x40809d3aU, 0x41829b32U, 0x4284912aU, 0x43869722U,
+ 0x4488851aU, 0x458a8312U, 0x468c890aU, 0x478e8f02U,
+ 0x4890ad7aU, 0x4992ab72U, 0x4a94a16aU, 0x4b96a762U,
+ 0x4c98b55aU, 0x4d9ab352U, 0x4e9cb94aU, 0x4f9ebf42U,
+ 0x50a0fdbaU, 0x51a2fbb2U, 0x52a4f1aaU, 0x53a6f7a2U,
+ 0x54a8e59aU, 0x55aae392U, 0x56ace98aU, 0x57aeef82U,
+ 0x58b0cdfaU, 0x59b2cbf2U, 0x5ab4c1eaU, 0x5bb6c7e2U,
+ 0x5cb8d5daU, 0x5dbad3d2U, 0x5ebcd9caU, 0x5fbedfc2U,
+ 0x60c05d27U, 0x61c25b2fU, 0x62c45137U, 0x63c6573fU,
+ 0x64c84507U, 0x65ca430fU, 0x66cc4917U, 0x67ce4f1fU,
+ 0x68d06d67U, 0x69d26b6fU, 0x6ad46177U, 0x6bd6677fU,
+ 0x6cd87547U, 0x6dda734fU, 0x6edc7957U, 0x6fde7f5fU,
+ 0x70e03da7U, 0x71e23bafU, 0x72e431b7U, 0x73e637bfU,
+ 0x74e82587U, 0x75ea238fU, 0x76ec2997U, 0x77ee2f9fU,
+ 0x78f00de7U, 0x79f20befU, 0x7af401f7U, 0x7bf607ffU,
+ 0x7cf815c7U, 0x7dfa13cfU, 0x7efc19d7U, 0x7ffe1fdfU,
+ 0x801d2774U, 0x811f217cU, 0x82192b64U, 0x831b2d6cU,
+ 0x84153f54U, 0x8517395cU, 0x86113344U, 0x8713354cU,
+ 0x880d1734U, 0x890f113cU, 0x8a091b24U, 0x8b0b1d2cU,
+ 0x8c050f14U, 0x8d07091cU, 0x8e010304U, 0x8f03050cU,
+ 0x903d47f4U, 0x913f41fcU, 0x92394be4U, 0x933b4decU,
+ 0x94355fd4U, 0x953759dcU, 0x963153c4U, 0x973355ccU,
+ 0x982d77b4U, 0x992f71bcU, 0x9a297ba4U, 0x9b2b7dacU,
+ 0x9c256f94U, 0x9d27699cU, 0x9e216384U, 0x9f23658cU,
+ 0xa05de769U, 0xa15fe161U, 0xa259eb79U, 0xa35bed71U,
+ 0xa455ff49U, 0xa557f941U, 0xa651f359U, 0xa753f551U,
+ 0xa84dd729U, 0xa94fd121U, 0xaa49db39U, 0xab4bdd31U,
+ 0xac45cf09U, 0xad47c901U, 0xae41c319U, 0xaf43c511U,
+ 0xb07d87e9U, 0xb17f81e1U, 0xb2798bf9U, 0xb37b8df1U,
+ 0xb4759fc9U, 0xb57799c1U, 0xb67193d9U, 0xb77395d1U,
+ 0xb86db7a9U, 0xb96fb1a1U, 0xba69bbb9U, 0xbb6bbdb1U,
+ 0xbc65af89U, 0xbd67a981U, 0xbe61a399U, 0xbf63a591U,
+ 0xc09dba4eU, 0xc19fbc46U, 0xc299b65eU, 0xc39bb056U,
+ 0xc495a26eU, 0xc597a466U, 0xc691ae7eU, 0xc793a876U,
+ 0xc88d8a0eU, 0xc98f8c06U, 0xca89861eU, 0xcb8b8016U,
+ 0xcc85922eU, 0xcd879426U, 0xce819e3eU, 0xcf839836U,
+ 0xd0bddaceU, 0xd1bfdcc6U, 0xd2b9d6deU, 0xd3bbd0d6U,
+ 0xd4b5c2eeU, 0xd5b7c4e6U, 0xd6b1cefeU, 0xd7b3c8f6U,
+ 0xd8adea8eU, 0xd9afec86U, 0xdaa9e69eU, 0xdbabe096U,
+ 0xdca5f2aeU, 0xdda7f4a6U, 0xdea1febeU, 0xdfa3f8b6U,
+ 0xe0dd7a53U, 0xe1df7c5bU, 0xe2d97643U, 0xe3db704bU,
+ 0xe4d56273U, 0xe5d7647bU, 0xe6d16e63U, 0xe7d3686bU,
+ 0xe8cd4a13U, 0xe9cf4c1bU, 0xeac94603U, 0xebcb400bU,
+ 0xecc55233U, 0xedc7543bU, 0xeec15e23U, 0xefc3582bU,
+ 0xf0fd1ad3U, 0xf1ff1cdbU, 0xf2f916c3U, 0xf3fb10cbU,
+ 0xf4f502f3U, 0xf5f704fbU, 0xf6f10ee3U, 0xf7f308ebU,
+ 0xf8ed2a93U, 0xf9ef2c9bU, 0xfae92683U, 0xfbeb208bU,
+ 0xfce532b3U, 0xfde734bbU, 0xfee13ea3U, 0xffe338abU,
+};
+
+/**
+ * The round constants.
+ */
+static const ulong32 rc[] = {
+ 0xba542f74U, 0x53d3d24dU, 0x50ac8dbfU, 0x70529a4cU,
+ 0xead597d1U, 0x33515ba6U, 0xde48a899U, 0xdb32b7fcU,
+ 0xe39e919bU, 0xe2bb416eU, 0xa5cb6b95U, 0xa1f3b102U,
+ 0xccc41d14U, 0xc363da5dU, 0x5fdc7dcdU, 0x7f5a6c5cU,
+ 0xf726ffedU, 0xe89d6f8eU, 0x19a0f089U,
+};
+
+
+
+#else
+
+
+static const ulong32 T0[256] = {
+ 0xa753a6f5U, 0xd3bb6bd0U, 0xe6d1bf6eU, 0x71e2d93bU,
+ 0xd0bd67daU, 0xac458acfU, 0x4d9a29b3U, 0x79f2f90bU,
+ 0x3a74e89cU, 0xc98f038cU, 0x913f7e41U, 0xfce5d732U,
+ 0x1e3c7844U, 0x478e018fU, 0x54a84de5U, 0xbd67cea9U,
+ 0x8c050a0fU, 0xa557aef9U, 0x7af4f501U, 0xfbebcb20U,
+ 0x63c69157U, 0xb86ddab7U, 0xdda753f4U, 0xd4b577c2U,
+ 0xe5d7b364U, 0xb37bf68dU, 0xc59733a4U, 0xbe61c2a3U,
+ 0xa94f9ed1U, 0x880d1a17U, 0x0c183028U, 0xa259b2ebU,
+ 0x3972e496U, 0xdfa35bf8U, 0x2952a4f6U, 0xdaa94fe6U,
+ 0x2b56acfaU, 0xa84d9ad7U, 0xcb8b0b80U, 0x4c982db5U,
+ 0x4b9631a7U, 0x224488ccU, 0xaa4992dbU, 0x244890d8U,
+ 0x4182199bU, 0x70e0dd3dU, 0xa651a2f3U, 0xf9efc32cU,
+ 0x5ab475c1U, 0xe2d9af76U, 0xb07dfa87U, 0x366cd8b4U,
+ 0x7dfae913U, 0xe4d5b762U, 0x3366ccaaU, 0xffe3db38U,
+ 0x60c09d5dU, 0x204080c0U, 0x08102030U, 0x8b0b161dU,
+ 0x5ebc65d9U, 0xab4b96ddU, 0x7ffee11fU, 0x78f0fd0dU,
+ 0x7cf8ed15U, 0x2c58b0e8U, 0x57ae41efU, 0xd2b96fd6U,
+ 0xdca557f2U, 0x6ddaa973U, 0x7efce519U, 0x0d1a342eU,
+ 0x53a651f7U, 0x94356a5fU, 0xc39b2bb0U, 0x2850a0f0U,
+ 0x274e9cd2U, 0x060c1814U, 0x5fbe61dfU, 0xad478ec9U,
+ 0x67ce814fU, 0x5cb86dd5U, 0x55aa49e3U, 0x48903dadU,
+ 0x0e1c3824U, 0x52a455f1U, 0xeac98f46U, 0x42841591U,
+ 0x5bb671c7U, 0x5dba69d3U, 0x3060c0a0U, 0x58b07dcdU,
+ 0x51a259fbU, 0x59b279cbU, 0x3c78f088U, 0x4e9c25b9U,
+ 0x3870e090U, 0x8a09121bU, 0x72e4d531U, 0x14285078U,
+ 0xe7d3bb68U, 0xc6913faeU, 0xdea15ffeU, 0x50a05dfdU,
+ 0x8e010203U, 0x9239724bU, 0xd1bf63dcU, 0x77eec12fU,
+ 0x933b764dU, 0x458a0983U, 0x9a29527bU, 0xce811f9eU,
+ 0x2d5ab4eeU, 0x03060c0aU, 0x62c49551U, 0xb671e293U,
+ 0xb96fdeb1U, 0xbf63c6a5U, 0x96316253U, 0x6bd6b167U,
+ 0x3f7efc82U, 0x070e1c12U, 0x1224486cU, 0xae4182c3U,
+ 0x40801d9dU, 0x3468d0b8U, 0x468c0589U, 0x3e7cf884U,
+ 0xdbab4be0U, 0xcf831b98U, 0xecc59752U, 0xcc851792U,
+ 0xc19f23bcU, 0xa15fbee1U, 0xc09d27baU, 0xd6b17fceU,
+ 0x1d3a744eU, 0xf4f5f702U, 0x61c2995bU, 0x3b76ec9aU,
+ 0x10204060U, 0xd8ad47eaU, 0x68d0bd6dU, 0xa05dbae7U,
+ 0xb17ffe81U, 0x0a14283cU, 0x69d2b96bU, 0x6cd8ad75U,
+ 0x499239abU, 0xfae9cf26U, 0x76ecc529U, 0xc49537a2U,
+ 0x9e214263U, 0x9b2b567dU, 0x6edca579U, 0x992f5e71U,
+ 0xc2992fb6U, 0xb773e695U, 0x982d5a77U, 0xbc65caafU,
+ 0x8f030605U, 0x85172e39U, 0x1f3e7c42U, 0xb475ea9fU,
+ 0xf8edc72aU, 0x11224466U, 0x2e5cb8e4U, 0x00000000U,
+ 0x254a94deU, 0x1c387048U, 0x2a54a8fcU, 0x3d7af48eU,
+ 0x050a141eU, 0x4f9e21bfU, 0x7bf6f107U, 0xb279f28bU,
+ 0x3264c8acU, 0x903d7a47U, 0xaf4386c5U, 0x19326456U,
+ 0xa35bb6edU, 0xf7f3fb08U, 0x73e6d137U, 0x9d274e69U,
+ 0x152a547eU, 0x74e8cd25U, 0xeec19f5eU, 0xca890f86U,
+ 0x9f234665U, 0x0f1e3c22U, 0x1b366c5aU, 0x75eac923U,
+ 0x86112233U, 0x84152a3fU, 0x9c254a6fU, 0x4a9435a1U,
+ 0x97336655U, 0x1a34685cU, 0x65ca8943U, 0xf6f1ff0eU,
+ 0xedc79354U, 0x09122436U, 0xbb6bd6bdU, 0x264c98d4U,
+ 0x831b362dU, 0xebcb8b40U, 0x6fdea17fU, 0x811f3e21U,
+ 0x04081018U, 0x6ad4b561U, 0x43861197U, 0x01020406U,
+ 0x172e5c72U, 0xe1dfa37cU, 0x87132635U, 0xf5f7f304U,
+ 0x8d070e09U, 0xe3dbab70U, 0x23468ccaU, 0x801d3a27U,
+ 0x44880d85U, 0x162c5874U, 0x66cc8549U, 0x214284c6U,
+ 0xfee1df3eU, 0xd5b773c4U, 0x3162c4a6U, 0xd9af43ecU,
+ 0x356ad4beU, 0x18306050U, 0x0204080cU, 0x64c88d45U,
+ 0xf2f9ef16U, 0xf1ffe31cU, 0x56ac45e9U, 0xcd871394U,
+ 0x8219322bU, 0xc88d078aU, 0xba69d2bbU, 0xf0fde71aU,
+ 0xefc39b58U, 0xe9cf834cU, 0xe8cd874aU, 0xfde7d334U,
+ 0x890f1e11U, 0xd7b37bc8U, 0xc7933ba8U, 0xb577ee99U,
+ 0xa455aaffU, 0x2f5ebce2U, 0x95376e59U, 0x13264c6aU,
+ 0x0b162c3aU, 0xf3fbeb10U, 0xe0dda77aU, 0x376edcb2U,
+};
+
+static const ulong32 T1[256] = {
+ 0x53a7f5a6U, 0xbbd3d06bU, 0xd1e66ebfU, 0xe2713bd9U,
+ 0xbdd0da67U, 0x45accf8aU, 0x9a4db329U, 0xf2790bf9U,
+ 0x743a9ce8U, 0x8fc98c03U, 0x3f91417eU, 0xe5fc32d7U,
+ 0x3c1e4478U, 0x8e478f01U, 0xa854e54dU, 0x67bda9ceU,
+ 0x058c0f0aU, 0x57a5f9aeU, 0xf47a01f5U, 0xebfb20cbU,
+ 0xc6635791U, 0x6db8b7daU, 0xa7ddf453U, 0xb5d4c277U,
+ 0xd7e564b3U, 0x7bb38df6U, 0x97c5a433U, 0x61bea3c2U,
+ 0x4fa9d19eU, 0x0d88171aU, 0x180c2830U, 0x59a2ebb2U,
+ 0x723996e4U, 0xa3dff85bU, 0x5229f6a4U, 0xa9dae64fU,
+ 0x562bfaacU, 0x4da8d79aU, 0x8bcb800bU, 0x984cb52dU,
+ 0x964ba731U, 0x4422cc88U, 0x49aadb92U, 0x4824d890U,
+ 0x82419b19U, 0xe0703dddU, 0x51a6f3a2U, 0xeff92cc3U,
+ 0xb45ac175U, 0xd9e276afU, 0x7db087faU, 0x6c36b4d8U,
+ 0xfa7d13e9U, 0xd5e462b7U, 0x6633aaccU, 0xe3ff38dbU,
+ 0xc0605d9dU, 0x4020c080U, 0x10083020U, 0x0b8b1d16U,
+ 0xbc5ed965U, 0x4babdd96U, 0xfe7f1fe1U, 0xf0780dfdU,
+ 0xf87c15edU, 0x582ce8b0U, 0xae57ef41U, 0xb9d2d66fU,
+ 0xa5dcf257U, 0xda6d73a9U, 0xfc7e19e5U, 0x1a0d2e34U,
+ 0xa653f751U, 0x35945f6aU, 0x9bc3b02bU, 0x5028f0a0U,
+ 0x4e27d29cU, 0x0c061418U, 0xbe5fdf61U, 0x47adc98eU,
+ 0xce674f81U, 0xb85cd56dU, 0xaa55e349U, 0x9048ad3dU,
+ 0x1c0e2438U, 0xa452f155U, 0xc9ea468fU, 0x84429115U,
+ 0xb65bc771U, 0xba5dd369U, 0x6030a0c0U, 0xb058cd7dU,
+ 0xa251fb59U, 0xb259cb79U, 0x783c88f0U, 0x9c4eb925U,
+ 0x703890e0U, 0x098a1b12U, 0xe47231d5U, 0x28147850U,
+ 0xd3e768bbU, 0x91c6ae3fU, 0xa1defe5fU, 0xa050fd5dU,
+ 0x018e0302U, 0x39924b72U, 0xbfd1dc63U, 0xee772fc1U,
+ 0x3b934d76U, 0x8a458309U, 0x299a7b52U, 0x81ce9e1fU,
+ 0x5a2deeb4U, 0x06030a0cU, 0xc4625195U, 0x71b693e2U,
+ 0x6fb9b1deU, 0x63bfa5c6U, 0x31965362U, 0xd66b67b1U,
+ 0x7e3f82fcU, 0x0e07121cU, 0x24126c48U, 0x41aec382U,
+ 0x80409d1dU, 0x6834b8d0U, 0x8c468905U, 0x7c3e84f8U,
+ 0xabdbe04bU, 0x83cf981bU, 0xc5ec5297U, 0x85cc9217U,
+ 0x9fc1bc23U, 0x5fa1e1beU, 0x9dc0ba27U, 0xb1d6ce7fU,
+ 0x3a1d4e74U, 0xf5f402f7U, 0xc2615b99U, 0x763b9aecU,
+ 0x20106040U, 0xadd8ea47U, 0xd0686dbdU, 0x5da0e7baU,
+ 0x7fb181feU, 0x140a3c28U, 0xd2696bb9U, 0xd86c75adU,
+ 0x9249ab39U, 0xe9fa26cfU, 0xec7629c5U, 0x95c4a237U,
+ 0x219e6342U, 0x2b9b7d56U, 0xdc6e79a5U, 0x2f99715eU,
+ 0x99c2b62fU, 0x73b795e6U, 0x2d98775aU, 0x65bcafcaU,
+ 0x038f0506U, 0x1785392eU, 0x3e1f427cU, 0x75b49feaU,
+ 0xedf82ac7U, 0x22116644U, 0x5c2ee4b8U, 0x00000000U,
+ 0x4a25de94U, 0x381c4870U, 0x542afca8U, 0x7a3d8ef4U,
+ 0x0a051e14U, 0x9e4fbf21U, 0xf67b07f1U, 0x79b28bf2U,
+ 0x6432acc8U, 0x3d90477aU, 0x43afc586U, 0x32195664U,
+ 0x5ba3edb6U, 0xf3f708fbU, 0xe67337d1U, 0x279d694eU,
+ 0x2a157e54U, 0xe87425cdU, 0xc1ee5e9fU, 0x89ca860fU,
+ 0x239f6546U, 0x1e0f223cU, 0x361b5a6cU, 0xea7523c9U,
+ 0x11863322U, 0x15843f2aU, 0x259c6f4aU, 0x944aa135U,
+ 0x33975566U, 0x341a5c68U, 0xca654389U, 0xf1f60effU,
+ 0xc7ed5493U, 0x12093624U, 0x6bbbbdd6U, 0x4c26d498U,
+ 0x1b832d36U, 0xcbeb408bU, 0xde6f7fa1U, 0x1f81213eU,
+ 0x08041810U, 0xd46a61b5U, 0x86439711U, 0x02010604U,
+ 0x2e17725cU, 0xdfe17ca3U, 0x13873526U, 0xf7f504f3U,
+ 0x078d090eU, 0xdbe370abU, 0x4623ca8cU, 0x1d80273aU,
+ 0x8844850dU, 0x2c167458U, 0xcc664985U, 0x4221c684U,
+ 0xe1fe3edfU, 0xb7d5c473U, 0x6231a6c4U, 0xafd9ec43U,
+ 0x6a35bed4U, 0x30185060U, 0x04020c08U, 0xc864458dU,
+ 0xf9f216efU, 0xfff11ce3U, 0xac56e945U, 0x87cd9413U,
+ 0x19822b32U, 0x8dc88a07U, 0x69babbd2U, 0xfdf01ae7U,
+ 0xc3ef589bU, 0xcfe94c83U, 0xcde84a87U, 0xe7fd34d3U,
+ 0x0f89111eU, 0xb3d7c87bU, 0x93c7a83bU, 0x77b599eeU,
+ 0x55a4ffaaU, 0x5e2fe2bcU, 0x3795596eU, 0x26136a4cU,
+ 0x160b3a2cU, 0xfbf310ebU, 0xdde07aa7U, 0x6e37b2dcU,
+};
+
+static const ulong32 T2[256] = {
+ 0xa6f5a753U, 0x6bd0d3bbU, 0xbf6ee6d1U, 0xd93b71e2U,
+ 0x67dad0bdU, 0x8acfac45U, 0x29b34d9aU, 0xf90b79f2U,
+ 0xe89c3a74U, 0x038cc98fU, 0x7e41913fU, 0xd732fce5U,
+ 0x78441e3cU, 0x018f478eU, 0x4de554a8U, 0xcea9bd67U,
+ 0x0a0f8c05U, 0xaef9a557U, 0xf5017af4U, 0xcb20fbebU,
+ 0x915763c6U, 0xdab7b86dU, 0x53f4dda7U, 0x77c2d4b5U,
+ 0xb364e5d7U, 0xf68db37bU, 0x33a4c597U, 0xc2a3be61U,
+ 0x9ed1a94fU, 0x1a17880dU, 0x30280c18U, 0xb2eba259U,
+ 0xe4963972U, 0x5bf8dfa3U, 0xa4f62952U, 0x4fe6daa9U,
+ 0xacfa2b56U, 0x9ad7a84dU, 0x0b80cb8bU, 0x2db54c98U,
+ 0x31a74b96U, 0x88cc2244U, 0x92dbaa49U, 0x90d82448U,
+ 0x199b4182U, 0xdd3d70e0U, 0xa2f3a651U, 0xc32cf9efU,
+ 0x75c15ab4U, 0xaf76e2d9U, 0xfa87b07dU, 0xd8b4366cU,
+ 0xe9137dfaU, 0xb762e4d5U, 0xccaa3366U, 0xdb38ffe3U,
+ 0x9d5d60c0U, 0x80c02040U, 0x20300810U, 0x161d8b0bU,
+ 0x65d95ebcU, 0x96ddab4bU, 0xe11f7ffeU, 0xfd0d78f0U,
+ 0xed157cf8U, 0xb0e82c58U, 0x41ef57aeU, 0x6fd6d2b9U,
+ 0x57f2dca5U, 0xa9736ddaU, 0xe5197efcU, 0x342e0d1aU,
+ 0x51f753a6U, 0x6a5f9435U, 0x2bb0c39bU, 0xa0f02850U,
+ 0x9cd2274eU, 0x1814060cU, 0x61df5fbeU, 0x8ec9ad47U,
+ 0x814f67ceU, 0x6dd55cb8U, 0x49e355aaU, 0x3dad4890U,
+ 0x38240e1cU, 0x55f152a4U, 0x8f46eac9U, 0x15914284U,
+ 0x71c75bb6U, 0x69d35dbaU, 0xc0a03060U, 0x7dcd58b0U,
+ 0x59fb51a2U, 0x79cb59b2U, 0xf0883c78U, 0x25b94e9cU,
+ 0xe0903870U, 0x121b8a09U, 0xd53172e4U, 0x50781428U,
+ 0xbb68e7d3U, 0x3faec691U, 0x5ffedea1U, 0x5dfd50a0U,
+ 0x02038e01U, 0x724b9239U, 0x63dcd1bfU, 0xc12f77eeU,
+ 0x764d933bU, 0x0983458aU, 0x527b9a29U, 0x1f9ece81U,
+ 0xb4ee2d5aU, 0x0c0a0306U, 0x955162c4U, 0xe293b671U,
+ 0xdeb1b96fU, 0xc6a5bf63U, 0x62539631U, 0xb1676bd6U,
+ 0xfc823f7eU, 0x1c12070eU, 0x486c1224U, 0x82c3ae41U,
+ 0x1d9d4080U, 0xd0b83468U, 0x0589468cU, 0xf8843e7cU,
+ 0x4be0dbabU, 0x1b98cf83U, 0x9752ecc5U, 0x1792cc85U,
+ 0x23bcc19fU, 0xbee1a15fU, 0x27bac09dU, 0x7fced6b1U,
+ 0x744e1d3aU, 0xf702f4f5U, 0x995b61c2U, 0xec9a3b76U,
+ 0x40601020U, 0x47ead8adU, 0xbd6d68d0U, 0xbae7a05dU,
+ 0xfe81b17fU, 0x283c0a14U, 0xb96b69d2U, 0xad756cd8U,
+ 0x39ab4992U, 0xcf26fae9U, 0xc52976ecU, 0x37a2c495U,
+ 0x42639e21U, 0x567d9b2bU, 0xa5796edcU, 0x5e71992fU,
+ 0x2fb6c299U, 0xe695b773U, 0x5a77982dU, 0xcaafbc65U,
+ 0x06058f03U, 0x2e398517U, 0x7c421f3eU, 0xea9fb475U,
+ 0xc72af8edU, 0x44661122U, 0xb8e42e5cU, 0x00000000U,
+ 0x94de254aU, 0x70481c38U, 0xa8fc2a54U, 0xf48e3d7aU,
+ 0x141e050aU, 0x21bf4f9eU, 0xf1077bf6U, 0xf28bb279U,
+ 0xc8ac3264U, 0x7a47903dU, 0x86c5af43U, 0x64561932U,
+ 0xb6eda35bU, 0xfb08f7f3U, 0xd13773e6U, 0x4e699d27U,
+ 0x547e152aU, 0xcd2574e8U, 0x9f5eeec1U, 0x0f86ca89U,
+ 0x46659f23U, 0x3c220f1eU, 0x6c5a1b36U, 0xc92375eaU,
+ 0x22338611U, 0x2a3f8415U, 0x4a6f9c25U, 0x35a14a94U,
+ 0x66559733U, 0x685c1a34U, 0x894365caU, 0xff0ef6f1U,
+ 0x9354edc7U, 0x24360912U, 0xd6bdbb6bU, 0x98d4264cU,
+ 0x362d831bU, 0x8b40ebcbU, 0xa17f6fdeU, 0x3e21811fU,
+ 0x10180408U, 0xb5616ad4U, 0x11974386U, 0x04060102U,
+ 0x5c72172eU, 0xa37ce1dfU, 0x26358713U, 0xf304f5f7U,
+ 0x0e098d07U, 0xab70e3dbU, 0x8cca2346U, 0x3a27801dU,
+ 0x0d854488U, 0x5874162cU, 0x854966ccU, 0x84c62142U,
+ 0xdf3efee1U, 0x73c4d5b7U, 0xc4a63162U, 0x43ecd9afU,
+ 0xd4be356aU, 0x60501830U, 0x080c0204U, 0x8d4564c8U,
+ 0xef16f2f9U, 0xe31cf1ffU, 0x45e956acU, 0x1394cd87U,
+ 0x322b8219U, 0x078ac88dU, 0xd2bbba69U, 0xe71af0fdU,
+ 0x9b58efc3U, 0x834ce9cfU, 0x874ae8cdU, 0xd334fde7U,
+ 0x1e11890fU, 0x7bc8d7b3U, 0x3ba8c793U, 0xee99b577U,
+ 0xaaffa455U, 0xbce22f5eU, 0x6e599537U, 0x4c6a1326U,
+ 0x2c3a0b16U, 0xeb10f3fbU, 0xa77ae0ddU, 0xdcb2376eU,
+};
+
+static const ulong32 T3[256] = {
+ 0xf5a653a7U, 0xd06bbbd3U, 0x6ebfd1e6U, 0x3bd9e271U,
+ 0xda67bdd0U, 0xcf8a45acU, 0xb3299a4dU, 0x0bf9f279U,
+ 0x9ce8743aU, 0x8c038fc9U, 0x417e3f91U, 0x32d7e5fcU,
+ 0x44783c1eU, 0x8f018e47U, 0xe54da854U, 0xa9ce67bdU,
+ 0x0f0a058cU, 0xf9ae57a5U, 0x01f5f47aU, 0x20cbebfbU,
+ 0x5791c663U, 0xb7da6db8U, 0xf453a7ddU, 0xc277b5d4U,
+ 0x64b3d7e5U, 0x8df67bb3U, 0xa43397c5U, 0xa3c261beU,
+ 0xd19e4fa9U, 0x171a0d88U, 0x2830180cU, 0xebb259a2U,
+ 0x96e47239U, 0xf85ba3dfU, 0xf6a45229U, 0xe64fa9daU,
+ 0xfaac562bU, 0xd79a4da8U, 0x800b8bcbU, 0xb52d984cU,
+ 0xa731964bU, 0xcc884422U, 0xdb9249aaU, 0xd8904824U,
+ 0x9b198241U, 0x3ddde070U, 0xf3a251a6U, 0x2cc3eff9U,
+ 0xc175b45aU, 0x76afd9e2U, 0x87fa7db0U, 0xb4d86c36U,
+ 0x13e9fa7dU, 0x62b7d5e4U, 0xaacc6633U, 0x38dbe3ffU,
+ 0x5d9dc060U, 0xc0804020U, 0x30201008U, 0x1d160b8bU,
+ 0xd965bc5eU, 0xdd964babU, 0x1fe1fe7fU, 0x0dfdf078U,
+ 0x15edf87cU, 0xe8b0582cU, 0xef41ae57U, 0xd66fb9d2U,
+ 0xf257a5dcU, 0x73a9da6dU, 0x19e5fc7eU, 0x2e341a0dU,
+ 0xf751a653U, 0x5f6a3594U, 0xb02b9bc3U, 0xf0a05028U,
+ 0xd29c4e27U, 0x14180c06U, 0xdf61be5fU, 0xc98e47adU,
+ 0x4f81ce67U, 0xd56db85cU, 0xe349aa55U, 0xad3d9048U,
+ 0x24381c0eU, 0xf155a452U, 0x468fc9eaU, 0x91158442U,
+ 0xc771b65bU, 0xd369ba5dU, 0xa0c06030U, 0xcd7db058U,
+ 0xfb59a251U, 0xcb79b259U, 0x88f0783cU, 0xb9259c4eU,
+ 0x90e07038U, 0x1b12098aU, 0x31d5e472U, 0x78502814U,
+ 0x68bbd3e7U, 0xae3f91c6U, 0xfe5fa1deU, 0xfd5da050U,
+ 0x0302018eU, 0x4b723992U, 0xdc63bfd1U, 0x2fc1ee77U,
+ 0x4d763b93U, 0x83098a45U, 0x7b52299aU, 0x9e1f81ceU,
+ 0xeeb45a2dU, 0x0a0c0603U, 0x5195c462U, 0x93e271b6U,
+ 0xb1de6fb9U, 0xa5c663bfU, 0x53623196U, 0x67b1d66bU,
+ 0x82fc7e3fU, 0x121c0e07U, 0x6c482412U, 0xc38241aeU,
+ 0x9d1d8040U, 0xb8d06834U, 0x89058c46U, 0x84f87c3eU,
+ 0xe04babdbU, 0x981b83cfU, 0x5297c5ecU, 0x921785ccU,
+ 0xbc239fc1U, 0xe1be5fa1U, 0xba279dc0U, 0xce7fb1d6U,
+ 0x4e743a1dU, 0x02f7f5f4U, 0x5b99c261U, 0x9aec763bU,
+ 0x60402010U, 0xea47add8U, 0x6dbdd068U, 0xe7ba5da0U,
+ 0x81fe7fb1U, 0x3c28140aU, 0x6bb9d269U, 0x75add86cU,
+ 0xab399249U, 0x26cfe9faU, 0x29c5ec76U, 0xa23795c4U,
+ 0x6342219eU, 0x7d562b9bU, 0x79a5dc6eU, 0x715e2f99U,
+ 0xb62f99c2U, 0x95e673b7U, 0x775a2d98U, 0xafca65bcU,
+ 0x0506038fU, 0x392e1785U, 0x427c3e1fU, 0x9fea75b4U,
+ 0x2ac7edf8U, 0x66442211U, 0xe4b85c2eU, 0x00000000U,
+ 0xde944a25U, 0x4870381cU, 0xfca8542aU, 0x8ef47a3dU,
+ 0x1e140a05U, 0xbf219e4fU, 0x07f1f67bU, 0x8bf279b2U,
+ 0xacc86432U, 0x477a3d90U, 0xc58643afU, 0x56643219U,
+ 0xedb65ba3U, 0x08fbf3f7U, 0x37d1e673U, 0x694e279dU,
+ 0x7e542a15U, 0x25cde874U, 0x5e9fc1eeU, 0x860f89caU,
+ 0x6546239fU, 0x223c1e0fU, 0x5a6c361bU, 0x23c9ea75U,
+ 0x33221186U, 0x3f2a1584U, 0x6f4a259cU, 0xa135944aU,
+ 0x55663397U, 0x5c68341aU, 0x4389ca65U, 0x0efff1f6U,
+ 0x5493c7edU, 0x36241209U, 0xbdd66bbbU, 0xd4984c26U,
+ 0x2d361b83U, 0x408bcbebU, 0x7fa1de6fU, 0x213e1f81U,
+ 0x18100804U, 0x61b5d46aU, 0x97118643U, 0x06040201U,
+ 0x725c2e17U, 0x7ca3dfe1U, 0x35261387U, 0x04f3f7f5U,
+ 0x090e078dU, 0x70abdbe3U, 0xca8c4623U, 0x273a1d80U,
+ 0x850d8844U, 0x74582c16U, 0x4985cc66U, 0xc6844221U,
+ 0x3edfe1feU, 0xc473b7d5U, 0xa6c46231U, 0xec43afd9U,
+ 0xbed46a35U, 0x50603018U, 0x0c080402U, 0x458dc864U,
+ 0x16eff9f2U, 0x1ce3fff1U, 0xe945ac56U, 0x941387cdU,
+ 0x2b321982U, 0x8a078dc8U, 0xbbd269baU, 0x1ae7fdf0U,
+ 0x589bc3efU, 0x4c83cfe9U, 0x4a87cde8U, 0x34d3e7fdU,
+ 0x111e0f89U, 0xc87bb3d7U, 0xa83b93c7U, 0x99ee77b5U,
+ 0xffaa55a4U, 0xe2bc5e2fU, 0x596e3795U, 0x6a4c2613U,
+ 0x3a2c160bU, 0x10ebfbf3U, 0x7aa7dde0U, 0xb2dc6e37U,
+};
+
+static const ulong32 T4[256] = {
+ 0xa7a7a7a7U, 0xd3d3d3d3U, 0xe6e6e6e6U, 0x71717171U,
+ 0xd0d0d0d0U, 0xacacacacU, 0x4d4d4d4dU, 0x79797979U,
+ 0x3a3a3a3aU, 0xc9c9c9c9U, 0x91919191U, 0xfcfcfcfcU,
+ 0x1e1e1e1eU, 0x47474747U, 0x54545454U, 0xbdbdbdbdU,
+ 0x8c8c8c8cU, 0xa5a5a5a5U, 0x7a7a7a7aU, 0xfbfbfbfbU,
+ 0x63636363U, 0xb8b8b8b8U, 0xddddddddU, 0xd4d4d4d4U,
+ 0xe5e5e5e5U, 0xb3b3b3b3U, 0xc5c5c5c5U, 0xbebebebeU,
+ 0xa9a9a9a9U, 0x88888888U, 0x0c0c0c0cU, 0xa2a2a2a2U,
+ 0x39393939U, 0xdfdfdfdfU, 0x29292929U, 0xdadadadaU,
+ 0x2b2b2b2bU, 0xa8a8a8a8U, 0xcbcbcbcbU, 0x4c4c4c4cU,
+ 0x4b4b4b4bU, 0x22222222U, 0xaaaaaaaaU, 0x24242424U,
+ 0x41414141U, 0x70707070U, 0xa6a6a6a6U, 0xf9f9f9f9U,
+ 0x5a5a5a5aU, 0xe2e2e2e2U, 0xb0b0b0b0U, 0x36363636U,
+ 0x7d7d7d7dU, 0xe4e4e4e4U, 0x33333333U, 0xffffffffU,
+ 0x60606060U, 0x20202020U, 0x08080808U, 0x8b8b8b8bU,
+ 0x5e5e5e5eU, 0xababababU, 0x7f7f7f7fU, 0x78787878U,
+ 0x7c7c7c7cU, 0x2c2c2c2cU, 0x57575757U, 0xd2d2d2d2U,
+ 0xdcdcdcdcU, 0x6d6d6d6dU, 0x7e7e7e7eU, 0x0d0d0d0dU,
+ 0x53535353U, 0x94949494U, 0xc3c3c3c3U, 0x28282828U,
+ 0x27272727U, 0x06060606U, 0x5f5f5f5fU, 0xadadadadU,
+ 0x67676767U, 0x5c5c5c5cU, 0x55555555U, 0x48484848U,
+ 0x0e0e0e0eU, 0x52525252U, 0xeaeaeaeaU, 0x42424242U,
+ 0x5b5b5b5bU, 0x5d5d5d5dU, 0x30303030U, 0x58585858U,
+ 0x51515151U, 0x59595959U, 0x3c3c3c3cU, 0x4e4e4e4eU,
+ 0x38383838U, 0x8a8a8a8aU, 0x72727272U, 0x14141414U,
+ 0xe7e7e7e7U, 0xc6c6c6c6U, 0xdedededeU, 0x50505050U,
+ 0x8e8e8e8eU, 0x92929292U, 0xd1d1d1d1U, 0x77777777U,
+ 0x93939393U, 0x45454545U, 0x9a9a9a9aU, 0xcecececeU,
+ 0x2d2d2d2dU, 0x03030303U, 0x62626262U, 0xb6b6b6b6U,
+ 0xb9b9b9b9U, 0xbfbfbfbfU, 0x96969696U, 0x6b6b6b6bU,
+ 0x3f3f3f3fU, 0x07070707U, 0x12121212U, 0xaeaeaeaeU,
+ 0x40404040U, 0x34343434U, 0x46464646U, 0x3e3e3e3eU,
+ 0xdbdbdbdbU, 0xcfcfcfcfU, 0xececececU, 0xccccccccU,
+ 0xc1c1c1c1U, 0xa1a1a1a1U, 0xc0c0c0c0U, 0xd6d6d6d6U,
+ 0x1d1d1d1dU, 0xf4f4f4f4U, 0x61616161U, 0x3b3b3b3bU,
+ 0x10101010U, 0xd8d8d8d8U, 0x68686868U, 0xa0a0a0a0U,
+ 0xb1b1b1b1U, 0x0a0a0a0aU, 0x69696969U, 0x6c6c6c6cU,
+ 0x49494949U, 0xfafafafaU, 0x76767676U, 0xc4c4c4c4U,
+ 0x9e9e9e9eU, 0x9b9b9b9bU, 0x6e6e6e6eU, 0x99999999U,
+ 0xc2c2c2c2U, 0xb7b7b7b7U, 0x98989898U, 0xbcbcbcbcU,
+ 0x8f8f8f8fU, 0x85858585U, 0x1f1f1f1fU, 0xb4b4b4b4U,
+ 0xf8f8f8f8U, 0x11111111U, 0x2e2e2e2eU, 0x00000000U,
+ 0x25252525U, 0x1c1c1c1cU, 0x2a2a2a2aU, 0x3d3d3d3dU,
+ 0x05050505U, 0x4f4f4f4fU, 0x7b7b7b7bU, 0xb2b2b2b2U,
+ 0x32323232U, 0x90909090U, 0xafafafafU, 0x19191919U,
+ 0xa3a3a3a3U, 0xf7f7f7f7U, 0x73737373U, 0x9d9d9d9dU,
+ 0x15151515U, 0x74747474U, 0xeeeeeeeeU, 0xcacacacaU,
+ 0x9f9f9f9fU, 0x0f0f0f0fU, 0x1b1b1b1bU, 0x75757575U,
+ 0x86868686U, 0x84848484U, 0x9c9c9c9cU, 0x4a4a4a4aU,
+ 0x97979797U, 0x1a1a1a1aU, 0x65656565U, 0xf6f6f6f6U,
+ 0xededededU, 0x09090909U, 0xbbbbbbbbU, 0x26262626U,
+ 0x83838383U, 0xebebebebU, 0x6f6f6f6fU, 0x81818181U,
+ 0x04040404U, 0x6a6a6a6aU, 0x43434343U, 0x01010101U,
+ 0x17171717U, 0xe1e1e1e1U, 0x87878787U, 0xf5f5f5f5U,
+ 0x8d8d8d8dU, 0xe3e3e3e3U, 0x23232323U, 0x80808080U,
+ 0x44444444U, 0x16161616U, 0x66666666U, 0x21212121U,
+ 0xfefefefeU, 0xd5d5d5d5U, 0x31313131U, 0xd9d9d9d9U,
+ 0x35353535U, 0x18181818U, 0x02020202U, 0x64646464U,
+ 0xf2f2f2f2U, 0xf1f1f1f1U, 0x56565656U, 0xcdcdcdcdU,
+ 0x82828282U, 0xc8c8c8c8U, 0xbabababaU, 0xf0f0f0f0U,
+ 0xefefefefU, 0xe9e9e9e9U, 0xe8e8e8e8U, 0xfdfdfdfdU,
+ 0x89898989U, 0xd7d7d7d7U, 0xc7c7c7c7U, 0xb5b5b5b5U,
+ 0xa4a4a4a4U, 0x2f2f2f2fU, 0x95959595U, 0x13131313U,
+ 0x0b0b0b0bU, 0xf3f3f3f3U, 0xe0e0e0e0U, 0x37373737U,
+};
+
+static const ulong32 T5[256] = {
+ 0x00000000U, 0x01020608U, 0x02040c10U, 0x03060a18U,
+ 0x04081820U, 0x050a1e28U, 0x060c1430U, 0x070e1238U,
+ 0x08103040U, 0x09123648U, 0x0a143c50U, 0x0b163a58U,
+ 0x0c182860U, 0x0d1a2e68U, 0x0e1c2470U, 0x0f1e2278U,
+ 0x10206080U, 0x11226688U, 0x12246c90U, 0x13266a98U,
+ 0x142878a0U, 0x152a7ea8U, 0x162c74b0U, 0x172e72b8U,
+ 0x183050c0U, 0x193256c8U, 0x1a345cd0U, 0x1b365ad8U,
+ 0x1c3848e0U, 0x1d3a4ee8U, 0x1e3c44f0U, 0x1f3e42f8U,
+ 0x2040c01dU, 0x2142c615U, 0x2244cc0dU, 0x2346ca05U,
+ 0x2448d83dU, 0x254ade35U, 0x264cd42dU, 0x274ed225U,
+ 0x2850f05dU, 0x2952f655U, 0x2a54fc4dU, 0x2b56fa45U,
+ 0x2c58e87dU, 0x2d5aee75U, 0x2e5ce46dU, 0x2f5ee265U,
+ 0x3060a09dU, 0x3162a695U, 0x3264ac8dU, 0x3366aa85U,
+ 0x3468b8bdU, 0x356abeb5U, 0x366cb4adU, 0x376eb2a5U,
+ 0x387090ddU, 0x397296d5U, 0x3a749ccdU, 0x3b769ac5U,
+ 0x3c7888fdU, 0x3d7a8ef5U, 0x3e7c84edU, 0x3f7e82e5U,
+ 0x40809d3aU, 0x41829b32U, 0x4284912aU, 0x43869722U,
+ 0x4488851aU, 0x458a8312U, 0x468c890aU, 0x478e8f02U,
+ 0x4890ad7aU, 0x4992ab72U, 0x4a94a16aU, 0x4b96a762U,
+ 0x4c98b55aU, 0x4d9ab352U, 0x4e9cb94aU, 0x4f9ebf42U,
+ 0x50a0fdbaU, 0x51a2fbb2U, 0x52a4f1aaU, 0x53a6f7a2U,
+ 0x54a8e59aU, 0x55aae392U, 0x56ace98aU, 0x57aeef82U,
+ 0x58b0cdfaU, 0x59b2cbf2U, 0x5ab4c1eaU, 0x5bb6c7e2U,
+ 0x5cb8d5daU, 0x5dbad3d2U, 0x5ebcd9caU, 0x5fbedfc2U,
+ 0x60c05d27U, 0x61c25b2fU, 0x62c45137U, 0x63c6573fU,
+ 0x64c84507U, 0x65ca430fU, 0x66cc4917U, 0x67ce4f1fU,
+ 0x68d06d67U, 0x69d26b6fU, 0x6ad46177U, 0x6bd6677fU,
+ 0x6cd87547U, 0x6dda734fU, 0x6edc7957U, 0x6fde7f5fU,
+ 0x70e03da7U, 0x71e23bafU, 0x72e431b7U, 0x73e637bfU,
+ 0x74e82587U, 0x75ea238fU, 0x76ec2997U, 0x77ee2f9fU,
+ 0x78f00de7U, 0x79f20befU, 0x7af401f7U, 0x7bf607ffU,
+ 0x7cf815c7U, 0x7dfa13cfU, 0x7efc19d7U, 0x7ffe1fdfU,
+ 0x801d2774U, 0x811f217cU, 0x82192b64U, 0x831b2d6cU,
+ 0x84153f54U, 0x8517395cU, 0x86113344U, 0x8713354cU,
+ 0x880d1734U, 0x890f113cU, 0x8a091b24U, 0x8b0b1d2cU,
+ 0x8c050f14U, 0x8d07091cU, 0x8e010304U, 0x8f03050cU,
+ 0x903d47f4U, 0x913f41fcU, 0x92394be4U, 0x933b4decU,
+ 0x94355fd4U, 0x953759dcU, 0x963153c4U, 0x973355ccU,
+ 0x982d77b4U, 0x992f71bcU, 0x9a297ba4U, 0x9b2b7dacU,
+ 0x9c256f94U, 0x9d27699cU, 0x9e216384U, 0x9f23658cU,
+ 0xa05de769U, 0xa15fe161U, 0xa259eb79U, 0xa35bed71U,
+ 0xa455ff49U, 0xa557f941U, 0xa651f359U, 0xa753f551U,
+ 0xa84dd729U, 0xa94fd121U, 0xaa49db39U, 0xab4bdd31U,
+ 0xac45cf09U, 0xad47c901U, 0xae41c319U, 0xaf43c511U,
+ 0xb07d87e9U, 0xb17f81e1U, 0xb2798bf9U, 0xb37b8df1U,
+ 0xb4759fc9U, 0xb57799c1U, 0xb67193d9U, 0xb77395d1U,
+ 0xb86db7a9U, 0xb96fb1a1U, 0xba69bbb9U, 0xbb6bbdb1U,
+ 0xbc65af89U, 0xbd67a981U, 0xbe61a399U, 0xbf63a591U,
+ 0xc09dba4eU, 0xc19fbc46U, 0xc299b65eU, 0xc39bb056U,
+ 0xc495a26eU, 0xc597a466U, 0xc691ae7eU, 0xc793a876U,
+ 0xc88d8a0eU, 0xc98f8c06U, 0xca89861eU, 0xcb8b8016U,
+ 0xcc85922eU, 0xcd879426U, 0xce819e3eU, 0xcf839836U,
+ 0xd0bddaceU, 0xd1bfdcc6U, 0xd2b9d6deU, 0xd3bbd0d6U,
+ 0xd4b5c2eeU, 0xd5b7c4e6U, 0xd6b1cefeU, 0xd7b3c8f6U,
+ 0xd8adea8eU, 0xd9afec86U, 0xdaa9e69eU, 0xdbabe096U,
+ 0xdca5f2aeU, 0xdda7f4a6U, 0xdea1febeU, 0xdfa3f8b6U,
+ 0xe0dd7a53U, 0xe1df7c5bU, 0xe2d97643U, 0xe3db704bU,
+ 0xe4d56273U, 0xe5d7647bU, 0xe6d16e63U, 0xe7d3686bU,
+ 0xe8cd4a13U, 0xe9cf4c1bU, 0xeac94603U, 0xebcb400bU,
+ 0xecc55233U, 0xedc7543bU, 0xeec15e23U, 0xefc3582bU,
+ 0xf0fd1ad3U, 0xf1ff1cdbU, 0xf2f916c3U, 0xf3fb10cbU,
+ 0xf4f502f3U, 0xf5f704fbU, 0xf6f10ee3U, 0xf7f308ebU,
+ 0xf8ed2a93U, 0xf9ef2c9bU, 0xfae92683U, 0xfbeb208bU,
+ 0xfce532b3U, 0xfde734bbU, 0xfee13ea3U, 0xffe338abU,
+};
+
+/**
+ * The round constants.
+ */
+static const ulong32 rc[] = {
+ 0xa7d3e671U, 0xd0ac4d79U, 0x3ac991fcU, 0x1e4754bdU,
+ 0x8ca57afbU, 0x63b8ddd4U, 0xe5b3c5beU, 0xa9880ca2U,
+ 0x39df29daU, 0x2ba8cb4cU, 0x4b22aa24U, 0x4170a6f9U,
+ 0x5ae2b036U, 0x7de433ffU, 0x6020088bU, 0x5eab7f78U,
+ 0x7c2c57d2U, 0xdc6d7e0dU, 0x5394c328U,
+};
+
+#endif
+
+ /**
+ Initialize the Anubis block cipher
+ @param key The symmetric key you wish to pass
+ @param keylen The key length in bytes
+ @param num_rounds The number of rounds desired (0 for default)
+ @param skey The key in as scheduled by this function.
+ @return CRYPT_OK if successful
+ */
+#ifdef LTC_CLEAN_STACK
+static int _anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+#else
+int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+#endif
+{
+ int N, R, i, pos, r;
+ ulong32 kappa[MAX_N];
+ ulong32 inter[MAX_N];
+ ulong32 v, K0, K1, K2, K3;
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(skey != NULL);
+
+ /* Valid sizes (in bytes) are 16, 20, 24, 28, 32, 36, and 40. */
+ if ((keylen & 3) || (keylen < 16) || (keylen > 40)) {
+ return CRYPT_INVALID_KEYSIZE;
+ }
+ skey->anubis.keyBits = keylen*8;
+
+ /*
+ * determine the N length parameter:
+ * (N.B. it is assumed that the key length is valid!)
+ */
+ N = skey->anubis.keyBits >> 5;
+
+ /*
+ * determine number of rounds from key size:
+ */
+ skey->anubis.R = R = 8 + N;
+
+ if (num_rounds != 0 && num_rounds != skey->anubis.R) {
+ return CRYPT_INVALID_ROUNDS;
+ }
+
+ /*
+ * map cipher key to initial key state (mu):
+ */
+ for (i = 0, pos = 0; i < N; i++, pos += 4) {
+ kappa[i] =
+ (key[pos ] << 24) ^
+ (key[pos + 1] << 16) ^
+ (key[pos + 2] << 8) ^
+ (key[pos + 3] );
+ }
+
+ /*
+ * generate R + 1 round keys:
+ */
+ for (r = 0; r <= R; r++) {
+ /*
+ * generate r-th round key K^r:
+ */
+ K0 = T4[(kappa[N - 1] >> 24) & 0xff];
+ K1 = T4[(kappa[N - 1] >> 16) & 0xff];
+ K2 = T4[(kappa[N - 1] >> 8) & 0xff];
+ K3 = T4[(kappa[N - 1] ) & 0xff];
+ for (i = N - 2; i >= 0; i--) {
+ K0 = T4[(kappa[i] >> 24) & 0xff] ^
+ (T5[(K0 >> 24) & 0xff] & 0xff000000U) ^
+ (T5[(K0 >> 16) & 0xff] & 0x00ff0000U) ^
+ (T5[(K0 >> 8) & 0xff] & 0x0000ff00U) ^
+ (T5[(K0 ) & 0xff] & 0x000000ffU);
+ K1 = T4[(kappa[i] >> 16) & 0xff] ^
+ (T5[(K1 >> 24) & 0xff] & 0xff000000U) ^
+ (T5[(K1 >> 16) & 0xff] & 0x00ff0000U) ^
+ (T5[(K1 >> 8) & 0xff] & 0x0000ff00U) ^
+ (T5[(K1 ) & 0xff] & 0x000000ffU);
+ K2 = T4[(kappa[i] >> 8) & 0xff] ^
+ (T5[(K2 >> 24) & 0xff] & 0xff000000U) ^
+ (T5[(K2 >> 16) & 0xff] & 0x00ff0000U) ^
+ (T5[(K2 >> 8) & 0xff] & 0x0000ff00U) ^
+ (T5[(K2 ) & 0xff] & 0x000000ffU);
+ K3 = T4[(kappa[i] ) & 0xff] ^
+ (T5[(K3 >> 24) & 0xff] & 0xff000000U) ^
+ (T5[(K3 >> 16) & 0xff] & 0x00ff0000U) ^
+ (T5[(K3 >> 8) & 0xff] & 0x0000ff00U) ^
+ (T5[(K3 ) & 0xff] & 0x000000ffU);
+ }
+ /*
+ -- this is the code to use with the large U tables:
+ K0 = K1 = K2 = K3 = 0;
+ for (i = 0; i < N; i++) {
+ K0 ^= U[i][(kappa[i] >> 24) & 0xff];
+ K1 ^= U[i][(kappa[i] >> 16) & 0xff];
+ K2 ^= U[i][(kappa[i] >> 8) & 0xff];
+ K3 ^= U[i][(kappa[i] ) & 0xff];
+ }
+ */
+ skey->anubis.roundKeyEnc[r][0] = K0;
+ skey->anubis.roundKeyEnc[r][1] = K1;
+ skey->anubis.roundKeyEnc[r][2] = K2;
+ skey->anubis.roundKeyEnc[r][3] = K3;
+
+ /*
+ * compute kappa^{r+1} from kappa^r:
+ */
+ if (r == R) {
+ break;
+ }
+ for (i = 0; i < N; i++) {
+ int j = i;
+ inter[i] = T0[(kappa[j--] >> 24) & 0xff]; if (j < 0) j = N - 1;
+ inter[i] ^= T1[(kappa[j--] >> 16) & 0xff]; if (j < 0) j = N - 1;
+ inter[i] ^= T2[(kappa[j--] >> 8) & 0xff]; if (j < 0) j = N - 1;
+ inter[i] ^= T3[(kappa[j ] ) & 0xff];
+ }
+ kappa[0] = inter[0] ^ rc[r];
+ for (i = 1; i < N; i++) {
+ kappa[i] = inter[i];
+ }
+ }
+
+ /*
+ * generate inverse key schedule: K'^0 = K^R, K'^R = K^0, K'^r = theta(K^{R-r}):
+ */
+ for (i = 0; i < 4; i++) {
+ skey->anubis.roundKeyDec[0][i] = skey->anubis.roundKeyEnc[R][i];
+ skey->anubis.roundKeyDec[R][i] = skey->anubis.roundKeyEnc[0][i];
+ }
+ for (r = 1; r < R; r++) {
+ for (i = 0; i < 4; i++) {
+ v = skey->anubis.roundKeyEnc[R - r][i];
+ skey->anubis.roundKeyDec[r][i] =
+ T0[T4[(v >> 24) & 0xff] & 0xff] ^
+ T1[T4[(v >> 16) & 0xff] & 0xff] ^
+ T2[T4[(v >> 8) & 0xff] & 0xff] ^
+ T3[T4[(v ) & 0xff] & 0xff];
+ }
+ }
+
+ return CRYPT_OK;
+}
+
+#ifdef LTC_CLEAN_STACK
+int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+{
+ int err;
+ err = _anubis_setup(key, keylen, num_rounds, skey);
+ burn_stack(sizeof(int) * 5 + sizeof(ulong32) * (MAX_N + MAX_N + 5));
+ return err;
+}
+#endif
+
+
+static void anubis_crypt(const unsigned char *plaintext, unsigned char *ciphertext,
+ ulong32 roundKey[18 + 1][4], int R) {
+ int i, pos, r;
+ ulong32 state[4];
+ ulong32 inter[4];
+
+ /*
+ * map plaintext block to cipher state (mu)
+ * and add initial round key (sigma[K^0]):
+ */
+ for (i = 0, pos = 0; i < 4; i++, pos += 4) {
+ state[i] =
+ (plaintext[pos ] << 24) ^
+ (plaintext[pos + 1] << 16) ^
+ (plaintext[pos + 2] << 8) ^
+ (plaintext[pos + 3] ) ^
+ roundKey[0][i];
+ }
+
+ /*
+ * R - 1 full rounds:
+ */
+ for (r = 1; r < R; r++) {
+ inter[0] =
+ T0[(state[0] >> 24) & 0xff] ^
+ T1[(state[1] >> 24) & 0xff] ^
+ T2[(state[2] >> 24) & 0xff] ^
+ T3[(state[3] >> 24) & 0xff] ^
+ roundKey[r][0];
+ inter[1] =
+ T0[(state[0] >> 16) & 0xff] ^
+ T1[(state[1] >> 16) & 0xff] ^
+ T2[(state[2] >> 16) & 0xff] ^
+ T3[(state[3] >> 16) & 0xff] ^
+ roundKey[r][1];
+ inter[2] =
+ T0[(state[0] >> 8) & 0xff] ^
+ T1[(state[1] >> 8) & 0xff] ^
+ T2[(state[2] >> 8) & 0xff] ^
+ T3[(state[3] >> 8) & 0xff] ^
+ roundKey[r][2];
+ inter[3] =
+ T0[(state[0] ) & 0xff] ^
+ T1[(state[1] ) & 0xff] ^
+ T2[(state[2] ) & 0xff] ^
+ T3[(state[3] ) & 0xff] ^
+ roundKey[r][3];
+ state[0] = inter[0];
+ state[1] = inter[1];
+ state[2] = inter[2];
+ state[3] = inter[3];
+ }
+
+ /*
+ * last round:
+ */
+ inter[0] =
+ (T0[(state[0] >> 24) & 0xff] & 0xff000000U) ^
+ (T1[(state[1] >> 24) & 0xff] & 0x00ff0000U) ^
+ (T2[(state[2] >> 24) & 0xff] & 0x0000ff00U) ^
+ (T3[(state[3] >> 24) & 0xff] & 0x000000ffU) ^
+ roundKey[R][0];
+ inter[1] =
+ (T0[(state[0] >> 16) & 0xff] & 0xff000000U) ^
+ (T1[(state[1] >> 16) & 0xff] & 0x00ff0000U) ^
+ (T2[(state[2] >> 16) & 0xff] & 0x0000ff00U) ^
+ (T3[(state[3] >> 16) & 0xff] & 0x000000ffU) ^
+ roundKey[R][1];
+ inter[2] =
+ (T0[(state[0] >> 8) & 0xff] & 0xff000000U) ^
+ (T1[(state[1] >> 8) & 0xff] & 0x00ff0000U) ^
+ (T2[(state[2] >> 8) & 0xff] & 0x0000ff00U) ^
+ (T3[(state[3] >> 8) & 0xff] & 0x000000ffU) ^
+ roundKey[R][2];
+ inter[3] =
+ (T0[(state[0] ) & 0xff] & 0xff000000U) ^
+ (T1[(state[1] ) & 0xff] & 0x00ff0000U) ^
+ (T2[(state[2] ) & 0xff] & 0x0000ff00U) ^
+ (T3[(state[3] ) & 0xff] & 0x000000ffU) ^
+ roundKey[R][3];
+
+ /*
+ * map cipher state to ciphertext block (mu^{-1}):
+ */
+ for (i = 0, pos = 0; i < 4; i++, pos += 4) {
+ ulong32 w = inter[i];
+ ciphertext[pos ] = (unsigned char)(w >> 24);
+ ciphertext[pos + 1] = (unsigned char)(w >> 16);
+ ciphertext[pos + 2] = (unsigned char)(w >> 8);
+ ciphertext[pos + 3] = (unsigned char)(w );
+ }
+}
+
+/**
+ Encrypts a block of text with Anubis
+ @param pt The input plaintext (16 bytes)
+ @param ct The output ciphertext (16 bytes)
+ @param skey The key as scheduled
+ @return CRYPT_OK if successful
+*/
+int anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+{
+ LTC_ARGCHK(pt != NULL);
+ LTC_ARGCHK(ct != NULL);
+ LTC_ARGCHK(skey != NULL);
+ anubis_crypt(pt, ct, skey->anubis.roundKeyEnc, skey->anubis.R);
+ return CRYPT_OK;
+}
+
+/**
+ Decrypts a block of text with Anubis
+ @param ct The input ciphertext (16 bytes)
+ @param pt The output plaintext (16 bytes)
+ @param skey The key as scheduled
+ @return CRYPT_OK if successful
+*/
+int anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+{
+ LTC_ARGCHK(pt != NULL);
+ LTC_ARGCHK(ct != NULL);
+ LTC_ARGCHK(skey != NULL);
+ anubis_crypt(ct, pt, skey->anubis.roundKeyDec, skey->anubis.R);
+ return CRYPT_OK;
+}
+
+/**
+ Performs a self-test of the Anubis block cipher
+ @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
+int anubis_test(void)
+{
+#if !defined(LTC_TEST)
+ return CRYPT_NOP;
+#else
+ static const struct test {
+ int keylen;
+ unsigned char pt[16], ct[16], key[40];
+ } tests[] = {
+#ifndef ANUBIS_TWEAK
+ /**** ORIGINAL ANUBIS ****/
+ /* 128 bit keys */
+{
+ 16,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xF0, 0x68, 0x60, 0xFC, 0x67, 0x30, 0xE8, 0x18,
+ 0xF1, 0x32, 0xC7, 0x8A, 0xF4, 0x13, 0x2A, 0xFE },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 16,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xA8, 0x66, 0x84, 0x80, 0x07, 0x74, 0x5C, 0x89,
+ 0xFC, 0x5E, 0xB5, 0xBA, 0xD4, 0xFE, 0x32, 0x6D },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 160-bit keys */
+{
+ 20,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xBD, 0x5E, 0x32, 0xBE, 0x51, 0x67, 0xA8, 0xE2,
+ 0x72, 0xD7, 0x95, 0x0F, 0x83, 0xC6, 0x8C, 0x31 },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 20,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x4C, 0x1F, 0x86, 0x2E, 0x11, 0xEB, 0xCE, 0xEB,
+ 0xFE, 0xB9, 0x73, 0xC9, 0xDF, 0xEF, 0x7A, 0xDB },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 192-bit keys */
+{
+ 24,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x17, 0xAC, 0x57, 0x44, 0x9D, 0x59, 0x61, 0x66,
+ 0xD0, 0xC7, 0x9E, 0x04, 0x7C, 0xC7, 0x58, 0xF0 },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 24,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x71, 0x52, 0xB4, 0xEB, 0x1D, 0xAA, 0x36, 0xFD,
+ 0x57, 0x14, 0x5F, 0x57, 0x04, 0x9F, 0x70, 0x74 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 224-bit keys */
+{
+ 28,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xA2, 0xF0, 0xA6, 0xB9, 0x17, 0x93, 0x2A, 0x3B,
+ 0xEF, 0x08, 0xE8, 0x7A, 0x58, 0xD6, 0xF8, 0x53 },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 28,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xF0, 0xCA, 0xFC, 0x78, 0x8B, 0x4B, 0x4E, 0x53,
+ 0x8B, 0xC4, 0x32, 0x6A, 0xF5, 0xB9, 0x1B, 0x5F },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 256-bit keys */
+{
+ 32,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xE0, 0x86, 0xAC, 0x45, 0x6B, 0x3C, 0xE5, 0x13,
+ 0xED, 0xF5, 0xDF, 0xDD, 0xD6, 0x3B, 0x71, 0x93 },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 32,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x50, 0x01, 0xB9, 0xF5, 0x21, 0xC1, 0xC1, 0x29,
+ 0x00, 0xD5, 0xEC, 0x98, 0x2B, 0x9E, 0xE8, 0x21 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 288-bit keys */
+{
+ 36,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xE8, 0xF4, 0xAF, 0x2B, 0x21, 0xA0, 0x87, 0x9B,
+ 0x41, 0x95, 0xB9, 0x71, 0x75, 0x79, 0x04, 0x7C },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 36,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xE6, 0xA6, 0xA5, 0xBC, 0x8B, 0x63, 0x6F, 0xE2,
+ 0xBD, 0xA7, 0xA7, 0x53, 0xAB, 0x40, 0x22, 0xE0 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 320-bit keys */
+{
+ 40,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x17, 0x04, 0xD7, 0x2C, 0xC6, 0x85, 0x76, 0x02,
+ 0x4B, 0xCC, 0x39, 0x80, 0xD8, 0x22, 0xEA, 0xA4 },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 40,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x7A, 0x41, 0xE6, 0x7D, 0x4F, 0xD8, 0x64, 0xF0,
+ 0x44, 0xA8, 0x3C, 0x73, 0x81, 0x7E, 0x53, 0xD8 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+}
+#else
+ /**** Tweaked ANUBIS ****/
+ /* 128 bit keys */
+{
+ 16,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xB8, 0x35, 0xBD, 0xC3, 0x34, 0x82, 0x9D, 0x83,
+ 0x71, 0xBF, 0xA3, 0x71, 0xE4, 0xB3, 0xC4, 0xFD },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 16,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xE6, 0x14, 0x1E, 0xAF, 0xEB, 0xE0, 0x59, 0x3C,
+ 0x48, 0xE1, 0xCD, 0xF2, 0x1B, 0xBA, 0xA1, 0x89 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 160-bit keys */
+{
+ 20,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x97, 0x59, 0x79, 0x4B, 0x5C, 0xA0, 0x70, 0x73,
+ 0x24, 0xEF, 0xB3, 0x58, 0x67, 0xCA, 0xD4, 0xB3 },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 20,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xB8, 0x0D, 0xFB, 0x9B, 0xE4, 0xA1, 0x58, 0x87,
+ 0xB3, 0x76, 0xD5, 0x02, 0x18, 0x95, 0xC1, 0x2E },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 192-bit keys */
+{
+ 24,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x7D, 0x62, 0x3B, 0x52, 0xC7, 0x4C, 0x64, 0xD8,
+ 0xEB, 0xC7, 0x2D, 0x57, 0x97, 0x85, 0x43, 0x8F },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 24,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xB1, 0x0A, 0x59, 0xDD, 0x5D, 0x5D, 0x8D, 0x67,
+ 0xEC, 0xEE, 0x4A, 0xC4, 0xBE, 0x4F, 0xA8, 0x4F },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 224-bit keys */
+{
+ 28,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x68, 0x9E, 0x05, 0x94, 0x6A, 0x94, 0x43, 0x8F,
+ 0xE7, 0x8E, 0x37, 0x3D, 0x24, 0x97, 0x92, 0xF5 },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 28,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xDD, 0xB7, 0xB0, 0xB4, 0xE9, 0xB4, 0x9B, 0x9C,
+ 0x38, 0x20, 0x25, 0x0B, 0x47, 0xC2, 0x1F, 0x89 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 256-bit keys */
+{
+ 32,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x96, 0x00, 0xF0, 0x76, 0x91, 0x69, 0x29, 0x87,
+ 0xF5, 0xE5, 0x97, 0xDB, 0xDB, 0xAF, 0x1B, 0x0A },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 32,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x69, 0x9C, 0xAF, 0xDD, 0x94, 0xC7, 0xBC, 0x60,
+ 0x44, 0xFE, 0x02, 0x05, 0x8A, 0x6E, 0xEF, 0xBD },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 288-bit keys */
+{
+ 36,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x0F, 0xC7, 0xA2, 0xC0, 0x11, 0x17, 0xAC, 0x43,
+ 0x52, 0x5E, 0xDF, 0x6C, 0xF3, 0x96, 0x33, 0x6C },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 36,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xAD, 0x08, 0x4F, 0xED, 0x55, 0xA6, 0x94, 0x3E,
+ 0x7E, 0x5E, 0xED, 0x05, 0xA1, 0x9D, 0x41, 0xB4 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x01 }
+},
+
+ /* 320-bit keys */
+{
+ 40,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xFE, 0xE2, 0x0E, 0x2A, 0x9D, 0xC5, 0x83, 0xBA,
+ 0xA3, 0xA6, 0xD6, 0xA6, 0xF2, 0xE8, 0x06, 0xA5 },
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
+}, {
+ 40,
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x86, 0x3D, 0xCC, 0x4A, 0x60, 0x34, 0x9C, 0x28,
+ 0xA7, 0xDA, 0xA4, 0x3B, 0x0A, 0xD7, 0xFD, 0xC7 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
+}
+#endif
+};
+ int x, y;
+ unsigned char buf[2][16];
+ symmetric_key skey;
+
+ for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+ anubis_setup(tests[x].key, tests[x].keylen, 0, &skey);
+ anubis_ecb_encrypt(tests[x].pt, buf[0], &skey);
+ anubis_ecb_decrypt(buf[0], buf[1], &skey);
+ if (XMEMCMP(buf[0], tests[x].ct, 16) || XMEMCMP(buf[1], tests[x].pt, 16)) {
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+
+ for (y = 0; y < 1000; y++) anubis_ecb_encrypt(buf[0], buf[0], &skey);
+ for (y = 0; y < 1000; y++) anubis_ecb_decrypt(buf[0], buf[0], &skey);
+ if (XMEMCMP(buf[0], tests[x].ct, 16)) {
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+
+ }
+ return CRYPT_OK;
+#endif
+}
+
+/** Terminate the context
+ @param skey The scheduled key
+*/
+void anubis_done(symmetric_key *skey)
+{
+}
+
+/**
+ Gets suitable key size
+ @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
+ @return CRYPT_OK if the input key size is acceptable.
+*/
+int anubis_keysize(int *keysize)
+{
+ LTC_ARGCHK(keysize != NULL);
+ if (*keysize >= 40) {
+ *keysize = 40;
+ } else if (*keysize >= 36) {
+ *keysize = 36;
+ } else if (*keysize >= 32) {
+ *keysize = 32;
+ } else if (*keysize >= 28) {
+ *keysize = 28;
+ } else if (*keysize >= 24) {
+ *keysize = 24;
+ } else if (*keysize >= 20) {
+ *keysize = 20;
+ } else if (*keysize >= 16) {
+ *keysize = 16;
+ } else {
+ return CRYPT_INVALID_KEYSIZE;
+ }
+ return CRYPT_OK;
+}
+
+#endif
+
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/anubis.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.15 $ */
+/* $Date: 2006/11/15 12:41:28 $ */
diff --git a/src/ciphers/blowfish.c b/src/ciphers/blowfish.c
index 3502983..ae8945f 100644
--- a/src/ciphers/blowfish.c
+++ b/src/ciphers/blowfish.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@file blowfish.c
@@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor blowfish_desc =
&blowfish_test,
&blowfish_done,
&blowfish_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 ORIG_P[16 + 2] = {
@@ -385,11 +385,12 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+static int _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
-void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 L, R;
@@ -428,13 +429,16 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
/* store */
STORE32H(R, &ct[0]);
STORE32H(L, &ct[4]);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
- _blowfish_ecb_encrypt(pt, ct, skey);
+ int err = _blowfish_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
+ return err;
}
#endif
@@ -443,11 +447,12 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+static int _blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
-void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 L, R;
@@ -486,13 +491,15 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
/* store */
STORE32H(L, &pt[0]);
STORE32H(R, &pt[4]);
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
- _blowfish_ecb_decrypt(ct, pt, skey);
+ int err = _blowfish_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
+ return err;
}
#endif
@@ -541,7 +548,7 @@ int blowfish_test(void)
blowfish_ecb_decrypt(tmp[0], tmp[1], &key);
/* compare */
- if ((memcmp(tmp[0], tests[x].ct, 8) != 0) || (memcmp(tmp[1], tests[x].pt, 8) != 0)) {
+ if ((XMEMCMP(tmp[0], tests[x].ct, 8) != 0) || (XMEMCMP(tmp[1], tests[x].pt, 8) != 0)) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -583,5 +590,5 @@ int blowfish_keysize(int *keysize)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/blowfish.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/cast5.c b/src/ciphers/cast5.c
index f4b045c..eba39da 100644
--- a/src/ciphers/cast5.c
+++ b/src/ciphers/cast5.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor cast5_desc = {
&cast5_test,
&cast5_done,
&cast5_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 S1[256] = {
@@ -536,9 +536,9 @@ INLINE static ulong32 FIII(ulong32 R, ulong32 Km, ulong32 Kr)
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
-static void _cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+static int _cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
-void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 R, L;
@@ -569,14 +569,16 @@ void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key
}
STORE32H(R,&ct[0]);
STORE32H(L,&ct[4]);
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
- _cast5_ecb_encrypt(pt,ct,skey);
+ int err =_cast5_ecb_encrypt(pt,ct,skey);
burn_stack(sizeof(ulong32)*3);
+ return err;
}
#endif
@@ -587,9 +589,9 @@ void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
-static void _cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+static int _cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
-void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 R, L;
@@ -620,13 +622,16 @@ void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key
L ^= FI(R, skey->cast5.K[0], skey->cast5.K[16]);
STORE32H(L,&pt[0]);
STORE32H(R,&pt[4]);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
- _cast5_ecb_decrypt(ct,pt,skey);
+ int err = _cast5_ecb_decrypt(ct,pt,skey);
burn_stack(sizeof(ulong32)*3);
+ return err;
}
#endif
@@ -671,7 +676,7 @@ int cast5_test(void)
}
cast5_ecb_encrypt(tests[i].pt, tmp[0], &key);
cast5_ecb_decrypt(tmp[0], tmp[1], &key);
- if ((memcmp(tmp[0], tests[i].ct, 8) != 0) || (memcmp(tmp[1], tests[i].pt, 8) != 0)) {
+ if ((XMEMCMP(tmp[0], tests[i].ct, 8) != 0) || (XMEMCMP(tmp[1], tests[i].pt, 8) != 0)) {
return CRYPT_FAIL_TESTVECTOR;
}
/* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
@@ -711,5 +716,5 @@ int cast5_keysize(int *keysize)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/cast5.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/des.c b/src/ciphers/des.c
index 84258d0..e505b14 100644
--- a/src/ciphers/des.c
+++ b/src/ciphers/des.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -32,7 +32,7 @@ const struct ltc_cipher_descriptor des_desc =
&des_test,
&des_done,
&des_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#endif
@@ -47,7 +47,7 @@ const struct ltc_cipher_descriptor des3_desc =
&des3_test,
&des3_done,
&des3_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 bytebit[8] =
@@ -1587,8 +1587,9 @@ int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
-void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
ulong32 work[2];
LTC_ARGCHK(pt != NULL);
@@ -1599,6 +1600,7 @@ void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
desfunc(work, skey->des.ek);
STORE32H(work[0],ct+0);
STORE32H(work[1],ct+4);
+ return CRYPT_OK;
}
/**
@@ -1606,8 +1608,9 @@ void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
-void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
ulong32 work[2];
LTC_ARGCHK(pt != NULL);
@@ -1617,7 +1620,8 @@ void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
LOAD32H(work[1], ct+4);
desfunc(work, skey->des.dk);
STORE32H(work[0],pt+0);
- STORE32H(work[1],pt+4);
+ STORE32H(work[1],pt+4);
+ return CRYPT_OK;
}
#endif
@@ -1626,8 +1630,9 @@ void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
-void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
ulong32 work[2];
@@ -1641,6 +1646,7 @@ void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key
desfunc(work, skey->des3.ek[2]);
STORE32H(work[0],ct+0);
STORE32H(work[1],ct+4);
+ return CRYPT_OK;
}
/**
@@ -1648,8 +1654,9 @@ void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
-void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
ulong32 work[2];
LTC_ARGCHK(pt != NULL);
@@ -1662,6 +1669,7 @@ void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key
desfunc(work, skey->des3.dk[2]);
STORE32H(work[0],pt+0);
STORE32H(work[1],pt+4);
+ return CRYPT_OK;
}
#if 0
@@ -1797,7 +1805,7 @@ int des_test(void)
des_ecb_decrypt(cases[i].txt, tmp, &des);
}
- if (memcmp(cases[i].out, tmp, sizeof(tmp)) != 0) {
+ if (XMEMCMP(cases[i].out, tmp, sizeof(tmp)) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -1841,7 +1849,7 @@ int des3_test(void)
des3_ecb_encrypt(pt, ct, &skey);
des3_ecb_decrypt(ct, tmp, &skey);
- if (memcmp(pt, tmp, 8) != 0) {
+ if (XMEMCMP(pt, tmp, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -1902,5 +1910,5 @@ int des3_keysize(int *keysize)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/des.c,v $ */
-/* $Revision: 1.8 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.13 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/kasumi.c b/src/ciphers/kasumi.c
new file mode 100644
index 0000000..4a075b1
--- /dev/null
+++ b/src/ciphers/kasumi.c
@@ -0,0 +1,318 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/**
+ @file kasumi.c
+ Implementation of the 3GPP Kasumi block cipher
+ Derived from the 3GPP standard source code
+*/
+
+#include "tomcrypt.h"
+
+#ifdef LTC_KASUMI
+
+typedef unsigned u16;
+
+#define ROL16(x, y) ((((x)<<(y)) | ((x)>>(16-(y)))) & 0xFFFF)
+
+const struct ltc_cipher_descriptor kasumi_desc = {
+ "kasumi",
+ 21,
+ 16, 16, 8, 8,
+ &kasumi_setup,
+ &kasumi_ecb_encrypt,
+ &kasumi_ecb_decrypt,
+ &kasumi_test,
+ &kasumi_done,
+ &kasumi_keysize,
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+static u16 FI( u16 in, u16 subkey )
+{
+ u16 nine, seven;
+ static const u16 S7[128] = {
+ 54, 50, 62, 56, 22, 34, 94, 96, 38, 6, 63, 93, 2, 18,123, 33,
+ 55,113, 39,114, 21, 67, 65, 12, 47, 73, 46, 27, 25,111,124, 81,
+ 53, 9,121, 79, 52, 60, 58, 48,101,127, 40,120,104, 70, 71, 43,
+ 20,122, 72, 61, 23,109, 13,100, 77, 1, 16, 7, 82, 10,105, 98,
+ 117,116, 76, 11, 89,106, 0,125,118, 99, 86, 69, 30, 57,126, 87,
+ 112, 51, 17, 5, 95, 14, 90, 84, 91, 8, 35,103, 32, 97, 28, 66,
+ 102, 31, 26, 45, 75, 4, 85, 92, 37, 74, 80, 49, 68, 29,115, 44,
+ 64,107,108, 24,110, 83, 36, 78, 42, 19, 15, 41, 88,119, 59, 3 };
+ static const u16 S9[512] = {
+ 167,239,161,379,391,334, 9,338, 38,226, 48,358,452,385, 90,397,
+ 183,253,147,331,415,340, 51,362,306,500,262, 82,216,159,356,177,
+ 175,241,489, 37,206, 17, 0,333, 44,254,378, 58,143,220, 81,400,
+ 95, 3,315,245, 54,235,218,405,472,264,172,494,371,290,399, 76,
+ 165,197,395,121,257,480,423,212,240, 28,462,176,406,507,288,223,
+ 501,407,249,265, 89,186,221,428,164, 74,440,196,458,421,350,163,
+ 232,158,134,354, 13,250,491,142,191, 69,193,425,152,227,366,135,
+ 344,300,276,242,437,320,113,278, 11,243, 87,317, 36, 93,496, 27,
+ 487,446,482, 41, 68,156,457,131,326,403,339, 20, 39,115,442,124,
+ 475,384,508, 53,112,170,479,151,126,169, 73,268,279,321,168,364,
+ 363,292, 46,499,393,327,324, 24,456,267,157,460,488,426,309,229,
+ 439,506,208,271,349,401,434,236, 16,209,359, 52, 56,120,199,277,
+ 465,416,252,287,246, 6, 83,305,420,345,153,502, 65, 61,244,282,
+ 173,222,418, 67,386,368,261,101,476,291,195,430, 49, 79,166,330,
+ 280,383,373,128,382,408,155,495,367,388,274,107,459,417, 62,454,
+ 132,225,203,316,234, 14,301, 91,503,286,424,211,347,307,140,374,
+ 35,103,125,427, 19,214,453,146,498,314,444,230,256,329,198,285,
+ 50,116, 78,410, 10,205,510,171,231, 45,139,467, 29, 86,505, 32,
+ 72, 26,342,150,313,490,431,238,411,325,149,473, 40,119,174,355,
+ 185,233,389, 71,448,273,372, 55,110,178,322, 12,469,392,369,190,
+ 1,109,375,137,181, 88, 75,308,260,484, 98,272,370,275,412,111,
+ 336,318, 4,504,492,259,304, 77,337,435, 21,357,303,332,483, 18,
+ 47, 85, 25,497,474,289,100,269,296,478,270,106, 31,104,433, 84,
+ 414,486,394, 96, 99,154,511,148,413,361,409,255,162,215,302,201,
+ 266,351,343,144,441,365,108,298,251, 34,182,509,138,210,335,133,
+ 311,352,328,141,396,346,123,319,450,281,429,228,443,481, 92,404,
+ 485,422,248,297, 23,213,130,466, 22,217,283, 70,294,360,419,127,
+ 312,377, 7,468,194, 2,117,295,463,258,224,447,247,187, 80,398,
+ 284,353,105,390,299,471,470,184, 57,200,348, 63,204,188, 33,451,
+ 97, 30,310,219, 94,160,129,493, 64,179,263,102,189,207,114,402,
+ 438,477,387,122,192, 42,381, 5,145,118,180,449,293,323,136,380,
+ 43, 66, 60,455,341,445,202,432, 8,237, 15,376,436,464, 59,461};
+
+ /* The sixteen bit input is split into two unequal halves, *
+ * nine bits and seven bits - as is the subkey */
+
+ nine = (u16)(in>>7)&0x1FF;
+ seven = (u16)(in&0x7F);
+
+ /* Now run the various operations */
+ nine = (u16)(S9[nine] ^ seven);
+ seven = (u16)(S7[seven] ^ (nine & 0x7F));
+ seven ^= (subkey>>9);
+ nine ^= (subkey&0x1FF);
+ nine = (u16)(S9[nine] ^ seven);
+ seven = (u16)(S7[seven] ^ (nine & 0x7F));
+ return (u16)(seven<<9) + nine;
+}
+
+static ulong32 FO( ulong32 in, int round_no, symmetric_key *key)
+{
+ u16 left, right;
+
+ /* Split the input into two 16-bit words */
+ left = (u16)(in>>16);
+ right = (u16) in&0xFFFF;
+
+ /* Now apply the same basic transformation three times */
+ left ^= key->kasumi.KOi1[round_no];
+ left = FI( left, key->kasumi.KIi1[round_no] );
+ left ^= right;
+
+ right ^= key->kasumi.KOi2[round_no];
+ right = FI( right, key->kasumi.KIi2[round_no] );
+ right ^= left;
+
+ left ^= key->kasumi.KOi3[round_no];
+ left = FI( left, key->kasumi.KIi3[round_no] );
+ left ^= right;
+
+ return (((ulong32)right)<<16)+left;
+}
+
+static ulong32 FL( ulong32 in, int round_no, symmetric_key *key )
+{
+ u16 l, r, a, b;
+ /* split out the left and right halves */
+ l = (u16)(in>>16);
+ r = (u16)(in)&0xFFFF;
+ /* do the FL() operations */
+ a = (u16) (l & key->kasumi.KLi1[round_no]);
+ r ^= ROL16(a,1);
+ b = (u16)(r | key->kasumi.KLi2[round_no]);
+ l ^= ROL16(b,1);
+ /* put the two halves back together */
+
+ return (((ulong32)l)<<16) + r;
+}
+
+int kasumi_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+{
+ ulong32 left, right, temp;
+ int n;
+
+ LTC_ARGCHK(pt != NULL);
+ LTC_ARGCHK(ct != NULL);
+ LTC_ARGCHK(skey != NULL);
+
+ LOAD32H(left, pt);
+ LOAD32H(right, pt+4);
+
+ for (n = 0; n <= 7; ) {
+ temp = FL(left, n, skey);
+ temp = FO(temp, n++, skey);
+ right ^= temp;
+ temp = FO(right, n, skey);
+ temp = FL(temp, n++, skey);
+ left ^= temp;
+ }
+
+ STORE32H(left, ct);
+ STORE32H(right, ct+4);
+
+ return CRYPT_OK;
+}
+
+int kasumi_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+{
+ ulong32 left, right, temp;
+ int n;
+
+ LTC_ARGCHK(pt != NULL);
+ LTC_ARGCHK(ct != NULL);
+ LTC_ARGCHK(skey != NULL);
+
+ LOAD32H(left, ct);
+ LOAD32H(right, ct+4);
+
+ for (n = 7; n >= 0; ) {
+ temp = FO(right, n, skey);
+ temp = FL(temp, n--, skey);
+ left ^= temp;
+ temp = FL(left, n, skey);
+ temp = FO(temp, n--, skey);
+ right ^= temp;
+ }
+
+ STORE32H(left, pt);
+ STORE32H(right, pt+4);
+
+ return CRYPT_OK;
+}
+
+int kasumi_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+{
+ static const u16 C[8] = { 0x0123,0x4567,0x89AB,0xCDEF, 0xFEDC,0xBA98,0x7654,0x3210 };
+ u16 ukey[8], Kprime[8];
+ int n;
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(skey != NULL);
+
+ if (keylen != 16) {
+ return CRYPT_INVALID_KEYSIZE;
+ }
+
+ if (num_rounds != 0 && num_rounds != 8) {
+ return CRYPT_INVALID_ROUNDS;
+ }
+
+ /* Start by ensuring the subkeys are endian correct on a 16-bit basis */
+ for (n = 0; n < 8; n++ ) {
+ ukey[n] = (((u16)key[2*n]) << 8) | key[2*n+1];
+ }
+
+ /* Now build the K'[] keys */
+ for (n = 0; n < 8; n++) {
+ Kprime[n] = ukey[n] ^ C[n];
+ }
+
+ /* Finally construct the various sub keys */
+ for(n = 0; n < 8; n++) {
+ skey->kasumi.KLi1[n] = ROL16(ukey[n],1);
+ skey->kasumi.KLi2[n] = Kprime[(n+2)&0x7];
+ skey->kasumi.KOi1[n] = ROL16(ukey[(n+1)&0x7],5);
+ skey->kasumi.KOi2[n] = ROL16(ukey[(n+5)&0x7],8);
+ skey->kasumi.KOi3[n] = ROL16(ukey[(n+6)&0x7],13);
+ skey->kasumi.KIi1[n] = Kprime[(n+4)&0x7];
+ skey->kasumi.KIi2[n] = Kprime[(n+3)&0x7];
+ skey->kasumi.KIi3[n] = Kprime[(n+7)&0x7];
+ }
+
+ return CRYPT_OK;
+}
+
+void kasumi_done(symmetric_key *skey)
+{
+}
+
+int kasumi_keysize(int *keysize)
+{
+ LTC_ARGCHK(keysize != NULL);
+ if (*keysize >= 16) {
+ *keysize = 16;
+ return CRYPT_OK;
+ } else {
+ return CRYPT_INVALID_KEYSIZE;
+ }
+}
+
+int kasumi_test(void)
+{
+#ifndef LTC_TEST
+ return CRYPT_NOP;
+#else
+ static const struct {
+ unsigned char key[16], pt[8], ct[8];
+ } tests[] = {
+
+{
+ { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x4B, 0x58, 0xA7, 0x71, 0xAF, 0xC7, 0xE5, 0xE8 }
+},
+
+{
+ { 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x7E, 0xEF, 0x11, 0x3C, 0x95, 0xBB, 0x5A, 0x77 }
+},
+
+{
+ { 0x00, 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x5F, 0x14, 0x06, 0x86, 0xD7, 0xAD, 0x5A, 0x39 },
+},
+
+{
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0x2E, 0x14, 0x91, 0xCF, 0x70, 0xAA, 0x46, 0x5D }
+},
+
+{
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00 },
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ { 0xB5, 0x45, 0x86, 0xF4, 0xAB, 0x9A, 0xE5, 0x46 }
+},
+
+};
+ unsigned char buf[2][8];
+ symmetric_key key;
+ int err, x;
+
+ for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+ if ((err = kasumi_setup(tests[x].key, 16, 0, &key)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = kasumi_ecb_encrypt(tests[x].pt, buf[0], &key)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = kasumi_ecb_decrypt(tests[x].ct, buf[1], &key)) != CRYPT_OK) {
+ return err;
+ }
+ if (XMEMCMP(tests[x].pt, buf[1], 8) || XMEMCMP(tests[x].ct, buf[0], 8)) {
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+ }
+ return CRYPT_OK;
+#endif
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/kasumi.c,v $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/09 03:05:44 $ */
diff --git a/src/ciphers/khazad.c b/src/ciphers/khazad.c
index d07134c..8490950 100644
--- a/src/ciphers/khazad.c
+++ b/src/ciphers/khazad.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor khazad_desc = {
&khazad_test,
&khazad_done,
&khazad_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
#define R 8
@@ -741,13 +741,15 @@ static void khazad_crypt(const unsigned char *plaintext, unsigned char *cipherte
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
-void khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
khazad_crypt(pt, ct, skey->khazad.roundKeyEnc);
+ return CRYPT_OK;
}
/**
@@ -755,13 +757,15 @@ void khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ke
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
-void khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
LTC_ARGCHK(pt != NULL);
LTC_ARGCHK(ct != NULL);
LTC_ARGCHK(skey != NULL);
khazad_crypt(ct, pt, skey->khazad.roundKeyDec);
+ return CRYPT_OK;
}
/**
@@ -806,13 +810,13 @@ int khazad_test(void)
khazad_setup(tests[x].key, 16, 0, &skey);
khazad_ecb_encrypt(tests[x].pt, buf[0], &skey);
khazad_ecb_decrypt(buf[0], buf[1], &skey);
- if (memcmp(buf[0], tests[x].ct, 8) || memcmp(buf[1], tests[x].pt, 8)) {
+ if (XMEMCMP(buf[0], tests[x].ct, 8) || XMEMCMP(buf[1], tests[x].pt, 8)) {
return CRYPT_FAIL_TESTVECTOR;
}
for (y = 0; y < 1000; y++) khazad_ecb_encrypt(buf[0], buf[0], &skey);
for (y = 0; y < 1000; y++) khazad_ecb_decrypt(buf[0], buf[0], &skey);
- if (memcmp(buf[0], tests[x].ct, 8)) {
+ if (XMEMCMP(buf[0], tests[x].ct, 8)) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -847,5 +851,5 @@ int khazad_keysize(int *keysize)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/khazad.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/kseed.c b/src/ciphers/kseed.c
new file mode 100644
index 0000000..4281ac5
--- /dev/null
+++ b/src/ciphers/kseed.c
@@ -0,0 +1,376 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/**
+ @file kseed.c
+ seed implementation of SEED derived from RFC4269
+ Tom St Denis
+*/
+
+#include "tomcrypt.h"
+
+#ifdef KSEED
+
+const struct ltc_cipher_descriptor kseed_desc = {
+ "seed",
+ 20,
+ 16, 16, 16, 16,
+ &kseed_setup,
+ &kseed_ecb_encrypt,
+ &kseed_ecb_decrypt,
+ &kseed_test,
+ &kseed_done,
+ &kseed_keysize,
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
+};
+
+static const ulong32 SS0[256] = {
+0x2989A1A8UL,0x05858184UL,0x16C6D2D4UL,0x13C3D3D0UL,0x14445054UL,0x1D0D111CUL,0x2C8CA0ACUL,0x25052124UL,
+0x1D4D515CUL,0x03434340UL,0x18081018UL,0x1E0E121CUL,0x11415150UL,0x3CCCF0FCUL,0x0ACAC2C8UL,0x23436360UL,
+0x28082028UL,0x04444044UL,0x20002020UL,0x1D8D919CUL,0x20C0E0E0UL,0x22C2E2E0UL,0x08C8C0C8UL,0x17071314UL,
+0x2585A1A4UL,0x0F8F838CUL,0x03030300UL,0x3B4B7378UL,0x3B8BB3B8UL,0x13031310UL,0x12C2D2D0UL,0x2ECEE2ECUL,
+0x30407070UL,0x0C8C808CUL,0x3F0F333CUL,0x2888A0A8UL,0x32023230UL,0x1DCDD1DCUL,0x36C6F2F4UL,0x34447074UL,
+0x2CCCE0ECUL,0x15859194UL,0x0B0B0308UL,0x17475354UL,0x1C4C505CUL,0x1B4B5358UL,0x3D8DB1BCUL,0x01010100UL,
+0x24042024UL,0x1C0C101CUL,0x33437370UL,0x18889098UL,0x10001010UL,0x0CCCC0CCUL,0x32C2F2F0UL,0x19C9D1D8UL,
+0x2C0C202CUL,0x27C7E3E4UL,0x32427270UL,0x03838380UL,0x1B8B9398UL,0x11C1D1D0UL,0x06868284UL,0x09C9C1C8UL,
+0x20406060UL,0x10405050UL,0x2383A3A0UL,0x2BCBE3E8UL,0x0D0D010CUL,0x3686B2B4UL,0x1E8E929CUL,0x0F4F434CUL,
+0x3787B3B4UL,0x1A4A5258UL,0x06C6C2C4UL,0x38487078UL,0x2686A2A4UL,0x12021210UL,0x2F8FA3ACUL,0x15C5D1D4UL,
+0x21416160UL,0x03C3C3C0UL,0x3484B0B4UL,0x01414140UL,0x12425250UL,0x3D4D717CUL,0x0D8D818CUL,0x08080008UL,
+0x1F0F131CUL,0x19899198UL,0x00000000UL,0x19091118UL,0x04040004UL,0x13435350UL,0x37C7F3F4UL,0x21C1E1E0UL,
+0x3DCDF1FCUL,0x36467274UL,0x2F0F232CUL,0x27072324UL,0x3080B0B0UL,0x0B8B8388UL,0x0E0E020CUL,0x2B8BA3A8UL,
+0x2282A2A0UL,0x2E4E626CUL,0x13839390UL,0x0D4D414CUL,0x29496168UL,0x3C4C707CUL,0x09090108UL,0x0A0A0208UL,
+0x3F8FB3BCUL,0x2FCFE3ECUL,0x33C3F3F0UL,0x05C5C1C4UL,0x07878384UL,0x14041014UL,0x3ECEF2FCUL,0x24446064UL,
+0x1ECED2DCUL,0x2E0E222CUL,0x0B4B4348UL,0x1A0A1218UL,0x06060204UL,0x21012120UL,0x2B4B6368UL,0x26466264UL,
+0x02020200UL,0x35C5F1F4UL,0x12829290UL,0x0A8A8288UL,0x0C0C000CUL,0x3383B3B0UL,0x3E4E727CUL,0x10C0D0D0UL,
+0x3A4A7278UL,0x07474344UL,0x16869294UL,0x25C5E1E4UL,0x26062224UL,0x00808080UL,0x2D8DA1ACUL,0x1FCFD3DCUL,
+0x2181A1A0UL,0x30003030UL,0x37073334UL,0x2E8EA2ACUL,0x36063234UL,0x15051114UL,0x22022220UL,0x38083038UL,
+0x34C4F0F4UL,0x2787A3A4UL,0x05454144UL,0x0C4C404CUL,0x01818180UL,0x29C9E1E8UL,0x04848084UL,0x17879394UL,
+0x35053134UL,0x0BCBC3C8UL,0x0ECEC2CCUL,0x3C0C303CUL,0x31417170UL,0x11011110UL,0x07C7C3C4UL,0x09898188UL,
+0x35457174UL,0x3BCBF3F8UL,0x1ACAD2D8UL,0x38C8F0F8UL,0x14849094UL,0x19495158UL,0x02828280UL,0x04C4C0C4UL,
+0x3FCFF3FCUL,0x09494148UL,0x39093138UL,0x27476364UL,0x00C0C0C0UL,0x0FCFC3CCUL,0x17C7D3D4UL,0x3888B0B8UL,
+0x0F0F030CUL,0x0E8E828CUL,0x02424240UL,0x23032320UL,0x11819190UL,0x2C4C606CUL,0x1BCBD3D8UL,0x2484A0A4UL,
+0x34043034UL,0x31C1F1F0UL,0x08484048UL,0x02C2C2C0UL,0x2F4F636CUL,0x3D0D313CUL,0x2D0D212CUL,0x00404040UL,
+0x3E8EB2BCUL,0x3E0E323CUL,0x3C8CB0BCUL,0x01C1C1C0UL,0x2A8AA2A8UL,0x3A8AB2B8UL,0x0E4E424CUL,0x15455154UL,
+0x3B0B3338UL,0x1CCCD0DCUL,0x28486068UL,0x3F4F737CUL,0x1C8C909CUL,0x18C8D0D8UL,0x0A4A4248UL,0x16465254UL,
+0x37477374UL,0x2080A0A0UL,0x2DCDE1ECUL,0x06464244UL,0x3585B1B4UL,0x2B0B2328UL,0x25456164UL,0x3ACAF2F8UL,
+0x23C3E3E0UL,0x3989B1B8UL,0x3181B1B0UL,0x1F8F939CUL,0x1E4E525CUL,0x39C9F1F8UL,0x26C6E2E4UL,0x3282B2B0UL,
+0x31013130UL,0x2ACAE2E8UL,0x2D4D616CUL,0x1F4F535CUL,0x24C4E0E4UL,0x30C0F0F0UL,0x0DCDC1CCUL,0x08888088UL,
+0x16061214UL,0x3A0A3238UL,0x18485058UL,0x14C4D0D4UL,0x22426260UL,0x29092128UL,0x07070304UL,0x33033330UL,
+0x28C8E0E8UL,0x1B0B1318UL,0x05050104UL,0x39497178UL,0x10809090UL,0x2A4A6268UL,0x2A0A2228UL,0x1A8A9298UL
+};
+
+static const ulong32 SS1[256] = {
+0x38380830UL,0xE828C8E0UL,0x2C2D0D21UL,0xA42686A2UL,0xCC0FCFC3UL,0xDC1ECED2UL,0xB03383B3UL,0xB83888B0UL,
+0xAC2F8FA3UL,0x60204060UL,0x54154551UL,0xC407C7C3UL,0x44044440UL,0x6C2F4F63UL,0x682B4B63UL,0x581B4B53UL,
+0xC003C3C3UL,0x60224262UL,0x30330333UL,0xB43585B1UL,0x28290921UL,0xA02080A0UL,0xE022C2E2UL,0xA42787A3UL,
+0xD013C3D3UL,0x90118191UL,0x10110111UL,0x04060602UL,0x1C1C0C10UL,0xBC3C8CB0UL,0x34360632UL,0x480B4B43UL,
+0xEC2FCFE3UL,0x88088880UL,0x6C2C4C60UL,0xA82888A0UL,0x14170713UL,0xC404C4C0UL,0x14160612UL,0xF434C4F0UL,
+0xC002C2C2UL,0x44054541UL,0xE021C1E1UL,0xD416C6D2UL,0x3C3F0F33UL,0x3C3D0D31UL,0x8C0E8E82UL,0x98188890UL,
+0x28280820UL,0x4C0E4E42UL,0xF436C6F2UL,0x3C3E0E32UL,0xA42585A1UL,0xF839C9F1UL,0x0C0D0D01UL,0xDC1FCFD3UL,
+0xD818C8D0UL,0x282B0B23UL,0x64264662UL,0x783A4A72UL,0x24270723UL,0x2C2F0F23UL,0xF031C1F1UL,0x70324272UL,
+0x40024242UL,0xD414C4D0UL,0x40014141UL,0xC000C0C0UL,0x70334373UL,0x64274763UL,0xAC2C8CA0UL,0x880B8B83UL,
+0xF437C7F3UL,0xAC2D8DA1UL,0x80008080UL,0x1C1F0F13UL,0xC80ACAC2UL,0x2C2C0C20UL,0xA82A8AA2UL,0x34340430UL,
+0xD012C2D2UL,0x080B0B03UL,0xEC2ECEE2UL,0xE829C9E1UL,0x5C1D4D51UL,0x94148490UL,0x18180810UL,0xF838C8F0UL,
+0x54174753UL,0xAC2E8EA2UL,0x08080800UL,0xC405C5C1UL,0x10130313UL,0xCC0DCDC1UL,0x84068682UL,0xB83989B1UL,
+0xFC3FCFF3UL,0x7C3D4D71UL,0xC001C1C1UL,0x30310131UL,0xF435C5F1UL,0x880A8A82UL,0x682A4A62UL,0xB03181B1UL,
+0xD011C1D1UL,0x20200020UL,0xD417C7D3UL,0x00020202UL,0x20220222UL,0x04040400UL,0x68284860UL,0x70314171UL,
+0x04070703UL,0xD81BCBD3UL,0x9C1D8D91UL,0x98198991UL,0x60214161UL,0xBC3E8EB2UL,0xE426C6E2UL,0x58194951UL,
+0xDC1DCDD1UL,0x50114151UL,0x90108090UL,0xDC1CCCD0UL,0x981A8A92UL,0xA02383A3UL,0xA82B8BA3UL,0xD010C0D0UL,
+0x80018181UL,0x0C0F0F03UL,0x44074743UL,0x181A0A12UL,0xE023C3E3UL,0xEC2CCCE0UL,0x8C0D8D81UL,0xBC3F8FB3UL,
+0x94168692UL,0x783B4B73UL,0x5C1C4C50UL,0xA02282A2UL,0xA02181A1UL,0x60234363UL,0x20230323UL,0x4C0D4D41UL,
+0xC808C8C0UL,0x9C1E8E92UL,0x9C1C8C90UL,0x383A0A32UL,0x0C0C0C00UL,0x2C2E0E22UL,0xB83A8AB2UL,0x6C2E4E62UL,
+0x9C1F8F93UL,0x581A4A52UL,0xF032C2F2UL,0x90128292UL,0xF033C3F3UL,0x48094941UL,0x78384870UL,0xCC0CCCC0UL,
+0x14150511UL,0xF83BCBF3UL,0x70304070UL,0x74354571UL,0x7C3F4F73UL,0x34350531UL,0x10100010UL,0x00030303UL,
+0x64244460UL,0x6C2D4D61UL,0xC406C6C2UL,0x74344470UL,0xD415C5D1UL,0xB43484B0UL,0xE82ACAE2UL,0x08090901UL,
+0x74364672UL,0x18190911UL,0xFC3ECEF2UL,0x40004040UL,0x10120212UL,0xE020C0E0UL,0xBC3D8DB1UL,0x04050501UL,
+0xF83ACAF2UL,0x00010101UL,0xF030C0F0UL,0x282A0A22UL,0x5C1E4E52UL,0xA82989A1UL,0x54164652UL,0x40034343UL,
+0x84058581UL,0x14140410UL,0x88098981UL,0x981B8B93UL,0xB03080B0UL,0xE425C5E1UL,0x48084840UL,0x78394971UL,
+0x94178793UL,0xFC3CCCF0UL,0x1C1E0E12UL,0x80028282UL,0x20210121UL,0x8C0C8C80UL,0x181B0B13UL,0x5C1F4F53UL,
+0x74374773UL,0x54144450UL,0xB03282B2UL,0x1C1D0D11UL,0x24250521UL,0x4C0F4F43UL,0x00000000UL,0x44064642UL,
+0xEC2DCDE1UL,0x58184850UL,0x50124252UL,0xE82BCBE3UL,0x7C3E4E72UL,0xD81ACAD2UL,0xC809C9C1UL,0xFC3DCDF1UL,
+0x30300030UL,0x94158591UL,0x64254561UL,0x3C3C0C30UL,0xB43686B2UL,0xE424C4E0UL,0xB83B8BB3UL,0x7C3C4C70UL,
+0x0C0E0E02UL,0x50104050UL,0x38390931UL,0x24260622UL,0x30320232UL,0x84048480UL,0x68294961UL,0x90138393UL,
+0x34370733UL,0xE427C7E3UL,0x24240420UL,0xA42484A0UL,0xC80BCBC3UL,0x50134353UL,0x080A0A02UL,0x84078783UL,
+0xD819C9D1UL,0x4C0C4C40UL,0x80038383UL,0x8C0F8F83UL,0xCC0ECEC2UL,0x383B0B33UL,0x480A4A42UL,0xB43787B3UL
+};
+
+static const ulong32 SS2[256] = {
+0xA1A82989UL,0x81840585UL,0xD2D416C6UL,0xD3D013C3UL,0x50541444UL,0x111C1D0DUL,0xA0AC2C8CUL,0x21242505UL,
+0x515C1D4DUL,0x43400343UL,0x10181808UL,0x121C1E0EUL,0x51501141UL,0xF0FC3CCCUL,0xC2C80ACAUL,0x63602343UL,
+0x20282808UL,0x40440444UL,0x20202000UL,0x919C1D8DUL,0xE0E020C0UL,0xE2E022C2UL,0xC0C808C8UL,0x13141707UL,
+0xA1A42585UL,0x838C0F8FUL,0x03000303UL,0x73783B4BUL,0xB3B83B8BUL,0x13101303UL,0xD2D012C2UL,0xE2EC2ECEUL,
+0x70703040UL,0x808C0C8CUL,0x333C3F0FUL,0xA0A82888UL,0x32303202UL,0xD1DC1DCDUL,0xF2F436C6UL,0x70743444UL,
+0xE0EC2CCCUL,0x91941585UL,0x03080B0BUL,0x53541747UL,0x505C1C4CUL,0x53581B4BUL,0xB1BC3D8DUL,0x01000101UL,
+0x20242404UL,0x101C1C0CUL,0x73703343UL,0x90981888UL,0x10101000UL,0xC0CC0CCCUL,0xF2F032C2UL,0xD1D819C9UL,
+0x202C2C0CUL,0xE3E427C7UL,0x72703242UL,0x83800383UL,0x93981B8BUL,0xD1D011C1UL,0x82840686UL,0xC1C809C9UL,
+0x60602040UL,0x50501040UL,0xA3A02383UL,0xE3E82BCBUL,0x010C0D0DUL,0xB2B43686UL,0x929C1E8EUL,0x434C0F4FUL,
+0xB3B43787UL,0x52581A4AUL,0xC2C406C6UL,0x70783848UL,0xA2A42686UL,0x12101202UL,0xA3AC2F8FUL,0xD1D415C5UL,
+0x61602141UL,0xC3C003C3UL,0xB0B43484UL,0x41400141UL,0x52501242UL,0x717C3D4DUL,0x818C0D8DUL,0x00080808UL,
+0x131C1F0FUL,0x91981989UL,0x00000000UL,0x11181909UL,0x00040404UL,0x53501343UL,0xF3F437C7UL,0xE1E021C1UL,
+0xF1FC3DCDUL,0x72743646UL,0x232C2F0FUL,0x23242707UL,0xB0B03080UL,0x83880B8BUL,0x020C0E0EUL,0xA3A82B8BUL,
+0xA2A02282UL,0x626C2E4EUL,0x93901383UL,0x414C0D4DUL,0x61682949UL,0x707C3C4CUL,0x01080909UL,0x02080A0AUL,
+0xB3BC3F8FUL,0xE3EC2FCFUL,0xF3F033C3UL,0xC1C405C5UL,0x83840787UL,0x10141404UL,0xF2FC3ECEUL,0x60642444UL,
+0xD2DC1ECEUL,0x222C2E0EUL,0x43480B4BUL,0x12181A0AUL,0x02040606UL,0x21202101UL,0x63682B4BUL,0x62642646UL,
+0x02000202UL,0xF1F435C5UL,0x92901282UL,0x82880A8AUL,0x000C0C0CUL,0xB3B03383UL,0x727C3E4EUL,0xD0D010C0UL,
+0x72783A4AUL,0x43440747UL,0x92941686UL,0xE1E425C5UL,0x22242606UL,0x80800080UL,0xA1AC2D8DUL,0xD3DC1FCFUL,
+0xA1A02181UL,0x30303000UL,0x33343707UL,0xA2AC2E8EUL,0x32343606UL,0x11141505UL,0x22202202UL,0x30383808UL,
+0xF0F434C4UL,0xA3A42787UL,0x41440545UL,0x404C0C4CUL,0x81800181UL,0xE1E829C9UL,0x80840484UL,0x93941787UL,
+0x31343505UL,0xC3C80BCBUL,0xC2CC0ECEUL,0x303C3C0CUL,0x71703141UL,0x11101101UL,0xC3C407C7UL,0x81880989UL,
+0x71743545UL,0xF3F83BCBUL,0xD2D81ACAUL,0xF0F838C8UL,0x90941484UL,0x51581949UL,0x82800282UL,0xC0C404C4UL,
+0xF3FC3FCFUL,0x41480949UL,0x31383909UL,0x63642747UL,0xC0C000C0UL,0xC3CC0FCFUL,0xD3D417C7UL,0xB0B83888UL,
+0x030C0F0FUL,0x828C0E8EUL,0x42400242UL,0x23202303UL,0x91901181UL,0x606C2C4CUL,0xD3D81BCBUL,0xA0A42484UL,
+0x30343404UL,0xF1F031C1UL,0x40480848UL,0xC2C002C2UL,0x636C2F4FUL,0x313C3D0DUL,0x212C2D0DUL,0x40400040UL,
+0xB2BC3E8EUL,0x323C3E0EUL,0xB0BC3C8CUL,0xC1C001C1UL,0xA2A82A8AUL,0xB2B83A8AUL,0x424C0E4EUL,0x51541545UL,
+0x33383B0BUL,0xD0DC1CCCUL,0x60682848UL,0x737C3F4FUL,0x909C1C8CUL,0xD0D818C8UL,0x42480A4AUL,0x52541646UL,
+0x73743747UL,0xA0A02080UL,0xE1EC2DCDUL,0x42440646UL,0xB1B43585UL,0x23282B0BUL,0x61642545UL,0xF2F83ACAUL,
+0xE3E023C3UL,0xB1B83989UL,0xB1B03181UL,0x939C1F8FUL,0x525C1E4EUL,0xF1F839C9UL,0xE2E426C6UL,0xB2B03282UL,
+0x31303101UL,0xE2E82ACAUL,0x616C2D4DUL,0x535C1F4FUL,0xE0E424C4UL,0xF0F030C0UL,0xC1CC0DCDUL,0x80880888UL,
+0x12141606UL,0x32383A0AUL,0x50581848UL,0xD0D414C4UL,0x62602242UL,0x21282909UL,0x03040707UL,0x33303303UL,
+0xE0E828C8UL,0x13181B0BUL,0x01040505UL,0x71783949UL,0x90901080UL,0x62682A4AUL,0x22282A0AUL,0x92981A8AUL
+};
+
+static const ulong32 SS3[256] = {
+0x08303838UL,0xC8E0E828UL,0x0D212C2DUL,0x86A2A426UL,0xCFC3CC0FUL,0xCED2DC1EUL,0x83B3B033UL,0x88B0B838UL,
+0x8FA3AC2FUL,0x40606020UL,0x45515415UL,0xC7C3C407UL,0x44404404UL,0x4F636C2FUL,0x4B63682BUL,0x4B53581BUL,
+0xC3C3C003UL,0x42626022UL,0x03333033UL,0x85B1B435UL,0x09212829UL,0x80A0A020UL,0xC2E2E022UL,0x87A3A427UL,
+0xC3D3D013UL,0x81919011UL,0x01111011UL,0x06020406UL,0x0C101C1CUL,0x8CB0BC3CUL,0x06323436UL,0x4B43480BUL,
+0xCFE3EC2FUL,0x88808808UL,0x4C606C2CUL,0x88A0A828UL,0x07131417UL,0xC4C0C404UL,0x06121416UL,0xC4F0F434UL,
+0xC2C2C002UL,0x45414405UL,0xC1E1E021UL,0xC6D2D416UL,0x0F333C3FUL,0x0D313C3DUL,0x8E828C0EUL,0x88909818UL,
+0x08202828UL,0x4E424C0EUL,0xC6F2F436UL,0x0E323C3EUL,0x85A1A425UL,0xC9F1F839UL,0x0D010C0DUL,0xCFD3DC1FUL,
+0xC8D0D818UL,0x0B23282BUL,0x46626426UL,0x4A72783AUL,0x07232427UL,0x0F232C2FUL,0xC1F1F031UL,0x42727032UL,
+0x42424002UL,0xC4D0D414UL,0x41414001UL,0xC0C0C000UL,0x43737033UL,0x47636427UL,0x8CA0AC2CUL,0x8B83880BUL,
+0xC7F3F437UL,0x8DA1AC2DUL,0x80808000UL,0x0F131C1FUL,0xCAC2C80AUL,0x0C202C2CUL,0x8AA2A82AUL,0x04303434UL,
+0xC2D2D012UL,0x0B03080BUL,0xCEE2EC2EUL,0xC9E1E829UL,0x4D515C1DUL,0x84909414UL,0x08101818UL,0xC8F0F838UL,
+0x47535417UL,0x8EA2AC2EUL,0x08000808UL,0xC5C1C405UL,0x03131013UL,0xCDC1CC0DUL,0x86828406UL,0x89B1B839UL,
+0xCFF3FC3FUL,0x4D717C3DUL,0xC1C1C001UL,0x01313031UL,0xC5F1F435UL,0x8A82880AUL,0x4A62682AUL,0x81B1B031UL,
+0xC1D1D011UL,0x00202020UL,0xC7D3D417UL,0x02020002UL,0x02222022UL,0x04000404UL,0x48606828UL,0x41717031UL,
+0x07030407UL,0xCBD3D81BUL,0x8D919C1DUL,0x89919819UL,0x41616021UL,0x8EB2BC3EUL,0xC6E2E426UL,0x49515819UL,
+0xCDD1DC1DUL,0x41515011UL,0x80909010UL,0xCCD0DC1CUL,0x8A92981AUL,0x83A3A023UL,0x8BA3A82BUL,0xC0D0D010UL,
+0x81818001UL,0x0F030C0FUL,0x47434407UL,0x0A12181AUL,0xC3E3E023UL,0xCCE0EC2CUL,0x8D818C0DUL,0x8FB3BC3FUL,
+0x86929416UL,0x4B73783BUL,0x4C505C1CUL,0x82A2A022UL,0x81A1A021UL,0x43636023UL,0x03232023UL,0x4D414C0DUL,
+0xC8C0C808UL,0x8E929C1EUL,0x8C909C1CUL,0x0A32383AUL,0x0C000C0CUL,0x0E222C2EUL,0x8AB2B83AUL,0x4E626C2EUL,
+0x8F939C1FUL,0x4A52581AUL,0xC2F2F032UL,0x82929012UL,0xC3F3F033UL,0x49414809UL,0x48707838UL,0xCCC0CC0CUL,
+0x05111415UL,0xCBF3F83BUL,0x40707030UL,0x45717435UL,0x4F737C3FUL,0x05313435UL,0x00101010UL,0x03030003UL,
+0x44606424UL,0x4D616C2DUL,0xC6C2C406UL,0x44707434UL,0xC5D1D415UL,0x84B0B434UL,0xCAE2E82AUL,0x09010809UL,
+0x46727436UL,0x09111819UL,0xCEF2FC3EUL,0x40404000UL,0x02121012UL,0xC0E0E020UL,0x8DB1BC3DUL,0x05010405UL,
+0xCAF2F83AUL,0x01010001UL,0xC0F0F030UL,0x0A22282AUL,0x4E525C1EUL,0x89A1A829UL,0x46525416UL,0x43434003UL,
+0x85818405UL,0x04101414UL,0x89818809UL,0x8B93981BUL,0x80B0B030UL,0xC5E1E425UL,0x48404808UL,0x49717839UL,
+0x87939417UL,0xCCF0FC3CUL,0x0E121C1EUL,0x82828002UL,0x01212021UL,0x8C808C0CUL,0x0B13181BUL,0x4F535C1FUL,
+0x47737437UL,0x44505414UL,0x82B2B032UL,0x0D111C1DUL,0x05212425UL,0x4F434C0FUL,0x00000000UL,0x46424406UL,
+0xCDE1EC2DUL,0x48505818UL,0x42525012UL,0xCBE3E82BUL,0x4E727C3EUL,0xCAD2D81AUL,0xC9C1C809UL,0xCDF1FC3DUL,
+0x00303030UL,0x85919415UL,0x45616425UL,0x0C303C3CUL,0x86B2B436UL,0xC4E0E424UL,0x8BB3B83BUL,0x4C707C3CUL,
+0x0E020C0EUL,0x40505010UL,0x09313839UL,0x06222426UL,0x02323032UL,0x84808404UL,0x49616829UL,0x83939013UL,
+0x07333437UL,0xC7E3E427UL,0x04202424UL,0x84A0A424UL,0xCBC3C80BUL,0x43535013UL,0x0A02080AUL,0x87838407UL,
+0xC9D1D819UL,0x4C404C0CUL,0x83838003UL,0x8F838C0FUL,0xCEC2CC0EUL,0x0B33383BUL,0x4A42480AUL,0x87B3B437UL
+};
+
+static const ulong32 KCi[16] = {
+0x9E3779B9,0x3C6EF373,
+0x78DDE6E6,0xF1BBCDCC,
+0xE3779B99,0xC6EF3733,
+0x8DDE6E67,0x1BBCDCCF,
+0x3779B99E,0x6EF3733C,
+0xDDE6E678,0xBBCDCCF1,
+0x779B99E3,0xEF3733C6,
+0xDE6E678D,0xBCDCCF1B
+};
+
+#define G(x) (SS3[((x)>>24)&255] ^ SS2[((x)>>16)&255] ^ SS1[((x)>>8)&255] ^ SS0[(x)&255])
+
+#define F(L1, L2, R1, R2, K1, K2) \
+ T2 = G((R1 ^ K1) ^ (R2 ^ K2)); \
+ T = G( G(T2 + (R1 ^ K1)) + T2); \
+ L2 ^= T; \
+ L1 ^= (T + G(T2 + (R1 ^ K1))); \
+
+ /**
+ Initialize the SEED block cipher
+ @param key The symmetric key you wish to pass
+ @param keylen The key length in bytes
+ @param num_rounds The number of rounds desired (0 for default)
+ @param skey The key in as scheduled by this function.
+ @return CRYPT_OK if successful
+ */
+int kseed_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
+{
+ int i;
+ ulong32 tmp, k1, k2, k3, k4;
+
+ if (keylen != 16) {
+ return CRYPT_INVALID_KEYSIZE;
+ }
+
+ if (num_rounds != 16 && num_rounds != 0) {
+ return CRYPT_INVALID_ROUNDS;
+ }
+
+ /* load key */
+ LOAD32H(k1, key);
+ LOAD32H(k2, key+4);
+ LOAD32H(k3, key+8);
+ LOAD32H(k4, key+12);
+
+ for (i = 0; i < 16; i++) {
+ skey->kseed.K[2*i+0] = G(k1 + k3 - KCi[i]);
+ skey->kseed.K[2*i+1] = G(k2 - k4 + KCi[i]);
+ if (i&1) {
+ tmp = k3;
+ k3 = ((k3 << 8) | (k4 >> 24)) & 0xFFFFFFFF;
+ k4 = ((k4 << 8) | (tmp >> 24)) & 0xFFFFFFFF;
+ } else {
+ tmp = k1;
+ k1 = ((k1 >> 8) | (k2 << 24)) & 0xFFFFFFFF;
+ k2 = ((k2 >> 8) | (tmp << 24)) & 0xFFFFFFFF;
+ }
+ /* reverse keys for decrypt */
+ skey->kseed.dK[2*(15-i)+0] = skey->kseed.K[2*i+0];
+ skey->kseed.dK[2*(15-i)+1] = skey->kseed.K[2*i+1];
+ }
+
+ return CRYPT_OK;
+}
+
+static void rounds(ulong32 *P, ulong32 *K)
+{
+ ulong32 T, T2;
+ int i;
+ for (i = 0; i < 16; i += 2) {
+ F(P[0], P[1], P[2], P[3], K[0], K[1]);
+ F(P[2], P[3], P[0], P[1], K[2], K[3]);
+ K += 4;
+ }
+}
+
+/**
+ Encrypts a block of text with SEED
+ @param pt The input plaintext (16 bytes)
+ @param ct The output ciphertext (16 bytes)
+ @param skey The key as scheduled
+ @return CRYPT_OK if successful
+*/
+int kseed_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+{
+ ulong32 P[4];
+ LOAD32H(P[0], pt);
+ LOAD32H(P[1], pt+4);
+ LOAD32H(P[2], pt+8);
+ LOAD32H(P[3], pt+12);
+ rounds(P, skey->kseed.K);
+ STORE32H(P[2], ct);
+ STORE32H(P[3], ct+4);
+ STORE32H(P[0], ct+8);
+ STORE32H(P[1], ct+12);
+ return CRYPT_OK;
+}
+
+/**
+ Decrypts a block of text with SEED
+ @param ct The input ciphertext (16 bytes)
+ @param pt The output plaintext (16 bytes)
+ @param skey The key as scheduled
+ @return CRYPT_OK if successful
+*/
+int kseed_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+{
+ ulong32 P[4];
+ LOAD32H(P[0], ct);
+ LOAD32H(P[1], ct+4);
+ LOAD32H(P[2], ct+8);
+ LOAD32H(P[3], ct+12);
+ rounds(P, skey->kseed.dK);
+ STORE32H(P[2], pt);
+ STORE32H(P[3], pt+4);
+ STORE32H(P[0], pt+8);
+ STORE32H(P[1], pt+12);
+ return CRYPT_OK;
+}
+
+/** Terminate the context
+ @param skey The scheduled key
+*/
+void kseed_done(symmetric_key *skey)
+{
+}
+
+/**
+ Performs a self-test of the SEED block cipher
+ @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
+*/
+int kseed_test(void)
+{
+#if !defined(LTC_TEST)
+ return CRYPT_NOP;
+#else
+ static const struct test {
+ unsigned char pt[16], ct[16], key[16];
+ } tests[] = {
+
+{
+ { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
+ { 0x5E,0xBA,0xC6,0xE0,0x05,0x4E,0x16,0x68,0x19,0xAF,0xF1,0xCC,0x6D,0x34,0x6C,0xDB },
+ { 0 },
+},
+
+{
+ { 0 },
+ { 0xC1,0x1F,0x22,0xF2,0x01,0x40,0x50,0x50,0x84,0x48,0x35,0x97,0xE4,0x37,0x0F,0x43 },
+ { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F },
+},
+
+{
+ { 0x83,0xA2,0xF8,0xA2,0x88,0x64,0x1F,0xB9,0xA4,0xE9,0xA5,0xCC,0x2F,0x13,0x1C,0x7D },
+ { 0xEE,0x54,0xD1,0x3E,0xBC,0xAE,0x70,0x6D,0x22,0x6B,0xC3,0x14,0x2C,0xD4,0x0D,0x4A },
+ { 0x47,0x06,0x48,0x08,0x51,0xE6,0x1B,0xE8,0x5D,0x74,0xBF,0xB3,0xFD,0x95,0x61,0x85 },
+},
+
+{
+ { 0xB4,0x1E,0x6B,0xE2,0xEB,0xA8,0x4A,0x14,0x8E,0x2E,0xED,0x84,0x59,0x3C,0x5E,0xC7 },
+ { 0x9B,0x9B,0x7B,0xFC,0xD1,0x81,0x3C,0xB9,0x5D,0x0B,0x36,0x18,0xF4,0x0F,0x51,0x22 },
+ { 0x28,0xDB,0xC3,0xBC,0x49,0xFF,0xD8,0x7D,0xCF,0xA5,0x09,0xB1,0x1D,0x42,0x2B,0xE7 },
+}
+};
+ int x;
+ unsigned char buf[2][16];
+ symmetric_key skey;
+
+ for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+ kseed_setup(tests[x].key, 16, 0, &skey);
+ kseed_ecb_encrypt(tests[x].pt, buf[0], &skey);
+ kseed_ecb_decrypt(buf[0], buf[1], &skey);
+ if (XMEMCMP(buf[0], tests[x].ct, 16) || XMEMCMP(buf[1], tests[x].pt, 16)) {
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+ }
+ return CRYPT_OK;
+#endif
+}
+
+/**
+ Gets suitable key size
+ @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
+ @return CRYPT_OK if the input key size is acceptable.
+*/
+int kseed_keysize(int *keysize)
+{
+ LTC_ARGCHK(keysize != NULL);
+ if (*keysize >= 16) {
+ *keysize = 16;
+ } else {
+ return CRYPT_INVALID_KEYSIZE;
+ }
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/kseed.c,v $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/noekeon.c b/src/ciphers/noekeon.c
index e502dfe..f467ff2 100644
--- a/src/ciphers/noekeon.c
+++ b/src/ciphers/noekeon.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@file noekeon.c
@@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor noekeon_desc =
&noekeon_test,
&noekeon_done,
&noekeon_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 RC[] = {
@@ -107,11 +107,12 @@ int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+static int _noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
-void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,temp;
@@ -142,13 +143,16 @@ void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
STORE32H(a,&ct[0]); STORE32H(b,&ct[4]);
STORE32H(c,&ct[8]); STORE32H(d,&ct[12]);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
- _noekeon_ecb_encrypt(pt, ct, skey);
+ int err = _noekeon_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 5 + sizeof(int));
+ return CRYPT_OK;
}
#endif
@@ -157,11 +161,12 @@ void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+static int _noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
-void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d, temp;
@@ -192,13 +197,15 @@ void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
a ^= RC[0];
STORE32H(a,&pt[0]); STORE32H(b, &pt[4]);
STORE32H(c,&pt[8]); STORE32H(d, &pt[12]);
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
- _noekeon_ecb_decrypt(ct, pt, skey);
+ int err = _noekeon_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 5 + sizeof(int));
+ return err;
}
#endif
@@ -235,10 +242,10 @@ int noekeon_test(void)
noekeon_ecb_encrypt(tests[i].pt, tmp[0], &key);
noekeon_ecb_decrypt(tmp[0], tmp[1], &key);
- if (memcmp(tmp[0], tests[i].ct, 16) || memcmp(tmp[1], tests[i].pt, 16)) {
+ if (XMEMCMP(tmp[0], tests[i].ct, 16) || XMEMCMP(tmp[1], tests[i].pt, 16)) {
#if 0
printf("\n\nTest %d failed\n", i);
- if (memcmp(tmp[0], tests[i].ct, 16)) {
+ if (XMEMCMP(tmp[0], tests[i].ct, 16)) {
printf("CT: ");
for (i = 0; i < 16; i++) {
printf("%02x ", tmp[0][i]);
@@ -292,5 +299,5 @@ int noekeon_keysize(int *keysize)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/noekeon.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/rc2.c b/src/ciphers/rc2.c
index e91f83a..de62cda 100644
--- a/src/ciphers/rc2.c
+++ b/src/ciphers/rc2.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**********************************************************************\
* To commemorate the 1996 RSA Data Security Conference, the following *
@@ -36,7 +36,7 @@ const struct ltc_cipher_descriptor rc2_desc = {
&rc2_test,
&rc2_done,
&rc2_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/* 256-entry permutation table, probably derived somehow from pi */
@@ -125,13 +125,14 @@ int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _rc2_ecb_encrypt( const unsigned char *pt,
+static int _rc2_ecb_encrypt( const unsigned char *pt,
unsigned char *ct,
symmetric_key *skey)
#else
-void rc2_ecb_encrypt( const unsigned char *pt,
+int rc2_ecb_encrypt( const unsigned char *pt,
unsigned char *ct,
symmetric_key *skey)
#endif
@@ -179,15 +180,18 @@ void rc2_ecb_encrypt( const unsigned char *pt,
ct[5] = (unsigned char)(x54 >> 8);
ct[6] = (unsigned char)x76;
ct[7] = (unsigned char)(x76 >> 8);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void rc2_ecb_encrypt( const unsigned char *pt,
+int rc2_ecb_encrypt( const unsigned char *pt,
unsigned char *ct,
symmetric_key *skey)
{
- _rc2_ecb_encrypt(pt, ct, skey);
+ int err = _rc2_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 5);
+ return err;
}
#endif
@@ -199,13 +203,14 @@ void rc2_ecb_encrypt( const unsigned char *pt,
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _rc2_ecb_decrypt( const unsigned char *ct,
+static int _rc2_ecb_decrypt( const unsigned char *ct,
unsigned char *pt,
symmetric_key *skey)
#else
-void rc2_ecb_decrypt( const unsigned char *ct,
+int rc2_ecb_decrypt( const unsigned char *ct,
unsigned char *pt,
symmetric_key *skey)
#endif
@@ -254,15 +259,18 @@ void rc2_ecb_decrypt( const unsigned char *ct,
pt[5] = (unsigned char)(x54 >> 8);
pt[6] = (unsigned char)x76;
pt[7] = (unsigned char)(x76 >> 8);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void rc2_ecb_decrypt( const unsigned char *ct,
+int rc2_ecb_decrypt( const unsigned char *ct,
unsigned char *pt,
symmetric_key *skey)
{
- _rc2_ecb_decrypt(ct, pt, skey);
+ int err = _rc2_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 4 + sizeof(int));
+ return err;
}
#endif
@@ -307,7 +315,7 @@ int rc2_test(void)
rc2_ecb_encrypt(tests[x].pt, tmp[0], &skey);
rc2_ecb_decrypt(tmp[0], tmp[1], &skey);
- if (memcmp(tmp[0], tests[x].ct, 8) != 0 || memcmp(tmp[1], tests[x].pt, 8) != 0) {
+ if (XMEMCMP(tmp[0], tests[x].ct, 8) != 0 || XMEMCMP(tmp[1], tests[x].pt, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -350,5 +358,5 @@ int rc2_keysize(int *keysize)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/rc2.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/rc5.c b/src/ciphers/rc5.c
index 9465ac8..2d5fdb8 100644
--- a/src/ciphers/rc5.c
+++ b/src/ciphers/rc5.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -29,7 +29,7 @@ const struct ltc_cipher_descriptor rc5_desc =
&rc5_test,
&rc5_done,
&rc5_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 stab[50] = {
@@ -123,11 +123,12 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+static int _rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
-void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 A, B, *K;
@@ -159,13 +160,16 @@ void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
}
STORE32L(A, &ct[0]);
STORE32L(B, &ct[4]);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
- _rc5_ecb_encrypt(pt, ct, skey);
+ int err = _rc5_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
+ return err;
}
#endif
@@ -174,11 +178,12 @@ void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+static int _rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
-void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 A, B, *K;
@@ -211,13 +216,16 @@ void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
B -= skey->rc5.K[1];
STORE32L(A, &pt[0]);
STORE32L(B, &pt[4]);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
- _rc5_ecb_decrypt(ct, pt, skey);
+ int err = _rc5_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 2 + sizeof(int));
+ return err;
}
#endif
@@ -267,7 +275,7 @@ int rc5_test(void)
rc5_ecb_decrypt(tmp[0], tmp[1], &key);
/* compare */
- if (memcmp(tmp[0], tests[x].ct, 8) != 0 || memcmp(tmp[1], tests[x].pt, 8) != 0) {
+ if (XMEMCMP(tmp[0], tests[x].ct, 8) != 0 || XMEMCMP(tmp[1], tests[x].pt, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -310,5 +318,5 @@ int rc5_keysize(int *keysize)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/rc5.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/rc6.c b/src/ciphers/rc6.c
index ae6f114..8afa033 100644
--- a/src/ciphers/rc6.c
+++ b/src/ciphers/rc6.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor rc6_desc =
&rc6_test,
&rc6_done,
&rc6_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const ulong32 stab[44] = {
@@ -120,9 +120,9 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
-static void _rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+static int _rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
-void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,t,u, *K;
@@ -155,13 +155,15 @@ void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
a += skey->rc6.K[42];
c += skey->rc6.K[43];
STORE32L(a,&ct[0]);STORE32L(b,&ct[4]);STORE32L(c,&ct[8]);STORE32L(d,&ct[12]);
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
- _rc6_ecb_encrypt(pt, ct, skey);
+ int err = _rc6_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 6 + sizeof(int));
+ return err;
}
#endif
@@ -172,9 +174,9 @@ void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *
@param skey The key as scheduled
*/
#ifdef LTC_CLEAN_STACK
-static void _rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+static int _rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
-void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,t,u, *K;
@@ -208,13 +210,16 @@ void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *
b -= skey->rc6.K[0];
d -= skey->rc6.K[1];
STORE32L(a,&pt[0]);STORE32L(b,&pt[4]);STORE32L(c,&pt[8]);STORE32L(d,&pt[12]);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
- _rc6_ecb_decrypt(ct, pt, skey);
+ int err = _rc6_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 6 + sizeof(int));
+ return err;
}
#endif
@@ -280,17 +285,17 @@ int rc6_test(void)
rc6_ecb_decrypt(tmp[0], tmp[1], &key);
/* compare */
- if (memcmp(tmp[0], tests[x].ct, 16) || memcmp(tmp[1], tests[x].pt, 16)) {
+ if (XMEMCMP(tmp[0], tests[x].ct, 16) || XMEMCMP(tmp[1], tests[x].pt, 16)) {
#if 0
printf("\n\nFailed test %d\n", x);
- if (memcmp(tmp[0], tests[x].ct, 16)) {
+ if (XMEMCMP(tmp[0], tests[x].ct, 16)) {
printf("Ciphertext: ");
for (y = 0; y < 16; y++) printf("%02x ", tmp[0][y]);
printf("\nExpected : ");
for (y = 0; y < 16; y++) printf("%02x ", tests[x].ct[y]);
printf("\n");
}
- if (memcmp(tmp[1], tests[x].pt, 16)) {
+ if (XMEMCMP(tmp[1], tests[x].pt, 16)) {
printf("Plaintext: ");
for (y = 0; y < 16; y++) printf("%02x ", tmp[0][y]);
printf("\nExpected : ");
@@ -339,5 +344,5 @@ int rc6_keysize(int *keysize)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/rc6.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/safer/safer.c b/src/ciphers/safer/safer.c
index bad00a0..9fdaf37 100644
--- a/src/ciphers/safer/safer.c
+++ b/src/ciphers/safer/safer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/*******************************************************************************
@@ -42,7 +42,7 @@ const struct ltc_cipher_descriptor
&safer_k64_test,
&safer_done,
&safer_64_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
},
safer_sk64_desc = {
@@ -54,7 +54,7 @@ const struct ltc_cipher_descriptor
&safer_sk64_test,
&safer_done,
&safer_64_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
},
safer_k128_desc = {
@@ -66,7 +66,7 @@ const struct ltc_cipher_descriptor
&safer_sk128_test,
&safer_done,
&safer_128_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
},
safer_sk128_desc = {
@@ -78,7 +78,7 @@ const struct ltc_cipher_descriptor
&safer_sk128_test,
&safer_done,
&safer_128_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/******************* Constants ************************************************/
@@ -246,11 +246,11 @@ int safer_sk128_setup(const unsigned char *key, int keylen, int numrounds, symme
}
#ifdef LTC_CLEAN_STACK
-static void _safer_ecb_encrypt(const unsigned char *block_in,
+static int _safer_ecb_encrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
#else
-void safer_ecb_encrypt(const unsigned char *block_in,
+int safer_ecb_encrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
#endif
@@ -285,24 +285,26 @@ void safer_ecb_encrypt(const unsigned char *block_in,
block_out[2] = c & 0xFF; block_out[3] = d & 0xFF;
block_out[4] = e & 0xFF; block_out[5] = f & 0xFF;
block_out[6] = g & 0xFF; block_out[7] = h & 0xFF;
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void safer_ecb_encrypt(const unsigned char *block_in,
+int safer_ecb_encrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
{
- _safer_ecb_encrypt(block_in, block_out, skey);
+ int err = _safer_ecb_encrypt(block_in, block_out, skey);
burn_stack(sizeof(unsigned char) * 9 + sizeof(unsigned int) + sizeof(unsigned char *));
+ return err;
}
#endif
#ifdef LTC_CLEAN_STACK
-static void _safer_ecb_decrypt(const unsigned char *block_in,
+static int _safer_ecb_decrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
#else
-void safer_ecb_decrypt(const unsigned char *block_in,
+int safer_ecb_decrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
#endif
@@ -338,15 +340,17 @@ void safer_ecb_decrypt(const unsigned char *block_in,
block_out[2] = c & 0xFF; block_out[3] = d & 0xFF;
block_out[4] = e & 0xFF; block_out[5] = f & 0xFF;
block_out[6] = g & 0xFF; block_out[7] = h & 0xFF;
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void safer_ecb_decrypt(const unsigned char *block_in,
+int safer_ecb_decrypt(const unsigned char *block_in,
unsigned char *block_out,
symmetric_key *skey)
{
- _safer_ecb_decrypt(block_in, block_out, skey);
+ int err = _safer_ecb_decrypt(block_in, block_out, skey);
burn_stack(sizeof(unsigned char) * 9 + sizeof(unsigned int) + sizeof(unsigned char *));
+ return err;
}
#endif
@@ -392,7 +396,7 @@ int safer_k64_test(void)
safer_ecb_encrypt(k64_pt, buf[0], &skey);
safer_ecb_decrypt(buf[0], buf[1], &skey);
- if (memcmp(buf[0], k64_ct, 8) != 0 || memcmp(buf[1], k64_pt, 8) != 0) {
+ if (XMEMCMP(buf[0], k64_ct, 8) != 0 || XMEMCMP(buf[1], k64_pt, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -422,7 +426,7 @@ int safer_sk64_test(void)
safer_ecb_encrypt(sk64_pt, buf[0], &skey);
safer_ecb_decrypt(buf[0], buf[1], &skey);
- if (memcmp(buf[0], sk64_ct, 8) != 0 || memcmp(buf[1], sk64_pt, 8) != 0) {
+ if (XMEMCMP(buf[0], sk64_ct, 8) != 0 || XMEMCMP(buf[1], sk64_pt, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -464,7 +468,7 @@ int safer_sk128_test(void)
safer_ecb_encrypt(sk128_pt, buf[0], &skey);
safer_ecb_decrypt(buf[0], buf[1], &skey);
- if (memcmp(buf[0], sk128_ct, 8) != 0 || memcmp(buf[1], sk128_pt, 8) != 0) {
+ if (XMEMCMP(buf[0], sk128_ct, 8) != 0 || XMEMCMP(buf[1], sk128_pt, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -483,5 +487,5 @@ int safer_sk128_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/safer/safer.c,v $ */
-/* $Revision: 1.8 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.13 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/safer/safer_tab.c b/src/ciphers/safer/safer_tab.c
index 47fbd1c..a542768 100644
--- a/src/ciphers/safer/safer_tab.c
+++ b/src/ciphers/safer/safer_tab.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -64,5 +64,5 @@ const unsigned char safer_lbox[256] = {
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/safer/safer_tab.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/ciphers/safer/saferp.c b/src/ciphers/safer/saferp.c
index 6d0d589..dff4ee9 100644
--- a/src/ciphers/safer/saferp.c
+++ b/src/ciphers/safer/saferp.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor saferp_desc =
&saferp_test,
&saferp_done,
&saferp_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/* ROUND(b,i)
@@ -329,8 +329,9 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
-void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
unsigned char b[16];
int x;
@@ -384,6 +385,7 @@ void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ke
#ifdef LTC_CLEAN_STACK
zeromem(b, sizeof(b));
#endif
+ return CRYPT_OK;
}
/**
@@ -391,8 +393,9 @@ void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ke
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
-void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
unsigned char b[16];
int x;
@@ -446,6 +449,7 @@ void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ke
#ifdef LTC_CLEAN_STACK
zeromem(b, sizeof(b));
#endif
+ return CRYPT_OK;
}
/**
@@ -503,7 +507,7 @@ int saferp_test(void)
saferp_ecb_decrypt(tmp[0], tmp[1], &skey);
/* compare */
- if (memcmp(tmp[0], tests[i].ct, 16) || memcmp(tmp[1], tests[i].pt, 16)) {
+ if (XMEMCMP(tmp[0], tests[i].ct, 16) || XMEMCMP(tmp[1], tests[i].pt, 16)) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -551,5 +555,5 @@ int saferp_keysize(int *keysize)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/safer/saferp.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/skipjack.c b/src/ciphers/skipjack.c
index 4cb3bf2..3e0b576 100644
--- a/src/ciphers/skipjack.c
+++ b/src/ciphers/skipjack.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor skipjack_desc =
&skipjack_test,
&skipjack_done,
&skipjack_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
static const unsigned char sbox[256] = {
@@ -138,11 +138,12 @@ static unsigned ig_func(unsigned w, int *kp, unsigned char *key)
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+static int _skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
-void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
unsigned w1,w2,w3,w4,tmp,tmp1;
@@ -183,13 +184,16 @@ void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
ct[2] = (w2>>8)&255; ct[3] = w2&255;
ct[4] = (w3>>8)&255; ct[5] = w3&255;
ct[6] = (w4>>8)&255; ct[7] = w4&255;
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
- _skipjack_ecb_encrypt(pt, ct, skey);
+ int err = _skipjack_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(unsigned) * 8 + sizeof(int) * 2);
+ return err;
}
#endif
@@ -198,11 +202,12 @@ void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+static int _skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
-void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
unsigned w1,w2,w3,w4,tmp;
@@ -247,13 +252,16 @@ void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
pt[2] = (w2>>8)&255; pt[3] = w2&255;
pt[4] = (w3>>8)&255; pt[5] = w3&255;
pt[6] = (w4>>8)&255; pt[7] = w4&255;
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
- _skipjack_ecb_decrypt(ct, pt, skey);
+ int err = _skipjack_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(unsigned) * 7 + sizeof(int) * 2);
+ return err;
}
#endif
@@ -290,7 +298,7 @@ int skipjack_test(void)
skipjack_ecb_decrypt(buf[0], buf[1], &key);
/* compare */
- if (memcmp(buf[0], tests[x].ct, 8) != 0 || memcmp(buf[1], tests[x].pt, 8) != 0) {
+ if (XMEMCMP(buf[0], tests[x].ct, 8) != 0 || XMEMCMP(buf[1], tests[x].pt, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -331,5 +339,5 @@ int skipjack_keysize(int *keysize)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/skipjack.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/ciphers/twofish/twofish.c b/src/ciphers/twofish/twofish.c
index f147bab..9e6d0d4 100644
--- a/src/ciphers/twofish/twofish.c
+++ b/src/ciphers/twofish/twofish.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -35,7 +35,7 @@ const struct ltc_cipher_descriptor twofish_desc =
&twofish_test,
&twofish_done,
&twofish_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
/* the two polynomials */
@@ -414,8 +414,8 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
/* make the sboxes (large ram variant) */
if (k == 2) {
for (x = 0; x < 256; x++) {
- tmpx0 = sbox(0, x);
- tmpx1 = sbox(1, x);
+ tmpx0 = (unsigned char)sbox(0, x);
+ tmpx1 = (unsigned char)sbox(1, x);
skey->twofish.S[0][x] = mds_column_mult(sbox(1, (sbox(0, tmpx0 ^ S[0]) ^ S[4])),0);
skey->twofish.S[1][x] = mds_column_mult(sbox(0, (sbox(0, tmpx1 ^ S[1]) ^ S[5])),1);
skey->twofish.S[2][x] = mds_column_mult(sbox(1, (sbox(1, tmpx0 ^ S[2]) ^ S[6])),2);
@@ -423,8 +423,8 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
}
} else if (k == 3) {
for (x = 0; x < 256; x++) {
- tmpx0 = sbox(0, x);
- tmpx1 = sbox(1, x);
+ tmpx0 = (unsigned char)sbox(0, x);
+ tmpx1 = (unsigned char)sbox(1, x);
skey->twofish.S[0][x] = mds_column_mult(sbox(1, (sbox(0, sbox(0, tmpx1 ^ S[0]) ^ S[4]) ^ S[8])),0);
skey->twofish.S[1][x] = mds_column_mult(sbox(0, (sbox(0, sbox(1, tmpx1 ^ S[1]) ^ S[5]) ^ S[9])),1);
skey->twofish.S[2][x] = mds_column_mult(sbox(1, (sbox(1, sbox(0, tmpx0 ^ S[2]) ^ S[6]) ^ S[10])),2);
@@ -432,8 +432,8 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
}
} else {
for (x = 0; x < 256; x++) {
- tmpx0 = sbox(0, x);
- tmpx1 = sbox(1, x);
+ tmpx0 = (unsigned char)sbox(0, x);
+ tmpx1 = (unsigned char)sbox(1, x);
skey->twofish.S[0][x] = mds_column_mult(sbox(1, (sbox(0, sbox(0, sbox(1, tmpx1 ^ S[0]) ^ S[4]) ^ S[8]) ^ S[12])),0);
skey->twofish.S[1][x] = mds_column_mult(sbox(0, (sbox(0, sbox(1, sbox(1, tmpx0 ^ S[1]) ^ S[5]) ^ S[9]) ^ S[13])),1);
skey->twofish.S[2][x] = mds_column_mult(sbox(1, (sbox(1, sbox(0, sbox(0, tmpx0 ^ S[2]) ^ S[6]) ^ S[10]) ^ S[14])),2);
@@ -467,11 +467,12 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
@param pt The input plaintext (16 bytes)
@param ct The output ciphertext (16 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+static int _twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#else
-void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,ta,tb,tc,td,t1,t2, *k;
@@ -521,13 +522,16 @@ void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
/* store output */
STORE32L(ta,&ct[0]); STORE32L(tb,&ct[4]);
STORE32L(tc,&ct[8]); STORE32L(td,&ct[12]);
+
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
- _twofish_ecb_encrypt(pt, ct, skey);
+ int err = _twofish_ecb_encrypt(pt, ct, skey);
burn_stack(sizeof(ulong32) * 10 + sizeof(int));
+ return err;
}
#endif
@@ -536,11 +540,12 @@ void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
@param ct The input ciphertext (16 bytes)
@param pt The output plaintext (16 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
#ifdef LTC_CLEAN_STACK
-static void _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+static int _twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#else
-void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
#endif
{
ulong32 a,b,c,d,ta,tb,tc,td,t1,t2, *k;
@@ -593,13 +598,15 @@ void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
/* store */
STORE32L(a, &pt[0]); STORE32L(b, &pt[4]);
STORE32L(c, &pt[8]); STORE32L(d, &pt[12]);
+ return CRYPT_OK;
}
#ifdef LTC_CLEAN_STACK
-void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
- _twofish_ecb_decrypt(ct, pt, skey);
+ int err =_twofish_ecb_decrypt(ct, pt, skey);
burn_stack(sizeof(ulong32) * 10 + sizeof(int));
+ return err;
}
#endif
@@ -656,7 +663,10 @@ int twofish_test(void)
}
twofish_ecb_encrypt(tests[i].pt, tmp[0], &key);
twofish_ecb_decrypt(tmp[0], tmp[1], &key);
- if (memcmp(tmp[0], tests[i].ct, 16) != 0 || memcmp(tmp[1], tests[i].pt, 16) != 0) {
+ if (XMEMCMP(tmp[0], tests[i].ct, 16) != 0 || XMEMCMP(tmp[1], tests[i].pt, 16) != 0) {
+#if 0
+ printf("Twofish failed test %d, %d, %d\n", i, XMEMCMP(tmp[0], tests[i].ct, 16), XMEMCMP(tmp[1], tests[i].pt, 16));
+#endif
return CRYPT_FAIL_TESTVECTOR;
}
/* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
@@ -704,5 +714,5 @@ int twofish_keysize(int *keysize)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/twofish/twofish.c,v $ */
-/* $Revision: 1.8 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.14 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/ciphers/twofish/twofish_tab.c b/src/ciphers/twofish/twofish_tab.c
index 47d4717..f8a373f 100644
--- a/src/ciphers/twofish/twofish_tab.c
+++ b/src/ciphers/twofish/twofish_tab.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -492,5 +492,5 @@ static const ulong32 rs_tab7[256] = {
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/twofish/twofish_tab.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/ciphers/xtea.c b/src/ciphers/xtea.c
index a45a13a..ac73400 100644
--- a/src/ciphers/xtea.c
+++ b/src/ciphers/xtea.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor xtea_desc =
&xtea_test,
&xtea_done,
&xtea_keysize,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL
+ NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
};
int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@@ -71,8 +71,9 @@ int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
@param pt The input plaintext (8 bytes)
@param ct The output ciphertext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
-void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
+int xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
{
unsigned long y, z;
int r;
@@ -98,6 +99,7 @@ void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key
}
STORE32L(y, &ct[0]);
STORE32L(z, &ct[4]);
+ return CRYPT_OK;
}
/**
@@ -105,8 +107,9 @@ void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key
@param ct The input ciphertext (8 bytes)
@param pt The output plaintext (8 bytes)
@param skey The key as scheduled
+ @return CRYPT_OK if successful
*/
-void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
+int xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
{
unsigned long y, z;
int r;
@@ -132,6 +135,7 @@ void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key
}
STORE32L(y, &pt[0]);
STORE32L(z, &pt[4]);
+ return CRYPT_OK;
}
/**
@@ -160,7 +164,7 @@ int xtea_test(void)
xtea_ecb_encrypt(pt, tmp[0], &skey);
xtea_ecb_decrypt(tmp[0], tmp[1], &skey);
- if (memcmp(tmp[0], ct, 8) != 0 || memcmp(tmp[1], pt, 8) != 0) {
+ if (XMEMCMP(tmp[0], ct, 8) != 0 || XMEMCMP(tmp[1], pt, 8) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -203,5 +207,5 @@ int xtea_keysize(int *keysize)
/* $Source: /cvs/libtom/libtomcrypt/src/ciphers/xtea.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/encauth/ccm/ccm_memory.c b/src/encauth/ccm/ccm_memory.c
index 48dc4b7..c5eee18 100644
--- a/src/encauth/ccm/ccm_memory.c
+++ b/src/encauth/ccm/ccm_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -22,6 +22,7 @@
@param cipher The index of the cipher desired
@param key The secret key to use
@param keylen The length of the secret key (octets)
+ @param uskey A previously scheduled key [optional can be NULL]
@param nonce The session nonce [use once]
@param noncelen The length of the nonce
@param header The header for the session
@@ -36,6 +37,7 @@
*/
int ccm_memory(int cipher,
const unsigned char *key, unsigned long keylen,
+ symmetric_key *uskey,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
unsigned char *pt, unsigned long ptlen,
@@ -48,7 +50,9 @@ int ccm_memory(int cipher,
int err;
unsigned long len, L, x, y, z, CTRlen;
- LTC_ARGCHK(key != NULL);
+ if (uskey == NULL) {
+ LTC_ARGCHK(key != NULL);
+ }
LTC_ARGCHK(nonce != NULL);
if (headerlen > 0) {
LTC_ARGCHK(header != NULL);
@@ -85,15 +89,15 @@ int ccm_memory(int cipher,
/* is there an accelerator? */
if (cipher_descriptor[cipher].accel_ccm_memory != NULL) {
- cipher_descriptor[cipher].accel_ccm_memory(
+ return cipher_descriptor[cipher].accel_ccm_memory(
key, keylen,
+ uskey,
nonce, noncelen,
header, headerlen,
pt, ptlen,
ct,
tag, taglen,
direction);
- return CRYPT_OK;
}
/* let's get the L value */
@@ -113,23 +117,32 @@ int ccm_memory(int cipher,
L = 15 - noncelen;
}
- /* allocate mem for the symmetric key */
- skey = XMALLOC(sizeof(*skey));
- if (skey == NULL) {
- return CRYPT_MEM;
+ /* decrease noncelen to match L */
+ if ((noncelen + L) > 15) {
+ noncelen = 15 - L;
}
- /* initialize the cipher */
- if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) {
- XFREE(skey);
- return err;
+ /* allocate mem for the symmetric key */
+ if (uskey == NULL) {
+ skey = XMALLOC(sizeof(*skey));
+ if (skey == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* initialize the cipher */
+ if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) {
+ XFREE(skey);
+ return err;
+ }
+ } else {
+ skey = uskey;
}
/* form B_0 == flags | Nonce N | l(m) */
x = 0;
- PAD[x++] = ((headerlen > 0) ? (1<<6) : 0) |
+ PAD[x++] = (unsigned char)(((headerlen > 0) ? (1<<6) : 0) |
(((*taglen - 2)>>1)<<3) |
- (L-1);
+ (L-1));
/* nonce */
for (y = 0; y < (16 - (L + 1)); y++) {
@@ -149,12 +162,14 @@ int ccm_memory(int cipher,
PAD[x++] = 0;
}
for (; y < L; y++) {
- PAD[x++] = (len >> 24) & 255;
+ PAD[x++] = (unsigned char)((len >> 24) & 255);
len <<= 8;
}
/* encrypt PAD */
- cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
/* handle header */
if (headerlen > 0) {
@@ -177,7 +192,9 @@ int ccm_memory(int cipher,
for (y = 0; y < headerlen; y++) {
if (x == 16) {
/* full block so let's encrypt it */
- cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
x = 0;
}
PAD[x++] ^= header[y];
@@ -185,7 +202,9 @@ int ccm_memory(int cipher,
/* remainder? */
if (x != 0) {
- cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
}
}
@@ -193,7 +212,7 @@ int ccm_memory(int cipher,
x = 0;
/* flags */
- ctr[x++] = L-1;
+ ctr[x++] = (unsigned char)L-1;
/* nonce */
for (y = 0; y < (16 - (L+1)); ++y) {
@@ -219,14 +238,18 @@ int ccm_memory(int cipher,
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
- cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
/* xor the PT against the pad first */
for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&PAD[z])) ^= *((LTC_FAST_TYPE*)(&pt[y+z]));
*((LTC_FAST_TYPE*)(&ct[y+z])) = *((LTC_FAST_TYPE*)(&pt[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z]));
}
- cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
}
} else {
for (; y < (ptlen & ~15); y += 16) {
@@ -235,14 +258,18 @@ int ccm_memory(int cipher,
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
- cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
/* xor the PT against the pad last */
for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&pt[y+z])) = *((LTC_FAST_TYPE*)(&ct[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z]));
*((LTC_FAST_TYPE*)(&PAD[z])) ^= *((LTC_FAST_TYPE*)(&pt[y+z]));
}
- cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
}
}
}
@@ -255,7 +282,9 @@ int ccm_memory(int cipher,
ctr[z] = (ctr[z] + 1) & 255;
if (ctr[z]) break;
}
- cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
CTRlen = 0;
}
@@ -269,21 +298,32 @@ int ccm_memory(int cipher,
}
if (x == 16) {
- cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
x = 0;
}
PAD[x++] ^= b;
}
if (x != 0) {
- cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
}
}
- /* setup CTR for the TAG */
- ctr[14] = ctr[15] = 0x00;
- cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
- cipher_descriptor[cipher].done(skey);
+ /* setup CTR for the TAG (zero the count) */
+ for (y = 15; y > 15 - L; y--) {
+ ctr[y] = 0x00;
+ }
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if (skey != uskey) {
+ cipher_descriptor[cipher].done(skey);
+ }
/* store the TAG */
for (x = 0; x < 16 && x < *taglen; x++) {
@@ -296,14 +336,16 @@ int ccm_memory(int cipher,
zeromem(PAD, sizeof(PAD));
zeromem(CTRPAD, sizeof(CTRPAD));
#endif
+error:
+ if (skey != uskey) {
+ XFREE(skey);
+ }
- XFREE(skey);
-
- return CRYPT_OK;
+ return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ccm/ccm_memory.c,v $ */
-/* $Revision: 1.9 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.18 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/encauth/ccm/ccm_test.c b/src/encauth/ccm/ccm_test.c
index c33502a..3a45bfb 100644
--- a/src/encauth/ccm/ccm_test.c
+++ b/src/encauth/ccm/ccm_test.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -116,6 +116,7 @@ int ccm_test(void)
unsigned long taglen, x;
unsigned char buf[64], buf2[64], tag2[16], tag[16];
int err, idx;
+ symmetric_key skey;
idx = find_cipher("aes");
if (idx == -1) {
@@ -127,8 +128,13 @@ int ccm_test(void)
for (x = 0; x < (sizeof(tests)/sizeof(tests[0])); x++) {
taglen = tests[x].taglen;
+ if ((err = cipher_descriptor[idx].setup(tests[x].key, 16, 0, &skey)) != CRYPT_OK) {
+ return err;
+ }
+
if ((err = ccm_memory(idx,
tests[x].key, 16,
+ &skey,
tests[x].nonce, tests[x].noncelen,
tests[x].header, tests[x].headerlen,
(unsigned char*)tests[x].pt, tests[x].ptlen,
@@ -137,31 +143,31 @@ int ccm_test(void)
return err;
}
- if (memcmp(buf, tests[x].ct, tests[x].ptlen)) {
+ if (XMEMCMP(buf, tests[x].ct, tests[x].ptlen)) {
return CRYPT_FAIL_TESTVECTOR;
}
- if (memcmp(tag, tests[x].tag, tests[x].taglen)) {
+ if (XMEMCMP(tag, tests[x].tag, tests[x].taglen)) {
return CRYPT_FAIL_TESTVECTOR;
}
if ((err = ccm_memory(idx,
tests[x].key, 16,
+ NULL,
tests[x].nonce, tests[x].noncelen,
tests[x].header, tests[x].headerlen,
buf2, tests[x].ptlen,
buf,
- tag2, &taglen, 1 )) != CRYPT_OK) {
+ tag2, &taglen, 1 )) != CRYPT_OK) {
return err;
}
- if (memcmp(buf2, tests[x].pt, tests[x].ptlen)) {
+ if (XMEMCMP(buf2, tests[x].pt, tests[x].ptlen)) {
return CRYPT_FAIL_TESTVECTOR;
}
- if (memcmp(tag2, tests[x].tag, tests[x].taglen)) {
+ if (XMEMCMP(tag2, tests[x].tag, tests[x].taglen)) {
return CRYPT_FAIL_TESTVECTOR;
- }
-
-
+ }
+ cipher_descriptor[idx].done(&skey);
}
return CRYPT_OK;
#endif
@@ -170,5 +176,5 @@ int ccm_test(void)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ccm/ccm_test.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/21 00:18:23 $ */
diff --git a/src/encauth/eax/eax_addheader.c b/src/encauth/eax/eax_addheader.c
index cfb325d..b1054e5 100644
--- a/src/encauth/eax/eax_addheader.c
+++ b/src/encauth/eax/eax_addheader.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@file eax_addheader.c
@@ -34,5 +34,5 @@ int eax_addheader(eax_state *eax, const unsigned char *header,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_addheader.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/eax/eax_decrypt.c b/src/encauth/eax/eax_decrypt.c
index 13e23cc..22a66ab 100644
--- a/src/encauth/eax/eax_decrypt.c
+++ b/src/encauth/eax/eax_decrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -46,5 +46,5 @@ int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_decrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/eax/eax_decrypt_verify_memory.c b/src/encauth/eax/eax_decrypt_verify_memory.c
index d6d72ab..693ddfa 100644
--- a/src/encauth/eax/eax_decrypt_verify_memory.c
+++ b/src/encauth/eax/eax_decrypt_verify_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -84,7 +84,7 @@ int eax_decrypt_verify_memory(int cipher,
}
/* compare tags */
- if (buflen >= taglen && memcmp(buf, tag, taglen) == 0) {
+ if (buflen >= taglen && XMEMCMP(buf, tag, taglen) == 0) {
*stat = 1;
}
@@ -104,5 +104,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_decrypt_verify_memory.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/encauth/eax/eax_done.c b/src/encauth/eax/eax_done.c
index 10e2c23..1e02939 100644
--- a/src/encauth/eax/eax_done.c
+++ b/src/encauth/eax/eax_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -90,5 +90,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_done.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/eax/eax_encrypt.c b/src/encauth/eax/eax_encrypt.c
index a646588..dc8bc3d 100644
--- a/src/encauth/eax/eax_encrypt.c
+++ b/src/encauth/eax/eax_encrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -47,5 +47,5 @@ int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct,
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_encrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/eax/eax_encrypt_authenticate_memory.c b/src/encauth/eax/eax_encrypt_authenticate_memory.c
index 9760616..e9e52d0 100644
--- a/src/encauth/eax/eax_encrypt_authenticate_memory.c
+++ b/src/encauth/eax/eax_encrypt_authenticate_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -78,5 +78,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_encrypt_authenticate_memory.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/eax/eax_init.c b/src/encauth/eax/eax_init.c
index 942b25f..48512b5 100644
--- a/src/encauth/eax/eax_init.c
+++ b/src/encauth/eax/eax_init.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -140,5 +140,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_init.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/eax/eax_test.c b/src/encauth/eax/eax_test.c
index b08f5ab..d154271 100644
--- a/src/encauth/eax/eax_test.c
+++ b/src/encauth/eax/eax_test.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -231,7 +231,7 @@ int eax_test(void)
tests[x].plaintext, tests[x].msglen, outct, outtag, &len)) != CRYPT_OK) {
return err;
}
- if (memcmp(outct, tests[x].ciphertext, tests[x].msglen) || memcmp(outtag, tests[x].tag, len)) {
+ if (XMEMCMP(outct, tests[x].ciphertext, tests[x].msglen) || XMEMCMP(outtag, tests[x].tag, len)) {
#if 0
unsigned long y;
printf("\n\nFailure: \nCT:\n");
@@ -256,7 +256,7 @@ int eax_test(void)
outct, tests[x].msglen, outct, outtag, len, &res)) != CRYPT_OK) {
return err;
}
- if ((res != 1) || memcmp(outct, tests[x].plaintext, tests[x].msglen)) {
+ if ((res != 1) || XMEMCMP(outct, tests[x].plaintext, tests[x].msglen)) {
#if 0
unsigned long y;
printf("\n\nFailure (res == %d): \nPT:\n", res);
@@ -278,5 +278,5 @@ int eax_test(void)
#endif /* EAX_MODE */
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/eax/eax_test.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/encauth/gcm/gcm_add_aad.c b/src/encauth/gcm/gcm_add_aad.c
index 03cb279..6037c6c 100644
--- a/src/encauth/gcm/gcm_add_aad.c
+++ b/src/encauth/gcm/gcm_add_aad.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -57,7 +57,7 @@ int gcm_add_aad(gcm_state *gcm,
gcm->totlen += gcm->buflen * CONST64(8);
gcm_mult_h(gcm, gcm->X);
}
-
+
/* mix in the length */
zeromem(gcm->buf, 8);
STORE64H(gcm->totlen, gcm->buf+8);
@@ -120,5 +120,5 @@ int gcm_add_aad(gcm_state *gcm,
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_add_aad.c,v $ */
-/* $Revision: 1.14 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.16 $ */
+/* $Date: 2006/09/23 19:24:21 $ */
diff --git a/src/encauth/gcm/gcm_add_iv.c b/src/encauth/gcm/gcm_add_iv.c
index 107cf35..44e3167 100644
--- a/src/encauth/gcm/gcm_add_iv.c
+++ b/src/encauth/gcm/gcm_add_iv.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -90,5 +90,5 @@ int gcm_add_iv(gcm_state *gcm,
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_add_iv.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/gcm/gcm_done.c b/src/encauth/gcm/gcm_done.c
index 96ef7f3..4cbd09f 100644
--- a/src/encauth/gcm/gcm_done.c
+++ b/src/encauth/gcm/gcm_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -62,7 +62,9 @@ int gcm_done(gcm_state *gcm,
gcm_mult_h(gcm, gcm->X);
/* encrypt original counter */
- cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y_0, gcm->buf, &gcm->K);
+ if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y_0, gcm->buf, &gcm->K)) != CRYPT_OK) {
+ return err;
+ }
for (x = 0; x < 16 && x < *taglen; x++) {
tag[x] = gcm->buf[x] ^ gcm->X[x];
}
@@ -77,5 +79,5 @@ int gcm_done(gcm_state *gcm,
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_done.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/gcm/gcm_gf_mult.c b/src/encauth/gcm/gcm_gf_mult.c
index 06db22b..52e82dd 100644
--- a/src/encauth/gcm/gcm_gf_mult.c
+++ b/src/encauth/gcm/gcm_gf_mult.c
@@ -6,17 +6,59 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@file gcm_gf_mult.c
- GCM implementation, initialize state, by Tom St Denis
+ GCM implementation, do the GF mult, by Tom St Denis
*/
#include "tomcrypt.h"
-#ifdef GCM_MODE
+#if defined(GCM_TABLES) || defined(LRW_TABLES) || ((defined(GCM_MODE) || defined(GCM_MODE)) && defined(LTC_FAST))
+/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the
+ * lower 16 bits are not zero'ed I removed the upper 14 bytes */
+const unsigned char gcm_shift_table[256*2] = {
+0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
+0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
+0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
+0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
+0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
+0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
+0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
+0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
+0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
+0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
+0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
+0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
+0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
+0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
+0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
+0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
+0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
+0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
+0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
+0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
+0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
+0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
+0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
+0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
+0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
+0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
+0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
+0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
+0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
+0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
+0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
+0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
+
+#endif
+
+
+#if defined(GCM_MODE) || defined(LRW_MODE)
+
+#ifndef LTC_FAST
/* right shift */
static void gcm_rightshift(unsigned char *a)
{
@@ -33,7 +75,7 @@ static const unsigned char poly[] = { 0x00, 0xE1 };
/**
- GCM GF multiplier (internal use only)
+ GCM GF multiplier (internal use only) bitserial
@param a First value
@param b Second value
@param c Destination for a * b
@@ -58,37 +100,122 @@ void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *
XMEMCPY(c, Z, 16);
}
+#else
+
+/* map normal numbers to "ieee" way ... e.g. bit reversed */
+#define M(x) ( ((x&8)>>3) | ((x&4)>>1) | ((x&2)<<1) | ((x&1)<<3) )
+
+#define BPD (sizeof(LTC_FAST_TYPE) * 8)
+#define WPV (1 + (16 / sizeof(LTC_FAST_TYPE)))
+
/**
- GCM multiply by H
- @param gcm The GCM state which holds the H value
- @param I The value to multiply H by
- */
-void gcm_mult_h(gcm_state *gcm, unsigned char *I)
+ GCM GF multiplier (internal use only) word oriented
+ @param a First value
+ @param b Second value
+ @param c Destination for a * b
+ */
+void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
{
- unsigned char T[16];
-#ifdef GCM_TABLES
- int x, y;
- XMEMCPY(T, &gcm->PC[0][I[0]][0], 16);
- for (x = 1; x < 16; x++) {
-#ifdef LTC_FAST
- for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
- *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y]));
+ int i, j, k, u;
+ LTC_FAST_TYPE B[16][WPV], tmp[32 / sizeof(LTC_FAST_TYPE)], pB[16 / sizeof(LTC_FAST_TYPE)], zz, z;
+ unsigned char pTmp[32];
+
+ /* create simple tables */
+ zeromem(B[0], sizeof(B[0]));
+ zeromem(B[M(1)], sizeof(B[M(1)]));
+
+#ifdef ENDIAN_32BITWORD
+ for (i = 0; i < 4; i++) {
+ LOAD32H(B[M(1)][i], a + (i<<2));
+ LOAD32L(pB[i], b + (i<<2));
+ }
+#else
+ for (i = 0; i < 2; i++) {
+ LOAD64H(B[M(1)][i], a + (i<<3));
+ LOAD64L(pB[i], b + (i<<3));
+ }
+#endif
+
+ /* now create 2, 4 and 8 */
+ B[M(2)][0] = B[M(1)][0] >> 1;
+ B[M(4)][0] = B[M(1)][0] >> 2;
+ B[M(8)][0] = B[M(1)][0] >> 3;
+ for (i = 1; i < (int)WPV; i++) {
+ B[M(2)][i] = (B[M(1)][i-1] << (BPD-1)) | (B[M(1)][i] >> 1);
+ B[M(4)][i] = (B[M(1)][i-1] << (BPD-2)) | (B[M(1)][i] >> 2);
+ B[M(8)][i] = (B[M(1)][i-1] << (BPD-3)) | (B[M(1)][i] >> 3);
+ }
+
+ /* now all values with two bits which are 3, 5, 6, 9, 10, 12 */
+ for (i = 0; i < (int)WPV; i++) {
+ B[M(3)][i] = B[M(1)][i] ^ B[M(2)][i];
+ B[M(5)][i] = B[M(1)][i] ^ B[M(4)][i];
+ B[M(6)][i] = B[M(2)][i] ^ B[M(4)][i];
+ B[M(9)][i] = B[M(1)][i] ^ B[M(8)][i];
+ B[M(10)][i] = B[M(2)][i] ^ B[M(8)][i];
+ B[M(12)][i] = B[M(8)][i] ^ B[M(4)][i];
+
+ /* now all 3 bit values and the only 4 bit value: 7, 11, 13, 14, 15 */
+ B[M(7)][i] = B[M(3)][i] ^ B[M(4)][i];
+ B[M(11)][i] = B[M(3)][i] ^ B[M(8)][i];
+ B[M(13)][i] = B[M(1)][i] ^ B[M(12)][i];
+ B[M(14)][i] = B[M(6)][i] ^ B[M(8)][i];
+ B[M(15)][i] = B[M(7)][i] ^ B[M(8)][i];
+ }
+
+ zeromem(tmp, sizeof(tmp));
+
+ /* compute product four bits of each word at a time */
+ /* for each nibble */
+ for (i = (BPD/4)-1; i >= 0; i--) {
+ /* for each word */
+ for (j = 0; j < (int)(WPV-1); j++) {
+ /* grab the 4 bits recall the nibbles are backwards so it's a shift by (i^1)*4 */
+ u = (pB[j] >> ((i^1)<<2)) & 15;
+
+ /* add offset by the word count the table looked up value to the result */
+ for (k = 0; k < (int)WPV; k++) {
+ tmp[k+j] ^= B[u][k];
+ }
}
-#else
- for (y = 0; y < 16; y++) {
- T[y] ^= gcm->PC[x][I[x]][y];
+ /* shift result up by 4 bits */
+ if (i != 0) {
+ for (z = j = 0; j < (int)(32 / sizeof(LTC_FAST_TYPE)); j++) {
+ zz = tmp[j] << (BPD-4);
+ tmp[j] = (tmp[j] >> 4) | z;
+ z = zz;
+ }
}
-#endif
}
-#else
- gcm_gf_mult(gcm->H, I, T);
+
+ /* store product */
+#ifdef ENDIAN_32BITWORD
+ for (i = 0; i < 8; i++) {
+ STORE32H(tmp[i], pTmp + (i<<2));
+ }
+#else
+ for (i = 0; i < 4; i++) {
+ STORE64H(tmp[i], pTmp + (i<<3));
+ }
#endif
- XMEMCPY(I, T, 16);
+
+ /* reduce by taking most significant byte and adding the appropriate two byte sequence 16 bytes down */
+ for (i = 31; i >= 16; i--) {
+ pTmp[i-16] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)];
+ pTmp[i-15] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)+1];
+ }
+
+ for (i = 0; i < 16; i++) {
+ c[i] = pTmp[i];
+ }
+
}
+#endif
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_gf_mult.c,v $ */
-/* $Revision: 1.16 $ */
-/* $Date: 2005/05/21 14:33:42 $ */
+/* $Revision: 1.23 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
+
diff --git a/src/encauth/gcm/gcm_init.c b/src/encauth/gcm/gcm_init.c
index 249b61d..c0f7a5a 100644
--- a/src/encauth/gcm/gcm_init.c
+++ b/src/encauth/gcm/gcm_init.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -17,46 +17,6 @@
#ifdef GCM_MODE
-#ifdef GCM_TABLES
-
-/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the
- * lower 16 bits are not zero'ed I removed the upper 14 bytes */
-static const unsigned char gcm_shift_table[256*2] = {
-0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
-0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
-0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
-0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
-0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
-0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
-0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
-0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
-0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
-0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
-0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
-0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
-0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
-0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
-0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
-0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
-0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
-0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
-0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
-0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
-0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
-0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
-0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
-0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
-0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
-0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
-0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
-0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
-0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
-0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
-0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
-0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
-
-#endif
-
/**
Initialize a GCM state
@param gcm The GCM state to initialize
@@ -98,7 +58,9 @@ int gcm_init(gcm_state *gcm, int cipher,
/* H = E(0) */
zeromem(B, 16);
- cipher_descriptor[cipher].ecb_encrypt(B, gcm->H, &gcm->K);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(B, gcm->H, &gcm->K)) != CRYPT_OK) {
+ return err;
+ }
/* setup state */
zeromem(gcm->buf, sizeof(gcm->buf));
@@ -141,5 +103,5 @@ int gcm_init(gcm_state *gcm, int cipher,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_init.c,v $ */
-/* $Revision: 1.15 $ */
-/* $Date: 2005/05/21 15:05:19 $ */
+/* $Revision: 1.18 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/gcm/gcm_memory.c b/src/encauth/gcm/gcm_memory.c
index ee10d3f..ddec010 100644
--- a/src/encauth/gcm/gcm_memory.c
+++ b/src/encauth/gcm/gcm_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -43,6 +43,7 @@ int gcm_memory( int cipher,
unsigned char *tag, unsigned long *taglen,
int direction)
{
+ void *orig;
gcm_state *gcm;
int err;
@@ -51,7 +52,8 @@ int gcm_memory( int cipher,
}
if (cipher_descriptor[cipher].accel_gcm_memory != NULL) {
- cipher_descriptor[cipher].accel_gcm_memory
+ return
+ cipher_descriptor[cipher].accel_gcm_memory
(key, keylen,
IV, IVlen,
adata, adatalen,
@@ -59,15 +61,29 @@ int gcm_memory( int cipher,
ct,
tag, taglen,
direction);
- return CRYPT_OK;
}
- gcm = XMALLOC(sizeof(*gcm));
+
+#ifndef GCM_TABLES_SSE2
+ orig = gcm = XMALLOC(sizeof(*gcm));
+#else
+ orig = gcm = XMALLOC(sizeof(*gcm) + 16);
+#endif
if (gcm == NULL) {
return CRYPT_MEM;
}
+ /* Force GCM to be on a multiple of 16 so we can use 128-bit aligned operations
+ * note that we only modify gcm and keep orig intact. This code is not portable
+ * but again it's only for SSE2 anyways, so who cares?
+ */
+#ifdef GCM_TABLES_SSE2
+ if ((unsigned long)gcm & 15) {
+ gcm = (gcm_state *)((unsigned long)gcm + (16 - ((unsigned long)gcm & 15)));
+ }
+#endif
+
if ((err = gcm_init(gcm, cipher, key, keylen)) != CRYPT_OK) {
goto LTC_ERR;
}
@@ -82,12 +98,12 @@ int gcm_memory( int cipher,
}
err = gcm_done(gcm, tag, taglen);
LTC_ERR:
- XFREE(gcm);
+ XFREE(orig);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_memory.c,v $ */
-/* $Revision: 1.19 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.23 $ */
+/* $Date: 2006/09/07 10:00:57 $ */
diff --git a/src/encauth/gcm/gcm_mult_h.c b/src/encauth/gcm/gcm_mult_h.c
new file mode 100644
index 0000000..8391e00
--- /dev/null
+++ b/src/encauth/gcm/gcm_mult_h.c
@@ -0,0 +1,58 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/**
+ @file gcm_mult_h.c
+ GCM implementation, do the GF mult, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#if defined(GCM_MODE)
+/**
+ GCM multiply by H
+ @param gcm The GCM state which holds the H value
+ @param I The value to multiply H by
+ */
+void gcm_mult_h(gcm_state *gcm, unsigned char *I)
+{
+ unsigned char T[16];
+#ifdef GCM_TABLES
+ int x, y;
+#ifdef GCM_TABLES_SSE2
+ asm("movdqa (%0),%%xmm0"::"r"(&gcm->PC[0][I[0]][0]));
+ for (x = 1; x < 16; x++) {
+ asm("pxor (%0),%%xmm0"::"r"(&gcm->PC[x][I[x]][0]));
+ }
+ asm("movdqa %%xmm0,(%0)"::"r"(&T));
+#else
+ XMEMCPY(T, &gcm->PC[0][I[0]][0], 16);
+ for (x = 1; x < 16; x++) {
+#ifdef LTC_FAST
+ for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y]));
+ }
+#else
+ for (y = 0; y < 16; y++) {
+ T[y] ^= gcm->PC[x][I[x]][y];
+ }
+#endif /* LTC_FAST */
+ }
+#endif /* GCM_TABLES_SSE2 */
+#else
+ gcm_gf_mult(gcm->H, I, T);
+#endif
+ XMEMCPY(I, T, 16);
+}
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_mult_h.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/08/23 20:40:23 $ */
diff --git a/src/encauth/gcm/gcm_process.c b/src/encauth/gcm/gcm_process.c
index f512e28..f4d21d3 100644
--- a/src/encauth/gcm/gcm_process.c
+++ b/src/encauth/gcm/gcm_process.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -31,9 +31,9 @@ int gcm_process(gcm_state *gcm,
unsigned char *ct,
int direction)
{
- unsigned long x, y;
+ unsigned long x;
+ int y, err;
unsigned char b;
- int err;
LTC_ARGCHK(gcm != NULL);
if (ptlen > 0) {
@@ -59,10 +59,12 @@ int gcm_process(gcm_state *gcm,
/* increment counter */
for (y = 15; y >= 12; y--) {
- if (++gcm->Y[y]) { break; }
+ if (++gcm->Y[y] & 255) { break; }
}
/* encrypt the counter */
- cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
+ if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
+ return err;
+ }
gcm->buflen = 0;
gcm->mode = GCM_MODE_TEXT;
@@ -87,9 +89,11 @@ int gcm_process(gcm_state *gcm,
gcm_mult_h(gcm, gcm->X);
/* increment counter */
for (y = 15; y >= 12; y--) {
- if (++gcm->Y[y]) { break; }
+ if (++gcm->Y[y] & 255) { break; }
+ }
+ if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
+ return err;
}
- cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
}
} else {
for (x = 0; x < (ptlen & ~15); x += 16) {
@@ -103,9 +107,11 @@ int gcm_process(gcm_state *gcm,
gcm_mult_h(gcm, gcm->X);
/* increment counter */
for (y = 15; y >= 12; y--) {
- if (++gcm->Y[y]) { break; }
+ if (++gcm->Y[y] & 255) { break; }
+ }
+ if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
+ return err;
}
- cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
}
}
}
@@ -119,9 +125,11 @@ int gcm_process(gcm_state *gcm,
/* increment counter */
for (y = 15; y >= 12; y--) {
- if (++gcm->Y[y]) { break; }
+ if (++gcm->Y[y] & 255) { break; }
+ }
+ if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
+ return err;
}
- cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
gcm->buflen = 0;
}
@@ -137,11 +145,8 @@ int gcm_process(gcm_state *gcm,
return CRYPT_OK;
}
-
-
#endif
-
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_process.c,v $ */
-/* $Revision: 1.8 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.14 $ */
+/* $Date: 2006/11/19 19:33:36 $ */
diff --git a/src/encauth/gcm/gcm_reset.c b/src/encauth/gcm/gcm_reset.c
index b336a92..a6a8522 100644
--- a/src/encauth/gcm/gcm_reset.c
+++ b/src/encauth/gcm/gcm_reset.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -40,5 +40,5 @@ int gcm_reset(gcm_state *gcm)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_reset.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/gcm/gcm_test.c b/src/encauth/gcm/gcm_test.c
index 7106188..2f8539b 100644
--- a/src/encauth/gcm/gcm_test.c
+++ b/src/encauth/gcm/gcm_test.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -29,13 +29,13 @@ int gcm_test(void)
static const struct {
unsigned char K[32];
int keylen;
- unsigned char P[64];
+ unsigned char P[128];
unsigned long ptlen;
- unsigned char A[64];
+ unsigned char A[128];
unsigned long alen;
- unsigned char IV[64];
+ unsigned char IV[128];
unsigned long IVlen;
- unsigned char C[64];
+ unsigned char C[128];
unsigned char T[16];
} tests[] = {
@@ -275,13 +275,58 @@ int gcm_test(void)
/* TAG */
{ 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50, }
+},
+
+/* test case #46 from BG (catches the LTC bug of v1.15) */
+{
+ /* key */
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+ 16,
+
+ /* PT */
+ { 0xa2, 0xaa, 0xb3, 0xad, 0x8b, 0x17, 0xac, 0xdd,
+ 0xa2, 0x88, 0x42, 0x6c, 0xd7, 0xc4, 0x29, 0xb7,
+ 0xca, 0x86, 0xb7, 0xac, 0xa0, 0x58, 0x09, 0xc7,
+ 0x0c, 0xe8, 0x2d, 0xb2, 0x57, 0x11, 0xcb, 0x53,
+ 0x02, 0xeb, 0x27, 0x43, 0xb0, 0x36, 0xf3, 0xd7,
+ 0x50, 0xd6, 0xcf, 0x0d, 0xc0, 0xac, 0xb9, 0x29,
+ 0x50, 0xd5, 0x46, 0xdb, 0x30, 0x8f, 0x93, 0xb4,
+ 0xff, 0x24, 0x4a, 0xfa, 0x9d, 0xc7, 0x2b, 0xcd,
+ 0x75, 0x8d, 0x2c },
+ 67,
+
+ /* ADATA */
+ { 0x68, 0x8e, 0x1a, 0xa9, 0x84, 0xde, 0x92, 0x6d,
+ 0xc7, 0xb4, 0xc4, 0x7f, 0x44 },
+ 13,
+
+ /* IV */
+ { 0xb7, 0x21, 0x38, 0xb5, 0xa0, 0x5f, 0xf5, 0x07,
+ 0x0e, 0x8c, 0xd9, 0x41, 0x83, 0xf7, 0x61, 0xd8 },
+ 16,
+
+ /* CT */
+ { 0xcb, 0xc8, 0xd2, 0xf1, 0x54, 0x81, 0xa4, 0xcc,
+ 0x7d, 0xd1, 0xe1, 0x9a, 0xaa, 0x83, 0xde, 0x56,
+ 0x78, 0x48, 0x3e, 0xc3, 0x59, 0xae, 0x7d, 0xec,
+ 0x2a, 0xb8, 0xd5, 0x34, 0xe0, 0x90, 0x6f, 0x4b,
+ 0x46, 0x63, 0xfa, 0xff, 0x58, 0xa8, 0xb2, 0xd7,
+ 0x33, 0xb8, 0x45, 0xee, 0xf7, 0xc9, 0xb3, 0x31,
+ 0xe9, 0xe1, 0x0e, 0xb2, 0x61, 0x2c, 0x99, 0x5f,
+ 0xeb, 0x1a, 0xc1, 0x5a, 0x62, 0x86, 0xcc, 0xe8,
+ 0xb2, 0x97, 0xa8 },
+
+ /* TAG */
+ { 0x8d, 0x2d, 0x2a, 0x93, 0x72, 0x62, 0x6f, 0x6b,
+ 0xee, 0x85, 0x80, 0x27, 0x6a, 0x63, 0x66, 0xbf }
}
/* rest of test cases are the same except AES key size changes... ignored... */
};
int idx, err;
unsigned long x, y;
- unsigned char out[2][64], T[2][16];
+ unsigned char out[2][128], T[2][16];
/* find aes */
idx = find_cipher("aes");
@@ -302,7 +347,7 @@ int gcm_test(void)
return err;
}
- if (memcmp(out[0], tests[x].C, tests[x].ptlen)) {
+ if (XMEMCMP(out[0], tests[x].C, tests[x].ptlen)) {
#if 0
printf("\nCiphertext wrong %lu\n", x);
for (y = 0; y < tests[x].ptlen; y++) {
@@ -313,7 +358,7 @@ int gcm_test(void)
return CRYPT_FAIL_TESTVECTOR;
}
- if (memcmp(T[0], tests[x].T, 16)) {
+ if (XMEMCMP(T[0], tests[x].T, 16)) {
#if 0
printf("\nTag on plaintext wrong %lu\n", x);
for (y = 0; y < 16; y++) {
@@ -333,7 +378,7 @@ int gcm_test(void)
return err;
}
- if (memcmp(out[1], tests[x].P, tests[x].ptlen)) {
+ if (XMEMCMP(out[1], tests[x].P, tests[x].ptlen)) {
#if 0
printf("\nplaintext wrong %lu\n", x);
for (y = 0; y < tests[x].ptlen; y++) {
@@ -344,7 +389,7 @@ int gcm_test(void)
return CRYPT_FAIL_TESTVECTOR;
}
- if (memcmp(T[1], tests[x].T, 16)) {
+ if (XMEMCMP(T[1], tests[x].T, 16)) {
#if 0
printf("\nTag on ciphertext wrong %lu\n", x);
for (y = 0; y < 16; y++) {
@@ -364,5 +409,5 @@ int gcm_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/gcm/gcm_test.c,v $ */
-/* $Revision: 1.15 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.20 $ */
+/* $Date: 2006/12/03 17:25:44 $ */
diff --git a/src/encauth/ocb/ocb_decrypt.c b/src/encauth/ocb/ocb_decrypt.c
index a0f2754..58f3825 100644
--- a/src/encauth/ocb/ocb_decrypt.c
+++ b/src/encauth/ocb/ocb_decrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -51,7 +51,9 @@ int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt)
for (x = 0; x < ocb->block_len; x++) {
tmp[x] = ct[x] ^ Z[x];
}
- cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, pt, &ocb->key);
+ if ((err = cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, pt, &ocb->key)) != CRYPT_OK) {
+ return err;
+ }
for (x = 0; x < ocb->block_len; x++) {
pt[x] ^= Z[x];
}
@@ -73,5 +75,5 @@ int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt)
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_decrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/ocb/ocb_decrypt_verify_memory.c b/src/encauth/ocb/ocb_decrypt_verify_memory.c
index 0173eff..b7b8840 100644
--- a/src/encauth/ocb/ocb_decrypt_verify_memory.c
+++ b/src/encauth/ocb/ocb_decrypt_verify_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -82,5 +82,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/ocb/ocb_done_decrypt.c b/src/encauth/ocb/ocb_done_decrypt.c
index fb149bd..2a3ae39 100644
--- a/src/encauth/ocb/ocb_done_decrypt.c
+++ b/src/encauth/ocb/ocb_done_decrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -57,7 +57,7 @@ int ocb_done_decrypt(ocb_state *ocb,
goto LBL_ERR;
}
- if (taglen <= tagbuflen && memcmp(tagbuf, tag, taglen) == 0) {
+ if (taglen <= tagbuflen && XMEMCMP(tagbuf, tag, taglen) == 0) {
*stat = 1;
}
@@ -76,5 +76,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_done_decrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/encauth/ocb/ocb_done_encrypt.c b/src/encauth/ocb/ocb_done_encrypt.c
index 27126e7..5948d82 100644
--- a/src/encauth/ocb/ocb_done_encrypt.c
+++ b/src/encauth/ocb/ocb_done_encrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -42,5 +42,5 @@ int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptle
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_done_encrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/ocb/ocb_encrypt.c b/src/encauth/ocb/ocb_encrypt.c
index 2a48551..3c4991c 100644
--- a/src/encauth/ocb/ocb_encrypt.c
+++ b/src/encauth/ocb/ocb_encrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -51,7 +51,9 @@ int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct)
for (x = 0; x < ocb->block_len; x++) {
tmp[x] = pt[x] ^ Z[x];
}
- cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, ct, &ocb->key);
+ if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, ct, &ocb->key)) != CRYPT_OK) {
+ return err;
+ }
for (x = 0; x < ocb->block_len; x++) {
ct[x] ^= Z[x];
}
@@ -66,5 +68,5 @@ int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_encrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c b/src/encauth/ocb/ocb_encrypt_authenticate_memory.c
index beb72c8..e58975e 100644
--- a/src/encauth/ocb/ocb_encrypt_authenticate_memory.c
+++ b/src/encauth/ocb/ocb_encrypt_authenticate_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -80,5 +80,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/ocb/ocb_init.c b/src/encauth/ocb/ocb_init.c
index 9266d5c..536af87 100644
--- a/src/encauth/ocb/ocb_init.c
+++ b/src/encauth/ocb/ocb_init.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -76,13 +76,17 @@ int ocb_init(ocb_state *ocb, int cipher,
/* find L = E[0] */
zeromem(ocb->L, ocb->block_len);
- cipher_descriptor[cipher].ecb_encrypt(ocb->L, ocb->L, &ocb->key);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->L, ocb->L, &ocb->key)) != CRYPT_OK) {
+ return err;
+ }
/* find R = E[N xor L] */
for (x = 0; x < ocb->block_len; x++) {
ocb->R[x] = ocb->L[x] ^ nonce[x];
}
- cipher_descriptor[cipher].ecb_encrypt(ocb->R, ocb->R, &ocb->key);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->R, ocb->R, &ocb->key)) != CRYPT_OK) {
+ return err;
+ }
/* find Ls[i] = L << i for i == 0..31 */
XMEMCPY(ocb->Ls[0], ocb->L, ocb->block_len);
@@ -129,5 +133,5 @@ int ocb_init(ocb_state *ocb, int cipher,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_init.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/ocb/ocb_ntz.c b/src/encauth/ocb/ocb_ntz.c
index 9b83c53..8100ec0 100644
--- a/src/encauth/ocb/ocb_ntz.c
+++ b/src/encauth/ocb/ocb_ntz.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -38,5 +38,5 @@ int ocb_ntz(unsigned long x)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_ntz.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/ocb/ocb_shift_xor.c b/src/encauth/ocb/ocb_shift_xor.c
index b03de4b..dea43ee 100644
--- a/src/encauth/ocb/ocb_shift_xor.c
+++ b/src/encauth/ocb/ocb_shift_xor.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -35,5 +35,5 @@ void ocb_shift_xor(ocb_state *ocb, unsigned char *Z)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_shift_xor.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/encauth/ocb/ocb_test.c b/src/encauth/ocb/ocb_test.c
index 7a7fc77..4d7ed78 100644
--- a/src/encauth/ocb/ocb_test.c
+++ b/src/encauth/ocb/ocb_test.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -182,7 +182,7 @@ int ocb_test(void)
return err;
}
- if (memcmp(outtag, tests[x].tag, len) || memcmp(outct, tests[x].ct, tests[x].ptlen)) {
+ if (XMEMCMP(outtag, tests[x].tag, len) || XMEMCMP(outct, tests[x].ct, tests[x].ptlen)) {
#if 0
unsigned long y;
printf("\n\nFailure: \nCT:\n");
@@ -205,7 +205,7 @@ int ocb_test(void)
outct, tests[x].tag, len, &res)) != CRYPT_OK) {
return err;
}
- if ((res != 1) || memcmp(tests[x].pt, outct, tests[x].ptlen)) {
+ if ((res != 1) || XMEMCMP(tests[x].pt, outct, tests[x].ptlen)) {
#if 0
unsigned long y;
printf("\n\nFailure-decrypt: \nPT:\n");
@@ -233,5 +233,5 @@ int ocb_test(void)
*/
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/ocb_test.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/encauth/ocb/s_ocb_done.c b/src/encauth/ocb/s_ocb_done.c
index 7399b54..7688a42 100644
--- a/src/encauth/ocb/s_ocb_done.c
+++ b/src/encauth/ocb/s_ocb_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -84,7 +84,9 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
}
/* Y[m] = E(X[m])) */
- cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key);
+ if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key)) != CRYPT_OK) {
+ goto error;
+ }
if (mode == 1) {
/* decrypt mode, so let's xor it first */
@@ -113,7 +115,9 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
}
/* encrypt checksum, er... tag!! */
- cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key);
+ if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key)) != CRYPT_OK) {
+ goto error;
+ }
cipher_descriptor[ocb->cipher].done(&ocb->key);
/* now store it */
@@ -128,17 +132,17 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
zeromem(Z, MAXBLOCKSIZE);
zeromem(ocb, sizeof(*ocb));
#endif
-
+error:
XFREE(X);
XFREE(Y);
XFREE(Z);
- return CRYPT_OK;
+ return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/encauth/ocb/s_ocb_done.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/hashes/chc/chc.c b/src/hashes/chc/chc.c
index 4ff39f0..3f86270 100644
--- a/src/hashes/chc/chc.c
+++ b/src/hashes/chc/chc.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -30,7 +30,8 @@ const struct ltc_hash_descriptor chc_desc = {
&chc_init,
&chc_process,
&chc_done,
- &chc_test
+ &chc_test,
+ NULL
};
/**
@@ -141,7 +142,7 @@ static int chc_compress(hash_state *md, unsigned char *buf)
XFREE(key);
return err;
}
- memcpy(T[1], buf, cipher_blocksize);
+ XMEMCPY(T[1], buf, cipher_blocksize);
cipher_descriptor[cipher_idx].ecb_encrypt(buf, T[0], key);
for (x = 0; x < cipher_blocksize; x++) {
md->chc.state[x] ^= T[0][x] ^ T[1][x];
@@ -279,7 +280,7 @@ int chc_test(void)
chc_init(&md);
chc_process(&md, tests[x].msg, strlen((char *)tests[x].msg));
chc_done(&md, out);
- if (memcmp(out, tests[x].md, tests[x].len)) {
+ if (XMEMCMP(out, tests[x].md, tests[x].len)) {
return CRYPT_FAIL_TESTVECTOR;
}
}
@@ -293,5 +294,5 @@ int chc_test(void)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/chc/chc.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/helper/hash_file.c b/src/hashes/helper/hash_file.c
index 50f726a..a92025c 100644
--- a/src/hashes/helper/hash_file.c
+++ b/src/hashes/helper/hash_file.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -53,5 +53,5 @@ int hash_file(int hash, const char *fname, unsigned char *out, unsigned long *ou
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/helper/hash_file.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/hashes/helper/hash_filehandle.c b/src/hashes/helper/hash_filehandle.c
index 201ef83..be2cbf9 100644
--- a/src/hashes/helper/hash_filehandle.c
+++ b/src/hashes/helper/hash_filehandle.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -42,6 +42,7 @@ int hash_filehandle(int hash, FILE *in, unsigned char *out, unsigned long *outle
}
if (*outlen < hash_descriptor[hash].hashsize) {
+ *outlen = hash_descriptor[hash].hashsize;
return CRYPT_BUFFER_OVERFLOW;
}
if ((err = hash_descriptor[hash].init(&md)) != CRYPT_OK) {
@@ -66,5 +67,5 @@ int hash_filehandle(int hash, FILE *in, unsigned char *out, unsigned long *outle
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/helper/hash_filehandle.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/hashes/helper/hash_memory.c b/src/hashes/helper/hash_memory.c
index 7e849b4..def9fa7 100644
--- a/src/hashes/helper/hash_memory.c
+++ b/src/hashes/helper/hash_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -38,6 +38,7 @@ int hash_memory(int hash, const unsigned char *in, unsigned long inlen, unsigned
}
if (*outlen < hash_descriptor[hash].hashsize) {
+ *outlen = hash_descriptor[hash].hashsize;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -64,5 +65,5 @@ LBL_ERR:
}
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/helper/hash_memory.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/hashes/helper/hash_memory_multi.c b/src/hashes/helper/hash_memory_multi.c
index 8fcb8e9..91f2d0c 100644
--- a/src/hashes/helper/hash_memory_multi.c
+++ b/src/hashes/helper/hash_memory_multi.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
@@ -43,6 +43,7 @@ int hash_memory_multi(int hash, unsigned char *out, unsigned long *outlen,
}
if (*outlen < hash_descriptor[hash].hashsize) {
+ *outlen = hash_descriptor[hash].hashsize;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -82,5 +83,5 @@ LBL_ERR:
}
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/helper/hash_memory_multi.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/hashes/md2.c b/src/hashes/md2.c
index db60fbd..b917213 100644
--- a/src/hashes/md2.c
+++ b/src/hashes/md2.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -31,7 +31,8 @@ const struct ltc_hash_descriptor md2_desc =
&md2_init,
&md2_process,
&md2_done,
- &md2_test
+ &md2_test,
+ NULL
};
static const unsigned char PI_SUBST[256] = {
@@ -234,7 +235,7 @@ int md2_test(void)
md2_init(&md);
md2_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
md2_done(&md, buf);
- if (memcmp(buf, tests[i].md, 16) != 0) {
+ if (XMEMCMP(buf, tests[i].md, 16) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
}
@@ -246,5 +247,5 @@ int md2_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/md2.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/md4.c b/src/hashes/md4.c
index 17ef35e..42645ef 100644
--- a/src/hashes/md4.c
+++ b/src/hashes/md4.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -31,7 +31,8 @@ const struct ltc_hash_descriptor md4_desc =
&md4_init,
&md4_process,
&md4_done,
- &md4_test
+ &md4_test,
+ NULL
};
#define S11 3
@@ -288,7 +289,7 @@ int md4_test(void)
md4_init(&md);
md4_process(&md, (unsigned char *)cases[i].input, (unsigned long)strlen(cases[i].input));
md4_done(&md, digest);
- if (memcmp(digest, cases[i].digest, 16) != 0) {
+ if (XMEMCMP(digest, cases[i].digest, 16) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
@@ -302,5 +303,5 @@ int md4_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/md4.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/md5.c b/src/hashes/md5.c
index fb8ff31..f6274f9 100644
--- a/src/hashes/md5.c
+++ b/src/hashes/md5.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -32,7 +32,8 @@ const struct ltc_hash_descriptor md5_desc =
&md5_init,
&md5_process,
&md5_done,
- &md5_test
+ &md5_test,
+ NULL
};
#define F(x,y,z) (z ^ (x & (y ^ z)))
@@ -350,7 +351,7 @@ int md5_test(void)
md5_init(&md);
md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
md5_done(&md, tmp);
- if (memcmp(tmp, tests[i].hash, 16) != 0) {
+ if (XMEMCMP(tmp, tests[i].hash, 16) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
}
@@ -363,5 +364,5 @@ int md5_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/md5.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/rmd128.c b/src/hashes/rmd128.c
index 1c663e4..d294626 100644
--- a/src/hashes/rmd128.c
+++ b/src/hashes/rmd128.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -37,7 +37,8 @@ const struct ltc_hash_descriptor rmd128_desc =
&rmd128_init,
&rmd128_process,
&rmd128_done,
- &rmd128_test
+ &rmd128_test,
+ NULL
};
/* the four basic functions F(), G() and H() */
@@ -390,7 +391,7 @@ int rmd128_test(void)
rmd128_init(&md);
rmd128_process(&md, (unsigned char *)tests[x].msg, strlen(tests[x].msg));
rmd128_done(&md, buf);
- if (memcmp(buf, tests[x].md, 16) != 0) {
+ if (XMEMCMP(buf, tests[x].md, 16) != 0) {
#if 0
printf("Failed test %d\n", x);
#endif
@@ -405,5 +406,5 @@ int rmd128_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/rmd128.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/rmd160.c b/src/hashes/rmd160.c
index 6124f59..a1c090a 100644
--- a/src/hashes/rmd160.c
+++ b/src/hashes/rmd160.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -37,7 +37,8 @@ const struct ltc_hash_descriptor rmd160_desc =
&rmd160_init,
&rmd160_process,
&rmd160_done,
- &rmd160_test
+ &rmd160_test,
+ NULL
};
/* the five basic functions F(), G() and H() */
@@ -449,7 +450,7 @@ int rmd160_test(void)
rmd160_init(&md);
rmd160_process(&md, (unsigned char *)tests[x].msg, strlen(tests[x].msg));
rmd160_done(&md, buf);
- if (memcmp(buf, tests[x].md, 20) != 0) {
+ if (XMEMCMP(buf, tests[x].md, 20) != 0) {
#if 0
printf("Failed test %d\n", x);
#endif
@@ -464,5 +465,5 @@ int rmd160_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/rmd160.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/rmd256.c b/src/hashes/rmd256.c
new file mode 100644
index 0000000..4540ef9
--- /dev/null
+++ b/src/hashes/rmd256.c
@@ -0,0 +1,431 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @param rmd256.c
+ RMD256 Hash function
+*/
+
+#ifdef RIPEMD256
+
+const struct ltc_hash_descriptor rmd256_desc =
+{
+ "rmd256",
+ 8,
+ 16,
+ 64,
+
+ /* OID */
+ { 1, 3, 36, 3, 2, 3 },
+ 6,
+
+ &rmd256_init,
+ &rmd256_process,
+ &rmd256_done,
+ &rmd256_test,
+ NULL
+};
+
+/* the four basic functions F(), G() and H() */
+#define F(x, y, z) ((x) ^ (y) ^ (z))
+#define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
+#define H(x, y, z) (((x) | ~(y)) ^ (z))
+#define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
+
+/* the eight basic operations FF() through III() */
+#define FF(a, b, c, d, x, s) \
+ (a) += F((b), (c), (d)) + (x);\
+ (a) = ROLc((a), (s));
+
+#define GG(a, b, c, d, x, s) \
+ (a) += G((b), (c), (d)) + (x) + 0x5a827999UL;\
+ (a) = ROLc((a), (s));
+
+#define HH(a, b, c, d, x, s) \
+ (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1UL;\
+ (a) = ROLc((a), (s));
+
+#define II(a, b, c, d, x, s) \
+ (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcUL;\
+ (a) = ROLc((a), (s));
+
+#define FFF(a, b, c, d, x, s) \
+ (a) += F((b), (c), (d)) + (x);\
+ (a) = ROLc((a), (s));
+
+#define GGG(a, b, c, d, x, s) \
+ (a) += G((b), (c), (d)) + (x) + 0x6d703ef3UL;\
+ (a) = ROLc((a), (s));
+
+#define HHH(a, b, c, d, x, s) \
+ (a) += H((b), (c), (d)) + (x) + 0x5c4dd124UL;\
+ (a) = ROLc((a), (s));
+
+#define III(a, b, c, d, x, s) \
+ (a) += I((b), (c), (d)) + (x) + 0x50a28be6UL;\
+ (a) = ROLc((a), (s));
+
+#ifdef LTC_CLEAN_STACK
+static int _rmd256_compress(hash_state *md, unsigned char *buf)
+#else
+static int rmd256_compress(hash_state *md, unsigned char *buf)
+#endif
+{
+ ulong32 aa,bb,cc,dd,aaa,bbb,ccc,ddd,tmp,X[16];
+ int i;
+
+ /* load words X */
+ for (i = 0; i < 16; i++){
+ LOAD32L(X[i], buf + (4 * i));
+ }
+
+ /* load state */
+ aa = md->rmd256.state[0];
+ bb = md->rmd256.state[1];
+ cc = md->rmd256.state[2];
+ dd = md->rmd256.state[3];
+ aaa = md->rmd256.state[4];
+ bbb = md->rmd256.state[5];
+ ccc = md->rmd256.state[6];
+ ddd = md->rmd256.state[7];
+
+ /* round 1 */
+ FF(aa, bb, cc, dd, X[ 0], 11);
+ FF(dd, aa, bb, cc, X[ 1], 14);
+ FF(cc, dd, aa, bb, X[ 2], 15);
+ FF(bb, cc, dd, aa, X[ 3], 12);
+ FF(aa, bb, cc, dd, X[ 4], 5);
+ FF(dd, aa, bb, cc, X[ 5], 8);
+ FF(cc, dd, aa, bb, X[ 6], 7);
+ FF(bb, cc, dd, aa, X[ 7], 9);
+ FF(aa, bb, cc, dd, X[ 8], 11);
+ FF(dd, aa, bb, cc, X[ 9], 13);
+ FF(cc, dd, aa, bb, X[10], 14);
+ FF(bb, cc, dd, aa, X[11], 15);
+ FF(aa, bb, cc, dd, X[12], 6);
+ FF(dd, aa, bb, cc, X[13], 7);
+ FF(cc, dd, aa, bb, X[14], 9);
+ FF(bb, cc, dd, aa, X[15], 8);
+
+ /* parallel round 1 */
+ III(aaa, bbb, ccc, ddd, X[ 5], 8);
+ III(ddd, aaa, bbb, ccc, X[14], 9);
+ III(ccc, ddd, aaa, bbb, X[ 7], 9);
+ III(bbb, ccc, ddd, aaa, X[ 0], 11);
+ III(aaa, bbb, ccc, ddd, X[ 9], 13);
+ III(ddd, aaa, bbb, ccc, X[ 2], 15);
+ III(ccc, ddd, aaa, bbb, X[11], 15);
+ III(bbb, ccc, ddd, aaa, X[ 4], 5);
+ III(aaa, bbb, ccc, ddd, X[13], 7);
+ III(ddd, aaa, bbb, ccc, X[ 6], 7);
+ III(ccc, ddd, aaa, bbb, X[15], 8);
+ III(bbb, ccc, ddd, aaa, X[ 8], 11);
+ III(aaa, bbb, ccc, ddd, X[ 1], 14);
+ III(ddd, aaa, bbb, ccc, X[10], 14);
+ III(ccc, ddd, aaa, bbb, X[ 3], 12);
+ III(bbb, ccc, ddd, aaa, X[12], 6);
+
+ tmp = aa; aa = aaa; aaa = tmp;
+
+ /* round 2 */
+ GG(aa, bb, cc, dd, X[ 7], 7);
+ GG(dd, aa, bb, cc, X[ 4], 6);
+ GG(cc, dd, aa, bb, X[13], 8);
+ GG(bb, cc, dd, aa, X[ 1], 13);
+ GG(aa, bb, cc, dd, X[10], 11);
+ GG(dd, aa, bb, cc, X[ 6], 9);
+ GG(cc, dd, aa, bb, X[15], 7);
+ GG(bb, cc, dd, aa, X[ 3], 15);
+ GG(aa, bb, cc, dd, X[12], 7);
+ GG(dd, aa, bb, cc, X[ 0], 12);
+ GG(cc, dd, aa, bb, X[ 9], 15);
+ GG(bb, cc, dd, aa, X[ 5], 9);
+ GG(aa, bb, cc, dd, X[ 2], 11);
+ GG(dd, aa, bb, cc, X[14], 7);
+ GG(cc, dd, aa, bb, X[11], 13);
+ GG(bb, cc, dd, aa, X[ 8], 12);
+
+ /* parallel round 2 */
+ HHH(aaa, bbb, ccc, ddd, X[ 6], 9);
+ HHH(ddd, aaa, bbb, ccc, X[11], 13);
+ HHH(ccc, ddd, aaa, bbb, X[ 3], 15);
+ HHH(bbb, ccc, ddd, aaa, X[ 7], 7);
+ HHH(aaa, bbb, ccc, ddd, X[ 0], 12);
+ HHH(ddd, aaa, bbb, ccc, X[13], 8);
+ HHH(ccc, ddd, aaa, bbb, X[ 5], 9);
+ HHH(bbb, ccc, ddd, aaa, X[10], 11);
+ HHH(aaa, bbb, ccc, ddd, X[14], 7);
+ HHH(ddd, aaa, bbb, ccc, X[15], 7);
+ HHH(ccc, ddd, aaa, bbb, X[ 8], 12);
+ HHH(bbb, ccc, ddd, aaa, X[12], 7);
+ HHH(aaa, bbb, ccc, ddd, X[ 4], 6);
+ HHH(ddd, aaa, bbb, ccc, X[ 9], 15);
+ HHH(ccc, ddd, aaa, bbb, X[ 1], 13);
+ HHH(bbb, ccc, ddd, aaa, X[ 2], 11);
+
+ tmp = bb; bb = bbb; bbb = tmp;
+
+ /* round 3 */
+ HH(aa, bb, cc, dd, X[ 3], 11);
+ HH(dd, aa, bb, cc, X[10], 13);
+ HH(cc, dd, aa, bb, X[14], 6);
+ HH(bb, cc, dd, aa, X[ 4], 7);
+ HH(aa, bb, cc, dd, X[ 9], 14);
+ HH(dd, aa, bb, cc, X[15], 9);
+ HH(cc, dd, aa, bb, X[ 8], 13);
+ HH(bb, cc, dd, aa, X[ 1], 15);
+ HH(aa, bb, cc, dd, X[ 2], 14);
+ HH(dd, aa, bb, cc, X[ 7], 8);
+ HH(cc, dd, aa, bb, X[ 0], 13);
+ HH(bb, cc, dd, aa, X[ 6], 6);
+ HH(aa, bb, cc, dd, X[13], 5);
+ HH(dd, aa, bb, cc, X[11], 12);
+ HH(cc, dd, aa, bb, X[ 5], 7);
+ HH(bb, cc, dd, aa, X[12], 5);
+
+ /* parallel round 3 */
+ GGG(aaa, bbb, ccc, ddd, X[15], 9);
+ GGG(ddd, aaa, bbb, ccc, X[ 5], 7);
+ GGG(ccc, ddd, aaa, bbb, X[ 1], 15);
+ GGG(bbb, ccc, ddd, aaa, X[ 3], 11);
+ GGG(aaa, bbb, ccc, ddd, X[ 7], 8);
+ GGG(ddd, aaa, bbb, ccc, X[14], 6);
+ GGG(ccc, ddd, aaa, bbb, X[ 6], 6);
+ GGG(bbb, ccc, ddd, aaa, X[ 9], 14);
+ GGG(aaa, bbb, ccc, ddd, X[11], 12);
+ GGG(ddd, aaa, bbb, ccc, X[ 8], 13);
+ GGG(ccc, ddd, aaa, bbb, X[12], 5);
+ GGG(bbb, ccc, ddd, aaa, X[ 2], 14);
+ GGG(aaa, bbb, ccc, ddd, X[10], 13);
+ GGG(ddd, aaa, bbb, ccc, X[ 0], 13);
+ GGG(ccc, ddd, aaa, bbb, X[ 4], 7);
+ GGG(bbb, ccc, ddd, aaa, X[13], 5);
+
+ tmp = cc; cc = ccc; ccc = tmp;
+
+ /* round 4 */
+ II(aa, bb, cc, dd, X[ 1], 11);
+ II(dd, aa, bb, cc, X[ 9], 12);
+ II(cc, dd, aa, bb, X[11], 14);
+ II(bb, cc, dd, aa, X[10], 15);
+ II(aa, bb, cc, dd, X[ 0], 14);
+ II(dd, aa, bb, cc, X[ 8], 15);
+ II(cc, dd, aa, bb, X[12], 9);
+ II(bb, cc, dd, aa, X[ 4], 8);
+ II(aa, bb, cc, dd, X[13], 9);
+ II(dd, aa, bb, cc, X[ 3], 14);
+ II(cc, dd, aa, bb, X[ 7], 5);
+ II(bb, cc, dd, aa, X[15], 6);
+ II(aa, bb, cc, dd, X[14], 8);
+ II(dd, aa, bb, cc, X[ 5], 6);
+ II(cc, dd, aa, bb, X[ 6], 5);
+ II(bb, cc, dd, aa, X[ 2], 12);
+
+ /* parallel round 4 */
+ FFF(aaa, bbb, ccc, ddd, X[ 8], 15);
+ FFF(ddd, aaa, bbb, ccc, X[ 6], 5);
+ FFF(ccc, ddd, aaa, bbb, X[ 4], 8);
+ FFF(bbb, ccc, ddd, aaa, X[ 1], 11);
+ FFF(aaa, bbb, ccc, ddd, X[ 3], 14);
+ FFF(ddd, aaa, bbb, ccc, X[11], 14);
+ FFF(ccc, ddd, aaa, bbb, X[15], 6);
+ FFF(bbb, ccc, ddd, aaa, X[ 0], 14);
+ FFF(aaa, bbb, ccc, ddd, X[ 5], 6);
+ FFF(ddd, aaa, bbb, ccc, X[12], 9);
+ FFF(ccc, ddd, aaa, bbb, X[ 2], 12);
+ FFF(bbb, ccc, ddd, aaa, X[13], 9);
+ FFF(aaa, bbb, ccc, ddd, X[ 9], 12);
+ FFF(ddd, aaa, bbb, ccc, X[ 7], 5);
+ FFF(ccc, ddd, aaa, bbb, X[10], 15);
+ FFF(bbb, ccc, ddd, aaa, X[14], 8);
+
+ tmp = dd; dd = ddd; ddd = tmp;
+
+ /* combine results */
+ md->rmd256.state[0] += aa;
+ md->rmd256.state[1] += bb;
+ md->rmd256.state[2] += cc;
+ md->rmd256.state[3] += dd;
+ md->rmd256.state[4] += aaa;
+ md->rmd256.state[5] += bbb;
+ md->rmd256.state[6] += ccc;
+ md->rmd256.state[7] += ddd;
+
+ return CRYPT_OK;
+}
+
+#ifdef LTC_CLEAN_STACK
+static int rmd256_compress(hash_state *md, unsigned char *buf)
+{
+ int err;
+ err = _rmd256_compress(md, buf);
+ burn_stack(sizeof(ulong32) * 25 + sizeof(int));
+ return err;
+}
+#endif
+
+/**
+ Initialize the hash state
+ @param md The hash state you wish to initialize
+ @return CRYPT_OK if successful
+*/
+int rmd256_init(hash_state * md)
+{
+ LTC_ARGCHK(md != NULL);
+ md->rmd256.state[0] = 0x67452301UL;
+ md->rmd256.state[1] = 0xefcdab89UL;
+ md->rmd256.state[2] = 0x98badcfeUL;
+ md->rmd256.state[3] = 0x10325476UL;
+ md->rmd256.state[4] = 0x76543210UL;
+ md->rmd256.state[5] = 0xfedcba98UL;
+ md->rmd256.state[6] = 0x89abcdefUL;
+ md->rmd256.state[7] = 0x01234567UL;
+ md->rmd256.curlen = 0;
+ md->rmd256.length = 0;
+ return CRYPT_OK;
+}
+
+/**
+ Process a block of memory though the hash
+ @param md The hash state
+ @param in The data to hash
+ @param inlen The length of the data (octets)
+ @return CRYPT_OK if successful
+*/
+HASH_PROCESS(rmd256_process, rmd256_compress, rmd256, 64)
+
+/**
+ Terminate the hash to get the digest
+ @param md The hash state
+ @param out [out] The destination of the hash (16 bytes)
+ @return CRYPT_OK if successful
+*/
+int rmd256_done(hash_state * md, unsigned char *out)
+{
+ int i;
+
+ LTC_ARGCHK(md != NULL);
+ LTC_ARGCHK(out != NULL);
+
+ if (md->rmd256.curlen >= sizeof(md->rmd256.buf)) {
+ return CRYPT_INVALID_ARG;
+ }
+
+
+ /* increase the length of the message */
+ md->rmd256.length += md->rmd256.curlen * 8;
+
+ /* append the '1' bit */
+ md->rmd256.buf[md->rmd256.curlen++] = (unsigned char)0x80;
+
+ /* if the length is currently above 56 bytes we append zeros
+ * then compress. Then we can fall back to padding zeros and length
+ * encoding like normal.
+ */
+ if (md->rmd256.curlen > 56) {
+ while (md->rmd256.curlen < 64) {
+ md->rmd256.buf[md->rmd256.curlen++] = (unsigned char)0;
+ }
+ rmd256_compress(md, md->rmd256.buf);
+ md->rmd256.curlen = 0;
+ }
+
+ /* pad upto 56 bytes of zeroes */
+ while (md->rmd256.curlen < 56) {
+ md->rmd256.buf[md->rmd256.curlen++] = (unsigned char)0;
+ }
+
+ /* store length */
+ STORE64L(md->rmd256.length, md->rmd256.buf+56);
+ rmd256_compress(md, md->rmd256.buf);
+
+ /* copy output */
+ for (i = 0; i < 8; i++) {
+ STORE32L(md->rmd256.state[i], out+(4*i));
+ }
+#ifdef LTC_CLEAN_STACK
+ zeromem(md, sizeof(hash_state));
+#endif
+ return CRYPT_OK;
+}
+
+/**
+ Self-test the hash
+ @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
+*/
+int rmd256_test(void)
+{
+#ifndef LTC_TEST
+ return CRYPT_NOP;
+#else
+ static const struct {
+ char *msg;
+ unsigned char md[32];
+ } tests[] = {
+ { "",
+ { 0x02, 0xba, 0x4c, 0x4e, 0x5f, 0x8e, 0xcd, 0x18,
+ 0x77, 0xfc, 0x52, 0xd6, 0x4d, 0x30, 0xe3, 0x7a,
+ 0x2d, 0x97, 0x74, 0xfb, 0x1e, 0x5d, 0x02, 0x63,
+ 0x80, 0xae, 0x01, 0x68, 0xe3, 0xc5, 0x52, 0x2d }
+ },
+ { "a",
+ { 0xf9, 0x33, 0x3e, 0x45, 0xd8, 0x57, 0xf5, 0xd9,
+ 0x0a, 0x91, 0xba, 0xb7, 0x0a, 0x1e, 0xba, 0x0c,
+ 0xfb, 0x1b, 0xe4, 0xb0, 0x78, 0x3c, 0x9a, 0xcf,
+ 0xcd, 0x88, 0x3a, 0x91, 0x34, 0x69, 0x29, 0x25 }
+ },
+ { "abc",
+ { 0xaf, 0xbd, 0x6e, 0x22, 0x8b, 0x9d, 0x8c, 0xbb,
+ 0xce, 0xf5, 0xca, 0x2d, 0x03, 0xe6, 0xdb, 0xa1,
+ 0x0a, 0xc0, 0xbc, 0x7d, 0xcb, 0xe4, 0x68, 0x0e,
+ 0x1e, 0x42, 0xd2, 0xe9, 0x75, 0x45, 0x9b, 0x65 }
+ },
+ { "message digest",
+ { 0x87, 0xe9, 0x71, 0x75, 0x9a, 0x1c, 0xe4, 0x7a,
+ 0x51, 0x4d, 0x5c, 0x91, 0x4c, 0x39, 0x2c, 0x90,
+ 0x18, 0xc7, 0xc4, 0x6b, 0xc1, 0x44, 0x65, 0x55,
+ 0x4a, 0xfc, 0xdf, 0x54, 0xa5, 0x07, 0x0c, 0x0e }
+ },
+ { "abcdefghijklmnopqrstuvwxyz",
+ { 0x64, 0x9d, 0x30, 0x34, 0x75, 0x1e, 0xa2, 0x16,
+ 0x77, 0x6b, 0xf9, 0xa1, 0x8a, 0xcc, 0x81, 0xbc,
+ 0x78, 0x96, 0x11, 0x8a, 0x51, 0x97, 0x96, 0x87,
+ 0x82, 0xdd, 0x1f, 0xd9, 0x7d, 0x8d, 0x51, 0x33 }
+ },
+ { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+ { 0x57, 0x40, 0xa4, 0x08, 0xac, 0x16, 0xb7, 0x20,
+ 0xb8, 0x44, 0x24, 0xae, 0x93, 0x1c, 0xbb, 0x1f,
+ 0xe3, 0x63, 0xd1, 0xd0, 0xbf, 0x40, 0x17, 0xf1,
+ 0xa8, 0x9f, 0x7e, 0xa6, 0xde, 0x77, 0xa0, 0xb8 }
+ }
+ };
+ int x;
+ unsigned char buf[32];
+ hash_state md;
+
+ for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+ rmd256_init(&md);
+ rmd256_process(&md, (unsigned char *)tests[x].msg, strlen(tests[x].msg));
+ rmd256_done(&md, buf);
+ if (XMEMCMP(buf, tests[x].md, 32) != 0) {
+ #if 0
+ printf("Failed test %d\n", x);
+ #endif
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+ }
+ return CRYPT_OK;
+#endif
+}
+
+#endif
+
diff --git a/src/hashes/rmd320.c b/src/hashes/rmd320.c
new file mode 100644
index 0000000..a11fca4
--- /dev/null
+++ b/src/hashes/rmd320.c
@@ -0,0 +1,495 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file rmd320.c
+ RMD320 hash function
+*/
+
+#ifdef RIPEMD320
+
+const struct ltc_hash_descriptor rmd320_desc =
+{
+ "rmd320",
+ 9,
+ 20,
+ 64,
+
+ /* OID */
+ { 0 },
+ 0,
+
+ &rmd320_init,
+ &rmd320_process,
+ &rmd320_done,
+ &rmd320_test,
+ NULL
+};
+
+/* the five basic functions F(), G() and H() */
+#define F(x, y, z) ((x) ^ (y) ^ (z))
+#define G(x, y, z) (((x) & (y)) | (~(x) & (z)))
+#define H(x, y, z) (((x) | ~(y)) ^ (z))
+#define I(x, y, z) (((x) & (z)) | ((y) & ~(z)))
+#define J(x, y, z) ((x) ^ ((y) | ~(z)))
+
+/* the ten basic operations FF() through III() */
+#define FF(a, b, c, d, e, x, s) \
+ (a) += F((b), (c), (d)) + (x);\
+ (a) = ROLc((a), (s)) + (e);\
+ (c) = ROLc((c), 10);
+
+#define GG(a, b, c, d, e, x, s) \
+ (a) += G((b), (c), (d)) + (x) + 0x5a827999UL;\
+ (a) = ROLc((a), (s)) + (e);\
+ (c) = ROLc((c), 10);
+
+#define HH(a, b, c, d, e, x, s) \
+ (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1UL;\
+ (a) = ROLc((a), (s)) + (e);\
+ (c) = ROLc((c), 10);
+
+#define II(a, b, c, d, e, x, s) \
+ (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcUL;\
+ (a) = ROLc((a), (s)) + (e);\
+ (c) = ROLc((c), 10);
+
+#define JJ(a, b, c, d, e, x, s) \
+ (a) += J((b), (c), (d)) + (x) + 0xa953fd4eUL;\
+ (a) = ROLc((a), (s)) + (e);\
+ (c) = ROLc((c), 10);
+
+#define FFF(a, b, c, d, e, x, s) \
+ (a) += F((b), (c), (d)) + (x);\
+ (a) = ROLc((a), (s)) + (e);\
+ (c) = ROLc((c), 10);
+
+#define GGG(a, b, c, d, e, x, s) \
+ (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9UL;\
+ (a) = ROLc((a), (s)) + (e);\
+ (c) = ROLc((c), 10);
+
+#define HHH(a, b, c, d, e, x, s) \
+ (a) += H((b), (c), (d)) + (x) + 0x6d703ef3UL;\
+ (a) = ROLc((a), (s)) + (e);\
+ (c) = ROLc((c), 10);
+
+#define III(a, b, c, d, e, x, s) \
+ (a) += I((b), (c), (d)) + (x) + 0x5c4dd124UL;\
+ (a) = ROLc((a), (s)) + (e);\
+ (c) = ROLc((c), 10);
+
+#define JJJ(a, b, c, d, e, x, s) \
+ (a) += J((b), (c), (d)) + (x) + 0x50a28be6UL;\
+ (a) = ROLc((a), (s)) + (e);\
+ (c) = ROLc((c), 10);
+
+
+#ifdef LTC_CLEAN_STACK
+static int _rmd320_compress(hash_state *md, unsigned char *buf)
+#else
+static int rmd320_compress(hash_state *md, unsigned char *buf)
+#endif
+{
+ ulong32 aa,bb,cc,dd,ee,aaa,bbb,ccc,ddd,eee,tmp,X[16];
+ int i;
+
+ /* load words X */
+ for (i = 0; i < 16; i++){
+ LOAD32L(X[i], buf + (4 * i));
+ }
+
+ /* load state */
+ aa = md->rmd320.state[0];
+ bb = md->rmd320.state[1];
+ cc = md->rmd320.state[2];
+ dd = md->rmd320.state[3];
+ ee = md->rmd320.state[4];
+ aaa = md->rmd320.state[5];
+ bbb = md->rmd320.state[6];
+ ccc = md->rmd320.state[7];
+ ddd = md->rmd320.state[8];
+ eee = md->rmd320.state[9];
+
+ /* round 1 */
+ FF(aa, bb, cc, dd, ee, X[ 0], 11);
+ FF(ee, aa, bb, cc, dd, X[ 1], 14);
+ FF(dd, ee, aa, bb, cc, X[ 2], 15);
+ FF(cc, dd, ee, aa, bb, X[ 3], 12);
+ FF(bb, cc, dd, ee, aa, X[ 4], 5);
+ FF(aa, bb, cc, dd, ee, X[ 5], 8);
+ FF(ee, aa, bb, cc, dd, X[ 6], 7);
+ FF(dd, ee, aa, bb, cc, X[ 7], 9);
+ FF(cc, dd, ee, aa, bb, X[ 8], 11);
+ FF(bb, cc, dd, ee, aa, X[ 9], 13);
+ FF(aa, bb, cc, dd, ee, X[10], 14);
+ FF(ee, aa, bb, cc, dd, X[11], 15);
+ FF(dd, ee, aa, bb, cc, X[12], 6);
+ FF(cc, dd, ee, aa, bb, X[13], 7);
+ FF(bb, cc, dd, ee, aa, X[14], 9);
+ FF(aa, bb, cc, dd, ee, X[15], 8);
+
+ /* parallel round 1 */
+ JJJ(aaa, bbb, ccc, ddd, eee, X[ 5], 8);
+ JJJ(eee, aaa, bbb, ccc, ddd, X[14], 9);
+ JJJ(ddd, eee, aaa, bbb, ccc, X[ 7], 9);
+ JJJ(ccc, ddd, eee, aaa, bbb, X[ 0], 11);
+ JJJ(bbb, ccc, ddd, eee, aaa, X[ 9], 13);
+ JJJ(aaa, bbb, ccc, ddd, eee, X[ 2], 15);
+ JJJ(eee, aaa, bbb, ccc, ddd, X[11], 15);
+ JJJ(ddd, eee, aaa, bbb, ccc, X[ 4], 5);
+ JJJ(ccc, ddd, eee, aaa, bbb, X[13], 7);
+ JJJ(bbb, ccc, ddd, eee, aaa, X[ 6], 7);
+ JJJ(aaa, bbb, ccc, ddd, eee, X[15], 8);
+ JJJ(eee, aaa, bbb, ccc, ddd, X[ 8], 11);
+ JJJ(ddd, eee, aaa, bbb, ccc, X[ 1], 14);
+ JJJ(ccc, ddd, eee, aaa, bbb, X[10], 14);
+ JJJ(bbb, ccc, ddd, eee, aaa, X[ 3], 12);
+ JJJ(aaa, bbb, ccc, ddd, eee, X[12], 6);
+
+ tmp = aa; aa = aaa; aaa = tmp;
+
+ /* round 2 */
+ GG(ee, aa, bb, cc, dd, X[ 7], 7);
+ GG(dd, ee, aa, bb, cc, X[ 4], 6);
+ GG(cc, dd, ee, aa, bb, X[13], 8);
+ GG(bb, cc, dd, ee, aa, X[ 1], 13);
+ GG(aa, bb, cc, dd, ee, X[10], 11);
+ GG(ee, aa, bb, cc, dd, X[ 6], 9);
+ GG(dd, ee, aa, bb, cc, X[15], 7);
+ GG(cc, dd, ee, aa, bb, X[ 3], 15);
+ GG(bb, cc, dd, ee, aa, X[12], 7);
+ GG(aa, bb, cc, dd, ee, X[ 0], 12);
+ GG(ee, aa, bb, cc, dd, X[ 9], 15);
+ GG(dd, ee, aa, bb, cc, X[ 5], 9);
+ GG(cc, dd, ee, aa, bb, X[ 2], 11);
+ GG(bb, cc, dd, ee, aa, X[14], 7);
+ GG(aa, bb, cc, dd, ee, X[11], 13);
+ GG(ee, aa, bb, cc, dd, X[ 8], 12);
+
+ /* parallel round 2 */
+ III(eee, aaa, bbb, ccc, ddd, X[ 6], 9);
+ III(ddd, eee, aaa, bbb, ccc, X[11], 13);
+ III(ccc, ddd, eee, aaa, bbb, X[ 3], 15);
+ III(bbb, ccc, ddd, eee, aaa, X[ 7], 7);
+ III(aaa, bbb, ccc, ddd, eee, X[ 0], 12);
+ III(eee, aaa, bbb, ccc, ddd, X[13], 8);
+ III(ddd, eee, aaa, bbb, ccc, X[ 5], 9);
+ III(ccc, ddd, eee, aaa, bbb, X[10], 11);
+ III(bbb, ccc, ddd, eee, aaa, X[14], 7);
+ III(aaa, bbb, ccc, ddd, eee, X[15], 7);
+ III(eee, aaa, bbb, ccc, ddd, X[ 8], 12);
+ III(ddd, eee, aaa, bbb, ccc, X[12], 7);
+ III(ccc, ddd, eee, aaa, bbb, X[ 4], 6);
+ III(bbb, ccc, ddd, eee, aaa, X[ 9], 15);
+ III(aaa, bbb, ccc, ddd, eee, X[ 1], 13);
+ III(eee, aaa, bbb, ccc, ddd, X[ 2], 11);
+
+ tmp = bb; bb = bbb; bbb = tmp;
+
+ /* round 3 */
+ HH(dd, ee, aa, bb, cc, X[ 3], 11);
+ HH(cc, dd, ee, aa, bb, X[10], 13);
+ HH(bb, cc, dd, ee, aa, X[14], 6);
+ HH(aa, bb, cc, dd, ee, X[ 4], 7);
+ HH(ee, aa, bb, cc, dd, X[ 9], 14);
+ HH(dd, ee, aa, bb, cc, X[15], 9);
+ HH(cc, dd, ee, aa, bb, X[ 8], 13);
+ HH(bb, cc, dd, ee, aa, X[ 1], 15);
+ HH(aa, bb, cc, dd, ee, X[ 2], 14);
+ HH(ee, aa, bb, cc, dd, X[ 7], 8);
+ HH(dd, ee, aa, bb, cc, X[ 0], 13);
+ HH(cc, dd, ee, aa, bb, X[ 6], 6);
+ HH(bb, cc, dd, ee, aa, X[13], 5);
+ HH(aa, bb, cc, dd, ee, X[11], 12);
+ HH(ee, aa, bb, cc, dd, X[ 5], 7);
+ HH(dd, ee, aa, bb, cc, X[12], 5);
+
+ /* parallel round 3 */
+ HHH(ddd, eee, aaa, bbb, ccc, X[15], 9);
+ HHH(ccc, ddd, eee, aaa, bbb, X[ 5], 7);
+ HHH(bbb, ccc, ddd, eee, aaa, X[ 1], 15);
+ HHH(aaa, bbb, ccc, ddd, eee, X[ 3], 11);
+ HHH(eee, aaa, bbb, ccc, ddd, X[ 7], 8);
+ HHH(ddd, eee, aaa, bbb, ccc, X[14], 6);
+ HHH(ccc, ddd, eee, aaa, bbb, X[ 6], 6);
+ HHH(bbb, ccc, ddd, eee, aaa, X[ 9], 14);
+ HHH(aaa, bbb, ccc, ddd, eee, X[11], 12);
+ HHH(eee, aaa, bbb, ccc, ddd, X[ 8], 13);
+ HHH(ddd, eee, aaa, bbb, ccc, X[12], 5);
+ HHH(ccc, ddd, eee, aaa, bbb, X[ 2], 14);
+ HHH(bbb, ccc, ddd, eee, aaa, X[10], 13);
+ HHH(aaa, bbb, ccc, ddd, eee, X[ 0], 13);
+ HHH(eee, aaa, bbb, ccc, ddd, X[ 4], 7);
+ HHH(ddd, eee, aaa, bbb, ccc, X[13], 5);
+
+ tmp = cc; cc = ccc; ccc = tmp;
+
+ /* round 4 */
+ II(cc, dd, ee, aa, bb, X[ 1], 11);
+ II(bb, cc, dd, ee, aa, X[ 9], 12);
+ II(aa, bb, cc, dd, ee, X[11], 14);
+ II(ee, aa, bb, cc, dd, X[10], 15);
+ II(dd, ee, aa, bb, cc, X[ 0], 14);
+ II(cc, dd, ee, aa, bb, X[ 8], 15);
+ II(bb, cc, dd, ee, aa, X[12], 9);
+ II(aa, bb, cc, dd, ee, X[ 4], 8);
+ II(ee, aa, bb, cc, dd, X[13], 9);
+ II(dd, ee, aa, bb, cc, X[ 3], 14);
+ II(cc, dd, ee, aa, bb, X[ 7], 5);
+ II(bb, cc, dd, ee, aa, X[15], 6);
+ II(aa, bb, cc, dd, ee, X[14], 8);
+ II(ee, aa, bb, cc, dd, X[ 5], 6);
+ II(dd, ee, aa, bb, cc, X[ 6], 5);
+ II(cc, dd, ee, aa, bb, X[ 2], 12);
+
+ /* parallel round 4 */
+ GGG(ccc, ddd, eee, aaa, bbb, X[ 8], 15);
+ GGG(bbb, ccc, ddd, eee, aaa, X[ 6], 5);
+ GGG(aaa, bbb, ccc, ddd, eee, X[ 4], 8);
+ GGG(eee, aaa, bbb, ccc, ddd, X[ 1], 11);
+ GGG(ddd, eee, aaa, bbb, ccc, X[ 3], 14);
+ GGG(ccc, ddd, eee, aaa, bbb, X[11], 14);
+ GGG(bbb, ccc, ddd, eee, aaa, X[15], 6);
+ GGG(aaa, bbb, ccc, ddd, eee, X[ 0], 14);
+ GGG(eee, aaa, bbb, ccc, ddd, X[ 5], 6);
+ GGG(ddd, eee, aaa, bbb, ccc, X[12], 9);
+ GGG(ccc, ddd, eee, aaa, bbb, X[ 2], 12);
+ GGG(bbb, ccc, ddd, eee, aaa, X[13], 9);
+ GGG(aaa, bbb, ccc, ddd, eee, X[ 9], 12);
+ GGG(eee, aaa, bbb, ccc, ddd, X[ 7], 5);
+ GGG(ddd, eee, aaa, bbb, ccc, X[10], 15);
+ GGG(ccc, ddd, eee, aaa, bbb, X[14], 8);
+
+ tmp = dd; dd = ddd; ddd = tmp;
+
+ /* round 5 */
+ JJ(bb, cc, dd, ee, aa, X[ 4], 9);
+ JJ(aa, bb, cc, dd, ee, X[ 0], 15);
+ JJ(ee, aa, bb, cc, dd, X[ 5], 5);
+ JJ(dd, ee, aa, bb, cc, X[ 9], 11);
+ JJ(cc, dd, ee, aa, bb, X[ 7], 6);
+ JJ(bb, cc, dd, ee, aa, X[12], 8);
+ JJ(aa, bb, cc, dd, ee, X[ 2], 13);
+ JJ(ee, aa, bb, cc, dd, X[10], 12);
+ JJ(dd, ee, aa, bb, cc, X[14], 5);
+ JJ(cc, dd, ee, aa, bb, X[ 1], 12);
+ JJ(bb, cc, dd, ee, aa, X[ 3], 13);
+ JJ(aa, bb, cc, dd, ee, X[ 8], 14);
+ JJ(ee, aa, bb, cc, dd, X[11], 11);
+ JJ(dd, ee, aa, bb, cc, X[ 6], 8);
+ JJ(cc, dd, ee, aa, bb, X[15], 5);
+ JJ(bb, cc, dd, ee, aa, X[13], 6);
+
+ /* parallel round 5 */
+ FFF(bbb, ccc, ddd, eee, aaa, X[12] , 8);
+ FFF(aaa, bbb, ccc, ddd, eee, X[15] , 5);
+ FFF(eee, aaa, bbb, ccc, ddd, X[10] , 12);
+ FFF(ddd, eee, aaa, bbb, ccc, X[ 4] , 9);
+ FFF(ccc, ddd, eee, aaa, bbb, X[ 1] , 12);
+ FFF(bbb, ccc, ddd, eee, aaa, X[ 5] , 5);
+ FFF(aaa, bbb, ccc, ddd, eee, X[ 8] , 14);
+ FFF(eee, aaa, bbb, ccc, ddd, X[ 7] , 6);
+ FFF(ddd, eee, aaa, bbb, ccc, X[ 6] , 8);
+ FFF(ccc, ddd, eee, aaa, bbb, X[ 2] , 13);
+ FFF(bbb, ccc, ddd, eee, aaa, X[13] , 6);
+ FFF(aaa, bbb, ccc, ddd, eee, X[14] , 5);
+ FFF(eee, aaa, bbb, ccc, ddd, X[ 0] , 15);
+ FFF(ddd, eee, aaa, bbb, ccc, X[ 3] , 13);
+ FFF(ccc, ddd, eee, aaa, bbb, X[ 9] , 11);
+ FFF(bbb, ccc, ddd, eee, aaa, X[11] , 11);
+
+ tmp = ee; ee = eee; eee = tmp;
+
+ /* combine results */
+ md->rmd320.state[0] += aa;
+ md->rmd320.state[1] += bb;
+ md->rmd320.state[2] += cc;
+ md->rmd320.state[3] += dd;
+ md->rmd320.state[4] += ee;
+ md->rmd320.state[5] += aaa;
+ md->rmd320.state[6] += bbb;
+ md->rmd320.state[7] += ccc;
+ md->rmd320.state[8] += ddd;
+ md->rmd320.state[9] += eee;
+
+ return CRYPT_OK;
+}
+
+#ifdef LTC_CLEAN_STACK
+static int rmd320_compress(hash_state *md, unsigned char *buf)
+{
+ int err;
+ err = _rmd320_compress(md, buf);
+ burn_stack(sizeof(ulong32) * 27 + sizeof(int));
+ return err;
+}
+#endif
+
+/**
+ Initialize the hash state
+ @param md The hash state you wish to initialize
+ @return CRYPT_OK if successful
+*/
+int rmd320_init(hash_state * md)
+{
+ LTC_ARGCHK(md != NULL);
+ md->rmd320.state[0] = 0x67452301UL;
+ md->rmd320.state[1] = 0xefcdab89UL;
+ md->rmd320.state[2] = 0x98badcfeUL;
+ md->rmd320.state[3] = 0x10325476UL;
+ md->rmd320.state[4] = 0xc3d2e1f0UL;
+ md->rmd320.state[5] = 0x76543210UL;
+ md->rmd320.state[6] = 0xfedcba98UL;
+ md->rmd320.state[7] = 0x89abcdefUL;
+ md->rmd320.state[8] = 0x01234567UL;
+ md->rmd320.state[9] = 0x3c2d1e0fUL;
+ md->rmd320.curlen = 0;
+ md->rmd320.length = 0;
+ return CRYPT_OK;
+}
+
+/**
+ Process a block of memory though the hash
+ @param md The hash state
+ @param in The data to hash
+ @param inlen The length of the data (octets)
+ @return CRYPT_OK if successful
+*/
+HASH_PROCESS(rmd320_process, rmd320_compress, rmd320, 64)
+
+/**
+ Terminate the hash to get the digest
+ @param md The hash state
+ @param out [out] The destination of the hash (20 bytes)
+ @return CRYPT_OK if successful
+*/
+int rmd320_done(hash_state * md, unsigned char *out)
+{
+ int i;
+
+ LTC_ARGCHK(md != NULL);
+ LTC_ARGCHK(out != NULL);
+
+ if (md->rmd320.curlen >= sizeof(md->rmd320.buf)) {
+ return CRYPT_INVALID_ARG;
+ }
+
+
+ /* increase the length of the message */
+ md->rmd320.length += md->rmd320.curlen * 8;
+
+ /* append the '1' bit */
+ md->rmd320.buf[md->rmd320.curlen++] = (unsigned char)0x80;
+
+ /* if the length is currently above 56 bytes we append zeros
+ * then compress. Then we can fall back to padding zeros and length
+ * encoding like normal.
+ */
+ if (md->rmd320.curlen > 56) {
+ while (md->rmd320.curlen < 64) {
+ md->rmd320.buf[md->rmd320.curlen++] = (unsigned char)0;
+ }
+ rmd320_compress(md, md->rmd320.buf);
+ md->rmd320.curlen = 0;
+ }
+
+ /* pad upto 56 bytes of zeroes */
+ while (md->rmd320.curlen < 56) {
+ md->rmd320.buf[md->rmd320.curlen++] = (unsigned char)0;
+ }
+
+ /* store length */
+ STORE64L(md->rmd320.length, md->rmd320.buf+56);
+ rmd320_compress(md, md->rmd320.buf);
+
+ /* copy output */
+ for (i = 0; i < 10; i++) {
+ STORE32L(md->rmd320.state[i], out+(4*i));
+ }
+#ifdef LTC_CLEAN_STACK
+ zeromem(md, sizeof(hash_state));
+#endif
+ return CRYPT_OK;
+}
+
+/**
+ Self-test the hash
+ @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
+*/
+int rmd320_test(void)
+{
+#ifndef LTC_TEST
+ return CRYPT_NOP;
+#else
+ static const struct {
+ char *msg;
+ unsigned char md[40];
+ } tests[] = {
+ { "",
+ { 0x22, 0xd6, 0x5d, 0x56, 0x61, 0x53, 0x6c, 0xdc, 0x75, 0xc1,
+ 0xfd, 0xf5, 0xc6, 0xde, 0x7b, 0x41, 0xb9, 0xf2, 0x73, 0x25,
+ 0xeb, 0xc6, 0x1e, 0x85, 0x57, 0x17, 0x7d, 0x70, 0x5a, 0x0e,
+ 0xc8, 0x80, 0x15, 0x1c, 0x3a, 0x32, 0xa0, 0x08, 0x99, 0xb8 }
+ },
+ { "a",
+ { 0xce, 0x78, 0x85, 0x06, 0x38, 0xf9, 0x26, 0x58, 0xa5, 0xa5,
+ 0x85, 0x09, 0x75, 0x79, 0x92, 0x6d, 0xda, 0x66, 0x7a, 0x57,
+ 0x16, 0x56, 0x2c, 0xfc, 0xf6, 0xfb, 0xe7, 0x7f, 0x63, 0x54,
+ 0x2f, 0x99, 0xb0, 0x47, 0x05, 0xd6, 0x97, 0x0d, 0xff, 0x5d }
+ },
+ { "abc",
+ { 0xde, 0x4c, 0x01, 0xb3, 0x05, 0x4f, 0x89, 0x30, 0xa7, 0x9d,
+ 0x09, 0xae, 0x73, 0x8e, 0x92, 0x30, 0x1e, 0x5a, 0x17, 0x08,
+ 0x5b, 0xef, 0xfd, 0xc1, 0xb8, 0xd1, 0x16, 0x71, 0x3e, 0x74,
+ 0xf8, 0x2f, 0xa9, 0x42, 0xd6, 0x4c, 0xdb, 0xc4, 0x68, 0x2d }
+ },
+ { "message digest",
+ { 0x3a, 0x8e, 0x28, 0x50, 0x2e, 0xd4, 0x5d, 0x42, 0x2f, 0x68,
+ 0x84, 0x4f, 0x9d, 0xd3, 0x16, 0xe7, 0xb9, 0x85, 0x33, 0xfa,
+ 0x3f, 0x2a, 0x91, 0xd2, 0x9f, 0x84, 0xd4, 0x25, 0xc8, 0x8d,
+ 0x6b, 0x4e, 0xff, 0x72, 0x7d, 0xf6, 0x6a, 0x7c, 0x01, 0x97 }
+ },
+ { "abcdefghijklmnopqrstuvwxyz",
+ { 0xca, 0xbd, 0xb1, 0x81, 0x0b, 0x92, 0x47, 0x0a, 0x20, 0x93,
+ 0xaa, 0x6b, 0xce, 0x05, 0x95, 0x2c, 0x28, 0x34, 0x8c, 0xf4,
+ 0x3f, 0xf6, 0x08, 0x41, 0x97, 0x51, 0x66, 0xbb, 0x40, 0xed,
+ 0x23, 0x40, 0x04, 0xb8, 0x82, 0x44, 0x63, 0xe6, 0xb0, 0x09 }
+ },
+ { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
+ { 0xd0, 0x34, 0xa7, 0x95, 0x0c, 0xf7, 0x22, 0x02, 0x1b, 0xa4,
+ 0xb8, 0x4d, 0xf7, 0x69, 0xa5, 0xde, 0x20, 0x60, 0xe2, 0x59,
+ 0xdf, 0x4c, 0x9b, 0xb4, 0xa4, 0x26, 0x8c, 0x0e, 0x93, 0x5b,
+ 0xbc, 0x74, 0x70, 0xa9, 0x69, 0xc9, 0xd0, 0x72, 0xa1, 0xac }
+ }
+ };
+ int x;
+ unsigned char buf[40];
+ hash_state md;
+
+ for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+ rmd320_init(&md);
+ rmd320_process(&md, (unsigned char *)tests[x].msg, strlen(tests[x].msg));
+ rmd320_done(&md, buf);
+ if (XMEMCMP(buf, tests[x].md, 40) != 0) {
+#if 0
+ printf("Failed test %d\n", x);
+#endif
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+ }
+ return CRYPT_OK;
+#endif
+}
+
+#endif
+
diff --git a/src/hashes/sha1.c b/src/hashes/sha1.c
index a75d04d..8cc6855 100644
--- a/src/hashes/sha1.c
+++ b/src/hashes/sha1.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -32,7 +32,8 @@ const struct ltc_hash_descriptor sha1_desc =
&sha1_init,
&sha1_process,
&sha1_done,
- &sha1_test
+ &sha1_test,
+ NULL
};
#define F0(x,y,z) (z ^ (x & (y ^ z)))
@@ -270,7 +271,7 @@ int sha1_test(void)
sha1_init(&md);
sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
sha1_done(&md, tmp);
- if (memcmp(tmp, tests[i].hash, 20) != 0) {
+ if (XMEMCMP(tmp, tests[i].hash, 20) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
}
@@ -283,5 +284,5 @@ int sha1_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/sha1.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/sha2/sha224.c b/src/hashes/sha2/sha224.c
index bff2fdf..f085d50 100644
--- a/src/hashes/sha2/sha224.c
+++ b/src/hashes/sha2/sha224.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@param sha224.c
@@ -27,7 +27,8 @@ const struct ltc_hash_descriptor sha224_desc =
&sha224_init,
&sha256_process,
&sha224_done,
- &sha224_test
+ &sha224_test,
+ NULL
};
/* init the sha256 er... sha224 state ;-) */
@@ -110,7 +111,7 @@ int sha224_test(void)
sha224_init(&md);
sha224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
sha224_done(&md, tmp);
- if (memcmp(tmp, tests[i].hash, 28) != 0) {
+ if (XMEMCMP(tmp, tests[i].hash, 28) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
}
@@ -120,5 +121,5 @@ int sha224_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/sha2/sha224.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/sha2/sha256.c b/src/hashes/sha2/sha256.c
index c48c0f6..2b42cb7 100644
--- a/src/hashes/sha2/sha256.c
+++ b/src/hashes/sha2/sha256.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -31,12 +31,13 @@ const struct ltc_hash_descriptor sha256_desc =
&sha256_init,
&sha256_process,
&sha256_done,
- &sha256_test
+ &sha256_test,
+ NULL
};
#ifdef LTC_SMALL_CODE
/* the K array */
-static const unsigned long K[64] = {
+static const ulong32 K[64] = {
0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
@@ -318,7 +319,7 @@ int sha256_test(void)
sha256_init(&md);
sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
sha256_done(&md, tmp);
- if (memcmp(tmp, tests[i].hash, 32) != 0) {
+ if (XMEMCMP(tmp, tests[i].hash, 32) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
}
@@ -335,5 +336,5 @@ int sha256_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/sha2/sha256.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/sha2/sha384.c b/src/hashes/sha2/sha384.c
index 43f8fb6..ac7709c 100644
--- a/src/hashes/sha2/sha384.c
+++ b/src/hashes/sha2/sha384.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@param sha384.c
@@ -27,7 +27,8 @@ const struct ltc_hash_descriptor sha384_desc =
&sha384_init,
&sha512_process,
&sha384_done,
- &sha384_test
+ &sha384_test,
+ NULL
};
/**
@@ -116,7 +117,7 @@ int sha384_test(void)
sha384_init(&md);
sha384_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
sha384_done(&md, tmp);
- if (memcmp(tmp, tests[i].hash, 48) != 0) {
+ if (XMEMCMP(tmp, tests[i].hash, 48) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
}
@@ -130,5 +131,5 @@ int sha384_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/sha2/sha384.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/sha2/sha512.c b/src/hashes/sha2/sha512.c
index 7b6805b..08c95ef 100644
--- a/src/hashes/sha2/sha512.c
+++ b/src/hashes/sha2/sha512.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -31,7 +31,8 @@ const struct ltc_hash_descriptor sha512_desc =
&sha512_init,
&sha512_process,
&sha512_done,
- &sha512_test
+ &sha512_test,
+ NULL
};
/* the K array */
@@ -296,7 +297,7 @@ int sha512_test(void)
sha512_init(&md);
sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
sha512_done(&md, tmp);
- if (memcmp(tmp, tests[i].hash, 64) != 0) {
+ if (XMEMCMP(tmp, tests[i].hash, 64) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
}
@@ -314,5 +315,5 @@ int sha512_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/sha2/sha512.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/tiger.c b/src/hashes/tiger.c
index 250c186..9a4052c 100644
--- a/src/hashes/tiger.c
+++ b/src/hashes/tiger.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -32,7 +32,8 @@ const struct ltc_hash_descriptor tiger_desc =
&tiger_init,
&tiger_process,
&tiger_done,
- &tiger_test
+ &tiger_test,
+ NULL
};
#define t1 (table)
@@ -774,7 +775,7 @@ int tiger_test(void)
tiger_init(&md);
tiger_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
tiger_done(&md, tmp);
- if (memcmp(tmp, tests[i].hash, 24) != 0) {
+ if (XMEMCMP(tmp, tests[i].hash, 24) != 0) {
return CRYPT_FAIL_TESTVECTOR;
}
}
@@ -809,5 +810,5 @@ Hash of "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-ABCDEFG
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/tiger.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/hashes/whirl/whirl.c b/src/hashes/whirl/whirl.c
index 1bd7983..65e38a7 100644
--- a/src/hashes/whirl/whirl.c
+++ b/src/hashes/whirl/whirl.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/**
@@ -32,7 +32,8 @@ const struct ltc_hash_descriptor whirlpool_desc =
&whirlpool_init,
&whirlpool_process,
&whirlpool_done,
- &whirlpool_test
+ &whirlpool_test,
+ NULL
};
/* the sboxes */
@@ -289,7 +290,7 @@ int whirlpool_test(void)
whirlpool_init(&md);
whirlpool_process(&md, (unsigned char *)tests[i].msg, tests[i].len);
whirlpool_done(&md, tmp);
- if (memcmp(tmp, tests[i].hash, 64) != 0) {
+ if (XMEMCMP(tmp, tests[i].hash, 64) != 0) {
#if 0
printf("\nFailed test %d\n", i);
for (i = 0; i < 64; ) {
@@ -309,5 +310,5 @@ int whirlpool_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/hashes/whirl/whirl.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/23 02:42:07 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/headers/ltc_tommath.h b/src/headers/ltc_tommath.h
deleted file mode 100644
index 2d62b4e..0000000
--- a/src/headers/ltc_tommath.h
+++ /dev/null
@@ -1,581 +0,0 @@
-/* LibTomMath, multiple-precision integer library -- Tom St Denis
- *
- * LibTomMath is a library that provides multiple-precision
- * integer arithmetic as well as number theoretic functionality.
- *
- * The library was designed directly after the MPI library by
- * Michael Fromberger but has been written from scratch with
- * additional optimizations in place.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
- */
-#ifndef BN_H_
-#define BN_H_
-
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <limits.h>
-
-#include <tommath_class.h>
-
-#undef MIN
-#define MIN(x,y) ((x)<(y)?(x):(y))
-#undef MAX
-#define MAX(x,y) ((x)>(y)?(x):(y))
-
-#ifdef __cplusplus
-extern "C" {
-
-/* C++ compilers don't like assigning void * to mp_digit * */
-#define OPT_CAST(x) (x *)
-
-#else
-
-/* C on the other hand doesn't care */
-#define OPT_CAST(x)
-
-#endif
-
-
-/* detect 64-bit mode if possible */
-#if defined(__x86_64__)
- #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT))
- #define MP_64BIT
- #endif
-#endif
-
-/* some default configurations.
- *
- * A "mp_digit" must be able to hold DIGIT_BIT + 1 bits
- * A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits
- *
- * At the very least a mp_digit must be able to hold 7 bits
- * [any size beyond that is ok provided it doesn't overflow the data type]
- */
-#ifdef MP_8BIT
- typedef unsigned char mp_digit;
- typedef unsigned short mp_word;
-#elif defined(MP_16BIT)
- typedef unsigned short mp_digit;
- typedef unsigned long mp_word;
-#elif defined(MP_64BIT)
- /* for GCC only on supported platforms */
-#ifndef CRYPT
- typedef unsigned long long ulong64;
- typedef signed long long long64;
-#endif
-
- typedef unsigned long mp_digit;
- typedef unsigned long mp_word __attribute__ ((mode(TI)));
-
- #define DIGIT_BIT 60
-#else
- /* this is the default case, 28-bit digits */
-
- /* this is to make porting into LibTomCrypt easier :-) */
-#ifndef CRYPT
- #if defined(_MSC_VER) || defined(__BORLANDC__)
- typedef unsigned __int64 ulong64;
- typedef signed __int64 long64;
- #else
- typedef unsigned long long ulong64;
- typedef signed long long long64;
- #endif
-#endif
-
- typedef unsigned long mp_digit;
- typedef ulong64 mp_word;
-
-#ifdef MP_31BIT
- /* this is an extension that uses 31-bit digits */
- #define DIGIT_BIT 31
-#else
- /* default case is 28-bit digits, defines MP_28BIT as a handy macro to test */
- #define DIGIT_BIT 28
- #define MP_28BIT
-#endif
-#endif
-
-/* define heap macros */
-#ifndef CRYPT
- /* default to libc stuff */
- #ifndef XMALLOC
- #define XMALLOC malloc
- #define XFREE free
- #define XREALLOC realloc
- #define XCALLOC calloc
- #else
- /* prototypes for our heap functions */
- extern void *XMALLOC(size_t n);
- extern void *XREALLOC(void *p, size_t n);
- extern void *XCALLOC(size_t n, size_t s);
- extern void XFREE(void *p);
- #endif
-#endif
-
-
-/* otherwise the bits per digit is calculated automatically from the size of a mp_digit */
-#ifndef DIGIT_BIT
- #define DIGIT_BIT ((int)((CHAR_BIT * sizeof(mp_digit) - 1))) /* bits per digit */
-#endif
-
-#define MP_DIGIT_BIT DIGIT_BIT
-#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1))
-#define MP_DIGIT_MAX MP_MASK
-
-/* equalities */
-#define MP_LT -1 /* less than */
-#define MP_EQ 0 /* equal to */
-#define MP_GT 1 /* greater than */
-
-#define MP_ZPOS 0 /* positive integer */
-#define MP_NEG 1 /* negative */
-
-#define MP_OKAY 0 /* ok result */
-#define MP_MEM -2 /* out of mem */
-#define MP_VAL -3 /* invalid input */
-#define MP_RANGE MP_VAL
-
-#define MP_YES 1 /* yes response */
-#define MP_NO 0 /* no response */
-
-/* Primality generation flags */
-#define LTM_PRIME_BBS 0x0001 /* BBS style prime */
-#define LTM_PRIME_SAFE 0x0002 /* Safe prime (p-1)/2 == prime */
-#define LTM_PRIME_2MSB_ON 0x0008 /* force 2nd MSB to 1 */
-
-typedef int mp_err;
-
-/* you'll have to tune these... */
-extern int KARATSUBA_MUL_CUTOFF,
- KARATSUBA_SQR_CUTOFF,
- TOOM_MUL_CUTOFF,
- TOOM_SQR_CUTOFF;
-
-/* define this to use lower memory usage routines (exptmods mostly) */
-/* #define MP_LOW_MEM */
-
-/* default precision */
-#ifndef MP_PREC
- #ifndef MP_LOW_MEM
- #define MP_PREC 64 /* default digits of precision */
- #else
- #define MP_PREC 8 /* default digits of precision */
- #endif
-#endif
-
-/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2) */
-#define MP_WARRAY (1 << (sizeof(mp_word) * CHAR_BIT - 2 * DIGIT_BIT + 1))
-
-/* the infamous mp_int structure */
-typedef struct {
- int used, alloc, sign;
- mp_digit *dp;
-} mp_int;
-
-/* callback for mp_prime_random, should fill dst with random bytes and return how many read [upto len] */
-typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat);
-
-
-#define USED(m) ((m)->used)
-#define DIGIT(m,k) ((m)->dp[(k)])
-#define SIGN(m) ((m)->sign)
-
-/* error code to char* string */
-char *mp_error_to_string(int code);
-
-/* ---> init and deinit bignum functions <--- */
-/* init a bignum */
-int mp_init(mp_int *a);
-
-/* free a bignum */
-void mp_clear(mp_int *a);
-
-/* init a null terminated series of arguments */
-int mp_init_multi(mp_int *mp, ...);
-
-/* clear a null terminated series of arguments */
-void mp_clear_multi(mp_int *mp, ...);
-
-/* exchange two ints */
-void mp_exch(mp_int *a, mp_int *b);
-
-/* shrink ram required for a bignum */
-int mp_shrink(mp_int *a);
-
-/* grow an int to a given size */
-int mp_grow(mp_int *a, int size);
-
-/* init to a given number of digits */
-int mp_init_size(mp_int *a, int size);
-
-/* ---> Basic Manipulations <--- */
-#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO)
-#define mp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? MP_YES : MP_NO)
-#define mp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? MP_YES : MP_NO)
-
-/* set to zero */
-void mp_zero(mp_int *a);
-
-/* set to a digit */
-void mp_set(mp_int *a, mp_digit b);
-
-/* set a 32-bit const */
-int mp_set_int(mp_int *a, unsigned long b);
-
-/* get a 32-bit value */
-unsigned long mp_get_int(mp_int * a);
-
-/* initialize and set a digit */
-int mp_init_set (mp_int * a, mp_digit b);
-
-/* initialize and set 32-bit value */
-int mp_init_set_int (mp_int * a, unsigned long b);
-
-/* copy, b = a */
-int mp_copy(mp_int *a, mp_int *b);
-
-/* inits and copies, a = b */
-int mp_init_copy(mp_int *a, mp_int *b);
-
-/* trim unused digits */
-void mp_clamp(mp_int *a);
-
-/* ---> digit manipulation <--- */
-
-/* right shift by "b" digits */
-void mp_rshd(mp_int *a, int b);
-
-/* left shift by "b" digits */
-int mp_lshd(mp_int *a, int b);
-
-/* c = a / 2**b */
-int mp_div_2d(mp_int *a, int b, mp_int *c, mp_int *d);
-
-/* b = a/2 */
-int mp_div_2(mp_int *a, mp_int *b);
-
-/* c = a * 2**b */
-int mp_mul_2d(mp_int *a, int b, mp_int *c);
-
-/* b = a*2 */
-int mp_mul_2(mp_int *a, mp_int *b);
-
-/* c = a mod 2**d */
-int mp_mod_2d(mp_int *a, int b, mp_int *c);
-
-/* computes a = 2**b */
-int mp_2expt(mp_int *a, int b);
-
-/* Counts the number of lsbs which are zero before the first zero bit */
-int mp_cnt_lsb(mp_int *a);
-
-/* I Love Earth! */
-
-/* makes a pseudo-random int of a given size */
-int mp_rand(mp_int *a, int digits);
-
-/* ---> binary operations <--- */
-/* c = a XOR b */
-int mp_xor(mp_int *a, mp_int *b, mp_int *c);
-
-/* c = a OR b */
-int mp_or(mp_int *a, mp_int *b, mp_int *c);
-
-/* c = a AND b */
-int mp_and(mp_int *a, mp_int *b, mp_int *c);
-
-/* ---> Basic arithmetic <--- */
-
-/* b = -a */
-int mp_neg(mp_int *a, mp_int *b);
-
-/* b = |a| */
-int mp_abs(mp_int *a, mp_int *b);
-
-/* compare a to b */
-int mp_cmp(mp_int *a, mp_int *b);
-
-/* compare |a| to |b| */
-int mp_cmp_mag(mp_int *a, mp_int *b);
-
-/* c = a + b */
-int mp_add(mp_int *a, mp_int *b, mp_int *c);
-
-/* c = a - b */
-int mp_sub(mp_int *a, mp_int *b, mp_int *c);
-
-/* c = a * b */
-int mp_mul(mp_int *a, mp_int *b, mp_int *c);
-
-/* b = a*a */
-int mp_sqr(mp_int *a, mp_int *b);
-
-/* a/b => cb + d == a */
-int mp_div(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
-
-/* c = a mod b, 0 <= c < b */
-int mp_mod(mp_int *a, mp_int *b, mp_int *c);
-
-/* ---> single digit functions <--- */
-
-/* compare against a single digit */
-int mp_cmp_d(mp_int *a, mp_digit b);
-
-/* c = a + b */
-int mp_add_d(mp_int *a, mp_digit b, mp_int *c);
-
-/* c = a - b */
-int mp_sub_d(mp_int *a, mp_digit b, mp_int *c);
-
-/* c = a * b */
-int mp_mul_d(mp_int *a, mp_digit b, mp_int *c);
-
-/* a/b => cb + d == a */
-int mp_div_d(mp_int *a, mp_digit b, mp_int *c, mp_digit *d);
-
-/* a/3 => 3c + d == a */
-int mp_div_3(mp_int *a, mp_int *c, mp_digit *d);
-
-/* c = a**b */
-int mp_expt_d(mp_int *a, mp_digit b, mp_int *c);
-
-/* c = a mod b, 0 <= c < b */
-int mp_mod_d(mp_int *a, mp_digit b, mp_digit *c);
-
-/* ---> number theory <--- */
-
-/* d = a + b (mod c) */
-int mp_addmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
-
-/* d = a - b (mod c) */
-int mp_submod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
-
-/* d = a * b (mod c) */
-int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
-
-/* c = a * a (mod b) */
-int mp_sqrmod(mp_int *a, mp_int *b, mp_int *c);
-
-/* c = 1/a (mod b) */
-int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
-
-/* c = (a, b) */
-int mp_gcd(mp_int *a, mp_int *b, mp_int *c);
-
-/* produces value such that U1*a + U2*b = U3 */
-int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3);
-
-/* c = [a, b] or (a*b)/(a, b) */
-int mp_lcm(mp_int *a, mp_int *b, mp_int *c);
-
-/* finds one of the b'th root of a, such that |c|**b <= |a|
- *
- * returns error if a < 0 and b is even
- */
-int mp_n_root(mp_int *a, mp_digit b, mp_int *c);
-
-/* special sqrt algo */
-int mp_sqrt(mp_int *arg, mp_int *ret);
-
-/* is number a square? */
-int mp_is_square(mp_int *arg, int *ret);
-
-/* computes the jacobi c = (a | n) (or Legendre if b is prime) */
-int mp_jacobi(mp_int *a, mp_int *n, int *c);
-
-/* used to setup the Barrett reduction for a given modulus b */
-int mp_reduce_setup(mp_int *a, mp_int *b);
-
-/* Barrett Reduction, computes a (mod b) with a precomputed value c
- *
- * Assumes that 0 < a <= b*b, note if 0 > a > -(b*b) then you can merely
- * compute the reduction as -1 * mp_reduce(mp_abs(a)) [pseudo code].
- */
-int mp_reduce(mp_int *a, mp_int *b, mp_int *c);
-
-/* setups the montgomery reduction */
-int mp_montgomery_setup(mp_int *a, mp_digit *mp);
-
-/* computes a = B**n mod b without division or multiplication useful for
- * normalizing numbers in a Montgomery system.
- */
-int mp_montgomery_calc_normalization(mp_int *a, mp_int *b);
-
-/* computes x/R == x (mod N) via Montgomery Reduction */
-int mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
-
-/* returns 1 if a is a valid DR modulus */
-int mp_dr_is_modulus(mp_int *a);
-
-/* sets the value of "d" required for mp_dr_reduce */
-void mp_dr_setup(mp_int *a, mp_digit *d);
-
-/* reduces a modulo b using the Diminished Radix method */
-int mp_dr_reduce(mp_int *a, mp_int *b, mp_digit mp);
-
-/* returns true if a can be reduced with mp_reduce_2k */
-int mp_reduce_is_2k(mp_int *a);
-
-/* determines k value for 2k reduction */
-int mp_reduce_2k_setup(mp_int *a, mp_digit *d);
-
-/* reduces a modulo b where b is of the form 2**p - k [0 <= a] */
-int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
-
-/* returns true if a can be reduced with mp_reduce_2k_l */
-int mp_reduce_is_2k_l(mp_int *a);
-
-/* determines k value for 2k reduction */
-int mp_reduce_2k_setup_l(mp_int *a, mp_int *d);
-
-/* reduces a modulo b where b is of the form 2**p - k [0 <= a] */
-int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d);
-
-/* d = a**b (mod c) */
-int mp_exptmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
-
-/* ---> Primes <--- */
-
-/* number of primes */
-#ifdef MP_8BIT
- #define PRIME_SIZE 31
-#else
- #define PRIME_SIZE 256
-#endif
-
-/* table of first PRIME_SIZE primes */
-extern const mp_digit ltm_prime_tab[];
-
-/* result=1 if a is divisible by one of the first PRIME_SIZE primes */
-int mp_prime_is_divisible(mp_int *a, int *result);
-
-/* performs one Fermat test of "a" using base "b".
- * Sets result to 0 if composite or 1 if probable prime
- */
-int mp_prime_fermat(mp_int *a, mp_int *b, int *result);
-
-/* performs one Miller-Rabin test of "a" using base "b".
- * Sets result to 0 if composite or 1 if probable prime
- */
-int mp_prime_miller_rabin(mp_int *a, mp_int *b, int *result);
-
-/* This gives [for a given bit size] the number of trials required
- * such that Miller-Rabin gives a prob of failure lower than 2^-96
- */
-int mp_prime_rabin_miller_trials(int size);
-
-/* performs t rounds of Miller-Rabin on "a" using the first
- * t prime bases. Also performs an initial sieve of trial
- * division. Determines if "a" is prime with probability
- * of error no more than (1/4)**t.
- *
- * Sets result to 1 if probably prime, 0 otherwise
- */
-int mp_prime_is_prime(mp_int *a, int t, int *result);
-
-/* finds the next prime after the number "a" using "t" trials
- * of Miller-Rabin.
- *
- * bbs_style = 1 means the prime must be congruent to 3 mod 4
- */
-int mp_prime_next_prime(mp_int *a, int t, int bbs_style);
-
-/* makes a truly random prime of a given size (bytes),
- * call with bbs = 1 if you want it to be congruent to 3 mod 4
- *
- * You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can
- * have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself
- * so it can be NULL
- *
- * The prime generated will be larger than 2^(8*size).
- */
-#define mp_prime_random(a, t, size, bbs, cb, dat) mp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?LTM_PRIME_BBS:0, cb, dat)
-
-/* makes a truly random prime of a given size (bits),
- *
- * Flags are as follows:
- *
- * LTM_PRIME_BBS - make prime congruent to 3 mod 4
- * LTM_PRIME_SAFE - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS)
- * LTM_PRIME_2MSB_OFF - make the 2nd highest bit zero
- * LTM_PRIME_2MSB_ON - make the 2nd highest bit one
- *
- * You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can
- * have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself
- * so it can be NULL
- *
- */
-int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback cb, void *dat);
-
-/* ---> radix conversion <--- */
-int mp_count_bits(mp_int *a);
-
-int mp_unsigned_bin_size(mp_int *a);
-int mp_read_unsigned_bin(mp_int *a, const unsigned char *b, int c);
-int mp_to_unsigned_bin(mp_int *a, unsigned char *b);
-int mp_to_unsigned_bin_n (mp_int * a, unsigned char *b, unsigned long *outlen);
-
-int mp_signed_bin_size(mp_int *a);
-int mp_read_signed_bin(mp_int *a, const unsigned char *b, int c);
-int mp_to_signed_bin(mp_int *a, unsigned char *b);
-int mp_to_signed_bin_n (mp_int * a, unsigned char *b, unsigned long *outlen);
-
-int mp_read_radix(mp_int *a, const char *str, int radix);
-int mp_toradix(mp_int *a, char *str, int radix);
-int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen);
-int mp_radix_size(mp_int *a, int radix, int *size);
-
-int mp_fread(mp_int *a, int radix, FILE *stream);
-int mp_fwrite(mp_int *a, int radix, FILE *stream);
-
-#define mp_read_raw(mp, str, len) mp_read_signed_bin((mp), (str), (len))
-#define mp_raw_size(mp) mp_signed_bin_size(mp)
-#define mp_toraw(mp, str) mp_to_signed_bin((mp), (str))
-#define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len))
-#define mp_mag_size(mp) mp_unsigned_bin_size(mp)
-#define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str))
-
-#define mp_tobinary(M, S) mp_toradix((M), (S), 2)
-#define mp_tooctal(M, S) mp_toradix((M), (S), 8)
-#define mp_todecimal(M, S) mp_toradix((M), (S), 10)
-#define mp_tohex(M, S) mp_toradix((M), (S), 16)
-
-/* lowlevel functions, do not call! */
-int s_mp_add(mp_int *a, mp_int *b, mp_int *c);
-int s_mp_sub(mp_int *a, mp_int *b, mp_int *c);
-#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1)
-int fast_s_mp_mul_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
-int s_mp_mul_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
-int fast_s_mp_mul_high_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
-int s_mp_mul_high_digs(mp_int *a, mp_int *b, mp_int *c, int digs);
-int fast_s_mp_sqr(mp_int *a, mp_int *b);
-int s_mp_sqr(mp_int *a, mp_int *b);
-int mp_karatsuba_mul(mp_int *a, mp_int *b, mp_int *c);
-int mp_toom_mul(mp_int *a, mp_int *b, mp_int *c);
-int mp_karatsuba_sqr(mp_int *a, mp_int *b);
-int mp_toom_sqr(mp_int *a, mp_int *b);
-int fast_mp_invmod(mp_int *a, mp_int *b, mp_int *c);
-int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c);
-int fast_mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
-int mp_exptmod_fast(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int mode);
-int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int mode);
-void bn_reverse(unsigned char *s, int len);
-
-extern const char *mp_s_rmap;
-
-#ifdef __cplusplus
- }
-#endif
-
-#endif
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/headers/ltc_tommath.h,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
diff --git a/src/headers/tomcrypt.h b/src/headers/tomcrypt.h
index 4804194..15ccd04 100644
--- a/src/headers/tomcrypt.h
+++ b/src/headers/tomcrypt.h
@@ -16,8 +16,8 @@ extern "C" {
#endif
/* version */
-#define CRYPT 0x0105
-#define SCRYPT "1.05"
+#define CRYPT 0x0116
+#define SCRYPT "1.16"
/* max size of either a cipher/hash block or symmetric key [largest of the two] */
#define MAXBLOCKSIZE 128
@@ -60,7 +60,8 @@ enum {
CRYPT_PK_NOT_FOUND, /* Key not found in keyring */
CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */
- CRYPT_INVALID_PRIME_SIZE/* Invalid size of prime requested */
+ CRYPT_INVALID_PRIME_SIZE,/* Invalid size of prime requested */
+ CRYPT_PK_INVALID_PADDING /* Invalid padding on input */
};
#include <tomcrypt_cfg.h>
@@ -70,6 +71,7 @@ enum {
#include <tomcrypt_mac.h>
#include <tomcrypt_prng.h>
#include <tomcrypt_pk.h>
+#include <tomcrypt_math.h>
#include <tomcrypt_misc.h>
#include <tomcrypt_argchk.h>
#include <tomcrypt_pkcs.h>
@@ -82,5 +84,5 @@ enum {
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt.h,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/06/19 18:03:25 $ */
+/* $Revision: 1.20 $ */
+/* $Date: 2006/11/26 01:45:14 $ */
diff --git a/src/headers/tomcrypt_argchk.h b/src/headers/tomcrypt_argchk.h
index ef344ee..cfc93ad 100644
--- a/src/headers/tomcrypt_argchk.h
+++ b/src/headers/tomcrypt_argchk.h
@@ -7,19 +7,32 @@
/* this is the default LibTomCrypt macro */
void crypt_argchk(char *v, char *s, int d);
#define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); }
+#define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
#elif ARGTYPE == 1
/* fatal type of error */
#define LTC_ARGCHK(x) assert((x))
+#define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
#elif ARGTYPE == 2
+#define LTC_ARGCHK(x) if (!(x)) { fprintf(stderr, "\nwarning: ARGCHK failed at %s:%d\n", __FILE__, __LINE__); }
+#define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
+
+#elif ARGTYPE == 3
+
#define LTC_ARGCHK(x)
+#define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
+
+#elif ARGTYPE == 4
+
+#define LTC_ARGCHK(x) if (!(x)) return CRYPT_INVALID_ARG;
+#define LTC_ARGCHKVD(x) if (!(x)) return;
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_argchk.h,v $ */
-/* $Revision: 1.2 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/08/27 20:50:21 $ */
diff --git a/src/headers/tomcrypt_cfg.h b/src/headers/tomcrypt_cfg.h
index 1d5bc6c..7feae6e 100644
--- a/src/headers/tomcrypt_cfg.h
+++ b/src/headers/tomcrypt_cfg.h
@@ -7,21 +7,46 @@
#ifndef TOMCRYPT_CFG_H
#define TOMCRYPT_CFG_H
+#if defined(_WIN32) || defined(_MSC_VER)
+#define LTC_CALL __cdecl
+#else
+#ifndef LTC_CALL
+ #define LTC_CALL
+#endif
+#endif
+
+#ifndef LTC_EXPORT
+#define LTC_EXPORT
+#endif
+
+/* certain platforms use macros for these, making the prototypes broken */
+#ifndef LTC_NO_PROTOTYPES
+
/* you can change how memory allocation works ... */
-void *XMALLOC(size_t n);
-void *XREALLOC(void *p, size_t n);
-void *XCALLOC(size_t n, size_t s);
-void XFREE(void *p);
+LTC_EXPORT void * LTC_CALL XMALLOC(size_t n);
+LTC_EXPORT void * LTC_CALL XREALLOC(void *p, size_t n);
+LTC_EXPORT void * LTC_CALL XCALLOC(size_t n, size_t s);
+LTC_EXPORT void LTC_CALL XFREE(void *p);
+
+LTC_EXPORT void LTC_CALL XQSORT(void *base, size_t nmemb, size_t size, int(*compar)(const void *, const void *));
+
/* change the clock function too */
- clock_t XCLOCK(void);
+LTC_EXPORT clock_t LTC_CALL XCLOCK(void);
/* various other functions */
-void *XMEMCPY(void *dest, const void *src, size_t n);
-int XMEMCMP(const void *s1, const void *s2, size_t n);
+LTC_EXPORT void * LTC_CALL XMEMCPY(void *dest, const void *src, size_t n);
+LTC_EXPORT int LTC_CALL XMEMCMP(const void *s1, const void *s2, size_t n);
+LTC_EXPORT void * LTC_CALL XMEMSET(void *s, int c, size_t n);
+
+LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2);
-/* type of argument checking, 0=default, 1=fatal and 2=none */
-#define ARGTYPE 0
+#endif
+
+/* type of argument checking, 0=default, 1=fatal and 2=error+continue, 3=nothing */
+#ifndef ARGTYPE
+ #define ARGTYPE 0
+#endif
/* Controls endianess and size of registers. Leave uncommented to get platform neutral [slower] code
*
@@ -31,7 +56,7 @@ int XMEMCMP(const void *s1, const void *s2, size_t n);
*/
/* detect x86-32 machines somewhat */
-#if defined(INTEL_CC) || (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__)))
+#if !defined(__STRICT_ANSI__) && (defined(INTEL_CC) || (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__))))
#define ENDIAN_LITTLE
#define ENDIAN_32BITWORD
#define LTC_FAST
@@ -45,13 +70,32 @@ int XMEMCMP(const void *s1, const void *s2, size_t n);
#endif
/* detect amd64 */
-#if defined(__x86_64__)
+#if !defined(__STRICT_ANSI__) && defined(__x86_64__)
#define ENDIAN_LITTLE
#define ENDIAN_64BITWORD
#define LTC_FAST
#define LTC_FAST_TYPE unsigned long
#endif
+/* detect PPC32 */
+#if !defined(__STRICT_ANSI__) && defined(LTC_PPC32)
+ #define ENDIAN_BIG
+ #define ENDIAN_32BITWORD
+ #define LTC_FAST
+ #define LTC_FAST_TYPE unsigned long
+#endif
+
+/* detect sparc and sparc64 */
+#if defined(__sparc__)
+ #define ENDIAN_BIG
+ #if defined(__arch64__)
+ #define ENDIAN_64BITWORD
+ #else
+ #define ENDIAN_32BITWORD
+ #endif
+#endif
+
+
#ifdef LTC_NO_FAST
#ifdef LTC_FAST
#undef LTC_FAST
@@ -77,36 +121,16 @@ int XMEMCMP(const void *s1, const void *s2, size_t n);
/* #define ENDIAN_64BITWORD */
#if (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD))
- #error You must specify a word size as well as endianess in mycrypt_cfg.h
+ #error You must specify a word size as well as endianess in tomcrypt_cfg.h
#endif
#if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE))
#define ENDIAN_NEUTRAL
#endif
-/* packet code */
-#if defined(MRSA) || defined(MDH) || defined(MECC)
- #define PACKET
-
- /* size of a packet header in bytes */
- #define PACKET_SIZE 4
-
- /* Section tags */
- #define PACKET_SECT_RSA 0
- #define PACKET_SECT_DH 1
- #define PACKET_SECT_ECC 2
- #define PACKET_SECT_DSA 3
-
- /* Subsection Tags for the first three sections */
- #define PACKET_SUB_KEY 0
- #define PACKET_SUB_ENCRYPTED 1
- #define PACKET_SUB_SIGNED 2
- #define PACKET_SUB_ENC_KEY 3
-#endif
-
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_cfg.h,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.19 $ */
+/* $Date: 2006/12/04 02:19:48 $ */
diff --git a/src/headers/tomcrypt_cipher.h b/src/headers/tomcrypt_cipher.h
index 4f00302..62a26c7 100644
--- a/src/headers/tomcrypt_cipher.h
+++ b/src/headers/tomcrypt_cipher.h
@@ -37,6 +37,20 @@ struct rijndael_key {
};
#endif
+#ifdef KSEED
+struct kseed_key {
+ ulong32 K[32], dK[32];
+};
+#endif
+
+#ifdef LTC_KASUMI
+struct kasumi_key {
+ ulong32 KLi1[8], KLi2[8],
+ KOi1[8], KOi2[8], KOi3[8],
+ KIi1[8], KIi2[8], KIi3[8];
+};
+#endif
+
#ifdef XTEA
struct xtea_key {
unsigned long A[32], B[32];
@@ -164,10 +178,17 @@ typedef union Symmetric_key {
#ifdef ANUBIS
struct anubis_key anubis;
#endif
+#ifdef KSEED
+ struct kseed_key kseed;
+#endif
+#ifdef LTC_KASUMI
+ struct kasumi_key kasumi;
+#endif
void *data;
} symmetric_key;
-/* A block cipher ECB structure */
+#ifdef LTC_ECB_MODE
+/** A block cipher ECB structure */
typedef struct {
/** The index of the cipher chosen */
int cipher,
@@ -176,8 +197,10 @@ typedef struct {
/** The scheduled key */
symmetric_key key;
} symmetric_ECB;
+#endif
-/* A block cipher CFB structure */
+#ifdef LTC_CFB_MODE
+/** A block cipher CFB structure */
typedef struct {
/** The index of the cipher chosen */
int cipher,
@@ -192,8 +215,10 @@ typedef struct {
/** The scheduled key */
symmetric_key key;
} symmetric_CFB;
+#endif
-/* A block cipher OFB structure */
+#ifdef LTC_OFB_MODE
+/** A block cipher OFB structure */
typedef struct {
/** The index of the cipher chosen */
int cipher,
@@ -206,8 +231,10 @@ typedef struct {
/** The scheduled key */
symmetric_key key;
} symmetric_OFB;
+#endif
-/* A block cipher CBC structure */
+#ifdef LTC_CBC_MODE
+/** A block cipher CBC structure */
typedef struct {
/** The index of the cipher chosen */
int cipher,
@@ -218,8 +245,11 @@ typedef struct {
/** The scheduled key */
symmetric_key key;
} symmetric_CBC;
+#endif
+
-/* A block cipher CTR structure */
+#ifdef LTC_CTR_MODE
+/** A block cipher CTR structure */
typedef struct {
/** The index of the cipher chosen */
int cipher,
@@ -236,8 +266,55 @@ typedef struct {
/** The scheduled key */
symmetric_key key;
} symmetric_CTR;
+#endif
+
+
+#ifdef LTC_LRW_MODE
+/** A LRW structure */
+typedef struct {
+ /** The index of the cipher chosen (must be a 128-bit block cipher) */
+ int cipher;
+
+ /** The current IV */
+ unsigned char IV[16],
+
+ /** the tweak key */
+ tweak[16],
+
+ /** The current pad, it's the product of the first 15 bytes against the tweak key */
+ pad[16];
+
+ /** The scheduled symmetric key */
+ symmetric_key key;
-/* cipher descriptor table, last entry has "name == NULL" to mark the end of table */
+#ifdef LRW_TABLES
+ /** The pre-computed multiplication table */
+ unsigned char PC[16][256][16];
+#endif
+} symmetric_LRW;
+#endif
+
+#ifdef LTC_F8_MODE
+/** A block cipher F8 structure */
+typedef struct {
+ /** The index of the cipher chosen */
+ int cipher,
+ /** The block size of the given cipher */
+ blocklen,
+ /** The padding offset */
+ padlen;
+ /** The current IV */
+ unsigned char IV[MAXBLOCKSIZE],
+ MIV[MAXBLOCKSIZE];
+ /** Current block count */
+ ulong32 blockcnt;
+ /** The scheduled key */
+ symmetric_key key;
+} symmetric_F8;
+#endif
+
+
+/** cipher descriptor table, last entry has "name == NULL" to mark the end of table */
extern struct ltc_cipher_descriptor {
/** name of cipher */
char *name;
@@ -263,14 +340,16 @@ extern struct ltc_cipher_descriptor {
@param pt The plaintext
@param ct [out] The ciphertext
@param skey The scheduled key
+ @return CRYPT_OK if successful
*/
- void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+ int (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
/** Decrypt a block
@param ct The ciphertext
@param pt [out] The plaintext
@param skey The scheduled key
+ @return CRYPT_OK if successful
*/
- void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+ int (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
/** Test the block cipher
@return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
*/
@@ -293,16 +372,18 @@ extern struct ltc_cipher_descriptor {
@param ct Ciphertext
@param blocks The number of complete blocks to process
@param skey The scheduled key context
+ @return CRYPT_OK if successful
*/
- void (*accel_ecb_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, symmetric_key *skey);
+ int (*accel_ecb_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, symmetric_key *skey);
/** Accelerated ECB decryption
@param pt Plaintext
@param ct Ciphertext
@param blocks The number of complete blocks to process
@param skey The scheduled key context
+ @return CRYPT_OK if successful
*/
- void (*accel_ecb_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, symmetric_key *skey);
+ int (*accel_ecb_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, symmetric_key *skey);
/** Accelerated CBC encryption
@param pt Plaintext
@@ -310,8 +391,9 @@ extern struct ltc_cipher_descriptor {
@param blocks The number of complete blocks to process
@param IV The initial value (input/output)
@param skey The scheduled key context
+ @return CRYPT_OK if successful
*/
- void (*accel_cbc_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, symmetric_key *skey);
+ int (*accel_cbc_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, symmetric_key *skey);
/** Accelerated CBC decryption
@param pt Plaintext
@@ -319,8 +401,9 @@ extern struct ltc_cipher_descriptor {
@param blocks The number of complete blocks to process
@param IV The initial value (input/output)
@param skey The scheduled key context
+ @return CRYPT_OK if successful
*/
- void (*accel_cbc_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, symmetric_key *skey);
+ int (*accel_cbc_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, symmetric_key *skey);
/** Accelerated CTR encryption
@param pt Plaintext
@@ -329,12 +412,36 @@ extern struct ltc_cipher_descriptor {
@param IV The initial value (input/output)
@param mode little or big endian counter (mode=0 or mode=1)
@param skey The scheduled key context
+ @return CRYPT_OK if successful
*/
- void (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey);
+ int (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey);
+
+ /** Accelerated LRW
+ @param pt Plaintext
+ @param ct Ciphertext
+ @param blocks The number of complete blocks to process
+ @param IV The initial value (input/output)
+ @param tweak The LRW tweak
+ @param skey The scheduled key context
+ @return CRYPT_OK if successful
+ */
+ int (*accel_lrw_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey);
+
+ /** Accelerated LRW
+ @param ct Ciphertext
+ @param pt Plaintext
+ @param blocks The number of complete blocks to process
+ @param IV The initial value (input/output)
+ @param tweak The LRW tweak
+ @param skey The scheduled key context
+ @return CRYPT_OK if successful
+ */
+ int (*accel_lrw_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey);
/** Accelerated CCM packet (one-shot)
@param key The secret key to use
@param keylen The length of the secret key (octets)
+ @param uskey A previously scheduled key [optional can be NULL]
@param nonce The session nonce [use once]
@param noncelen The length of the nonce
@param header The header for the session
@@ -347,8 +454,9 @@ extern struct ltc_cipher_descriptor {
@param direction Encrypt or Decrypt direction (0 or 1)
@return CRYPT_OK if successful
*/
- void (*accel_ccm_memory)(
+ int (*accel_ccm_memory)(
const unsigned char *key, unsigned long keylen,
+ symmetric_key *uskey,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
unsigned char *pt, unsigned long ptlen,
@@ -357,20 +465,21 @@ extern struct ltc_cipher_descriptor {
int direction);
/** Accelerated GCM packet (one shot)
- @param key The secret key
- @param keylen The length of the secret key
- @param IV The initial vector
- @param IVlen The length of the initial vector
- @param adata The additional authentication data (header)
- @param adatalen The length of the adata
- @param pt The plaintext
- @param ptlen The length of the plaintext (ciphertext length is the same)
- @param ct The ciphertext
- @param tag [out] The MAC tag
- @param taglen [in/out] The MAC tag length
- @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
+ @param key The secret key
+ @param keylen The length of the secret key
+ @param IV The initial vector
+ @param IVlen The length of the initial vector
+ @param adata The additional authentication data (header)
+ @param adatalen The length of the adata
+ @param pt The plaintext
+ @param ptlen The length of the plaintext (ciphertext length is the same)
+ @param ct The ciphertext
+ @param tag [out] The MAC tag
+ @param taglen [in/out] The MAC tag length
+ @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
+ @return CRYPT_OK on success
*/
- void (*accel_gcm_memory)(
+ int (*accel_gcm_memory)(
const unsigned char *key, unsigned long keylen,
const unsigned char *IV, unsigned long IVlen,
const unsigned char *adata, unsigned long adatalen,
@@ -378,12 +487,55 @@ extern struct ltc_cipher_descriptor {
unsigned char *ct,
unsigned char *tag, unsigned long *taglen,
int direction);
+
+ /** Accelerated one shot OMAC
+ @param key The secret key
+ @param keylen The key length (octets)
+ @param in The message
+ @param inlen Length of message (octets)
+ @param out [out] Destination for tag
+ @param outlen [in/out] Initial and final size of out
+ @return CRYPT_OK on success
+ */
+ int (*omac_memory)(
+ const unsigned char *key, unsigned long keylen,
+ const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen);
+
+ /** Accelerated one shot XCBC
+ @param key The secret key
+ @param keylen The key length (octets)
+ @param in The message
+ @param inlen Length of message (octets)
+ @param out [out] Destination for tag
+ @param outlen [in/out] Initial and final size of out
+ @return CRYPT_OK on success
+ */
+ int (*xcbc_memory)(
+ const unsigned char *key, unsigned long keylen,
+ const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen);
+
+ /** Accelerated one shot F9
+ @param key The secret key
+ @param keylen The key length (octets)
+ @param in The message
+ @param inlen Length of message (octets)
+ @param out [out] Destination for tag
+ @param outlen [in/out] Initial and final size of out
+ @return CRYPT_OK on success
+ @remark Requires manual padding
+ */
+ int (*f9_memory)(
+ const unsigned char *key, unsigned long keylen,
+ const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen);
} cipher_descriptor[];
#ifdef BLOWFISH
int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int blowfish_test(void);
void blowfish_done(symmetric_key *skey);
int blowfish_keysize(int *keysize);
@@ -392,8 +544,8 @@ extern const struct ltc_cipher_descriptor blowfish_desc;
#ifdef RC5
int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int rc5_test(void);
void rc5_done(symmetric_key *skey);
int rc5_keysize(int *keysize);
@@ -402,8 +554,8 @@ extern const struct ltc_cipher_descriptor rc5_desc;
#ifdef RC6
int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int rc6_test(void);
void rc6_done(symmetric_key *skey);
int rc6_keysize(int *keysize);
@@ -412,8 +564,8 @@ extern const struct ltc_cipher_descriptor rc6_desc;
#ifdef RC2
int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int rc2_test(void);
void rc2_done(symmetric_key *skey);
int rc2_keysize(int *keysize);
@@ -422,8 +574,8 @@ extern const struct ltc_cipher_descriptor rc2_desc;
#ifdef SAFERP
int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int saferp_test(void);
void saferp_done(symmetric_key *skey);
int saferp_keysize(int *keysize);
@@ -435,8 +587,8 @@ int safer_k64_setup(const unsigned char *key, int keylen, int num_rounds, symmet
int safer_sk64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
int safer_k128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
int safer_sk128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void safer_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
-void safer_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
+int safer_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
+int safer_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
int safer_k64_test(void);
int safer_sk64_test(void);
int safer_sk128_test(void);
@@ -461,13 +613,13 @@ extern const struct ltc_cipher_descriptor safer_k64_desc, safer_k128_desc, safer
#define aes_enc_keysize rijndael_enc_keysize
int rijndael_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int rijndael_test(void);
void rijndael_done(symmetric_key *skey);
int rijndael_keysize(int *keysize);
int rijndael_enc_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void rijndael_enc_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int rijndael_enc_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
void rijndael_enc_done(symmetric_key *skey);
int rijndael_enc_keysize(int *keysize);
extern const struct ltc_cipher_descriptor rijndael_desc, aes_desc;
@@ -476,8 +628,8 @@ extern const struct ltc_cipher_descriptor rijndael_enc_desc, aes_enc_desc;
#ifdef XTEA
int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int xtea_test(void);
void xtea_done(symmetric_key *skey);
int xtea_keysize(int *keysize);
@@ -486,8 +638,8 @@ extern const struct ltc_cipher_descriptor xtea_desc;
#ifdef TWOFISH
int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int twofish_test(void);
void twofish_done(symmetric_key *skey);
int twofish_keysize(int *keysize);
@@ -496,14 +648,14 @@ extern const struct ltc_cipher_descriptor twofish_desc;
#ifdef DES
int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int des_test(void);
void des_done(symmetric_key *skey);
int des_keysize(int *keysize);
int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int des3_test(void);
void des3_done(symmetric_key *skey);
int des3_keysize(int *keysize);
@@ -512,8 +664,8 @@ extern const struct ltc_cipher_descriptor des_desc, des3_desc;
#ifdef CAST5
int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int cast5_test(void);
void cast5_done(symmetric_key *skey);
int cast5_keysize(int *keysize);
@@ -522,8 +674,8 @@ extern const struct ltc_cipher_descriptor cast5_desc;
#ifdef NOEKEON
int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int noekeon_test(void);
void noekeon_done(symmetric_key *skey);
int noekeon_keysize(int *keysize);
@@ -532,8 +684,8 @@ extern const struct ltc_cipher_descriptor noekeon_desc;
#ifdef SKIPJACK
int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int skipjack_test(void);
void skipjack_done(symmetric_key *skey);
int skipjack_keysize(int *keysize);
@@ -542,8 +694,8 @@ extern const struct ltc_cipher_descriptor skipjack_desc;
#ifdef KHAZAD
int khazad_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int khazad_test(void);
void khazad_done(symmetric_key *skey);
int khazad_keysize(int *keysize);
@@ -552,15 +704,35 @@ extern const struct ltc_cipher_descriptor khazad_desc;
#ifdef ANUBIS
int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
-void anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
-void anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
int anubis_test(void);
void anubis_done(symmetric_key *skey);
int anubis_keysize(int *keysize);
extern const struct ltc_cipher_descriptor anubis_desc;
#endif
-#ifdef ECB
+#ifdef KSEED
+int kseed_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
+int kseed_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int kseed_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int kseed_test(void);
+void kseed_done(symmetric_key *skey);
+int kseed_keysize(int *keysize);
+extern const struct ltc_cipher_descriptor kseed_desc;
+#endif
+
+#ifdef LTC_KASUMI
+int kasumi_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
+int kasumi_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+int kasumi_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
+int kasumi_test(void);
+void kasumi_done(symmetric_key *skey);
+int kasumi_keysize(int *keysize);
+extern const struct ltc_cipher_descriptor kasumi_desc;
+#endif
+
+#ifdef LTC_ECB_MODE
int ecb_start(int cipher, const unsigned char *key,
int keylen, int num_rounds, symmetric_ECB *ecb);
int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb);
@@ -568,7 +740,7 @@ int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
int ecb_done(symmetric_ECB *ecb);
#endif
-#ifdef CFB
+#ifdef LTC_CFB_MODE
int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CFB *cfb);
int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb);
@@ -578,7 +750,7 @@ int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb);
int cfb_done(symmetric_CFB *cfb);
#endif
-#ifdef OFB
+#ifdef LTC_OFB_MODE
int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_OFB *ofb);
int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb);
@@ -588,7 +760,7 @@ int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb);
int ofb_done(symmetric_OFB *ofb);
#endif
-#ifdef CBC
+#ifdef LTC_CBC_MODE
int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
int keylen, int num_rounds, symmetric_CBC *cbc);
int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc);
@@ -598,10 +770,11 @@ int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc);
int cbc_done(symmetric_CBC *cbc);
#endif
-#ifdef CTR
+#ifdef LTC_CTR_MODE
#define CTR_COUNTER_LITTLE_ENDIAN 0
#define CTR_COUNTER_BIG_ENDIAN 1
+#define LTC_CTR_RFC3686 2
int ctr_start( int cipher,
const unsigned char *IV,
@@ -613,8 +786,45 @@ int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr);
int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr);
int ctr_done(symmetric_CTR *ctr);
+int ctr_test(void);
#endif
-
+
+#ifdef LTC_LRW_MODE
+
+#define LRW_ENCRYPT 0
+#define LRW_DECRYPT 1
+
+int lrw_start( int cipher,
+ const unsigned char *IV,
+ const unsigned char *key, int keylen,
+ const unsigned char *tweak,
+ int num_rounds,
+ symmetric_LRW *lrw);
+int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw);
+int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw);
+int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw);
+int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw);
+int lrw_done(symmetric_LRW *lrw);
+int lrw_test(void);
+
+/* don't call */
+int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw);
+#endif
+
+#ifdef LTC_F8_MODE
+int f8_start( int cipher, const unsigned char *IV,
+ const unsigned char *key, int keylen,
+ const unsigned char *salt_key, int skeylen,
+ int num_rounds, symmetric_F8 *f8);
+int f8_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_F8 *f8);
+int f8_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_F8 *f8);
+int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8);
+int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8);
+int f8_done(symmetric_F8 *f8);
+int f8_test_mode(void);
+#endif
+
+
int find_cipher(const char *name);
int find_cipher_any(const char *name, int blocklen, int keylen);
int find_cipher_id(unsigned char ID);
@@ -622,8 +832,8 @@ int register_cipher(const struct ltc_cipher_descriptor *cipher);
int unregister_cipher(const struct ltc_cipher_descriptor *cipher);
int cipher_is_valid(int idx);
-LTC_MUTEX_PROTO(ltc_cipher_mutex);
+LTC_MUTEX_PROTO(ltc_cipher_mutex)
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_cipher.h,v $ */
-/* $Revision: 1.16 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.46 $ */
+/* $Date: 2006/11/13 23:09:38 $ */
diff --git a/src/headers/tomcrypt_custom.h b/src/headers/tomcrypt_custom.h
index ad61f52..540514e 100644
--- a/src/headers/tomcrypt_custom.h
+++ b/src/headers/tomcrypt_custom.h
@@ -5,21 +5,68 @@
#include "options.h"
/* macros for various libc functions you can change for embedded targets */
+#ifndef XMALLOC
+ #ifdef malloc
+ #define LTC_NO_PROTOTYPES
+ #endif
#define XMALLOC malloc
+#endif
+#ifndef XREALLOC
+ #ifdef realloc
+ #define LTC_NO_PROTOTYPES
+ #endif
#define XREALLOC realloc
+#endif
+#ifndef XCALLOC
+ #ifdef calloc
+ #define LTC_NO_PROTOTYPES
+ #endif
#define XCALLOC calloc
+#endif
+#ifndef XFREE
+ #ifdef free
+ #define LTC_NO_PROTOTYPES
+ #endif
#define XFREE free
+#endif
+#ifndef XMEMSET
+ #ifdef memset
+ #define LTC_NO_PROTOTYPES
+ #endif
#define XMEMSET memset
+#endif
+#ifndef XMEMCPY
+ #ifdef memcpy
+ #define LTC_NO_PROTOTYPES
+ #endif
#define XMEMCPY memcpy
+#endif
+#ifndef XMEMCMP
+ #ifdef memcmp
+ #define LTC_NO_PROTOTYPES
+ #endif
+#define XMEMCMP memcmp
+#endif
+#ifndef XSTRCMP
+ #ifdef strcmp
+ #define LTC_NO_PROTOTYPES
+ #endif
+#define XSTRCMP strcmp
+#endif
+#ifndef XCLOCK
#define XCLOCK clock
+#endif
+#ifndef XCLOCKS_PER_SEC
#define XCLOCKS_PER_SEC CLOCKS_PER_SEC
+#endif
+ #define LTC_NO_PRNGS
+ #define LTC_NO_PK
#ifdef DROPBEAR_SMALL_CODE
#define LTC_SMALL_CODE
#endif
-
/* These spit out warnings etc */
#define LTC_NO_ROLC
@@ -84,13 +131,23 @@
/* default no functions */
#define LTC_MUTEX_GLOBAL(x)
#define LTC_MUTEX_PROTO(x)
+#define LTC_MUTEX_TYPE(x)
+#define LTC_MUTEX_INIT(x)
#define LTC_MUTEX_LOCK(x)
#define LTC_MUTEX_UNLOCK(x)
#define FORTUNA_POOLS 0
#endif
+/* Debuggers */
+
+/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */
+/* #define LTC_VALGRIND */
+
+#endif
+
+
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_custom.h,v $ */
-/* $Revision: 1.17 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.66 $ */
+/* $Date: 2006/12/04 02:50:11 $ */
diff --git a/src/headers/tomcrypt_hash.h b/src/headers/tomcrypt_hash.h
index a0534f9..d9916ac 100644
--- a/src/headers/tomcrypt_hash.h
+++ b/src/headers/tomcrypt_hash.h
@@ -70,6 +70,22 @@ struct rmd160_state {
};
#endif
+#ifdef RIPEMD256
+struct rmd256_state {
+ ulong64 length;
+ unsigned char buf[64];
+ ulong32 curlen, state[8];
+};
+#endif
+
+#ifdef RIPEMD320
+struct rmd320_state {
+ ulong64 length;
+ unsigned char buf[64];
+ ulong32 curlen, state[10];
+};
+#endif
+
#ifdef WHIRLPOOL
struct whirlpool_state {
ulong64 length, state[8];
@@ -87,6 +103,7 @@ struct chc_state {
#endif
typedef union Hash_state {
+ char dummy[1];
#ifdef CHC_HASH
struct chc_state chc;
#endif
@@ -120,9 +137,16 @@ typedef union Hash_state {
#ifdef RIPEMD160
struct rmd160_state rmd160;
#endif
+#ifdef RIPEMD256
+ struct rmd256_state rmd256;
+#endif
+#ifdef RIPEMD320
+ struct rmd320_state rmd320;
+#endif
void *data;
} hash_state;
+/** hash descriptor */
extern struct ltc_hash_descriptor {
/** name of hash */
char *name;
@@ -159,6 +183,12 @@ extern struct ltc_hash_descriptor {
@return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
*/
int (*test)(void);
+
+ /* accelerated hmac callback: if you need to-do multiple packets just use the generic hmac_memory and provide a hash callback */
+ int (*hmac_block)(const unsigned char *key, unsigned long keylen,
+ const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen);
+
} hash_descriptor[];
#ifdef CHC_HASH
@@ -272,14 +302,32 @@ int rmd160_test(void);
extern const struct ltc_hash_descriptor rmd160_desc;
#endif
+#ifdef RIPEMD256
+int rmd256_init(hash_state * md);
+int rmd256_process(hash_state * md, const unsigned char *in, unsigned long inlen);
+int rmd256_done(hash_state * md, unsigned char *hash);
+int rmd256_test(void);
+extern const struct ltc_hash_descriptor rmd256_desc;
+#endif
+
+#ifdef RIPEMD320
+int rmd320_init(hash_state * md);
+int rmd320_process(hash_state * md, const unsigned char *in, unsigned long inlen);
+int rmd320_done(hash_state * md, unsigned char *hash);
+int rmd320_test(void);
+extern const struct ltc_hash_descriptor rmd320_desc;
+#endif
+
+
int find_hash(const char *name);
int find_hash_id(unsigned char ID);
+int find_hash_oid(const unsigned long *ID, unsigned long IDlen);
int find_hash_any(const char *name, int digestlen);
int register_hash(const struct ltc_hash_descriptor *hash);
int unregister_hash(const struct ltc_hash_descriptor *hash);
int hash_is_valid(int idx);
-LTC_MUTEX_PROTO(ltc_hash_mutex);
+LTC_MUTEX_PROTO(ltc_hash_mutex)
int hash_memory(int hash,
const unsigned char *in, unsigned long inlen,
@@ -327,5 +375,5 @@ int func_name (hash_state * md, const unsigned char *in, unsigned long inlen)
}
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_hash.h,v $ */
-/* $Revision: 1.12 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.19 $ */
+/* $Date: 2006/11/05 01:36:43 $ */
diff --git a/src/headers/tomcrypt_mac.h b/src/headers/tomcrypt_mac.h
index 411b1bc..42bf680 100644
--- a/src/headers/tomcrypt_mac.h
+++ b/src/headers/tomcrypt_mac.h
@@ -1,4 +1,4 @@
-#ifdef HMAC
+#ifdef LTC_HMAC
typedef struct Hmac_state {
hash_state md;
int hash;
@@ -23,7 +23,7 @@ int hmac_file(int hash, const char *fname, const unsigned char *key,
unsigned char *dst, unsigned long *dstlen);
#endif
-#ifdef OMAC
+#ifdef LTC_OMAC
typedef struct {
int cipher_idx,
@@ -53,7 +53,7 @@ int omac_file(int cipher,
int omac_test(void);
#endif /* OMAC */
-#ifdef PMAC
+#ifdef LTC_PMAC
typedef struct {
unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
@@ -98,7 +98,7 @@ void pmac_shift_xor(pmac_state *pmac);
#ifdef EAX_MODE
-#if !(defined(OMAC) && defined(CTR))
+#if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE))
#error EAX_MODE requires OMAC and CTR
#endif
@@ -200,6 +200,7 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
int ccm_memory(int cipher,
const unsigned char *key, unsigned long keylen,
+ symmetric_key *uskey,
const unsigned char *nonce, unsigned long noncelen,
const unsigned char *header, unsigned long headerlen,
unsigned char *pt, unsigned long ptlen,
@@ -211,6 +212,16 @@ int ccm_test(void);
#endif /* CCM_MODE */
+#if defined(LRW_MODE) || defined(GCM_MODE)
+void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
+#endif
+
+
+/* table shared between GCM and LRW */
+#if defined(GCM_TABLES) || defined(LRW_TABLES) || ((defined(GCM_MODE) || defined(GCM_MODE)) && defined(LTC_FAST))
+extern const unsigned char gcm_shift_table[];
+#endif
+
#ifdef GCM_MODE
#define GCM_ENCRYPT 0
@@ -237,12 +248,14 @@ typedef struct {
pttotlen; /* 64-bit counter for the PT */
#ifdef GCM_TABLES
- unsigned char PC[16][256][16]; /* 16 tables of 8x128 */
+ unsigned char PC[16][256][16] /* 16 tables of 8x128 */
+#ifdef GCM_TABLES_SSE2
+__attribute__ ((aligned (16)))
+#endif
+;
#endif
-
} gcm_state;
-void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
void gcm_mult_h(gcm_state *gcm, unsigned char *I);
int gcm_init(gcm_state *gcm, int cipher,
@@ -296,6 +309,73 @@ int pelican_memory(const unsigned char *key, unsigned long keylen,
#endif
+#ifdef LTC_XCBC
+
+typedef struct {
+ unsigned char K[3][MAXBLOCKSIZE],
+ IV[MAXBLOCKSIZE];
+
+ symmetric_key key;
+
+ int cipher,
+ buflen,
+ blocksize;
+} xcbc_state;
+
+int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen);
+int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen);
+int xcbc_done(xcbc_state *xcbc, unsigned char *out, unsigned long *outlen);
+int xcbc_memory(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen);
+int xcbc_memory_multi(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *in, unsigned long inlen, ...);
+int xcbc_file(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ const char *filename,
+ unsigned char *out, unsigned long *outlen);
+int xcbc_test(void);
+
+#endif
+
+#ifdef LTC_F9_MODE
+
+typedef struct {
+ unsigned char akey[MAXBLOCKSIZE],
+ ACC[MAXBLOCKSIZE],
+ IV[MAXBLOCKSIZE];
+
+ symmetric_key key;
+
+ int cipher,
+ buflen,
+ keylen,
+ blocksize;
+} f9_state;
+
+int f9_init(f9_state *f9, int cipher, const unsigned char *key, unsigned long keylen);
+int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen);
+int f9_done(f9_state *f9, unsigned char *out, unsigned long *outlen);
+int f9_memory(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen);
+int f9_memory_multi(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *in, unsigned long inlen, ...);
+int f9_file(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ const char *filename,
+ unsigned char *out, unsigned long *outlen);
+int f9_test(void);
+
+#endif
+
+
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_mac.h,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.20 $ */
+/* $Date: 2006/11/08 21:57:04 $ */
diff --git a/src/headers/tomcrypt_macros.h b/src/headers/tomcrypt_macros.h
index 488931f..53bda9b 100644
--- a/src/headers/tomcrypt_macros.h
+++ b/src/headers/tomcrypt_macros.h
@@ -10,7 +10,7 @@
/* this is the "32-bit at least" data type
* Re-define it to suit your platform but it must be at least 32-bits
*/
-#if defined(__x86_64__)
+#if defined(__x86_64__) || (defined(__sparc__) && defined(__arch64__))
typedef unsigned ulong32;
#else
typedef unsigned long ulong32;
@@ -72,15 +72,15 @@
#define STORE32H(x, y) \
asm __volatile__ ( \
"bswapl %0 \n\t" \
- "movl %0,(%2)\n\t" \
+ "movl %0,(%1)\n\t" \
"bswapl %0 \n\t" \
- :"=r"(x):"0"(x), "r"(y));
+ ::"r"(x), "r"(y));
#define LOAD32H(x, y) \
asm __volatile__ ( \
- "movl (%2),%0\n\t" \
+ "movl (%1),%0\n\t" \
"bswapl %0\n\t" \
- :"=r"(x): "0"(x), "r"(y));
+ :"=r"(x): "r"(y));
#else
@@ -103,15 +103,15 @@ asm __volatile__ ( \
#define STORE64H(x, y) \
asm __volatile__ ( \
"bswapq %0 \n\t" \
- "movq %0,(%2)\n\t" \
+ "movq %0,(%1)\n\t" \
"bswapq %0 \n\t" \
- :"=r"(x):"0"(x), "r"(y):"0");
+ ::"r"(x), "r"(y));
#define LOAD64H(x, y) \
asm __volatile__ ( \
- "movq (%2),%0\n\t" \
+ "movq (%1),%0\n\t" \
"bswapq %0\n\t" \
- :"=r"(x): "0"(x), "r"(y));
+ :"=r"(x): "r"(y));
#else
@@ -132,10 +132,10 @@ asm __volatile__ ( \
#ifdef ENDIAN_32BITWORD
#define STORE32L(x, y) \
- { ulong32 __t = (x); memcpy(y, &__t, 4); }
+ { ulong32 __t = (x); XMEMCPY(y, &__t, 4); }
#define LOAD32L(x, y) \
- memcpy(&(x), y, 4);
+ XMEMCPY(&(x), y, 4);
#define STORE64L(x, y) \
{ (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \
@@ -152,16 +152,16 @@ asm __volatile__ ( \
#else /* 64-bit words then */
#define STORE32L(x, y) \
- { ulong32 __t = (x); memcpy(y, &__t, 4); }
+ { ulong32 __t = (x); XMEMCPY(y, &__t, 4); }
#define LOAD32L(x, y) \
- { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; }
+ { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; }
#define STORE64L(x, y) \
- { ulong64 __t = (x); memcpy(y, &__t, 8); }
+ { ulong64 __t = (x); XMEMCPY(y, &__t, 8); }
#define LOAD64L(x, y) \
- { memcpy(&(x), y, 8); }
+ { XMEMCPY(&(x), y, 8); }
#endif /* ENDIAN_64BITWORD */
@@ -193,10 +193,10 @@ asm __volatile__ ( \
#ifdef ENDIAN_32BITWORD
#define STORE32H(x, y) \
- { ulong32 __t = (x); memcpy(y, &__t, 4); }
+ { ulong32 __t = (x); XMEMCPY(y, &__t, 4); }
#define LOAD32H(x, y) \
- memcpy(&(x), y, 4);
+ XMEMCPY(&(x), y, 4);
#define STORE64H(x, y) \
{ (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \
@@ -213,16 +213,16 @@ asm __volatile__ ( \
#else /* 64-bit words then */
#define STORE32H(x, y) \
- { ulong32 __t = (x); memcpy(y, &__t, 4); }
+ { ulong32 __t = (x); XMEMCPY(y, &__t, 4); }
#define LOAD32H(x, y) \
- { memcpy(&(x), y, 4); x &= 0xFFFFFFFF; }
+ { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; }
#define STORE64H(x, y) \
- { ulong64 __t = (x); memcpy(y, &__t, 8); }
+ { ulong64 __t = (x); XMEMCPY(y, &__t, 8); }
#define LOAD64H(x, y) \
- { memcpy(&(x), y, 8); }
+ { XMEMCPY(&(x), y, 8); }
#endif /* ENDIAN_64BITWORD */
#endif /* ENDIAN_BIG */
@@ -242,7 +242,7 @@ asm __volatile__ ( \
#define RORc(x,n) _lrotr(x,n)
#define ROLc(x,n) _lrotl(x,n)
-#elif defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM)
+#elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM)
static inline unsigned ROL(unsigned word, int i)
{
@@ -285,6 +285,50 @@ static inline unsigned RORc(unsigned word, const int i)
#endif
+#elif !defined(__STRICT_ANSI__) && defined(LTC_PPC32)
+
+static inline unsigned ROL(unsigned word, int i)
+{
+ asm ("rotlw %0,%0,%2"
+ :"=r" (word)
+ :"0" (word),"r" (i));
+ return word;
+}
+
+static inline unsigned ROR(unsigned word, int i)
+{
+ asm ("rotlw %0,%0,%2"
+ :"=r" (word)
+ :"0" (word),"r" (32-i));
+ return word;
+}
+
+#ifndef LTC_NO_ROLC
+
+static inline unsigned ROLc(unsigned word, const int i)
+{
+ asm ("rotlwi %0,%0,%2"
+ :"=r" (word)
+ :"0" (word),"I" (i));
+ return word;
+}
+
+static inline unsigned RORc(unsigned word, const int i)
+{
+ asm ("rotrwi %0,%0,%2"
+ :"=r" (word)
+ :"0" (word),"I" (i));
+ return word;
+}
+
+#else
+
+#define ROLc ROL
+#define RORc ROR
+
+#endif
+
+
#else
/* rotates the hard way */
@@ -297,7 +341,7 @@ static inline unsigned RORc(unsigned word, const int i)
/* 64-bit Rotates */
-#if defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM)
+#if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM)
static inline unsigned long ROL64(unsigned long word, int i)
{
@@ -360,10 +404,13 @@ static inline unsigned long ROR64c(unsigned long word, const int i)
#endif
-#undef MAX
-#undef MIN
-#define MAX(x, y) ( ((x)>(y))?(x):(y) )
-#define MIN(x, y) ( ((x)<(y))?(x):(y) )
+#ifndef MAX
+ #define MAX(x, y) ( ((x)>(y))?(x):(y) )
+#endif
+
+#ifndef MIN
+ #define MIN(x, y) ( ((x)<(y))?(x):(y) )
+#endif
/* extract a byte portably */
#ifdef _MSC_VER
@@ -373,5 +420,5 @@ static inline unsigned long ROR64c(unsigned long word, const int i)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_macros.h,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.15 $ */
+/* $Date: 2006/11/29 23:43:57 $ */
diff --git a/src/headers/tomcrypt_math.h b/src/headers/tomcrypt_math.h
new file mode 100644
index 0000000..c996e41
--- /dev/null
+++ b/src/headers/tomcrypt_math.h
@@ -0,0 +1,500 @@
+/** math functions **/
+
+#define LTC_MP_LT -1
+#define LTC_MP_EQ 0
+#define LTC_MP_GT 1
+
+#define LTC_MP_NO 0
+#define LTC_MP_YES 1
+
+#ifndef MECC
+ typedef void ecc_point;
+#endif
+
+#ifndef MRSA
+ typedef void rsa_key;
+#endif
+
+/** math descriptor */
+typedef struct {
+ /** Name of the math provider */
+ char *name;
+
+ /** Bits per digit, amount of bits must fit in an unsigned long */
+ int bits_per_digit;
+
+/* ---- init/deinit functions ---- */
+
+ /** initialize a bignum
+ @param a The number to initialize
+ @return CRYPT_OK on success
+ */
+ int (*init)(void **a);
+
+ /** init copy
+ @param dst The number to initialize and write to
+ @param src The number to copy from
+ @return CRYPT_OK on success
+ */
+ int (*init_copy)(void **dst, void *src);
+
+ /** deinit
+ @param a The number to free
+ @return CRYPT_OK on success
+ */
+ void (*deinit)(void *a);
+
+/* ---- data movement ---- */
+
+ /** negate
+ @param src The number to negate
+ @param dst The destination
+ @return CRYPT_OK on success
+ */
+ int (*neg)(void *src, void *dst);
+
+ /** copy
+ @param src The number to copy from
+ @param dst The number to write to
+ @return CRYPT_OK on success
+ */
+ int (*copy)(void *src, void *dst);
+
+/* ---- trivial low level functions ---- */
+
+ /** set small constant
+ @param a Number to write to
+ @param n Source upto bits_per_digit (actually meant for very small constants)
+ @return CRYPT_OK on succcess
+ */
+ int (*set_int)(void *a, unsigned long n);
+
+ /** get small constant
+ @param a Number to read, only fetches upto bits_per_digit from the number
+ @return The lower bits_per_digit of the integer (unsigned)
+ */
+ unsigned long (*get_int)(void *a);
+
+ /** get digit n
+ @param a The number to read from
+ @param n The number of the digit to fetch
+ @return The bits_per_digit sized n'th digit of a
+ */
+ unsigned long (*get_digit)(void *a, int n);
+
+ /** Get the number of digits that represent the number
+ @param a The number to count
+ @return The number of digits used to represent the number
+ */
+ int (*get_digit_count)(void *a);
+
+ /** compare two integers
+ @param a The left side integer
+ @param b The right side integer
+ @return LTC_MP_LT if a < b, LTC_MP_GT if a > b and LTC_MP_EQ otherwise. (signed comparison)
+ */
+ int (*compare)(void *a, void *b);
+
+ /** compare against int
+ @param a The left side integer
+ @param b The right side integer (upto bits_per_digit)
+ @return LTC_MP_LT if a < b, LTC_MP_GT if a > b and LTC_MP_EQ otherwise. (signed comparison)
+ */
+ int (*compare_d)(void *a, unsigned long n);
+
+ /** Count the number of bits used to represent the integer
+ @param a The integer to count
+ @return The number of bits required to represent the integer
+ */
+ int (*count_bits)(void * a);
+
+ /** Count the number of LSB bits which are zero
+ @param a The integer to count
+ @return The number of contiguous zero LSB bits
+ */
+ int (*count_lsb_bits)(void *a);
+
+ /** Compute a power of two
+ @param a The integer to store the power in
+ @param n The power of two you want to store (a = 2^n)
+ @return CRYPT_OK on success
+ */
+ int (*twoexpt)(void *a , int n);
+
+/* ---- radix conversions ---- */
+
+ /** read ascii string
+ @param a The integer to store into
+ @param str The string to read
+ @param radix The radix the integer has been represented in (2-64)
+ @return CRYPT_OK on success
+ */
+ int (*read_radix)(void *a, const char *str, int radix);
+
+ /** write number to string
+ @param a The integer to store
+ @param str The destination for the string
+ @param radix The radix the integer is to be represented in (2-64)
+ @return CRYPT_OK on success
+ */
+ int (*write_radix)(void *a, char *str, int radix);
+
+ /** get size as unsigned char string
+ @param a The integer to get the size (when stored in array of octets)
+ @return The length of the integer
+ */
+ unsigned long (*unsigned_size)(void *a);
+
+ /** store an integer as an array of octets
+ @param src The integer to store
+ @param dst The buffer to store the integer in
+ @return CRYPT_OK on success
+ */
+ int (*unsigned_write)(void *src, unsigned char *dst);
+
+ /** read an array of octets and store as integer
+ @param dst The integer to load
+ @param src The array of octets
+ @param len The number of octets
+ @return CRYPT_OK on success
+ */
+ int (*unsigned_read)(void *dst, unsigned char *src, unsigned long len);
+
+/* ---- basic math ---- */
+
+ /** add two integers
+ @param a The first source integer
+ @param b The second source integer
+ @param c The destination of "a + b"
+ @return CRYPT_OK on success
+ */
+ int (*add)(void *a, void *b, void *c);
+
+
+ /** add two integers
+ @param a The first source integer
+ @param b The second source integer (single digit of upto bits_per_digit in length)
+ @param c The destination of "a + b"
+ @return CRYPT_OK on success
+ */
+ int (*addi)(void *a, unsigned long b, void *c);
+
+ /** subtract two integers
+ @param a The first source integer
+ @param b The second source integer
+ @param c The destination of "a - b"
+ @return CRYPT_OK on success
+ */
+ int (*sub)(void *a, void *b, void *c);
+
+ /** subtract two integers
+ @param a The first source integer
+ @param b The second source integer (single digit of upto bits_per_digit in length)
+ @param c The destination of "a - b"
+ @return CRYPT_OK on success
+ */
+ int (*subi)(void *a, unsigned long b, void *c);
+
+ /** multiply two integers
+ @param a The first source integer
+ @param b The second source integer (single digit of upto bits_per_digit in length)
+ @param c The destination of "a * b"
+ @return CRYPT_OK on success
+ */
+ int (*mul)(void *a, void *b, void *c);
+
+ /** multiply two integers
+ @param a The first source integer
+ @param b The second source integer (single digit of upto bits_per_digit in length)
+ @param c The destination of "a * b"
+ @return CRYPT_OK on success
+ */
+ int (*muli)(void *a, unsigned long b, void *c);
+
+ /** Square an integer
+ @param a The integer to square
+ @param b The destination
+ @return CRYPT_OK on success
+ */
+ int (*sqr)(void *a, void *b);
+
+ /** Divide an integer
+ @param a The dividend
+ @param b The divisor
+ @param c The quotient (can be NULL to signify don't care)
+ @param d The remainder (can be NULL to signify don't care)
+ @return CRYPT_OK on success
+ */
+ int (*mpdiv)(void *a, void *b, void *c, void *d);
+
+ /** divide by two
+ @param a The integer to divide (shift right)
+ @param b The destination
+ @return CRYPT_OK on success
+ */
+ int (*div_2)(void *a, void *b);
+
+ /** Get remainder (small value)
+ @param a The integer to reduce
+ @param b The modulus (upto bits_per_digit in length)
+ @param c The destination for the residue
+ @return CRYPT_OK on success
+ */
+ int (*modi)(void *a, unsigned long b, unsigned long *c);
+
+ /** gcd
+ @param a The first integer
+ @param b The second integer
+ @param c The destination for (a, b)
+ @return CRYPT_OK on success
+ */
+ int (*gcd)(void *a, void *b, void *c);
+
+ /** lcm
+ @param a The first integer
+ @param b The second integer
+ @param c The destination for [a, b]
+ @return CRYPT_OK on success
+ */
+ int (*lcm)(void *a, void *b, void *c);
+
+ /** Modular multiplication
+ @param a The first source
+ @param b The second source
+ @param c The modulus
+ @param d The destination (a*b mod c)
+ @return CRYPT_OK on success
+ */
+ int (*mulmod)(void *a, void *b, void *c, void *d);
+
+ /** Modular squaring
+ @param a The first source
+ @param b The modulus
+ @param c The destination (a*a mod b)
+ @return CRYPT_OK on success
+ */
+ int (*sqrmod)(void *a, void *b, void *c);
+
+ /** Modular inversion
+ @param a The value to invert
+ @param b The modulus
+ @param c The destination (1/a mod b)
+ @return CRYPT_OK on success
+ */
+ int (*invmod)(void *, void *, void *);
+
+/* ---- reduction ---- */
+
+ /** setup montgomery
+ @param a The modulus
+ @param b The destination for the reduction digit
+ @return CRYPT_OK on success
+ */
+ int (*montgomery_setup)(void *a, void **b);
+
+ /** get normalization value
+ @param a The destination for the normalization value
+ @param b The modulus
+ @return CRYPT_OK on success
+ */
+ int (*montgomery_normalization)(void *a, void *b);
+
+ /** reduce a number
+ @param a The number [and dest] to reduce
+ @param b The modulus
+ @param c The value "b" from montgomery_setup()
+ @return CRYPT_OK on success
+ */
+ int (*montgomery_reduce)(void *a, void *b, void *c);
+
+ /** clean up (frees memory)
+ @param a The value "b" from montgomery_setup()
+ @return CRYPT_OK on success
+ */
+ void (*montgomery_deinit)(void *a);
+
+/* ---- exponentiation ---- */
+
+ /** Modular exponentiation
+ @param a The base integer
+ @param b The power (can be negative) integer
+ @param c The modulus integer
+ @param d The destination
+ @return CRYPT_OK on success
+ */
+ int (*exptmod)(void *a, void *b, void *c, void *d);
+
+ /** Primality testing
+ @param a The integer to test
+ @param b The destination of the result (FP_YES if prime)
+ @return CRYPT_OK on success
+ */
+ int (*isprime)(void *a, int *b);
+
+/* ---- (optional) ecc point math ---- */
+
+ /** ECC GF(p) point multiplication (from the NIST curves)
+ @param k The integer to multiply the point by
+ @param G The point to multiply
+ @param R The destination for kG
+ @param modulus The modulus for the field
+ @param map Boolean indicated whether to map back to affine or not (can be ignored if you work in affine only)
+ @return CRYPT_OK on success
+ */
+ int (*ecc_ptmul)(void *k, ecc_point *G, ecc_point *R, void *modulus, int map);
+
+ /** ECC GF(p) point addition
+ @param P The first point
+ @param Q The second point
+ @param R The destination of P + Q
+ @param modulus The modulus
+ @param mp The "b" value from montgomery_setup()
+ @return CRYPT_OK on success
+ */
+ int (*ecc_ptadd)(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp);
+
+ /** ECC GF(p) point double
+ @param P The first point
+ @param R The destination of 2P
+ @param modulus The modulus
+ @param mp The "b" value from montgomery_setup()
+ @return CRYPT_OK on success
+ */
+ int (*ecc_ptdbl)(ecc_point *P, ecc_point *R, void *modulus, void *mp);
+
+ /** ECC mapping from projective to affine, currently uses (x,y,z) => (x/z^2, y/z^3, 1)
+ @param P The point to map
+ @param modulus The modulus
+ @param mp The "b" value from montgomery_setup()
+ @return CRYPT_OK on success
+ @remark The mapping can be different but keep in mind a ecc_point only has three
+ integers (x,y,z) so if you use a different mapping you have to make it fit.
+ */
+ int (*ecc_map)(ecc_point *P, void *modulus, void *mp);
+
+ /** Computes kA*A + kB*B = C using Shamir's Trick
+ @param A First point to multiply
+ @param kA What to multiple A by
+ @param B Second point to multiply
+ @param kB What to multiple B by
+ @param C [out] Destination point (can overlap with A or B
+ @param modulus Modulus for curve
+ @return CRYPT_OK on success
+ */
+ int (*ecc_mul2add)(ecc_point *A, void *kA,
+ ecc_point *B, void *kB,
+ ecc_point *C,
+ void *modulus);
+
+/* ---- (optional) rsa optimized math (for internal CRT) ---- */
+
+ /** RSA Key Generation
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG desired
+ @param size The size of the modulus (key size) desired (octets)
+ @param e The "e" value (public key). e==65537 is a good choice
+ @param key [out] Destination of a newly created private key pair
+ @return CRYPT_OK if successful, upon error all allocated ram is freed
+ */
+ int (*rsa_keygen)(prng_state *prng, int wprng, int size, long e, rsa_key *key);
+
+
+ /** RSA exponentiation
+ @param in The octet array representing the base
+ @param inlen The length of the input
+ @param out The destination (to be stored in an octet array format)
+ @param outlen The length of the output buffer and the resulting size (zero padded to the size of the modulus)
+ @param which PK_PUBLIC for public RSA and PK_PRIVATE for private RSA
+ @param key The RSA key to use
+ @return CRYPT_OK on success
+ */
+ int (*rsa_me)(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen, int which,
+ rsa_key *key);
+} ltc_math_descriptor;
+
+extern ltc_math_descriptor ltc_mp;
+
+int ltc_init_multi(void **a, ...);
+void ltc_deinit_multi(void *a, ...);
+
+#ifdef LTM_DESC
+extern const ltc_math_descriptor ltm_desc;
+#endif
+
+#ifdef TFM_DESC
+extern const ltc_math_descriptor tfm_desc;
+#endif
+
+#ifdef GMP_DESC
+extern const ltc_math_descriptor gmp_desc;
+#endif
+
+#if !defined(DESC_DEF_ONLY) && defined(LTC_SOURCE)
+
+#define MP_DIGIT_BIT ltc_mp.bits_per_digit
+
+/* some handy macros */
+#define mp_init(a) ltc_mp.init(a)
+#define mp_init_multi ltc_init_multi
+#define mp_clear(a) ltc_mp.deinit(a)
+#define mp_clear_multi ltc_deinit_multi
+#define mp_init_copy(a, b) ltc_mp.init_copy(a, b)
+
+#define mp_neg(a, b) ltc_mp.neg(a, b)
+#define mp_copy(a, b) ltc_mp.copy(a, b)
+
+#define mp_set(a, b) ltc_mp.set_int(a, b)
+#define mp_set_int(a, b) ltc_mp.set_int(a, b)
+#define mp_get_int(a) ltc_mp.get_int(a)
+#define mp_get_digit(a, n) ltc_mp.get_digit(a, n)
+#define mp_get_digit_count(a) ltc_mp.get_digit_count(a)
+#define mp_cmp(a, b) ltc_mp.compare(a, b)
+#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b)
+#define mp_count_bits(a) ltc_mp.count_bits(a)
+#define mp_cnt_lsb(a) ltc_mp.count_lsb_bits(a)
+#define mp_2expt(a, b) ltc_mp.twoexpt(a, b)
+
+#define mp_read_radix(a, b, c) ltc_mp.read_radix(a, b, c)
+#define mp_toradix(a, b, c) ltc_mp.write_radix(a, b, c)
+#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a)
+#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b)
+#define mp_read_unsigned_bin(a, b, c) ltc_mp.unsigned_read(a, b, c)
+
+#define mp_add(a, b, c) ltc_mp.add(a, b, c)
+#define mp_add_d(a, b, c) ltc_mp.addi(a, b, c)
+#define mp_sub(a, b, c) ltc_mp.sub(a, b, c)
+#define mp_sub_d(a, b, c) ltc_mp.subi(a, b, c)
+#define mp_mul(a, b, c) ltc_mp.mul(a, b, c)
+#define mp_mul_d(a, b, c) ltc_mp.muli(a, b, c)
+#define mp_sqr(a, b) ltc_mp.sqr(a, b)
+#define mp_div(a, b, c, d) ltc_mp.mpdiv(a, b, c, d)
+#define mp_div_2(a, b) ltc_mp.div_2(a, b)
+#define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c)
+#define mp_mod_d(a, b, c) ltc_mp.modi(a, b, c)
+#define mp_gcd(a, b, c) ltc_mp.gcd(a, b, c)
+#define mp_lcm(a, b, c) ltc_mp.lcm(a, b, c)
+
+#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d)
+#define mp_sqrmod(a, b, c) ltc_mp.sqrmod(a, b, c)
+#define mp_invmod(a, b, c) ltc_mp.invmod(a, b, c)
+
+#define mp_montgomery_setup(a, b) ltc_mp.montgomery_setup(a, b)
+#define mp_montgomery_normalization(a, b) ltc_mp.montgomery_normalization(a, b)
+#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c)
+#define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a)
+
+#define mp_exptmod(a,b,c,d) ltc_mp.exptmod(a,b,c,d)
+#define mp_prime_is_prime(a, b, c) ltc_mp.isprime(a, c)
+
+#define mp_iszero(a) (mp_cmp_d(a, 0) == LTC_MP_EQ ? LTC_MP_YES : LTC_MP_NO)
+#define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO)
+#define mp_exch(a, b) do { void *ABC__tmp = a; a = b; b = ABC__tmp; } while(0);
+
+#define mp_tohex(a, b) mp_toradix(a, b, 16)
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_math.h,v $ */
+/* $Revision: 1.43 $ */
+/* $Date: 2006/12/02 19:23:13 $ */
diff --git a/src/headers/tomcrypt_misc.h b/src/headers/tomcrypt_misc.h
index 3b44795..0b444f8 100644
--- a/src/headers/tomcrypt_misc.h
+++ b/src/headers/tomcrypt_misc.h
@@ -12,10 +12,12 @@ void zeromem(void *dst, size_t len);
void burn_stack(unsigned long len);
const char *error_to_string(int err);
-int mpi_to_ltc_error(int err);
extern const char *crypt_build_settings;
+/* ---- HMM ---- */
+int crypt_fsa(void *mp, ...);
+
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_misc.h,v $ */
-/* $Revision: 1.2 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/06 03:03:01 $ */
diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h
index 4f047de..3a0d7ab 100644
--- a/src/headers/tomcrypt_pk.h
+++ b/src/headers/tomcrypt_pk.h
@@ -1,81 +1,11 @@
/* ---- NUMBER THEORY ---- */
-#ifdef MPI
-
-#include "ltc_tommath.h"
-
-/* in/out macros */
-#define OUTPUT_BIGNUM(num, out, y, z) \
-{ \
- if ((y + 4) > *outlen) { return CRYPT_BUFFER_OVERFLOW; } \
- z = (unsigned long)mp_unsigned_bin_size(num); \
- STORE32L(z, out+y); \
- y += 4; \
- if ((y + z) > *outlen) { return CRYPT_BUFFER_OVERFLOW; } \
- if ((err = mp_to_unsigned_bin(num, out+y)) != MP_OKAY) { return mpi_to_ltc_error(err); } \
- y += z; \
-}
-
-
-#define INPUT_BIGNUM(num, in, x, y, inlen) \
-{ \
- /* load value */ \
- if ((y + 4) > inlen) { \
- err = CRYPT_INVALID_PACKET; \
- goto error; \
- } \
- LOAD32L(x, in+y); \
- y += 4; \
- \
- /* sanity check... */ \
- if ((x+y) > inlen) { \
- err = CRYPT_INVALID_PACKET; \
- goto error; \
- } \
- \
- /* load it */ \
- if ((err = mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x)) != MP_OKAY) {\
- err = mpi_to_ltc_error(err); \
- goto error; \
- } \
- y += x; \
- if ((err = mp_shrink(num)) != MP_OKAY) { \
- err = mpi_to_ltc_error(err); \
- goto error; \
- } \
-}
-
- int is_prime(mp_int *, int *);
- int rand_prime(mp_int *N, long len, prng_state *prng, int wprng);
-#else
- #ifdef MRSA
- #error RSA requires the big int library
- #endif
- #ifdef MECC
- #error ECC requires the big int library
- #endif
- #ifdef MDH
- #error DH requires the big int library
- #endif
- #ifdef MDSA
- #error DSA requires the big int library
- #endif
-#endif /* MPI */
-
-
-/* ---- PUBLIC KEY CRYPTO ---- */
-
-#define PK_PRIVATE 0 /* PK private keys */
-#define PK_PUBLIC 1 /* PK public keys */
-
-/* ---- PACKET ---- */
-#ifdef PACKET
-
-void packet_store_header(unsigned char *dst, int section, int subsection);
-int packet_valid_header(unsigned char *src, int section, int subsection);
-
-#endif
+enum {
+ PK_PUBLIC=0,
+ PK_PRIVATE=1
+};
+int rand_prime(void *N, long len, prng_state *prng, int wprng);
/* ---- RSA ---- */
#ifdef MRSA
@@ -84,9 +14,26 @@ int packet_valid_header(unsigned char *src, int section, int subsection);
#define MIN_RSA_SIZE 1024
#define MAX_RSA_SIZE 4096
+/** RSA PKCS style key */
typedef struct Rsa_key {
+ /** Type of key, PK_PRIVATE or PK_PUBLIC */
int type;
- mp_int e, d, N, p, q, qP, dP, dQ;
+ /** The public exponent */
+ void *e;
+ /** The private exponent */
+ void *d;
+ /** The modulus */
+ void *N;
+ /** The p factor of N */
+ void *p;
+ /** The q factor of N */
+ void *q;
+ /** The 1/q mod p CRT param */
+ void *qP;
+ /** The d mod (p - 1) CRT param */
+ void *dP;
+ /** The d mod (q - 1) CRT param */
+ void *dQ;
} rsa_key;
int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key);
@@ -98,27 +45,42 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
void rsa_free(rsa_key *key);
/* These use PKCS #1 v2.0 padding */
-int rsa_encrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- const unsigned char *lparam, unsigned long lparamlen,
- prng_state *prng, int prng_idx, int hash_idx, rsa_key *key);
-
-int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- const unsigned char *lparam, unsigned long lparamlen,
- int hash_idx, int *stat,
- rsa_key *key);
-
-int rsa_sign_hash(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int prng_idx,
- int hash_idx, unsigned long saltlen,
- rsa_key *key);
-
-int rsa_verify_hash(const unsigned char *sig, unsigned long siglen,
- const unsigned char *hash, unsigned long hashlen,
- int hash_idx, unsigned long saltlen,
- int *stat, rsa_key *key);
+#define rsa_encrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, _key) \
+ rsa_encrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, LTC_PKCS_1_OAEP, _key)
+
+#define rsa_decrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, _stat, _key) \
+ rsa_decrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, LTC_PKCS_1_OAEP, _stat, _key)
+
+#define rsa_sign_hash(_in, _inlen, _out, _outlen, _prng, _prng_idx, _hash_idx, _saltlen, _key) \
+ rsa_sign_hash_ex(_in, _inlen, _out, _outlen, LTC_PKCS_1_PSS, _prng, _prng_idx, _hash_idx, _saltlen, _key)
+
+#define rsa_verify_hash(_sig, _siglen, _hash, _hashlen, _hash_idx, _saltlen, _stat, _key) \
+ rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_PKCS_1_PSS, _hash_idx, _saltlen, _stat, _key)
+
+/* These can be switched between PKCS #1 v2.x and PKCS #1 v1.5 paddings */
+int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ prng_state *prng, int prng_idx, int hash_idx, int padding, rsa_key *key);
+
+int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ int hash_idx, int padding,
+ int *stat, rsa_key *key);
+
+int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ int padding,
+ prng_state *prng, int prng_idx,
+ int hash_idx, unsigned long saltlen,
+ rsa_key *key);
+
+int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
+ const unsigned char *hash, unsigned long hashlen,
+ int padding,
+ int hash_idx, unsigned long saltlen,
+ int *stat, rsa_key *key);
/* PKCS #1 import/export */
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key);
@@ -126,111 +88,252 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key);
#endif
-/* ---- DH Routines ---- */
-#ifdef MDH
+/* ---- Katja ---- */
+#ifdef MKAT
-typedef struct Dh_key {
- int idx, type;
- mp_int x, y;
-} dh_key;
+/* Min and Max KAT key sizes (in bits) */
+#define MIN_KAT_SIZE 1024
+#define MAX_KAT_SIZE 4096
-int dh_test(void);
-void dh_sizes(int *low, int *high);
-int dh_get_size(dh_key *key);
+/** Katja PKCS style key */
+typedef struct KAT_key {
+ /** Type of key, PK_PRIVATE or PK_PUBLIC */
+ int type;
+ /** The private exponent */
+ void *d;
+ /** The modulus */
+ void *N;
+ /** The p factor of N */
+ void *p;
+ /** The q factor of N */
+ void *q;
+ /** The 1/q mod p CRT param */
+ void *qP;
+ /** The d mod (p - 1) CRT param */
+ void *dP;
+ /** The d mod (q - 1) CRT param */
+ void *dQ;
+ /** The pq param */
+ void *pq;
+} katja_key;
+
+int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key);
+
+int katja_exptmod(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen, int which,
+ katja_key *key);
+
+void katja_free(katja_key *key);
-int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key);
-void dh_free(dh_key *key);
+/* These use PKCS #1 v2.0 padding */
+int katja_encrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ prng_state *prng, int prng_idx, int hash_idx, katja_key *key);
+
+int katja_decrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ int hash_idx, int *stat,
+ katja_key *key);
-int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key);
-int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key);
+/* PKCS #1 import/export */
+int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key);
+int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key);
+
+#endif
-int dh_shared_secret(dh_key *private_key, dh_key *public_key,
- unsigned char *out, unsigned long *outlen);
+/* ---- ECC Routines ---- */
+#ifdef MECC
-int dh_encrypt_key(const unsigned char *in, unsigned long keylen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, int hash,
- dh_key *key);
+/* size of our temp buffers for exported keys */
+#define ECC_BUF_SIZE 256
-int dh_decrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- dh_key *key);
+/* max private key size */
+#define ECC_MAXSIZE 66
-int dh_sign_hash(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, dh_key *key);
+/** Structure defines a NIST GF(p) curve */
+typedef struct {
+ /** The size of the curve in octets */
+ int size;
-int dh_verify_hash(const unsigned char *sig, unsigned long siglen,
- const unsigned char *hash, unsigned long hashlen,
- int *stat, dh_key *key);
+ /** name of curve */
+ char *name;
+ /** The prime that defines the field the curve is in (encoded in hex) */
+ char *prime;
-#endif
+ /** The fields B param (hex) */
+ char *B;
-/* ---- ECC Routines ---- */
-#ifdef MECC
+ /** The order of the curve (hex) */
+ char *order;
+
+ /** The x co-ordinate of the base point on the curve (hex) */
+ char *Gx;
+
+ /** The y co-ordinate of the base point on the curve (hex) */
+ char *Gy;
+} ltc_ecc_set_type;
+
+/** A point on a ECC curve, stored in Jacbobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpretted as affine */
typedef struct {
- mp_int x, y, z;
+ /** The x co-ordinate */
+ void *x;
+
+ /** The y co-ordinate */
+ void *y;
+
+ /** The z co-ordinate */
+ void *z;
} ecc_point;
+/** An ECC key */
typedef struct {
- int type, idx;
+ /** Type of key, PK_PRIVATE or PK_PUBLIC */
+ int type;
+
+ /** Index into the ltc_ecc_sets[] for the parameters of this curve; if -1, then this key is using user supplied curve in dp */
+ int idx;
+
+ /** pointer to domain parameters; either points to NIST curves (identified by idx >= 0) or user supplied curve */
+ const ltc_ecc_set_type *dp;
+
+ /** The public key */
ecc_point pubkey;
- mp_int k;
+
+ /** The private key */
+ void *k;
} ecc_key;
-int ecc_test(void);
+/** the ECC params provided */
+extern const ltc_ecc_set_type ltc_ecc_sets[];
+
+int ecc_test(void);
void ecc_sizes(int *low, int *high);
-int ecc_get_size(ecc_key *key);
+int ecc_get_size(ecc_key *key);
-int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key);
+int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key);
+int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp);
void ecc_free(ecc_key *key);
-int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key);
-int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key);
+int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key);
+int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key);
+int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp);
-int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
- unsigned char *out, unsigned long *outlen);
+int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen);
+int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key);
+int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp);
-int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, int hash,
- ecc_key *key);
+int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
+ unsigned char *out, unsigned long *outlen);
-int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- ecc_key *key);
+int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ prng_state *prng, int wprng, int hash,
+ ecc_key *key);
-int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, ecc_key *key);
+int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ ecc_key *key);
-int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
- const unsigned char *hash, unsigned long hashlen,
- int *stat, ecc_key *key);
+int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ prng_state *prng, int wprng, ecc_key *key);
+
+int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
+ const unsigned char *hash, unsigned long hashlen,
+ int *stat, ecc_key *key);
+
+/* low level functions */
+ecc_point *ltc_ecc_new_point(void);
+void ltc_ecc_del_point(ecc_point *p);
+int ltc_ecc_is_valid_idx(int n);
+
+/* point ops (mp == montgomery digit) */
+#if !defined(MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC)
+/* R = 2P */
+int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp);
+
+/* R = P + Q */
+int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp);
+#endif
+
+#if defined(MECC_FP)
+int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map);
+int ltc_ecc_fp_save_state(unsigned char **out, unsigned long *outlen);
+int ltc_ecc_fp_restore_state(unsigned char *in, unsigned long inlen);
+void ltc_ecc_fp_free(void);
+#endif
+
+/* R = kG */
+int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map);
+
+#ifdef LTC_ECC_SHAMIR
+/* kA*A + kB*B = C */
+int ltc_ecc_mul2add(ecc_point *A, void *kA,
+ ecc_point *B, void *kB,
+ ecc_point *C,
+ void *modulus);
+
+#ifdef MECC_FP
+int ltc_ecc_fp_mul2add(ecc_point *A, void *kA,
+ ecc_point *B, void *kB,
+ ecc_point *C, void *modulus);
+#endif
+
+#endif
+
+
+/* map P to affine from projective */
+int ltc_ecc_map(ecc_point *P, void *modulus, void *mp);
#endif
#ifdef MDSA
+/* Max diff between group and modulus size in bytes */
+#define MDSA_DELTA 512
+
+/* Max DSA group size in bytes (default allows 4k-bit groups) */
+#define MDSA_MAX_GROUP 512
+
+/** DSA key structure */
typedef struct {
- int type, qord;
- mp_int g, q, p, x, y;
+ /** The key type, PK_PRIVATE or PK_PUBLIC */
+ int type;
+
+ /** The order of the sub-group used in octets */
+ int qord;
+
+ /** The generator */
+ void *g;
+
+ /** The prime used to generate the sub-group */
+ void *q;
+
+ /** The large prime that generats the field the contains the sub-group */
+ void *p;
+
+ /** The private key */
+ void *x;
+
+ /** The public key */
+ void *y;
} dsa_key;
int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key);
void dsa_free(dsa_key *key);
-
int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen,
- mp_int *r, mp_int *s,
+ void *r, void *s,
prng_state *prng, int wprng, dsa_key *key);
int dsa_sign_hash(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
prng_state *prng, int wprng, dsa_key *key);
-int dsa_verify_hash_raw( mp_int *r, mp_int *s,
+int dsa_verify_hash_raw( void *r, void *s,
const unsigned char *hash, unsigned long hashlen,
int *stat, dsa_key *key);
@@ -238,12 +341,22 @@ int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
const unsigned char *hash, unsigned long hashlen,
int *stat, dsa_key *key);
+int dsa_encrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ prng_state *prng, int wprng, int hash,
+ dsa_key *key);
+
+int dsa_decrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ dsa_key *key);
+
int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key);
-
int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key);
-
int dsa_verify_key(dsa_key *key, int *stat);
+int dsa_shared_secret(void *private_key, void *base,
+ dsa_key *public_key,
+ unsigned char *out, unsigned long *outlen);
#endif
#ifdef LTC_DER
@@ -251,6 +364,7 @@ int dsa_verify_key(dsa_key *key, int *stat);
enum {
LTC_ASN1_EOL,
+ LTC_ASN1_BOOLEAN,
LTC_ASN1_INTEGER,
LTC_ASN1_SHORT_INTEGER,
LTC_ASN1_BIT_STRING,
@@ -259,17 +373,26 @@ enum {
LTC_ASN1_OBJECT_IDENTIFIER,
LTC_ASN1_IA5_STRING,
LTC_ASN1_PRINTABLE_STRING,
+ LTC_ASN1_UTF8_STRING,
LTC_ASN1_UTCTIME,
-
LTC_ASN1_CHOICE,
- LTC_ASN1_SEQUENCE
+ LTC_ASN1_SEQUENCE,
+ LTC_ASN1_SET,
+ LTC_ASN1_SETOF
};
-typedef struct {
+/** A LTC ASN.1 list type */
+typedef struct ltc_asn1_list_ {
+ /** The LTC ASN.1 enumerated type identifier */
int type;
+ /** The data to encode or place for decoding */
void *data;
+ /** The size of the input or resulting output */
unsigned long size;
+ /** The used flag, this is used by the CHOICE ASN.1 type to indicate which choice was made */
int used;
+ /** prev/next entry in the list */
+ struct ltc_asn1_list_ *prev, *next, *child, *parent;
} ltc_asn1_list;
#define LTC_SET_ASN1(list, index, Type, Data, Size) \
@@ -277,29 +400,53 @@ typedef struct {
int LTC_MACRO_temp = (index); \
ltc_asn1_list *LTC_MACRO_list = (list); \
LTC_MACRO_list[LTC_MACRO_temp].type = (Type); \
- LTC_MACRO_list[LTC_MACRO_temp].data = (Data); \
+ LTC_MACRO_list[LTC_MACRO_temp].data = (void*)(Data); \
LTC_MACRO_list[LTC_MACRO_temp].size = (Size); \
LTC_MACRO_list[LTC_MACRO_temp].used = 0; \
} while (0);
/* SEQUENCE */
-int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
- unsigned char *out, unsigned long *outlen);
+int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen, int type_of);
+
+#define der_encode_sequence(list, inlen, out, outlen) der_encode_sequence_ex(list, inlen, out, outlen, LTC_ASN1_SEQUENCE)
-int der_decode_sequence(const unsigned char *in, unsigned long inlen,
- ltc_asn1_list *list, unsigned long outlen);
+int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen,
+ ltc_asn1_list *list, unsigned long outlen, int ordered);
+
+#define der_decode_sequence(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 1)
int der_length_sequence(ltc_asn1_list *list, unsigned long inlen,
unsigned long *outlen);
-/* VA list handy helpers */
+/* SET */
+#define der_decode_set(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 0)
+#define der_length_set der_length_sequence
+int der_encode_set(ltc_asn1_list *list, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen);
+
+int der_encode_setof(ltc_asn1_list *list, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen);
+
+/* VA list handy helpers with triplets of <type, size, data> */
int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...);
int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...);
+/* FLEXI DECODER handle unknown list decoder */
+int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out);
+void der_free_sequence_flexi(ltc_asn1_list *list);
+void der_sequence_free(ltc_asn1_list *in);
+
+/* BOOLEAN */
+int der_length_boolean(unsigned long *outlen);
+int der_encode_boolean(int in,
+ unsigned char *out, unsigned long *outlen);
+int der_decode_boolean(const unsigned char *in, unsigned long inlen,
+ int *out);
/* INTEGER */
-int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen);
-int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num);
-int der_length_integer(mp_int *num, unsigned long *len);
+int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen);
+int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num);
+int der_length_integer(void *num, unsigned long *len);
/* INTEGER -- handy for 0..2^32-1 values */
int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsigned long *num);
@@ -348,6 +495,22 @@ int der_length_printable_string(const unsigned char *octets, unsigned long nocte
int der_printable_char_encode(int c);
int der_printable_value_decode(int v);
+/* UTF-8 */
+#if (defined(SIZE_MAX) || __STDC_VERSION__ >= 199901L || defined(WCHAR_MAX) || defined(_WCHAR_T) || defined(_WCHAR_T_DEFINED)) && !defined(LTC_NO_WCHAR)
+#include <wchar.h>
+#else
+typedef ulong32 wchar_t;
+#endif
+
+int der_encode_utf8_string(const wchar_t *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen);
+
+int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
+ wchar_t *out, unsigned long *outlen);
+unsigned long der_utf8_charsize(const wchar_t c);
+int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen);
+
+
/* CHOICE */
int der_decode_choice(const unsigned char *in, unsigned long *inlen,
ltc_asn1_list *list, unsigned long outlen);
@@ -377,5 +540,5 @@ int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen);
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_pk.h,v $ */
-/* $Revision: 1.30 $ */
-/* $Date: 2005/06/19 11:23:03 $ */
+/* $Revision: 1.77 $ */
+/* $Date: 2006/12/03 00:39:56 $ */
diff --git a/src/headers/tomcrypt_pkcs.h b/src/headers/tomcrypt_pkcs.h
index 8d850de..71bcdb9 100644
--- a/src/headers/tomcrypt_pkcs.h
+++ b/src/headers/tomcrypt_pkcs.h
@@ -3,12 +3,43 @@
/* ===> PKCS #1 -- RSA Cryptography <=== */
#ifdef PKCS_1
-int pkcs_1_mgf1(const unsigned char *seed, unsigned long seedlen,
- int hash_idx,
+enum ltc_pkcs_1_v1_5_blocks
+{
+ LTC_PKCS_1_EMSA = 1, /* Block type 1 (PKCS #1 v1.5 signature padding) */
+ LTC_PKCS_1_EME = 2 /* Block type 2 (PKCS #1 v1.5 encryption padding) */
+};
+
+enum ltc_pkcs_1_paddings
+{
+ LTC_PKCS_1_V1_5 = 1, /* PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */
+ LTC_PKCS_1_OAEP = 2, /* PKCS #1 v2.0 encryption padding */
+ LTC_PKCS_1_PSS = 3 /* PKCS #1 v2.1 signature padding */
+};
+
+int pkcs_1_mgf1( int hash_idx,
+ const unsigned char *seed, unsigned long seedlen,
unsigned char *mask, unsigned long masklen);
-int pkcs_1_i2osp(mp_int *n, unsigned long modulus_len, unsigned char *out);
-int pkcs_1_os2ip(mp_int *n, unsigned char *in, unsigned long inlen);
+int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out);
+int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen);
+
+/* *** v1.5 padding */
+int pkcs_1_v1_5_encode(const unsigned char *msg,
+ unsigned long msglen,
+ int block_type,
+ unsigned long modulus_bitlen,
+ prng_state *prng,
+ int prng_idx,
+ unsigned char *out,
+ unsigned long *outlen);
+
+int pkcs_1_v1_5_decode(const unsigned char *msg,
+ unsigned long msglen,
+ int block_type,
+ unsigned long modulus_bitlen,
+ unsigned char *out,
+ unsigned long *outlen,
+ int *is_valid);
/* *** v2.1 padding */
int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
@@ -54,5 +85,5 @@ int pkcs_5_alg2(const unsigned char *password, unsigned long password_len,
#endif /* PKCS_5 */
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_pkcs.h,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/14 11:46:08 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/15 12:44:59 $ */
diff --git a/src/headers/tomcrypt_prng.h b/src/headers/tomcrypt_prng.h
index f96d408..dd640c9 100644
--- a/src/headers/tomcrypt_prng.h
+++ b/src/headers/tomcrypt_prng.h
@@ -4,6 +4,7 @@ struct yarrow_prng {
int cipher, hash;
unsigned char pool[MAXBLOCKSIZE];
symmetric_CTR ctr;
+ LTC_MUTEX_TYPE(prng_lock)
};
#endif
@@ -28,6 +29,7 @@ struct fortuna_prng {
wd;
ulong64 reset_cnt; /* number of times we have reset */
+ LTC_MUTEX_TYPE(prng_lock)
};
#endif
@@ -46,6 +48,7 @@ struct sober128_prng {
#endif
typedef union Prng_state {
+ char dummy[1];
#ifdef YARROW
struct yarrow_prng yarrow;
#endif
@@ -60,6 +63,7 @@ typedef union Prng_state {
#endif
} prng_state;
+/** PRNG descriptor */
extern struct ltc_prng_descriptor {
/** Name of the PRNG */
char *name;
@@ -178,7 +182,7 @@ int find_prng(const char *name);
int register_prng(const struct ltc_prng_descriptor *prng);
int unregister_prng(const struct ltc_prng_descriptor *prng);
int prng_is_valid(int idx);
-LTC_MUTEX_PROTO(ltc_prng_mutex);
+LTC_MUTEX_PROTO(ltc_prng_mutex)
/* Slow RNG you **might** be able to use to seed a PRNG with. Be careful as this
* might not work on all platforms as planned
@@ -191,5 +195,5 @@ int rng_make_prng(int bits, int wprng, prng_state *prng, void (*callback)(void))
/* $Source: /cvs/libtom/libtomcrypt/src/headers/tomcrypt_prng.h,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/05 01:36:43 $ */
diff --git a/src/headers/tommath_class.h b/src/headers/tommath_class.h
deleted file mode 100644
index 02dd7cf..0000000
--- a/src/headers/tommath_class.h
+++ /dev/null
@@ -1,998 +0,0 @@
-#if !(defined(LTM1) && defined(LTM2) && defined(LTM3))
-#if defined(LTM2)
-#define LTM3
-#endif
-#if defined(LTM1)
-#define LTM2
-#endif
-#define LTM1
-
-#if defined(LTM_ALL)
-#define BN_ERROR_C
-#define BN_FAST_MP_INVMOD_C
-#define BN_FAST_MP_MONTGOMERY_REDUCE_C
-#define BN_FAST_S_MP_MUL_DIGS_C
-#define BN_FAST_S_MP_MUL_HIGH_DIGS_C
-#define BN_FAST_S_MP_SQR_C
-#define BN_MP_2EXPT_C
-#define BN_MP_ABS_C
-#define BN_MP_ADD_C
-#define BN_MP_ADD_D_C
-#define BN_MP_ADDMOD_C
-#define BN_MP_AND_C
-#define BN_MP_CLAMP_C
-#define BN_MP_CLEAR_C
-#define BN_MP_CLEAR_MULTI_C
-#define BN_MP_CMP_C
-#define BN_MP_CMP_D_C
-#define BN_MP_CMP_MAG_C
-#define BN_MP_CNT_LSB_C
-#define BN_MP_COPY_C
-#define BN_MP_COUNT_BITS_C
-#define BN_MP_DIV_C
-#define BN_MP_DIV_2_C
-#define BN_MP_DIV_2D_C
-#define BN_MP_DIV_3_C
-#define BN_MP_DIV_D_C
-#define BN_MP_DR_IS_MODULUS_C
-#define BN_MP_DR_REDUCE_C
-#define BN_MP_DR_SETUP_C
-#define BN_MP_EXCH_C
-#define BN_MP_EXPT_D_C
-#define BN_MP_EXPTMOD_C
-#define BN_MP_EXPTMOD_FAST_C
-#define BN_MP_EXTEUCLID_C
-#define BN_MP_FREAD_C
-#define BN_MP_FWRITE_C
-#define BN_MP_GCD_C
-#define BN_MP_GET_INT_C
-#define BN_MP_GROW_C
-#define BN_MP_INIT_C
-#define BN_MP_INIT_COPY_C
-#define BN_MP_INIT_MULTI_C
-#define BN_MP_INIT_SET_C
-#define BN_MP_INIT_SET_INT_C
-#define BN_MP_INIT_SIZE_C
-#define BN_MP_INVMOD_C
-#define BN_MP_INVMOD_SLOW_C
-#define BN_MP_IS_SQUARE_C
-#define BN_MP_JACOBI_C
-#define BN_MP_KARATSUBA_MUL_C
-#define BN_MP_KARATSUBA_SQR_C
-#define BN_MP_LCM_C
-#define BN_MP_LSHD_C
-#define BN_MP_MOD_C
-#define BN_MP_MOD_2D_C
-#define BN_MP_MOD_D_C
-#define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C
-#define BN_MP_MONTGOMERY_REDUCE_C
-#define BN_MP_MONTGOMERY_SETUP_C
-#define BN_MP_MUL_C
-#define BN_MP_MUL_2_C
-#define BN_MP_MUL_2D_C
-#define BN_MP_MUL_D_C
-#define BN_MP_MULMOD_C
-#define BN_MP_N_ROOT_C
-#define BN_MP_NEG_C
-#define BN_MP_OR_C
-#define BN_MP_PRIME_FERMAT_C
-#define BN_MP_PRIME_IS_DIVISIBLE_C
-#define BN_MP_PRIME_IS_PRIME_C
-#define BN_MP_PRIME_MILLER_RABIN_C
-#define BN_MP_PRIME_NEXT_PRIME_C
-#define BN_MP_PRIME_RABIN_MILLER_TRIALS_C
-#define BN_MP_PRIME_RANDOM_EX_C
-#define BN_MP_RADIX_SIZE_C
-#define BN_MP_RADIX_SMAP_C
-#define BN_MP_RAND_C
-#define BN_MP_READ_RADIX_C
-#define BN_MP_READ_SIGNED_BIN_C
-#define BN_MP_READ_UNSIGNED_BIN_C
-#define BN_MP_REDUCE_C
-#define BN_MP_REDUCE_2K_C
-#define BN_MP_REDUCE_2K_L_C
-#define BN_MP_REDUCE_2K_SETUP_C
-#define BN_MP_REDUCE_2K_SETUP_L_C
-#define BN_MP_REDUCE_IS_2K_C
-#define BN_MP_REDUCE_IS_2K_L_C
-#define BN_MP_REDUCE_SETUP_C
-#define BN_MP_RSHD_C
-#define BN_MP_SET_C
-#define BN_MP_SET_INT_C
-#define BN_MP_SHRINK_C
-#define BN_MP_SIGNED_BIN_SIZE_C
-#define BN_MP_SQR_C
-#define BN_MP_SQRMOD_C
-#define BN_MP_SQRT_C
-#define BN_MP_SUB_C
-#define BN_MP_SUB_D_C
-#define BN_MP_SUBMOD_C
-#define BN_MP_TO_SIGNED_BIN_C
-#define BN_MP_TO_SIGNED_BIN_N_C
-#define BN_MP_TO_UNSIGNED_BIN_C
-#define BN_MP_TO_UNSIGNED_BIN_N_C
-#define BN_MP_TOOM_MUL_C
-#define BN_MP_TOOM_SQR_C
-#define BN_MP_TORADIX_C
-#define BN_MP_TORADIX_N_C
-#define BN_MP_UNSIGNED_BIN_SIZE_C
-#define BN_MP_XOR_C
-#define BN_MP_ZERO_C
-#define BN_PRIME_TAB_C
-#define BN_REVERSE_C
-#define BN_S_MP_ADD_C
-#define BN_S_MP_EXPTMOD_C
-#define BN_S_MP_MUL_DIGS_C
-#define BN_S_MP_MUL_HIGH_DIGS_C
-#define BN_S_MP_SQR_C
-#define BN_S_MP_SUB_C
-#define BNCORE_C
-#endif
-
-#if defined(BN_ERROR_C)
- #define BN_MP_ERROR_TO_STRING_C
-#endif
-
-#if defined(BN_FAST_MP_INVMOD_C)
- #define BN_MP_ISEVEN_C
- #define BN_MP_INIT_MULTI_C
- #define BN_MP_COPY_C
- #define BN_MP_MOD_C
- #define BN_MP_SET_C
- #define BN_MP_DIV_2_C
- #define BN_MP_ISODD_C
- #define BN_MP_SUB_C
- #define BN_MP_CMP_C
- #define BN_MP_ISZERO_C
- #define BN_MP_CMP_D_C
- #define BN_MP_ADD_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_FAST_MP_MONTGOMERY_REDUCE_C)
- #define BN_MP_GROW_C
- #define BN_MP_RSHD_C
- #define BN_MP_CLAMP_C
- #define BN_MP_CMP_MAG_C
- #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_FAST_S_MP_MUL_DIGS_C)
- #define BN_MP_GROW_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_FAST_S_MP_MUL_HIGH_DIGS_C)
- #define BN_MP_GROW_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_FAST_S_MP_SQR_C)
- #define BN_MP_GROW_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_2EXPT_C)
- #define BN_MP_ZERO_C
- #define BN_MP_GROW_C
-#endif
-
-#if defined(BN_MP_ABS_C)
- #define BN_MP_COPY_C
-#endif
-
-#if defined(BN_MP_ADD_C)
- #define BN_S_MP_ADD_C
- #define BN_MP_CMP_MAG_C
- #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_ADD_D_C)
- #define BN_MP_GROW_C
- #define BN_MP_SUB_D_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_ADDMOD_C)
- #define BN_MP_INIT_C
- #define BN_MP_ADD_C
- #define BN_MP_CLEAR_C
- #define BN_MP_MOD_C
-#endif
-
-#if defined(BN_MP_AND_C)
- #define BN_MP_INIT_COPY_C
- #define BN_MP_CLAMP_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_CLAMP_C)
-#endif
-
-#if defined(BN_MP_CLEAR_C)
-#endif
-
-#if defined(BN_MP_CLEAR_MULTI_C)
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_CMP_C)
- #define BN_MP_CMP_MAG_C
-#endif
-
-#if defined(BN_MP_CMP_D_C)
-#endif
-
-#if defined(BN_MP_CMP_MAG_C)
-#endif
-
-#if defined(BN_MP_CNT_LSB_C)
- #define BN_MP_ISZERO_C
-#endif
-
-#if defined(BN_MP_COPY_C)
- #define BN_MP_GROW_C
-#endif
-
-#if defined(BN_MP_COUNT_BITS_C)
-#endif
-
-#if defined(BN_MP_DIV_C)
- #define BN_MP_ISZERO_C
- #define BN_MP_CMP_MAG_C
- #define BN_MP_COPY_C
- #define BN_MP_ZERO_C
- #define BN_MP_INIT_MULTI_C
- #define BN_MP_SET_C
- #define BN_MP_COUNT_BITS_C
- #define BN_MP_ABS_C
- #define BN_MP_MUL_2D_C
- #define BN_MP_CMP_C
- #define BN_MP_SUB_C
- #define BN_MP_ADD_C
- #define BN_MP_DIV_2D_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_MULTI_C
- #define BN_MP_INIT_SIZE_C
- #define BN_MP_INIT_C
- #define BN_MP_INIT_COPY_C
- #define BN_MP_LSHD_C
- #define BN_MP_RSHD_C
- #define BN_MP_MUL_D_C
- #define BN_MP_CLAMP_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_DIV_2_C)
- #define BN_MP_GROW_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_DIV_2D_C)
- #define BN_MP_COPY_C
- #define BN_MP_ZERO_C
- #define BN_MP_INIT_C
- #define BN_MP_MOD_2D_C
- #define BN_MP_CLEAR_C
- #define BN_MP_RSHD_C
- #define BN_MP_CLAMP_C
- #define BN_MP_EXCH_C
-#endif
-
-#if defined(BN_MP_DIV_3_C)
- #define BN_MP_INIT_SIZE_C
- #define BN_MP_CLAMP_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_DIV_D_C)
- #define BN_MP_ISZERO_C
- #define BN_MP_COPY_C
- #define BN_MP_DIV_2D_C
- #define BN_MP_DIV_3_C
- #define BN_MP_INIT_SIZE_C
- #define BN_MP_CLAMP_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_DR_IS_MODULUS_C)
-#endif
-
-#if defined(BN_MP_DR_REDUCE_C)
- #define BN_MP_GROW_C
- #define BN_MP_CLAMP_C
- #define BN_MP_CMP_MAG_C
- #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_DR_SETUP_C)
-#endif
-
-#if defined(BN_MP_EXCH_C)
-#endif
-
-#if defined(BN_MP_EXPT_D_C)
- #define BN_MP_INIT_COPY_C
- #define BN_MP_SET_C
- #define BN_MP_SQR_C
- #define BN_MP_CLEAR_C
- #define BN_MP_MUL_C
-#endif
-
-#if defined(BN_MP_EXPTMOD_C)
- #define BN_MP_INIT_C
- #define BN_MP_INVMOD_C
- #define BN_MP_CLEAR_C
- #define BN_MP_ABS_C
- #define BN_MP_CLEAR_MULTI_C
- #define BN_MP_REDUCE_IS_2K_L_C
- #define BN_S_MP_EXPTMOD_C
- #define BN_MP_DR_IS_MODULUS_C
- #define BN_MP_REDUCE_IS_2K_C
- #define BN_MP_ISODD_C
- #define BN_MP_EXPTMOD_FAST_C
-#endif
-
-#if defined(BN_MP_EXPTMOD_FAST_C)
- #define BN_MP_COUNT_BITS_C
- #define BN_MP_INIT_C
- #define BN_MP_CLEAR_C
- #define BN_MP_MONTGOMERY_SETUP_C
- #define BN_FAST_MP_MONTGOMERY_REDUCE_C
- #define BN_MP_MONTGOMERY_REDUCE_C
- #define BN_MP_DR_SETUP_C
- #define BN_MP_DR_REDUCE_C
- #define BN_MP_REDUCE_2K_SETUP_C
- #define BN_MP_REDUCE_2K_C
- #define BN_MP_MONTGOMERY_CALC_NORMALIZATION_C
- #define BN_MP_MULMOD_C
- #define BN_MP_SET_C
- #define BN_MP_MOD_C
- #define BN_MP_COPY_C
- #define BN_MP_SQR_C
- #define BN_MP_MUL_C
- #define BN_MP_EXCH_C
-#endif
-
-#if defined(BN_MP_EXTEUCLID_C)
- #define BN_MP_INIT_MULTI_C
- #define BN_MP_SET_C
- #define BN_MP_COPY_C
- #define BN_MP_ISZERO_C
- #define BN_MP_DIV_C
- #define BN_MP_MUL_C
- #define BN_MP_SUB_C
- #define BN_MP_NEG_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_MP_FREAD_C)
- #define BN_MP_ZERO_C
- #define BN_MP_S_RMAP_C
- #define BN_MP_MUL_D_C
- #define BN_MP_ADD_D_C
- #define BN_MP_CMP_D_C
-#endif
-
-#if defined(BN_MP_FWRITE_C)
- #define BN_MP_RADIX_SIZE_C
- #define BN_MP_TORADIX_C
-#endif
-
-#if defined(BN_MP_GCD_C)
- #define BN_MP_ISZERO_C
- #define BN_MP_ABS_C
- #define BN_MP_ZERO_C
- #define BN_MP_INIT_COPY_C
- #define BN_MP_CNT_LSB_C
- #define BN_MP_DIV_2D_C
- #define BN_MP_CMP_MAG_C
- #define BN_MP_EXCH_C
- #define BN_S_MP_SUB_C
- #define BN_MP_MUL_2D_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_GET_INT_C)
-#endif
-
-#if defined(BN_MP_GROW_C)
-#endif
-
-#if defined(BN_MP_INIT_C)
-#endif
-
-#if defined(BN_MP_INIT_COPY_C)
- #define BN_MP_COPY_C
-#endif
-
-#if defined(BN_MP_INIT_MULTI_C)
- #define BN_MP_ERR_C
- #define BN_MP_INIT_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_INIT_SET_C)
- #define BN_MP_INIT_C
- #define BN_MP_SET_C
-#endif
-
-#if defined(BN_MP_INIT_SET_INT_C)
- #define BN_MP_INIT_C
- #define BN_MP_SET_INT_C
-#endif
-
-#if defined(BN_MP_INIT_SIZE_C)
- #define BN_MP_INIT_C
-#endif
-
-#if defined(BN_MP_INVMOD_C)
- #define BN_MP_ISZERO_C
- #define BN_MP_ISODD_C
- #define BN_FAST_MP_INVMOD_C
- #define BN_MP_INVMOD_SLOW_C
-#endif
-
-#if defined(BN_MP_INVMOD_SLOW_C)
- #define BN_MP_ISZERO_C
- #define BN_MP_INIT_MULTI_C
- #define BN_MP_MOD_C
- #define BN_MP_COPY_C
- #define BN_MP_ISEVEN_C
- #define BN_MP_SET_C
- #define BN_MP_DIV_2_C
- #define BN_MP_ISODD_C
- #define BN_MP_ADD_C
- #define BN_MP_SUB_C
- #define BN_MP_CMP_C
- #define BN_MP_CMP_D_C
- #define BN_MP_CMP_MAG_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_MP_IS_SQUARE_C)
- #define BN_MP_MOD_D_C
- #define BN_MP_INIT_SET_INT_C
- #define BN_MP_MOD_C
- #define BN_MP_GET_INT_C
- #define BN_MP_SQRT_C
- #define BN_MP_SQR_C
- #define BN_MP_CMP_MAG_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_JACOBI_C)
- #define BN_MP_CMP_D_C
- #define BN_MP_ISZERO_C
- #define BN_MP_INIT_COPY_C
- #define BN_MP_CNT_LSB_C
- #define BN_MP_DIV_2D_C
- #define BN_MP_MOD_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_KARATSUBA_MUL_C)
- #define BN_MP_MUL_C
- #define BN_MP_INIT_SIZE_C
- #define BN_MP_CLAMP_C
- #define BN_MP_SUB_C
- #define BN_MP_ADD_C
- #define BN_MP_LSHD_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_KARATSUBA_SQR_C)
- #define BN_MP_INIT_SIZE_C
- #define BN_MP_CLAMP_C
- #define BN_MP_SQR_C
- #define BN_MP_SUB_C
- #define BN_S_MP_ADD_C
- #define BN_MP_LSHD_C
- #define BN_MP_ADD_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_LCM_C)
- #define BN_MP_INIT_MULTI_C
- #define BN_MP_GCD_C
- #define BN_MP_CMP_MAG_C
- #define BN_MP_DIV_C
- #define BN_MP_MUL_C
- #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_MP_LSHD_C)
- #define BN_MP_GROW_C
- #define BN_MP_RSHD_C
-#endif
-
-#if defined(BN_MP_MOD_C)
- #define BN_MP_INIT_C
- #define BN_MP_DIV_C
- #define BN_MP_CLEAR_C
- #define BN_MP_ADD_C
- #define BN_MP_EXCH_C
-#endif
-
-#if defined(BN_MP_MOD_2D_C)
- #define BN_MP_ZERO_C
- #define BN_MP_COPY_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_MOD_D_C)
- #define BN_MP_DIV_D_C
-#endif
-
-#if defined(BN_MP_MONTGOMERY_CALC_NORMALIZATION_C)
- #define BN_MP_COUNT_BITS_C
- #define BN_MP_2EXPT_C
- #define BN_MP_SET_C
- #define BN_MP_MUL_2_C
- #define BN_MP_CMP_MAG_C
- #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_MONTGOMERY_REDUCE_C)
- #define BN_FAST_MP_MONTGOMERY_REDUCE_C
- #define BN_MP_GROW_C
- #define BN_MP_CLAMP_C
- #define BN_MP_RSHD_C
- #define BN_MP_CMP_MAG_C
- #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_MONTGOMERY_SETUP_C)
-#endif
-
-#if defined(BN_MP_MUL_C)
- #define BN_MP_TOOM_MUL_C
- #define BN_MP_KARATSUBA_MUL_C
- #define BN_FAST_S_MP_MUL_DIGS_C
- #define BN_S_MP_MUL_C
- #define BN_S_MP_MUL_DIGS_C
-#endif
-
-#if defined(BN_MP_MUL_2_C)
- #define BN_MP_GROW_C
-#endif
-
-#if defined(BN_MP_MUL_2D_C)
- #define BN_MP_COPY_C
- #define BN_MP_GROW_C
- #define BN_MP_LSHD_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_MUL_D_C)
- #define BN_MP_GROW_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_MULMOD_C)
- #define BN_MP_INIT_C
- #define BN_MP_MUL_C
- #define BN_MP_CLEAR_C
- #define BN_MP_MOD_C
-#endif
-
-#if defined(BN_MP_N_ROOT_C)
- #define BN_MP_INIT_C
- #define BN_MP_SET_C
- #define BN_MP_COPY_C
- #define BN_MP_EXPT_D_C
- #define BN_MP_MUL_C
- #define BN_MP_SUB_C
- #define BN_MP_MUL_D_C
- #define BN_MP_DIV_C
- #define BN_MP_CMP_C
- #define BN_MP_SUB_D_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_NEG_C)
- #define BN_MP_COPY_C
- #define BN_MP_ISZERO_C
-#endif
-
-#if defined(BN_MP_OR_C)
- #define BN_MP_INIT_COPY_C
- #define BN_MP_CLAMP_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_PRIME_FERMAT_C)
- #define BN_MP_CMP_D_C
- #define BN_MP_INIT_C
- #define BN_MP_EXPTMOD_C
- #define BN_MP_CMP_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_PRIME_IS_DIVISIBLE_C)
- #define BN_MP_MOD_D_C
-#endif
-
-#if defined(BN_MP_PRIME_IS_PRIME_C)
- #define BN_MP_CMP_D_C
- #define BN_MP_PRIME_IS_DIVISIBLE_C
- #define BN_MP_INIT_C
- #define BN_MP_SET_C
- #define BN_MP_PRIME_MILLER_RABIN_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_PRIME_MILLER_RABIN_C)
- #define BN_MP_CMP_D_C
- #define BN_MP_INIT_COPY_C
- #define BN_MP_SUB_D_C
- #define BN_MP_CNT_LSB_C
- #define BN_MP_DIV_2D_C
- #define BN_MP_EXPTMOD_C
- #define BN_MP_CMP_C
- #define BN_MP_SQRMOD_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_PRIME_NEXT_PRIME_C)
- #define BN_MP_CMP_D_C
- #define BN_MP_SET_C
- #define BN_MP_SUB_D_C
- #define BN_MP_ISEVEN_C
- #define BN_MP_MOD_D_C
- #define BN_MP_INIT_C
- #define BN_MP_ADD_D_C
- #define BN_MP_PRIME_MILLER_RABIN_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_PRIME_RABIN_MILLER_TRIALS_C)
-#endif
-
-#if defined(BN_MP_PRIME_RANDOM_EX_C)
- #define BN_MP_READ_UNSIGNED_BIN_C
- #define BN_MP_PRIME_IS_PRIME_C
- #define BN_MP_SUB_D_C
- #define BN_MP_DIV_2_C
- #define BN_MP_MUL_2_C
- #define BN_MP_ADD_D_C
-#endif
-
-#if defined(BN_MP_RADIX_SIZE_C)
- #define BN_MP_COUNT_BITS_C
- #define BN_MP_INIT_COPY_C
- #define BN_MP_ISZERO_C
- #define BN_MP_DIV_D_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_RADIX_SMAP_C)
- #define BN_MP_S_RMAP_C
-#endif
-
-#if defined(BN_MP_RAND_C)
- #define BN_MP_ZERO_C
- #define BN_MP_ADD_D_C
- #define BN_MP_LSHD_C
-#endif
-
-#if defined(BN_MP_READ_RADIX_C)
- #define BN_MP_ZERO_C
- #define BN_MP_S_RMAP_C
- #define BN_MP_MUL_D_C
- #define BN_MP_ADD_D_C
- #define BN_MP_ISZERO_C
-#endif
-
-#if defined(BN_MP_READ_SIGNED_BIN_C)
- #define BN_MP_READ_UNSIGNED_BIN_C
-#endif
-
-#if defined(BN_MP_READ_UNSIGNED_BIN_C)
- #define BN_MP_GROW_C
- #define BN_MP_ZERO_C
- #define BN_MP_MUL_2D_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_REDUCE_C)
- #define BN_MP_REDUCE_SETUP_C
- #define BN_MP_INIT_COPY_C
- #define BN_MP_RSHD_C
- #define BN_MP_MUL_C
- #define BN_S_MP_MUL_HIGH_DIGS_C
- #define BN_FAST_S_MP_MUL_HIGH_DIGS_C
- #define BN_MP_MOD_2D_C
- #define BN_S_MP_MUL_DIGS_C
- #define BN_MP_SUB_C
- #define BN_MP_CMP_D_C
- #define BN_MP_SET_C
- #define BN_MP_LSHD_C
- #define BN_MP_ADD_C
- #define BN_MP_CMP_C
- #define BN_S_MP_SUB_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_REDUCE_2K_C)
- #define BN_MP_INIT_C
- #define BN_MP_COUNT_BITS_C
- #define BN_MP_DIV_2D_C
- #define BN_MP_MUL_D_C
- #define BN_S_MP_ADD_C
- #define BN_MP_CMP_MAG_C
- #define BN_S_MP_SUB_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_REDUCE_2K_L_C)
- #define BN_MP_INIT_C
- #define BN_MP_COUNT_BITS_C
- #define BN_MP_DIV_2D_C
- #define BN_MP_MUL_C
- #define BN_S_MP_ADD_C
- #define BN_MP_CMP_MAG_C
- #define BN_S_MP_SUB_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_REDUCE_2K_SETUP_C)
- #define BN_MP_INIT_C
- #define BN_MP_COUNT_BITS_C
- #define BN_MP_2EXPT_C
- #define BN_MP_CLEAR_C
- #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_REDUCE_2K_SETUP_L_C)
- #define BN_MP_INIT_C
- #define BN_MP_2EXPT_C
- #define BN_MP_COUNT_BITS_C
- #define BN_S_MP_SUB_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_REDUCE_IS_2K_C)
- #define BN_MP_REDUCE_2K_C
- #define BN_MP_COUNT_BITS_C
-#endif
-
-#if defined(BN_MP_REDUCE_IS_2K_L_C)
-#endif
-
-#if defined(BN_MP_REDUCE_SETUP_C)
- #define BN_MP_2EXPT_C
- #define BN_MP_DIV_C
-#endif
-
-#if defined(BN_MP_RSHD_C)
- #define BN_MP_ZERO_C
-#endif
-
-#if defined(BN_MP_SET_C)
- #define BN_MP_ZERO_C
-#endif
-
-#if defined(BN_MP_SET_INT_C)
- #define BN_MP_ZERO_C
- #define BN_MP_MUL_2D_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_SHRINK_C)
-#endif
-
-#if defined(BN_MP_SIGNED_BIN_SIZE_C)
- #define BN_MP_UNSIGNED_BIN_SIZE_C
-#endif
-
-#if defined(BN_MP_SQR_C)
- #define BN_MP_TOOM_SQR_C
- #define BN_MP_KARATSUBA_SQR_C
- #define BN_FAST_S_MP_SQR_C
- #define BN_S_MP_SQR_C
-#endif
-
-#if defined(BN_MP_SQRMOD_C)
- #define BN_MP_INIT_C
- #define BN_MP_SQR_C
- #define BN_MP_CLEAR_C
- #define BN_MP_MOD_C
-#endif
-
-#if defined(BN_MP_SQRT_C)
- #define BN_MP_N_ROOT_C
- #define BN_MP_ISZERO_C
- #define BN_MP_ZERO_C
- #define BN_MP_INIT_COPY_C
- #define BN_MP_RSHD_C
- #define BN_MP_DIV_C
- #define BN_MP_ADD_C
- #define BN_MP_DIV_2_C
- #define BN_MP_CMP_MAG_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_SUB_C)
- #define BN_S_MP_ADD_C
- #define BN_MP_CMP_MAG_C
- #define BN_S_MP_SUB_C
-#endif
-
-#if defined(BN_MP_SUB_D_C)
- #define BN_MP_GROW_C
- #define BN_MP_ADD_D_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_MP_SUBMOD_C)
- #define BN_MP_INIT_C
- #define BN_MP_SUB_C
- #define BN_MP_CLEAR_C
- #define BN_MP_MOD_C
-#endif
-
-#if defined(BN_MP_TO_SIGNED_BIN_C)
- #define BN_MP_TO_UNSIGNED_BIN_C
-#endif
-
-#if defined(BN_MP_TO_SIGNED_BIN_N_C)
- #define BN_MP_SIGNED_BIN_SIZE_C
- #define BN_MP_TO_SIGNED_BIN_C
-#endif
-
-#if defined(BN_MP_TO_UNSIGNED_BIN_C)
- #define BN_MP_INIT_COPY_C
- #define BN_MP_ISZERO_C
- #define BN_MP_DIV_2D_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_TO_UNSIGNED_BIN_N_C)
- #define BN_MP_UNSIGNED_BIN_SIZE_C
- #define BN_MP_TO_UNSIGNED_BIN_C
-#endif
-
-#if defined(BN_MP_TOOM_MUL_C)
- #define BN_MP_INIT_MULTI_C
- #define BN_MP_MOD_2D_C
- #define BN_MP_COPY_C
- #define BN_MP_RSHD_C
- #define BN_MP_MUL_C
- #define BN_MP_MUL_2_C
- #define BN_MP_ADD_C
- #define BN_MP_SUB_C
- #define BN_MP_DIV_2_C
- #define BN_MP_MUL_2D_C
- #define BN_MP_MUL_D_C
- #define BN_MP_DIV_3_C
- #define BN_MP_LSHD_C
- #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_MP_TOOM_SQR_C)
- #define BN_MP_INIT_MULTI_C
- #define BN_MP_MOD_2D_C
- #define BN_MP_COPY_C
- #define BN_MP_RSHD_C
- #define BN_MP_SQR_C
- #define BN_MP_MUL_2_C
- #define BN_MP_ADD_C
- #define BN_MP_SUB_C
- #define BN_MP_DIV_2_C
- #define BN_MP_MUL_2D_C
- #define BN_MP_MUL_D_C
- #define BN_MP_DIV_3_C
- #define BN_MP_LSHD_C
- #define BN_MP_CLEAR_MULTI_C
-#endif
-
-#if defined(BN_MP_TORADIX_C)
- #define BN_MP_ISZERO_C
- #define BN_MP_INIT_COPY_C
- #define BN_MP_DIV_D_C
- #define BN_MP_CLEAR_C
- #define BN_MP_S_RMAP_C
-#endif
-
-#if defined(BN_MP_TORADIX_N_C)
- #define BN_MP_ISZERO_C
- #define BN_MP_INIT_COPY_C
- #define BN_MP_DIV_D_C
- #define BN_MP_CLEAR_C
- #define BN_MP_S_RMAP_C
-#endif
-
-#if defined(BN_MP_UNSIGNED_BIN_SIZE_C)
- #define BN_MP_COUNT_BITS_C
-#endif
-
-#if defined(BN_MP_XOR_C)
- #define BN_MP_INIT_COPY_C
- #define BN_MP_CLAMP_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_MP_ZERO_C)
-#endif
-
-#if defined(BN_PRIME_TAB_C)
-#endif
-
-#if defined(BN_REVERSE_C)
-#endif
-
-#if defined(BN_S_MP_ADD_C)
- #define BN_MP_GROW_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BN_S_MP_EXPTMOD_C)
- #define BN_MP_COUNT_BITS_C
- #define BN_MP_INIT_C
- #define BN_MP_CLEAR_C
- #define BN_MP_REDUCE_SETUP_C
- #define BN_MP_REDUCE_C
- #define BN_MP_REDUCE_2K_SETUP_L_C
- #define BN_MP_REDUCE_2K_L_C
- #define BN_MP_MOD_C
- #define BN_MP_COPY_C
- #define BN_MP_SQR_C
- #define BN_MP_MUL_C
- #define BN_MP_SET_C
- #define BN_MP_EXCH_C
-#endif
-
-#if defined(BN_S_MP_MUL_DIGS_C)
- #define BN_FAST_S_MP_MUL_DIGS_C
- #define BN_MP_INIT_SIZE_C
- #define BN_MP_CLAMP_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_S_MP_MUL_HIGH_DIGS_C)
- #define BN_FAST_S_MP_MUL_HIGH_DIGS_C
- #define BN_MP_INIT_SIZE_C
- #define BN_MP_CLAMP_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_S_MP_SQR_C)
- #define BN_MP_INIT_SIZE_C
- #define BN_MP_CLAMP_C
- #define BN_MP_EXCH_C
- #define BN_MP_CLEAR_C
-#endif
-
-#if defined(BN_S_MP_SUB_C)
- #define BN_MP_GROW_C
- #define BN_MP_CLAMP_C
-#endif
-
-#if defined(BNCORE_C)
-#endif
-
-#ifdef LTM3
-#define LTM_LAST
-#endif
-#include <tommath_superclass.h>
-#include <tommath_class.h>
-#else
-#define LTM_LAST
-#endif
-
-/* $Source: /cvs/libtom/libtomcrypt/src/headers/tommath_class.h,v $ */
-/* $Revision: 1.2 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
diff --git a/src/headers/tommath_superclass.h b/src/headers/tommath_superclass.h
deleted file mode 100644
index 89f3f57..0000000
--- a/src/headers/tommath_superclass.h
+++ /dev/null
@@ -1,80 +0,0 @@
-/* super class file for PK algos */
-
-/* default ... include all MPI */
-#ifndef SC_RSA_1
-
-#define LTM_ALL
-
-#endif
-
-/* RSA only (does not support DH/DSA/ECC) */
-/* #define SC_RSA_1 */
-
-/* For reference.... On an Athlon64 optimizing for speed...
-
- LTM's mpi.o with all functions [striped] is 142KiB in size.
-
-*/
-
-/* Works for RSA only, mpi.o is 68KiB */
-#ifdef SC_RSA_1
- #define BN_MP_SHRINK_C
- #define BN_MP_LCM_C
- #define BN_MP_PRIME_RANDOM_EX_C
- #define BN_MP_INVMOD_C
- #define BN_MP_GCD_C
- #define BN_MP_MOD_C
- #define BN_MP_MULMOD_C
- #define BN_MP_ADDMOD_C
- #define BN_MP_EXPTMOD_C
- #define BN_MP_SET_INT_C
- #define BN_MP_INIT_MULTI_C
- #define BN_MP_CLEAR_MULTI_C
- #define BN_MP_UNSIGNED_BIN_SIZE_C
- #define BN_MP_TO_UNSIGNED_BIN_C
- #define BN_MP_MOD_D_C
- #define BN_MP_PRIME_RABIN_MILLER_TRIALS_C
- #define BN_REVERSE_C
- #define BN_PRIME_TAB_C
-
- /* other modifiers */
- #define BN_MP_DIV_SMALL /* Slower division, not critical */
-
- /* here we are on the last pass so we turn things off. The functions classes are still there
- * but we remove them specifically from the build. This also invokes tweaks in functions
- * like removing support for even moduli, etc...
- */
-#ifdef LTM_LAST
- #undef BN_MP_TOOM_MUL_C
- #undef BN_MP_TOOM_SQR_C
- #undef BN_MP_KARATSUBA_MUL_C
- #undef BN_MP_KARATSUBA_SQR_C
- #undef BN_MP_REDUCE_C
- #undef BN_MP_REDUCE_SETUP_C
- #undef BN_MP_DR_IS_MODULUS_C
- #undef BN_MP_DR_SETUP_C
- #undef BN_MP_DR_REDUCE_C
- #undef BN_MP_REDUCE_IS_2K_C
- #undef BN_MP_REDUCE_2K_SETUP_C
- #undef BN_MP_REDUCE_2K_C
- #undef BN_S_MP_EXPTMOD_C
- #undef BN_MP_DIV_3_C
- #undef BN_S_MP_MUL_HIGH_DIGS_C
- #undef BN_FAST_S_MP_MUL_HIGH_DIGS_C
- #undef BN_FAST_MP_INVMOD_C
-
- /* To safely undefine these you have to make sure your RSA key won't exceed the Comba threshold
- * which is roughly 255 digits [7140 bits for 32-bit machines, 15300 bits for 64-bit machines]
- * which means roughly speaking you can handle upto 2536-bit RSA keys with these defined without
- * trouble.
- */
- #undef BN_S_MP_MUL_DIGS_C
- #undef BN_S_MP_SQR_C
- #undef BN_MP_MONTGOMERY_REDUCE_C
-#endif
-
-#endif
-
-/* $Source: /cvs/libtom/libtomcrypt/src/headers/tommath_superclass.h,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/14 13:27:20 $ */
diff --git a/src/mac/f9/f9_done.c b/src/mac/f9/f9_done.c
new file mode 100644
index 0000000..1794ecc
--- /dev/null
+++ b/src/mac/f9/f9_done.c
@@ -0,0 +1,77 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f9_done.c
+ f9 Support, terminate the state
+*/
+
+#ifdef LTC_F9_MODE
+
+/** Terminate the f9-MAC state
+ @param f9 f9 state to terminate
+ @param out [out] Destination for the MAC tag
+ @param outlen [in/out] Destination size and final tag size
+ Return CRYPT_OK on success
+*/
+int f9_done(f9_state *f9, unsigned char *out, unsigned long *outlen)
+{
+ int err, x;
+ LTC_ARGCHK(f9 != NULL);
+ LTC_ARGCHK(out != NULL);
+
+ /* check structure */
+ if ((err = cipher_is_valid(f9->cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((f9->blocksize > cipher_descriptor[f9->cipher].block_length) || (f9->blocksize < 0) ||
+ (f9->buflen > f9->blocksize) || (f9->buflen < 0)) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ if (f9->buflen != 0) {
+ /* encrypt */
+ cipher_descriptor[f9->cipher].ecb_encrypt(f9->IV, f9->IV, &f9->key);
+ f9->buflen = 0;
+ for (x = 0; x < f9->blocksize; x++) {
+ f9->ACC[x] ^= f9->IV[x];
+ }
+ }
+
+ /* schedule modified key */
+ if ((err = cipher_descriptor[f9->cipher].setup(f9->akey, f9->keylen, 0, &f9->key)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* encrypt the ACC */
+ cipher_descriptor[f9->cipher].ecb_encrypt(f9->ACC, f9->ACC, &f9->key);
+ cipher_descriptor[f9->cipher].done(&f9->key);
+
+ /* extract tag */
+ for (x = 0; x < f9->blocksize && (unsigned long)x < *outlen; x++) {
+ out[x] = f9->ACC[x];
+ }
+ *outlen = x;
+
+#ifdef LTC_CLEAN_STACK
+ zeromem(f9, sizeof(*f9));
+#endif
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/f9/f9_done.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/09 01:53:32 $ */
+
diff --git a/src/mac/f9/f9_file.c b/src/mac/f9/f9_file.c
new file mode 100644
index 0000000..4c53e76
--- /dev/null
+++ b/src/mac/f9/f9_file.c
@@ -0,0 +1,83 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f9_file.c
+ f9 support, process a file, Tom St Denis
+*/
+
+#ifdef LTC_F9_MODE
+
+/**
+ f9 a file
+ @param cipher The index of the cipher desired
+ @param key The secret key
+ @param keylen The length of the secret key (octets)
+ @param filename The name of the file you wish to f9
+ @param out [out] Where the authentication tag is to be stored
+ @param outlen [in/out] The max size and resulting size of the authentication tag
+ @return CRYPT_OK if successful, CRYPT_NOP if file support has been disabled
+*/
+int f9_file(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ const char *filename,
+ unsigned char *out, unsigned long *outlen)
+{
+#ifdef LTC_NO_FILE
+ return CRYPT_NOP;
+#else
+ int err, x;
+ f9_state f9;
+ FILE *in;
+ unsigned char buf[512];
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(filename != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ in = fopen(filename, "rb");
+ if (in == NULL) {
+ return CRYPT_FILE_NOTFOUND;
+ }
+
+ if ((err = f9_init(&f9, cipher, key, keylen)) != CRYPT_OK) {
+ fclose(in);
+ return err;
+ }
+
+ do {
+ x = fread(buf, 1, sizeof(buf), in);
+ if ((err = f9_process(&f9, buf, x)) != CRYPT_OK) {
+ fclose(in);
+ return err;
+ }
+ } while (x == sizeof(buf));
+ fclose(in);
+
+ if ((err = f9_done(&f9, out, outlen)) != CRYPT_OK) {
+ return err;
+ }
+
+#ifdef LTC_CLEAN_STACK
+ zeromem(buf, sizeof(buf));
+#endif
+
+ return CRYPT_OK;
+#endif
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/f9/f9_file.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 00:18:23 $ */
diff --git a/src/mac/f9/f9_init.c b/src/mac/f9/f9_init.c
new file mode 100644
index 0000000..aefd8a7
--- /dev/null
+++ b/src/mac/f9/f9_init.c
@@ -0,0 +1,70 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f9_init.c
+ F9 Support, start an F9 state
+*/
+
+#ifdef LTC_F9_MODE
+
+/** Initialize F9-MAC state
+ @param f9 [out] f9 state to initialize
+ @param cipher Index of cipher to use
+ @param key [in] Secret key
+ @param keylen Length of secret key in octets
+ Return CRYPT_OK on success
+*/
+int f9_init(f9_state *f9, int cipher, const unsigned char *key, unsigned long keylen)
+{
+ int x, err;
+
+ LTC_ARGCHK(f9 != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* schedule the key */
+ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+#ifdef LTC_FAST
+ if (cipher_descriptor[cipher].block_length % sizeof(LTC_FAST_TYPE)) {
+ return CRYPT_INVALID_ARG;
+ }
+#endif
+
+ if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &f9->key)) != CRYPT_OK) {
+ goto done;
+ }
+
+ /* make the second key */
+ for (x = 0; (unsigned)x < keylen; x++) {
+ f9->akey[x] = key[x] ^ 0xAA;
+ }
+
+ /* setup struct */
+ zeromem(f9->IV, cipher_descriptor[cipher].block_length);
+ zeromem(f9->ACC, cipher_descriptor[cipher].block_length);
+ f9->blocksize = cipher_descriptor[cipher].block_length;
+ f9->cipher = cipher;
+ f9->buflen = 0;
+ f9->keylen = keylen;
+done:
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/f9/f9_init.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/08 22:54:18 $ */
+
diff --git a/src/mac/f9/f9_memory.c b/src/mac/f9/f9_memory.c
new file mode 100644
index 0000000..2b3901a
--- /dev/null
+++ b/src/mac/f9/f9_memory.c
@@ -0,0 +1,71 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f9_process.c
+ f9 Support, Process a block through F9-MAC
+*/
+
+#ifdef LTC_F9_MODE
+
+/** f9-MAC a block of memory
+ @param cipher Index of cipher to use
+ @param key [in] Secret key
+ @param keylen Length of key in octets
+ @param in [in] Message to MAC
+ @param inlen Length of input in octets
+ @param out [out] Destination for the MAC tag
+ @param outlen [in/out] Output size and final tag size
+ Return CRYPT_OK on success.
+*/
+int f9_memory(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen)
+{
+ f9_state *f9;
+ int err;
+
+ /* is the cipher valid? */
+ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* Use accelerator if found */
+ if (cipher_descriptor[cipher].f9_memory != NULL) {
+ return cipher_descriptor[cipher].f9_memory(key, keylen, in, inlen, out, outlen);
+ }
+
+ f9 = XCALLOC(1, sizeof(*f9));
+ if (f9 == NULL) {
+ return CRYPT_MEM;
+ }
+
+ if ((err = f9_init(f9, cipher, key, keylen)) != CRYPT_OK) {
+ goto done;
+ }
+
+ if ((err = f9_process(f9, in, inlen)) != CRYPT_OK) {
+ goto done;
+ }
+
+ err = f9_done(f9, out, outlen);
+done:
+ XFREE(f9);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/f9/f9_memory.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 23:02:42 $ */
diff --git a/src/mac/f9/f9_memory_multi.c b/src/mac/f9/f9_memory_multi.c
new file mode 100644
index 0000000..5b315f5
--- /dev/null
+++ b/src/mac/f9/f9_memory_multi.c
@@ -0,0 +1,90 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+#include <stdarg.h>
+
+/**
+ @file f9_memory_multi.c
+ f9 support, process multiple blocks of memory, Tom St Denis
+*/
+
+#ifdef LTC_F9_MODE
+
+/**
+ f9 multiple blocks of memory
+ @param cipher The index of the desired cipher
+ @param key The secret key
+ @param keylen The length of the secret key (octets)
+ @param out [out] The destination of the authentication tag
+ @param outlen [in/out] The max size and resulting size of the authentication tag (octets)
+ @param in The data to send through f9
+ @param inlen The length of the data to send through f9 (octets)
+ @param ... tuples of (data,len) pairs to f9, terminated with a (NULL,x) (x=don't care)
+ @return CRYPT_OK if successful
+*/
+int f9_memory_multi(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *in, unsigned long inlen, ...)
+{
+ int err;
+ f9_state *f9;
+ va_list args;
+ const unsigned char *curptr;
+ unsigned long curlen;
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ /* allocate ram for f9 state */
+ f9 = XMALLOC(sizeof(f9_state));
+ if (f9 == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* f9 process the message */
+ if ((err = f9_init(f9, cipher, key, keylen)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ va_start(args, inlen);
+ curptr = in;
+ curlen = inlen;
+ for (;;) {
+ /* process buf */
+ if ((err = f9_process(f9, curptr, curlen)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ /* step to next */
+ curptr = va_arg(args, const unsigned char*);
+ if (curptr == NULL) {
+ break;
+ }
+ curlen = va_arg(args, unsigned long);
+ }
+ if ((err = f9_done(f9, out, outlen)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+ zeromem(f9, sizeof(f9_state));
+#endif
+ XFREE(f9);
+ va_end(args);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/f9/f9_memory_multi.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/11/08 21:50:13 $ */
diff --git a/src/mac/f9/f9_process.c b/src/mac/f9/f9_process.c
new file mode 100644
index 0000000..e8bd88b
--- /dev/null
+++ b/src/mac/f9/f9_process.c
@@ -0,0 +1,78 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f9_process.c
+ f9 Support, process blocks with f9
+*/
+
+#ifdef LTC_F9_MODE
+
+/** Process data through f9-MAC
+ @param f9 The f9-MAC state
+ @param in Input data to process
+ @param inlen Length of input in octets
+ Return CRYPT_OK on success
+*/
+int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen)
+{
+ int err, x;
+
+ LTC_ARGCHK(f9 != NULL);
+ LTC_ARGCHK(in != NULL);
+
+ /* check structure */
+ if ((err = cipher_is_valid(f9->cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((f9->blocksize > cipher_descriptor[f9->cipher].block_length) || (f9->blocksize < 0) ||
+ (f9->buflen > f9->blocksize) || (f9->buflen < 0)) {
+ return CRYPT_INVALID_ARG;
+ }
+
+#ifdef LTC_FAST
+ if (f9->buflen == 0) {
+ while (inlen >= (unsigned long)f9->blocksize) {
+ for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE*)&(f9->IV[x])) ^= *((LTC_FAST_TYPE*)&(in[x]));
+ }
+ cipher_descriptor[f9->cipher].ecb_encrypt(f9->IV, f9->IV, &f9->key);
+ for (x = 0; x < f9->blocksize; x += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE*)&(f9->ACC[x])) ^= *((LTC_FAST_TYPE*)&(f9->IV[x]));
+ }
+ in += f9->blocksize;
+ inlen -= f9->blocksize;
+ }
+ }
+#endif
+
+ while (inlen) {
+ if (f9->buflen == f9->blocksize) {
+ cipher_descriptor[f9->cipher].ecb_encrypt(f9->IV, f9->IV, &f9->key);
+ for (x = 0; x < f9->blocksize; x++) {
+ f9->ACC[x] ^= f9->IV[x];
+ }
+ f9->buflen = 0;
+ }
+ f9->IV[f9->buflen++] ^= *in++;
+ --inlen;
+ }
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/f9/f9_process.c,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/12/16 17:41:21 $ */
+
diff --git a/src/mac/f9/f9_test.c b/src/mac/f9/f9_test.c
new file mode 100644
index 0000000..4cddfe6
--- /dev/null
+++ b/src/mac/f9/f9_test.c
@@ -0,0 +1,78 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f9_test.c
+ f9 Support, Test F9 mode
+*/
+
+#ifdef LTC_F9_MODE
+
+/** Test f9-MAC mode
+ Return CRYPT_OK on succes
+*/
+int f9_test(void)
+{
+#ifdef LTC_NO_TEST
+ return CRYPT_NOP;
+#else
+ static const struct {
+ int msglen;
+ unsigned char K[16], M[128], T[4];
+ } tests[] = {
+{
+ 20,
+ { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00, 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 },
+ { 0x38, 0xA6, 0xF0, 0x56, 0xB8, 0xAE, 0xFD, 0xA9, 0x33, 0x32, 0x34, 0x62, 0x63, 0x39, 0x38, 0x61, 0x37, 0x34, 0x79, 0x40 },
+ { 0x46, 0xE0, 0x0D, 0x4B }
+},
+
+{
+ 105,
+ { 0x83, 0xFD, 0x23, 0xA2, 0x44, 0xA7, 0x4C, 0xF3, 0x58, 0xDA, 0x30, 0x19, 0xF1, 0x72, 0x26, 0x35 },
+ { 0x36, 0xAF, 0x61, 0x44, 0x4F, 0x30, 0x2A, 0xD2,
+ 0x35, 0xC6, 0x87, 0x16, 0x63, 0x3C, 0x66, 0xFB, 0x75, 0x0C, 0x26, 0x68, 0x65, 0xD5, 0x3C, 0x11, 0xEA, 0x05, 0xB1, 0xE9, 0xFA, 0x49, 0xC8, 0x39, 0x8D, 0x48, 0xE1, 0xEF, 0xA5, 0x90, 0x9D, 0x39,
+ 0x47, 0x90, 0x28, 0x37, 0xF5, 0xAE, 0x96, 0xD5, 0xA0, 0x5B, 0xC8, 0xD6, 0x1C, 0xA8, 0xDB, 0xEF, 0x1B, 0x13, 0xA4, 0xB4, 0xAB, 0xFE, 0x4F, 0xB1, 0x00, 0x60, 0x45, 0xB6, 0x74, 0xBB, 0x54, 0x72,
+ 0x93, 0x04, 0xC3, 0x82, 0xBE, 0x53, 0xA5, 0xAF, 0x05, 0x55, 0x61, 0x76, 0xF6, 0xEA, 0xA2, 0xEF, 0x1D, 0x05, 0xE4, 0xB0, 0x83, 0x18, 0x1E, 0xE6, 0x74, 0xCD, 0xA5, 0xA4, 0x85, 0xF7, 0x4D, 0x7A,
+ 0x40|0x80 },
+ { 0x95, 0xAE, 0x41, 0xBA },
+}
+};
+ unsigned char T[16];
+ unsigned long taglen;
+ int err, x, idx;
+
+ /* find kasumi */
+ if ((idx = find_cipher("kasumi")) == -1) {
+ return CRYPT_NOP;
+ }
+
+ for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+ taglen = 4;
+ if ((err = f9_memory(idx, tests[x].K, 16, tests[x].M, tests[x].msglen, T, &taglen)) != CRYPT_OK) {
+ return err;
+ }
+ if (taglen != 4 || XMEMCMP(T, tests[x].T, 4)) {
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+ }
+
+ return CRYPT_OK;
+#endif
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/f9/f9_test.c,v $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/21 23:02:42 $ */
+
diff --git a/src/mac/hmac/hmac_done.c b/src/mac/hmac/hmac_done.c
index f64d044..5ba541a 100644
--- a/src/mac/hmac/hmac_done.c
+++ b/src/mac/hmac/hmac_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
HMAC support, terminate stream, Tom St Denis/Dobes Vandermeer
*/
-#ifdef HMAC
+#ifdef LTC_HMAC
#define HMAC_BLOCKSIZE hash_descriptor[hash].blocksize
@@ -105,5 +105,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_done.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/hmac/hmac_file.c b/src/mac/hmac/hmac_file.c
index f88d692..b296320 100644
--- a/src/mac/hmac/hmac_file.c
+++ b/src/mac/hmac/hmac_file.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
HMAC support, process a file, Tom St Denis/Dobes Vandermeer
*/
-#ifdef HMAC
+#ifdef LTC_HMAC
/**
HMAC a file
@@ -89,5 +89,5 @@ int hmac_file(int hash, const char *fname,
/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_file.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/hmac/hmac_init.c b/src/mac/hmac/hmac_init.c
index e64d47f..2d61a9a 100644
--- a/src/mac/hmac/hmac_init.c
+++ b/src/mac/hmac/hmac_init.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
HMAC support, initialize state, Tom St Denis/Dobes Vandermeer
*/
-#ifdef HMAC
+#ifdef LTC_HMAC
#define HMAC_BLOCKSIZE hash_descriptor[hash].blocksize
@@ -108,5 +108,5 @@ done:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_init.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/hmac/hmac_memory.c b/src/mac/hmac/hmac_memory.c
index 99959f4..7dc364a 100644
--- a/src/mac/hmac/hmac_memory.c
+++ b/src/mac/hmac/hmac_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
HMAC support, process a block of memory, Tom St Denis/Dobes Vandermeer
*/
-#ifdef HMAC
+#ifdef LTC_HMAC
/**
HMAC a block of memory to produce the authentication tag
@@ -34,13 +34,24 @@ int hmac_memory(int hash,
unsigned char *out, unsigned long *outlen)
{
hmac_state *hmac;
- int err;
+ int err;
LTC_ARGCHK(key != NULL);
- LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
+ /* make sure hash descriptor is valid */
+ if ((err = hash_is_valid(hash)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* is there a descriptor? */
+ if (hash_descriptor[hash].hmac_block != NULL) {
+ return hash_descriptor[hash].hmac_block(key, keylen, in, inlen, out, outlen);
+ }
+
+ /* nope, so call the hmac functions */
/* allocate ram for hmac state */
hmac = XMALLOC(sizeof(hmac_state));
if (hmac == NULL) {
@@ -73,5 +84,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_memory.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/hmac/hmac_memory_multi.c b/src/mac/hmac/hmac_memory_multi.c
index b7a6d96..2382502 100644
--- a/src/mac/hmac/hmac_memory_multi.c
+++ b/src/mac/hmac/hmac_memory_multi.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
@@ -16,7 +16,7 @@
HMAC support, process multiple blocks of memory, Tom St Denis/Dobes Vandermeer
*/
-#ifdef HMAC
+#ifdef LTC_HMAC
/**
HMAC multiple blocks of memory to produce the authentication tag
@@ -88,5 +88,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_memory_multi.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/hmac/hmac_process.c b/src/mac/hmac/hmac_process.c
index 2919282..04b5ee2 100644
--- a/src/mac/hmac/hmac_process.c
+++ b/src/mac/hmac/hmac_process.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
HMAC support, process data, Tom St Denis/Dobes Vandermeer
*/
-#ifdef HMAC
+#ifdef LTC_HMAC
/**
Process data through HMAC
@@ -39,5 +39,5 @@ int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen)
/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_process.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/hmac/hmac_test.c b/src/mac/hmac/hmac_test.c
index 87758f5..4a03f87 100644
--- a/src/mac/hmac/hmac_test.c
+++ b/src/mac/hmac/hmac_test.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
HMAC support, self-test, Tom St Denis/Dobes Vandermeer
*/
-#ifdef HMAC
+#ifdef LTC_HMAC
#define HMAC_BLOCKSIZE hash_descriptor[hash].blocksize
@@ -55,7 +55,7 @@ int hmac_test(void)
3. Test Cases for HMAC-SHA-1
test_case = 1
- key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+ key = 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
key_len = 20
data = "Hi Ther 20
digest = 0x4c1a03424b55e07fe7f27be1d58bb9324a9a5a04
@@ -277,7 +277,7 @@ Key First"
return err;
}
- if(memcmp(digest, cases[i].digest, (size_t)hash_descriptor[hash].hashsize) != 0) {
+ if(XMEMCMP(digest, cases[i].digest, (size_t)hash_descriptor[hash].hashsize) != 0) {
failed++;
#if 0
unsigned int j;
@@ -312,5 +312,5 @@ Key First"
/* $Source: /cvs/libtom/libtomcrypt/src/mac/hmac/hmac_test.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/omac/omac_done.c b/src/mac/omac/omac_done.c
index 37292d5..7a0453b 100644
--- a/src/mac/omac/omac_done.c
+++ b/src/mac/omac/omac_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
OMAC1 support, terminate a stream, Tom St Denis
*/
-#ifdef OMAC
+#ifdef LTC_OMAC
/**
Terminate an OMAC stream
@@ -61,7 +61,9 @@ int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen)
}
/* encrypt it */
- cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->block, &omac->key);
+ if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->block, &omac->key)) != CRYPT_OK) {
+ return err;
+ }
cipher_descriptor[omac->cipher_idx].done(&omac->key);
/* output it */
@@ -80,5 +82,5 @@ int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen)
/* $Source: /cvs/libtom/libtomcrypt/src/mac/omac/omac_done.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/omac/omac_file.c b/src/mac/omac/omac_file.c
index 63784b0..7117ae3 100644
--- a/src/mac/omac/omac_file.c
+++ b/src/mac/omac/omac_file.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
OMAC1 support, process a file, Tom St Denis
*/
-#ifdef OMAC
+#ifdef LTC_OMAC
/**
OMAC a file
@@ -79,5 +79,5 @@ int omac_file(int cipher,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/omac/omac_file.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/omac/omac_init.c b/src/mac/omac/omac_init.c
index 8866772..cbf26a2 100644
--- a/src/mac/omac/omac_init.c
+++ b/src/mac/omac/omac_init.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef OMAC
+#ifdef LTC_OMAC
/**
Initialize an OMAC state
@@ -63,7 +63,9 @@ int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned l
/* first calc L which is Ek(0) */
zeromem(omac->Lu[0], cipher_descriptor[cipher].block_length);
- cipher_descriptor[cipher].ecb_encrypt(omac->Lu[0], omac->Lu[0], &omac->key);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(omac->Lu[0], omac->Lu[0], &omac->key)) != CRYPT_OK) {
+ return err;
+ }
/* now do the mults, whoopy! */
for (x = 0; x < 2; x++) {
@@ -95,5 +97,5 @@ int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned l
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/omac/omac_init.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/06/06 10:22:44 $ */
+/* $Revision: 1.10 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/omac/omac_memory.c b/src/mac/omac/omac_memory.c
index 3b1521c..50b2db0 100644
--- a/src/mac/omac/omac_memory.c
+++ b/src/mac/omac/omac_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
OMAC1 support, process a block of memory, Tom St Denis
*/
-#ifdef OMAC
+#ifdef LTC_OMAC
/**
OMAC a block of memory
@@ -41,6 +41,16 @@ int omac_memory(int cipher,
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
+ /* is the cipher valid? */
+ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* Use accelerator if found */
+ if (cipher_descriptor[cipher].omac_memory != NULL) {
+ return cipher_descriptor[cipher].omac_memory(key, keylen, in, inlen, out, outlen);
+ }
+
/* allocate ram for omac state */
omac = XMALLOC(sizeof(omac_state));
if (omac == NULL) {
@@ -71,5 +81,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/omac/omac_memory.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/mac/omac/omac_memory_multi.c b/src/mac/omac/omac_memory_multi.c
index 52f7323..4445ca2 100644
--- a/src/mac/omac/omac_memory_multi.c
+++ b/src/mac/omac/omac_memory_multi.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
@@ -16,7 +16,7 @@
OMAC1 support, process multiple blocks of memory, Tom St Denis
*/
-#ifdef OMAC
+#ifdef LTC_OMAC
/**
OMAC multiple blocks of memory
@@ -86,5 +86,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/omac/omac_memory_multi.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/omac/omac_process.c b/src/mac/omac/omac_process.c
index ca3ec6b..f4b96f5 100644
--- a/src/mac/omac/omac_process.c
+++ b/src/mac/omac/omac_process.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef OMAC
+#ifdef LTC_OMAC
/**
Process data through OMAC
@@ -49,7 +49,9 @@ int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen)
*((LTC_FAST_TYPE*)(&omac->prev[y])) ^= *((LTC_FAST_TYPE*)(&in[y]));
}
in += 16;
- cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->prev, omac->prev, &omac->key);
+ if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->prev, omac->prev, &omac->key)) != CRYPT_OK) {
+ return err;
+ }
}
inlen -= x;
}
@@ -61,7 +63,9 @@ int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen)
for (x = 0; x < (unsigned long)omac->blklen; x++) {
omac->block[x] ^= omac->prev[x];
}
- cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->prev, &omac->key);
+ if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->prev, &omac->key)) != CRYPT_OK) {
+ return err;
+ }
omac->buflen = 0;
}
@@ -80,5 +84,5 @@ int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen)
/* $Source: /cvs/libtom/libtomcrypt/src/mac/omac/omac_process.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/05/05 14:35:58 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/omac/omac_test.c b/src/mac/omac/omac_test.c
index 1bc9ead..3230a8c 100644
--- a/src/mac/omac/omac_test.c
+++ b/src/mac/omac/omac_test.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
OMAC1 support, self-test, by Tom St Denis
*/
-#ifdef OMAC
+#ifdef LTC_OMAC
/**
Test the OMAC setup
@@ -90,7 +90,7 @@ int omac_test(void)
return err;
}
- if (memcmp(out, tests[x].tag, 16) != 0) {
+ if (XMEMCMP(out, tests[x].tag, 16) != 0) {
#if 0
int y;
printf("\n\nTag: ");
@@ -106,5 +106,5 @@ int omac_test(void)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/omac/omac_test.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/pelican/pelican.c b/src/mac/pelican/pelican.c
index 85bf9ee..734cd38 100644
--- a/src/mac/pelican/pelican.c
+++ b/src/mac/pelican/pelican.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -18,9 +18,9 @@
#ifdef PELICAN
#define ENCRYPT_ONLY
+#define PELI_TAB
#include "../../ciphers/aes/aes_tab.c"
-
/**
Initialize a Pelican state
@param pelmac The Pelican state to initialize
@@ -161,5 +161,5 @@ int pelican_done(pelican_state *pelmac, unsigned char *out)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pelican/pelican.c,v $ */
-/* $Revision: 1.16 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.18 $ */
+/* $Date: 2006/04/02 13:19:10 $ */
diff --git a/src/mac/pelican/pelican_memory.c b/src/mac/pelican/pelican_memory.c
index 093340d..7dde843 100644
--- a/src/mac/pelican/pelican_memory.c
+++ b/src/mac/pelican/pelican_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -55,5 +55,5 @@ int pelican_memory(const unsigned char *key, unsigned long keylen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pelican/pelican_memory.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/mac/pelican/pelican_test.c b/src/mac/pelican/pelican_test.c
index 06ec3f0..3cff8ec 100644
--- a/src/mac/pelican/pelican_test.c
+++ b/src/mac/pelican/pelican_test.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -24,7 +24,7 @@ int pelican_test(void)
#else
static const struct {
unsigned char K[32], MSG[64], T[16];
- int keylen, ptlen;
+ int keylen, ptlen;
} tests[] = {
/* K=16, M=0 */
{
@@ -99,7 +99,7 @@ int pelican_test(void)
return err;
}
- if (memcmp(out, tests[x].T, 16)) {
+ if (XMEMCMP(out, tests[x].T, 16)) {
#if 0
int y;
printf("\nFailed test %d\n", x);
@@ -116,5 +116,5 @@ int pelican_test(void)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pelican/pelican_test.c,v $ */
-/* $Revision: 1.9 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/21 00:18:23 $ */
diff --git a/src/mac/pmac/pmac_done.c b/src/mac/pmac/pmac_done.c
index 09c430c..005f94f 100644
--- a/src/mac/pmac/pmac_done.c
+++ b/src/mac/pmac/pmac_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
PMAC implementation, terminate a session, by Tom St Denis
*/
-#ifdef PMAC
+#ifdef LTC_PMAC
int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen)
{
@@ -49,11 +49,13 @@ int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen)
}
/* encrypt it */
- cipher_descriptor[state->cipher_idx].ecb_encrypt(state->checksum, state->checksum, &state->key);
+ if ((err = cipher_descriptor[state->cipher_idx].ecb_encrypt(state->checksum, state->checksum, &state->key)) != CRYPT_OK) {
+ return err;
+ }
cipher_descriptor[state->cipher_idx].done(&state->key);
/* store it */
- for (x = 0; x < state->block_len && x <= (int)*outlen; x++) {
+ for (x = 0; x < state->block_len && x < (int)*outlen; x++) {
out[x] = state->checksum[x];
}
*outlen = x;
@@ -68,5 +70,5 @@ int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen)
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pmac/pmac_done.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/pmac/pmac_file.c b/src/mac/pmac/pmac_file.c
index 1034c6f..f8809e8 100644
--- a/src/mac/pmac/pmac_file.c
+++ b/src/mac/pmac/pmac_file.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
PMAC implementation, process a file, by Tom St Denis
*/
-#ifdef PMAC
+#ifdef LTC_PMAC
/**
PMAC a file
@@ -80,5 +80,5 @@ int pmac_file(int cipher,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pmac/pmac_file.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/pmac/pmac_init.c b/src/mac/pmac/pmac_init.c
index 5bd94a0..c842160 100644
--- a/src/mac/pmac/pmac_init.c
+++ b/src/mac/pmac/pmac_init.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
PMAC implementation, initialize state, by Tom St Denis
*/
-#ifdef PMAC
+#ifdef LTC_PMAC
static const struct {
int len;
@@ -87,7 +87,9 @@ int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned l
/* find L = E[0] */
zeromem(L, pmac->block_len);
- cipher_descriptor[cipher].ecb_encrypt(L, L, &pmac->key);
+ if ((err = cipher_descriptor[cipher].ecb_encrypt(L, L, &pmac->key)) != CRYPT_OK) {
+ goto error;
+ }
/* find Ls[i] = L << i for i == 0..31 */
XMEMCPY(pmac->Ls[0], L, pmac->block_len);
@@ -127,18 +129,19 @@ int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned l
zeromem(pmac->block, sizeof(pmac->block));
zeromem(pmac->Li, sizeof(pmac->Li));
zeromem(pmac->checksum, sizeof(pmac->checksum));
-
+ err = CRYPT_OK;
+error:
#ifdef LTC_CLEAN_STACK
zeromem(L, pmac->block_len);
#endif
XFREE(L);
- return CRYPT_OK;
+ return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pmac/pmac_init.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/pmac/pmac_memory.c b/src/mac/pmac/pmac_memory.c
index fcdef99..ca15e63 100644
--- a/src/mac/pmac/pmac_memory.c
+++ b/src/mac/pmac/pmac_memory.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
PMAC implementation, process a block of memory, by Tom St Denis
*/
-#ifdef PMAC
+#ifdef LTC_PMAC
/**
PMAC a block of memory
@@ -70,5 +70,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pmac/pmac_memory.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/pmac/pmac_memory_multi.c b/src/mac/pmac/pmac_memory_multi.c
index 2cc8572..70e2398 100644
--- a/src/mac/pmac/pmac_memory_multi.c
+++ b/src/mac/pmac/pmac_memory_multi.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
@@ -16,7 +16,7 @@
PMAC implementation, process multiple blocks of memory, by Tom St Denis
*/
-#ifdef PMAC
+#ifdef LTC_PMAC
/**
PMAC multiple blocks of memory
@@ -85,5 +85,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pmac/pmac_memory_multi.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/pmac/pmac_ntz.c b/src/mac/pmac/pmac_ntz.c
index 7ec4550..8322563 100644
--- a/src/mac/pmac/pmac_ntz.c
+++ b/src/mac/pmac/pmac_ntz.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
PMAC implementation, internal function, by Tom St Denis
*/
-#ifdef PMAC
+#ifdef LTC_PMAC
/**
Internal PMAC function
@@ -35,5 +35,5 @@ int pmac_ntz(unsigned long x)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pmac/pmac_ntz.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/pmac/pmac_process.c b/src/mac/pmac/pmac_process.c
index 9ebd44e..a191812 100644
--- a/src/mac/pmac/pmac_process.c
+++ b/src/mac/pmac/pmac_process.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef PMAC
+#ifdef LTC_PMAC
/**
Process data in a PMAC stream
@@ -50,7 +50,9 @@ int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen)
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&Z[y])) = *((LTC_FAST_TYPE*)(&in[y])) ^ *((LTC_FAST_TYPE*)(&pmac->Li[y]));
}
- cipher_descriptor[pmac->cipher_idx].ecb_encrypt(Z, Z, &pmac->key);
+ if ((err = cipher_descriptor[pmac->cipher_idx].ecb_encrypt(Z, Z, &pmac->key)) != CRYPT_OK) {
+ return err;
+ }
for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
*((LTC_FAST_TYPE*)(&pmac->checksum[y])) ^= *((LTC_FAST_TYPE*)(&Z[y]));
}
@@ -67,7 +69,9 @@ int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen)
for (x = 0; x < (unsigned long)pmac->block_len; x++) {
Z[x] = pmac->Li[x] ^ pmac->block[x];
}
- cipher_descriptor[pmac->cipher_idx].ecb_encrypt(Z, Z, &pmac->key);
+ if ((err = cipher_descriptor[pmac->cipher_idx].ecb_encrypt(Z, Z, &pmac->key)) != CRYPT_OK) {
+ return err;
+ }
for (x = 0; x < (unsigned long)pmac->block_len; x++) {
pmac->checksum[x] ^= Z[x];
}
@@ -92,5 +96,5 @@ int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pmac/pmac_process.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/pmac/pmac_shift_xor.c b/src/mac/pmac/pmac_shift_xor.c
index f24c22b..694a423 100644
--- a/src/mac/pmac/pmac_shift_xor.c
+++ b/src/mac/pmac/pmac_shift_xor.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
PMAC implementation, internal function, by Tom St Denis
*/
-#ifdef PMAC
+#ifdef LTC_PMAC
/**
Internal function. Performs the state update (adding correct multiple)
@@ -40,5 +40,5 @@ void pmac_shift_xor(pmac_state *pmac)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pmac/pmac_shift_xor.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/pmac/pmac_test.c b/src/mac/pmac/pmac_test.c
index 6d88703..a635e15 100644
--- a/src/mac/pmac/pmac_test.c
+++ b/src/mac/pmac/pmac_test.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef PMAC
+#ifdef LTC_PMAC
/**
Test the OMAC implementation
@@ -138,7 +138,7 @@ int pmac_test(void)
return err;
}
- if (memcmp(outtag, tests[x].tag, len)) {
+ if (XMEMCMP(outtag, tests[x].tag, len)) {
#if 0
unsigned long y;
printf("\nTAG:\n");
@@ -161,5 +161,5 @@ int pmac_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/mac/pmac/pmac_test.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/03 00:39:49 $ */
diff --git a/src/mac/xcbc/xcbc_done.c b/src/mac/xcbc/xcbc_done.c
new file mode 100644
index 0000000..687c24d
--- /dev/null
+++ b/src/mac/xcbc/xcbc_done.c
@@ -0,0 +1,77 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file xcbc_done.c
+ XCBC Support, terminate the state
+*/
+
+#ifdef LTC_XCBC
+
+/** Terminate the XCBC-MAC state
+ @param xcbc XCBC state to terminate
+ @param out [out] Destination for the MAC tag
+ @param outlen [in/out] Destination size and final tag size
+ Return CRYPT_OK on success
+*/
+int xcbc_done(xcbc_state *xcbc, unsigned char *out, unsigned long *outlen)
+{
+ int err, x;
+ LTC_ARGCHK(xcbc != NULL);
+ LTC_ARGCHK(out != NULL);
+
+ /* check structure */
+ if ((err = cipher_is_valid(xcbc->cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((xcbc->blocksize > cipher_descriptor[xcbc->cipher].block_length) || (xcbc->blocksize < 0) ||
+ (xcbc->buflen > xcbc->blocksize) || (xcbc->buflen < 0)) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* which key do we use? */
+ if (xcbc->buflen == xcbc->blocksize) {
+ /* k2 */
+ for (x = 0; x < xcbc->blocksize; x++) {
+ xcbc->IV[x] ^= xcbc->K[1][x];
+ }
+ } else {
+ xcbc->IV[xcbc->buflen] ^= 0x80;
+ /* k3 */
+ for (x = 0; x < xcbc->blocksize; x++) {
+ xcbc->IV[x] ^= xcbc->K[2][x];
+ }
+ }
+
+ /* encrypt */
+ cipher_descriptor[xcbc->cipher].ecb_encrypt(xcbc->IV, xcbc->IV, &xcbc->key);
+ cipher_descriptor[xcbc->cipher].done(&xcbc->key);
+
+ /* extract tag */
+ for (x = 0; x < xcbc->blocksize && (unsigned long)x < *outlen; x++) {
+ out[x] = xcbc->IV[x];
+ }
+ *outlen = x;
+
+#ifdef LTC_CLEAN_STACK
+ zeromem(xcbc, sizeof(*xcbc));
+#endif
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/xcbc/xcbc_done.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/07 03:23:46 $ */
+
diff --git a/src/mac/xcbc/xcbc_file.c b/src/mac/xcbc/xcbc_file.c
new file mode 100644
index 0000000..4a8f7af
--- /dev/null
+++ b/src/mac/xcbc/xcbc_file.c
@@ -0,0 +1,83 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file xcbc_file.c
+ XCBC support, process a file, Tom St Denis
+*/
+
+#ifdef LTC_XCBC
+
+/**
+ XCBC a file
+ @param cipher The index of the cipher desired
+ @param key The secret key
+ @param keylen The length of the secret key (octets)
+ @param filename The name of the file you wish to XCBC
+ @param out [out] Where the authentication tag is to be stored
+ @param outlen [in/out] The max size and resulting size of the authentication tag
+ @return CRYPT_OK if successful, CRYPT_NOP if file support has been disabled
+*/
+int xcbc_file(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ const char *filename,
+ unsigned char *out, unsigned long *outlen)
+{
+#ifdef LTC_NO_FILE
+ return CRYPT_NOP;
+#else
+ int err, x;
+ xcbc_state xcbc;
+ FILE *in;
+ unsigned char buf[512];
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(filename != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ in = fopen(filename, "rb");
+ if (in == NULL) {
+ return CRYPT_FILE_NOTFOUND;
+ }
+
+ if ((err = xcbc_init(&xcbc, cipher, key, keylen)) != CRYPT_OK) {
+ fclose(in);
+ return err;
+ }
+
+ do {
+ x = fread(buf, 1, sizeof(buf), in);
+ if ((err = xcbc_process(&xcbc, buf, x)) != CRYPT_OK) {
+ fclose(in);
+ return err;
+ }
+ } while (x == sizeof(buf));
+ fclose(in);
+
+ if ((err = xcbc_done(&xcbc, out, outlen)) != CRYPT_OK) {
+ return err;
+ }
+
+#ifdef LTC_CLEAN_STACK
+ zeromem(buf, sizeof(buf));
+#endif
+
+ return CRYPT_OK;
+#endif
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/xcbc/xcbc_file.c,v $ */
+/* $Revision: 1.1 $ */
+/* $Date: 2006/11/03 01:56:41 $ */
diff --git a/src/mac/xcbc/xcbc_init.c b/src/mac/xcbc/xcbc_init.c
new file mode 100644
index 0000000..3a0dcaf
--- /dev/null
+++ b/src/mac/xcbc/xcbc_init.c
@@ -0,0 +1,86 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file xcbc_init.c
+ XCBC Support, start an XCBC state
+*/
+
+#ifdef LTC_XCBC
+
+/** Initialize XCBC-MAC state
+ @param xcbc [out] XCBC state to initialize
+ @param cipher Index of cipher to use
+ @param key [in] Secret key
+ @param keylen Length of secret key in octets
+ Return CRYPT_OK on success
+*/
+int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen)
+{
+ int x, y, err;
+ symmetric_key *skey;
+
+ LTC_ARGCHK(xcbc != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* schedule the key */
+ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+#ifdef LTC_FAST
+ if (cipher_descriptor[cipher].block_length % sizeof(LTC_FAST_TYPE)) {
+ return CRYPT_INVALID_ARG;
+ }
+#endif
+
+ /* schedule the user key */
+ skey = XCALLOC(1, sizeof(*skey));
+ if (skey == NULL) {
+ return CRYPT_MEM;
+ }
+
+ if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) {
+ goto done;
+ }
+
+ /* make the three keys */
+ for (y = 0; y < 3; y++) {
+ for (x = 0; x < cipher_descriptor[cipher].block_length; x++) {
+ xcbc->K[y][x] = y + 1;
+ }
+ cipher_descriptor[cipher].ecb_encrypt(xcbc->K[y], xcbc->K[y], skey);
+ }
+
+ /* setup K1 */
+ err = cipher_descriptor[cipher].setup(xcbc->K[0], cipher_descriptor[cipher].block_length, 0, &xcbc->key);
+
+ /* setup struct */
+ zeromem(xcbc->IV, cipher_descriptor[cipher].block_length);
+ xcbc->blocksize = cipher_descriptor[cipher].block_length;
+ xcbc->cipher = cipher;
+ xcbc->buflen = 0;
+done:
+ cipher_descriptor[cipher].done(skey);
+#ifdef LTC_CLEAN_STACK
+ zeromem(skey, sizeof(*skey));
+#endif
+ XFREE(skey);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/xcbc/xcbc_init.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/07 03:23:46 $ */
+
diff --git a/src/mac/xcbc/xcbc_memory.c b/src/mac/xcbc/xcbc_memory.c
new file mode 100644
index 0000000..1826b6b
--- /dev/null
+++ b/src/mac/xcbc/xcbc_memory.c
@@ -0,0 +1,71 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file xcbc_process.c
+ XCBC Support, XCBC-MAC a block of memory
+*/
+
+#ifdef LTC_XCBC
+
+/** XCBC-MAC a block of memory
+ @param cipher Index of cipher to use
+ @param key [in] Secret key
+ @param keylen Length of key in octets
+ @param in [in] Message to MAC
+ @param inlen Length of input in octets
+ @param out [out] Destination for the MAC tag
+ @param outlen [in/out] Output size and final tag size
+ Return CRYPT_OK on success.
+*/
+int xcbc_memory(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen)
+{
+ xcbc_state *xcbc;
+ int err;
+
+ /* is the cipher valid? */
+ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* Use accelerator if found */
+ if (cipher_descriptor[cipher].xcbc_memory != NULL) {
+ return cipher_descriptor[cipher].xcbc_memory(key, keylen, in, inlen, out, outlen);
+ }
+
+ xcbc = XCALLOC(1, sizeof(*xcbc));
+ if (xcbc == NULL) {
+ return CRYPT_MEM;
+ }
+
+ if ((err = xcbc_init(xcbc, cipher, key, keylen)) != CRYPT_OK) {
+ goto done;
+ }
+
+ if ((err = xcbc_process(xcbc, in, inlen)) != CRYPT_OK) {
+ goto done;
+ }
+
+ err = xcbc_done(xcbc, out, outlen);
+done:
+ XFREE(xcbc);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/xcbc/xcbc_memory.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 23:02:42 $ */
diff --git a/src/mac/xcbc/xcbc_memory_multi.c b/src/mac/xcbc/xcbc_memory_multi.c
new file mode 100644
index 0000000..ccae9de
--- /dev/null
+++ b/src/mac/xcbc/xcbc_memory_multi.c
@@ -0,0 +1,90 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+#include <stdarg.h>
+
+/**
+ @file xcbc_memory_multi.c
+ XCBC support, process multiple blocks of memory, Tom St Denis
+*/
+
+#ifdef LTC_XCBC
+
+/**
+ XCBC multiple blocks of memory
+ @param cipher The index of the desired cipher
+ @param key The secret key
+ @param keylen The length of the secret key (octets)
+ @param out [out] The destination of the authentication tag
+ @param outlen [in/out] The max size and resulting size of the authentication tag (octets)
+ @param in The data to send through XCBC
+ @param inlen The length of the data to send through XCBC (octets)
+ @param ... tuples of (data,len) pairs to XCBC, terminated with a (NULL,x) (x=don't care)
+ @return CRYPT_OK if successful
+*/
+int xcbc_memory_multi(int cipher,
+ const unsigned char *key, unsigned long keylen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *in, unsigned long inlen, ...)
+{
+ int err;
+ xcbc_state *xcbc;
+ va_list args;
+ const unsigned char *curptr;
+ unsigned long curlen;
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ /* allocate ram for xcbc state */
+ xcbc = XMALLOC(sizeof(xcbc_state));
+ if (xcbc == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* xcbc process the message */
+ if ((err = xcbc_init(xcbc, cipher, key, keylen)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ va_start(args, inlen);
+ curptr = in;
+ curlen = inlen;
+ for (;;) {
+ /* process buf */
+ if ((err = xcbc_process(xcbc, curptr, curlen)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ /* step to next */
+ curptr = va_arg(args, const unsigned char*);
+ if (curptr == NULL) {
+ break;
+ }
+ curlen = va_arg(args, unsigned long);
+ }
+ if ((err = xcbc_done(xcbc, out, outlen)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+ zeromem(xcbc, sizeof(xcbc_state));
+#endif
+ XFREE(xcbc);
+ va_end(args);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/xcbc/xcbc_memory_multi.c,v $ */
+/* $Revision: 1.1 $ */
+/* $Date: 2006/11/03 01:53:25 $ */
diff --git a/src/mac/xcbc/xcbc_process.c b/src/mac/xcbc/xcbc_process.c
new file mode 100644
index 0000000..4dd63b5
--- /dev/null
+++ b/src/mac/xcbc/xcbc_process.c
@@ -0,0 +1,75 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file xcbc_process.c
+ XCBC Support, process blocks with XCBC
+*/
+
+#ifdef LTC_XCBC
+
+/** Process data through XCBC-MAC
+ @param xcbc The XCBC-MAC state
+ @param in Input data to process
+ @param inlen Length of input in octets
+ Return CRYPT_OK on success
+*/
+int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen)
+{
+ int err;
+#ifdef LTC_FAST
+ int x;
+#endif
+
+ LTC_ARGCHK(xcbc != NULL);
+ LTC_ARGCHK(in != NULL);
+
+ /* check structure */
+ if ((err = cipher_is_valid(xcbc->cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((xcbc->blocksize > cipher_descriptor[xcbc->cipher].block_length) || (xcbc->blocksize < 0) ||
+ (xcbc->buflen > xcbc->blocksize) || (xcbc->buflen < 0)) {
+ return CRYPT_INVALID_ARG;
+ }
+
+#ifdef LTC_FAST
+ if (xcbc->buflen == 0) {
+ while (inlen > (unsigned long)xcbc->blocksize) {
+ for (x = 0; x < xcbc->blocksize; x += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE*)&(xcbc->IV[x])) ^= *((LTC_FAST_TYPE*)&(in[x]));
+ }
+ cipher_descriptor[xcbc->cipher].ecb_encrypt(xcbc->IV, xcbc->IV, &xcbc->key);
+ in += xcbc->blocksize;
+ inlen -= xcbc->blocksize;
+ }
+ }
+#endif
+
+ while (inlen) {
+ if (xcbc->buflen == xcbc->blocksize) {
+ cipher_descriptor[xcbc->cipher].ecb_encrypt(xcbc->IV, xcbc->IV, &xcbc->key);
+ xcbc->buflen = 0;
+ }
+ xcbc->IV[xcbc->buflen++] ^= *in++;
+ --inlen;
+ }
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/xcbc/xcbc_process.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/11/09 22:43:52 $ */
+
diff --git a/src/mac/xcbc/xcbc_test.c b/src/mac/xcbc/xcbc_test.c
new file mode 100644
index 0000000..2c56c0a
--- /dev/null
+++ b/src/mac/xcbc/xcbc_test.c
@@ -0,0 +1,128 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file xcbc_test.c
+ XCBC Support, Test XCBC-MAC mode
+*/
+
+#ifdef LTC_XCBC
+
+/** Test XCBC-MAC mode
+ Return CRYPT_OK on succes
+*/
+int xcbc_test(void)
+{
+#ifdef LTC_NO_TEST
+ return CRYPT_NOP;
+#else
+ static const struct {
+ int msglen;
+ unsigned char K[16], M[34], T[16];
+ } tests[] = {
+{
+ 0,
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
+
+ { 0 },
+
+ { 0x75, 0xf0, 0x25, 0x1d, 0x52, 0x8a, 0xc0, 0x1c,
+ 0x45, 0x73, 0xdf, 0xd5, 0x84, 0xd7, 0x9f, 0x29 }
+},
+
+{
+ 3,
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
+
+ { 0x00, 0x01, 0x02 },
+
+ { 0x5b, 0x37, 0x65, 0x80, 0xae, 0x2f, 0x19, 0xaf,
+ 0xe7, 0x21, 0x9c, 0xee, 0xf1, 0x72, 0x75, 0x6f }
+},
+
+{
+ 16,
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
+
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
+
+ { 0xd2, 0xa2, 0x46, 0xfa, 0x34, 0x9b, 0x68, 0xa7,
+ 0x99, 0x98, 0xa4, 0x39, 0x4f, 0xf7, 0xa2, 0x63 }
+},
+
+{
+ 32,
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
+
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
+
+ { 0xf5, 0x4f, 0x0e, 0xc8, 0xd2, 0xb9, 0xf3, 0xd3,
+ 0x68, 0x07, 0x73, 0x4b, 0xd5, 0x28, 0x3f, 0xd4 }
+},
+
+{
+ 34,
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
+
+ { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+ 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
+ 0x20, 0x21 },
+
+ { 0xbe, 0xcb, 0xb3, 0xbc, 0xcd, 0xb5, 0x18, 0xa3,
+ 0x06, 0x77, 0xd5, 0x48, 0x1f, 0xb6, 0xb4, 0xd8 },
+},
+
+
+
+};
+ unsigned char T[16];
+ unsigned long taglen;
+ int err, x, idx;
+
+ /* AES can be under rijndael or aes... try to find it */
+ if ((idx = find_cipher("aes")) == -1) {
+ if ((idx = find_cipher("rijndael")) == -1) {
+ return CRYPT_NOP;
+ }
+ }
+
+ for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+ taglen = 16;
+ if ((err = xcbc_memory(idx, tests[x].K, 16, tests[x].M, tests[x].msglen, T, &taglen)) != CRYPT_OK) {
+ return err;
+ }
+ if (taglen != 16 || XMEMCMP(T, tests[x].T, 16)) {
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+ }
+
+ return CRYPT_OK;
+#endif
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/mac/xcbc/xcbc_test.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/21 23:02:42 $ */
+
diff --git a/src/math/fp/ltc_ecc_fp_mulmod.c b/src/math/fp/ltc_ecc_fp_mulmod.c
new file mode 100644
index 0000000..d3c02c3
--- /dev/null
+++ b/src/math/fp/ltc_ecc_fp_mulmod.c
@@ -0,0 +1,1314 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_fp_mulmod.c
+ ECC Crypto, Tom St Denis
+*/
+
+#if defined(MECC) && defined(MECC_FP)
+#include <limits.h>
+
+/* number of entries in the cache */
+#ifndef FP_ENTRIES
+#define FP_ENTRIES 16
+#endif
+
+/* number of bits in LUT */
+#ifndef FP_LUT
+#define FP_LUT 8U
+#endif
+
+#if (FP_LUT > 12) || (FP_LUT < 2)
+ #error FP_LUT must be between 2 and 12 inclusively
+#endif
+
+/** Our FP cache */
+static struct {
+ ecc_point *g, /* cached COPY of base point */
+ *LUT[1U<<FP_LUT]; /* fixed point lookup */
+ void *mu; /* copy of the montgomery constant */
+ int lru_count; /* amount of times this entry has been used */
+} fp_cache[FP_ENTRIES];
+
+LTC_MUTEX_GLOBAL(ltc_ecc_fp_lock)
+
+/* simple table to help direct the generation of the LUT */
+static const struct {
+ int ham, terma, termb;
+} lut_orders[] = {
+ { 0, 0, 0 }, { 1, 0, 0 }, { 1, 0, 0 }, { 2, 1, 2 }, { 1, 0, 0 }, { 2, 1, 4 }, { 2, 2, 4 }, { 3, 3, 4 },
+ { 1, 0, 0 }, { 2, 1, 8 }, { 2, 2, 8 }, { 3, 3, 8 }, { 2, 4, 8 }, { 3, 5, 8 }, { 3, 6, 8 }, { 4, 7, 8 },
+ { 1, 0, 0 }, { 2, 1, 16 }, { 2, 2, 16 }, { 3, 3, 16 }, { 2, 4, 16 }, { 3, 5, 16 }, { 3, 6, 16 }, { 4, 7, 16 },
+ { 2, 8, 16 }, { 3, 9, 16 }, { 3, 10, 16 }, { 4, 11, 16 }, { 3, 12, 16 }, { 4, 13, 16 }, { 4, 14, 16 }, { 5, 15, 16 },
+ { 1, 0, 0 }, { 2, 1, 32 }, { 2, 2, 32 }, { 3, 3, 32 }, { 2, 4, 32 }, { 3, 5, 32 }, { 3, 6, 32 }, { 4, 7, 32 },
+ { 2, 8, 32 }, { 3, 9, 32 }, { 3, 10, 32 }, { 4, 11, 32 }, { 3, 12, 32 }, { 4, 13, 32 }, { 4, 14, 32 }, { 5, 15, 32 },
+ { 2, 16, 32 }, { 3, 17, 32 }, { 3, 18, 32 }, { 4, 19, 32 }, { 3, 20, 32 }, { 4, 21, 32 }, { 4, 22, 32 }, { 5, 23, 32 },
+ { 3, 24, 32 }, { 4, 25, 32 }, { 4, 26, 32 }, { 5, 27, 32 }, { 4, 28, 32 }, { 5, 29, 32 }, { 5, 30, 32 }, { 6, 31, 32 },
+#if FP_LUT > 6
+ { 1, 0, 0 }, { 2, 1, 64 }, { 2, 2, 64 }, { 3, 3, 64 }, { 2, 4, 64 }, { 3, 5, 64 }, { 3, 6, 64 }, { 4, 7, 64 },
+ { 2, 8, 64 }, { 3, 9, 64 }, { 3, 10, 64 }, { 4, 11, 64 }, { 3, 12, 64 }, { 4, 13, 64 }, { 4, 14, 64 }, { 5, 15, 64 },
+ { 2, 16, 64 }, { 3, 17, 64 }, { 3, 18, 64 }, { 4, 19, 64 }, { 3, 20, 64 }, { 4, 21, 64 }, { 4, 22, 64 }, { 5, 23, 64 },
+ { 3, 24, 64 }, { 4, 25, 64 }, { 4, 26, 64 }, { 5, 27, 64 }, { 4, 28, 64 }, { 5, 29, 64 }, { 5, 30, 64 }, { 6, 31, 64 },
+ { 2, 32, 64 }, { 3, 33, 64 }, { 3, 34, 64 }, { 4, 35, 64 }, { 3, 36, 64 }, { 4, 37, 64 }, { 4, 38, 64 }, { 5, 39, 64 },
+ { 3, 40, 64 }, { 4, 41, 64 }, { 4, 42, 64 }, { 5, 43, 64 }, { 4, 44, 64 }, { 5, 45, 64 }, { 5, 46, 64 }, { 6, 47, 64 },
+ { 3, 48, 64 }, { 4, 49, 64 }, { 4, 50, 64 }, { 5, 51, 64 }, { 4, 52, 64 }, { 5, 53, 64 }, { 5, 54, 64 }, { 6, 55, 64 },
+ { 4, 56, 64 }, { 5, 57, 64 }, { 5, 58, 64 }, { 6, 59, 64 }, { 5, 60, 64 }, { 6, 61, 64 }, { 6, 62, 64 }, { 7, 63, 64 },
+#if FP_LUT > 7
+ { 1, 0, 0 }, { 2, 1, 128 }, { 2, 2, 128 }, { 3, 3, 128 }, { 2, 4, 128 }, { 3, 5, 128 }, { 3, 6, 128 }, { 4, 7, 128 },
+ { 2, 8, 128 }, { 3, 9, 128 }, { 3, 10, 128 }, { 4, 11, 128 }, { 3, 12, 128 }, { 4, 13, 128 }, { 4, 14, 128 }, { 5, 15, 128 },
+ { 2, 16, 128 }, { 3, 17, 128 }, { 3, 18, 128 }, { 4, 19, 128 }, { 3, 20, 128 }, { 4, 21, 128 }, { 4, 22, 128 }, { 5, 23, 128 },
+ { 3, 24, 128 }, { 4, 25, 128 }, { 4, 26, 128 }, { 5, 27, 128 }, { 4, 28, 128 }, { 5, 29, 128 }, { 5, 30, 128 }, { 6, 31, 128 },
+ { 2, 32, 128 }, { 3, 33, 128 }, { 3, 34, 128 }, { 4, 35, 128 }, { 3, 36, 128 }, { 4, 37, 128 }, { 4, 38, 128 }, { 5, 39, 128 },
+ { 3, 40, 128 }, { 4, 41, 128 }, { 4, 42, 128 }, { 5, 43, 128 }, { 4, 44, 128 }, { 5, 45, 128 }, { 5, 46, 128 }, { 6, 47, 128 },
+ { 3, 48, 128 }, { 4, 49, 128 }, { 4, 50, 128 }, { 5, 51, 128 }, { 4, 52, 128 }, { 5, 53, 128 }, { 5, 54, 128 }, { 6, 55, 128 },
+ { 4, 56, 128 }, { 5, 57, 128 }, { 5, 58, 128 }, { 6, 59, 128 }, { 5, 60, 128 }, { 6, 61, 128 }, { 6, 62, 128 }, { 7, 63, 128 },
+ { 2, 64, 128 }, { 3, 65, 128 }, { 3, 66, 128 }, { 4, 67, 128 }, { 3, 68, 128 }, { 4, 69, 128 }, { 4, 70, 128 }, { 5, 71, 128 },
+ { 3, 72, 128 }, { 4, 73, 128 }, { 4, 74, 128 }, { 5, 75, 128 }, { 4, 76, 128 }, { 5, 77, 128 }, { 5, 78, 128 }, { 6, 79, 128 },
+ { 3, 80, 128 }, { 4, 81, 128 }, { 4, 82, 128 }, { 5, 83, 128 }, { 4, 84, 128 }, { 5, 85, 128 }, { 5, 86, 128 }, { 6, 87, 128 },
+ { 4, 88, 128 }, { 5, 89, 128 }, { 5, 90, 128 }, { 6, 91, 128 }, { 5, 92, 128 }, { 6, 93, 128 }, { 6, 94, 128 }, { 7, 95, 128 },
+ { 3, 96, 128 }, { 4, 97, 128 }, { 4, 98, 128 }, { 5, 99, 128 }, { 4, 100, 128 }, { 5, 101, 128 }, { 5, 102, 128 }, { 6, 103, 128 },
+ { 4, 104, 128 }, { 5, 105, 128 }, { 5, 106, 128 }, { 6, 107, 128 }, { 5, 108, 128 }, { 6, 109, 128 }, { 6, 110, 128 }, { 7, 111, 128 },
+ { 4, 112, 128 }, { 5, 113, 128 }, { 5, 114, 128 }, { 6, 115, 128 }, { 5, 116, 128 }, { 6, 117, 128 }, { 6, 118, 128 }, { 7, 119, 128 },
+ { 5, 120, 128 }, { 6, 121, 128 }, { 6, 122, 128 }, { 7, 123, 128 }, { 6, 124, 128 }, { 7, 125, 128 }, { 7, 126, 128 }, { 8, 127, 128 },
+#if FP_LUT > 8
+ { 1, 0, 0 }, { 2, 1, 256 }, { 2, 2, 256 }, { 3, 3, 256 }, { 2, 4, 256 }, { 3, 5, 256 }, { 3, 6, 256 }, { 4, 7, 256 },
+ { 2, 8, 256 }, { 3, 9, 256 }, { 3, 10, 256 }, { 4, 11, 256 }, { 3, 12, 256 }, { 4, 13, 256 }, { 4, 14, 256 }, { 5, 15, 256 },
+ { 2, 16, 256 }, { 3, 17, 256 }, { 3, 18, 256 }, { 4, 19, 256 }, { 3, 20, 256 }, { 4, 21, 256 }, { 4, 22, 256 }, { 5, 23, 256 },
+ { 3, 24, 256 }, { 4, 25, 256 }, { 4, 26, 256 }, { 5, 27, 256 }, { 4, 28, 256 }, { 5, 29, 256 }, { 5, 30, 256 }, { 6, 31, 256 },
+ { 2, 32, 256 }, { 3, 33, 256 }, { 3, 34, 256 }, { 4, 35, 256 }, { 3, 36, 256 }, { 4, 37, 256 }, { 4, 38, 256 }, { 5, 39, 256 },
+ { 3, 40, 256 }, { 4, 41, 256 }, { 4, 42, 256 }, { 5, 43, 256 }, { 4, 44, 256 }, { 5, 45, 256 }, { 5, 46, 256 }, { 6, 47, 256 },
+ { 3, 48, 256 }, { 4, 49, 256 }, { 4, 50, 256 }, { 5, 51, 256 }, { 4, 52, 256 }, { 5, 53, 256 }, { 5, 54, 256 }, { 6, 55, 256 },
+ { 4, 56, 256 }, { 5, 57, 256 }, { 5, 58, 256 }, { 6, 59, 256 }, { 5, 60, 256 }, { 6, 61, 256 }, { 6, 62, 256 }, { 7, 63, 256 },
+ { 2, 64, 256 }, { 3, 65, 256 }, { 3, 66, 256 }, { 4, 67, 256 }, { 3, 68, 256 }, { 4, 69, 256 }, { 4, 70, 256 }, { 5, 71, 256 },
+ { 3, 72, 256 }, { 4, 73, 256 }, { 4, 74, 256 }, { 5, 75, 256 }, { 4, 76, 256 }, { 5, 77, 256 }, { 5, 78, 256 }, { 6, 79, 256 },
+ { 3, 80, 256 }, { 4, 81, 256 }, { 4, 82, 256 }, { 5, 83, 256 }, { 4, 84, 256 }, { 5, 85, 256 }, { 5, 86, 256 }, { 6, 87, 256 },
+ { 4, 88, 256 }, { 5, 89, 256 }, { 5, 90, 256 }, { 6, 91, 256 }, { 5, 92, 256 }, { 6, 93, 256 }, { 6, 94, 256 }, { 7, 95, 256 },
+ { 3, 96, 256 }, { 4, 97, 256 }, { 4, 98, 256 }, { 5, 99, 256 }, { 4, 100, 256 }, { 5, 101, 256 }, { 5, 102, 256 }, { 6, 103, 256 },
+ { 4, 104, 256 }, { 5, 105, 256 }, { 5, 106, 256 }, { 6, 107, 256 }, { 5, 108, 256 }, { 6, 109, 256 }, { 6, 110, 256 }, { 7, 111, 256 },
+ { 4, 112, 256 }, { 5, 113, 256 }, { 5, 114, 256 }, { 6, 115, 256 }, { 5, 116, 256 }, { 6, 117, 256 }, { 6, 118, 256 }, { 7, 119, 256 },
+ { 5, 120, 256 }, { 6, 121, 256 }, { 6, 122, 256 }, { 7, 123, 256 }, { 6, 124, 256 }, { 7, 125, 256 }, { 7, 126, 256 }, { 8, 127, 256 },
+ { 2, 128, 256 }, { 3, 129, 256 }, { 3, 130, 256 }, { 4, 131, 256 }, { 3, 132, 256 }, { 4, 133, 256 }, { 4, 134, 256 }, { 5, 135, 256 },
+ { 3, 136, 256 }, { 4, 137, 256 }, { 4, 138, 256 }, { 5, 139, 256 }, { 4, 140, 256 }, { 5, 141, 256 }, { 5, 142, 256 }, { 6, 143, 256 },
+ { 3, 144, 256 }, { 4, 145, 256 }, { 4, 146, 256 }, { 5, 147, 256 }, { 4, 148, 256 }, { 5, 149, 256 }, { 5, 150, 256 }, { 6, 151, 256 },
+ { 4, 152, 256 }, { 5, 153, 256 }, { 5, 154, 256 }, { 6, 155, 256 }, { 5, 156, 256 }, { 6, 157, 256 }, { 6, 158, 256 }, { 7, 159, 256 },
+ { 3, 160, 256 }, { 4, 161, 256 }, { 4, 162, 256 }, { 5, 163, 256 }, { 4, 164, 256 }, { 5, 165, 256 }, { 5, 166, 256 }, { 6, 167, 256 },
+ { 4, 168, 256 }, { 5, 169, 256 }, { 5, 170, 256 }, { 6, 171, 256 }, { 5, 172, 256 }, { 6, 173, 256 }, { 6, 174, 256 }, { 7, 175, 256 },
+ { 4, 176, 256 }, { 5, 177, 256 }, { 5, 178, 256 }, { 6, 179, 256 }, { 5, 180, 256 }, { 6, 181, 256 }, { 6, 182, 256 }, { 7, 183, 256 },
+ { 5, 184, 256 }, { 6, 185, 256 }, { 6, 186, 256 }, { 7, 187, 256 }, { 6, 188, 256 }, { 7, 189, 256 }, { 7, 190, 256 }, { 8, 191, 256 },
+ { 3, 192, 256 }, { 4, 193, 256 }, { 4, 194, 256 }, { 5, 195, 256 }, { 4, 196, 256 }, { 5, 197, 256 }, { 5, 198, 256 }, { 6, 199, 256 },
+ { 4, 200, 256 }, { 5, 201, 256 }, { 5, 202, 256 }, { 6, 203, 256 }, { 5, 204, 256 }, { 6, 205, 256 }, { 6, 206, 256 }, { 7, 207, 256 },
+ { 4, 208, 256 }, { 5, 209, 256 }, { 5, 210, 256 }, { 6, 211, 256 }, { 5, 212, 256 }, { 6, 213, 256 }, { 6, 214, 256 }, { 7, 215, 256 },
+ { 5, 216, 256 }, { 6, 217, 256 }, { 6, 218, 256 }, { 7, 219, 256 }, { 6, 220, 256 }, { 7, 221, 256 }, { 7, 222, 256 }, { 8, 223, 256 },
+ { 4, 224, 256 }, { 5, 225, 256 }, { 5, 226, 256 }, { 6, 227, 256 }, { 5, 228, 256 }, { 6, 229, 256 }, { 6, 230, 256 }, { 7, 231, 256 },
+ { 5, 232, 256 }, { 6, 233, 256 }, { 6, 234, 256 }, { 7, 235, 256 }, { 6, 236, 256 }, { 7, 237, 256 }, { 7, 238, 256 }, { 8, 239, 256 },
+ { 5, 240, 256 }, { 6, 241, 256 }, { 6, 242, 256 }, { 7, 243, 256 }, { 6, 244, 256 }, { 7, 245, 256 }, { 7, 246, 256 }, { 8, 247, 256 },
+ { 6, 248, 256 }, { 7, 249, 256 }, { 7, 250, 256 }, { 8, 251, 256 }, { 7, 252, 256 }, { 8, 253, 256 }, { 8, 254, 256 }, { 9, 255, 256 },
+#if FP_LUT > 9
+ { 1, 0, 0 }, { 2, 1, 512 }, { 2, 2, 512 }, { 3, 3, 512 }, { 2, 4, 512 }, { 3, 5, 512 }, { 3, 6, 512 }, { 4, 7, 512 },
+ { 2, 8, 512 }, { 3, 9, 512 }, { 3, 10, 512 }, { 4, 11, 512 }, { 3, 12, 512 }, { 4, 13, 512 }, { 4, 14, 512 }, { 5, 15, 512 },
+ { 2, 16, 512 }, { 3, 17, 512 }, { 3, 18, 512 }, { 4, 19, 512 }, { 3, 20, 512 }, { 4, 21, 512 }, { 4, 22, 512 }, { 5, 23, 512 },
+ { 3, 24, 512 }, { 4, 25, 512 }, { 4, 26, 512 }, { 5, 27, 512 }, { 4, 28, 512 }, { 5, 29, 512 }, { 5, 30, 512 }, { 6, 31, 512 },
+ { 2, 32, 512 }, { 3, 33, 512 }, { 3, 34, 512 }, { 4, 35, 512 }, { 3, 36, 512 }, { 4, 37, 512 }, { 4, 38, 512 }, { 5, 39, 512 },
+ { 3, 40, 512 }, { 4, 41, 512 }, { 4, 42, 512 }, { 5, 43, 512 }, { 4, 44, 512 }, { 5, 45, 512 }, { 5, 46, 512 }, { 6, 47, 512 },
+ { 3, 48, 512 }, { 4, 49, 512 }, { 4, 50, 512 }, { 5, 51, 512 }, { 4, 52, 512 }, { 5, 53, 512 }, { 5, 54, 512 }, { 6, 55, 512 },
+ { 4, 56, 512 }, { 5, 57, 512 }, { 5, 58, 512 }, { 6, 59, 512 }, { 5, 60, 512 }, { 6, 61, 512 }, { 6, 62, 512 }, { 7, 63, 512 },
+ { 2, 64, 512 }, { 3, 65, 512 }, { 3, 66, 512 }, { 4, 67, 512 }, { 3, 68, 512 }, { 4, 69, 512 }, { 4, 70, 512 }, { 5, 71, 512 },
+ { 3, 72, 512 }, { 4, 73, 512 }, { 4, 74, 512 }, { 5, 75, 512 }, { 4, 76, 512 }, { 5, 77, 512 }, { 5, 78, 512 }, { 6, 79, 512 },
+ { 3, 80, 512 }, { 4, 81, 512 }, { 4, 82, 512 }, { 5, 83, 512 }, { 4, 84, 512 }, { 5, 85, 512 }, { 5, 86, 512 }, { 6, 87, 512 },
+ { 4, 88, 512 }, { 5, 89, 512 }, { 5, 90, 512 }, { 6, 91, 512 }, { 5, 92, 512 }, { 6, 93, 512 }, { 6, 94, 512 }, { 7, 95, 512 },
+ { 3, 96, 512 }, { 4, 97, 512 }, { 4, 98, 512 }, { 5, 99, 512 }, { 4, 100, 512 }, { 5, 101, 512 }, { 5, 102, 512 }, { 6, 103, 512 },
+ { 4, 104, 512 }, { 5, 105, 512 }, { 5, 106, 512 }, { 6, 107, 512 }, { 5, 108, 512 }, { 6, 109, 512 }, { 6, 110, 512 }, { 7, 111, 512 },
+ { 4, 112, 512 }, { 5, 113, 512 }, { 5, 114, 512 }, { 6, 115, 512 }, { 5, 116, 512 }, { 6, 117, 512 }, { 6, 118, 512 }, { 7, 119, 512 },
+ { 5, 120, 512 }, { 6, 121, 512 }, { 6, 122, 512 }, { 7, 123, 512 }, { 6, 124, 512 }, { 7, 125, 512 }, { 7, 126, 512 }, { 8, 127, 512 },
+ { 2, 128, 512 }, { 3, 129, 512 }, { 3, 130, 512 }, { 4, 131, 512 }, { 3, 132, 512 }, { 4, 133, 512 }, { 4, 134, 512 }, { 5, 135, 512 },
+ { 3, 136, 512 }, { 4, 137, 512 }, { 4, 138, 512 }, { 5, 139, 512 }, { 4, 140, 512 }, { 5, 141, 512 }, { 5, 142, 512 }, { 6, 143, 512 },
+ { 3, 144, 512 }, { 4, 145, 512 }, { 4, 146, 512 }, { 5, 147, 512 }, { 4, 148, 512 }, { 5, 149, 512 }, { 5, 150, 512 }, { 6, 151, 512 },
+ { 4, 152, 512 }, { 5, 153, 512 }, { 5, 154, 512 }, { 6, 155, 512 }, { 5, 156, 512 }, { 6, 157, 512 }, { 6, 158, 512 }, { 7, 159, 512 },
+ { 3, 160, 512 }, { 4, 161, 512 }, { 4, 162, 512 }, { 5, 163, 512 }, { 4, 164, 512 }, { 5, 165, 512 }, { 5, 166, 512 }, { 6, 167, 512 },
+ { 4, 168, 512 }, { 5, 169, 512 }, { 5, 170, 512 }, { 6, 171, 512 }, { 5, 172, 512 }, { 6, 173, 512 }, { 6, 174, 512 }, { 7, 175, 512 },
+ { 4, 176, 512 }, { 5, 177, 512 }, { 5, 178, 512 }, { 6, 179, 512 }, { 5, 180, 512 }, { 6, 181, 512 }, { 6, 182, 512 }, { 7, 183, 512 },
+ { 5, 184, 512 }, { 6, 185, 512 }, { 6, 186, 512 }, { 7, 187, 512 }, { 6, 188, 512 }, { 7, 189, 512 }, { 7, 190, 512 }, { 8, 191, 512 },
+ { 3, 192, 512 }, { 4, 193, 512 }, { 4, 194, 512 }, { 5, 195, 512 }, { 4, 196, 512 }, { 5, 197, 512 }, { 5, 198, 512 }, { 6, 199, 512 },
+ { 4, 200, 512 }, { 5, 201, 512 }, { 5, 202, 512 }, { 6, 203, 512 }, { 5, 204, 512 }, { 6, 205, 512 }, { 6, 206, 512 }, { 7, 207, 512 },
+ { 4, 208, 512 }, { 5, 209, 512 }, { 5, 210, 512 }, { 6, 211, 512 }, { 5, 212, 512 }, { 6, 213, 512 }, { 6, 214, 512 }, { 7, 215, 512 },
+ { 5, 216, 512 }, { 6, 217, 512 }, { 6, 218, 512 }, { 7, 219, 512 }, { 6, 220, 512 }, { 7, 221, 512 }, { 7, 222, 512 }, { 8, 223, 512 },
+ { 4, 224, 512 }, { 5, 225, 512 }, { 5, 226, 512 }, { 6, 227, 512 }, { 5, 228, 512 }, { 6, 229, 512 }, { 6, 230, 512 }, { 7, 231, 512 },
+ { 5, 232, 512 }, { 6, 233, 512 }, { 6, 234, 512 }, { 7, 235, 512 }, { 6, 236, 512 }, { 7, 237, 512 }, { 7, 238, 512 }, { 8, 239, 512 },
+ { 5, 240, 512 }, { 6, 241, 512 }, { 6, 242, 512 }, { 7, 243, 512 }, { 6, 244, 512 }, { 7, 245, 512 }, { 7, 246, 512 }, { 8, 247, 512 },
+ { 6, 248, 512 }, { 7, 249, 512 }, { 7, 250, 512 }, { 8, 251, 512 }, { 7, 252, 512 }, { 8, 253, 512 }, { 8, 254, 512 }, { 9, 255, 512 },
+ { 2, 256, 512 }, { 3, 257, 512 }, { 3, 258, 512 }, { 4, 259, 512 }, { 3, 260, 512 }, { 4, 261, 512 }, { 4, 262, 512 }, { 5, 263, 512 },
+ { 3, 264, 512 }, { 4, 265, 512 }, { 4, 266, 512 }, { 5, 267, 512 }, { 4, 268, 512 }, { 5, 269, 512 }, { 5, 270, 512 }, { 6, 271, 512 },
+ { 3, 272, 512 }, { 4, 273, 512 }, { 4, 274, 512 }, { 5, 275, 512 }, { 4, 276, 512 }, { 5, 277, 512 }, { 5, 278, 512 }, { 6, 279, 512 },
+ { 4, 280, 512 }, { 5, 281, 512 }, { 5, 282, 512 }, { 6, 283, 512 }, { 5, 284, 512 }, { 6, 285, 512 }, { 6, 286, 512 }, { 7, 287, 512 },
+ { 3, 288, 512 }, { 4, 289, 512 }, { 4, 290, 512 }, { 5, 291, 512 }, { 4, 292, 512 }, { 5, 293, 512 }, { 5, 294, 512 }, { 6, 295, 512 },
+ { 4, 296, 512 }, { 5, 297, 512 }, { 5, 298, 512 }, { 6, 299, 512 }, { 5, 300, 512 }, { 6, 301, 512 }, { 6, 302, 512 }, { 7, 303, 512 },
+ { 4, 304, 512 }, { 5, 305, 512 }, { 5, 306, 512 }, { 6, 307, 512 }, { 5, 308, 512 }, { 6, 309, 512 }, { 6, 310, 512 }, { 7, 311, 512 },
+ { 5, 312, 512 }, { 6, 313, 512 }, { 6, 314, 512 }, { 7, 315, 512 }, { 6, 316, 512 }, { 7, 317, 512 }, { 7, 318, 512 }, { 8, 319, 512 },
+ { 3, 320, 512 }, { 4, 321, 512 }, { 4, 322, 512 }, { 5, 323, 512 }, { 4, 324, 512 }, { 5, 325, 512 }, { 5, 326, 512 }, { 6, 327, 512 },
+ { 4, 328, 512 }, { 5, 329, 512 }, { 5, 330, 512 }, { 6, 331, 512 }, { 5, 332, 512 }, { 6, 333, 512 }, { 6, 334, 512 }, { 7, 335, 512 },
+ { 4, 336, 512 }, { 5, 337, 512 }, { 5, 338, 512 }, { 6, 339, 512 }, { 5, 340, 512 }, { 6, 341, 512 }, { 6, 342, 512 }, { 7, 343, 512 },
+ { 5, 344, 512 }, { 6, 345, 512 }, { 6, 346, 512 }, { 7, 347, 512 }, { 6, 348, 512 }, { 7, 349, 512 }, { 7, 350, 512 }, { 8, 351, 512 },
+ { 4, 352, 512 }, { 5, 353, 512 }, { 5, 354, 512 }, { 6, 355, 512 }, { 5, 356, 512 }, { 6, 357, 512 }, { 6, 358, 512 }, { 7, 359, 512 },
+ { 5, 360, 512 }, { 6, 361, 512 }, { 6, 362, 512 }, { 7, 363, 512 }, { 6, 364, 512 }, { 7, 365, 512 }, { 7, 366, 512 }, { 8, 367, 512 },
+ { 5, 368, 512 }, { 6, 369, 512 }, { 6, 370, 512 }, { 7, 371, 512 }, { 6, 372, 512 }, { 7, 373, 512 }, { 7, 374, 512 }, { 8, 375, 512 },
+ { 6, 376, 512 }, { 7, 377, 512 }, { 7, 378, 512 }, { 8, 379, 512 }, { 7, 380, 512 }, { 8, 381, 512 }, { 8, 382, 512 }, { 9, 383, 512 },
+ { 3, 384, 512 }, { 4, 385, 512 }, { 4, 386, 512 }, { 5, 387, 512 }, { 4, 388, 512 }, { 5, 389, 512 }, { 5, 390, 512 }, { 6, 391, 512 },
+ { 4, 392, 512 }, { 5, 393, 512 }, { 5, 394, 512 }, { 6, 395, 512 }, { 5, 396, 512 }, { 6, 397, 512 }, { 6, 398, 512 }, { 7, 399, 512 },
+ { 4, 400, 512 }, { 5, 401, 512 }, { 5, 402, 512 }, { 6, 403, 512 }, { 5, 404, 512 }, { 6, 405, 512 }, { 6, 406, 512 }, { 7, 407, 512 },
+ { 5, 408, 512 }, { 6, 409, 512 }, { 6, 410, 512 }, { 7, 411, 512 }, { 6, 412, 512 }, { 7, 413, 512 }, { 7, 414, 512 }, { 8, 415, 512 },
+ { 4, 416, 512 }, { 5, 417, 512 }, { 5, 418, 512 }, { 6, 419, 512 }, { 5, 420, 512 }, { 6, 421, 512 }, { 6, 422, 512 }, { 7, 423, 512 },
+ { 5, 424, 512 }, { 6, 425, 512 }, { 6, 426, 512 }, { 7, 427, 512 }, { 6, 428, 512 }, { 7, 429, 512 }, { 7, 430, 512 }, { 8, 431, 512 },
+ { 5, 432, 512 }, { 6, 433, 512 }, { 6, 434, 512 }, { 7, 435, 512 }, { 6, 436, 512 }, { 7, 437, 512 }, { 7, 438, 512 }, { 8, 439, 512 },
+ { 6, 440, 512 }, { 7, 441, 512 }, { 7, 442, 512 }, { 8, 443, 512 }, { 7, 444, 512 }, { 8, 445, 512 }, { 8, 446, 512 }, { 9, 447, 512 },
+ { 4, 448, 512 }, { 5, 449, 512 }, { 5, 450, 512 }, { 6, 451, 512 }, { 5, 452, 512 }, { 6, 453, 512 }, { 6, 454, 512 }, { 7, 455, 512 },
+ { 5, 456, 512 }, { 6, 457, 512 }, { 6, 458, 512 }, { 7, 459, 512 }, { 6, 460, 512 }, { 7, 461, 512 }, { 7, 462, 512 }, { 8, 463, 512 },
+ { 5, 464, 512 }, { 6, 465, 512 }, { 6, 466, 512 }, { 7, 467, 512 }, { 6, 468, 512 }, { 7, 469, 512 }, { 7, 470, 512 }, { 8, 471, 512 },
+ { 6, 472, 512 }, { 7, 473, 512 }, { 7, 474, 512 }, { 8, 475, 512 }, { 7, 476, 512 }, { 8, 477, 512 }, { 8, 478, 512 }, { 9, 479, 512 },
+ { 5, 480, 512 }, { 6, 481, 512 }, { 6, 482, 512 }, { 7, 483, 512 }, { 6, 484, 512 }, { 7, 485, 512 }, { 7, 486, 512 }, { 8, 487, 512 },
+ { 6, 488, 512 }, { 7, 489, 512 }, { 7, 490, 512 }, { 8, 491, 512 }, { 7, 492, 512 }, { 8, 493, 512 }, { 8, 494, 512 }, { 9, 495, 512 },
+ { 6, 496, 512 }, { 7, 497, 512 }, { 7, 498, 512 }, { 8, 499, 512 }, { 7, 500, 512 }, { 8, 501, 512 }, { 8, 502, 512 }, { 9, 503, 512 },
+ { 7, 504, 512 }, { 8, 505, 512 }, { 8, 506, 512 }, { 9, 507, 512 }, { 8, 508, 512 }, { 9, 509, 512 }, { 9, 510, 512 }, { 10, 511, 512 },
+#if FP_LUT > 10
+ { 1, 0, 0 }, { 2, 1, 1024 }, { 2, 2, 1024 }, { 3, 3, 1024 }, { 2, 4, 1024 }, { 3, 5, 1024 }, { 3, 6, 1024 }, { 4, 7, 1024 },
+ { 2, 8, 1024 }, { 3, 9, 1024 }, { 3, 10, 1024 }, { 4, 11, 1024 }, { 3, 12, 1024 }, { 4, 13, 1024 }, { 4, 14, 1024 }, { 5, 15, 1024 },
+ { 2, 16, 1024 }, { 3, 17, 1024 }, { 3, 18, 1024 }, { 4, 19, 1024 }, { 3, 20, 1024 }, { 4, 21, 1024 }, { 4, 22, 1024 }, { 5, 23, 1024 },
+ { 3, 24, 1024 }, { 4, 25, 1024 }, { 4, 26, 1024 }, { 5, 27, 1024 }, { 4, 28, 1024 }, { 5, 29, 1024 }, { 5, 30, 1024 }, { 6, 31, 1024 },
+ { 2, 32, 1024 }, { 3, 33, 1024 }, { 3, 34, 1024 }, { 4, 35, 1024 }, { 3, 36, 1024 }, { 4, 37, 1024 }, { 4, 38, 1024 }, { 5, 39, 1024 },
+ { 3, 40, 1024 }, { 4, 41, 1024 }, { 4, 42, 1024 }, { 5, 43, 1024 }, { 4, 44, 1024 }, { 5, 45, 1024 }, { 5, 46, 1024 }, { 6, 47, 1024 },
+ { 3, 48, 1024 }, { 4, 49, 1024 }, { 4, 50, 1024 }, { 5, 51, 1024 }, { 4, 52, 1024 }, { 5, 53, 1024 }, { 5, 54, 1024 }, { 6, 55, 1024 },
+ { 4, 56, 1024 }, { 5, 57, 1024 }, { 5, 58, 1024 }, { 6, 59, 1024 }, { 5, 60, 1024 }, { 6, 61, 1024 }, { 6, 62, 1024 }, { 7, 63, 1024 },
+ { 2, 64, 1024 }, { 3, 65, 1024 }, { 3, 66, 1024 }, { 4, 67, 1024 }, { 3, 68, 1024 }, { 4, 69, 1024 }, { 4, 70, 1024 }, { 5, 71, 1024 },
+ { 3, 72, 1024 }, { 4, 73, 1024 }, { 4, 74, 1024 }, { 5, 75, 1024 }, { 4, 76, 1024 }, { 5, 77, 1024 }, { 5, 78, 1024 }, { 6, 79, 1024 },
+ { 3, 80, 1024 }, { 4, 81, 1024 }, { 4, 82, 1024 }, { 5, 83, 1024 }, { 4, 84, 1024 }, { 5, 85, 1024 }, { 5, 86, 1024 }, { 6, 87, 1024 },
+ { 4, 88, 1024 }, { 5, 89, 1024 }, { 5, 90, 1024 }, { 6, 91, 1024 }, { 5, 92, 1024 }, { 6, 93, 1024 }, { 6, 94, 1024 }, { 7, 95, 1024 },
+ { 3, 96, 1024 }, { 4, 97, 1024 }, { 4, 98, 1024 }, { 5, 99, 1024 }, { 4, 100, 1024 }, { 5, 101, 1024 }, { 5, 102, 1024 }, { 6, 103, 1024 },
+ { 4, 104, 1024 }, { 5, 105, 1024 }, { 5, 106, 1024 }, { 6, 107, 1024 }, { 5, 108, 1024 }, { 6, 109, 1024 }, { 6, 110, 1024 }, { 7, 111, 1024 },
+ { 4, 112, 1024 }, { 5, 113, 1024 }, { 5, 114, 1024 }, { 6, 115, 1024 }, { 5, 116, 1024 }, { 6, 117, 1024 }, { 6, 118, 1024 }, { 7, 119, 1024 },
+ { 5, 120, 1024 }, { 6, 121, 1024 }, { 6, 122, 1024 }, { 7, 123, 1024 }, { 6, 124, 1024 }, { 7, 125, 1024 }, { 7, 126, 1024 }, { 8, 127, 1024 },
+ { 2, 128, 1024 }, { 3, 129, 1024 }, { 3, 130, 1024 }, { 4, 131, 1024 }, { 3, 132, 1024 }, { 4, 133, 1024 }, { 4, 134, 1024 }, { 5, 135, 1024 },
+ { 3, 136, 1024 }, { 4, 137, 1024 }, { 4, 138, 1024 }, { 5, 139, 1024 }, { 4, 140, 1024 }, { 5, 141, 1024 }, { 5, 142, 1024 }, { 6, 143, 1024 },
+ { 3, 144, 1024 }, { 4, 145, 1024 }, { 4, 146, 1024 }, { 5, 147, 1024 }, { 4, 148, 1024 }, { 5, 149, 1024 }, { 5, 150, 1024 }, { 6, 151, 1024 },
+ { 4, 152, 1024 }, { 5, 153, 1024 }, { 5, 154, 1024 }, { 6, 155, 1024 }, { 5, 156, 1024 }, { 6, 157, 1024 }, { 6, 158, 1024 }, { 7, 159, 1024 },
+ { 3, 160, 1024 }, { 4, 161, 1024 }, { 4, 162, 1024 }, { 5, 163, 1024 }, { 4, 164, 1024 }, { 5, 165, 1024 }, { 5, 166, 1024 }, { 6, 167, 1024 },
+ { 4, 168, 1024 }, { 5, 169, 1024 }, { 5, 170, 1024 }, { 6, 171, 1024 }, { 5, 172, 1024 }, { 6, 173, 1024 }, { 6, 174, 1024 }, { 7, 175, 1024 },
+ { 4, 176, 1024 }, { 5, 177, 1024 }, { 5, 178, 1024 }, { 6, 179, 1024 }, { 5, 180, 1024 }, { 6, 181, 1024 }, { 6, 182, 1024 }, { 7, 183, 1024 },
+ { 5, 184, 1024 }, { 6, 185, 1024 }, { 6, 186, 1024 }, { 7, 187, 1024 }, { 6, 188, 1024 }, { 7, 189, 1024 }, { 7, 190, 1024 }, { 8, 191, 1024 },
+ { 3, 192, 1024 }, { 4, 193, 1024 }, { 4, 194, 1024 }, { 5, 195, 1024 }, { 4, 196, 1024 }, { 5, 197, 1024 }, { 5, 198, 1024 }, { 6, 199, 1024 },
+ { 4, 200, 1024 }, { 5, 201, 1024 }, { 5, 202, 1024 }, { 6, 203, 1024 }, { 5, 204, 1024 }, { 6, 205, 1024 }, { 6, 206, 1024 }, { 7, 207, 1024 },
+ { 4, 208, 1024 }, { 5, 209, 1024 }, { 5, 210, 1024 }, { 6, 211, 1024 }, { 5, 212, 1024 }, { 6, 213, 1024 }, { 6, 214, 1024 }, { 7, 215, 1024 },
+ { 5, 216, 1024 }, { 6, 217, 1024 }, { 6, 218, 1024 }, { 7, 219, 1024 }, { 6, 220, 1024 }, { 7, 221, 1024 }, { 7, 222, 1024 }, { 8, 223, 1024 },
+ { 4, 224, 1024 }, { 5, 225, 1024 }, { 5, 226, 1024 }, { 6, 227, 1024 }, { 5, 228, 1024 }, { 6, 229, 1024 }, { 6, 230, 1024 }, { 7, 231, 1024 },
+ { 5, 232, 1024 }, { 6, 233, 1024 }, { 6, 234, 1024 }, { 7, 235, 1024 }, { 6, 236, 1024 }, { 7, 237, 1024 }, { 7, 238, 1024 }, { 8, 239, 1024 },
+ { 5, 240, 1024 }, { 6, 241, 1024 }, { 6, 242, 1024 }, { 7, 243, 1024 }, { 6, 244, 1024 }, { 7, 245, 1024 }, { 7, 246, 1024 }, { 8, 247, 1024 },
+ { 6, 248, 1024 }, { 7, 249, 1024 }, { 7, 250, 1024 }, { 8, 251, 1024 }, { 7, 252, 1024 }, { 8, 253, 1024 }, { 8, 254, 1024 }, { 9, 255, 1024 },
+ { 2, 256, 1024 }, { 3, 257, 1024 }, { 3, 258, 1024 }, { 4, 259, 1024 }, { 3, 260, 1024 }, { 4, 261, 1024 }, { 4, 262, 1024 }, { 5, 263, 1024 },
+ { 3, 264, 1024 }, { 4, 265, 1024 }, { 4, 266, 1024 }, { 5, 267, 1024 }, { 4, 268, 1024 }, { 5, 269, 1024 }, { 5, 270, 1024 }, { 6, 271, 1024 },
+ { 3, 272, 1024 }, { 4, 273, 1024 }, { 4, 274, 1024 }, { 5, 275, 1024 }, { 4, 276, 1024 }, { 5, 277, 1024 }, { 5, 278, 1024 }, { 6, 279, 1024 },
+ { 4, 280, 1024 }, { 5, 281, 1024 }, { 5, 282, 1024 }, { 6, 283, 1024 }, { 5, 284, 1024 }, { 6, 285, 1024 }, { 6, 286, 1024 }, { 7, 287, 1024 },
+ { 3, 288, 1024 }, { 4, 289, 1024 }, { 4, 290, 1024 }, { 5, 291, 1024 }, { 4, 292, 1024 }, { 5, 293, 1024 }, { 5, 294, 1024 }, { 6, 295, 1024 },
+ { 4, 296, 1024 }, { 5, 297, 1024 }, { 5, 298, 1024 }, { 6, 299, 1024 }, { 5, 300, 1024 }, { 6, 301, 1024 }, { 6, 302, 1024 }, { 7, 303, 1024 },
+ { 4, 304, 1024 }, { 5, 305, 1024 }, { 5, 306, 1024 }, { 6, 307, 1024 }, { 5, 308, 1024 }, { 6, 309, 1024 }, { 6, 310, 1024 }, { 7, 311, 1024 },
+ { 5, 312, 1024 }, { 6, 313, 1024 }, { 6, 314, 1024 }, { 7, 315, 1024 }, { 6, 316, 1024 }, { 7, 317, 1024 }, { 7, 318, 1024 }, { 8, 319, 1024 },
+ { 3, 320, 1024 }, { 4, 321, 1024 }, { 4, 322, 1024 }, { 5, 323, 1024 }, { 4, 324, 1024 }, { 5, 325, 1024 }, { 5, 326, 1024 }, { 6, 327, 1024 },
+ { 4, 328, 1024 }, { 5, 329, 1024 }, { 5, 330, 1024 }, { 6, 331, 1024 }, { 5, 332, 1024 }, { 6, 333, 1024 }, { 6, 334, 1024 }, { 7, 335, 1024 },
+ { 4, 336, 1024 }, { 5, 337, 1024 }, { 5, 338, 1024 }, { 6, 339, 1024 }, { 5, 340, 1024 }, { 6, 341, 1024 }, { 6, 342, 1024 }, { 7, 343, 1024 },
+ { 5, 344, 1024 }, { 6, 345, 1024 }, { 6, 346, 1024 }, { 7, 347, 1024 }, { 6, 348, 1024 }, { 7, 349, 1024 }, { 7, 350, 1024 }, { 8, 351, 1024 },
+ { 4, 352, 1024 }, { 5, 353, 1024 }, { 5, 354, 1024 }, { 6, 355, 1024 }, { 5, 356, 1024 }, { 6, 357, 1024 }, { 6, 358, 1024 }, { 7, 359, 1024 },
+ { 5, 360, 1024 }, { 6, 361, 1024 }, { 6, 362, 1024 }, { 7, 363, 1024 }, { 6, 364, 1024 }, { 7, 365, 1024 }, { 7, 366, 1024 }, { 8, 367, 1024 },
+ { 5, 368, 1024 }, { 6, 369, 1024 }, { 6, 370, 1024 }, { 7, 371, 1024 }, { 6, 372, 1024 }, { 7, 373, 1024 }, { 7, 374, 1024 }, { 8, 375, 1024 },
+ { 6, 376, 1024 }, { 7, 377, 1024 }, { 7, 378, 1024 }, { 8, 379, 1024 }, { 7, 380, 1024 }, { 8, 381, 1024 }, { 8, 382, 1024 }, { 9, 383, 1024 },
+ { 3, 384, 1024 }, { 4, 385, 1024 }, { 4, 386, 1024 }, { 5, 387, 1024 }, { 4, 388, 1024 }, { 5, 389, 1024 }, { 5, 390, 1024 }, { 6, 391, 1024 },
+ { 4, 392, 1024 }, { 5, 393, 1024 }, { 5, 394, 1024 }, { 6, 395, 1024 }, { 5, 396, 1024 }, { 6, 397, 1024 }, { 6, 398, 1024 }, { 7, 399, 1024 },
+ { 4, 400, 1024 }, { 5, 401, 1024 }, { 5, 402, 1024 }, { 6, 403, 1024 }, { 5, 404, 1024 }, { 6, 405, 1024 }, { 6, 406, 1024 }, { 7, 407, 1024 },
+ { 5, 408, 1024 }, { 6, 409, 1024 }, { 6, 410, 1024 }, { 7, 411, 1024 }, { 6, 412, 1024 }, { 7, 413, 1024 }, { 7, 414, 1024 }, { 8, 415, 1024 },
+ { 4, 416, 1024 }, { 5, 417, 1024 }, { 5, 418, 1024 }, { 6, 419, 1024 }, { 5, 420, 1024 }, { 6, 421, 1024 }, { 6, 422, 1024 }, { 7, 423, 1024 },
+ { 5, 424, 1024 }, { 6, 425, 1024 }, { 6, 426, 1024 }, { 7, 427, 1024 }, { 6, 428, 1024 }, { 7, 429, 1024 }, { 7, 430, 1024 }, { 8, 431, 1024 },
+ { 5, 432, 1024 }, { 6, 433, 1024 }, { 6, 434, 1024 }, { 7, 435, 1024 }, { 6, 436, 1024 }, { 7, 437, 1024 }, { 7, 438, 1024 }, { 8, 439, 1024 },
+ { 6, 440, 1024 }, { 7, 441, 1024 }, { 7, 442, 1024 }, { 8, 443, 1024 }, { 7, 444, 1024 }, { 8, 445, 1024 }, { 8, 446, 1024 }, { 9, 447, 1024 },
+ { 4, 448, 1024 }, { 5, 449, 1024 }, { 5, 450, 1024 }, { 6, 451, 1024 }, { 5, 452, 1024 }, { 6, 453, 1024 }, { 6, 454, 1024 }, { 7, 455, 1024 },
+ { 5, 456, 1024 }, { 6, 457, 1024 }, { 6, 458, 1024 }, { 7, 459, 1024 }, { 6, 460, 1024 }, { 7, 461, 1024 }, { 7, 462, 1024 }, { 8, 463, 1024 },
+ { 5, 464, 1024 }, { 6, 465, 1024 }, { 6, 466, 1024 }, { 7, 467, 1024 }, { 6, 468, 1024 }, { 7, 469, 1024 }, { 7, 470, 1024 }, { 8, 471, 1024 },
+ { 6, 472, 1024 }, { 7, 473, 1024 }, { 7, 474, 1024 }, { 8, 475, 1024 }, { 7, 476, 1024 }, { 8, 477, 1024 }, { 8, 478, 1024 }, { 9, 479, 1024 },
+ { 5, 480, 1024 }, { 6, 481, 1024 }, { 6, 482, 1024 }, { 7, 483, 1024 }, { 6, 484, 1024 }, { 7, 485, 1024 }, { 7, 486, 1024 }, { 8, 487, 1024 },
+ { 6, 488, 1024 }, { 7, 489, 1024 }, { 7, 490, 1024 }, { 8, 491, 1024 }, { 7, 492, 1024 }, { 8, 493, 1024 }, { 8, 494, 1024 }, { 9, 495, 1024 },
+ { 6, 496, 1024 }, { 7, 497, 1024 }, { 7, 498, 1024 }, { 8, 499, 1024 }, { 7, 500, 1024 }, { 8, 501, 1024 }, { 8, 502, 1024 }, { 9, 503, 1024 },
+ { 7, 504, 1024 }, { 8, 505, 1024 }, { 8, 506, 1024 }, { 9, 507, 1024 }, { 8, 508, 1024 }, { 9, 509, 1024 }, { 9, 510, 1024 }, { 10, 511, 1024 },
+ { 2, 512, 1024 }, { 3, 513, 1024 }, { 3, 514, 1024 }, { 4, 515, 1024 }, { 3, 516, 1024 }, { 4, 517, 1024 }, { 4, 518, 1024 }, { 5, 519, 1024 },
+ { 3, 520, 1024 }, { 4, 521, 1024 }, { 4, 522, 1024 }, { 5, 523, 1024 }, { 4, 524, 1024 }, { 5, 525, 1024 }, { 5, 526, 1024 }, { 6, 527, 1024 },
+ { 3, 528, 1024 }, { 4, 529, 1024 }, { 4, 530, 1024 }, { 5, 531, 1024 }, { 4, 532, 1024 }, { 5, 533, 1024 }, { 5, 534, 1024 }, { 6, 535, 1024 },
+ { 4, 536, 1024 }, { 5, 537, 1024 }, { 5, 538, 1024 }, { 6, 539, 1024 }, { 5, 540, 1024 }, { 6, 541, 1024 }, { 6, 542, 1024 }, { 7, 543, 1024 },
+ { 3, 544, 1024 }, { 4, 545, 1024 }, { 4, 546, 1024 }, { 5, 547, 1024 }, { 4, 548, 1024 }, { 5, 549, 1024 }, { 5, 550, 1024 }, { 6, 551, 1024 },
+ { 4, 552, 1024 }, { 5, 553, 1024 }, { 5, 554, 1024 }, { 6, 555, 1024 }, { 5, 556, 1024 }, { 6, 557, 1024 }, { 6, 558, 1024 }, { 7, 559, 1024 },
+ { 4, 560, 1024 }, { 5, 561, 1024 }, { 5, 562, 1024 }, { 6, 563, 1024 }, { 5, 564, 1024 }, { 6, 565, 1024 }, { 6, 566, 1024 }, { 7, 567, 1024 },
+ { 5, 568, 1024 }, { 6, 569, 1024 }, { 6, 570, 1024 }, { 7, 571, 1024 }, { 6, 572, 1024 }, { 7, 573, 1024 }, { 7, 574, 1024 }, { 8, 575, 1024 },
+ { 3, 576, 1024 }, { 4, 577, 1024 }, { 4, 578, 1024 }, { 5, 579, 1024 }, { 4, 580, 1024 }, { 5, 581, 1024 }, { 5, 582, 1024 }, { 6, 583, 1024 },
+ { 4, 584, 1024 }, { 5, 585, 1024 }, { 5, 586, 1024 }, { 6, 587, 1024 }, { 5, 588, 1024 }, { 6, 589, 1024 }, { 6, 590, 1024 }, { 7, 591, 1024 },
+ { 4, 592, 1024 }, { 5, 593, 1024 }, { 5, 594, 1024 }, { 6, 595, 1024 }, { 5, 596, 1024 }, { 6, 597, 1024 }, { 6, 598, 1024 }, { 7, 599, 1024 },
+ { 5, 600, 1024 }, { 6, 601, 1024 }, { 6, 602, 1024 }, { 7, 603, 1024 }, { 6, 604, 1024 }, { 7, 605, 1024 }, { 7, 606, 1024 }, { 8, 607, 1024 },
+ { 4, 608, 1024 }, { 5, 609, 1024 }, { 5, 610, 1024 }, { 6, 611, 1024 }, { 5, 612, 1024 }, { 6, 613, 1024 }, { 6, 614, 1024 }, { 7, 615, 1024 },
+ { 5, 616, 1024 }, { 6, 617, 1024 }, { 6, 618, 1024 }, { 7, 619, 1024 }, { 6, 620, 1024 }, { 7, 621, 1024 }, { 7, 622, 1024 }, { 8, 623, 1024 },
+ { 5, 624, 1024 }, { 6, 625, 1024 }, { 6, 626, 1024 }, { 7, 627, 1024 }, { 6, 628, 1024 }, { 7, 629, 1024 }, { 7, 630, 1024 }, { 8, 631, 1024 },
+ { 6, 632, 1024 }, { 7, 633, 1024 }, { 7, 634, 1024 }, { 8, 635, 1024 }, { 7, 636, 1024 }, { 8, 637, 1024 }, { 8, 638, 1024 }, { 9, 639, 1024 },
+ { 3, 640, 1024 }, { 4, 641, 1024 }, { 4, 642, 1024 }, { 5, 643, 1024 }, { 4, 644, 1024 }, { 5, 645, 1024 }, { 5, 646, 1024 }, { 6, 647, 1024 },
+ { 4, 648, 1024 }, { 5, 649, 1024 }, { 5, 650, 1024 }, { 6, 651, 1024 }, { 5, 652, 1024 }, { 6, 653, 1024 }, { 6, 654, 1024 }, { 7, 655, 1024 },
+ { 4, 656, 1024 }, { 5, 657, 1024 }, { 5, 658, 1024 }, { 6, 659, 1024 }, { 5, 660, 1024 }, { 6, 661, 1024 }, { 6, 662, 1024 }, { 7, 663, 1024 },
+ { 5, 664, 1024 }, { 6, 665, 1024 }, { 6, 666, 1024 }, { 7, 667, 1024 }, { 6, 668, 1024 }, { 7, 669, 1024 }, { 7, 670, 1024 }, { 8, 671, 1024 },
+ { 4, 672, 1024 }, { 5, 673, 1024 }, { 5, 674, 1024 }, { 6, 675, 1024 }, { 5, 676, 1024 }, { 6, 677, 1024 }, { 6, 678, 1024 }, { 7, 679, 1024 },
+ { 5, 680, 1024 }, { 6, 681, 1024 }, { 6, 682, 1024 }, { 7, 683, 1024 }, { 6, 684, 1024 }, { 7, 685, 1024 }, { 7, 686, 1024 }, { 8, 687, 1024 },
+ { 5, 688, 1024 }, { 6, 689, 1024 }, { 6, 690, 1024 }, { 7, 691, 1024 }, { 6, 692, 1024 }, { 7, 693, 1024 }, { 7, 694, 1024 }, { 8, 695, 1024 },
+ { 6, 696, 1024 }, { 7, 697, 1024 }, { 7, 698, 1024 }, { 8, 699, 1024 }, { 7, 700, 1024 }, { 8, 701, 1024 }, { 8, 702, 1024 }, { 9, 703, 1024 },
+ { 4, 704, 1024 }, { 5, 705, 1024 }, { 5, 706, 1024 }, { 6, 707, 1024 }, { 5, 708, 1024 }, { 6, 709, 1024 }, { 6, 710, 1024 }, { 7, 711, 1024 },
+ { 5, 712, 1024 }, { 6, 713, 1024 }, { 6, 714, 1024 }, { 7, 715, 1024 }, { 6, 716, 1024 }, { 7, 717, 1024 }, { 7, 718, 1024 }, { 8, 719, 1024 },
+ { 5, 720, 1024 }, { 6, 721, 1024 }, { 6, 722, 1024 }, { 7, 723, 1024 }, { 6, 724, 1024 }, { 7, 725, 1024 }, { 7, 726, 1024 }, { 8, 727, 1024 },
+ { 6, 728, 1024 }, { 7, 729, 1024 }, { 7, 730, 1024 }, { 8, 731, 1024 }, { 7, 732, 1024 }, { 8, 733, 1024 }, { 8, 734, 1024 }, { 9, 735, 1024 },
+ { 5, 736, 1024 }, { 6, 737, 1024 }, { 6, 738, 1024 }, { 7, 739, 1024 }, { 6, 740, 1024 }, { 7, 741, 1024 }, { 7, 742, 1024 }, { 8, 743, 1024 },
+ { 6, 744, 1024 }, { 7, 745, 1024 }, { 7, 746, 1024 }, { 8, 747, 1024 }, { 7, 748, 1024 }, { 8, 749, 1024 }, { 8, 750, 1024 }, { 9, 751, 1024 },
+ { 6, 752, 1024 }, { 7, 753, 1024 }, { 7, 754, 1024 }, { 8, 755, 1024 }, { 7, 756, 1024 }, { 8, 757, 1024 }, { 8, 758, 1024 }, { 9, 759, 1024 },
+ { 7, 760, 1024 }, { 8, 761, 1024 }, { 8, 762, 1024 }, { 9, 763, 1024 }, { 8, 764, 1024 }, { 9, 765, 1024 }, { 9, 766, 1024 }, { 10, 767, 1024 },
+ { 3, 768, 1024 }, { 4, 769, 1024 }, { 4, 770, 1024 }, { 5, 771, 1024 }, { 4, 772, 1024 }, { 5, 773, 1024 }, { 5, 774, 1024 }, { 6, 775, 1024 },
+ { 4, 776, 1024 }, { 5, 777, 1024 }, { 5, 778, 1024 }, { 6, 779, 1024 }, { 5, 780, 1024 }, { 6, 781, 1024 }, { 6, 782, 1024 }, { 7, 783, 1024 },
+ { 4, 784, 1024 }, { 5, 785, 1024 }, { 5, 786, 1024 }, { 6, 787, 1024 }, { 5, 788, 1024 }, { 6, 789, 1024 }, { 6, 790, 1024 }, { 7, 791, 1024 },
+ { 5, 792, 1024 }, { 6, 793, 1024 }, { 6, 794, 1024 }, { 7, 795, 1024 }, { 6, 796, 1024 }, { 7, 797, 1024 }, { 7, 798, 1024 }, { 8, 799, 1024 },
+ { 4, 800, 1024 }, { 5, 801, 1024 }, { 5, 802, 1024 }, { 6, 803, 1024 }, { 5, 804, 1024 }, { 6, 805, 1024 }, { 6, 806, 1024 }, { 7, 807, 1024 },
+ { 5, 808, 1024 }, { 6, 809, 1024 }, { 6, 810, 1024 }, { 7, 811, 1024 }, { 6, 812, 1024 }, { 7, 813, 1024 }, { 7, 814, 1024 }, { 8, 815, 1024 },
+ { 5, 816, 1024 }, { 6, 817, 1024 }, { 6, 818, 1024 }, { 7, 819, 1024 }, { 6, 820, 1024 }, { 7, 821, 1024 }, { 7, 822, 1024 }, { 8, 823, 1024 },
+ { 6, 824, 1024 }, { 7, 825, 1024 }, { 7, 826, 1024 }, { 8, 827, 1024 }, { 7, 828, 1024 }, { 8, 829, 1024 }, { 8, 830, 1024 }, { 9, 831, 1024 },
+ { 4, 832, 1024 }, { 5, 833, 1024 }, { 5, 834, 1024 }, { 6, 835, 1024 }, { 5, 836, 1024 }, { 6, 837, 1024 }, { 6, 838, 1024 }, { 7, 839, 1024 },
+ { 5, 840, 1024 }, { 6, 841, 1024 }, { 6, 842, 1024 }, { 7, 843, 1024 }, { 6, 844, 1024 }, { 7, 845, 1024 }, { 7, 846, 1024 }, { 8, 847, 1024 },
+ { 5, 848, 1024 }, { 6, 849, 1024 }, { 6, 850, 1024 }, { 7, 851, 1024 }, { 6, 852, 1024 }, { 7, 853, 1024 }, { 7, 854, 1024 }, { 8, 855, 1024 },
+ { 6, 856, 1024 }, { 7, 857, 1024 }, { 7, 858, 1024 }, { 8, 859, 1024 }, { 7, 860, 1024 }, { 8, 861, 1024 }, { 8, 862, 1024 }, { 9, 863, 1024 },
+ { 5, 864, 1024 }, { 6, 865, 1024 }, { 6, 866, 1024 }, { 7, 867, 1024 }, { 6, 868, 1024 }, { 7, 869, 1024 }, { 7, 870, 1024 }, { 8, 871, 1024 },
+ { 6, 872, 1024 }, { 7, 873, 1024 }, { 7, 874, 1024 }, { 8, 875, 1024 }, { 7, 876, 1024 }, { 8, 877, 1024 }, { 8, 878, 1024 }, { 9, 879, 1024 },
+ { 6, 880, 1024 }, { 7, 881, 1024 }, { 7, 882, 1024 }, { 8, 883, 1024 }, { 7, 884, 1024 }, { 8, 885, 1024 }, { 8, 886, 1024 }, { 9, 887, 1024 },
+ { 7, 888, 1024 }, { 8, 889, 1024 }, { 8, 890, 1024 }, { 9, 891, 1024 }, { 8, 892, 1024 }, { 9, 893, 1024 }, { 9, 894, 1024 }, { 10, 895, 1024 },
+ { 4, 896, 1024 }, { 5, 897, 1024 }, { 5, 898, 1024 }, { 6, 899, 1024 }, { 5, 900, 1024 }, { 6, 901, 1024 }, { 6, 902, 1024 }, { 7, 903, 1024 },
+ { 5, 904, 1024 }, { 6, 905, 1024 }, { 6, 906, 1024 }, { 7, 907, 1024 }, { 6, 908, 1024 }, { 7, 909, 1024 }, { 7, 910, 1024 }, { 8, 911, 1024 },
+ { 5, 912, 1024 }, { 6, 913, 1024 }, { 6, 914, 1024 }, { 7, 915, 1024 }, { 6, 916, 1024 }, { 7, 917, 1024 }, { 7, 918, 1024 }, { 8, 919, 1024 },
+ { 6, 920, 1024 }, { 7, 921, 1024 }, { 7, 922, 1024 }, { 8, 923, 1024 }, { 7, 924, 1024 }, { 8, 925, 1024 }, { 8, 926, 1024 }, { 9, 927, 1024 },
+ { 5, 928, 1024 }, { 6, 929, 1024 }, { 6, 930, 1024 }, { 7, 931, 1024 }, { 6, 932, 1024 }, { 7, 933, 1024 }, { 7, 934, 1024 }, { 8, 935, 1024 },
+ { 6, 936, 1024 }, { 7, 937, 1024 }, { 7, 938, 1024 }, { 8, 939, 1024 }, { 7, 940, 1024 }, { 8, 941, 1024 }, { 8, 942, 1024 }, { 9, 943, 1024 },
+ { 6, 944, 1024 }, { 7, 945, 1024 }, { 7, 946, 1024 }, { 8, 947, 1024 }, { 7, 948, 1024 }, { 8, 949, 1024 }, { 8, 950, 1024 }, { 9, 951, 1024 },
+ { 7, 952, 1024 }, { 8, 953, 1024 }, { 8, 954, 1024 }, { 9, 955, 1024 }, { 8, 956, 1024 }, { 9, 957, 1024 }, { 9, 958, 1024 }, { 10, 959, 1024 },
+ { 5, 960, 1024 }, { 6, 961, 1024 }, { 6, 962, 1024 }, { 7, 963, 1024 }, { 6, 964, 1024 }, { 7, 965, 1024 }, { 7, 966, 1024 }, { 8, 967, 1024 },
+ { 6, 968, 1024 }, { 7, 969, 1024 }, { 7, 970, 1024 }, { 8, 971, 1024 }, { 7, 972, 1024 }, { 8, 973, 1024 }, { 8, 974, 1024 }, { 9, 975, 1024 },
+ { 6, 976, 1024 }, { 7, 977, 1024 }, { 7, 978, 1024 }, { 8, 979, 1024 }, { 7, 980, 1024 }, { 8, 981, 1024 }, { 8, 982, 1024 }, { 9, 983, 1024 },
+ { 7, 984, 1024 }, { 8, 985, 1024 }, { 8, 986, 1024 }, { 9, 987, 1024 }, { 8, 988, 1024 }, { 9, 989, 1024 }, { 9, 990, 1024 }, { 10, 991, 1024 },
+ { 6, 992, 1024 }, { 7, 993, 1024 }, { 7, 994, 1024 }, { 8, 995, 1024 }, { 7, 996, 1024 }, { 8, 997, 1024 }, { 8, 998, 1024 }, { 9, 999, 1024 },
+ { 7, 1000, 1024 }, { 8, 1001, 1024 }, { 8, 1002, 1024 }, { 9, 1003, 1024 }, { 8, 1004, 1024 }, { 9, 1005, 1024 }, { 9, 1006, 1024 }, { 10, 1007, 1024 },
+ { 7, 1008, 1024 }, { 8, 1009, 1024 }, { 8, 1010, 1024 }, { 9, 1011, 1024 }, { 8, 1012, 1024 }, { 9, 1013, 1024 }, { 9, 1014, 1024 }, { 10, 1015, 1024 },
+ { 8, 1016, 1024 }, { 9, 1017, 1024 }, { 9, 1018, 1024 }, { 10, 1019, 1024 }, { 9, 1020, 1024 }, { 10, 1021, 1024 }, { 10, 1022, 1024 }, { 11, 1023, 1024 },
+#if FP_LUT > 11
+ { 1, 0, 0 }, { 2, 1, 2048 }, { 2, 2, 2048 }, { 3, 3, 2048 }, { 2, 4, 2048 }, { 3, 5, 2048 }, { 3, 6, 2048 }, { 4, 7, 2048 },
+ { 2, 8, 2048 }, { 3, 9, 2048 }, { 3, 10, 2048 }, { 4, 11, 2048 }, { 3, 12, 2048 }, { 4, 13, 2048 }, { 4, 14, 2048 }, { 5, 15, 2048 },
+ { 2, 16, 2048 }, { 3, 17, 2048 }, { 3, 18, 2048 }, { 4, 19, 2048 }, { 3, 20, 2048 }, { 4, 21, 2048 }, { 4, 22, 2048 }, { 5, 23, 2048 },
+ { 3, 24, 2048 }, { 4, 25, 2048 }, { 4, 26, 2048 }, { 5, 27, 2048 }, { 4, 28, 2048 }, { 5, 29, 2048 }, { 5, 30, 2048 }, { 6, 31, 2048 },
+ { 2, 32, 2048 }, { 3, 33, 2048 }, { 3, 34, 2048 }, { 4, 35, 2048 }, { 3, 36, 2048 }, { 4, 37, 2048 }, { 4, 38, 2048 }, { 5, 39, 2048 },
+ { 3, 40, 2048 }, { 4, 41, 2048 }, { 4, 42, 2048 }, { 5, 43, 2048 }, { 4, 44, 2048 }, { 5, 45, 2048 }, { 5, 46, 2048 }, { 6, 47, 2048 },
+ { 3, 48, 2048 }, { 4, 49, 2048 }, { 4, 50, 2048 }, { 5, 51, 2048 }, { 4, 52, 2048 }, { 5, 53, 2048 }, { 5, 54, 2048 }, { 6, 55, 2048 },
+ { 4, 56, 2048 }, { 5, 57, 2048 }, { 5, 58, 2048 }, { 6, 59, 2048 }, { 5, 60, 2048 }, { 6, 61, 2048 }, { 6, 62, 2048 }, { 7, 63, 2048 },
+ { 2, 64, 2048 }, { 3, 65, 2048 }, { 3, 66, 2048 }, { 4, 67, 2048 }, { 3, 68, 2048 }, { 4, 69, 2048 }, { 4, 70, 2048 }, { 5, 71, 2048 },
+ { 3, 72, 2048 }, { 4, 73, 2048 }, { 4, 74, 2048 }, { 5, 75, 2048 }, { 4, 76, 2048 }, { 5, 77, 2048 }, { 5, 78, 2048 }, { 6, 79, 2048 },
+ { 3, 80, 2048 }, { 4, 81, 2048 }, { 4, 82, 2048 }, { 5, 83, 2048 }, { 4, 84, 2048 }, { 5, 85, 2048 }, { 5, 86, 2048 }, { 6, 87, 2048 },
+ { 4, 88, 2048 }, { 5, 89, 2048 }, { 5, 90, 2048 }, { 6, 91, 2048 }, { 5, 92, 2048 }, { 6, 93, 2048 }, { 6, 94, 2048 }, { 7, 95, 2048 },
+ { 3, 96, 2048 }, { 4, 97, 2048 }, { 4, 98, 2048 }, { 5, 99, 2048 }, { 4, 100, 2048 }, { 5, 101, 2048 }, { 5, 102, 2048 }, { 6, 103, 2048 },
+ { 4, 104, 2048 }, { 5, 105, 2048 }, { 5, 106, 2048 }, { 6, 107, 2048 }, { 5, 108, 2048 }, { 6, 109, 2048 }, { 6, 110, 2048 }, { 7, 111, 2048 },
+ { 4, 112, 2048 }, { 5, 113, 2048 }, { 5, 114, 2048 }, { 6, 115, 2048 }, { 5, 116, 2048 }, { 6, 117, 2048 }, { 6, 118, 2048 }, { 7, 119, 2048 },
+ { 5, 120, 2048 }, { 6, 121, 2048 }, { 6, 122, 2048 }, { 7, 123, 2048 }, { 6, 124, 2048 }, { 7, 125, 2048 }, { 7, 126, 2048 }, { 8, 127, 2048 },
+ { 2, 128, 2048 }, { 3, 129, 2048 }, { 3, 130, 2048 }, { 4, 131, 2048 }, { 3, 132, 2048 }, { 4, 133, 2048 }, { 4, 134, 2048 }, { 5, 135, 2048 },
+ { 3, 136, 2048 }, { 4, 137, 2048 }, { 4, 138, 2048 }, { 5, 139, 2048 }, { 4, 140, 2048 }, { 5, 141, 2048 }, { 5, 142, 2048 }, { 6, 143, 2048 },
+ { 3, 144, 2048 }, { 4, 145, 2048 }, { 4, 146, 2048 }, { 5, 147, 2048 }, { 4, 148, 2048 }, { 5, 149, 2048 }, { 5, 150, 2048 }, { 6, 151, 2048 },
+ { 4, 152, 2048 }, { 5, 153, 2048 }, { 5, 154, 2048 }, { 6, 155, 2048 }, { 5, 156, 2048 }, { 6, 157, 2048 }, { 6, 158, 2048 }, { 7, 159, 2048 },
+ { 3, 160, 2048 }, { 4, 161, 2048 }, { 4, 162, 2048 }, { 5, 163, 2048 }, { 4, 164, 2048 }, { 5, 165, 2048 }, { 5, 166, 2048 }, { 6, 167, 2048 },
+ { 4, 168, 2048 }, { 5, 169, 2048 }, { 5, 170, 2048 }, { 6, 171, 2048 }, { 5, 172, 2048 }, { 6, 173, 2048 }, { 6, 174, 2048 }, { 7, 175, 2048 },
+ { 4, 176, 2048 }, { 5, 177, 2048 }, { 5, 178, 2048 }, { 6, 179, 2048 }, { 5, 180, 2048 }, { 6, 181, 2048 }, { 6, 182, 2048 }, { 7, 183, 2048 },
+ { 5, 184, 2048 }, { 6, 185, 2048 }, { 6, 186, 2048 }, { 7, 187, 2048 }, { 6, 188, 2048 }, { 7, 189, 2048 }, { 7, 190, 2048 }, { 8, 191, 2048 },
+ { 3, 192, 2048 }, { 4, 193, 2048 }, { 4, 194, 2048 }, { 5, 195, 2048 }, { 4, 196, 2048 }, { 5, 197, 2048 }, { 5, 198, 2048 }, { 6, 199, 2048 },
+ { 4, 200, 2048 }, { 5, 201, 2048 }, { 5, 202, 2048 }, { 6, 203, 2048 }, { 5, 204, 2048 }, { 6, 205, 2048 }, { 6, 206, 2048 }, { 7, 207, 2048 },
+ { 4, 208, 2048 }, { 5, 209, 2048 }, { 5, 210, 2048 }, { 6, 211, 2048 }, { 5, 212, 2048 }, { 6, 213, 2048 }, { 6, 214, 2048 }, { 7, 215, 2048 },
+ { 5, 216, 2048 }, { 6, 217, 2048 }, { 6, 218, 2048 }, { 7, 219, 2048 }, { 6, 220, 2048 }, { 7, 221, 2048 }, { 7, 222, 2048 }, { 8, 223, 2048 },
+ { 4, 224, 2048 }, { 5, 225, 2048 }, { 5, 226, 2048 }, { 6, 227, 2048 }, { 5, 228, 2048 }, { 6, 229, 2048 }, { 6, 230, 2048 }, { 7, 231, 2048 },
+ { 5, 232, 2048 }, { 6, 233, 2048 }, { 6, 234, 2048 }, { 7, 235, 2048 }, { 6, 236, 2048 }, { 7, 237, 2048 }, { 7, 238, 2048 }, { 8, 239, 2048 },
+ { 5, 240, 2048 }, { 6, 241, 2048 }, { 6, 242, 2048 }, { 7, 243, 2048 }, { 6, 244, 2048 }, { 7, 245, 2048 }, { 7, 246, 2048 }, { 8, 247, 2048 },
+ { 6, 248, 2048 }, { 7, 249, 2048 }, { 7, 250, 2048 }, { 8, 251, 2048 }, { 7, 252, 2048 }, { 8, 253, 2048 }, { 8, 254, 2048 }, { 9, 255, 2048 },
+ { 2, 256, 2048 }, { 3, 257, 2048 }, { 3, 258, 2048 }, { 4, 259, 2048 }, { 3, 260, 2048 }, { 4, 261, 2048 }, { 4, 262, 2048 }, { 5, 263, 2048 },
+ { 3, 264, 2048 }, { 4, 265, 2048 }, { 4, 266, 2048 }, { 5, 267, 2048 }, { 4, 268, 2048 }, { 5, 269, 2048 }, { 5, 270, 2048 }, { 6, 271, 2048 },
+ { 3, 272, 2048 }, { 4, 273, 2048 }, { 4, 274, 2048 }, { 5, 275, 2048 }, { 4, 276, 2048 }, { 5, 277, 2048 }, { 5, 278, 2048 }, { 6, 279, 2048 },
+ { 4, 280, 2048 }, { 5, 281, 2048 }, { 5, 282, 2048 }, { 6, 283, 2048 }, { 5, 284, 2048 }, { 6, 285, 2048 }, { 6, 286, 2048 }, { 7, 287, 2048 },
+ { 3, 288, 2048 }, { 4, 289, 2048 }, { 4, 290, 2048 }, { 5, 291, 2048 }, { 4, 292, 2048 }, { 5, 293, 2048 }, { 5, 294, 2048 }, { 6, 295, 2048 },
+ { 4, 296, 2048 }, { 5, 297, 2048 }, { 5, 298, 2048 }, { 6, 299, 2048 }, { 5, 300, 2048 }, { 6, 301, 2048 }, { 6, 302, 2048 }, { 7, 303, 2048 },
+ { 4, 304, 2048 }, { 5, 305, 2048 }, { 5, 306, 2048 }, { 6, 307, 2048 }, { 5, 308, 2048 }, { 6, 309, 2048 }, { 6, 310, 2048 }, { 7, 311, 2048 },
+ { 5, 312, 2048 }, { 6, 313, 2048 }, { 6, 314, 2048 }, { 7, 315, 2048 }, { 6, 316, 2048 }, { 7, 317, 2048 }, { 7, 318, 2048 }, { 8, 319, 2048 },
+ { 3, 320, 2048 }, { 4, 321, 2048 }, { 4, 322, 2048 }, { 5, 323, 2048 }, { 4, 324, 2048 }, { 5, 325, 2048 }, { 5, 326, 2048 }, { 6, 327, 2048 },
+ { 4, 328, 2048 }, { 5, 329, 2048 }, { 5, 330, 2048 }, { 6, 331, 2048 }, { 5, 332, 2048 }, { 6, 333, 2048 }, { 6, 334, 2048 }, { 7, 335, 2048 },
+ { 4, 336, 2048 }, { 5, 337, 2048 }, { 5, 338, 2048 }, { 6, 339, 2048 }, { 5, 340, 2048 }, { 6, 341, 2048 }, { 6, 342, 2048 }, { 7, 343, 2048 },
+ { 5, 344, 2048 }, { 6, 345, 2048 }, { 6, 346, 2048 }, { 7, 347, 2048 }, { 6, 348, 2048 }, { 7, 349, 2048 }, { 7, 350, 2048 }, { 8, 351, 2048 },
+ { 4, 352, 2048 }, { 5, 353, 2048 }, { 5, 354, 2048 }, { 6, 355, 2048 }, { 5, 356, 2048 }, { 6, 357, 2048 }, { 6, 358, 2048 }, { 7, 359, 2048 },
+ { 5, 360, 2048 }, { 6, 361, 2048 }, { 6, 362, 2048 }, { 7, 363, 2048 }, { 6, 364, 2048 }, { 7, 365, 2048 }, { 7, 366, 2048 }, { 8, 367, 2048 },
+ { 5, 368, 2048 }, { 6, 369, 2048 }, { 6, 370, 2048 }, { 7, 371, 2048 }, { 6, 372, 2048 }, { 7, 373, 2048 }, { 7, 374, 2048 }, { 8, 375, 2048 },
+ { 6, 376, 2048 }, { 7, 377, 2048 }, { 7, 378, 2048 }, { 8, 379, 2048 }, { 7, 380, 2048 }, { 8, 381, 2048 }, { 8, 382, 2048 }, { 9, 383, 2048 },
+ { 3, 384, 2048 }, { 4, 385, 2048 }, { 4, 386, 2048 }, { 5, 387, 2048 }, { 4, 388, 2048 }, { 5, 389, 2048 }, { 5, 390, 2048 }, { 6, 391, 2048 },
+ { 4, 392, 2048 }, { 5, 393, 2048 }, { 5, 394, 2048 }, { 6, 395, 2048 }, { 5, 396, 2048 }, { 6, 397, 2048 }, { 6, 398, 2048 }, { 7, 399, 2048 },
+ { 4, 400, 2048 }, { 5, 401, 2048 }, { 5, 402, 2048 }, { 6, 403, 2048 }, { 5, 404, 2048 }, { 6, 405, 2048 }, { 6, 406, 2048 }, { 7, 407, 2048 },
+ { 5, 408, 2048 }, { 6, 409, 2048 }, { 6, 410, 2048 }, { 7, 411, 2048 }, { 6, 412, 2048 }, { 7, 413, 2048 }, { 7, 414, 2048 }, { 8, 415, 2048 },
+ { 4, 416, 2048 }, { 5, 417, 2048 }, { 5, 418, 2048 }, { 6, 419, 2048 }, { 5, 420, 2048 }, { 6, 421, 2048 }, { 6, 422, 2048 }, { 7, 423, 2048 },
+ { 5, 424, 2048 }, { 6, 425, 2048 }, { 6, 426, 2048 }, { 7, 427, 2048 }, { 6, 428, 2048 }, { 7, 429, 2048 }, { 7, 430, 2048 }, { 8, 431, 2048 },
+ { 5, 432, 2048 }, { 6, 433, 2048 }, { 6, 434, 2048 }, { 7, 435, 2048 }, { 6, 436, 2048 }, { 7, 437, 2048 }, { 7, 438, 2048 }, { 8, 439, 2048 },
+ { 6, 440, 2048 }, { 7, 441, 2048 }, { 7, 442, 2048 }, { 8, 443, 2048 }, { 7, 444, 2048 }, { 8, 445, 2048 }, { 8, 446, 2048 }, { 9, 447, 2048 },
+ { 4, 448, 2048 }, { 5, 449, 2048 }, { 5, 450, 2048 }, { 6, 451, 2048 }, { 5, 452, 2048 }, { 6, 453, 2048 }, { 6, 454, 2048 }, { 7, 455, 2048 },
+ { 5, 456, 2048 }, { 6, 457, 2048 }, { 6, 458, 2048 }, { 7, 459, 2048 }, { 6, 460, 2048 }, { 7, 461, 2048 }, { 7, 462, 2048 }, { 8, 463, 2048 },
+ { 5, 464, 2048 }, { 6, 465, 2048 }, { 6, 466, 2048 }, { 7, 467, 2048 }, { 6, 468, 2048 }, { 7, 469, 2048 }, { 7, 470, 2048 }, { 8, 471, 2048 },
+ { 6, 472, 2048 }, { 7, 473, 2048 }, { 7, 474, 2048 }, { 8, 475, 2048 }, { 7, 476, 2048 }, { 8, 477, 2048 }, { 8, 478, 2048 }, { 9, 479, 2048 },
+ { 5, 480, 2048 }, { 6, 481, 2048 }, { 6, 482, 2048 }, { 7, 483, 2048 }, { 6, 484, 2048 }, { 7, 485, 2048 }, { 7, 486, 2048 }, { 8, 487, 2048 },
+ { 6, 488, 2048 }, { 7, 489, 2048 }, { 7, 490, 2048 }, { 8, 491, 2048 }, { 7, 492, 2048 }, { 8, 493, 2048 }, { 8, 494, 2048 }, { 9, 495, 2048 },
+ { 6, 496, 2048 }, { 7, 497, 2048 }, { 7, 498, 2048 }, { 8, 499, 2048 }, { 7, 500, 2048 }, { 8, 501, 2048 }, { 8, 502, 2048 }, { 9, 503, 2048 },
+ { 7, 504, 2048 }, { 8, 505, 2048 }, { 8, 506, 2048 }, { 9, 507, 2048 }, { 8, 508, 2048 }, { 9, 509, 2048 }, { 9, 510, 2048 }, { 10, 511, 2048 },
+ { 2, 512, 2048 }, { 3, 513, 2048 }, { 3, 514, 2048 }, { 4, 515, 2048 }, { 3, 516, 2048 }, { 4, 517, 2048 }, { 4, 518, 2048 }, { 5, 519, 2048 },
+ { 3, 520, 2048 }, { 4, 521, 2048 }, { 4, 522, 2048 }, { 5, 523, 2048 }, { 4, 524, 2048 }, { 5, 525, 2048 }, { 5, 526, 2048 }, { 6, 527, 2048 },
+ { 3, 528, 2048 }, { 4, 529, 2048 }, { 4, 530, 2048 }, { 5, 531, 2048 }, { 4, 532, 2048 }, { 5, 533, 2048 }, { 5, 534, 2048 }, { 6, 535, 2048 },
+ { 4, 536, 2048 }, { 5, 537, 2048 }, { 5, 538, 2048 }, { 6, 539, 2048 }, { 5, 540, 2048 }, { 6, 541, 2048 }, { 6, 542, 2048 }, { 7, 543, 2048 },
+ { 3, 544, 2048 }, { 4, 545, 2048 }, { 4, 546, 2048 }, { 5, 547, 2048 }, { 4, 548, 2048 }, { 5, 549, 2048 }, { 5, 550, 2048 }, { 6, 551, 2048 },
+ { 4, 552, 2048 }, { 5, 553, 2048 }, { 5, 554, 2048 }, { 6, 555, 2048 }, { 5, 556, 2048 }, { 6, 557, 2048 }, { 6, 558, 2048 }, { 7, 559, 2048 },
+ { 4, 560, 2048 }, { 5, 561, 2048 }, { 5, 562, 2048 }, { 6, 563, 2048 }, { 5, 564, 2048 }, { 6, 565, 2048 }, { 6, 566, 2048 }, { 7, 567, 2048 },
+ { 5, 568, 2048 }, { 6, 569, 2048 }, { 6, 570, 2048 }, { 7, 571, 2048 }, { 6, 572, 2048 }, { 7, 573, 2048 }, { 7, 574, 2048 }, { 8, 575, 2048 },
+ { 3, 576, 2048 }, { 4, 577, 2048 }, { 4, 578, 2048 }, { 5, 579, 2048 }, { 4, 580, 2048 }, { 5, 581, 2048 }, { 5, 582, 2048 }, { 6, 583, 2048 },
+ { 4, 584, 2048 }, { 5, 585, 2048 }, { 5, 586, 2048 }, { 6, 587, 2048 }, { 5, 588, 2048 }, { 6, 589, 2048 }, { 6, 590, 2048 }, { 7, 591, 2048 },
+ { 4, 592, 2048 }, { 5, 593, 2048 }, { 5, 594, 2048 }, { 6, 595, 2048 }, { 5, 596, 2048 }, { 6, 597, 2048 }, { 6, 598, 2048 }, { 7, 599, 2048 },
+ { 5, 600, 2048 }, { 6, 601, 2048 }, { 6, 602, 2048 }, { 7, 603, 2048 }, { 6, 604, 2048 }, { 7, 605, 2048 }, { 7, 606, 2048 }, { 8, 607, 2048 },
+ { 4, 608, 2048 }, { 5, 609, 2048 }, { 5, 610, 2048 }, { 6, 611, 2048 }, { 5, 612, 2048 }, { 6, 613, 2048 }, { 6, 614, 2048 }, { 7, 615, 2048 },
+ { 5, 616, 2048 }, { 6, 617, 2048 }, { 6, 618, 2048 }, { 7, 619, 2048 }, { 6, 620, 2048 }, { 7, 621, 2048 }, { 7, 622, 2048 }, { 8, 623, 2048 },
+ { 5, 624, 2048 }, { 6, 625, 2048 }, { 6, 626, 2048 }, { 7, 627, 2048 }, { 6, 628, 2048 }, { 7, 629, 2048 }, { 7, 630, 2048 }, { 8, 631, 2048 },
+ { 6, 632, 2048 }, { 7, 633, 2048 }, { 7, 634, 2048 }, { 8, 635, 2048 }, { 7, 636, 2048 }, { 8, 637, 2048 }, { 8, 638, 2048 }, { 9, 639, 2048 },
+ { 3, 640, 2048 }, { 4, 641, 2048 }, { 4, 642, 2048 }, { 5, 643, 2048 }, { 4, 644, 2048 }, { 5, 645, 2048 }, { 5, 646, 2048 }, { 6, 647, 2048 },
+ { 4, 648, 2048 }, { 5, 649, 2048 }, { 5, 650, 2048 }, { 6, 651, 2048 }, { 5, 652, 2048 }, { 6, 653, 2048 }, { 6, 654, 2048 }, { 7, 655, 2048 },
+ { 4, 656, 2048 }, { 5, 657, 2048 }, { 5, 658, 2048 }, { 6, 659, 2048 }, { 5, 660, 2048 }, { 6, 661, 2048 }, { 6, 662, 2048 }, { 7, 663, 2048 },
+ { 5, 664, 2048 }, { 6, 665, 2048 }, { 6, 666, 2048 }, { 7, 667, 2048 }, { 6, 668, 2048 }, { 7, 669, 2048 }, { 7, 670, 2048 }, { 8, 671, 2048 },
+ { 4, 672, 2048 }, { 5, 673, 2048 }, { 5, 674, 2048 }, { 6, 675, 2048 }, { 5, 676, 2048 }, { 6, 677, 2048 }, { 6, 678, 2048 }, { 7, 679, 2048 },
+ { 5, 680, 2048 }, { 6, 681, 2048 }, { 6, 682, 2048 }, { 7, 683, 2048 }, { 6, 684, 2048 }, { 7, 685, 2048 }, { 7, 686, 2048 }, { 8, 687, 2048 },
+ { 5, 688, 2048 }, { 6, 689, 2048 }, { 6, 690, 2048 }, { 7, 691, 2048 }, { 6, 692, 2048 }, { 7, 693, 2048 }, { 7, 694, 2048 }, { 8, 695, 2048 },
+ { 6, 696, 2048 }, { 7, 697, 2048 }, { 7, 698, 2048 }, { 8, 699, 2048 }, { 7, 700, 2048 }, { 8, 701, 2048 }, { 8, 702, 2048 }, { 9, 703, 2048 },
+ { 4, 704, 2048 }, { 5, 705, 2048 }, { 5, 706, 2048 }, { 6, 707, 2048 }, { 5, 708, 2048 }, { 6, 709, 2048 }, { 6, 710, 2048 }, { 7, 711, 2048 },
+ { 5, 712, 2048 }, { 6, 713, 2048 }, { 6, 714, 2048 }, { 7, 715, 2048 }, { 6, 716, 2048 }, { 7, 717, 2048 }, { 7, 718, 2048 }, { 8, 719, 2048 },
+ { 5, 720, 2048 }, { 6, 721, 2048 }, { 6, 722, 2048 }, { 7, 723, 2048 }, { 6, 724, 2048 }, { 7, 725, 2048 }, { 7, 726, 2048 }, { 8, 727, 2048 },
+ { 6, 728, 2048 }, { 7, 729, 2048 }, { 7, 730, 2048 }, { 8, 731, 2048 }, { 7, 732, 2048 }, { 8, 733, 2048 }, { 8, 734, 2048 }, { 9, 735, 2048 },
+ { 5, 736, 2048 }, { 6, 737, 2048 }, { 6, 738, 2048 }, { 7, 739, 2048 }, { 6, 740, 2048 }, { 7, 741, 2048 }, { 7, 742, 2048 }, { 8, 743, 2048 },
+ { 6, 744, 2048 }, { 7, 745, 2048 }, { 7, 746, 2048 }, { 8, 747, 2048 }, { 7, 748, 2048 }, { 8, 749, 2048 }, { 8, 750, 2048 }, { 9, 751, 2048 },
+ { 6, 752, 2048 }, { 7, 753, 2048 }, { 7, 754, 2048 }, { 8, 755, 2048 }, { 7, 756, 2048 }, { 8, 757, 2048 }, { 8, 758, 2048 }, { 9, 759, 2048 },
+ { 7, 760, 2048 }, { 8, 761, 2048 }, { 8, 762, 2048 }, { 9, 763, 2048 }, { 8, 764, 2048 }, { 9, 765, 2048 }, { 9, 766, 2048 }, { 10, 767, 2048 },
+ { 3, 768, 2048 }, { 4, 769, 2048 }, { 4, 770, 2048 }, { 5, 771, 2048 }, { 4, 772, 2048 }, { 5, 773, 2048 }, { 5, 774, 2048 }, { 6, 775, 2048 },
+ { 4, 776, 2048 }, { 5, 777, 2048 }, { 5, 778, 2048 }, { 6, 779, 2048 }, { 5, 780, 2048 }, { 6, 781, 2048 }, { 6, 782, 2048 }, { 7, 783, 2048 },
+ { 4, 784, 2048 }, { 5, 785, 2048 }, { 5, 786, 2048 }, { 6, 787, 2048 }, { 5, 788, 2048 }, { 6, 789, 2048 }, { 6, 790, 2048 }, { 7, 791, 2048 },
+ { 5, 792, 2048 }, { 6, 793, 2048 }, { 6, 794, 2048 }, { 7, 795, 2048 }, { 6, 796, 2048 }, { 7, 797, 2048 }, { 7, 798, 2048 }, { 8, 799, 2048 },
+ { 4, 800, 2048 }, { 5, 801, 2048 }, { 5, 802, 2048 }, { 6, 803, 2048 }, { 5, 804, 2048 }, { 6, 805, 2048 }, { 6, 806, 2048 }, { 7, 807, 2048 },
+ { 5, 808, 2048 }, { 6, 809, 2048 }, { 6, 810, 2048 }, { 7, 811, 2048 }, { 6, 812, 2048 }, { 7, 813, 2048 }, { 7, 814, 2048 }, { 8, 815, 2048 },
+ { 5, 816, 2048 }, { 6, 817, 2048 }, { 6, 818, 2048 }, { 7, 819, 2048 }, { 6, 820, 2048 }, { 7, 821, 2048 }, { 7, 822, 2048 }, { 8, 823, 2048 },
+ { 6, 824, 2048 }, { 7, 825, 2048 }, { 7, 826, 2048 }, { 8, 827, 2048 }, { 7, 828, 2048 }, { 8, 829, 2048 }, { 8, 830, 2048 }, { 9, 831, 2048 },
+ { 4, 832, 2048 }, { 5, 833, 2048 }, { 5, 834, 2048 }, { 6, 835, 2048 }, { 5, 836, 2048 }, { 6, 837, 2048 }, { 6, 838, 2048 }, { 7, 839, 2048 },
+ { 5, 840, 2048 }, { 6, 841, 2048 }, { 6, 842, 2048 }, { 7, 843, 2048 }, { 6, 844, 2048 }, { 7, 845, 2048 }, { 7, 846, 2048 }, { 8, 847, 2048 },
+ { 5, 848, 2048 }, { 6, 849, 2048 }, { 6, 850, 2048 }, { 7, 851, 2048 }, { 6, 852, 2048 }, { 7, 853, 2048 }, { 7, 854, 2048 }, { 8, 855, 2048 },
+ { 6, 856, 2048 }, { 7, 857, 2048 }, { 7, 858, 2048 }, { 8, 859, 2048 }, { 7, 860, 2048 }, { 8, 861, 2048 }, { 8, 862, 2048 }, { 9, 863, 2048 },
+ { 5, 864, 2048 }, { 6, 865, 2048 }, { 6, 866, 2048 }, { 7, 867, 2048 }, { 6, 868, 2048 }, { 7, 869, 2048 }, { 7, 870, 2048 }, { 8, 871, 2048 },
+ { 6, 872, 2048 }, { 7, 873, 2048 }, { 7, 874, 2048 }, { 8, 875, 2048 }, { 7, 876, 2048 }, { 8, 877, 2048 }, { 8, 878, 2048 }, { 9, 879, 2048 },
+ { 6, 880, 2048 }, { 7, 881, 2048 }, { 7, 882, 2048 }, { 8, 883, 2048 }, { 7, 884, 2048 }, { 8, 885, 2048 }, { 8, 886, 2048 }, { 9, 887, 2048 },
+ { 7, 888, 2048 }, { 8, 889, 2048 }, { 8, 890, 2048 }, { 9, 891, 2048 }, { 8, 892, 2048 }, { 9, 893, 2048 }, { 9, 894, 2048 }, { 10, 895, 2048 },
+ { 4, 896, 2048 }, { 5, 897, 2048 }, { 5, 898, 2048 }, { 6, 899, 2048 }, { 5, 900, 2048 }, { 6, 901, 2048 }, { 6, 902, 2048 }, { 7, 903, 2048 },
+ { 5, 904, 2048 }, { 6, 905, 2048 }, { 6, 906, 2048 }, { 7, 907, 2048 }, { 6, 908, 2048 }, { 7, 909, 2048 }, { 7, 910, 2048 }, { 8, 911, 2048 },
+ { 5, 912, 2048 }, { 6, 913, 2048 }, { 6, 914, 2048 }, { 7, 915, 2048 }, { 6, 916, 2048 }, { 7, 917, 2048 }, { 7, 918, 2048 }, { 8, 919, 2048 },
+ { 6, 920, 2048 }, { 7, 921, 2048 }, { 7, 922, 2048 }, { 8, 923, 2048 }, { 7, 924, 2048 }, { 8, 925, 2048 }, { 8, 926, 2048 }, { 9, 927, 2048 },
+ { 5, 928, 2048 }, { 6, 929, 2048 }, { 6, 930, 2048 }, { 7, 931, 2048 }, { 6, 932, 2048 }, { 7, 933, 2048 }, { 7, 934, 2048 }, { 8, 935, 2048 },
+ { 6, 936, 2048 }, { 7, 937, 2048 }, { 7, 938, 2048 }, { 8, 939, 2048 }, { 7, 940, 2048 }, { 8, 941, 2048 }, { 8, 942, 2048 }, { 9, 943, 2048 },
+ { 6, 944, 2048 }, { 7, 945, 2048 }, { 7, 946, 2048 }, { 8, 947, 2048 }, { 7, 948, 2048 }, { 8, 949, 2048 }, { 8, 950, 2048 }, { 9, 951, 2048 },
+ { 7, 952, 2048 }, { 8, 953, 2048 }, { 8, 954, 2048 }, { 9, 955, 2048 }, { 8, 956, 2048 }, { 9, 957, 2048 }, { 9, 958, 2048 }, { 10, 959, 2048 },
+ { 5, 960, 2048 }, { 6, 961, 2048 }, { 6, 962, 2048 }, { 7, 963, 2048 }, { 6, 964, 2048 }, { 7, 965, 2048 }, { 7, 966, 2048 }, { 8, 967, 2048 },
+ { 6, 968, 2048 }, { 7, 969, 2048 }, { 7, 970, 2048 }, { 8, 971, 2048 }, { 7, 972, 2048 }, { 8, 973, 2048 }, { 8, 974, 2048 }, { 9, 975, 2048 },
+ { 6, 976, 2048 }, { 7, 977, 2048 }, { 7, 978, 2048 }, { 8, 979, 2048 }, { 7, 980, 2048 }, { 8, 981, 2048 }, { 8, 982, 2048 }, { 9, 983, 2048 },
+ { 7, 984, 2048 }, { 8, 985, 2048 }, { 8, 986, 2048 }, { 9, 987, 2048 }, { 8, 988, 2048 }, { 9, 989, 2048 }, { 9, 990, 2048 }, { 10, 991, 2048 },
+ { 6, 992, 2048 }, { 7, 993, 2048 }, { 7, 994, 2048 }, { 8, 995, 2048 }, { 7, 996, 2048 }, { 8, 997, 2048 }, { 8, 998, 2048 }, { 9, 999, 2048 },
+ { 7, 1000, 2048 }, { 8, 1001, 2048 }, { 8, 1002, 2048 }, { 9, 1003, 2048 }, { 8, 1004, 2048 }, { 9, 1005, 2048 }, { 9, 1006, 2048 }, { 10, 1007, 2048 },
+ { 7, 1008, 2048 }, { 8, 1009, 2048 }, { 8, 1010, 2048 }, { 9, 1011, 2048 }, { 8, 1012, 2048 }, { 9, 1013, 2048 }, { 9, 1014, 2048 }, { 10, 1015, 2048 },
+ { 8, 1016, 2048 }, { 9, 1017, 2048 }, { 9, 1018, 2048 }, { 10, 1019, 2048 }, { 9, 1020, 2048 }, { 10, 1021, 2048 }, { 10, 1022, 2048 }, { 11, 1023, 2048 },
+ { 2, 1024, 2048 }, { 3, 1025, 2048 }, { 3, 1026, 2048 }, { 4, 1027, 2048 }, { 3, 1028, 2048 }, { 4, 1029, 2048 }, { 4, 1030, 2048 }, { 5, 1031, 2048 },
+ { 3, 1032, 2048 }, { 4, 1033, 2048 }, { 4, 1034, 2048 }, { 5, 1035, 2048 }, { 4, 1036, 2048 }, { 5, 1037, 2048 }, { 5, 1038, 2048 }, { 6, 1039, 2048 },
+ { 3, 1040, 2048 }, { 4, 1041, 2048 }, { 4, 1042, 2048 }, { 5, 1043, 2048 }, { 4, 1044, 2048 }, { 5, 1045, 2048 }, { 5, 1046, 2048 }, { 6, 1047, 2048 },
+ { 4, 1048, 2048 }, { 5, 1049, 2048 }, { 5, 1050, 2048 }, { 6, 1051, 2048 }, { 5, 1052, 2048 }, { 6, 1053, 2048 }, { 6, 1054, 2048 }, { 7, 1055, 2048 },
+ { 3, 1056, 2048 }, { 4, 1057, 2048 }, { 4, 1058, 2048 }, { 5, 1059, 2048 }, { 4, 1060, 2048 }, { 5, 1061, 2048 }, { 5, 1062, 2048 }, { 6, 1063, 2048 },
+ { 4, 1064, 2048 }, { 5, 1065, 2048 }, { 5, 1066, 2048 }, { 6, 1067, 2048 }, { 5, 1068, 2048 }, { 6, 1069, 2048 }, { 6, 1070, 2048 }, { 7, 1071, 2048 },
+ { 4, 1072, 2048 }, { 5, 1073, 2048 }, { 5, 1074, 2048 }, { 6, 1075, 2048 }, { 5, 1076, 2048 }, { 6, 1077, 2048 }, { 6, 1078, 2048 }, { 7, 1079, 2048 },
+ { 5, 1080, 2048 }, { 6, 1081, 2048 }, { 6, 1082, 2048 }, { 7, 1083, 2048 }, { 6, 1084, 2048 }, { 7, 1085, 2048 }, { 7, 1086, 2048 }, { 8, 1087, 2048 },
+ { 3, 1088, 2048 }, { 4, 1089, 2048 }, { 4, 1090, 2048 }, { 5, 1091, 2048 }, { 4, 1092, 2048 }, { 5, 1093, 2048 }, { 5, 1094, 2048 }, { 6, 1095, 2048 },
+ { 4, 1096, 2048 }, { 5, 1097, 2048 }, { 5, 1098, 2048 }, { 6, 1099, 2048 }, { 5, 1100, 2048 }, { 6, 1101, 2048 }, { 6, 1102, 2048 }, { 7, 1103, 2048 },
+ { 4, 1104, 2048 }, { 5, 1105, 2048 }, { 5, 1106, 2048 }, { 6, 1107, 2048 }, { 5, 1108, 2048 }, { 6, 1109, 2048 }, { 6, 1110, 2048 }, { 7, 1111, 2048 },
+ { 5, 1112, 2048 }, { 6, 1113, 2048 }, { 6, 1114, 2048 }, { 7, 1115, 2048 }, { 6, 1116, 2048 }, { 7, 1117, 2048 }, { 7, 1118, 2048 }, { 8, 1119, 2048 },
+ { 4, 1120, 2048 }, { 5, 1121, 2048 }, { 5, 1122, 2048 }, { 6, 1123, 2048 }, { 5, 1124, 2048 }, { 6, 1125, 2048 }, { 6, 1126, 2048 }, { 7, 1127, 2048 },
+ { 5, 1128, 2048 }, { 6, 1129, 2048 }, { 6, 1130, 2048 }, { 7, 1131, 2048 }, { 6, 1132, 2048 }, { 7, 1133, 2048 }, { 7, 1134, 2048 }, { 8, 1135, 2048 },
+ { 5, 1136, 2048 }, { 6, 1137, 2048 }, { 6, 1138, 2048 }, { 7, 1139, 2048 }, { 6, 1140, 2048 }, { 7, 1141, 2048 }, { 7, 1142, 2048 }, { 8, 1143, 2048 },
+ { 6, 1144, 2048 }, { 7, 1145, 2048 }, { 7, 1146, 2048 }, { 8, 1147, 2048 }, { 7, 1148, 2048 }, { 8, 1149, 2048 }, { 8, 1150, 2048 }, { 9, 1151, 2048 },
+ { 3, 1152, 2048 }, { 4, 1153, 2048 }, { 4, 1154, 2048 }, { 5, 1155, 2048 }, { 4, 1156, 2048 }, { 5, 1157, 2048 }, { 5, 1158, 2048 }, { 6, 1159, 2048 },
+ { 4, 1160, 2048 }, { 5, 1161, 2048 }, { 5, 1162, 2048 }, { 6, 1163, 2048 }, { 5, 1164, 2048 }, { 6, 1165, 2048 }, { 6, 1166, 2048 }, { 7, 1167, 2048 },
+ { 4, 1168, 2048 }, { 5, 1169, 2048 }, { 5, 1170, 2048 }, { 6, 1171, 2048 }, { 5, 1172, 2048 }, { 6, 1173, 2048 }, { 6, 1174, 2048 }, { 7, 1175, 2048 },
+ { 5, 1176, 2048 }, { 6, 1177, 2048 }, { 6, 1178, 2048 }, { 7, 1179, 2048 }, { 6, 1180, 2048 }, { 7, 1181, 2048 }, { 7, 1182, 2048 }, { 8, 1183, 2048 },
+ { 4, 1184, 2048 }, { 5, 1185, 2048 }, { 5, 1186, 2048 }, { 6, 1187, 2048 }, { 5, 1188, 2048 }, { 6, 1189, 2048 }, { 6, 1190, 2048 }, { 7, 1191, 2048 },
+ { 5, 1192, 2048 }, { 6, 1193, 2048 }, { 6, 1194, 2048 }, { 7, 1195, 2048 }, { 6, 1196, 2048 }, { 7, 1197, 2048 }, { 7, 1198, 2048 }, { 8, 1199, 2048 },
+ { 5, 1200, 2048 }, { 6, 1201, 2048 }, { 6, 1202, 2048 }, { 7, 1203, 2048 }, { 6, 1204, 2048 }, { 7, 1205, 2048 }, { 7, 1206, 2048 }, { 8, 1207, 2048 },
+ { 6, 1208, 2048 }, { 7, 1209, 2048 }, { 7, 1210, 2048 }, { 8, 1211, 2048 }, { 7, 1212, 2048 }, { 8, 1213, 2048 }, { 8, 1214, 2048 }, { 9, 1215, 2048 },
+ { 4, 1216, 2048 }, { 5, 1217, 2048 }, { 5, 1218, 2048 }, { 6, 1219, 2048 }, { 5, 1220, 2048 }, { 6, 1221, 2048 }, { 6, 1222, 2048 }, { 7, 1223, 2048 },
+ { 5, 1224, 2048 }, { 6, 1225, 2048 }, { 6, 1226, 2048 }, { 7, 1227, 2048 }, { 6, 1228, 2048 }, { 7, 1229, 2048 }, { 7, 1230, 2048 }, { 8, 1231, 2048 },
+ { 5, 1232, 2048 }, { 6, 1233, 2048 }, { 6, 1234, 2048 }, { 7, 1235, 2048 }, { 6, 1236, 2048 }, { 7, 1237, 2048 }, { 7, 1238, 2048 }, { 8, 1239, 2048 },
+ { 6, 1240, 2048 }, { 7, 1241, 2048 }, { 7, 1242, 2048 }, { 8, 1243, 2048 }, { 7, 1244, 2048 }, { 8, 1245, 2048 }, { 8, 1246, 2048 }, { 9, 1247, 2048 },
+ { 5, 1248, 2048 }, { 6, 1249, 2048 }, { 6, 1250, 2048 }, { 7, 1251, 2048 }, { 6, 1252, 2048 }, { 7, 1253, 2048 }, { 7, 1254, 2048 }, { 8, 1255, 2048 },
+ { 6, 1256, 2048 }, { 7, 1257, 2048 }, { 7, 1258, 2048 }, { 8, 1259, 2048 }, { 7, 1260, 2048 }, { 8, 1261, 2048 }, { 8, 1262, 2048 }, { 9, 1263, 2048 },
+ { 6, 1264, 2048 }, { 7, 1265, 2048 }, { 7, 1266, 2048 }, { 8, 1267, 2048 }, { 7, 1268, 2048 }, { 8, 1269, 2048 }, { 8, 1270, 2048 }, { 9, 1271, 2048 },
+ { 7, 1272, 2048 }, { 8, 1273, 2048 }, { 8, 1274, 2048 }, { 9, 1275, 2048 }, { 8, 1276, 2048 }, { 9, 1277, 2048 }, { 9, 1278, 2048 }, { 10, 1279, 2048 },
+ { 3, 1280, 2048 }, { 4, 1281, 2048 }, { 4, 1282, 2048 }, { 5, 1283, 2048 }, { 4, 1284, 2048 }, { 5, 1285, 2048 }, { 5, 1286, 2048 }, { 6, 1287, 2048 },
+ { 4, 1288, 2048 }, { 5, 1289, 2048 }, { 5, 1290, 2048 }, { 6, 1291, 2048 }, { 5, 1292, 2048 }, { 6, 1293, 2048 }, { 6, 1294, 2048 }, { 7, 1295, 2048 },
+ { 4, 1296, 2048 }, { 5, 1297, 2048 }, { 5, 1298, 2048 }, { 6, 1299, 2048 }, { 5, 1300, 2048 }, { 6, 1301, 2048 }, { 6, 1302, 2048 }, { 7, 1303, 2048 },
+ { 5, 1304, 2048 }, { 6, 1305, 2048 }, { 6, 1306, 2048 }, { 7, 1307, 2048 }, { 6, 1308, 2048 }, { 7, 1309, 2048 }, { 7, 1310, 2048 }, { 8, 1311, 2048 },
+ { 4, 1312, 2048 }, { 5, 1313, 2048 }, { 5, 1314, 2048 }, { 6, 1315, 2048 }, { 5, 1316, 2048 }, { 6, 1317, 2048 }, { 6, 1318, 2048 }, { 7, 1319, 2048 },
+ { 5, 1320, 2048 }, { 6, 1321, 2048 }, { 6, 1322, 2048 }, { 7, 1323, 2048 }, { 6, 1324, 2048 }, { 7, 1325, 2048 }, { 7, 1326, 2048 }, { 8, 1327, 2048 },
+ { 5, 1328, 2048 }, { 6, 1329, 2048 }, { 6, 1330, 2048 }, { 7, 1331, 2048 }, { 6, 1332, 2048 }, { 7, 1333, 2048 }, { 7, 1334, 2048 }, { 8, 1335, 2048 },
+ { 6, 1336, 2048 }, { 7, 1337, 2048 }, { 7, 1338, 2048 }, { 8, 1339, 2048 }, { 7, 1340, 2048 }, { 8, 1341, 2048 }, { 8, 1342, 2048 }, { 9, 1343, 2048 },
+ { 4, 1344, 2048 }, { 5, 1345, 2048 }, { 5, 1346, 2048 }, { 6, 1347, 2048 }, { 5, 1348, 2048 }, { 6, 1349, 2048 }, { 6, 1350, 2048 }, { 7, 1351, 2048 },
+ { 5, 1352, 2048 }, { 6, 1353, 2048 }, { 6, 1354, 2048 }, { 7, 1355, 2048 }, { 6, 1356, 2048 }, { 7, 1357, 2048 }, { 7, 1358, 2048 }, { 8, 1359, 2048 },
+ { 5, 1360, 2048 }, { 6, 1361, 2048 }, { 6, 1362, 2048 }, { 7, 1363, 2048 }, { 6, 1364, 2048 }, { 7, 1365, 2048 }, { 7, 1366, 2048 }, { 8, 1367, 2048 },
+ { 6, 1368, 2048 }, { 7, 1369, 2048 }, { 7, 1370, 2048 }, { 8, 1371, 2048 }, { 7, 1372, 2048 }, { 8, 1373, 2048 }, { 8, 1374, 2048 }, { 9, 1375, 2048 },
+ { 5, 1376, 2048 }, { 6, 1377, 2048 }, { 6, 1378, 2048 }, { 7, 1379, 2048 }, { 6, 1380, 2048 }, { 7, 1381, 2048 }, { 7, 1382, 2048 }, { 8, 1383, 2048 },
+ { 6, 1384, 2048 }, { 7, 1385, 2048 }, { 7, 1386, 2048 }, { 8, 1387, 2048 }, { 7, 1388, 2048 }, { 8, 1389, 2048 }, { 8, 1390, 2048 }, { 9, 1391, 2048 },
+ { 6, 1392, 2048 }, { 7, 1393, 2048 }, { 7, 1394, 2048 }, { 8, 1395, 2048 }, { 7, 1396, 2048 }, { 8, 1397, 2048 }, { 8, 1398, 2048 }, { 9, 1399, 2048 },
+ { 7, 1400, 2048 }, { 8, 1401, 2048 }, { 8, 1402, 2048 }, { 9, 1403, 2048 }, { 8, 1404, 2048 }, { 9, 1405, 2048 }, { 9, 1406, 2048 }, { 10, 1407, 2048 },
+ { 4, 1408, 2048 }, { 5, 1409, 2048 }, { 5, 1410, 2048 }, { 6, 1411, 2048 }, { 5, 1412, 2048 }, { 6, 1413, 2048 }, { 6, 1414, 2048 }, { 7, 1415, 2048 },
+ { 5, 1416, 2048 }, { 6, 1417, 2048 }, { 6, 1418, 2048 }, { 7, 1419, 2048 }, { 6, 1420, 2048 }, { 7, 1421, 2048 }, { 7, 1422, 2048 }, { 8, 1423, 2048 },
+ { 5, 1424, 2048 }, { 6, 1425, 2048 }, { 6, 1426, 2048 }, { 7, 1427, 2048 }, { 6, 1428, 2048 }, { 7, 1429, 2048 }, { 7, 1430, 2048 }, { 8, 1431, 2048 },
+ { 6, 1432, 2048 }, { 7, 1433, 2048 }, { 7, 1434, 2048 }, { 8, 1435, 2048 }, { 7, 1436, 2048 }, { 8, 1437, 2048 }, { 8, 1438, 2048 }, { 9, 1439, 2048 },
+ { 5, 1440, 2048 }, { 6, 1441, 2048 }, { 6, 1442, 2048 }, { 7, 1443, 2048 }, { 6, 1444, 2048 }, { 7, 1445, 2048 }, { 7, 1446, 2048 }, { 8, 1447, 2048 },
+ { 6, 1448, 2048 }, { 7, 1449, 2048 }, { 7, 1450, 2048 }, { 8, 1451, 2048 }, { 7, 1452, 2048 }, { 8, 1453, 2048 }, { 8, 1454, 2048 }, { 9, 1455, 2048 },
+ { 6, 1456, 2048 }, { 7, 1457, 2048 }, { 7, 1458, 2048 }, { 8, 1459, 2048 }, { 7, 1460, 2048 }, { 8, 1461, 2048 }, { 8, 1462, 2048 }, { 9, 1463, 2048 },
+ { 7, 1464, 2048 }, { 8, 1465, 2048 }, { 8, 1466, 2048 }, { 9, 1467, 2048 }, { 8, 1468, 2048 }, { 9, 1469, 2048 }, { 9, 1470, 2048 }, { 10, 1471, 2048 },
+ { 5, 1472, 2048 }, { 6, 1473, 2048 }, { 6, 1474, 2048 }, { 7, 1475, 2048 }, { 6, 1476, 2048 }, { 7, 1477, 2048 }, { 7, 1478, 2048 }, { 8, 1479, 2048 },
+ { 6, 1480, 2048 }, { 7, 1481, 2048 }, { 7, 1482, 2048 }, { 8, 1483, 2048 }, { 7, 1484, 2048 }, { 8, 1485, 2048 }, { 8, 1486, 2048 }, { 9, 1487, 2048 },
+ { 6, 1488, 2048 }, { 7, 1489, 2048 }, { 7, 1490, 2048 }, { 8, 1491, 2048 }, { 7, 1492, 2048 }, { 8, 1493, 2048 }, { 8, 1494, 2048 }, { 9, 1495, 2048 },
+ { 7, 1496, 2048 }, { 8, 1497, 2048 }, { 8, 1498, 2048 }, { 9, 1499, 2048 }, { 8, 1500, 2048 }, { 9, 1501, 2048 }, { 9, 1502, 2048 }, { 10, 1503, 2048 },
+ { 6, 1504, 2048 }, { 7, 1505, 2048 }, { 7, 1506, 2048 }, { 8, 1507, 2048 }, { 7, 1508, 2048 }, { 8, 1509, 2048 }, { 8, 1510, 2048 }, { 9, 1511, 2048 },
+ { 7, 1512, 2048 }, { 8, 1513, 2048 }, { 8, 1514, 2048 }, { 9, 1515, 2048 }, { 8, 1516, 2048 }, { 9, 1517, 2048 }, { 9, 1518, 2048 }, { 10, 1519, 2048 },
+ { 7, 1520, 2048 }, { 8, 1521, 2048 }, { 8, 1522, 2048 }, { 9, 1523, 2048 }, { 8, 1524, 2048 }, { 9, 1525, 2048 }, { 9, 1526, 2048 }, { 10, 1527, 2048 },
+ { 8, 1528, 2048 }, { 9, 1529, 2048 }, { 9, 1530, 2048 }, { 10, 1531, 2048 }, { 9, 1532, 2048 }, { 10, 1533, 2048 }, { 10, 1534, 2048 }, { 11, 1535, 2048 },
+ { 3, 1536, 2048 }, { 4, 1537, 2048 }, { 4, 1538, 2048 }, { 5, 1539, 2048 }, { 4, 1540, 2048 }, { 5, 1541, 2048 }, { 5, 1542, 2048 }, { 6, 1543, 2048 },
+ { 4, 1544, 2048 }, { 5, 1545, 2048 }, { 5, 1546, 2048 }, { 6, 1547, 2048 }, { 5, 1548, 2048 }, { 6, 1549, 2048 }, { 6, 1550, 2048 }, { 7, 1551, 2048 },
+ { 4, 1552, 2048 }, { 5, 1553, 2048 }, { 5, 1554, 2048 }, { 6, 1555, 2048 }, { 5, 1556, 2048 }, { 6, 1557, 2048 }, { 6, 1558, 2048 }, { 7, 1559, 2048 },
+ { 5, 1560, 2048 }, { 6, 1561, 2048 }, { 6, 1562, 2048 }, { 7, 1563, 2048 }, { 6, 1564, 2048 }, { 7, 1565, 2048 }, { 7, 1566, 2048 }, { 8, 1567, 2048 },
+ { 4, 1568, 2048 }, { 5, 1569, 2048 }, { 5, 1570, 2048 }, { 6, 1571, 2048 }, { 5, 1572, 2048 }, { 6, 1573, 2048 }, { 6, 1574, 2048 }, { 7, 1575, 2048 },
+ { 5, 1576, 2048 }, { 6, 1577, 2048 }, { 6, 1578, 2048 }, { 7, 1579, 2048 }, { 6, 1580, 2048 }, { 7, 1581, 2048 }, { 7, 1582, 2048 }, { 8, 1583, 2048 },
+ { 5, 1584, 2048 }, { 6, 1585, 2048 }, { 6, 1586, 2048 }, { 7, 1587, 2048 }, { 6, 1588, 2048 }, { 7, 1589, 2048 }, { 7, 1590, 2048 }, { 8, 1591, 2048 },
+ { 6, 1592, 2048 }, { 7, 1593, 2048 }, { 7, 1594, 2048 }, { 8, 1595, 2048 }, { 7, 1596, 2048 }, { 8, 1597, 2048 }, { 8, 1598, 2048 }, { 9, 1599, 2048 },
+ { 4, 1600, 2048 }, { 5, 1601, 2048 }, { 5, 1602, 2048 }, { 6, 1603, 2048 }, { 5, 1604, 2048 }, { 6, 1605, 2048 }, { 6, 1606, 2048 }, { 7, 1607, 2048 },
+ { 5, 1608, 2048 }, { 6, 1609, 2048 }, { 6, 1610, 2048 }, { 7, 1611, 2048 }, { 6, 1612, 2048 }, { 7, 1613, 2048 }, { 7, 1614, 2048 }, { 8, 1615, 2048 },
+ { 5, 1616, 2048 }, { 6, 1617, 2048 }, { 6, 1618, 2048 }, { 7, 1619, 2048 }, { 6, 1620, 2048 }, { 7, 1621, 2048 }, { 7, 1622, 2048 }, { 8, 1623, 2048 },
+ { 6, 1624, 2048 }, { 7, 1625, 2048 }, { 7, 1626, 2048 }, { 8, 1627, 2048 }, { 7, 1628, 2048 }, { 8, 1629, 2048 }, { 8, 1630, 2048 }, { 9, 1631, 2048 },
+ { 5, 1632, 2048 }, { 6, 1633, 2048 }, { 6, 1634, 2048 }, { 7, 1635, 2048 }, { 6, 1636, 2048 }, { 7, 1637, 2048 }, { 7, 1638, 2048 }, { 8, 1639, 2048 },
+ { 6, 1640, 2048 }, { 7, 1641, 2048 }, { 7, 1642, 2048 }, { 8, 1643, 2048 }, { 7, 1644, 2048 }, { 8, 1645, 2048 }, { 8, 1646, 2048 }, { 9, 1647, 2048 },
+ { 6, 1648, 2048 }, { 7, 1649, 2048 }, { 7, 1650, 2048 }, { 8, 1651, 2048 }, { 7, 1652, 2048 }, { 8, 1653, 2048 }, { 8, 1654, 2048 }, { 9, 1655, 2048 },
+ { 7, 1656, 2048 }, { 8, 1657, 2048 }, { 8, 1658, 2048 }, { 9, 1659, 2048 }, { 8, 1660, 2048 }, { 9, 1661, 2048 }, { 9, 1662, 2048 }, { 10, 1663, 2048 },
+ { 4, 1664, 2048 }, { 5, 1665, 2048 }, { 5, 1666, 2048 }, { 6, 1667, 2048 }, { 5, 1668, 2048 }, { 6, 1669, 2048 }, { 6, 1670, 2048 }, { 7, 1671, 2048 },
+ { 5, 1672, 2048 }, { 6, 1673, 2048 }, { 6, 1674, 2048 }, { 7, 1675, 2048 }, { 6, 1676, 2048 }, { 7, 1677, 2048 }, { 7, 1678, 2048 }, { 8, 1679, 2048 },
+ { 5, 1680, 2048 }, { 6, 1681, 2048 }, { 6, 1682, 2048 }, { 7, 1683, 2048 }, { 6, 1684, 2048 }, { 7, 1685, 2048 }, { 7, 1686, 2048 }, { 8, 1687, 2048 },
+ { 6, 1688, 2048 }, { 7, 1689, 2048 }, { 7, 1690, 2048 }, { 8, 1691, 2048 }, { 7, 1692, 2048 }, { 8, 1693, 2048 }, { 8, 1694, 2048 }, { 9, 1695, 2048 },
+ { 5, 1696, 2048 }, { 6, 1697, 2048 }, { 6, 1698, 2048 }, { 7, 1699, 2048 }, { 6, 1700, 2048 }, { 7, 1701, 2048 }, { 7, 1702, 2048 }, { 8, 1703, 2048 },
+ { 6, 1704, 2048 }, { 7, 1705, 2048 }, { 7, 1706, 2048 }, { 8, 1707, 2048 }, { 7, 1708, 2048 }, { 8, 1709, 2048 }, { 8, 1710, 2048 }, { 9, 1711, 2048 },
+ { 6, 1712, 2048 }, { 7, 1713, 2048 }, { 7, 1714, 2048 }, { 8, 1715, 2048 }, { 7, 1716, 2048 }, { 8, 1717, 2048 }, { 8, 1718, 2048 }, { 9, 1719, 2048 },
+ { 7, 1720, 2048 }, { 8, 1721, 2048 }, { 8, 1722, 2048 }, { 9, 1723, 2048 }, { 8, 1724, 2048 }, { 9, 1725, 2048 }, { 9, 1726, 2048 }, { 10, 1727, 2048 },
+ { 5, 1728, 2048 }, { 6, 1729, 2048 }, { 6, 1730, 2048 }, { 7, 1731, 2048 }, { 6, 1732, 2048 }, { 7, 1733, 2048 }, { 7, 1734, 2048 }, { 8, 1735, 2048 },
+ { 6, 1736, 2048 }, { 7, 1737, 2048 }, { 7, 1738, 2048 }, { 8, 1739, 2048 }, { 7, 1740, 2048 }, { 8, 1741, 2048 }, { 8, 1742, 2048 }, { 9, 1743, 2048 },
+ { 6, 1744, 2048 }, { 7, 1745, 2048 }, { 7, 1746, 2048 }, { 8, 1747, 2048 }, { 7, 1748, 2048 }, { 8, 1749, 2048 }, { 8, 1750, 2048 }, { 9, 1751, 2048 },
+ { 7, 1752, 2048 }, { 8, 1753, 2048 }, { 8, 1754, 2048 }, { 9, 1755, 2048 }, { 8, 1756, 2048 }, { 9, 1757, 2048 }, { 9, 1758, 2048 }, { 10, 1759, 2048 },
+ { 6, 1760, 2048 }, { 7, 1761, 2048 }, { 7, 1762, 2048 }, { 8, 1763, 2048 }, { 7, 1764, 2048 }, { 8, 1765, 2048 }, { 8, 1766, 2048 }, { 9, 1767, 2048 },
+ { 7, 1768, 2048 }, { 8, 1769, 2048 }, { 8, 1770, 2048 }, { 9, 1771, 2048 }, { 8, 1772, 2048 }, { 9, 1773, 2048 }, { 9, 1774, 2048 }, { 10, 1775, 2048 },
+ { 7, 1776, 2048 }, { 8, 1777, 2048 }, { 8, 1778, 2048 }, { 9, 1779, 2048 }, { 8, 1780, 2048 }, { 9, 1781, 2048 }, { 9, 1782, 2048 }, { 10, 1783, 2048 },
+ { 8, 1784, 2048 }, { 9, 1785, 2048 }, { 9, 1786, 2048 }, { 10, 1787, 2048 }, { 9, 1788, 2048 }, { 10, 1789, 2048 }, { 10, 1790, 2048 }, { 11, 1791, 2048 },
+ { 4, 1792, 2048 }, { 5, 1793, 2048 }, { 5, 1794, 2048 }, { 6, 1795, 2048 }, { 5, 1796, 2048 }, { 6, 1797, 2048 }, { 6, 1798, 2048 }, { 7, 1799, 2048 },
+ { 5, 1800, 2048 }, { 6, 1801, 2048 }, { 6, 1802, 2048 }, { 7, 1803, 2048 }, { 6, 1804, 2048 }, { 7, 1805, 2048 }, { 7, 1806, 2048 }, { 8, 1807, 2048 },
+ { 5, 1808, 2048 }, { 6, 1809, 2048 }, { 6, 1810, 2048 }, { 7, 1811, 2048 }, { 6, 1812, 2048 }, { 7, 1813, 2048 }, { 7, 1814, 2048 }, { 8, 1815, 2048 },
+ { 6, 1816, 2048 }, { 7, 1817, 2048 }, { 7, 1818, 2048 }, { 8, 1819, 2048 }, { 7, 1820, 2048 }, { 8, 1821, 2048 }, { 8, 1822, 2048 }, { 9, 1823, 2048 },
+ { 5, 1824, 2048 }, { 6, 1825, 2048 }, { 6, 1826, 2048 }, { 7, 1827, 2048 }, { 6, 1828, 2048 }, { 7, 1829, 2048 }, { 7, 1830, 2048 }, { 8, 1831, 2048 },
+ { 6, 1832, 2048 }, { 7, 1833, 2048 }, { 7, 1834, 2048 }, { 8, 1835, 2048 }, { 7, 1836, 2048 }, { 8, 1837, 2048 }, { 8, 1838, 2048 }, { 9, 1839, 2048 },
+ { 6, 1840, 2048 }, { 7, 1841, 2048 }, { 7, 1842, 2048 }, { 8, 1843, 2048 }, { 7, 1844, 2048 }, { 8, 1845, 2048 }, { 8, 1846, 2048 }, { 9, 1847, 2048 },
+ { 7, 1848, 2048 }, { 8, 1849, 2048 }, { 8, 1850, 2048 }, { 9, 1851, 2048 }, { 8, 1852, 2048 }, { 9, 1853, 2048 }, { 9, 1854, 2048 }, { 10, 1855, 2048 },
+ { 5, 1856, 2048 }, { 6, 1857, 2048 }, { 6, 1858, 2048 }, { 7, 1859, 2048 }, { 6, 1860, 2048 }, { 7, 1861, 2048 }, { 7, 1862, 2048 }, { 8, 1863, 2048 },
+ { 6, 1864, 2048 }, { 7, 1865, 2048 }, { 7, 1866, 2048 }, { 8, 1867, 2048 }, { 7, 1868, 2048 }, { 8, 1869, 2048 }, { 8, 1870, 2048 }, { 9, 1871, 2048 },
+ { 6, 1872, 2048 }, { 7, 1873, 2048 }, { 7, 1874, 2048 }, { 8, 1875, 2048 }, { 7, 1876, 2048 }, { 8, 1877, 2048 }, { 8, 1878, 2048 }, { 9, 1879, 2048 },
+ { 7, 1880, 2048 }, { 8, 1881, 2048 }, { 8, 1882, 2048 }, { 9, 1883, 2048 }, { 8, 1884, 2048 }, { 9, 1885, 2048 }, { 9, 1886, 2048 }, { 10, 1887, 2048 },
+ { 6, 1888, 2048 }, { 7, 1889, 2048 }, { 7, 1890, 2048 }, { 8, 1891, 2048 }, { 7, 1892, 2048 }, { 8, 1893, 2048 }, { 8, 1894, 2048 }, { 9, 1895, 2048 },
+ { 7, 1896, 2048 }, { 8, 1897, 2048 }, { 8, 1898, 2048 }, { 9, 1899, 2048 }, { 8, 1900, 2048 }, { 9, 1901, 2048 }, { 9, 1902, 2048 }, { 10, 1903, 2048 },
+ { 7, 1904, 2048 }, { 8, 1905, 2048 }, { 8, 1906, 2048 }, { 9, 1907, 2048 }, { 8, 1908, 2048 }, { 9, 1909, 2048 }, { 9, 1910, 2048 }, { 10, 1911, 2048 },
+ { 8, 1912, 2048 }, { 9, 1913, 2048 }, { 9, 1914, 2048 }, { 10, 1915, 2048 }, { 9, 1916, 2048 }, { 10, 1917, 2048 }, { 10, 1918, 2048 }, { 11, 1919, 2048 },
+ { 5, 1920, 2048 }, { 6, 1921, 2048 }, { 6, 1922, 2048 }, { 7, 1923, 2048 }, { 6, 1924, 2048 }, { 7, 1925, 2048 }, { 7, 1926, 2048 }, { 8, 1927, 2048 },
+ { 6, 1928, 2048 }, { 7, 1929, 2048 }, { 7, 1930, 2048 }, { 8, 1931, 2048 }, { 7, 1932, 2048 }, { 8, 1933, 2048 }, { 8, 1934, 2048 }, { 9, 1935, 2048 },
+ { 6, 1936, 2048 }, { 7, 1937, 2048 }, { 7, 1938, 2048 }, { 8, 1939, 2048 }, { 7, 1940, 2048 }, { 8, 1941, 2048 }, { 8, 1942, 2048 }, { 9, 1943, 2048 },
+ { 7, 1944, 2048 }, { 8, 1945, 2048 }, { 8, 1946, 2048 }, { 9, 1947, 2048 }, { 8, 1948, 2048 }, { 9, 1949, 2048 }, { 9, 1950, 2048 }, { 10, 1951, 2048 },
+ { 6, 1952, 2048 }, { 7, 1953, 2048 }, { 7, 1954, 2048 }, { 8, 1955, 2048 }, { 7, 1956, 2048 }, { 8, 1957, 2048 }, { 8, 1958, 2048 }, { 9, 1959, 2048 },
+ { 7, 1960, 2048 }, { 8, 1961, 2048 }, { 8, 1962, 2048 }, { 9, 1963, 2048 }, { 8, 1964, 2048 }, { 9, 1965, 2048 }, { 9, 1966, 2048 }, { 10, 1967, 2048 },
+ { 7, 1968, 2048 }, { 8, 1969, 2048 }, { 8, 1970, 2048 }, { 9, 1971, 2048 }, { 8, 1972, 2048 }, { 9, 1973, 2048 }, { 9, 1974, 2048 }, { 10, 1975, 2048 },
+ { 8, 1976, 2048 }, { 9, 1977, 2048 }, { 9, 1978, 2048 }, { 10, 1979, 2048 }, { 9, 1980, 2048 }, { 10, 1981, 2048 }, { 10, 1982, 2048 }, { 11, 1983, 2048 },
+ { 6, 1984, 2048 }, { 7, 1985, 2048 }, { 7, 1986, 2048 }, { 8, 1987, 2048 }, { 7, 1988, 2048 }, { 8, 1989, 2048 }, { 8, 1990, 2048 }, { 9, 1991, 2048 },
+ { 7, 1992, 2048 }, { 8, 1993, 2048 }, { 8, 1994, 2048 }, { 9, 1995, 2048 }, { 8, 1996, 2048 }, { 9, 1997, 2048 }, { 9, 1998, 2048 }, { 10, 1999, 2048 },
+ { 7, 2000, 2048 }, { 8, 2001, 2048 }, { 8, 2002, 2048 }, { 9, 2003, 2048 }, { 8, 2004, 2048 }, { 9, 2005, 2048 }, { 9, 2006, 2048 }, { 10, 2007, 2048 },
+ { 8, 2008, 2048 }, { 9, 2009, 2048 }, { 9, 2010, 2048 }, { 10, 2011, 2048 }, { 9, 2012, 2048 }, { 10, 2013, 2048 }, { 10, 2014, 2048 }, { 11, 2015, 2048 },
+ { 7, 2016, 2048 }, { 8, 2017, 2048 }, { 8, 2018, 2048 }, { 9, 2019, 2048 }, { 8, 2020, 2048 }, { 9, 2021, 2048 }, { 9, 2022, 2048 }, { 10, 2023, 2048 },
+ { 8, 2024, 2048 }, { 9, 2025, 2048 }, { 9, 2026, 2048 }, { 10, 2027, 2048 }, { 9, 2028, 2048 }, { 10, 2029, 2048 }, { 10, 2030, 2048 }, { 11, 2031, 2048 },
+ { 8, 2032, 2048 }, { 9, 2033, 2048 }, { 9, 2034, 2048 }, { 10, 2035, 2048 }, { 9, 2036, 2048 }, { 10, 2037, 2048 }, { 10, 2038, 2048 }, { 11, 2039, 2048 },
+ { 9, 2040, 2048 }, { 10, 2041, 2048 }, { 10, 2042, 2048 }, { 11, 2043, 2048 }, { 10, 2044, 2048 }, { 11, 2045, 2048 }, { 11, 2046, 2048 }, { 12, 2047, 2048 },
+#endif
+#endif
+#endif
+#endif
+#endif
+#endif
+};
+
+/* find a hole and free as required */
+static int find_hole(void)
+{
+ unsigned x;
+ int y, z;
+ for (z = 0, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) {
+ if (fp_cache[x].lru_count < y) {
+ z = x;
+ y = fp_cache[x].lru_count;
+ }
+ }
+
+ /* decrease all */
+ for (x = 0; x < FP_ENTRIES; x++) {
+ if (fp_cache[x].lru_count > 3) {
+ --(fp_cache[x].lru_count);
+ }
+ }
+
+ /* free entry z */
+ if (fp_cache[z].g) {
+ if (fp_cache[z].mu != NULL) {
+ mp_clear(fp_cache[z].mu);
+ fp_cache[z].mu = NULL;
+ }
+ ltc_ecc_del_point(fp_cache[z].g);
+ fp_cache[z].g = NULL;
+ for (x = 0; x < (1U<<FP_LUT); x++) {
+ ltc_ecc_del_point(fp_cache[z].LUT[x]);
+ fp_cache[z].LUT[x] = NULL;
+ }
+ fp_cache[z].lru_count = 0;
+ }
+ return z;
+}
+
+/* determine if a base is already in the cache and if so, where */
+static int find_base(ecc_point *g)
+{
+ int x;
+ for (x = 0; x < FP_ENTRIES; x++) {
+ if (fp_cache[x].g != NULL &&
+ mp_cmp(fp_cache[x].g->x, g->x) == LTC_MP_EQ &&
+ mp_cmp(fp_cache[x].g->y, g->y) == LTC_MP_EQ &&
+ mp_cmp(fp_cache[x].g->z, g->z) == LTC_MP_EQ) {
+ break;
+ }
+ }
+ if (x == FP_ENTRIES) {
+ x = -1;
+ }
+ return x;
+}
+
+/* add a new base to the cache */
+static int add_entry(int idx, ecc_point *g)
+{
+ unsigned x, y;
+
+ /* allocate base and LUT */
+ fp_cache[idx].g = ltc_ecc_new_point();
+ if (fp_cache[idx].g == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* copy x and y */
+ if ((mp_copy(g->x, fp_cache[idx].g->x) != CRYPT_OK) ||
+ (mp_copy(g->y, fp_cache[idx].g->y) != CRYPT_OK) ||
+ (mp_copy(g->z, fp_cache[idx].g->z) != CRYPT_OK)) {
+ ltc_ecc_del_point(fp_cache[idx].g);
+ fp_cache[idx].g = NULL;
+ return CRYPT_MEM;
+ }
+
+ for (x = 0; x < (1U<<FP_LUT); x++) {
+ fp_cache[idx].LUT[x] = ltc_ecc_new_point();
+ if (fp_cache[idx].LUT[x] == NULL) {
+ for (y = 0; y < x; y++) {
+ ltc_ecc_del_point(fp_cache[idx].LUT[y]);
+ fp_cache[idx].LUT[y] = NULL;
+ }
+ ltc_ecc_del_point(fp_cache[idx].g);
+ fp_cache[idx].g = NULL;
+ fp_cache[idx].lru_count = 0;
+ return CRYPT_MEM;
+ }
+ }
+
+ fp_cache[idx].lru_count = 0;
+ return CRYPT_OK;
+}
+
+/* build the LUT by spacing the bits of the input by #modulus/FP_LUT bits apart
+ *
+ * The algorithm builds patterns in increasing bit order by first making all
+ * single bit input patterns, then all two bit input patterns and so on
+ */
+static int build_lut(int idx, void *modulus, void *mp, void *mu)
+{
+ unsigned x, y, err, bitlen, lut_gap;
+ void *tmp;
+
+ tmp = NULL;
+
+ /* sanity check to make sure lut_order table is of correct size, should compile out to a NOP if true */
+ if ((sizeof(lut_orders) / sizeof(lut_orders[0])) < (1U<<FP_LUT)) {
+ err = CRYPT_INVALID_ARG;
+ goto DONE;
+ }
+
+ /* get bitlen and round up to next multiple of FP_LUT */
+ bitlen = mp_unsigned_bin_size(modulus) << 3;
+ x = bitlen % FP_LUT;
+ if (x) {
+ bitlen += FP_LUT - x;
+ }
+ lut_gap = bitlen / FP_LUT;
+
+ /* init the mu */
+ if ((err = mp_init_copy(&fp_cache[idx].mu, mu)) != CRYPT_OK) {
+ goto ERR;
+ }
+
+ /* copy base */
+ if ((mp_mulmod(fp_cache[idx].g->x, mu, modulus, fp_cache[idx].LUT[1]->x) != CRYPT_OK) ||
+ (mp_mulmod(fp_cache[idx].g->y, mu, modulus, fp_cache[idx].LUT[1]->y) != CRYPT_OK) ||
+ (mp_mulmod(fp_cache[idx].g->z, mu, modulus, fp_cache[idx].LUT[1]->z) != CRYPT_OK)) { goto ERR; }
+
+ /* make all single bit entries */
+ for (x = 1; x < FP_LUT; x++) {
+ if ((mp_copy(fp_cache[idx].LUT[1<<(x-1)]->x, fp_cache[idx].LUT[1<<x]->x) != CRYPT_OK) ||
+ (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->y, fp_cache[idx].LUT[1<<x]->y) != CRYPT_OK) ||
+ (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->z, fp_cache[idx].LUT[1<<x]->z) != CRYPT_OK)) { goto ERR; }
+
+ /* now double it bitlen/FP_LUT times */
+ for (y = 0; y < lut_gap; y++) {
+ if ((err = ltc_mp.ecc_ptdbl(fp_cache[idx].LUT[1<<x], fp_cache[idx].LUT[1<<x], modulus, mp)) != CRYPT_OK) {
+ goto ERR;
+ }
+ }
+ }
+
+ /* now make all entries in increase order of hamming weight */
+ for (x = 2; x <= FP_LUT; x++) {
+ for (y = 0; y < (1UL<<FP_LUT); y++) {
+ if (lut_orders[y].ham != (int)x) continue;
+
+ /* perform the add */
+ if ((err = ltc_mp.ecc_ptadd(fp_cache[idx].LUT[lut_orders[y].terma], fp_cache[idx].LUT[lut_orders[y].termb],
+ fp_cache[idx].LUT[y], modulus, mp)) != CRYPT_OK) {
+ goto ERR;
+ }
+ }
+ }
+
+ /* now map all entries back to affine space to make point addition faster */
+ if ((err = mp_init(&tmp)) != CRYPT_OK) { goto ERR; }
+ for (x = 1; x < (1UL<<FP_LUT); x++) {
+ /* convert z to normal from montgomery */
+ if ((err = mp_montgomery_reduce(fp_cache[idx].LUT[x]->z, modulus, mp)) != CRYPT_OK) { goto ERR; }
+
+ /* invert it */
+ if ((err = mp_invmod(fp_cache[idx].LUT[x]->z, modulus, fp_cache[idx].LUT[x]->z)) != CRYPT_OK) { goto ERR; }
+
+ /* now square it */
+ if ((err = mp_sqrmod(fp_cache[idx].LUT[x]->z, modulus, tmp)) != CRYPT_OK) { goto ERR; }
+
+ /* fix x */
+ if ((err = mp_mulmod(fp_cache[idx].LUT[x]->x, tmp, modulus, fp_cache[idx].LUT[x]->x)) != CRYPT_OK) { goto ERR; }
+
+ /* get 1/z^3 */
+ if ((err = mp_mulmod(tmp, fp_cache[idx].LUT[x]->z, modulus, tmp)) != CRYPT_OK) { goto ERR; }
+
+ /* fix y */
+ if ((err = mp_mulmod(fp_cache[idx].LUT[x]->y, tmp, modulus, fp_cache[idx].LUT[x]->y)) != CRYPT_OK) { goto ERR; }
+
+ /* free z */
+ mp_clear(fp_cache[idx].LUT[x]->z);
+ fp_cache[idx].LUT[x]->z = NULL;
+ }
+ mp_clear(tmp);
+
+ return CRYPT_OK;
+ERR:
+ err = CRYPT_MEM;
+DONE:
+ for (y = 0; y < (1U<<FP_LUT); y++) {
+ ltc_ecc_del_point(fp_cache[idx].LUT[y]);
+ fp_cache[idx].LUT[y] = NULL;
+ }
+ ltc_ecc_del_point(fp_cache[idx].g);
+ fp_cache[idx].g = NULL;
+ fp_cache[idx].lru_count = 0;
+ if (fp_cache[idx].mu != NULL) {
+ mp_clear(fp_cache[idx].mu);
+ fp_cache[idx].mu = NULL;
+ }
+ if (tmp != NULL) {
+ mp_clear(tmp);
+ }
+ return err;
+}
+
+/* perform a fixed point ECC mulmod */
+static int accel_fp_mul(int idx, void *k, ecc_point *R, void *modulus, void *mp, int map)
+{
+ unsigned char kb[128];
+ int x;
+ unsigned y, z, err, bitlen, bitpos, lut_gap, first;
+ void *tk, *order;
+
+ /* if it's smaller than modulus we fine */
+ if (mp_unsigned_bin_size(k) > mp_unsigned_bin_size(modulus)) {
+ /* find order */
+ y = mp_unsigned_bin_size(modulus);
+ for (x = 0; ltc_ecc_sets[x].size; x++) {
+ if (y <= (unsigned)ltc_ecc_sets[x].size) break;
+ }
+
+ /* back off if we are on the 521 bit curve */
+ if (y == 66) --x;
+
+ if ((err = mp_init(&order)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = mp_read_radix(order, ltc_ecc_sets[x].order, 16)) != CRYPT_OK) {
+ mp_clear(&order);
+ return err;
+ }
+
+ /* k must be less than modulus */
+ if (mp_cmp(k, order) != LTC_MP_LT) {
+ if ((err = mp_init(&tk)) != CRYPT_OK) {
+ mp_clear(order);
+ return err;
+ }
+ if ((err = mp_mod(k, order, tk)) != CRYPT_OK) {
+ mp_clear(tk);
+ mp_clear(order);
+ return err;
+ }
+ } else {
+ tk = k;
+ }
+ mp_clear(order);
+ } else {
+ tk = k;
+ }
+
+ /* get bitlen and round up to next multiple of FP_LUT */
+ bitlen = mp_unsigned_bin_size(modulus) << 3;
+ x = bitlen % FP_LUT;
+ if (x) {
+ bitlen += FP_LUT - x;
+ }
+ lut_gap = bitlen / FP_LUT;
+
+ /* get the k value */
+ if (mp_unsigned_bin_size(tk) > (sizeof(kb) - 2)) {
+ if (tk != k) {
+ mp_clear(tk);
+ }
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ /* store k */
+ zeromem(kb, sizeof(kb));
+ if ((err = mp_to_unsigned_bin(tk, kb)) != CRYPT_OK) {
+ if (tk != k) {
+ mp_clear(tk);
+ }
+ return err;
+ }
+
+ /* let's reverse kb so it's little endian */
+ x = 0;
+ y = mp_unsigned_bin_size(tk) - 1;
+ if (tk != k) {
+ mp_clear(tk);
+ }
+ while ((unsigned)x < y) {
+ z = kb[x]; kb[x] = kb[y]; kb[y] = z;
+ ++x; --y;
+ }
+
+ /* at this point we can start, yipee */
+ first = 1;
+ for (x = lut_gap-1; x >= 0; x--) {
+ /* extract FP_LUT bits from kb spread out by lut_gap bits and offset by x bits from the start */
+ bitpos = x;
+ for (y = z = 0; y < FP_LUT; y++) {
+ z |= ((kb[bitpos>>3] >> (bitpos&7)) & 1) << y;
+ bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid the mult in each loop */
+ }
+
+ /* double if not first */
+ if (!first) {
+ if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
+ /* add if not first, otherwise copy */
+ if (!first && z) {
+ if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx].LUT[z], R, modulus, mp)) != CRYPT_OK) {
+ return err;
+ }
+ } else if (z) {
+ if ((mp_copy(fp_cache[idx].LUT[z]->x, R->x) != CRYPT_OK) ||
+ (mp_copy(fp_cache[idx].LUT[z]->y, R->y) != CRYPT_OK) ||
+ (mp_copy(fp_cache[idx].mu, R->z) != CRYPT_OK)) { return CRYPT_MEM; }
+ first = 0;
+ }
+ }
+ z = 0;
+ zeromem(kb, sizeof(kb));
+ /* map R back from projective space */
+ if (map) {
+ err = ltc_ecc_map(R, modulus, mp);
+ } else {
+ err = CRYPT_OK;
+ }
+ return err;
+}
+
+#ifdef LTC_ECC_SHAMIR
+/* perform a fixed point ECC mulmod */
+static int accel_fp_mul2add(int idx1, int idx2,
+ void *kA, void *kB,
+ ecc_point *R, void *modulus, void *mp)
+{
+ unsigned char kb[2][128];
+ int x;
+ unsigned y, z, err, bitlen, bitpos, lut_gap, first, zA, zB;
+ void *tka, *tkb, *order;
+
+ /* if it's smaller than modulus we fine */
+ if (mp_unsigned_bin_size(kA) > mp_unsigned_bin_size(modulus)) {
+ /* find order */
+ y = mp_unsigned_bin_size(modulus);
+ for (x = 0; ltc_ecc_sets[x].size; x++) {
+ if (y <= (unsigned)ltc_ecc_sets[x].size) break;
+ }
+
+ /* back off if we are on the 521 bit curve */
+ if (y == 66) --x;
+
+ if ((err = mp_init(&order)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = mp_read_radix(order, ltc_ecc_sets[x].order, 16)) != CRYPT_OK) {
+ mp_clear(&order);
+ return err;
+ }
+
+ /* kA must be less than modulus */
+ if (mp_cmp(kA, order) != LTC_MP_LT) {
+ if ((err = mp_init(&tka)) != CRYPT_OK) {
+ mp_clear(order);
+ return err;
+ }
+ if ((err = mp_mod(kA, order, tka)) != CRYPT_OK) {
+ mp_clear(tka);
+ mp_clear(order);
+ return err;
+ }
+ } else {
+ tka = kA;
+ }
+ mp_clear(order);
+ } else {
+ tka = kA;
+ }
+
+ /* if it's smaller than modulus we fine */
+ if (mp_unsigned_bin_size(kB) > mp_unsigned_bin_size(modulus)) {
+ /* find order */
+ y = mp_unsigned_bin_size(modulus);
+ for (x = 0; ltc_ecc_sets[x].size; x++) {
+ if (y <= (unsigned)ltc_ecc_sets[x].size) break;
+ }
+
+ /* back off if we are on the 521 bit curve */
+ if (y == 66) --x;
+
+ if ((err = mp_init(&order)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = mp_read_radix(order, ltc_ecc_sets[x].order, 16)) != CRYPT_OK) {
+ mp_clear(&order);
+ return err;
+ }
+
+ /* kB must be less than modulus */
+ if (mp_cmp(kB, order) != LTC_MP_LT) {
+ if ((err = mp_init(&tkb)) != CRYPT_OK) {
+ mp_clear(order);
+ return err;
+ }
+ if ((err = mp_mod(kB, order, tkb)) != CRYPT_OK) {
+ mp_clear(tkb);
+ mp_clear(order);
+ return err;
+ }
+ } else {
+ tkb = kB;
+ }
+ mp_clear(order);
+ } else {
+ tkb = kB;
+ }
+
+ /* get bitlen and round up to next multiple of FP_LUT */
+ bitlen = mp_unsigned_bin_size(modulus) << 3;
+ x = bitlen % FP_LUT;
+ if (x) {
+ bitlen += FP_LUT - x;
+ }
+ lut_gap = bitlen / FP_LUT;
+
+ /* get the k value */
+ if ((mp_unsigned_bin_size(tka) > (sizeof(kb[0]) - 2)) || (mp_unsigned_bin_size(tkb) > (sizeof(kb[0]) - 2)) ) {
+ if (tka != kA) {
+ mp_clear(tka);
+ }
+ if (tkb != kB) {
+ mp_clear(tkb);
+ }
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ /* store k */
+ zeromem(kb, sizeof(kb));
+ if ((err = mp_to_unsigned_bin(tka, kb[0])) != CRYPT_OK) {
+ if (tka != kA) {
+ mp_clear(tka);
+ }
+ if (tkb != kB) {
+ mp_clear(tkb);
+ }
+ return err;
+ }
+
+ /* let's reverse kb so it's little endian */
+ x = 0;
+ y = mp_unsigned_bin_size(tka) - 1;
+ if (tka != kA) {
+ mp_clear(tka);
+ }
+ while ((unsigned)x < y) {
+ z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = z;
+ ++x; --y;
+ }
+
+ /* store b */
+ if ((err = mp_to_unsigned_bin(tkb, kb[1])) != CRYPT_OK) {
+ if (tkb != kB) {
+ mp_clear(tkb);
+ }
+ return err;
+ }
+
+ x = 0;
+ y = mp_unsigned_bin_size(tkb) - 1;
+ if (tkb != kB) {
+ mp_clear(tkb);
+ }
+ while ((unsigned)x < y) {
+ z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = z;
+ ++x; --y;
+ }
+
+ /* at this point we can start, yipee */
+ first = 1;
+ for (x = lut_gap-1; x >= 0; x--) {
+ /* extract FP_LUT bits from kb spread out by lut_gap bits and offset by x bits from the start */
+ bitpos = x;
+ for (y = zA = zB = 0; y < FP_LUT; y++) {
+ zA |= ((kb[0][bitpos>>3] >> (bitpos&7)) & 1) << y;
+ zB |= ((kb[1][bitpos>>3] >> (bitpos&7)) & 1) << y;
+ bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid the mult in each loop */
+ }
+
+ /* double if not first */
+ if (!first) {
+ if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
+ /* add if not first, otherwise copy */
+ if (!first) {
+ if (zA) {
+ if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx1].LUT[zA], R, modulus, mp)) != CRYPT_OK) {
+ return err;
+ }
+ }
+ if (zB) {
+ if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx2].LUT[zB], R, modulus, mp)) != CRYPT_OK) {
+ return err;
+ }
+ }
+ } else {
+ if (zA) {
+ if ((mp_copy(fp_cache[idx1].LUT[zA]->x, R->x) != CRYPT_OK) ||
+ (mp_copy(fp_cache[idx1].LUT[zA]->y, R->y) != CRYPT_OK) ||
+ (mp_copy(fp_cache[idx1].mu, R->z) != CRYPT_OK)) { return CRYPT_MEM; }
+ first = 0;
+ }
+ if (zB && first == 0) {
+ if (zB) {
+ if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx2].LUT[zB], R, modulus, mp)) != CRYPT_OK) {
+ return err;
+ }
+ }
+ } else if (zB && first == 1) {
+ if ((mp_copy(fp_cache[idx2].LUT[zB]->x, R->x) != CRYPT_OK) ||
+ (mp_copy(fp_cache[idx2].LUT[zB]->y, R->y) != CRYPT_OK) ||
+ (mp_copy(fp_cache[idx2].mu, R->z) != CRYPT_OK)) { return CRYPT_MEM; }
+ first = 0;
+ }
+ }
+ }
+ zeromem(kb, sizeof(kb));
+ return ltc_ecc_map(R, modulus, mp);
+}
+
+/** ECC Fixed Point mulmod global
+ @param k The multiplicand
+ @param G Base point to multiply
+ @param R [out] Destination of product
+ @param modulus The modulus for the curve
+ @param map [boolean] If non-zero maps the point back to affine co-ordinates, otherwise it's left in jacobian-montgomery form
+ @return CRYPT_OK if successful
+*/
+int ltc_ecc_fp_mul2add(ecc_point *A, void *kA,
+ ecc_point *B, void *kB,
+ ecc_point *C, void *modulus)
+{
+ int idx1, idx2, err;
+ void *mp, *mu;
+
+ mp = NULL;
+ mu = NULL;
+ LTC_MUTEX_LOCK(&ltc_ecc_fp_lock);
+ /* find point */
+ idx1 = find_base(A);
+
+ /* no entry? */
+ if (idx1 == -1) {
+ /* find hole and add it */
+ idx1 = find_hole();
+
+ if ((err = add_entry(idx1, A)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ }
+
+ /* increment LRU */
+ ++(fp_cache[idx1].lru_count);
+
+ /* find point */
+ idx2 = find_base(B);
+
+ /* no entry? */
+ if (idx2 == -1) {
+ /* find hole and add it */
+ idx2 = find_hole();
+
+ if ((err = add_entry(idx2, B)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ }
+
+ /* increment LRU */
+ ++(fp_cache[idx2].lru_count);
+
+ /* if it's 2 build the LUT, if it's higher just use the LUT */
+ if (fp_cache[idx1].lru_count == 2) {
+ /* compute mp */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; }
+
+ /* compute mu */
+ if ((err = mp_init(&mu)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* build the LUT */
+ if ((err = build_lut(idx1, modulus, mp, mu)) != CRYPT_OK) {
+ goto LBL_ERR;;
+ }
+ }
+
+ /* if it's 2 build the LUT, if it's higher just use the LUT */
+ if (fp_cache[idx2].lru_count == 2) {
+ if (mp == NULL) {
+ /* compute mp */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; }
+
+ /* compute mu */
+ if ((err = mp_init(&mu)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ }
+
+ /* build the LUT */
+ if ((err = build_lut(idx2, modulus, mp, mu)) != CRYPT_OK) {
+ goto LBL_ERR;;
+ }
+ }
+
+
+ if (fp_cache[idx1].lru_count >= 2 && fp_cache[idx2].lru_count >= 2) {
+ if (mp == NULL) {
+ /* compute mp */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; }
+ }
+ err = accel_fp_mul2add(idx1, idx2, kA, kB, C, modulus, mp);
+ } else {
+ err = ltc_ecc_mul2add(A, kA, B, kB, C, modulus);
+ }
+LBL_ERR:
+ LTC_MUTEX_UNLOCK(&ltc_ecc_fp_lock);
+ if (mp != NULL) {
+ mp_montgomery_free(mp);
+ }
+ if (mu != NULL) {
+ mp_clear(mu);
+ }
+ return err;
+}
+#endif
+
+/** ECC Fixed Point mulmod global
+ @param k The multiplicand
+ @param G Base point to multiply
+ @param R [out] Destination of product
+ @param modulus The modulus for the curve
+ @param map [boolean] If non-zero maps the point back to affine co-ordinates, otherwise it's left in jacobian-montgomery form
+ @return CRYPT_OK if successful
+*/
+int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
+{
+ int idx, err;
+ void *mp, *mu;
+
+ mp = NULL;
+ mu = NULL;
+ LTC_MUTEX_LOCK(&ltc_ecc_fp_lock);
+ /* find point */
+ idx = find_base(G);
+
+ /* no entry? */
+ if (idx == -1) {
+ /* find hole and add it */
+ idx = find_hole();
+
+ if ((err = add_entry(idx, G)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ }
+
+ /* increment LRU */
+ ++(fp_cache[idx].lru_count);
+
+ /* if it's 2 build the LUT, if it's higher just use the LUT */
+ if (fp_cache[idx].lru_count == 2) {
+ /* compute mp */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; }
+
+ /* compute mu */
+ if ((err = mp_init(&mu)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* build the LUT */
+ if ((err = build_lut(idx, modulus, mp, mu)) != CRYPT_OK) {
+ goto LBL_ERR;;
+ }
+ }
+
+ if (fp_cache[idx].lru_count >= 2) {
+ if (mp == NULL) {
+ /* compute mp */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; }
+ }
+ err = accel_fp_mul(idx, k, R, modulus, mp, map);
+ } else {
+ err = ltc_ecc_mulmod(k, G, R, modulus, map);
+ }
+LBL_ERR:
+ LTC_MUTEX_UNLOCK(&ltc_ecc_fp_lock);
+ if (mp != NULL) {
+ mp_montgomery_free(mp);
+ }
+ if (mu != NULL) {
+ mp_clear(mu);
+ }
+ return err;
+}
+
+/** Free the Fixed Point tables */
+void ltc_ecc_fp_free(void)
+{
+ unsigned x, y;
+ LTC_MUTEX_LOCK(&ltc_ecc_fp_lock);
+ for (x = 0; x < FP_ENTRIES; x++) {
+ if (fp_cache[x].g != NULL) {
+ for (y = 0; y < (1U<<FP_LUT); y++) {
+ ltc_ecc_del_point(fp_cache[x].LUT[y]);
+ fp_cache[x].LUT[y] = NULL;
+ }
+ ltc_ecc_del_point(fp_cache[x].g);
+ fp_cache[x].g = NULL;
+ if (fp_cache[x].mu != NULL) {
+ mp_clear(fp_cache[x].mu);
+ fp_cache[x].mu = NULL;
+ }
+ fp_cache[x].lru_count = 0;
+ }
+ }
+ LTC_MUTEX_UNLOCK(&ltc_ecc_fp_lock);
+}
+
+#endif
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/math/fp/ltc_ecc_fp_mulmod.c,v $ */
+/* $Revision: 1.27 $ */
+/* $Date: 2006/12/03 00:39:56 $ */
+
diff --git a/src/math/gmp_desc.c b/src/math/gmp_desc.c
new file mode 100644
index 0000000..66c279e
--- /dev/null
+++ b/src/math/gmp_desc.c
@@ -0,0 +1,478 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+#define DESC_DEF_ONLY
+#include "tomcrypt.h"
+
+#ifdef GMP_DESC
+
+#include <stdio.h>
+#include <gmp.h>
+
+static int init(void **a)
+{
+ LTC_ARGCHK(a != NULL);
+
+ *a = XCALLOC(1, sizeof(__mpz_struct));
+ if (*a == NULL) {
+ return CRYPT_MEM;
+ }
+ mpz_init(((__mpz_struct *)*a));
+ return CRYPT_OK;
+}
+
+static void deinit(void *a)
+{
+ LTC_ARGCHKVD(a != NULL);
+ mpz_clear(a);
+ XFREE(a);
+}
+
+static int neg(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ mpz_neg(b, a);
+ return CRYPT_OK;
+}
+
+static int copy(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ mpz_set(b, a);
+ return CRYPT_OK;
+}
+
+static int init_copy(void **a, void *b)
+{
+ if (init(a) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+ return copy(b, *a);
+}
+
+/* ---- trivial ---- */
+static int set_int(void *a, unsigned long b)
+{
+ LTC_ARGCHK(a != NULL);
+ mpz_set_ui(((__mpz_struct *)a), b);
+ return CRYPT_OK;
+}
+
+static unsigned long get_int(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return mpz_get_ui(a);
+}
+
+static unsigned long get_digit(void *a, int n)
+{
+ LTC_ARGCHK(a != NULL);
+ return mpz_getlimbn(a, n);
+}
+
+static int get_digit_count(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return mpz_size(a);
+}
+
+static int compare(void *a, void *b)
+{
+ int ret;
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ ret = mpz_cmp(a, b);
+ if (ret < 0) {
+ return LTC_MP_LT;
+ } else if (ret > 0) {
+ return LTC_MP_GT;
+ } else {
+ return LTC_MP_EQ;
+ }
+}
+
+static int compare_d(void *a, unsigned long b)
+{
+ int ret;
+ LTC_ARGCHK(a != NULL);
+ ret = mpz_cmp_ui(((__mpz_struct *)a), b);
+ if (ret < 0) {
+ return LTC_MP_LT;
+ } else if (ret > 0) {
+ return LTC_MP_GT;
+ } else {
+ return LTC_MP_EQ;
+ }
+}
+
+static int count_bits(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return mpz_sizeinbase(a, 2);
+}
+
+static int count_lsb_bits(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return mpz_scan1(a, 0);
+}
+
+
+static int twoexpt(void *a, int n)
+{
+ LTC_ARGCHK(a != NULL);
+ mpz_set_ui(a, 0);
+ mpz_setbit(a, n);
+ return CRYPT_OK;
+}
+
+/* ---- conversions ---- */
+
+/* read ascii string */
+static int read_radix(void *a, const char *b, int radix)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ mpz_set_str(a, b, radix);
+ return CRYPT_OK;
+}
+
+/* write one */
+static int write_radix(void *a, char *b, int radix)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ mpz_get_str(b, radix, a);
+ return CRYPT_OK;
+}
+
+/* get size as unsigned char string */
+static unsigned long unsigned_size(void *a)
+{
+ unsigned long t;
+ LTC_ARGCHK(a != NULL);
+ t = mpz_sizeinbase(a, 2);
+ if (mpz_cmp_ui(((__mpz_struct *)a), 0) == 0) return 0;
+ return (t>>3) + ((t&7)?1:0);
+}
+
+/* store */
+static int unsigned_write(void *a, unsigned char *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ mpz_export(b, NULL, 1, 1, 1, 0, ((__mpz_struct*)a));
+ return CRYPT_OK;
+}
+
+/* read */
+static int unsigned_read(void *a, unsigned char *b, unsigned long len)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ mpz_import(a, len, 1, 1, 1, 0, b);
+ return CRYPT_OK;
+}
+
+/* add */
+static int add(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_add(c, a, b);
+ return CRYPT_OK;
+}
+
+static int addi(void *a, unsigned long b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_add_ui(c, a, b);
+ return CRYPT_OK;
+}
+
+/* sub */
+static int sub(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_sub(c, a, b);
+ return CRYPT_OK;
+}
+
+static int subi(void *a, unsigned long b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_sub_ui(c, a, b);
+ return CRYPT_OK;
+}
+
+/* mul */
+static int mul(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_mul(c, a, b);
+ return CRYPT_OK;
+}
+
+static int muli(void *a, unsigned long b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_mul_ui(c, a, b);
+ return CRYPT_OK;
+}
+
+/* sqr */
+static int sqr(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ mpz_mul(b, a, a);
+ return CRYPT_OK;
+}
+
+/* div */
+static int divide(void *a, void *b, void *c, void *d)
+{
+ mpz_t tmp;
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ if (c != NULL) {
+ mpz_init(tmp);
+ mpz_divexact(tmp, a, b);
+ }
+ if (d != NULL) {
+ mpz_mod(d, a, b);
+ }
+ if (c != NULL) {
+ mpz_set(c, tmp);
+ mpz_clear(tmp);
+ }
+ return CRYPT_OK;
+}
+
+static int div_2(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ mpz_divexact_ui(b, a, 2);
+ return CRYPT_OK;
+}
+
+/* modi */
+static int modi(void *a, unsigned long b, unsigned long *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+
+ *c = mpz_fdiv_ui(a, b);
+ return CRYPT_OK;
+}
+
+/* gcd */
+static int gcd(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_gcd(c, a, b);
+ return CRYPT_OK;
+}
+
+/* lcm */
+static int lcm(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_lcm(c, a, b);
+ return CRYPT_OK;
+}
+
+static int mulmod(void *a, void *b, void *c, void *d)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ LTC_ARGCHK(d != NULL);
+ mpz_mul(d, a, b);
+ mpz_mod(d, d, c);
+ return CRYPT_OK;
+}
+
+static int sqrmod(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_mul(c, a, a);
+ mpz_mod(c, c, b);
+ return CRYPT_OK;
+}
+
+/* invmod */
+static int invmod(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_invert(c, a, b);
+ return CRYPT_OK;
+}
+
+/* setup */
+static int montgomery_setup(void *a, void **b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ *b = (void *)1;
+ return CRYPT_OK;
+}
+
+/* get normalization value */
+static int montgomery_normalization(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ mpz_set_ui(a, 1);
+ return CRYPT_OK;
+}
+
+/* reduce */
+static int montgomery_reduce(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ mpz_mod(a, a, b);
+ return CRYPT_OK;
+}
+
+/* clean up */
+static void montgomery_deinit(void *a)
+{
+}
+
+static int exptmod(void *a, void *b, void *c, void *d)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ LTC_ARGCHK(d != NULL);
+ mpz_powm(d, a, b, c);
+ return CRYPT_OK;
+}
+
+static int isprime(void *a, int *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ *b = mpz_probab_prime_p(a, 8) > 0 ? LTC_MP_YES : LTC_MP_NO;
+ return CRYPT_OK;
+}
+
+const ltc_math_descriptor gmp_desc = {
+ "GNU MP",
+ sizeof(mp_limb_t) * CHAR_BIT - GMP_NAIL_BITS,
+
+ &init,
+ &init_copy,
+ &deinit,
+
+ &neg,
+ &copy,
+
+ &set_int,
+ &get_int,
+ &get_digit,
+ &get_digit_count,
+ &compare,
+ &compare_d,
+ &count_bits,
+ &count_lsb_bits,
+ &twoexpt,
+
+ &read_radix,
+ &write_radix,
+ &unsigned_size,
+ &unsigned_write,
+ &unsigned_read,
+
+ &add,
+ &addi,
+ &sub,
+ &subi,
+ &mul,
+ &muli,
+ &sqr,
+ &divide,
+ &div_2,
+ &modi,
+ &gcd,
+ &lcm,
+
+ &mulmod,
+ &sqrmod,
+ &invmod,
+
+ &montgomery_setup,
+ &montgomery_normalization,
+ &montgomery_reduce,
+ &montgomery_deinit,
+
+ &exptmod,
+ &isprime,
+
+#ifdef MECC
+#ifdef MECC_FP
+ &ltc_ecc_fp_mulmod,
+#else
+ &ltc_ecc_mulmod,
+#endif /* MECC_FP */
+ &ltc_ecc_projective_add_point,
+ &ltc_ecc_projective_dbl_point,
+ &ltc_ecc_map,
+#ifdef LTC_ECC_SHAMIR
+#ifdef MECC_FP
+ &ltc_ecc_fp_mul2add,
+#else
+ &ltc_ecc_mul2add,
+#endif /* MECC_FP */
+#else
+ NULL,
+#endif /* LTC_ECC_SHAMIR */
+#else
+ NULL, NULL, NULL, NULL, NULL
+#endif /* MECC */
+
+#ifdef MRSA
+ &rsa_make_key,
+ &rsa_exptmod,
+#else
+ NULL, NULL
+#endif
+
+};
+
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/math/gmp_desc.c,v $ */
+/* $Revision: 1.14 $ */
+/* $Date: 2006/12/03 00:39:56 $ */
diff --git a/src/math/ltm_desc.c b/src/math/ltm_desc.c
new file mode 100644
index 0000000..07fdd5a
--- /dev/null
+++ b/src/math/ltm_desc.c
@@ -0,0 +1,483 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+#define DESC_DEF_ONLY
+#include "tomcrypt.h"
+
+#ifdef LTM_DESC
+
+#include <tommath.h>
+
+static const struct {
+ int mpi_code, ltc_code;
+} mpi_to_ltc_codes[] = {
+ { MP_OKAY , CRYPT_OK},
+ { MP_MEM , CRYPT_MEM},
+ { MP_VAL , CRYPT_INVALID_ARG},
+};
+
+/**
+ Convert a MPI error to a LTC error (Possibly the most powerful function ever! Oh wait... no)
+ @param err The error to convert
+ @return The equivalent LTC error code or CRYPT_ERROR if none found
+*/
+static int mpi_to_ltc_error(int err)
+{
+ int x;
+
+ for (x = 0; x < (int)(sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0])); x++) {
+ if (err == mpi_to_ltc_codes[x].mpi_code) {
+ return mpi_to_ltc_codes[x].ltc_code;
+ }
+ }
+ return CRYPT_ERROR;
+}
+
+static int init(void **a)
+{
+ int err;
+
+ LTC_ARGCHK(a != NULL);
+
+ *a = XCALLOC(1, sizeof(mp_int));
+ if (*a == NULL) {
+ return CRYPT_MEM;
+ }
+
+ if ((err = mpi_to_ltc_error(mp_init(*a))) != CRYPT_OK) {
+ XFREE(*a);
+ }
+ return err;
+}
+
+static void deinit(void *a)
+{
+ LTC_ARGCHKVD(a != NULL);
+ mp_clear(a);
+ XFREE(a);
+}
+
+static int neg(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return mpi_to_ltc_error(mp_neg(a, b));
+}
+
+static int copy(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return mpi_to_ltc_error(mp_copy(a, b));
+}
+
+static int init_copy(void **a, void *b)
+{
+ if (init(a) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+ return copy(b, *a);
+}
+
+/* ---- trivial ---- */
+static int set_int(void *a, unsigned long b)
+{
+ LTC_ARGCHK(a != NULL);
+ return mpi_to_ltc_error(mp_set_int(a, b));
+}
+
+static unsigned long get_int(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return mp_get_int(a);
+}
+
+static unsigned long get_digit(void *a, int n)
+{
+ mp_int *A;
+ LTC_ARGCHK(a != NULL);
+ A = a;
+ return (n >= A->used || n < 0) ? 0 : A->dp[n];
+}
+
+static int get_digit_count(void *a)
+{
+ mp_int *A;
+ LTC_ARGCHK(a != NULL);
+ A = a;
+ return A->used;
+}
+
+static int compare(void *a, void *b)
+{
+ int ret;
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ ret = mp_cmp(a, b);
+ switch (ret) {
+ case MP_LT: return LTC_MP_LT;
+ case MP_EQ: return LTC_MP_EQ;
+ case MP_GT: return LTC_MP_GT;
+ }
+ return 0;
+}
+
+static int compare_d(void *a, unsigned long b)
+{
+ int ret;
+ LTC_ARGCHK(a != NULL);
+ ret = mp_cmp_d(a, b);
+ switch (ret) {
+ case MP_LT: return LTC_MP_LT;
+ case MP_EQ: return LTC_MP_EQ;
+ case MP_GT: return LTC_MP_GT;
+ }
+ return 0;
+}
+
+static int count_bits(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return mp_count_bits(a);
+}
+
+static int count_lsb_bits(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return mp_cnt_lsb(a);
+}
+
+
+static int twoexpt(void *a, int n)
+{
+ LTC_ARGCHK(a != NULL);
+ return mpi_to_ltc_error(mp_2expt(a, n));
+}
+
+/* ---- conversions ---- */
+
+/* read ascii string */
+static int read_radix(void *a, const char *b, int radix)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return mpi_to_ltc_error(mp_read_radix(a, b, radix));
+}
+
+/* write one */
+static int write_radix(void *a, char *b, int radix)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return mpi_to_ltc_error(mp_toradix(a, b, radix));
+}
+
+/* get size as unsigned char string */
+static unsigned long unsigned_size(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return mp_unsigned_bin_size(a);
+}
+
+/* store */
+static int unsigned_write(void *a, unsigned char *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return mpi_to_ltc_error(mp_to_unsigned_bin(a, b));
+}
+
+/* read */
+static int unsigned_read(void *a, unsigned char *b, unsigned long len)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return mpi_to_ltc_error(mp_read_unsigned_bin(a, b, len));
+}
+
+/* add */
+static int add(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_add(a, b, c));
+}
+
+static int addi(void *a, unsigned long b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_add_d(a, b, c));
+}
+
+/* sub */
+static int sub(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_sub(a, b, c));
+}
+
+static int subi(void *a, unsigned long b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_sub_d(a, b, c));
+}
+
+/* mul */
+static int mul(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_mul(a, b, c));
+}
+
+static int muli(void *a, unsigned long b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_mul_d(a, b, c));
+}
+
+/* sqr */
+static int sqr(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return mpi_to_ltc_error(mp_sqr(a, b));
+}
+
+/* div */
+static int divide(void *a, void *b, void *c, void *d)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return mpi_to_ltc_error(mp_div(a, b, c, d));
+}
+
+static int div_2(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return mpi_to_ltc_error(mp_div_2(a, b));
+}
+
+/* modi */
+static int modi(void *a, unsigned long b, unsigned long *c)
+{
+ mp_digit tmp;
+ int err;
+
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+
+ if ((err = mpi_to_ltc_error(mp_mod_d(a, b, &tmp))) != CRYPT_OK) {
+ return err;
+ }
+ *c = tmp;
+ return CRYPT_OK;
+}
+
+/* gcd */
+static int gcd(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_gcd(a, b, c));
+}
+
+/* lcm */
+static int lcm(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_lcm(a, b, c));
+}
+
+static int mulmod(void *a, void *b, void *c, void *d)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ LTC_ARGCHK(d != NULL);
+ return mpi_to_ltc_error(mp_mulmod(a,b,c,d));
+}
+
+static int sqrmod(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_sqrmod(a,b,c));
+}
+
+/* invmod */
+static int invmod(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_invmod(a, b, c));
+}
+
+/* setup */
+static int montgomery_setup(void *a, void **b)
+{
+ int err;
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ *b = XCALLOC(1, sizeof(mp_digit));
+ if (*b == NULL) {
+ return CRYPT_MEM;
+ }
+ if ((err = mpi_to_ltc_error(mp_montgomery_setup(a, (mp_digit *)*b))) != CRYPT_OK) {
+ XFREE(*b);
+ }
+ return err;
+}
+
+/* get normalization value */
+static int montgomery_normalization(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return mpi_to_ltc_error(mp_montgomery_calc_normalization(a, b));
+}
+
+/* reduce */
+static int montgomery_reduce(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ return mpi_to_ltc_error(mp_montgomery_reduce(a, b, *((mp_digit *)c)));
+}
+
+/* clean up */
+static void montgomery_deinit(void *a)
+{
+ XFREE(a);
+}
+
+static int exptmod(void *a, void *b, void *c, void *d)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ LTC_ARGCHK(d != NULL);
+ return mpi_to_ltc_error(mp_exptmod(a,b,c,d));
+}
+
+static int isprime(void *a, int *b)
+{
+ int err;
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ err = mpi_to_ltc_error(mp_prime_is_prime(a, 8, b));
+ *b = (*b == MP_YES) ? LTC_MP_YES : LTC_MP_NO;
+ return err;
+}
+
+const ltc_math_descriptor ltm_desc = {
+
+ "LibTomMath",
+ (int)DIGIT_BIT,
+
+ &init,
+ &init_copy,
+ &deinit,
+
+ &neg,
+ &copy,
+
+ &set_int,
+ &get_int,
+ &get_digit,
+ &get_digit_count,
+ &compare,
+ &compare_d,
+ &count_bits,
+ &count_lsb_bits,
+ &twoexpt,
+
+ &read_radix,
+ &write_radix,
+ &unsigned_size,
+ &unsigned_write,
+ &unsigned_read,
+
+ &add,
+ &addi,
+ &sub,
+ &subi,
+ &mul,
+ &muli,
+ &sqr,
+ &divide,
+ &div_2,
+ &modi,
+ &gcd,
+ &lcm,
+
+ &mulmod,
+ &sqrmod,
+ &invmod,
+
+ &montgomery_setup,
+ &montgomery_normalization,
+ &montgomery_reduce,
+ &montgomery_deinit,
+
+ &exptmod,
+ &isprime,
+
+#ifdef MECC
+#ifdef MECC_FP
+ &ltc_ecc_fp_mulmod,
+#else
+ &ltc_ecc_mulmod,
+#endif
+ &ltc_ecc_projective_add_point,
+ &ltc_ecc_projective_dbl_point,
+ &ltc_ecc_map,
+#ifdef LTC_ECC_SHAMIR
+#ifdef MECC_FP
+ &ltc_ecc_fp_mul2add,
+#else
+ &ltc_ecc_mul2add,
+#endif /* MECC_FP */
+#else
+ NULL,
+#endif /* LTC_ECC_SHAMIR */
+#else
+ NULL, NULL, NULL, NULL, NULL,
+#endif /* MECC */
+
+#ifdef MRSA
+ &rsa_make_key,
+ &rsa_exptmod,
+#else
+ NULL, NULL
+#endif
+};
+
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/math/ltm_desc.c,v $ */
+/* $Revision: 1.29 $ */
+/* $Date: 2006/12/03 00:39:56 $ */
diff --git a/src/math/multi.c b/src/math/multi.c
new file mode 100644
index 0000000..8ee4d79
--- /dev/null
+++ b/src/math/multi.c
@@ -0,0 +1,61 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+#ifdef MPI
+#include <stdarg.h>
+
+int ltc_init_multi(void **a, ...)
+{
+ void **cur = a;
+ int np = 0;
+ va_list args;
+
+ va_start(args, a);
+ while (cur != NULL) {
+ if (mp_init(cur) != CRYPT_OK) {
+ /* failed */
+ va_list clean_list;
+
+ va_start(clean_list, a);
+ cur = a;
+ while (np--) {
+ mp_clear(*cur);
+ cur = va_arg(clean_list, void**);
+ }
+ va_end(clean_list);
+ return CRYPT_MEM;
+ }
+ ++np;
+ cur = va_arg(args, void**);
+ }
+ va_end(args);
+ return CRYPT_OK;
+}
+
+void ltc_deinit_multi(void *a, ...)
+{
+ void *cur = a;
+ va_list args;
+
+ va_start(args, a);
+ while (cur != NULL) {
+ mp_clear(cur);
+ cur = va_arg(args, void *);
+ }
+ va_end(args);
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/math/multi.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/math/rand_prime.c b/src/math/rand_prime.c
new file mode 100644
index 0000000..05477fe
--- /dev/null
+++ b/src/math/rand_prime.c
@@ -0,0 +1,87 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file rand_prime.c
+ Generate a random prime, Tom St Denis
+*/
+
+#define USE_BBS 1
+
+int rand_prime(void *N, long len, prng_state *prng, int wprng)
+{
+ int err, res, type;
+ unsigned char *buf;
+
+ LTC_ARGCHK(N != NULL);
+
+ /* get type */
+ if (len < 0) {
+ type = USE_BBS;
+ len = -len;
+ } else {
+ type = 0;
+ }
+
+ /* allow sizes between 2 and 512 bytes for a prime size */
+ if (len < 2 || len > 512) {
+ return CRYPT_INVALID_PRIME_SIZE;
+ }
+
+ /* valid PRNG? Better be! */
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* allocate buffer to work with */
+ buf = XCALLOC(1, len);
+ if (buf == NULL) {
+ return CRYPT_MEM;
+ }
+
+ do {
+ /* generate value */
+ if (prng_descriptor[wprng].read(buf, len, prng) != (unsigned long)len) {
+ XFREE(buf);
+ return CRYPT_ERROR_READPRNG;
+ }
+
+ /* munge bits */
+ buf[0] |= 0x80 | 0x40;
+ buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00);
+
+ /* load value */
+ if ((err = mp_read_unsigned_bin(N, buf, len)) != CRYPT_OK) {
+ XFREE(buf);
+ return err;
+ }
+
+ /* test */
+ if ((err = mp_prime_is_prime(N, 8, &res)) != CRYPT_OK) {
+ XFREE(buf);
+ return err;
+ }
+ } while (res == LTC_MP_NO);
+
+#ifdef LTC_CLEAN_STACK
+ zeromem(buf, len);
+#endif
+
+ XFREE(buf);
+ return CRYPT_OK;
+}
+
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/math/rand_prime.c,v $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/math/tfm_desc.c b/src/math/tfm_desc.c
new file mode 100644
index 0000000..023756d
--- /dev/null
+++ b/src/math/tfm_desc.c
@@ -0,0 +1,777 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+#define DESC_DEF_ONLY
+#include "tomcrypt.h"
+
+#ifdef TFM_DESC
+
+#include <tfm.h>
+
+static const struct {
+ int tfm_code, ltc_code;
+} tfm_to_ltc_codes[] = {
+ { FP_OKAY , CRYPT_OK},
+ { FP_MEM , CRYPT_MEM},
+ { FP_VAL , CRYPT_INVALID_ARG},
+};
+
+/**
+ Convert a tfm error to a LTC error (Possibly the most powerful function ever! Oh wait... no)
+ @param err The error to convert
+ @return The equivalent LTC error code or CRYPT_ERROR if none found
+*/
+static int tfm_to_ltc_error(int err)
+{
+ int x;
+
+ for (x = 0; x < (int)(sizeof(tfm_to_ltc_codes)/sizeof(tfm_to_ltc_codes[0])); x++) {
+ if (err == tfm_to_ltc_codes[x].tfm_code) {
+ return tfm_to_ltc_codes[x].ltc_code;
+ }
+ }
+ return CRYPT_ERROR;
+}
+
+static int init(void **a)
+{
+ LTC_ARGCHK(a != NULL);
+
+ *a = XCALLOC(1, sizeof(fp_int));
+ if (*a == NULL) {
+ return CRYPT_MEM;
+ }
+ fp_init(*a);
+ return CRYPT_OK;
+}
+
+static void deinit(void *a)
+{
+ LTC_ARGCHKVD(a != NULL);
+ XFREE(a);
+}
+
+static int neg(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ fp_neg(((fp_int*)a), ((fp_int*)b));
+ return CRYPT_OK;
+}
+
+static int copy(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ fp_copy(a, b);
+ return CRYPT_OK;
+}
+
+static int init_copy(void **a, void *b)
+{
+ if (init(a) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+ return copy(b, *a);
+}
+
+/* ---- trivial ---- */
+static int set_int(void *a, unsigned long b)
+{
+ LTC_ARGCHK(a != NULL);
+ fp_set(a, b);
+ return CRYPT_OK;
+}
+
+static unsigned long get_int(void *a)
+{
+ fp_int *A;
+ LTC_ARGCHK(a != NULL);
+ A = a;
+ return A->used > 0 ? A->dp[0] : 0;
+}
+
+static unsigned long get_digit(void *a, int n)
+{
+ fp_int *A;
+ LTC_ARGCHK(a != NULL);
+ A = a;
+ return (n >= A->used || n < 0) ? 0 : A->dp[n];
+}
+
+static int get_digit_count(void *a)
+{
+ fp_int *A;
+ LTC_ARGCHK(a != NULL);
+ A = a;
+ return A->used;
+}
+
+static int compare(void *a, void *b)
+{
+ int ret;
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ ret = fp_cmp(a, b);
+ switch (ret) {
+ case FP_LT: return LTC_MP_LT;
+ case FP_EQ: return LTC_MP_EQ;
+ case FP_GT: return LTC_MP_GT;
+ }
+ return 0;
+}
+
+static int compare_d(void *a, unsigned long b)
+{
+ int ret;
+ LTC_ARGCHK(a != NULL);
+ ret = fp_cmp_d(a, b);
+ switch (ret) {
+ case FP_LT: return LTC_MP_LT;
+ case FP_EQ: return LTC_MP_EQ;
+ case FP_GT: return LTC_MP_GT;
+ }
+ return 0;
+}
+
+static int count_bits(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return fp_count_bits(a);
+}
+
+static int count_lsb_bits(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return fp_cnt_lsb(a);
+}
+
+static int twoexpt(void *a, int n)
+{
+ LTC_ARGCHK(a != NULL);
+ fp_2expt(a, n);
+ return CRYPT_OK;
+}
+
+/* ---- conversions ---- */
+
+/* read ascii string */
+static int read_radix(void *a, const char *b, int radix)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return tfm_to_ltc_error(fp_read_radix(a, (char *)b, radix));
+}
+
+/* write one */
+static int write_radix(void *a, char *b, int radix)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return tfm_to_ltc_error(fp_toradix(a, b, radix));
+}
+
+/* get size as unsigned char string */
+static unsigned long unsigned_size(void *a)
+{
+ LTC_ARGCHK(a != NULL);
+ return fp_unsigned_bin_size(a);
+}
+
+/* store */
+static int unsigned_write(void *a, unsigned char *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ fp_to_unsigned_bin(a, b);
+ return CRYPT_OK;
+}
+
+/* read */
+static int unsigned_read(void *a, unsigned char *b, unsigned long len)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ fp_read_unsigned_bin(a, b, len);
+ return CRYPT_OK;
+}
+
+/* add */
+static int add(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ fp_add(a, b, c);
+ return CRYPT_OK;
+}
+
+static int addi(void *a, unsigned long b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+ fp_add_d(a, b, c);
+ return CRYPT_OK;
+}
+
+/* sub */
+static int sub(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ fp_sub(a, b, c);
+ return CRYPT_OK;
+}
+
+static int subi(void *a, unsigned long b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+ fp_sub_d(a, b, c);
+ return CRYPT_OK;
+}
+
+/* mul */
+static int mul(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ fp_mul(a, b, c);
+ return CRYPT_OK;
+}
+
+static int muli(void *a, unsigned long b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+ fp_mul_d(a, b, c);
+ return CRYPT_OK;
+}
+
+/* sqr */
+static int sqr(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ fp_sqr(a, b);
+ return CRYPT_OK;
+}
+
+/* div */
+static int divide(void *a, void *b, void *c, void *d)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ return tfm_to_ltc_error(fp_div(a, b, c, d));
+}
+
+static int div_2(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ fp_div_2(a, b);
+ return CRYPT_OK;
+}
+
+/* modi */
+static int modi(void *a, unsigned long b, unsigned long *c)
+{
+ fp_digit tmp;
+ int err;
+
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(c != NULL);
+
+ if ((err = tfm_to_ltc_error(fp_mod_d(a, b, &tmp))) != CRYPT_OK) {
+ return err;
+ }
+ *c = tmp;
+ return CRYPT_OK;
+}
+
+/* gcd */
+static int gcd(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ fp_gcd(a, b, c);
+ return CRYPT_OK;
+}
+
+/* lcm */
+static int lcm(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ fp_lcm(a, b, c);
+ return CRYPT_OK;
+}
+
+static int mulmod(void *a, void *b, void *c, void *d)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ LTC_ARGCHK(d != NULL);
+ return tfm_to_ltc_error(fp_mulmod(a,b,c,d));
+}
+
+static int sqrmod(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ return tfm_to_ltc_error(fp_sqrmod(a,b,c));
+}
+
+/* invmod */
+static int invmod(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ return tfm_to_ltc_error(fp_invmod(a, b, c));
+}
+
+/* setup */
+static int montgomery_setup(void *a, void **b)
+{
+ int err;
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ *b = XCALLOC(1, sizeof(fp_digit));
+ if (*b == NULL) {
+ return CRYPT_MEM;
+ }
+ if ((err = tfm_to_ltc_error(fp_montgomery_setup(a, (fp_digit *)*b))) != CRYPT_OK) {
+ XFREE(*b);
+ }
+ return err;
+}
+
+/* get normalization value */
+static int montgomery_normalization(void *a, void *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ fp_montgomery_calc_normalization(a, b);
+ return CRYPT_OK;
+}
+
+/* reduce */
+static int montgomery_reduce(void *a, void *b, void *c)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ fp_montgomery_reduce(a, b, *((fp_digit *)c));
+ return CRYPT_OK;
+}
+
+/* clean up */
+static void montgomery_deinit(void *a)
+{
+ XFREE(a);
+}
+
+static int exptmod(void *a, void *b, void *c, void *d)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ LTC_ARGCHK(c != NULL);
+ LTC_ARGCHK(d != NULL);
+ return tfm_to_ltc_error(fp_exptmod(a,b,c,d));
+}
+
+static int isprime(void *a, int *b)
+{
+ LTC_ARGCHK(a != NULL);
+ LTC_ARGCHK(b != NULL);
+ *b = (fp_isprime(a) == FP_YES) ? LTC_MP_YES : LTC_MP_NO;
+ return CRYPT_OK;
+}
+
+#if defined(MECC) && defined(MECC_ACCEL)
+
+static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *Mp)
+{
+ fp_int t1, t2;
+ fp_digit mp;
+
+ LTC_ARGCHK(P != NULL);
+ LTC_ARGCHK(R != NULL);
+ LTC_ARGCHK(modulus != NULL);
+ LTC_ARGCHK(Mp != NULL);
+
+ mp = *((fp_digit*)Mp);
+
+ fp_init(&t1);
+ fp_init(&t2);
+
+ if (P != R) {
+ fp_copy(P->x, R->x);
+ fp_copy(P->y, R->y);
+ fp_copy(P->z, R->z);
+ }
+
+ /* t1 = Z * Z */
+ fp_sqr(R->z, &t1);
+ fp_montgomery_reduce(&t1, modulus, mp);
+ /* Z = Y * Z */
+ fp_mul(R->z, R->y, R->z);
+ fp_montgomery_reduce(R->z, modulus, mp);
+ /* Z = 2Z */
+ fp_add(R->z, R->z, R->z);
+ if (fp_cmp(R->z, modulus) != FP_LT) {
+ fp_sub(R->z, modulus, R->z);
+ }
+
+ /* &t2 = X - T1 */
+ fp_sub(R->x, &t1, &t2);
+ if (fp_cmp_d(&t2, 0) == FP_LT) {
+ fp_add(&t2, modulus, &t2);
+ }
+ /* T1 = X + T1 */
+ fp_add(&t1, R->x, &t1);
+ if (fp_cmp(&t1, modulus) != FP_LT) {
+ fp_sub(&t1, modulus, &t1);
+ }
+ /* T2 = T1 * T2 */
+ fp_mul(&t1, &t2, &t2);
+ fp_montgomery_reduce(&t2, modulus, mp);
+ /* T1 = 2T2 */
+ fp_add(&t2, &t2, &t1);
+ if (fp_cmp(&t1, modulus) != FP_LT) {
+ fp_sub(&t1, modulus, &t1);
+ }
+ /* T1 = T1 + T2 */
+ fp_add(&t1, &t2, &t1);
+ if (fp_cmp(&t1, modulus) != FP_LT) {
+ fp_sub(&t1, modulus, &t1);
+ }
+
+ /* Y = 2Y */
+ fp_add(R->y, R->y, R->y);
+ if (fp_cmp(R->y, modulus) != FP_LT) {
+ fp_sub(R->y, modulus, R->y);
+ }
+ /* Y = Y * Y */
+ fp_sqr(R->y, R->y);
+ fp_montgomery_reduce(R->y, modulus, mp);
+ /* T2 = Y * Y */
+ fp_sqr(R->y, &t2);
+ fp_montgomery_reduce(&t2, modulus, mp);
+ /* T2 = T2/2 */
+ if (fp_isodd(&t2)) {
+ fp_add(&t2, modulus, &t2);
+ }
+ fp_div_2(&t2, &t2);
+ /* Y = Y * X */
+ fp_mul(R->y, R->x, R->y);
+ fp_montgomery_reduce(R->y, modulus, mp);
+
+ /* X = T1 * T1 */
+ fp_sqr(&t1, R->x);
+ fp_montgomery_reduce(R->x, modulus, mp);
+ /* X = X - Y */
+ fp_sub(R->x, R->y, R->x);
+ if (fp_cmp_d(R->x, 0) == FP_LT) {
+ fp_add(R->x, modulus, R->x);
+ }
+ /* X = X - Y */
+ fp_sub(R->x, R->y, R->x);
+ if (fp_cmp_d(R->x, 0) == FP_LT) {
+ fp_add(R->x, modulus, R->x);
+ }
+
+ /* Y = Y - X */
+ fp_sub(R->y, R->x, R->y);
+ if (fp_cmp_d(R->y, 0) == FP_LT) {
+ fp_add(R->y, modulus, R->y);
+ }
+ /* Y = Y * T1 */
+ fp_mul(R->y, &t1, R->y);
+ fp_montgomery_reduce(R->y, modulus, mp);
+ /* Y = Y - T2 */
+ fp_sub(R->y, &t2, R->y);
+ if (fp_cmp_d(R->y, 0) == FP_LT) {
+ fp_add(R->y, modulus, R->y);
+ }
+
+ return CRYPT_OK;
+}
+
+/**
+ Add two ECC points
+ @param P The point to add
+ @param Q The point to add
+ @param R [out] The destination of the double
+ @param modulus The modulus of the field the ECC curve is in
+ @param mp The "b" value from montgomery_setup()
+ @return CRYPT_OK on success
+*/
+static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *Mp)
+{
+ fp_int t1, t2, x, y, z;
+ fp_digit mp;
+
+ LTC_ARGCHK(P != NULL);
+ LTC_ARGCHK(Q != NULL);
+ LTC_ARGCHK(R != NULL);
+ LTC_ARGCHK(modulus != NULL);
+ LTC_ARGCHK(Mp != NULL);
+
+ mp = *((fp_digit*)Mp);
+
+ fp_init(&t1);
+ fp_init(&t2);
+ fp_init(&x);
+ fp_init(&y);
+ fp_init(&z);
+
+ /* should we dbl instead? */
+ fp_sub(modulus, Q->y, &t1);
+ if ( (fp_cmp(P->x, Q->x) == FP_EQ) &&
+ (Q->z != NULL && fp_cmp(P->z, Q->z) == FP_EQ) &&
+ (fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) {
+ return tfm_ecc_projective_dbl_point(P, R, modulus, Mp);
+ }
+
+ fp_copy(P->x, &x);
+ fp_copy(P->y, &y);
+ fp_copy(P->z, &z);
+
+ /* if Z is one then these are no-operations */
+ if (Q->z != NULL) {
+ /* T1 = Z' * Z' */
+ fp_sqr(Q->z, &t1);
+ fp_montgomery_reduce(&t1, modulus, mp);
+ /* X = X * T1 */
+ fp_mul(&t1, &x, &x);
+ fp_montgomery_reduce(&x, modulus, mp);
+ /* T1 = Z' * T1 */
+ fp_mul(Q->z, &t1, &t1);
+ fp_montgomery_reduce(&t1, modulus, mp);
+ /* Y = Y * T1 */
+ fp_mul(&t1, &y, &y);
+ fp_montgomery_reduce(&y, modulus, mp);
+ }
+
+ /* T1 = Z*Z */
+ fp_sqr(&z, &t1);
+ fp_montgomery_reduce(&t1, modulus, mp);
+ /* T2 = X' * T1 */
+ fp_mul(Q->x, &t1, &t2);
+ fp_montgomery_reduce(&t2, modulus, mp);
+ /* T1 = Z * T1 */
+ fp_mul(&z, &t1, &t1);
+ fp_montgomery_reduce(&t1, modulus, mp);
+ /* T1 = Y' * T1 */
+ fp_mul(Q->y, &t1, &t1);
+ fp_montgomery_reduce(&t1, modulus, mp);
+
+ /* Y = Y - T1 */
+ fp_sub(&y, &t1, &y);
+ if (fp_cmp_d(&y, 0) == FP_LT) {
+ fp_add(&y, modulus, &y);
+ }
+ /* T1 = 2T1 */
+ fp_add(&t1, &t1, &t1);
+ if (fp_cmp(&t1, modulus) != FP_LT) {
+ fp_sub(&t1, modulus, &t1);
+ }
+ /* T1 = Y + T1 */
+ fp_add(&t1, &y, &t1);
+ if (fp_cmp(&t1, modulus) != FP_LT) {
+ fp_sub(&t1, modulus, &t1);
+ }
+ /* X = X - T2 */
+ fp_sub(&x, &t2, &x);
+ if (fp_cmp_d(&x, 0) == FP_LT) {
+ fp_add(&x, modulus, &x);
+ }
+ /* T2 = 2T2 */
+ fp_add(&t2, &t2, &t2);
+ if (fp_cmp(&t2, modulus) != FP_LT) {
+ fp_sub(&t2, modulus, &t2);
+ }
+ /* T2 = X + T2 */
+ fp_add(&t2, &x, &t2);
+ if (fp_cmp(&t2, modulus) != FP_LT) {
+ fp_sub(&t2, modulus, &t2);
+ }
+
+ /* if Z' != 1 */
+ if (Q->z != NULL) {
+ /* Z = Z * Z' */
+ fp_mul(&z, Q->z, &z);
+ fp_montgomery_reduce(&z, modulus, mp);
+ }
+
+ /* Z = Z * X */
+ fp_mul(&z, &x, &z);
+ fp_montgomery_reduce(&z, modulus, mp);
+
+ /* T1 = T1 * X */
+ fp_mul(&t1, &x, &t1);
+ fp_montgomery_reduce(&t1, modulus, mp);
+ /* X = X * X */
+ fp_sqr(&x, &x);
+ fp_montgomery_reduce(&x, modulus, mp);
+ /* T2 = T2 * x */
+ fp_mul(&t2, &x, &t2);
+ fp_montgomery_reduce(&t2, modulus, mp);
+ /* T1 = T1 * X */
+ fp_mul(&t1, &x, &t1);
+ fp_montgomery_reduce(&t1, modulus, mp);
+
+ /* X = Y*Y */
+ fp_sqr(&y, &x);
+ fp_montgomery_reduce(&x, modulus, mp);
+ /* X = X - T2 */
+ fp_sub(&x, &t2, &x);
+ if (fp_cmp_d(&x, 0) == FP_LT) {
+ fp_add(&x, modulus, &x);
+ }
+
+ /* T2 = T2 - X */
+ fp_sub(&t2, &x, &t2);
+ if (fp_cmp_d(&t2, 0) == FP_LT) {
+ fp_add(&t2, modulus, &t2);
+ }
+ /* T2 = T2 - X */
+ fp_sub(&t2, &x, &t2);
+ if (fp_cmp_d(&t2, 0) == FP_LT) {
+ fp_add(&t2, modulus, &t2);
+ }
+ /* T2 = T2 * Y */
+ fp_mul(&t2, &y, &t2);
+ fp_montgomery_reduce(&t2, modulus, mp);
+ /* Y = T2 - T1 */
+ fp_sub(&t2, &t1, &y);
+ if (fp_cmp_d(&y, 0) == FP_LT) {
+ fp_add(&y, modulus, &y);
+ }
+ /* Y = Y/2 */
+ if (fp_isodd(&y)) {
+ fp_add(&y, modulus, &y);
+ }
+ fp_div_2(&y, &y);
+
+ fp_copy(&x, R->x);
+ fp_copy(&y, R->y);
+ fp_copy(&z, R->z);
+
+ return CRYPT_OK;
+}
+
+
+#endif
+
+const ltc_math_descriptor tfm_desc = {
+
+ "TomsFastMath",
+ (int)DIGIT_BIT,
+
+ &init,
+ &init_copy,
+ &deinit,
+
+ &neg,
+ &copy,
+
+ &set_int,
+ &get_int,
+ &get_digit,
+ &get_digit_count,
+ &compare,
+ &compare_d,
+ &count_bits,
+ &count_lsb_bits,
+ &twoexpt,
+
+ &read_radix,
+ &write_radix,
+ &unsigned_size,
+ &unsigned_write,
+ &unsigned_read,
+
+ &add,
+ &addi,
+ &sub,
+ &subi,
+ &mul,
+ &muli,
+ &sqr,
+ &divide,
+ &div_2,
+ &modi,
+ &gcd,
+ &lcm,
+
+ &mulmod,
+ &sqrmod,
+ &invmod,
+
+ &montgomery_setup,
+ &montgomery_normalization,
+ &montgomery_reduce,
+ &montgomery_deinit,
+
+ &exptmod,
+ &isprime,
+
+#ifdef MECC
+#ifdef MECC_FP
+ &ltc_ecc_fp_mulmod,
+#else
+ &ltc_ecc_mulmod,
+#endif /* MECC_FP */
+#ifdef MECC_ACCEL
+ &tfm_ecc_projective_add_point,
+ &tfm_ecc_projective_dbl_point,
+#else
+ &ltc_ecc_projective_add_point,
+ &ltc_ecc_projective_dbl_point,
+#endif /* MECC_ACCEL */
+ &ltc_ecc_map,
+#ifdef LTC_ECC_SHAMIR
+#ifdef MECC_FP
+ &ltc_ecc_fp_mul2add,
+#else
+ &ltc_ecc_mul2add,
+#endif /* MECC_FP */
+#else
+ NULL,
+#endif /* LTC_ECC_SHAMIR */
+#else
+ NULL, NULL, NULL, NULL, NULL,
+#endif /* MECC */
+
+#ifdef MRSA
+ &rsa_make_key,
+ &rsa_exptmod,
+#else
+ NULL, NULL
+#endif
+
+};
+
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/math/tfm_desc.c,v $ */
+/* $Revision: 1.26 $ */
+/* $Date: 2006/12/03 00:39:56 $ */
diff --git a/src/misc/base64/base64_decode.c b/src/misc/base64/base64_decode.c
index 551add1..6a39baf 100644
--- a/src/misc/base64/base64_decode.c
+++ b/src/misc/base64/base64_decode.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -100,5 +100,5 @@ int base64_decode(const unsigned char *in, unsigned long inlen,
/* $Source: /cvs/libtom/libtomcrypt/src/misc/base64/base64_decode.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/base64/base64_encode.c b/src/misc/base64/base64_encode.c
index 5978643..ac4df35 100644
--- a/src/misc/base64/base64_encode.c
+++ b/src/misc/base64/base64_encode.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -42,6 +42,7 @@ int base64_encode(const unsigned char *in, unsigned long inlen,
/* valid output size ? */
len2 = 4 * ((inlen + 2) / 3);
if (*outlen < len2 + 1) {
+ *outlen = len2 + 1;
return CRYPT_BUFFER_OVERFLOW;
}
p = out;
@@ -76,5 +77,5 @@ int base64_encode(const unsigned char *in, unsigned long inlen,
/* $Source: /cvs/libtom/libtomcrypt/src/misc/base64/base64_encode.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/misc/burn_stack.c b/src/misc/burn_stack.c
index 7ac6518..0beee92 100644
--- a/src/misc/burn_stack.c
+++ b/src/misc/burn_stack.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -30,5 +30,5 @@ void burn_stack(unsigned long len)
/* $Source: /cvs/libtom/libtomcrypt/src/misc/burn_stack.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt.c b/src/misc/crypt/crypt.c
index eb75b8d..8603943 100644
--- a/src/misc/crypt/crypt.c
+++ b/src/misc/crypt/crypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -111,6 +111,12 @@ const char *crypt_build_settings =
" (tweaked)"
#endif
"\n"
+#if defined(KSEED)
+ " KSEED\n"
+#endif
+#if defined(LTC_KASUMI)
+ " KASUMI\n"
+#endif
"\nHashes built-in:\n"
#if defined(SHA512)
@@ -154,35 +160,55 @@ const char *crypt_build_settings =
#endif
"\nBlock Chaining Modes:\n"
-#if defined(CFB)
+#if defined(LTC_CFB_MODE)
" CFB\n"
#endif
-#if defined(OFB)
+#if defined(LTC_OFB_MODE)
" OFB\n"
#endif
-#if defined(ECB)
+#if defined(LTC_ECB_MODE)
" ECB\n"
#endif
-#if defined(CBC)
+#if defined(LTC_CBC_MODE)
" CBC\n"
#endif
-#if defined(CTR)
- " CTR\n"
+#if defined(LTC_CTR_MODE)
+ " CTR "
+#endif
+#if defined(LTC_CTR_OLD)
+ " (CTR_OLD) "
+#endif
+ "\n"
+#if defined(LRW_MODE)
+ " LRW_MODE"
+#if defined(LRW_TABLES)
+ " (LRW_TABLES) "
#endif
+ "\n"
+#endif
+#if defined(LTC_F8_MODE)
+ " F8 MODE\n"
+#endif
"\nMACs:\n"
-#if defined(HMAC)
+#if defined(LTC_HMAC)
" HMAC\n"
#endif
-#if defined(OMAC)
+#if defined(LTC_OMAC)
" OMAC\n"
#endif
-#if defined(PMAC)
+#if defined(LTC_PMAC)
" PMAC\n"
#endif
#if defined(PELICAN)
" PELICAN\n"
#endif
+#if defined(LTC_XCBC)
+ " XCBC-MAC\n"
+#endif
+#if defined(LTC_F9_MODE)
+ " F9-MAC\n"
+#endif
"\nENC + AUTH modes:\n"
#if defined(EAX_MODE)
@@ -202,7 +228,6 @@ const char *crypt_build_settings =
#endif
"\n"
-
"\nPRNG:\n"
#if defined(YARROW)
" Yarrow\n"
@@ -224,24 +249,24 @@ const char *crypt_build_settings =
#if defined(MRSA)
" RSA \n"
#endif
-#if defined(MDH)
- " DH\n"
-#endif
#if defined(MECC)
" ECC\n"
#endif
#if defined(MDSA)
" DSA\n"
#endif
+#if defined(MKAT)
+ " Katja\n"
+#endif
"\nCompiler:\n"
#if defined(WIN32)
" WIN32 platform detected.\n"
#endif
-#if defined(LBL_CYGWIN__)
+#if defined(__CYGWIN__)
" CYGWIN Detected.\n"
#endif
-#if defined(LBL_DJGPP__)
+#if defined(__DJGPP__)
" DJGPP Detected.\n"
#endif
#if defined(_MSC_VER)
@@ -253,9 +278,12 @@ const char *crypt_build_settings =
#if defined(INTEL_CC)
" Intel C Compiler detected.\n"
#endif
-#if defined(LBL_x86_64__)
+#if defined(__x86_64__)
" x86-64 detected.\n"
#endif
+#if defined(LTC_PPC32)
+ " LTC_PPC32 defined \n"
+#endif
"\nVarious others: "
#if defined(BASE64)
@@ -306,6 +334,27 @@ const char *crypt_build_settings =
#if defined(LTC_PTHREAD)
" LTC_PTHREAD "
#endif
+#if defined(LTM_DESC)
+ " LTM_DESC "
+#endif
+#if defined(TFM_DESC)
+ " TFM_DESC "
+#endif
+#if defined(MECC_ACCEL)
+ " MECC_ACCEL "
+#endif
+#if defined(GMP_DESC)
+ " GMP_DESC "
+#endif
+#if defined(LTC_EASY)
+ " (easy) "
+#endif
+#if defined(MECC_FP)
+ " MECC_FP "
+#endif
+#if defined(LTC_ECC_SHAMIR)
+ " LTC_ECC_SHAMIR "
+#endif
"\n"
"\n\n\n"
;
@@ -313,5 +362,5 @@ const char *crypt_build_settings =
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt.c,v $ */
-/* $Revision: 1.11 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.27 $ */
+/* $Date: 2006/12/03 03:50:45 $ */
diff --git a/src/misc/crypt/crypt_argchk.c b/src/misc/crypt/crypt_argchk.c
index 699c6cf..c6675ef 100644
--- a/src/misc/crypt/crypt_argchk.c
+++ b/src/misc/crypt/crypt_argchk.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <signal.h>
@@ -26,5 +26,5 @@ void crypt_argchk(char *v, char *s, int d)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_argchk.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_cipher_descriptor.c b/src/misc/crypt/crypt_cipher_descriptor.c
index 127e85c..880c149 100644
--- a/src/misc/crypt/crypt_cipher_descriptor.c
+++ b/src/misc/crypt/crypt_cipher_descriptor.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,12 +16,12 @@
*/
struct ltc_cipher_descriptor cipher_descriptor[TAB_SIZE] = {
-{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
+{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
};
-LTC_MUTEX_GLOBAL(ltc_cipher_mutex);
+LTC_MUTEX_GLOBAL(ltc_cipher_mutex)
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_cipher_descriptor.c,v $ */
-/* $Revision: 1.8 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/08 23:01:06 $ */
diff --git a/src/misc/crypt/crypt_cipher_is_valid.c b/src/misc/crypt/crypt_cipher_is_valid.c
index 7830303..0f8202b 100644
--- a/src/misc/crypt/crypt_cipher_is_valid.c
+++ b/src/misc/crypt/crypt_cipher_is_valid.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -32,5 +32,5 @@ int cipher_is_valid(int idx)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_cipher_is_valid.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_find_cipher.c b/src/misc/crypt/crypt_find_cipher.c
index e7fba73..27c59eb 100644
--- a/src/misc/crypt/crypt_find_cipher.c
+++ b/src/misc/crypt/crypt_find_cipher.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -26,7 +26,7 @@ int find_cipher(const char *name)
LTC_ARGCHK(name != NULL);
LTC_MUTEX_LOCK(&ltc_cipher_mutex);
for (x = 0; x < TAB_SIZE; x++) {
- if (cipher_descriptor[x].name != NULL && !strcmp(cipher_descriptor[x].name, name)) {
+ if (cipher_descriptor[x].name != NULL && !XSTRCMP(cipher_descriptor[x].name, name)) {
LTC_MUTEX_UNLOCK(&ltc_cipher_mutex);
return x;
}
@@ -37,5 +37,5 @@ int find_cipher(const char *name)
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_find_cipher.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/29 23:43:57 $ */
diff --git a/src/misc/crypt/crypt_find_cipher_any.c b/src/misc/crypt/crypt_find_cipher_any.c
index 6dd0e6d..393eded 100644
--- a/src/misc/crypt/crypt_find_cipher_any.c
+++ b/src/misc/crypt/crypt_find_cipher_any.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -46,5 +46,5 @@ int find_cipher_any(const char *name, int blocklen, int keylen)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_find_cipher_any.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_find_cipher_id.c b/src/misc/crypt/crypt_find_cipher_id.c
index 5f5f874..8de73c6 100644
--- a/src/misc/crypt/crypt_find_cipher_id.c
+++ b/src/misc/crypt/crypt_find_cipher_id.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -36,5 +36,5 @@ int find_cipher_id(unsigned char ID)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_find_cipher_id.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_find_hash.c b/src/misc/crypt/crypt_find_hash.c
index d02a449..cd60413 100644
--- a/src/misc/crypt/crypt_find_hash.c
+++ b/src/misc/crypt/crypt_find_hash.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -26,7 +26,7 @@ int find_hash(const char *name)
LTC_ARGCHK(name != NULL);
LTC_MUTEX_LOCK(&ltc_hash_mutex);
for (x = 0; x < TAB_SIZE; x++) {
- if (hash_descriptor[x].name != NULL && strcmp(hash_descriptor[x].name, name) == 0) {
+ if (hash_descriptor[x].name != NULL && XSTRCMP(hash_descriptor[x].name, name) == 0) {
LTC_MUTEX_UNLOCK(&ltc_hash_mutex);
return x;
}
@@ -36,5 +36,5 @@ int find_hash(const char *name)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_find_hash.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/29 23:43:57 $ */
diff --git a/src/misc/crypt/crypt_find_hash_any.c b/src/misc/crypt/crypt_find_hash_any.c
index 1172f22..b2cfccd 100644
--- a/src/misc/crypt/crypt_find_hash_any.c
+++ b/src/misc/crypt/crypt_find_hash_any.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -45,5 +45,5 @@
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_find_hash_any.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_find_hash_id.c b/src/misc/crypt/crypt_find_hash_id.c
index 8cd0d38..e59ca00 100644
--- a/src/misc/crypt/crypt_find_hash_id.c
+++ b/src/misc/crypt/crypt_find_hash_id.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -36,5 +36,5 @@ int find_hash_id(unsigned char ID)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_find_hash_id.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/06/19 18:03:25 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_find_hash_oid.c b/src/misc/crypt/crypt_find_hash_oid.c
new file mode 100644
index 0000000..d04f80c
--- /dev/null
+++ b/src/misc/crypt/crypt_find_hash_oid.c
@@ -0,0 +1,35 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file crypt_find_hash_oid.c
+ Find a hash, Tom St Denis
+*/
+
+int find_hash_oid(const unsigned long *ID, unsigned long IDlen)
+{
+ int x;
+ LTC_ARGCHK(ID != NULL);
+ LTC_MUTEX_LOCK(&ltc_hash_mutex);
+ for (x = 0; x < TAB_SIZE; x++) {
+ if (hash_descriptor[x].name != NULL && hash_descriptor[x].OIDlen == IDlen && !XMEMCMP(hash_descriptor[x].OID, ID, sizeof(unsigned long) * IDlen)) {
+ LTC_MUTEX_UNLOCK(&ltc_hash_mutex);
+ return x;
+ }
+ }
+ LTC_MUTEX_UNLOCK(&ltc_hash_mutex);
+ return -1;
+}
+
+/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_find_hash_oid.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/misc/crypt/crypt_find_prng.c b/src/misc/crypt/crypt_find_prng.c
index 503813d..4b3bc5a 100644
--- a/src/misc/crypt/crypt_find_prng.c
+++ b/src/misc/crypt/crypt_find_prng.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -26,7 +26,7 @@ int find_prng(const char *name)
LTC_ARGCHK(name != NULL);
LTC_MUTEX_LOCK(&ltc_prng_mutex);
for (x = 0; x < TAB_SIZE; x++) {
- if ((prng_descriptor[x].name != NULL) && strcmp(prng_descriptor[x].name, name) == 0) {
+ if ((prng_descriptor[x].name != NULL) && XSTRCMP(prng_descriptor[x].name, name) == 0) {
LTC_MUTEX_UNLOCK(&ltc_prng_mutex);
return x;
}
@@ -37,5 +37,5 @@ int find_prng(const char *name)
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_find_prng.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/29 23:43:57 $ */
diff --git a/src/misc/crypt/crypt_fsa.c b/src/misc/crypt/crypt_fsa.c
new file mode 100644
index 0000000..a9569b7
--- /dev/null
+++ b/src/misc/crypt/crypt_fsa.c
@@ -0,0 +1,59 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+#include <stdarg.h>
+
+/**
+ @file crypt_fsa.c
+ LibTomCrypt FULL SPEED AHEAD!, Tom St Denis
+*/
+
+/* format is ltc_mp, cipher_desc, [cipher_desc], NULL, hash_desc, [hash_desc], NULL, prng_desc, [prng_desc], NULL */
+int crypt_fsa(void *mp, ...)
+{
+ int err;
+ va_list args;
+ void *p;
+
+ va_start(args, mp);
+ if (mp != NULL) {
+ XMEMCPY(&ltc_mp, mp, sizeof(ltc_mp));
+ }
+
+ while ((p = va_arg(args, void*)) != NULL) {
+ if ((err = register_cipher(p)) != CRYPT_OK) {
+ va_end(args);
+ return err;
+ }
+ }
+
+ while ((p = va_arg(args, void*)) != NULL) {
+ if ((err = register_hash(p)) != CRYPT_OK) {
+ va_end(args);
+ return err;
+ }
+ }
+
+ while ((p = va_arg(args, void*)) != NULL) {
+ if ((err = register_prng(p)) != CRYPT_OK) {
+ va_end(args);
+ return err;
+ }
+ }
+
+ va_end(args);
+ return CRYPT_OK;
+}
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_fsa.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/13 23:14:33 $ */
diff --git a/src/misc/crypt/crypt_hash_descriptor.c b/src/misc/crypt/crypt_hash_descriptor.c
index f8583d8..5fa59f1 100644
--- a/src/misc/crypt/crypt_hash_descriptor.c
+++ b/src/misc/crypt/crypt_hash_descriptor.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,12 +16,12 @@
*/
struct ltc_hash_descriptor hash_descriptor[TAB_SIZE] = {
-{ NULL, 0, 0, 0, { 0 }, 0, NULL, NULL, NULL, NULL }
+{ NULL, 0, 0, 0, { 0 }, 0, NULL, NULL, NULL, NULL, NULL }
};
-LTC_MUTEX_GLOBAL(ltc_hash_mutex);
+LTC_MUTEX_GLOBAL(ltc_hash_mutex)
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_hash_descriptor.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_hash_is_valid.c b/src/misc/crypt/crypt_hash_is_valid.c
index a8130d4..54a91eb 100644
--- a/src/misc/crypt/crypt_hash_is_valid.c
+++ b/src/misc/crypt/crypt_hash_is_valid.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -32,5 +32,5 @@ int hash_is_valid(int idx)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_hash_is_valid.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_ltc_mp_descriptor.c b/src/misc/crypt/crypt_ltc_mp_descriptor.c
new file mode 100644
index 0000000..907862f
--- /dev/null
+++ b/src/misc/crypt/crypt_ltc_mp_descriptor.c
@@ -0,0 +1,13 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+ltc_math_descriptor ltc_mp;
diff --git a/src/misc/crypt/crypt_prng_descriptor.c b/src/misc/crypt/crypt_prng_descriptor.c
index 7335f5d..a2b5f0e 100644
--- a/src/misc/crypt/crypt_prng_descriptor.c
+++ b/src/misc/crypt/crypt_prng_descriptor.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -18,9 +18,9 @@ struct ltc_prng_descriptor prng_descriptor[TAB_SIZE] = {
{ NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
};
-LTC_MUTEX_GLOBAL(ltc_prng_mutex);
+LTC_MUTEX_GLOBAL(ltc_prng_mutex)
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_prng_descriptor.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_prng_is_valid.c b/src/misc/crypt/crypt_prng_is_valid.c
index a7a7ed6..6af0a3c 100644
--- a/src/misc/crypt/crypt_prng_is_valid.c
+++ b/src/misc/crypt/crypt_prng_is_valid.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -32,5 +32,5 @@ int prng_is_valid(int idx)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_prng_is_valid.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_register_cipher.c b/src/misc/crypt/crypt_register_cipher.c
index c55d7c0..8d74cc5 100644
--- a/src/misc/crypt/crypt_register_cipher.c
+++ b/src/misc/crypt/crypt_register_cipher.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -50,5 +50,5 @@ int register_cipher(const struct ltc_cipher_descriptor *cipher)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_register_cipher.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/crypt/crypt_register_hash.c b/src/misc/crypt/crypt_register_hash.c
index 0ff521f..45d0e85 100644
--- a/src/misc/crypt/crypt_register_hash.c
+++ b/src/misc/crypt/crypt_register_hash.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -29,7 +29,7 @@ int register_hash(const struct ltc_hash_descriptor *hash)
/* is it already registered? */
LTC_MUTEX_LOCK(&ltc_hash_mutex);
for (x = 0; x < TAB_SIZE; x++) {
- if (memcmp(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)) == 0) {
+ if (XMEMCMP(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)) == 0) {
LTC_MUTEX_UNLOCK(&ltc_hash_mutex);
return x;
}
@@ -50,5 +50,5 @@ int register_hash(const struct ltc_hash_descriptor *hash)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_register_hash.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/misc/crypt/crypt_register_prng.c b/src/misc/crypt/crypt_register_prng.c
index 5ab4a49..a834c47 100644
--- a/src/misc/crypt/crypt_register_prng.c
+++ b/src/misc/crypt/crypt_register_prng.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -29,7 +29,7 @@ int register_prng(const struct ltc_prng_descriptor *prng)
/* is it already registered? */
LTC_MUTEX_LOCK(&ltc_prng_mutex);
for (x = 0; x < TAB_SIZE; x++) {
- if (memcmp(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)) == 0) {
+ if (XMEMCMP(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)) == 0) {
LTC_MUTEX_UNLOCK(&ltc_prng_mutex);
return x;
}
@@ -50,5 +50,5 @@ int register_prng(const struct ltc_prng_descriptor *prng)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_register_prng.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/misc/crypt/crypt_unregister_cipher.c b/src/misc/crypt/crypt_unregister_cipher.c
index 4081ca8..3cb46c4 100644
--- a/src/misc/crypt/crypt_unregister_cipher.c
+++ b/src/misc/crypt/crypt_unregister_cipher.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -29,7 +29,7 @@ int unregister_cipher(const struct ltc_cipher_descriptor *cipher)
/* is it already registered? */
LTC_MUTEX_LOCK(&ltc_cipher_mutex);
for (x = 0; x < TAB_SIZE; x++) {
- if (memcmp(&cipher_descriptor[x], cipher, sizeof(struct ltc_cipher_descriptor)) == 0) {
+ if (XMEMCMP(&cipher_descriptor[x], cipher, sizeof(struct ltc_cipher_descriptor)) == 0) {
cipher_descriptor[x].name = NULL;
cipher_descriptor[x].ID = 255;
LTC_MUTEX_UNLOCK(&ltc_cipher_mutex);
@@ -41,5 +41,5 @@ int unregister_cipher(const struct ltc_cipher_descriptor *cipher)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_unregister_cipher.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/misc/crypt/crypt_unregister_hash.c b/src/misc/crypt/crypt_unregister_hash.c
index fdd25b2..a87a399 100644
--- a/src/misc/crypt/crypt_unregister_hash.c
+++ b/src/misc/crypt/crypt_unregister_hash.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -29,7 +29,7 @@ int unregister_hash(const struct ltc_hash_descriptor *hash)
/* is it already registered? */
LTC_MUTEX_LOCK(&ltc_hash_mutex);
for (x = 0; x < TAB_SIZE; x++) {
- if (memcmp(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)) == 0) {
+ if (XMEMCMP(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)) == 0) {
hash_descriptor[x].name = NULL;
LTC_MUTEX_UNLOCK(&ltc_hash_mutex);
return CRYPT_OK;
@@ -40,5 +40,5 @@ int unregister_hash(const struct ltc_hash_descriptor *hash)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_unregister_hash.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/misc/crypt/crypt_unregister_prng.c b/src/misc/crypt/crypt_unregister_prng.c
index 4aff6de..694cbcf 100644
--- a/src/misc/crypt/crypt_unregister_prng.c
+++ b/src/misc/crypt/crypt_unregister_prng.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -29,7 +29,7 @@ int unregister_prng(const struct ltc_prng_descriptor *prng)
/* is it already registered? */
LTC_MUTEX_LOCK(&ltc_prng_mutex);
for (x = 0; x < TAB_SIZE; x++) {
- if (memcmp(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)) != 0) {
+ if (XMEMCMP(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)) != 0) {
prng_descriptor[x].name = NULL;
LTC_MUTEX_UNLOCK(&ltc_prng_mutex);
return CRYPT_OK;
@@ -40,5 +40,5 @@ int unregister_prng(const struct ltc_prng_descriptor *prng)
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/crypt/crypt_unregister_prng.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 18:00:28 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/misc/error_to_string.c b/src/misc/error_to_string.c
index 6167a70..1da2597 100644
--- a/src/misc/error_to_string.c
+++ b/src/misc/error_to_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -70,5 +70,5 @@ const char *error_to_string(int err)
/* $Source: /cvs/libtom/libtomcrypt/src/misc/error_to_string.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/mpi/is_prime.c b/src/misc/mpi/is_prime.c
deleted file mode 100644
index 9ee4ed2..0000000
--- a/src/misc/mpi/is_prime.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-#include "tomcrypt.h"
-
-/**
- @file is_prime.c
- Determines if integer is prime for LTC, Tom St Denis
-*/
-
-#ifdef MPI
-
-/* figures out if a number is prime (MR test) */
-int is_prime(mp_int *N, int *result)
-{
- int err;
- LTC_ARGCHK(N != NULL);
- LTC_ARGCHK(result != NULL);
- if ((err = mp_prime_is_prime(N, mp_prime_rabin_miller_trials(mp_count_bits(N)), result)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
- return CRYPT_OK;
-}
-
-#endif
-
-/* $Source: /cvs/libtom/libtomcrypt/src/misc/mpi/is_prime.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/src/misc/mpi/mpi_to_ltc_error.c b/src/misc/mpi/mpi_to_ltc_error.c
deleted file mode 100644
index bc39ea1..0000000
--- a/src/misc/mpi/mpi_to_ltc_error.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-#include "tomcrypt.h"
-
-/**
- @file mpi_to_ltc_error.c
- Convert MPI errors to LTC, Tom St Denis
-*/
-
-#ifdef MPI
-static const struct {
- int mpi_code, ltc_code;
-} mpi_to_ltc_codes[] = {
- { MP_OKAY , CRYPT_OK},
- { MP_MEM , CRYPT_MEM},
- { MP_VAL , CRYPT_INVALID_ARG},
-};
-
-/**
- Convert a MPI error to a LTC error (Possibly the most powerful function ever! Oh wait... no)
- @param err The error to convert
- @return The equivalent LTC error code or CRYPT_ERROR if none found
-*/
-int mpi_to_ltc_error(int err)
-{
- int x;
-
- for (x = 0; x < (int)(sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0])); x++) {
- if (err == mpi_to_ltc_codes[x].mpi_code) {
- return mpi_to_ltc_codes[x].ltc_code;
- }
- }
- return CRYPT_ERROR;
-}
-#endif
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/misc/mpi/mpi_to_ltc_error.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/src/misc/mpi/rand_prime.c b/src/misc/mpi/rand_prime.c
deleted file mode 100644
index 9c5921a..0000000
--- a/src/misc/mpi/rand_prime.c
+++ /dev/null
@@ -1,70 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-#include "tomcrypt.h"
-
-/**
- @file rand_prime.c
- Generate a random prime, Tom St Denis
-*/
-#ifdef MPI
-
-struct rng_data {
- prng_state *prng;
- int wprng;
-};
-
-static int rand_prime_helper(unsigned char *dst, int len, void *dat)
-{
- return (int)prng_descriptor[((struct rng_data *)dat)->wprng].read(dst, len, ((struct rng_data *)dat)->prng);
-}
-
-int rand_prime(mp_int *N, long len, prng_state *prng, int wprng)
-{
- struct rng_data rng;
- int type, err;
-
- LTC_ARGCHK(N != NULL);
-
- /* allow sizes between 2 and 256 bytes for a prime size */
- if (len < 16 || len > 4096) {
- return CRYPT_INVALID_PRIME_SIZE;
- }
-
- /* valid PRNG? Better be! */
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- /* setup our callback data, then world domination! */
- rng.prng = prng;
- rng.wprng = wprng;
-
- /* get type */
- if (len < 0) {
- type = LTM_PRIME_BBS;
- len = -len;
- } else {
- type = 0;
- }
- type |= LTM_PRIME_2MSB_ON;
-
- /* New prime generation makes the code even more cryptoish-insane. Do you know what this means!!!
- -- Gir: Yeah, oh wait, er, no.
- */
- return mpi_to_ltc_error(mp_prime_random_ex(N, mp_prime_rabin_miller_trials(len), len, type, rand_prime_helper, &rng));
-}
-
-#endif
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/misc/mpi/rand_prime.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/src/misc/pkcs5/pkcs_5_1.c b/src/misc/pkcs5/pkcs_5_1.c
index 90411b7..e6f7b0c 100644
--- a/src/misc/pkcs5/pkcs_5_1.c
+++ b/src/misc/pkcs5/pkcs_5_1.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include <tomcrypt.h>
@@ -102,5 +102,5 @@ LBL_ERR:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/misc/pkcs5/pkcs_5_1.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/pkcs5/pkcs_5_2.c b/src/misc/pkcs5/pkcs_5_2.c
index 08d8a18..6e8d161 100644
--- a/src/misc/pkcs5/pkcs_5_2.c
+++ b/src/misc/pkcs5/pkcs_5_2.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include <tomcrypt.h>
@@ -125,5 +125,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/misc/pkcs5/pkcs_5_2.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/misc/zeromem.c b/src/misc/zeromem.c
index 1ab07dc..42dc3c2 100644
--- a/src/misc/zeromem.c
+++ b/src/misc/zeromem.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -23,12 +23,12 @@
void zeromem(void *out, size_t outlen)
{
unsigned char *mem = out;
- LTC_ARGCHK(out != NULL);
+ LTC_ARGCHKVD(out != NULL);
while (outlen-- > 0) {
*mem++ = 0;
}
}
/* $Source: /cvs/libtom/libtomcrypt/src/misc/zeromem.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/09 01:38:13 $ */
diff --git a/src/modes/cbc/cbc_decrypt.c b/src/modes/cbc/cbc_decrypt.c
index fc3fdd5..d768d88 100644
--- a/src/modes/cbc/cbc_decrypt.c
+++ b/src/modes/cbc/cbc_decrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef CBC
+#ifdef LTC_CBC_MODE
/**
CBC decrypt
@@ -45,7 +45,7 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
}
/* is blocklen valid? */
- if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
+ if (cbc->blocklen < 1 || cbc->blocklen > (int)sizeof(cbc->IV)) {
return CRYPT_INVALID_ARG;
}
@@ -53,32 +53,34 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
return CRYPT_INVALID_ARG;
}
#ifdef LTC_FAST
- if (len % sizeof(LTC_FAST_TYPE)) {
+ if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) {
return CRYPT_INVALID_ARG;
}
#endif
if (cipher_descriptor[cbc->cipher].accel_cbc_decrypt != NULL) {
- cipher_descriptor[cbc->cipher].accel_cbc_decrypt(ct, pt, len / cbc->blocklen, cbc->IV, &cbc->key);
+ return cipher_descriptor[cbc->cipher].accel_cbc_decrypt(ct, pt, len / cbc->blocklen, cbc->IV, &cbc->key);
} else {
while (len) {
/* decrypt */
- cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key);
+ if ((err = cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key)) != CRYPT_OK) {
+ return err;
+ }
/* xor IV against plaintext */
#if defined(LTC_FAST)
- for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) {
- tmpy = *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) ^ *((LTC_FAST_TYPE*)((unsigned char *)tmp + x));
- *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) = *((LTC_FAST_TYPE*)((unsigned char *)ct + x));
- *((LTC_FAST_TYPE*)((unsigned char *)pt + x)) = tmpy;
- }
- #else
+ for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) {
+ tmpy = *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) ^ *((LTC_FAST_TYPE*)((unsigned char *)tmp + x));
+ *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) = *((LTC_FAST_TYPE*)((unsigned char *)ct + x));
+ *((LTC_FAST_TYPE*)((unsigned char *)pt + x)) = tmpy;
+ }
+ #else
for (x = 0; x < cbc->blocklen; x++) {
tmpy = tmp[x] ^ cbc->IV[x];
cbc->IV[x] = ct[x];
pt[x] = tmpy;
}
- #endif
+ #endif
ct += cbc->blocklen;
pt += cbc->blocklen;
@@ -91,5 +93,5 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cbc/cbc_decrypt.c,v $ */
-/* $Revision: 1.9 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.15 $ */
+/* $Date: 2006/11/21 00:18:23 $ */
diff --git a/src/modes/cbc/cbc_done.c b/src/modes/cbc/cbc_done.c
index afaa9bb..99b035e 100644
--- a/src/modes/cbc/cbc_done.c
+++ b/src/modes/cbc/cbc_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CBC implementation, finish chain, Tom St Denis
*/
-#ifdef CBC
+#ifdef LTC_CBC_MODE
/** Terminate the chain
@param cbc The CBC chain to terminate
@@ -38,5 +38,5 @@ int cbc_done(symmetric_CBC *cbc)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cbc/cbc_done.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:46:46 $ */
diff --git a/src/modes/cbc/cbc_encrypt.c b/src/modes/cbc/cbc_encrypt.c
index a6b41b1..bbfd1c4 100644
--- a/src/modes/cbc/cbc_encrypt.c
+++ b/src/modes/cbc/cbc_encrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef CBC
+#ifdef LTC_CBC_MODE
/**
CBC encrypt
@@ -39,7 +39,7 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
}
/* is blocklen valid? */
- if (cbc->blocklen < 0 || cbc->blocklen > (int)sizeof(cbc->IV)) {
+ if (cbc->blocklen < 1 || cbc->blocklen > (int)sizeof(cbc->IV)) {
return CRYPT_INVALID_ARG;
}
@@ -47,39 +47,41 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
return CRYPT_INVALID_ARG;
}
#ifdef LTC_FAST
- if (len % sizeof(LTC_FAST_TYPE)) {
+ if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) {
return CRYPT_INVALID_ARG;
}
#endif
if (cipher_descriptor[cbc->cipher].accel_cbc_encrypt != NULL) {
- cipher_descriptor[cbc->cipher].accel_cbc_encrypt(pt, ct, len / cbc->blocklen, cbc->IV, &cbc->key);
+ return cipher_descriptor[cbc->cipher].accel_cbc_encrypt(pt, ct, len / cbc->blocklen, cbc->IV, &cbc->key);
} else {
while (len) {
/* xor IV against plaintext */
#if defined(LTC_FAST)
- for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) {
- *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) ^= *((LTC_FAST_TYPE*)((unsigned char *)pt + x));
- }
- #else
+ for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) ^= *((LTC_FAST_TYPE*)((unsigned char *)pt + x));
+ }
+ #else
for (x = 0; x < cbc->blocklen; x++) {
cbc->IV[x] ^= pt[x];
}
- #endif
+ #endif
/* encrypt */
- cipher_descriptor[cbc->cipher].ecb_encrypt(cbc->IV, ct, &cbc->key);
+ if ((err = cipher_descriptor[cbc->cipher].ecb_encrypt(cbc->IV, ct, &cbc->key)) != CRYPT_OK) {
+ return err;
+ }
/* store IV [ciphertext] for a future block */
#if defined(LTC_FAST)
- for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) {
- *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) = *((LTC_FAST_TYPE*)((unsigned char *)ct + x));
- }
- #else
+ for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) = *((LTC_FAST_TYPE*)((unsigned char *)ct + x));
+ }
+ #else
for (x = 0; x < cbc->blocklen; x++) {
cbc->IV[x] = ct[x];
}
- #endif
+ #endif
ct += cbc->blocklen;
pt += cbc->blocklen;
@@ -92,5 +94,5 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cbc/cbc_encrypt.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.13 $ */
+/* $Date: 2006/11/21 00:18:23 $ */
diff --git a/src/modes/cbc/cbc_getiv.c b/src/modes/cbc/cbc_getiv.c
index ab418b1..c54d558 100644
--- a/src/modes/cbc/cbc_getiv.c
+++ b/src/modes/cbc/cbc_getiv.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CBC implementation, get IV, Tom St Denis
*/
-#ifdef CBC
+#ifdef LTC_CBC_MODE
/**
Get the current initial vector
@@ -30,6 +30,7 @@ int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc)
LTC_ARGCHK(len != NULL);
LTC_ARGCHK(cbc != NULL);
if ((unsigned long)cbc->blocklen > *len) {
+ *len = cbc->blocklen;
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(IV, cbc->IV, cbc->blocklen);
@@ -41,5 +42,5 @@ int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cbc/cbc_getiv.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:46:46 $ */
diff --git a/src/modes/cbc/cbc_setiv.c b/src/modes/cbc/cbc_setiv.c
index c38e713..6fb70ca 100644
--- a/src/modes/cbc/cbc_setiv.c
+++ b/src/modes/cbc/cbc_setiv.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef CBC
+#ifdef LTC_CBC_MODE
/**
Set an initial vector
@@ -40,5 +40,5 @@ int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc)
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cbc/cbc_setiv.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/29 01:46:46 $ */
diff --git a/src/modes/cbc/cbc_start.c b/src/modes/cbc/cbc_start.c
index 833bb87..86ec7b9 100644
--- a/src/modes/cbc/cbc_start.c
+++ b/src/modes/cbc/cbc_start.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CBC implementation, start chain, Tom St Denis
*/
-#ifdef CBC
+#ifdef LTC_CBC_MODE
/**
Initialize a CBC context
@@ -58,5 +58,5 @@ int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cbc/cbc_start.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/29 01:46:46 $ */
diff --git a/src/modes/cfb/cfb_decrypt.c b/src/modes/cfb/cfb_decrypt.c
index 3d51ba5..76a4de1 100644
--- a/src/modes/cfb/cfb_decrypt.c
+++ b/src/modes/cfb/cfb_decrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CFB implementation, decrypt data, Tom St Denis
*/
-#ifdef CFB
+#ifdef LTC_CFB_MODE
/**
CFB decrypt
@@ -45,14 +45,16 @@ int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
while (len-- > 0) {
if (cfb->padlen == cfb->blocklen) {
- cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);
+ if ((err = cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key)) != CRYPT_OK) {
+ return err;
+ }
cfb->padlen = 0;
}
cfb->pad[cfb->padlen] = *ct;
*pt = *ct ^ cfb->IV[cfb->padlen];
++pt;
++ct;
- ++cfb->padlen;
+ ++(cfb->padlen);
}
return CRYPT_OK;
}
@@ -61,5 +63,5 @@ int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cfb/cfb_decrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/26 01:45:14 $ */
diff --git a/src/modes/cfb/cfb_done.c b/src/modes/cfb/cfb_done.c
index 8924761..4ee9d50 100644
--- a/src/modes/cfb/cfb_done.c
+++ b/src/modes/cfb/cfb_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CFB implementation, finish chain, Tom St Denis
*/
-#ifdef CFB
+#ifdef LTC_CFB_MODE
/** Terminate the chain
@param cfb The CFB chain to terminate
@@ -38,5 +38,5 @@ int cfb_done(symmetric_CFB *cfb)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cfb/cfb_done.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/cfb/cfb_encrypt.c b/src/modes/cfb/cfb_encrypt.c
index cca0116..b619682 100644
--- a/src/modes/cfb/cfb_encrypt.c
+++ b/src/modes/cfb/cfb_encrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CFB implementation, encrypt data, Tom St Denis
*/
-#ifdef CFB
+#ifdef LTC_CFB_MODE
/**
CFB encrypt
@@ -45,13 +45,15 @@ int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
while (len-- > 0) {
if (cfb->padlen == cfb->blocklen) {
- cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key);
+ if ((err = cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key)) != CRYPT_OK) {
+ return err;
+ }
cfb->padlen = 0;
}
cfb->pad[cfb->padlen] = (*ct = *pt ^ cfb->IV[cfb->padlen]);
++pt;
++ct;
- ++cfb->padlen;
+ ++(cfb->padlen);
}
return CRYPT_OK;
}
@@ -59,5 +61,5 @@ int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cfb/cfb_encrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/26 01:45:14 $ */
diff --git a/src/modes/cfb/cfb_getiv.c b/src/modes/cfb/cfb_getiv.c
index 5c5b4c4..1689a75 100644
--- a/src/modes/cfb/cfb_getiv.c
+++ b/src/modes/cfb/cfb_getiv.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CFB implementation, get IV, Tom St Denis
*/
-#ifdef CFB
+#ifdef LTC_CFB_MODE
/**
Get the current initial vector
@@ -30,6 +30,7 @@ int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb)
LTC_ARGCHK(len != NULL);
LTC_ARGCHK(cfb != NULL);
if ((unsigned long)cfb->blocklen > *len) {
+ *len = cfb->blocklen;
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(IV, cfb->IV, cfb->blocklen);
@@ -41,5 +42,5 @@ int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cfb/cfb_getiv.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/cfb/cfb_setiv.c b/src/modes/cfb/cfb_setiv.c
index d075a0d..efb848b 100644
--- a/src/modes/cfb/cfb_setiv.c
+++ b/src/modes/cfb/cfb_setiv.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -14,7 +14,8 @@
@file cfb_setiv.c
CFB implementation, set IV, Tom St Denis
*/
-#ifdef CFB
+
+#ifdef LTC_CFB_MODE
/**
Set an initial vector
@@ -40,14 +41,12 @@ int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb)
/* force next block */
cfb->padlen = 0;
- cipher_descriptor[cfb->cipher].ecb_encrypt(IV, cfb->IV, &cfb->key);
-
- return CRYPT_OK;
+ return cipher_descriptor[cfb->cipher].ecb_encrypt(IV, cfb->IV, &cfb->key);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cfb/cfb_setiv.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/cfb/cfb_start.c b/src/modes/cfb/cfb_start.c
index 755e173..e70d635 100644
--- a/src/modes/cfb/cfb_start.c
+++ b/src/modes/cfb/cfb_start.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef CFB
+#ifdef LTC_CFB_MODE
/**
Initialize a CFB context
@@ -54,14 +54,12 @@ int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key,
}
/* encrypt the IV */
- cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->IV, cfb->IV, &cfb->key);
cfb->padlen = 0;
-
- return CRYPT_OK;
+ return cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->IV, cfb->IV, &cfb->key);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/cfb/cfb_start.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/ctr/ctr_decrypt.c b/src/modes/ctr/ctr_decrypt.c
index e1d1d51..f32821f 100644
--- a/src/modes/ctr/ctr_decrypt.c
+++ b/src/modes/ctr/ctr_decrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CTR implementation, decrypt data, Tom St Denis
*/
-#ifdef CTR
+#ifdef LTC_CTR_MODE
/**
CTR decrypt
@@ -38,5 +38,5 @@ int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ctr/ctr_decrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/29 01:46:46 $ */
diff --git a/src/modes/ctr/ctr_done.c b/src/modes/ctr/ctr_done.c
index f2e79ba..074c8b6 100644
--- a/src/modes/ctr/ctr_done.c
+++ b/src/modes/ctr/ctr_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CTR implementation, finish chain, Tom St Denis
*/
-#ifdef CTR
+#ifdef LTC_CTR_MODE
/** Terminate the chain
@param ctr The CTR chain to terminate
@@ -38,5 +38,5 @@ int ctr_done(symmetric_CTR *ctr)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ctr/ctr_done.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:46:46 $ */
diff --git a/src/modes/ctr/ctr_encrypt.c b/src/modes/ctr/ctr_encrypt.c
index 79795ae..84dd65b 100644
--- a/src/modes/ctr/ctr_encrypt.c
+++ b/src/modes/ctr/ctr_encrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef CTR
+#ifdef LTC_CTR_MODE
/**
CTR encrypt
@@ -39,7 +39,7 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
}
/* is blocklen/padlen valid? */
- if (ctr->blocklen < 0 || ctr->blocklen > (int)sizeof(ctr->ctr) ||
+ if (ctr->blocklen < 1 || ctr->blocklen > (int)sizeof(ctr->ctr) ||
ctr->padlen < 0 || ctr->padlen > (int)sizeof(ctr->pad)) {
return CRYPT_INVALID_ARG;
}
@@ -52,7 +52,9 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
/* handle acceleration only if pad is empty, accelerator is present and length is >= a block size */
if ((ctr->padlen == ctr->blocklen) && cipher_descriptor[ctr->cipher].accel_ctr_encrypt != NULL && (len >= (unsigned long)ctr->blocklen)) {
- cipher_descriptor[ctr->cipher].accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key);
+ if ((err = cipher_descriptor[ctr->cipher].accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key)) != CRYPT_OK) {
+ return err;
+ }
len %= ctr->blocklen;
}
@@ -79,7 +81,9 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
}
/* encrypt it */
- cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key);
+ if ((err = cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key)) != CRYPT_OK) {
+ return err;
+ }
ctr->padlen = 0;
}
#ifdef LTC_FAST
@@ -88,15 +92,15 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
*((LTC_FAST_TYPE*)((unsigned char *)ct + x)) = *((LTC_FAST_TYPE*)((unsigned char *)pt + x)) ^
*((LTC_FAST_TYPE*)((unsigned char *)ctr->pad + x));
}
- pt += ctr->blocklen;
- ct += ctr->blocklen;
- len -= ctr->blocklen;
- ctr->padlen = ctr->blocklen;
- continue;
- }
-#endif
- *ct++ = *pt++ ^ ctr->pad[ctr->padlen++];
- --len;
+ pt += ctr->blocklen;
+ ct += ctr->blocklen;
+ len -= ctr->blocklen;
+ ctr->padlen = ctr->blocklen;
+ continue;
+ }
+#endif
+ *ct++ = *pt++ ^ ctr->pad[ctr->padlen++];
+ --len;
}
return CRYPT_OK;
}
@@ -104,5 +108,5 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ctr/ctr_encrypt.c,v $ */
-/* $Revision: 1.13 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.20 $ */
+/* $Date: 2006/11/21 00:18:23 $ */
diff --git a/src/modes/ctr/ctr_getiv.c b/src/modes/ctr/ctr_getiv.c
index 50ce6a0..2fbf888 100644
--- a/src/modes/ctr/ctr_getiv.c
+++ b/src/modes/ctr/ctr_getiv.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CTR implementation, get IV, Tom St Denis
*/
-#ifdef CTR
+#ifdef LTC_CTR_MODE
/**
Get the current initial vector
@@ -30,6 +30,7 @@ int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr)
LTC_ARGCHK(len != NULL);
LTC_ARGCHK(ctr != NULL);
if ((unsigned long)ctr->blocklen > *len) {
+ *len = ctr->blocklen;
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(IV, ctr->ctr, ctr->blocklen);
@@ -41,5 +42,5 @@ int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ctr/ctr_getiv.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:46:46 $ */
diff --git a/src/modes/ctr/ctr_setiv.c b/src/modes/ctr/ctr_setiv.c
index 64d4c43..8e8649f 100644
--- a/src/modes/ctr/ctr_setiv.c
+++ b/src/modes/ctr/ctr_setiv.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
CTR implementation, set IV, Tom St Denis
*/
-#ifdef CTR
+#ifdef LTC_CTR_MODE
/**
Set an initial vector
@@ -45,14 +45,12 @@ int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr)
/* force next block */
ctr->padlen = 0;
- cipher_descriptor[ctr->cipher].ecb_encrypt(IV, ctr->pad, &ctr->key);
-
- return CRYPT_OK;
+ return cipher_descriptor[ctr->cipher].ecb_encrypt(IV, ctr->pad, &ctr->key);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ctr/ctr_setiv.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:46:46 $ */
diff --git a/src/modes/ctr/ctr_start.c b/src/modes/ctr/ctr_start.c
index 7c7eebb..895c8a4 100644
--- a/src/modes/ctr/ctr_start.c
+++ b/src/modes/ctr/ctr_start.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef CTR
+#ifdef LTC_CTR_MODE
/**
Initialize a CTR context
@@ -55,16 +55,37 @@ int ctr_start( int cipher,
ctr->blocklen = cipher_descriptor[cipher].block_length;
ctr->cipher = cipher;
ctr->padlen = 0;
- ctr->mode = ctr_mode;
+ ctr->mode = ctr_mode & 1;
for (x = 0; x < ctr->blocklen; x++) {
ctr->ctr[x] = IV[x];
}
- cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key);
- return CRYPT_OK;
+
+ if (ctr_mode & LTC_CTR_RFC3686) {
+ /* increment the IV as per RFC 3686 */
+ if (ctr->mode == CTR_COUNTER_LITTLE_ENDIAN) {
+ /* little-endian */
+ for (x = 0; x < ctr->blocklen; x++) {
+ ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255;
+ if (ctr->ctr[x] != (unsigned char)0) {
+ break;
+ }
+ }
+ } else {
+ /* big-endian */
+ for (x = ctr->blocklen-1; x >= 0; x--) {
+ ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255;
+ if (ctr->ctr[x] != (unsigned char)0) {
+ break;
+ }
+ }
+ }
+ }
+
+ return cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ctr/ctr_start.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/11/05 01:46:35 $ */
diff --git a/src/modes/ctr/ctr_test.c b/src/modes/ctr/ctr_test.c
new file mode 100644
index 0000000..ad20778
--- /dev/null
+++ b/src/modes/ctr/ctr_test.c
@@ -0,0 +1,85 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ctr_test.c
+ CTR implementation, Tests again RFC 3686, Tom St Denis
+*/
+
+#ifdef LTC_CTR_MODE
+
+int ctr_test(void)
+{
+#ifdef LTC_NO_TEST
+ return CRYPT_NOP;
+#else
+ static const struct {
+ int keylen, msglen;
+ unsigned char key[32], IV[16], pt[64], ct[64];
+ } tests[] = {
+/* 128-bit key, 16-byte pt */
+{
+ 16, 16,
+ {0xAE,0x68,0x52,0xF8,0x12,0x10,0x67,0xCC,0x4B,0xF7,0xA5,0x76,0x55,0x77,0xF3,0x9E },
+ {0x00,0x00,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 },
+ {0x53,0x69,0x6E,0x67,0x6C,0x65,0x20,0x62,0x6C,0x6F,0x63,0x6B,0x20,0x6D,0x73,0x67 },
+ {0xE4,0x09,0x5D,0x4F,0xB7,0xA7,0xB3,0x79,0x2D,0x61,0x75,0xA3,0x26,0x13,0x11,0xB8 },
+},
+
+/* 128-bit key, 36-byte pt */
+{
+ 16, 36,
+ {0x76,0x91,0xBE,0x03,0x5E,0x50,0x20,0xA8,0xAC,0x6E,0x61,0x85,0x29,0xF9,0xA0,0xDC },
+ {0x00,0xE0,0x01,0x7B,0x27,0x77,0x7F,0x3F,0x4A,0x17,0x86,0xF0,0x00,0x00,0x00,0x00 },
+ {0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
+ 0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,
+ 0x20,0x21,0x22,0x23},
+ {0xC1,0xCF,0x48,0xA8,0x9F,0x2F,0xFD,0xD9,0xCF,0x46,0x52,0xE9,0xEF,0xDB,0x72,0xD7,
+ 0x45,0x40,0xA4,0x2B,0xDE,0x6D,0x78,0x36,0xD5,0x9A,0x5C,0xEA,0xAE,0xF3,0x10,0x53,
+ 0x25,0xB2,0x07,0x2F },
+},
+};
+ int idx, err, x;
+ unsigned char buf[64];
+ symmetric_CTR ctr;
+
+ /* AES can be under rijndael or aes... try to find it */
+ if ((idx = find_cipher("aes")) == -1) {
+ if ((idx = find_cipher("rijndael")) == -1) {
+ return CRYPT_NOP;
+ }
+ }
+
+ for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+ if ((err = ctr_start(idx, tests[x].IV, tests[x].key, tests[x].keylen, 0, CTR_COUNTER_BIG_ENDIAN|LTC_CTR_RFC3686, &ctr)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = ctr_encrypt(tests[x].pt, buf, tests[x].msglen, &ctr)) != CRYPT_OK) {
+ return err;
+ }
+ ctr_done(&ctr);
+ if (XMEMCMP(buf, tests[x].ct, tests[x].msglen)) {
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+ }
+ return CRYPT_OK;
+#endif
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/ctr/ctr_test.c,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/11/05 02:06:49 $ */
+
+
+
diff --git a/src/modes/ecb/ecb_decrypt.c b/src/modes/ecb/ecb_decrypt.c
index aa83661..c16fce0 100644
--- a/src/modes/ecb/ecb_decrypt.c
+++ b/src/modes/ecb/ecb_decrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
ECB implementation, decrypt a block, Tom St Denis
*/
-#ifdef ECB
+#ifdef LTC_ECB_MODE
/**
ECB decrypt
@@ -40,10 +40,12 @@ int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
/* check for accel */
if (cipher_descriptor[ecb->cipher].accel_ecb_decrypt != NULL) {
- cipher_descriptor[ecb->cipher].accel_ecb_decrypt(ct, pt, len / cipher_descriptor[ecb->cipher].block_length, &ecb->key);
+ return cipher_descriptor[ecb->cipher].accel_ecb_decrypt(ct, pt, len / cipher_descriptor[ecb->cipher].block_length, &ecb->key);
} else {
while (len) {
- cipher_descriptor[ecb->cipher].ecb_decrypt(ct, pt, &ecb->key);
+ if ((err = cipher_descriptor[ecb->cipher].ecb_decrypt(ct, pt, &ecb->key)) != CRYPT_OK) {
+ return err;
+ }
pt += cipher_descriptor[ecb->cipher].block_length;
ct += cipher_descriptor[ecb->cipher].block_length;
len -= cipher_descriptor[ecb->cipher].block_length;
@@ -55,5 +57,5 @@ int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ecb/ecb_decrypt.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/ecb/ecb_done.c b/src/modes/ecb/ecb_done.c
index a072615..2af3a83 100644
--- a/src/modes/ecb/ecb_done.c
+++ b/src/modes/ecb/ecb_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
ECB implementation, finish chain, Tom St Denis
*/
-#ifdef ECB
+#ifdef LTC_ECB_MODE
/** Terminate the chain
@param ecb The ECB chain to terminate
@@ -38,5 +38,5 @@ int ecb_done(symmetric_ECB *ecb)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ecb/ecb_done.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/ecb/ecb_encrypt.c b/src/modes/ecb/ecb_encrypt.c
index 21e0385..f6910c6 100644
--- a/src/modes/ecb/ecb_encrypt.c
+++ b/src/modes/ecb/ecb_encrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
ECB implementation, encrypt a block, Tom St Denis
*/
-#ifdef ECB
+#ifdef LTC_ECB_MODE
/**
ECB encrypt
@@ -40,10 +40,12 @@ int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
/* check for accel */
if (cipher_descriptor[ecb->cipher].accel_ecb_encrypt != NULL) {
- cipher_descriptor[ecb->cipher].accel_ecb_encrypt(pt, ct, len / cipher_descriptor[ecb->cipher].block_length, &ecb->key);
+ return cipher_descriptor[ecb->cipher].accel_ecb_encrypt(pt, ct, len / cipher_descriptor[ecb->cipher].block_length, &ecb->key);
} else {
while (len) {
- cipher_descriptor[ecb->cipher].ecb_encrypt(pt, ct, &ecb->key);
+ if ((err = cipher_descriptor[ecb->cipher].ecb_encrypt(pt, ct, &ecb->key)) != CRYPT_OK) {
+ return err;
+ }
pt += cipher_descriptor[ecb->cipher].block_length;
ct += cipher_descriptor[ecb->cipher].block_length;
len -= cipher_descriptor[ecb->cipher].block_length;
@@ -55,5 +57,5 @@ int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ecb/ecb_encrypt.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/ecb/ecb_start.c b/src/modes/ecb/ecb_start.c
index f7baa81..cc84579 100644
--- a/src/modes/ecb/ecb_start.c
+++ b/src/modes/ecb/ecb_start.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef ECB
+#ifdef LTC_ECB_MODE
/**
Initialize a ECB context
@@ -44,5 +44,5 @@ int ecb_start(int cipher, const unsigned char *key, int keylen, int num_rounds,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ecb/ecb_start.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/f8/f8_decrypt.c b/src/modes/f8/f8_decrypt.c
new file mode 100644
index 0000000..fc8f61a
--- /dev/null
+++ b/src/modes/f8/f8_decrypt.c
@@ -0,0 +1,43 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f8_decrypt.c
+ F8 implementation, decrypt data, Tom St Denis
+*/
+
+#ifdef LTC_F8_MODE
+
+/**
+ F8 decrypt
+ @param ct Ciphertext
+ @param pt [out] Plaintext
+ @param len Length of ciphertext (octets)
+ @param f8 F8 state
+ @return CRYPT_OK if successful
+*/
+int f8_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_F8 *f8)
+{
+ LTC_ARGCHK(pt != NULL);
+ LTC_ARGCHK(ct != NULL);
+ LTC_ARGCHK(f8 != NULL);
+ return f8_encrypt(ct, pt, len, f8);
+}
+
+
+#endif
+
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/f8/f8_decrypt.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/06/16 22:49:25 $ */
diff --git a/src/modes/f8/f8_done.c b/src/modes/f8/f8_done.c
new file mode 100644
index 0000000..c864767
--- /dev/null
+++ b/src/modes/f8/f8_done.c
@@ -0,0 +1,42 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f8_done.c
+ F8 implementation, finish chain, Tom St Denis
+*/
+
+#ifdef LTC_F8_MODE
+
+/** Terminate the chain
+ @param f8 The F8 chain to terminate
+ @return CRYPT_OK on success
+*/
+int f8_done(symmetric_F8 *f8)
+{
+ int err;
+ LTC_ARGCHK(f8 != NULL);
+
+ if ((err = cipher_is_valid(f8->cipher)) != CRYPT_OK) {
+ return err;
+ }
+ cipher_descriptor[f8->cipher].done(&f8->key);
+ return CRYPT_OK;
+}
+
+
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/f8/f8_done.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/06/16 22:49:25 $ */
diff --git a/src/modes/f8/f8_encrypt.c b/src/modes/f8/f8_encrypt.c
new file mode 100644
index 0000000..fc33be9
--- /dev/null
+++ b/src/modes/f8/f8_encrypt.c
@@ -0,0 +1,103 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f8_encrypt.c
+ F8 implementation, encrypt data, Tom St Denis
+*/
+
+#ifdef LTC_F8_MODE
+
+/**
+ F8 encrypt
+ @param pt Plaintext
+ @param ct [out] Ciphertext
+ @param len Length of plaintext (octets)
+ @param f8 F8 state
+ @return CRYPT_OK if successful
+*/
+int f8_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_F8 *f8)
+{
+ int err, x;
+ unsigned char buf[MAXBLOCKSIZE];
+ LTC_ARGCHK(pt != NULL);
+ LTC_ARGCHK(ct != NULL);
+ LTC_ARGCHK(f8 != NULL);
+ if ((err = cipher_is_valid(f8->cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* is blocklen/padlen valid? */
+ if (f8->blocklen < 0 || f8->blocklen > (int)sizeof(f8->IV) ||
+ f8->padlen < 0 || f8->padlen > (int)sizeof(f8->IV)) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ zeromem(buf, sizeof(buf));
+
+ /* make sure the pad is empty */
+ if (f8->padlen == f8->blocklen) {
+ /* xor of IV, MIV and blockcnt == what goes into cipher */
+ STORE32H(f8->blockcnt, (buf+(f8->blocklen-4)));
+ ++(f8->blockcnt);
+ for (x = 0; x < f8->blocklen; x++) {
+ f8->IV[x] ^= f8->MIV[x] ^ buf[x];
+ }
+ if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(f8->IV, f8->IV, &f8->key)) != CRYPT_OK) {
+ return err;
+ }
+ f8->padlen = 0;
+ }
+
+#ifdef LTC_FAST
+ if (f8->padlen == 0) {
+ while (len >= (unsigned long)f8->blocklen) {
+ STORE32H(f8->blockcnt, (buf+(f8->blocklen-4)));
+ ++(f8->blockcnt);
+ for (x = 0; x < f8->blocklen; x += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE*)(&ct[x])) = *((LTC_FAST_TYPE*)(&pt[x])) ^ *((LTC_FAST_TYPE*)(&f8->IV[x]));
+ *((LTC_FAST_TYPE*)(&f8->IV[x])) ^= *((LTC_FAST_TYPE*)(&f8->MIV[x])) ^ *((LTC_FAST_TYPE*)(&buf[x]));
+ }
+ if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(f8->IV, f8->IV, &f8->key)) != CRYPT_OK) {
+ return err;
+ }
+ len -= x;
+ pt += x;
+ ct += x;
+ }
+ }
+#endif
+
+ while (len > 0) {
+ if (f8->padlen == f8->blocklen) {
+ /* xor of IV, MIV and blockcnt == what goes into cipher */
+ STORE32H(f8->blockcnt, (buf+(f8->blocklen-4)));
+ ++(f8->blockcnt);
+ for (x = 0; x < f8->blocklen; x++) {
+ f8->IV[x] ^= f8->MIV[x] ^ buf[x];
+ }
+ if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(f8->IV, f8->IV, &f8->key)) != CRYPT_OK) {
+ return err;
+ }
+ f8->padlen = 0;
+ }
+ *ct++ = *pt++ ^ f8->IV[f8->padlen++];
+ --len;
+ }
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/f8/f8_encrypt.c,v $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/11/05 04:16:32 $ */
diff --git a/src/modes/f8/f8_getiv.c b/src/modes/f8/f8_getiv.c
new file mode 100644
index 0000000..2c5d92f
--- /dev/null
+++ b/src/modes/f8/f8_getiv.c
@@ -0,0 +1,46 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ofb_getiv.c
+ F8 implementation, get IV, Tom St Denis
+*/
+
+#ifdef LTC_F8_MODE
+
+/**
+ Get the current initial vector
+ @param IV [out] The destination of the initial vector
+ @param len [in/out] The max size and resulting size of the initial vector
+ @param f8 The F8 state
+ @return CRYPT_OK if successful
+*/
+int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8)
+{
+ LTC_ARGCHK(IV != NULL);
+ LTC_ARGCHK(len != NULL);
+ LTC_ARGCHK(f8 != NULL);
+ if ((unsigned long)f8->blocklen > *len) {
+ *len = f8->blocklen;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+ XMEMCPY(IV, f8->IV, f8->blocklen);
+ *len = f8->blocklen;
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/f8/f8_getiv.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/06/16 22:49:25 $ */
diff --git a/src/modes/f8/f8_setiv.c b/src/modes/f8/f8_setiv.c
new file mode 100644
index 0000000..469cc15
--- /dev/null
+++ b/src/modes/f8/f8_setiv.c
@@ -0,0 +1,52 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f8_setiv.c
+ F8 implementation, set IV, Tom St Denis
+*/
+
+#ifdef LTC_F8_MODE
+
+/**
+ Set an initial vector
+ @param IV The initial vector
+ @param len The length of the vector (in octets)
+ @param f8 The F8 state
+ @return CRYPT_OK if successful
+*/
+int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8)
+{
+ int err;
+
+ LTC_ARGCHK(IV != NULL);
+ LTC_ARGCHK(f8 != NULL);
+
+ if ((err = cipher_is_valid(f8->cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ if (len != (unsigned long)f8->blocklen) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* force next block */
+ f8->padlen = 0;
+ return cipher_descriptor[f8->cipher].ecb_encrypt(IV, f8->IV, &f8->key);
+}
+
+#endif
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/f8/f8_setiv.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/06/16 22:49:25 $ */
diff --git a/src/modes/f8/f8_start.c b/src/modes/f8/f8_start.c
new file mode 100644
index 0000000..bb05c16
--- /dev/null
+++ b/src/modes/f8/f8_start.c
@@ -0,0 +1,98 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f8_start.c
+ F8 implementation, start chain, Tom St Denis
+*/
+
+
+#ifdef LTC_F8_MODE
+
+/**
+ Initialize an F8 context
+ @param cipher The index of the cipher desired
+ @param IV The initial vector
+ @param key The secret key
+ @param keylen The length of the secret key (octets)
+ @param salt_key The salting key for the IV
+ @param skeylen The length of the salting key (octets)
+ @param num_rounds Number of rounds in the cipher desired (0 for default)
+ @param f8 The F8 state to initialize
+ @return CRYPT_OK if successful
+*/
+int f8_start( int cipher, const unsigned char *IV,
+ const unsigned char *key, int keylen,
+ const unsigned char *salt_key, int skeylen,
+ int num_rounds, symmetric_F8 *f8)
+{
+ int x, err;
+ unsigned char tkey[MAXBLOCKSIZE];
+
+ LTC_ARGCHK(IV != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(salt_key != NULL);
+ LTC_ARGCHK(f8 != NULL);
+
+ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+#ifdef LTC_FAST
+ if (cipher_descriptor[cipher].block_length % sizeof(LTC_FAST_TYPE)) {
+ return CRYPT_INVALID_ARG;
+ }
+#endif
+
+ /* copy details */
+ f8->blockcnt = 0;
+ f8->cipher = cipher;
+ f8->blocklen = cipher_descriptor[cipher].block_length;
+ f8->padlen = f8->blocklen;
+
+ /* now get key ^ salt_key [extend salt_ket with 0x55 as required to match length] */
+ zeromem(tkey, sizeof(tkey));
+ for (x = 0; x < keylen && x < (int)sizeof(tkey); x++) {
+ tkey[x] = key[x];
+ }
+ for (x = 0; x < skeylen && x < (int)sizeof(tkey); x++) {
+ tkey[x] ^= salt_key[x];
+ }
+ for (; x < keylen && x < (int)sizeof(tkey); x++) {
+ tkey[x] ^= 0x55;
+ }
+
+ /* now encrypt with tkey[0..keylen-1] the IV and use that as the IV */
+ if ((err = cipher_descriptor[cipher].setup(tkey, keylen, num_rounds, &f8->key)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* encrypt IV */
+ if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(IV, f8->MIV, &f8->key)) != CRYPT_OK) {
+ cipher_descriptor[f8->cipher].done(&f8->key);
+ return err;
+ }
+ zeromem(tkey, sizeof(tkey));
+ zeromem(f8->IV, sizeof(f8->IV));
+
+ /* terminate this cipher */
+ cipher_descriptor[f8->cipher].done(&f8->key);
+
+ /* init the cipher */
+ return cipher_descriptor[cipher].setup(key, keylen, num_rounds, &f8->key);
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/f8/f8_start.c,v $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/05 01:36:43 $ */
diff --git a/src/modes/f8/f8_test_mode.c b/src/modes/f8/f8_test_mode.c
new file mode 100644
index 0000000..68160ea
--- /dev/null
+++ b/src/modes/f8/f8_test_mode.c
@@ -0,0 +1,76 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file f8_test_mode.c
+ F8 implementation, test, Tom St Denis
+*/
+
+
+#ifdef LTC_F8_MODE
+
+int f8_test_mode(void)
+{
+#ifndef LTC_TEST
+ return CRYPT_NOP;
+#else
+ static const unsigned char key[16] = { 0x23, 0x48, 0x29, 0x00, 0x84, 0x67, 0xbe, 0x18,
+ 0x6c, 0x3d, 0xe1, 0x4a, 0xae, 0x72, 0xd6, 0x2c };
+ static const unsigned char salt[4] = { 0x32, 0xf2, 0x87, 0x0d };
+ static const unsigned char IV[16] = { 0x00, 0x6e, 0x5c, 0xba, 0x50, 0x68, 0x1d, 0xe5,
+ 0x5c, 0x62, 0x15, 0x99, 0xd4, 0x62, 0x56, 0x4a };
+ static const unsigned char pt[39] = { 0x70, 0x73, 0x65, 0x75, 0x64, 0x6f, 0x72, 0x61,
+ 0x6e, 0x64, 0x6f, 0x6d, 0x6e, 0x65, 0x73, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x6e, 0x65, 0x78, 0x74, 0x20, 0x62, 0x65, 0x73,
+ 0x74, 0x20, 0x74, 0x68, 0x69, 0x6e, 0x67 };
+ static const unsigned char ct[39] = { 0x01, 0x9c, 0xe7, 0xa2, 0x6e, 0x78, 0x54, 0x01,
+ 0x4a, 0x63, 0x66, 0xaa, 0x95, 0xd4, 0xee, 0xfd,
+ 0x1a, 0xd4, 0x17, 0x2a, 0x14, 0xf9, 0xfa, 0xf4,
+ 0x55, 0xb7, 0xf1, 0xd4, 0xb6, 0x2b, 0xd0, 0x8f,
+ 0x56, 0x2c, 0x0e, 0xef, 0x7c, 0x48, 0x02 };
+ unsigned char buf[39];
+ symmetric_F8 f8;
+ int err, idx;
+
+ idx = find_cipher("aes");
+ if (idx == -1) {
+ idx = find_cipher("rijndael");
+ if (idx == -1) return CRYPT_NOP;
+ }
+
+ /* initialize the context */
+ if ((err = f8_start(idx, IV, key, sizeof(key), salt, sizeof(salt), 0, &f8)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* encrypt block */
+ if ((err = f8_encrypt(pt, buf, sizeof(pt), &f8)) != CRYPT_OK) {
+ f8_done(&f8);
+ return err;
+ }
+ f8_done(&f8);
+
+ /* compare */
+ if (XMEMCMP(buf, ct, sizeof(ct))) {
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+
+ return CRYPT_OK;
+#endif
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/f8/f8_test_mode.c,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/11/13 11:55:25 $ */
diff --git a/src/modes/lrw/lrw_decrypt.c b/src/modes/lrw/lrw_decrypt.c
new file mode 100644
index 0000000..24eece8
--- /dev/null
+++ b/src/modes/lrw/lrw_decrypt.c
@@ -0,0 +1,51 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file lrw_decrypt.c
+ LRW_MODE implementation, Decrypt blocks, Tom St Denis
+*/
+
+#ifdef LTC_LRW_MODE
+
+/**
+ LRW decrypt blocks
+ @param ct The ciphertext
+ @param pt [out] The plaintext
+ @param len The length in octets, must be a multiple of 16
+ @param lrw The LRW state
+*/
+int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw)
+{
+ int err;
+
+ LTC_ARGCHK(pt != NULL);
+ LTC_ARGCHK(ct != NULL);
+ LTC_ARGCHK(lrw != NULL);
+
+ if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ if (cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) {
+ return cipher_descriptor[lrw->cipher].accel_lrw_decrypt(ct, pt, len, lrw->IV, lrw->tweak, &lrw->key);
+ }
+
+ return lrw_process(ct, pt, len, LRW_DECRYPT, lrw);
+}
+
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/lrw/lrw_decrypt.c,v $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/06/29 01:53:13 $ */
diff --git a/src/modes/lrw/lrw_done.c b/src/modes/lrw/lrw_done.c
new file mode 100644
index 0000000..4ae75c3
--- /dev/null
+++ b/src/modes/lrw/lrw_done.c
@@ -0,0 +1,42 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file lrw_done.c
+ LRW_MODE implementation, Free resources, Tom St Denis
+*/
+
+#ifdef LTC_LRW_MODE
+
+/**
+ Terminate a LRW state
+ @param lrw The state to terminate
+ @return CRYPT_OK if successful
+*/
+int lrw_done(symmetric_LRW *lrw)
+{
+ int err;
+
+ LTC_ARGCHK(lrw != NULL);
+
+ if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
+ return err;
+ }
+ cipher_descriptor[lrw->cipher].done(&lrw->key);
+
+ return CRYPT_OK;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/lrw/lrw_done.c,v $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:53:13 $ */
diff --git a/src/modes/lrw/lrw_encrypt.c b/src/modes/lrw/lrw_encrypt.c
new file mode 100644
index 0000000..5ed11c9
--- /dev/null
+++ b/src/modes/lrw/lrw_encrypt.c
@@ -0,0 +1,50 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file lrw_encrypt.c
+ LRW_MODE implementation, Encrypt blocks, Tom St Denis
+*/
+
+#ifdef LTC_LRW_MODE
+
+/**
+ LRW encrypt blocks
+ @param pt The plaintext
+ @param ct [out] The ciphertext
+ @param len The length in octets, must be a multiple of 16
+ @param lrw The LRW state
+*/
+int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw)
+{
+ int err;
+
+ LTC_ARGCHK(pt != NULL);
+ LTC_ARGCHK(ct != NULL);
+ LTC_ARGCHK(lrw != NULL);
+
+ if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL) {
+ return cipher_descriptor[lrw->cipher].accel_lrw_encrypt(pt, ct, len, lrw->IV, lrw->tweak, &lrw->key);
+ }
+
+ return lrw_process(pt, ct, len, LRW_ENCRYPT, lrw);
+}
+
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/lrw/lrw_encrypt.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/06/29 01:53:13 $ */
diff --git a/src/modes/lrw/lrw_getiv.c b/src/modes/lrw/lrw_getiv.c
new file mode 100644
index 0000000..00159ce
--- /dev/null
+++ b/src/modes/lrw/lrw_getiv.c
@@ -0,0 +1,45 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file lrw_getiv.c
+ LRW_MODE implementation, Retrieve the current IV, Tom St Denis
+*/
+
+#ifdef LTC_LRW_MODE
+
+/**
+ Get the IV for LRW
+ @param IV [out] The IV, must be 16 octets
+ @param len Length ... must be at least 16 :-)
+ @param lrw The LRW state to read
+ @return CRYPT_OK if successful
+*/
+int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw)
+{
+ LTC_ARGCHK(IV != NULL);
+ LTC_ARGCHK(len != NULL);
+ LTC_ARGCHK(lrw != NULL);
+ if (*len < 16) {
+ *len = 16;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ XMEMCPY(IV, lrw->IV, 16);
+ *len = 16;
+ return CRYPT_OK;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/lrw/lrw_getiv.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/06/29 01:53:13 $ */
diff --git a/src/modes/lrw/lrw_process.c b/src/modes/lrw/lrw_process.c
new file mode 100644
index 0000000..451d4ce
--- /dev/null
+++ b/src/modes/lrw/lrw_process.c
@@ -0,0 +1,120 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file lrw_process.c
+ LRW_MODE implementation, Encrypt/decrypt blocks, Tom St Denis
+*/
+
+#ifdef LTC_LRW_MODE
+
+/**
+ Process blocks with LRW, since decrypt/encrypt are largely the same they share this code.
+ @param pt The "input" data
+ @param ct [out] The "output" data
+ @param len The length of the input, must be a multiple of 128-bits (16 octets)
+ @param mode LRW_ENCRYPT or LRW_DECRYPT
+ @param lrw The LRW state
+ @return CRYPT_OK if successful
+*/
+int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw)
+{
+ unsigned char prod[16];
+ int x, err;
+#ifdef LRW_TABLES
+ int y;
+#endif
+
+ LTC_ARGCHK(pt != NULL);
+ LTC_ARGCHK(ct != NULL);
+ LTC_ARGCHK(lrw != NULL);
+
+ if (len & 15) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ while (len) {
+ /* copy pad */
+ XMEMCPY(prod, lrw->pad, 16);
+
+ /* increment IV */
+ for (x = 15; x >= 0; x--) {
+ lrw->IV[x] = (lrw->IV[x] + 1) & 255;
+ if (lrw->IV[x]) {
+ break;
+ }
+ }
+
+ /* update pad */
+#ifdef LRW_TABLES
+ /* for each byte changed we undo it's affect on the pad then add the new product */
+ for (; x < 16; x++) {
+#ifdef LTC_FAST
+ for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE *)(lrw->pad + y)) ^= *((LTC_FAST_TYPE *)(&lrw->PC[x][lrw->IV[x]][y])) ^ *((LTC_FAST_TYPE *)(&lrw->PC[x][(lrw->IV[x]-1)&255][y]));
+ }
+#else
+ for (y = 0; y < 16; y++) {
+ lrw->pad[y] ^= lrw->PC[x][lrw->IV[x]][y] ^ lrw->PC[x][(lrw->IV[x]-1)&255][y];
+ }
+#endif
+ }
+#else
+ gcm_gf_mult(lrw->tweak, lrw->IV, lrw->pad);
+#endif
+
+ /* xor prod */
+#ifdef LTC_FAST
+ for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE *)(ct + x)) = *((LTC_FAST_TYPE *)(pt + x)) ^ *((LTC_FAST_TYPE *)(prod + x));
+ }
+#else
+ for (x = 0; x < 16; x++) {
+ ct[x] = pt[x] ^ prod[x];
+ }
+#endif
+
+ /* send through cipher */
+ if (mode == LRW_ENCRYPT) {
+ if ((err = cipher_descriptor[lrw->cipher].ecb_encrypt(ct, ct, &lrw->key)) != CRYPT_OK) {
+ return err;
+ }
+ } else {
+ if ((err = cipher_descriptor[lrw->cipher].ecb_decrypt(ct, ct, &lrw->key)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
+ /* xor prod */
+#ifdef LTC_FAST
+ for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE *)(ct + x)) = *((LTC_FAST_TYPE *)(ct + x)) ^ *((LTC_FAST_TYPE *)(prod + x));
+ }
+#else
+ for (x = 0; x < 16; x++) {
+ ct[x] = ct[x] ^ prod[x];
+ }
+#endif
+
+ /* move to next */
+ pt += 16;
+ ct += 16;
+ len -= 16;
+ }
+
+ return CRYPT_OK;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/lrw/lrw_process.c,v $ */
+/* $Revision: 1.10 $ */
+/* $Date: 2006/06/29 01:53:13 $ */
diff --git a/src/modes/lrw/lrw_setiv.c b/src/modes/lrw/lrw_setiv.c
new file mode 100644
index 0000000..bb3c0aa
--- /dev/null
+++ b/src/modes/lrw/lrw_setiv.c
@@ -0,0 +1,79 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file lrw_setiv.c
+ LRW_MODE implementation, Set the current IV, Tom St Denis
+*/
+
+#ifdef LTC_LRW_MODE
+
+/**
+ Set the IV for LRW
+ @param IV The IV, must be 16 octets
+ @param len Length ... must be 16 :-)
+ @param lrw The LRW state to update
+ @return CRYPT_OK if successful
+*/
+int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw)
+{
+ int err;
+#ifdef LRW_TABLES
+ unsigned char T[16];
+ int x, y;
+#endif
+ LTC_ARGCHK(IV != NULL);
+ LTC_ARGCHK(lrw != NULL);
+
+ if (len != 16) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* copy the IV */
+ XMEMCPY(lrw->IV, IV, 16);
+
+ /* check if we have to actually do work */
+ if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL && cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) {
+ /* we have accelerators, let's bail since they don't use lrw->pad anyways */
+ return CRYPT_OK;
+ }
+
+#ifdef LRW_TABLES
+ XMEMCPY(T, &lrw->PC[0][IV[0]][0], 16);
+ for (x = 1; x < 16; x++) {
+#ifdef LTC_FAST
+ for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+ *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&lrw->PC[x][IV[x]][y]));
+ }
+#else
+ for (y = 0; y < 16; y++) {
+ T[y] ^= lrw->PC[x][IV[x]][y];
+ }
+#endif
+ }
+ XMEMCPY(lrw->pad, T, 16);
+#else
+ gcm_gf_mult(lrw->tweak, IV, lrw->pad);
+#endif
+
+ return CRYPT_OK;
+}
+
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/lrw/lrw_setiv.c,v $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/06/29 01:53:13 $ */
diff --git a/src/modes/lrw/lrw_start.c b/src/modes/lrw/lrw_start.c
new file mode 100644
index 0000000..a9f24b5
--- /dev/null
+++ b/src/modes/lrw/lrw_start.c
@@ -0,0 +1,103 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file lrw_start.c
+ LRW_MODE implementation, start mode, Tom St Denis
+*/
+
+#ifdef LTC_LRW_MODE
+
+/**
+ Initialize the LRW context
+ @param cipher The cipher desired, must be a 128-bit block cipher
+ @param IV The index value, must be 128-bits
+ @param key The cipher key
+ @param keylen The length of the cipher key in octets
+ @param tweak The tweak value (second key), must be 128-bits
+ @param num_rounds The number of rounds for the cipher (0 == default)
+ @param lrw [out] The LRW state
+ @return CRYPT_OK on success.
+*/
+int lrw_start( int cipher,
+ const unsigned char *IV,
+ const unsigned char *key, int keylen,
+ const unsigned char *tweak,
+ int num_rounds,
+ symmetric_LRW *lrw)
+{
+ int err;
+#ifdef LRW_TABLES
+ unsigned char B[16];
+ int x, y, z, t;
+#endif
+
+ LTC_ARGCHK(IV != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(tweak != NULL);
+ LTC_ARGCHK(lrw != NULL);
+
+#ifdef LTC_FAST
+ if (16 % sizeof(LTC_FAST_TYPE)) {
+ return CRYPT_INVALID_ARG;
+ }
+#endif
+
+ /* is cipher valid? */
+ if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+ return err;
+ }
+ if (cipher_descriptor[cipher].block_length != 16) {
+ return CRYPT_INVALID_CIPHER;
+ }
+
+ /* schedule key */
+ if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &lrw->key)) != CRYPT_OK) {
+ return err;
+ }
+ lrw->cipher = cipher;
+
+ /* copy the IV and tweak */
+ XMEMCPY(lrw->tweak, tweak, 16);
+
+#ifdef LRW_TABLES
+ /* setup tables */
+ /* generate the first table as it has no shifting (from which we make the other tables) */
+ zeromem(B, 16);
+ for (y = 0; y < 256; y++) {
+ B[0] = y;
+ gcm_gf_mult(tweak, B, &lrw->PC[0][y][0]);
+ }
+
+ /* now generate the rest of the tables based the previous table */
+ for (x = 1; x < 16; x++) {
+ for (y = 0; y < 256; y++) {
+ /* now shift it right by 8 bits */
+ t = lrw->PC[x-1][y][15];
+ for (z = 15; z > 0; z--) {
+ lrw->PC[x][y][z] = lrw->PC[x-1][y][z-1];
+ }
+ lrw->PC[x][y][0] = gcm_shift_table[t<<1];
+ lrw->PC[x][y][1] ^= gcm_shift_table[(t<<1)+1];
+ }
+ }
+#endif
+
+ /* generate first pad */
+ return lrw_setiv(IV, 16, lrw);
+}
+
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/lrw/lrw_start.c,v $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/06/29 01:53:13 $ */
diff --git a/src/modes/lrw/lrw_test.c b/src/modes/lrw/lrw_test.c
new file mode 100644
index 0000000..fe33845
--- /dev/null
+++ b/src/modes/lrw/lrw_test.c
@@ -0,0 +1,136 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file lrw_test.c
+ LRW_MODE implementation, test LRW, Tom St Denis
+*/
+
+#ifdef LTC_LRW_MODE
+
+/**
+ Test LRW against specs
+ @return CRYPT_OK if goodly
+*/
+int lrw_test(void)
+{
+#ifndef LTC_TEST
+ return CRYPT_NOP;
+#else
+ static const struct {
+ unsigned char key[16], tweak[16], IV[16], P[16], expected_tweak[16], C[16];
+ } tests[] = {
+
+{
+{ 0x45, 0x62, 0xac, 0x25, 0xf8, 0x28, 0x17, 0x6d, 0x4c, 0x26, 0x84, 0x14, 0xb5, 0x68, 0x01, 0x85 },
+{ 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03, 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 },
+{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
+{ 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03, 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 },
+{ 0xf1, 0xb2, 0x73, 0xcd, 0x65, 0xa3, 0xdf, 0x5f, 0xe9, 0x5d, 0x48, 0x92, 0x54, 0x63, 0x4e, 0xb8 }
+},
+
+{
+{ 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c, 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44 },
+{ 0x35, 0x23, 0xc2, 0xde, 0xc5, 0x69, 0x4f, 0xa8, 0x72, 0xa9, 0xac, 0xa7, 0x0b, 0x2b, 0xee, 0xbc },
+{ 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
+{ 0x1a, 0x91, 0xe1, 0x6f, 0x62, 0xb4, 0xa7, 0xd4, 0x39, 0x54, 0xd6, 0x53, 0x85, 0x95, 0xf7, 0x5e },
+{ 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5, 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 },
+},
+
+{
+{ 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c, 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44 },
+{ 0x67, 0x53, 0xc9, 0x0c, 0xb7, 0xd8, 0xcd, 0xe5, 0x06, 0xa0, 0x47, 0x78, 0x1a, 0xad, 0x85, 0x11 },
+{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 },
+{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
+{ 0x1a, 0x91, 0xe1, 0x6f, 0x62, 0xb4, 0xa7, 0xd4, 0x39, 0x54, 0xd6, 0x53, 0x85, 0x95, 0xf7, 0x5e },
+{ 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5, 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 },
+},
+
+{
+
+{ 0xd8, 0x2a, 0x91, 0x34, 0xb2, 0x6a, 0x56, 0x50, 0x30, 0xfe, 0x69, 0xe2, 0x37, 0x7f, 0x98, 0x47 },
+{ 0x4e, 0xb5, 0x5d, 0x31, 0x05, 0x97, 0x3a, 0x3f, 0x5e, 0x23, 0xda, 0xfb, 0x5a, 0x45, 0xd6, 0xc0 },
+{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
+{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
+{ 0x18, 0xc9, 0x1f, 0x6d, 0x60, 0x1a, 0x1a, 0x37, 0x5d, 0x0b, 0x0e, 0xf7, 0x3a, 0xd5, 0x74, 0xc4 },
+{ 0x76, 0x32, 0x21, 0x83, 0xed, 0x8f, 0xf1, 0x82, 0xf9, 0x59, 0x62, 0x03, 0x69, 0x0e, 0x5e, 0x01 },
+
+}
+};
+
+ int idx, err, x;
+ symmetric_LRW lrw;
+ unsigned char buf[2][16];
+
+ idx = find_cipher("aes");
+ if (idx == -1) {
+ idx = find_cipher("rijndael");
+ if (idx == -1) {
+ return CRYPT_NOP;
+ }
+ }
+
+ for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+ /* schedule it */
+ if ((err = lrw_start(idx, tests[x].IV, tests[x].key, 16, tests[x].tweak, 0, &lrw)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* check pad against expected tweak */
+ if (XMEMCMP(tests[x].expected_tweak, lrw.pad, 16)) {
+ lrw_done(&lrw);
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+
+ /* process block */
+ if ((err = lrw_encrypt(tests[x].P, buf[0], 16, &lrw)) != CRYPT_OK) {
+ lrw_done(&lrw);
+ return err;
+ }
+
+ if (XMEMCMP(buf[0], tests[x].C, 16)) {
+ lrw_done(&lrw);
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+
+ /* process block */
+ if ((err = lrw_setiv(tests[x].IV, 16, &lrw)) != CRYPT_OK) {
+ lrw_done(&lrw);
+ return err;
+ }
+
+ if ((err = lrw_decrypt(buf[0], buf[1], 16, &lrw)) != CRYPT_OK) {
+ lrw_done(&lrw);
+ return err;
+ }
+
+ if (XMEMCMP(buf[1], tests[x].P, 16)) {
+ lrw_done(&lrw);
+ return CRYPT_FAIL_TESTVECTOR;
+ }
+ if ((err = lrw_done(&lrw)) != CRYPT_OK) {
+ return err;
+ }
+ }
+ return CRYPT_OK;
+#endif
+}
+
+#endif
+
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/modes/lrw/lrw_test.c,v $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/06/29 01:53:13 $ */
diff --git a/src/modes/ofb/ofb_decrypt.c b/src/modes/ofb/ofb_decrypt.c
index cf5f19d..1ada1ed 100644
--- a/src/modes/ofb/ofb_decrypt.c
+++ b/src/modes/ofb/ofb_decrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
OFB implementation, decrypt data, Tom St Denis
*/
-#ifdef OFB
+#ifdef LTC_OFB_MODE
/**
OFB decrypt
@@ -39,5 +39,5 @@ int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ofb/ofb_decrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/ofb/ofb_done.c b/src/modes/ofb/ofb_done.c
index 5e114f4..50a9de2 100644
--- a/src/modes/ofb/ofb_done.c
+++ b/src/modes/ofb/ofb_done.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
OFB implementation, finish chain, Tom St Denis
*/
-#ifdef OFB
+#ifdef LTC_OFB_MODE
/** Terminate the chain
@param ofb The OFB chain to terminate
@@ -38,5 +38,5 @@ int ofb_done(symmetric_OFB *ofb)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ofb/ofb_done.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/ofb/ofb_encrypt.c b/src/modes/ofb/ofb_encrypt.c
index d66979a..2c19f1d 100644
--- a/src/modes/ofb/ofb_encrypt.c
+++ b/src/modes/ofb/ofb_encrypt.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
OFB implementation, encrypt data, Tom St Denis
*/
-#ifdef OFB
+#ifdef LTC_OFB_MODE
/**
OFB encrypt
@@ -43,10 +43,12 @@ int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
while (len-- > 0) {
if (ofb->padlen == ofb->blocklen) {
- cipher_descriptor[ofb->cipher].ecb_encrypt(ofb->IV, ofb->IV, &ofb->key);
+ if ((err = cipher_descriptor[ofb->cipher].ecb_encrypt(ofb->IV, ofb->IV, &ofb->key)) != CRYPT_OK) {
+ return err;
+ }
ofb->padlen = 0;
}
- *ct++ = *pt++ ^ ofb->IV[ofb->padlen++];
+ *ct++ = *pt++ ^ ofb->IV[(ofb->padlen)++];
}
return CRYPT_OK;
}
@@ -54,5 +56,5 @@ int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ofb/ofb_encrypt.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/26 01:45:14 $ */
diff --git a/src/modes/ofb/ofb_getiv.c b/src/modes/ofb/ofb_getiv.c
index f945fff..641d14b 100644
--- a/src/modes/ofb/ofb_getiv.c
+++ b/src/modes/ofb/ofb_getiv.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
OFB implementation, get IV, Tom St Denis
*/
-#ifdef OFB
+#ifdef LTC_OFB_MODE
/**
Get the current initial vector
@@ -30,6 +30,7 @@ int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb)
LTC_ARGCHK(len != NULL);
LTC_ARGCHK(ofb != NULL);
if ((unsigned long)ofb->blocklen > *len) {
+ *len = ofb->blocklen;
return CRYPT_BUFFER_OVERFLOW;
}
XMEMCPY(IV, ofb->IV, ofb->blocklen);
@@ -41,5 +42,5 @@ int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ofb/ofb_getiv.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/ofb/ofb_setiv.c b/src/modes/ofb/ofb_setiv.c
index f678601..35a84e9 100644
--- a/src/modes/ofb/ofb_setiv.c
+++ b/src/modes/ofb/ofb_setiv.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -15,7 +15,7 @@
OFB implementation, set IV, Tom St Denis
*/
-#ifdef OFB
+#ifdef LTC_OFB_MODE
/**
Set an initial vector
@@ -41,13 +41,12 @@ int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb)
/* force next block */
ofb->padlen = 0;
- cipher_descriptor[ofb->cipher].ecb_encrypt(IV, ofb->IV, &ofb->key);
- return CRYPT_OK;
+ return cipher_descriptor[ofb->cipher].ecb_encrypt(IV, ofb->IV, &ofb->key);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ofb/ofb_setiv.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/modes/ofb/ofb_start.c b/src/modes/ofb/ofb_start.c
index 083e381..1f0f65a 100644
--- a/src/modes/ofb/ofb_start.c
+++ b/src/modes/ofb/ofb_start.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -16,7 +16,7 @@
*/
-#ifdef OFB
+#ifdef LTC_OFB_MODE
/**
Initialize a OFB context
@@ -56,5 +56,5 @@ int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/modes/ofb/ofb_start.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/29 01:51:34 $ */
diff --git a/src/pk/asn1/der/bit/der_decode_bit_string.c b/src/pk/asn1/der/bit/der_decode_bit_string.c
index da5b989..1d3569c 100644
--- a/src/pk/asn1/der/bit/der_decode_bit_string.c
+++ b/src/pk/asn1/der/bit/der_decode_bit_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -51,7 +51,7 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen,
/* get the length of the data */
if (in[x] & 0x80) {
/* long format get number of length bytes */
- y = in[x++] & 127;
+ y = in[x++] & 0x7F;
/* invalid if 0 or > 2 */
if (y == 0 || y > 2) {
@@ -65,7 +65,7 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen,
}
} else {
/* short format */
- dlen = in[x++] & 127;
+ dlen = in[x++] & 0x7F;
}
/* is the data len too long or too short? */
@@ -78,6 +78,7 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen,
/* too many bits? */
if (blen > *outlen) {
+ *outlen = blen;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -97,5 +98,5 @@ int der_decode_bit_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/pk/asn1/der/bit/der_encode_bit_string.c b/src/pk/asn1/der/bit/der_encode_bit_string.c
index 569c15b..757963c 100644
--- a/src/pk/asn1/der/bit/der_encode_bit_string.c
+++ b/src/pk/asn1/der/bit/der_encode_bit_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -29,7 +29,8 @@
int der_encode_bit_string(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen)
{
- unsigned long len, x, y, buf;
+ unsigned long len, x, y;
+ unsigned char buf;
int err;
LTC_ARGCHK(in != NULL);
@@ -42,6 +43,7 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen,
}
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -51,18 +53,18 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen,
out[x++] = 0x03;
if (y < 128) {
- out[x++] = y;
+ out[x++] = (unsigned char)y;
} else if (y < 256) {
out[x++] = 0x81;
- out[x++] = y;
+ out[x++] = (unsigned char)y;
} else if (y < 65536) {
out[x++] = 0x82;
- out[x++] = (y>>8)&255;
- out[x++] = y&255;
+ out[x++] = (unsigned char)((y>>8)&255);
+ out[x++] = (unsigned char)(y&255);
}
/* store number of zero padding bits */
- out[x++] = (8 - inlen) & 7;
+ out[x++] = (unsigned char)((8 - inlen) & 7);
/* store the bits in big endian format */
for (y = buf = 0; y < inlen; y++) {
@@ -83,5 +85,5 @@ int der_encode_bit_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/pk/asn1/der/bit/der_length_bit_string.c b/src/pk/asn1/der/bit/der_length_bit_string.c
index dd6ea6d..3dc2abf 100644
--- a/src/pk/asn1/der/bit/der_length_bit_string.c
+++ b/src/pk/asn1/der/bit/der_length_bit_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -50,5 +50,5 @@ int der_length_bit_string(unsigned long nbits, unsigned long *outlen)
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/boolean/der_decode_boolean.c b/src/pk/asn1/der/boolean/der_decode_boolean.c
new file mode 100644
index 0000000..7259e51
--- /dev/null
+++ b/src/pk/asn1/der/boolean/der_decode_boolean.c
@@ -0,0 +1,47 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_decode_boolean.c
+ ASN.1 DER, decode a BOOLEAN, Tom St Denis
+*/
+
+
+#ifdef LTC_DER
+
+/**
+ Read a BOOLEAN
+ @param in The destination for the DER encoded BOOLEAN
+ @param inlen The size of the DER BOOLEAN
+ @param out [out] The boolean to decode
+ @return CRYPT_OK if successful
+*/
+int der_decode_boolean(const unsigned char *in, unsigned long inlen,
+ int *out)
+{
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+
+ if (inlen != 3 || in[0] != 0x01 || in[1] != 0x01 || (in[2] != 0x00 && in[2] != 0xFF)) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ *out = (in[2]==0xFF) ? 1 : 0;
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c,v $ */
+/* $Revision: 1.1 $ */
+/* $Date: 2006/04/22 17:01:59 $ */
diff --git a/src/pk/asn1/der/boolean/der_encode_boolean.c b/src/pk/asn1/der/boolean/der_encode_boolean.c
new file mode 100644
index 0000000..9344a79
--- /dev/null
+++ b/src/pk/asn1/der/boolean/der_encode_boolean.c
@@ -0,0 +1,51 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_encode_boolean.c
+ ASN.1 DER, encode a BOOLEAN, Tom St Denis
+*/
+
+
+#ifdef LTC_DER
+
+/**
+ Store a BOOLEAN
+ @param in The boolean to encode
+ @param out [out] The destination for the DER encoded BOOLEAN
+ @param outlen [in/out] The max size and resulting size of the DER BOOLEAN
+ @return CRYPT_OK if successful
+*/
+int der_encode_boolean(int in,
+ unsigned char *out, unsigned long *outlen)
+{
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(out != NULL);
+
+ if (*outlen < 3) {
+ *outlen = 3;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ *outlen = 3;
+ out[0] = 0x01;
+ out[1] = 0x01;
+ out[2] = in ? 0xFF : 0x00;
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/pk/asn1/der/boolean/der_length_boolean.c b/src/pk/asn1/der/boolean/der_length_boolean.c
new file mode 100644
index 0000000..cd5bf2d
--- /dev/null
+++ b/src/pk/asn1/der/boolean/der_length_boolean.c
@@ -0,0 +1,35 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_length_boolean.c
+ ASN.1 DER, get length of a BOOLEAN, Tom St Denis
+*/
+
+#ifdef LTC_DER
+/**
+ Gets length of DER encoding of a BOOLEAN
+ @param outlen [out] The length of the DER encoding
+ @return CRYPT_OK if successful
+*/
+int der_length_boolean(unsigned long *outlen)
+{
+ LTC_ARGCHK(outlen != NULL);
+ *outlen = 3;
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/04/22 17:28:38 $ */
diff --git a/src/pk/asn1/der/choice/der_decode_choice.c b/src/pk/asn1/der/choice/der_decode_choice.c
index 61cba11..4ff6f17 100644
--- a/src/pk/asn1/der/choice/der_decode_choice.c
+++ b/src/pk/asn1/der/choice/der_decode_choice.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -96,6 +96,7 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen,
case LTC_ASN1_NULL:
if (*inlen == 2 && in[x] == 0x05 && in[x+1] == 0x00) {
*inlen = 2;
+ list[x].used = 1;
return CRYPT_OK;
}
break;
@@ -134,6 +135,17 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen,
}
break;
+ case LTC_ASN1_UTF8_STRING:
+ if (der_decode_utf8_string(in, *inlen, data, &size) == CRYPT_OK) {
+ if (der_length_utf8_string(data, size, &z) == CRYPT_OK) {
+ list[x].used = 1;
+ list[x].size = size;
+ *inlen = z;
+ return CRYPT_OK;
+ }
+ }
+ break;
+
case LTC_ASN1_UTCTIME:
z = *inlen;
if (der_decode_utctime(in, &z, data) == CRYPT_OK) {
@@ -143,6 +155,8 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen,
}
break;
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
case LTC_ASN1_SEQUENCE:
if (der_decode_sequence(in, *inlen, data, size) == CRYPT_OK) {
if (der_length_sequence(data, size, &z) == CRYPT_OK) {
@@ -164,5 +178,5 @@ int der_decode_choice(const unsigned char *in, unsigned long *inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/choice/der_decode_choice.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/19 11:25:01 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/12/06 02:23:49 $ */
diff --git a/src/pk/asn1/der/ia5/der_decode_ia5_string.c b/src/pk/asn1/der/ia5/der_decode_ia5_string.c
index ac0a4af..2514b77 100644
--- a/src/pk/asn1/der/ia5/der_decode_ia5_string.c
+++ b/src/pk/asn1/der/ia5/der_decode_ia5_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -67,6 +67,7 @@ int der_decode_ia5_string(const unsigned char *in, unsigned long inlen,
/* is it too long? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -91,5 +92,5 @@ int der_decode_ia5_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/pk/asn1/der/ia5/der_encode_ia5_string.c b/src/pk/asn1/der/ia5/der_encode_ia5_string.c
index a79b46e..aff3392 100644
--- a/src/pk/asn1/der/ia5/der_encode_ia5_string.c
+++ b/src/pk/asn1/der/ia5/der_encode_ia5_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -42,6 +42,7 @@ int der_encode_ia5_string(const unsigned char *in, unsigned long inlen,
/* too big? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -49,19 +50,19 @@ int der_encode_ia5_string(const unsigned char *in, unsigned long inlen,
x = 0;
out[x++] = 0x16;
if (inlen < 128) {
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 256) {
out[x++] = 0x81;
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 65536UL) {
out[x++] = 0x82;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else if (inlen < 16777216UL) {
out[x++] = 0x83;
- out[x++] = (inlen>>16)&255;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>16)&255);
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else {
return CRYPT_INVALID_ARG;
}
@@ -80,5 +81,5 @@ int der_encode_ia5_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/pk/asn1/der/ia5/der_length_ia5_string.c b/src/pk/asn1/der/ia5/der_length_ia5_string.c
index d07d630..6278dd2 100644
--- a/src/pk/asn1/der/ia5/der_length_ia5_string.c
+++ b/src/pk/asn1/der/ia5/der_length_ia5_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -190,5 +190,5 @@ int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, un
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/integer/der_decode_integer.c b/src/pk/asn1/der/integer/der_decode_integer.c
index e68b2c9..aef87a3 100644
--- a/src/pk/asn1/der/integer/der_decode_integer.c
+++ b/src/pk/asn1/der/integer/der_decode_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -25,7 +25,7 @@
@param num The first mp_int to decode
@return CRYPT_OK if successful
*/
-int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num)
+int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num)
{
unsigned long x, y, z;
int err;
@@ -56,7 +56,7 @@ int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num
}
/* no so read it */
- if ((err = mpi_to_ltc_error(mp_read_unsigned_bin(num, (unsigned char *)in + x, z))) != CRYPT_OK) {
+ if ((err = mp_read_unsigned_bin(num, (unsigned char *)in + x, z)) != CRYPT_OK) {
return err;
}
} else {
@@ -80,23 +80,23 @@ int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num
}
/* no so read it */
- if ((err = mpi_to_ltc_error(mp_read_unsigned_bin(num, (unsigned char *)in + x, y))) != CRYPT_OK) {
+ if ((err = mp_read_unsigned_bin(num, (unsigned char *)in + x, y)) != CRYPT_OK) {
return err;
}
}
/* see if it's negative */
if (in[x] & 0x80) {
- mp_int tmp;
- if (mp_init(&tmp) != MP_OKAY) {
+ void *tmp;
+ if (mp_init(&tmp) != CRYPT_OK) {
return CRYPT_MEM;
}
- if (mp_2expt(&tmp, mp_count_bits(num)) != MP_OKAY || mp_sub(num, &tmp, num) != MP_OKAY) {
- mp_clear(&tmp);
+ if (mp_2expt(tmp, mp_count_bits(num)) != CRYPT_OK || mp_sub(num, tmp, num) != CRYPT_OK) {
+ mp_clear(tmp);
return CRYPT_MEM;
}
- mp_clear(&tmp);
+ mp_clear(tmp);
}
return CRYPT_OK;
@@ -106,5 +106,5 @@ int der_decode_integer(const unsigned char *in, unsigned long inlen, mp_int *num
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/integer/der_decode_integer.c,v $ */
-/* $Revision: 1.2 $ */
-/* $Date: 2005/06/01 00:06:05 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/integer/der_encode_integer.c b/src/pk/asn1/der/integer/der_encode_integer.c
index f0f41be..ff4fce6 100644
--- a/src/pk/asn1/der/integer/der_encode_integer.c
+++ b/src/pk/asn1/der/integer/der_encode_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -26,7 +26,7 @@
@param outlen [in/out] The max size and resulting size of the DER encoded integers
@return CRYPT_OK if successful
*/
-int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
+int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen)
{
unsigned long tmplen, y;
int err, leading_zero;
@@ -41,12 +41,13 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
}
if (*outlen < tmplen) {
+ *outlen = tmplen;
return CRYPT_BUFFER_OVERFLOW;
}
- if (mp_cmp_d(num, 0) != MP_LT) {
+ if (mp_cmp_d(num, 0) != LTC_MP_LT) {
/* we only need a leading zero if the msb of the first byte is one */
- if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == MP_YES) {
+ if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == LTC_MP_YES) {
leading_zero = 1;
} else {
leading_zero = 0;
@@ -59,7 +60,7 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
y = mp_count_bits(num);
y = y + (8 - (y & 7));
y = y >> 3;
-
+ if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) --y;
}
/* now store initial data */
@@ -69,16 +70,16 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
*out++ = (unsigned char)y;
} else if (y < 256) {
*out++ = 0x81;
- *out++ = y;
+ *out++ = (unsigned char)y;
} else if (y < 65536UL) {
*out++ = 0x82;
- *out++ = (y>>8)&255;
- *out++ = y;
+ *out++ = (unsigned char)((y>>8)&255);
+ *out++ = (unsigned char)y;
} else if (y < 16777216UL) {
*out++ = 0x83;
- *out++ = (y>>16)&255;
- *out++ = (y>>8)&255;
- *out++ = y;
+ *out++ = (unsigned char)((y>>16)&255);
+ *out++ = (unsigned char)((y>>8)&255);
+ *out++ = (unsigned char)y;
} else {
return CRYPT_INVALID_ARG;
}
@@ -89,31 +90,32 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
}
/* if it's not zero store it as big endian */
- if (mp_cmp_d(num, 0) == MP_GT) {
+ if (mp_cmp_d(num, 0) == LTC_MP_GT) {
/* now store the mpint */
- if ((err = mp_to_unsigned_bin(num, out)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
+ if ((err = mp_to_unsigned_bin(num, out)) != CRYPT_OK) {
+ return err;
}
- } else if (mp_iszero(num) != MP_YES) {
- mp_int tmp;
+ } else if (mp_iszero(num) != LTC_MP_YES) {
+ void *tmp;
+
/* negative */
- if (mp_init(&tmp) != MP_OKAY) {
+ if (mp_init(&tmp) != CRYPT_OK) {
return CRYPT_MEM;
}
/* 2^roundup and subtract */
y = mp_count_bits(num);
y = y + (8 - (y & 7));
- if (mp_2expt(&tmp, y) != MP_OKAY || mp_add(&tmp, num, &tmp) != MP_OKAY) {
- mp_clear(&tmp);
+ if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) y -= 8;
+ if (mp_2expt(tmp, y) != CRYPT_OK || mp_add(tmp, num, tmp) != CRYPT_OK) {
+ mp_clear(tmp);
return CRYPT_MEM;
}
-
- if ((err = mp_to_unsigned_bin(&tmp, out)) != MP_OKAY) {
- mp_clear(&tmp);
- return mpi_to_ltc_error(err);
+ if ((err = mp_to_unsigned_bin(tmp, out)) != CRYPT_OK) {
+ mp_clear(tmp);
+ return err;
}
- mp_clear(&tmp);
+ mp_clear(tmp);
}
/* we good */
@@ -124,5 +126,5 @@ int der_encode_integer(mp_int *num, unsigned char *out, unsigned long *outlen)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/integer/der_encode_integer.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/pk/asn1/der/integer/der_length_integer.c b/src/pk/asn1/der/integer/der_length_integer.c
index 1bfee45..bcc331d 100644
--- a/src/pk/asn1/der/integer/der_length_integer.c
+++ b/src/pk/asn1/der/integer/der_length_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -19,11 +19,11 @@
#ifdef LTC_DER
/**
Gets length of DER encoding of num
- @param num The mp_int to get the size of
+ @param num The int to get the size of
@param outlen [out] The length of the DER encoding for the given integer
@return CRYPT_OK if successful
*/
-int der_length_integer(mp_int *num, unsigned long *outlen)
+int der_length_integer(void *num, unsigned long *outlen)
{
unsigned long z, len;
int leading_zero;
@@ -31,11 +31,11 @@ int der_length_integer(mp_int *num, unsigned long *outlen)
LTC_ARGCHK(num != NULL);
LTC_ARGCHK(outlen != NULL);
- if (mp_cmp_d(num, 0) != MP_LT) {
+ if (mp_cmp_d(num, 0) != LTC_MP_LT) {
/* positive */
/* we only need a leading zero if the msb of the first byte is one */
- if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == MP_YES) {
+ if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == LTC_MP_YES) {
leading_zero = 1;
} else {
leading_zero = 0;
@@ -49,6 +49,7 @@ int der_length_integer(mp_int *num, unsigned long *outlen)
leading_zero = 0;
z = mp_count_bits(num);
z = z + (8 - (z & 7));
+ if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) --z;
len = z = z >> 3;
}
@@ -77,5 +78,5 @@ int der_length_integer(mp_int *num, unsigned long *outlen)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/integer/der_length_integer.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/04/22 01:22:55 $ */
diff --git a/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c b/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c
index c69c9a3..1fa87d8 100644
--- a/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c
+++ b/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -67,14 +67,8 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle
return CRYPT_INVALID_PACKET;
}
- /* decode word1 and word2 */
- --len;
- t = in[x++];
- words[0] = t/40;
- words[1] = t%40;
-
- /* decode rest */
- y = 2;
+ /* decode words */
+ y = 0;
t = 0;
while (len--) {
t = (t << 7) | (in[x] & 0x7F);
@@ -83,7 +77,13 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle
if (y >= *outlen) {
return CRYPT_BUFFER_OVERFLOW;
}
- words[y++] = t;
+ if (y == 0) {
+ words[0] = t / 40;
+ words[1] = t % 40;
+ y = 2;
+ } else {
+ words[y++] = t;
+ }
t = 0;
}
}
@@ -95,5 +95,5 @@ int der_decode_object_identifier(const unsigned char *in, unsigned long inle
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/11/21 00:18:23 $ */
diff --git a/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c b/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c
index 16eb112..b343aaa 100644
--- a/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c
+++ b/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -27,7 +27,7 @@
int der_encode_object_identifier(unsigned long *words, unsigned long nwords,
unsigned char *out, unsigned long *outlen)
{
- unsigned long i, x, y, z, t, mask;
+ unsigned long i, x, y, z, t, mask, wordbuf;
int err;
LTC_ARGCHK(words != NULL);
@@ -39,50 +39,54 @@ int der_encode_object_identifier(unsigned long *words, unsigned long nwords,
return err;
}
if (x > *outlen) {
+ *outlen = x;
return CRYPT_BUFFER_OVERFLOW;
}
/* compute length to store OID data */
- z = 1;
- for (y = 2; y < nwords; y++) {
- t = der_object_identifier_bits(words[y]);
- z += t/7 + ((t%7) ? 1 : 0);
+ z = 0;
+ wordbuf = words[0] * 40 + words[1];
+ for (y = 1; y < nwords; y++) {
+ t = der_object_identifier_bits(wordbuf);
+ z += t/7 + ((t%7) ? 1 : 0) + (wordbuf == 0 ? 1 : 0);
+ if (y < nwords - 1) {
+ wordbuf = words[y + 1];
+ }
}
/* store header + length */
x = 0;
out[x++] = 0x06;
if (z < 128) {
- out[x++] = z;
+ out[x++] = (unsigned char)z;
} else if (z < 256) {
out[x++] = 0x81;
- out[x++] = z;
+ out[x++] = (unsigned char)z;
} else if (z < 65536UL) {
out[x++] = 0x82;
- out[x++] = (z>>8)&255;
- out[x++] = z&255;
+ out[x++] = (unsigned char)((z>>8)&255);
+ out[x++] = (unsigned char)(z&255);
} else {
return CRYPT_INVALID_ARG;
}
/* store first byte */
- out[x++] = words[0] * 40 + words[1];
-
- for (i = 2; i < nwords; i++) {
+ wordbuf = words[0] * 40 + words[1];
+ for (i = 1; i < nwords; i++) {
/* store 7 bit words in little endian */
- t = words[i] & 0xFFFFFFFF;
+ t = wordbuf & 0xFFFFFFFF;
if (t) {
y = x;
mask = 0;
while (t) {
- out[x++] = (t & 0x7F) | mask;
+ out[x++] = (unsigned char)((t & 0x7F) | mask);
t >>= 7;
mask |= 0x80; /* upper bit is set on all but the last byte */
}
/* now swap bytes y...x-1 */
z = x - 1;
while (y < z) {
- t = out[y]; out[y] = out[z]; out[z] = t;
+ t = out[y]; out[y] = out[z]; out[z] = (unsigned char)t;
++y;
--z;
}
@@ -90,6 +94,10 @@ int der_encode_object_identifier(unsigned long *words, unsigned long nwords,
/* zero word */
out[x++] = 0x00;
}
+
+ if (i < nwords - 1) {
+ wordbuf = words[i + 1];
+ }
}
*outlen = x;
@@ -99,5 +107,5 @@ int der_encode_object_identifier(unsigned long *words, unsigned long nwords,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/pk/asn1/der/object_identifier/der_length_object_identifier.c b/src/pk/asn1/der/object_identifier/der_length_object_identifier.c
index d03d1a7..a4cf53f 100644
--- a/src/pk/asn1/der/object_identifier/der_length_object_identifier.c
+++ b/src/pk/asn1/der/object_identifier/der_length_object_identifier.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -39,7 +39,7 @@ unsigned long der_object_identifier_bits(unsigned long x)
*/
int der_length_object_identifier(unsigned long *words, unsigned long nwords, unsigned long *outlen)
{
- unsigned long y, z, t;
+ unsigned long y, z, t, wordbuf;
LTC_ARGCHK(words != NULL);
LTC_ARGCHK(outlen != NULL);
@@ -50,16 +50,21 @@ int der_length_object_identifier(unsigned long *words, unsigned long nwords, uns
return CRYPT_INVALID_ARG;
}
- /* word1 = 0,1,2 and word2 0..39 */
- if (words[0] > 2 || words[1] > 39) {
+ /* word1 = 0,1,2,3 and word2 0..39 */
+ if (words[0] > 3 || (words[0] < 2 && words[1] > 39)) {
return CRYPT_INVALID_ARG;
}
- /* leading byte of first two words */
- z = 1;
- for (y = 2; y < nwords; y++) {
- t = der_object_identifier_bits(words[y]);
- z += t/7 + ((t%7) ? 1 : 0);
+ /* leading word is the first two */
+ z = 0;
+ wordbuf = words[0] * 40 + words[1];
+ for (y = 1; y < nwords; y++) {
+ t = der_object_identifier_bits(wordbuf);
+ z += t/7 + ((t%7) ? 1 : 0) + (wordbuf == 0 ? 1 : 0);
+ if (y < nwords - 1) {
+ /* grab next word */
+ wordbuf = words[y+1];
+ }
}
/* now depending on the length our length encoding changes */
@@ -80,5 +85,5 @@ int der_length_object_identifier(unsigned long *words, unsigned long nwords, uns
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/04/16 20:17:42 $ */
diff --git a/src/pk/asn1/der/octet/der_decode_octet_string.c b/src/pk/asn1/der/octet/der_decode_octet_string.c
index 2d3800f..b937e63 100644
--- a/src/pk/asn1/der/octet/der_decode_octet_string.c
+++ b/src/pk/asn1/der/octet/der_decode_octet_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -66,6 +66,7 @@ int der_decode_octet_string(const unsigned char *in, unsigned long inlen,
/* is it too long? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -86,5 +87,5 @@ int der_decode_octet_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/pk/asn1/der/octet/der_encode_octet_string.c b/src/pk/asn1/der/octet/der_encode_octet_string.c
index f34b708..fe0f163 100644
--- a/src/pk/asn1/der/octet/der_encode_octet_string.c
+++ b/src/pk/asn1/der/octet/der_encode_octet_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -43,6 +43,7 @@ int der_encode_octet_string(const unsigned char *in, unsigned long inlen,
/* too big? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -50,19 +51,19 @@ int der_encode_octet_string(const unsigned char *in, unsigned long inlen,
x = 0;
out[x++] = 0x04;
if (inlen < 128) {
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 256) {
out[x++] = 0x81;
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 65536UL) {
out[x++] = 0x82;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else if (inlen < 16777216UL) {
out[x++] = 0x83;
- out[x++] = (inlen>>16)&255;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>16)&255);
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else {
return CRYPT_INVALID_ARG;
}
@@ -81,5 +82,5 @@ int der_encode_octet_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/pk/asn1/der/octet/der_length_octet_string.c b/src/pk/asn1/der/octet/der_length_octet_string.c
index 9a0bed3..3caf352 100644
--- a/src/pk/asn1/der/octet/der_length_octet_string.c
+++ b/src/pk/asn1/der/octet/der_length_octet_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -49,5 +49,5 @@ int der_length_octet_string(unsigned long noctets, unsigned long *outlen)
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/16 15:08:11 $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/printable_string/der_decode_printable_string.c b/src/pk/asn1/der/printable_string/der_decode_printable_string.c
index cbc9239..cae96d8 100644
--- a/src/pk/asn1/der/printable_string/der_decode_printable_string.c
+++ b/src/pk/asn1/der/printable_string/der_decode_printable_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -67,6 +67,7 @@ int der_decode_printable_string(const unsigned char *in, unsigned long inlen,
/* is it too long? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -91,5 +92,5 @@ int der_decode_printable_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/21 02:29:54 $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/pk/asn1/der/printable_string/der_encode_printable_string.c b/src/pk/asn1/der/printable_string/der_encode_printable_string.c
index ab4e8bf..9061b1f 100644
--- a/src/pk/asn1/der/printable_string/der_encode_printable_string.c
+++ b/src/pk/asn1/der/printable_string/der_encode_printable_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -42,6 +42,7 @@ int der_encode_printable_string(const unsigned char *in, unsigned long inlen,
/* too big? */
if (len > *outlen) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -49,19 +50,19 @@ int der_encode_printable_string(const unsigned char *in, unsigned long inlen,
x = 0;
out[x++] = 0x13;
if (inlen < 128) {
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 256) {
out[x++] = 0x81;
- out[x++] = inlen;
+ out[x++] = (unsigned char)inlen;
} else if (inlen < 65536UL) {
out[x++] = 0x82;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else if (inlen < 16777216UL) {
out[x++] = 0x83;
- out[x++] = (inlen>>16)&255;
- out[x++] = (inlen>>8)&255;
- out[x++] = inlen&255;
+ out[x++] = (unsigned char)((inlen>>16)&255);
+ out[x++] = (unsigned char)((inlen>>8)&255);
+ out[x++] = (unsigned char)(inlen&255);
} else {
return CRYPT_INVALID_ARG;
}
@@ -80,5 +81,5 @@ int der_encode_printable_string(const unsigned char *in, unsigned long inlen,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/21 02:29:54 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/pk/asn1/der/printable_string/der_length_printable_string.c b/src/pk/asn1/der/printable_string/der_length_printable_string.c
index 34065f2..799b6b6 100644
--- a/src/pk/asn1/der/printable_string/der_length_printable_string.c
+++ b/src/pk/asn1/der/printable_string/der_length_printable_string.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -162,5 +162,5 @@ int der_length_printable_string(const unsigned char *octets, unsigned long nocte
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c,v $ */
-/* $Revision: 1.1 $ */
-/* $Date: 2005/05/21 02:29:54 $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/sequence/der_decode_sequence.c b/src/pk/asn1/der/sequence/der_decode_sequence_ex.c
index 335a882..1f65602 100644
--- a/src/pk/asn1/der/sequence/der_decode_sequence.c
+++ b/src/pk/asn1/der/sequence/der_decode_sequence_ex.c
@@ -6,14 +6,14 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
/**
- @file der_decode_sequence.c
+ @file der_decode_sequence_ex.c
ASN.1 DER, decode a SEQUENCE, Tom St Denis
*/
@@ -25,10 +25,11 @@
@param inlen The size of the input
@param list The list of items to decode
@param outlen The number of items in the list
+ @param ordered Search an unordeded or ordered list
@return CRYPT_OK on success
*/
-int der_decode_sequence(const unsigned char *in, unsigned long inlen,
- ltc_asn1_list *list, unsigned long outlen)
+int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen,
+ ltc_asn1_list *list, unsigned long outlen, int ordered)
{
int err, type;
unsigned long size, x, y, z, i, blksize;
@@ -36,17 +37,18 @@ int der_decode_sequence(const unsigned char *in, unsigned long inlen,
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(list != NULL);
-
+
/* get blk size */
if (inlen < 2) {
return CRYPT_INVALID_PACKET;
}
- /* sequence type? */
+ /* sequence type? We allow 0x30 SEQUENCE and 0x31 SET since fundamentally they're the same structure */
x = 0;
- if (in[x++] != 0x30) {
+ if (in[x] != 0x30 && in[x] != 0x31) {
return CRYPT_INVALID_PACKET;
}
+ ++x;
if (in[x] < 128) {
blksize = in[x++];
@@ -73,154 +75,205 @@ int der_decode_sequence(const unsigned char *in, unsigned long inlen,
return CRYPT_INVALID_PACKET;
}
+ /* mark all as unused */
+ for (i = 0; i < outlen; i++) {
+ list[i].used = 0;
+ }
+
/* ok read data */
inlen = blksize;
for (i = 0; i < outlen; i++) {
+ z = 0;
type = list[i].type;
size = list[i].size;
data = list[i].data;
+ if (!ordered && list[i].used == 1) { continue; }
if (type == LTC_ASN1_EOL) {
break;
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
+ z = inlen;
+ if ((err = der_decode_boolean(in + x, z, ((int *)data))) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ if ((err = der_length_boolean(&z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ break;
+
case LTC_ASN1_INTEGER:
z = inlen;
if ((err = der_decode_integer(in + x, z, data)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
if ((err = der_length_integer(data, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
-
case LTC_ASN1_SHORT_INTEGER:
z = inlen;
if ((err = der_decode_short_integer(in + x, z, data)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
- if ((err = der_length_short_integer(size, &z)) != CRYPT_OK) {
+ if ((err = der_length_short_integer(((unsigned long*)data)[0], &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
+
break;
case LTC_ASN1_BIT_STRING:
z = inlen;
if ((err = der_decode_bit_string(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
list[i].size = size;
if ((err = der_length_bit_string(size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
case LTC_ASN1_OCTET_STRING:
z = inlen;
if ((err = der_decode_octet_string(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
list[i].size = size;
if ((err = der_length_octet_string(size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
case LTC_ASN1_NULL:
if (inlen < 2 || in[x] != 0x05 || in[x+1] != 0x00) {
+ if (!ordered) { continue; }
err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
- x += 2;
- inlen -= 2;
+ z = 2;
break;
case LTC_ASN1_OBJECT_IDENTIFIER:
z = inlen;
if ((err = der_decode_object_identifier(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
list[i].size = size;
if ((err = der_length_object_identifier(data, size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
case LTC_ASN1_IA5_STRING:
z = inlen;
if ((err = der_decode_ia5_string(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
list[i].size = size;
if ((err = der_length_ia5_string(data, size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
case LTC_ASN1_PRINTABLE_STRING:
z = inlen;
if ((err = der_decode_printable_string(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
list[i].size = size;
if ((err = der_length_printable_string(data, size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
+ break;
+
+ case LTC_ASN1_UTF8_STRING:
+ z = inlen;
+ if ((err = der_decode_utf8_string(in + x, z, data, &size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
+ goto LBL_ERR;
+ }
+ list[i].size = size;
+ if ((err = der_length_utf8_string(data, size, &z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
break;
case LTC_ASN1_UTCTIME:
z = inlen;
if ((err = der_decode_utctime(in + x, &z, data)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
+ case LTC_ASN1_SET:
+ z = inlen;
+ if ((err = der_decode_set(in + x, z, data, size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
+ goto LBL_ERR;
+ }
+ if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ break;
+
+ case LTC_ASN1_SETOF:
case LTC_ASN1_SEQUENCE:
+ /* detect if we have the right type */
+ if ((type == LTC_ASN1_SETOF && (in[x] & 0x3F) != 0x31) || (type == LTC_ASN1_SEQUENCE && (in[x] & 0x3F) != 0x30)) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+
z = inlen;
if ((err = der_decode_sequence(in + x, z, data, size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
case LTC_ASN1_CHOICE:
z = inlen;
if ((err = der_decode_choice(in + x, &z, data, size)) != CRYPT_OK) {
+ if (!ordered) { continue; }
goto LBL_ERR;
}
- x += z;
- inlen -= z;
break;
default:
err = CRYPT_INVALID_ARG;
goto LBL_ERR;
}
+ x += z;
+ inlen -= z;
+ list[i].used = 1;
+ if (!ordered) {
+ /* restart the decoder */
+ i = -1;
+ }
}
+
+ for (i = 0; i < outlen; i++) {
+ if (list[i].used == 0) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+ }
err = CRYPT_OK;
LBL_ERR:
@@ -229,6 +282,6 @@ LBL_ERR:
#endif
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence.c,v $ */
-/* $Revision: 1.8 $ */
-/* $Date: 2005/06/18 19:20:23 $ */
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c,v $ */
+/* $Revision: 1.15 $ */
+/* $Date: 2006/11/26 02:25:18 $ */
diff --git a/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c b/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
new file mode 100644
index 0000000..19d8c86
--- /dev/null
+++ b/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c
@@ -0,0 +1,386 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_decode_sequence_flexi.c
+ ASN.1 DER, decode an array of ASN.1 types with a flexi parser, Tom St Denis
+*/
+
+#ifdef LTC_DER
+
+static unsigned long fetch_length(const unsigned char *in, unsigned long inlen)
+{
+ unsigned long x, y, z;
+
+ y = 0;
+
+ /* skip type and read len */
+ if (inlen < 2) {
+ return 0xFFFFFFFF;
+ }
+ ++in; ++y;
+
+ /* read len */
+ x = *in++; ++y;
+
+ /* <128 means literal */
+ if (x < 128) {
+ return x+y;
+ }
+ x &= 0x7F; /* the lower 7 bits are the length of the length */
+ inlen -= 2;
+
+ /* len means len of len! */
+ if (x == 0 || x > 4 || x > inlen) {
+ return 0xFFFFFFFF;
+ }
+
+ y += x;
+ z = 0;
+ while (x--) {
+ z = (z<<8) | ((unsigned long)*in);
+ ++in;
+ }
+ return z+y;
+}
+
+/**
+ ASN.1 DER Flexi(ble) decoder will decode arbitrary DER packets and create a linked list of the decoded elements.
+ @param in The input buffer
+ @param inlen [in/out] The length of the input buffer and on output the amount of decoded data
+ @param out [out] A pointer to the linked list
+ @return CRYPT_OK on success.
+*/
+int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out)
+{
+ ltc_asn1_list *l;
+ unsigned long err, type, len, totlen, x, y;
+ void *realloc_tmp;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(inlen != NULL);
+ LTC_ARGCHK(out != NULL);
+
+ l = NULL;
+ totlen = 0;
+
+ /* scan the input and and get lengths and what not */
+ while (*inlen) {
+ /* read the type byte */
+ type = *in;
+
+ /* fetch length */
+ len = fetch_length(in, *inlen);
+ if (len > *inlen) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+
+ /* alloc new link */
+ if (l == NULL) {
+ l = XCALLOC(1, sizeof(*l));
+ if (l == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+ } else {
+ l->next = XCALLOC(1, sizeof(*l));
+ if (l->next == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+ l->next->prev = l;
+ l = l->next;
+ }
+
+ /* now switch on type */
+ switch (type) {
+ case 0x01: /* BOOLEAN */
+ l->type = LTC_ASN1_BOOLEAN;
+ l->size = 1;
+ l->data = XCALLOC(1, sizeof(int));
+
+ if ((err = der_decode_boolean(in, *inlen, l->data)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_boolean(&len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x02: /* INTEGER */
+ /* init field */
+ l->type = LTC_ASN1_INTEGER;
+ l->size = 1;
+ if ((err = mp_init(&l->data)) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* decode field */
+ if ((err = der_decode_integer(in, *inlen, l->data)) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* calc length of object */
+ if ((err = der_length_integer(l->data, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x03: /* BIT */
+ /* init field */
+ l->type = LTC_ASN1_BIT_STRING;
+ l->size = len * 8; /* *8 because we store decoded bits one per char and they are encoded 8 per char. */
+
+ if ((l->data = XCALLOC(1, l->size)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_bit_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_bit_string(l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x04: /* OCTET */
+
+ /* init field */
+ l->type = LTC_ASN1_OCTET_STRING;
+ l->size = len;
+
+ if ((l->data = XCALLOC(1, l->size)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_octet_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_octet_string(l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x05: /* NULL */
+
+ /* valid NULL is 0x05 0x00 */
+ if (in[0] != 0x05 || in[1] != 0x00) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+
+ /* simple to store ;-) */
+ l->type = LTC_ASN1_NULL;
+ l->data = NULL;
+ l->size = 0;
+ len = 2;
+
+ break;
+
+ case 0x06: /* OID */
+
+ /* init field */
+ l->type = LTC_ASN1_OBJECT_IDENTIFIER;
+ l->size = len;
+
+ if ((l->data = XCALLOC(len, sizeof(unsigned long))) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_object_identifier(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_object_identifier(l->data, l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* resize it to save a bunch of mem */
+ if ((realloc_tmp = XREALLOC(l->data, l->size * sizeof(unsigned long))) == NULL) {
+ /* out of heap but this is not an error */
+ break;
+ }
+ l->data = realloc_tmp;
+ break;
+
+ case 0x0C: /* UTF8 */
+
+ /* init field */
+ l->type = LTC_ASN1_UTF8_STRING;
+ l->size = len;
+
+ if ((l->data = XCALLOC(sizeof(wchar_t), l->size)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_utf8_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_utf8_string(l->data, l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x13: /* PRINTABLE */
+
+ /* init field */
+ l->type = LTC_ASN1_PRINTABLE_STRING;
+ l->size = len;
+
+ if ((l->data = XCALLOC(1, l->size)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_printable_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_printable_string(l->data, l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x16: /* IA5 */
+
+ /* init field */
+ l->type = LTC_ASN1_IA5_STRING;
+ l->size = len;
+
+ if ((l->data = XCALLOC(1, l->size)) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ if ((err = der_decode_ia5_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_ia5_string(l->data, l->size, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x17: /* UTC TIME */
+
+ /* init field */
+ l->type = LTC_ASN1_UTCTIME;
+ l->size = 1;
+
+ if ((l->data = XCALLOC(1, sizeof(ltc_utctime))) == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ len = *inlen;
+ if ((err = der_decode_utctime(in, &len, l->data)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = der_length_utctime(l->data, &len)) != CRYPT_OK) {
+ goto error;
+ }
+ break;
+
+ case 0x30: /* SEQUENCE */
+ case 0x31: /* SET */
+
+ /* init field */
+ l->type = (type == 0x30) ? LTC_ASN1_SEQUENCE : LTC_ASN1_SET;
+
+ /* we have to decode the SEQUENCE header and get it's length */
+
+ /* move past type */
+ ++in; --(*inlen);
+
+ /* read length byte */
+ x = *in++; --(*inlen);
+
+ /* smallest SEQUENCE/SET header */
+ y = 2;
+
+ /* now if it's > 127 the next bytes are the length of the length */
+ if (x > 128) {
+ x &= 0x7F;
+ in += x;
+ *inlen -= x;
+
+ /* update sequence header len */
+ y += x;
+ }
+
+ /* Sequence elements go as child */
+ len = len - y;
+ if ((err = der_decode_sequence_flexi(in, &len, &(l->child))) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* len update */
+ totlen += y;
+
+ /* link them up y0 */
+ l->child->parent = l;
+
+ break;
+ default:
+ /* invalid byte ... this is a soft error */
+ /* remove link */
+ l = l->prev;
+ XFREE(l->next);
+ l->next = NULL;
+ goto outside;
+ }
+
+ /* advance pointers */
+ totlen += len;
+ in += len;
+ *inlen -= len;
+ }
+
+outside:
+
+ /* rewind l please */
+ while (l->prev != NULL || l->parent != NULL) {
+ if (l->parent != NULL) {
+ l = l->parent;
+ } else {
+ l = l->prev;
+ }
+ }
+
+ /* return */
+ *out = l;
+ *inlen = totlen;
+ return CRYPT_OK;
+
+error:
+ /* free list */
+ der_sequence_free(l);
+
+ return err;
+}
+
+#endif
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c,v $ */
+/* $Revision: 1.25 $ */
+/* $Date: 2006/11/26 02:25:18 $ */
diff --git a/src/pk/asn1/der/sequence/der_decode_sequence_multi.c b/src/pk/asn1/der/sequence/der_decode_sequence_multi.c
index a4a1038..a15c182 100644
--- a/src/pk/asn1/der/sequence/der_decode_sequence_multi.c
+++ b/src/pk/asn1/der/sequence/der_decode_sequence_multi.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
@@ -19,6 +19,13 @@
#ifdef LTC_DER
+/**
+ Decode a SEQUENCE type using a VA list
+ @param in Input buffer
+ @param inlen Length of input in octets
+ @remark <...> is of the form <type, size, data> (int, unsigned long, void*)
+ @return CRYPT_OK on success
+*/
int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
{
int err, type;
@@ -42,6 +49,7 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
case LTC_ASN1_INTEGER:
case LTC_ASN1_SHORT_INTEGER:
case LTC_ASN1_BIT_STRING:
@@ -50,7 +58,10 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
case LTC_ASN1_OBJECT_IDENTIFIER:
case LTC_ASN1_IA5_STRING:
case LTC_ASN1_PRINTABLE_STRING:
+ case LTC_ASN1_UTF8_STRING:
case LTC_ASN1_UTCTIME:
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
case LTC_ASN1_SEQUENCE:
case LTC_ASN1_CHOICE:
++x;
@@ -86,6 +97,7 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
case LTC_ASN1_INTEGER:
case LTC_ASN1_SHORT_INTEGER:
case LTC_ASN1_BIT_STRING:
@@ -94,8 +106,11 @@ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
case LTC_ASN1_OBJECT_IDENTIFIER:
case LTC_ASN1_IA5_STRING:
case LTC_ASN1_PRINTABLE_STRING:
+ case LTC_ASN1_UTF8_STRING:
case LTC_ASN1_UTCTIME:
case LTC_ASN1_SEQUENCE:
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
case LTC_ASN1_CHOICE:
list[x].type = type;
list[x].size = size;
@@ -120,5 +135,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/06/18 19:20:23 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/11/26 02:25:18 $ */
diff --git a/src/pk/asn1/der/sequence/der_encode_sequence.c b/src/pk/asn1/der/sequence/der_encode_sequence_ex.c
index d53153c..cdb4f1e 100644
--- a/src/pk/asn1/der/sequence/der_encode_sequence.c
+++ b/src/pk/asn1/der/sequence/der_encode_sequence_ex.c
@@ -6,14 +6,14 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
/**
- @file der_encode_sequence.c
+ @file der_encode_sequence_ex.c
ASN.1 DER, encode a SEQUENCE, Tom St Denis
*/
@@ -25,10 +25,11 @@
@param inlen The number of items in the list
@param out [out] The destination
@param outlen [in/out] The size of the output
+ @param type_of LTC_ASN1_SEQUENCE or LTC_ASN1_SET/LTC_ASN1_SETOF
@return CRYPT_OK on success
*/
-int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
- unsigned char *out, unsigned long *outlen)
+int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen, int type_of)
{
int err, type;
unsigned long size, x, y, z, i;
@@ -50,6 +51,13 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
+ if ((err = der_length_boolean(&x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ y += x;
+ break;
+
case LTC_ASN1_INTEGER:
if ((err = der_length_integer(data, &x)) != CRYPT_OK) {
goto LBL_ERR;
@@ -103,6 +111,13 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
y += x;
break;
+ case LTC_ASN1_UTF8_STRING:
+ if ((err = der_length_utf8_string(data, size, &x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ y += x;
+ break;
+
case LTC_ASN1_UTCTIME:
if ((err = der_length_utctime(data, &x)) != CRYPT_OK) {
goto LBL_ERR;
@@ -110,13 +125,14 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
y += x;
break;
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
case LTC_ASN1_SEQUENCE:
if ((err = der_length_sequence(data, size, &x)) != CRYPT_OK) {
goto LBL_ERR;
}
y += x;
break;
-
default:
err = CRYPT_INVALID_ARG;
@@ -144,27 +160,29 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
/* too big ? */
if (*outlen < y) {
+ *outlen = y;
err = CRYPT_BUFFER_OVERFLOW;
goto LBL_ERR;
}
/* store header */
x = 0;
- out[x++] = 0x30;
+ out[x++] = (type_of == LTC_ASN1_SEQUENCE) ? 0x30 : 0x31;
+
if (z < 128) {
- out[x++] = z;
+ out[x++] = (unsigned char)z;
} else if (z < 256) {
out[x++] = 0x81;
- out[x++] = z;
+ out[x++] = (unsigned char)z;
} else if (z < 65536UL) {
out[x++] = 0x82;
- out[x++] = (z>>8UL)&255;
- out[x++] = z&255;
+ out[x++] = (unsigned char)((z>>8UL)&255);
+ out[x++] = (unsigned char)(z&255);
} else if (z < 16777216UL) {
out[x++] = 0x83;
- out[x++] = (z>>16UL)&255;
- out[x++] = (z>>8UL)&255;
- out[x++] = z&255;
+ out[x++] = (unsigned char)((z>>16UL)&255);
+ out[x++] = (unsigned char)((z>>8UL)&255);
+ out[x++] = (unsigned char)(z&255);
}
/* store data */
@@ -179,6 +197,15 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
+ z = *outlen;
+ if ((err = der_encode_boolean(*((int *)data), out + x, &z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ x += z;
+ *outlen -= z;
+ break;
+
case LTC_ASN1_INTEGER:
z = *outlen;
if ((err = der_encode_integer(data, out + x, &z)) != CRYPT_OK) {
@@ -248,6 +275,15 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
*outlen -= z;
break;
+ case LTC_ASN1_UTF8_STRING:
+ z = *outlen;
+ if ((err = der_encode_utf8_string(data, size, out + x, &z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ x += z;
+ *outlen -= z;
+ break;
+
case LTC_ASN1_UTCTIME:
z = *outlen;
if ((err = der_encode_utctime(data, out + x, &z)) != CRYPT_OK) {
@@ -257,15 +293,33 @@ int der_encode_sequence(ltc_asn1_list *list, unsigned long inlen,
*outlen -= z;
break;
- case LTC_ASN1_SEQUENCE:
+ case LTC_ASN1_SET:
+ z = *outlen;
+ if ((err = der_encode_set(data, size, out + x, &z)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ x += z;
+ *outlen -= z;
+ break;
+
+ case LTC_ASN1_SETOF:
z = *outlen;
- if ((err = der_encode_sequence(data, size, out + x, &z)) != CRYPT_OK) {
+ if ((err = der_encode_setof(data, size, out + x, &z)) != CRYPT_OK) {
goto LBL_ERR;
}
x += z;
*outlen -= z;
break;
+ case LTC_ASN1_SEQUENCE:
+ z = *outlen;
+ if ((err = der_encode_sequence_ex(data, size, out + x, &z, type)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ x += z;
+ *outlen -= z;
+ break;
+
default:
err = CRYPT_INVALID_ARG;
goto LBL_ERR;
diff --git a/src/pk/asn1/der/sequence/der_encode_sequence_multi.c b/src/pk/asn1/der/sequence/der_encode_sequence_multi.c
index 9ff48b9..da34c64 100644
--- a/src/pk/asn1/der/sequence/der_encode_sequence_multi.c
+++ b/src/pk/asn1/der/sequence/der_encode_sequence_multi.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
#include <stdarg.h>
@@ -19,6 +19,13 @@
#ifdef LTC_DER
+/**
+ Encode a SEQUENCE type using a VA list
+ @param out [out] Destination for data
+ @param outlen [in/out] Length of buffer and resulting length of output
+ @remark <...> is of the form <type, size, data> (int, unsigned long, void*)
+ @return CRYPT_OK on success
+*/
int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
{
int err, type;
@@ -43,6 +50,7 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
case LTC_ASN1_INTEGER:
case LTC_ASN1_SHORT_INTEGER:
case LTC_ASN1_BIT_STRING:
@@ -51,8 +59,11 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
case LTC_ASN1_OBJECT_IDENTIFIER:
case LTC_ASN1_IA5_STRING:
case LTC_ASN1_PRINTABLE_STRING:
+ case LTC_ASN1_UTF8_STRING:
case LTC_ASN1_UTCTIME:
case LTC_ASN1_SEQUENCE:
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
++x;
break;
@@ -86,6 +97,7 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
case LTC_ASN1_INTEGER:
case LTC_ASN1_SHORT_INTEGER:
case LTC_ASN1_BIT_STRING:
@@ -94,8 +106,11 @@ int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
case LTC_ASN1_OBJECT_IDENTIFIER:
case LTC_ASN1_IA5_STRING:
case LTC_ASN1_PRINTABLE_STRING:
+ case LTC_ASN1_UTF8_STRING:
case LTC_ASN1_UTCTIME:
case LTC_ASN1_SEQUENCE:
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
list[x].type = type;
list[x].size = size;
list[x++].data = data;
@@ -119,5 +134,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/06/18 19:20:23 $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/11/26 02:25:18 $ */
diff --git a/src/pk/asn1/der/sequence/der_length_sequence.c b/src/pk/asn1/der/sequence/der_length_sequence.c
index 9120451..36f4a2a 100644
--- a/src/pk/asn1/der/sequence/der_length_sequence.c
+++ b/src/pk/asn1/der/sequence/der_length_sequence.c
@@ -6,11 +6,9 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
-#include <stdarg.h>
-
/**
@file der_length_sequence.c
@@ -48,6 +46,13 @@ int der_length_sequence(ltc_asn1_list *list, unsigned long inlen,
}
switch (type) {
+ case LTC_ASN1_BOOLEAN:
+ if ((err = der_length_boolean(&x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ y += x;
+ break;
+
case LTC_ASN1_INTEGER:
if ((err = der_length_integer(data, &x)) != CRYPT_OK) {
goto LBL_ERR;
@@ -101,6 +106,22 @@ int der_length_sequence(ltc_asn1_list *list, unsigned long inlen,
y += x;
break;
+ case LTC_ASN1_UTCTIME:
+ if ((err = der_length_utctime(data, &x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ y += x;
+ break;
+
+ case LTC_ASN1_UTF8_STRING:
+ if ((err = der_length_utf8_string(data, size, &x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ y += x;
+ break;
+
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
case LTC_ASN1_SEQUENCE:
if ((err = der_length_sequence(data, size, &x)) != CRYPT_OK) {
goto LBL_ERR;
@@ -142,3 +163,7 @@ LBL_ERR:
}
#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c,v $ */
+/* $Revision: 1.13 $ */
+/* $Date: 2006/11/26 02:25:18 $ */
diff --git a/src/pk/asn1/der/sequence/der_sequence_free.c b/src/pk/asn1/der/sequence/der_sequence_free.c
new file mode 100644
index 0000000..dc826e3
--- /dev/null
+++ b/src/pk/asn1/der/sequence/der_sequence_free.c
@@ -0,0 +1,65 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_sequence_free.c
+ ASN.1 DER, free's a structure allocated by der_decode_sequence_flexi(), Tom St Denis
+*/
+
+#ifdef LTC_DER
+
+/**
+ Free memory allocated by der_decode_sequence_flexi()
+ @param in The list to free
+*/
+void der_sequence_free(ltc_asn1_list *in)
+{
+ ltc_asn1_list *l;
+
+ /* walk to the start of the chain */
+ while (in->prev != NULL || in->parent != NULL) {
+ if (in->parent != NULL) {
+ in = in->parent;
+ } else {
+ in = in->prev;
+ }
+ }
+
+ /* now walk the list and free stuff */
+ while (in != NULL) {
+ /* is there a child? */
+ if (in->child) {
+ /* disconnect */
+ in->child->parent = NULL;
+ der_sequence_free(in->child);
+ }
+
+ switch (in->type) {
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF:
+ case LTC_ASN1_SEQUENCE: break;
+ case LTC_ASN1_INTEGER : if (in->data != NULL) { mp_clear(in->data); } break;
+ default : if (in->data != NULL) { XFREE(in->data); }
+ }
+
+ /* move to next and free current */
+ l = in->next;
+ free(in);
+ in = l;
+ }
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/set/der_encode_set.c b/src/pk/asn1/der/set/der_encode_set.c
new file mode 100644
index 0000000..a08d2b0
--- /dev/null
+++ b/src/pk/asn1/der/set/der_encode_set.c
@@ -0,0 +1,103 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_encode_set.c
+ ASN.1 DER, Encode a SET, Tom St Denis
+*/
+
+#ifdef LTC_DER
+
+/* LTC define to ASN.1 TAG */
+static int ltc_to_asn1(int v)
+{
+ switch (v) {
+ case LTC_ASN1_BOOLEAN: return 0x01;
+ case LTC_ASN1_INTEGER:
+ case LTC_ASN1_SHORT_INTEGER: return 0x02;
+ case LTC_ASN1_BIT_STRING: return 0x03;
+ case LTC_ASN1_OCTET_STRING: return 0x04;
+ case LTC_ASN1_NULL: return 0x05;
+ case LTC_ASN1_OBJECT_IDENTIFIER: return 0x06;
+ case LTC_ASN1_UTF8_STRING: return 0x0C;
+ case LTC_ASN1_PRINTABLE_STRING: return 0x13;
+ case LTC_ASN1_IA5_STRING: return 0x16;
+ case LTC_ASN1_UTCTIME: return 0x17;
+ case LTC_ASN1_SEQUENCE: return 0x30;
+ case LTC_ASN1_SET:
+ case LTC_ASN1_SETOF: return 0x31;
+ default: return -1;
+ }
+}
+
+
+static int qsort_helper(const void *a, const void *b)
+{
+ ltc_asn1_list *A = (ltc_asn1_list *)a, *B = (ltc_asn1_list *)b;
+ int r;
+
+ r = ltc_to_asn1(A->type) - ltc_to_asn1(B->type);
+
+ /* for QSORT the order is UNDEFINED if they are "equal" which means it is NOT DETERMINISTIC. So we force it to be :-) */
+ if (r == 0) {
+ /* their order in the original list now determines the position */
+ return A->used - B->used;
+ } else {
+ return r;
+ }
+}
+
+/*
+ Encode a SET type
+ @param list The list of items to encode
+ @param inlen The number of items in the list
+ @param out [out] The destination
+ @param outlen [in/out] The size of the output
+ @return CRYPT_OK on success
+*/
+int der_encode_set(ltc_asn1_list *list, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen)
+{
+ ltc_asn1_list *copy;
+ unsigned long x;
+ int err;
+
+ /* make copy of list */
+ copy = XCALLOC(inlen, sizeof(*copy));
+ if (copy == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* fill in used member with index so we can fully sort it */
+ for (x = 0; x < inlen; x++) {
+ copy[x] = list[x];
+ copy[x].used = x;
+ }
+
+ /* sort it by the "type" field */
+ XQSORT(copy, inlen, sizeof(*copy), &qsort_helper);
+
+ /* call der_encode_sequence_ex() */
+ err = der_encode_sequence_ex(copy, inlen, out, outlen, LTC_ASN1_SET);
+
+ /* free list */
+ XFREE(copy);
+
+ return err;
+}
+
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/set/der_encode_set.c,v $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/11/26 02:27:37 $ */
diff --git a/src/pk/asn1/der/set/der_encode_setof.c b/src/pk/asn1/der/set/der_encode_setof.c
new file mode 100644
index 0000000..6c12eb4
--- /dev/null
+++ b/src/pk/asn1/der/set/der_encode_setof.c
@@ -0,0 +1,162 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_encode_setof.c
+ ASN.1 DER, Encode SET OF, Tom St Denis
+*/
+
+#ifdef LTC_DER
+
+struct edge {
+ unsigned char *start;
+ unsigned long size;
+};
+
+static int qsort_helper(const void *a, const void *b)
+{
+ struct edge *A = (struct edge *)a, *B = (struct edge *)b;
+ int r;
+ unsigned long x;
+
+ /* compare min length */
+ r = XMEMCMP(A->start, B->start, MIN(A->size, B->size));
+
+ if (r == 0 && A->size != B->size) {
+ if (A->size > B->size) {
+ for (x = B->size; x < A->size; x++) {
+ if (A->start[x]) {
+ return 1;
+ }
+ }
+ } else {
+ for (x = A->size; x < B->size; x++) {
+ if (B->start[x]) {
+ return -1;
+ }
+ }
+ }
+ }
+
+ return r;
+}
+
+/**
+ Encode a SETOF stucture
+ @param list The list of items to encode
+ @param inlen The number of items in the list
+ @param out [out] The destination
+ @param outlen [in/out] The size of the output
+ @return CRYPT_OK on success
+*/
+int der_encode_setof(ltc_asn1_list *list, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen)
+{
+ unsigned long x, y, z, hdrlen;
+ int err;
+ struct edge *edges;
+ unsigned char *ptr, *buf;
+
+ /* check that they're all the same type */
+ for (x = 1; x < inlen; x++) {
+ if (list[x].type != list[x-1].type) {
+ return CRYPT_INVALID_ARG;
+ }
+ }
+
+ /* alloc buffer to store copy of output */
+ buf = XCALLOC(1, *outlen);
+ if (buf == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* encode list */
+ if ((err = der_encode_sequence_ex(list, inlen, buf, outlen, LTC_ASN1_SETOF)) != CRYPT_OK) {
+ XFREE(buf);
+ return err;
+ }
+
+ /* allocate edges */
+ edges = XCALLOC(inlen, sizeof(*edges));
+ if (edges == NULL) {
+ XFREE(buf);
+ return CRYPT_MEM;
+ }
+
+ /* skip header */
+ ptr = buf + 1;
+
+ /* now skip length data */
+ x = *ptr++;
+ if (x >= 0x80) {
+ ptr += (x & 0x7F);
+ }
+
+ /* get the size of the static header */
+ hdrlen = ((unsigned long)ptr) - ((unsigned long)buf);
+
+
+ /* scan for edges */
+ x = 0;
+ while (ptr < (buf + *outlen)) {
+ /* store start */
+ edges[x].start = ptr;
+
+ /* skip type */
+ z = 1;
+
+ /* parse length */
+ y = ptr[z++];
+ if (y < 128) {
+ edges[x].size = y;
+ } else {
+ y &= 0x7F;
+ edges[x].size = 0;
+ while (y--) {
+ edges[x].size = (edges[x].size << 8) | ((unsigned long)ptr[z++]);
+ }
+ }
+
+ /* skip content */
+ edges[x].size += z;
+ ptr += edges[x].size;
+ ++x;
+ }
+
+ /* sort based on contents (using edges) */
+ XQSORT(edges, inlen, sizeof(*edges), &qsort_helper);
+
+ /* copy static header */
+ XMEMCPY(out, buf, hdrlen);
+
+ /* copy+sort using edges+indecies to output from buffer */
+ for (y = hdrlen, x = 0; x < inlen; x++) {
+ XMEMCPY(out+y, edges[x].start, edges[x].size);
+ y += edges[x].size;
+ }
+
+#ifdef LTC_CLEAN_STACK
+ zeromem(buf, *outlen);
+#endif
+
+ /* free buffers */
+ XFREE(edges);
+ XFREE(buf);
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/set/der_encode_setof.c,v $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/short_integer/der_decode_short_integer.c b/src/pk/asn1/der/short_integer/der_decode_short_integer.c
index 7d3d3b7..1407e9a 100644
--- a/src/pk/asn1/der/short_integer/der_decode_short_integer.c
+++ b/src/pk/asn1/der/short_integer/der_decode_short_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -19,7 +19,7 @@
#ifdef LTC_DER
/**
- Read a mp_int integer
+ Read a short integer
@param in The DER encoded data
@param inlen Size of data
@param num [out] The integer to decode
@@ -64,5 +64,5 @@ int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsig
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/23 01:04:13 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/short_integer/der_encode_short_integer.c b/src/pk/asn1/der/short_integer/der_encode_short_integer.c
index eb94d38..95da2fa 100644
--- a/src/pk/asn1/der/short_integer/der_encode_short_integer.c
+++ b/src/pk/asn1/der/short_integer/der_encode_short_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -18,9 +18,8 @@
#ifdef LTC_DER
-/* Exports a positive integer as DER format (upto 32-bits in size) */
/**
- Store a mp_int integer
+ Store a short integer in the range (0,2^32-1)
@param num The integer to encode
@param out [out] The destination for the DER encoded integers
@param outlen [in/out] The max size and resulting size of the DER encoded integers
@@ -43,6 +42,7 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon
}
if (*outlen < len) {
+ *outlen = len;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -70,7 +70,7 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon
/* store header */
x = 0;
out[x++] = 0x02;
- out[x++] = z;
+ out[x++] = (unsigned char)z;
/* if 31st bit is set output a leading zero and decrement count */
if (z == 5) {
@@ -80,7 +80,7 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon
/* store values */
for (y = 0; y < z; y++) {
- out[x++] = (num >> 24) & 0xFF;
+ out[x++] = (unsigned char)((num >> 24) & 0xFF);
num <<= 8;
}
@@ -93,5 +93,5 @@ int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned lon
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/23 01:27:03 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/pk/asn1/der/short_integer/der_length_short_integer.c b/src/pk/asn1/der/short_integer/der_length_short_integer.c
index 7324b4a..073e294 100644
--- a/src/pk/asn1/der/short_integer/der_length_short_integer.c
+++ b/src/pk/asn1/der/short_integer/der_length_short_integer.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -39,7 +39,7 @@ int der_length_short_integer(unsigned long num, unsigned long *outlen)
++z;
y >>= 8;
}
-
+
/* handle zero */
if (z == 0) {
z = 1;
@@ -59,11 +59,12 @@ int der_length_short_integer(unsigned long num, unsigned long *outlen)
/* return length */
*outlen = len;
+
return CRYPT_OK;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/23 01:35:38 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/utctime/der_decode_utctime.c b/src/pk/asn1/der/utctime/der_decode_utctime.c
index 43ba033..8a1f5fb 100644
--- a/src/pk/asn1/der/utctime/der_decode_utctime.c
+++ b/src/pk/asn1/der/utctime/der_decode_utctime.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -39,6 +39,13 @@ static int char_to_int(unsigned char x)
if (y >= max) return CRYPT_INVALID_PACKET; \
x += 2;
+/**
+ Decodes a UTC time structure in DER format (reads all 6 valid encoding formats)
+ @param in Input buffer
+ @param inlen Length of input buffer in octets
+ @param out [out] Destination of UTC time structure
+ @return CRYPT_OK if successful
+*/
int der_decode_utctime(const unsigned char *in, unsigned long *inlen,
ltc_utctime *out)
{
@@ -116,5 +123,5 @@ YYMMDDhhmmss-hh'mm'
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/06/19 12:07:00 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/utctime/der_encode_utctime.c b/src/pk/asn1/der/utctime/der_encode_utctime.c
index dad8c84..ae2ccbe 100644
--- a/src/pk/asn1/der/utctime/der_encode_utctime.c
+++ b/src/pk/asn1/der/utctime/der_encode_utctime.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -24,8 +24,10 @@ static const char *baseten = "0123456789";
out[x++] = der_ia5_char_encode(baseten[y % 10]);
/**
- Gets length of DER encoding of UTCTIME
- @param outlen [out] The length of the DER encoding
+ Encodes a UTC time structure in DER format
+ @param utctime The UTC time structure to encode
+ @param out The destination of the DER encoding of the UTC time structure
+ @param outlen [in/out] The length of the DER encoding
@return CRYPT_OK if successful
*/
int der_encode_utctime(ltc_utctime *utctime,
@@ -42,6 +44,7 @@ int der_encode_utctime(ltc_utctime *utctime,
return err;
}
if (tmplen > *outlen) {
+ *outlen = tmplen;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -66,7 +69,7 @@ int der_encode_utctime(ltc_utctime *utctime,
}
/* store length */
- out[1] = x - 2;
+ out[1] = (unsigned char)(x - 2);
/* all good let's return */
*outlen = x;
@@ -76,5 +79,5 @@ int der_encode_utctime(ltc_utctime *utctime,
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/06/19 12:07:00 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/pk/asn1/der/utctime/der_length_utctime.c b/src/pk/asn1/der/utctime/der_length_utctime.c
index 84e654a..60f09de 100644
--- a/src/pk/asn1/der/utctime/der_length_utctime.c
+++ b/src/pk/asn1/der/utctime/der_length_utctime.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -19,6 +19,7 @@
/**
Gets length of DER encoding of UTCTIME
+ @param utctime The UTC time structure to get the size of
@param outlen [out] The length of the DER encoding
@return CRYPT_OK if successful
*/
@@ -41,5 +42,5 @@ int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen)
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c,v $ */
-/* $Revision: 1.2 $ */
-/* $Date: 2005/06/19 11:23:04 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/src/pk/asn1/der/utf8/der_decode_utf8_string.c
new file mode 100644
index 0000000..28b5520
--- /dev/null
+++ b/src/pk/asn1/der/utf8/der_decode_utf8_string.c
@@ -0,0 +1,111 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_decode_utf8_string.c
+ ASN.1 DER, encode a UTF8 STRING, Tom St Denis
+*/
+
+
+#ifdef LTC_DER
+
+/**
+ Store a UTF8 STRING
+ @param in The DER encoded UTF8 STRING
+ @param inlen The size of the DER UTF8 STRING
+ @param out [out] The array of utf8s stored (one per char)
+ @param outlen [in/out] The number of utf8s stored
+ @return CRYPT_OK if successful
+*/
+int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
+ wchar_t *out, unsigned long *outlen)
+{
+ wchar_t tmp;
+ unsigned long x, y, z, len;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ /* must have header at least */
+ if (inlen < 2) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* check for 0x0C */
+ if ((in[0] & 0x1F) != 0x0C) {
+ return CRYPT_INVALID_PACKET;
+ }
+ x = 1;
+
+ /* decode the length */
+ if (in[x] & 0x80) {
+ /* valid # of bytes in length are 1,2,3 */
+ y = in[x] & 0x7F;
+ if ((y == 0) || (y > 3) || ((x + y) > inlen)) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* read the length in */
+ len = 0;
+ ++x;
+ while (y--) {
+ len = (len << 8) | in[x++];
+ }
+ } else {
+ len = in[x++] & 0x7F;
+ }
+
+ if (len + x > inlen) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* proceed to decode */
+ for (y = 0; x < inlen; ) {
+ /* get first byte */
+ tmp = in[x++];
+
+ /* count number of bytes */
+ for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF);
+
+ if (z > 4 || (x + (z - 1) > inlen)) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* decode, grab upper bits */
+ tmp >>= z;
+
+ /* grab remaining bytes */
+ if (z > 1) { --z; }
+ while (z-- != 0) {
+ if ((in[x] & 0xC0) != 0x80) {
+ return CRYPT_INVALID_PACKET;
+ }
+ tmp = (tmp << 6) | ((wchar_t)in[x++] & 0x3F);
+ }
+
+ if (y > *outlen) {
+ *outlen = y;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+ out[y++] = tmp;
+ }
+ *outlen = y;
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c,v $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/11/26 02:27:37 $ */
diff --git a/src/pk/asn1/der/utf8/der_encode_utf8_string.c b/src/pk/asn1/der/utf8/der_encode_utf8_string.c
new file mode 100644
index 0000000..2dd6081
--- /dev/null
+++ b/src/pk/asn1/der/utf8/der_encode_utf8_string.c
@@ -0,0 +1,105 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_encode_utf8_string.c
+ ASN.1 DER, encode a UTF8 STRING, Tom St Denis
+*/
+
+
+#ifdef LTC_DER
+
+/**
+ Store an UTF8 STRING
+ @param in The array of UTF8 to store (one per wchar_t)
+ @param inlen The number of UTF8 to store
+ @param out [out] The destination for the DER encoded UTF8 STRING
+ @param outlen [in/out] The max size and resulting size of the DER UTF8 STRING
+ @return CRYPT_OK if successful
+*/
+int der_encode_utf8_string(const wchar_t *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen)
+{
+ unsigned long x, y, len;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ /* get the size */
+ for (x = len = 0; x < inlen; x++) {
+ if (in[x] < 0 || in[x] > 0x1FFFF) {
+ return CRYPT_INVALID_ARG;
+ }
+ len += der_utf8_charsize(in[x]);
+ }
+
+ if (len < 128) {
+ y = 2 + len;
+ } else if (len < 256) {
+ y = 3 + len;
+ } else if (len < 65536UL) {
+ y = 4 + len;
+ } else if (len < 16777216UL) {
+ y = 5 + len;
+ } else {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* too big? */
+ if (y > *outlen) {
+ *outlen = len;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ /* encode the header+len */
+ x = 0;
+ out[x++] = 0x0C;
+ if (len < 128) {
+ out[x++] = len;
+ } else if (len < 256) {
+ out[x++] = 0x81;
+ out[x++] = len;
+ } else if (len < 65536UL) {
+ out[x++] = 0x82;
+ out[x++] = (len>>8)&255;
+ out[x++] = len&255;
+ } else if (len < 16777216UL) {
+ out[x++] = 0x83;
+ out[x++] = (len>>16)&255;
+ out[x++] = (len>>8)&255;
+ out[x++] = len&255;
+ } else {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* store UTF8 */
+ for (y = 0; y < inlen; y++) {
+ switch (der_utf8_charsize(in[y])) {
+ case 1: out[x++] = in[y]; break;
+ case 2: out[x++] = 0xC0 | ((in[y] >> 6) & 0x1F); out[x++] = 0x80 | (in[y] & 0x3F); break;
+ case 3: out[x++] = 0xE0 | ((in[y] >> 12) & 0x0F); out[x++] = 0x80 | ((in[y] >> 6) & 0x3F); out[x++] = 0x80 | (in[y] & 0x3F); break;
+ case 4: out[x++] = 0xF0 | ((in[y] >> 18) & 0x07); out[x++] = 0x80 | ((in[y] >> 12) & 0x3F); out[x++] = 0x80 | ((in[y] >> 6) & 0x3F); out[x++] = 0x80 | (in[y] & 0x3F); break;
+ }
+ }
+
+ /* retun length */
+ *outlen = x;
+
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c,v $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/12/16 17:41:21 $ */
diff --git a/src/pk/asn1/der/utf8/der_length_utf8_string.c b/src/pk/asn1/der/utf8/der_length_utf8_string.c
new file mode 100644
index 0000000..b5b2bc6
--- /dev/null
+++ b/src/pk/asn1/der/utf8/der_length_utf8_string.c
@@ -0,0 +1,83 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file der_length_utf8_string.c
+ ASN.1 DER, get length of UTF8 STRING, Tom St Denis
+*/
+
+#ifdef LTC_DER
+
+/** Return the size in bytes of a UTF-8 character
+ @param c The UTF-8 character to measure
+ @return The size in bytes
+*/
+unsigned long der_utf8_charsize(const wchar_t c)
+{
+ if (c <= 0x7F) {
+ return 1;
+ } else if (c <= 0x7FF) {
+ return 2;
+ } else if (c <= 0xFFFF) {
+ return 3;
+ } else {
+ return 4;
+ }
+}
+
+/**
+ Gets length of DER encoding of UTF8 STRING
+ @param in The characters to measure the length of
+ @param noctets The number of octets in the string to encode
+ @param outlen [out] The length of the DER encoding for the given string
+ @return CRYPT_OK if successful
+*/
+int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen)
+{
+ unsigned long x, len;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ len = 0;
+ for (x = 0; x < noctets; x++) {
+ if (in[x] < 0 || in[x] > 0x10FFFF) {
+ return CRYPT_INVALID_ARG;
+ }
+ len += der_utf8_charsize(in[x]);
+ }
+
+ if (len < 128) {
+ /* 0C LL DD DD DD ... */
+ *outlen = 2 + len;
+ } else if (len < 256) {
+ /* 0C 81 LL DD DD DD ... */
+ *outlen = 3 + len;
+ } else if (len < 65536UL) {
+ /* 0C 82 LL LL DD DD DD ... */
+ *outlen = 4 + len;
+ } else if (len < 16777216UL) {
+ /* 0C 83 LL LL LL DD DD DD ... */
+ *outlen = 5 + len;
+ } else {
+ return CRYPT_INVALID_ARG;
+ }
+
+ return CRYPT_OK;
+}
+
+#endif
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/12/16 17:41:21 $ */
diff --git a/src/pk/dh/dh.c b/src/pk/dh/dh.c
deleted file mode 100644
index a54f29b..0000000
--- a/src/pk/dh/dh.c
+++ /dev/null
@@ -1,524 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-#include "tomcrypt.h"
-
-/**
- @file dh.c
- DH crypto, Tom St Denis
-*/
-
-#ifdef MDH
-
-/* max export size we'll encounter (smaller than this but lets round up a bit) */
-#define DH_BUF_SIZE 1200
-
-/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */
-static const struct {
- int size;
- char *name, *base, *prime;
-} sets[] = {
-#ifdef DH768
-{
- 96,
- "DH-768",
- "4",
- "F///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "//////m3wvV"
-},
-#endif
-#ifdef DH1024
-{
- 128,
- "DH-1024",
- "4",
- "F///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////m3C47"
-},
-#endif
-#ifdef DH1280
-{
- 160,
- "DH-1280",
- "4",
- "F///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "//////////////////////////////m4kSN"
-},
-#endif
-#ifdef DH1536
-{
- 192,
- "DH-1536",
- "4",
- "F///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////m5uqd"
-},
-#endif
-#ifdef DH1792
-{
- 224,
- "DH-1792",
- "4",
- "F///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "//////////////////////////////////////////////////////mT/sd"
-},
-#endif
-#ifdef DH2048
-{
- 256,
- "DH-2048",
- "4",
- "3///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "/////////////////////////////////////////m8MPh"
-},
-#endif
-#ifdef DH2560
-{
- 320,
- "DH-2560",
- "4",
- "3///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "/////mKFpF"
-},
-#endif
-#ifdef DH3072
-{
- 384,
- "DH-3072",
- "4",
- "3///////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "/////////////////////////////m32nN"
-},
-#endif
-#ifdef DH4096
-{
- 512,
- "DH-4096",
- "4",
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "////////////////////////////////////////////////////////////"
- "/////////////////////m8pOF"
-},
-#endif
-{
- 0,
- NULL,
- NULL,
- NULL
-}
-};
-
-static int is_valid_idx(int n)
-{
- int x;
-
- for (x = 0; sets[x].size; x++);
- if ((n < 0) || (n >= x)) {
- return 0;
- }
- return 1;
-}
-
-/**
- Test the DH sub-system (can take a while)
- @return CRYPT_OK if successful
-*/
-int dh_test(void)
-{
- mp_int p, g, tmp;
- int x, err, primality;
-
- if ((err = mp_init_multi(&p, &g, &tmp, NULL)) != MP_OKAY) { goto error; }
-
- for (x = 0; sets[x].size != 0; x++) {
-#if 0
- printf("dh_test():testing size %d-bits\n", sets[x].size * 8);
-#endif
- if ((err = mp_read_radix(&g,(char *)sets[x].base, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&p,(char *)sets[x].prime, 64)) != MP_OKAY) { goto error; }
-
- /* ensure p is prime */
- if ((err = is_prime(&p, &primality)) != CRYPT_OK) { goto done; }
- if (primality == 0) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
-
- if ((err = mp_sub_d(&p, 1, &tmp)) != MP_OKAY) { goto error; }
- if ((err = mp_div_2(&tmp, &tmp)) != MP_OKAY) { goto error; }
-
- /* ensure (p-1)/2 is prime */
- if ((err = is_prime(&tmp, &primality)) != CRYPT_OK) { goto done; }
- if (primality == 0) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
-
- /* now see if g^((p-1)/2) mod p is in fact 1 */
- if ((err = mp_exptmod(&g, &tmp, &p, &tmp)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&tmp, 1)) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
- }
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&tmp, &g, &p, NULL);
- return err;
-}
-
-/**
- Get the min and max DH key sizes (octets)
- @param low [out] The smallest key size supported
- @param high [out] The largest key size supported
-*/
-void dh_sizes(int *low, int *high)
-{
- int x;
- LTC_ARGCHK(low != NULL);
- LTC_ARGCHK(high != NULL);
- *low = INT_MAX;
- *high = 0;
- for (x = 0; sets[x].size != 0; x++) {
- if (*low > sets[x].size) *low = sets[x].size;
- if (*high < sets[x].size) *high = sets[x].size;
- }
-}
-
-/**
- Returns the key size of a given DH key (octets)
- @param key The DH key to get the size of
- @return The size if valid or INT_MAX if not
-*/
-int dh_get_size(dh_key *key)
-{
- LTC_ARGCHK(key != NULL);
- if (is_valid_idx(key->idx) == 1) {
- return sets[key->idx].size;
- } else {
- return INT_MAX; /* large value that would cause dh_make_key() to fail */
- }
-}
-
-/**
- Make a DH key [private key pair]
- @param prng An active PRNG state
- @param wprng The index for the PRNG you desire to use
- @param keysize The key size (octets) desired
- @param key [out] Where the newly created DH key will be stored
- @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically.
-*/
-int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key)
-{
- unsigned char *buf;
- unsigned long x;
- mp_int p, g;
- int err;
-
- LTC_ARGCHK(key != NULL);
-
- /* good prng? */
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- /* find key size */
- for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++);
-#ifdef FAST_PK
- keysize = MIN(sets[x].size, 32);
-#else
- keysize = sets[x].size;
-#endif
-
- if (sets[x].size == 0) {
- return CRYPT_INVALID_KEYSIZE;
- }
- key->idx = x;
-
- /* allocate buffer */
- buf = XMALLOC(keysize);
- if (buf == NULL) {
- return CRYPT_MEM;
- }
-
- /* make up random string */
- if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) {
- err = CRYPT_ERROR_READPRNG;
- goto error2;
- }
-
- /* init parameters */
- if ((err = mp_init_multi(&g, &p, &key->x, &key->y, NULL)) != MP_OKAY) {
- goto error;
- }
- if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error; }
-
- /* load the x value */
- if ((err = mp_read_unsigned_bin(&key->x, buf, keysize)) != MP_OKAY) { goto error; }
- if ((err = mp_exptmod(&g, &key->x, &p, &key->y)) != MP_OKAY) { goto error; }
- key->type = PK_PRIVATE;
-
- if ((err = mp_shrink(&key->x)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->y)) != MP_OKAY) { goto error; }
-
- /* free up ram */
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-error2:
- mp_clear_multi(&key->x, &key->y, NULL);
-done:
-#ifdef LTC_CLEAN_STACK
- zeromem(buf, keysize);
-#endif
- mp_clear_multi(&p, &g, NULL);
- XFREE(buf);
- return err;
-}
-
-/**
- Free the allocated ram for a DH key
- @param key The key which you wish to free
-*/
-void dh_free(dh_key *key)
-{
- LTC_ARGCHK(key != NULL);
- mp_clear_multi(&key->x, &key->y, NULL);
-}
-
-/**
- Export a DH key to a binary packet
- @param out [out] The destination for the key
- @param outlen [in/out] The max size and resulting size of the DH key
- @param type Which type of key (PK_PRIVATE or PK_PUBLIC)
- @param key The key you wish to export
- @return CRYPT_OK if successful
-*/
-int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key)
-{
- unsigned long y, z;
- int err;
-
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* can we store the static header? */
- if (*outlen < (PACKET_SIZE + 2)) {
- return CRYPT_BUFFER_OVERFLOW;
- }
-
- if (type == PK_PRIVATE && key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- /* header */
- y = PACKET_SIZE;
-
- /* header */
- out[y++] = type;
- out[y++] = (unsigned char)(sets[key->idx].size / 8);
-
- /* export y */
- OUTPUT_BIGNUM(&key->y, out, y, z);
-
- if (type == PK_PRIVATE) {
- /* export x */
- OUTPUT_BIGNUM(&key->x, out, y, z);
- }
-
- /* store header */
- packet_store_header(out, PACKET_SECT_DH, PACKET_SUB_KEY);
-
- /* store len */
- *outlen = y;
- return CRYPT_OK;
-}
-
-/**
- Import a DH key from a binary packet
- @param in The packet to read
- @param inlen The length of the input packet
- @param key [out] Where to import the key to
- @return CRYPT_OK if successful, on error all allocated memory is freed automatically
-*/
-int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key)
-{
- unsigned long x, y, s;
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* make sure valid length */
- if ((2+PACKET_SIZE) > inlen) {
- return CRYPT_INVALID_PACKET;
- }
-
- /* check type byte */
- if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_DH, PACKET_SUB_KEY)) != CRYPT_OK) {
- return err;
- }
-
- /* init */
- if ((err = mp_init_multi(&key->x, &key->y, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- /* advance past packet header */
- y = PACKET_SIZE;
-
- /* key type, e.g. private, public */
- key->type = (int)in[y++];
-
- /* key size in bytes */
- s = (unsigned long)in[y++] * 8;
-
- for (x = 0; (s > (unsigned long)sets[x].size) && (sets[x].size != 0); x++);
- if (sets[x].size == 0) {
- err = CRYPT_INVALID_KEYSIZE;
- goto error;
- }
- key->idx = (int)x;
-
- /* type check both values */
- if ((key->type != PK_PUBLIC) && (key->type != PK_PRIVATE)) {
- err = CRYPT_PK_TYPE_MISMATCH;
- goto error;
- }
-
- /* is the key idx valid? */
- if (is_valid_idx(key->idx) != 1) {
- err = CRYPT_PK_TYPE_MISMATCH;
- goto error;
- }
-
- /* load public value g^x mod p*/
- INPUT_BIGNUM(&key->y, in, x, y, inlen);
-
- if (key->type == PK_PRIVATE) {
- INPUT_BIGNUM(&key->x, in, x, y, inlen);
- }
-
- /* eliminate private key if public */
- if (key->type == PK_PUBLIC) {
- mp_clear(&key->x);
- }
-
- return CRYPT_OK;
-error:
- mp_clear_multi(&key->y, &key->x, NULL);
- return err;
-}
-
-/**
- Create a DH shared secret.
- @param private_key The private DH key in the pair
- @param public_key The public DH key in the pair
- @param out [out] The destination of the shared data
- @param outlen [in/out] The max size and resulting size of the shared data.
- @return CRYPT_OK if successful
-*/
-int dh_shared_secret(dh_key *private_key, dh_key *public_key,
- unsigned char *out, unsigned long *outlen)
-{
- mp_int tmp, p;
- unsigned long x;
- int err;
-
- LTC_ARGCHK(private_key != NULL);
- LTC_ARGCHK(public_key != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
-
- /* types valid? */
- if (private_key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- /* same idx? */
- if (private_key->idx != public_key->idx) {
- return CRYPT_PK_TYPE_MISMATCH;
- }
-
- /* compute y^x mod p */
- if ((err = mp_init_multi(&tmp, &p, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- if ((err = mp_read_radix(&p, (char *)sets[private_key->idx].prime, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_exptmod(&public_key->y, &private_key->x, &p, &tmp)) != MP_OKAY) { goto error; }
-
- /* enough space for output? */
- x = (unsigned long)mp_unsigned_bin_size(&tmp);
- if (*outlen < x) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto done;
- }
- if ((err = mp_to_unsigned_bin(&tmp, out)) != MP_OKAY) { goto error; }
- *outlen = x;
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&p, &tmp, NULL);
- return err;
-}
-
-#include "dh_sys.c"
-
-#endif
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/dh/dh.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/src/pk/dh/dh_sys.c b/src/pk/dh/dh_sys.c
deleted file mode 100644
index 4f10556..0000000
--- a/src/pk/dh/dh_sys.c
+++ /dev/null
@@ -1,499 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-
-/**
- @file dh_sys.c
- DH Crypto, Tom St Denis
-*/
-
-/**
- Encrypt a short symmetric key with a public DH key
- @param in The symmetric key to encrypt
- @param inlen The length of the key (octets)
- @param out [out] The ciphertext
- @param outlen [in/out] The max size and resulting size of the ciphertext
- @param prng An active PRNG state
- @param wprng The index of the PRNG desired
- @param hash The index of the hash desired (must produce a digest of size >= the size of the plaintext)
- @param key The public key you wish to encrypt with.
- @return CRYPT_OK if successful
-*/
-int dh_encrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, int hash,
- dh_key *key)
-{
- unsigned char *pub_expt, *dh_shared, *skey;
- dh_key pubkey;
- unsigned long x, y, z, hashsize, pubkeysize;
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* check that wprng/hash are not invalid */
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- if ((err = hash_is_valid(hash)) != CRYPT_OK) {
- return err;
- }
-
- if (inlen > hash_descriptor[hash].hashsize) {
- return CRYPT_INVALID_HASH;
- }
-
- /* allocate memory */
- pub_expt = XMALLOC(DH_BUF_SIZE);
- dh_shared = XMALLOC(DH_BUF_SIZE);
- skey = XMALLOC(MAXBLOCKSIZE);
- if (pub_expt == NULL || dh_shared == NULL || skey == NULL) {
- if (pub_expt != NULL) {
- XFREE(pub_expt);
- }
- if (dh_shared != NULL) {
- XFREE(dh_shared);
- }
- if (skey != NULL) {
- XFREE(skey);
- }
- return CRYPT_MEM;
- }
-
- /* make a random key and export the public copy */
- if ((err = dh_make_key(prng, wprng, dh_get_size(key), &pubkey)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- pubkeysize = DH_BUF_SIZE;
- if ((err = dh_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) {
- dh_free(&pubkey);
- goto LBL_ERR;
- }
-
- /* now check if the out buffer is big enough */
- if (*outlen < (1 + 4 + 4 + PACKET_SIZE + pubkeysize + inlen)) {
- dh_free(&pubkey);
- err = CRYPT_BUFFER_OVERFLOW;
- goto LBL_ERR;
- }
-
- /* make random key */
- hashsize = hash_descriptor[hash].hashsize;
-
- x = DH_BUF_SIZE;
- if ((err = dh_shared_secret(&pubkey, key, dh_shared, &x)) != CRYPT_OK) {
- dh_free(&pubkey);
- goto LBL_ERR;
- }
- dh_free(&pubkey);
-
- z = MAXBLOCKSIZE;
- if ((err = hash_memory(hash, dh_shared, x, skey, &z)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* store header */
- packet_store_header(out, PACKET_SECT_DH, PACKET_SUB_ENC_KEY);
-
- /* output header */
- y = PACKET_SIZE;
-
- /* size of hash name and the name itself */
- out[y++] = hash_descriptor[hash].ID;
-
- /* length of DH pubkey and the key itself */
- STORE32L(pubkeysize, out+y);
- y += 4;
- for (x = 0; x < pubkeysize; x++, y++) {
- out[y] = pub_expt[x];
- }
-
- /* Store the encrypted key */
- STORE32L(inlen, out+y);
- y += 4;
-
- for (x = 0; x < inlen; x++, y++) {
- out[y] = skey[x] ^ in[x];
- }
- *outlen = y;
-
- err = CRYPT_OK;
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- /* clean up */
- zeromem(pub_expt, DH_BUF_SIZE);
- zeromem(dh_shared, DH_BUF_SIZE);
- zeromem(skey, MAXBLOCKSIZE);
-#endif
- XFREE(skey);
- XFREE(dh_shared);
- XFREE(pub_expt);
-
- return err;
-}
-
-/**
- Decrypt a DH encrypted symmetric key
- @param in The DH encrypted packet
- @param inlen The length of the DH encrypted packet
- @param out The plaintext
- @param outlen [in/out] The max size and resulting size of the plaintext
- @param key The private DH key corresponding to the public key that encrypted the plaintext
- @return CRYPT_OK if successful
-*/
-int dh_decrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- dh_key *key)
-{
- unsigned char *shared_secret, *skey;
- unsigned long x, y, z, hashsize, keysize;
- int hash, err;
- dh_key pubkey;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* right key type? */
- if (key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- /* allocate ram */
- shared_secret = XMALLOC(DH_BUF_SIZE);
- skey = XMALLOC(MAXBLOCKSIZE);
- if (shared_secret == NULL || skey == NULL) {
- if (shared_secret != NULL) {
- XFREE(shared_secret);
- }
- if (skey != NULL) {
- XFREE(skey);
- }
- return CRYPT_MEM;
- }
-
- /* check if initial header should fit */
- if (inlen < PACKET_SIZE+1+4+4) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- } else {
- inlen -= PACKET_SIZE+1+4+4;
- }
-
- /* is header correct? */
- if ((err = packet_valid_header((unsigned char *)in, PACKET_SECT_DH, PACKET_SUB_ENC_KEY)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* now lets get the hash name */
- y = PACKET_SIZE;
- hash = find_hash_id(in[y++]);
- if (hash == -1) {
- err = CRYPT_INVALID_HASH;
- goto LBL_ERR;
- }
-
- /* common values */
- hashsize = hash_descriptor[hash].hashsize;
-
- /* get public key */
- LOAD32L(x, in+y);
-
- /* now check if the imported key will fit */
- if (inlen < x) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- } else {
- inlen -= x;
- }
-
- y += 4;
- if ((err = dh_import(in+y, x, &pubkey)) != CRYPT_OK) {
- goto LBL_ERR;
- }
- y += x;
-
- /* make shared key */
- x = DH_BUF_SIZE;
- if ((err = dh_shared_secret(key, &pubkey, shared_secret, &x)) != CRYPT_OK) {
- dh_free(&pubkey);
- goto LBL_ERR;
- }
- dh_free(&pubkey);
-
- z = MAXBLOCKSIZE;
- if ((err = hash_memory(hash, shared_secret, x, skey, &z)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* load in the encrypted key */
- LOAD32L(keysize, in+y);
-
- /* will the out fit as part of the input */
- if (inlen < keysize) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- } else {
- inlen -= keysize;
- }
-
- if (keysize > *outlen) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto LBL_ERR;
- }
- y += 4;
-
- *outlen = keysize;
-
- for (x = 0; x < keysize; x++, y++) {
- out[x] = skey[x] ^ in[y];
- }
-
- err = CRYPT_OK;
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(shared_secret, DH_BUF_SIZE);
- zeromem(skey, MAXBLOCKSIZE);
-#endif
-
- XFREE(skey);
- XFREE(shared_secret);
-
- return err;
-}
-
-/* perform an ElGamal Signature of a hash
- *
- * The math works as follows. x is the private key, M is the message to sign
-
- 1. pick a random k
- 2. compute a = g^k mod p
- 3. compute b = (M - xa)/k mod p
- 4. Send (a,b)
-
- Now to verify with y=g^x mod p, a and b
-
- 1. compute y^a * a^b = g^(xa) * g^(k*(M-xa)/k)
- = g^(xa + (M - xa))
- = g^M [all mod p]
-
- 2. Compare against g^M mod p [based on input hash].
- 3. If result of #2 == result of #1 then signature valid
-*/
-
-/**
- Sign a message digest using a DH private key
- @param in The data to sign
- @param inlen The length of the input (octets)
- @param out [out] The destination of the signature
- @param outlen [in/out] The max size and resulting size of the output
- @param prng An active PRNG state
- @param wprng The index of the PRNG desired
- @param key A private DH key
- @return CRYPT_OK if successful
-*/
-int dh_sign_hash(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, dh_key *key)
-{
- mp_int a, b, k, m, g, p, p1, tmp;
- unsigned char *buf;
- unsigned long x, y;
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* check parameters */
- if (key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- /* is the IDX valid ? */
- if (is_valid_idx(key->idx) != 1) {
- return CRYPT_PK_INVALID_TYPE;
- }
-
- /* allocate ram for buf */
- buf = XMALLOC(520);
-
- /* make up a random value k,
- * since the order of the group is prime
- * we need not check if gcd(k, r) is 1
- */
- if (prng_descriptor[wprng].read(buf, sets[key->idx].size, prng) !=
- (unsigned long)(sets[key->idx].size)) {
- err = CRYPT_ERROR_READPRNG;
- goto LBL_ERR;
- }
-
- /* init bignums */
- if ((err = mp_init_multi(&a, &b, &k, &m, &p, &g, &p1, &tmp, NULL)) != MP_OKAY) {
- err = mpi_to_ltc_error(err);
- goto LBL_ERR;
- }
-
- /* load k and m */
- if ((err = mp_read_unsigned_bin(&m, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; }
- if ((err = mp_read_unsigned_bin(&k, buf, sets[key->idx].size)) != MP_OKAY) { goto error; }
-
- /* load g, p and p1 */
- if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_sub_d(&p, 1, &p1)) != MP_OKAY) { goto error; }
- if ((err = mp_div_2(&p1, &p1)) != MP_OKAY) { goto error; } /* p1 = (p-1)/2 */
-
- /* now get a = g^k mod p */
- if ((err = mp_exptmod(&g, &k, &p, &a)) != MP_OKAY) { goto error; }
-
- /* now find M = xa + kb mod p1 or just b = (M - xa)/k mod p1 */
- if ((err = mp_invmod(&k, &p1, &k)) != MP_OKAY) { goto error; } /* k = 1/k mod p1 */
- if ((err = mp_mulmod(&a, &key->x, &p1, &tmp)) != MP_OKAY) { goto error; } /* tmp = xa */
- if ((err = mp_submod(&m, &tmp, &p1, &tmp)) != MP_OKAY) { goto error; } /* tmp = M - xa */
- if ((err = mp_mulmod(&k, &tmp, &p1, &b)) != MP_OKAY) { goto error; } /* b = (M - xa)/k */
-
- /* check for overflow */
- if ((unsigned long)(PACKET_SIZE + 4 + 4 + mp_unsigned_bin_size(&a) + mp_unsigned_bin_size(&b)) > *outlen) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto LBL_ERR;
- }
-
- /* store header */
- y = PACKET_SIZE;
-
- /* now store them both (a,b) */
- x = (unsigned long)mp_unsigned_bin_size(&a);
- STORE32L(x, out+y); y += 4;
- if ((err = mp_to_unsigned_bin(&a, out+y)) != MP_OKAY) { goto error; }
- y += x;
-
- x = (unsigned long)mp_unsigned_bin_size(&b);
- STORE32L(x, out+y); y += 4;
- if ((err = mp_to_unsigned_bin(&b, out+y)) != MP_OKAY) { goto error; }
- y += x;
-
- /* check if size too big */
- if (*outlen < y) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto LBL_ERR;
- }
-
- /* store header */
- packet_store_header(out, PACKET_SECT_DH, PACKET_SUB_SIGNED);
- *outlen = y;
-
- err = CRYPT_OK;
- goto LBL_ERR;
-error:
- err = mpi_to_ltc_error(err);
-LBL_ERR:
- mp_clear_multi(&tmp, &p1, &g, &p, &m, &k, &b, &a, NULL);
-
- XFREE(buf);
-
- return err;
-}
-
-
-/**
- Verify the signature given
- @param sig The signature
- @param siglen The length of the signature (octets)
- @param hash The hash that was signed
- @param hashlen The length of the hash (octets)
- @param stat [out] Result of signature comparison, 1==valid, 0==invalid
- @param key The public DH key that signed the hash
- @return CRYPT_OK if succsessful (even if signature is invalid)
-*/
-int dh_verify_hash(const unsigned char *sig, unsigned long siglen,
- const unsigned char *hash, unsigned long hashlen,
- int *stat, dh_key *key)
-{
- mp_int a, b, p, g, m, tmp;
- unsigned long x, y;
- int err;
-
- LTC_ARGCHK(sig != NULL);
- LTC_ARGCHK(hash != NULL);
- LTC_ARGCHK(stat != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* default to invalid */
- *stat = 0;
-
- /* check initial input length */
- if (siglen < PACKET_SIZE+4+4) {
- return CRYPT_INVALID_PACKET;
- }
-
- /* header ok? */
- if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DH, PACKET_SUB_SIGNED)) != CRYPT_OK) {
- return err;
- }
-
- /* get hash out of packet */
- y = PACKET_SIZE;
-
- /* init all bignums */
- if ((err = mp_init_multi(&a, &p, &b, &g, &m, &tmp, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- /* load a and b */
- INPUT_BIGNUM(&a, sig, x, y, siglen);
- INPUT_BIGNUM(&b, sig, x, y, siglen);
-
- /* load p and g */
- if ((err = mp_read_radix(&p, sets[key->idx].prime, 64)) != MP_OKAY) { goto error1; }
- if ((err = mp_read_radix(&g, sets[key->idx].base, 64)) != MP_OKAY) { goto error1; }
-
- /* load m */
- if ((err = mp_read_unsigned_bin(&m, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error1; }
-
- /* find g^m mod p */
- if ((err = mp_exptmod(&g, &m, &p, &m)) != MP_OKAY) { goto error1; } /* m = g^m mod p */
-
- /* find y^a * a^b */
- if ((err = mp_exptmod(&key->y, &a, &p, &tmp)) != MP_OKAY) { goto error1; } /* tmp = y^a mod p */
- if ((err = mp_exptmod(&a, &b, &p, &a)) != MP_OKAY) { goto error1; } /* a = a^b mod p */
- if ((err = mp_mulmod(&a, &tmp, &p, &a)) != MP_OKAY) { goto error1; } /* a = y^a * a^b mod p */
-
- /* y^a * a^b == g^m ??? */
- if (mp_cmp(&a, &m) == 0) {
- *stat = 1;
- }
-
- /* clean up */
- err = CRYPT_OK;
- goto done;
-error1:
- err = mpi_to_ltc_error(err);
-error:
-done:
- mp_clear_multi(&tmp, &m, &g, &p, &b, &a, NULL);
- return err;
-}
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/dh/dh_sys.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/src/pk/dsa/dsa_decrypt_key.c b/src/pk/dsa/dsa_decrypt_key.c
new file mode 100644
index 0000000..5cbedc6
--- /dev/null
+++ b/src/pk/dsa/dsa_decrypt_key.c
@@ -0,0 +1,139 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file dsa_decrypt_key.c
+ DSA Crypto, Tom St Denis
+*/
+
+#ifdef MDSA
+
+/**
+ Decrypt an DSA encrypted key
+ @param in The ciphertext
+ @param inlen The length of the ciphertext (octets)
+ @param out [out] The plaintext
+ @param outlen [in/out] The max size and resulting size of the plaintext
+ @param key The corresponding private DSA key
+ @return CRYPT_OK if successful
+*/
+int dsa_decrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ dsa_key *key)
+{
+ unsigned char *skey, *expt;
+ void *g_pub;
+ unsigned long x, y, hashOID[32];
+ int hash, err;
+ ltc_asn1_list decode[3];
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* right key type? */
+ if (key->type != PK_PRIVATE) {
+ return CRYPT_PK_NOT_PRIVATE;
+ }
+
+ /* decode to find out hash */
+ LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0]));
+
+ if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) {
+ return err;
+ }
+
+ hash = find_hash_oid(hashOID, decode[0].size);
+ if (hash_is_valid(hash) != CRYPT_OK) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* we now have the hash! */
+
+ if ((err = mp_init(&g_pub)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* allocate memory */
+ expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1);
+ skey = XMALLOC(MAXBLOCKSIZE);
+ if (expt == NULL || skey == NULL) {
+ if (expt != NULL) {
+ XFREE(expt);
+ }
+ if (skey != NULL) {
+ XFREE(skey);
+ }
+ mp_clear(g_pub);
+ return CRYPT_MEM;
+ }
+
+ LTC_SET_ASN1(decode, 1, LTC_ASN1_INTEGER, g_pub, 1UL);
+ LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE);
+
+ /* read the structure in now */
+ if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* make shared key */
+ x = mp_unsigned_bin_size(key->p) + 1;
+ if ((err = dsa_shared_secret(key->x, g_pub, key, expt, &x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ y = MIN(mp_unsigned_bin_size(key->p) + 1, MAXBLOCKSIZE);
+ if ((err = hash_memory(hash, expt, x, expt, &y)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* ensure the hash of the shared secret is at least as big as the encrypt itself */
+ if (decode[2].size > y) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+
+ /* avoid buffer overflow */
+ if (*outlen < decode[2].size) {
+ *outlen = decode[2].size;
+ err = CRYPT_BUFFER_OVERFLOW;
+ goto LBL_ERR;
+ }
+
+ /* Decrypt the key */
+ for (x = 0; x < decode[2].size; x++) {
+ out[x] = expt[x] ^ skey[x];
+ }
+ *outlen = x;
+
+ err = CRYPT_OK;
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+ zeromem(expt, mp_unsigned_bin_size(key->p) + 1);
+ zeromem(skey, MAXBLOCKSIZE);
+#endif
+
+ XFREE(expt);
+ XFREE(skey);
+
+ mp_clear(g_pub);
+
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_decrypt_key.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
+
diff --git a/src/pk/dsa/dsa_encrypt_key.c b/src/pk/dsa/dsa_encrypt_key.c
new file mode 100644
index 0000000..cefa4de
--- /dev/null
+++ b/src/pk/dsa/dsa_encrypt_key.c
@@ -0,0 +1,135 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file dsa_encrypt_key.c
+ DSA Crypto, Tom St Denis
+*/
+
+#ifdef MDSA
+
+/**
+ Encrypt a symmetric key with DSA
+ @param in The symmetric key you want to encrypt
+ @param inlen The length of the key to encrypt (octets)
+ @param out [out] The destination for the ciphertext
+ @param outlen [in/out] The max size and resulting size of the ciphertext
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG you wish to use
+ @param hash The index of the hash you want to use
+ @param key The DSA key you want to encrypt to
+ @return CRYPT_OK if successful
+*/
+int dsa_encrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ prng_state *prng, int wprng, int hash,
+ dsa_key *key)
+{
+ unsigned char *expt, *skey;
+ void *g_pub, *g_priv;
+ unsigned long x, y;
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* check that wprng/cipher/hash are not invalid */
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = hash_is_valid(hash)) != CRYPT_OK) {
+ return err;
+ }
+
+ if (inlen > hash_descriptor[hash].hashsize) {
+ return CRYPT_INVALID_HASH;
+ }
+
+ /* make a random key and export the public copy */
+ if ((err = mp_init_multi(&g_pub, &g_priv, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1);
+ skey = XMALLOC(MAXBLOCKSIZE);
+ if (expt == NULL || skey == NULL) {
+ if (expt != NULL) {
+ XFREE(expt);
+ }
+ if (skey != NULL) {
+ XFREE(skey);
+ }
+ mp_clear_multi(g_pub, g_priv, NULL);
+ return CRYPT_MEM;
+ }
+
+ /* make a random x, g^x pair */
+ x = mp_unsigned_bin_size(key->q);
+ if (prng_descriptor[wprng].read(expt, x, prng) != x) {
+ err = CRYPT_ERROR_READPRNG;
+ goto LBL_ERR;
+ }
+
+ /* load x */
+ if ((err = mp_read_unsigned_bin(g_priv, expt, x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* compute y */
+ if ((err = mp_exptmod(key->g, g_priv, key->p, g_pub)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* make random key */
+ x = mp_unsigned_bin_size(key->p) + 1;
+ if ((err = dsa_shared_secret(g_priv, key->y, key, expt, &x)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ y = MAXBLOCKSIZE;
+ if ((err = hash_memory(hash, expt, x, skey, &y)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* Encrypt key */
+ for (x = 0; x < inlen; x++) {
+ skey[x] ^= in[x];
+ }
+
+ err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID,
+ LTC_ASN1_INTEGER, 1UL, g_pub,
+ LTC_ASN1_OCTET_STRING, inlen, skey,
+ LTC_ASN1_EOL, 0UL, NULL);
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+ /* clean up */
+ zeromem(expt, mp_unsigned_bin_size(key->p) + 1);
+ zeromem(skey, MAXBLOCKSIZE);
+#endif
+
+ XFREE(skey);
+ XFREE(expt);
+
+ mp_clear_multi(g_pub, g_priv, NULL);
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_encrypt_key.c,v $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
+
diff --git a/src/pk/dsa/dsa_export.c b/src/pk/dsa/dsa_export.c
index 5a093d9..d882779 100644
--- a/src/pk/dsa/dsa_export.c
+++ b/src/pk/dsa/dsa_export.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -47,19 +47,19 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key
if (type == PK_PRIVATE) {
return der_encode_sequence_multi(out, outlen,
LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_INTEGER, 1UL, &key->g,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->y,
- LTC_ASN1_INTEGER, 1UL, &key->x,
+ LTC_ASN1_INTEGER, 1UL, key->g,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->y,
+ LTC_ASN1_INTEGER, 1UL, key->x,
LTC_ASN1_EOL, 0UL, NULL);
} else {
return der_encode_sequence_multi(out, outlen,
LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_INTEGER, 1UL, &key->g,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->y,
+ LTC_ASN1_INTEGER, 1UL, key->g,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->y,
LTC_ASN1_EOL, 0UL, NULL);
}
}
@@ -68,5 +68,5 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_export.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/06/03 19:24:31 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/dsa/dsa_free.c b/src/pk/dsa/dsa_free.c
index 9157acb..92a1eb7 100644
--- a/src/pk/dsa/dsa_free.c
+++ b/src/pk/dsa/dsa_free.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -23,12 +23,12 @@
*/
void dsa_free(dsa_key *key)
{
- LTC_ARGCHK(key != NULL);
- mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL);
+ LTC_ARGCHKVD(key != NULL);
+ mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_free.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/06/09 01:38:13 $ */
diff --git a/src/pk/dsa/dsa_import.c b/src/pk/dsa/dsa_import.c
index e81bac8..bb2272a 100644
--- a/src/pk/dsa/dsa_import.c
+++ b/src/pk/dsa/dsa_import.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -31,9 +31,10 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
/* init key */
- if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != MP_OKAY) {
+ if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != CRYPT_OK) {
return CRYPT_MEM;
}
@@ -47,11 +48,11 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
if (flags[0] == 1) {
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_INTEGER, 1UL, &key->g,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->y,
- LTC_ASN1_INTEGER, 1UL, &key->x,
+ LTC_ASN1_INTEGER, 1UL, key->g,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->y,
+ LTC_ASN1_INTEGER, 1UL, key->x,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto error;
}
@@ -59,31 +60,31 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
} else {
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_INTEGER, 1UL, &key->g,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->y,
+ LTC_ASN1_INTEGER, 1UL, key->g,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->y,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto error;
}
key->type = PK_PUBLIC;
}
- key->qord = mp_unsigned_bin_size(&key->q);
+ key->qord = mp_unsigned_bin_size(key->q);
if (key->qord >= MDSA_MAX_GROUP || key->qord <= 15 ||
- key->qord >= mp_unsigned_bin_size(&key->p) || (mp_unsigned_bin_size(&key->p) - key->qord) >= MDSA_DELTA) {
+ (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= MDSA_DELTA) {
err = CRYPT_INVALID_PACKET;
goto error;
}
return CRYPT_OK;
error:
- mp_clear_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL);
+ mp_clear_multi(key->p, key->g, key->q, key->x, key->y, NULL);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_import.c,v $ */
-/* $Revision: 1.7 $ */
-/* $Date: 2005/06/08 23:31:17 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/dsa/dsa_make_key.c b/src/pk/dsa/dsa_make_key.c
index 02f69e0..293e814 100644
--- a/src/pk/dsa/dsa_make_key.c
+++ b/src/pk/dsa/dsa_make_key.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -28,11 +28,12 @@
*/
int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key)
{
- mp_int tmp, tmp2;
+ void *tmp, *tmp2;
int err, res;
unsigned char *buf;
LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
/* check prng */
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
@@ -52,21 +53,21 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
}
/* init mp_ints */
- if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != MP_OKAY) {
- err = mpi_to_ltc_error(err);
- goto LBL_ERR;
+ if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) {
+ XFREE(buf);
+ return err;
}
/* make our prime q */
- if ((err = rand_prime(&key->q, group_size*8, prng, wprng)) != CRYPT_OK) { goto LBL_ERR; }
+ if ((err = rand_prime(key->q, group_size, prng, wprng)) != CRYPT_OK) { goto error; }
/* double q */
- if ((err = mp_mul_2(&key->q, &tmp)) != MP_OKAY) { goto error; }
+ if ((err = mp_add(key->q, key->q, tmp)) != CRYPT_OK) { goto error; }
/* now make a random string and multply it against q */
if (prng_descriptor[wprng].read(buf+1, modulus_size - group_size, prng) != (unsigned long)(modulus_size - group_size)) {
err = CRYPT_ERROR_READPRNG;
- goto LBL_ERR;
+ goto error;
}
/* force magnitude */
@@ -75,30 +76,30 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
/* force even */
buf[modulus_size - group_size - 1] &= ~1;
- if ((err = mp_read_unsigned_bin(&tmp2, buf, modulus_size - group_size)) != MP_OKAY) { goto error; }
- if ((err = mp_mul(&key->q, &tmp2, &key->p)) != MP_OKAY) { goto error; }
- if ((err = mp_add_d(&key->p, 1, &key->p)) != MP_OKAY) { goto error; }
+ if ((err = mp_read_unsigned_bin(tmp2, buf, modulus_size - group_size)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mul(key->q, tmp2, key->p)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add_d(key->p, 1, key->p)) != CRYPT_OK) { goto error; }
/* now loop until p is prime */
for (;;) {
- if ((err = is_prime(&key->p, &res)) != CRYPT_OK) { goto LBL_ERR; }
- if (res == MP_YES) break;
+ if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { goto error; }
+ if (res == LTC_MP_YES) break;
/* add 2q to p and 2 to tmp2 */
- if ((err = mp_add(&tmp, &key->p, &key->p)) != MP_OKAY) { goto error; }
- if ((err = mp_add_d(&tmp2, 2, &tmp2)) != MP_OKAY) { goto error; }
+ if ((err = mp_add(tmp, key->p, key->p)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add_d(tmp2, 2, tmp2)) != CRYPT_OK) { goto error; }
}
/* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */
- mp_set(&key->g, 1);
+ mp_set(key->g, 1);
do {
- if ((err = mp_add_d(&key->g, 1, &key->g)) != MP_OKAY) { goto error; }
- if ((err = mp_exptmod(&key->g, &tmp2, &key->p, &tmp)) != MP_OKAY) { goto error; }
- } while (mp_cmp_d(&tmp, 1) == MP_EQ);
+ if ((err = mp_add_d(key->g, 1, key->g)) != CRYPT_OK) { goto error; }
+ if ((err = mp_exptmod(key->g, tmp2, key->p, tmp)) != CRYPT_OK) { goto error; }
+ } while (mp_cmp_d(tmp, 1) == LTC_MP_EQ);
/* at this point tmp generates a group of order q mod p */
- mp_exch(&tmp, &key->g);
+ mp_exch(tmp, key->g);
/* so now we have our DH structure, generator g, order q, modulus p
Now we need a random exponent [mod q] and it's power g^x mod p
@@ -106,22 +107,15 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
do {
if (prng_descriptor[wprng].read(buf, group_size, prng) != (unsigned long)group_size) {
err = CRYPT_ERROR_READPRNG;
- goto LBL_ERR;
+ goto error;
}
- if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != MP_OKAY) { goto error; }
- } while (mp_cmp_d(&key->x, 1) != MP_GT);
- if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != MP_OKAY) { goto error; }
-
+ if ((err = mp_read_unsigned_bin(key->x, buf, group_size)) != CRYPT_OK) { goto error; }
+ } while (mp_cmp_d(key->x, 1) != LTC_MP_GT);
+ if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto error; }
+
key->type = PK_PRIVATE;
key->qord = group_size;
- /* shrink the ram required */
- if ((err = mp_shrink(&key->g)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->x)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->y)) != MP_OKAY) { goto error; }
-
#ifdef LTC_CLEAN_STACK
zeromem(buf, MDSA_DELTA);
#endif
@@ -129,12 +123,9 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
err = CRYPT_OK;
goto done;
error:
- err = mpi_to_ltc_error(err);
-LBL_ERR:
- mp_clear_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL);
+ mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL);
done:
- mp_clear_multi(&tmp, &tmp2, NULL);
-
+ mp_clear_multi(tmp, tmp2, NULL);
XFREE(buf);
return err;
}
@@ -142,5 +133,5 @@ done:
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_make_key.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/11 05:45:35 $ */
+/* $Revision: 1.10 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
diff --git a/src/pk/dsa/dsa_shared_secret.c b/src/pk/dsa/dsa_shared_secret.c
new file mode 100644
index 0000000..570d637
--- /dev/null
+++ b/src/pk/dsa/dsa_shared_secret.c
@@ -0,0 +1,72 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file dsa_shared_secret.c
+ DSA Crypto, Tom St Denis
+*/
+
+#ifdef MDSA
+
+/**
+ Create a DSA shared secret between two keys
+ @param private_key The private DSA key (the exponent)
+ @param base The base of the exponentiation (allows this to be used for both encrypt and decrypt)
+ @param public_key The public key
+ @param out [out] Destination of the shared secret
+ @param outlen [in/out] The max size and resulting size of the shared secret
+ @return CRYPT_OK if successful
+*/
+int dsa_shared_secret(void *private_key, void *base,
+ dsa_key *public_key,
+ unsigned char *out, unsigned long *outlen)
+{
+ unsigned long x;
+ void *res;
+ int err;
+
+ LTC_ARGCHK(private_key != NULL);
+ LTC_ARGCHK(public_key != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ /* make new point */
+ if ((err = mp_init(&res)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = mp_exptmod(base, private_key, public_key->p, res)) != CRYPT_OK) {
+ mp_clear(res);
+ return err;
+ }
+
+ x = (unsigned long)mp_unsigned_bin_size(res);
+ if (*outlen < x) {
+ *outlen = x;
+ err = CRYPT_BUFFER_OVERFLOW;
+ goto done;
+ }
+ zeromem(out, x);
+ if ((err = mp_to_unsigned_bin(res, out + (x - mp_unsigned_bin_size(res)))) != CRYPT_OK) { goto done; }
+
+ err = CRYPT_OK;
+ *outlen = x;
+done:
+ mp_clear(res);
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_shared_secret.c,v $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
+
diff --git a/src/pk/dsa/dsa_sign_hash.c b/src/pk/dsa/dsa_sign_hash.c
index 48d29a2..f84dd28 100644
--- a/src/pk/dsa/dsa_sign_hash.c
+++ b/src/pk/dsa/dsa_sign_hash.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -29,10 +29,10 @@
@return CRYPT_OK if successful
*/
int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen,
- mp_int *r, mp_int *s,
+ void *r, void *s,
prng_state *prng, int wprng, dsa_key *key)
{
- mp_int k, kinv, tmp;
+ void *k, *kinv, *tmp;
unsigned char *buf;
int err;
@@ -59,7 +59,7 @@ int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen,
}
/* Init our temps */
- if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != MP_OKAY) { goto error; }
+ if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) { goto ERRBUF; }
retry:
@@ -67,43 +67,40 @@ retry:
/* gen random k */
if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) {
err = CRYPT_ERROR_READPRNG;
- goto LBL_ERR;
+ goto error;
}
/* read k */
- if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != MP_OKAY) { goto error; }
+ if ((err = mp_read_unsigned_bin(k, buf, key->qord)) != CRYPT_OK) { goto error; }
/* k > 1 ? */
- if (mp_cmp_d(&k, 1) != MP_GT) { goto retry; }
+ if (mp_cmp_d(k, 1) != LTC_MP_GT) { goto retry; }
/* test gcd */
- if ((err = mp_gcd(&k, &key->q, &tmp)) != MP_OKAY) { goto error; }
- } while (mp_cmp_d(&tmp, 1) != MP_EQ);
+ if ((err = mp_gcd(k, key->q, tmp)) != CRYPT_OK) { goto error; }
+ } while (mp_cmp_d(tmp, 1) != LTC_MP_EQ);
/* now find 1/k mod q */
- if ((err = mp_invmod(&k, &key->q, &kinv)) != MP_OKAY) { goto error; }
+ if ((err = mp_invmod(k, key->q, kinv)) != CRYPT_OK) { goto error; }
/* now find r = g^k mod p mod q */
- if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != MP_OKAY) { goto error; }
- if ((err = mp_mod(r, &key->q, r)) != MP_OKAY) { goto error; }
+ if ((err = mp_exptmod(key->g, k, key->p, r)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mod(r, key->q, r)) != CRYPT_OK) { goto error; }
- if (mp_iszero(r) == MP_YES) { goto retry; }
+ if (mp_iszero(r) == LTC_MP_YES) { goto retry; }
/* now find s = (in + xr)/k mod q */
- if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; }
- if ((err = mp_mul(&key->x, r, s)) != MP_OKAY) { goto error; }
- if ((err = mp_add(s, &tmp, s)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(s, &kinv, &key->q, s)) != MP_OKAY) { goto error; }
+ if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, inlen)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mul(key->x, r, s)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add(s, tmp, s)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mulmod(s, kinv, key->q, s)) != CRYPT_OK) { goto error; }
- if (mp_iszero(s) == MP_YES) { goto retry; }
+ if (mp_iszero(s) == LTC_MP_YES) { goto retry; }
err = CRYPT_OK;
- goto LBL_ERR;
-
error:
- err = mpi_to_ltc_error(err);
-LBL_ERR:
- mp_clear_multi(&k, &kinv, &tmp, NULL);
+ mp_clear_multi(k, kinv, tmp, NULL);
+ERRBUF:
#ifdef LTC_CLEAN_STACK
zeromem(buf, MDSA_MAX_GROUP);
#endif
@@ -126,7 +123,7 @@ int dsa_sign_hash(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
prng_state *prng, int wprng, dsa_key *key)
{
- mp_int r, s;
+ void *r, *s;
int err;
LTC_ARGCHK(in != NULL);
@@ -134,26 +131,26 @@ int dsa_sign_hash(const unsigned char *in, unsigned long inlen,
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
- if (mp_init_multi(&r, &s, NULL) != MP_OKAY) {
+ if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) {
return CRYPT_MEM;
}
- if ((err = dsa_sign_hash_raw(in, inlen, &r, &s, prng, wprng, key)) != CRYPT_OK) {
- goto LBL_ERR;
+ if ((err = dsa_sign_hash_raw(in, inlen, r, s, prng, wprng, key)) != CRYPT_OK) {
+ goto error;
}
err = der_encode_sequence_multi(out, outlen,
- LTC_ASN1_INTEGER, 1UL, &r,
- LTC_ASN1_INTEGER, 1UL, &s,
+ LTC_ASN1_INTEGER, 1UL, r,
+ LTC_ASN1_INTEGER, 1UL, s,
LTC_ASN1_EOL, 0UL, NULL);
-LBL_ERR:
- mp_clear_multi(&r, &s, NULL);
+error:
+ mp_clear_multi(r, s, NULL);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_sign_hash.c,v $ */
-/* $Revision: 1.6 $ */
-/* $Date: 2005/05/15 21:48:59 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/12/04 22:27:56 $ */
diff --git a/src/pk/dsa/dsa_verify_hash.c b/src/pk/dsa/dsa_verify_hash.c
index 11e5c33..0e8ff22 100644
--- a/src/pk/dsa/dsa_verify_hash.c
+++ b/src/pk/dsa/dsa_verify_hash.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -28,11 +28,11 @@
@param key The corresponding public DH key
@return CRYPT_OK if successful (even if the signature is invalid)
*/
-int dsa_verify_hash_raw( mp_int *r, mp_int *s,
+int dsa_verify_hash_raw( void *r, void *s,
const unsigned char *hash, unsigned long hashlen,
int *stat, dsa_key *key)
{
- mp_int w, v, u1, u2;
+ void *w, *v, *u1, *u2;
int err;
LTC_ARGCHK(r != NULL);
@@ -44,42 +44,40 @@ int dsa_verify_hash_raw( mp_int *r, mp_int *s,
*stat = 0;
/* init our variables */
- if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
+ if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) {
+ return err;
}
/* neither r or s can be null or >q*/
- if (mp_iszero(r) == MP_YES || mp_iszero(s) == MP_YES || mp_cmp(r, &key->q) != MP_LT || mp_cmp(s, &key->q) != MP_LT) {
+ if (mp_iszero(r) == LTC_MP_YES || mp_iszero(s) == LTC_MP_YES || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) {
err = CRYPT_INVALID_PACKET;
- goto done;
+ goto error;
}
/* w = 1/s mod q */
- if ((err = mp_invmod(s, &key->q, &w)) != MP_OKAY) { goto error; }
+ if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; }
/* u1 = m * w mod q */
- if ((err = mp_read_unsigned_bin(&u1, (unsigned char *)hash, hashlen)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(&u1, &w, &key->q, &u1)) != MP_OKAY) { goto error; }
+ if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; }
/* u2 = r*w mod q */
- if ((err = mp_mulmod(r, &w, &key->q, &u2)) != MP_OKAY) { goto error; }
+ if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; }
/* v = g^u1 * y^u2 mod p mod q */
- if ((err = mp_exptmod(&key->g, &u1, &key->p, &u1)) != MP_OKAY) { goto error; }
- if ((err = mp_exptmod(&key->y, &u2, &key->p, &u2)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(&u1, &u2, &key->p, &v)) != MP_OKAY) { goto error; }
- if ((err = mp_mod(&v, &key->q, &v)) != MP_OKAY) { goto error; }
+ if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; }
+ if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mod(v, key->q, v)) != CRYPT_OK) { goto error; }
/* if r = v then we're set */
- if (mp_cmp(r, &v) == MP_EQ) {
+ if (mp_cmp(r, v) == LTC_MP_EQ) {
*stat = 1;
}
err = CRYPT_OK;
- goto done;
-
-error : err = mpi_to_ltc_error(err);
-done : mp_clear_multi(&w, &v, &u1, &u2, NULL);
+error:
+ mp_clear_multi(w, v, u1, u2, NULL);
return err;
}
@@ -98,7 +96,7 @@ int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
int *stat, dsa_key *key)
{
int err;
- mp_int r, s;
+ void *r, *s;
if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) {
return CRYPT_MEM;
@@ -106,17 +104,17 @@ int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
/* decode the sequence */
if ((err = der_decode_sequence_multi(sig, siglen,
- LTC_ASN1_INTEGER, 1UL, &r,
- LTC_ASN1_INTEGER, 1UL, &s,
+ LTC_ASN1_INTEGER, 1UL, r,
+ LTC_ASN1_INTEGER, 1UL, s,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
/* do the op */
- err = dsa_verify_hash_raw(&r, &s, hash, hashlen, stat, key);
+ err = dsa_verify_hash_raw(r, s, hash, hashlen, stat, key);
LBL_ERR:
- mp_clear_multi(&r, &s, NULL);
+ mp_clear_multi(r, s, NULL);
return err;
}
@@ -124,5 +122,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_hash.c,v $ */
-/* $Revision: 1.8 $ */
-/* $Date: 2005/05/15 21:48:59 $ */
+/* $Revision: 1.13 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
diff --git a/src/pk/dsa/dsa_verify_key.c b/src/pk/dsa/dsa_verify_key.c
index b7be103..27054d6 100644
--- a/src/pk/dsa/dsa_verify_key.c
+++ b/src/pk/dsa/dsa_verify_key.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -25,7 +25,7 @@
*/
int dsa_verify_key(dsa_key *key, int *stat)
{
- mp_int tmp, tmp2;
+ void *tmp, *tmp2;
int res, err;
LTC_ARGCHK(key != NULL);
@@ -35,15 +35,14 @@ int dsa_verify_key(dsa_key *key, int *stat)
*stat = 0;
/* first make sure key->q and key->p are prime */
- if ((err = is_prime(&key->q, &res)) != CRYPT_OK) {
+ if ((err = mp_prime_is_prime(key->q, 8, &res)) != CRYPT_OK) {
return err;
}
if (res == 0) {
return CRYPT_OK;
}
-
- if ((err = is_prime(&key->p, &res)) != CRYPT_OK) {
+ if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) {
return err;
}
if (res == 0) {
@@ -51,52 +50,51 @@ int dsa_verify_key(dsa_key *key, int *stat)
}
/* now make sure that g is not -1, 0 or 1 and <p */
- if (mp_cmp_d(&key->g, 0) == MP_EQ || mp_cmp_d(&key->g, 1) == MP_EQ) {
+ if (mp_cmp_d(key->g, 0) == LTC_MP_EQ || mp_cmp_d(key->g, 1) == LTC_MP_EQ) {
return CRYPT_OK;
}
- if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != MP_OKAY) { goto error; }
- if ((err = mp_sub_d(&key->p, 1, &tmp)) != MP_OKAY) { goto error; }
- if (mp_cmp(&tmp, &key->g) == MP_EQ || mp_cmp(&key->g, &key->p) != MP_LT) {
+ if ((err = mp_init_multi(&tmp, &tmp2, NULL)) != CRYPT_OK) { return err; }
+ if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) { goto error; }
+ if (mp_cmp(tmp, key->g) == LTC_MP_EQ || mp_cmp(key->g, key->p) != LTC_MP_LT) {
err = CRYPT_OK;
- goto done;
+ goto error;
}
/* 1 < y < p-1 */
- if (!(mp_cmp_d(&key->y, 1) == MP_GT && mp_cmp(&key->y, &tmp) == MP_LT)) {
+ if (!(mp_cmp_d(key->y, 1) == LTC_MP_GT && mp_cmp(key->y, tmp) == LTC_MP_LT)) {
err = CRYPT_OK;
- goto done;
+ goto error;
}
/* now we have to make sure that g^q = 1, and that p-1/q gives 0 remainder */
- if ((err = mp_div(&tmp, &key->q, &tmp, &tmp2)) != MP_OKAY) { goto error; }
- if (mp_iszero(&tmp2) != MP_YES) {
+ if ((err = mp_div(tmp, key->q, tmp, tmp2)) != CRYPT_OK) { goto error; }
+ if (mp_iszero(tmp2) != LTC_MP_YES) {
err = CRYPT_OK;
- goto done;
+ goto error;
}
- if ((err = mp_exptmod(&key->g, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&tmp, 1) != MP_EQ) {
+ if ((err = mp_exptmod(key->g, key->q, key->p, tmp)) != CRYPT_OK) { goto error; }
+ if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) {
err = CRYPT_OK;
- goto done;
+ goto error;
}
/* now we have to make sure that y^q = 1, this makes sure y \in g^x mod p */
- if ((err = mp_exptmod(&key->y, &key->q, &key->p, &tmp)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&tmp, 1) != MP_EQ) {
+ if ((err = mp_exptmod(key->y, key->q, key->p, tmp)) != CRYPT_OK) { goto error; }
+ if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) {
err = CRYPT_OK;
- goto done;
+ goto error;
}
/* at this point we are out of tests ;-( */
err = CRYPT_OK;
*stat = 1;
- goto done;
-error: err = mpi_to_ltc_error(err);
-done : mp_clear_multi(&tmp, &tmp2, NULL);
+error:
+ mp_clear_multi(tmp, tmp2, NULL);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/dsa/dsa_verify_key.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/12/04 03:18:43 $ */
diff --git a/src/pk/ecc/ecc.c b/src/pk/ecc/ecc.c
index 469d56d..90bbed4 100644
--- a/src/pk/ecc/ecc.c
+++ b/src/pk/ecc/ecc.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
@@ -23,125 +23,94 @@
#ifdef MECC
-/* size of our temp buffers for exported keys */
-#define ECC_BUF_SIZE 256
-
-/* max private key size */
-#define ECC_MAXSIZE 66
-
/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */
-static const struct {
- int size;
- char *name, *prime, *B, *order, *Gx, *Gy;
-} sets[] = {
+const ltc_ecc_set_type ltc_ecc_sets[] = {
+#ifdef ECC112
+{
+ 14,
+ "SECP112R1",
+ "DB7C2ABF62E35E668076BEAD208B",
+ "659EF8BA043916EEDE8911702B22",
+ "DB7C2ABF62E35E7628DFAC6561C5",
+ "09487239995A5EE76B55F9C2F098",
+ "A89CE5AF8724C0A23E0E0FF77500"
+},
+#endif
+#ifdef ECC128
+{
+ 16,
+ "SECP128R1",
+ "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+ "E87579C11079F43DD824993C2CEE5ED3",
+ "FFFFFFFE0000000075A30D1B9038A115",
+ "161FF7528B899B2D0C28607CA52C5B86",
+ "CF5AC8395BAFEB13C02DA292DDED7A83",
+},
+#endif
+#ifdef ECC160
+{
+ 20,
+ "SECP160R1",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
+ "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+ "0100000000000000000001F4C8F927AED3CA752257",
+ "4A96B5688EF573284664698968C38BB913CBFC82",
+ "23A628553168947D59DCC912042351377AC5FB32",
+},
+#endif
#ifdef ECC192
{
- 24,
- "ECC-192",
- /* prime */
- "/////////////////////l//////////",
-
- /* B */
- "P2456UMSWESFf+chSYGmIVwutkp1Hhcn",
-
- /* order */
- "////////////////cTxuDXHhoR6qqYWn",
-
- /* Gx */
- "68se3h0maFPylo3hGw680FJ/2ls2/n0I",
-
- /* Gy */
- "1nahbV/8sdXZ417jQoJDrNFvTw4UUKWH"
+ 24,
+ "ECC-192",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+ "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+ "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",
+ "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+ "7192B95FFC8DA78631011ED6B24CDD573F977A11E794811",
},
#endif
#ifdef ECC224
{
- 28,
- "ECC-224",
-
- /* prime */
- "3/////////////////////0000000000000001",
-
- /* B */
- "2q1Gg530Ipg/L1CbPGHB2trx/OkYSBEKCZLV+q",
-
- /* order */
- "3//////////////////nQYuBZmFXFTAKLSN2ez",
-
- /* Gx */
- "2t3WozQxI/Vp8JaBbA0y7JLi8H8ZGoWDOHN1qX",
-
-
- /* Gy */
- "2zDsE8jVSZ+qmYt+RDGtMWMWT7P4JLWPc507uq",
+ 28,
+ "ECC-224",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+ "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",
+ "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+ "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",
},
#endif
#ifdef ECC256
{
- 32,
- "ECC-256",
- /* Prime */
- "F////y000010000000000000000////////////////",
-
- /* B */
- "5h6DTYgEfFdi+kzLNQOXhnb7GQmp5EmzZlEF3udqc1B",
-
- /* Order */
- "F////y00000//////////+yvlgjfnUUXFEvoiByOoLH",
-
- /* Gx */
- "6iNqVBXB497+BpcvMEaGF9t0ts1BUipeFIXEKNOcCAM",
-
- /* Gy */
- "4/ZGkB+6d+RZkVhIdmFdXOhpZDNQp5UpiksG6Wtlr7r"
+ 32,
+ "ECC-256",
+ "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+ "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+ "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",
+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",
},
#endif
#ifdef ECC384
{
- 48,
- "ECC-384",
- /* prime */
- "//////////////////////////////////////////x/////00000000003/"
- "////",
-
- /* B */
- "ip4lf+8+v+IOZWLhu/Wj6HWTd6x+WK4I0nG8Zr0JXrh6LZcDYYxHdIg5oEtJ"
- "x2hl",
-
- /* Order */
- "////////////////////////////////nsDDWVGtBTzO6WsoIB2dUkpi6MhC"
- "nIbp",
-
- /* Gx and Gy */
- "geVA8hwB1JUEiSSUyo2jT6uTEsABfvkOMVT1u89KAZXL0l9TlrKfR3fKNZXo"
- "TWgt",
-
- "DXVUIfOcB6zTdfY/afBSAVZq7RqecXHywTen4xNmkC0AOB7E7Nw1dNf37NoG"
- "wWvV"
+ 48,
+ "ECC-384",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF",
+ "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF",
+ "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973",
+ "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7",
+ "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F",
},
#endif
#ifdef ECC521
{
- 65,
- "ECC-521",
- /* prime */
- "V///////////////////////////////////////////////////////////"
- "///////////////////////////",
-
- /* B */
- "56LFhbXZXoQ7vAQ8Q2sXK3kejfoMvcp5VEuj8cHZl49uLOPEL7iVfDx5bB0l"
- "JknlmSrSz+8FImqyUz57zHhK3y0",
-
- /* Order */
- "V//////////////////////////////////////////+b66XuE/BvPhVym1I"
- "FS9fT0xjScuYPn7hhjljnwHE6G9",
-
- /* Gx and Gy */
- "CQ5ZWQt10JfpPu+osOZbRH2d6I1EGK/jI7uAAzWQqqzkg5BNdVlvrae/Xt19"
- "wB/gDupIBF1XMf2c/b+VZ72vRrc",
-
- "HWvAMfucZl015oANxGiVHlPcFL4ILURH6WNhxqN9pvcB9VkSfbUz2P0nL2v0"
- "J+j1s4rF726edB2G8Y+b7QVqMPG",
+ 66,
+ "ECC-521",
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+ "51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+ "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",
+ "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+ "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650",
},
#endif
{
@@ -150,887 +119,9 @@ static const struct {
}
};
-static int is_valid_idx(int n)
-{
- int x;
-
- for (x = 0; sets[x].size != 0; x++);
- if ((n < 0) || (n >= x)) {
- return 0;
- }
- return 1;
-}
-
-static ecc_point *new_point(void)
-{
- ecc_point *p;
- p = XMALLOC(sizeof(ecc_point));
- if (p == NULL) {
- return NULL;
- }
- if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != MP_OKAY) {
- XFREE(p);
- return NULL;
- }
- return p;
-}
-
-static void del_point(ecc_point *p)
-{
- /* prevents free'ing null arguments */
- if (p != NULL) {
- mp_clear_multi(&p->x, &p->y, &p->z, NULL);
- XFREE(p);
- }
-}
-
-static int ecc_map(ecc_point *P, mp_int *modulus, mp_digit mp)
-{
- mp_int t1, t2;
- int err;
-
- if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) {
- return CRYPT_MEM;
- }
-
- /* first map z back to normal */
- if ((err = mp_montgomery_reduce(&P->z, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* get 1/z */
- if ((err = mp_invmod(&P->z, modulus, &t1)) != MP_OKAY) { goto error; }
-
- /* get 1/z^2 and 1/z^3 */
- if ((err = mp_sqr(&t1, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_mod(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_mul(&t1, &t2, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_mod(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
-
- /* multiply against x/y */
- if ((err = mp_mul(&P->x, &t2, &P->x)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&P->x, modulus, mp)) != MP_OKAY) { goto error; }
- if ((err = mp_mul(&P->y, &t1, &P->y)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&P->y, modulus, mp)) != MP_OKAY) { goto error; }
- mp_set(&P->z, 1);
-
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&t1, &t2, NULL);
- return err;
-
-}
-
-/* double a point R = 2P, R can be P*/
-static int dbl_point(ecc_point *P, ecc_point *R, mp_int *modulus, mp_digit mp)
-{
- mp_int t1, t2;
- int err;
-
- if ((err = mp_init_multi(&t1, &t2, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- if ((err = mp_copy(&P->x, &R->x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&P->y, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&P->z, &R->z)) != MP_OKAY) { goto error; }
-
- /* t1 = Z * Z */
- if ((err = mp_sqr(&R->z, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* Z = Y * Z */
- if ((err = mp_mul(&R->z, &R->y, &R->z)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&R->z, modulus, mp)) != MP_OKAY) { goto error; }
- /* Z = 2Z */
- if ((err = mp_mul_2(&R->z, &R->z)) != MP_OKAY) { goto error; }
- if (mp_cmp(&R->z, modulus) != MP_LT) {
- if ((err = mp_sub(&R->z, modulus, &R->z)) != MP_OKAY) { goto error; }
- }
-
- /* T2 = X - T1 */
- if ((err = mp_sub(&R->x, &t1, &t2)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&t2, 0) == MP_LT) {
- if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
- /* T1 = X + T1 */
- if ((err = mp_add(&t1, &R->x, &t1)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t1, modulus) != MP_LT) {
- if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
- }
- /* T2 = T1 * T2 */
- if ((err = mp_mul(&t1, &t2, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; }
- /* T1 = 2T2 */
- if ((err = mp_mul_2(&t2, &t1)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t1, modulus) != MP_LT) {
- if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
- }
- /* T1 = T1 + T2 */
- if ((err = mp_add(&t1, &t2, &t1)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t1, modulus) != MP_LT) {
- if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
- }
-
- /* Y = 2Y */
- if ((err = mp_mul_2(&R->y, &R->y)) != MP_OKAY) { goto error; }
- if (mp_cmp(&R->y, modulus) != MP_LT) {
- if ((err = mp_sub(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; }
- }
- /* Y = Y * Y */
- if ((err = mp_sqr(&R->y, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&R->y, modulus, mp)) != MP_OKAY) { goto error; }
- /* T2 = Y * Y */
- if ((err = mp_sqr(&R->y, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; }
- /* T2 = T2/2 */
- if (mp_isodd(&t2)) {
- if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
- if ((err = mp_div_2(&t2, &t2)) != MP_OKAY) { goto error; }
- /* Y = Y * X */
- if ((err = mp_mul(&R->y, &R->x, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&R->y, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* X = T1 * T1 */
- if ((err = mp_sqr(&t1, &R->x)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&R->x, modulus, mp)) != MP_OKAY) { goto error; }
- /* X = X - Y */
- if ((err = mp_sub(&R->x, &R->y, &R->x)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&R->x, 0) == MP_LT) {
- if ((err = mp_add(&R->x, modulus, &R->x)) != MP_OKAY) { goto error; }
- }
- /* X = X - Y */
- if ((err = mp_sub(&R->x, &R->y, &R->x)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&R->x, 0) == MP_LT) {
- if ((err = mp_add(&R->x, modulus, &R->x)) != MP_OKAY) { goto error; }
- }
-
- /* Y = Y - X */
- if ((err = mp_sub(&R->y, &R->x, &R->y)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&R->y, 0) == MP_LT) {
- if ((err = mp_add(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; }
- }
- /* Y = Y * T1 */
- if ((err = mp_mul(&R->y, &t1, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&R->y, modulus, mp)) != MP_OKAY) { goto error; }
- /* Y = Y - T2 */
- if ((err = mp_sub(&R->y, &t2, &R->y)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&R->y, 0) == MP_LT) {
- if ((err = mp_add(&R->y, modulus, &R->y)) != MP_OKAY) { goto error; }
- }
-
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&t1, &t2, NULL);
- return err;
-}
-
-/* add two different points over Z/pZ, R = P + Q, note R can equal either P or Q */
-static int add_point(ecc_point *P, ecc_point *Q, ecc_point *R, mp_int *modulus, mp_digit mp)
-{
- mp_int t1, t2, x, y, z;
- int err;
-
- if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- if ((err = mp_copy(&P->x, &x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&P->y, &y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&P->z, &z)) != MP_OKAY) { goto error; }
-
- /* T1 = Z' * Z' */
- if ((err = mp_sqr(&Q->z, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* X = X * T1 */
- if ((err = mp_mul(&t1, &x, &x)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; }
- /* T1 = Z' * T1 */
- if ((err = mp_mul(&Q->z, &t1, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* Y = Y * T1 */
- if ((err = mp_mul(&t1, &y, &y)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&y, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* T1 = Z*Z */
- if ((err = mp_sqr(&z, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* T2 = X' * T1 */
- if ((err = mp_mul(&Q->x, &t1, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; }
- /* T1 = Z * T1 */
- if ((err = mp_mul(&z, &t1, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* T1 = Y' * T1 */
- if ((err = mp_mul(&Q->y, &t1, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* Y = Y - T1 */
- if ((err = mp_sub(&y, &t1, &y)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&y, 0) == MP_LT) {
- if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; }
- }
- /* T1 = 2T1 */
- if ((err = mp_mul_2(&t1, &t1)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t1, modulus) != MP_LT) {
- if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
- }
- /* T1 = Y + T1 */
- if ((err = mp_add(&t1, &y, &t1)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t1, modulus) != MP_LT) {
- if ((err = mp_sub(&t1, modulus, &t1)) != MP_OKAY) { goto error; }
- }
- /* X = X - T2 */
- if ((err = mp_sub(&x, &t2, &x)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&x, 0) == MP_LT) {
- if ((err = mp_add(&x, modulus, &x)) != MP_OKAY) { goto error; }
- }
- /* T2 = 2T2 */
- if ((err = mp_mul_2(&t2, &t2)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t2, modulus) != MP_LT) {
- if ((err = mp_sub(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
- /* T2 = X + T2 */
- if ((err = mp_add(&t2, &x, &t2)) != MP_OKAY) { goto error; }
- if (mp_cmp(&t2, modulus) != MP_LT) {
- if ((err = mp_sub(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
-
- /* if Z' != 1 */
- if (mp_cmp_d(&Q->z, 1) != MP_EQ) {
- /* Z = Z * Z' */
- if ((err = mp_mul(&z, &Q->z, &z)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&z, modulus, mp)) != MP_OKAY) { goto error; }
- }
- /* Z = Z * X */
- if ((err = mp_mul(&z, &x, &z)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&z, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* T1 = T1 * X */
- if ((err = mp_mul(&t1, &x, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
- /* X = X * X */
- if ((err = mp_sqr(&x, &x)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; }
- /* T2 = T2 * x */
- if ((err = mp_mul(&t2, &x, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; }
- /* T1 = T1 * X */
- if ((err = mp_mul(&t1, &x, &t1)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t1, modulus, mp)) != MP_OKAY) { goto error; }
-
- /* X = Y*Y */
- if ((err = mp_sqr(&y, &x)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&x, modulus, mp)) != MP_OKAY) { goto error; }
- /* X = X - T2 */
- if ((err = mp_sub(&x, &t2, &x)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&x, 0) == MP_LT) {
- if ((err = mp_add(&x, modulus, &x)) != MP_OKAY) { goto error; }
- }
-
- /* T2 = T2 - X */
- if ((err = mp_sub(&t2, &x, &t2)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&t2, 0) == MP_LT) {
- if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
- /* T2 = T2 - X */
- if ((err = mp_sub(&t2, &x, &t2)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&t2, 0) == MP_LT) {
- if ((err = mp_add(&t2, modulus, &t2)) != MP_OKAY) { goto error; }
- }
- /* T2 = T2 * Y */
- if ((err = mp_mul(&t2, &y, &t2)) != MP_OKAY) { goto error; }
- if ((err = mp_montgomery_reduce(&t2, modulus, mp)) != MP_OKAY) { goto error; }
- /* Y = T2 - T1 */
- if ((err = mp_sub(&t2, &t1, &y)) != MP_OKAY) { goto error; }
- if (mp_cmp_d(&y, 0) == MP_LT) {
- if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; }
- }
- /* Y = Y/2 */
- if (mp_isodd(&y)) {
- if ((err = mp_add(&y, modulus, &y)) != MP_OKAY) { goto error; }
- }
- if ((err = mp_div_2(&y, &y)) != MP_OKAY) { goto error; }
-
- if ((err = mp_copy(&x, &R->x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&y, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&z, &R->z)) != MP_OKAY) { goto error; }
-
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&t1, &t2, &x, &y, &z, NULL);
- return err;
-}
-
-/* size of sliding window, don't change this! */
-#define WINSIZE 4
-
-/* perform R = kG where k == integer and G == ecc_point */
-static int ecc_mulmod(mp_int *k, ecc_point *G, ecc_point *R, mp_int *modulus, int map)
-{
- ecc_point *tG, *M[8];
- int i, j, err;
- mp_int mu;
- mp_digit buf, mp;
- int first, bitbuf, bitcpy, bitcnt, mode, digidx;
-
- /* init montgomery reduction */
- if ((err = mp_montgomery_setup(modulus, &mp)) != MP_OKAY) {
- return CRYPT_INVALID_ARG;
- }
- if ((err = mp_init(&mu)) != MP_OKAY) {
- return CRYPT_MEM;
- }
- if ((err = mp_montgomery_calc_normalization(&mu, modulus)) != MP_OKAY) {
- mp_clear(&mu);
- return CRYPT_INVALID_ARG;
- }
-
- /* alloc ram for window temps */
- for (i = 0; i < 8; i++) {
- M[i] = new_point();
- if (M[i] == NULL) {
- for (j = 0; j < i; j++) {
- del_point(M[j]);
- }
- mp_clear(&mu);
- return CRYPT_MEM;
- }
- }
-
- /* make a copy of G incase R==G */
- tG = new_point();
- if (tG == NULL) { err = CRYPT_MEM; goto done; }
-
- /* tG = G and convert to montgomery */
- if ((err = mp_mulmod(&G->x, &mu, modulus, &tG->x)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(&G->y, &mu, modulus, &tG->y)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(&G->z, &mu, modulus, &tG->z)) != MP_OKAY) { goto error; }
- mp_clear(&mu);
-
- /* calc the M tab, which holds kG for k==8..15 */
- /* M[0] == 8G */
- if ((err = dbl_point(tG, M[0], modulus, mp)) != CRYPT_OK) { goto done; }
- if ((err = dbl_point(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; }
- if ((err = dbl_point(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; }
-
- /* now find (8+k)G for k=1..7 */
- for (j = 9; j < 16; j++) {
- if ((err = add_point(M[j-9], tG, M[j-8], modulus, mp)) != CRYPT_OK) { goto done; }
- }
-
- /* setup sliding window */
- mode = 0;
- bitcnt = 1;
- buf = 0;
- digidx = k->used - 1;
- bitcpy = bitbuf = 0;
- first = 1;
-
- /* perform ops */
- for (;;) {
- /* grab next digit as required */
- if (--bitcnt == 0) {
- if (digidx == -1) {
- break;
- }
- buf = k->dp[digidx--];
- bitcnt = (int) DIGIT_BIT;
- }
-
- /* grab the next msb from the ltiplicand */
- i = (buf >> (DIGIT_BIT - 1)) & 1;
- buf <<= 1;
-
- /* skip leading zero bits */
- if (mode == 0 && i == 0) {
- continue;
- }
-
- /* if the bit is zero and mode == 1 then we double */
- if (mode == 1 && i == 0) {
- if ((err = dbl_point(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
- continue;
- }
-
- /* else we add it to the window */
- bitbuf |= (i << (WINSIZE - ++bitcpy));
- mode = 2;
-
- if (bitcpy == WINSIZE) {
- /* if this is the first window we do a simple copy */
- if (first == 1) {
- /* R = kG [k = first window] */
- if ((err = mp_copy(&M[bitbuf-8]->x, &R->x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&M[bitbuf-8]->y, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&M[bitbuf-8]->z, &R->z)) != MP_OKAY) { goto error; }
- first = 0;
- } else {
- /* normal window */
- /* ok window is filled so double as required and add */
- /* double first */
- for (j = 0; j < WINSIZE; j++) {
- if ((err = dbl_point(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
- }
-
- /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */
- if ((err = add_point(R, M[bitbuf-8], R, modulus, mp)) != CRYPT_OK) { goto done; }
- }
- /* empty window and reset */
- bitcpy = bitbuf = 0;
- mode = 1;
- }
- }
-
- /* if bits remain then double/add */
- if (mode == 2 && bitcpy > 0) {
- /* double then add */
- for (j = 0; j < bitcpy; j++) {
- /* only double if we have had at least one add first */
- if (first == 0) {
- if ((err = dbl_point(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
- }
-
- bitbuf <<= 1;
- if ((bitbuf & (1 << WINSIZE)) != 0) {
- if (first == 1){
- /* first add, so copy */
- if ((err = mp_copy(&tG->x, &R->x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&tG->y, &R->y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&tG->z, &R->z)) != MP_OKAY) { goto error; }
- first = 0;
- } else {
- /* then add */
- if ((err = add_point(R, tG, R, modulus, mp)) != CRYPT_OK) { goto done; }
- }
- }
- }
- }
-
- /* map R back from projective space */
- if (map) {
- err = ecc_map(R, modulus, mp);
- } else {
- err = CRYPT_OK;
- }
-
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- del_point(tG);
- for (i = 0; i < 8; i++) {
- del_point(M[i]);
- }
- return err;
-}
-
-#undef WINSIZE
-
-/**
- Perform on the ECC system
- @return CRYPT_OK if successful
-*/
-int ecc_test(void)
-{
- mp_int modulus, order;
- ecc_point *G, *GG;
- int i, err, primality;
-
- if ((err = mp_init_multi(&modulus, &order, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
-
- G = new_point();
- GG = new_point();
- if (G == NULL || GG == NULL) {
- mp_clear_multi(&modulus, &order, NULL);
- del_point(G);
- del_point(GG);
- return CRYPT_MEM;
- }
-
- for (i = 0; sets[i].size; i++) {
- #if 0
- printf("Testing %d\n", sets[i].size);
- #endif
- if ((err = mp_read_radix(&modulus, (char *)sets[i].prime, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&order, (char *)sets[i].order, 64)) != MP_OKAY) { goto error; }
-
- /* is prime actually prime? */
- if ((err = is_prime(&modulus, &primality)) != CRYPT_OK) { goto done; }
- if (primality == 0) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
-
- /* is order prime ? */
- if ((err = is_prime(&order, &primality)) != CRYPT_OK) { goto done; }
- if (primality == 0) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
-
- if ((err = mp_read_radix(&G->x, (char *)sets[i].Gx, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&G->y, (char *)sets[i].Gy, 64)) != MP_OKAY) { goto error; }
- mp_set(&G->z, 1);
-
- /* then we should have G == (order + 1)G */
- if ((err = mp_add_d(&order, 1, &order)) != MP_OKAY) { goto error; }
- if ((err = ecc_mulmod(&order, G, GG, &modulus, 1)) != CRYPT_OK) { goto done; }
- if (mp_cmp(&G->x, &GG->x) != 0 || mp_cmp(&G->y, &GG->y) != 0) {
- err = CRYPT_FAIL_TESTVECTOR;
- goto done;
- }
- }
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- del_point(GG);
- del_point(G);
- mp_clear_multi(&order, &modulus, NULL);
- return err;
-}
-
-void ecc_sizes(int *low, int *high)
-{
- int i;
- LTC_ARGCHK(low != NULL);
- LTC_ARGCHK(high != NULL);
-
- *low = INT_MAX;
- *high = 0;
- for (i = 0; sets[i].size != 0; i++) {
- if (sets[i].size < *low) {
- *low = sets[i].size;
- }
- if (sets[i].size > *high) {
- *high = sets[i].size;
- }
- }
-}
-
-/**
- Make a new ECC key
- @param prng An active PRNG state
- @param wprng The index of the PRNG you wish to use
- @param keysize The keysize for the new key (in octets from 20 to 65 bytes)
- @param key [out] Destination of the newly created key
- @return CRYPT_OK if successful, upon error all allocated memory will be freed
-*/
-int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key)
-{
- int x, err;
- ecc_point *base;
- mp_int prime;
- unsigned char *buf;
-
- LTC_ARGCHK(key != NULL);
-
- /* good prng? */
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- /* find key size */
- for (x = 0; (keysize > sets[x].size) && (sets[x].size != 0); x++);
- keysize = sets[x].size;
-
- if (keysize > ECC_MAXSIZE || sets[x].size == 0) {
- return CRYPT_INVALID_KEYSIZE;
- }
- key->idx = x;
-
- /* allocate ram */
- base = NULL;
- buf = XMALLOC(ECC_MAXSIZE);
- if (buf == NULL) {
- return CRYPT_MEM;
- }
-
- /* make up random string */
- if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) {
- err = CRYPT_ERROR_READPRNG;
- goto LBL_ERR2;
- }
-
- /* setup the key variables */
- if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL)) != MP_OKAY) {
- err = mpi_to_ltc_error(err);
- goto LBL_ERR;
- }
- base = new_point();
- if (base == NULL) {
- mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL);
- err = CRYPT_MEM;
- goto LBL_ERR;
- }
-
- /* read in the specs for this key */
- if ((err = mp_read_radix(&prime, (char *)sets[key->idx].prime, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&base->x, (char *)sets[key->idx].Gx, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&base->y, (char *)sets[key->idx].Gy, 64)) != MP_OKAY) { goto error; }
- mp_set(&base->z, 1);
- if ((err = mp_read_unsigned_bin(&key->k, (unsigned char *)buf, keysize)) != MP_OKAY) { goto error; }
-
- /* make the public key */
- if ((err = ecc_mulmod(&key->k, base, &key->pubkey, &prime, 1)) != CRYPT_OK) { goto LBL_ERR; }
- key->type = PK_PRIVATE;
-
- /* shrink key */
- if ((err = mp_shrink(&key->k)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->pubkey.x)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->pubkey.y)) != MP_OKAY) { goto error; }
- if ((err = mp_shrink(&key->pubkey.z)) != MP_OKAY) { goto error; }
-
- /* free up ram */
- err = CRYPT_OK;
- goto LBL_ERR;
-error:
- err = mpi_to_ltc_error(err);
-LBL_ERR:
- del_point(base);
- mp_clear(&prime);
-LBL_ERR2:
-#ifdef LTC_CLEAN_STACK
- zeromem(buf, ECC_MAXSIZE);
-#endif
-
- XFREE(buf);
-
- return err;
-}
-
-/**
- Free an ECC key from memory
- @param key The key you wish to free
-*/
-void ecc_free(ecc_key *key)
-{
- LTC_ARGCHK(key != NULL);
- mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL);
-}
-
-/**
- Export an ECC key as a binary packet
- @param out [out] Destination for the key
- @param outlen [in/out] Max size and resulting size of the exported key
- @param type The type of key you want to export (PK_PRIVATE or PK_PUBLIC)
- @param key The key to export
- @return CRYPT_OK if successful
-*/
-int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key)
-{
- int err;
- unsigned char flags[1];
- unsigned long key_size;
-
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* type valid? */
- if (key->type != PK_PRIVATE && type == PK_PRIVATE) {
- return CRYPT_PK_TYPE_MISMATCH;
- }
-
- if (is_valid_idx(key->idx) == 0) {
- return CRYPT_INVALID_ARG;
- }
-
- /* we store the NIST byte size */
- key_size = sets[key->idx].size;
-
- if (type == PK_PRIVATE) {
- flags[0] = 1;
- err = der_encode_sequence_multi(out, outlen,
- LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.x,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.y,
- LTC_ASN1_INTEGER, 1UL, &key->k,
- LTC_ASN1_EOL, 0UL, NULL);
- } else {
- flags[0] = 0;
- err = der_encode_sequence_multi(out, outlen,
- LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.x,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.y,
- LTC_ASN1_EOL, 0UL, NULL);
- }
-
- return err;
-}
-
-/**
- Import an ECC key from a binary packet
- @param in The packet to import
- @param inlen The length of the packet
- @param key [out] The destination of the import
- @return CRYPT_OK if successful, upon error all allocated memory will be freed
-*/
-int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key)
-{
- unsigned long key_size;
- unsigned char flags[1];
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* init key */
- if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != MP_OKAY) {
- return CRYPT_MEM;
- }
-
- /* find out what type of key it is */
- if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_BIT_STRING, 1UL, &flags,
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
- goto error;
- }
-
-
- if (flags[0] == 1) {
- /* private key */
- key->type = PK_PRIVATE;
- if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.x,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.y,
- LTC_ASN1_INTEGER, 1UL, &key->k,
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
- goto error;
- }
- } else {
- /* public key */
- /* private key */
- key->type = PK_PUBLIC;
- if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_BIT_STRING, 1UL, flags,
- LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.x,
- LTC_ASN1_INTEGER, 1UL, &key->pubkey.y,
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
- goto error;
- }
- }
-
- /* find the idx */
- for (key->idx = 0; sets[key->idx].size && (unsigned long)sets[key->idx].size != key_size; ++key->idx);
- if (sets[key->idx].size == 0) {
- err = CRYPT_INVALID_PACKET;
- goto error;
- }
-
- /* set z */
- mp_set(&key->pubkey.z, 1);
-
- /* we're good */
- return CRYPT_OK;
-error:
- mp_clear_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL);
- return err;
-}
-
-/**
- Create an ECC shared secret between two keys
- @param private_key The private ECC key
- @param public_key The public key
- @param out [out] Destination of the shared secret (Conforms to EC-DH from ANSI X9.63)
- @param outlen [in/out] The max size and resulting size of the shared secret
- @return CRYPT_OK if successful
-*/
-int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
- unsigned char *out, unsigned long *outlen)
-{
- unsigned long x;
- ecc_point *result;
- mp_int prime;
- int err;
-
- LTC_ARGCHK(private_key != NULL);
- LTC_ARGCHK(public_key != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
-
- /* type valid? */
- if (private_key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- if (is_valid_idx(private_key->idx) == 0) {
- return CRYPT_INVALID_ARG;
- }
-
- if (private_key->idx != public_key->idx) {
- return CRYPT_PK_TYPE_MISMATCH;
- }
-
- /* make new point */
- result = new_point();
- if (result == NULL) {
- return CRYPT_MEM;
- }
-
- if ((err = mp_init(&prime)) != MP_OKAY) {
- del_point(result);
- return mpi_to_ltc_error(err);
- }
-
- if ((err = mp_read_radix(&prime, (char *)sets[private_key->idx].prime, 64)) != MP_OKAY) { goto error; }
- if ((err = ecc_mulmod(&private_key->k, &public_key->pubkey, result, &prime, 1)) != CRYPT_OK) { goto done1; }
-
- x = (unsigned long)mp_unsigned_bin_size(&prime);
- if (*outlen < x) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto done1;
- }
- zeromem(out, x);
- if ((err = mp_to_unsigned_bin(&result->x, out + (x - mp_unsigned_bin_size(&result->x)))) != MP_OKAY) { goto error; }
-
- err = CRYPT_OK;
- *outlen = x;
- goto done1;
-error:
- err = mpi_to_ltc_error(err);
-done1:
- mp_clear(&prime);
- del_point(result);
- return err;
-}
-
-/**
- Get the size of an ECC key
- @param key The key to get the size of
- @return The size (octets) of the key or INT_MAX on error
-*/
-int ecc_get_size(ecc_key *key)
-{
- LTC_ARGCHK(key != NULL);
- if (is_valid_idx(key->idx))
- return sets[key->idx].size;
- else
- return INT_MAX; /* large value known to cause it to fail when passed to ecc_make_key() */
-}
-
-#include "ecc_sys.c"
-
#endif
-
-
/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc.c,v $ */
-/* $Revision: 1.20 $ */
-/* $Date: 2005/06/14 20:42:28 $ */
+/* $Revision: 1.38 $ */
+/* $Date: 2006/11/07 23:14:28 $ */
+
diff --git a/src/pk/ecc/ecc_ansi_x963_export.c b/src/pk/ecc/ecc_ansi_x963_export.c
new file mode 100644
index 0000000..2a32912
--- /dev/null
+++ b/src/pk/ecc/ecc_ansi_x963_export.c
@@ -0,0 +1,72 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_ansi_x963_export.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/** ECC X9.63 (Sec. 4.3.6) uncompressed export
+ @param key Key to export
+ @param out [out] destination of export
+ @param outlen [in/out] Length of destination and final output size
+ Return CRYPT_OK on success
+*/
+int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen)
+{
+ unsigned char buf[ECC_BUF_SIZE];
+ unsigned long numlen;
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ if (ltc_ecc_is_valid_idx(key->idx) == 0) {
+ return CRYPT_INVALID_ARG;
+ }
+ numlen = key->dp->size;
+
+ if (*outlen < (1 + 2*numlen)) {
+ *outlen = 1 + 2*numlen;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ /* store byte 0x04 */
+ out[0] = 0x04;
+
+ /* pad and store x */
+ zeromem(buf, sizeof(buf));
+ mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - mp_unsigned_bin_size(key->pubkey.x)));
+ XMEMCPY(out+1, buf, numlen);
+
+ /* pad and store y */
+ zeromem(buf, sizeof(buf));
+ mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - mp_unsigned_bin_size(key->pubkey.y)));
+ XMEMCPY(out+1+numlen, buf, numlen);
+
+ *outlen = 1 + 2*numlen;
+ return CRYPT_OK;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_ansi_x963_export.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/12/04 02:50:11 $ */
diff --git a/src/pk/ecc/ecc_ansi_x963_import.c b/src/pk/ecc/ecc_ansi_x963_import.c
new file mode 100644
index 0000000..e92f5f4
--- /dev/null
+++ b/src/pk/ecc/ecc_ansi_x963_import.c
@@ -0,0 +1,104 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_ansi_x963_import.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/** Import an ANSI X9.63 format public key
+ @param in The input data to read
+ @param inlen The length of the input data
+ @param key [out] destination to store imported key \
+*/
+int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key)
+{
+ return ecc_ansi_x963_import_ex(in, inlen, key, NULL);
+}
+
+int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp)
+{
+ int x, err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* must be odd */
+ if ((inlen & 1) == 0) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* init key */
+ if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+
+ /* check for 4, 6 or 7 */
+ if (in[0] != 4 && in[0] != 6 && in[0] != 7) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+
+ /* read data */
+ if ((err = mp_read_unsigned_bin(key->pubkey.x, (unsigned char *)in+1, (inlen-1)>>1)) != CRYPT_OK) {
+ goto error;
+ }
+
+ if ((err = mp_read_unsigned_bin(key->pubkey.y, (unsigned char *)in+1+((inlen-1)>>1), (inlen-1)>>1)) != CRYPT_OK) {
+ goto error;
+ }
+ if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto error; }
+
+ if (dp == NULL) {
+ /* determine the idx */
+ for (x = 0; ltc_ecc_sets[x].size != 0; x++) {
+ if ((unsigned)ltc_ecc_sets[x].size >= ((inlen-1)>>1)) {
+ break;
+ }
+ }
+ if (ltc_ecc_sets[x].size == 0) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+ /* set the idx */
+ key->idx = x;
+ key->dp = &ltc_ecc_sets[x];
+ } else {
+ if (((inlen-1)>>1) != (unsigned long) dp->size) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+ key->idx = -1;
+ key->dp = dp;
+ }
+ key->type = PK_PUBLIC;
+
+ /* we're done */
+ return CRYPT_OK;
+error:
+ mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_ansi_x963_import.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/12/04 22:17:46 $ */
diff --git a/src/pk/ecc/ecc_decrypt_key.c b/src/pk/ecc/ecc_decrypt_key.c
new file mode 100644
index 0000000..bb56208
--- /dev/null
+++ b/src/pk/ecc/ecc_decrypt_key.c
@@ -0,0 +1,150 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_decrypt_key.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Decrypt an ECC encrypted key
+ @param in The ciphertext
+ @param inlen The length of the ciphertext (octets)
+ @param out [out] The plaintext
+ @param outlen [in/out] The max size and resulting size of the plaintext
+ @param key The corresponding private ECC key
+ @return CRYPT_OK if successful
+*/
+int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ ecc_key *key)
+{
+ unsigned char *ecc_shared, *skey, *pub_expt;
+ unsigned long x, y, hashOID[32];
+ int hash, err;
+ ecc_key pubkey;
+ ltc_asn1_list decode[3];
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* right key type? */
+ if (key->type != PK_PRIVATE) {
+ return CRYPT_PK_NOT_PRIVATE;
+ }
+
+ /* decode to find out hash */
+ LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0]));
+
+ if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) {
+ return err;
+ }
+
+ hash = find_hash_oid(hashOID, decode[0].size);
+ if (hash_is_valid(hash) != CRYPT_OK) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* we now have the hash! */
+
+ /* allocate memory */
+ pub_expt = XMALLOC(ECC_BUF_SIZE);
+ ecc_shared = XMALLOC(ECC_BUF_SIZE);
+ skey = XMALLOC(MAXBLOCKSIZE);
+ if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) {
+ if (pub_expt != NULL) {
+ XFREE(pub_expt);
+ }
+ if (ecc_shared != NULL) {
+ XFREE(ecc_shared);
+ }
+ if (skey != NULL) {
+ XFREE(skey);
+ }
+ return CRYPT_MEM;
+ }
+ LTC_SET_ASN1(decode, 1, LTC_ASN1_OCTET_STRING, pub_expt, ECC_BUF_SIZE);
+ LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE);
+
+ /* read the structure in now */
+ if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* import ECC key from packet */
+ if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* make shared key */
+ x = ECC_BUF_SIZE;
+ if ((err = ecc_shared_secret(key, &pubkey, ecc_shared, &x)) != CRYPT_OK) {
+ ecc_free(&pubkey);
+ goto LBL_ERR;
+ }
+ ecc_free(&pubkey);
+
+ y = MIN(ECC_BUF_SIZE, MAXBLOCKSIZE);
+ if ((err = hash_memory(hash, ecc_shared, x, ecc_shared, &y)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* ensure the hash of the shared secret is at least as big as the encrypt itself */
+ if (decode[2].size > y) {
+ err = CRYPT_INVALID_PACKET;
+ goto LBL_ERR;
+ }
+
+ /* avoid buffer overflow */
+ if (*outlen < decode[2].size) {
+ *outlen = decode[2].size;
+ err = CRYPT_BUFFER_OVERFLOW;
+ goto LBL_ERR;
+ }
+
+ /* Decrypt the key */
+ for (x = 0; x < decode[2].size; x++) {
+ out[x] = skey[x] ^ ecc_shared[x];
+ }
+ *outlen = x;
+
+ err = CRYPT_OK;
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+ zeromem(pub_expt, ECC_BUF_SIZE);
+ zeromem(ecc_shared, ECC_BUF_SIZE);
+ zeromem(skey, MAXBLOCKSIZE);
+#endif
+
+ XFREE(pub_expt);
+ XFREE(ecc_shared);
+ XFREE(skey);
+
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_decrypt_key.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
+
diff --git a/src/pk/ecc/ecc_encrypt_key.c b/src/pk/ecc/ecc_encrypt_key.c
new file mode 100644
index 0000000..dd9bab0
--- /dev/null
+++ b/src/pk/ecc/ecc_encrypt_key.c
@@ -0,0 +1,136 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_encrypt_key.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Encrypt a symmetric key with ECC
+ @param in The symmetric key you want to encrypt
+ @param inlen The length of the key to encrypt (octets)
+ @param out [out] The destination for the ciphertext
+ @param outlen [in/out] The max size and resulting size of the ciphertext
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG you wish to use
+ @param hash The index of the hash you want to use
+ @param key The ECC key you want to encrypt to
+ @return CRYPT_OK if successful
+*/
+int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ prng_state *prng, int wprng, int hash,
+ ecc_key *key)
+{
+ unsigned char *pub_expt, *ecc_shared, *skey;
+ ecc_key pubkey;
+ unsigned long x, y, pubkeysize;
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* check that wprng/cipher/hash are not invalid */
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = hash_is_valid(hash)) != CRYPT_OK) {
+ return err;
+ }
+
+ if (inlen > hash_descriptor[hash].hashsize) {
+ return CRYPT_INVALID_HASH;
+ }
+
+ /* make a random key and export the public copy */
+ if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) {
+ return err;
+ }
+
+ pub_expt = XMALLOC(ECC_BUF_SIZE);
+ ecc_shared = XMALLOC(ECC_BUF_SIZE);
+ skey = XMALLOC(MAXBLOCKSIZE);
+ if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) {
+ if (pub_expt != NULL) {
+ XFREE(pub_expt);
+ }
+ if (ecc_shared != NULL) {
+ XFREE(ecc_shared);
+ }
+ if (skey != NULL) {
+ XFREE(skey);
+ }
+ ecc_free(&pubkey);
+ return CRYPT_MEM;
+ }
+
+ pubkeysize = ECC_BUF_SIZE;
+ if ((err = ecc_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) {
+ ecc_free(&pubkey);
+ goto LBL_ERR;
+ }
+
+ /* make random key */
+ x = ECC_BUF_SIZE;
+ if ((err = ecc_shared_secret(&pubkey, key, ecc_shared, &x)) != CRYPT_OK) {
+ ecc_free(&pubkey);
+ goto LBL_ERR;
+ }
+ ecc_free(&pubkey);
+ y = MAXBLOCKSIZE;
+ if ((err = hash_memory(hash, ecc_shared, x, skey, &y)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ /* Encrypt key */
+ for (x = 0; x < inlen; x++) {
+ skey[x] ^= in[x];
+ }
+
+ err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID,
+ LTC_ASN1_OCTET_STRING, pubkeysize, pub_expt,
+ LTC_ASN1_OCTET_STRING, inlen, skey,
+ LTC_ASN1_EOL, 0UL, NULL);
+
+LBL_ERR:
+#ifdef LTC_CLEAN_STACK
+ /* clean up */
+ zeromem(pub_expt, ECC_BUF_SIZE);
+ zeromem(ecc_shared, ECC_BUF_SIZE);
+ zeromem(skey, MAXBLOCKSIZE);
+#endif
+
+ XFREE(skey);
+ XFREE(ecc_shared);
+ XFREE(pub_expt);
+
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_encrypt_key.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 00:10:18 $ */
+
diff --git a/src/pk/ecc/ecc_export.c b/src/pk/ecc/ecc_export.c
new file mode 100644
index 0000000..1919849
--- /dev/null
+++ b/src/pk/ecc/ecc_export.c
@@ -0,0 +1,82 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_export.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Export an ECC key as a binary packet
+ @param out [out] Destination for the key
+ @param outlen [in/out] Max size and resulting size of the exported key
+ @param type The type of key you want to export (PK_PRIVATE or PK_PUBLIC)
+ @param key The key to export
+ @return CRYPT_OK if successful
+*/
+int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key)
+{
+ int err;
+ unsigned char flags[1];
+ unsigned long key_size;
+
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* type valid? */
+ if (key->type != PK_PRIVATE && type == PK_PRIVATE) {
+ return CRYPT_PK_TYPE_MISMATCH;
+ }
+
+ if (ltc_ecc_is_valid_idx(key->idx) == 0) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* we store the NIST byte size */
+ key_size = key->dp->size;
+
+ if (type == PK_PRIVATE) {
+ flags[0] = 1;
+ err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_BIT_STRING, 1UL, flags,
+ LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.x,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.y,
+ LTC_ASN1_INTEGER, 1UL, key->k,
+ LTC_ASN1_EOL, 0UL, NULL);
+ } else {
+ flags[0] = 0;
+ err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_BIT_STRING, 1UL, flags,
+ LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.x,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.y,
+ LTC_ASN1_EOL, 0UL, NULL);
+ }
+
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_export.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 00:10:18 $ */
+
diff --git a/src/pk/ecc/ecc_free.c b/src/pk/ecc/ecc_free.c
new file mode 100644
index 0000000..039178d
--- /dev/null
+++ b/src/pk/ecc/ecc_free.c
@@ -0,0 +1,40 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_free.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Free an ECC key from memory
+ @param key The key you wish to free
+*/
+void ecc_free(ecc_key *key)
+{
+ LTC_ARGCHKVD(key != NULL);
+ mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_free.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/06/09 01:38:14 $ */
+
diff --git a/src/pk/ecc/ecc_get_size.c b/src/pk/ecc/ecc_get_size.c
new file mode 100644
index 0000000..9eafdeb
--- /dev/null
+++ b/src/pk/ecc/ecc_get_size.c
@@ -0,0 +1,44 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_get_size.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Get the size of an ECC key
+ @param key The key to get the size of
+ @return The size (octets) of the key or INT_MAX on error
+*/
+int ecc_get_size(ecc_key *key)
+{
+ LTC_ARGCHK(key != NULL);
+ if (ltc_ecc_is_valid_idx(key->idx))
+ return key->dp->size;
+ else
+ return INT_MAX; /* large value known to cause it to fail when passed to ecc_make_key() */
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_get_size.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 00:10:18 $ */
+
diff --git a/src/pk/ecc/ecc_import.c b/src/pk/ecc/ecc_import.c
new file mode 100644
index 0000000..4adb28e
--- /dev/null
+++ b/src/pk/ecc/ecc_import.c
@@ -0,0 +1,172 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_import.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+static int is_point(ecc_key *key)
+{
+ void *prime, *b, *t1, *t2;
+ int err;
+
+ if ((err = mp_init_multi(&prime, &b, &t1, &t2, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* load prime and b */
+ if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; }
+ if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; }
+
+ /* compute y^2 */
+ if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; }
+
+ /* compute x^3 */
+ if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; }
+
+ /* compute y^2 - x^3 */
+ if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; }
+
+ /* compute y^2 - x^3 + 3x */
+ if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK) { goto error; }
+ while (mp_cmp_d(t1, 0) == LTC_MP_LT) {
+ if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) { goto error; }
+ }
+ while (mp_cmp(t1, prime) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; }
+ }
+
+ /* compare to b */
+ if (mp_cmp(t1, b) != LTC_MP_EQ) {
+ err = CRYPT_INVALID_PACKET;
+ } else {
+ err = CRYPT_OK;
+ }
+
+error:
+ mp_clear_multi(prime, b, t1, t2, NULL);
+ return err;
+}
+
+/**
+ Import an ECC key from a binary packet
+ @param in The packet to import
+ @param inlen The length of the packet
+ @param key [out] The destination of the import
+ @return CRYPT_OK if successful, upon error all allocated memory will be freed
+*/
+int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key)
+{
+ return ecc_import_ex(in, inlen, key, NULL);
+}
+
+/**
+ Import an ECC key from a binary packet, using user supplied domain params rather than one of the NIST ones
+ @param in The packet to import
+ @param inlen The length of the packet
+ @param key [out] The destination of the import
+ @param dp pointer to user supplied params; must be the same as the params used when exporting
+ @return CRYPT_OK if successful, upon error all allocated memory will be freed
+*/
+int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp)
+{
+ unsigned long key_size;
+ unsigned char flags[1];
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+
+ /* init key */
+ if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+
+ /* find out what type of key it is */
+ if ((err = der_decode_sequence_multi(in, inlen,
+ LTC_ASN1_BIT_STRING, 1UL, &flags,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto done;
+ }
+
+
+ if (flags[0] == 1) {
+ /* private key */
+ key->type = PK_PRIVATE;
+ if ((err = der_decode_sequence_multi(in, inlen,
+ LTC_ASN1_BIT_STRING, 1UL, flags,
+ LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.x,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.y,
+ LTC_ASN1_INTEGER, 1UL, key->k,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto done;
+ }
+ } else {
+ /* public key */
+ key->type = PK_PUBLIC;
+ if ((err = der_decode_sequence_multi(in, inlen,
+ LTC_ASN1_BIT_STRING, 1UL, flags,
+ LTC_ASN1_SHORT_INTEGER, 1UL, &key_size,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.x,
+ LTC_ASN1_INTEGER, 1UL, key->pubkey.y,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto done;
+ }
+ }
+
+ if (dp == NULL) {
+ /* find the idx */
+ for (key->idx = 0; ltc_ecc_sets[key->idx].size && (unsigned long)ltc_ecc_sets[key->idx].size != key_size; ++key->idx);
+ if (ltc_ecc_sets[key->idx].size == 0) {
+ err = CRYPT_INVALID_PACKET;
+ goto done;
+ }
+ key->dp = &ltc_ecc_sets[key->idx];
+ } else {
+ key->idx = -1;
+ key->dp = dp;
+ }
+ /* set z */
+ if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto done; }
+
+ /* is it a point on the curve? */
+ if ((err = is_point(key)) != CRYPT_OK) {
+ goto done;
+ }
+
+ /* we're good */
+ return CRYPT_OK;
+done:
+ mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
+ return err;
+}
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_import.c,v $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/12/04 02:19:48 $ */
+
diff --git a/src/pk/ecc/ecc_make_key.c b/src/pk/ecc/ecc_make_key.c
new file mode 100644
index 0000000..796b674
--- /dev/null
+++ b/src/pk/ecc/ecc_make_key.c
@@ -0,0 +1,125 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_make_key.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Make a new ECC key
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG you wish to use
+ @param keysize The keysize for the new key (in octets from 20 to 65 bytes)
+ @param key [out] Destination of the newly created key
+ @return CRYPT_OK if successful, upon error all allocated memory will be freed
+*/
+int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key)
+{
+ int x, err;
+
+ /* find key size */
+ for (x = 0; (keysize > ltc_ecc_sets[x].size) && (ltc_ecc_sets[x].size != 0); x++);
+ keysize = ltc_ecc_sets[x].size;
+
+ if (keysize > ECC_MAXSIZE || ltc_ecc_sets[x].size == 0) {
+ return CRYPT_INVALID_KEYSIZE;
+ }
+ err = ecc_make_key_ex(prng, wprng, key, &ltc_ecc_sets[x]);
+ key->idx = x;
+ return err;
+}
+
+int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp)
+{
+ int err;
+ ecc_point *base;
+ void *prime;
+ unsigned char *buf;
+ int keysize;
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+ LTC_ARGCHK(dp != NULL);
+
+ /* good prng? */
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ key->idx = -1;
+ key->dp = dp;
+ keysize = dp->size;
+
+ /* allocate ram */
+ base = NULL;
+ buf = XMALLOC(ECC_MAXSIZE);
+ if (buf == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* make up random string */
+ if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) {
+ err = CRYPT_ERROR_READPRNG;
+ goto ERR_BUF;
+ }
+
+ /* setup the key variables */
+ if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, NULL)) != CRYPT_OK) {
+ goto ERR_BUF;
+ }
+ base = ltc_ecc_new_point();
+ if (base == NULL) {
+ err = CRYPT_MEM;
+ goto errkey;
+ }
+
+ /* read in the specs for this key */
+ if ((err = mp_read_radix(prime, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_read_radix(base->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_read_radix(base->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_set(base->z, 1)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_read_unsigned_bin(key->k, (unsigned char *)buf, keysize)) != CRYPT_OK) { goto errkey; }
+
+ /* make the public key */
+ if ((err = ltc_mp.ecc_ptmul(key->k, base, &key->pubkey, prime, 1)) != CRYPT_OK) { goto errkey; }
+ key->type = PK_PRIVATE;
+
+ /* free up ram */
+ err = CRYPT_OK;
+ goto cleanup;
+errkey:
+ mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL);
+cleanup:
+ ltc_ecc_del_point(base);
+ mp_clear(prime);
+ERR_BUF:
+#ifdef LTC_CLEAN_STACK
+ zeromem(buf, ECC_MAXSIZE);
+#endif
+ XFREE(buf);
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_make_key.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/12/04 02:50:11 $ */
+
diff --git a/src/pk/ecc/ecc_shared_secret.c b/src/pk/ecc/ecc_shared_secret.c
new file mode 100644
index 0000000..ddef847
--- /dev/null
+++ b/src/pk/ecc/ecc_shared_secret.c
@@ -0,0 +1,95 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_shared_secret.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Create an ECC shared secret between two keys
+ @param private_key The private ECC key
+ @param public_key The public key
+ @param out [out] Destination of the shared secret (Conforms to EC-DH from ANSI X9.63)
+ @param outlen [in/out] The max size and resulting size of the shared secret
+ @return CRYPT_OK if successful
+*/
+int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
+ unsigned char *out, unsigned long *outlen)
+{
+ unsigned long x;
+ ecc_point *result;
+ void *prime;
+ int err;
+
+ LTC_ARGCHK(private_key != NULL);
+ LTC_ARGCHK(public_key != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+
+ /* type valid? */
+ if (private_key->type != PK_PRIVATE) {
+ return CRYPT_PK_NOT_PRIVATE;
+ }
+
+ if (ltc_ecc_is_valid_idx(private_key->idx) == 0 || ltc_ecc_is_valid_idx(public_key->idx) == 0) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ if (XSTRCMP(private_key->dp->name, public_key->dp->name) != 0) {
+ return CRYPT_PK_TYPE_MISMATCH;
+ }
+
+ /* make new point */
+ result = ltc_ecc_new_point();
+ if (result == NULL) {
+ return CRYPT_MEM;
+ }
+
+ if ((err = mp_init(&prime)) != CRYPT_OK) {
+ ltc_ecc_del_point(result);
+ return err;
+ }
+
+ if ((err = mp_read_radix(prime, (char *)private_key->dp->prime, 16)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, prime, 1)) != CRYPT_OK) { goto done; }
+
+ x = (unsigned long)mp_unsigned_bin_size(prime);
+ if (*outlen < x) {
+ *outlen = x;
+ err = CRYPT_BUFFER_OVERFLOW;
+ goto done;
+ }
+ zeromem(out, x);
+ if ((err = mp_to_unsigned_bin(result->x, out + (x - mp_unsigned_bin_size(result->x)))) != CRYPT_OK) { goto done; }
+
+ err = CRYPT_OK;
+ *outlen = x;
+done:
+ mp_clear(prime);
+ ltc_ecc_del_point(result);
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_shared_secret.c,v $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/12/04 02:19:48 $ */
+
diff --git a/src/pk/ecc/ecc_sign_hash.c b/src/pk/ecc/ecc_sign_hash.c
new file mode 100644
index 0000000..44f949e
--- /dev/null
+++ b/src/pk/ecc/ecc_sign_hash.c
@@ -0,0 +1,114 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_sign_hash.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Sign a message digest
+ @param in The message digest to sign
+ @param inlen The length of the digest
+ @param out [out] The destination for the signature
+ @param outlen [in/out] The max size and resulting size of the signature
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG you wish to use
+ @param key A private ECC key
+ @return CRYPT_OK if successful
+*/
+int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ prng_state *prng, int wprng, ecc_key *key)
+{
+ ecc_key pubkey;
+ void *r, *s, *e, *p;
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* is this a private key? */
+ if (key->type != PK_PRIVATE) {
+ return CRYPT_PK_NOT_PRIVATE;
+ }
+
+ /* is the IDX valid ? */
+ if (ltc_ecc_is_valid_idx(key->idx) != 1) {
+ return CRYPT_PK_INVALID_TYPE;
+ }
+
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* get the hash and load it as a bignum into 'e' */
+ /* init the bignums */
+ if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; }
+ if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto errnokey; }
+
+ /* make up a key and export the public copy */
+ for (;;) {
+ if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) {
+ goto errnokey;
+ }
+
+ /* find r = x1 mod n */
+ if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; }
+
+ if (mp_iszero(r) == LTC_MP_YES) {
+ ecc_free(&pubkey);
+ } else {
+ /* find s = (e + xr)/k */
+ if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/k */
+ if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */
+ if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e + xr */
+ if ((err = mp_mod(s, p, s)) != CRYPT_OK) { goto error; } /* s = e + xr */
+ if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK) { goto error; } /* s = (e + xr)/k */
+ ecc_free(&pubkey);
+ if (mp_iszero(s) == LTC_MP_NO) {
+ break;
+ }
+ }
+ }
+
+ /* store as SEQUENCE { r, s -- integer } */
+ err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_INTEGER, 1UL, r,
+ LTC_ASN1_INTEGER, 1UL, s,
+ LTC_ASN1_EOL, 0UL, NULL);
+ goto errnokey;
+error:
+ ecc_free(&pubkey);
+errnokey:
+ mp_clear_multi(r, s, p, e, NULL);
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_sign_hash.c,v $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/12/04 02:50:11 $ */
+
diff --git a/src/pk/ecc/ecc_sizes.c b/src/pk/ecc/ecc_sizes.c
new file mode 100644
index 0000000..f4b2d82
--- /dev/null
+++ b/src/pk/ecc/ecc_sizes.c
@@ -0,0 +1,48 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_sizes.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+void ecc_sizes(int *low, int *high)
+{
+ int i;
+ LTC_ARGCHKVD(low != NULL);
+ LTC_ARGCHKVD(high != NULL);
+
+ *low = INT_MAX;
+ *high = 0;
+ for (i = 0; ltc_ecc_sets[i].size != 0; i++) {
+ if (ltc_ecc_sets[i].size < *low) {
+ *low = ltc_ecc_sets[i].size;
+ }
+ if (ltc_ecc_sets[i].size > *high) {
+ *high = ltc_ecc_sets[i].size;
+ }
+ }
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_sizes.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/06/09 01:38:14 $ */
+
diff --git a/src/pk/ecc/ecc_sys.c b/src/pk/ecc/ecc_sys.c
deleted file mode 100644
index 65ead31..0000000
--- a/src/pk/ecc/ecc_sys.c
+++ /dev/null
@@ -1,462 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-
-/**
- @file ecc_sys.c
- ECC Crypto, Tom St Denis
-*/
-
-/**
- Encrypt a symmetric key with ECC
- @param in The symmetric key you want to encrypt
- @param inlen The length of the key to encrypt (octets)
- @param out [out] The destination for the ciphertext
- @param outlen [in/out] The max size and resulting size of the ciphertext
- @param prng An active PRNG state
- @param wprng The index of the PRNG you wish to use
- @param hash The index of the hash you want to use
- @param key The ECC key you want to encrypt to
- @return CRYPT_OK if successful
-*/
-int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, int hash,
- ecc_key *key)
-{
- unsigned char *pub_expt, *ecc_shared, *skey;
- ecc_key pubkey;
- unsigned long x, y, pubkeysize;
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* check that wprng/cipher/hash are not invalid */
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- if ((err = hash_is_valid(hash)) != CRYPT_OK) {
- return err;
- }
-
- if (inlen > hash_descriptor[hash].hashsize) {
- return CRYPT_INVALID_HASH;
- }
-
- /* make a random key and export the public copy */
- if ((err = ecc_make_key(prng, wprng, ecc_get_size(key), &pubkey)) != CRYPT_OK) {
- return err;
- }
-
- pub_expt = XMALLOC(ECC_BUF_SIZE);
- ecc_shared = XMALLOC(ECC_BUF_SIZE);
- skey = XMALLOC(MAXBLOCKSIZE);
- if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) {
- if (pub_expt != NULL) {
- XFREE(pub_expt);
- }
- if (ecc_shared != NULL) {
- XFREE(ecc_shared);
- }
- if (skey != NULL) {
- XFREE(skey);
- }
- ecc_free(&pubkey);
- return CRYPT_MEM;
- }
-
- pubkeysize = ECC_BUF_SIZE;
- if ((err = ecc_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) {
- ecc_free(&pubkey);
- goto LBL_ERR;
- }
-
- /* make random key */
- x = ECC_BUF_SIZE;
- if ((err = ecc_shared_secret(&pubkey, key, ecc_shared, &x)) != CRYPT_OK) {
- ecc_free(&pubkey);
- goto LBL_ERR;
- }
- ecc_free(&pubkey);
- y = MAXBLOCKSIZE;
- if ((err = hash_memory(hash, ecc_shared, x, skey, &y)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* Encrypt key */
- for (x = 0; x < inlen; x++) {
- skey[x] ^= in[x];
- }
-
- err = der_encode_sequence_multi(out, outlen,
- LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID,
- LTC_ASN1_OCTET_STRING, pubkeysize, pub_expt,
- LTC_ASN1_OCTET_STRING, inlen, skey,
- LTC_ASN1_EOL, 0UL, NULL);
-
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- /* clean up */
- zeromem(pub_expt, ECC_BUF_SIZE);
- zeromem(ecc_shared, ECC_BUF_SIZE);
- zeromem(skey, MAXBLOCKSIZE);
-#endif
-
- XFREE(skey);
- XFREE(ecc_shared);
- XFREE(pub_expt);
-
- return err;
-}
-
-/**
- Decrypt an ECC encrypted key
- @param in The ciphertext
- @param inlen The length of the ciphertext (octets)
- @param out [out] The plaintext
- @param outlen [in/out] The max size and resulting size of the plaintext
- @param key The corresponding private ECC key
- @return CRYPT_OK if successful
-*/
-int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- ecc_key *key)
-{
- unsigned char *ecc_shared, *skey, *pub_expt;
- unsigned long x, y, hashOID[32];
- int hash, err;
- ecc_key pubkey;
- ltc_asn1_list decode[3];
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* right key type? */
- if (key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- /* decode to find out hash */
- LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0]));
-
- if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) {
- return err;
- }
- for (hash = 0; hash_descriptor[hash].name != NULL &&
- (hash_descriptor[hash].OIDlen != decode[0].size ||
- memcmp(hash_descriptor[hash].OID, hashOID, sizeof(unsigned long)*decode[0].size)); hash++);
-
- if (hash_descriptor[hash].name == NULL) {
- return CRYPT_INVALID_PACKET;
- }
-
- /* we now have the hash! */
-
- /* allocate memory */
- pub_expt = XMALLOC(ECC_BUF_SIZE);
- ecc_shared = XMALLOC(ECC_BUF_SIZE);
- skey = XMALLOC(MAXBLOCKSIZE);
- if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) {
- if (pub_expt != NULL) {
- XFREE(pub_expt);
- }
- if (ecc_shared != NULL) {
- XFREE(ecc_shared);
- }
- if (skey != NULL) {
- XFREE(skey);
- }
- return CRYPT_MEM;
- }
- LTC_SET_ASN1(decode, 1, LTC_ASN1_OCTET_STRING, pub_expt, ECC_BUF_SIZE);
- LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE);
-
- /* read the structure in now */
- if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* import ECC key from packet */
- if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* make shared key */
- x = ECC_BUF_SIZE;
- if ((err = ecc_shared_secret(key, &pubkey, ecc_shared, &x)) != CRYPT_OK) {
- ecc_free(&pubkey);
- goto LBL_ERR;
- }
- ecc_free(&pubkey);
-
- y = MAXBLOCKSIZE;
- if ((err = hash_memory(hash, ecc_shared, x, ecc_shared, &y)) != CRYPT_OK) {
- goto LBL_ERR;
- }
-
- /* ensure the hash of the shared secret is at least as big as the encrypt itself */
- if (decode[2].size > y) {
- err = CRYPT_INVALID_PACKET;
- goto LBL_ERR;
- }
-
- /* avoid buffer overflow */
- if (*outlen < decode[2].size) {
- err = CRYPT_BUFFER_OVERFLOW;
- goto LBL_ERR;
- }
-
- /* Decrypt the key */
- for (x = 0; x < decode[2].size; x++) {
- out[x] = skey[x] ^ ecc_shared[x];
- }
- *outlen = x;
-
- err = CRYPT_OK;
-LBL_ERR:
-#ifdef LTC_CLEAN_STACK
- zeromem(pub_expt, ECC_BUF_SIZE);
- zeromem(ecc_shared, ECC_BUF_SIZE);
- zeromem(skey, MAXBLOCKSIZE);
-#endif
-
- XFREE(pub_expt);
- XFREE(ecc_shared);
- XFREE(skey);
-
- return err;
-}
-
-/**
- Sign a message digest
- @param in The message digest to sign
- @param inlen The length of the digest
- @param out [out] The destination for the signature
- @param outlen [in/out] The max size and resulting size of the signature
- @param prng An active PRNG state
- @param wprng The index of the PRNG you wish to use
- @param key A private ECC key
- @return CRYPT_OK if successful
-*/
-int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int wprng, ecc_key *key)
-{
- ecc_key pubkey;
- mp_int r, s, e, p;
- int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* is this a private key? */
- if (key->type != PK_PRIVATE) {
- return CRYPT_PK_NOT_PRIVATE;
- }
-
- /* is the IDX valid ? */
- if (is_valid_idx(key->idx) != 1) {
- return CRYPT_PK_INVALID_TYPE;
- }
-
- if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
- return err;
- }
-
- /* get the hash and load it as a bignum into 'e' */
- /* init the bignums */
- if ((err = mp_init_multi(&r, &s, &p, &e, NULL)) != MP_OKAY) {
- ecc_free(&pubkey);
- err = mpi_to_ltc_error(err);
- goto LBL_ERR;
- }
- if ((err = mp_read_radix(&p, (char *)sets[key->idx].order, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_unsigned_bin(&e, (unsigned char *)in, (int)inlen)) != MP_OKAY) { goto error; }
-
- /* make up a key and export the public copy */
- for (;;) {
- if ((err = ecc_make_key(prng, wprng, ecc_get_size(key), &pubkey)) != CRYPT_OK) {
- return err;
- }
-
- /* find r = x1 mod n */
- if ((err = mp_mod(&pubkey.pubkey.x, &p, &r)) != MP_OKAY) { goto error; }
-
- if (mp_iszero(&r)) {
- ecc_free(&pubkey);
- } else {
- /* find s = (e + xr)/k */
- if ((err = mp_invmod(&pubkey.k, &p, &pubkey.k)) != MP_OKAY) { goto error; } /* k = 1/k */
- if ((err = mp_mulmod(&key->k, &r, &p, &s)) != MP_OKAY) { goto error; } /* s = xr */
- if ((err = mp_addmod(&e, &s, &p, &s)) != MP_OKAY) { goto error; } /* s = e + xr */
- if ((err = mp_mulmod(&s, &pubkey.k, &p, &s)) != MP_OKAY) { goto error; } /* s = (e + xr)/k */
-
- if (mp_iszero(&s)) {
- ecc_free(&pubkey);
- } else {
- break;
- }
- }
- }
-
- /* store as SEQUENCE { r, s -- integer } */
- err = der_encode_sequence_multi(out, outlen,
- LTC_ASN1_INTEGER, 1UL, &r,
- LTC_ASN1_INTEGER, 1UL, &s,
- LTC_ASN1_EOL, 0UL, NULL);
- goto LBL_ERR;
-error:
- err = mpi_to_ltc_error(err);
-LBL_ERR:
- mp_clear_multi(&r, &s, &p, &e, NULL);
- ecc_free(&pubkey);
-
- return err;
-}
-
-/* verify
- *
- * w = s^-1 mod n
- * u1 = xw
- * u2 = rw
- * X = u1*G + u2*Q
- * v = X_x1 mod n
- * accept if v == r
- */
-
-/**
- Verify an ECC signature
- @param sig The signature to verify
- @param siglen The length of the signature (octets)
- @param hash The hash (message digest) that was signed
- @param hashlen The length of the hash (octets)
- @param stat Result of signature, 1==valid, 0==invalid
- @param key The corresponding public ECC key
- @return CRYPT_OK if successful (even if the signature is not valid)
-*/
-int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
- const unsigned char *hash, unsigned long hashlen,
- int *stat, ecc_key *key)
-{
- ecc_point *mG, *mQ;
- mp_int r, s, v, w, u1, u2, e, p, m;
- mp_digit mp;
- int err;
-
- LTC_ARGCHK(sig != NULL);
- LTC_ARGCHK(hash != NULL);
- LTC_ARGCHK(stat != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* default to invalid signature */
- *stat = 0;
-
- /* is the IDX valid ? */
- if (is_valid_idx(key->idx) != 1) {
- return CRYPT_PK_INVALID_TYPE;
- }
-
- /* allocate ints */
- if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL)) != MP_OKAY) {
- return CRYPT_MEM;
- }
-
- /* allocate points */
- mG = new_point();
- mQ = new_point();
- if (mQ == NULL || mG == NULL) {
- err = CRYPT_MEM;
- goto done;
- }
-
- /* parse header */
- if ((err = der_decode_sequence_multi(sig, siglen,
- LTC_ASN1_INTEGER, 1UL, &r,
- LTC_ASN1_INTEGER, 1UL, &s,
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
- goto done;
- }
-
- /* get the order */
- if ((err = mp_read_radix(&p, (char *)sets[key->idx].order, 64)) != MP_OKAY) { goto error; }
-
- /* get the modulus */
- if ((err = mp_read_radix(&m, (char *)sets[key->idx].prime, 64)) != MP_OKAY) { goto error; }
-
- /* check for zero */
- if (mp_iszero(&r) || mp_iszero(&s) || mp_cmp(&r, &p) != MP_LT || mp_cmp(&s, &p) != MP_LT) {
- err = CRYPT_INVALID_PACKET;
- goto done;
- }
-
- /* read hash */
- if ((err = mp_read_unsigned_bin(&e, (unsigned char *)hash, (int)hashlen)) != MP_OKAY) { goto error; }
-
- /* w = s^-1 mod n */
- if ((err = mp_invmod(&s, &p, &w)) != MP_OKAY) { goto error; }
-
- /* u1 = ew */
- if ((err = mp_mulmod(&e, &w, &p, &u1)) != MP_OKAY) { goto error; }
-
- /* u2 = rw */
- if ((err = mp_mulmod(&r, &w, &p, &u2)) != MP_OKAY) { goto error; }
-
- /* find mG = u1*G */
- if ((err = mp_read_radix(&mG->x, (char *)sets[key->idx].Gx, 64)) != MP_OKAY) { goto error; }
- if ((err = mp_read_radix(&mG->y, (char *)sets[key->idx].Gy, 64)) != MP_OKAY) { goto error; }
- mp_set(&mG->z, 1);
- if ((err = ecc_mulmod(&u1, mG, mG, &m, 0)) != CRYPT_OK) { goto done; }
-
- /* find mQ = u2*Q */
- if ((err = mp_copy(&key->pubkey.x, &mQ->x)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&key->pubkey.y, &mQ->y)) != MP_OKAY) { goto error; }
- if ((err = mp_copy(&key->pubkey.z, &mQ->z)) != MP_OKAY) { goto error; }
- if ((err = ecc_mulmod(&u2, mQ, mQ, &m, 0)) != CRYPT_OK) { goto done; }
-
- /* find the montgomery mp */
- if ((err = mp_montgomery_setup(&m, &mp)) != MP_OKAY) { goto error; }
- /* add them */
- if ((err = add_point(mQ, mG, mG, &m, mp)) != CRYPT_OK) { goto done; }
-
- /* reduce */
- if ((err = ecc_map(mG, &m, mp)) != CRYPT_OK) { goto done; }
-
- /* v = X_x1 mod n */
- if ((err = mp_mod(&mG->x, &p, &v)) != CRYPT_OK) { goto done; }
-
- /* does v == r */
- if (mp_cmp(&v, &r) == MP_EQ) {
- *stat = 1;
- }
-
- /* clear up and return */
- err = CRYPT_OK;
- goto done;
-error:
- err = mpi_to_ltc_error(err);
-done:
- del_point(mG);
- del_point(mQ);
- mp_clear_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL);
- return err;
-}
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_sys.c,v $ */
-/* $Revision: 1.18 $ */
-/* $Date: 2005/06/14 20:47:55 $ */
diff --git a/src/pk/ecc/ecc_test.c b/src/pk/ecc/ecc_test.c
new file mode 100644
index 0000000..faa167c
--- /dev/null
+++ b/src/pk/ecc/ecc_test.c
@@ -0,0 +1,95 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_test.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Perform on the ECC system
+ @return CRYPT_OK if successful
+*/
+int ecc_test(void)
+{
+ void *modulus, *order;
+ ecc_point *G, *GG;
+ int i, err, primality;
+
+ if ((err = mp_init_multi(&modulus, &order, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ G = ltc_ecc_new_point();
+ GG = ltc_ecc_new_point();
+ if (G == NULL || GG == NULL) {
+ mp_clear_multi(modulus, order, NULL);
+ ltc_ecc_del_point(G);
+ ltc_ecc_del_point(GG);
+ return CRYPT_MEM;
+ }
+
+ for (i = 0; ltc_ecc_sets[i].size; i++) {
+ #if 0
+ printf("Testing %d\n", ltc_ecc_sets[i].size);
+ #endif
+ if ((err = mp_read_radix(modulus, (char *)ltc_ecc_sets[i].prime, 16)) != CRYPT_OK) { goto done; }
+ if ((err = mp_read_radix(order, (char *)ltc_ecc_sets[i].order, 16)) != CRYPT_OK) { goto done; }
+
+ /* is prime actually prime? */
+ if ((err = mp_prime_is_prime(modulus, 8, &primality)) != CRYPT_OK) { goto done; }
+ if (primality == 0) {
+ err = CRYPT_FAIL_TESTVECTOR;
+ goto done;
+ }
+
+ /* is order prime ? */
+ if ((err = mp_prime_is_prime(order, 8, &primality)) != CRYPT_OK) { goto done; }
+ if (primality == 0) {
+ err = CRYPT_FAIL_TESTVECTOR;
+ goto done;
+ }
+
+ if ((err = mp_read_radix(G->x, (char *)ltc_ecc_sets[i].Gx, 16)) != CRYPT_OK) { goto done; }
+ if ((err = mp_read_radix(G->y, (char *)ltc_ecc_sets[i].Gy, 16)) != CRYPT_OK) { goto done; }
+ mp_set(G->z, 1);
+
+ /* then we should have G == (order + 1)G */
+ if ((err = mp_add_d(order, 1, order)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptmul(order, G, GG, modulus, 1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(G->x, GG->x) != LTC_MP_EQ || mp_cmp(G->y, GG->y) != LTC_MP_EQ) {
+ err = CRYPT_FAIL_TESTVECTOR;
+ goto done;
+ }
+ }
+ err = CRYPT_OK;
+done:
+ ltc_ecc_del_point(GG);
+ ltc_ecc_del_point(G);
+ mp_clear_multi(order, modulus, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_test.c,v $ */
+/* $Revision: 1.10 $ */
+/* $Date: 2006/12/04 02:19:48 $ */
+
diff --git a/src/pk/ecc/ecc_verify_hash.c b/src/pk/ecc/ecc_verify_hash.c
new file mode 100644
index 0000000..bd8a840
--- /dev/null
+++ b/src/pk/ecc/ecc_verify_hash.c
@@ -0,0 +1,165 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ecc_verify_hash.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/* verify
+ *
+ * w = s^-1 mod n
+ * u1 = xw
+ * u2 = rw
+ * X = u1*G + u2*Q
+ * v = X_x1 mod n
+ * accept if v == r
+ */
+
+/**
+ Verify an ECC signature
+ @param sig The signature to verify
+ @param siglen The length of the signature (octets)
+ @param hash The hash (message digest) that was signed
+ @param hashlen The length of the hash (octets)
+ @param stat Result of signature, 1==valid, 0==invalid
+ @param key The corresponding public ECC key
+ @return CRYPT_OK if successful (even if the signature is not valid)
+*/
+int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
+ const unsigned char *hash, unsigned long hashlen,
+ int *stat, ecc_key *key)
+{
+ ecc_point *mG, *mQ;
+ void *r, *s, *v, *w, *u1, *u2, *e, *p, *m;
+ void *mp;
+ int err;
+
+ LTC_ARGCHK(sig != NULL);
+ LTC_ARGCHK(hash != NULL);
+ LTC_ARGCHK(stat != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* default to invalid signature */
+ *stat = 0;
+ mp = NULL;
+
+ /* is the IDX valid ? */
+ if (ltc_ecc_is_valid_idx(key->idx) != 1) {
+ return CRYPT_PK_INVALID_TYPE;
+ }
+
+ /* allocate ints */
+ if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL)) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+
+ /* allocate points */
+ mG = ltc_ecc_new_point();
+ mQ = ltc_ecc_new_point();
+ if (mQ == NULL || mG == NULL) {
+ err = CRYPT_MEM;
+ goto error;
+ }
+
+ /* parse header */
+ if ((err = der_decode_sequence_multi(sig, siglen,
+ LTC_ASN1_INTEGER, 1UL, r,
+ LTC_ASN1_INTEGER, 1UL, s,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* get the order */
+ if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto error; }
+
+ /* get the modulus */
+ if ((err = mp_read_radix(m, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto error; }
+
+ /* check for zero */
+ if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, p) != LTC_MP_LT || mp_cmp(s, p) != LTC_MP_LT) {
+ err = CRYPT_INVALID_PACKET;
+ goto error;
+ }
+
+ /* read hash */
+ if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, (int)hashlen)) != CRYPT_OK) { goto error; }
+
+ /* w = s^-1 mod n */
+ if ((err = mp_invmod(s, p, w)) != CRYPT_OK) { goto error; }
+
+ /* u1 = ew */
+ if ((err = mp_mulmod(e, w, p, u1)) != CRYPT_OK) { goto error; }
+
+ /* u2 = rw */
+ if ((err = mp_mulmod(r, w, p, u2)) != CRYPT_OK) { goto error; }
+
+ /* find mG and mQ */
+ if ((err = mp_read_radix(mG->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto error; }
+ if ((err = mp_read_radix(mG->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto error; }
+ if ((err = mp_set(mG->z, 1)) != CRYPT_OK) { goto error; }
+
+ if ((err = mp_copy(key->pubkey.x, mQ->x)) != CRYPT_OK) { goto error; }
+ if ((err = mp_copy(key->pubkey.y, mQ->y)) != CRYPT_OK) { goto error; }
+ if ((err = mp_copy(key->pubkey.z, mQ->z)) != CRYPT_OK) { goto error; }
+
+ /* compute u1*mG + u2*mQ = mG */
+ if (ltc_mp.ecc_mul2add == NULL) {
+ if ((err = ltc_mp.ecc_ptmul(u1, mG, mG, m, 0)) != CRYPT_OK) { goto error; }
+ if ((err = ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0)) != CRYPT_OK) { goto error; }
+
+ /* find the montgomery mp */
+ if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; }
+
+ /* add them */
+ if ((err = ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp)) != CRYPT_OK) { goto error; }
+
+ /* reduce */
+ if ((err = ltc_mp.ecc_map(mG, m, mp)) != CRYPT_OK) { goto error; }
+ } else {
+ /* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */
+ if ((err = ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m)) != CRYPT_OK) { goto error; }
+ }
+
+ /* v = X_x1 mod n */
+ if ((err = mp_mod(mG->x, p, v)) != CRYPT_OK) { goto error; }
+
+ /* does v == r */
+ if (mp_cmp(v, r) == LTC_MP_EQ) {
+ *stat = 1;
+ }
+
+ /* clear up and return */
+ err = CRYPT_OK;
+error:
+ ltc_ecc_del_point(mG);
+ ltc_ecc_del_point(mQ);
+ mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL);
+ if (mp != NULL) {
+ mp_montgomery_free(mp);
+ }
+ return err;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ecc_verify_hash.c,v $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/12/04 05:07:59 $ */
+
diff --git a/src/pk/ecc/ltc_ecc_is_valid_idx.c b/src/pk/ecc/ltc_ecc_is_valid_idx.c
new file mode 100644
index 0000000..cf81f24
--- /dev/null
+++ b/src/pk/ecc/ltc_ecc_is_valid_idx.c
@@ -0,0 +1,46 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_is_valid_idx.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/** Returns whether an ECC idx is valid or not
+ @param n The idx number to check
+ @return 1 if valid, 0 if not
+*/
+int ltc_ecc_is_valid_idx(int n)
+{
+ int x;
+
+ for (x = 0; ltc_ecc_sets[x].size != 0; x++);
+ /* -1 is a valid index --- indicating that the domain params were supplied by the user */
+ if ((n >= -1) || (n < x)) {
+ return 1;
+ }
+ return 0;
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/11/21 00:10:18 $ */
+
diff --git a/src/pk/ecc/ltc_ecc_map.c b/src/pk/ecc/ltc_ecc_map.c
new file mode 100644
index 0000000..eec28b3
--- /dev/null
+++ b/src/pk/ecc/ltc_ecc_map.c
@@ -0,0 +1,76 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_map.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Map a projective jacbobian point back to affine space
+ @param P [in/out] The point to map
+ @param modulus The modulus of the field the ECC curve is in
+ @param mp The "b" value from montgomery_setup()
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_map(ecc_point *P, void *modulus, void *mp)
+{
+ void *t1, *t2;
+ int err;
+
+ LTC_ARGCHK(P != NULL);
+ LTC_ARGCHK(modulus != NULL);
+ LTC_ARGCHK(mp != NULL);
+
+ if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) {
+ return CRYPT_MEM;
+ }
+
+ /* first map z back to normal */
+ if ((err = mp_montgomery_reduce(P->z, modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* get 1/z */
+ if ((err = mp_invmod(P->z, modulus, t1)) != CRYPT_OK) { goto done; }
+
+ /* get 1/z^2 and 1/z^3 */
+ if ((err = mp_sqr(t1, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mod(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mul(t1, t2, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mod(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+
+ /* multiply against x/y */
+ if ((err = mp_mul(P->x, t2, P->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(P->x, modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mul(P->y, t1, P->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(P->y, modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = mp_set(P->z, 1)) != CRYPT_OK) { goto done; }
+
+ err = CRYPT_OK;
+done:
+ mp_clear_multi(t1, t2, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_map.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/12/04 02:50:11 $ */
+
diff --git a/src/pk/ecc/ltc_ecc_mul2add.c b/src/pk/ecc/ltc_ecc_mul2add.c
new file mode 100644
index 0000000..ac1c24f
--- /dev/null
+++ b/src/pk/ecc/ltc_ecc_mul2add.c
@@ -0,0 +1,207 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_mul2add.c
+ ECC Crypto, Shamir's Trick, Tom St Denis
+*/
+
+#ifdef MECC
+
+#ifdef LTC_ECC_SHAMIR
+
+/** Computes kA*A + kB*B = C using Shamir's Trick
+ @param A First point to multiply
+ @param kA What to multiple A by
+ @param B Second point to multiply
+ @param kB What to multiple B by
+ @param C [out] Destination point (can overlap with A or B
+ @param modulus Modulus for curve
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_mul2add(ecc_point *A, void *kA,
+ ecc_point *B, void *kB,
+ ecc_point *C,
+ void *modulus)
+{
+ ecc_point *precomp[16];
+ unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble;
+ unsigned char *tA, *tB;
+ int err, first;
+ void *mp, *mu;
+
+ /* argchks */
+ LTC_ARGCHK(A != NULL);
+ LTC_ARGCHK(B != NULL);
+ LTC_ARGCHK(C != NULL);
+ LTC_ARGCHK(kA != NULL);
+ LTC_ARGCHK(kB != NULL);
+ LTC_ARGCHK(modulus != NULL);
+
+ /* allocate memory */
+ tA = XCALLOC(1, ECC_BUF_SIZE);
+ if (tA == NULL) {
+ return CRYPT_MEM;
+ }
+ tB = XCALLOC(1, ECC_BUF_SIZE);
+ if (tB == NULL) {
+ XFREE(tA);
+ return CRYPT_MEM;
+ }
+
+ /* get sizes */
+ lenA = mp_unsigned_bin_size(kA);
+ lenB = mp_unsigned_bin_size(kB);
+ len = MAX(lenA, lenB);
+
+ /* sanity check */
+ if ((lenA > ECC_BUF_SIZE) || (lenB > ECC_BUF_SIZE)) {
+ err = CRYPT_INVALID_ARG;
+ goto ERR_T;
+ }
+
+ /* extract and justify kA */
+ mp_to_unsigned_bin(kA, (len - lenA) + tA);
+
+ /* extract and justify kB */
+ mp_to_unsigned_bin(kB, (len - lenB) + tB);
+
+ /* allocate the table */
+ for (x = 0; x < 16; x++) {
+ precomp[x] = ltc_ecc_new_point();
+ if (precomp[x] == NULL) {
+ for (y = 0; y < x; ++y) {
+ ltc_ecc_del_point(precomp[y]);
+ }
+ err = CRYPT_MEM;
+ goto ERR_T;
+ }
+ }
+
+ /* init montgomery reduction */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) {
+ goto ERR_P;
+ }
+ if ((err = mp_init(&mu)) != CRYPT_OK) {
+ goto ERR_MP;
+ }
+ if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
+ goto ERR_MU;
+ }
+
+ /* copy ones ... */
+ if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_mulmod(A->y, mu, modulus, precomp[1]->y)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_mulmod(A->z, mu, modulus, precomp[1]->z)) != CRYPT_OK) { goto ERR_MU; }
+
+ if ((err = mp_mulmod(B->x, mu, modulus, precomp[1<<2]->x)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_mulmod(B->y, mu, modulus, precomp[1<<2]->y)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_mulmod(B->z, mu, modulus, precomp[1<<2]->z)) != CRYPT_OK) { goto ERR_MU; }
+
+ /* precomp [i,0](A + B) table */
+ if ((err = ltc_mp.ecc_ptdbl(precomp[1], precomp[2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = ltc_mp.ecc_ptadd(precomp[1], precomp[2], precomp[3], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+
+ /* precomp [0,i](A + B) table */
+ if ((err = ltc_mp.ecc_ptdbl(precomp[1<<2], precomp[2<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = ltc_mp.ecc_ptadd(precomp[1<<2], precomp[2<<2], precomp[3<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+
+ /* precomp [i,j](A + B) table (i != 0, j != 0) */
+ for (x = 1; x < 4; x++) {
+ for (y = 1; y < 4; y++) {
+ if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ }
+ }
+
+ nibble = 3;
+ first = 1;
+ bitbufA = tA[0];
+ bitbufB = tB[0];
+
+ /* for every byte of the multiplicands */
+ for (x = -1;; ) {
+ /* grab a nibble */
+ if (++nibble == 4) {
+ ++x; if (x == len) break;
+ bitbufA = tA[x];
+ bitbufB = tB[x];
+ nibble = 0;
+ }
+
+ /* extract two bits from both, shift/update */
+ nA = (bitbufA >> 6) & 0x03;
+ nB = (bitbufB >> 6) & 0x03;
+ bitbufA = (bitbufA << 2) & 0xFF;
+ bitbufB = (bitbufB << 2) & 0xFF;
+
+ /* if both zero, if first, continue */
+ if ((nA == 0) && (nB == 0) && (first == 1)) {
+ continue;
+ }
+
+ /* double twice, only if this isn't the first */
+ if (first == 0) {
+ /* double twice */
+ if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ }
+
+ /* if not both zero */
+ if ((nA != 0) || (nB != 0)) {
+ if (first == 1) {
+ /* if first, copy from table */
+ first = 0;
+ if ((err = mp_copy(precomp[nA + (nB<<2)]->x, C->x)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_copy(precomp[nA + (nB<<2)]->y, C->y)) != CRYPT_OK) { goto ERR_MU; }
+ if ((err = mp_copy(precomp[nA + (nB<<2)]->z, C->z)) != CRYPT_OK) { goto ERR_MU; }
+ } else {
+ /* if not first, add from table */
+ if ((err = ltc_mp.ecc_ptadd(C, precomp[nA + (nB<<2)], C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; }
+ }
+ }
+ }
+
+ /* reduce to affine */
+ err = ltc_ecc_map(C, modulus, mp);
+
+ /* clean up */
+ERR_MU:
+ mp_clear(mu);
+ERR_MP:
+ mp_montgomery_free(mp);
+ERR_P:
+ for (x = 0; x < 16; x++) {
+ ltc_ecc_del_point(precomp[x]);
+ }
+ERR_T:
+#ifdef LTC_CLEAN_STACK
+ zeromem(tA, ECC_BUF_SIZE);
+ zeromem(tB, ECC_BUF_SIZE);
+#endif
+ XFREE(tA);
+ XFREE(tB);
+
+ return err;
+}
+
+#endif
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c,v $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/12/04 05:07:59 $ */
diff --git a/src/pk/ecc/ltc_ecc_mulmod.c b/src/pk/ecc/ltc_ecc_mulmod.c
new file mode 100644
index 0000000..0e4c92b
--- /dev/null
+++ b/src/pk/ecc/ltc_ecc_mulmod.c
@@ -0,0 +1,222 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_mulmod.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+#ifndef LTC_ECC_TIMING_RESISTANT
+
+/* size of sliding window, don't change this! */
+#define WINSIZE 4
+
+/**
+ Perform a point multiplication
+ @param k The scalar to multiply by
+ @param G The base point
+ @param R [out] Destination for kG
+ @param modulus The modulus of the field the ECC curve is in
+ @param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective)
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
+{
+ ecc_point *tG, *M[8];
+ int i, j, err;
+ void *mu, *mp;
+ unsigned long buf;
+ int first, bitbuf, bitcpy, bitcnt, mode, digidx;
+
+ LTC_ARGCHK(k != NULL);
+ LTC_ARGCHK(G != NULL);
+ LTC_ARGCHK(R != NULL);
+ LTC_ARGCHK(modulus != NULL);
+
+ /* init montgomery reduction */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = mp_init(&mu)) != CRYPT_OK) {
+ mp_montgomery_free(mp);
+ return err;
+ }
+ if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
+ mp_montgomery_free(mp);
+ mp_clear(mu);
+ return err;
+ }
+
+ /* alloc ram for window temps */
+ for (i = 0; i < 8; i++) {
+ M[i] = ltc_ecc_new_point();
+ if (M[i] == NULL) {
+ for (j = 0; j < i; j++) {
+ ltc_ecc_del_point(M[j]);
+ }
+ mp_montgomery_free(mp);
+ mp_clear(mu);
+ return CRYPT_MEM;
+ }
+ }
+
+ /* make a copy of G incase R==G */
+ tG = ltc_ecc_new_point();
+ if (tG == NULL) { err = CRYPT_MEM; goto done; }
+
+ /* tG = G and convert to montgomery */
+ if (mp_cmp_d(mu, 1) == LTC_MP_EQ) {
+ if ((err = mp_copy(G->x, tG->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(G->y, tG->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(G->z, tG->z)) != CRYPT_OK) { goto done; }
+ } else {
+ if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; }
+ }
+ mp_clear(mu);
+ mu = NULL;
+
+ /* calc the M tab, which holds kG for k==8..15 */
+ /* M[0] == 8G */
+ if ((err = ltc_mp.ecc_ptdbl(tG, M[0], modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* now find (8+k)G for k=1..7 */
+ for (j = 9; j < 16; j++) {
+ if ((err = ltc_mp.ecc_ptadd(M[j-9], tG, M[j-8], modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ /* setup sliding window */
+ mode = 0;
+ bitcnt = 1;
+ buf = 0;
+ digidx = mp_get_digit_count(k) - 1;
+ bitcpy = bitbuf = 0;
+ first = 1;
+
+ /* perform ops */
+ for (;;) {
+ /* grab next digit as required */
+ if (--bitcnt == 0) {
+ if (digidx == -1) {
+ break;
+ }
+ buf = mp_get_digit(k, digidx);
+ bitcnt = (int) ltc_mp.bits_per_digit;
+ --digidx;
+ }
+
+ /* grab the next msb from the ltiplicand */
+ i = (buf >> (ltc_mp.bits_per_digit - 1)) & 1;
+ buf <<= 1;
+
+ /* skip leading zero bits */
+ if (mode == 0 && i == 0) {
+ continue;
+ }
+
+ /* if the bit is zero and mode == 1 then we double */
+ if (mode == 1 && i == 0) {
+ if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
+ continue;
+ }
+
+ /* else we add it to the window */
+ bitbuf |= (i << (WINSIZE - ++bitcpy));
+ mode = 2;
+
+ if (bitcpy == WINSIZE) {
+ /* if this is the first window we do a simple copy */
+ if (first == 1) {
+ /* R = kG [k = first window] */
+ if ((err = mp_copy(M[bitbuf-8]->x, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(M[bitbuf-8]->y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(M[bitbuf-8]->z, R->z)) != CRYPT_OK) { goto done; }
+ first = 0;
+ } else {
+ /* normal window */
+ /* ok window is filled so double as required and add */
+ /* double first */
+ for (j = 0; j < WINSIZE; j++) {
+ if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */
+ if ((err = ltc_mp.ecc_ptadd(R, M[bitbuf-8], R, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+ /* empty window and reset */
+ bitcpy = bitbuf = 0;
+ mode = 1;
+ }
+ }
+
+ /* if bits remain then double/add */
+ if (mode == 2 && bitcpy > 0) {
+ /* double then add */
+ for (j = 0; j < bitcpy; j++) {
+ /* only double if we have had at least one add first */
+ if (first == 0) {
+ if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ bitbuf <<= 1;
+ if ((bitbuf & (1 << WINSIZE)) != 0) {
+ if (first == 1){
+ /* first add, so copy */
+ if ((err = mp_copy(tG->x, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(tG->y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(tG->z, R->z)) != CRYPT_OK) { goto done; }
+ first = 0;
+ } else {
+ /* then add */
+ if ((err = ltc_mp.ecc_ptadd(R, tG, R, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+ }
+ }
+ }
+
+ /* map R back from projective space */
+ if (map) {
+ err = ltc_ecc_map(R, modulus, mp);
+ } else {
+ err = CRYPT_OK;
+ }
+done:
+ if (mu != NULL) {
+ mp_clear(mu);
+ }
+ mp_montgomery_free(mp);
+ ltc_ecc_del_point(tG);
+ for (i = 0; i < 8; i++) {
+ ltc_ecc_del_point(M[i]);
+ }
+ return err;
+}
+
+#endif
+
+#undef WINSIZE
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c,v $ */
+/* $Revision: 1.24 $ */
+/* $Date: 2006/12/04 05:07:59 $ */
diff --git a/src/pk/ecc/ltc_ecc_mulmod_timing.c b/src/pk/ecc/ltc_ecc_mulmod_timing.c
new file mode 100644
index 0000000..b94a50c
--- /dev/null
+++ b/src/pk/ecc/ltc_ecc_mulmod_timing.c
@@ -0,0 +1,167 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_mulmod_timing.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+#ifdef LTC_ECC_TIMING_RESISTANT
+
+/**
+ Perform a point multiplication (timing resistant)
+ @param k The scalar to multiply by
+ @param G The base point
+ @param R [out] Destination for kG
+ @param modulus The modulus of the field the ECC curve is in
+ @param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective)
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map)
+{
+ ecc_point *tG, *M[3];
+ int i, j, err;
+ void *mu, *mp;
+ unsigned long buf;
+ int first, bitbuf, bitcpy, bitcnt, mode, digidx;
+
+ LTC_ARGCHK(k != NULL);
+ LTC_ARGCHK(G != NULL);
+ LTC_ARGCHK(R != NULL);
+ LTC_ARGCHK(modulus != NULL);
+
+ /* init montgomery reduction */
+ if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = mp_init(&mu)) != CRYPT_OK) {
+ mp_montgomery_free(mp);
+ return err;
+ }
+ if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) {
+ mp_clear(mu);
+ mp_montgomery_free(mp);
+ return err;
+ }
+
+ /* alloc ram for window temps */
+ for (i = 0; i < 3; i++) {
+ M[i] = ltc_ecc_new_point();
+ if (M[i] == NULL) {
+ for (j = 0; j < i; j++) {
+ ltc_ecc_del_point(M[j]);
+ }
+ mp_clear(mu);
+ mp_montgomery_free(mp);
+ return CRYPT_MEM;
+ }
+ }
+
+ /* make a copy of G incase R==G */
+ tG = ltc_ecc_new_point();
+ if (tG == NULL) { err = CRYPT_MEM; goto done; }
+
+ /* tG = G and convert to montgomery */
+ if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; }
+ mp_clear(mu);
+ mu = NULL;
+
+ /* calc the M tab */
+ /* M[0] == G */
+ if ((err = mp_copy(tG->x, M[0]->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(tG->y, M[0]->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(tG->z, M[0]->z)) != CRYPT_OK) { goto done; }
+ /* M[1] == 2G */
+ if ((err = ltc_mp.ecc_ptdbl(tG, M[1], modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* setup sliding window */
+ mode = 0;
+ bitcnt = 1;
+ buf = 0;
+ digidx = mp_get_digit_count(k) - 1;
+ bitcpy = bitbuf = 0;
+ first = 1;
+
+ /* perform ops */
+ for (;;) {
+ /* grab next digit as required */
+ if (--bitcnt == 0) {
+ if (digidx == -1) {
+ break;
+ }
+ buf = mp_get_digit(k, digidx);
+ bitcnt = (int) MP_DIGIT_BIT;
+ --digidx;
+ }
+
+ /* grab the next msb from the ltiplicand */
+ i = (buf >> (MP_DIGIT_BIT - 1)) & 1;
+ buf <<= 1;
+
+ if (mode == 0 && i == 0) {
+ /* dummy operations */
+ if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
+ continue;
+ }
+
+ if (mode == 0 && i == 1) {
+ mode = 1;
+ /* dummy operations */
+ if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; }
+ continue;
+ }
+
+ if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[i^1], modulus, mp)) != CRYPT_OK) { goto done; }
+ if ((err = ltc_mp.ecc_ptdbl(M[i], M[i], modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ /* copy result out */
+ if ((err = mp_copy(M[0]->x, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(M[0]->y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(M[0]->z, R->z)) != CRYPT_OK) { goto done; }
+
+ /* map R back from projective space */
+ if (map) {
+ err = ltc_ecc_map(R, modulus, mp);
+ } else {
+ err = CRYPT_OK;
+ }
+done:
+ if (mu != NULL) {
+ mp_clear(mu);
+ }
+ mp_montgomery_free(mp);
+ ltc_ecc_del_point(tG);
+ for (i = 0; i < 3; i++) {
+ ltc_ecc_del_point(M[i]);
+ }
+ return err;
+}
+
+#endif
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c,v $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/12/04 22:17:46 $ */
+
diff --git a/src/pk/ecc/ltc_ecc_points.c b/src/pk/ecc/ltc_ecc_points.c
new file mode 100644
index 0000000..39f1321
--- /dev/null
+++ b/src/pk/ecc/ltc_ecc_points.c
@@ -0,0 +1,60 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_points.c
+ ECC Crypto, Tom St Denis
+*/
+
+#ifdef MECC
+
+/**
+ Allocate a new ECC point
+ @return A newly allocated point or NULL on error
+*/
+ecc_point *ltc_ecc_new_point(void)
+{
+ ecc_point *p;
+ p = XCALLOC(1, sizeof(*p));
+ if (p == NULL) {
+ return NULL;
+ }
+ if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != CRYPT_OK) {
+ XFREE(p);
+ return NULL;
+ }
+ return p;
+}
+
+/** Free an ECC point from memory
+ @param p The point to free
+*/
+void ltc_ecc_del_point(ecc_point *p)
+{
+ /* prevents free'ing null arguments */
+ if (p != NULL) {
+ mp_clear_multi(p->x, p->y, p->z, NULL); /* note: p->z may be NULL but that's ok with this function anyways */
+ XFREE(p);
+ }
+}
+
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_points.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/12/04 02:19:48 $ */
+
diff --git a/src/pk/ecc/ltc_ecc_projective_add_point.c b/src/pk/ecc/ltc_ecc_projective_add_point.c
new file mode 100644
index 0000000..c8e359f
--- /dev/null
+++ b/src/pk/ecc/ltc_ecc_projective_add_point.c
@@ -0,0 +1,196 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_projective_add_point.c
+ ECC Crypto, Tom St Denis
+*/
+
+#if defined(MECC) && (!defined(MECC_ACCEL) || defined(LTM_DESC))
+
+/**
+ Add two ECC points
+ @param P The point to add
+ @param Q The point to add
+ @param R [out] The destination of the double
+ @param modulus The modulus of the field the ECC curve is in
+ @param mp The "b" value from montgomery_setup()
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp)
+{
+ void *t1, *t2, *x, *y, *z;
+ int err;
+
+ LTC_ARGCHK(P != NULL);
+ LTC_ARGCHK(Q != NULL);
+ LTC_ARGCHK(R != NULL);
+ LTC_ARGCHK(modulus != NULL);
+ LTC_ARGCHK(mp != NULL);
+
+ if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* should we dbl instead? */
+ if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; }
+
+ if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) &&
+ (Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) &&
+ (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) {
+ mp_clear_multi(t1, t2, x, y, z, NULL);
+ return ltc_ecc_projective_dbl_point(P, R, modulus, mp);
+ }
+
+ if ((err = mp_copy(P->x, x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(P->y, y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(P->z, z)) != CRYPT_OK) { goto done; }
+
+ /* if Z is one then these are no-operations */
+ if (Q->z != NULL) {
+ /* T1 = Z' * Z' */
+ if ((err = mp_sqr(Q->z, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* X = X * T1 */
+ if ((err = mp_mul(t1, x, x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T1 = Z' * T1 */
+ if ((err = mp_mul(Q->z, t1, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* Y = Y * T1 */
+ if ((err = mp_mul(t1, y, y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(y, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ /* T1 = Z*Z */
+ if ((err = mp_sqr(z, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T2 = X' * T1 */
+ if ((err = mp_mul(Q->x, t1, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T1 = Z * T1 */
+ if ((err = mp_mul(z, t1, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T1 = Y' * T1 */
+ if ((err = mp_mul(Q->y, t1, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* Y = Y - T1 */
+ if ((err = mp_sub(y, t1, y)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(y, 0) == LTC_MP_LT) {
+ if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; }
+ }
+ /* T1 = 2T1 */
+ if ((err = mp_add(t1, t1, t1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t1, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+ }
+ /* T1 = Y + T1 */
+ if ((err = mp_add(t1, y, t1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t1, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+ }
+ /* X = X - T2 */
+ if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(x, 0) == LTC_MP_LT) {
+ if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; }
+ }
+ /* T2 = 2T2 */
+ if ((err = mp_add(t2, t2, t2)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t2, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+ /* T2 = X + T2 */
+ if ((err = mp_add(t2, x, t2)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t2, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+
+ /* if Z' != 1 */
+ if (Q->z != NULL) {
+ /* Z = Z * Z' */
+ if ((err = mp_mul(z, Q->z, z)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; }
+ }
+
+ /* Z = Z * X */
+ if ((err = mp_mul(z, x, z)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* T1 = T1 * X */
+ if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* X = X * X */
+ if ((err = mp_sqr(x, x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T2 = T2 * x */
+ if ((err = mp_mul(t2, x, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T1 = T1 * X */
+ if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* X = Y*Y */
+ if ((err = mp_sqr(y, x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* X = X - T2 */
+ if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(x, 0) == LTC_MP_LT) {
+ if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; }
+ }
+
+ /* T2 = T2 - X */
+ if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(t2, 0) == LTC_MP_LT) {
+ if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+ /* T2 = T2 - X */
+ if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(t2, 0) == LTC_MP_LT) {
+ if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+ /* T2 = T2 * Y */
+ if ((err = mp_mul(t2, y, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* Y = T2 - T1 */
+ if ((err = mp_sub(t2, t1, y)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(y, 0) == LTC_MP_LT) {
+ if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; }
+ }
+ /* Y = Y/2 */
+ if (mp_isodd(y)) {
+ if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; }
+ }
+ if ((err = mp_div_2(y, y)) != CRYPT_OK) { goto done; }
+
+ if ((err = mp_copy(x, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(z, R->z)) != CRYPT_OK) { goto done; }
+
+ err = CRYPT_OK;
+done:
+ mp_clear_multi(t1, t2, x, y, z, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c,v $ */
+/* $Revision: 1.13 $ */
+/* $Date: 2006/12/04 05:07:59 $ */
+
diff --git a/src/pk/ecc/ltc_ecc_projective_dbl_point.c b/src/pk/ecc/ltc_ecc_projective_dbl_point.c
new file mode 100644
index 0000000..f0b3e1d
--- /dev/null
+++ b/src/pk/ecc/ltc_ecc_projective_dbl_point.c
@@ -0,0 +1,147 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+
+/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
+ *
+ * All curves taken from NIST recommendation paper of July 1999
+ * Available at http://csrc.nist.gov/cryptval/dss.htm
+ */
+#include "tomcrypt.h"
+
+/**
+ @file ltc_ecc_projective_dbl_point.c
+ ECC Crypto, Tom St Denis
+*/
+
+#if defined(MECC) && (!defined(MECC_ACCEL) || defined(LTM_DESC))
+
+/**
+ Double an ECC point
+ @param P The point to double
+ @param R [out] The destination of the double
+ @param modulus The modulus of the field the ECC curve is in
+ @param mp The "b" value from montgomery_setup()
+ @return CRYPT_OK on success
+*/
+int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp)
+{
+ void *t1, *t2;
+ int err;
+
+ LTC_ARGCHK(P != NULL);
+ LTC_ARGCHK(R != NULL);
+ LTC_ARGCHK(modulus != NULL);
+ LTC_ARGCHK(mp != NULL);
+
+ if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ if (P != R) {
+ if ((err = mp_copy(P->x, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(P->y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_copy(P->z, R->z)) != CRYPT_OK) { goto done; }
+ }
+
+ /* t1 = Z * Z */
+ if ((err = mp_sqr(R->z, t1)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* Z = Y * Z */
+ if ((err = mp_mul(R->z, R->y, R->z)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(R->z, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* Z = 2Z */
+ if ((err = mp_add(R->z, R->z, R->z)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(R->z, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(R->z, modulus, R->z)) != CRYPT_OK) { goto done; }
+ }
+
+ /* T2 = X - T1 */
+ if ((err = mp_sub(R->x, t1, t2)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(t2, 0) == LTC_MP_LT) {
+ if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+ /* T1 = X + T1 */
+ if ((err = mp_add(t1, R->x, t1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t1, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+ }
+ /* T2 = T1 * T2 */
+ if ((err = mp_mul(t1, t2, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T1 = 2T2 */
+ if ((err = mp_add(t2, t2, t1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t1, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+ }
+ /* T1 = T1 + T2 */
+ if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(t1, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; }
+ }
+
+ /* Y = 2Y */
+ if ((err = mp_add(R->y, R->y, R->y)) != CRYPT_OK) { goto done; }
+ if (mp_cmp(R->y, modulus) != LTC_MP_LT) {
+ if ((err = mp_sub(R->y, modulus, R->y)) != CRYPT_OK) { goto done; }
+ }
+ /* Y = Y * Y */
+ if ((err = mp_sqr(R->y, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T2 = Y * Y */
+ if ((err = mp_sqr(R->y, t2)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* T2 = T2/2 */
+ if (mp_isodd(t2)) {
+ if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; }
+ }
+ if ((err = mp_div_2(t2, t2)) != CRYPT_OK) { goto done; }
+ /* Y = Y * X */
+ if ((err = mp_mul(R->y, R->x, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; }
+
+ /* X = T1 * T1 */
+ if ((err = mp_sqr(t1, R->x)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(R->x, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* X = X - Y */
+ if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(R->x, 0) == LTC_MP_LT) {
+ if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; }
+ }
+ /* X = X - Y */
+ if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(R->x, 0) == LTC_MP_LT) {
+ if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; }
+ }
+
+ /* Y = Y - X */
+ if ((err = mp_sub(R->y, R->x, R->y)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(R->y, 0) == LTC_MP_LT) {
+ if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; }
+ }
+ /* Y = Y * T1 */
+ if ((err = mp_mul(R->y, t1, R->y)) != CRYPT_OK) { goto done; }
+ if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; }
+ /* Y = Y - T2 */
+ if ((err = mp_sub(R->y, t2, R->y)) != CRYPT_OK) { goto done; }
+ if (mp_cmp_d(R->y, 0) == LTC_MP_LT) {
+ if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; }
+ }
+
+ err = CRYPT_OK;
+done:
+ mp_clear_multi(t1, t2, NULL);
+ return err;
+}
+#endif
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c,v $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/12/04 05:07:59 $ */
+
diff --git a/src/pk/katja/katja_decrypt_key.c b/src/pk/katja/katja_decrypt_key.c
new file mode 100644
index 0000000..1e10d6c
--- /dev/null
+++ b/src/pk/katja/katja_decrypt_key.c
@@ -0,0 +1,105 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_decrypt_key.c
+ Katja PKCS #1 OAEP Decryption, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ (PKCS #1 v2.0) decrypt then OAEP depad
+ @param in The ciphertext
+ @param inlen The length of the ciphertext (octets)
+ @param out [out] The plaintext
+ @param outlen [in/out] The max size and resulting size of the plaintext (octets)
+ @param lparam The system "lparam" value
+ @param lparamlen The length of the lparam value (octets)
+ @param hash_idx The index of the hash desired
+ @param stat [out] Result of the decryption, 1==valid, 0==invalid
+ @param key The corresponding private Katja key
+ @return CRYPT_OK if succcessul (even if invalid)
+*/
+int katja_decrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ int hash_idx, int *stat,
+ katja_key *key)
+{
+ unsigned long modulus_bitlen, modulus_bytelen, x;
+ int err;
+ unsigned char *tmp;
+
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(stat != NULL);
+
+ /* default to invalid */
+ *stat = 0;
+
+ /* valid hash ? */
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* get modulus len in bits */
+ modulus_bitlen = mp_count_bits( (key->N));
+
+ /* payload is upto pq, so we know q is 1/3rd the size of N and therefore pq is 2/3th the size */
+ modulus_bitlen = ((modulus_bitlen << 1) / 3);
+
+ /* round down to next byte */
+ modulus_bitlen -= (modulus_bitlen & 7) + 8;
+
+ /* outlen must be at least the size of the modulus */
+ modulus_bytelen = mp_unsigned_bin_size( (key->N));
+ if (modulus_bytelen != inlen) {
+ return CRYPT_INVALID_PACKET;
+ }
+
+ /* allocate ram */
+ tmp = XMALLOC(inlen);
+ if (tmp == NULL) {
+ return CRYPT_MEM;
+ }
+
+ /* rsa decode the packet */
+ x = inlen;
+ if ((err = katja_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) {
+ XFREE(tmp);
+ return err;
+ }
+
+ /* shift right by modulus_bytelen - modulus_bitlen/8 bytes */
+ for (x = 0; x < (modulus_bitlen >> 3); x++) {
+ tmp[x] = tmp[x+(modulus_bytelen-(modulus_bitlen>>3))];
+ }
+
+ /* now OAEP decode the packet */
+ err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx,
+ out, outlen, stat);
+
+ XFREE(tmp);
+ return err;
+}
+
+#endif /* MRSA */
+
+
+
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_decrypt_key.c,v $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/katja/katja_encrypt_key.c b/src/pk/katja/katja_encrypt_key.c
new file mode 100644
index 0000000..ce93356
--- /dev/null
+++ b/src/pk/katja/katja_encrypt_key.c
@@ -0,0 +1,87 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_encrypt_key.c
+ Katja PKCS-style OAEP encryption, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ (PKCS #1 v2.0) OAEP pad then encrypt
+ @param in The plaintext
+ @param inlen The length of the plaintext (octets)
+ @param out [out] The ciphertext
+ @param outlen [in/out] The max size and resulting size of the ciphertext
+ @param lparam The system "lparam" for the encryption
+ @param lparamlen The length of lparam (octets)
+ @param prng An active PRNG
+ @param prng_idx The index of the desired prng
+ @param hash_idx The index of the desired hash
+ @param key The Katja key to encrypt to
+ @return CRYPT_OK if successful
+*/
+int katja_encrypt_key(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ prng_state *prng, int prng_idx, int hash_idx, katja_key *key)
+{
+ unsigned long modulus_bitlen, modulus_bytelen, x;
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* valid prng and hash ? */
+ if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* get modulus len in bits */
+ modulus_bitlen = mp_count_bits((key->N));
+
+ /* payload is upto pq, so we know q is 1/3rd the size of N and therefore pq is 2/3th the size */
+ modulus_bitlen = ((modulus_bitlen << 1) / 3);
+
+ /* round down to next byte */
+ modulus_bitlen -= (modulus_bitlen & 7) + 8;
+
+ /* outlen must be at least the size of the modulus */
+ modulus_bytelen = mp_unsigned_bin_size((key->N));
+ if (modulus_bytelen > *outlen) {
+ *outlen = modulus_bytelen;
+ return CRYPT_BUFFER_OVERFLOW;
+ }
+
+ /* OAEP pad the key */
+ x = *outlen;
+ if ((err = pkcs_1_oaep_encode(in, inlen, lparam,
+ lparamlen, modulus_bitlen, prng, prng_idx, hash_idx,
+ out, &x)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* Katja exptmod the OAEP pad */
+ return katja_exptmod(out, x, out, outlen, PK_PUBLIC, key);
+}
+
+#endif /* MRSA */
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_encrypt_key.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/pk/katja/katja_export.c b/src/pk/katja/katja_export.c
new file mode 100644
index 0000000..9e55654
--- /dev/null
+++ b/src/pk/katja/katja_export.c
@@ -0,0 +1,75 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_export.c
+ Export Katja PKCS-style keys, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ This will export either an KatjaPublicKey or KatjaPrivateKey
+ @param out [out] Destination of the packet
+ @param outlen [in/out] The max size and resulting size of the packet
+ @param type The type of exported key (PK_PRIVATE or PK_PUBLIC)
+ @param key The Katja key to export
+ @return CRYPT_OK if successful
+*/
+int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key)
+{
+ int err;
+ unsigned long zero=0;
+
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* type valid? */
+ if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) {
+ return CRYPT_PK_INVALID_TYPE;
+ }
+
+ if (type == PK_PRIVATE) {
+ /* private key */
+ /* output is
+ Version, n, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p, pq
+ */
+ if ((err = der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_SHORT_INTEGER, 1UL, &zero,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->d,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->dP,
+ LTC_ASN1_INTEGER, 1UL, key->dQ,
+ LTC_ASN1_INTEGER, 1UL, key->qP,
+ LTC_ASN1_INTEGER, 1UL, key->pq,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* clear zero and return */
+ return CRYPT_OK;
+ } else {
+ /* public key */
+ return der_encode_sequence_multi(out, outlen,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_EOL, 0UL, NULL);
+ }
+}
+
+#endif /* MRSA */
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_export.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/katja/katja_exptmod.c b/src/pk/katja/katja_exptmod.c
new file mode 100644
index 0000000..8cc47d8
--- /dev/null
+++ b/src/pk/katja/katja_exptmod.c
@@ -0,0 +1,115 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_exptmod.c
+ Katja PKCS-style exptmod, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ Compute an RSA modular exponentiation
+ @param in The input data to send into RSA
+ @param inlen The length of the input (octets)
+ @param out [out] The destination
+ @param outlen [in/out] The max size and resulting size of the output
+ @param which Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC
+ @param key The RSA key to use
+ @return CRYPT_OK if successful
+*/
+int katja_exptmod(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen, int which,
+ katja_key *key)
+{
+ void *tmp, *tmpa, *tmpb;
+ unsigned long x;
+ int err;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* is the key of the right type for the operation? */
+ if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
+ return CRYPT_PK_NOT_PRIVATE;
+ }
+
+ /* must be a private or public operation */
+ if (which != PK_PRIVATE && which != PK_PUBLIC) {
+ return CRYPT_PK_INVALID_TYPE;
+ }
+
+ /* init and copy into tmp */
+ if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK) { return err; }
+ if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; }
+
+ /* sanity check on the input */
+ if (mp_cmp(key->N, tmp) == LTC_MP_LT) {
+ err = CRYPT_PK_INVALID_SIZE;
+ goto done;
+ }
+
+ /* are we using the private exponent and is the key optimized? */
+ if (which == PK_PRIVATE) {
+ /* tmpa = tmp^dP mod p */
+ if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; }
+
+ /* tmpb = tmp^dQ mod q */
+ if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; }
+
+ /* tmp = (tmpa - tmpb) * qInv (mod p) */
+ if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; }
+
+ /* tmp = tmpb + q * tmp */
+ if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; }
+ } else {
+ /* exptmod it */
+ if ((err = mp_exptmod(tmp, key->N, key->N, tmp)) != CRYPT_OK) { goto error; }
+ }
+
+ /* read it back */
+ x = (unsigned long)mp_unsigned_bin_size(key->N);
+ if (x > *outlen) {
+ *outlen = x;
+ err = CRYPT_BUFFER_OVERFLOW;
+ goto done;
+ }
+
+ /* this should never happen ... */
+ if (mp_unsigned_bin_size(tmp) > mp_unsigned_bin_size(key->N)) {
+ err = CRYPT_ERROR;
+ goto done;
+ }
+ *outlen = x;
+
+ /* convert it */
+ zeromem(out, x);
+ if ((err = mp_to_unsigned_bin(tmp, out+(x-mp_unsigned_bin_size(tmp)))) != CRYPT_OK) { goto error; }
+
+ /* clean up and return */
+ err = CRYPT_OK;
+ goto done;
+error:
+done:
+ mp_clear_multi(tmp, tmpa, tmpb, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_exptmod.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/pk/katja/katja_free.c b/src/pk/katja/katja_free.c
new file mode 100644
index 0000000..8aed3fb
--- /dev/null
+++ b/src/pk/katja/katja_free.c
@@ -0,0 +1,35 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_free.c
+ Free an Katja key, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ Free an Katja key from memory
+ @param key The RSA key to free
+*/
+void katja_free(katja_key *key)
+{
+ LTC_ARGCHK(key != NULL);
+ mp_clear_multi( key->d, key->N, key->dQ, key->dP,
+ key->qP, key->p, key->q, key->pq, NULL);
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_free.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/katja/katja_import.c b/src/pk/katja/katja_import.c
new file mode 100644
index 0000000..efdbe07
--- /dev/null
+++ b/src/pk/katja/katja_import.c
@@ -0,0 +1,81 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_import.c
+ Import a PKCS-style Katja key, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ Import an KatjaPublicKey or KatjaPrivateKey [two-prime only, only support >= 1024-bit keys, defined in PKCS #1 v2.1]
+ @param in The packet to import from
+ @param inlen It's length (octets)
+ @param key [out] Destination for newly imported key
+ @return CRYPT_OK if successful, upon error allocated memory is freed
+*/
+int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key)
+{
+ int err;
+ void *zero;
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+
+ /* init key */
+ if ((err = mp_init_multi(&zero, &key->d, &key->N, &key->dQ,
+ &key->dP, &key->qP, &key->p, &key->q, &key->pq, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = der_decode_sequence_multi(in, inlen,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+
+ if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) {
+ /* it's a private key */
+ if ((err = der_decode_sequence_multi(in, inlen,
+ LTC_ASN1_INTEGER, 1UL, zero,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->d,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->dP,
+ LTC_ASN1_INTEGER, 1UL, key->dQ,
+ LTC_ASN1_INTEGER, 1UL, key->qP,
+ LTC_ASN1_INTEGER, 1UL, key->pq,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
+ key->type = PK_PRIVATE;
+ } else {
+ /* public we have N */
+ key->type = PK_PUBLIC;
+ }
+ mp_clear(zero);
+ return CRYPT_OK;
+LBL_ERR:
+ mp_clear_multi(zero, key->d, key->N, key->dQ, key->dP,
+ key->qP, key->p, key->q, key->pq, NULL);
+ return err;
+}
+
+#endif /* MRSA */
+
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_import.c,v $ */
+/* $Revision: 1.3 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/katja/katja_make_key.c b/src/pk/katja/katja_make_key.c
new file mode 100644
index 0000000..08016c8
--- /dev/null
+++ b/src/pk/katja/katja_make_key.c
@@ -0,0 +1,101 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/**
+ @file katja_make_key.c
+ Katja key generation, Tom St Denis
+*/
+
+#ifdef MKAT
+
+/**
+ Create a Katja key
+ @param prng An active PRNG state
+ @param wprng The index of the PRNG desired
+ @param size The size of the modulus (key size) desired (octets)
+ @param key [out] Destination of a newly created private key pair
+ @return CRYPT_OK if successful, upon error all allocated ram is freed
+*/
+int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key)
+{
+ void *p, *q, *tmp1, *tmp2;
+ int err;
+
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+
+ if ((size < (MIN_KAT_SIZE/8)) || (size > (MAX_KAT_SIZE/8))) {
+ return CRYPT_INVALID_KEYSIZE;
+ }
+
+ if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
+ return err;
+ }
+
+ if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, NULL)) != CRYPT_OK) {
+ return err;
+ }
+
+ /* divide size by three */
+ size = (((size << 3) / 3) + 7) >> 3;
+
+ /* make prime "q" (we negate size to make q == 3 mod 4) */
+ if ((err = rand_prime(q, -size, prng, wprng)) != CRYPT_OK) { goto done; }
+ if ((err = mp_sub_d(q, 1, tmp1)) != CRYPT_OK) { goto done; }
+
+ /* make prime "p" */
+ do {
+ if ((err = rand_prime(p, size+1, prng, wprng)) != CRYPT_OK) { goto done; }
+ if ((err = mp_gcd(p, tmp1, tmp2)) != CRYPT_OK) { goto done; }
+ } while (mp_cmp_d(tmp2, 1) != LTC_MP_EQ);
+
+ /* make key */
+ if ((err = mp_init_multi(&key->d, &key->N, &key->dQ, &key->dP,
+ &key->qP, &key->p, &key->q, &key->pq, NULL)) != CRYPT_OK) {
+ goto error;
+ }
+
+ /* n=p^2q and 1/n mod pq */
+ if ((err = mp_copy( p, key->p)) != CRYPT_OK) { goto error2; }
+ if ((err = mp_copy( q, key->q)) != CRYPT_OK) { goto error2; }
+ if ((err = mp_mul(key->p, key->q, key->pq)) != CRYPT_OK) { goto error2; } /* tmp1 = pq */
+ if ((err = mp_mul(key->pq, key->p, key->N)) != CRYPT_OK) { goto error2; } /* N = p^2q */
+ if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto error2; } /* tmp1 = q-1 */
+ if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto error2; } /* tmp2 = p-1 */
+ if ((err = mp_lcm(tmp1, tmp2, key->d)) != CRYPT_OK) { goto error2; } /* tmp1 = lcd(p-1,q-1) */
+ if ((err = mp_invmod( key->N, key->d, key->d)) != CRYPT_OK) { goto error2; } /* key->d = 1/N mod pq */
+
+ /* optimize for CRT now */
+ /* find d mod q-1 and d mod p-1 */
+ if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { goto error2; } /* dP = d mod p-1 */
+ if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { goto error2; } /* dQ = d mod q-1 */
+ if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { goto error2; } /* qP = 1/q mod p */
+
+ /* set key type (in this case it's CRT optimized) */
+ key->type = PK_PRIVATE;
+
+ /* return ok and free temps */
+ err = CRYPT_OK;
+ goto done;
+error2:
+ mp_clear_multi( key->d, key->N, key->dQ, key->dP, key->qP, key->p, key->q, key->pq, NULL);
+error:
+done:
+ mp_clear_multi( tmp2, tmp1, p, q, NULL);
+ return err;
+}
+
+#endif
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/katja/katja_make_key.c,v $ */
+/* $Revision: 1.10 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/packet_store_header.c b/src/pk/packet_store_header.c
deleted file mode 100644
index 855ca70..0000000
--- a/src/pk/packet_store_header.c
+++ /dev/null
@@ -1,33 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-#include "tomcrypt.h"
-
-#ifdef PACKET
-
-void packet_store_header(unsigned char *dst, int section, int subsection)
-{
- LTC_ARGCHK(dst != NULL);
-
- /* store version number */
- dst[0] = (unsigned char)(CRYPT&255);
- dst[1] = (unsigned char)((CRYPT>>8)&255);
-
- /* store section and subsection */
- dst[2] = (unsigned char)(section & 255);
- dst[3] = (unsigned char)(subsection & 255);
-
-}
-
-#endif
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/packet_store_header.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/src/pk/packet_valid_header.c b/src/pk/packet_valid_header.c
deleted file mode 100644
index 59db0f7..0000000
--- a/src/pk/packet_valid_header.c
+++ /dev/null
@@ -1,41 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
- */
-#include "tomcrypt.h"
-
-#ifdef PACKET
-
-int packet_valid_header(unsigned char *src, int section, int subsection)
-{
- unsigned long ver;
-
- LTC_ARGCHK(src != NULL);
-
- /* check version */
- ver = ((unsigned long)src[0]) | ((unsigned long)src[1] << 8U);
- if (CRYPT < ver) {
- return CRYPT_INVALID_PACKET;
- }
-
- /* check section and subsection */
- if (section != (int)src[2] || subsection != (int)src[3]) {
- return CRYPT_INVALID_PACKET;
- }
-
- return CRYPT_OK;
-}
-
-#endif
-
-
-
-/* $Source: /cvs/libtom/libtomcrypt/src/pk/packet_valid_header.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
diff --git a/src/pk/pkcs1/pkcs_1_i2osp.c b/src/pk/pkcs1/pkcs_1_i2osp.c
index 3e68eb8..4a39bd5 100644
--- a/src/pk/pkcs1/pkcs_1_i2osp.c
+++ b/src/pk/pkcs1/pkcs_1_i2osp.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -28,9 +28,8 @@
@param out [out] The destination for the integer
@return CRYPT_OK if successful
*/
-int pkcs_1_i2osp(mp_int *n, unsigned long modulus_len, unsigned char *out)
+int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out)
{
- int err;
unsigned long size;
size = mp_unsigned_bin_size(n);
@@ -41,15 +40,12 @@ int pkcs_1_i2osp(mp_int *n, unsigned long modulus_len, unsigned char *out)
/* store it */
zeromem(out, modulus_len);
- if ((err = mp_to_unsigned_bin(n, out+(modulus_len-size))) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
- return CRYPT_OK;
+ return mp_to_unsigned_bin(n, out+(modulus_len-size));
}
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/pkcs1/pkcs_1_mgf1.c b/src/pk/pkcs1/pkcs_1_mgf1.c
index aac7494..bfc80bd 100644
--- a/src/pk/pkcs1/pkcs_1_mgf1.c
+++ b/src/pk/pkcs1/pkcs_1_mgf1.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -26,8 +26,8 @@
@param masklen The length of the mask desired
@return CRYPT_OK if successful
*/
-int pkcs_1_mgf1(const unsigned char *seed, unsigned long seedlen,
- int hash_idx,
+int pkcs_1_mgf1(int hash_idx,
+ const unsigned char *seed, unsigned long seedlen,
unsigned char *mask, unsigned long masklen)
{
unsigned long hLen, x;
@@ -104,5 +104,5 @@ LBL_ERR:
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.6 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/pkcs1/pkcs_1_oaep_decode.c b/src/pk/pkcs1/pkcs_1_oaep_decode.c
index cd4931b..e70a016 100644
--- a/src/pk/pkcs1/pkcs_1_oaep_decode.c
+++ b/src/pk/pkcs1/pkcs_1_oaep_decode.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -101,7 +101,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
x += modulus_len - hLen - 1;
/* compute MGF1 of maskedDB (hLen) */
- if ((err = pkcs_1_mgf1(DB, modulus_len - hLen - 1, hash_idx, mask, hLen)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -111,7 +111,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
}
/* compute MGF1 of seed (k - hlen - 1) */
- if ((err = pkcs_1_mgf1(seed, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -136,7 +136,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
}
/* compare the lhash'es */
- if (memcmp(seed, DB, hLen) != 0) {
+ if (XMEMCMP(seed, DB, hLen) != 0) {
err = CRYPT_OK;
goto LBL_ERR;
}
@@ -148,18 +148,19 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
/* error out if wasn't 0x01 */
if (x == (modulus_len - hLen - 1) || DB[x] != 0x01) {
- err = CRYPT_OK;
+ err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
/* rest is the message (and skip 0x01) */
- if ((modulus_len - hLen - 1) - ++x > *outlen) {
+ if ((modulus_len - hLen - 1 - ++x) > *outlen) {
+ *outlen = modulus_len - hLen - 1 - x;
err = CRYPT_BUFFER_OVERFLOW;
goto LBL_ERR;
}
/* copy message */
- *outlen = (modulus_len - hLen - 1) - x;
+ *outlen = modulus_len - hLen - 1 - x;
XMEMCPY(out, DB + x, modulus_len - hLen - 1 - x);
x += modulus_len - hLen - 1;
@@ -184,5 +185,5 @@ LBL_ERR:
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/06/18 02:37:06 $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/11/01 09:28:17 $ */
diff --git a/src/pk/pkcs1/pkcs_1_oaep_encode.c b/src/pk/pkcs1/pkcs_1_oaep_encode.c
index 12670b5..99e1ac6 100644
--- a/src/pk/pkcs1/pkcs_1_oaep_encode.c
+++ b/src/pk/pkcs1/pkcs_1_oaep_encode.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -114,7 +114,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
}
/* compute MGF1 of seed (k - hlen - 1) */
- if ((err = pkcs_1_mgf1(seed, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -124,7 +124,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
}
/* compute MGF1 of maskedDB (hLen) */
- if ((err = pkcs_1_mgf1(DB, modulus_len - hLen - 1, hash_idx, mask, hLen)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -135,6 +135,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
/* create string of length modulus_len */
if (*outlen < modulus_len) {
+ *outlen = modulus_len;
err = CRYPT_BUFFER_OVERFLOW;
goto LBL_ERR;
}
@@ -168,5 +169,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/pk/pkcs1/pkcs_1_os2ip.c b/src/pk/pkcs1/pkcs_1_os2ip.c
index a9a1858..563ae8d 100644
--- a/src/pk/pkcs1/pkcs_1_os2ip.c
+++ b/src/pk/pkcs1/pkcs_1_os2ip.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -23,19 +23,14 @@
@param inlen The length of the binary string
@return CRYPT_OK if successful
*/
-int pkcs_1_os2ip(mp_int *n, unsigned char *in, unsigned long inlen)
+int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen)
{
- int err;
- /* read it */
- if ((err = mp_read_unsigned_bin(n, in, inlen)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
- }
- return CRYPT_OK;
+ return mp_read_unsigned_bin(n, in, inlen);
}
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/pkcs1/pkcs_1_pss_decode.c b/src/pk/pkcs1/pkcs_1_pss_decode.c
index e61c33f..2c16d50 100644
--- a/src/pk/pkcs1/pkcs_1_pss_decode.c
+++ b/src/pk/pkcs1/pkcs_1_pss_decode.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -82,7 +82,7 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
/* ensure the 0xBC byte */
if (sig[siglen-1] != 0xBC) {
- err = CRYPT_OK;
+ err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
@@ -97,12 +97,12 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
/* check the MSB */
if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)))) != 0) {
- err = CRYPT_OK;
+ err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
/* generate mask of length modulus_len - hLen - 1 from hash */
- if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -119,14 +119,14 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
/* check for zeroes and 0x01 */
for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) {
if (DB[x] != 0x00) {
- err = CRYPT_OK;
+ err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
}
/* check for the 0x01 */
if (DB[x++] != 0x01) {
- err = CRYPT_OK;
+ err = CRYPT_INVALID_PACKET;
goto LBL_ERR;
}
@@ -149,7 +149,7 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
}
/* mask == hash means valid signature */
- if (memcmp(mask, hash, hLen) == 0) {
+ if (XMEMCMP(mask, hash, hLen) == 0) {
*res = 1;
}
@@ -173,5 +173,5 @@ LBL_ERR:
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/11/30 02:37:21 $ */
diff --git a/src/pk/pkcs1/pkcs_1_pss_encode.c b/src/pk/pkcs1/pkcs_1_pss_encode.c
index 899605c..64bd312 100644
--- a/src/pk/pkcs1/pkcs_1_pss_encode.c
+++ b/src/pk/pkcs1/pkcs_1_pss_encode.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -118,7 +118,7 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen,
x += saltlen;
/* generate mask of length modulus_len - hLen - 1 from hash */
- if ((err = pkcs_1_mgf1(hash, hLen, hash_idx, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
+ if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) {
goto LBL_ERR;
}
@@ -129,6 +129,7 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen,
/* output is DB || hash || 0xBC */
if (*outlen < modulus_len) {
+ *outlen = modulus_len;
err = CRYPT_BUFFER_OVERFLOW;
goto LBL_ERR;
}
@@ -170,5 +171,5 @@ LBL_ERR:
#endif /* PKCS_1 */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.7 $ */
+/* $Date: 2006/06/16 21:53:41 $ */
diff --git a/src/pk/pkcs1/pkcs_1_v1_5_decode.c b/src/pk/pkcs1/pkcs_1_v1_5_decode.c
new file mode 100644
index 0000000..b0a7c2d
--- /dev/null
+++ b/src/pk/pkcs1/pkcs_1_v1_5_decode.c
@@ -0,0 +1,110 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/** @file pkcs_1_v1_5_decode.c
+ *
+ * PKCS #1 v1.5 Padding. (Andreas Lange)
+ */
+
+#ifdef PKCS_1
+
+/** @brief PKCS #1 v1.5 decode.
+ *
+ * @param msg The encoded data to decode
+ * @param msglen The length of the encoded data (octets)
+ * @param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks)
+ * @param modulus_bitlen The bit length of the RSA modulus
+ * @param out [out] Destination of decoding
+ * @param outlen [in/out] The max size and resulting size of the decoding
+ * @param is_valid [out] Boolean whether the padding was valid
+ *
+ * @return CRYPT_OK if successful (even if invalid)
+ */
+int pkcs_1_v1_5_decode(const unsigned char *msg,
+ unsigned long msglen,
+ int block_type,
+ unsigned long modulus_bitlen,
+ unsigned char *out,
+ unsigned long *outlen,
+ int *is_valid)
+{
+ unsigned long modulus_len, ps_len, i;
+ int result;
+
+ /* default to invalid packet */
+ *is_valid = 0;
+
+ modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
+
+ /* test message size */
+
+ if ((msglen > modulus_len) || (modulus_len < 11)) {
+ return CRYPT_PK_INVALID_SIZE;
+ }
+
+ /* separate encoded message */
+
+ if ((msg[0] != 0x00) || (msg[1] != (unsigned char)block_type)) {
+ result = CRYPT_INVALID_PACKET;
+ goto bail;
+ }
+
+ if (block_type == LTC_PKCS_1_EME) {
+ for (i = 2; i < modulus_len; i++) {
+ /* separator */
+ if (msg[i] == 0x00) { break; }
+ }
+ ps_len = i++ - 2;
+
+ if ((i >= modulus_len) || (ps_len < 8)) {
+ /* There was no octet with hexadecimal value 0x00 to separate ps from m,
+ * or the length of ps is less than 8 octets.
+ */
+ result = CRYPT_INVALID_PACKET;
+ goto bail;
+ }
+ } else {
+ for (i = 2; i < modulus_len - 1; i++) {
+ if (msg[i] != 0xFF) { break; }
+ }
+
+ /* separator check */
+ if (msg[i] != 0) {
+ /* There was no octet with hexadecimal value 0x00 to separate ps from m. */
+ result = CRYPT_INVALID_PACKET;
+ goto bail;
+ }
+
+ ps_len = i - 2;
+ }
+
+ if (*outlen < (msglen - (2 + ps_len + 1))) {
+ *outlen = msglen - (2 + ps_len + 1);
+ result = CRYPT_BUFFER_OVERFLOW;
+ goto bail;
+ }
+
+ *outlen = (msglen - (2 + ps_len + 1));
+ XMEMCPY(out, &msg[2 + ps_len + 1], *outlen);
+
+ /* valid packet */
+ *is_valid = 1;
+ result = CRYPT_OK;
+bail:
+ return result;
+} /* pkcs_1_v1_5_decode */
+
+#endif /* #ifdef PKCS_1 */
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c,v $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/12/16 17:41:21 $ */
diff --git a/src/pk/pkcs1/pkcs_1_v1_5_encode.c b/src/pk/pkcs1/pkcs_1_v1_5_encode.c
new file mode 100644
index 0000000..7edd1e6
--- /dev/null
+++ b/src/pk/pkcs1/pkcs_1_v1_5_encode.c
@@ -0,0 +1,111 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
+ */
+#include "tomcrypt.h"
+
+/*! \file pkcs_1_v1_5_encode.c
+ *
+ * PKCS #1 v1.5 Padding (Andreas Lange)
+ */
+
+#ifdef PKCS_1
+
+/*! \brief PKCS #1 v1.5 encode.
+ *
+ * \param msg The data to encode
+ * \param msglen The length of the data to encode (octets)
+ * \param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks)
+ * \param modulus_bitlen The bit length of the RSA modulus
+ * \param prng An active PRNG state (only for LTC_PKCS_1_EME)
+ * \param prng_idx The index of the PRNG desired (only for LTC_PKCS_1_EME)
+ * \param out [out] The destination for the encoded data
+ * \param outlen [in/out] The max size and resulting size of the encoded data
+ *
+ * \return CRYPT_OK if successful
+ */
+int pkcs_1_v1_5_encode(const unsigned char *msg,
+ unsigned long msglen,
+ int block_type,
+ unsigned long modulus_bitlen,
+ prng_state *prng,
+ int prng_idx,
+ unsigned char *out,
+ unsigned long *outlen)
+{
+ unsigned long modulus_len, ps_len, i;
+ unsigned char *ps;
+ int result;
+
+ /* valid block_type? */
+ if ((block_type != LTC_PKCS_1_EMSA) &&
+ (block_type != LTC_PKCS_1_EME)) {
+ return CRYPT_PK_INVALID_PADDING;
+ }
+
+ if (block_type == LTC_PKCS_1_EME) { /* encryption padding, we need a valid PRNG */
+ if ((result = prng_is_valid(prng_idx)) != CRYPT_OK) {
+ return result;
+ }
+ }
+
+ modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
+
+ /* test message size */
+ if ((msglen + 11) > modulus_len) {
+ return CRYPT_PK_INVALID_SIZE;
+ }
+
+ if (*outlen < modulus_len) {
+ *outlen = modulus_len;
+ result = CRYPT_BUFFER_OVERFLOW;
+ goto bail;
+ }
+
+ /* generate an octets string PS */
+ ps = &out[2];
+ ps_len = modulus_len - msglen - 3;
+
+ if (block_type == LTC_PKCS_1_EME) {
+ /* now choose a random ps */
+ if (prng_descriptor[prng_idx].read(ps, ps_len, prng) != ps_len) {
+ result = CRYPT_ERROR_READPRNG;
+ goto bail;
+ }
+
+ /* transform zero bytes (if any) to non-zero random bytes */
+ for (i = 0; i < ps_len; i++) {
+ while (ps[i] == 0) {
+ if (prng_descriptor[prng_idx].read(&ps[i], 1, prng) != 1) {
+ result = CRYPT_ERROR_READPRNG;
+ goto bail;
+ }
+ }
+ }
+ } else {
+ XMEMSET(ps, 0xFF, ps_len);
+ }
+
+ /* create string of length modulus_len */
+ out[0] = 0x00;
+ out[1] = (unsigned char)block_type; /* block_type 1 or 2 */
+ out[2 + ps_len] = 0x00;
+ XMEMCPY(&out[2 + ps_len + 1], msg, msglen);
+ *outlen = modulus_len;
+
+ result = CRYPT_OK;
+bail:
+ return result;
+} /* pkcs_1_v1_5_encode */
+
+#endif /* #ifdef PKCS_1 */
+
+/* $Source: /cvs/libtom/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c,v $ */
+/* $Revision: 1.2 $ */
+/* $Date: 2006/11/01 09:12:06 $ */
diff --git a/src/pk/rsa/rsa_decrypt_key.c b/src/pk/rsa/rsa_decrypt_key.c
index 7cea807..3dce20f 100644
--- a/src/pk/rsa/rsa_decrypt_key.c
+++ b/src/pk/rsa/rsa_decrypt_key.c
@@ -6,19 +6,19 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
/**
@file rsa_decrypt_key.c
- RSA PKCS #1 OAEP Decryption, Tom St Denis
-*/
+ RSA PKCS #1 Decryption, Tom St Denis and Andreas Lange
+*/
#ifdef MRSA
/**
- (PKCS #1 v2.0) decrypt then OAEP depad
+ PKCS #1 decrypt then v1.5 or OAEP depad
@param in The ciphertext
@param inlen The length of the ciphertext (octets)
@param out [out] The plaintext
@@ -26,20 +26,21 @@
@param lparam The system "lparam" value
@param lparamlen The length of the lparam value (octets)
@param hash_idx The index of the hash desired
+ @param padding Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5)
@param stat [out] Result of the decryption, 1==valid, 0==invalid
@param key The corresponding private RSA key
@return CRYPT_OK if succcessul (even if invalid)
*/
-int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- const unsigned char *lparam, unsigned long lparamlen,
- int hash_idx, int *stat,
- rsa_key *key)
+int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ int hash_idx, int padding,
+ int *stat, rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
unsigned char *tmp;
-
+
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
@@ -48,16 +49,25 @@ int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
/* default to invalid */
*stat = 0;
- /* valid hash ? */
- if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
- return err;
+ /* valid padding? */
+
+ if ((padding != LTC_PKCS_1_V1_5) &&
+ (padding != LTC_PKCS_1_OAEP)) {
+ return CRYPT_PK_INVALID_PADDING;
}
-
+
+ if (padding == LTC_PKCS_1_OAEP) {
+ /* valid hash ? */
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
/* get modulus len in bits */
- modulus_bitlen = mp_count_bits(&(key->N));
+ modulus_bitlen = mp_count_bits( (key->N));
/* outlen must be at least the size of the modulus */
- modulus_bytelen = mp_unsigned_bin_size(&(key->N));
+ modulus_bytelen = mp_unsigned_bin_size( (key->N));
if (modulus_bytelen != inlen) {
return CRYPT_INVALID_PACKET;
}
@@ -70,24 +80,26 @@ int rsa_decrypt_key(const unsigned char *in, unsigned long inlen,
/* rsa decode the packet */
x = inlen;
- if ((err = rsa_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) {
+ if ((err = ltc_mp.rsa_me(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) {
XFREE(tmp);
return err;
}
- /* now OAEP decode the packet */
- err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx,
- out, outlen, stat);
+ if (padding == LTC_PKCS_1_OAEP) {
+ /* now OAEP decode the packet */
+ err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx,
+ out, outlen, stat);
+ } else {
+ /* now PKCS #1 v1.5 depad the packet */
+ err = pkcs_1_v1_5_decode(tmp, x, LTC_PKCS_1_EME, modulus_bitlen, out, outlen, stat);
+ }
+
XFREE(tmp);
return err;
}
#endif /* MRSA */
-
-
-
-
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:18:22 $ */
diff --git a/src/pk/rsa/rsa_encrypt_key.c b/src/pk/rsa/rsa_encrypt_key.c
index d29aa83..8d2c228 100644
--- a/src/pk/rsa/rsa_encrypt_key.c
+++ b/src/pk/rsa/rsa_encrypt_key.c
@@ -6,14 +6,14 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
/**
@file rsa_encrypt_key.c
- RSA PKCS OAEP encryption, Tom St Denis
-*/
+ RSA PKCS #1 encryption, Tom St Denis and Andreas Lange
+*/
#ifdef MRSA
@@ -28,53 +28,75 @@
@param prng An active PRNG
@param prng_idx The index of the desired prng
@param hash_idx The index of the desired hash
+ @param padding Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5)
@param key The RSA key to encrypt to
@return CRYPT_OK if successful
-*/
-int rsa_encrypt_key(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- const unsigned char *lparam, unsigned long lparamlen,
- prng_state *prng, int prng_idx, int hash_idx, rsa_key *key)
+*/
+int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ const unsigned char *lparam, unsigned long lparamlen,
+ prng_state *prng, int prng_idx, int hash_idx, int padding, rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
-
+
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
-
- /* valid prng and hash ? */
+
+ /* valid padding? */
+ if ((padding != LTC_PKCS_1_V1_5) &&
+ (padding != LTC_PKCS_1_OAEP)) {
+ return CRYPT_PK_INVALID_PADDING;
+ }
+
+ /* valid prng? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
- if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
- return err;
+
+ if (padding == LTC_PKCS_1_OAEP) {
+ /* valid hash? */
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
}
-
+
/* get modulus len in bits */
- modulus_bitlen = mp_count_bits(&(key->N));
+ modulus_bitlen = mp_count_bits( (key->N));
/* outlen must be at least the size of the modulus */
- modulus_bytelen = mp_unsigned_bin_size(&(key->N));
+ modulus_bytelen = mp_unsigned_bin_size( (key->N));
if (modulus_bytelen > *outlen) {
+ *outlen = modulus_bytelen;
return CRYPT_BUFFER_OVERFLOW;
}
-
- /* OAEP pad the key */
- x = *outlen;
- if ((err = pkcs_1_oaep_encode(in, inlen, lparam,
- lparamlen, modulus_bitlen, prng, prng_idx, hash_idx,
- out, &x)) != CRYPT_OK) {
- return err;
- }
- /* rsa exptmod the OAEP pad */
- return rsa_exptmod(out, x, out, outlen, PK_PUBLIC, key);
+ if (padding == LTC_PKCS_1_OAEP) {
+ /* OAEP pad the key */
+ x = *outlen;
+ if ((err = pkcs_1_oaep_encode(in, inlen, lparam,
+ lparamlen, modulus_bitlen, prng, prng_idx, hash_idx,
+ out, &x)) != CRYPT_OK) {
+ return err;
+ }
+ } else {
+ /* PKCS #1 v1.5 pad the key */
+ x = *outlen;
+ if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_PKCS_1_EME,
+ modulus_bitlen, prng, prng_idx,
+ out, &x)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
+ /* rsa exptmod the OAEP or PKCS #1 v1.5 pad */
+ return ltc_mp.rsa_me(out, x, out, outlen, PK_PUBLIC, key);
}
#endif /* MRSA */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/01 09:18:22 $ */
diff --git a/src/pk/rsa/rsa_export.c b/src/pk/rsa/rsa_export.c
index f2e324d..5b389ec 100644
--- a/src/pk/rsa/rsa_export.c
+++ b/src/pk/rsa/rsa_export.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -27,9 +27,7 @@
*/
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key)
{
- int err;
unsigned long zero=0;
-
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
@@ -44,27 +42,22 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key
/* output is
Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p
*/
- if ((err = der_encode_sequence_multi(out, outlen,
+ return der_encode_sequence_multi(out, outlen,
LTC_ASN1_SHORT_INTEGER, 1UL, &zero,
- LTC_ASN1_INTEGER, 1UL, &key->N,
- LTC_ASN1_INTEGER, 1UL, &key->e,
- LTC_ASN1_INTEGER, 1UL, &key->d,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->dP,
- LTC_ASN1_INTEGER, 1UL, &key->dQ,
- LTC_ASN1_INTEGER, 1UL, &key->qP,
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
- return err;
- }
-
- /* clear zero and return */
- return CRYPT_OK;
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
+ LTC_ASN1_INTEGER, 1UL, key->d,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->dP,
+ LTC_ASN1_INTEGER, 1UL, key->dQ,
+ LTC_ASN1_INTEGER, 1UL, key->qP,
+ LTC_ASN1_EOL, 0UL, NULL);
} else {
/* public key */
return der_encode_sequence_multi(out, outlen,
- LTC_ASN1_INTEGER, 1UL, &key->N,
- LTC_ASN1_INTEGER, 1UL, &key->e,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL);
}
}
@@ -72,5 +65,5 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key
#endif /* MRSA */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_export.c,v $ */
-/* $Revision: 1.11 $ */
-/* $Date: 2005/06/04 01:42:48 $ */
+/* $Revision: 1.15 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/pk/rsa/rsa_exptmod.c b/src/pk/rsa/rsa_exptmod.c
index 379404c..53dbf6b 100644
--- a/src/pk/rsa/rsa_exptmod.c
+++ b/src/pk/rsa/rsa_exptmod.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -31,7 +31,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
rsa_key *key)
{
- mp_int tmp, tmpa, tmpb;
+ void *tmp, *tmpa, *tmpb;
unsigned long x;
int err;
@@ -39,7 +39,7 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
-
+
/* is the key of the right type for the operation? */
if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
return CRYPT_PK_NOT_PRIVATE;
@@ -51,65 +51,63 @@ int rsa_exptmod(const unsigned char *in, unsigned long inlen,
}
/* init and copy into tmp */
- if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != MP_OKAY) { return mpi_to_ltc_error(err); }
- if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, (int)inlen)) != MP_OKAY) { goto error; }
+ if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK) { return err; }
+ if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; }
/* sanity check on the input */
- if (mp_cmp(&key->N, &tmp) == MP_LT) {
+ if (mp_cmp(key->N, tmp) == LTC_MP_LT) {
err = CRYPT_PK_INVALID_SIZE;
- goto done;
+ goto error;
}
/* are we using the private exponent and is the key optimized? */
if (which == PK_PRIVATE) {
/* tmpa = tmp^dP mod p */
- if ((err = mp_exptmod(&tmp, &key->dP, &key->p, &tmpa)) != MP_OKAY) { goto error; }
+ if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; }
/* tmpb = tmp^dQ mod q */
- if ((err = mp_exptmod(&tmp, &key->dQ, &key->q, &tmpb)) != MP_OKAY) { goto error; }
+ if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; }
/* tmp = (tmpa - tmpb) * qInv (mod p) */
- if ((err = mp_sub(&tmpa, &tmpb, &tmp)) != MP_OKAY) { goto error; }
- if ((err = mp_mulmod(&tmp, &key->qP, &key->p, &tmp)) != MP_OKAY) { goto error; }
+ if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; }
+ if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; }
/* tmp = tmpb + q * tmp */
- if ((err = mp_mul(&tmp, &key->q, &tmp)) != MP_OKAY) { goto error; }
- if ((err = mp_add(&tmp, &tmpb, &tmp)) != MP_OKAY) { goto error; }
+ if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; }
+ if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; }
} else {
/* exptmod it */
- if ((err = mp_exptmod(&tmp, &key->e, &key->N, &tmp)) != MP_OKAY) { goto error; }
+ if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; }
}
/* read it back */
- x = (unsigned long)mp_unsigned_bin_size(&key->N);
+ x = (unsigned long)mp_unsigned_bin_size(key->N);
if (x > *outlen) {
+ *outlen = x;
err = CRYPT_BUFFER_OVERFLOW;
- goto done;
+ goto error;
}
/* this should never happen ... */
- if (mp_unsigned_bin_size(&tmp) > mp_unsigned_bin_size(&key->N)) {
+ if (mp_unsigned_bin_size(tmp) > mp_unsigned_bin_size(key->N)) {
err = CRYPT_ERROR;
- goto done;
+ goto error;
}
*outlen = x;
/* convert it */
zeromem(out, x);
- if ((err = mp_to_unsigned_bin(&tmp, out+(x-mp_unsigned_bin_size(&tmp)))) != MP_OKAY) { goto error; }
+ if ((err = mp_to_unsigned_bin(tmp, out+(x-mp_unsigned_bin_size(tmp)))) != CRYPT_OK) { goto error; }
/* clean up and return */
err = CRYPT_OK;
- goto done;
error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&tmp, &tmpa, &tmpb, NULL);
+ mp_clear_multi(tmp, tmpa, tmpb, NULL);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_exptmod.c,v $ */
-/* $Revision: 1.4 $ */
-/* $Date: 2005/06/23 02:10:22 $ */
+/* $Revision: 1.16 $ */
+/* $Date: 2006/12/04 03:09:28 $ */
diff --git a/src/pk/rsa/rsa_free.c b/src/pk/rsa/rsa_free.c
index 69eeaec..f48976a 100644
--- a/src/pk/rsa/rsa_free.c
+++ b/src/pk/rsa/rsa_free.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -23,13 +23,12 @@
*/
void rsa_free(rsa_key *key)
{
- LTC_ARGCHK(key != NULL);
- mp_clear_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP,
- &key->qP, &key->p, &key->q, NULL);
+ LTC_ARGCHKVD(key != NULL);
+ mp_clear_multi(key->e, key->d, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_free.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/12/04 22:23:27 $ */
diff --git a/src/pk/rsa/rsa_import.c b/src/pk/rsa/rsa_import.c
index 5706134..7b12fd9 100644
--- a/src/pk/rsa/rsa_import.c
+++ b/src/pk/rsa/rsa_import.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -27,60 +27,111 @@
int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
{
int err;
- mp_int zero;
+ void *zero;
+ unsigned char *tmpbuf;
+ unsigned long t, x, y, z, tmpoid[16];
+ ltc_asn1_list ssl_pubkey_hashoid[2];
+ ltc_asn1_list ssl_pubkey[2];
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
/* init key */
- if ((err = mp_init_multi(&zero, &key->e, &key->d, &key->N, &key->dQ,
- &key->dP, &key->qP, &key->p, &key->q, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
+ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
+ &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
+ return err;
}
+ /* see if the OpenSSL DER format RSA public key will work */
+ tmpbuf = XCALLOC(1, MAX_RSA_SIZE*8);
+ if (tmpbuf == NULL) {
+ err = CRYPT_MEM;
+ goto LBL_ERR;
+ }
+
+ /* this includes the internal hash ID and optional params (NULL in this case) */
+ LTC_SET_ASN1(ssl_pubkey_hashoid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0]));
+ LTC_SET_ASN1(ssl_pubkey_hashoid, 1, LTC_ASN1_NULL, NULL, 0);
+
+ /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey in a **BIT** string ... so we have to extract it
+ then proceed to convert bit to octet
+ */
+ LTC_SET_ASN1(ssl_pubkey, 0, LTC_ASN1_SEQUENCE, &ssl_pubkey_hashoid, 2);
+ LTC_SET_ASN1(ssl_pubkey, 1, LTC_ASN1_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8);
+
+ if (der_decode_sequence(in, inlen,
+ ssl_pubkey, 2UL) == CRYPT_OK) {
+
+ /* ok now we have to reassemble the BIT STRING to an OCTET STRING. Thanks OpenSSL... */
+ for (t = y = z = x = 0; x < ssl_pubkey[1].size; x++) {
+ y = (y << 1) | tmpbuf[x];
+ if (++z == 8) {
+ tmpbuf[t++] = (unsigned char)y;
+ y = 0;
+ z = 0;
+ }
+ }
+
+ /* now it should be SEQUENCE { INTEGER, INTEGER } */
+ if ((err = der_decode_sequence_multi(tmpbuf, t,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
+ LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ XFREE(tmpbuf);
+ goto LBL_ERR;
+ }
+ XFREE(tmpbuf);
+ key->type = PK_PUBLIC;
+ return CRYPT_OK;
+ }
+ XFREE(tmpbuf);
+
+ /* not SSL public key, try to match against PKCS #1 standards */
if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_INTEGER, 1UL, &key->N,
+ LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
- if (mp_cmp_d(&key->N, 0) == MP_EQ) {
+ if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) {
+ if ((err = mp_init(&zero)) != CRYPT_OK) {
+ goto LBL_ERR;
+ }
/* it's a private key */
if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_INTEGER, 1UL, &zero,
- LTC_ASN1_INTEGER, 1UL, &key->N,
- LTC_ASN1_INTEGER, 1UL, &key->e,
- LTC_ASN1_INTEGER, 1UL, &key->d,
- LTC_ASN1_INTEGER, 1UL, &key->p,
- LTC_ASN1_INTEGER, 1UL, &key->q,
- LTC_ASN1_INTEGER, 1UL, &key->dP,
- LTC_ASN1_INTEGER, 1UL, &key->dQ,
- LTC_ASN1_INTEGER, 1UL, &key->qP,
+ LTC_ASN1_INTEGER, 1UL, zero,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
+ LTC_ASN1_INTEGER, 1UL, key->d,
+ LTC_ASN1_INTEGER, 1UL, key->p,
+ LTC_ASN1_INTEGER, 1UL, key->q,
+ LTC_ASN1_INTEGER, 1UL, key->dP,
+ LTC_ASN1_INTEGER, 1UL, key->dQ,
+ LTC_ASN1_INTEGER, 1UL, key->qP,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
+ mp_clear(zero);
goto LBL_ERR;
}
+ mp_clear(zero);
key->type = PK_PRIVATE;
- } else if (mp_cmp_d(&key->N, 1) == MP_EQ) {
+ } else if (mp_cmp_d(key->N, 1) == LTC_MP_EQ) {
/* we don't support multi-prime RSA */
err = CRYPT_PK_INVALID_TYPE;
goto LBL_ERR;
} else {
/* it's a public key and we lack e */
if ((err = der_decode_sequence_multi(in, inlen,
- LTC_ASN1_INTEGER, 1UL, &key->N,
- LTC_ASN1_INTEGER, 1UL, &key->e,
+ LTC_ASN1_INTEGER, 1UL, key->N,
+ LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
-
- /* free up some ram */
- mp_clear_multi(&key->p, &key->q, &key->qP, &key->dP, &key->dQ, NULL);
key->type = PK_PUBLIC;
}
return CRYPT_OK;
LBL_ERR:
- mp_clear_multi(&zero, &key->d, &key->e, &key->N, &key->dQ, &key->dP,
- &key->qP, &key->p, &key->q, NULL);
+ mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
return err;
}
@@ -88,5 +139,5 @@ LBL_ERR:
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_import.c,v $ */
-/* $Revision: 1.10 $ */
-/* $Date: 2005/06/03 18:48:28 $ */
+/* $Revision: 1.21 $ */
+/* $Date: 2006/12/04 22:23:27 $ */
diff --git a/src/pk/rsa/rsa_make_key.c b/src/pk/rsa/rsa_make_key.c
index d874106..bd2a29b 100644
--- a/src/pk/rsa/rsa_make_key.c
+++ b/src/pk/rsa/rsa_make_key.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -28,10 +28,11 @@
*/
int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key)
{
- mp_int p, q, tmp1, tmp2, tmp3;
+ void *p, *q, *tmp1, *tmp2, *tmp3;
int err;
- LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(ltc_mp.name != NULL);
+ LTC_ARGCHK(key != NULL);
if ((size < (MIN_RSA_SIZE/8)) || (size > (MAX_RSA_SIZE/8))) {
return CRYPT_INVALID_KEYSIZE;
@@ -45,81 +46,67 @@ int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key)
return err;
}
- if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != MP_OKAY) {
- return mpi_to_ltc_error(err);
+ if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) {
+ return err;
}
/* make primes p and q (optimization provided by Wayne Scott) */
- if ((err = mp_set_int(&tmp3, e)) != MP_OKAY) { goto error; } /* tmp3 = e */
+ if ((err = mp_set_int(tmp3, e)) != CRYPT_OK) { goto errkey; } /* tmp3 = e */
/* make prime "p" */
do {
- if ((err = rand_prime(&p, size*4, prng, wprng)) != CRYPT_OK) { goto done; }
- if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = p-1 */
- if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(p-1, e) */
- } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides p-1 */
+ if ((err = rand_prime( p, size/2, prng, wprng)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = p-1 */
+ if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = gcd(p-1, e) */
+ } while (mp_cmp_d( tmp2, 1) != 0); /* while e divides p-1 */
/* make prime "q" */
do {
- if ((err = rand_prime(&q, size*4, prng, wprng)) != CRYPT_OK) { goto done; }
- if ((err = mp_sub_d(&q, 1, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = q-1 */
- if ((err = mp_gcd(&tmp1, &tmp3, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = gcd(q-1, e) */
- } while (mp_cmp_d(&tmp2, 1) != 0); /* while e divides q-1 */
+ if ((err = rand_prime( q, size/2, prng, wprng)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_sub_d( q, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */
+ if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = gcd(q-1, e) */
+ } while (mp_cmp_d( tmp2, 1) != 0); /* while e divides q-1 */
/* tmp1 = lcm(p-1, q-1) */
- if ((err = mp_sub_d(&p, 1, &tmp2)) != MP_OKAY) { goto error; } /* tmp2 = p-1 */
- /* tmp1 = q-1 (previous do/while loop) */
- if ((err = mp_lcm(&tmp1, &tmp2, &tmp1)) != MP_OKAY) { goto error; } /* tmp1 = lcm(p-1, q-1) */
+ if ((err = mp_sub_d( p, 1, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */
+ /* tmp1 = q-1 (previous do/while loop) */
+ if ((err = mp_lcm( tmp1, tmp2, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = lcm(p-1, q-1) */
/* make key */
- if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP,
- &key->qP, &key->p, &key->q, NULL)) != MP_OKAY) {
- goto error;
+ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
+ goto errkey;
}
- if ((err = mp_set_int(&key->e, e)) != MP_OKAY) { goto error2; } /* key->e = e */
- if ((err = mp_invmod(&key->e, &tmp1, &key->d)) != MP_OKAY) { goto error2; } /* key->d = 1/e mod lcm(p-1,q-1) */
- if ((err = mp_mul(&p, &q, &key->N)) != MP_OKAY) { goto error2; } /* key->N = pq */
+ if ((err = mp_set_int( key->e, e)) != CRYPT_OK) { goto errkey; } /* key->e = e */
+ if ((err = mp_invmod( key->e, tmp1, key->d)) != CRYPT_OK) { goto errkey; } /* key->d = 1/e mod lcm(p-1,q-1) */
+ if ((err = mp_mul( p, q, key->N)) != CRYPT_OK) { goto errkey; } /* key->N = pq */
/* optimize for CRT now */
/* find d mod q-1 and d mod p-1 */
- if ((err = mp_sub_d(&p, 1, &tmp1)) != MP_OKAY) { goto error2; } /* tmp1 = q-1 */
- if ((err = mp_sub_d(&q, 1, &tmp2)) != MP_OKAY) { goto error2; } /* tmp2 = p-1 */
- if ((err = mp_mod(&key->d, &tmp1, &key->dP)) != MP_OKAY) { goto error2; } /* dP = d mod p-1 */
- if ((err = mp_mod(&key->d, &tmp2, &key->dQ)) != MP_OKAY) { goto error2; } /* dQ = d mod q-1 */
- if ((err = mp_invmod(&q, &p, &key->qP)) != MP_OKAY) { goto error2; } /* qP = 1/q mod p */
-
- if ((err = mp_copy(&p, &key->p)) != MP_OKAY) { goto error2; }
- if ((err = mp_copy(&q, &key->q)) != MP_OKAY) { goto error2; }
-
- /* shrink ram required */
- if ((err = mp_shrink(&key->e)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->d)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->N)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->dQ)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->dP)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->qP)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->p)) != MP_OKAY) { goto error2; }
- if ((err = mp_shrink(&key->q)) != MP_OKAY) { goto error2; }
+ if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */
+ if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */
+ if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { goto errkey; } /* dP = d mod p-1 */
+ if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { goto errkey; } /* dQ = d mod q-1 */
+ if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { goto errkey; } /* qP = 1/q mod p */
+
+ if ((err = mp_copy( p, key->p)) != CRYPT_OK) { goto errkey; }
+ if ((err = mp_copy( q, key->q)) != CRYPT_OK) { goto errkey; }
/* set key type (in this case it's CRT optimized) */
key->type = PK_PRIVATE;
/* return ok and free temps */
err = CRYPT_OK;
- goto done;
-error2:
- mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP,
- &key->qP, &key->p, &key->q, NULL);
-error:
- err = mpi_to_ltc_error(err);
-done:
- mp_clear_multi(&tmp3, &tmp2, &tmp1, &p, &q, NULL);
+ goto cleanup;
+errkey:
+ mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
+cleanup:
+ mp_clear_multi(tmp3, tmp2, tmp1, p, q, NULL);
return err;
}
#endif
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_make_key.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.14 $ */
+/* $Date: 2006/12/04 22:23:27 $ */
diff --git a/src/pk/rsa/rsa_sign_hash.c b/src/pk/rsa/rsa_sign_hash.c
index d31bda3..f10a97a 100644
--- a/src/pk/rsa/rsa_sign_hash.c
+++ b/src/pk/rsa/rsa_sign_hash.c
@@ -6,23 +6,24 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
/**
@file rsa_sign_hash.c
- RSA PKCS v2 PSS sign hash, Tom St Denis
-*/
+ RSA PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange
+*/
#ifdef MRSA
/**
- (PKCS #1, v2.0) PSS pad then sign
+ PKCS #1 pad then sign
@param in The hash to sign
@param inlen The length of the hash to sign (octets)
@param out [out] The signature
- @param outlen [in/out] The max size and resulting size of the signature
+ @param outlen [in/out] The max size and resulting size of the signature
+ @param padding Type of padding (LTC_PKCS_1_PSS or LTC_PKCS_1_V1_5)
@param prng An active PRNG state
@param prng_idx The index of the PRNG desired
@param hash_idx The index of the hash desired
@@ -30,50 +31,104 @@
@param key The private RSA key to use
@return CRYPT_OK if successful
*/
-int rsa_sign_hash(const unsigned char *in, unsigned long inlen,
- unsigned char *out, unsigned long *outlen,
- prng_state *prng, int prng_idx,
- int hash_idx, unsigned long saltlen,
- rsa_key *key)
+int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen,
+ unsigned char *out, unsigned long *outlen,
+ int padding,
+ prng_state *prng, int prng_idx,
+ int hash_idx, unsigned long saltlen,
+ rsa_key *key)
{
- unsigned long modulus_bitlen, modulus_bytelen, x;
+ unsigned long modulus_bitlen, modulus_bytelen, x, y;
int err;
-
- LTC_ARGCHK(in != NULL);
- LTC_ARGCHK(out != NULL);
- LTC_ARGCHK(outlen != NULL);
- LTC_ARGCHK(key != NULL);
-
- /* valid prng and hash ? */
- if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
- return err;
- }
- if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
- return err;
- }
-
- /* get modulus len in bits */
- modulus_bitlen = mp_count_bits(&(key->N));
+
+ LTC_ARGCHK(in != NULL);
+ LTC_ARGCHK(out != NULL);
+ LTC_ARGCHK(outlen != NULL);
+ LTC_ARGCHK(key != NULL);
+
+ /* valid padding? */
+ if ((padding != LTC_PKCS_1_V1_5) && (padding != LTC_PKCS_1_PSS)) {
+ return CRYPT_PK_INVALID_PADDING;
+ }
+
+ if (padding == LTC_PKCS_1_PSS) {
+ /* valid prng and hash ? */
+ if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
+ return err;
+ }
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
+ /* get modulus len in bits */
+ modulus_bitlen = mp_count_bits((key->N));
/* outlen must be at least the size of the modulus */
- modulus_bytelen = mp_unsigned_bin_size(&(key->N));
+ modulus_bytelen = mp_unsigned_bin_size((key->N));
if (modulus_bytelen > *outlen) {
+ *outlen = modulus_bytelen;
return CRYPT_BUFFER_OVERFLOW;
}
-
- /* PSS pad the key */
- x = *outlen;
- if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx,
- hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) {
- return err;
+
+ if (padding == LTC_PKCS_1_PSS) {
+ /* PSS pad the key */
+ x = *outlen;
+ if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx,
+ hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) {
+ return err;
+ }
+ } else {
+ /* PKCS #1 v1.5 pad the hash */
+ unsigned char *tmpin;
+ ltc_asn1_list digestinfo[2], siginfo[2];
+
+ /* not all hashes have OIDs... so sad */
+ if (hash_descriptor[hash_idx].OIDlen == 0) {
+ return CRYPT_INVALID_ARG;
+ }
+
+ /* construct the SEQUENCE
+ SEQUENCE {
+ SEQUENCE {hashoid OID
+ blah NULL
+ }
+ hash OCTET STRING
+ }
+ */
+ LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash_idx].OID, hash_descriptor[hash_idx].OIDlen);
+ LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
+ LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
+ LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen);
+
+ /* allocate memory for the encoding */
+ y = mp_unsigned_bin_size(key->N);
+ tmpin = XMALLOC(y);
+ if (tmpin == NULL) {
+ return CRYPT_MEM;
+ }
+
+ if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) {
+ XFREE(tmpin);
+ return err;
+ }
+
+ x = *outlen;
+ if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_PKCS_1_EMSA,
+ modulus_bitlen, NULL, 0,
+ out, &x)) != CRYPT_OK) {
+ XFREE(tmpin);
+ return err;
+ }
+ XFREE(tmpin);
}
/* RSA encode it */
- return rsa_exptmod(out, x, out, outlen, PK_PRIVATE, key);
+ return ltc_mp.rsa_me(out, x, out, outlen, PK_PRIVATE, key);
}
#endif /* MRSA */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_sign_hash.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/11/09 23:15:39 $ */
diff --git a/src/pk/rsa/rsa_verify_hash.c b/src/pk/rsa/rsa_verify_hash.c
index 690364d..4b61029 100644
--- a/src/pk/rsa/rsa_verify_hash.c
+++ b/src/pk/rsa/rsa_verify_hash.c
@@ -6,75 +6,156 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
/**
@file rsa_verify_hash.c
- RSA PKCS v2 PSS signature verification, Tom St Denis
-*/
+ RSA PKCS #1 v1.5 or v2 PSS signature verification, Tom St Denis and Andreas Lange
+*/
#ifdef MRSA
/**
- (PKCS #1, v2.0) de-sign then PSS depad
+ PKCS #1 de-sign then v1.5 or PSS depad
@param sig The signature data
@param siglen The length of the signature data (octets)
@param hash The hash of the message that was signed
@param hashlen The length of the hash of the message that was signed (octets)
+ @param padding Type of padding (LTC_PKCS_1_PSS or LTC_PKCS_1_V1_5)
@param hash_idx The index of the desired hash
@param saltlen The length of the salt used during signature
@param stat [out] The result of the signature comparison, 1==valid, 0==invalid
@param key The public RSA key corresponding to the key that performed the signature
@return CRYPT_OK on success (even if the signature is invalid)
*/
-int rsa_verify_hash(const unsigned char *sig, unsigned long siglen,
- const unsigned char *hash, unsigned long hashlen,
- int hash_idx, unsigned long saltlen,
- int *stat, rsa_key *key)
+int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
+ const unsigned char *hash, unsigned long hashlen,
+ int padding,
+ int hash_idx, unsigned long saltlen,
+ int *stat, rsa_key *key)
{
- unsigned long modulus_bitlen, modulus_bytelen, x;
- int err;
- unsigned char *tmpbuf;
-
+ unsigned long modulus_bitlen, modulus_bytelen, x;
+ int err;
+ unsigned char *tmpbuf;
+
LTC_ARGCHK(hash != NULL);
- LTC_ARGCHK(sig != NULL);
- LTC_ARGCHK(stat != NULL);
- LTC_ARGCHK(key != NULL);
+ LTC_ARGCHK(sig != NULL);
+ LTC_ARGCHK(stat != NULL);
+ LTC_ARGCHK(key != NULL);
/* default to invalid */
*stat = 0;
-
- /* valid hash ? */
- if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
- return err;
+
+ /* valid padding? */
+
+ if ((padding != LTC_PKCS_1_V1_5) &&
+ (padding != LTC_PKCS_1_PSS)) {
+ return CRYPT_PK_INVALID_PADDING;
}
-
+
+ if (padding == LTC_PKCS_1_PSS) {
+ /* valid hash ? */
+ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+ return err;
+ }
+ }
+
/* get modulus len in bits */
- modulus_bitlen = mp_count_bits(&(key->N));
+ modulus_bitlen = mp_count_bits( (key->N));
/* outlen must be at least the size of the modulus */
- modulus_bytelen = mp_unsigned_bin_size(&(key->N));
+ modulus_bytelen = mp_unsigned_bin_size( (key->N));
if (modulus_bytelen != siglen) {
return CRYPT_INVALID_PACKET;
}
-
+
/* allocate temp buffer for decoded sig */
tmpbuf = XMALLOC(siglen);
if (tmpbuf == NULL) {
return CRYPT_MEM;
}
-
+
/* RSA decode it */
x = siglen;
- if ((err = rsa_exptmod(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) {
+ if ((err = ltc_mp.rsa_me(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) {
XFREE(tmpbuf);
return err;
}
-
- /* PSS decode it */
- err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat);
+
+ /* make sure the output is the right size */
+ if (x != siglen) {
+ XFREE(tmpbuf);
+ return CRYPT_INVALID_PACKET;
+ }
+
+ if (padding == LTC_PKCS_1_PSS) {
+ /* PSS decode and verify it */
+ err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat);
+ } else {
+ /* PKCS #1 v1.5 decode it */
+ unsigned char *out;
+ unsigned long outlen, loid[16];
+ int decoded;
+ ltc_asn1_list digestinfo[2], siginfo[2];
+
+ /* not all hashes have OIDs... so sad */
+ if (hash_descriptor[hash_idx].OIDlen == 0) {
+ err = CRYPT_INVALID_ARG;
+ goto bail_2;
+ }
+
+ /* allocate temp buffer for decoded hash */
+ outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3;
+ out = XMALLOC(outlen);
+ if (out == NULL) {
+ err = CRYPT_MEM;
+ goto bail_2;
+ }
+
+ if ((err = pkcs_1_v1_5_decode(tmpbuf, x, LTC_PKCS_1_EMSA, modulus_bitlen, out, &outlen, &decoded)) != CRYPT_OK) {
+ XFREE(out);
+ goto bail_2;
+ }
+
+ /* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */
+ /* construct the SEQUENCE
+ SEQUENCE {
+ SEQUENCE {hashoid OID
+ blah NULL
+ }
+ hash OCTET STRING
+ }
+ */
+ LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0]));
+ LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
+ LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
+ LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen);
+
+ if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) {
+ XFREE(out);
+ goto bail_2;
+ }
+
+ /* test OID */
+ if ((digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
+ (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
+ (siginfo[1].size == hashlen) &&
+ (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {
+ *stat = 1;
+ }
+
+#ifdef LTC_CLEAN_STACK
+ zeromem(out, outlen);
+#endif
+ XFREE(out);
+ }
+
+bail_2:
+#ifdef LTC_CLEAN_STACK
+ zeromem(tmpbuf, siglen);
+#endif
XFREE(tmpbuf);
return err;
}
@@ -82,5 +163,5 @@ int rsa_verify_hash(const unsigned char *sig, unsigned long siglen,
#endif /* MRSA */
/* $Source: /cvs/libtom/libtomcrypt/src/pk/rsa/rsa_verify_hash.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.11 $ */
+/* $Date: 2006/12/04 03:09:28 $ */
diff --git a/src/prngs/fortuna.c b/src/prngs/fortuna.c
index 8a3b8ea..159db52 100644
--- a/src/prngs/fortuna.c
+++ b/src/prngs/fortuna.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -74,6 +74,7 @@ static int fortuna_reseed(prng_state *prng)
/* new K == SHA256(K || s) where s == SHA256(P0) || SHA256(P1) ... */
sha256_init(&md);
if ((err = sha256_process(&md, prng->fortuna.K, 32)) != CRYPT_OK) {
+ sha256_done(&md, tmp);
return err;
}
@@ -81,14 +82,19 @@ static int fortuna_reseed(prng_state *prng)
if (x == 0 || ((prng->fortuna.reset_cnt >> (x-1)) & 1) == 0) {
/* terminate this hash */
if ((err = sha256_done(&prng->fortuna.pool[x], tmp)) != CRYPT_OK) {
+ sha256_done(&md, tmp);
return err;
}
/* add it to the string */
if ((err = sha256_process(&md, tmp, 32)) != CRYPT_OK) {
+ sha256_done(&md, tmp);
return err;
}
/* reset this pool */
- sha256_init(&prng->fortuna.pool[x]);
+ if ((err = sha256_init(&prng->fortuna.pool[x])) != CRYPT_OK) {
+ sha256_done(&md, tmp);
+ return err;
+ }
} else {
break;
}
@@ -123,24 +129,35 @@ static int fortuna_reseed(prng_state *prng)
*/
int fortuna_start(prng_state *prng)
{
- int err, x;
+ int err, x, y;
+ unsigned char tmp[MAXBLOCKSIZE];
LTC_ARGCHK(prng != NULL);
/* initialize the pools */
for (x = 0; x < FORTUNA_POOLS; x++) {
- sha256_init(&prng->fortuna.pool[x]);
+ if ((err = sha256_init(&prng->fortuna.pool[x])) != CRYPT_OK) {
+ for (y = 0; y < x; y++) {
+ sha256_done(&prng->fortuna.pool[y], tmp);
+ }
+ return err;
+ }
}
- prng->fortuna.pool_idx = prng->fortuna.pool0_len = prng->fortuna.reset_cnt =
- prng->fortuna.wd = 0;
+ prng->fortuna.pool_idx = prng->fortuna.pool0_len = prng->fortuna.wd = 0;
+ prng->fortuna.reset_cnt = 0;
/* reset bufs */
zeromem(prng->fortuna.K, 32);
if ((err = rijndael_setup(prng->fortuna.K, 32, 0, &prng->fortuna.skey)) != CRYPT_OK) {
+ for (x = 0; x < FORTUNA_POOLS; x++) {
+ sha256_done(&prng->fortuna.pool[x], tmp);
+ }
return err;
}
zeromem(prng->fortuna.IV, 16);
-
+
+ LTC_MUTEX_INIT(&prng->fortuna.prng_lock)
+
return CRYPT_OK;
}
@@ -159,18 +176,23 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(prng != NULL);
+ LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+
/* ensure inlen <= 32 */
if (inlen > 32) {
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return CRYPT_INVALID_ARG;
}
/* add s || length(in) || in to pool[pool_idx] */
tmp[0] = 0;
- tmp[1] = inlen;
+ tmp[1] = (unsigned char)inlen;
if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], tmp, 2)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return err;
}
if ((err = sha256_process(&prng->fortuna.pool[prng->fortuna.pool_idx], in, inlen)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return err;
}
if (prng->fortuna.pool_idx == 0) {
@@ -180,6 +202,7 @@ int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
prng->fortuna.pool_idx = 0;
}
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return CRYPT_OK;
}
@@ -209,9 +232,12 @@ unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(prng != NULL);
+ LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+
/* do we have to reseed? */
if (++prng->fortuna.wd == FORTUNA_WD || prng->fortuna.pool0_len >= 64) {
if ((err = fortuna_reseed(prng)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return 0;
}
}
@@ -219,7 +245,7 @@ unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state
/* now generate the blocks required */
tlen = outlen;
- /* handle whole blocks without the extra memcpy */
+ /* handle whole blocks without the extra XMEMCPY */
while (outlen >= 16) {
/* encrypt the IV and store it */
rijndael_ecb_encrypt(prng->fortuna.IV, out, &prng->fortuna.skey);
@@ -239,12 +265,14 @@ unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state
rijndael_ecb_encrypt(prng->fortuna.IV, prng->fortuna.K , &prng->fortuna.skey); fortuna_update_iv(prng);
rijndael_ecb_encrypt(prng->fortuna.IV, prng->fortuna.K+16, &prng->fortuna.skey); fortuna_update_iv(prng);
if ((err = rijndael_setup(prng->fortuna.K, 32, 0, &prng->fortuna.skey)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return 0;
}
#ifdef LTC_CLEAN_STACK
zeromem(tmp, sizeof(tmp));
#endif
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return tlen;
}
@@ -259,10 +287,12 @@ int fortuna_done(prng_state *prng)
unsigned char tmp[32];
LTC_ARGCHK(prng != NULL);
+ LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
/* terminate all the hashes */
for (x = 0; x < FORTUNA_POOLS; x++) {
if ((err = sha256_done(&(prng->fortuna.pool[x]), tmp)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return err;
}
}
@@ -272,6 +302,7 @@ int fortuna_done(prng_state *prng)
zeromem(tmp, sizeof(tmp));
#endif
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return CRYPT_OK;
}
@@ -291,13 +322,18 @@ int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(prng != NULL);
+ LTC_MUTEX_LOCK(&prng->fortuna.prng_lock);
+
/* we'll write bytes for s&g's */
if (*outlen < 32*FORTUNA_POOLS) {
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
+ *outlen = 32*FORTUNA_POOLS;
return CRYPT_BUFFER_OVERFLOW;
}
md = XMALLOC(sizeof(hash_state));
if (md == NULL) {
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return CRYPT_MEM;
}
@@ -332,6 +368,7 @@ LBL_ERR:
zeromem(md, sizeof(*md));
#endif
XFREE(md);
+ LTC_MUTEX_UNLOCK(&prng->fortuna.prng_lock);
return err;
}
@@ -386,5 +423,5 @@ int fortuna_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/prngs/fortuna.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.12 $ */
+/* $Date: 2006/12/04 21:34:03 $ */
diff --git a/src/prngs/rc4.c b/src/prngs/rc4.c
index 4d29d9a..cf118ad 100644
--- a/src/prngs/rc4.c
+++ b/src/prngs/rc4.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -130,6 +130,10 @@ unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prn
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(prng != NULL);
+#ifdef LTC_VALGRIND
+ zeromem(out, outlen);
+#endif
+
n = outlen;
x = prng->rc4.x;
y = prng->rc4.y;
@@ -171,6 +175,7 @@ int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
LTC_ARGCHK(prng != NULL);
if (*outlen < 32) {
+ *outlen = 32;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -211,7 +216,7 @@ int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng)
*/
int rc4_test(void)
{
-#ifndef LTC_TEST
+#if !defined(LTC_TEST) || defined(LTC_VALGRIND)
return CRYPT_NOP;
#else
static const struct {
@@ -242,7 +247,7 @@ int rc4_test(void)
return CRYPT_ERROR_READPRNG;
}
rc4_done(&prng);
- if (memcmp(dst, tests[x].ct, 8)) {
+ if (XMEMCMP(dst, tests[x].ct, 8)) {
#if 0
int y;
printf("\n\nRC4 failed, I got:\n");
@@ -260,5 +265,5 @@ int rc4_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/prngs/rc4.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.9 $ */
+/* $Date: 2006/11/16 00:32:18 $ */
diff --git a/src/prngs/rng_get_bytes.c b/src/prngs/rng_get_bytes.c
index a711dfa..7d332b5 100644
--- a/src/prngs/rng_get_bytes.c
+++ b/src/prngs/rng_get_bytes.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -50,7 +50,7 @@ static unsigned long rng_nix(unsigned char *buf, unsigned long len,
#endif /* DEVRANDOM */
/* on ANSI C platforms with 100 < CLOCKS_PER_SEC < 10000 */
-#if defined(CLOCKS_PER_SEC)
+#if defined(CLOCKS_PER_SEC) && !defined(WINCE)
#define ANSI_RNG
@@ -87,8 +87,12 @@ static unsigned long rng_ansic(unsigned char *buf, unsigned long len,
#endif
/* Try the Microsoft CSP */
-#ifdef WIN32
+#if defined(WIN32) || defined(WINCE)
#define _WIN32_WINNT 0x0400
+#ifdef WINCE
+ #define UNDER_CE
+ #define ARM
+#endif
#include <windows.h>
#include <wincrypt.h>
@@ -140,5 +144,5 @@ unsigned long rng_get_bytes(unsigned char *out, unsigned long outlen,
}
/* $Source: /cvs/libtom/libtomcrypt/src/prngs/rng_get_bytes.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.5 $ */
+/* $Date: 2006/12/06 02:01:29 $ */
diff --git a/src/prngs/rng_make_prng.c b/src/prngs/rng_make_prng.c
index 51b6e6c..35631ab 100644
--- a/src/prngs/rng_make_prng.c
+++ b/src/prngs/rng_make_prng.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -65,5 +65,5 @@ int rng_make_prng(int bits, int wprng, prng_state *prng,
/* $Source: /cvs/libtom/libtomcrypt/src/prngs/rng_make_prng.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/prngs/sober128.c b/src/prngs/sober128.c
index c89f01c..0361387 100644
--- a/src/prngs/sober128.c
+++ b/src/prngs/sober128.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -294,6 +294,10 @@ unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(prng != NULL);
+#ifdef LTC_VALGRIND
+ zeromem(out, outlen);
+#endif
+
c = &(prng->sober128);
t = 0;
tlen = outlen;
@@ -381,6 +385,7 @@ int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
LTC_ARGCHK(prng != NULL);
if (*outlen < 64) {
+ *outlen = 64;
return CRYPT_BUFFER_OVERFLOW;
}
@@ -436,11 +441,11 @@ int sober128_test(void)
16, 4, 20,
/* key */
- { 't', 'e', 's', 't', ' ', 'k', 'e', 'y',
- ' ', '1', '2', '8', 'b', 'i', 't', 's' },
+ { 0x74, 0x65, 0x73, 0x74, 0x20, 0x6b, 0x65, 0x79,
+ 0x20, 0x31, 0x32, 0x38, 0x62, 0x69, 0x74, 0x73 },
/* IV */
- { 0x00, 0x00, 0x00, 0x0 },
+ { 0x00, 0x00, 0x00, 0x00 },
/* expected output */
{ 0x43, 0x50, 0x0c, 0xcf, 0x89, 0x91, 0x9f, 0x1d,
@@ -469,12 +474,12 @@ int sober128_test(void)
if ((err = sober128_ready(&prng)) != CRYPT_OK) {
return err;
}
- memset(dst, 0, tests[x].len);
+ XMEMSET(dst, 0, tests[x].len);
if (sober128_read(dst, tests[x].len, &prng) != (unsigned long)tests[x].len) {
return CRYPT_ERROR_READPRNG;
}
sober128_done(&prng);
- if (memcmp(dst, tests[x].out, tests[x].len)) {
+ if (XMEMCMP(dst, tests[x].out, tests[x].len)) {
#if 0
printf("\n\nSOBER128 failed, I got:\n");
for (y = 0; y < tests[x].len; y++) printf("%02x ", dst[y]);
@@ -491,5 +496,5 @@ int sober128_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/prngs/sober128.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.8 $ */
+/* $Date: 2006/11/05 00:11:36 $ */
diff --git a/src/prngs/sprng.c b/src/prngs/sprng.c
index 4e657da..190e33d 100644
--- a/src/prngs/sprng.c
+++ b/src/prngs/sprng.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -132,5 +132,5 @@ int sprng_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/prngs/sprng.c,v $ */
-/* $Revision: 1.3 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.4 $ */
+/* $Date: 2006/03/31 14:15:35 $ */
diff --git a/src/prngs/yarrow.c b/src/prngs/yarrow.c
index 0e59c22..9fbd4f6 100644
--- a/src/prngs/yarrow.c
+++ b/src/prngs/yarrow.c
@@ -6,7 +6,7 @@
* The library is free for all purposes without any express
* guarantee it works.
*
- * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com
*/
#include "tomcrypt.h"
@@ -66,6 +66,12 @@ int yarrow_start(prng_state *prng)
prng->yarrow.cipher = register_cipher(&rc2_desc);
#elif defined(NOEKEON)
prng->yarrow.cipher = register_cipher(&noekeon_desc);
+#elif defined(ANUBIS)
+ prng->yarrow.cipher = register_cipher(&anubis_desc);
+#elif defined(KSEED)
+ prng->yarrow.cipher = register_cipher(&kseed_desc);
+#elif defined(KHAZAD)
+ prng->yarrow.cipher = register_cipher(&khazad_desc);
#elif defined(CAST5)
prng->yarrow.cipher = register_cipher(&cast5_desc);
#elif defined(XTEA)
@@ -89,6 +95,10 @@ int yarrow_start(prng_state *prng)
prng->yarrow.hash = register_hash(&tiger_desc);
#elif defined(SHA1)
prng->yarrow.hash = register_hash(&sha1_desc);
+#elif defined(RIPEMD320)
+ prng->yarrow.hash = register_hash(&rmd320_desc);
+#elif defined(RIPEMD256)
+ prng->yarrow.hash = register_hash(&rmd256_desc);
#elif defined(RIPEMD160)
prng->yarrow.hash = register_hash(&rmd160_desc);
#elif defined(RIPEMD128)
@@ -110,6 +120,7 @@ int yarrow_start(prng_state *prng)
/* zero the memory used */
zeromem(prng->yarrow.pool, sizeof(prng->yarrow.pool));
+ LTC_MUTEX_INIT(&prng->yarrow.prng_lock)
return CRYPT_OK;
}
@@ -128,32 +139,40 @@ int yarrow_add_entropy(const unsigned char *in, unsigned long inlen, prng_state
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(prng != NULL);
-
+
+ LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+
if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
/* start the hash */
if ((err = hash_descriptor[prng->yarrow.hash].init(&md)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
/* hash the current pool */
if ((err = hash_descriptor[prng->yarrow.hash].process(&md, prng->yarrow.pool,
hash_descriptor[prng->yarrow.hash].hashsize)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
/* add the new entropy */
if ((err = hash_descriptor[prng->yarrow.hash].process(&md, in, inlen)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
/* store result */
if ((err = hash_descriptor[prng->yarrow.hash].done(&md, prng->yarrow.pool)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return CRYPT_OK;
}
@@ -167,18 +186,22 @@ int yarrow_ready(prng_state *prng)
int ks, err;
LTC_ARGCHK(prng != NULL);
+ LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
if ((err = hash_is_valid(prng->yarrow.hash)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
if ((err = cipher_is_valid(prng->yarrow.cipher)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
/* setup CTR mode using the "pool" as the key */
ks = (int)hash_descriptor[prng->yarrow.hash].hashsize;
if ((err = cipher_descriptor[prng->yarrow.cipher].keysize(&ks)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
@@ -188,8 +211,10 @@ int yarrow_ready(prng_state *prng)
0, /* number of rounds */
CTR_COUNTER_LITTLE_ENDIAN, /* little endian counter */
&prng->yarrow.ctr)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return CRYPT_OK;
}
@@ -205,13 +230,17 @@ unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(prng != NULL);
+ LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+
/* put out in predictable state first */
zeromem(out, outlen);
/* now randomize it */
if (ctr_encrypt(out, out, outlen, &prng->yarrow.ctr) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return 0;
}
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return outlen;
}
@@ -222,12 +251,18 @@ unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *
*/
int yarrow_done(prng_state *prng)
{
+ int err;
LTC_ARGCHK(prng != NULL);
+ LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+
/* call cipher done when we invent one ;-) */
/* we invented one */
- return ctr_done(&prng->yarrow.ctr);
+ err = ctr_done(&prng->yarrow.ctr);
+
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+ return err;
}
/**
@@ -243,12 +278,17 @@ int yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng)
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(prng != NULL);
+ LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
+
/* we'll write 64 bytes for s&g's */
if (*outlen < 64) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+ *outlen = 64;
return CRYPT_BUFFER_OVERFLOW;
}
if (yarrow_read(out, 64, prng) != 64) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return CRYPT_ERROR_READPRNG;
}
*outlen = 64;
@@ -269,15 +309,21 @@ int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(prng != NULL);
+
+ LTC_MUTEX_LOCK(&prng->yarrow.prng_lock);
if (inlen != 64) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return CRYPT_INVALID_ARG;
}
if ((err = yarrow_start(prng)) != CRYPT_OK) {
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
return err;
}
- return yarrow_add_entropy(in, 64, prng);
+ err = yarrow_add_entropy(in, 64, prng);
+ LTC_MUTEX_UNLOCK(&prng->yarrow.prng_lock);
+ return err;
}
/**
@@ -304,7 +350,6 @@ int yarrow_test(void)
return err;
}
- yarrow_done(&prng);
return CRYPT_OK;
#endif
}
@@ -313,5 +358,5 @@ int yarrow_test(void)
/* $Source: /cvs/libtom/libtomcrypt/src/prngs/yarrow.c,v $ */
-/* $Revision: 1.5 $ */
-/* $Date: 2005/05/05 14:35:59 $ */
+/* $Revision: 1.10 $ */
+/* $Date: 2006/11/14 04:21:17 $ */