diff options
85 files changed, 1523 insertions, 1257 deletions
diff --git a/src/ltc/ciphers/aes/aes.c b/src/ltc/ciphers/aes/aes.c index 58958b72..48a740df 100644 --- a/src/ltc/ciphers/aes/aes.c +++ b/src/ltc/ciphers/aes/aes.c @@ -88,6 +88,7 @@ const struct ltc_cipher_descriptor aes_enc_desc = #endif +#define __LTC_AES_TAB_C__ #include "aes_tab.c.inc" static ulong32 setup_mix(ulong32 temp) @@ -120,24 +121,24 @@ static ulong32 setup_mix2(ulong32 temp) */ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) { - int i, j; + int i; ulong32 temp, *rk; #ifndef ENCRYPT_ONLY ulong32 *rrk; -#endif +#endif LTC_ARGCHK(key != NULL); LTC_ARGCHK(skey != NULL); - + if (keylen != 16 && keylen != 24 && keylen != 32) { return CRYPT_INVALID_KEYSIZE; } - + if (num_rounds != 0 && num_rounds != (10 + ((keylen/8)-2)*2)) { return CRYPT_INVALID_ROUNDS; } - + skey->rijndael.Nr = 10 + ((keylen/8)-2)*2; - + /* setup the forward key */ i = 0; rk = skey->rijndael.eK; @@ -146,7 +147,6 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s LOAD32H(rk[2], key + 8); LOAD32H(rk[3], key + 12); if (keylen == 16) { - j = 44; for (;;) { temp = rk[3]; rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i]; @@ -159,12 +159,11 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s rk += 4; } } else if (keylen == 24) { - j = 52; LOAD32H(rk[4], key + 16); LOAD32H(rk[5], key + 20); for (;;) { #ifdef _MSC_VER - temp = skey->rijndael.eK[rk - skey->rijndael.eK + 5]; + temp = skey->rijndael.eK[rk - skey->rijndael.eK + 5]; #else temp = rk[5]; #endif @@ -180,14 +179,13 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s rk += 6; } } else if (keylen == 32) { - j = 60; LOAD32H(rk[4], key + 16); LOAD32H(rk[5], key + 20); LOAD32H(rk[6], key + 24); LOAD32H(rk[7], key + 28); for (;;) { #ifdef _MSC_VER - temp = skey->rijndael.eK[rk - skey->rijndael.eK + 7]; + temp = skey->rijndael.eK[rk - skey->rijndael.eK + 7]; #else temp = rk[7]; #endif @@ -210,11 +208,11 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s return CRYPT_ERROR; } -#ifndef ENCRYPT_ONLY +#ifndef ENCRYPT_ONLY /* setup the inverse key now */ rk = skey->rijndael.dK; - rrk = skey->rijndael.eK + j - 4; - + rrk = skey->rijndael.eK + (28 + keylen) - 4; + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ /* copy first */ *rk++ = *rrk++; @@ -222,11 +220,11 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s *rk++ = *rrk++; *rk = *rrk; rk -= 3; rrk -= 3; - + for (i = 1; i < skey->rijndael.Nr; i++) { rrk -= 4; rk += 4; - #ifdef LTC_SMALL_CODE + #ifdef LTC_SMALL_CODE temp = rrk[0]; rk[0] = setup_mix2(temp); temp = rrk[1]; @@ -260,8 +258,8 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s Tks1[byte(temp, 2)] ^ Tks2[byte(temp, 1)] ^ Tks3[byte(temp, 0)]; - #endif - + #endif + } /* copy last */ @@ -273,7 +271,7 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s *rk = *rrk; #endif /* ENCRYPT_ONLY */ - return CRYPT_OK; + return CRYPT_OK; } /** @@ -284,21 +282,21 @@ int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *s @return CRYPT_OK if successful */ #ifdef LTC_CLEAN_STACK -static int _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) +static int _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) #else int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) #endif { ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk; int Nr, r; - + LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); - + Nr = skey->rijndael.Nr; rk = skey->rijndael.eK; - + /* * map byte array block to cipher state * and add initial round key: @@ -336,7 +334,7 @@ int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) Te2(byte(s1, 1)) ^ Te3(byte(s2, 0)) ^ rk[3]; - if (r == Nr-2) { + if (r == Nr-2) { break; } s0 = t0; s1 = t1; s2 = t2; s3 = t3; @@ -437,7 +435,7 @@ int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) (Te4_3[byte(t3, 3)]) ^ (Te4_2[byte(t0, 2)]) ^ (Te4_1[byte(t1, 1)]) ^ - (Te4_0[byte(t2, 0)]) ^ + (Te4_0[byte(t2, 0)]) ^ rk[3]; STORE32H(s3, ct+12); @@ -445,7 +443,7 @@ int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) } #ifdef LTC_CLEAN_STACK -int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) +int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) { int err = _rijndael_ecb_encrypt(pt, ct, skey); burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2); @@ -453,17 +451,17 @@ int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) } #endif -#ifndef ENCRYPT_ONLY +#ifndef ENCRYPT_ONLY /** Decrypts a block of text with AES @param ct The input ciphertext (16 bytes) @param pt The output plaintext (16 bytes) - @param skey The key as scheduled + @param skey The key as scheduled @return CRYPT_OK if successful */ #ifdef LTC_CLEAN_STACK -static int _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) +static int _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) #else int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) #endif @@ -474,7 +472,7 @@ int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); LTC_ARGCHK(skey != NULL); - + Nr = skey->rijndael.Nr; rk = skey->rijndael.dK; @@ -515,13 +513,13 @@ int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) Td3(byte(s0, 0)) ^ rk[3]; if (r == Nr-2) { - break; + break; } s0 = t0; s1 = t1; s2 = t2; s3 = t3; } rk += 4; -#else +#else /* * Nr - 1 full rounds: @@ -625,7 +623,7 @@ int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) #ifdef LTC_CLEAN_STACK -int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) +int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) { int err = _rijndael_ecb_decrypt(ct, pt, skey); burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2); @@ -641,54 +639,54 @@ int ECB_TEST(void) { #ifndef LTC_TEST return CRYPT_NOP; - #else + #else int err; static const struct { int keylen; unsigned char key[32], pt[16], ct[16]; } tests[] = { { 16, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, - { 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, + { 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a } - }, { + }, { 24, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 }, { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, - { 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0, + { 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0, 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91 } }, { 32, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, - { 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf, + { 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf, 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89 } } }; - + symmetric_key key; unsigned char tmp[2][16]; int i, y; - + for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) { zeromem(&key, sizeof(key)); - if ((err = rijndael_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) { + if ((err = rijndael_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) { return err; } - + rijndael_ecb_encrypt(tests[i].pt, tmp[0], &key); rijndael_ecb_decrypt(tmp[0], tmp[1], &key); - if (XMEMCMP(tmp[0], tests[i].ct, 16) || XMEMCMP(tmp[1], tests[i].pt, 16)) { + if (XMEMCMP(tmp[0], tests[i].ct, 16) || XMEMCMP(tmp[1], tests[i].pt, 16)) { #if 0 printf("\n\nTest %d failed\n", i); if (XMEMCMP(tmp[0], tests[i].ct, 16)) { @@ -704,7 +702,7 @@ int ECB_TEST(void) } printf("\n"); } -#endif +#endif return CRYPT_FAIL_TESTVECTOR; } @@ -713,7 +711,7 @@ int ECB_TEST(void) for (y = 0; y < 1000; y++) rijndael_ecb_encrypt(tmp[0], tmp[0], &key); for (y = 0; y < 1000; y++) rijndael_ecb_decrypt(tmp[0], tmp[0], &key); for (y = 0; y < 16; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR; - } + } return CRYPT_OK; #endif } @@ -721,7 +719,7 @@ int ECB_TEST(void) #endif /* ENCRYPT_ONLY */ -/** Terminate the context +/** Terminate the context @param skey The scheduled key */ void ECB_DONE(symmetric_key *skey) diff --git a/src/ltc/ciphers/anubis.c b/src/ltc/ciphers/anubis.c index 229d5e8d..36f480d4 100644 --- a/src/ltc/ciphers/anubis.c +++ b/src/ltc/ciphers/anubis.c @@ -32,14 +32,14 @@ const struct ltc_cipher_descriptor anubis_desc = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; -#define MIN_N 4 -#define MAX_N 10 -#define MIN_ROUNDS (8 + MIN_N) -#define MAX_ROUNDS (8 + MAX_N) -#define MIN_KEYSIZEB (4*MIN_N) -#define MAX_KEYSIZEB (4*MAX_N) -#define BLOCKSIZE 128 -#define BLOCKSIZEB (BLOCKSIZE/8) +#define MIN_N 4 +#define MAX_N 10 +#define MIN_ROUNDS (8 + MIN_N) +#define MAX_ROUNDS (8 + MAX_N) +#define MIN_KEYSIZEB (4*MIN_N) +#define MAX_KEYSIZEB (4*MAX_N) +#define BLOCKSIZE 128 +#define BLOCKSIZEB (BLOCKSIZE/8) /* @@ -931,10 +931,10 @@ int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetri */ for (i = 0, pos = 0; i < N; i++, pos += 4) { kappa[i] = - (key[pos ] << 24) ^ - (key[pos + 1] << 16) ^ - (key[pos + 2] << 8) ^ - (key[pos + 3] ); + (((ulong32)key[pos ]) << 24) ^ + (((ulong32)key[pos + 1]) << 16) ^ + (((ulong32)key[pos + 2]) << 8) ^ + (((ulong32)key[pos + 3]) ); } /* @@ -1034,7 +1034,7 @@ int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetri return err; } #endif - + static void anubis_crypt(const unsigned char *plaintext, unsigned char *ciphertext, ulong32 roundKey[18 + 1][4], int R) { @@ -1048,10 +1048,10 @@ static void anubis_crypt(const unsigned char *plaintext, unsigned char *cipherte */ for (i = 0, pos = 0; i < 4; i++, pos += 4) { state[i] = - (plaintext[pos ] << 24) ^ - (plaintext[pos + 1] << 16) ^ - (plaintext[pos + 2] << 8) ^ - (plaintext[pos + 3] ) ^ + (((ulong32)plaintext[pos ]) << 24) ^ + (((ulong32)plaintext[pos + 1]) << 16) ^ + (((ulong32)plaintext[pos + 2]) << 8) ^ + (((ulong32)plaintext[pos + 3]) ) ^ roundKey[0][i]; } @@ -1149,7 +1149,7 @@ int anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key Decrypts a block of text with Anubis @param ct The input ciphertext (16 bytes) @param pt The output plaintext (16 bytes) - @param skey The key as scheduled + @param skey The key as scheduled @return CRYPT_OK if successful */ int anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) @@ -1181,7 +1181,7 @@ int anubis_test(void) 16, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xF0, 0x68, 0x60, 0xFC, 0x67, 0x30, 0xE8, 0x18, + { 0xF0, 0x68, 0x60, 0xFC, 0x67, 0x30, 0xE8, 0x18, 0xF1, 0x32, 0xC7, 0x8A, 0xF4, 0x13, 0x2A, 0xFE }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } @@ -1189,7 +1189,7 @@ int anubis_test(void) 16, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xA8, 0x66, 0x84, 0x80, 0x07, 0x74, 0x5C, 0x89, + { 0xA8, 0x66, 0x84, 0x80, 0x07, 0x74, 0x5C, 0x89, 0xFC, 0x5E, 0xB5, 0xBA, 0xD4, 0xFE, 0x32, 0x6D }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 } @@ -1221,7 +1221,7 @@ int anubis_test(void) 24, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x17, 0xAC, 0x57, 0x44, 0x9D, 0x59, 0x61, 0x66, + { 0x17, 0xAC, 0x57, 0x44, 0x9D, 0x59, 0x61, 0x66, 0xD0, 0xC7, 0x9E, 0x04, 0x7C, 0xC7, 0x58, 0xF0 }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1230,7 +1230,7 @@ int anubis_test(void) 24, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x71, 0x52, 0xB4, 0xEB, 0x1D, 0xAA, 0x36, 0xFD, + { 0x71, 0x52, 0xB4, 0xEB, 0x1D, 0xAA, 0x36, 0xFD, 0x57, 0x14, 0x5F, 0x57, 0x04, 0x9F, 0x70, 0x74 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1242,7 +1242,7 @@ int anubis_test(void) 28, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xA2, 0xF0, 0xA6, 0xB9, 0x17, 0x93, 0x2A, 0x3B, + { 0xA2, 0xF0, 0xA6, 0xB9, 0x17, 0x93, 0x2A, 0x3B, 0xEF, 0x08, 0xE8, 0x7A, 0x58, 0xD6, 0xF8, 0x53 }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1252,7 +1252,7 @@ int anubis_test(void) 28, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xF0, 0xCA, 0xFC, 0x78, 0x8B, 0x4B, 0x4E, 0x53, + { 0xF0, 0xCA, 0xFC, 0x78, 0x8B, 0x4B, 0x4E, 0x53, 0x8B, 0xC4, 0x32, 0x6A, 0xF5, 0xB9, 0x1B, 0x5F }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1265,7 +1265,7 @@ int anubis_test(void) 32, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xE0, 0x86, 0xAC, 0x45, 0x6B, 0x3C, 0xE5, 0x13, + { 0xE0, 0x86, 0xAC, 0x45, 0x6B, 0x3C, 0xE5, 0x13, 0xED, 0xF5, 0xDF, 0xDD, 0xD6, 0x3B, 0x71, 0x93 }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1275,7 +1275,7 @@ int anubis_test(void) 32, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x50, 0x01, 0xB9, 0xF5, 0x21, 0xC1, 0xC1, 0x29, + { 0x50, 0x01, 0xB9, 0xF5, 0x21, 0xC1, 0xC1, 0x29, 0x00, 0xD5, 0xEC, 0x98, 0x2B, 0x9E, 0xE8, 0x21 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1288,7 +1288,7 @@ int anubis_test(void) 36, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xE8, 0xF4, 0xAF, 0x2B, 0x21, 0xA0, 0x87, 0x9B, + { 0xE8, 0xF4, 0xAF, 0x2B, 0x21, 0xA0, 0x87, 0x9B, 0x41, 0x95, 0xB9, 0x71, 0x75, 0x79, 0x04, 0x7C }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1299,7 +1299,7 @@ int anubis_test(void) 36, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xE6, 0xA6, 0xA5, 0xBC, 0x8B, 0x63, 0x6F, 0xE2, + { 0xE6, 0xA6, 0xA5, 0xBC, 0x8B, 0x63, 0x6F, 0xE2, 0xBD, 0xA7, 0xA7, 0x53, 0xAB, 0x40, 0x22, 0xE0 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1313,7 +1313,7 @@ int anubis_test(void) 40, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x17, 0x04, 0xD7, 0x2C, 0xC6, 0x85, 0x76, 0x02, + { 0x17, 0x04, 0xD7, 0x2C, 0xC6, 0x85, 0x76, 0x02, 0x4B, 0xCC, 0x39, 0x80, 0xD8, 0x22, 0xEA, 0xA4 }, { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1324,7 +1324,7 @@ int anubis_test(void) 40, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x7A, 0x41, 0xE6, 0x7D, 0x4F, 0xD8, 0x64, 0xF0, + { 0x7A, 0x41, 0xE6, 0x7D, 0x4F, 0xD8, 0x64, 0xF0, 0x44, 0xA8, 0x3C, 0x73, 0x81, 0x7E, 0x53, 0xD8 }, { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -1515,7 +1515,7 @@ int anubis_test(void) #endif } -/** Terminate the context +/** Terminate the context @param skey The scheduled key */ void anubis_done(symmetric_key *skey) diff --git a/src/ltc/ciphers/camellia.c b/src/ltc/ciphers/camellia.c index 02c37f00..41deb408 100644 --- a/src/ltc/ciphers/camellia.c +++ b/src/ltc/ciphers/camellia.c @@ -32,143 +32,143 @@ const struct ltc_cipher_descriptor camellia_desc = { }; static const ulong32 SP1110[] = { -0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500, -0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, -0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, -0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00, -0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, -0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, -0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00, -0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, -0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, -0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900, -0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, -0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, -0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00, -0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, -0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, -0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000, -0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, -0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, -0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00, -0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, -0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, -0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200, -0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, -0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, -0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00, -0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, -0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, -0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00, -0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, -0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, -0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100, -0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00, +0x70707000, 0x82828200, 0x2c2c2c00, 0xececec00, 0xb3b3b300, 0x27272700, 0xc0c0c000, 0xe5e5e500, +0xe4e4e400, 0x85858500, 0x57575700, 0x35353500, 0xeaeaea00, 0x0c0c0c00, 0xaeaeae00, 0x41414100, +0x23232300, 0xefefef00, 0x6b6b6b00, 0x93939300, 0x45454500, 0x19191900, 0xa5a5a500, 0x21212100, +0xededed00, 0x0e0e0e00, 0x4f4f4f00, 0x4e4e4e00, 0x1d1d1d00, 0x65656500, 0x92929200, 0xbdbdbd00, +0x86868600, 0xb8b8b800, 0xafafaf00, 0x8f8f8f00, 0x7c7c7c00, 0xebebeb00, 0x1f1f1f00, 0xcecece00, +0x3e3e3e00, 0x30303000, 0xdcdcdc00, 0x5f5f5f00, 0x5e5e5e00, 0xc5c5c500, 0x0b0b0b00, 0x1a1a1a00, +0xa6a6a600, 0xe1e1e100, 0x39393900, 0xcacaca00, 0xd5d5d500, 0x47474700, 0x5d5d5d00, 0x3d3d3d00, +0xd9d9d900, 0x01010100, 0x5a5a5a00, 0xd6d6d600, 0x51515100, 0x56565600, 0x6c6c6c00, 0x4d4d4d00, +0x8b8b8b00, 0x0d0d0d00, 0x9a9a9a00, 0x66666600, 0xfbfbfb00, 0xcccccc00, 0xb0b0b000, 0x2d2d2d00, +0x74747400, 0x12121200, 0x2b2b2b00, 0x20202000, 0xf0f0f000, 0xb1b1b100, 0x84848400, 0x99999900, +0xdfdfdf00, 0x4c4c4c00, 0xcbcbcb00, 0xc2c2c200, 0x34343400, 0x7e7e7e00, 0x76767600, 0x05050500, +0x6d6d6d00, 0xb7b7b700, 0xa9a9a900, 0x31313100, 0xd1d1d100, 0x17171700, 0x04040400, 0xd7d7d700, +0x14141400, 0x58585800, 0x3a3a3a00, 0x61616100, 0xdedede00, 0x1b1b1b00, 0x11111100, 0x1c1c1c00, +0x32323200, 0x0f0f0f00, 0x9c9c9c00, 0x16161600, 0x53535300, 0x18181800, 0xf2f2f200, 0x22222200, +0xfefefe00, 0x44444400, 0xcfcfcf00, 0xb2b2b200, 0xc3c3c300, 0xb5b5b500, 0x7a7a7a00, 0x91919100, +0x24242400, 0x08080800, 0xe8e8e800, 0xa8a8a800, 0x60606000, 0xfcfcfc00, 0x69696900, 0x50505000, +0xaaaaaa00, 0xd0d0d000, 0xa0a0a000, 0x7d7d7d00, 0xa1a1a100, 0x89898900, 0x62626200, 0x97979700, +0x54545400, 0x5b5b5b00, 0x1e1e1e00, 0x95959500, 0xe0e0e000, 0xffffff00, 0x64646400, 0xd2d2d200, +0x10101000, 0xc4c4c400, 0x00000000, 0x48484800, 0xa3a3a300, 0xf7f7f700, 0x75757500, 0xdbdbdb00, +0x8a8a8a00, 0x03030300, 0xe6e6e600, 0xdadada00, 0x09090900, 0x3f3f3f00, 0xdddddd00, 0x94949400, +0x87878700, 0x5c5c5c00, 0x83838300, 0x02020200, 0xcdcdcd00, 0x4a4a4a00, 0x90909000, 0x33333300, +0x73737300, 0x67676700, 0xf6f6f600, 0xf3f3f300, 0x9d9d9d00, 0x7f7f7f00, 0xbfbfbf00, 0xe2e2e200, +0x52525200, 0x9b9b9b00, 0xd8d8d800, 0x26262600, 0xc8c8c800, 0x37373700, 0xc6c6c600, 0x3b3b3b00, +0x81818100, 0x96969600, 0x6f6f6f00, 0x4b4b4b00, 0x13131300, 0xbebebe00, 0x63636300, 0x2e2e2e00, +0xe9e9e900, 0x79797900, 0xa7a7a700, 0x8c8c8c00, 0x9f9f9f00, 0x6e6e6e00, 0xbcbcbc00, 0x8e8e8e00, +0x29292900, 0xf5f5f500, 0xf9f9f900, 0xb6b6b600, 0x2f2f2f00, 0xfdfdfd00, 0xb4b4b400, 0x59595900, +0x78787800, 0x98989800, 0x06060600, 0x6a6a6a00, 0xe7e7e700, 0x46464600, 0x71717100, 0xbababa00, +0xd4d4d400, 0x25252500, 0xababab00, 0x42424200, 0x88888800, 0xa2a2a200, 0x8d8d8d00, 0xfafafa00, +0x72727200, 0x07070700, 0xb9b9b900, 0x55555500, 0xf8f8f800, 0xeeeeee00, 0xacacac00, 0x0a0a0a00, +0x36363600, 0x49494900, 0x2a2a2a00, 0x68686800, 0x3c3c3c00, 0x38383800, 0xf1f1f100, 0xa4a4a400, +0x40404000, 0x28282800, 0xd3d3d300, 0x7b7b7b00, 0xbbbbbb00, 0xc9c9c900, 0x43434300, 0xc1c1c100, +0x15151500, 0xe3e3e300, 0xadadad00, 0xf4f4f400, 0x77777700, 0xc7c7c700, 0x80808000, 0x9e9e9e00, }; static const ulong32 SP0222[] = { -0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb, -0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, -0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, -0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b, -0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, -0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, -0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a, -0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, -0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, -0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333, -0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, -0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, -0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838, -0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, -0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, -0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0, -0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, -0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, -0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7, -0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, -0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, -0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5, -0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, -0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, -0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d, -0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, -0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, -0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5, -0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, -0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, -0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393, 0x00868686, 0x00838383, -0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d, +0x00e0e0e0, 0x00050505, 0x00585858, 0x00d9d9d9, 0x00676767, 0x004e4e4e, 0x00818181, 0x00cbcbcb, +0x00c9c9c9, 0x000b0b0b, 0x00aeaeae, 0x006a6a6a, 0x00d5d5d5, 0x00181818, 0x005d5d5d, 0x00828282, +0x00464646, 0x00dfdfdf, 0x00d6d6d6, 0x00272727, 0x008a8a8a, 0x00323232, 0x004b4b4b, 0x00424242, +0x00dbdbdb, 0x001c1c1c, 0x009e9e9e, 0x009c9c9c, 0x003a3a3a, 0x00cacaca, 0x00252525, 0x007b7b7b, +0x000d0d0d, 0x00717171, 0x005f5f5f, 0x001f1f1f, 0x00f8f8f8, 0x00d7d7d7, 0x003e3e3e, 0x009d9d9d, +0x007c7c7c, 0x00606060, 0x00b9b9b9, 0x00bebebe, 0x00bcbcbc, 0x008b8b8b, 0x00161616, 0x00343434, +0x004d4d4d, 0x00c3c3c3, 0x00727272, 0x00959595, 0x00ababab, 0x008e8e8e, 0x00bababa, 0x007a7a7a, +0x00b3b3b3, 0x00020202, 0x00b4b4b4, 0x00adadad, 0x00a2a2a2, 0x00acacac, 0x00d8d8d8, 0x009a9a9a, +0x00171717, 0x001a1a1a, 0x00353535, 0x00cccccc, 0x00f7f7f7, 0x00999999, 0x00616161, 0x005a5a5a, +0x00e8e8e8, 0x00242424, 0x00565656, 0x00404040, 0x00e1e1e1, 0x00636363, 0x00090909, 0x00333333, +0x00bfbfbf, 0x00989898, 0x00979797, 0x00858585, 0x00686868, 0x00fcfcfc, 0x00ececec, 0x000a0a0a, +0x00dadada, 0x006f6f6f, 0x00535353, 0x00626262, 0x00a3a3a3, 0x002e2e2e, 0x00080808, 0x00afafaf, +0x00282828, 0x00b0b0b0, 0x00747474, 0x00c2c2c2, 0x00bdbdbd, 0x00363636, 0x00222222, 0x00383838, +0x00646464, 0x001e1e1e, 0x00393939, 0x002c2c2c, 0x00a6a6a6, 0x00303030, 0x00e5e5e5, 0x00444444, +0x00fdfdfd, 0x00888888, 0x009f9f9f, 0x00656565, 0x00878787, 0x006b6b6b, 0x00f4f4f4, 0x00232323, +0x00484848, 0x00101010, 0x00d1d1d1, 0x00515151, 0x00c0c0c0, 0x00f9f9f9, 0x00d2d2d2, 0x00a0a0a0, +0x00555555, 0x00a1a1a1, 0x00414141, 0x00fafafa, 0x00434343, 0x00131313, 0x00c4c4c4, 0x002f2f2f, +0x00a8a8a8, 0x00b6b6b6, 0x003c3c3c, 0x002b2b2b, 0x00c1c1c1, 0x00ffffff, 0x00c8c8c8, 0x00a5a5a5, +0x00202020, 0x00898989, 0x00000000, 0x00909090, 0x00474747, 0x00efefef, 0x00eaeaea, 0x00b7b7b7, +0x00151515, 0x00060606, 0x00cdcdcd, 0x00b5b5b5, 0x00121212, 0x007e7e7e, 0x00bbbbbb, 0x00292929, +0x000f0f0f, 0x00b8b8b8, 0x00070707, 0x00040404, 0x009b9b9b, 0x00949494, 0x00212121, 0x00666666, +0x00e6e6e6, 0x00cecece, 0x00ededed, 0x00e7e7e7, 0x003b3b3b, 0x00fefefe, 0x007f7f7f, 0x00c5c5c5, +0x00a4a4a4, 0x00373737, 0x00b1b1b1, 0x004c4c4c, 0x00919191, 0x006e6e6e, 0x008d8d8d, 0x00767676, +0x00030303, 0x002d2d2d, 0x00dedede, 0x00969696, 0x00262626, 0x007d7d7d, 0x00c6c6c6, 0x005c5c5c, +0x00d3d3d3, 0x00f2f2f2, 0x004f4f4f, 0x00191919, 0x003f3f3f, 0x00dcdcdc, 0x00797979, 0x001d1d1d, +0x00525252, 0x00ebebeb, 0x00f3f3f3, 0x006d6d6d, 0x005e5e5e, 0x00fbfbfb, 0x00696969, 0x00b2b2b2, +0x00f0f0f0, 0x00313131, 0x000c0c0c, 0x00d4d4d4, 0x00cfcfcf, 0x008c8c8c, 0x00e2e2e2, 0x00757575, +0x00a9a9a9, 0x004a4a4a, 0x00575757, 0x00848484, 0x00111111, 0x00454545, 0x001b1b1b, 0x00f5f5f5, +0x00e4e4e4, 0x000e0e0e, 0x00737373, 0x00aaaaaa, 0x00f1f1f1, 0x00dddddd, 0x00595959, 0x00141414, +0x006c6c6c, 0x00929292, 0x00545454, 0x00d0d0d0, 0x00787878, 0x00707070, 0x00e3e3e3, 0x00494949, +0x00808080, 0x00505050, 0x00a7a7a7, 0x00f6f6f6, 0x00777777, 0x00939393, 0x00868686, 0x00838383, +0x002a2a2a, 0x00c7c7c7, 0x005b5b5b, 0x00e9e9e9, 0x00eeeeee, 0x008f8f8f, 0x00010101, 0x003d3d3d, }; static const ulong32 SP3033[] = { -0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2, -0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, -0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, -0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede, -0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, -0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, -0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e, -0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, -0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, -0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc, -0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, -0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, -0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e, -0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, -0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, -0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828, -0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, -0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, -0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded, -0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, -0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, -0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171, -0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, -0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, -0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747, -0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, -0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, -0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d, -0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, -0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, -0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0, -0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f, +0x38003838, 0x41004141, 0x16001616, 0x76007676, 0xd900d9d9, 0x93009393, 0x60006060, 0xf200f2f2, +0x72007272, 0xc200c2c2, 0xab00abab, 0x9a009a9a, 0x75007575, 0x06000606, 0x57005757, 0xa000a0a0, +0x91009191, 0xf700f7f7, 0xb500b5b5, 0xc900c9c9, 0xa200a2a2, 0x8c008c8c, 0xd200d2d2, 0x90009090, +0xf600f6f6, 0x07000707, 0xa700a7a7, 0x27002727, 0x8e008e8e, 0xb200b2b2, 0x49004949, 0xde00dede, +0x43004343, 0x5c005c5c, 0xd700d7d7, 0xc700c7c7, 0x3e003e3e, 0xf500f5f5, 0x8f008f8f, 0x67006767, +0x1f001f1f, 0x18001818, 0x6e006e6e, 0xaf00afaf, 0x2f002f2f, 0xe200e2e2, 0x85008585, 0x0d000d0d, +0x53005353, 0xf000f0f0, 0x9c009c9c, 0x65006565, 0xea00eaea, 0xa300a3a3, 0xae00aeae, 0x9e009e9e, +0xec00ecec, 0x80008080, 0x2d002d2d, 0x6b006b6b, 0xa800a8a8, 0x2b002b2b, 0x36003636, 0xa600a6a6, +0xc500c5c5, 0x86008686, 0x4d004d4d, 0x33003333, 0xfd00fdfd, 0x66006666, 0x58005858, 0x96009696, +0x3a003a3a, 0x09000909, 0x95009595, 0x10001010, 0x78007878, 0xd800d8d8, 0x42004242, 0xcc00cccc, +0xef00efef, 0x26002626, 0xe500e5e5, 0x61006161, 0x1a001a1a, 0x3f003f3f, 0x3b003b3b, 0x82008282, +0xb600b6b6, 0xdb00dbdb, 0xd400d4d4, 0x98009898, 0xe800e8e8, 0x8b008b8b, 0x02000202, 0xeb00ebeb, +0x0a000a0a, 0x2c002c2c, 0x1d001d1d, 0xb000b0b0, 0x6f006f6f, 0x8d008d8d, 0x88008888, 0x0e000e0e, +0x19001919, 0x87008787, 0x4e004e4e, 0x0b000b0b, 0xa900a9a9, 0x0c000c0c, 0x79007979, 0x11001111, +0x7f007f7f, 0x22002222, 0xe700e7e7, 0x59005959, 0xe100e1e1, 0xda00dada, 0x3d003d3d, 0xc800c8c8, +0x12001212, 0x04000404, 0x74007474, 0x54005454, 0x30003030, 0x7e007e7e, 0xb400b4b4, 0x28002828, +0x55005555, 0x68006868, 0x50005050, 0xbe00bebe, 0xd000d0d0, 0xc400c4c4, 0x31003131, 0xcb00cbcb, +0x2a002a2a, 0xad00adad, 0x0f000f0f, 0xca00caca, 0x70007070, 0xff00ffff, 0x32003232, 0x69006969, +0x08000808, 0x62006262, 0x00000000, 0x24002424, 0xd100d1d1, 0xfb00fbfb, 0xba00baba, 0xed00eded, +0x45004545, 0x81008181, 0x73007373, 0x6d006d6d, 0x84008484, 0x9f009f9f, 0xee00eeee, 0x4a004a4a, +0xc300c3c3, 0x2e002e2e, 0xc100c1c1, 0x01000101, 0xe600e6e6, 0x25002525, 0x48004848, 0x99009999, +0xb900b9b9, 0xb300b3b3, 0x7b007b7b, 0xf900f9f9, 0xce00cece, 0xbf00bfbf, 0xdf00dfdf, 0x71007171, +0x29002929, 0xcd00cdcd, 0x6c006c6c, 0x13001313, 0x64006464, 0x9b009b9b, 0x63006363, 0x9d009d9d, +0xc000c0c0, 0x4b004b4b, 0xb700b7b7, 0xa500a5a5, 0x89008989, 0x5f005f5f, 0xb100b1b1, 0x17001717, +0xf400f4f4, 0xbc00bcbc, 0xd300d3d3, 0x46004646, 0xcf00cfcf, 0x37003737, 0x5e005e5e, 0x47004747, +0x94009494, 0xfa00fafa, 0xfc00fcfc, 0x5b005b5b, 0x97009797, 0xfe00fefe, 0x5a005a5a, 0xac00acac, +0x3c003c3c, 0x4c004c4c, 0x03000303, 0x35003535, 0xf300f3f3, 0x23002323, 0xb800b8b8, 0x5d005d5d, +0x6a006a6a, 0x92009292, 0xd500d5d5, 0x21002121, 0x44004444, 0x51005151, 0xc600c6c6, 0x7d007d7d, +0x39003939, 0x83008383, 0xdc00dcdc, 0xaa00aaaa, 0x7c007c7c, 0x77007777, 0x56005656, 0x05000505, +0x1b001b1b, 0xa400a4a4, 0x15001515, 0x34003434, 0x1e001e1e, 0x1c001c1c, 0xf800f8f8, 0x52005252, +0x20002020, 0x14001414, 0xe900e9e9, 0xbd00bdbd, 0xdd00dddd, 0xe400e4e4, 0xa100a1a1, 0xe000e0e0, +0x8a008a8a, 0xf100f1f1, 0xd600d6d6, 0x7a007a7a, 0xbb00bbbb, 0xe300e3e3, 0x40004040, 0x4f004f4f, }; static const ulong32 SP4404[] = { -0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae, -0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, -0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, -0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c, -0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, -0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, -0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2, -0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, -0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, -0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd, -0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, -0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, -0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4, -0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, -0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, -0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad, 0x77770077, 0x80800080, -0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, -0xefef00ef, 0x93930093, 0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, -0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a, -0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, -0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, -0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7, -0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, -0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, -0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2, -0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, -0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, -0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e, -0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, -0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, -0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4, -0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e, +0x70700070, 0x2c2c002c, 0xb3b300b3, 0xc0c000c0, 0xe4e400e4, 0x57570057, 0xeaea00ea, 0xaeae00ae, +0x23230023, 0x6b6b006b, 0x45450045, 0xa5a500a5, 0xeded00ed, 0x4f4f004f, 0x1d1d001d, 0x92920092, +0x86860086, 0xafaf00af, 0x7c7c007c, 0x1f1f001f, 0x3e3e003e, 0xdcdc00dc, 0x5e5e005e, 0x0b0b000b, +0xa6a600a6, 0x39390039, 0xd5d500d5, 0x5d5d005d, 0xd9d900d9, 0x5a5a005a, 0x51510051, 0x6c6c006c, +0x8b8b008b, 0x9a9a009a, 0xfbfb00fb, 0xb0b000b0, 0x74740074, 0x2b2b002b, 0xf0f000f0, 0x84840084, +0xdfdf00df, 0xcbcb00cb, 0x34340034, 0x76760076, 0x6d6d006d, 0xa9a900a9, 0xd1d100d1, 0x04040004, +0x14140014, 0x3a3a003a, 0xdede00de, 0x11110011, 0x32320032, 0x9c9c009c, 0x53530053, 0xf2f200f2, +0xfefe00fe, 0xcfcf00cf, 0xc3c300c3, 0x7a7a007a, 0x24240024, 0xe8e800e8, 0x60600060, 0x69690069, +0xaaaa00aa, 0xa0a000a0, 0xa1a100a1, 0x62620062, 0x54540054, 0x1e1e001e, 0xe0e000e0, 0x64640064, +0x10100010, 0x00000000, 0xa3a300a3, 0x75750075, 0x8a8a008a, 0xe6e600e6, 0x09090009, 0xdddd00dd, +0x87870087, 0x83830083, 0xcdcd00cd, 0x90900090, 0x73730073, 0xf6f600f6, 0x9d9d009d, 0xbfbf00bf, +0x52520052, 0xd8d800d8, 0xc8c800c8, 0xc6c600c6, 0x81810081, 0x6f6f006f, 0x13130013, 0x63630063, +0xe9e900e9, 0xa7a700a7, 0x9f9f009f, 0xbcbc00bc, 0x29290029, 0xf9f900f9, 0x2f2f002f, 0xb4b400b4, +0x78780078, 0x06060006, 0xe7e700e7, 0x71710071, 0xd4d400d4, 0xabab00ab, 0x88880088, 0x8d8d008d, +0x72720072, 0xb9b900b9, 0xf8f800f8, 0xacac00ac, 0x36360036, 0x2a2a002a, 0x3c3c003c, 0xf1f100f1, +0x40400040, 0xd3d300d3, 0xbbbb00bb, 0x43430043, 0x15150015, 0xadad00ad, 0x77770077, 0x80800080, +0x82820082, 0xecec00ec, 0x27270027, 0xe5e500e5, 0x85850085, 0x35350035, 0x0c0c000c, 0x41410041, +0xefef00ef, 0x93930093, 0x19190019, 0x21210021, 0x0e0e000e, 0x4e4e004e, 0x65650065, 0xbdbd00bd, +0xb8b800b8, 0x8f8f008f, 0xebeb00eb, 0xcece00ce, 0x30300030, 0x5f5f005f, 0xc5c500c5, 0x1a1a001a, +0xe1e100e1, 0xcaca00ca, 0x47470047, 0x3d3d003d, 0x01010001, 0xd6d600d6, 0x56560056, 0x4d4d004d, +0x0d0d000d, 0x66660066, 0xcccc00cc, 0x2d2d002d, 0x12120012, 0x20200020, 0xb1b100b1, 0x99990099, +0x4c4c004c, 0xc2c200c2, 0x7e7e007e, 0x05050005, 0xb7b700b7, 0x31310031, 0x17170017, 0xd7d700d7, +0x58580058, 0x61610061, 0x1b1b001b, 0x1c1c001c, 0x0f0f000f, 0x16160016, 0x18180018, 0x22220022, +0x44440044, 0xb2b200b2, 0xb5b500b5, 0x91910091, 0x08080008, 0xa8a800a8, 0xfcfc00fc, 0x50500050, +0xd0d000d0, 0x7d7d007d, 0x89890089, 0x97970097, 0x5b5b005b, 0x95950095, 0xffff00ff, 0xd2d200d2, +0xc4c400c4, 0x48480048, 0xf7f700f7, 0xdbdb00db, 0x03030003, 0xdada00da, 0x3f3f003f, 0x94940094, +0x5c5c005c, 0x02020002, 0x4a4a004a, 0x33330033, 0x67670067, 0xf3f300f3, 0x7f7f007f, 0xe2e200e2, +0x9b9b009b, 0x26260026, 0x37370037, 0x3b3b003b, 0x96960096, 0x4b4b004b, 0xbebe00be, 0x2e2e002e, +0x79790079, 0x8c8c008c, 0x6e6e006e, 0x8e8e008e, 0xf5f500f5, 0xb6b600b6, 0xfdfd00fd, 0x59590059, +0x98980098, 0x6a6a006a, 0x46460046, 0xbaba00ba, 0x25250025, 0x42420042, 0xa2a200a2, 0xfafa00fa, +0x07070007, 0x55550055, 0xeeee00ee, 0x0a0a000a, 0x49490049, 0x68680068, 0x38380038, 0xa4a400a4, +0x28280028, 0x7b7b007b, 0xc9c900c9, 0xc1c100c1, 0xe3e300e3, 0xf4f400f4, 0xc7c700c7, 0x9e9e009e, }; static ulong64 key_sigma[] = { @@ -198,10 +198,10 @@ static ulong64 F(ulong64 x) static void rot_128(unsigned char *in, unsigned count, unsigned char *out) { unsigned x, w, b; - - w = count >> 3; + + w = count >> 3; b = count & 7; - + for (x = 0; x < 16; x++) { out[x] = (in[(x+w)&15] << b) | (in[(x+w+1)&15] >> (8 - b)); } @@ -212,11 +212,9 @@ int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetr unsigned char T[48], kA[16], kB[16], kR[16], kL[16]; int x; ulong64 A, B; - -/* - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(skey != NULL); -*/ + +// LTC_ARGCHK(key != NULL); +// LTC_ARGCHK(skey != NULL); /* Valid sizes (in bytes) are 16, 24, 32 */ if (keylen != 16 && keylen != 24 && keylen != 32) { @@ -229,27 +227,27 @@ int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetr if (num_rounds != 0 && num_rounds != skey->camellia.R) { return CRYPT_INVALID_ROUNDS; } - + /* expand key */ if (keylen == 16) { - for (x = 0; x < 16; x++) { - T[x] = key[x]; + for (x = 0; x < 16; x++) { + T[x] = key[x]; T[x + 16] = 0; } } else if (keylen == 24) { - for (x = 0; x < 24; x++) { - T[x] = key[x]; + for (x = 0; x < 24; x++) { + T[x] = key[x]; } - for (x = 24; x < 32; x++) { - T[x] = key[x-8] ^ 0xFF; + for (x = 24; x < 32; x++) { + T[x] = key[x-8] ^ 0xFF; } } else { - for (x = 0; x < 32; x++) { - T[x] = key[x]; + for (x = 0; x < 32; x++) { + T[x] = key[x]; } } - for (x = 0; x < 16; x++) { + for (x = 0; x < 16; x++) { kL[x] = T[x]; kR[x] = T[x + 16]; } @@ -260,8 +258,8 @@ int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetr /* first two rounds */ LOAD64H(A, T+32); LOAD64H(B, T+40); - B ^= F(A ^ key_sigma[0]); - A ^= F(B ^ key_sigma[1]); + B ^= F(A ^ key_sigma[0]); + A ^= F(B ^ key_sigma[1]); STORE64H(A, T+32); STORE64H(B, T+40); /* xor kL in */ @@ -269,8 +267,8 @@ int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetr /* next two rounds */ LOAD64H(A, T+32); LOAD64H(B, T+40); - B ^= F(A ^ key_sigma[2]); - A ^= F(B ^ key_sigma[3]); + B ^= F(A ^ key_sigma[2]); + A ^= F(B ^ key_sigma[3]); STORE64H(A, T+32); STORE64H(B, T+40); /* grab KA */ @@ -286,7 +284,7 @@ int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetr /* k1-k2 */ LOAD64H(skey->camellia.k[0], kA); - LOAD64H(skey->camellia.k[1], kA+8); + LOAD64H(skey->camellia.k[1], kA+8); /* rotate kL by 15, k3/k4 */ rot_128(kL, 15, T+32); @@ -318,7 +316,7 @@ int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetr rot_128(kA, 60, T+32); LOAD64H(skey->camellia.k[10], T+32); LOAD64H(skey->camellia.k[11], T+40); - + /* rotate kL by 77, kl3, kl4 */ rot_128(kL, 77, T+32); LOAD64H(skey->camellia.kl[2], T+32); @@ -346,8 +344,8 @@ int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetr } else { /* last two rounds */ LOAD64H(A, T+32); LOAD64H(B, T+40); - B ^= F(A ^ key_sigma[4]); - A ^= F(B ^ key_sigma[5]); + B ^= F(A ^ key_sigma[4]); + A ^= F(B ^ key_sigma[5]); STORE64H(A, T+32); STORE64H(B, T+40); /* grab kB */ @@ -440,12 +438,12 @@ int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetr return CRYPT_OK; } -int camellia_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) +int camellia_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) { ulong64 L, R; ulong32 a, b; - LOAD64H(L, pt+0); LOAD64H(R, pt+8); + LOAD64H(L, pt+0); LOAD64H(R, pt+8); L ^= skey->camellia.kw[0]; R ^= skey->camellia.kw[1]; @@ -539,7 +537,7 @@ int camellia_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k ulong64 L, R; ulong32 a, b; - LOAD64H(R, ct+0); LOAD64H(L, ct+8); + LOAD64H(R, ct+0); LOAD64H(L, ct+8); L ^= skey->camellia.kw[3]; R ^= skey->camellia.kw[2]; @@ -629,53 +627,67 @@ int camellia_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k return CRYPT_OK; } -int camellia_test(void) +int camellia_test(void) { - static const struct { - int keylen; + static const struct { + int keylen; unsigned char key[32], pt[16], ct[16]; } tests[] = { { - 16, - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 16, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, - { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, + { 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 } }, { - 24, - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 24, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }, - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, - { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, + { 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 } }, { - 32, - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 32, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, - { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }, - { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, + { 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 } +}, + +{ + 32, + { 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, + 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, + 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, + 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 }, + { 0xF6, 0x9F, 0x24, 0x45, 0xDF, 0x4F, 0x9B, 0x17, + 0xAD, 0x2B, 0x41, 0x7B, 0xE6, 0x6C, 0x37, 0x10 }, + { 0x79, 0x60, 0x10, 0x9F, 0xB6, 0xDC, 0x42, 0x94, + 0x7F, 0xCF, 0xE5, 0x9E, 0xA3, 0xC5, 0xEB, 0x6B } } }; unsigned char buf[2][16]; symmetric_key skey; - int err, x; + int err; + unsigned int x; - for (x = 0; x < 3; x++) { - if ((err = camellia_setup(tests[x].key, tests[x].keylen, 0, &skey)) != CRYPT_OK) { + for (x = 0; x < sizeof(tests)/sizeof(tests[0]); x++) { + zeromem(&skey, sizeof(skey)); + if ((err = camellia_setup(tests[x].key, tests[x].keylen, 0, &skey)) != CRYPT_OK) { return err; } if ((err = camellia_ecb_encrypt(tests[x].pt, buf[0], &skey)) != CRYPT_OK) { diff --git a/src/ltc/ciphers/des.c b/src/ltc/ciphers/des.c index af3a4d07..0034c801 100644 --- a/src/ltc/ciphers/des.c +++ b/src/ltc/ciphers/des.c @@ -1562,17 +1562,27 @@ int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k return CRYPT_INVALID_ROUNDS; } - if (keylen != 24) { + if (keylen != 24 && keylen != 16) { return CRYPT_INVALID_KEYSIZE; } deskey(key, EN0, skey->des3.ek[0]); deskey(key+8, DE1, skey->des3.ek[1]); - deskey(key+16, EN0, skey->des3.ek[2]); + if (keylen == 24) { + deskey(key+16, EN0, skey->des3.ek[2]); + } else { + /* two-key 3DES: K3=K1 */ + deskey(key, EN0, skey->des3.ek[2]); + } deskey(key, DE1, skey->des3.dk[2]); deskey(key+8, EN0, skey->des3.dk[1]); - deskey(key+16, DE1, skey->des3.dk[0]); + if (keylen == 24) { + deskey(key+16, DE1, skey->des3.dk[0]); + } else { + /* two-key 3DES: K3=K1 */ + deskey(key, DE1, skey->des3.dk[0]); + } return CRYPT_OK; } diff --git a/src/ltc/ciphers/safer/safer.c b/src/ltc/ciphers/safer/safer.c index 5189c2fd..7ca3b835 100644 --- a/src/ltc/ciphers/safer/safer.c +++ b/src/ltc/ciphers/safer/safer.c @@ -32,9 +32,12 @@ #ifdef LTC_SAFER -const struct ltc_cipher_descriptor +#define __LTC_SAFER_TAB_C__ +#include "safer_tab.c.inc" + +const struct ltc_cipher_descriptor safer_k64_desc = { - "safer-k64", + "safer-k64", 8, 8, 8, 8, LTC_SAFER_K64_DEFAULT_NOF_ROUNDS, &safer_k64_setup, &safer_ecb_encrypt, @@ -95,7 +98,6 @@ const struct ltc_cipher_descriptor #define IPHT(x, y) { x -= y; y -= x; } /******************* Types ****************************************************/ -extern const unsigned char safer_ebox[], safer_lbox[]; #ifdef LTC_CLEAN_STACK static void _Safer_Expand_Userkey(const unsigned char *userkey_1, @@ -158,7 +160,7 @@ static void Safer_Expand_Userkey(const unsigned char *userkey_1, } } } - + #ifdef LTC_CLEAN_STACK zeromem(ka, sizeof(ka)); zeromem(kb, sizeof(kb)); @@ -193,7 +195,7 @@ int safer_k64_setup(const unsigned char *key, int keylen, int numrounds, symmetr Safer_Expand_Userkey(key, key, (unsigned int)(numrounds != 0 ?numrounds:LTC_SAFER_K64_DEFAULT_NOF_ROUNDS), 0, skey->safer.key); return CRYPT_OK; } - + int safer_sk64_setup(const unsigned char *key, int keylen, int numrounds, symmetric_key *skey) { LTC_ARGCHK(key != NULL); @@ -380,7 +382,7 @@ int safer_k64_test(void) { #ifndef LTC_TEST return CRYPT_NOP; - #else + #else static const unsigned char k64_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, k64_key[] = { 8, 7, 6, 5, 4, 3, 2, 1 }, k64_ct[] = { 200, 242, 156, 221, 135, 120, 62, 217 }; @@ -409,7 +411,7 @@ int safer_sk64_test(void) { #ifndef LTC_TEST return CRYPT_NOP; - #else + #else static const unsigned char sk64_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, sk64_key[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, sk64_ct[] = { 95, 206, 155, 162, 5, 132, 56, 199 }; @@ -440,7 +442,7 @@ int safer_sk64_test(void) #endif } -/** Terminate the context +/** Terminate the context @param skey The scheduled key */ void safer_done(symmetric_key *skey) @@ -451,7 +453,7 @@ int safer_sk128_test(void) { #ifndef LTC_TEST return CRYPT_NOP; - #else + #else static const unsigned char sk128_pt[] = { 1, 2, 3, 4, 5, 6, 7, 8 }, sk128_key[] = { 1, 2, 3, 4, 5, 6, 7, 8, 0, 0, 0, 0, 0, 0, 0, 0 }, diff --git a/src/ltc/ciphers/safer/safer_tab.c b/src/ltc/ciphers/safer/safer_tab.c.inc index 9a515ff5..308fe55b 100644 --- a/src/ltc/ciphers/safer/safer_tab.c +++ b/src/ltc/ciphers/safer/safer_tab.c.inc @@ -12,54 +12,52 @@ /** @file safer_tab.c Tables for LTC_SAFER block ciphers -*/ - -#include "tomcrypt.h" +*/ -#if defined(LTC_SAFERP) || defined(LTC_SAFER) +#ifdef __LTC_SAFER_TAB_C__ -/* This is the box defined by ebox[x] = 45^x mod 257. +/* This is the box defined by ebox[x] = 45^x mod 257. * Its assumed that the value "256" corresponds to zero. */ -const unsigned char safer_ebox[256] = { - 1, 45, 226, 147, 190, 69, 21, 174, 120, 3, 135, 164, 184, 56, 207, 63, - 8, 103, 9, 148, 235, 38, 168, 107, 189, 24, 52, 27, 187, 191, 114, 247, - 64, 53, 72, 156, 81, 47, 59, 85, 227, 192, 159, 216, 211, 243, 141, 177, -255, 167, 62, 220, 134, 119, 215, 166, 17, 251, 244, 186, 146, 145, 100, 131, -241, 51, 239, 218, 44, 181, 178, 43, 136, 209, 153, 203, 140, 132, 29, 20, -129, 151, 113, 202, 95, 163, 139, 87, 60, 130, 196, 82, 92, 28, 232, 160, - 4, 180, 133, 74, 246, 19, 84, 182, 223, 12, 26, 142, 222, 224, 57, 252, - 32, 155, 36, 78, 169, 152, 158, 171, 242, 96, 208, 108, 234, 250, 199, 217, - 0, 212, 31, 110, 67, 188, 236, 83, 137, 254, 122, 93, 73, 201, 50, 194, -249, 154, 248, 109, 22, 219, 89, 150, 68, 233, 205, 230, 70, 66, 143, 10, -193, 204, 185, 101, 176, 210, 198, 172, 30, 65, 98, 41, 46, 14, 116, 80, - 2, 90, 195, 37, 123, 138, 42, 91, 240, 6, 13, 71, 111, 112, 157, 126, - 16, 206, 18, 39, 213, 76, 79, 214, 121, 48, 104, 54, 117, 125, 228, 237, -128, 106, 144, 55, 162, 94, 118, 170, 197, 127, 61, 175, 165, 229, 25, 97, -253, 77, 124, 183, 11, 238, 173, 75, 34, 245, 231, 115, 35, 33, 200, 5, +static const unsigned char safer_ebox[256] = { + 1, 45, 226, 147, 190, 69, 21, 174, 120, 3, 135, 164, 184, 56, 207, 63, + 8, 103, 9, 148, 235, 38, 168, 107, 189, 24, 52, 27, 187, 191, 114, 247, + 64, 53, 72, 156, 81, 47, 59, 85, 227, 192, 159, 216, 211, 243, 141, 177, +255, 167, 62, 220, 134, 119, 215, 166, 17, 251, 244, 186, 146, 145, 100, 131, +241, 51, 239, 218, 44, 181, 178, 43, 136, 209, 153, 203, 140, 132, 29, 20, +129, 151, 113, 202, 95, 163, 139, 87, 60, 130, 196, 82, 92, 28, 232, 160, + 4, 180, 133, 74, 246, 19, 84, 182, 223, 12, 26, 142, 222, 224, 57, 252, + 32, 155, 36, 78, 169, 152, 158, 171, 242, 96, 208, 108, 234, 250, 199, 217, + 0, 212, 31, 110, 67, 188, 236, 83, 137, 254, 122, 93, 73, 201, 50, 194, +249, 154, 248, 109, 22, 219, 89, 150, 68, 233, 205, 230, 70, 66, 143, 10, +193, 204, 185, 101, 176, 210, 198, 172, 30, 65, 98, 41, 46, 14, 116, 80, + 2, 90, 195, 37, 123, 138, 42, 91, 240, 6, 13, 71, 111, 112, 157, 126, + 16, 206, 18, 39, 213, 76, 79, 214, 121, 48, 104, 54, 117, 125, 228, 237, +128, 106, 144, 55, 162, 94, 118, 170, 197, 127, 61, 175, 165, 229, 25, 97, +253, 77, 124, 183, 11, 238, 173, 75, 34, 245, 231, 115, 35, 33, 200, 5, 225, 102, 221, 179, 88, 105, 99, 86, 15, 161, 49, 149, 23, 7, 58, 40 }; /* This is the inverse of ebox or the base 45 logarithm */ -const unsigned char safer_lbox[256] = { +static const unsigned char safer_lbox[256] = { 128, 0, 176, 9, 96, 239, 185, 253, 16, 18, 159, 228, 105, 186, 173, 248, 192, 56, 194, 101, 79, 6, 148, 252, 25, 222, 106, 27, 93, 78, 168, 130, -112, 237, 232, 236, 114, 179, 21, 195, 255, 171, 182, 71, 68, 1, 172, 37, -201, 250, 142, 65, 26, 33, 203, 211, 13, 110, 254, 38, 88, 218, 50, 15, - 32, 169, 157, 132, 152, 5, 156, 187, 34, 140, 99, 231, 197, 225, 115, 198, -175, 36, 91, 135, 102, 39, 247, 87, 244, 150, 177, 183, 92, 139, 213, 84, -121, 223, 170, 246, 62, 163, 241, 17, 202, 245, 209, 23, 123, 147, 131, 188, +112, 237, 232, 236, 114, 179, 21, 195, 255, 171, 182, 71, 68, 1, 172, 37, +201, 250, 142, 65, 26, 33, 203, 211, 13, 110, 254, 38, 88, 218, 50, 15, + 32, 169, 157, 132, 152, 5, 156, 187, 34, 140, 99, 231, 197, 225, 115, 198, +175, 36, 91, 135, 102, 39, 247, 87, 244, 150, 177, 183, 92, 139, 213, 84, +121, 223, 170, 246, 62, 163, 241, 17, 202, 245, 209, 23, 123, 147, 131, 188, 189, 82, 30, 235, 174, 204, 214, 53, 8, 200, 138, 180, 226, 205, 191, 217, -208, 80, 89, 63, 77, 98, 52, 10, 72, 136, 181, 86, 76, 46, 107, 158, -210, 61, 60, 3, 19, 251, 151, 81, 117, 74, 145, 113, 35, 190, 118, 42, +208, 80, 89, 63, 77, 98, 52, 10, 72, 136, 181, 86, 76, 46, 107, 158, +210, 61, 60, 3, 19, 251, 151, 81, 117, 74, 145, 113, 35, 190, 118, 42, 95, 249, 212, 85, 11, 220, 55, 49, 22, 116, 215, 119, 167, 230, 7, 219, -164, 47, 70, 243, 97, 69, 103, 227, 12, 162, 59, 28, 133, 24, 4, 29, - 41, 160, 143, 178, 90, 216, 166, 126, 238, 141, 83, 75, 161, 154, 193, 14, -122, 73, 165, 44, 129, 196, 199, 54, 43, 127, 67, 149, 51, 242, 108, 104, -109, 240, 2, 40, 206, 221, 155, 234, 94, 153, 124, 20, 134, 207, 229, 66, +164, 47, 70, 243, 97, 69, 103, 227, 12, 162, 59, 28, 133, 24, 4, 29, + 41, 160, 143, 178, 90, 216, 166, 126, 238, 141, 83, 75, 161, 154, 193, 14, +122, 73, 165, 44, 129, 196, 199, 54, 43, 127, 67, 149, 51, 242, 108, 104, +109, 240, 2, 40, 206, 221, 155, 234, 94, 153, 124, 20, 134, 207, 229, 66, 184, 64, 120, 45, 58, 233, 100, 31, 146, 144, 125, 57, 111, 224, 137, 48 }; -#endif +#endif /* __LTC_SAFER_TAB_C__ */ diff --git a/src/ltc/ciphers/safer/saferp.c b/src/ltc/ciphers/safer/saferp.c index 8cecab05..afeca089 100644 --- a/src/ltc/ciphers/safer/saferp.c +++ b/src/ltc/ciphers/safer/saferp.c @@ -9,14 +9,17 @@ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ -/** +/** @file saferp.c - LTC_SAFER+ Implementation by Tom St Denis + LTC_SAFER+ Implementation by Tom St Denis */ #include "tomcrypt.h" #ifdef LTC_SAFERP +#define __LTC_SAFER_TAB_C__ +#include "safer_tab.c.inc" + const struct ltc_cipher_descriptor saferp_desc = { "safer+", @@ -31,19 +34,17 @@ const struct ltc_cipher_descriptor saferp_desc = NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; -/* ROUND(b,i) +/* ROUND(b,i) * - * This is one forward key application. Note the basic form is - * key addition, substitution, key addition. The safer_ebox and safer_lbox - * are the exponentiation box and logarithm boxes respectively. - * The value of 'i' is the current round number which allows this - * function to be unrolled massively. Most of LTC_SAFER+'s speed - * comes from not having to compute indirect accesses into the + * This is one forward key application. Note the basic form is + * key addition, substitution, key addition. The safer_ebox and safer_lbox + * are the exponentiation box and logarithm boxes respectively. + * The value of 'i' is the current round number which allows this + * function to be unrolled massively. Most of LTC_SAFER+'s speed + * comes from not having to compute indirect accesses into the * array of 16 bytes b[0..15] which is the block of data */ -extern const unsigned char safer_ebox[], safer_lbox[]; - #define ROUND(b, i) \ b[0] = (safer_ebox[(b[0] ^ skey->saferp.K[i][0]) & 255] + skey->saferp.K[i+1][0]) & 255; \ b[1] = safer_lbox[(b[1] + skey->saferp.K[i][1]) & 255] ^ skey->saferp.K[i+1][1]; \ @@ -60,7 +61,7 @@ extern const unsigned char safer_ebox[], safer_lbox[]; b[12] = (safer_ebox[(b[12] ^ skey->saferp.K[i][12]) & 255] + skey->saferp.K[i+1][12]) & 255; \ b[13] = safer_lbox[(b[13] + skey->saferp.K[i][13]) & 255] ^ skey->saferp.K[i+1][13]; \ b[14] = safer_lbox[(b[14] + skey->saferp.K[i][14]) & 255] ^ skey->saferp.K[i+1][14]; \ - b[15] = (safer_ebox[(b[15] ^ skey->saferp.K[i][15]) & 255] + skey->saferp.K[i+1][15]) & 255; + b[15] = (safer_ebox[(b[15] ^ skey->saferp.K[i][15]) & 255] + skey->saferp.K[i+1][15]) & 255; /* This is one inverse key application */ #define iROUND(b, i) \ @@ -90,7 +91,7 @@ extern const unsigned char safer_ebox[], safer_lbox[]; b[8] = (b[8] + (b[9] = (b[9] + b[8]) & 255)) & 255; \ b[10] = (b[10] + (b[11] = (b[11] + b[10]) & 255)) & 255; \ b[12] = (b[12] + (b[13] = (b[13] + b[12]) & 255)) & 255; \ - b[14] = (b[14] + (b[15] = (b[15] + b[14]) & 255)) & 255; + b[14] = (b[14] + (b[15] = (b[15] + b[14]) & 255)) & 255; /* This is an inverse single layer PHT transform */ #define iPHT(b) \ @@ -117,15 +118,15 @@ extern const unsigned char safer_ebox[], safer_lbox[]; b2[8] = b[0]; b2[9] = b[9]; b2[10] = b[8]; b2[11] = b[1]; \ b2[12] = b[2]; b2[13] = b[11]; b2[14] = b[10]; b2[15] = b[3]; -/* The complete forward Linear Transform layer. - * Note that alternating usage of b and b2. - * Each round of LT starts in 'b' and ends in 'b2'. +/* The complete forward Linear Transform layer. + * Note that alternating usage of b and b2. + * Each round of LT starts in 'b' and ends in 'b2'. */ #define LT(b, b2) \ PHT(b); SHUF(b, b2); \ PHT(b2); SHUF(b2, b); \ PHT(b); SHUF(b, b2); \ - PHT(b2); + PHT(b2); /* This is the inverse linear transform layer. */ #define iLT(b, b2) \ @@ -133,10 +134,10 @@ extern const unsigned char safer_ebox[], safer_lbox[]; iSHUF(b, b2); iPHT(b2); \ iSHUF(b2, b); iPHT(b); \ iSHUF(b, b2); iPHT(b2); - -#ifdef LTC_SMALL_CODE -static void _round(unsigned char *b, int i, symmetric_key *skey) +#ifdef LTC_SMALL_CODE + +static void _round(unsigned char *b, int i, symmetric_key *skey) { ROUND(b, i); } @@ -154,7 +155,7 @@ static void _lt(unsigned char *b, unsigned char *b2) static void _ilt(unsigned char *b, unsigned char *b2) { iLT(b, b2); -} +} #undef ROUND #define ROUND(b, i) _round(b, i, skey) @@ -228,7 +229,7 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric } /* Is the number of rounds valid? Either use zero for default or - * 8,12,16 rounds for 16,24,32 byte keys + * 8,12,16 rounds for 16,24,32 byte keys */ if (num_rounds != 0 && num_rounds != rounds[(keylen/8)-2]) { return CRYPT_INVALID_ROUNDS; @@ -237,9 +238,9 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric /* 128 bit key version */ if (keylen == 16) { /* copy key into t */ - for (x = y = 0; x < 16; x++) { - t[x] = key[x]; - y ^= key[x]; + for (x = y = 0; x < 16; x++) { + t[x] = key[x]; + y ^= key[x]; } t[16] = y; @@ -265,9 +266,9 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric skey->saferp.rounds = 8; } else if (keylen == 24) { /* copy key into t */ - for (x = y = 0; x < 24; x++) { - t[x] = key[x]; - y ^= key[x]; + for (x = y = 0; x < 24; x++) { + t[x] = key[x]; + y ^= key[x]; } t[24] = y; @@ -284,7 +285,7 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric /* select and add */ z = x; - for (y = 0; y < 16; y++) { + for (y = 0; y < 16; y++) { skey->saferp.K[x][y] = (t[z] + safer_bias[x-1][y]) & 255; if (++z == 25) { z = 0; } } @@ -292,14 +293,14 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric skey->saferp.rounds = 12; } else { /* copy key into t */ - for (x = y = 0; x < 32; x++) { - t[x] = key[x]; - y ^= key[x]; + for (x = y = 0; x < 32; x++) { + t[x] = key[x]; + y ^= key[x]; } t[32] = y; /* make round keys */ - for (x = 0; x < 16; x++) { + for (x = 0; x < 16; x++) { skey->saferp.K[0][x] = t[x]; } @@ -308,7 +309,7 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric for (y = 0; y < 33; y++) { t[y] = ((t[y]<<3)|(t[y]>>5)) & 255; } - + /* select and add */ z = x; for (y = 0; y < 16; y++) { @@ -392,7 +393,7 @@ int saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key Decrypts a block of text with LTC_SAFER+ @param ct The input ciphertext (16 bytes) @param pt The output plaintext (16 bytes) - @param skey The key as scheduled + @param skey The key as scheduled @return CRYPT_OK if successful */ int saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) @@ -460,40 +461,40 @@ int saferp_test(void) { #ifndef LTC_TEST return CRYPT_NOP; - #else + #else static const struct { int keylen; unsigned char key[32], pt[16], ct[16]; } tests[] = { { 16, - { 41, 35, 190, 132, 225, 108, 214, 174, + { 41, 35, 190, 132, 225, 108, 214, 174, 82, 144, 73, 241, 241, 187, 233, 235 }, - { 179, 166, 219, 60, 135, 12, 62, 153, + { 179, 166, 219, 60, 135, 12, 62, 153, 36, 94, 13, 28, 6, 183, 71, 222 }, - { 224, 31, 182, 10, 12, 255, 84, 70, + { 224, 31, 182, 10, 12, 255, 84, 70, 127, 13, 89, 249, 9, 57, 165, 220 } }, { 24, - { 72, 211, 143, 117, 230, 217, 29, 42, - 229, 192, 247, 43, 120, 129, 135, 68, + { 72, 211, 143, 117, 230, 217, 29, 42, + 229, 192, 247, 43, 120, 129, 135, 68, 14, 95, 80, 0, 212, 97, 141, 190 }, - { 123, 5, 21, 7, 59, 51, 130, 31, + { 123, 5, 21, 7, 59, 51, 130, 31, 24, 112, 146, 218, 100, 84, 206, 177 }, - { 92, 136, 4, 63, 57, 95, 100, 0, + { 92, 136, 4, 63, 57, 95, 100, 0, 150, 130, 130, 16, 193, 111, 219, 133 } }, { 32, - { 243, 168, 141, 254, 190, 242, 235, 113, + { 243, 168, 141, 254, 190, 242, 235, 113, 255, 160, 208, 59, 117, 6, 140, 126, - 135, 120, 115, 77, 208, 190, 130, 190, + 135, 120, 115, 77, 208, 190, 130, 190, 219, 194, 70, 65, 43, 140, 250, 48 }, - { 127, 112, 240, 167, 84, 134, 50, 149, + { 127, 112, 240, 167, 84, 134, 50, 149, 170, 91, 104, 19, 11, 230, 252, 245 }, - { 88, 11, 25, 36, 172, 229, 202, 213, + { 88, 11, 25, 36, 172, 229, 202, 213, 170, 65, 105, 153, 220, 104, 153, 138 } } - }; + }; unsigned char tmp[2][16]; symmetric_key skey; @@ -507,7 +508,7 @@ int saferp_test(void) saferp_ecb_decrypt(tmp[0], tmp[1], &skey); /* compare */ - if (XMEMCMP(tmp[0], tests[i].ct, 16) || XMEMCMP(tmp[1], tests[i].pt, 16)) { + if (XMEMCMP(tmp[0], tests[i].ct, 16) || XMEMCMP(tmp[1], tests[i].pt, 16)) { return CRYPT_FAIL_TESTVECTOR; } @@ -522,7 +523,7 @@ int saferp_test(void) #endif } -/** Terminate the context +/** Terminate the context @param skey The scheduled key */ void saferp_done(symmetric_key *skey) @@ -537,7 +538,7 @@ void saferp_done(symmetric_key *skey) int saferp_keysize(int *keysize) { LTC_ARGCHK(keysize != NULL); - + if (*keysize < 16) return CRYPT_INVALID_KEYSIZE; if (*keysize < 24) { diff --git a/src/ltc/ciphers/twofish/twofish.c b/src/ltc/ciphers/twofish/twofish.c index 6a256b67..b5fb4836 100644 --- a/src/ltc/ciphers/twofish/twofish.c +++ b/src/ltc/ciphers/twofish/twofish.c @@ -62,6 +62,7 @@ static const unsigned char qord[4][5] = { #ifdef LTC_TWOFISH_TABLES +#define __LTC_TWOFISH_TAB_C__ #include "twofish_tab.c.inc" #define sbox(i, x) ((ulong32)SBOX[i][(x)&255]) diff --git a/src/ltc/encauth/ccm/ccm_memory.c b/src/ltc/encauth/ccm/ccm_memory.c index abd8653c..1b4328d2 100644 --- a/src/ltc/encauth/ccm/ccm_memory.c +++ b/src/ltc/encauth/ccm/ccm_memory.c @@ -19,6 +19,9 @@ /** CCM encrypt/decrypt and produce an authentication tag + + *1 'pt' and 'ct' can both be 'in' or 'out', depending on 'direction' + @param cipher The index of the cipher desired @param key The secret key to use @param keylen The length of the secret key (octets) @@ -27,9 +30,9 @@ @param noncelen The length of the nonce @param header The header for the session @param headerlen The length of the header (octets) - @param pt [out] The plaintext + @param pt [*1] The plaintext @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext + @param ct [*1] The ciphertext @param tag [out] The destination tag @param taglen [in/out] The max size and resulting size of the authentication tag @param direction Encrypt or Decrypt direction (0 or 1) @@ -95,7 +98,7 @@ int ccm_memory(int cipher, nonce, noncelen, header, headerlen, pt, ptlen, - ct, + ct, tag, taglen, direction); } @@ -174,7 +177,7 @@ int ccm_memory(int cipher, /* handle header */ if (headerlen > 0) { x = 0; - + /* store length */ if (headerlen < ((1UL<<16) - (1UL<<8))) { PAD[x++] ^= (headerlen>>8) & 255; @@ -213,7 +216,7 @@ int ccm_memory(int cipher, /* flags */ ctr[x++] = (unsigned char)L-1; - + /* nonce */ for (y = 0; y < (16 - (L+1)); ++y) { ctr[x++] = nonce[y]; @@ -305,7 +308,7 @@ int ccm_memory(int cipher, } PAD[x++] ^= b; } - + if (x != 0) { if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { goto error; diff --git a/src/ltc/encauth/ccm/ccm_memory_ex.c b/src/ltc/encauth/ccm/ccm_memory_ex.c index 73e75649..97370895 100644 --- a/src/ltc/encauth/ccm/ccm_memory_ex.c +++ b/src/ltc/encauth/ccm/ccm_memory_ex.c @@ -15,7 +15,7 @@ CCM support, process a block of memory, Tom St Denis */ -#ifdef CCM_MODE +#if defined LTC_CCM_MODE && 0 /** CCM encrypt/decrypt and produce an authentication tag diff --git a/src/ltc/encauth/gcm/gcm_add_aad.c b/src/ltc/encauth/gcm/gcm_add_aad.c index 26e47f64..f538009a 100644 --- a/src/ltc/encauth/gcm/gcm_add_aad.c +++ b/src/ltc/encauth/gcm/gcm_add_aad.c @@ -66,7 +66,7 @@ int gcm_add_aad(gcm_state *gcm, } gcm_mult_h(gcm, gcm->X); - /* copy counter out */ + /* copy counter out */ XMEMCPY(gcm->Y, gcm->X, 16); zeromem(gcm->X, 16); } else { @@ -117,7 +117,7 @@ int gcm_add_aad(gcm_state *gcm, return CRYPT_OK; } #endif - + /* $Source$ */ /* $Revision$ */ diff --git a/src/ltc/encauth/gcm/gcm_add_iv.c b/src/ltc/encauth/gcm/gcm_add_iv.c index 0ac79b6b..7464f9a7 100644 --- a/src/ltc/encauth/gcm/gcm_add_iv.c +++ b/src/ltc/encauth/gcm/gcm_add_iv.c @@ -24,7 +24,7 @@ @param IVlen The length of the IV @return CRYPT_OK on success */ -int gcm_add_iv(gcm_state *gcm, +int gcm_add_iv(gcm_state *gcm, const unsigned char *IV, unsigned long IVlen) { unsigned long x, y; @@ -39,7 +39,7 @@ int gcm_add_iv(gcm_state *gcm, if (gcm->mode != LTC_GCM_MODE_IV) { return CRYPT_INVALID_ARG; } - + if (gcm->buflen >= 16 || gcm->buflen < 0) { return CRYPT_INVALID_ARG; } @@ -87,7 +87,7 @@ int gcm_add_iv(gcm_state *gcm, } #endif - + /* $Source$ */ /* $Revision$ */ diff --git a/src/ltc/encauth/gcm/gcm_mult_h.c b/src/ltc/encauth/gcm/gcm_mult_h.c index 2cda6a4b..871cd519 100644 --- a/src/ltc/encauth/gcm/gcm_mult_h.c +++ b/src/ltc/encauth/gcm/gcm_mult_h.c @@ -46,8 +46,8 @@ void gcm_mult_h(gcm_state *gcm, unsigned char *I) #endif /* LTC_FAST */ } #endif /* LTC_GCM_TABLES_SSE2 */ -#else - gcm_gf_mult(gcm->H, I, T); +#else + gcm_gf_mult(gcm->H, I, T); #endif XMEMCPY(I, T, 16); } diff --git a/src/ltc/encauth/gcm/gcm_process.c b/src/ltc/encauth/gcm/gcm_process.c index af0444d0..08921dbc 100644 --- a/src/ltc/encauth/gcm/gcm_process.c +++ b/src/ltc/encauth/gcm/gcm_process.c @@ -17,9 +17,9 @@ #ifdef LTC_GCM_MODE -/** +/** Process plaintext/ciphertext through GCM - @param gcm The GCM state + @param gcm The GCM state @param pt The plaintext @param ptlen The plaintext length (ciphertext length is the same) @param ct The ciphertext @@ -44,7 +44,7 @@ int gcm_process(gcm_state *gcm, if (gcm->buflen > 16 || gcm->buflen < 0) { return CRYPT_INVALID_ARG; } - + if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { return err; } @@ -77,7 +77,7 @@ int gcm_process(gcm_state *gcm, x = 0; #ifdef LTC_FAST if (gcm->buflen == 0) { - if (direction == GCM_ENCRYPT) { + if (direction == GCM_ENCRYPT) { for (x = 0; x < (ptlen & ~15); x += 16) { /* ctr encrypt */ for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { @@ -115,14 +115,14 @@ int gcm_process(gcm_state *gcm, } } } -#endif +#endif /* process text */ for (; x < ptlen; x++) { if (gcm->buflen == 16) { gcm->pttotlen += 128; gcm_mult_h(gcm, gcm->X); - + /* increment counter */ for (y = 15; y >= 12; y--) { if (++gcm->Y[y] & 255) { break; } @@ -134,12 +134,12 @@ int gcm_process(gcm_state *gcm, } if (direction == GCM_ENCRYPT) { - b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen]; + b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen]; } else { b = ct[x]; pt[x] = ct[x] ^ gcm->buf[gcm->buflen]; } - gcm->X[gcm->buflen++] ^= b; + gcm->X[gcm->buflen++] ^= b; } return CRYPT_OK; diff --git a/src/ltc/hashes/sha2/sha224.c.inc b/src/ltc/hashes/sha2/sha224.c index 5d7dfb23..2240aaf7 100644..100755 --- a/src/ltc/hashes/sha2/sha224.c.inc +++ b/src/ltc/hashes/sha2/sha224.c @@ -13,6 +13,10 @@ LTC_SHA-224 new NIST standard based off of LTC_SHA-256 truncated to 224 bits (Tom St Denis) */ +#include "tomcrypt.h" + +#if defined(LTC_SHA224) && defined(LTC_SHA256) + const struct ltc_hash_descriptor sha224_desc = { "sha224", @@ -72,19 +76,19 @@ int sha224_done(hash_state * md, unsigned char *out) XMEMCPY(out, buf, 28); #ifdef LTC_CLEAN_STACK zeromem(buf, sizeof(buf)); -#endif +#endif return err; } /** Self-test the hash @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ +*/ int sha224_test(void) { #ifndef LTC_TEST return CRYPT_NOP; - #else + #else static const struct { char *msg; unsigned char hash[28]; @@ -119,6 +123,8 @@ int sha224_test(void) #endif } +#endif /* defined(LTC_SHA224) && defined(LTC_SHA256) */ + /* $Source$ */ /* $Revision$ */ diff --git a/src/ltc/hashes/sha2/sha256.c b/src/ltc/hashes/sha2/sha256.c index d6675e0b..251ee6d5 100644..100755 --- a/src/ltc/hashes/sha2/sha256.c +++ b/src/ltc/hashes/sha2/sha256.c @@ -327,10 +327,6 @@ int sha256_test(void) #endif } -#ifdef LTC_SHA224 -#include "sha224.c.inc" -#endif - #endif diff --git a/src/ltc/hashes/sha2/sha384.c.inc b/src/ltc/hashes/sha2/sha384.c index cf4d7dc3..483784b0 100644..100755 --- a/src/ltc/hashes/sha2/sha384.c.inc +++ b/src/ltc/hashes/sha2/sha384.c @@ -8,11 +8,15 @@ * * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ -/** +/** @param sha384.c LTC_SHA384 hash included in sha512.c, Tom St Denis */ +#include "tomcrypt.h" + +#if defined(LTC_SHA384) && defined(LTC_SHA512) + const struct ltc_hash_descriptor sha384_desc = { "sha384", @@ -81,12 +85,12 @@ int sha384_done(hash_state * md, unsigned char *out) /** Self-test the hash @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ +*/ int sha384_test(void) { #ifndef LTC_TEST return CRYPT_NOP; - #else + #else static const struct { char *msg; unsigned char hash[48]; @@ -125,10 +129,7 @@ int sha384_test(void) #endif } - - - - +#endif /* defined(LTC_SHA384) && defined(LTC_SHA512) */ /* $Source$ */ /* $Revision$ */ diff --git a/src/ltc/hashes/sha2/sha512.c b/src/ltc/hashes/sha2/sha512.c index de5aa67a..2d684162 100644..100755 --- a/src/ltc/hashes/sha2/sha512.c +++ b/src/ltc/hashes/sha2/sha512.c @@ -305,10 +305,6 @@ int sha512_test(void) #endif } -#ifdef LTC_SHA384 - #include "sha384.c.inc" -#endif - #endif diff --git a/src/ltc/hashes/whirl/whirl.c b/src/ltc/hashes/whirl/whirl.c index 279a3ee9..63005799 100644 --- a/src/ltc/hashes/whirl/whirl.c +++ b/src/ltc/hashes/whirl/whirl.c @@ -37,6 +37,7 @@ const struct ltc_hash_descriptor whirlpool_desc = }; /* the sboxes */ +#define __LTC_WHIRLTAB_C__ #include "whirltab.c.inc" /* get a_{i,j} */ diff --git a/src/ltc/headers/tomcrypt.h b/src/ltc/headers/tomcrypt.h index 3b4232bf..51299af2 100644 --- a/src/ltc/headers/tomcrypt.h +++ b/src/ltc/headers/tomcrypt.h @@ -75,7 +75,6 @@ enum { #include <tomcrypt_misc.h> #include <tomcrypt_argchk.h> #include <tomcrypt_pkcs.h> -#include <tomcrypt_hkdf.h> #ifdef __cplusplus } diff --git a/src/ltc/headers/tomcrypt_cfg.h b/src/ltc/headers/tomcrypt_cfg.h index b7d0d7e5..96e809a6 100644 --- a/src/ltc/headers/tomcrypt_cfg.h +++ b/src/ltc/headers/tomcrypt_cfg.h @@ -93,6 +93,24 @@ LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); #define LTC_FAST_TYPE unsigned long #endif +/* fix for MSVC ...evil! */ +#ifdef _MSC_VER + #define CONST64(n) n ## ui64 + typedef unsigned __int64 ulong64; +#else + #define CONST64(n) n ## ULL + typedef unsigned long long ulong64; +#endif + +/* this is the "32-bit at least" data type + * Re-define it to suit your platform but it must be at least 32-bits + */ +#if defined(__x86_64__) || (defined(__sparc__) && defined(__arch64__)) + typedef unsigned ulong32; +#else + typedef unsigned long ulong32; +#endif + /* detect sparc and sparc64 */ #if defined(__sparc__) #define ENDIAN_BIG diff --git a/src/ltc/headers/tomcrypt_custom.h b/src/ltc/headers/tomcrypt_custom.h index de2fc129..3835a62e 100644 --- a/src/ltc/headers/tomcrypt_custom.h +++ b/src/ltc/headers/tomcrypt_custom.h @@ -66,6 +66,19 @@ #define XQSORT qsort #endif +/* shortcut to disable automatic inclusion */ +#if defined LTC_NOTHING && !defined LTC_EASY + #define LTC_NO_MATH + #define LTC_NO_CIPHERS + #define LTC_NO_MODES + #define LTC_NO_HASHES + #define LTC_NO_MACS + #define LTC_NO_PRNGS + #define LTC_NO_PK + #define LTC_NO_PKCS + #define LTC_NO_MISC +#endif /* LTC_NOTHING */ + /* Easy button? */ #ifdef LTC_EASY #define LTC_NO_CIPHERS @@ -100,15 +113,20 @@ #define LTC_NO_PK #define LTC_MRSA #define LTC_MECC -#endif -/* Use small code where possible */ -/* #define LTC_SMALL_CODE */ + #define LTC_NO_MISC + #define LTC_BASE64 +#endif /* Enable self-test test vector checking */ #ifndef LTC_NO_TEST #define LTC_TEST #endif +/* Enable extended self-tests */ +/* #define LTC_TEST_EXT */ + +/* Use small code where possible */ +/* #define LTC_SMALL_CODE */ /* clean the stack of functions which put private information on stack */ /* #define LTC_CLEAN_STACK */ @@ -125,6 +143,20 @@ /* disable BSWAP on x86 */ /* #define LTC_NO_BSWAP */ +/* ---> math provider? <--- */ +#ifndef LTC_NO_MATH + +/* LibTomMath */ +/* #define LTM_DESC */ + +/* TomsFastMath */ +/* #define TFM_DESC */ + +#endif /* LTC_NO_MATH */ + +/* GNU Multiple Precision Arithmetic Library */ +/* #define GMP_DESC */ + /* ---> Symmetric Block Ciphers <--- */ #ifndef LTC_NO_CIPHERS @@ -145,7 +177,7 @@ #define LTC_TWOFISH_SMALL #endif /* #define LTC_TWOFISH_SMALL */ -/* LTC_DES includes EDE triple-LTC_DES */ +/* LTC_DES includes EDE triple-DES */ #define LTC_DES #define LTC_CAST5 #define LTC_NOEKEON @@ -219,16 +251,9 @@ #define LTC_F9_MODE #define LTC_PELICAN -#if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL) - #error Pelican-MAC requires LTC_RIJNDAEL -#endif - /* ---> Encrypt + Authenticate Modes <--- */ #define LTC_EAX_MODE -#if defined(LTC_EAX_MODE) && !(defined(LTC_CTR_MODE) && defined(LTC_OMAC)) - #error LTC_EAX_MODE requires CTR and LTC_OMAC mode -#endif #define LTC_OCB_MODE #define LTC_OCB3_MODE @@ -247,9 +272,6 @@ #endif /* LTC_NO_MACS */ -/* Various tidbits of modern neatoness */ -#define LTC_BASE64 - /* --> Pseudo Random Number Generators <--- */ #ifndef LTC_NO_PRNGS @@ -258,13 +280,9 @@ /* which descriptor of AES to use? */ /* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */ #ifdef ENCRYPT_ONLY - #define LTC_YARROW_AES 3 + #define LTC_YARROW_AES 0 #else - #define LTC_YARROW_AES 3 -#endif - -#if defined(LTC_YARROW) && !defined(LTC_CTR_MODE) - #error LTC_YARROW requires LTC_CTR_MODE chaining mode to be defined! + #define LTC_YARROW_AES 2 #endif /* a PRNG that simply reads from an available system source */ @@ -290,30 +308,21 @@ #endif /* LTC_NO_PRNGS */ -/* ---> math provider? <--- */ -#ifndef LTC_NO_MATH - -/* LibTomMath */ -/* #define LTM_DESC */ - -/* TomsFastMath */ -/* #define TFM_DESC */ - -#endif /* LTC_NO_MATH */ - /* ---> Public Key Crypto <--- */ #ifndef LTC_NO_PK /* Include RSA support */ #define LTC_MRSA -/* Enable RSA blinding when doing private key operations? */ -/* #define LTC_RSA_BLINDING */ +#ifndef LTC_NO_RSA_BLINDING +/* Enable RSA blinding when doing private key operations by default */ +#define LTC_RSA_BLINDING +#endif /* LTC_NO_RSA_BLINDING */ /* Include Diffie-Hellman support */ #ifndef GMP_DESC /* is_prime fails for GMP */ -#define MDH +#define LTC_MDH /* Supported Key Sizes */ #define DH768 #define DH1024 @@ -342,19 +351,21 @@ /* use Shamir's trick for point mul (speeds up signature verification) */ #define LTC_ECC_SHAMIR -#if defined(TFM_LTC_DESC) && defined(LTC_MECC) +#if defined(TFM_DESC) && defined(LTC_MECC) #define LTC_MECC_ACCEL #endif /* do we want fixed point ECC */ /* #define LTC_MECC_FP */ -/* Timing Resistant? */ +#ifndef LTC_NO_ECC_TIMING_RESISTANT +/* Enable ECC timing resistant version by default */ #define LTC_ECC_TIMING_RESISTANT +#endif #endif /* LTC_NO_PK */ -/* LTC_PKCS #1 (RSA) and #5 (Password Handling) stuff */ +/* PKCS #1 (RSA) and #5 (Password Handling) stuff */ #ifndef LTC_NO_PKCS #define LTC_PKCS_1 @@ -365,13 +376,23 @@ #endif /* LTC_NO_PKCS */ -/* LTC_HKDF Key Derivation/Expansion stuff */ -#ifndef LTC_NO_HKDF +/* misc stuff */ +#ifndef LTC_NO_MISC -#define LTC_HKDF +/* Various tidbits of modern neatoness */ +#define LTC_BASE64 +/* ... and it's URL safe version */ +#define LTC_BASE64_URL +/* Keep LTC_NO_HKDF for compatibility reasons + * superseeded by LTC_NO_MISC*/ +#ifndef LTC_NO_HKDF +/* HKDF Key Derivation/Expansion stuff */ +#define LTC_HKDF #endif /* LTC_NO_HKDF */ +#endif /* LTC_NO_MISC */ + /* cleanup */ #ifdef LTC_MECC @@ -402,6 +423,18 @@ #undef LTC_RSA_BLINDING #endif +#if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL) + #error Pelican-MAC requires LTC_RIJNDAEL +#endif + +#if defined(LTC_EAX_MODE) && !(defined(LTC_CTR_MODE) && defined(LTC_OMAC)) + #error LTC_EAX_MODE requires CTR and LTC_OMAC mode +#endif + +#if defined(LTC_YARROW) && !defined(LTC_CTR_MODE) + #error LTC_YARROW requires LTC_CTR_MODE chaining mode to be defined! +#endif + #if defined(LTC_DER) && !defined(MPI) #error ASN.1 DER requires MPI functionality #endif diff --git a/src/ltc/headers/tomcrypt_hkdf.h b/src/ltc/headers/tomcrypt_hkdf.h deleted file mode 100644 index f6a0228d..00000000 --- a/src/ltc/headers/tomcrypt_hkdf.h +++ /dev/null @@ -1,28 +0,0 @@ -/* LTC_HKDF Header Info */ - -/* ===> LTC_HKDF -- RFC5869 HMAC-based Key Derivation Function <=== */ -#ifdef LTC_HKDF - -int hkdf_test(void); - -int hkdf_extract(int hash_idx, - const unsigned char *salt, unsigned long saltlen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - -int hkdf_expand(int hash_idx, - const unsigned char *info, unsigned long infolen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long outlen); - -int hkdf(int hash_idx, - const unsigned char *salt, unsigned long saltlen, - const unsigned char *info, unsigned long infolen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long outlen); - -#endif /* LTC_HKDF */ - -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ diff --git a/src/ltc/headers/tomcrypt_macros.h b/src/ltc/headers/tomcrypt_macros.h index 88f44938..d87fb4de 100644 --- a/src/ltc/headers/tomcrypt_macros.h +++ b/src/ltc/headers/tomcrypt_macros.h @@ -1,67 +1,50 @@ -/* fix for MSVC ...evil! */ -#ifdef _MSC_VER - #define CONST64(n) n ## ui64 - typedef unsigned __int64 ulong64; -#else - #define CONST64(n) n ## ULL - typedef unsigned long long ulong64; -#endif - -/* this is the "32-bit at least" data type - * Re-define it to suit your platform but it must be at least 32-bits - */ -#if defined(__x86_64__) || (defined(__sparc__) && defined(__arch64__)) - typedef unsigned ulong32; -#else - typedef unsigned long ulong32; -#endif /* ---- HELPER MACROS ---- */ #ifdef ENDIAN_NEUTRAL #define STORE32L(x, y) \ - { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } + do { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) #define LOAD32L(x, y) \ - { x = ((unsigned long)((y)[3] & 255)<<24) | \ - ((unsigned long)((y)[2] & 255)<<16) | \ - ((unsigned long)((y)[1] & 255)<<8) | \ - ((unsigned long)((y)[0] & 255)); } + do { x = ((ulong32)((y)[3] & 255)<<24) | \ + ((ulong32)((y)[2] & 255)<<16) | \ + ((ulong32)((y)[1] & 255)<<8) | \ + ((ulong32)((y)[0] & 255)); } while(0) #define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ + do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) #define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ + do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } + (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) #define STORE32H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ - (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } + do { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ + (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } while(0) #define LOAD32H(x, y) \ - { x = ((unsigned long)((y)[0] & 255)<<24) | \ - ((unsigned long)((y)[1] & 255)<<16) | \ - ((unsigned long)((y)[2] & 255)<<8) | \ - ((unsigned long)((y)[3] & 255)); } + do { x = ((ulong32)((y)[0] & 255)<<24) | \ + ((ulong32)((y)[1] & 255)<<16) | \ + ((ulong32)((y)[2] & 255)<<8) | \ + ((ulong32)((y)[3] & 255)); } while(0) #define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ +do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } + (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) #define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ +do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ - (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } + (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } while(0) #endif /* ENDIAN_NEUTRAL */ @@ -70,12 +53,12 @@ #ifdef LTC_HAVE_BSWAP_BUILTIN #define STORE32H(x, y) \ - { ulong32 __t = __builtin_bswap32 ((x)); \ - XMEMCPY ((y), &__t, 4); } +do { ulong32 __t = __builtin_bswap32 ((x)); \ + XMEMCPY ((y), &__t, 4); } while(0) #define LOAD32H(x, y) \ - { XMEMCPY (&(x), (y), 4); \ - (x) = __builtin_bswap32 ((x)); } +do { XMEMCPY (&(x), (y), 4); \ + (x) = __builtin_bswap32 ((x)); } while(0) #elif !defined(LTC_NO_BSWAP) && (defined(INTEL_CC) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__) || defined(__x86_64__)))) @@ -95,26 +78,26 @@ asm __volatile__ ( \ #else #define STORE32H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ - (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } + do { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ + (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } while(0) #define LOAD32H(x, y) \ - { x = ((unsigned long)((y)[0] & 255)<<24) | \ - ((unsigned long)((y)[1] & 255)<<16) | \ - ((unsigned long)((y)[2] & 255)<<8) | \ - ((unsigned long)((y)[3] & 255)); } + do { x = ((ulong32)((y)[0] & 255)<<24) | \ + ((ulong32)((y)[1] & 255)<<16) | \ + ((ulong32)((y)[2] & 255)<<8) | \ + ((ulong32)((y)[3] & 255)); } while(0) #endif #ifdef LTC_HAVE_BSWAP_BUILTIN #define STORE64H(x, y) \ - { ulong64 __t = __builtin_bswap64 ((x)); \ - XMEMCPY ((y), &__t, 8); } +do { ulong64 __t = __builtin_bswap64 ((x)); \ + XMEMCPY ((y), &__t, 8); } while(0) #define LOAD64H(x, y) \ - { XMEMCPY (&(x), (y), 8); \ - (x) = __builtin_bswap64 ((x)); } +do { XMEMCPY (&(x), (y), 8); \ + (x) = __builtin_bswap64 ((x)); } while(0) /* x86_64 processor */ #elif !defined(LTC_NO_BSWAP) && (defined(__GNUC__) && defined(__x86_64__)) @@ -135,52 +118,52 @@ asm __volatile__ ( \ #else #define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ +do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } + (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) #define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ +do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ - (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } + (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } while(0) #endif #ifdef ENDIAN_32BITWORD #define STORE32L(x, y) \ - { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) #define LOAD32L(x, y) \ - XMEMCPY(&(x), y, 4); + do { XMEMCPY(&(x), y, 4); } while(0) #define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ + do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) #define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ + do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } + (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) #else /* 64-bit words then */ #define STORE32L(x, y) \ - { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) #define LOAD32L(x, y) \ - { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } + do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0) #define STORE64L(x, y) \ - { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } + do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0) #define LOAD64L(x, y) \ - { XMEMCPY(&(x), y, 8); } + do { XMEMCPY(&(x), y, 8); } while(0) #endif /* ENDIAN_64BITWORD */ @@ -188,60 +171,60 @@ asm __volatile__ ( \ #ifdef ENDIAN_BIG #define STORE32L(x, y) \ - { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } + do { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) #define LOAD32L(x, y) \ - { x = ((unsigned long)((y)[3] & 255)<<24) | \ - ((unsigned long)((y)[2] & 255)<<16) | \ - ((unsigned long)((y)[1] & 255)<<8) | \ - ((unsigned long)((y)[0] & 255)); } + do { x = ((ulong32)((y)[3] & 255)<<24) | \ + ((ulong32)((y)[2] & 255)<<16) | \ + ((ulong32)((y)[1] & 255)<<8) | \ + ((ulong32)((y)[0] & 255)); } while(0) #define STORE64L(x, y) \ - { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ +do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) #define LOAD64L(x, y) \ - { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \ +do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \ (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32) | \ (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16) | \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } + (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) #ifdef ENDIAN_32BITWORD #define STORE32H(x, y) \ - { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) #define LOAD32H(x, y) \ - XMEMCPY(&(x), y, 4); + do { XMEMCPY(&(x), y, 4); } while(0) #define STORE64H(x, y) \ - { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ + do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } + (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) #define LOAD64H(x, y) \ - { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \ + do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \ (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32)| \ (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16)| \ - (((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); } + (((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); } while(0) #else /* 64-bit words then */ #define STORE32H(x, y) \ - { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) #define LOAD32H(x, y) \ - { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } + do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0) #define STORE64H(x, y) \ - { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } + do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0) #define LOAD64H(x, y) \ - { XMEMCPY(&(x), y, 8); } + do { XMEMCPY(&(x), y, 8); } while(0) #endif /* ENDIAN_64BITWORD */ #endif /* ENDIAN_BIG */ @@ -351,10 +334,10 @@ static inline ulong32 RORc(ulong32 word, const int i) #else /* rotates the hard way */ -#define ROL(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define ROR(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define ROLc(x, y) ( (((unsigned long)(x)<<(unsigned long)((y)&31)) | (((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) -#define RORc(x, y) ( ((((unsigned long)(x)&0xFFFFFFFFUL)>>(unsigned long)((y)&31)) | ((unsigned long)(x)<<(unsigned long)(32-((y)&31)))) & 0xFFFFFFFFUL) +#define ROL(x, y) ( (((ulong32)(x)<<(ulong32)((y)&31)) | (((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)(32-((y)&31)))) & 0xFFFFFFFFUL) +#define ROR(x, y) ( ((((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((y)&31)) | ((ulong32)(x)<<(ulong32)(32-((y)&31)))) & 0xFFFFFFFFUL) +#define ROLc(x, y) ( (((ulong32)(x)<<(ulong32)((y)&31)) | (((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)(32-((y)&31)))) & 0xFFFFFFFFUL) +#define RORc(x, y) ( ((((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((y)&31)) | ((ulong32)(x)<<(ulong32)(32-((y)&31)))) & 0xFFFFFFFFUL) #endif diff --git a/src/ltc/headers/tomcrypt_misc.h b/src/ltc/headers/tomcrypt_misc.h index 236fc40b..e1e4457b 100644 --- a/src/ltc/headers/tomcrypt_misc.h +++ b/src/ltc/headers/tomcrypt_misc.h @@ -5,7 +5,9 @@ int base64_encode(const unsigned char *in, unsigned long len, int base64_decode(const unsigned char *in, unsigned long len, unsigned char *out, unsigned long *outlen); +#endif +#ifdef LTC_BASE64_URL int base64url_encode(const unsigned char *in, unsigned long len, unsigned char *out, unsigned long *outlen); @@ -13,6 +15,29 @@ int base64url_decode(const unsigned char *in, unsigned long len, unsigned char *out, unsigned long *outlen); #endif +/* ===> LTC_HKDF -- RFC5869 HMAC-based Key Derivation Function <=== */ +#ifdef LTC_HKDF + +int hkdf_test(void); + +int hkdf_extract(int hash_idx, + const unsigned char *salt, unsigned long saltlen, + const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long *outlen); + +int hkdf_expand(int hash_idx, + const unsigned char *info, unsigned long infolen, + const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long outlen); + +int hkdf(int hash_idx, + const unsigned char *salt, unsigned long saltlen, + const unsigned char *info, unsigned long infolen, + const unsigned char *in, unsigned long inlen, + unsigned char *out, unsigned long outlen); + +#endif /* LTC_HKDF */ + /* ---- MEM routines ---- */ void zeromem(volatile void *dst, size_t len); void burn_stack(unsigned long len); diff --git a/src/ltc/headers/tomcrypt_pk.h b/src/ltc/headers/tomcrypt_pk.h index c0b6227f..8963e02e 100644 --- a/src/ltc/headers/tomcrypt_pk.h +++ b/src/ltc/headers/tomcrypt_pk.h @@ -32,7 +32,7 @@ int pk_get_oid(int pk, oid_st *st); #define MIN_RSA_SIZE 1024 #define MAX_RSA_SIZE 4096 -/** RSA LTC_PKCS style key */ +/** RSA PKCS style key */ typedef struct Rsa_key { /** Type of key, PK_PRIVATE or PK_PUBLIC */ int type; @@ -56,13 +56,15 @@ typedef struct Rsa_key { int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key); +int rsa_get_size(rsa_key *key); + int rsa_exptmod(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, int which, rsa_key *key); void rsa_free(rsa_key *key); -/* These use LTC_PKCS #1 v2.0 padding */ +/* These use PKCS #1 v2.0 padding */ #define rsa_encrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, _key) \ rsa_encrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, LTC_PKCS_1_OAEP, _key) @@ -75,7 +77,10 @@ void rsa_free(rsa_key *key); #define rsa_verify_hash(_sig, _siglen, _hash, _hashlen, _hash_idx, _saltlen, _stat, _key) \ rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_PKCS_1_PSS, _hash_idx, _saltlen, _stat, _key) -/* These can be switched between LTC_PKCS #1 v2.x and LTC_PKCS #1 v1.5 paddings */ +#define rsa_sign_saltlen_get_max(_hash_idx, _key) \ + rsa_sign_saltlen_get_max_ex(LTC_PKCS_1_PSS, _hash_idx, _key) + +/* These can be switched between PKCS #1 v2.x and PKCS #1 v1.5 paddings */ int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, const unsigned char *lparam, unsigned long lparamlen, @@ -100,7 +105,9 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, int hash_idx, unsigned long saltlen, int *stat, rsa_key *key); -/* LTC_PKCS #1 import/export */ +int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key); + +/* PKCS #1 import/export */ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key); int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); @@ -113,7 +120,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); #define MIN_KAT_SIZE 1024 #define MAX_KAT_SIZE 4096 -/** Katja LTC_PKCS style key */ +/** Katja PKCS style key */ typedef struct KAT_key { /** Type of key, PK_PRIVATE or PK_PUBLIC */ int type; @@ -143,7 +150,7 @@ int katja_exptmod(const unsigned char *in, unsigned long inlen, void katja_free(katja_key *key); -/* These use LTC_PKCS #1 v2.0 padding */ +/* These use PKCS #1 v2.0 padding */ int katja_encrypt_key(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, const unsigned char *lparam, unsigned long lparamlen, @@ -155,14 +162,14 @@ int katja_decrypt_key(const unsigned char *in, unsigned long inlen, int hash_idx, int *stat, katja_key *key); -/* LTC_PKCS #1 import/export */ +/* PKCS #1 import/export */ int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key); int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key); #endif /* ---- DH Routines ---- */ -#ifdef MDH +#ifdef LTC_MDH typedef struct Dh_key { int idx, type; @@ -333,7 +340,7 @@ int ltc_ecc_is_valid_idx(int n); int ltc_ecc_is_point(const ltc_ecc_set_type *dp, void *x, void *y); /* point ops (mp == montgomery digit) */ -#if !defined(LTC_MECC_ACCEL) || defined(LTM_LTC_DESC) || defined(GMP_LTC_DESC) +#if !defined(LTC_MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC) /* R = 2P */ int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *a, void *modulus, void *mp); @@ -514,8 +521,10 @@ int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, #define der_decode_sequence(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 1) -int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, unsigned long *outlen); -int der_length_sequence_ex(ltc_asn1_list *list, unsigned long inlen, unsigned long *outlen, unsigned long *payloadlen); +int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, + unsigned long *outlen); +int der_length_sequence_ex(ltc_asn1_list *list, unsigned long inlen, + unsigned long *outlen, unsigned long *payloadlen); /* SUBJECT PUBLIC KEY INFO */ int der_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, diff --git a/src/ltc/headers/tomcrypt_pkcs.h b/src/ltc/headers/tomcrypt_pkcs.h index ee47dd39..31344a12 100644 --- a/src/ltc/headers/tomcrypt_pkcs.h +++ b/src/ltc/headers/tomcrypt_pkcs.h @@ -1,19 +1,19 @@ -/* LTC_PKCS Header Info */ +/* PKCS Header Info */ -/* ===> LTC_PKCS #1 -- RSA Cryptography <=== */ +/* ===> PKCS #1 -- RSA Cryptography <=== */ #ifdef LTC_PKCS_1 enum ltc_pkcs_1_v1_5_blocks { - LTC_PKCS_1_EMSA = 1, /* Block type 1 (LTC_PKCS #1 v1.5 signature padding) */ - LTC_PKCS_1_EME = 2 /* Block type 2 (LTC_PKCS #1 v1.5 encryption padding) */ + LTC_PKCS_1_EMSA = 1, /* Block type 1 (PKCS #1 v1.5 signature padding) */ + LTC_PKCS_1_EME = 2 /* Block type 2 (PKCS #1 v1.5 encryption padding) */ }; enum ltc_pkcs_1_paddings { - LTC_PKCS_1_V1_5 = 1, /* LTC_PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */ - LTC_PKCS_1_OAEP = 2, /* LTC_PKCS #1 v2.0 encryption padding */ - LTC_PKCS_1_PSS = 3 /* LTC_PKCS #1 v2.1 signature padding */ + LTC_PKCS_1_V1_5 = 1, /* PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */ + LTC_PKCS_1_OAEP = 2, /* PKCS #1 v2.0 encryption padding */ + LTC_PKCS_1_PSS = 3 /* PKCS #1 v2.1 signature padding */ }; int pkcs_1_mgf1( int hash_idx, @@ -67,7 +67,7 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, #endif /* LTC_PKCS_1 */ -/* ===> LTC_PKCS #5 -- Password Based Cryptography <=== */ +/* ===> PKCS #5 -- Password Based Cryptography <=== */ #ifdef LTC_PKCS_5 /* Algorithm #1 (old) */ @@ -82,6 +82,7 @@ int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, int iteration_count, int hash_idx, unsigned char *out, unsigned long *outlen); +int pkcs_5_test (void); #endif /* LTC_PKCS_5 */ /* $Source$ */ diff --git a/src/ltc/mac/f9/f9_process.c b/src/ltc/mac/f9/f9_process.c index bf54d715..b7a99f91 100644 --- a/src/ltc/mac/f9/f9_process.c +++ b/src/ltc/mac/f9/f9_process.c @@ -67,7 +67,7 @@ int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen) f9->IV[f9->buflen++] ^= *in++; --inlen; } - return CRYPT_OK; + return CRYPT_OK; } #endif diff --git a/src/ltc/mac/hmac/hmac_done.c b/src/ltc/mac/hmac/hmac_done.c index da5f31a9..15baa0c5 100644 --- a/src/ltc/mac/hmac/hmac_done.c +++ b/src/ltc/mac/hmac/hmac_done.c @@ -12,7 +12,7 @@ /** @file hmac_done.c - LTC_HMAC support, terminate stream, Tom St Denis/Dobes Vandermeer + HMAC support, terminate stream, Tom St Denis/Dobes Vandermeer */ #ifdef LTC_HMAC @@ -20,10 +20,10 @@ #define LTC_HMAC_BLOCKSIZE hash_descriptor[hash].blocksize /** - Terminate an LTC_HMAC session - @param hmac The LTC_HMAC state - @param out [out] The destination of the LTC_HMAC authentication tag - @param outlen [in/out] The max size and resulting size of the LTC_HMAC authentication tag + Terminate an HMAC session + @param hmac The HMAC state + @param out [out] The destination of the HMAC authentication tag + @param outlen [in/out] The max size and resulting size of the HMAC authentication tag @return CRYPT_OK if successful */ int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen) @@ -47,22 +47,22 @@ int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen) /* allocate buffers */ buf = XMALLOC(LTC_HMAC_BLOCKSIZE); isha = XMALLOC(hashsize); - if (buf == NULL || isha == NULL) { + if (buf == NULL || isha == NULL) { if (buf != NULL) { XFREE(buf); - } + } if (isha != NULL) { XFREE(isha); - } + } return CRYPT_MEM; } - /* Get the hash of the first LTC_HMAC vector plus the data */ + /* Get the hash of the first HMAC vector plus the data */ if ((err = hash_descriptor[hash].done(&hmac->md, isha)) != CRYPT_OK) { goto LBL_ERR; } - /* Create the second LTC_HMAC vector vector for step (3) */ + /* Create the second HMAC vector vector for step (3) */ for(i=0; i < LTC_HMAC_BLOCKSIZE; i++) { buf[i] = hmac->key[i] ^ 0x5C; } diff --git a/src/ltc/mac/hmac/hmac_file.c b/src/ltc/mac/hmac/hmac_file.c index b1d94389..8558c2ac 100644 --- a/src/ltc/mac/hmac/hmac_file.c +++ b/src/ltc/mac/hmac/hmac_file.c @@ -12,23 +12,23 @@ /** @file hmac_file.c - LTC_HMAC support, process a file, Tom St Denis/Dobes Vandermeer + HMAC support, process a file, Tom St Denis/Dobes Vandermeer */ #ifdef LTC_HMAC /** - LTC_HMAC a file + HMAC a file @param hash The index of the hash you wish to use - @param fname The name of the file you wish to LTC_HMAC + @param fname The name of the file you wish to HMAC @param key The secret key @param keylen The length of the secret key - @param out [out] The LTC_HMAC authentication tag + @param out [out] The HMAC authentication tag @param outlen [in/out] The max size and resulting size of the authentication tag @return CRYPT_OK if successful, CRYPT_NOP if file support has been disabled */ -int hmac_file(int hash, const char *fname, - const unsigned char *key, unsigned long keylen, +int hmac_file(int hash, const char *fname, + const unsigned char *key, unsigned long keylen, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE @@ -44,7 +44,7 @@ int hmac_file(int hash, const char *fname, LTC_ARGCHK(key != NULL); LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); - + if((err = hash_is_valid(hash)) != CRYPT_OK) { return err; } @@ -80,7 +80,7 @@ int hmac_file(int hash, const char *fname, #ifdef LTC_CLEAN_STACK /* clear memory */ zeromem(buf, sizeof(buf)); -#endif +#endif return CRYPT_OK; #endif } diff --git a/src/ltc/mac/hmac/hmac_init.c b/src/ltc/mac/hmac/hmac_init.c index 684fb285..e43df24b 100644 --- a/src/ltc/mac/hmac/hmac_init.c +++ b/src/ltc/mac/hmac/hmac_init.c @@ -12,7 +12,7 @@ /** @file hmac_init.c - LTC_HMAC support, initialize state, Tom St Denis/Dobes Vandermeer + HMAC support, initialize state, Tom St Denis/Dobes Vandermeer */ #ifdef LTC_HMAC @@ -20,9 +20,9 @@ #define LTC_HMAC_BLOCKSIZE hash_descriptor[hash].blocksize /** - Initialize an LTC_HMAC context. - @param hmac The LTC_HMAC state - @param hash The index of the hash you want to use + Initialize an HMAC context. + @param hmac The HMAC state + @param hash The index of the hash you want to use @param key The secret key @param keylen The length of the secret key (octets) @return CRYPT_OK if successful @@ -100,9 +100,9 @@ done: #ifdef LTC_CLEAN_STACK zeromem(buf, LTC_HMAC_BLOCKSIZE); #endif - + XFREE(buf); - return err; + return err; } #endif diff --git a/src/ltc/mac/hmac/hmac_memory.c b/src/ltc/mac/hmac/hmac_memory.c index 9df80eaa..c32f13aa 100644 --- a/src/ltc/mac/hmac/hmac_memory.c +++ b/src/ltc/mac/hmac/hmac_memory.c @@ -12,25 +12,25 @@ /** @file hmac_memory.c - LTC_HMAC support, process a block of memory, Tom St Denis/Dobes Vandermeer + HMAC support, process a block of memory, Tom St Denis/Dobes Vandermeer */ #ifdef LTC_HMAC /** - LTC_HMAC a block of memory to produce the authentication tag - @param hash The index of the hash to use - @param key The secret key + HMAC a block of memory to produce the authentication tag + @param hash The index of the hash to use + @param key The secret key @param keylen The length of the secret key (octets) - @param in The data to LTC_HMAC - @param inlen The length of the data to LTC_HMAC (octets) + @param in The data to HMAC + @param inlen The length of the data to HMAC (octets) @param out [out] Destination of the authentication tag @param outlen [in/out] Max size and resulting size of authentication tag @return CRYPT_OK if successful */ -int hmac_memory(int hash, +int hmac_memory(int hash, const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, + const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { hmac_state *hmac; @@ -38,7 +38,7 @@ int hmac_memory(int hash, LTC_ARGCHK(key != NULL); LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); + LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); /* make sure hash descriptor is valid */ @@ -77,7 +77,7 @@ LBL_ERR: #endif XFREE(hmac); - return err; + return err; } #endif diff --git a/src/ltc/mac/hmac/hmac_memory_multi.c b/src/ltc/mac/hmac/hmac_memory_multi.c index c3d461b8..f9d85878 100644 --- a/src/ltc/mac/hmac/hmac_memory_multi.c +++ b/src/ltc/mac/hmac/hmac_memory_multi.c @@ -13,24 +13,24 @@ /** @file hmac_memory_multi.c - LTC_HMAC support, process multiple blocks of memory, Tom St Denis/Dobes Vandermeer + HMAC support, process multiple blocks of memory, Tom St Denis/Dobes Vandermeer */ #ifdef LTC_HMAC /** - LTC_HMAC multiple blocks of memory to produce the authentication tag - @param hash The index of the hash to use - @param key The secret key + HMAC multiple blocks of memory to produce the authentication tag + @param hash The index of the hash to use + @param key The secret key @param keylen The length of the secret key (octets) @param out [out] Destination of the authentication tag @param outlen [in/out] Max size and resulting size of authentication tag - @param in The data to LTC_HMAC - @param inlen The length of the data to LTC_HMAC (octets) - @param ... tuples of (data,len) pairs to LTC_HMAC, terminated with a (NULL,x) (x=don't care) + @param in The data to HMAC + @param inlen The length of the data to HMAC (octets) + @param ... tuples of (data,len) pairs to HMAC, terminated with a (NULL,x) (x=don't care) @return CRYPT_OK if successful */ -int hmac_memory_multi(int hash, +int hmac_memory_multi(int hash, const unsigned char *key, unsigned long keylen, unsigned char *out, unsigned long *outlen, const unsigned char *in, unsigned long inlen, ...) @@ -44,7 +44,7 @@ int hmac_memory_multi(int hash, LTC_ARGCHK(key != NULL); LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); + LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); /* allocate ram for hmac state */ @@ -58,7 +58,7 @@ int hmac_memory_multi(int hash, } va_start(args, inlen); - curptr = in; + curptr = in; curlen = inlen; for (;;) { /* process buf */ @@ -81,7 +81,7 @@ LBL_ERR: #endif XFREE(hmac); va_end(args); - return err; + return err; } #endif diff --git a/src/ltc/mac/hmac/hmac_process.c b/src/ltc/mac/hmac/hmac_process.c index 802de1fb..f1931c8d 100644 --- a/src/ltc/mac/hmac/hmac_process.c +++ b/src/ltc/mac/hmac/hmac_process.c @@ -12,16 +12,16 @@ /** @file hmac_process.c - LTC_HMAC support, process data, Tom St Denis/Dobes Vandermeer + HMAC support, process data, Tom St Denis/Dobes Vandermeer */ #ifdef LTC_HMAC -/** - Process data through LTC_HMAC +/** + Process data through HMAC @param hmac The hmac state - @param in The data to send through LTC_HMAC - @param inlen The length of the data to LTC_HMAC (octets) + @param in The data to send through HMAC + @param inlen The length of the data to HMAC (octets) @return CRYPT_OK if successful */ int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen) diff --git a/src/ltc/mac/omac/omac_done.c b/src/ltc/mac/omac/omac_done.c index 796bdf9b..18fa25cc 100644 --- a/src/ltc/mac/omac/omac_done.c +++ b/src/ltc/mac/omac/omac_done.c @@ -10,16 +10,16 @@ */ #include "tomcrypt.h" -/** +/** @file omac_done.c - LTC_OMAC1 support, terminate a stream, Tom St Denis + OMAC1 support, terminate a stream, Tom St Denis */ #ifdef LTC_OMAC /** - Terminate an LTC_OMAC stream - @param omac The LTC_OMAC state + Terminate an OMAC stream + @param omac The OMAC state @param out [out] Destination for the authentication tag @param outlen [in/out] The max size and resulting size of the authentication tag @return CRYPT_OK if successful @@ -65,7 +65,7 @@ int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen) return err; } cipher_descriptor[omac->cipher_idx].done(&omac->key); - + /* output it */ for (x = 0; x < (unsigned)omac->blklen && x < *outlen; x++) { out[x] = omac->block[x]; diff --git a/src/ltc/mac/omac/omac_file.c b/src/ltc/mac/omac/omac_file.c index 54871e0b..d36871e8 100644 --- a/src/ltc/mac/omac/omac_file.c +++ b/src/ltc/mac/omac/omac_file.c @@ -10,26 +10,26 @@ */ #include "tomcrypt.h" -/** +/** @file omac_file.c - LTC_OMAC1 support, process a file, Tom St Denis + OMAC1 support, process a file, Tom St Denis */ #ifdef LTC_OMAC /** - LTC_OMAC a file + OMAC a file @param cipher The index of the cipher desired @param key The secret key @param keylen The length of the secret key (octets) - @param filename The name of the file you wish to LTC_OMAC + @param filename The name of the file you wish to OMAC @param out [out] Where the authentication tag is to be stored @param outlen [in/out] The max size and resulting size of the authentication tag @return CRYPT_OK if successful, CRYPT_NOP if file support has been disabled */ -int omac_file(int cipher, +int omac_file(int cipher, const unsigned char *key, unsigned long keylen, - const char *filename, + const char *filename, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE diff --git a/src/ltc/mac/omac/omac_init.c b/src/ltc/mac/omac/omac_init.c index 36a4a3d9..3bee70fc 100644 --- a/src/ltc/mac/omac/omac_init.c +++ b/src/ltc/mac/omac/omac_init.c @@ -10,17 +10,17 @@ */ #include "tomcrypt.h" -/** +/** @file omac_init.c - LTC_OMAC1 support, initialize state, by Tom St Denis + OMAC1 support, initialize state, by Tom St Denis */ #ifdef LTC_OMAC /** - Initialize an LTC_OMAC state - @param omac The LTC_OMAC state to initialize + Initialize an OMAC state + @param omac The OMAC state to initialize @param cipher The index of the desired cipher @param key The secret key @param keylen The length of the secret key (octets) @@ -77,7 +77,7 @@ int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned l omac->Lu[x][y] = ((omac->Lu[x][y] << 1) | (omac->Lu[x][y+1] >> 7)) & 255; } omac->Lu[x][len - 1] = ((omac->Lu[x][len - 1] << 1) ^ (msb ? mask : 0)) & 255; - + /* copy up as require */ if (x == 0) { XMEMCPY(omac->Lu[1], omac->Lu[0], sizeof(omac->Lu[0])); diff --git a/src/ltc/mac/omac/omac_memory.c b/src/ltc/mac/omac/omac_memory.c index c9f33929..dde7e763 100644 --- a/src/ltc/mac/omac/omac_memory.c +++ b/src/ltc/mac/omac/omac_memory.c @@ -10,25 +10,25 @@ */ #include "tomcrypt.h" -/** +/** @file omac_memory.c - LTC_OMAC1 support, process a block of memory, Tom St Denis + OMAC1 support, process a block of memory, Tom St Denis */ #ifdef LTC_OMAC /** - LTC_OMAC a block of memory + OMAC a block of memory @param cipher The index of the desired cipher @param key The secret key @param keylen The length of the secret key (octets) - @param in The data to send through LTC_OMAC - @param inlen The length of the data to send through LTC_OMAC (octets) + @param in The data to send through OMAC + @param inlen The length of the data to send through OMAC (octets) @param out [out] The destination of the authentication tag @param outlen [in/out] The max size and resulting size of the authentication tag (octets) @return CRYPT_OK if successful */ -int omac_memory(int cipher, +int omac_memory(int cipher, const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) @@ -75,7 +75,7 @@ LBL_ERR: #endif XFREE(omac); - return err; + return err; } #endif diff --git a/src/ltc/mac/omac/omac_memory_multi.c b/src/ltc/mac/omac/omac_memory_multi.c index 3db82704..afaf8cb4 100644 --- a/src/ltc/mac/omac/omac_memory_multi.c +++ b/src/ltc/mac/omac/omac_memory_multi.c @@ -11,26 +11,26 @@ #include "tomcrypt.h" #include <stdarg.h> -/** +/** @file omac_memory_multi.c - LTC_OMAC1 support, process multiple blocks of memory, Tom St Denis + OMAC1 support, process multiple blocks of memory, Tom St Denis */ #ifdef LTC_OMAC /** - LTC_OMAC multiple blocks of memory + OMAC multiple blocks of memory @param cipher The index of the desired cipher @param key The secret key @param keylen The length of the secret key (octets) @param out [out] The destination of the authentication tag @param outlen [in/out] The max size and resulting size of the authentication tag (octets) - @param in The data to send through LTC_OMAC - @param inlen The length of the data to send through LTC_OMAC (octets) - @param ... tuples of (data,len) pairs to LTC_OMAC, terminated with a (NULL,x) (x=don't care) + @param in The data to send through OMAC + @param inlen The length of the data to send through OMAC (octets) + @param ... tuples of (data,len) pairs to OMAC, terminated with a (NULL,x) (x=don't care) @return CRYPT_OK if successful */ -int omac_memory_multi(int cipher, +int omac_memory_multi(int cipher, const unsigned char *key, unsigned long keylen, unsigned char *out, unsigned long *outlen, const unsigned char *in, unsigned long inlen, ...) @@ -57,7 +57,7 @@ int omac_memory_multi(int cipher, goto LBL_ERR; } va_start(args, inlen); - curptr = in; + curptr = in; curlen = inlen; for (;;) { /* process buf */ @@ -80,7 +80,7 @@ LBL_ERR: #endif XFREE(omac); va_end(args); - return err; + return err; } #endif diff --git a/src/ltc/mac/omac/omac_process.c b/src/ltc/mac/omac/omac_process.c index 9d0eb26c..8ecac0db 100644 --- a/src/ltc/mac/omac/omac_process.c +++ b/src/ltc/mac/omac/omac_process.c @@ -10,18 +10,18 @@ */ #include "tomcrypt.h" -/** +/** @file omac_process.c - LTC_OMAC1 support, process data, Tom St Denis + OMAC1 support, process data, Tom St Denis */ #ifdef LTC_OMAC -/** - Process data through LTC_OMAC - @param omac The LTC_OMAC state - @param in The input data to send through LTC_OMAC +/** + Process data through OMAC + @param omac The OMAC state + @param in The input data to send through OMAC @param inlen The length of the input (octets) @return CRYPT_OK if successful */ @@ -43,26 +43,25 @@ int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen) #ifdef LTC_FAST { - unsigned long blklen; - - blklen = cipher_descriptor[omac->cipher_idx].block_length; - if (omac->buflen == 0 && inlen > blklen) { - unsigned long y; - for (x = 0; x < (inlen - blklen); x += blklen) { - for (y = 0; y < blklen; y += sizeof(LTC_FAST_TYPE)) { - *((LTC_FAST_TYPE*)(&omac->prev[y])) ^= *((LTC_FAST_TYPE*)(&in[y])); - } - in += blklen; - if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->prev, omac->prev, &omac->key)) != CRYPT_OK) { - return err; - } - } - inlen -= x; + unsigned long blklen = cipher_descriptor[omac->cipher_idx].block_length; + + if (omac->buflen == 0 && inlen > blklen) { + unsigned long y; + for (x = 0; x < (inlen - blklen); x += blklen) { + for (y = 0; y < blklen; y += sizeof(LTC_FAST_TYPE)) { + *((LTC_FAST_TYPE*)(&omac->prev[y])) ^= *((LTC_FAST_TYPE*)(&in[y])); + } + in += blklen; + if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->prev, omac->prev, &omac->key)) != CRYPT_OK) { + return err; + } } + inlen -= x; + } } #endif - while (inlen != 0) { + while (inlen != 0) { /* ok if the block is full we xor in prev, encrypt and replace prev */ if (omac->buflen == omac->blklen) { for (x = 0; x < (unsigned long)omac->blklen; x++) { diff --git a/src/ltc/mac/pelican/pelican.c b/src/ltc/mac/pelican/pelican.c index f028c7b7..da06d340 100644 --- a/src/ltc/mac/pelican/pelican.c +++ b/src/ltc/mac/pelican/pelican.c @@ -10,13 +10,14 @@ */ #include "tomcrypt.h" -/** +/** @file pelican.c - Pelican MAC, initialize state, by Tom St Denis + Pelican MAC, initialize state, by Tom St Denis */ #ifdef LTC_PELICAN +#define __LTC_AES_TAB_C__ #define ENCRYPT_ONLY #define PELI_TAB #include "../../ciphers/aes/aes_tab.c.inc" @@ -24,14 +25,14 @@ /** Initialize a Pelican state @param pelmac The Pelican state to initialize - @param key The secret key + @param key The secret key @param keylen The length of the secret key (octets) @return CRYPT_OK if successful */ int pelican_init(pelican_state *pelmac, const unsigned char *key, unsigned long keylen) { int err; - + LTC_ARGCHK(pelmac != NULL); LTC_ARGCHK(key != NULL); @@ -49,7 +50,7 @@ int pelican_init(pelican_state *pelmac, const unsigned char *key, unsigned long aes_ecb_encrypt(pelmac->state, pelmac->state, &pelmac->K); pelmac->buflen = 0; - return CRYPT_OK; + return CRYPT_OK; } static void four_rounds(pelican_state *pelmac) @@ -90,7 +91,7 @@ static void four_rounds(pelican_state *pelmac) STORE32H(s3, pelmac->state + 12); } -/** +/** Process a block of text through Pelican @param pelmac The Pelican MAC state @param in The input @@ -156,7 +157,7 @@ int pelican_done(pelican_state *pelmac, unsigned char *out) aes_ecb_encrypt(pelmac->state, out, &pelmac->K); aes_done(&pelmac->K); return CRYPT_OK; -} +} #endif diff --git a/src/ltc/mac/pmac/pmac_process.c b/src/ltc/mac/pmac/pmac_process.c index e32e65f2..78100630 100644 --- a/src/ltc/mac/pmac/pmac_process.c +++ b/src/ltc/mac/pmac/pmac_process.c @@ -10,9 +10,9 @@ */ #include "tomcrypt.h" -/** +/** @file pmac_process.c - PMAC implementation, process data, by Tom St Denis + PMAC implementation, process data, by Tom St Denis */ @@ -62,7 +62,7 @@ int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen) } #endif - while (inlen != 0) { + while (inlen != 0) { /* ok if the block is full we xor in prev, encrypt and replace prev */ if (pmac->buflen == pmac->block_len) { pmac_shift_xor(pmac); diff --git a/src/ltc/mac/xcbc/xcbc_process.c b/src/ltc/mac/xcbc/xcbc_process.c index 46ab4a07..df5b741a 100644 --- a/src/ltc/mac/xcbc/xcbc_process.c +++ b/src/ltc/mac/xcbc/xcbc_process.c @@ -64,7 +64,7 @@ int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen) xcbc->IV[xcbc->buflen++] ^= *in++; --inlen; } - return CRYPT_OK; + return CRYPT_OK; } #endif diff --git a/src/ltc/math/rand_bn.c b/src/ltc/math/rand_bn.c index c066501b..39ff73cf 100755 --- a/src/ltc/math/rand_bn.c +++ b/src/ltc/math/rand_bn.c @@ -44,7 +44,7 @@ int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng) cleanup: #ifdef LTC_CLEAN_STACK - zeromem(buf, len); + zeromem(buf, bytes); #endif XFREE(buf); return res; diff --git a/src/ltc/math/rand_prime.c b/src/ltc/math/rand_prime.c index f2284295..30a03d68 100644 --- a/src/ltc/math/rand_prime.c +++ b/src/ltc/math/rand_prime.c @@ -10,6 +10,8 @@ */ #include "tomcrypt.h" +#if !defined LTC_NO_MATH && !defined LTC_NO_PRNGS + /** @file rand_prime.c Generate a random prime, Tom St Denis @@ -80,6 +82,7 @@ int rand_prime(void *N, long len, prng_state *prng, int wprng) return CRYPT_OK; } +#endif /* LTC_NO_MATH */ /* $Source$ */ diff --git a/src/ltc/math/tfm_desc.c b/src/ltc/math/tfm_desc.c index 82180247..693b9261 100644 --- a/src/ltc/math/tfm_desc.c +++ b/src/ltc/math/tfm_desc.c @@ -25,7 +25,7 @@ static const struct { }; /** - Convert a tfm error to a LTC error (Possibly the most powerful function ever! Oh wait... no) + Convert a tfm error to a LTC error (Possibly the most powerful function ever! Oh wait... no) @param err The error to convert @return The equivalent LTC error code or CRYPT_ERROR if none found */ @@ -34,7 +34,7 @@ static int tfm_to_ltc_error(int err) int x; for (x = 0; x < (int)(sizeof(tfm_to_ltc_codes)/sizeof(tfm_to_ltc_codes[0])); x++) { - if (err == tfm_to_ltc_codes[x].tfm_code) { + if (err == tfm_to_ltc_codes[x].tfm_code) { return tfm_to_ltc_codes[x].ltc_code; } } @@ -114,7 +114,7 @@ static int get_digit_count(void *a) A = a; return A->used; } - + static int compare(void *a, void *b) { int ret; @@ -213,7 +213,7 @@ static int add(void *a, void *b, void *c) fp_add(a, b, c); return CRYPT_OK; } - + static int addi(void *a, unsigned long b, void *c) { LTC_ARGCHK(a != NULL); @@ -246,7 +246,7 @@ static int mul(void *a, void *b, void *c) LTC_ARGCHK(a != NULL); LTC_ARGCHK(b != NULL); LTC_ARGCHK(c != NULL); - fp_mul(a, b, c); + fp_mul(a, b, c); return CRYPT_OK; } @@ -297,7 +297,7 @@ static int modi(void *a, unsigned long b, unsigned long *c) } *c = tmp; return CRYPT_OK; -} +} /* gcd */ static int gcd(void *a, void *b, void *c) @@ -411,13 +411,14 @@ static int exptmod(void *a, void *b, void *c, void *d) LTC_ARGCHK(c != NULL); LTC_ARGCHK(d != NULL); return tfm_to_ltc_error(fp_exptmod(a,b,c,d)); -} +} -static int isprime(void *a, int *b) +static int isprime(void *a, int b, int *c) { LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - *b = (fp_isprime(a) == FP_YES) ? LTC_MP_YES : LTC_MP_NO; + LTC_ARGCHK(c != NULL); + (void)b; + *c = (fp_isprime(a) == FP_YES) ? LTC_MP_YES : LTC_MP_NO; return CRYPT_OK; } @@ -455,7 +456,7 @@ static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulu if (fp_cmp(R->z, modulus) != FP_LT) { fp_sub(R->z, modulus, R->z); } - + /* &t2 = X - T1 */ fp_sub(R->x, &t1, &t2); if (fp_cmp_d(&t2, 0) == FP_LT) { @@ -514,7 +515,7 @@ static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulu fp_add(R->x, modulus, R->x); } - /* Y = Y - X */ + /* Y = Y - X */ fp_sub(R->y, R->x, R->y); if (fp_cmp_d(R->y, 0) == FP_LT) { fp_add(R->y, modulus, R->y); @@ -527,7 +528,7 @@ static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulu if (fp_cmp_d(R->y, 0) == FP_LT) { fp_add(R->y, modulus, R->y); } - + return CRYPT_OK; } @@ -543,8 +544,8 @@ static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulu static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *Mp) { fp_int t1, t2, x, y, z; - fp_digit mp; - + fp_digit mp; + LTC_ARGCHK(P != NULL); LTC_ARGCHK(Q != NULL); LTC_ARGCHK(R != NULL); @@ -561,7 +562,7 @@ static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R /* should we dbl instead? */ fp_sub(modulus, Q->y, &t1); - if ( (fp_cmp(P->x, Q->x) == FP_EQ) && + if ( (fp_cmp(P->x, Q->x) == FP_EQ) && (Q->z != NULL && fp_cmp(P->z, Q->z) == FP_EQ) && (fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) { return tfm_ecc_projective_dbl_point(P, R, modulus, Mp); @@ -654,7 +655,7 @@ static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R /* T1 = T1 * X */ fp_mul(&t1, &x, &t1); fp_montgomery_reduce(&t1, modulus, mp); - + /* X = Y*Y */ fp_sqr(&y, &x); fp_montgomery_reduce(&x, modulus, mp); @@ -668,7 +669,7 @@ static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R fp_sub(&t2, &x, &t2); if (fp_cmp_d(&t2, 0) == FP_LT) { fp_add(&t2, modulus, &t2); - } + } /* T2 = T2 - X */ fp_sub(&t2, &x, &t2); if (fp_cmp_d(&t2, 0) == FP_LT) { @@ -691,7 +692,7 @@ static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R fp_copy(&x, R->x); fp_copy(&y, R->y); fp_copy(&z, R->z); - + return CRYPT_OK; } @@ -786,7 +787,7 @@ const ltc_math_descriptor tfm_desc = { #endif &addmod, &submod, - + NULL, }; diff --git a/src/ltc/misc/base64/base64_decode.c b/src/ltc/misc/base64/base64_decode.c index 0b4d32be..423dc435 100644 --- a/src/ltc/misc/base64/base64_decode.c +++ b/src/ltc/misc/base64/base64_decode.c @@ -17,8 +17,9 @@ */ -#ifdef LTC_BASE64 +#if defined(LTC_BASE64) || defined (LTC_BASE64_URL) +#if defined(LTC_BASE64) static const unsigned char map_base64[256] = { 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, @@ -42,7 +43,9 @@ static const unsigned char map_base64[256] = { 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255 }; +#endif /* LTC_BASE64 */ +#if defined(LTC_BASE64_URL) static const unsigned char map_base64url[256] = { 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, @@ -66,8 +69,9 @@ static const unsigned char map_base64url[256] = { 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255 }; +#endif /* LTC_BASE64_URL */ -int base64_decode_internal(const unsigned char *in, unsigned long inlen, +static int _base64_decode_internal(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, const unsigned char *map) { @@ -84,8 +88,8 @@ int base64_decode_internal(const unsigned char *in, unsigned long inlen, c = map[in[x]&0xFF]; if (c == 255) continue; /* the final = symbols are read and used to trim the remaining bytes */ - if (c == 254) { - c = 0; + if (c == 254) { + c = 0; /* prevent g < 0 which would potentially allow an overflow later */ if (--g < 0) { return CRYPT_INVALID_PACKET; @@ -98,8 +102,8 @@ int base64_decode_internal(const unsigned char *in, unsigned long inlen, t = (t<<6)|c; if (++y == 4) { - if (z + g > *outlen) { - return CRYPT_BUFFER_OVERFLOW; + if (z + g > *outlen) { + return CRYPT_BUFFER_OVERFLOW; } out[z++] = (unsigned char)((t>>16)&255); if (g > 1) out[z++] = (unsigned char)((t>>8)&255); @@ -114,6 +118,7 @@ int base64_decode_internal(const unsigned char *in, unsigned long inlen, return CRYPT_OK; } +#if defined(LTC_BASE64) /** base64 decode a block of memory @param in The base64 data to decode @@ -122,12 +127,14 @@ int base64_decode_internal(const unsigned char *in, unsigned long inlen, @param outlen [in/out] The max size and resulting size of the decoded data @return CRYPT_OK if successful */ -int base64_decode(const unsigned char *in, unsigned long inlen, +int base64_decode(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { - return base64_decode_internal(in, inlen, out, outlen, map_base64); + return _base64_decode_internal(in, inlen, out, outlen, map_base64); } +#endif /* LTC_BASE64 */ +#if defined(LTC_BASE64_URL) /** base64 (URL Safe, RFC 4648 section 5) decode a block of memory @param in The base64 data to decode @@ -136,11 +143,12 @@ int base64_decode(const unsigned char *in, unsigned long inlen, @param outlen [in/out] The max size and resulting size of the decoded data @return CRYPT_OK if successful */ -int base64url_decode(const unsigned char *in, unsigned long inlen, +int base64url_decode(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { - return base64_decode_internal(in, inlen, out, outlen, map_base64url); + return _base64_decode_internal(in, inlen, out, outlen, map_base64url); } +#endif /* LTC_BASE64_URL */ #endif diff --git a/src/ltc/misc/base64/base64_encode.c b/src/ltc/misc/base64/base64_encode.c index 14c1189a..0e1a7c13 100644 --- a/src/ltc/misc/base64/base64_encode.c +++ b/src/ltc/misc/base64/base64_encode.c @@ -17,15 +17,19 @@ */ -#ifdef LTC_BASE64 +#if defined(LTC_BASE64) || defined (LTC_BASE64_URL) +#if defined(LTC_BASE64) static const char *codes_base64 = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +#endif /* LTC_BASE64 */ +#if defined(LTC_BASE64_URL) static const char *codes_base64url = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; +#endif /* LTC_BASE64_URL */ -int base64_encode_internal(const unsigned char *in, unsigned long inlen, +static int _base64_encode_internal(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, const char *codes, int pad) { @@ -75,6 +79,7 @@ int base64_encode_internal(const unsigned char *in, unsigned long inlen, return CRYPT_OK; } +#if defined(LTC_BASE64) /** base64 Encode a buffer (NUL terminated) @param in The input buffer to encode @@ -83,12 +88,15 @@ int base64_encode_internal(const unsigned char *in, unsigned long inlen, @param outlen [in/out] The max size and resulting size @return CRYPT_OK if successful */ -int base64_encode(const unsigned char *in, unsigned long inlen, +int base64_encode(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { - return base64_encode_internal(in, inlen, out, outlen, codes_base64, 1); + return _base64_encode_internal(in, inlen, out, outlen, codes_base64, 1); } +#endif /* LTC_BASE64 */ + +#if defined(LTC_BASE64_URL) /** base64 (URL Safe, RFC 4648 section 5) Encode a buffer (NUL terminated) @param in The input buffer to encode @@ -97,11 +105,12 @@ int base64_encode(const unsigned char *in, unsigned long inlen, @param outlen [in/out] The max size and resulting size @return CRYPT_OK if successful */ -int base64url_encode(const unsigned char *in, unsigned long inlen, +int base64url_encode(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) { - return base64_encode_internal(in, inlen, out, outlen, codes_base64url, 0); + return _base64_encode_internal(in, inlen, out, outlen, codes_base64url, 0); } +#endif /* LTC_BASE64_URL */ #endif diff --git a/src/ltc/misc/crypt/crypt.c b/src/ltc/misc/crypt/crypt.c index 28d6c746..e6bbeaa9 100644 --- a/src/ltc/misc/crypt/crypt.c +++ b/src/ltc/misc/crypt/crypt.c @@ -13,13 +13,13 @@ /** @file crypt.c Build strings, Tom St Denis -*/ +*/ const char *crypt_build_settings = "LibTomCrypt " SCRYPT " (Tom St Denis, tomstdenis@gmail.com)\n" "LibTomCrypt is public domain software.\n" "Built on " __DATE__ " at " __TIME__ "\n\n\n" - "Endianess: " + "Endianness: " #if defined(ENDIAN_NEUTRAL) "neutral\n" #elif defined(ENDIAN_LITTLE) @@ -48,13 +48,13 @@ const char *crypt_build_settings = " Blowfish\n" #endif #if defined(LTC_RC2) - " LTC_RC2\n" + " RC2\n" #endif #if defined(LTC_RC5) - " LTC_RC5\n" + " RC5\n" #endif #if defined(LTC_RC6) - " LTC_RC6\n" + " RC6\n" #endif #if defined(LTC_SAFERP) " Safer+\n" @@ -66,7 +66,7 @@ const char *crypt_build_settings = " Rijndael\n" #endif #if defined(LTC_XTEA) - " LTC_XTEA\n" + " XTEA\n" #endif #if defined(LTC_TWOFISH) " Twofish " @@ -89,10 +89,10 @@ const char *crypt_build_settings = #endif #endif #if defined(LTC_DES) - " LTC_DES\n" + " DES\n" #endif #if defined(LTC_CAST5) - " LTC_CAST5\n" + " CAST5\n" #endif #if defined(LTC_NOEKEON) " Noekeon\n" @@ -111,7 +111,7 @@ const char *crypt_build_settings = #endif "\n" #if defined(LTC_KSEED) - " LTC_KSEED\n" + " KSEED\n" #endif #if defined(LTC_KASUMI) " KASUMI\n" @@ -125,49 +125,49 @@ const char *crypt_build_settings = "\nHashes built-in:\n" #if defined(LTC_SHA512) - " LTC_SHA-512\n" + " SHA-512\n" #endif #if defined(LTC_SHA384) - " LTC_SHA-384\n" + " SHA-384\n" #endif #if defined(LTC_SHA256) - " LTC_SHA-256\n" + " SHA-256\n" #endif #if defined(LTC_SHA224) - " LTC_SHA-224\n" + " SHA-224\n" #endif #if defined(LTC_TIGER) - " LTC_TIGER\n" + " TIGER\n" #endif #if defined(LTC_SHA1) - " LTC_SHA1\n" + " SHA1\n" #endif #if defined(LTC_MD5) - " LTC_MD5\n" + " MD5\n" #endif #if defined(LTC_MD4) - " LTC_MD4\n" + " MD4\n" #endif #if defined(LTC_MD2) - " LTC_MD2\n" + " MD2\n" #endif #if defined(LTC_RIPEMD128) - " LTC_RIPEMD128\n" + " RIPEMD128\n" #endif #if defined(LTC_RIPEMD160) - " LTC_RIPEMD160\n" + " RIPEMD160\n" #endif #if defined(LTC_RIPEMD256) - " LTC_RIPEMD256\n" + " RIPEMD256\n" #endif #if defined(LTC_RIPEMD320) - " LTC_RIPEMD320\n" + " RIPEMD320\n" #endif #if defined(LTC_WHIRLPOOL) - " LTC_WHIRLPOOL\n" + " WHIRLPOOL\n" #endif #if defined(LTC_CHC_HASH) - " LTC_CHC_HASH \n" + " CHC_HASH\n" #endif "\nBlock Chaining Modes:\n" @@ -190,81 +190,91 @@ const char *crypt_build_settings = " (CTR_OLD) " #endif "\n" -#if defined(LRW_MODE) - " LRW_MODE" +#if defined(LTC_LRW_MODE) + " LRW" #if defined(LRW_TABLES) - " (LRW_TABLES) " + " (tables) " #endif "\n" #endif #if defined(LTC_F8_MODE) - " F8 MODE\n" -#endif + " F8\n" +#endif #if defined(LTC_XTS_MODE) - " LTC_XTS_MODE\n" + " XTS\n" #endif "\nMACs:\n" #if defined(LTC_HMAC) - " LTC_HMAC\n" + " HMAC\n" #endif #if defined(LTC_OMAC) - " LTC_OMAC\n" + " OMAC\n" #endif #if defined(LTC_PMAC) " PMAC\n" #endif #if defined(LTC_PELICAN) - " LTC_PELICAN\n" + " PELICAN\n" #endif #if defined(LTC_XCBC) - " XCBC-MAC\n" + " XCBC\n" #endif #if defined(LTC_F9_MODE) - " F9-MAC\n" + " F9\n" #endif "\nENC + AUTH modes:\n" #if defined(LTC_EAX_MODE) - " LTC_EAX_MODE\n" + " EAX\n" #endif #if defined(LTC_OCB_MODE) - " LTC_OCB_MODE\n" + " OCB\n" #endif #if defined(LTC_OCB3_MODE) - " LTC_OCB3_MODE\n" + " OCB3\n" #endif #if defined(LTC_CCM_MODE) - " LTC_CCM_MODE\n" + " CCM\n" #endif #if defined(LTC_GCM_MODE) - " LTC_GCM_MODE " -#endif + " GCM" #if defined(LTC_GCM_TABLES) - " (LTC_GCM_TABLES) " + " (tables) " +#endif +#if defined(LTC_GCM_TABLES_SSE2) + " (SSE2) " #endif "\n" +#endif "\nPRNG:\n" #if defined(LTC_YARROW) " Yarrow\n" #endif #if defined(LTC_SPRNG) - " LTC_SPRNG\n" + " SPRNG\n" #endif #if defined(LTC_RC4) - " LTC_RC4\n" + " RC4\n" #endif #if defined(LTC_FORTUNA) " Fortuna\n" #endif #if defined(LTC_SOBER128) - " LTC_SOBER128\n" + " SOBER128\n" #endif "\nPK Algs:\n" #if defined(LTC_MRSA) - " RSA \n" + " RSA" +#if defined(LTC_RSA_BLINDING) + " (with blinding)" +#endif + "\n" +#endif +#if defined(LTC_MDH) + " DH\n" #endif #if defined(LTC_MECC) " ECC\n" @@ -274,7 +284,7 @@ const char *crypt_build_settings = #endif #if defined(MKAT) " Katja\n" -#endif +#endif "\nCompiler:\n" #if defined(WIN32) @@ -301,37 +311,43 @@ const char *crypt_build_settings = " x86-64 detected.\n" #endif #if defined(LTC_PPC32) - " LTC_PPC32 defined \n" -#endif + " PPC32 defined \n" +#endif "\nVarious others: " #if defined(LTC_BASE64) - " LTC_BASE64 " + " BASE64 " +#endif +#if defined(LTC_BASE64_URL) + " BASE64-URL-SAFE " +#endif +#if defined(LTC_DER) + " DER " +#endif +#if defined(LTC_PKCS_1) + " PKCS#1 " +#endif +#if defined(LTC_PKCS_5) + " PKCS#5 " +#endif +#if defined(LTC_HKDF) + " HKDF " #endif #if defined(MPI) " MPI " #endif -#if defined(TRY_UNRANDOM_FIRST) - " TRY_UNRANDOM_FIRST " +#if defined(TRY_URANDOM_FIRST) + " TRY_URANDOM_FIRST " #endif #if defined(LTC_TEST) " LTC_TEST " #endif -#if defined(LTC_PKCS_1) - " LTC_PKCS#1 " -#endif -#if defined(LTC_PKCS_5) - " LTC_PKCS#5 " -#endif #if defined(LTC_SMALL_CODE) " LTC_SMALL_CODE " #endif #if defined(LTC_NO_FILE) " LTC_NO_FILE " #endif -#if defined(LTC_DER) - " LTC_DER " -#endif #if defined(LTC_FAST) " LTC_FAST " #endif @@ -353,21 +369,21 @@ const char *crypt_build_settings = #if defined(LTC_PTHREAD) " LTC_PTHREAD " #endif -#if defined(LTM_LTC_DESC) +#if defined(LTM_DESC) " LTM_DESC " #endif -#if defined(TFM_LTC_DESC) +#if defined(TFM_DESC) " TFM_DESC " #endif #if defined(LTC_MECC_ACCEL) " LTC_MECC_ACCEL " #endif -#if defined(GMP_LTC_DESC) +#if defined(GMP_DESC) " GMP_DESC " #endif #if defined(LTC_EASY) - " (easy) " -#endif + " LTC_EASY " +#endif #if defined(LTC_MECC_FP) " LTC_MECC_FP " #endif diff --git a/src/ltc/misc/crypt/crypt_argchk.c b/src/ltc/misc/crypt/crypt_argchk.c index c86f0862..2301c295 100644 --- a/src/ltc/misc/crypt/crypt_argchk.c +++ b/src/ltc/misc/crypt/crypt_argchk.c @@ -9,7 +9,6 @@ * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ #include "tomcrypt.h" -#include <signal.h> /** @file crypt_argchk.c @@ -17,6 +16,7 @@ */ #if (ARGTYPE == 0) +#include <signal.h> void crypt_argchk(char *v, char *s, int d) { fprintf(stderr, "LTC_ARGCHK '%s' failure on line %d of file %s\n", diff --git a/src/ltc/misc/hkdf/hkdf.c b/src/ltc/misc/hkdf/hkdf.c index 279c8eda..b6f24a06 100644 --- a/src/ltc/misc/hkdf/hkdf.c +++ b/src/ltc/misc/hkdf/hkdf.c @@ -4,6 +4,8 @@ #include <tomcrypt.h> +#ifdef LTC_HKDF + #ifndef MIN #define MIN(a,b) ((a)<(b))?(a):(b) #endif @@ -136,6 +138,7 @@ int hkdf(int hash_idx, const unsigned char *salt, unsigned long saltlen, XFREE(extracted); return err; } +#endif /* LTC_HKDF */ /* vim: set ts=2 sw=2 et ai si: */ diff --git a/src/ltc/misc/pkcs5/pkcs_5_1.c b/src/ltc/misc/pkcs5/pkcs_5_1.c index 519e7aa1..d225447e 100644 --- a/src/ltc/misc/pkcs5/pkcs_5_1.c +++ b/src/ltc/misc/pkcs5/pkcs_5_1.c @@ -10,24 +10,24 @@ */ #include <tomcrypt.h> -/** +/** @file pkcs_5_1.c - LTC_PKCS #5, Algorithm #1, Tom St Denis + PKCS #5, Algorithm #1, Tom St Denis */ #ifdef LTC_PKCS_5 /** - Execute LTC_PKCS #5 v1 + Execute PKCS #5 v1 @param password The password (or key) @param password_len The length of the password (octet) @param salt The salt (or nonce) which is 8 octets long - @param iteration_count The LTC_PKCS #5 v1 iteration count + @param iteration_count The PKCS #5 v1 iteration count @param hash_idx The index of the hash desired @param out [out] The destination for this algorithm @param outlen [in/out] The max size and resulting size of the algorithm output @return CRYPT_OK if successful */ -int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, +int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, + const unsigned char *salt, int iteration_count, int hash_idx, unsigned char *out, unsigned long *outlen) { @@ -53,11 +53,11 @@ int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, if (md != NULL) { XFREE(md); } - if (buf != NULL) { + if (buf != NULL) { XFREE(buf); } return CRYPT_MEM; - } + } /* hash initial password + salt */ if ((err = hash_descriptor[hash_idx].init(md)) != CRYPT_OK) { @@ -88,7 +88,7 @@ int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, *outlen = x; err = CRYPT_OK; LBL_ERR: -#ifdef LTC_CLEAN_STACK +#ifdef LTC_CLEAN_STACK zeromem(buf, MAXBLOCKSIZE); zeromem(md, sizeof(hash_state)); #endif diff --git a/src/ltc/misc/pkcs5/pkcs_5_2.c b/src/ltc/misc/pkcs5/pkcs_5_2.c index 0d76d629..9b9b78a6 100644 --- a/src/ltc/misc/pkcs5/pkcs_5_2.c +++ b/src/ltc/misc/pkcs5/pkcs_5_2.c @@ -10,25 +10,25 @@ */ #include <tomcrypt.h> -/** +/** @file pkcs_5_2.c - LTC_PKCS #5, Algorithm #2, Tom St Denis + PKCS #5, Algorithm #2, Tom St Denis */ #ifdef LTC_PKCS_5 /** - Execute LTC_PKCS #5 v2 + Execute PKCS #5 v2 @param password The input password (or key) @param password_len The length of the password (octets) @param salt The salt (or nonce) @param salt_len The length of the salt (octets) - @param iteration_count # of iterations desired for LTC_PKCS #5 v2 [read specs for more] + @param iteration_count # of iterations desired for PKCS #5 v2 [read specs for more] @param hash_idx The index of the hash desired @param out [out] The destination for this algorithm @param outlen [in/out] The max size and resulting size of the algorithm output @return CRYPT_OK if successful */ -int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, +int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, const unsigned char *salt, unsigned long salt_len, int iteration_count, int hash_idx, unsigned char *out, unsigned long *outlen) @@ -69,13 +69,13 @@ int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, while (left != 0) { /* process block number blkno */ zeromem(buf[0], MAXBLOCKSIZE*2); - + /* store current block number and increment for next pass */ STORE32H(blkno, buf[1]); ++blkno; /* get PRF(P, S||int(blkno)) */ - if ((err = hmac_init(hmac, hash_idx, password, password_len)) != CRYPT_OK) { + if ((err = hmac_init(hmac, hash_idx, password, password_len)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hmac_process(hmac, salt, salt_len)) != CRYPT_OK) { diff --git a/src/ltc/modes/cbc/cbc_decrypt.c b/src/ltc/modes/cbc/cbc_decrypt.c index 3751f140..d0766ed7 100644 --- a/src/ltc/modes/cbc/cbc_decrypt.c +++ b/src/ltc/modes/cbc/cbc_decrypt.c @@ -34,7 +34,7 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s LTC_FAST_TYPE tmpy; #else unsigned char tmpy; -#endif +#endif LTC_ARGCHK(pt != NULL); LTC_ARGCHK(ct != NULL); @@ -43,21 +43,21 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { return err; } - + /* is blocklen valid? */ if (cbc->blocklen < 1 || cbc->blocklen > (int)sizeof(cbc->IV)) { return CRYPT_INVALID_ARG; - } + } if (len % cbc->blocklen) { return CRYPT_INVALID_ARG; } #ifdef LTC_FAST - if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) { + if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) { return CRYPT_INVALID_ARG; } #endif - + if (cipher_descriptor[cbc->cipher].accel_cbc_decrypt != NULL) { return cipher_descriptor[cbc->cipher].accel_cbc_decrypt(ct, pt, len / cbc->blocklen, cbc->IV, &cbc->key); } else { @@ -74,14 +74,14 @@ int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) = *((LTC_FAST_TYPE*)((unsigned char *)ct + x)); *((LTC_FAST_TYPE*)((unsigned char *)pt + x)) = tmpy; } - #else + #else for (x = 0; x < cbc->blocklen; x++) { tmpy = tmp[x] ^ cbc->IV[x]; cbc->IV[x] = ct[x]; pt[x] = tmpy; } #endif - + ct += cbc->blocklen; pt += cbc->blocklen; len -= cbc->blocklen; diff --git a/src/ltc/modes/cbc/cbc_encrypt.c b/src/ltc/modes/cbc/cbc_encrypt.c index 1f282040..f9c3941c 100644 --- a/src/ltc/modes/cbc/cbc_encrypt.c +++ b/src/ltc/modes/cbc/cbc_encrypt.c @@ -37,17 +37,17 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { return err; } - + /* is blocklen valid? */ if (cbc->blocklen < 1 || cbc->blocklen > (int)sizeof(cbc->IV)) { return CRYPT_INVALID_ARG; - } + } if (len % cbc->blocklen) { return CRYPT_INVALID_ARG; } #ifdef LTC_FAST - if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) { + if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) { return CRYPT_INVALID_ARG; } #endif @@ -61,7 +61,7 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) ^= *((LTC_FAST_TYPE*)((unsigned char *)pt + x)); } - #else + #else for (x = 0; x < cbc->blocklen; x++) { cbc->IV[x] ^= pt[x]; } @@ -77,12 +77,12 @@ int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { *((LTC_FAST_TYPE*)((unsigned char *)cbc->IV + x)) = *((LTC_FAST_TYPE*)((unsigned char *)ct + x)); } - #else + #else for (x = 0; x < cbc->blocklen; x++) { cbc->IV[x] = ct[x]; } #endif - + ct += cbc->blocklen; pt += cbc->blocklen; len -= cbc->blocklen; diff --git a/src/ltc/modes/ctr/ctr_encrypt.c b/src/ltc/modes/ctr/ctr_encrypt.c index 0b08359d..56eb9ce2 100644 --- a/src/ltc/modes/ctr/ctr_encrypt.c +++ b/src/ltc/modes/ctr/ctr_encrypt.c @@ -37,7 +37,7 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { return err; } - + /* is blocklen/padlen valid? */ if (ctr->blocklen < 1 || ctr->blocklen > (int)sizeof(ctr->ctr) || ctr->padlen < 0 || ctr->padlen > (int)sizeof(ctr->pad)) { @@ -49,7 +49,7 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s return CRYPT_INVALID_ARG; } #endif - + /* handle acceleration only if pad is empty, accelerator is present and length is >= a block size */ if ((ctr->padlen == ctr->blocklen) && cipher_descriptor[ctr->cipher].accel_ctr_encrypt != NULL && (len >= (unsigned long)ctr->blocklen)) { if ((err = cipher_descriptor[ctr->cipher].accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key)) != CRYPT_OK) { @@ -98,7 +98,7 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s ctr->padlen = ctr->blocklen; continue; } -#endif +#endif *ct++ = *pt++ ^ ctr->pad[ctr->padlen++]; --len; } diff --git a/src/ltc/pk/asn1/der/bit/der_decode_raw_bit_string.c b/src/ltc/pk/asn1/der/bit/der_decode_raw_bit_string.c index 80103c70..a7f355c9 100644 --- a/src/ltc/pk/asn1/der/bit/der_decode_raw_bit_string.c +++ b/src/ltc/pk/asn1/der/bit/der_decode_raw_bit_string.c @@ -101,6 +101,6 @@ int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, #endif -/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c,v $ */ -/* $Revision: 1.5 $ */ -/* $Date: 2006/12/28 01:27:24 $ */ +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/ltc/pk/asn1/der/bit/der_encode_raw_bit_string.c b/src/ltc/pk/asn1/der/bit/der_encode_raw_bit_string.c index 1fafc12c..014a037f 100644 --- a/src/ltc/pk/asn1/der/bit/der_encode_raw_bit_string.c +++ b/src/ltc/pk/asn1/der/bit/der_encode_raw_bit_string.c @@ -87,6 +87,6 @@ int der_encode_raw_bit_string(const unsigned char *in, unsigned long inlen, #endif -/* $Source: /cvs/libtom/libtomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c,v $ */ -/* $Revision: 1.5 $ */ -/* $Date: 2006/12/28 01:27:24 $ */ +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/ltc/pk/asn1/der/integer/der_length_integer.c b/src/ltc/pk/asn1/der/integer/der_length_integer.c index 9d496839..b8ff463a 100644 --- a/src/ltc/pk/asn1/der/integer/der_length_integer.c +++ b/src/ltc/pk/asn1/der/integer/der_length_integer.c @@ -18,8 +18,8 @@ #ifdef LTC_DER /** - Gets length of DER encoding of num - @param num The int to get the size of + Gets length of DER encoding of num + @param num The int to get the size of @param outlen [out] The length of the DER encoding for the given integer @return CRYPT_OK if successful */ @@ -71,7 +71,7 @@ int der_length_integer(void *num, unsigned long *outlen) ++len; /* return length */ - *outlen = len; + *outlen = len; return CRYPT_OK; } diff --git a/src/ltc/pk/asn1/der/set/der_encode_setof.c b/src/ltc/pk/asn1/der/set/der_encode_setof.c index e74f1dd9..022aca3e 100644 --- a/src/ltc/pk/asn1/der/set/der_encode_setof.c +++ b/src/ltc/pk/asn1/der/set/der_encode_setof.c @@ -27,10 +27,10 @@ static int qsort_helper(const void *a, const void *b) struct edge *A = (struct edge *)a, *B = (struct edge *)b; int r; unsigned long x; - + /* compare min length */ r = XMEMCMP(A->start, B->start, MIN(A->size, B->size)); - + if (r == 0 && A->size != B->size) { if (A->size > B->size) { for (x = B->size; x < A->size; x++) { @@ -44,28 +44,29 @@ static int qsort_helper(const void *a, const void *b) return -1; } } - } + } } - - return r; + + return r; } /** Encode a SETOF stucture @param list The list of items to encode @param inlen The number of items in the list - @param out [out] The destination + @param out [out] The destination @param outlen [in/out] The size of the output @return CRYPT_OK on success -*/ +*/ int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, unsigned char *out, unsigned long *outlen) { - unsigned long x, y, z, hdrlen; + unsigned long x, y, z; + ptrdiff_t hdrlen; int err; struct edge *edges; unsigned char *ptr, *buf; - + /* check that they're all the same type */ for (x = 1; x < inlen; x++) { if (list[x].type != list[x-1].type) { @@ -77,21 +78,21 @@ int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, buf = XCALLOC(1, *outlen); if (buf == NULL) { return CRYPT_MEM; - } - + } + /* encode list */ if ((err = der_encode_sequence_ex(list, inlen, buf, outlen, LTC_ASN1_SETOF)) != CRYPT_OK) { XFREE(buf); return err; } - + /* allocate edges */ edges = XCALLOC(inlen, sizeof(*edges)); if (edges == NULL) { XFREE(buf); return CRYPT_MEM; - } - + } + /* skip header */ ptr = buf + 1; @@ -100,20 +101,20 @@ int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, if (x >= 0x80) { ptr += (x & 0x7F); } - + /* get the size of the static header */ - hdrlen = (unsigned long)(ptr - buf); - - + hdrlen = ptr - buf; + + /* scan for edges */ x = 0; while (ptr < (buf + *outlen)) { /* store start */ edges[x].start = ptr; - + /* skip type */ z = 1; - + /* parse length */ y = ptr[z++]; if (y < 128) { @@ -125,33 +126,33 @@ int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, edges[x].size = (edges[x].size << 8) | ((unsigned long)ptr[z++]); } } - + /* skip content */ edges[x].size += z; ptr += edges[x].size; ++x; - } - + } + /* sort based on contents (using edges) */ XQSORT(edges, inlen, sizeof(*edges), &qsort_helper); - + /* copy static header */ XMEMCPY(out, buf, hdrlen); - + /* copy+sort using edges+indecies to output from buffer */ for (y = hdrlen, x = 0; x < inlen; x++) { XMEMCPY(out+y, edges[x].start, edges[x].size); y += edges[x].size; - } - + } + #ifdef LTC_CLEAN_STACK zeromem(buf, *outlen); -#endif - +#endif + /* free buffers */ XFREE(edges); XFREE(buf); - + return CRYPT_OK; } diff --git a/src/ltc/pk/dh/dh.c b/src/ltc/pk/dh/dh.c index 1d6f3794..d2b970be 100644 --- a/src/ltc/pk/dh/dh.c +++ b/src/ltc/pk/dh/dh.c @@ -14,234 +14,11 @@ @file dh.c DH crypto, Tom St Denis */ - -#ifdef MDH - - /* size of a packet header in bytes */ - #define PACKET_SIZE 4 - - /* Section tags */ - #define PACKET_SECT_DH 1 - - /* Subsection Tags for the first three sections */ - #define PACKET_SUB_KEY 0 - #define PACKET_SUB_ENCRYPTED 1 - #define PACKET_SUB_SIGNED 2 - #define PACKET_SUB_ENC_KEY 3 - -#define OUTPUT_BIGNUM(num, out, y, z) \ -{ \ - if ((y + 4) > *outlen) { return CRYPT_BUFFER_OVERFLOW; } \ - z = (unsigned long)mp_unsigned_bin_size(num); \ - STORE32L(z, out+y); \ - y += 4; \ - if ((y + z) > *outlen) { return CRYPT_BUFFER_OVERFLOW; } \ - if ((err = mp_to_unsigned_bin(num, out+y)) != CRYPT_OK) { return err; } \ - y += z; \ -} - -#define INPUT_BIGNUM(num, in, x, y, inlen) \ -{ \ - /* load value */ \ - if ((y + 4) > inlen) { \ - err = CRYPT_INVALID_PACKET; \ - goto error; \ - } \ - LOAD32L(x, in+y); \ - y += 4; \ - \ - /* sanity check... */ \ - if ((x+y) > inlen) { \ - err = CRYPT_INVALID_PACKET; \ - goto error; \ - } \ - \ - /* load it */ \ - if ((err = mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x)) != CRYPT_OK) {\ - goto error; \ - } \ - y += x; \ -} - -static void packet_store_header(unsigned char *dst, int section, int subsection) -{ - LTC_ARGCHK(dst != NULL); - - /* store version number */ - dst[0] = (unsigned char)(CRYPT&255); - dst[1] = (unsigned char)((CRYPT>>8)&255); - - /* store section and subsection */ - dst[2] = (unsigned char)(section & 255); - dst[3] = (unsigned char)(subsection & 255); - -} - -static int packet_valid_header(unsigned char *src, int section, int subsection) -{ - unsigned long ver; - - LTC_ARGCHK(src != NULL); - - /* check version */ - ver = ((unsigned long)src[0]) | ((unsigned long)src[1] << 8U); - if (CRYPT < ver) { - return CRYPT_INVALID_PACKET; - } - /* check section and subsection */ - if (section != (int)src[2] || subsection != (int)src[3]) { - return CRYPT_INVALID_PACKET; - } - - return CRYPT_OK; -} +#ifdef LTC_MDH -/* max export size we'll encounter (smaller than this but lets round up a bit) */ -#define DH_BUF_SIZE 1200 - -/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ -static const struct { - int size; - char *name, *base, *prime; -} sets[] = { -#ifdef DH768 -{ - 96, - "DH-768", - "4", - "F///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "//////m3wvV" -}, -#endif -#ifdef DH1024 -{ - 128, - "DH-1024", - "4", - "F///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////m3C47" -}, -#endif -#ifdef DH1280 -{ - 160, - "DH-1280", - "4", - "F///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "//////////////////////////////m4kSN" -}, -#endif -#ifdef DH1536 -{ - 192, - "DH-1536", - "4", - "F///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////m5uqd" -}, -#endif -#ifdef DH1792 -{ - 224, - "DH-1792", - "4", - "F///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "//////////////////////////////////////////////////////mT/sd" -}, -#endif -#ifdef DH2048 -{ - 256, - "DH-2048", - "4", - "3///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "/////////////////////////////////////////m8MPh" -}, -#endif -#ifdef DH2560 -{ - 320, - "DH-2560", - "4", - "3///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "/////mKFpF" -}, -#endif -#ifdef DH3072 -{ - 384, - "DH-3072", - "4", - "3///////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "/////////////////////////////m32nN" -}, -#endif -#ifdef DH4096 -{ - 512, - "DH-4096", - "4", - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "////////////////////////////////////////////////////////////" - "/////////////////////m8pOF" -}, -#endif -{ - 0, - NULL, - NULL, - NULL -} -}; - -static int is_valid_idx(int n) -{ - int x; - - for (x = 0; sets[x].size; x++); - if ((n < 0) || (n >= x)) { - return 0; - } - return 1; -} +#include "dh_static.h" /** Test the DH sub-system (can take a while) @@ -318,7 +95,7 @@ void dh_sizes(int *low, int *high) int dh_get_size(dh_key *key) { LTC_ARGCHK(key != NULL); - if (is_valid_idx(key->idx) == 1) { + if (dh_is_valid_idx(key->idx) == 1) { return sets[key->idx].size; } else { return INT_MAX; /* large value that would cause dh_make_key() to fail */ @@ -367,12 +144,12 @@ int dh_make_key(prng_state *prng, int wprng, int keysize, dh_key *key) /* make up random string */ if ( rng_make_prng( keysize, wprng, prng, NULL) != CRYPT_OK) { - err = CRYPT_ERROR_READPRNG; + err = CRYPT_ERROR_READPRNG; goto error2; } if (prng_descriptor[wprng].read(buf, keysize, prng) != (unsigned long)keysize) { - err = CRYPT_ERROR_READPRNG; + err = CRYPT_ERROR_READPRNG; goto error2; } @@ -407,7 +184,7 @@ error2: /** Free the allocated ram for a DH key @param key The key which you wish to free -*/ +*/ void dh_free(dh_key *key) { LTC_ARGCHK(key != NULL); @@ -442,7 +219,7 @@ int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key) if (*outlen < (PACKET_SIZE + 2)) { return CRYPT_BUFFER_OVERFLOW; } - + if (type == PK_PRIVATE && key->type != PK_PRIVATE) { return CRYPT_PK_NOT_PRIVATE; } @@ -523,7 +300,7 @@ int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key) } /* is the key idx valid? */ - if (is_valid_idx(key->idx) != 1) { + if (dh_is_valid_idx(key->idx) != 1) { err = CRYPT_PK_TYPE_MISMATCH; goto error; } @@ -550,7 +327,7 @@ error: /** Create a DH shared secret. @param private_key The private DH key in the pair - @param public_key The public DH key in the pair + @param public_key The public DH key in the pair @param out [out] The destination of the shared data @param outlen [in/out] The max size and resulting size of the shared data. @return CRYPT_OK if successful @@ -601,6 +378,4 @@ done: return err; } -#include "dh_sys.c.inc" - -#endif +#endif /* LTC_MDH */ diff --git a/src/ltc/pk/dh/dh_static.c b/src/ltc/pk/dh/dh_static.c new file mode 100755 index 00000000..043d3b1f --- /dev/null +++ b/src/ltc/pk/dh/dh_static.c @@ -0,0 +1,163 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file dh_static.c + DH crypto, Tom St Denis +*/ + +#ifdef LTC_MDH + +#define __DECL_DH_STATIC_H__ +#include "dh_static.h" + +/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ +const dh_set sets[] = { +#ifdef DH768 +{ + 96, + "DH-768", + "4", + "F///////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "//////m3wvV" +}, +#endif +#ifdef DH1024 +{ + 128, + "DH-1024", + "4", + "F///////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////m3C47" +}, +#endif +#ifdef DH1280 +{ + 160, + "DH-1280", + "4", + "F///////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "//////////////////////////////m4kSN" +}, +#endif +#ifdef DH1536 +{ + 192, + "DH-1536", + "4", + "F///////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////m5uqd" +}, +#endif +#ifdef DH1792 +{ + 224, + "DH-1792", + "4", + "F///////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "//////////////////////////////////////////////////////mT/sd" +}, +#endif +#ifdef DH2048 +{ + 256, + "DH-2048", + "4", + "3///////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "/////////////////////////////////////////m8MPh" +}, +#endif +#ifdef DH2560 +{ + 320, + "DH-2560", + "4", + "3///////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "/////mKFpF" +}, +#endif +#ifdef DH3072 +{ + 384, + "DH-3072", + "4", + "3///////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "/////////////////////////////m32nN" +}, +#endif +#ifdef DH4096 +{ + 512, + "DH-4096", + "4", + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "////////////////////////////////////////////////////////////" + "/////////////////////m8pOF" +}, +#endif +{ + 0, + NULL, + NULL, + NULL +} +}; + +int dh_is_valid_idx(int n) +{ + int x; + + for (x = 0; sets[x].size; x++); + if ((n < 0) || (n >= x)) { + return 0; + } + return 1; +} + + +#endif /* LTC_MDH */ diff --git a/src/ltc/pk/dh/dh_static.h b/src/ltc/pk/dh/dh_static.h new file mode 100755 index 00000000..6473c3eb --- /dev/null +++ b/src/ltc/pk/dh/dh_static.h @@ -0,0 +1,125 @@ +#ifndef __DH_STATIC_H__ +#define __DH_STATIC_H__ +#ifndef __DECL_DH_STATIC_H__ +#define __DECL_DH_STATIC_H__ extern +#endif + +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org + */ +#include "tomcrypt.h" + +/** + @file dh_static.h + DH crypto, Tom St Denis +*/ + +#ifdef LTC_MDH + +/* size of a packet header in bytes */ +#define PACKET_SIZE 4 + +/* Section tags */ +#define PACKET_SECT_DH 1 + +/* Subsection Tags for the first three sections */ +#define PACKET_SUB_KEY 0 +#define PACKET_SUB_ENCRYPTED 1 +#define PACKET_SUB_SIGNED 2 +#define PACKET_SUB_ENC_KEY 3 + +#define OUTPUT_BIGNUM(num, out, y, z) \ +{ \ + if ((y + 4) > *outlen) { return CRYPT_BUFFER_OVERFLOW; } \ + z = (unsigned long)mp_unsigned_bin_size(num); \ + STORE32L(z, out+y); \ + y += 4; \ + if ((y + z) > *outlen) { return CRYPT_BUFFER_OVERFLOW; } \ + if ((err = mp_to_unsigned_bin(num, out+y)) != CRYPT_OK) { return err; } \ + y += z; \ +} + +#define INPUT_BIGNUM(num, in, x, y, inlen) \ +{ \ + /* load value */ \ + if ((y + 4) > inlen) { \ + err = CRYPT_INVALID_PACKET; \ + goto error; \ + } \ + LOAD32L(x, in+y); \ + y += 4; \ + \ + /* sanity check... */ \ + if ((x+y) > inlen) { \ + err = CRYPT_INVALID_PACKET; \ + goto error; \ + } \ + \ + /* load it */ \ + if ((err = mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x)) != CRYPT_OK) {\ + goto error; \ + } \ + y += x; \ +} + +static inline void packet_store_header (unsigned char *dst, int section, int subsection) +{ + LTC_ARGCHK(dst != NULL); + + /* store version number */ + dst[0] = (unsigned char)(CRYPT&255); + dst[1] = (unsigned char)((CRYPT>>8)&255); + + /* store section and subsection */ + dst[2] = (unsigned char)(section & 255); + dst[3] = (unsigned char)(subsection & 255); + +} + +static inline int packet_valid_header (unsigned char *src, int section, int subsection) +{ + unsigned long ver; + + LTC_ARGCHK(src != NULL); + + /* check version */ + ver = ((unsigned long)src[0]) | ((unsigned long)src[1] << 8U); + if (CRYPT < ver) { + return CRYPT_INVALID_PACKET; + } + + /* check section and subsection */ + if (section != (int)src[2] || subsection != (int)src[3]) { + return CRYPT_INVALID_PACKET; + } + + return CRYPT_OK; +} + +#ifndef DH_BUF_SIZE +/* max export size we'll encounter (smaller than this but lets round up a bit) */ +#define DH_BUF_SIZE 1200 +#endif /* DH_BUF_SIZE */ + +typedef struct { + int size; + char *name, *base, *prime; +} dh_set; + +/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ +__DECL_DH_STATIC_H__ const dh_set sets[]; + + +int dh_is_valid_idx(int n); + + +#endif /* __DH_STATIC_H__ */ + +#endif /* LTC_MDH */ diff --git a/src/ltc/pk/dh/dh_sys.c.inc b/src/ltc/pk/dh/dh_sys.c index 8ce3fa3b..5f44c6a1 100644..100755 --- a/src/ltc/pk/dh/dh_sys.c.inc +++ b/src/ltc/pk/dh/dh_sys.c @@ -9,11 +9,17 @@ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org */ +#include "tomcrypt.h" + +#ifdef LTC_MDH /** @file dh_sys.c DH Crypto, Tom St Denis */ - + +#include "dh_static.h" + + /** Encrypt a short symmetric key with a public DH key @param in The symmetric key to encrypt @@ -89,8 +95,6 @@ int dh_encrypt_key(const unsigned char *in, unsigned long inlen, goto LBL_ERR; } - /* make random key */ - x = DH_BUF_SIZE; if ((err = dh_shared_secret(&pubkey, key, dh_shared, &x)) != CRYPT_OK) { dh_free(&pubkey); @@ -153,7 +157,7 @@ LBL_ERR: @return CRYPT_OK if successful */ int dh_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, + unsigned char *out, unsigned long *outlen, dh_key *key) { unsigned char *shared_secret, *skey; @@ -207,7 +211,7 @@ int dh_decrypt_key(const unsigned char *in, unsigned long inlen, /* get public key */ LOAD32L(x, in+y); - + /* now check if the imported key will fit */ if (inlen < x) { err = CRYPT_INVALID_PACKET; @@ -215,7 +219,7 @@ int dh_decrypt_key(const unsigned char *in, unsigned long inlen, } else { inlen -= x; } - + y += 4; if ((err = dh_import(in+y, x, &pubkey)) != CRYPT_OK) { goto LBL_ERR; @@ -237,7 +241,7 @@ int dh_decrypt_key(const unsigned char *in, unsigned long inlen, /* load in the encrypted key */ LOAD32L(keysize, in+y); - + /* will the out fit as part of the input */ if (inlen < keysize) { err = CRYPT_INVALID_PACKET; @@ -245,7 +249,7 @@ int dh_decrypt_key(const unsigned char *in, unsigned long inlen, } else { inlen -= keysize; } - + if (keysize > *outlen) { err = CRYPT_BUFFER_OVERFLOW; goto LBL_ERR; @@ -271,27 +275,27 @@ LBL_ERR: return err; } -/* perform an ElGamal Signature of a hash +/* perform an ElGamal Signature of a hash * * The math works as follows. x is the private key, M is the message to sign - + 1. pick a random k 2. compute a = g^k mod p 3. compute b = (M - xa)/k mod p 4. Send (a,b) - + Now to verify with y=g^x mod p, a and b - + 1. compute y^a * a^b = g^(xa) * g^(k*(M-xa)/k) = g^(xa + (M - xa)) = g^M [all mod p] - + 2. Compare against g^M mod p [based on input hash]. - 3. If result of #2 == result of #1 then signature valid + 3. If result of #2 == result of #1 then signature valid */ /** - Sign a message digest using a DH private key + Sign a message digest using a DH private key @param in The data to sign @param inlen The length of the input (octets) @param out [out] The destination of the signature @@ -325,7 +329,7 @@ int dh_sign_hash(const unsigned char *in, unsigned long inlen, } /* is the IDX valid ? */ - if (is_valid_idx(key->idx) != 1) { + if (dh_is_valid_idx(key->idx) != 1) { return CRYPT_PK_INVALID_TYPE; } @@ -334,56 +338,56 @@ int dh_sign_hash(const unsigned char *in, unsigned long inlen, /* make up a random value k, * since the order of the group is prime - * we need not check if gcd(k, r) is 1 + * we need not check if gcd(k, r) is 1 */ - if (prng_descriptor[wprng].read(buf, sets[key->idx].size, prng) != + if (prng_descriptor[wprng].read(buf, sets[key->idx].size, prng) != (unsigned long)(sets[key->idx].size)) { err = CRYPT_ERROR_READPRNG; - goto LBL_ERR; + goto LBL_ERR_1; } /* init bignums */ - if ((err = mp_init_multi(&a, &b, &k, &m, &p, &g, &p1, &tmp, NULL)) != CRYPT_OK) { + if ((err = mp_init_multi(&a, &b, &k, &m, &p, &g, &p1, &tmp, NULL)) != CRYPT_OK) { goto LBL_ERR; } /* load k and m */ - if ((err = mp_read_unsigned_bin(m, (unsigned char *)in, inlen)) != CRYPT_OK) { goto error; } - if ((err = mp_read_unsigned_bin(k, buf, sets[key->idx].size)) != CRYPT_OK) { goto error; } + if ((err = mp_read_unsigned_bin(m, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(k, buf, sets[key->idx].size)) != CRYPT_OK) { goto LBL_ERR; } /* load g, p and p1 */ - if ((err = mp_read_radix(g, sets[key->idx].base, 64)) != CRYPT_OK) { goto error; } - if ((err = mp_read_radix(p, sets[key->idx].prime, 64)) != CRYPT_OK) { goto error; } - if ((err = mp_sub_d(p, 1, p1)) != CRYPT_OK) { goto error; } - if ((err = mp_div_2(p1, p1)) != CRYPT_OK) { goto error; } /* p1 = (p-1)/2 */ + if ((err = mp_read_radix(g, sets[key->idx].base, 64)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_radix(p, sets[key->idx].prime, 64)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_sub_d(p, 1, p1)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_div_2(p1, p1)) != CRYPT_OK) { goto LBL_ERR; } /* p1 = (p-1)/2 */ /* now get a = g^k mod p */ - if ((err = mp_exptmod(g, k, p, a)) != CRYPT_OK) { goto error; } + if ((err = mp_exptmod(g, k, p, a)) != CRYPT_OK) { goto LBL_ERR; } /* now find M = xa + kb mod p1 or just b = (M - xa)/k mod p1 */ - if ((err = mp_invmod(k, p1, k)) != CRYPT_OK) { goto error; } /* k = 1/k mod p1 */ - if ((err = mp_mulmod(a, key->x, p1, tmp)) != CRYPT_OK) { goto error; } /* tmp = xa */ - if ((err = mp_submod(m, tmp, p1, tmp)) != CRYPT_OK) { goto error; } /* tmp = M - xa */ - if ((err = mp_mulmod(k, tmp, p1, b)) != CRYPT_OK) { goto error; } /* b = (M - xa)/k */ - + if ((err = mp_invmod(k, p1, k)) != CRYPT_OK) { goto LBL_ERR; } /* k = 1/k mod p1 */ + if ((err = mp_mulmod(a, key->x, p1, tmp)) != CRYPT_OK) { goto LBL_ERR; } /* tmp = xa */ + if ((err = mp_submod(m, tmp, p1, tmp)) != CRYPT_OK) { goto LBL_ERR; } /* tmp = M - xa */ + if ((err = mp_mulmod(k, tmp, p1, b)) != CRYPT_OK) { goto LBL_ERR; } /* b = (M - xa)/k */ + /* check for overflow */ if ((unsigned long)(PACKET_SIZE + 4 + 4 + mp_unsigned_bin_size(a) + mp_unsigned_bin_size(b)) > *outlen) { err = CRYPT_BUFFER_OVERFLOW; goto LBL_ERR; } - + /* store header */ y = PACKET_SIZE; /* now store them both (a,b) */ x = (unsigned long)mp_unsigned_bin_size(a); STORE32L(x, out+y); y += 4; - if ((err = mp_to_unsigned_bin(a, out+y)) != CRYPT_OK) { goto error; } + if ((err = mp_to_unsigned_bin(a, out+y)) != CRYPT_OK) { goto LBL_ERR; } y += x; x = (unsigned long)mp_unsigned_bin_size(b); STORE32L(x, out+y); y += 4; - if ((err = mp_to_unsigned_bin(b, out+y)) != CRYPT_OK) { goto error; } + if ((err = mp_to_unsigned_bin(b, out+y)) != CRYPT_OK) { goto LBL_ERR; } y += x; /* check if size too big */ @@ -397,10 +401,9 @@ int dh_sign_hash(const unsigned char *in, unsigned long inlen, *outlen = y; err = CRYPT_OK; - goto LBL_ERR; -error: LBL_ERR: mp_clear_multi(tmp, p1, g, p, m, k, b, a, NULL); +LBL_ERR_1: XFREE(buf); @@ -419,7 +422,7 @@ LBL_ERR: @return CRYPT_OK if succsessful (even if signature is invalid) */ int dh_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, + const unsigned char *hash, unsigned long hashlen, int *stat, dh_key *key) { void *a, *b, *p, *g, *m, *tmp; @@ -437,18 +440,18 @@ int dh_verify_hash(const unsigned char *sig, unsigned long siglen, /* check initial input length */ if (siglen < PACKET_SIZE+4+4) { return CRYPT_INVALID_PACKET; - } + } /* header ok? */ if ((err = packet_valid_header((unsigned char *)sig, PACKET_SECT_DH, PACKET_SUB_SIGNED)) != CRYPT_OK) { return err; } - + /* get hash out of packet */ y = PACKET_SIZE; /* init all bignums */ - if ((err = mp_init_multi(&a, &p, &b, &g, &m, &tmp, NULL)) != CRYPT_OK) { + if ((err = mp_init_multi(&a, &p, &b, &g, &m, &tmp, NULL)) != CRYPT_OK) { return err; } @@ -485,3 +488,5 @@ done: mp_clear_multi(tmp, m, g, p, b, a, NULL); return err; } + +#endif /* LTC_MDH */ diff --git a/src/ltc/pk/ecc/ltc_ecc_projective_add_point.c b/src/ltc/pk/ecc/ltc_ecc_projective_add_point.c index b622b989..618829ca 100644 --- a/src/ltc/pk/ecc/ltc_ecc_projective_add_point.c +++ b/src/ltc/pk/ecc/ltc_ecc_projective_add_point.c @@ -20,7 +20,7 @@ ECC Crypto, Tom St Denis */ -#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_LTC_DESC)) +#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_DESC)) /** Add two ECC points diff --git a/src/ltc/pk/ecc/ltc_ecc_projective_dbl_point.c b/src/ltc/pk/ecc/ltc_ecc_projective_dbl_point.c index 9ace4e8d..afbbe826 100644 --- a/src/ltc/pk/ecc/ltc_ecc_projective_dbl_point.c +++ b/src/ltc/pk/ecc/ltc_ecc_projective_dbl_point.c @@ -38,7 +38,7 @@ ECC Crypto, Tom St Denis */ -#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_LTC_DESC)) +#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_DESC)) /** Double an ECC point diff --git a/src/ltc/pk/pkcs1/pkcs_1_i2osp.c b/src/ltc/pk/pkcs1/pkcs_1_i2osp.c index 2d9df756..b4cb4fef 100644 --- a/src/ltc/pk/pkcs1/pkcs_1_i2osp.c +++ b/src/ltc/pk/pkcs1/pkcs_1_i2osp.c @@ -10,9 +10,9 @@ */ #include "tomcrypt.h" -/** +/** @file pkcs_1_i2osp.c - Integer to Octet I2OSP, Tom St Denis + Integer to Octet I2OSP, Tom St Denis */ #ifdef LTC_PKCS_1 @@ -22,7 +22,7 @@ */ /** - LTC_PKCS #1 Integer to binary + PKCS #1 Integer to binary @param n The integer to store @param modulus_len The length of the RSA modulus @param out [out] The destination for the integer diff --git a/src/ltc/pk/pkcs1/pkcs_1_mgf1.c b/src/ltc/pk/pkcs1/pkcs_1_mgf1.c index af8f7e21..c7c2b5bc 100644 --- a/src/ltc/pk/pkcs1/pkcs_1_mgf1.c +++ b/src/ltc/pk/pkcs1/pkcs_1_mgf1.c @@ -10,15 +10,15 @@ */ #include "tomcrypt.h" -/** +/** @file pkcs_1_mgf1.c - The Mask Generation Function (MGF1) for LTC_PKCS #1, Tom St Denis + The Mask Generation Function (MGF1) for PKCS #1, Tom St Denis */ #ifdef LTC_PKCS_1 /** - Perform LTC_PKCS #1 MGF1 (internal) + Perform PKCS #1 MGF1 (internal) @param seed The seed for MGF1 @param seedlen The length of the seed @param hash_idx The index of the hash desired @@ -35,12 +35,12 @@ int pkcs_1_mgf1(int hash_idx, int err; hash_state *md; unsigned char *buf; - + LTC_ARGCHK(seed != NULL); LTC_ARGCHK(mask != NULL); /* ensure valid hash */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { + if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { return err; } diff --git a/src/ltc/pk/pkcs1/pkcs_1_oaep_decode.c b/src/ltc/pk/pkcs1/pkcs_1_oaep_decode.c index 9ac9976e..3a87efe6 100644 --- a/src/ltc/pk/pkcs1/pkcs_1_oaep_decode.c +++ b/src/ltc/pk/pkcs1/pkcs_1_oaep_decode.c @@ -10,15 +10,15 @@ */ #include "tomcrypt.h" -/** +/** @file pkcs_1_oaep_decode.c - OAEP Padding for LTC_PKCS #1, Tom St Denis + OAEP Padding for PKCS #1, Tom St Denis */ #ifdef LTC_PKCS_1 /** - LTC_PKCS #1 v2.00 OAEP decode + PKCS #1 v2.00 OAEP decode @param msg The encoded data to decode @param msglen The length of the encoded data (octets) @param lparam The session or system data (can be NULL) @@ -47,9 +47,9 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, /* default to invalid packet */ *res = 0; - + /* test valid hash */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { + if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { return err; } hLen = hash_descriptor[hash_idx].hashsize; @@ -78,11 +78,11 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, } /* ok so it's now in the form - - 0x00 || maskedseed || maskedDB - + + 0x00 || maskedseed || maskedDB + 1 || hLen || modulus_len - hLen - 1 - + */ /* must have leading 0x00 byte */ @@ -100,7 +100,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, XMEMCPY(DB, msg + x, modulus_len - hLen - 1); x += modulus_len - hLen - 1; - /* compute MGF1 of maskedDB (hLen) */ + /* compute MGF1 of maskedDB (hLen) */ if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { goto LBL_ERR; } @@ -117,7 +117,7 @@ int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, /* xor against DB */ for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; + DB[y] ^= mask[y]; } /* now DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ diff --git a/src/ltc/pk/pkcs1/pkcs_1_oaep_encode.c b/src/ltc/pk/pkcs1/pkcs_1_oaep_encode.c index 4403477b..fb215a17 100644 --- a/src/ltc/pk/pkcs1/pkcs_1_oaep_encode.c +++ b/src/ltc/pk/pkcs1/pkcs_1_oaep_encode.c @@ -12,13 +12,13 @@ /** @file pkcs_1_oaep_encode.c - OAEP Padding for LTC_PKCS #1, Tom St Denis + OAEP Padding for PKCS #1, Tom St Denis */ #ifdef LTC_PKCS_1 /** - LTC_PKCS #1 v2.00 OAEP encode + PKCS #1 v2.00 OAEP encode @param msg The data to encode @param msglen The length of the data to encode (octets) @param lparam A session or system parameter (can be NULL) @@ -46,7 +46,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, LTC_ARGCHK(outlen != NULL); /* test valid hash */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { + if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { return err; } @@ -120,10 +120,10 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, /* xor against DB */ for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; + DB[y] ^= mask[y]; } - /* compute MGF1 of maskedDB (hLen) */ + /* compute MGF1 of maskedDB (hLen) */ if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { goto LBL_ERR; } @@ -149,7 +149,7 @@ int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, x += modulus_len - hLen - 1; *outlen = x; - + err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK diff --git a/src/ltc/pk/pkcs1/pkcs_1_pss_decode.c b/src/ltc/pk/pkcs1/pkcs_1_pss_decode.c index 222048c4..64de7929 100644 --- a/src/ltc/pk/pkcs1/pkcs_1_pss_decode.c +++ b/src/ltc/pk/pkcs1/pkcs_1_pss_decode.c @@ -10,15 +10,15 @@ */ #include "tomcrypt.h" -/** +/** @file pkcs_1_pss_decode.c - LTC_PKCS #1 PSS Signature Padding, Tom St Denis + PKCS #1 PSS Signature Padding, Tom St Denis */ #ifdef LTC_PKCS_1 /** - LTC_PKCS #1 v2.00 PSS decode + PKCS #1 v2.00 PSS decode @param msghash The hash to verify @param msghashlen The length of the hash (octets) @param sig The signature data (encoded data) @@ -54,7 +54,7 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); /* check sizes */ - if ((saltlen > modulus_len) || + if ((saltlen > modulus_len) || (modulus_len < hLen + saltlen + 2) || (siglen != modulus_len)) { return CRYPT_PK_INVALID_SIZE; } @@ -110,7 +110,7 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, for (y = 0; y < (modulus_len - hLen - 1); y++) { DB[y] ^= mask[y]; } - + /* now clear the first byte [make sure smaller than modulus] */ DB[0] &= 0xFF >> ((modulus_len<<3) - (modulus_bitlen-1)); @@ -156,10 +156,10 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(mask, modulus_len); - zeromem(salt, modulus_len); - zeromem(hash, modulus_len); + zeromem(DB, modulus_len); + zeromem(mask, modulus_len); + zeromem(salt, modulus_len); + zeromem(hash, modulus_len); #endif XFREE(hash); diff --git a/src/ltc/pk/pkcs1/pkcs_1_pss_encode.c b/src/ltc/pk/pkcs1/pkcs_1_pss_encode.c index b22a99f1..94e7bb56 100644 --- a/src/ltc/pk/pkcs1/pkcs_1_pss_encode.c +++ b/src/ltc/pk/pkcs1/pkcs_1_pss_encode.c @@ -10,15 +10,15 @@ */ #include "tomcrypt.h" -/** +/** @file pkcs_1_pss_encode.c - LTC_PKCS #1 PSS Signature Padding, Tom St Denis + PKCS #1 PSS Signature Padding, Tom St Denis */ #ifdef LTC_PKCS_1 /** - LTC_PKCS #1 v2.00 Signature Encoding + PKCS #1 v2.00 Signature Encoding @param msghash The hash to encode @param msghashlen The length of the hash (octets) @param saltlen The length of the salt desired (octets) @@ -31,7 +31,7 @@ @return CRYPT_OK if successful */ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, - unsigned long saltlen, prng_state *prng, + unsigned long saltlen, prng_state *prng, int prng_idx, int hash_idx, unsigned long modulus_bitlen, unsigned char *out, unsigned long *outlen) @@ -154,10 +154,10 @@ int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(mask, modulus_len); - zeromem(salt, modulus_len); - zeromem(hash, modulus_len); + zeromem(DB, modulus_len); + zeromem(mask, modulus_len); + zeromem(salt, modulus_len); + zeromem(hash, modulus_len); #endif XFREE(hash); diff --git a/src/ltc/pk/pkcs1/pkcs_1_v1_5_decode.c b/src/ltc/pk/pkcs1/pkcs_1_v1_5_decode.c index 2e7bf0c4..a073da98 100644 --- a/src/ltc/pk/pkcs1/pkcs_1_v1_5_decode.c +++ b/src/ltc/pk/pkcs1/pkcs_1_v1_5_decode.c @@ -12,12 +12,12 @@ /** @file pkcs_1_v1_5_decode.c * - * LTC_PKCS #1 v1.5 Padding. (Andreas Lange) + * PKCS #1 v1.5 Padding. (Andreas Lange) */ #ifdef LTC_PKCS_1 -/** @brief LTC_PKCS #1 v1.5 decode. +/** @brief PKCS #1 v1.5 decode. * * @param msg The encoded data to decode * @param msglen The length of the encoded data (octets) @@ -29,11 +29,11 @@ * * @return CRYPT_OK if successful (even if invalid) */ -int pkcs_1_v1_5_decode(const unsigned char *msg, +int pkcs_1_v1_5_decode(const unsigned char *msg, unsigned long msglen, int block_type, unsigned long modulus_bitlen, - unsigned char *out, + unsigned char *out, unsigned long *outlen, int *is_valid) { diff --git a/src/ltc/pk/pkcs1/pkcs_1_v1_5_encode.c b/src/ltc/pk/pkcs1/pkcs_1_v1_5_encode.c index 9917167b..ec932c3e 100644 --- a/src/ltc/pk/pkcs1/pkcs_1_v1_5_encode.c +++ b/src/ltc/pk/pkcs1/pkcs_1_v1_5_encode.c @@ -12,12 +12,12 @@ /*! \file pkcs_1_v1_5_encode.c * - * LTC_PKCS #1 v1.5 Padding (Andreas Lange) + * PKCS #1 v1.5 Padding (Andreas Lange) */ #ifdef LTC_PKCS_1 -/*! \brief LTC_PKCS #1 v1.5 encode. +/*! \brief PKCS #1 v1.5 encode. * * \param msg The data to encode * \param msglen The length of the data to encode (octets) @@ -30,13 +30,13 @@ * * \return CRYPT_OK if successful */ -int pkcs_1_v1_5_encode(const unsigned char *msg, +int pkcs_1_v1_5_encode(const unsigned char *msg, unsigned long msglen, int block_type, unsigned long modulus_bitlen, - prng_state *prng, + prng_state *prng, int prng_idx, - unsigned char *out, + unsigned char *out, unsigned long *outlen) { unsigned long modulus_len, ps_len, i; diff --git a/src/ltc/pk/rsa/rsa_decrypt_key.c b/src/ltc/pk/rsa/rsa_decrypt_key.c index 10f1c227..1f322ca5 100644 --- a/src/ltc/pk/rsa/rsa_decrypt_key.c +++ b/src/ltc/pk/rsa/rsa_decrypt_key.c @@ -12,13 +12,13 @@ /** @file rsa_decrypt_key.c - RSA LTC_PKCS #1 Decryption, Tom St Denis and Andreas Lange + RSA PKCS #1 Decryption, Tom St Denis and Andreas Lange */ #ifdef LTC_MRSA /** - LTC_PKCS #1 decrypt then v1.5 or OAEP depad + PKCS #1 decrypt then v1.5 or OAEP depad @param in The ciphertext @param inlen The length of the ciphertext (octets) @param out [out] The plaintext @@ -90,7 +90,7 @@ int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx, out, outlen, stat); } else { - /* now LTC_PKCS #1 v1.5 depad the packet */ + /* now PKCS #1 v1.5 depad the packet */ err = pkcs_1_v1_5_decode(tmp, x, LTC_PKCS_1_EME, modulus_bitlen, out, outlen, stat); } diff --git a/src/ltc/pk/rsa/rsa_encrypt_key.c b/src/ltc/pk/rsa/rsa_encrypt_key.c index 027a5f28..4d6c24bd 100644 --- a/src/ltc/pk/rsa/rsa_encrypt_key.c +++ b/src/ltc/pk/rsa/rsa_encrypt_key.c @@ -12,13 +12,13 @@ /** @file rsa_encrypt_key.c - RSA LTC_PKCS #1 encryption, Tom St Denis and Andreas Lange + RSA PKCS #1 encryption, Tom St Denis and Andreas Lange */ #ifdef LTC_MRSA /** - (LTC_PKCS #1 v2.0) OAEP pad then encrypt + (PKCS #1 v2.0) OAEP pad then encrypt @param in The plaintext @param inlen The length of the plaintext (octets) @param out [out] The ciphertext @@ -82,7 +82,7 @@ int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, return err; } } else { - /* LTC_PKCS #1 v1.5 pad the key */ + /* PKCS #1 v1.5 pad the key */ x = *outlen; if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_PKCS_1_EME, modulus_bitlen, prng, prng_idx, @@ -91,7 +91,7 @@ int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, } } - /* rsa exptmod the OAEP or LTC_PKCS #1 v1.5 pad */ + /* rsa exptmod the OAEP or PKCS #1 v1.5 pad */ return ltc_mp.rsa_me(out, x, out, outlen, PK_PUBLIC, key); } diff --git a/src/ltc/pk/rsa/rsa_export.c b/src/ltc/pk/rsa/rsa_export.c index f7a1ce38..6d1cdf27 100644 --- a/src/ltc/pk/rsa/rsa_export.c +++ b/src/ltc/pk/rsa/rsa_export.c @@ -12,19 +12,19 @@ /** @file rsa_export.c - Export RSA LTC_PKCS keys, Tom St Denis -*/ + Export RSA PKCS keys, Tom St Denis +*/ #ifdef LTC_MRSA /** - This will export either an RSAPublicKey or RSAPrivateKey [defined in LTC_PKCS #1 v2.1] + This will export either an RSAPublicKey or RSAPrivateKey [defined in PKCS #1 v2.1] @param out [out] Destination of the packet @param outlen [in/out] The max size and resulting size of the packet @param type The type of exported key (PK_PRIVATE or PK_PUBLIC) @param key The RSA key to export @return CRYPT_OK if successful -*/ +*/ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key) { unsigned long zero=0; @@ -40,19 +40,19 @@ int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key if (type == PK_PRIVATE) { /* private key */ - /* output is + /* output is Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p */ - return der_encode_sequence_multi(out, outlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, key->N, + return der_encode_sequence_multi(out, outlen, + LTC_ASN1_SHORT_INTEGER, 1UL, &zero, + LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_INTEGER, 1UL, key->d, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->d, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, LTC_ASN1_INTEGER, 1UL, key->dP, - LTC_ASN1_INTEGER, 1UL, key->dQ, - LTC_ASN1_INTEGER, 1UL, key->qP, + LTC_ASN1_INTEGER, 1UL, key->dQ, + LTC_ASN1_INTEGER, 1UL, key->qP, LTC_ASN1_EOL, 0UL, NULL); } else { /* public key */ diff --git a/src/ltc/pk/rsa/rsa_exptmod.c b/src/ltc/pk/rsa/rsa_exptmod.c index 45068b2e..5b80774b 100644 --- a/src/ltc/pk/rsa/rsa_exptmod.c +++ b/src/ltc/pk/rsa/rsa_exptmod.c @@ -14,7 +14,7 @@ /** @file rsa_exptmod.c - RSA LTC_PKCS exptmod, Tom St Denis + RSA PKCS exptmod, Tom St Denis */ #ifdef LTC_MRSA diff --git a/src/ltc/pk/rsa/rsa_get_size.c b/src/ltc/pk/rsa/rsa_get_size.c new file mode 100755 index 00000000..79556fe8 --- /dev/null +++ b/src/ltc/pk/rsa/rsa_get_size.c @@ -0,0 +1,42 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * http://libtom.org + */ +#include "tomcrypt.h" + +/** + @file rsa_get_size.c + Retrieve the size of an RSA key, Steffen Jaeckel. +*/ + +#ifdef LTC_MRSA + +/** + Retrieve the size in bytes of an RSA key. + @param key The RSA key + @return The size in bytes of the RSA key or INT_MAX on error. +*/ +int rsa_get_size(rsa_key *key) +{ + int ret = INT_MAX; + LTC_ARGCHKVD(key != NULL); + + if (key) + { + ret = mp_unsigned_bin_size(key->N); + } /* if */ + + return ret; +} + +#endif + +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/ltc/pk/rsa/rsa_import.c b/src/ltc/pk/rsa/rsa_import.c index 607da617..efd5afbf 100644 --- a/src/ltc/pk/rsa/rsa_import.c +++ b/src/ltc/pk/rsa/rsa_import.c @@ -12,13 +12,13 @@ /** @file rsa_import.c - Import a LTC_PKCS RSA key, Tom St Denis -*/ + Import a PKCS RSA key, Tom St Denis +*/ #ifdef LTC_MRSA /** - Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in LTC_PKCS #1 v2.1] + Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in PKCS #1 v2.1] @param in The packet to import from @param inlen It's length (octets) @param key [out] Destination for newly imported key @@ -36,7 +36,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, + if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { return err; } @@ -67,28 +67,28 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) goto LBL_FREE; } - /* not SSL public key, try to match against LTC_PKCS #1 standards */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, key->N, + /* not SSL public key, try to match against PKCS #1 standards */ + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { - if ((err = mp_init(&zero)) != CRYPT_OK) { + if ((err = mp_init(&zero)) != CRYPT_OK) { goto LBL_ERR; } /* it's a private key */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, zero, - LTC_ASN1_INTEGER, 1UL, key->N, + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, zero, + LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_INTEGER, 1UL, key->d, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->d, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, LTC_ASN1_INTEGER, 1UL, key->dP, - LTC_ASN1_INTEGER, 1UL, key->dQ, - LTC_ASN1_INTEGER, 1UL, key->qP, + LTC_ASN1_INTEGER, 1UL, key->dQ, + LTC_ASN1_INTEGER, 1UL, key->qP, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { mp_clear(zero); goto LBL_ERR; @@ -101,9 +101,9 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) goto LBL_ERR; } else { /* it's a public key and we lack e */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } diff --git a/src/ltc/pk/rsa/rsa_sign_hash.c b/src/ltc/pk/rsa/rsa_sign_hash.c index 5e039816..f66b9f46 100644 --- a/src/ltc/pk/rsa/rsa_sign_hash.c +++ b/src/ltc/pk/rsa/rsa_sign_hash.c @@ -12,13 +12,13 @@ /** @file rsa_sign_hash.c - RSA LTC_PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange + RSA PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange */ #ifdef LTC_MRSA /** - LTC_PKCS #1 pad then sign + PKCS #1 pad then sign @param in The hash to sign @param inlen The length of the hash to sign (octets) @param out [out] The signature @@ -79,7 +79,7 @@ int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, return err; } } else { - /* LTC_PKCS #1 v1.5 pad the hash */ + /* PKCS #1 v1.5 pad the hash */ unsigned char *tmpin; ltc_asn1_list digestinfo[2], siginfo[2]; diff --git a/src/ltc/pk/rsa/rsa_sign_saltlen_get.c b/src/ltc/pk/rsa/rsa_sign_saltlen_get.c new file mode 100755 index 00000000..5f0e68eb --- /dev/null +++ b/src/ltc/pk/rsa/rsa_sign_saltlen_get.c @@ -0,0 +1,49 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * http://libtom.org + */ +#include "tomcrypt.h" + +/** + @file rsa_sign_saltlen_get_ex.c + Retrieve the maximum size of the salt, Steffen Jaeckel. +*/ + +#ifdef LTC_MRSA + +/** + Retrieve the maximum possible size of the salt when creating a PKCS#1 PSS signature. + @param padding Type of padding (LTC_PKCS_1_PSS only) + @param hash_idx The index of the desired hash + @param key The RSA key + @return The maximum salt length in bytes or INT_MAX on error. +*/ +int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key) +{ + int ret = INT_MAX; + LTC_ARGCHKVD(key != NULL); + + if ((hash_is_valid(hash_idx) == CRYPT_OK) && + (padding == LTC_PKCS_1_PSS)) + { + ret = rsa_get_size(key); + if (ret < INT_MAX) + { + ret -= (hash_descriptor[hash_idx].hashsize + 2); + } /* if */ + } /* if */ + + return ret; +} + +#endif + +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/src/ltc/pk/rsa/rsa_verify_hash.c b/src/ltc/pk/rsa/rsa_verify_hash.c index 98dd442c..654d00dd 100644 --- a/src/ltc/pk/rsa/rsa_verify_hash.c +++ b/src/ltc/pk/rsa/rsa_verify_hash.c @@ -12,13 +12,13 @@ /** @file rsa_verify_hash.c - RSA LTC_PKCS #1 v1.5 or v2 PSS signature verification, Tom St Denis and Andreas Lange + RSA PKCS #1 v1.5 or v2 PSS signature verification, Tom St Denis and Andreas Lange */ #ifdef LTC_MRSA /** - LTC_PKCS #1 de-sign then v1.5 or PSS depad + PKCS #1 de-sign then v1.5 or PSS depad @param sig The signature data @param siglen The length of the signature data (octets) @param hash The hash of the message that was signed @@ -94,7 +94,7 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, /* PSS decode and verify it */ err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat); } else { - /* LTC_PKCS #1 v1.5 decode it */ + /* PKCS #1 v1.5 decode it */ unsigned char *out; unsigned long outlen, loid[16]; int decoded; @@ -115,7 +115,7 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, } if ((err = pkcs_1_v1_5_decode(tmpbuf, x, LTC_PKCS_1_EMSA, modulus_bitlen, out, &outlen, &decoded)) != CRYPT_OK) { - XFREE(out); + XFREE(out); goto bail_2; } diff --git a/src/ltc/prngs/rng_get_bytes.c b/src/ltc/prngs/rng_get_bytes.c index 12995c96..5604838c 100644 --- a/src/ltc/prngs/rng_get_bytes.c +++ b/src/ltc/prngs/rng_get_bytes.c @@ -10,14 +10,14 @@ */ #include "tomcrypt.h" -/** +/** @file rng_get_bytes.c portable way to get secure random bits to feed a PRNG (Tom St Denis) */ #ifdef LTC_DEVRANDOM /* on *NIX read /dev/random */ -static unsigned long rng_nix(unsigned char *buf, unsigned long len, +static unsigned long rng_nix(unsigned char *buf, unsigned long len, void (*callback)(void)) { #ifdef LTC_NO_FILE @@ -34,13 +34,13 @@ static unsigned long rng_nix(unsigned char *buf, unsigned long len, if (f == NULL) { return 0; } - + /* disable buffering */ if (setvbuf(f, NULL, _IONBF, 0) != 0) { fclose(f); return 0; - } - + } + x = (unsigned long)fread(buf, 1, (size_t)len, f); fclose(f); return x; @@ -54,7 +54,7 @@ static unsigned long rng_nix(unsigned char *buf, unsigned long len, #define ANSI_RNG -static unsigned long rng_ansic(unsigned char *buf, unsigned long len, +static unsigned long rng_ansic(unsigned char *buf, unsigned long len, void (*callback)(void)) { clock_t t1; @@ -76,7 +76,7 @@ static unsigned long rng_ansic(unsigned char *buf, unsigned long len, } while (a == b); acc = (acc << 1) | a; } - *buf++ = acc; + *buf++ = acc; acc = 0; bits = 8; } @@ -84,13 +84,13 @@ static unsigned long rng_ansic(unsigned char *buf, unsigned long len, return l; } -#endif +#endif /* Try the Microsoft CSP */ -#if defined(WIN32) || defined(WINCE) - #ifndef _WIN32_WINNT - #define _WIN32_WINNT 0x0400 - #endif +#if defined(WIN32) || defined(_WIN32) || defined(WINCE) +#ifndef _WIN32_WINNT + #define _WIN32_WINNT 0x0400 +#endif #ifdef WINCE #define UNDER_CE #define ARM @@ -100,13 +100,13 @@ static unsigned long rng_ansic(unsigned char *buf, unsigned long len, #include <windows.h> #include <wincrypt.h> -static unsigned long rng_win32(unsigned char *buf, unsigned long len, +static unsigned long rng_win32(unsigned char *buf, unsigned long len, void (*callback)(void)) { HCRYPTPROV hProv = 0; - if (!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, - (CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)) && - !CryptAcquireContext (&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, + if (!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, + (CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)) && + !CryptAcquireContext (&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET | CRYPT_NEWKEYSET)) return 0; @@ -127,8 +127,8 @@ static unsigned long rng_win32(unsigned char *buf, unsigned long len, @param outlen Length desired (octets) @param callback Pointer to void function to act as "callback" when RNG is slow. This can be NULL @return Number of octets read -*/ -unsigned long rng_get_bytes(unsigned char *out, unsigned long outlen, +*/ +unsigned long rng_get_bytes(unsigned char *out, unsigned long outlen, void (*callback)(void)) { unsigned long x; @@ -138,7 +138,7 @@ unsigned long rng_get_bytes(unsigned char *out, unsigned long outlen, #if defined(LTC_DEVRANDOM) x = rng_nix(out, outlen, callback); if (x != 0) { return x; } #endif -#ifdef WIN32 +#if defined(WIN32) || defined(_WIN32) || defined(WINCE) x = rng_win32(out, outlen, callback); if (x != 0) { return x; } #endif #ifdef ANSI_RNG diff --git a/src/ltc/prngs/sober128.c b/src/ltc/prngs/sober128.c index 3a0ddc9b..8bf5c447 100644 --- a/src/ltc/prngs/sober128.c +++ b/src/ltc/prngs/sober128.c @@ -18,6 +18,7 @@ #ifdef LTC_SOBER128 +#define __LTC_SOBER128TAB_C__ #include "sober128tab.c.inc" const struct ltc_prng_descriptor sober128_desc = |