Package list libcryptx-perl / 5b72530
New upstream version 0.056 gregor herrmann 3 years ago
308 changed file(s) with 7707 addition(s) and 6737 deletion(s). Raw diff Collapse all Expand all
00 Changes for CryptX
1
2 0.056 2017-12-22
3 - new Crypt::Stream::Rabbit
14
25 0.055 2017-11-28
36 - new Crypt::Cipher::IDEA
7272 sosemanuk_state state;
7373 int id;
7474 } *Crypt__Stream__Sosemanuk;
75
76 typedef struct rabbit_struct { /* used by Crypt::Stream::Rabbit */
77 rabbit_state state;
78 int id;
79 } *Crypt__Stream__Rabbit;
7580
7681 typedef struct rc4_struct { /* used by Crypt::Stream::RC4 */
7782 rc4_state state;
622627 if (len == 0) XSRETURN_UNDEF;
623628
624629 mp_init(&mpi);
625 if (mp_read_unsigned_bin(&mpi, in_data, len) == CRYPT_OK) {
630 if (mp_read_unsigned_bin(&mpi, in_data, (unsigned long)len) == CRYPT_OK) {
626631 mp_init_copy(&tmp, &mpi);
627632 while (mp_iszero(&tmp) == MP_NO) {
628633 mp_div_d(&tmp, (mp_digit)radix, &tmp, &d);
692697 INCLUDE: inc/CryptX_Stream_RC4.xs.inc
693698 INCLUDE: inc/CryptX_Stream_Sober128.xs.inc
694699 INCLUDE: inc/CryptX_Stream_Sosemanuk.xs.inc
700 INCLUDE: inc/CryptX_Stream_Rabbit.xs.inc
695701
696702 INCLUDE: inc/CryptX_Mac_F9.xs.inc
697703 INCLUDE: inc/CryptX_Mac_HMAC.xs.inc
3131 inc/CryptX_PK_RSA.xs.inc
3232 inc/CryptX_PRNG.xs.inc
3333 inc/CryptX_Stream_ChaCha.xs.inc
34 inc/CryptX_Stream_Rabbit.xs.inc
3435 inc/CryptX_Stream_RC4.xs.inc
3536 inc/CryptX_Stream_Salsa20.xs.inc
3637 inc/CryptX_Stream_Sober128.xs.inc
131132 lib/Crypt/PRNG/Sober128.pm
132133 lib/Crypt/PRNG/Yarrow.pm
133134 lib/Crypt/Stream/ChaCha.pm
135 lib/Crypt/Stream/Rabbit.pm
134136 lib/Crypt/Stream/RC4.pm
135137 lib/Crypt/Stream/Salsa20.pm
136138 lib/Crypt/Stream/Sober128.pm
309311 src/ltc/misc/base64/base64_encode.c
310312 src/ltc/misc/burn_stack.c
311313 src/ltc/misc/compare_testvector.c
314 src/ltc/misc/copy_or_zeromem.c
312315 src/ltc/misc/crc32.c
313316 src/ltc/misc/crypt/crypt.c
314317 src/ltc/misc/crypt/crypt_argchk.c
525528 src/ltc/stream/chacha/chacha_ivctr64.c
526529 src/ltc/stream/chacha/chacha_keystream.c
527530 src/ltc/stream/chacha/chacha_setup.c
531 src/ltc/stream/rabbit/rabbit.c
528532 src/ltc/stream/rc4/rc4_stream.c
529533 src/ltc/stream/salsa20/salsa20_crypt.c
530534 src/ltc/stream/salsa20/salsa20_done.c
712716 t/cipher_serpent_compat.t
713717 t/cipher_skipjack.t
714718 t/cipher_stream.t
719 t/cipher_stream_rabbit.t
715720 t/cipher_stream_salsa20.t
716721 t/cipher_test_vectors_ltc.t
717722 t/cipher_test_vectors_openssl.t
4444 "url" : "https://github.com/DCIT/perl-CryptX"
4545 }
4646 },
47 "version" : "0.055",
47 "version" : "0.056",
4848 "x_serialization_backend" : "JSON::PP version 2.94"
4949 }
2121 resources:
2222 bugtracker: https://github.com/DCIT/perl-CryptX/issues
2323 repository: https://github.com/DCIT/perl-CryptX
24 version: '0.055'
24 version: '0.056'
2525 x_serialization_backend: 'CPAN::Meta::YAML version 0.018'
2121
2222 - Stream ciphers
2323
24 [Crypt::Stream::RC4](https://metacpan.org/pod/Crypt::Stream::RC4), [Crypt::Stream::ChaCha](https://metacpan.org/pod/Crypt::Stream::ChaCha), [Crypt::Stream::Salsa20](https://metacpan.org/pod/Crypt::Stream::Salsa20), [Crypt::Stream::Sober128](https://metacpan.org/pod/Crypt::Stream::Sober128), [Crypt::Stream::Sosemanuk](https://metacpan.org/pod/Crypt::Stream::Sosemanuk)
24 [Crypt::Stream::RC4](https://metacpan.org/pod/Crypt::Stream::RC4), [Crypt::Stream::ChaCha](https://metacpan.org/pod/Crypt::Stream::ChaCha), [Crypt::Stream::Salsa20](https://metacpan.org/pod/Crypt::Stream::Salsa20), [Crypt::Stream::Sober128](https://metacpan.org/pod/Crypt::Stream::Sober128),
25 [Crypt::Stream::Sosemanuk](https://metacpan.org/pod/Crypt::Stream::Sosemanuk), [Crypt::Stream::Rabbit](https://metacpan.org/pod/Crypt::Stream::Rabbit)
2526
2627 - Authenticated encryption modes
2728
2626 Newz(0, RETVAL, 1, struct ccm_struct);
2727 if (!RETVAL) croak("FATAL: Newz failed");
2828
29 rv = ccm_init(&RETVAL->state, id, k, (unsigned long)k_len, pt_len, tag_len, h_len);
29 rv = ccm_init(&RETVAL->state, id, k, (int)k_len, (int)pt_len, (int)tag_len, (int)h_len); /* XXX-TODO why int? */
3030 if (rv != CRYPT_OK) {
3131 Safefree(RETVAL);
3232 croak("FATAL: ccm_init failed: %s", error_to_string(rv));
8989 SvREFCNT_dec(RETVAL);
9090 croak("FATAL: ccm_process failed: %s", error_to_string(rv));
9191 }
92 self->pt_len -= in_data_len;
92 self->pt_len -= (unsigned long)in_data_len;
9393 }
9494 }
9595 OUTPUT:
9999 decrypt_add(Crypt::AuthEnc::CCM self, SV * data)
100100 CODE:
101101 {
102 int rv, i;
102 int rv;
103103 STRLEN in_data_len;
104104 unsigned char *in_data, *out_data;
105105
122122 SvREFCNT_dec(RETVAL);
123123 croak("FATAL: ccm_process failed: %s", error_to_string(rv));
124124 }
125 self->pt_len -= in_data_len;
125 self->pt_len -= (unsigned long)in_data_len;
126126 }
127127 }
128128 OUTPUT:
33 new(Class)
44 CODE:
55 {
6 int rv;
76 Newz(0, RETVAL, 1, crc32_state);
87 if (!RETVAL) croak("FATAL: Newz failed");
98 crc32_init(RETVAL); /* returns void */
8282 if (len == 0) {
8383 RETVAL = newSVpvn("", 0);
8484 }
85 else if (len == self->desc->block_length) {
85 else if (len == (STRLEN)self->desc->block_length) {
8686 RETVAL = NEWSV(0, len);
8787 SvPOK_only(RETVAL);
8888 SvCUR_set(RETVAL, len);
112112 if (len == 0) {
113113 RETVAL = newSVpvn("", 0);
114114 }
115 else if (len == self->desc->block_length) {
115 else if (len == (STRLEN)self->desc->block_length) {
116116 RETVAL = NEWSV(0, len);
117117 SvPOK_only(RETVAL);
118118 SvCUR_set(RETVAL, len);
7171 SvPOK_only(RETVAL);
7272 SvCUR_set(RETVAL, out_len);
7373 out_data = (unsigned char *)SvPVX(RETVAL);
74 rv = sha3_shake_done(&self->state, out_data, out_len);
74 rv = sha3_shake_done(&self->state, out_data, (unsigned long)out_len);
7575 if (rv != CRYPT_OK) {
7676 SvREFCNT_dec(RETVAL);
7777 croak("FATAL: sha3_shake_done failed: %s", error_to_string(rv));
6565 STRLEN data_len=0;
6666 data = (unsigned char *)SvPVbyte(dhparam, data_len);
6767 /* load d p q */
68 rv = dh_set_pg_dhparam(data, data_len, &self->key);
68 rv = dh_set_pg_dhparam(data, (unsigned long)data_len, &self->key);
6969 if (rv != CRYPT_OK) croak("FATAL: dh_set_pg_dhparam failed: %s", error_to_string(rv));
7070 /* gen the key */
7171 rv = dh_generate_key(&self->pstate, self->pindex, &self->key);
4141 STRLEN data_len=0;
4242 data = (unsigned char *)SvPVbyte(dsaparam, data_len);
4343 /* load d p q */
44 rv = dsa_set_pqg_dsaparam(data, data_len, &self->key);
44 rv = dsa_set_pqg_dsaparam(data, (unsigned long)data_len, &self->key);
4545 if (rv != CRYPT_OK) croak("FATAL: dsa_set_pqg_dsaparam failed: %s", error_to_string(rv));
4646 /* gen the key */
4747 rv = dsa_generate_key(&self->pstate, self->pindex, &self->key);
6363 pwd = (unsigned char *)SvPVbyte(passwd, pwd_len);
6464 }
6565 _ecc_free_key(&self->key, &self->dp);
66 rv = ecc_import_pkcs8(data, (unsigned long)data_len, pwd, pwd_len, &self->key, &self->dp);
66 rv = ecc_import_pkcs8(data, (unsigned long)data_len, pwd, (unsigned long)pwd_len, &self->key, &self->dp);
6767 if (rv != CRYPT_OK) croak("FATAL: ecc_import_pkcs8 failed: %s", error_to_string(rv));
6868 XPUSHs(ST(0)); /* return self */
6969 }
6161 pwd = (unsigned char *)SvPVbyte(passwd, pwd_len);
6262 }
6363 if (self->key.type != -1) { rsa_free(&self->key); self->key.type = -1; }
64 rv = rsa_import_pkcs8(data, (unsigned long)data_len, pwd, pwd_len, &self->key);
64 rv = rsa_import_pkcs8(data, (unsigned long)data_len, pwd, (unsigned long)pwd_len, &self->key);
6565 if (rv != CRYPT_OK) croak("FATAL: rsa_import_pkcs8 failed: %s", error_to_string(rv));
6666 XPUSHs(ST(0)); /* return self */
6767 }
6969 SvPOK_only(RETVAL);
7070 SvCUR_set(RETVAL, out_len);
7171 out_data = (unsigned char *)SvPVX(RETVAL);
72 rv = chacha_keystream(&self->state, out_data, out_len);
72 rv = chacha_keystream(&self->state, out_data, (unsigned long)out_len);
7373 if (rv != CRYPT_OK) {
7474 SvREFCNT_dec(RETVAL);
7575 croak("FATAL: chacha_keystream failed: %s", error_to_string(rv));
4848 SvPOK_only(RETVAL);
4949 SvCUR_set(RETVAL, out_len);
5050 out_data = (unsigned char *)SvPVX(RETVAL);
51 rv = rc4_stream_keystream(&self->state, out_data, out_len);
51 rv = rc4_stream_keystream(&self->state, out_data, (unsigned long)out_len);
5252 if (rv != CRYPT_OK) {
5353 SvREFCNT_dec(RETVAL);
5454 croak("FATAL: rc4_stream_keystream failed: %s", error_to_string(rv));
0 MODULE = CryptX PACKAGE = Crypt::Stream::Rabbit
1
2 Crypt::Stream::Rabbit
3 new(Class, SV * key, SV * nonce=&PL_sv_undef)
4 CODE:
5 {
6 int rv;
7 STRLEN iv_len=0, k_len=0;
8 unsigned char *iv=NULL, *k=NULL;
9
10 if (!SvPOK(key)) croak("FATAL: key must be string/buffer scalar");
11 k = (unsigned char *)SvPVbyte(key, k_len);
12
13 Newz(0, RETVAL, 1, struct rabbit_struct);
14 if (!RETVAL) croak("FATAL: Newz failed");
15
16 rv = rabbit_setup(&RETVAL->state, k, (unsigned long)k_len);
17 if (rv != CRYPT_OK) {
18 Safefree(RETVAL);
19 croak("FATAL: rabbit_setup failed: %s", error_to_string(rv));
20 }
21
22 if (SvOK(nonce)) {
23 if (!SvPOK(nonce)) croak("FATAL: nonce must be string/buffer scalar");
24 iv = (unsigned char *)SvPVbyte(nonce, iv_len);
25 rv = rabbit_setiv(&RETVAL->state, iv, (unsigned long)iv_len);
26 if (rv != CRYPT_OK) {
27 Safefree(RETVAL);
28 croak("FATAL: rabbit_setiv failed: %s", error_to_string(rv));
29 }
30 }
31
32 }
33 OUTPUT:
34 RETVAL
35
36 void
37 DESTROY(Crypt::Stream::Rabbit self)
38 CODE:
39 rabbit_done(&self->state);
40 Safefree(self);
41
42 Crypt::Stream::Rabbit
43 clone(Crypt::Stream::Rabbit self)
44 CODE:
45 Newz(0, RETVAL, 1, struct rabbit_struct);
46 if (!RETVAL) croak("FATAL: Newz failed");
47 Copy(&self->state, &RETVAL->state, 1, struct rabbit_struct);
48 OUTPUT:
49 RETVAL
50
51 SV *
52 keystream(Crypt::Stream::Rabbit self, STRLEN out_len)
53 CODE:
54 {
55 int rv;
56 unsigned char *out_data;
57
58 RETVAL = NEWSV(0, out_len);
59 SvPOK_only(RETVAL);
60 SvCUR_set(RETVAL, out_len);
61 out_data = (unsigned char *)SvPVX(RETVAL);
62 rv = rabbit_keystream(&self->state, out_data, (unsigned long)out_len);
63 if (rv != CRYPT_OK) {
64 SvREFCNT_dec(RETVAL);
65 croak("FATAL: rabbit_keystream failed: %s", error_to_string(rv));
66 }
67 }
68 OUTPUT:
69 RETVAL
70
71 SV *
72 crypt(Crypt::Stream::Rabbit self, SV * data)
73 CODE:
74 {
75 int rv;
76 STRLEN in_data_len;
77 unsigned char *in_data, *out_data;
78
79 in_data = (unsigned char *)SvPVbyte(data, in_data_len);
80 if (in_data_len == 0) {
81 RETVAL = newSVpvn("", 0);
82 }
83 else {
84 RETVAL = NEWSV(0, in_data_len);
85 SvPOK_only(RETVAL);
86 SvCUR_set(RETVAL, in_data_len);
87 out_data = (unsigned char *)SvPVX(RETVAL);
88 rv = rabbit_crypt(&self->state, in_data, (unsigned long)in_data_len, out_data);
89 if (rv != CRYPT_OK) {
90 SvREFCNT_dec(RETVAL);
91 croak("FATAL: rabbit_crypt failed: %s", error_to_string(rv));
92 }
93 }
94 }
95 OUTPUT:
96 RETVAL
5656 SvPOK_only(RETVAL);
5757 SvCUR_set(RETVAL, out_len);
5858 out_data = (unsigned char *)SvPVX(RETVAL);
59 rv = salsa20_keystream(&self->state, out_data, out_len);
59 rv = salsa20_keystream(&self->state, out_data, (unsigned long)out_len);
6060 if (rv != CRYPT_OK) {
6161 SvREFCNT_dec(RETVAL);
6262 croak("FATAL: salsa20_keystream failed: %s", error_to_string(rv));
5656 SvPOK_only(RETVAL);
5757 SvCUR_set(RETVAL, out_len);
5858 out_data = (unsigned char *)SvPVX(RETVAL);
59 rv = sober128_stream_keystream(&self->state, out_data, out_len);
59 rv = sober128_stream_keystream(&self->state, out_data, (unsigned long)out_len);
6060 if (rv != CRYPT_OK) {
6161 SvREFCNT_dec(RETVAL);
6262 croak("FATAL: sober128_stream_keystream failed: %s", error_to_string(rv));
6262 SvPOK_only(RETVAL);
6363 SvCUR_set(RETVAL, out_len);
6464 out_data = (unsigned char *)SvPVX(RETVAL);
65 rv = sosemanuk_keystream(&self->state, out_data, out_len);
65 rv = sosemanuk_keystream(&self->state, out_data, (unsigned long)out_len);
6666 if (rv != CRYPT_OK) {
6767 SvREFCNT_dec(RETVAL);
6868 croak("FATAL: sosemanuk_keystream failed: %s", error_to_string(rv));
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Crypt::AuthEnc Exporter);
77 our %EXPORT_TAGS = ( all => [qw( ccm_encrypt_authenticate ccm_decrypt_verify )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Crypt::AuthEnc Exporter);
77 our %EXPORT_TAGS = ( all => [qw( chacha20poly1305_encrypt_authenticate chacha20poly1305_decrypt_verify )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Crypt::AuthEnc Exporter);
77 our %EXPORT_TAGS = ( all => [qw( eax_encrypt_authenticate eax_decrypt_verify )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Crypt::AuthEnc Exporter);
77 our %EXPORT_TAGS = ( all => [qw( gcm_encrypt_authenticate gcm_decrypt_verify )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Crypt::AuthEnc Exporter);
77 our %EXPORT_TAGS = ( all => [qw( ocb_encrypt_authenticate ocb_decrypt_verify )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 sub CLONE_SKIP { 1 } # prevent cloning
77
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use Carp;
77 $Carp::Internal{(__PACKAGE__)}++;
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use Carp;
77 $Carp::Internal{(__PACKAGE__)}++;
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
77 our %EXPORT_TAGS = ( all => [qw/
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use CryptX;
99 use base 'Crypt::Cipher';
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use Carp;
77 $Carp::Internal{(__PACKAGE__)}++;
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( blake2b_160 blake2b_160_hex blake2b_160_b64 blake2b_160_b64u blake2b_160_file blake2b_160_file_hex blake2b_160_file_b64 blake2b_160_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( blake2b_256 blake2b_256_hex blake2b_256_b64 blake2b_256_b64u blake2b_256_file blake2b_256_file_hex blake2b_256_file_b64 blake2b_256_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( blake2b_384 blake2b_384_hex blake2b_384_b64 blake2b_384_b64u blake2b_384_file blake2b_384_file_hex blake2b_384_file_b64 blake2b_384_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( blake2b_512 blake2b_512_hex blake2b_512_b64 blake2b_512_b64u blake2b_512_file blake2b_512_file_hex blake2b_512_file_b64 blake2b_512_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( blake2s_128 blake2s_128_hex blake2s_128_b64 blake2s_128_b64u blake2s_128_file blake2s_128_file_hex blake2s_128_file_b64 blake2s_128_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( blake2s_160 blake2s_160_hex blake2s_160_b64 blake2s_160_b64u blake2s_160_file blake2s_160_file_hex blake2s_160_file_b64 blake2s_160_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( blake2s_224 blake2s_224_hex blake2s_224_b64 blake2s_224_b64u blake2s_224_file blake2s_224_file_hex blake2s_224_file_b64 blake2s_224_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( blake2s_256 blake2s_256_hex blake2s_256_b64 blake2s_256_b64u blake2s_256_file blake2s_256_file_hex blake2s_256_file_b64 blake2s_256_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( chaes chaes_hex chaes_b64 chaes_b64u chaes_file chaes_file_hex chaes_file_b64 chaes_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( md2 md2_hex md2_b64 md2_b64u md2_file md2_file_hex md2_file_b64 md2_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( md4 md4_hex md4_b64 md4_b64u md4_file md4_file_hex md4_file_b64 md4_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( md5 md5_hex md5_b64 md5_b64u md5_file md5_file_hex md5_file_b64 md5_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( ripemd128 ripemd128_hex ripemd128_b64 ripemd128_b64u ripemd128_file ripemd128_file_hex ripemd128_file_b64 ripemd128_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( ripemd160 ripemd160_hex ripemd160_b64 ripemd160_b64u ripemd160_file ripemd160_file_hex ripemd160_file_b64 ripemd160_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( ripemd256 ripemd256_hex ripemd256_b64 ripemd256_b64u ripemd256_file ripemd256_file_hex ripemd256_file_b64 ripemd256_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( ripemd320 ripemd320_hex ripemd320_b64 ripemd320_b64u ripemd320_file ripemd320_file_hex ripemd320_file_b64 ripemd320_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha1 sha1_hex sha1_b64 sha1_b64u sha1_file sha1_file_hex sha1_file_b64 sha1_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha224 sha224_hex sha224_b64 sha224_b64u sha224_file sha224_file_hex sha224_file_b64 sha224_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha256 sha256_hex sha256_b64 sha256_b64u sha256_file sha256_file_hex sha256_file_b64 sha256_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha384 sha384_hex sha384_b64 sha384_b64u sha384_file sha384_file_hex sha384_file_b64 sha384_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha3_224 sha3_224_hex sha3_224_b64 sha3_224_b64u sha3_224_file sha3_224_file_hex sha3_224_file_b64 sha3_224_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha3_256 sha3_256_hex sha3_256_b64 sha3_256_b64u sha3_256_file sha3_256_file_hex sha3_256_file_b64 sha3_256_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha3_384 sha3_384_hex sha3_384_b64 sha3_384_b64u sha3_384_file sha3_384_file_hex sha3_384_file_b64 sha3_384_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha3_512 sha3_512_hex sha3_512_b64 sha3_512_b64u sha3_512_file sha3_512_file_hex sha3_512_file_b64 sha3_512_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha512 sha512_hex sha512_b64 sha512_b64u sha512_file sha512_file_hex sha512_file_b64 sha512_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha512_224 sha512_224_hex sha512_224_b64 sha512_224_b64u sha512_224_file sha512_224_file_hex sha512_224_file_b64 sha512_224_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( sha512_256 sha512_256_hex sha512_256_b64 sha512_256_b64u sha512_256_file sha512_256_file_hex sha512_256_file_b64 sha512_256_file_b64u )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use Carp;
77 $Carp::Internal{(__PACKAGE__)}++;
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( tiger192 tiger192_hex tiger192_b64 tiger192_b64u tiger192_file tiger192_file_hex tiger192_file_b64 tiger192_file_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Digest Exporter);
99 our %EXPORT_TAGS = ( all => [qw( whirlpool whirlpool_hex whirlpool_b64 whirlpool_b64u whirlpool_file whirlpool_file_hex whirlpool_file_b64 whirlpool_file_b64u )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
77 our %EXPORT_TAGS = ( all => [qw( digest_data digest_data_hex digest_data_b64 digest_data_b64u digest_file digest_file_hex digest_file_b64 digest_file_b64u )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
77 our %EXPORT_TAGS = ( all => [qw(pbkdf1 pbkdf2 hkdf hkdf_expand hkdf_extract)] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Mac Exporter);
99 our %EXPORT_TAGS = ( all => [qw( blake2b blake2b_hex blake2b_b64 blake2b_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Mac Exporter);
99 our %EXPORT_TAGS = ( all => [qw( blake2s blake2s_hex blake2s_b64 blake2s_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Mac Exporter);
99 our %EXPORT_TAGS = ( all => [qw( f9 f9_hex f9_b64 f9_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Mac Exporter);
99 our %EXPORT_TAGS = ( all => [qw( hmac hmac_hex hmac_b64 hmac_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Mac Exporter);
99 our %EXPORT_TAGS = ( all => [qw( omac omac_hex omac_b64 omac_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Mac Exporter);
99 our %EXPORT_TAGS = ( all => [qw( pmac pmac_hex pmac_b64 pmac_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Mac Exporter);
99 our %EXPORT_TAGS = ( all => [qw( pelican pelican_hex pelican_b64 pelican_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Mac Exporter);
99 our %EXPORT_TAGS = ( all => [qw( poly1305 poly1305_hex poly1305_b64 poly1305_b64u )] );
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use base qw(Crypt::Mac Exporter);
99 our %EXPORT_TAGS = ( all => [qw( xcbc xcbc_hex xcbc_b64 xcbc_b64u )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
77 our %EXPORT_TAGS = ( all => [qw( mac mac_hex )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 require Exporter; our @ISA = qw(Exporter); ### use Exporter 5.57 'import';
77 use Carp 'croak';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use Crypt::Cipher;
99 use base 'Crypt::Mode';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use Crypt::Cipher;
99 use base 'Crypt::Mode';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use Crypt::Cipher;
99 use base 'Crypt::Mode';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use Crypt::Cipher;
99 use base 'Crypt::Mode';
33
44 use strict;
55 use warnings;
6 our $VERSION = '0.055';
6 our $VERSION = '0.056';
77
88 use Crypt::Cipher;
99 use base 'Crypt::Mode';
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 ### METHODS
77
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
77 our %EXPORT_TAGS = ( all => [qw( dh_shared_secret )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
77 our %EXPORT_TAGS = ( all => [qw( dsa_encrypt dsa_decrypt dsa_sign_message dsa_verify_message dsa_sign_hash dsa_verify_hash )] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
77 our %EXPORT_TAGS = ( all => [qw( ecc_encrypt ecc_decrypt ecc_sign_message ecc_verify_message ecc_sign_hash ecc_verify_hash ecc_shared_secret )] );
10931093
10941094 =head2 export_key_raw
10951095
1096 Export raw public/private key. Public key is exported in ANS X9.63 format (compressed or uncompressed),
1096 Export raw public/private key. Public key is exported in ASN X9.62 format (compressed or uncompressed),
10971097 private key is exported as raw bytes (padded with leading zeros to have the same size as the ECC curve).
10981098
10991099 my $pubkey_octets = $pk->export_key_raw('public');
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 require Exporter; our @ISA = qw(Exporter); ### use Exporter 'import';
77 our %EXPORT_TAGS = ( all => [qw(rsa_encrypt rsa_decrypt rsa_sign_message rsa_verify_message rsa_sign_hash rsa_verify_hash)] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use Carp;
77
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Crypt::PRNG Exporter);
77 our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Crypt::PRNG Exporter);
77 our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Crypt::PRNG Exporter);
77 our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Crypt::PRNG Exporter);
77 our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Crypt::PRNG Exporter);
77 our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Exporter);
77 our %EXPORT_TAGS = ( all => [qw(random_bytes random_bytes_hex random_bytes_b64 random_bytes_b64u random_string random_string_from rand irand)] );
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use CryptX;
77
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use CryptX;
77
0 package Crypt::Stream::Rabbit;
1
2 use strict;
3 use warnings;
4 our $VERSION = '0.056';
5
6 use CryptX;
7
8 1;
9
10 =pod
11
12 =head1 NAME
13
14 Crypt::Stream::Rabbit - Stream cipher Rabbit
15
16 =head1 SYNOPSIS
17
18 use Crypt::Stream::Rabbit;
19
20 # encrypt
21 $key = "1234567890123456";
22 $iv = "12345678";
23 $stream = Crypt::Stream::Rabbit->new($key, $iv);
24 $ct = $stream->crypt("plain message");
25
26 # decrypt
27 $key = "1234567890123456";
28 $iv = "12345678";
29 $stream = Crypt::Stream::Rabbit->new($key, $iv);
30 $pt = $stream->crypt($ct);
31
32 =head1 DESCRIPTION
33
34 Provides an interface to the Rabbit stream cipher.
35
36 =head1 METHODS
37
38 =head2 new
39
40 $stream = Crypt::Stream::Rabbit->new($key, $iv);
41 # $key .. keylen must be up to 16 bytes
42 # $iv .. ivlen must be up to 8 bytes
43
44 $stream = Crypt::Stream::Rabbit->new($key);
45 #BEWARE: this is different from new($key, "")
46
47 =head2 crypt
48
49 $ciphertext = $stream->crypt($plaintext);
50 #or
51 $plaintext = $stream->crypt($ciphertext);
52
53 =head2 keystream
54
55 $random_key = $stream->keystream($length);
56
57 =head2 clone
58
59 $stream->clone();
60
61 =head1 SEE ALSO
62
63 =over
64
65 =item * L<Crypt::Stream::RC4>, L<Crypt::Stream::ChaCha>, L<Crypt::Stream::Salsa20>, L<Crypt::Stream::Sober128>
66
67 =item * L<https://en.wikipedia.org/wiki/Rabbit_(cipher)>
68
69 =back
70
71 =cut
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use CryptX;
77
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use CryptX;
77
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use CryptX;
77
6161
6262 =item * L<Crypt::Stream::RC4>, L<Crypt::Stream::ChaCha>, L<Crypt::Stream::Salsa20>, L<Crypt::Stream::Sober128>
6363
64 =item * L<https://en.wikipedia.org/wiki/SOBER-128|https://en.wikipedia.org/wiki/SOBER-128>
64 =item * L<https://en.wikipedia.org/wiki/SOSEMANUK>
6565
6666 =back
6767
11
22 use strict;
33 use warnings ;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use base qw(Exporter);
77 our @EXPORT_OK = qw();
8484
8585 =item * Stream ciphers
8686
87 L<Crypt::Stream::RC4>, L<Crypt::Stream::ChaCha>, L<Crypt::Stream::Salsa20>, L<Crypt::Stream::Sober128>, L<Crypt::Stream::Sosemanuk>
87 L<Crypt::Stream::RC4>, L<Crypt::Stream::ChaCha>, L<Crypt::Stream::Salsa20>, L<Crypt::Stream::Sober128>,
88 L<Crypt::Stream::Sosemanuk>, L<Crypt::Stream::Rabbit>
8889
8990 =item * Authenticated encryption modes
9091
11
22 use strict;
33 use warnings;
4 our $VERSION = '0.055';
4 our $VERSION = '0.056';
55
66 use CryptX;
77
3939 ltc/mac/xcbc/xcbc_file.o ltc/mac/xcbc/xcbc_init.o ltc/mac/xcbc/xcbc_memory.o ltc/mac/xcbc/xcbc_memory_multi.o \
4040 ltc/mac/xcbc/xcbc_process.o ltc/math/ltm_desc.o ltc/math/multi.o ltc/math/radix_to_bin.o \
4141 ltc/math/rand_bn.o ltc/math/rand_prime.o ltc/math/tfm_desc.o ltc/math/fp/ltc_ecc_fp_mulmod.o \
42 ltc/misc/adler32.o ltc/misc/burn_stack.o ltc/misc/compare_testvector.o ltc/misc/crc32.o \
43 ltc/misc/error_to_string.o ltc/misc/mem_neq.o ltc/misc/pk_get_oid.o ltc/misc/zeromem.o \
44 ltc/misc/base32/base32_decode.o ltc/misc/base32/base32_encode.o ltc/misc/base64/base64_decode.o \
45 ltc/misc/base64/base64_encode.o ltc/misc/crypt/crypt.o ltc/misc/crypt/crypt_argchk.o \
46 ltc/misc/crypt/crypt_cipher_descriptor.o ltc/misc/crypt/crypt_cipher_is_valid.o ltc/misc/crypt/crypt_constants.o \
47 ltc/misc/crypt/crypt_find_cipher.o ltc/misc/crypt/crypt_find_cipher_any.o ltc/misc/crypt/crypt_find_cipher_id.o \
48 ltc/misc/crypt/crypt_find_hash.o ltc/misc/crypt/crypt_find_hash_any.o ltc/misc/crypt/crypt_find_hash_id.o \
49 ltc/misc/crypt/crypt_find_hash_oid.o ltc/misc/crypt/crypt_find_prng.o ltc/misc/crypt/crypt_fsa.o \
50 ltc/misc/crypt/crypt_hash_descriptor.o ltc/misc/crypt/crypt_hash_is_valid.o ltc/misc/crypt/crypt_inits.o \
51 ltc/misc/crypt/crypt_ltc_mp_descriptor.o ltc/misc/crypt/crypt_prng_descriptor.o ltc/misc/crypt/crypt_prng_is_valid.o \
52 ltc/misc/crypt/crypt_prng_rng_descriptor.o ltc/misc/crypt/crypt_register_all_ciphers.o \
42 ltc/misc/adler32.o ltc/misc/burn_stack.o ltc/misc/compare_testvector.o ltc/misc/copy_or_zeromem.o \
43 ltc/misc/crc32.o ltc/misc/error_to_string.o ltc/misc/mem_neq.o ltc/misc/pk_get_oid.o \
44 ltc/misc/zeromem.o ltc/misc/base32/base32_decode.o ltc/misc/base32/base32_encode.o \
45 ltc/misc/base64/base64_decode.o ltc/misc/base64/base64_encode.o ltc/misc/crypt/crypt.o \
46 ltc/misc/crypt/crypt_argchk.o ltc/misc/crypt/crypt_cipher_descriptor.o ltc/misc/crypt/crypt_cipher_is_valid.o \
47 ltc/misc/crypt/crypt_constants.o ltc/misc/crypt/crypt_find_cipher.o ltc/misc/crypt/crypt_find_cipher_any.o \
48 ltc/misc/crypt/crypt_find_cipher_id.o ltc/misc/crypt/crypt_find_hash.o ltc/misc/crypt/crypt_find_hash_any.o \
49 ltc/misc/crypt/crypt_find_hash_id.o ltc/misc/crypt/crypt_find_hash_oid.o ltc/misc/crypt/crypt_find_prng.o \
50 ltc/misc/crypt/crypt_fsa.o ltc/misc/crypt/crypt_hash_descriptor.o ltc/misc/crypt/crypt_hash_is_valid.o \
51 ltc/misc/crypt/crypt_inits.o ltc/misc/crypt/crypt_ltc_mp_descriptor.o ltc/misc/crypt/crypt_prng_descriptor.o \
52 ltc/misc/crypt/crypt_prng_is_valid.o ltc/misc/crypt/crypt_prng_rng_descriptor.o ltc/misc/crypt/crypt_register_all_ciphers.o \
5353 ltc/misc/crypt/crypt_register_all_hashes.o ltc/misc/crypt/crypt_register_all_prngs.o \
5454 ltc/misc/crypt/crypt_register_cipher.o ltc/misc/crypt/crypt_register_hash.o ltc/misc/crypt/crypt_register_prng.o \
5555 ltc/misc/crypt/crypt_sizes.o ltc/misc/crypt/crypt_unregister_cipher.o ltc/misc/crypt/crypt_unregister_hash.o \
115115 ltc/prngs/rng_get_bytes.o ltc/prngs/rng_make_prng.o ltc/prngs/sober128.o ltc/prngs/sprng.o \
116116 ltc/prngs/yarrow.o ltc/stream/chacha/chacha_crypt.o ltc/stream/chacha/chacha_done.o \
117117 ltc/stream/chacha/chacha_ivctr32.o ltc/stream/chacha/chacha_ivctr64.o ltc/stream/chacha/chacha_keystream.o \
118 ltc/stream/chacha/chacha_setup.o ltc/stream/rc4/rc4_stream.o ltc/stream/salsa20/salsa20_crypt.o \
119 ltc/stream/salsa20/salsa20_done.o ltc/stream/salsa20/salsa20_ivctr64.o ltc/stream/salsa20/salsa20_keystream.o \
120 ltc/stream/salsa20/salsa20_setup.o ltc/stream/sober128/sober128_stream.o ltc/stream/sosemanuk/sosemanuk.o \
121 ltm/bncore.o ltm/bn_error.o ltm/bn_fast_mp_invmod.o ltm/bn_fast_mp_montgomery_reduce.o \
122 ltm/bn_fast_s_mp_mul_digs.o ltm/bn_fast_s_mp_mul_high_digs.o ltm/bn_fast_s_mp_sqr.o \
123 ltm/bn_mp_2expt.o ltm/bn_mp_abs.o ltm/bn_mp_add.o ltm/bn_mp_addmod.o ltm/bn_mp_add_d.o \
124 ltm/bn_mp_and.o ltm/bn_mp_clamp.o ltm/bn_mp_clear.o ltm/bn_mp_clear_multi.o ltm/bn_mp_cmp.o \
125 ltm/bn_mp_cmp_d.o ltm/bn_mp_cmp_mag.o ltm/bn_mp_cnt_lsb.o ltm/bn_mp_copy.o ltm/bn_mp_count_bits.o \
126 ltm/bn_mp_div.o ltm/bn_mp_div_2.o ltm/bn_mp_div_2d.o ltm/bn_mp_div_3.o ltm/bn_mp_div_d.o \
127 ltm/bn_mp_dr_is_modulus.o ltm/bn_mp_dr_reduce.o ltm/bn_mp_dr_setup.o ltm/bn_mp_exch.o \
128 ltm/bn_mp_export.o ltm/bn_mp_exptmod.o ltm/bn_mp_exptmod_fast.o ltm/bn_mp_expt_d.o \
129 ltm/bn_mp_expt_d_ex.o ltm/bn_mp_exteuclid.o ltm/bn_mp_fread.o ltm/bn_mp_fwrite.o \
130 ltm/bn_mp_gcd.o ltm/bn_mp_get_int.o ltm/bn_mp_get_long.o ltm/bn_mp_get_long_long.o \
118 ltc/stream/chacha/chacha_setup.o ltc/stream/rabbit/rabbit.o ltc/stream/rc4/rc4_stream.o \
119 ltc/stream/salsa20/salsa20_crypt.o ltc/stream/salsa20/salsa20_done.o ltc/stream/salsa20/salsa20_ivctr64.o \
120 ltc/stream/salsa20/salsa20_keystream.o ltc/stream/salsa20/salsa20_setup.o ltc/stream/sober128/sober128_stream.o \
121 ltc/stream/sosemanuk/sosemanuk.o ltm/bncore.o ltm/bn_error.o ltm/bn_fast_mp_invmod.o \
122 ltm/bn_fast_mp_montgomery_reduce.o ltm/bn_fast_s_mp_mul_digs.o ltm/bn_fast_s_mp_mul_high_digs.o \
123 ltm/bn_fast_s_mp_sqr.o ltm/bn_mp_2expt.o ltm/bn_mp_abs.o ltm/bn_mp_add.o ltm/bn_mp_addmod.o \
124 ltm/bn_mp_add_d.o ltm/bn_mp_and.o ltm/bn_mp_clamp.o ltm/bn_mp_clear.o ltm/bn_mp_clear_multi.o \
125 ltm/bn_mp_cmp.o ltm/bn_mp_cmp_d.o ltm/bn_mp_cmp_mag.o ltm/bn_mp_cnt_lsb.o ltm/bn_mp_copy.o \
126 ltm/bn_mp_count_bits.o ltm/bn_mp_div.o ltm/bn_mp_div_2.o ltm/bn_mp_div_2d.o ltm/bn_mp_div_3.o \
127 ltm/bn_mp_div_d.o ltm/bn_mp_dr_is_modulus.o ltm/bn_mp_dr_reduce.o ltm/bn_mp_dr_setup.o \
128 ltm/bn_mp_exch.o ltm/bn_mp_export.o ltm/bn_mp_exptmod.o ltm/bn_mp_exptmod_fast.o \
129 ltm/bn_mp_expt_d.o ltm/bn_mp_expt_d_ex.o ltm/bn_mp_exteuclid.o ltm/bn_mp_fread.o \
130 ltm/bn_mp_fwrite.o ltm/bn_mp_gcd.o ltm/bn_mp_get_int.o ltm/bn_mp_get_long.o ltm/bn_mp_get_long_long.o \
131131 ltm/bn_mp_grow.o ltm/bn_mp_import.o ltm/bn_mp_init.o ltm/bn_mp_init_copy.o ltm/bn_mp_init_multi.o \
132132 ltm/bn_mp_init_set.o ltm/bn_mp_init_set_int.o ltm/bn_mp_init_size.o ltm/bn_mp_invmod.o \
133133 ltm/bn_mp_invmod_slow.o ltm/bn_mp_is_square.o ltm/bn_mp_jacobi.o ltm/bn_mp_karatsuba_mul.o \
4242 ltc/mac/xcbc/xcbc_init.obj ltc/mac/xcbc/xcbc_memory.obj ltc/mac/xcbc/xcbc_memory_multi.obj \
4343 ltc/mac/xcbc/xcbc_process.obj ltc/math/ltm_desc.obj ltc/math/multi.obj ltc/math/radix_to_bin.obj \
4444 ltc/math/rand_bn.obj ltc/math/rand_prime.obj ltc/math/tfm_desc.obj ltc/math/fp/ltc_ecc_fp_mulmod.obj \
45 ltc/misc/adler32.obj ltc/misc/burn_stack.obj ltc/misc/compare_testvector.obj ltc/misc/crc32.obj \
46 ltc/misc/error_to_string.obj ltc/misc/mem_neq.obj ltc/misc/pk_get_oid.obj ltc/misc/zeromem.obj \
47 ltc/misc/base32/base32_decode.obj ltc/misc/base32/base32_encode.obj ltc/misc/base64/base64_decode.obj \
48 ltc/misc/base64/base64_encode.obj ltc/misc/crypt/crypt.obj ltc/misc/crypt/crypt_argchk.obj \
49 ltc/misc/crypt/crypt_cipher_descriptor.obj ltc/misc/crypt/crypt_cipher_is_valid.obj \
45 ltc/misc/adler32.obj ltc/misc/burn_stack.obj ltc/misc/compare_testvector.obj ltc/misc/copy_or_zeromem.obj \
46 ltc/misc/crc32.obj ltc/misc/error_to_string.obj ltc/misc/mem_neq.obj ltc/misc/pk_get_oid.obj \
47 ltc/misc/zeromem.obj ltc/misc/base32/base32_decode.obj ltc/misc/base32/base32_encode.obj \
48 ltc/misc/base64/base64_decode.obj ltc/misc/base64/base64_encode.obj ltc/misc/crypt/crypt.obj \
49 ltc/misc/crypt/crypt_argchk.obj ltc/misc/crypt/crypt_cipher_descriptor.obj ltc/misc/crypt/crypt_cipher_is_valid.obj \
5050 ltc/misc/crypt/crypt_constants.obj ltc/misc/crypt/crypt_find_cipher.obj ltc/misc/crypt/crypt_find_cipher_any.obj \
5151 ltc/misc/crypt/crypt_find_cipher_id.obj ltc/misc/crypt/crypt_find_hash.obj ltc/misc/crypt/crypt_find_hash_any.obj \
5252 ltc/misc/crypt/crypt_find_hash_id.obj ltc/misc/crypt/crypt_find_hash_oid.obj ltc/misc/crypt/crypt_find_prng.obj \
123123 ltc/prngs/rng_get_bytes.obj ltc/prngs/rng_make_prng.obj ltc/prngs/sober128.obj ltc/prngs/sprng.obj \
124124 ltc/prngs/yarrow.obj ltc/stream/chacha/chacha_crypt.obj ltc/stream/chacha/chacha_done.obj \
125125 ltc/stream/chacha/chacha_ivctr32.obj ltc/stream/chacha/chacha_ivctr64.obj ltc/stream/chacha/chacha_keystream.obj \
126 ltc/stream/chacha/chacha_setup.obj ltc/stream/rc4/rc4_stream.obj ltc/stream/salsa20/salsa20_crypt.obj \
127 ltc/stream/salsa20/salsa20_done.obj ltc/stream/salsa20/salsa20_ivctr64.obj ltc/stream/salsa20/salsa20_keystream.obj \
128 ltc/stream/salsa20/salsa20_setup.obj ltc/stream/sober128/sober128_stream.obj ltc/stream/sosemanuk/sosemanuk.obj \
129 ltm/bncore.obj ltm/bn_error.obj ltm/bn_fast_mp_invmod.obj ltm/bn_fast_mp_montgomery_reduce.obj \
130 ltm/bn_fast_s_mp_mul_digs.obj ltm/bn_fast_s_mp_mul_high_digs.obj ltm/bn_fast_s_mp_sqr.obj \
131 ltm/bn_mp_2expt.obj ltm/bn_mp_abs.obj ltm/bn_mp_add.obj ltm/bn_mp_addmod.obj ltm/bn_mp_add_d.obj \
132 ltm/bn_mp_and.obj ltm/bn_mp_clamp.obj ltm/bn_mp_clear.obj ltm/bn_mp_clear_multi.obj \
133 ltm/bn_mp_cmp.obj ltm/bn_mp_cmp_d.obj ltm/bn_mp_cmp_mag.obj ltm/bn_mp_cnt_lsb.obj \
134 ltm/bn_mp_copy.obj ltm/bn_mp_count_bits.obj ltm/bn_mp_div.obj ltm/bn_mp_div_2.obj \
135 ltm/bn_mp_div_2d.obj ltm/bn_mp_div_3.obj ltm/bn_mp_div_d.obj ltm/bn_mp_dr_is_modulus.obj \
136 ltm/bn_mp_dr_reduce.obj ltm/bn_mp_dr_setup.obj ltm/bn_mp_exch.obj ltm/bn_mp_export.obj \
137 ltm/bn_mp_exptmod.obj ltm/bn_mp_exptmod_fast.obj ltm/bn_mp_expt_d.obj ltm/bn_mp_expt_d_ex.obj \
138 ltm/bn_mp_exteuclid.obj ltm/bn_mp_fread.obj ltm/bn_mp_fwrite.obj ltm/bn_mp_gcd.obj \
139 ltm/bn_mp_get_int.obj ltm/bn_mp_get_long.obj ltm/bn_mp_get_long_long.obj ltm/bn_mp_grow.obj \
140 ltm/bn_mp_import.obj ltm/bn_mp_init.obj ltm/bn_mp_init_copy.obj ltm/bn_mp_init_multi.obj \
141 ltm/bn_mp_init_set.obj ltm/bn_mp_init_set_int.obj ltm/bn_mp_init_size.obj ltm/bn_mp_invmod.obj \
142 ltm/bn_mp_invmod_slow.obj ltm/bn_mp_is_square.obj ltm/bn_mp_jacobi.obj ltm/bn_mp_karatsuba_mul.obj \
143 ltm/bn_mp_karatsuba_sqr.obj ltm/bn_mp_lcm.obj ltm/bn_mp_lshd.obj ltm/bn_mp_mod.obj \
144 ltm/bn_mp_mod_2d.obj ltm/bn_mp_mod_d.obj ltm/bn_mp_montgomery_calc_normalization.obj \
126 ltc/stream/chacha/chacha_setup.obj ltc/stream/rabbit/rabbit.obj ltc/stream/rc4/rc4_stream.obj \
127 ltc/stream/salsa20/salsa20_crypt.obj ltc/stream/salsa20/salsa20_done.obj ltc/stream/salsa20/salsa20_ivctr64.obj \
128 ltc/stream/salsa20/salsa20_keystream.obj ltc/stream/salsa20/salsa20_setup.obj ltc/stream/sober128/sober128_stream.obj \
129 ltc/stream/sosemanuk/sosemanuk.obj ltm/bncore.obj ltm/bn_error.obj ltm/bn_fast_mp_invmod.obj \
130 ltm/bn_fast_mp_montgomery_reduce.obj ltm/bn_fast_s_mp_mul_digs.obj ltm/bn_fast_s_mp_mul_high_digs.obj \
131 ltm/bn_fast_s_mp_sqr.obj ltm/bn_mp_2expt.obj ltm/bn_mp_abs.obj ltm/bn_mp_add.obj \
132 ltm/bn_mp_addmod.obj ltm/bn_mp_add_d.obj ltm/bn_mp_and.obj ltm/bn_mp_clamp.obj ltm/bn_mp_clear.obj \
133 ltm/bn_mp_clear_multi.obj ltm/bn_mp_cmp.obj ltm/bn_mp_cmp_d.obj ltm/bn_mp_cmp_mag.obj \
134 ltm/bn_mp_cnt_lsb.obj ltm/bn_mp_copy.obj ltm/bn_mp_count_bits.obj ltm/bn_mp_div.obj \
135 ltm/bn_mp_div_2.obj ltm/bn_mp_div_2d.obj ltm/bn_mp_div_3.obj ltm/bn_mp_div_d.obj \
136 ltm/bn_mp_dr_is_modulus.obj ltm/bn_mp_dr_reduce.obj ltm/bn_mp_dr_setup.obj ltm/bn_mp_exch.obj \
137 ltm/bn_mp_export.obj ltm/bn_mp_exptmod.obj ltm/bn_mp_exptmod_fast.obj ltm/bn_mp_expt_d.obj \
138 ltm/bn_mp_expt_d_ex.obj ltm/bn_mp_exteuclid.obj ltm/bn_mp_fread.obj ltm/bn_mp_fwrite.obj \
139 ltm/bn_mp_gcd.obj ltm/bn_mp_get_int.obj ltm/bn_mp_get_long.obj ltm/bn_mp_get_long_long.obj \
140 ltm/bn_mp_grow.obj ltm/bn_mp_import.obj ltm/bn_mp_init.obj ltm/bn_mp_init_copy.obj \
141 ltm/bn_mp_init_multi.obj ltm/bn_mp_init_set.obj ltm/bn_mp_init_set_int.obj ltm/bn_mp_init_size.obj \
142 ltm/bn_mp_invmod.obj ltm/bn_mp_invmod_slow.obj ltm/bn_mp_is_square.obj ltm/bn_mp_jacobi.obj \
143 ltm/bn_mp_karatsuba_mul.obj ltm/bn_mp_karatsuba_sqr.obj ltm/bn_mp_lcm.obj ltm/bn_mp_lshd.obj \
144 ltm/bn_mp_mod.obj ltm/bn_mp_mod_2d.obj ltm/bn_mp_mod_d.obj ltm/bn_mp_montgomery_calc_normalization.obj \
145145 ltm/bn_mp_montgomery_reduce.obj ltm/bn_mp_montgomery_setup.obj ltm/bn_mp_mul.obj \
146146 ltm/bn_mp_mulmod.obj ltm/bn_mp_mul_2.obj ltm/bn_mp_mul_2d.obj ltm/bn_mp_mul_d.obj \
147147 ltm/bn_mp_neg.obj ltm/bn_mp_n_root.obj ltm/bn_mp_n_root_ex.obj ltm/bn_mp_or.obj ltm/bn_mp_prime_fermat.obj \
5050 symmetric_key *skey;
5151 int err;
5252 unsigned long len, L, x, y, z, CTRlen;
53 #ifdef LTC_FAST
54 LTC_FAST_TYPE fastMask = ~0; /* initialize fastMask at all zeroes */
55 #endif
56 unsigned char mask = 0xff; /* initialize mask at all zeroes */
5753
5854 if (uskey == NULL) {
5955 LTC_ARGCHK(key != NULL);
359355
360356 /* Zero the plaintext if the tag was invalid (in constant time) */
361357 if (ptlen > 0) {
362 y = 0;
363 mask *= 1 - err; /* mask = ( err ? 0 : 0xff ) */
364 #ifdef LTC_FAST
365 fastMask *= 1 - err;
366 if (ptlen & ~15) {
367 for (; y < (ptlen & ~15); y += 16) {
368 for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
369 *(LTC_FAST_TYPE_PTR_CAST(&pt_real[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) & fastMask;
370 }
371 }
372 }
373 #endif
374 for (; y < ptlen; y++) {
375 pt_real[y] = pt[y] & mask;
376 }
358 copy_or_zeromem(pt, pt_real, ptlen, err);
377359 }
378360 }
379361
380362 #ifdef LTC_CLEAN_STACK
381 #ifdef LTC_FAST
382 fastMask = 0;
383 #endif
384 mask = 0;
385363 zeromem(PAD, sizeof(PAD));
386364 zeromem(CTRPAD, sizeof(CTRPAD));
387365 if (pt_work != NULL) {
10301030
10311031 #endif /* LTC_SALSA20 */
10321032
1033
1034
10351033 #ifdef LTC_SOSEMANUK
10361034
10371035 typedef struct {
10561054
10571055 #endif /* LTC_SOSEMANUK */
10581056
1059
1057 #ifdef LTC_RABBIT
1058
1059 typedef struct {
1060 ulong32 x[8];
1061 ulong32 c[8];
1062 ulong32 carry;
1063 } rabbit_ctx;
1064
1065 typedef struct {
1066 rabbit_ctx master_ctx;
1067 rabbit_ctx work_ctx;
1068 unsigned char block[16]; /* last keystream block containing unused bytes */
1069 ulong32 unused; /* count fm right */
1070 } rabbit_state;
1071
1072 int rabbit_setup(rabbit_state* st, const unsigned char *key, unsigned long keylen);
1073 int rabbit_setiv(rabbit_state* st, const unsigned char *iv, unsigned long ivlen);
1074 int rabbit_crypt(rabbit_state* st, const unsigned char *in, unsigned long inlen, unsigned char *out);
1075 int rabbit_keystream(rabbit_state* st, unsigned char *out, unsigned long outlen);
1076 int rabbit_done(rabbit_state *st);
1077 int rabbit_test(void);
1078
1079 #endif /* LTC_RABBIT */
10601080
10611081 #ifdef LTC_RC4_STREAM
10621082
208208 #define LTC_CHACHA
209209 #define LTC_SALSA20
210210 #define LTC_SOSEMANUK
211 #define LTC_RABBIT
211212 #define LTC_RC4_STREAM
212213 #define LTC_SOBER128_STREAM
213214
582583 #define LTC_MUTEX_INIT(x) LTC_ARGCHK(pthread_mutex_init(x, NULL) == 0);
583584 #define LTC_MUTEX_LOCK(x) LTC_ARGCHK(pthread_mutex_lock(x) == 0);
584585 #define LTC_MUTEX_UNLOCK(x) LTC_ARGCHK(pthread_mutex_unlock(x) == 0);
586 #define LTC_MUTEX_DESTROY(x) LTC_ARGCHK(pthread_mutex_destroy(x) == 0);
585587
586588 #else
587589
592594 #define LTC_MUTEX_INIT(x)
593595 #define LTC_MUTEX_LOCK(x)
594596 #define LTC_MUTEX_UNLOCK(x)
597 #define LTC_MUTEX_DESTROY(x)
595598
596599 #endif
597600
145145 int blake2bmac_test(void);
146146 #endif /* LTC_BLAKE2BMAC */
147147
148 #ifdef LTC_EAX_MODE
149
150 #if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE))
151 #error LTC_EAX_MODE requires LTC_OMAC and CTR
152 #endif
153
154 typedef struct {
155 unsigned char N[MAXBLOCKSIZE];
156 symmetric_CTR ctr;
157 omac_state headeromac, ctomac;
158 } eax_state;
159
160 int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
161 const unsigned char *nonce, unsigned long noncelen,
162 const unsigned char *header, unsigned long headerlen);
163
164 int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length);
165 int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length);
166 int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length);
167 int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen);
168
169 int eax_encrypt_authenticate_memory(int cipher,
170 const unsigned char *key, unsigned long keylen,
171 const unsigned char *nonce, unsigned long noncelen,
172 const unsigned char *header, unsigned long headerlen,
173 const unsigned char *pt, unsigned long ptlen,
174 unsigned char *ct,
175 unsigned char *tag, unsigned long *taglen);
176
177 int eax_decrypt_verify_memory(int cipher,
178 const unsigned char *key, unsigned long keylen,
179 const unsigned char *nonce, unsigned long noncelen,
180 const unsigned char *header, unsigned long headerlen,
181 const unsigned char *ct, unsigned long ctlen,
182 unsigned char *pt,
183 unsigned char *tag, unsigned long taglen,
184 int *stat);
185
186 int eax_test(void);
187 #endif /* EAX MODE */
188
189 #ifdef LTC_OCB_MODE
190 typedef struct {
191 unsigned char L[MAXBLOCKSIZE], /* L value */
192 Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
193 Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
194 Lr[MAXBLOCKSIZE], /* L * x^-1 */
195 R[MAXBLOCKSIZE], /* R value */
196 checksum[MAXBLOCKSIZE]; /* current checksum */
197
198 symmetric_key key; /* scheduled key for cipher */
199 unsigned long block_index; /* index # for current block */
200 int cipher, /* cipher idx */
201 block_len; /* length of block */
202 } ocb_state;
203
204 int ocb_init(ocb_state *ocb, int cipher,
205 const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
206
207 int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
208 int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
209
210 int ocb_done_encrypt(ocb_state *ocb,
211 const unsigned char *pt, unsigned long ptlen,
212 unsigned char *ct,
213 unsigned char *tag, unsigned long *taglen);
214
215 int ocb_done_decrypt(ocb_state *ocb,
216 const unsigned char *ct, unsigned long ctlen,
217 unsigned char *pt,
218 const unsigned char *tag, unsigned long taglen, int *stat);
219
220 int ocb_encrypt_authenticate_memory(int cipher,
221 const unsigned char *key, unsigned long keylen,
222 const unsigned char *nonce,
223 const unsigned char *pt, unsigned long ptlen,
224 unsigned char *ct,
225 unsigned char *tag, unsigned long *taglen);
226
227 int ocb_decrypt_verify_memory(int cipher,
228 const unsigned char *key, unsigned long keylen,
229 const unsigned char *nonce,
230 const unsigned char *ct, unsigned long ctlen,
231 unsigned char *pt,
232 const unsigned char *tag, unsigned long taglen,
233 int *stat);
234
235 int ocb_test(void);
236
237 /* internal functions */
238 void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
239 int ocb_ntz(unsigned long x);
240 int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
241 unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
242
243 #endif /* LTC_OCB_MODE */
244
245 #ifdef LTC_OCB3_MODE
246 typedef struct {
247 unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */
248 Offset_current[MAXBLOCKSIZE], /* Offset_{current_block_index} value */
249 L_dollar[MAXBLOCKSIZE], /* L_$ value */
250 L_star[MAXBLOCKSIZE], /* L_* value */
251 L_[32][MAXBLOCKSIZE], /* L_{i} values */
252 tag_part[MAXBLOCKSIZE], /* intermediate result of tag calculation */
253 checksum[MAXBLOCKSIZE]; /* current checksum */
254
255 /* AAD related members */
256 unsigned char aSum_current[MAXBLOCKSIZE], /* AAD related helper variable */
257 aOffset_current[MAXBLOCKSIZE], /* AAD related helper variable */
258 adata_buffer[MAXBLOCKSIZE]; /* AAD buffer */
259 int adata_buffer_bytes; /* bytes in AAD buffer */
260 unsigned long ablock_index; /* index # for current adata (AAD) block */
261
262 symmetric_key key; /* scheduled key for cipher */
263 unsigned long block_index; /* index # for current data block */
264 int cipher, /* cipher idx */
265 tag_len, /* length of tag */
266 block_len; /* length of block */
267 } ocb3_state;
268
269 int ocb3_init(ocb3_state *ocb, int cipher,
270 const unsigned char *key, unsigned long keylen,
271 const unsigned char *nonce, unsigned long noncelen,
272 unsigned long taglen);
273
274 int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
275 int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
276 int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
277 int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
278 int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen);
279 int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen);
280
281 int ocb3_encrypt_authenticate_memory(int cipher,
282 const unsigned char *key, unsigned long keylen,
283 const unsigned char *nonce, unsigned long noncelen,
284 const unsigned char *adata, unsigned long adatalen,
285 const unsigned char *pt, unsigned long ptlen,
286 unsigned char *ct,
287 unsigned char *tag, unsigned long *taglen);
288
289 int ocb3_decrypt_verify_memory(int cipher,
290 const unsigned char *key, unsigned long keylen,
291 const unsigned char *nonce, unsigned long noncelen,
292 const unsigned char *adata, unsigned long adatalen,
293 const unsigned char *ct, unsigned long ctlen,
294 unsigned char *pt,
295 const unsigned char *tag, unsigned long taglen,
296 int *stat);
297
298 int ocb3_test(void);
299
300 #ifdef LTC_SOURCE
301 /* internal helper functions */
302 int ocb3_int_ntz(unsigned long x);
303 void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len);
304 #endif /* LTC_SOURCE */
305
306 #endif /* LTC_OCB3_MODE */
307
308 #ifdef LTC_CCM_MODE
309
310 #define CCM_ENCRYPT LTC_ENCRYPT
311 #define CCM_DECRYPT LTC_DECRYPT
312
313 typedef struct {
314 symmetric_key K;
315 int cipher, /* which cipher */
316 taglen, /* length of the tag */
317 x; /* index in PAD */
318
319 unsigned long L, /* L value */
320 ptlen, /* length that will be enc / dec */
321 current_ptlen, /* current processed length */
322 aadlen, /* length of the aad */
323 current_aadlen, /* length of the currently provided add */
324 noncelen; /* length of the nonce */
325
326 unsigned char PAD[16],
327 ctr[16],
328 CTRPAD[16],
329 CTRlen;
330 } ccm_state;
331
332 int ccm_init(ccm_state *ccm, int cipher,
333 const unsigned char *key, int keylen, int ptlen, int taglen, int aad_len);
334
335 int ccm_reset(ccm_state *ccm);
336
337 int ccm_add_nonce(ccm_state *ccm,
338 const unsigned char *nonce, unsigned long noncelen);
339
340 int ccm_add_aad(ccm_state *ccm,
341 const unsigned char *adata, unsigned long adatalen);
342
343 int ccm_process(ccm_state *ccm,
344 unsigned char *pt, unsigned long ptlen,
345 unsigned char *ct,
346 int direction);
347
348 int ccm_done(ccm_state *ccm,
349 unsigned char *tag, unsigned long *taglen);
350
351 int ccm_memory(int cipher,
352 const unsigned char *key, unsigned long keylen,
353 symmetric_key *uskey,
354 const unsigned char *nonce, unsigned long noncelen,
355 const unsigned char *header, unsigned long headerlen,
356 unsigned char *pt, unsigned long ptlen,
357 unsigned char *ct,
358 unsigned char *tag, unsigned long *taglen,
359 int direction);
360
361 int ccm_test(void);
362
363 #endif /* LTC_CCM_MODE */
364
365 #if defined(LRW_MODE) || defined(LTC_GCM_MODE)
366 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
367 #endif
368
369
370 /* table shared between GCM and LRW */
371 #if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST))
372 extern const unsigned char gcm_shift_table[];
373 #endif
374
375 #ifdef LTC_GCM_MODE
376
377 #define GCM_ENCRYPT LTC_ENCRYPT
378 #define GCM_DECRYPT LTC_DECRYPT
379
380 #define LTC_GCM_MODE_IV 0
381 #define LTC_GCM_MODE_AAD 1
382 #define LTC_GCM_MODE_TEXT 2
383
384 typedef struct {
385 symmetric_key K;
386 unsigned char H[16], /* multiplier */
387 X[16], /* accumulator */
388 Y[16], /* counter */
389 Y_0[16], /* initial counter */
390 buf[16]; /* buffer for stuff */
391
392 int cipher, /* which cipher */
393 ivmode, /* Which mode is the IV in? */
394 mode, /* mode the GCM code is in */
395 buflen; /* length of data in buf */
396
397 ulong64 totlen, /* 64-bit counter used for IV and AAD */
398 pttotlen; /* 64-bit counter for the PT */
399
400 #ifdef LTC_GCM_TABLES
401 unsigned char PC[16][256][16] /* 16 tables of 8x128 */
402 #ifdef LTC_GCM_TABLES_SSE2
403 __attribute__ ((aligned (16)))
404 #endif
405 ;
406 #endif
407 } gcm_state;
408
409 void gcm_mult_h(gcm_state *gcm, unsigned char *I);
410
411 int gcm_init(gcm_state *gcm, int cipher,
412 const unsigned char *key, int keylen);
413
414 int gcm_reset(gcm_state *gcm);
415
416 int gcm_add_iv(gcm_state *gcm,
417 const unsigned char *IV, unsigned long IVlen);
418
419 int gcm_add_aad(gcm_state *gcm,
420 const unsigned char *adata, unsigned long adatalen);
421
422 int gcm_process(gcm_state *gcm,
423 unsigned char *pt, unsigned long ptlen,
424 unsigned char *ct,
425 int direction);
426
427 int gcm_done(gcm_state *gcm,
428 unsigned char *tag, unsigned long *taglen);
429
430 int gcm_memory( int cipher,
431 const unsigned char *key, unsigned long keylen,
432 const unsigned char *IV, unsigned long IVlen,
433 const unsigned char *adata, unsigned long adatalen,
434 unsigned char *pt, unsigned long ptlen,
435 unsigned char *ct,
436 unsigned char *tag, unsigned long *taglen,
437 int direction);
438 int gcm_test(void);
439
440 #endif /* LTC_GCM_MODE */
441
442148 #ifdef LTC_PELICAN
443149
444150 typedef struct pelican_state
528234
529235 #endif
530236
237 /*
238 * ENC+AUTH modes
239 */
240
241 #ifdef LTC_EAX_MODE
242
243 #if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE))
244 #error LTC_EAX_MODE requires LTC_OMAC and CTR
245 #endif
246
247 typedef struct {
248 unsigned char N[MAXBLOCKSIZE];
249 symmetric_CTR ctr;
250 omac_state headeromac, ctomac;
251 } eax_state;
252
253 int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
254 const unsigned char *nonce, unsigned long noncelen,
255 const unsigned char *header, unsigned long headerlen);
256
257 int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length);
258 int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length);
259 int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length);
260 int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen);
261
262 int eax_encrypt_authenticate_memory(int cipher,
263 const unsigned char *key, unsigned long keylen,
264 const unsigned char *nonce, unsigned long noncelen,
265 const unsigned char *header, unsigned long headerlen,
266 const unsigned char *pt, unsigned long ptlen,
267 unsigned char *ct,
268 unsigned char *tag, unsigned long *taglen);
269
270 int eax_decrypt_verify_memory(int cipher,
271 const unsigned char *key, unsigned long keylen,
272 const unsigned char *nonce, unsigned long noncelen,
273 const unsigned char *header, unsigned long headerlen,
274 const unsigned char *ct, unsigned long ctlen,
275 unsigned char *pt,
276 unsigned char *tag, unsigned long taglen,
277 int *stat);
278
279 int eax_test(void);
280 #endif /* EAX MODE */
281
282 #ifdef LTC_OCB_MODE
283 typedef struct {
284 unsigned char L[MAXBLOCKSIZE], /* L value */
285 Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
286 Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
287 Lr[MAXBLOCKSIZE], /* L * x^-1 */
288 R[MAXBLOCKSIZE], /* R value */
289 checksum[MAXBLOCKSIZE]; /* current checksum */
290
291 symmetric_key key; /* scheduled key for cipher */
292 unsigned long block_index; /* index # for current block */
293 int cipher, /* cipher idx */
294 block_len; /* length of block */
295 } ocb_state;
296
297 int ocb_init(ocb_state *ocb, int cipher,
298 const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
299
300 int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
301 int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
302
303 int ocb_done_encrypt(ocb_state *ocb,
304 const unsigned char *pt, unsigned long ptlen,
305 unsigned char *ct,
306 unsigned char *tag, unsigned long *taglen);
307
308 int ocb_done_decrypt(ocb_state *ocb,
309 const unsigned char *ct, unsigned long ctlen,
310 unsigned char *pt,
311 const unsigned char *tag, unsigned long taglen, int *stat);
312
313 int ocb_encrypt_authenticate_memory(int cipher,
314 const unsigned char *key, unsigned long keylen,
315 const unsigned char *nonce,
316 const unsigned char *pt, unsigned long ptlen,
317 unsigned char *ct,
318 unsigned char *tag, unsigned long *taglen);
319
320 int ocb_decrypt_verify_memory(int cipher,
321 const unsigned char *key, unsigned long keylen,
322 const unsigned char *nonce,
323 const unsigned char *ct, unsigned long ctlen,
324 unsigned char *pt,
325 const unsigned char *tag, unsigned long taglen,
326 int *stat);
327
328 int ocb_test(void);
329
330 /* internal functions */
331 void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
332 int ocb_ntz(unsigned long x);
333 int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
334 unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
335
336 #endif /* LTC_OCB_MODE */
337
338 #ifdef LTC_OCB3_MODE
339 typedef struct {
340 unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */
341 Offset_current[MAXBLOCKSIZE], /* Offset_{current_block_index} value */
342 L_dollar[MAXBLOCKSIZE], /* L_$ value */
343 L_star[MAXBLOCKSIZE], /* L_* value */
344 L_[32][MAXBLOCKSIZE], /* L_{i} values */
345 tag_part[MAXBLOCKSIZE], /* intermediate result of tag calculation */
346 checksum[MAXBLOCKSIZE]; /* current checksum */
347
348 /* AAD related members */
349 unsigned char aSum_current[MAXBLOCKSIZE], /* AAD related helper variable */
350 aOffset_current[MAXBLOCKSIZE], /* AAD related helper variable */
351 adata_buffer[MAXBLOCKSIZE]; /* AAD buffer */
352 int adata_buffer_bytes; /* bytes in AAD buffer */
353 unsigned long ablock_index; /* index # for current adata (AAD) block */
354
355 symmetric_key key; /* scheduled key for cipher */
356 unsigned long block_index; /* index # for current data block */
357 int cipher, /* cipher idx */
358 tag_len, /* length of tag */
359 block_len; /* length of block */
360 } ocb3_state;
361
362 int ocb3_init(ocb3_state *ocb, int cipher,
363 const unsigned char *key, unsigned long keylen,
364 const unsigned char *nonce, unsigned long noncelen,
365 unsigned long taglen);
366
367 int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
368 int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
369 int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
370 int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
371 int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen);
372 int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen);
373
374 int ocb3_encrypt_authenticate_memory(int cipher,
375 const unsigned char *key, unsigned long keylen,
376 const unsigned char *nonce, unsigned long noncelen,
377 const unsigned char *adata, unsigned long adatalen,
378 const unsigned char *pt, unsigned long ptlen,
379 unsigned char *ct,
380 unsigned char *tag, unsigned long *taglen);
381
382 int ocb3_decrypt_verify_memory(int cipher,
383 const unsigned char *key, unsigned long keylen,
384 const unsigned char *nonce, unsigned long noncelen,
385 const unsigned char *adata, unsigned long adatalen,
386 const unsigned char *ct, unsigned long ctlen,
387 unsigned char *pt,
388 const unsigned char *tag, unsigned long taglen,
389 int *stat);
390
391 int ocb3_test(void);
392
393 #ifdef LTC_SOURCE
394 /* internal helper functions */
395 int ocb3_int_ntz(unsigned long x);
396 void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len);
397 #endif /* LTC_SOURCE */
398
399 #endif /* LTC_OCB3_MODE */
400
401 #ifdef LTC_CCM_MODE
402
403 #define CCM_ENCRYPT LTC_ENCRYPT
404 #define CCM_DECRYPT LTC_DECRYPT
405
406 typedef struct {
407 symmetric_key K;
408 int cipher, /* which cipher */
409 taglen, /* length of the tag */
410 x; /* index in PAD */
411
412 unsigned long L, /* L value */
413 ptlen, /* length that will be enc / dec */
414 current_ptlen, /* current processed length */
415 aadlen, /* length of the aad */
416 current_aadlen, /* length of the currently provided add */
417 noncelen; /* length of the nonce */
418
419 unsigned char PAD[16],
420 ctr[16],
421 CTRPAD[16],
422 CTRlen;
423 } ccm_state;
424
425 int ccm_init(ccm_state *ccm, int cipher,
426 const unsigned char *key, int keylen, int ptlen, int taglen, int aad_len);
427
428 int ccm_reset(ccm_state *ccm);
429
430 int ccm_add_nonce(ccm_state *ccm,
431 const unsigned char *nonce, unsigned long noncelen);
432
433 int ccm_add_aad(ccm_state *ccm,
434 const unsigned char *adata, unsigned long adatalen);
435
436 int ccm_process(ccm_state *ccm,
437 unsigned char *pt, unsigned long ptlen,
438 unsigned char *ct,
439 int direction);
440
441 int ccm_done(ccm_state *ccm,
442 unsigned char *tag, unsigned long *taglen);
443
444 int ccm_memory(int cipher,
445 const unsigned char *key, unsigned long keylen,
446 symmetric_key *uskey,
447 const unsigned char *nonce, unsigned long noncelen,
448 const unsigned char *header, unsigned long headerlen,
449 unsigned char *pt, unsigned long ptlen,
450 unsigned char *ct,
451 unsigned char *tag, unsigned long *taglen,
452 int direction);
453
454 int ccm_test(void);
455
456 #endif /* LTC_CCM_MODE */
457
458 #if defined(LRW_MODE) || defined(LTC_GCM_MODE)
459 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
460 #endif
461
462
463 /* table shared between GCM and LRW */
464 #if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST))
465 extern const unsigned char gcm_shift_table[];
466 #endif
467
468 #ifdef LTC_GCM_MODE
469
470 #define GCM_ENCRYPT LTC_ENCRYPT
471 #define GCM_DECRYPT LTC_DECRYPT
472
473 #define LTC_GCM_MODE_IV 0
474 #define LTC_GCM_MODE_AAD 1
475 #define LTC_GCM_MODE_TEXT 2
476
477 typedef struct {
478 symmetric_key K;
479 unsigned char H[16], /* multiplier */
480 X[16], /* accumulator */
481 Y[16], /* counter */
482 Y_0[16], /* initial counter */
483 buf[16]; /* buffer for stuff */
484
485 int cipher, /* which cipher */
486 ivmode, /* Which mode is the IV in? */
487 mode, /* mode the GCM code is in */
488 buflen; /* length of data in buf */
489
490 ulong64 totlen, /* 64-bit counter used for IV and AAD */
491 pttotlen; /* 64-bit counter for the PT */
492
493 #ifdef LTC_GCM_TABLES
494 unsigned char PC[16][256][16] /* 16 tables of 8x128 */
495 #ifdef LTC_GCM_TABLES_SSE2
496 __attribute__ ((aligned (16)))
497 #endif
498 ;
499 #endif
500 } gcm_state;
501
502 void gcm_mult_h(gcm_state *gcm, unsigned char *I);
503
504 int gcm_init(gcm_state *gcm, int cipher,
505 const unsigned char *key, int keylen);
506
507 int gcm_reset(gcm_state *gcm);
508
509 int gcm_add_iv(gcm_state *gcm,
510 const unsigned char *IV, unsigned long IVlen);
511
512 int gcm_add_aad(gcm_state *gcm,
513 const unsigned char *adata, unsigned long adatalen);
514
515 int gcm_process(gcm_state *gcm,
516 unsigned char *pt, unsigned long ptlen,
517 unsigned char *ct,
518 int direction);
519
520 int gcm_done(gcm_state *gcm,
521 unsigned char *tag, unsigned long *taglen);
522
523 int gcm_memory( int cipher,
524 const unsigned char *key, unsigned long keylen,
525 const unsigned char *IV, unsigned long IVlen,
526 const unsigned char *adata, unsigned long adatalen,
527 unsigned char *pt, unsigned long ptlen,
528 unsigned char *ct,
529 unsigned char *tag, unsigned long *taglen,
530 int direction);
531 int gcm_test(void);
532
533 #endif /* LTC_GCM_MODE */
534
531535 #ifdef LTC_CHACHA20POLY1305_MODE
532536
533537 typedef struct {
7171 /* ---- MEM routines ---- */
7272 int mem_neq(const void *a, const void *b, size_t len);
7373 void zeromem(volatile void *dst, size_t len);
74 #ifdef LTC_SOURCE
75 void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz);
76 #endif
7477 void burn_stack(unsigned long len);
7578
7679 const char *error_to_string(int err);
7272 fprintf(stderr, "Testvector #%i of %s failed:\n", which, what);
7373 _print_hex("SHOULD", should, should_len);
7474 _print_hex("IS ", is, is_len);
75 #if LTC_TEST_DBG > 1
76 } else {
77 fprintf(stderr, "Testvector #%i of %s passed!\n", which, what);
78 #endif
7579 }
7680 #else
7781 LTC_UNUSED_PARAM(which);
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt.h"
9
10 /**
11 @file copy_or_zeromem.c
12 Either copy or zero a block of memory in constant time, Steffen Jaeckel
13 */
14
15 /**
16 Either copy or zero a block of memory in constant time
17 @param src The source where to read from
18 @param dest The destination where to write to
19 @param len The length of the area to process (octets)
20 @param coz Copy (on 0) Or Zero (> 0)
21 */
22 void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz)
23 {
24 unsigned long y;
25 #ifdef LTC_FAST
26 unsigned long z;
27 LTC_FAST_TYPE fastMask = ~0; /* initialize fastMask at all ones */
28 #endif
29 unsigned char mask = 0xff; /* initialize mask at all ones */
30
31 LTC_ARGCHK(src != NULL);
32 LTC_ARGCHK(dest != NULL);
33
34 if (coz != 0) coz = 1;
35 y = 0;
36 mask *= 1 - coz; /* mask = ( coz ? 0 : 0xff ) */
37 #ifdef LTC_FAST
38 fastMask *= 1 - coz;
39 if (len & ~15) {
40 for (; y < (len & ~15); y += 16) {
41 for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
42 *(LTC_FAST_TYPE_PTR_CAST(&dest[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&src[y+z])) & fastMask;
43 }
44 }
45 }
46 #endif
47 for (; y < len; y++) {
48 dest[y] = src[y] & mask;
49 }
50 #ifdef LTC_CLEAN_STACK
51 #ifdef LTC_FAST
52 fastMask = 0;
53 #endif
54 mask = 0;
55 #endif
56 }
57
58 /* ref: $Format:%D$ */
59 /* git commit: $Format:%H$ */
60 /* commit time: $Format:%ai$ */
137137 #if defined(LTC_SOSEMANUK)
138138 " Sosemanuk\n"
139139 #endif
140 #if defined(LTC_RABBIT)
141 " Rabbit\n"
142 #endif
140143 #if defined(LTC_RC4_STREAM)
141144 " RC4\n"
142145 #endif
181181 #endif
182182 #ifdef LTC_SOSEMANUK
183183 _SZ_STRINGIFY_T(sosemanuk_state),
184 #endif
185 #ifdef LTC_RABBIT
186 _SZ_STRINGIFY_T(rabbit_state),
184187 #endif
185188 #ifdef LTC_RC4_STREAM
186189 _SZ_STRINGIFY_T(rc4_state),
4646
4747 /* store header (include bit padding count in length) */
4848 x = 0;
49 y = (inlen >> 3) + ((inlen&7) ? 1 : 0) + 1;
49 y = ((inlen + 7) >> 3) + 1;
5050
5151 out[x++] = 0x03;
5252 if (y < 128) {
4848
4949 /* store header (include bit padding count in length) */
5050 x = 0;
51 y = (inlen >> 3) + ((inlen&7) ? 1 : 0) + 1;
51 y = ((inlen + 7) >> 3) + 1;
5252
5353 out[x++] = 0x03;
5454 if (y < 128) {
138138 prng->ready = 0;
139139 err = chacha_done(&prng->chacha.s);
140140 LTC_MUTEX_UNLOCK(&prng->lock);
141 LTC_MUTEX_DESTROY(&prng->lock);
141142 return err;
142143 }
143144
317317 zeromem(tmp, sizeof(tmp));
318318 #endif
319319 LTC_MUTEX_UNLOCK(&prng->lock);
320 LTC_MUTEX_DESTROY(&prng->lock);
320321 return err;
321322 }
322323
141141 prng->ready = 0;
142142 err = rc4_stream_done(&prng->rc4.s);
143143 LTC_MUTEX_UNLOCK(&prng->lock);
144 LTC_MUTEX_DESTROY(&prng->lock);
144145 return err;
145146 }
146147
140140 prng->ready = 0;
141141 err = sober128_stream_done(&prng->sober128.s);
142142 LTC_MUTEX_UNLOCK(&prng->lock);
143 LTC_MUTEX_DESTROY(&prng->lock);
143144 return err;
144145 }
145146
261261 err = ctr_done(&prng->yarrow.ctr);
262262
263263 LTC_MUTEX_UNLOCK(&prng->lock);
264 LTC_MUTEX_DESTROY(&prng->lock);
264265 return err;
265266 }
266267
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 /******************************************************************************
10 * This Rabbit C source code was morphed fm the EU eSTREAM ECRYPT submission
11 * and should run on any conforming C implementation (C90 or later).
12 *
13 * This implementation supports any key length up to 128 bits (16 bytes) and
14 * works in increments of 8-bit bytes. Keys must be submitted as whole bytes
15 * and shorter keys will be right-null-padded to 16 bytes. Likewise, an iv
16 * may be any length up to 8 bytes and will be padded out to 8 bytes.
17 *
18 * The eSTREAM submission was rather picky about the calling sequence of
19 * ECRYPT_process_blocks() and ECRYPT_process_bytes(). That version allowed
20 * calling ECRYPT_process_blocks() multiple times for a multiple of whole
21 * 16-byte blocks, but once ECRYPT_process_bytes() was called. no more calls
22 * were supported correctly. This implementation handles the keystream
23 * differently and rabbit_crypt() may be called as many times as desired,
24 * crypting any number of bytes each time.
25 *
26 * http://www.ecrypt.eu.org/stream/e2-rabbit.html
27 *
28 * NB: One of the test vectors distributed by the eSTREAM site in the file
29 * "rabbit_p3source.zip" is in error. Referring to "test-vectors.txt"
30 * in that ZIP file, the 3rd line in "out1" should be
31 * "96 D6 73 16 88 D1 68 DA 51 D4 0C 70 C3 A1 16 F4".
32 *
33 * Here is the original legal notice accompanying the Rabbit submission
34 * to the EU eSTREAM competition.
35 *---------------------------------------------------------------------------
36 * Copyright (C) Cryptico A/S. All rights reserved.
37 *
38 * YOU SHOULD CAREFULLY READ THIS LEGAL NOTICE BEFORE USING THIS SOFTWARE.
39 *
40 * This software is developed by Cryptico A/S and/or its suppliers.
41 * All title and intellectual property rights in and to the software,
42 * including but not limited to patent rights and copyrights, are owned
43 * by Cryptico A/S and/or its suppliers.
44 *
45 * The software may be used solely for non-commercial purposes
46 * without the prior written consent of Cryptico A/S. For further
47 * information on licensing terms and conditions please contact
48 * Cryptico A/S at info@cryptico.com
49 *
50 * Cryptico, CryptiCore, the Cryptico logo and "Re-thinking encryption"
51 * are either trademarks or registered trademarks of Cryptico A/S.
52 *
53 * Cryptico A/S shall not in any way be liable for any use of this
54 * software. The software is provided "as is" without any express or
55 * implied warranty.
56 *---------------------------------------------------------------------------
57 * On October 6, 2008, Rabbit was "released into the public domain and
58 * may be used freely for any purpose."
59 * http://www.ecrypt.eu.org/stream/rabbitpf.html
60 * https://web.archive.org/web/20090630021733/http://www.ecrypt.eu.org/stream/phorum/read.php?1,1244
61 ******************************************************************************/
62
63
64 #include "tomcrypt.h"
65
66 #ifdef LTC_RABBIT
67
68 /* local/private prototypes (NB: rabbit_ctx and rabbit_state are different) */
69 static LTC_INLINE ulong32 _rabbit_g_func(ulong32 x);
70 static LTC_INLINE void _rabbit_next_state(rabbit_ctx *p_instance);
71 static LTC_INLINE void _rabbit_gen_1_block(rabbit_state* st, unsigned char *out);
72
73 /* -------------------------------------------------------------------------- */
74
75 /* Square a 32-bit unsigned integer to obtain the 64-bit result and return */
76 /* the upper 32 bits XOR the lower 32 bits */
77 static LTC_INLINE ulong32 _rabbit_g_func(ulong32 x)
78 {
79 ulong32 a, b, h, l;
80
81 /* Construct high and low argument for squaring */
82 a = x & 0xFFFF;
83 b = x >> 16;
84
85 /* Calculate high and low result of squaring */
86 h = ((((ulong32)(a*a)>>17) + (ulong32)(a*b))>>15) + b*b;
87 l = x * x;
88
89 /* Return high XOR low */
90 return (ulong32)(h^l);
91 }
92
93 /* -------------------------------------------------------------------------- */
94
95 /* Calculate the next internal state */
96 static LTC_INLINE void _rabbit_next_state(rabbit_ctx *p_instance)
97 {
98 ulong32 g[8], c_old[8], i;
99
100 /* Save old counter values */
101 for (i=0; i<8; i++)
102 c_old[i] = p_instance->c[i];
103
104 /* Calculate new counter values */
105 p_instance->c[0] = (ulong32)(p_instance->c[0] + 0x4D34D34D + p_instance->carry);
106 p_instance->c[1] = (ulong32)(p_instance->c[1] + 0xD34D34D3 + (p_instance->c[0] < c_old[0]));
107 p_instance->c[2] = (ulong32)(p_instance->c[2] + 0x34D34D34 + (p_instance->c[1] < c_old[1]));
108 p_instance->c[3] = (ulong32)(p_instance->c[3] + 0x4D34D34D + (p_instance->c[2] < c_old[2]));
109 p_instance->c[4] = (ulong32)(p_instance->c[4] + 0xD34D34D3 + (p_instance->c[3] < c_old[3]));
110 p_instance->c[5] = (ulong32)(p_instance->c[5] + 0x34D34D34 + (p_instance->c[4] < c_old[4]));
111 p_instance->c[6] = (ulong32)(p_instance->c[6] + 0x4D34D34D + (p_instance->c[5] < c_old[5]));
112 p_instance->c[7] = (ulong32)(p_instance->c[7] + 0xD34D34D3 + (p_instance->c[6] < c_old[6]));
113 p_instance->carry = (p_instance->c[7] < c_old[7]);
114
115 /* Calculate the g-values */
116 for (i=0;i<8;i++)
117 g[i] = _rabbit_g_func((ulong32)(p_instance->x[i] + p_instance->c[i]));
118
119 /* Calculate new state values */
120 p_instance->x[0] = (ulong32)(g[0] + ROLc(g[7],16) + ROLc(g[6], 16));
121 p_instance->x[1] = (ulong32)(g[1] + ROLc(g[0], 8) + g[7]);
122 p_instance->x[2] = (ulong32)(g[2] + ROLc(g[1],16) + ROLc(g[0], 16));
123 p_instance->x[3] = (ulong32)(g[3] + ROLc(g[2], 8) + g[1]);
124 p_instance->x[4] = (ulong32)(g[4] + ROLc(g[3],16) + ROLc(g[2], 16));
125 p_instance->x[5] = (ulong32)(g[5] + ROLc(g[4], 8) + g[3]);
126 p_instance->x[6] = (ulong32)(g[6] + ROLc(g[5],16) + ROLc(g[4], 16));
127 p_instance->x[7] = (ulong32)(g[7] + ROLc(g[6], 8) + g[5]);
128 }
129
130 /* ------------------------------------------------------------------------- */
131
132 static LTC_INLINE void _rabbit_gen_1_block(rabbit_state* st, unsigned char *out)
133 {
134 ulong32 *ptr;
135
136 /* Iterate the work context once */
137 _rabbit_next_state(&(st->work_ctx));
138
139 /* Generate 16 bytes of pseudo-random data */
140 ptr = (ulong32*)&(st->work_ctx.x);
141 STORE32L((ptr[0] ^ (ptr[5]>>16) ^ (ulong32)(ptr[3]<<16)), out+ 0);
142 STORE32L((ptr[2] ^ (ptr[7]>>16) ^ (ulong32)(ptr[5]<<16)), out+ 4);
143 STORE32L((ptr[4] ^ (ptr[1]>>16) ^ (ulong32)(ptr[7]<<16)), out+ 8);
144 STORE32L((ptr[6] ^ (ptr[3]>>16) ^ (ulong32)(ptr[1]<<16)), out+12);
145 }
146
147 /* -------------------------------------------------------------------------- */
148
149 /* Key setup */
150 int rabbit_setup(rabbit_state* st, const unsigned char *key, unsigned long keylen)
151 {
152 ulong32 k0, k1, k2, k3, i;
153 unsigned char tmpkey[16] = {0};
154
155 LTC_ARGCHK(st != NULL);
156 LTC_ARGCHK(key != NULL);
157 LTC_ARGCHK(keylen <= 16);
158
159 /* init state */
160 XMEMSET(st, 0, sizeof(rabbit_state));
161
162 /* pad key in tmpkey */
163 XMEMCPY(tmpkey, key, keylen);
164
165 /* Generate four subkeys */
166 LOAD32L(k0, tmpkey+ 0);
167 LOAD32L(k1, tmpkey+ 4);
168 LOAD32L(k2, tmpkey+ 8);
169 LOAD32L(k3, tmpkey+12);
170
171 #ifdef LTC_CLEAN_STACK
172 /* done with tmpkey, wipe it */
173 zeromem(tmpkey, sizeof(tmpkey));
174 #endif
175
176 /* Generate initial state variables */
177 st->master_ctx.x[0] = k0;
178 st->master_ctx.x[2] = k1;
179 st->master_ctx.x[4] = k2;
180 st->master_ctx.x[6] = k3;
181 st->master_ctx.x[1] = (ulong32)(k3<<16) | (k2>>16);
182 st->master_ctx.x[3] = (ulong32)(k0<<16) | (k3>>16);
183 st->master_ctx.x[5] = (ulong32)(k1<<16) | (k0>>16);
184 st->master_ctx.x[7] = (ulong32)(k2<<16) | (k1>>16);
185
186 /* Generate initial counter values */
187 st->master_ctx.c[0] = ROLc(k2, 16);
188 st->master_ctx.c[2] = ROLc(k3, 16);
189 st->master_ctx.c[4] = ROLc(k0, 16);
190 st->master_ctx.c[6] = ROLc(k1, 16);
191 st->master_ctx.c[1] = (k0&0xFFFF0000) | (k1&0xFFFF);
192 st->master_ctx.c[3] = (k1&0xFFFF0000) | (k2&0xFFFF);
193 st->master_ctx.c[5] = (k2&0xFFFF0000) | (k3&0xFFFF);
194 st->master_ctx.c[7] = (k3&0xFFFF0000) | (k0&0xFFFF);
195
196 /* Clear carry bit */
197 st->master_ctx.carry = 0;
198
199 /* Iterate the master context four times */
200 for (i=0; i<4; i++)
201 _rabbit_next_state(&(st->master_ctx));
202
203 /* Modify the counters */
204 for (i=0; i<8; i++)
205 st->master_ctx.c[i] ^= st->master_ctx.x[(i+4)&0x7];
206
207 /* Copy master instance to work instance */
208 for (i=0; i<8; i++) {
209 st->work_ctx.x[i] = st->master_ctx.x[i];
210 st->work_ctx.c[i] = st->master_ctx.c[i];
211 }
212 st->work_ctx.carry = st->master_ctx.carry;
213 /* ...and prepare block for crypt() */
214 XMEMSET(&(st->block), 0, sizeof(st->block));
215 st->unused = 0;
216
217 return CRYPT_OK;
218 }
219
220 /* -------------------------------------------------------------------------- */
221
222 /* IV setup */
223 int rabbit_setiv(rabbit_state* st, const unsigned char *iv, unsigned long ivlen)
224 {
225 ulong32 i0, i1, i2, i3, i;
226 unsigned char tmpiv[8] = {0};
227
228 LTC_ARGCHK(st != NULL);
229 LTC_ARGCHK(iv != NULL || ivlen == 0);
230 LTC_ARGCHK(ivlen <= 8);
231
232 /* pad iv in tmpiv */
233 if (iv && ivlen > 0) XMEMCPY(tmpiv, iv, ivlen);
234
235 /* Generate four subvectors */
236 LOAD32L(i0, tmpiv+0);
237 LOAD32L(i2, tmpiv+4);
238 i1 = (i0>>16) | (i2&0xFFFF0000);
239 i3 = (i2<<16) | (i0&0x0000FFFF);
240
241 /* Modify counter values */
242 st->work_ctx.c[0] = st->master_ctx.c[0] ^ i0;
243 st->work_ctx.c[1] = st->master_ctx.c[1] ^ i1;
244 st->work_ctx.c[2] = st->master_ctx.c[2] ^ i2;
245 st->work_ctx.c[3] = st->master_ctx.c[3] ^ i3;
246 st->work_ctx.c[4] = st->master_ctx.c[4] ^ i0;
247 st->work_ctx.c[5] = st->master_ctx.c[5] ^ i1;
248 st->work_ctx.c[6] = st->master_ctx.c[6] ^ i2;
249 st->work_ctx.c[7] = st->master_ctx.c[7] ^ i3;
250
251 /* Copy state variables */
252 for (i=0; i<8; i++)
253 st->work_ctx.x[i] = st->master_ctx.x[i];
254 st->work_ctx.carry = st->master_ctx.carry;
255
256 /* Iterate the work context four times */
257 for (i=0; i<4; i++)
258 _rabbit_next_state(&(st->work_ctx));
259
260 /* reset keystream buffer and unused count */
261 XMEMSET(&(st->block), 0, sizeof(st->block));
262 st->unused = 0;
263
264 return CRYPT_OK;
265 }
266
267 /* ------------------------------------------------------------------------- */
268
269 /* Crypt a chunk of any size (encrypt/decrypt) */
270 int rabbit_crypt(rabbit_state* st, const unsigned char *in, unsigned long inlen, unsigned char *out)
271 {
272 unsigned char buf[16];
273 unsigned long i, j;
274
275 if (inlen == 0) return CRYPT_OK; /* nothing to do */
276
277 LTC_ARGCHK(st != NULL);
278 LTC_ARGCHK(in != NULL);
279 LTC_ARGCHK(out != NULL);
280
281 if (st->unused > 0) {
282 j = MIN(st->unused, inlen);
283 for (i = 0; i < j; ++i, st->unused--) out[i] = in[i] ^ st->block[16 - st->unused];
284 inlen -= j;
285 if (inlen == 0) return CRYPT_OK;
286 out += j;
287 in += j;
288 }
289 for (;;) {
290 /* gen a block for buf */
291 _rabbit_gen_1_block(st, buf);
292 if (inlen <= 16) {
293 /* XOR and send to out */
294 for (i = 0; i < inlen; ++i) out[i] = in[i] ^ buf[i];
295 st->unused = 16 - inlen;
296 /* copy remainder to block */
297 for (i = inlen; i < 16; ++i) st->block[i] = buf[i];
298 return CRYPT_OK;
299 } else {
300 /* XOR entire buf and send to out */
301 for (i = 0; i < 16; ++i) out[i] = in[i] ^ buf[i];
302 inlen -= 16;
303 out += 16;
304 in += 16;
305 }
306 }
307 }
308
309 /* ------------------------------------------------------------------------- */
310
311 int rabbit_keystream(rabbit_state *st, unsigned char *out, unsigned long outlen)
312 {
313 if (outlen == 0) return CRYPT_OK; /* nothing to do */
314
315 LTC_ARGCHK(out != NULL);
316
317 XMEMSET(out, 0, outlen);
318 return rabbit_crypt(st, out, outlen, out);
319 }
320
321 /* -------------------------------------------------------------------------- */
322
323 int rabbit_done(rabbit_state *st)
324 {
325 LTC_ARGCHK(st != NULL);
326
327 zeromem(st, sizeof(rabbit_state));
328 return CRYPT_OK;
329 }
330
331 /* -------------------------------------------------------------------------- */
332
333 int rabbit_test(void)
334 {
335 #ifndef LTC_TEST
336 return CRYPT_NOP;
337 #else
338 rabbit_state st;
339 int err;
340 unsigned char out[1000] = { 0 };
341 {
342 /* all 3 tests use key and iv fm set 6, vector 3, the last vector in:
343 http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/rabbit/verified.test-vectors?rev=210&view=log
344 */
345
346 /* --- Test 1 (generate whole blocks) --------------------------------- */
347
348 {
349 unsigned char k[] = { 0x0F, 0x62, 0xB5, 0x08, 0x5B, 0xAE, 0x01, 0x54,
350 0xA7, 0xFA, 0x4D, 0xA0, 0xF3, 0x46, 0x99, 0xEC };
351 unsigned char iv[] = { 0x28, 0x8F, 0xF6, 0x5D, 0xC4, 0x2B, 0x92, 0xF9 };
352 char pt[64] = { 0 };
353 unsigned char ct[] = { 0x61, 0x3C, 0xB0, 0xBA, 0x96, 0xAF, 0xF6, 0xCA,
354 0xCF, 0x2A, 0x45, 0x9A, 0x10, 0x2A, 0x7F, 0x78,
355 0xCA, 0x98, 0x5C, 0xF8, 0xFD, 0xD1, 0x47, 0x40,
356 0x18, 0x75, 0x8E, 0x36, 0xAE, 0x99, 0x23, 0xF5,
357 0x19, 0xD1, 0x3D, 0x71, 0x8D, 0xAF, 0x8D, 0x7C,
358 0x0C, 0x10, 0x9B, 0x79, 0xD5, 0x74, 0x94, 0x39,
359 0xB7, 0xEF, 0xA4, 0xC4, 0xC9, 0xC8, 0xD2, 0x9D,
360 0xC5, 0xB3, 0x88, 0x83, 0x14, 0xA6, 0x81, 0x6F };
361 unsigned long ptlen = sizeof(pt);
362
363 /* crypt 64 nulls */
364 if ((err = rabbit_setup(&st, k, sizeof(k))) != CRYPT_OK) return err;
365 if ((err = rabbit_setiv(&st, iv, sizeof(iv))) != CRYPT_OK) return err;
366 if ((err = rabbit_crypt(&st, (unsigned char*)pt, ptlen, out)) != CRYPT_OK) return err;
367 if (compare_testvector(out, ptlen, ct, ptlen, "RABBIT-TV1", 1)) return CRYPT_FAIL_TESTVECTOR;
368 }
369
370 /* --- Test 2 (generate unusual number of bytes each time) ------------ */
371
372 {
373 unsigned char k[] = { 0x0F, 0x62, 0xB5, 0x08, 0x5B, 0xAE, 0x01, 0x54,
374 0xA7, 0xFA, 0x4D, 0xA0, 0xF3, 0x46, 0x99, 0xEC };
375 unsigned char iv[] = { 0x28, 0x8F, 0xF6, 0x5D, 0xC4, 0x2B, 0x92, 0xF9 };
376 char pt[39] = { 0 };
377 unsigned char ct[] = { 0x61, 0x3C, 0xB0, 0xBA, 0x96, 0xAF, 0xF6, 0xCA,
378 0xCF, 0x2A, 0x45, 0x9A, 0x10, 0x2A, 0x7F, 0x78,
379 0xCA, 0x98, 0x5C, 0xF8, 0xFD, 0xD1, 0x47, 0x40,
380 0x18, 0x75, 0x8E, 0x36, 0xAE, 0x99, 0x23, 0xF5,
381 0x19, 0xD1, 0x3D, 0x71, 0x8D, 0xAF, 0x8D };
382 unsigned long ptlen = sizeof(pt);
383
384 /* crypt piece by piece (hit at least one 16-byte boundary) */
385 if ((err = rabbit_setup(&st, k, sizeof(k))) != CRYPT_OK) return err;
386 if ((err = rabbit_setiv(&st, iv, sizeof(iv))) != CRYPT_OK) return err;
387 if ((err = rabbit_crypt(&st, (unsigned char*)pt, 5, out)) != CRYPT_OK) return err;
388 if ((err = rabbit_crypt(&st, (unsigned char*)pt + 5, 11, out + 5)) != CRYPT_OK) return err;
389 if ((err = rabbit_crypt(&st, (unsigned char*)pt + 16, 14, out + 16)) != CRYPT_OK) return err;
390 if ((err = rabbit_crypt(&st, (unsigned char*)pt + 30, 2, out + 30)) != CRYPT_OK) return err;
391 if ((err = rabbit_crypt(&st, (unsigned char*)pt + 32, 7, out + 32)) != CRYPT_OK) return err;
392 if (compare_testvector(out, ptlen, ct, ptlen, "RABBIT-TV2", 1)) return CRYPT_FAIL_TESTVECTOR;
393 }
394
395 /* --- Test 3 (use non-null data) ------------------------------------- */
396
397 {
398 unsigned char k[] = { 0x0F, 0x62, 0xB5, 0x08, 0x5B, 0xAE, 0x01, 0x54,
399 0xA7, 0xFA, 0x4D, 0xA0, 0xF3, 0x46, 0x99, 0xEC };
400 unsigned char iv[] = { 0x28, 0x8F, 0xF6, 0x5D, 0xC4, 0x2B, 0x92, 0xF9 };
401 char pt[] = "Kilroy was here, there, and everywhere!";
402 unsigned char ct[] = { 0x2a, 0x55, 0xdc, 0xc8, 0xf9, 0xd6, 0xd6, 0xbd,
403 0xae, 0x59, 0x65, 0xf2, 0x75, 0x58, 0x1a, 0x54,
404 0xea, 0xec, 0x34, 0x9d, 0x8f, 0xb4, 0x6b, 0x60,
405 0x79, 0x1b, 0xea, 0x16, 0xcb, 0xef, 0x46, 0x87,
406 0x60, 0xa6, 0x55, 0x14, 0xff, 0xca, 0xac };
407 unsigned long ptlen = strlen(pt);
408 unsigned char out2[1000] = { 0 };
409 unsigned char nulls[1000] = { 0 };
410
411 /* crypt piece by piece */
412 if ((err = rabbit_setup(&st, k, sizeof(k))) != CRYPT_OK) return err;
413 if ((err = rabbit_setiv(&st, iv, sizeof(iv))) != CRYPT_OK) return err;
414 if ((err = rabbit_crypt(&st, (unsigned char*)pt, 5, out)) != CRYPT_OK) return err;
415 if ((err = rabbit_crypt(&st, (unsigned char*)pt + 5, 29, out + 5)) != CRYPT_OK) return err;
416 if ((err = rabbit_crypt(&st, (unsigned char*)pt + 34, 5, out + 34)) != CRYPT_OK) return err;
417 if (compare_testvector(out, ptlen, ct, ptlen, "RABBIT-TV3", 1)) return CRYPT_FAIL_TESTVECTOR;
418 /* use 'out' (ciphertext) in the next decryption test */
419
420 /* --- Test 4 (decrypt ciphertext) ------------------------------------ */
421
422 /* decrypt ct (out) and compare with pt (start with only setiv() to reset) */
423 if ((err = rabbit_setiv(&st, iv, sizeof(iv))) != CRYPT_OK) return err;
424 if ((err = rabbit_crypt(&st, out, ptlen, out2)) != CRYPT_OK) return err;
425 if (compare_testvector(out2, ptlen, pt, ptlen, "RABBIT-TV4", 1)) return CRYPT_FAIL_TESTVECTOR;
426
427 /* --- Test 5 (wipe state, incl key) ---------------------------------- */
428
429 if ((err = rabbit_done(&st)) != CRYPT_OK) return err;
430 if (compare_testvector(&st, sizeof(st), nulls, sizeof(st), "RABBIT-TV5", 1)) return CRYPT_FAIL_TESTVECTOR;
431
432 }
433
434 return CRYPT_OK;
435 }
436 #endif
437 }
438
439 /* -------------------------------------------------------------------------- */
440
441 #endif
442
443 /* ref: $Format:%D$ */
444 /* git commit: $Format:%H$ */
445 /* commit time: $Format:%ai$ */
193193 /* ======================================================================== */
194194
195195 /*
196 * Key schedule: initialize the key context structure with the provided
197 * secret key. The secret key is an array of 1 to 32 bytes.
196 * Initialize Sosemanuk's state by providing a key. The key is an array of
197 * 1 to 32 bytes.
198198 * @param ss The Sosemanuk state
199199 * @param key Key
200 * @param keylen Length of key
200 * @param keylen Length of key in bytes
201201 * @return CRYPT_OK on success
202202 */
203203 int sosemanuk_setup(sosemanuk_state *ss, unsigned char *key, unsigned long keylen)
330330
331331
332332 /*
333 * Cipher initialization: the cipher internal state is initialized, using
334 * the provided key context and IV. The IV length is up to 16 bytes. If
335 * "ivlen" is 0 (no IV), then the "iv" parameter can be NULL.
333 * Initialization continues by setting the IV. The IV length is up to 16 bytes.
334 * If "ivlen" is 0 (no IV), then the "iv" parameter can be NULL. If multiple
335 * encryptions/decryptions are to be performed with the same key and
336 * sosemanuk_done() has not been called, only sosemanuk_setiv() need be called
337 * to set the state.
336338 * @param ss The Sosemanuk state
337339 * @param iv Initialization vector
338 * @param ivlen Length of iv
340 * @param ivlen Length of iv in bytes
339341 * @return CRYPT_OK on success
340342 */
341343 int sosemanuk_setiv(sosemanuk_state *ss, unsigned char *iv, unsigned long ivlen)
379381 unsigned char ivtmp[16] = {0};
380382
381383 LTC_ARGCHK(ss != NULL);
382 LTC_ARGCHK(ivlen >= 0 && ivlen <= 16);
384 LTC_ARGCHK(ivlen <= 16);
383385 LTC_ARGCHK(iv != NULL || ivlen == 0);
384386
385387 if (ivlen > 0) XMEMCPY(ivtmp, iv, ivlen);
447449 /*
448450 * Multiplication by alpha: alpha * x = T32(x << 8) ^ mul_a[x >> 24]
449451 */
450 static ulong32 mul_a[] = {
452 static const ulong32 mul_a[] = {
451453 0x00000000, 0xE19FCF13, 0x6B973726, 0x8A08F835,
452454 0xD6876E4C, 0x3718A15F, 0xBD10596A, 0x5C8F9679,
453455 0x05A7DC98, 0xE438138B, 0x6E30EBBE, 0x8FAF24AD,
517519 /*
518520 * Multiplication by 1/alpha: 1/alpha * x = (x >> 8) ^ mul_ia[x & 0xFF]
519521 */
520 static ulong32 mul_ia[] = {
522 static const ulong32 mul_ia[] = {
521523 0x00000000, 0x180F40CD, 0x301E8033, 0x2811C0FE,
522524 0x603CA966, 0x7833E9AB, 0x50222955, 0x482D6998,
523525 0xC078FBCC, 0xD877BB01, 0xF0667BFF, 0xE8693B32,
742744 * reference distinct buffers (no partial overlap is allowed).
743745 * @param ss The Sosemanuk state
744746 * @param in Data in
747 * @param inlen Length of data in bytes
745748 * @param out Data out
746 * @param datalen Length of data
747749 * @return CRYPT_OK on success
748750 */
749751 int sosemanuk_crypt(sosemanuk_state *ss,
750 const unsigned char *in, unsigned long datalen, unsigned char *out)
752 const unsigned char *in, unsigned long inlen, unsigned char *out)
751753 {
752754 LTC_ARGCHK(ss != NULL);
753755 LTC_ARGCHK(in != NULL);
756758 if (ss->ptr < (sizeof(ss->buf))) {
757759 unsigned long rlen = (sizeof(ss->buf)) - ss->ptr;
758760
759 if (rlen > datalen)
760 rlen = datalen;
761 if (rlen > inlen)
762 rlen = inlen;
761763 _xorbuf(ss->buf + ss->ptr, in, out, rlen);
762764 in += rlen;
763765 out += rlen;
764 datalen -= rlen;
766 inlen -= rlen;
765767 ss->ptr += rlen;
766768 }
767 while (datalen > 0) {
769 while (inlen > 0) {
768770 _sosemanuk_internal(ss);
769 if (datalen >= sizeof(ss->buf)) {
771 if (inlen >= sizeof(ss->buf)) {
770772 _xorbuf(ss->buf, in, out, sizeof(ss->buf));
771773 in += sizeof(ss->buf);
772774 out += sizeof(ss->buf);
773 datalen -= sizeof(ss->buf);
775 inlen -= sizeof(ss->buf);
774776 } else {
775 _xorbuf(ss->buf, in, out, datalen);
776 ss->ptr = datalen;
777 datalen = 0;
777 _xorbuf(ss->buf, in, out, inlen);
778 ss->ptr = inlen;
779 inlen = 0;
778780 }
779781 }
780782 return CRYPT_OK;
781783 }
782784
783785
786
784787 /*
785788 * Cipher operation, as a PRNG: the provided output buffer is filled with
786789 * pseudo-random bytes as output from the stream cipher.
787790 * @param ss The Sosemanuk state
788791 * @param out Data out
789 * @param outlen Length of output
792 * @param outlen Length of output in bytes
790793 * @return CRYPT_OK on success
791794 */
792795 int sosemanuk_keystream(sosemanuk_state *ss, unsigned char *out, unsigned long outlen)
800803
801804 /*
802805 * Terminate and clear Sosemanuk key context
803 * @param kc The Sosemanuk key context
806 * @param ss The Sosemanuk state
804807 * @return CRYPT_OK on success
805808 */
806809 int sosemanuk_done(sosemanuk_state *ss)
1515 */
1616
1717 static const struct {
18 int code;
19 const char *msg;
18 int code;
19 const char *msg;
2020 } msgs[] = {
21 { MP_OKAY, "Successful" },
22 { MP_MEM, "Out of heap" },
23 { MP_VAL, "Value out of range" }
21 { MP_OKAY, "Successful" },
22 { MP_MEM, "Out of heap" },
23 { MP_VAL, "Value out of range" }
2424 };
2525
2626 /* return a char * string for a given code */
2727 const char *mp_error_to_string(int code)
2828 {
29 int x;
29 size_t x;
3030
3131 /* scan the lookup table for the given message */
32 for (x = 0; x < (int)(sizeof(msgs) / sizeof(msgs[0])); x++) {
33 if (msgs[x].code == code) {
34 return msgs[x].msg;
35 }
32 for (x = 0; x < (sizeof(msgs) / sizeof(msgs[0])); x++) {