Package list libcryptx-perl / 6f0cf23
ltc sync Karel Miko 3 years ago
11 changed file(s) with 396 addition(s) and 339 deletion(s). Raw diff Collapse all Expand all
3939 ltc/mac/xcbc/xcbc_file.o ltc/mac/xcbc/xcbc_init.o ltc/mac/xcbc/xcbc_memory.o ltc/mac/xcbc/xcbc_memory_multi.o \
4040 ltc/mac/xcbc/xcbc_process.o ltc/math/ltm_desc.o ltc/math/multi.o ltc/math/radix_to_bin.o \
4141 ltc/math/rand_bn.o ltc/math/rand_prime.o ltc/math/tfm_desc.o ltc/math/fp/ltc_ecc_fp_mulmod.o \
42 ltc/misc/adler32.o ltc/misc/burn_stack.o ltc/misc/compare_testvector.o ltc/misc/crc32.o \
43 ltc/misc/error_to_string.o ltc/misc/mem_neq.o ltc/misc/pk_get_oid.o ltc/misc/zeromem.o \
44 ltc/misc/base32/base32_decode.o ltc/misc/base32/base32_encode.o ltc/misc/base64/base64_decode.o \
45 ltc/misc/base64/base64_encode.o ltc/misc/crypt/crypt.o ltc/misc/crypt/crypt_argchk.o \
46 ltc/misc/crypt/crypt_cipher_descriptor.o ltc/misc/crypt/crypt_cipher_is_valid.o ltc/misc/crypt/crypt_constants.o \
47 ltc/misc/crypt/crypt_find_cipher.o ltc/misc/crypt/crypt_find_cipher_any.o ltc/misc/crypt/crypt_find_cipher_id.o \
48 ltc/misc/crypt/crypt_find_hash.o ltc/misc/crypt/crypt_find_hash_any.o ltc/misc/crypt/crypt_find_hash_id.o \
49 ltc/misc/crypt/crypt_find_hash_oid.o ltc/misc/crypt/crypt_find_prng.o ltc/misc/crypt/crypt_fsa.o \
50 ltc/misc/crypt/crypt_hash_descriptor.o ltc/misc/crypt/crypt_hash_is_valid.o ltc/misc/crypt/crypt_inits.o \
51 ltc/misc/crypt/crypt_ltc_mp_descriptor.o ltc/misc/crypt/crypt_prng_descriptor.o ltc/misc/crypt/crypt_prng_is_valid.o \
52 ltc/misc/crypt/crypt_prng_rng_descriptor.o ltc/misc/crypt/crypt_register_all_ciphers.o \
42 ltc/misc/adler32.o ltc/misc/burn_stack.o ltc/misc/compare_testvector.o ltc/misc/copy_or_zeromem.o \
43 ltc/misc/crc32.o ltc/misc/error_to_string.o ltc/misc/mem_neq.o ltc/misc/pk_get_oid.o \
44 ltc/misc/zeromem.o ltc/misc/base32/base32_decode.o ltc/misc/base32/base32_encode.o \
45 ltc/misc/base64/base64_decode.o ltc/misc/base64/base64_encode.o ltc/misc/crypt/crypt.o \
46 ltc/misc/crypt/crypt_argchk.o ltc/misc/crypt/crypt_cipher_descriptor.o ltc/misc/crypt/crypt_cipher_is_valid.o \
47 ltc/misc/crypt/crypt_constants.o ltc/misc/crypt/crypt_find_cipher.o ltc/misc/crypt/crypt_find_cipher_any.o \
48 ltc/misc/crypt/crypt_find_cipher_id.o ltc/misc/crypt/crypt_find_hash.o ltc/misc/crypt/crypt_find_hash_any.o \
49 ltc/misc/crypt/crypt_find_hash_id.o ltc/misc/crypt/crypt_find_hash_oid.o ltc/misc/crypt/crypt_find_prng.o \
50 ltc/misc/crypt/crypt_fsa.o ltc/misc/crypt/crypt_hash_descriptor.o ltc/misc/crypt/crypt_hash_is_valid.o \
51 ltc/misc/crypt/crypt_inits.o ltc/misc/crypt/crypt_ltc_mp_descriptor.o ltc/misc/crypt/crypt_prng_descriptor.o \
52 ltc/misc/crypt/crypt_prng_is_valid.o ltc/misc/crypt/crypt_prng_rng_descriptor.o ltc/misc/crypt/crypt_register_all_ciphers.o \
5353 ltc/misc/crypt/crypt_register_all_hashes.o ltc/misc/crypt/crypt_register_all_prngs.o \
5454 ltc/misc/crypt/crypt_register_cipher.o ltc/misc/crypt/crypt_register_hash.o ltc/misc/crypt/crypt_register_prng.o \
5555 ltc/misc/crypt/crypt_sizes.o ltc/misc/crypt/crypt_unregister_cipher.o ltc/misc/crypt/crypt_unregister_hash.o \
4242 ltc/mac/xcbc/xcbc_init.obj ltc/mac/xcbc/xcbc_memory.obj ltc/mac/xcbc/xcbc_memory_multi.obj \
4343 ltc/mac/xcbc/xcbc_process.obj ltc/math/ltm_desc.obj ltc/math/multi.obj ltc/math/radix_to_bin.obj \
4444 ltc/math/rand_bn.obj ltc/math/rand_prime.obj ltc/math/tfm_desc.obj ltc/math/fp/ltc_ecc_fp_mulmod.obj \
45 ltc/misc/adler32.obj ltc/misc/burn_stack.obj ltc/misc/compare_testvector.obj ltc/misc/crc32.obj \
46 ltc/misc/error_to_string.obj ltc/misc/mem_neq.obj ltc/misc/pk_get_oid.obj ltc/misc/zeromem.obj \
47 ltc/misc/base32/base32_decode.obj ltc/misc/base32/base32_encode.obj ltc/misc/base64/base64_decode.obj \
48 ltc/misc/base64/base64_encode.obj ltc/misc/crypt/crypt.obj ltc/misc/crypt/crypt_argchk.obj \
49 ltc/misc/crypt/crypt_cipher_descriptor.obj ltc/misc/crypt/crypt_cipher_is_valid.obj \
45 ltc/misc/adler32.obj ltc/misc/burn_stack.obj ltc/misc/compare_testvector.obj ltc/misc/copy_or_zeromem.obj \
46 ltc/misc/crc32.obj ltc/misc/error_to_string.obj ltc/misc/mem_neq.obj ltc/misc/pk_get_oid.obj \
47 ltc/misc/zeromem.obj ltc/misc/base32/base32_decode.obj ltc/misc/base32/base32_encode.obj \
48 ltc/misc/base64/base64_decode.obj ltc/misc/base64/base64_encode.obj ltc/misc/crypt/crypt.obj \
49 ltc/misc/crypt/crypt_argchk.obj ltc/misc/crypt/crypt_cipher_descriptor.obj ltc/misc/crypt/crypt_cipher_is_valid.obj \
5050 ltc/misc/crypt/crypt_constants.obj ltc/misc/crypt/crypt_find_cipher.obj ltc/misc/crypt/crypt_find_cipher_any.obj \
5151 ltc/misc/crypt/crypt_find_cipher_id.obj ltc/misc/crypt/crypt_find_hash.obj ltc/misc/crypt/crypt_find_hash_any.obj \
5252 ltc/misc/crypt/crypt_find_hash_id.obj ltc/misc/crypt/crypt_find_hash_oid.obj ltc/misc/crypt/crypt_find_prng.obj \
5050 symmetric_key *skey;
5151 int err;
5252 unsigned long len, L, x, y, z, CTRlen;
53 #ifdef LTC_FAST
54 LTC_FAST_TYPE fastMask = ~0; /* initialize fastMask at all zeroes */
55 #endif
56 unsigned char mask = 0xff; /* initialize mask at all zeroes */
5753
5854 if (uskey == NULL) {
5955 LTC_ARGCHK(key != NULL);
359355
360356 /* Zero the plaintext if the tag was invalid (in constant time) */
361357 if (ptlen > 0) {
362 y = 0;
363 mask *= 1 - err; /* mask = ( err ? 0 : 0xff ) */
364 #ifdef LTC_FAST
365 fastMask *= 1 - err;
366 if (ptlen & ~15) {
367 for (; y < (ptlen & ~15); y += 16) {
368 for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
369 *(LTC_FAST_TYPE_PTR_CAST(&pt_real[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) & fastMask;
370 }
371 }
372 }
373 #endif
374 for (; y < ptlen; y++) {
375 pt_real[y] = pt[y] & mask;
376 }
358 copy_or_zeromem(pt, pt_real, ptlen, err);
377359 }
378360 }
379361
380362 #ifdef LTC_CLEAN_STACK
381 #ifdef LTC_FAST
382 fastMask = 0;
383 #endif
384 mask = 0;
385363 zeromem(PAD, sizeof(PAD));
386364 zeromem(CTRPAD, sizeof(CTRPAD));
387365 if (pt_work != NULL) {
145145 int blake2bmac_test(void);
146146 #endif /* LTC_BLAKE2BMAC */
147147
148 #ifdef LTC_EAX_MODE
149
150 #if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE))
151 #error LTC_EAX_MODE requires LTC_OMAC and CTR
152 #endif
153
154 typedef struct {
155 unsigned char N[MAXBLOCKSIZE];
156 symmetric_CTR ctr;
157 omac_state headeromac, ctomac;
158 } eax_state;
159
160 int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
161 const unsigned char *nonce, unsigned long noncelen,
162 const unsigned char *header, unsigned long headerlen);
163
164 int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length);
165 int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length);
166 int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length);
167 int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen);
168
169 int eax_encrypt_authenticate_memory(int cipher,
170 const unsigned char *key, unsigned long keylen,
171 const unsigned char *nonce, unsigned long noncelen,
172 const unsigned char *header, unsigned long headerlen,
173 const unsigned char *pt, unsigned long ptlen,
174 unsigned char *ct,
175 unsigned char *tag, unsigned long *taglen);
176
177 int eax_decrypt_verify_memory(int cipher,
178 const unsigned char *key, unsigned long keylen,
179 const unsigned char *nonce, unsigned long noncelen,
180 const unsigned char *header, unsigned long headerlen,
181 const unsigned char *ct, unsigned long ctlen,
182 unsigned char *pt,
183 unsigned char *tag, unsigned long taglen,
184 int *stat);
185
186 int eax_test(void);
187 #endif /* EAX MODE */
188
189 #ifdef LTC_OCB_MODE
190 typedef struct {
191 unsigned char L[MAXBLOCKSIZE], /* L value */
192 Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
193 Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
194 Lr[MAXBLOCKSIZE], /* L * x^-1 */
195 R[MAXBLOCKSIZE], /* R value */
196 checksum[MAXBLOCKSIZE]; /* current checksum */
197
198 symmetric_key key; /* scheduled key for cipher */
199 unsigned long block_index; /* index # for current block */
200 int cipher, /* cipher idx */
201 block_len; /* length of block */
202 } ocb_state;
203
204 int ocb_init(ocb_state *ocb, int cipher,
205 const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
206
207 int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
208 int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
209
210 int ocb_done_encrypt(ocb_state *ocb,
211 const unsigned char *pt, unsigned long ptlen,
212 unsigned char *ct,
213 unsigned char *tag, unsigned long *taglen);
214
215 int ocb_done_decrypt(ocb_state *ocb,
216 const unsigned char *ct, unsigned long ctlen,
217 unsigned char *pt,
218 const unsigned char *tag, unsigned long taglen, int *stat);
219
220 int ocb_encrypt_authenticate_memory(int cipher,
221 const unsigned char *key, unsigned long keylen,
222 const unsigned char *nonce,
223 const unsigned char *pt, unsigned long ptlen,
224 unsigned char *ct,
225 unsigned char *tag, unsigned long *taglen);
226
227 int ocb_decrypt_verify_memory(int cipher,
228 const unsigned char *key, unsigned long keylen,
229 const unsigned char *nonce,
230 const unsigned char *ct, unsigned long ctlen,
231 unsigned char *pt,
232 const unsigned char *tag, unsigned long taglen,
233 int *stat);
234
235 int ocb_test(void);
236
237 /* internal functions */
238 void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
239 int ocb_ntz(unsigned long x);
240 int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
241 unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
242
243 #endif /* LTC_OCB_MODE */
244
245 #ifdef LTC_OCB3_MODE
246 typedef struct {
247 unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */
248 Offset_current[MAXBLOCKSIZE], /* Offset_{current_block_index} value */
249 L_dollar[MAXBLOCKSIZE], /* L_$ value */
250 L_star[MAXBLOCKSIZE], /* L_* value */
251 L_[32][MAXBLOCKSIZE], /* L_{i} values */
252 tag_part[MAXBLOCKSIZE], /* intermediate result of tag calculation */
253 checksum[MAXBLOCKSIZE]; /* current checksum */
254
255 /* AAD related members */
256 unsigned char aSum_current[MAXBLOCKSIZE], /* AAD related helper variable */
257 aOffset_current[MAXBLOCKSIZE], /* AAD related helper variable */
258 adata_buffer[MAXBLOCKSIZE]; /* AAD buffer */
259 int adata_buffer_bytes; /* bytes in AAD buffer */
260 unsigned long ablock_index; /* index # for current adata (AAD) block */
261
262 symmetric_key key; /* scheduled key for cipher */
263 unsigned long block_index; /* index # for current data block */
264 int cipher, /* cipher idx */
265 tag_len, /* length of tag */
266 block_len; /* length of block */
267 } ocb3_state;
268
269 int ocb3_init(ocb3_state *ocb, int cipher,
270 const unsigned char *key, unsigned long keylen,
271 const unsigned char *nonce, unsigned long noncelen,
272 unsigned long taglen);
273
274 int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
275 int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
276 int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
277 int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
278 int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen);
279 int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen);
280
281 int ocb3_encrypt_authenticate_memory(int cipher,
282 const unsigned char *key, unsigned long keylen,
283 const unsigned char *nonce, unsigned long noncelen,
284 const unsigned char *adata, unsigned long adatalen,
285 const unsigned char *pt, unsigned long ptlen,
286 unsigned char *ct,
287 unsigned char *tag, unsigned long *taglen);
288
289 int ocb3_decrypt_verify_memory(int cipher,
290 const unsigned char *key, unsigned long keylen,
291 const unsigned char *nonce, unsigned long noncelen,
292 const unsigned char *adata, unsigned long adatalen,
293 const unsigned char *ct, unsigned long ctlen,
294 unsigned char *pt,
295 const unsigned char *tag, unsigned long taglen,
296 int *stat);
297
298 int ocb3_test(void);
299
300 #ifdef LTC_SOURCE
301 /* internal helper functions */
302 int ocb3_int_ntz(unsigned long x);
303 void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len);
304 #endif /* LTC_SOURCE */
305
306 #endif /* LTC_OCB3_MODE */
307
308 #ifdef LTC_CCM_MODE
309
310 #define CCM_ENCRYPT LTC_ENCRYPT
311 #define CCM_DECRYPT LTC_DECRYPT
312
313 typedef struct {
314 symmetric_key K;
315 int cipher, /* which cipher */
316 taglen, /* length of the tag */
317 x; /* index in PAD */
318
319 unsigned long L, /* L value */
320 ptlen, /* length that will be enc / dec */
321 current_ptlen, /* current processed length */
322 aadlen, /* length of the aad */
323 current_aadlen, /* length of the currently provided add */
324 noncelen; /* length of the nonce */
325
326 unsigned char PAD[16],
327 ctr[16],
328 CTRPAD[16],
329 CTRlen;
330 } ccm_state;
331
332 int ccm_init(ccm_state *ccm, int cipher,
333 const unsigned char *key, int keylen, int ptlen, int taglen, int aad_len);
334
335 int ccm_reset(ccm_state *ccm);
336
337 int ccm_add_nonce(ccm_state *ccm,
338 const unsigned char *nonce, unsigned long noncelen);
339
340 int ccm_add_aad(ccm_state *ccm,
341 const unsigned char *adata, unsigned long adatalen);
342
343 int ccm_process(ccm_state *ccm,
344 unsigned char *pt, unsigned long ptlen,
345 unsigned char *ct,
346 int direction);
347
348 int ccm_done(ccm_state *ccm,
349 unsigned char *tag, unsigned long *taglen);
350
351 int ccm_memory(int cipher,
352 const unsigned char *key, unsigned long keylen,
353 symmetric_key *uskey,
354 const unsigned char *nonce, unsigned long noncelen,
355 const unsigned char *header, unsigned long headerlen,
356 unsigned char *pt, unsigned long ptlen,
357 unsigned char *ct,
358 unsigned char *tag, unsigned long *taglen,
359 int direction);
360
361 int ccm_test(void);
362
363 #endif /* LTC_CCM_MODE */
364
365 #if defined(LRW_MODE) || defined(LTC_GCM_MODE)
366 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
367 #endif
368
369
370 /* table shared between GCM and LRW */
371 #if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST))
372 extern const unsigned char gcm_shift_table[];
373 #endif
374
375 #ifdef LTC_GCM_MODE
376
377 #define GCM_ENCRYPT LTC_ENCRYPT
378 #define GCM_DECRYPT LTC_DECRYPT
379
380 #define LTC_GCM_MODE_IV 0
381 #define LTC_GCM_MODE_AAD 1
382 #define LTC_GCM_MODE_TEXT 2
383
384 typedef struct {
385 symmetric_key K;
386 unsigned char H[16], /* multiplier */
387 X[16], /* accumulator */
388 Y[16], /* counter */
389 Y_0[16], /* initial counter */
390 buf[16]; /* buffer for stuff */
391
392 int cipher, /* which cipher */
393 ivmode, /* Which mode is the IV in? */
394 mode, /* mode the GCM code is in */
395 buflen; /* length of data in buf */
396
397 ulong64 totlen, /* 64-bit counter used for IV and AAD */
398 pttotlen; /* 64-bit counter for the PT */
399
400 #ifdef LTC_GCM_TABLES
401 unsigned char PC[16][256][16] /* 16 tables of 8x128 */
402 #ifdef LTC_GCM_TABLES_SSE2
403 __attribute__ ((aligned (16)))
404 #endif
405 ;
406 #endif
407 } gcm_state;
408
409 void gcm_mult_h(gcm_state *gcm, unsigned char *I);
410
411 int gcm_init(gcm_state *gcm, int cipher,
412 const unsigned char *key, int keylen);
413
414 int gcm_reset(gcm_state *gcm);
415
416 int gcm_add_iv(gcm_state *gcm,
417 const unsigned char *IV, unsigned long IVlen);
418
419 int gcm_add_aad(gcm_state *gcm,
420 const unsigned char *adata, unsigned long adatalen);
421
422 int gcm_process(gcm_state *gcm,
423 unsigned char *pt, unsigned long ptlen,
424 unsigned char *ct,
425 int direction);
426
427 int gcm_done(gcm_state *gcm,
428 unsigned char *tag, unsigned long *taglen);
429
430 int gcm_memory( int cipher,
431 const unsigned char *key, unsigned long keylen,
432 const unsigned char *IV, unsigned long IVlen,
433 const unsigned char *adata, unsigned long adatalen,
434 unsigned char *pt, unsigned long ptlen,
435 unsigned char *ct,
436 unsigned char *tag, unsigned long *taglen,
437 int direction);
438 int gcm_test(void);
439
440 #endif /* LTC_GCM_MODE */
441
442148 #ifdef LTC_PELICAN
443149
444150 typedef struct pelican_state
528234
529235 #endif
530236
237 /*
238 * ENC+AUTH modes
239 */
240
241 #ifdef LTC_EAX_MODE
242
243 #if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE))
244 #error LTC_EAX_MODE requires LTC_OMAC and CTR
245 #endif
246
247 typedef struct {
248 unsigned char N[MAXBLOCKSIZE];
249 symmetric_CTR ctr;
250 omac_state headeromac, ctomac;
251 } eax_state;
252
253 int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
254 const unsigned char *nonce, unsigned long noncelen,
255 const unsigned char *header, unsigned long headerlen);
256
257 int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length);
258 int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length);
259 int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length);
260 int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen);
261
262 int eax_encrypt_authenticate_memory(int cipher,
263 const unsigned char *key, unsigned long keylen,
264 const unsigned char *nonce, unsigned long noncelen,
265 const unsigned char *header, unsigned long headerlen,
266 const unsigned char *pt, unsigned long ptlen,
267 unsigned char *ct,
268 unsigned char *tag, unsigned long *taglen);
269
270 int eax_decrypt_verify_memory(int cipher,
271 const unsigned char *key, unsigned long keylen,
272 const unsigned char *nonce, unsigned long noncelen,
273 const unsigned char *header, unsigned long headerlen,
274 const unsigned char *ct, unsigned long ctlen,
275 unsigned char *pt,
276 unsigned char *tag, unsigned long taglen,
277 int *stat);
278
279 int eax_test(void);
280 #endif /* EAX MODE */
281
282 #ifdef LTC_OCB_MODE
283 typedef struct {
284 unsigned char L[MAXBLOCKSIZE], /* L value */
285 Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
286 Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
287 Lr[MAXBLOCKSIZE], /* L * x^-1 */
288 R[MAXBLOCKSIZE], /* R value */
289 checksum[MAXBLOCKSIZE]; /* current checksum */
290
291 symmetric_key key; /* scheduled key for cipher */
292 unsigned long block_index; /* index # for current block */
293 int cipher, /* cipher idx */
294 block_len; /* length of block */
295 } ocb_state;
296
297 int ocb_init(ocb_state *ocb, int cipher,
298 const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
299
300 int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
301 int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
302
303 int ocb_done_encrypt(ocb_state *ocb,
304 const unsigned char *pt, unsigned long ptlen,
305 unsigned char *ct,
306 unsigned char *tag, unsigned long *taglen);
307
308 int ocb_done_decrypt(ocb_state *ocb,
309 const unsigned char *ct, unsigned long ctlen,
310 unsigned char *pt,
311 const unsigned char *tag, unsigned long taglen, int *stat);
312
313 int ocb_encrypt_authenticate_memory(int cipher,
314 const unsigned char *key, unsigned long keylen,
315 const unsigned char *nonce,
316 const unsigned char *pt, unsigned long ptlen,
317 unsigned char *ct,
318 unsigned char *tag, unsigned long *taglen);
319
320 int ocb_decrypt_verify_memory(int cipher,
321 const unsigned char *key, unsigned long keylen,
322 const unsigned char *nonce,
323 const unsigned char *ct, unsigned long ctlen,
324 unsigned char *pt,
325 const unsigned char *tag, unsigned long taglen,
326 int *stat);
327
328 int ocb_test(void);
329
330 /* internal functions */
331 void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
332 int ocb_ntz(unsigned long x);
333 int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
334 unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
335
336 #endif /* LTC_OCB_MODE */
337
338 #ifdef LTC_OCB3_MODE
339 typedef struct {
340 unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */
341 Offset_current[MAXBLOCKSIZE], /* Offset_{current_block_index} value */
342 L_dollar[MAXBLOCKSIZE], /* L_$ value */
343 L_star[MAXBLOCKSIZE], /* L_* value */
344 L_[32][MAXBLOCKSIZE], /* L_{i} values */
345 tag_part[MAXBLOCKSIZE], /* intermediate result of tag calculation */
346 checksum[MAXBLOCKSIZE]; /* current checksum */
347
348 /* AAD related members */
349 unsigned char aSum_current[MAXBLOCKSIZE], /* AAD related helper variable */
350 aOffset_current[MAXBLOCKSIZE], /* AAD related helper variable */
351 adata_buffer[MAXBLOCKSIZE]; /* AAD buffer */
352 int adata_buffer_bytes; /* bytes in AAD buffer */
353 unsigned long ablock_index; /* index # for current adata (AAD) block */
354
355 symmetric_key key; /* scheduled key for cipher */
356 unsigned long block_index; /* index # for current data block */
357 int cipher, /* cipher idx */
358 tag_len, /* length of tag */
359 block_len; /* length of block */
360 } ocb3_state;
361
362 int ocb3_init(ocb3_state *ocb, int cipher,
363 const unsigned char *key, unsigned long keylen,
364 const unsigned char *nonce, unsigned long noncelen,
365 unsigned long taglen);
366
367 int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
368 int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
369 int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
370 int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
371 int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen);
372 int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen);
373
374 int ocb3_encrypt_authenticate_memory(int cipher,
375 const unsigned char *key, unsigned long keylen,
376 const unsigned char *nonce, unsigned long noncelen,
377 const unsigned char *adata, unsigned long adatalen,
378 const unsigned char *pt, unsigned long ptlen,
379 unsigned char *ct,
380 unsigned char *tag, unsigned long *taglen);
381
382 int ocb3_decrypt_verify_memory(int cipher,
383 const unsigned char *key, unsigned long keylen,
384 const unsigned char *nonce, unsigned long noncelen,
385 const unsigned char *adata, unsigned long adatalen,
386 const unsigned char *ct, unsigned long ctlen,
387 unsigned char *pt,
388 const unsigned char *tag, unsigned long taglen,
389 int *stat);
390
391 int ocb3_test(void);
392
393 #ifdef LTC_SOURCE
394 /* internal helper functions */
395 int ocb3_int_ntz(unsigned long x);
396 void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len);
397 #endif /* LTC_SOURCE */
398
399 #endif /* LTC_OCB3_MODE */
400
401 #ifdef LTC_CCM_MODE
402
403 #define CCM_ENCRYPT LTC_ENCRYPT
404 #define CCM_DECRYPT LTC_DECRYPT
405
406 typedef struct {
407 symmetric_key K;
408 int cipher, /* which cipher */
409 taglen, /* length of the tag */
410 x; /* index in PAD */
411
412 unsigned long L, /* L value */
413 ptlen, /* length that will be enc / dec */
414 current_ptlen, /* current processed length */
415 aadlen, /* length of the aad */
416 current_aadlen, /* length of the currently provided add */
417 noncelen; /* length of the nonce */
418
419 unsigned char PAD[16],
420 ctr[16],
421 CTRPAD[16],
422 CTRlen;
423 } ccm_state;
424
425 int ccm_init(ccm_state *ccm, int cipher,
426 const unsigned char *key, int keylen, int ptlen, int taglen, int aad_len);
427
428 int ccm_reset(ccm_state *ccm);
429
430 int ccm_add_nonce(ccm_state *ccm,
431 const unsigned char *nonce, unsigned long noncelen);
432
433 int ccm_add_aad(ccm_state *ccm,
434 const unsigned char *adata, unsigned long adatalen);
435
436 int ccm_process(ccm_state *ccm,
437 unsigned char *pt, unsigned long ptlen,
438 unsigned char *ct,
439 int direction);
440
441 int ccm_done(ccm_state *ccm,
442 unsigned char *tag, unsigned long *taglen);
443
444 int ccm_memory(int cipher,
445 const unsigned char *key, unsigned long keylen,
446 symmetric_key *uskey,
447 const unsigned char *nonce, unsigned long noncelen,
448 const unsigned char *header, unsigned long headerlen,
449 unsigned char *pt, unsigned long ptlen,
450 unsigned char *ct,
451 unsigned char *tag, unsigned long *taglen,
452 int direction);
453
454 int ccm_test(void);
455
456 #endif /* LTC_CCM_MODE */
457
458 #if defined(LRW_MODE) || defined(LTC_GCM_MODE)
459 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
460 #endif
461
462
463 /* table shared between GCM and LRW */
464 #if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST))
465 extern const unsigned char gcm_shift_table[];
466 #endif
467
468 #ifdef LTC_GCM_MODE
469
470 #define GCM_ENCRYPT LTC_ENCRYPT
471 #define GCM_DECRYPT LTC_DECRYPT
472
473 #define LTC_GCM_MODE_IV 0
474 #define LTC_GCM_MODE_AAD 1
475 #define LTC_GCM_MODE_TEXT 2
476
477 typedef struct {
478 symmetric_key K;
479 unsigned char H[16], /* multiplier */
480 X[16], /* accumulator */
481 Y[16], /* counter */
482 Y_0[16], /* initial counter */
483 buf[16]; /* buffer for stuff */
484
485 int cipher, /* which cipher */
486 ivmode, /* Which mode is the IV in? */
487 mode, /* mode the GCM code is in */
488 buflen; /* length of data in buf */
489
490 ulong64 totlen, /* 64-bit counter used for IV and AAD */
491 pttotlen; /* 64-bit counter for the PT */
492
493 #ifdef LTC_GCM_TABLES
494 unsigned char PC[16][256][16] /* 16 tables of 8x128 */
495 #ifdef LTC_GCM_TABLES_SSE2
496 __attribute__ ((aligned (16)))
497 #endif
498 ;
499 #endif
500 } gcm_state;
501
502 void gcm_mult_h(gcm_state *gcm, unsigned char *I);
503
504 int gcm_init(gcm_state *gcm, int cipher,
505 const unsigned char *key, int keylen);
506
507 int gcm_reset(gcm_state *gcm);
508
509 int gcm_add_iv(gcm_state *gcm,
510 const unsigned char *IV, unsigned long IVlen);
511
512 int gcm_add_aad(gcm_state *gcm,
513 const unsigned char *adata, unsigned long adatalen);
514
515 int gcm_process(gcm_state *gcm,
516 unsigned char *pt, unsigned long ptlen,
517 unsigned char *ct,
518 int direction);
519
520 int gcm_done(gcm_state *gcm,
521 unsigned char *tag, unsigned long *taglen);
522
523 int gcm_memory( int cipher,
524 const unsigned char *key, unsigned long keylen,
525 const unsigned char *IV, unsigned long IVlen,
526 const unsigned char *adata, unsigned long adatalen,
527 unsigned char *pt, unsigned long ptlen,
528 unsigned char *ct,
529 unsigned char *tag, unsigned long *taglen,
530 int direction);
531 int gcm_test(void);
532
533 #endif /* LTC_GCM_MODE */
534
531535 #ifdef LTC_CHACHA20POLY1305_MODE
532536
533537 typedef struct {
7171 /* ---- MEM routines ---- */
7272 int mem_neq(const void *a, const void *b, size_t len);
7373 void zeromem(volatile void *dst, size_t len);
74 #ifdef LTC_SOURCE
75 void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz);
76 #endif
7477 void burn_stack(unsigned long len);
7578
7679 const char *error_to_string(int err);
7272 fprintf(stderr, "Testvector #%i of %s failed:\n", which, what);
7373 _print_hex("SHOULD", should, should_len);
7474 _print_hex("IS ", is, is_len);
75 #if LTC_TEST_DBG > 1
76 } else {
77 fprintf(stderr, "Testvector #%i of %s passed!\n", which, what);
78 #endif
7579 }
7680 #else
7781 LTC_UNUSED_PARAM(which);
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt.h"
9
10 /**
11 @file copy_or_zeromem.c
12 Either copy or zero a block of memory in constant time, Steffen Jaeckel
13 */
14
15 /**
16 Either copy or zero a block of memory in constant time
17 @param src The source where to read from
18 @param dest The destination where to write to
19 @param len The length of the area to process (octets)
20 @param coz Copy (on 0) Or Zero (> 0)
21 */
22 void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz)
23 {
24 unsigned long y;
25 #ifdef LTC_FAST
26 unsigned long z;
27 LTC_FAST_TYPE fastMask = ~0; /* initialize fastMask at all ones */
28 #endif
29 unsigned char mask = 0xff; /* initialize mask at all ones */
30
31 LTC_ARGCHK(src != NULL);
32 LTC_ARGCHK(dest != NULL);
33
34 if (coz != 0) coz = 1;
35 y = 0;
36 mask *= 1 - coz; /* mask = ( coz ? 0 : 0xff ) */
37 #ifdef LTC_FAST
38 fastMask *= 1 - coz;
39 if (len & ~15) {
40 for (; y < (len & ~15); y += 16) {
41 for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
42 *(LTC_FAST_TYPE_PTR_CAST(&dest[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&src[y+z])) & fastMask;
43 }
44 }
45 }
46 #endif
47 for (; y < len; y++) {
48 dest[y] = src[y] & mask;
49 }
50 #ifdef LTC_CLEAN_STACK
51 #ifdef LTC_FAST
52 fastMask = 0;
53 #endif
54 mask = 0;
55 #endif
56 }
57
58 /* ref: $Format:%D$ */
59 /* git commit: $Format:%H$ */
60 /* commit time: $Format:%ai$ */
4646
4747 /* store header (include bit padding count in length) */
4848 x = 0;
49 y = (inlen >> 3) + ((inlen&7) ? 1 : 0) + 1;
49 y = ((inlen + 7) >> 3) + 1;
5050
5151 out[x++] = 0x03;
5252 if (y < 128) {
4848
4949 /* store header (include bit padding count in length) */
5050 x = 0;
51 y = (inlen >> 3) + ((inlen&7) ? 1 : 0) + 1;
51 y = ((inlen + 7) >> 3) + 1;
5252
5353 out[x++] = 0x03;
5454 if (y < 128) {
324324 {
325325 LTC_ARGCHK(st != NULL);
326326
327 XMEMSET(st, 0, sizeof(rabbit_state));
327 zeromem(st, sizeof(rabbit_state));
328328 return CRYPT_OK;
329329 }
330330
44 use File::Slurper qw(read_text write_text);
55 use FindBin;
66
7 #remove test files
8 warn "gonna remove unwanted..\n";
9 system 'rm', '-rf', "$FindBin::Bin/ltc/encauth/ocb/";
10 system 'rm', '-rf', "$FindBin::Bin/ltc/modes/f8/";
11 system 'rm', '-rf', "$FindBin::Bin/ltc/modes/lrw/";
12 system 'rm', '-rf', "$FindBin::Bin/ltc/modes/xts/";
13 system 'rm', '-rf', "$FindBin::Bin/ltc/pk/katja/";
14 find({ wanted=>sub { unlink $_ if $_ =~ /test\.c$/ && $_ !~ /sha3_test.c$/ }, no_chdir=>1 }, "$FindBin::Bin/ltc");
15
16 #fix modes
717 warn "gonna chmod..\n";
818 find({ wanted=>sub { system "chmod -x $_" if -f $_ && -x $_ && $_ =~ /\.(c|h)/ }, no_chdir=>1 }, "$FindBin::Bin/ltm", "$FindBin::Bin/ltc");
919
1020 my @objs = ();
11 warn "gonna find ltc..\n";
1221 find({ wanted=>sub { push @objs, $_ if $_ =~ /\.c$/ && $_ !~ /tab\.c$/}, no_chdir=>1 }, "$FindBin::Bin/ltc");
13 warn "gonna find ltm..\n";
1422 find({ wanted=>sub { push @objs, $_ if $_ =~ /\.c$/ }, no_chdir=>1 }, "$FindBin::Bin/ltm");
1523
1624 my $o = "OBJS=" . (join " ", map { s/\.c$/.o/r } map { s!^.*/(ltm|ltc)/!$1/!r } @objs) =~ s/(.{80}) /$1 \\\n/gr;
1725 my $obj = "OBJS=" . (join " ", map { s/\.c$/.obj/r } map { s!^.*/(ltm|ltc)/!$1/!r } @objs) =~ s/(.{80}) /$1 \\\n/gr;
1826
19 warn "gonna write makefiles..\n";
2027 write_text("$FindBin::Bin/Makefile", read_text("$FindBin::Bin/Makefile") =~ s/OBJS=.+?\.o\n/$o\n/sr);
2128 write_text("$FindBin::Bin/Makefile.nmake", read_text("$FindBin::Bin/Makefile.nmake") =~ s/OBJS=.+?\.obj\n/$obj\n/sr);