syncing libtomcrypt src
Karel Miko
8 years ago
5 | 5 | |
6 | 6 | my $flags = '-Isrc/ltc/headers -Isrc/ltm -DLTC_SOURCE -DLTC_NO_TEST -DLTC_NO_PROTOTYPES -DLTM_DESC'; |
7 | 7 | #$flags .= ' -Wall'; |
8 | #$flags .= ' -DLTC_NO_ASM' if $ENV{CRYPTX_NO_ASM} || $Config{archname} !~ /(MSWin32-(x86|x64)|(i.86|x86_64)-linux|(i.86|amd64)-(freebsd|openbsd)|cygwin|darwin)/; | |
9 | #$flags .= ' -DLTC_NO_FAST' if $^O eq 'cygwin' && $Config{cc} =~ /gcc/ && $Config{gccversion} =~ /^3\./; | |
8 | #$flags .= ' -DLTC_NO_FAST'; | |
9 | #$flags .= ' -DLTC_NO_ASM'; | |
10 | 10 | |
11 | 11 | my $class = Module::Build->subclass( |
12 | 12 | class => 'My::Builder', |
11 | 11 | - maybe: switch yarrow > fortuna for Crypt::PK::* |
12 | 12 | - maybe: add enc_b64/dec_b64 + enc_b64u/dec_b64u + enc_b32/dec_b32 |
13 | 13 | - maybe: x509_rsa_pubkey + x509_rsa_pubkey_alg |
14 | ||
15 | 0.026_01..03 2015/12/29 | |
16 | - sync with https://github.com/libtom/libtomcrypt (branch develop) | |
17 | - 0.026_02 = with -Wall | |
18 | - 0.026_03 = with -DLTC_NO_FAST | |
14 | 19 | |
15 | 20 | 0.026 2015/11/28 |
16 | 21 | - switch to JSON::MaybeXS |
2 | 2 | use strict; |
3 | 3 | use warnings ; |
4 | 4 | |
5 | our $VERSION = '0.026'; | |
5 | our $VERSION = '0.026_04'; | |
6 | 6 | |
7 | 7 | require XSLoader; |
8 | 8 | XSLoader::load('CryptX', $VERSION); |
76 | 76 | SvCUR_set(pt, ct_len); |
77 | 77 | |
78 | 78 | xtag_len = (unsigned long)t_len; |
79 | Copy(t, xtag, t_len, unsigned char); | |
79 | 80 | |
80 | 81 | rv = ccm_memory(id, k, (unsigned long)k_len, NULL, n, (unsigned long)n_len, h, (unsigned long)h_len, |
81 | 82 | (unsigned char *)SvPV_nolen(pt), (unsigned long)ct_len, ct, xtag, &xtag_len, CCM_DECRYPT); |
82 | if (rv != CRYPT_OK) croak("FATAL: ccm_memory failed: %s", error_to_string(rv)); | |
83 | ||
84 | if (t_len!=xtag_len) { | |
85 | XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */ | |
86 | } | |
87 | else if (memNE(t, xtag, xtag_len)) { | |
83 | if (rv != CRYPT_OK) { | |
88 | 84 | XPUSHs(sv_2mortal(newSVpvn(NULL,0))); /* undef */ |
89 | 85 | } |
90 | 86 | else { |
48 | 48 | 6, |
49 | 49 | 16, 32, 16, 10, |
50 | 50 | SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, |
51 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
51 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
52 | 52 | }; |
53 | 53 | |
54 | 54 | const struct ltc_cipher_descriptor aes_desc = |
57 | 57 | 6, |
58 | 58 | 16, 32, 16, 10, |
59 | 59 | SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, |
60 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
60 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
61 | 61 | }; |
62 | 62 | |
63 | 63 | #else |
73 | 73 | 6, |
74 | 74 | 16, 32, 16, 10, |
75 | 75 | SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, |
76 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
76 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
77 | 77 | }; |
78 | 78 | |
79 | 79 | const struct ltc_cipher_descriptor aes_enc_desc = |
82 | 82 | 6, |
83 | 83 | 16, 32, 16, 10, |
84 | 84 | SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, |
85 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
85 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
86 | 86 | }; |
87 | 87 | |
88 | 88 | #endif |
28 | 28 | &anubis_test, |
29 | 29 | &anubis_done, |
30 | 30 | &anubis_keysize, |
31 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
31 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
32 | 32 | }; |
33 | 33 | |
34 | 34 | #define MIN_N 4 |
26 | 26 | &blowfish_test, |
27 | 27 | &blowfish_done, |
28 | 28 | &blowfish_keysize, |
29 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
29 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
30 | 30 | }; |
31 | 31 | |
32 | 32 | static const ulong32 ORIG_P[16 + 2] = { |
27 | 27 | &camellia_test, |
28 | 28 | &camellia_done, |
29 | 29 | &camellia_keysize, |
30 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
30 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
31 | 31 | }; |
32 | 32 | |
33 | 33 | static const ulong32 SP1110[] = { |
26 | 26 | &cast5_test, |
27 | 27 | &cast5_done, |
28 | 28 | &cast5_keysize, |
29 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
29 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
30 | 30 | }; |
31 | 31 | |
32 | 32 | static const ulong32 S1[256] = { |
11 | 11 | |
12 | 12 | /** |
13 | 13 | @file des.c |
14 | LTC_DES code submitted by Dobes Vandermeer | |
14 | DES code submitted by Dobes Vandermeer | |
15 | 15 | */ |
16 | 16 | |
17 | 17 | #ifdef LTC_DES |
30 | 30 | &des_test, |
31 | 31 | &des_done, |
32 | 32 | &des_keysize, |
33 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
33 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
34 | 34 | }; |
35 | 35 | |
36 | 36 | const struct ltc_cipher_descriptor des3_desc = |
44 | 44 | &des3_test, |
45 | 45 | &des3_done, |
46 | 46 | &des3_keysize, |
47 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
47 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
48 | 48 | }; |
49 | 49 | |
50 | 50 | static const ulong32 bytebit[8] = |
1449 | 1449 | for (cur_round = 0; cur_round < 8; cur_round++) { |
1450 | 1450 | work = RORc(right, 4) ^ *keys++; |
1451 | 1451 | leftt ^= SP7[work & 0x3fL] |
1452 | ^ SP5[(work >> 8) & 0x3fL] | |
1453 | ^ SP3[(work >> 16) & 0x3fL] | |
1454 | ^ SP1[(work >> 24) & 0x3fL]; | |
1452 | ^ SP5[(work >> 8) & 0x3fL] | |
1453 | ^ SP3[(work >> 16) & 0x3fL] | |
1454 | ^ SP1[(work >> 24) & 0x3fL]; | |
1455 | 1455 | work = right ^ *keys++; |
1456 | 1456 | leftt ^= SP8[ work & 0x3fL] |
1457 | 1457 | ^ SP6[(work >> 8) & 0x3fL] |
1749 | 1749 | { 0x0D, 0x9F, 0x27, 0x9B, 0xA5, 0xD8, 0x72, 0x60 } }, |
1750 | 1750 | {10, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, |
1751 | 1751 | { 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, |
1752 | { 0xD9, 0x03, 0x1B, 0x02, 0x71, 0xBD, 0x5A, 0x0A } } | |
1752 | { 0xD9, 0x03, 0x1B, 0x02, 0x71, 0xBD, 0x5A, 0x0A } }, | |
1753 | ||
1754 | #ifdef LTC_TEST_EXT | |
1755 | { 0+11, 0, { 0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1756 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1757 | { 0x95, 0xA8, 0xD7, 0x28, 0x13, 0xDA, 0xA9, 0x4D } }, | |
1758 | { 1+11, 0, { 0x40, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1759 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1760 | { 0x0E, 0xEC, 0x14, 0x87, 0xDD, 0x8C, 0x26, 0xD5 } }, | |
1761 | { 2+11, 0, { 0x20, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1762 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1763 | { 0x7A, 0xD1, 0x6F, 0xFB, 0x79, 0xC4, 0x59, 0x26 } }, | |
1764 | { 3+11, 0, { 0x10, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1765 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1766 | { 0xD3, 0x74, 0x62, 0x94, 0xCA, 0x6A, 0x6C, 0xF3 } }, | |
1767 | { 4+11, 0, { 0x08, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1768 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1769 | { 0x80, 0x9F, 0x5F, 0x87, 0x3C, 0x1F, 0xD7, 0x61 } }, | |
1770 | { 5+11, 0, { 0x04, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1771 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1772 | { 0xC0, 0x2F, 0xAF, 0xFE, 0xC9, 0x89, 0xD1, 0xFC } }, | |
1773 | { 6+11, 0, { 0x02, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1774 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1775 | { 0x46, 0x15, 0xAA, 0x1D, 0x33, 0xE7, 0x2F, 0x10 } }, | |
1776 | { 7+11, 0, { 0x01, 0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1777 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1778 | { 0x20, 0x55, 0x12, 0x33, 0x50, 0xC0, 0x08, 0x58 } }, | |
1779 | { 8+11, 0, { 0x01, 0x40, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1780 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1781 | { 0xDF, 0x3B, 0x99, 0xD6, 0x57, 0x73, 0x97, 0xC8 } }, | |
1782 | { 9+11, 0, { 0x01, 0x20, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1783 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1784 | { 0x31, 0xFE, 0x17, 0x36, 0x9B, 0x52, 0x88, 0xC9 } }, | |
1785 | {10+11, 0, { 0x01, 0x10, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1786 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1787 | { 0xDF, 0xDD, 0x3C, 0xC6, 0x4D, 0xAE, 0x16, 0x42 } }, | |
1788 | {11+11, 0, { 0x01, 0x08, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1789 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1790 | { 0x17, 0x8C, 0x83, 0xCE, 0x2B, 0x39, 0x9D, 0x94 } }, | |
1791 | {12+11, 0, { 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1792 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1793 | { 0x50, 0xF6, 0x36, 0x32, 0x4A, 0x9B, 0x7F, 0x80 } }, | |
1794 | {13+11, 0, { 0x01, 0x02, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1795 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1796 | { 0xA8, 0x46, 0x8E, 0xE3, 0xBC, 0x18, 0xF0, 0x6D } }, | |
1797 | {14+11, 0, { 0x01, 0x01, 0x80, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1798 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1799 | { 0xA2, 0xDC, 0x9E, 0x92, 0xFD, 0x3C, 0xDE, 0x92 } }, | |
1800 | {15+11, 0, { 0x01, 0x01, 0x40, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1801 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1802 | { 0xCA, 0xC0, 0x9F, 0x79, 0x7D, 0x03, 0x12, 0x87 } }, | |
1803 | {16+11, 0, { 0x01, 0x01, 0x20, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1804 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1805 | { 0x90, 0xBA, 0x68, 0x0B, 0x22, 0xAE, 0xB5, 0x25 } }, | |
1806 | {17+11, 0, { 0x01, 0x01, 0x10, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1807 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1808 | { 0xCE, 0x7A, 0x24, 0xF3, 0x50, 0xE2, 0x80, 0xB6 } }, | |
1809 | {18+11, 0, { 0x01, 0x01, 0x08, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1810 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1811 | { 0x88, 0x2B, 0xFF, 0x0A, 0xA0, 0x1A, 0x0B, 0x87 } }, | |
1812 | {19+11, 0, { 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1813 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1814 | { 0x25, 0x61, 0x02, 0x88, 0x92, 0x45, 0x11, 0xC2 } }, | |
1815 | {20+11, 0, { 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x01, 0x01 }, | |
1816 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1817 | { 0xC7, 0x15, 0x16, 0xC2, 0x9C, 0x75, 0xD1, 0x70 } }, | |
1818 | {21+11, 0, { 0x01, 0x01, 0x01, 0x80, 0x01, 0x01, 0x01, 0x01 }, | |
1819 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1820 | { 0x51, 0x99, 0xC2, 0x9A, 0x52, 0xC9, 0xF0, 0x59 } }, | |
1821 | {22+11, 0, { 0x01, 0x01, 0x01, 0x40, 0x01, 0x01, 0x01, 0x01 }, | |
1822 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1823 | { 0xC2, 0x2F, 0x0A, 0x29, 0x4A, 0x71, 0xF2, 0x9F } }, | |
1824 | {23+11, 0, { 0x01, 0x01, 0x01, 0x20, 0x01, 0x01, 0x01, 0x01 }, | |
1825 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1826 | { 0xEE, 0x37, 0x14, 0x83, 0x71, 0x4C, 0x02, 0xEA } }, | |
1827 | {24+11, 0, { 0x01, 0x01, 0x01, 0x10, 0x01, 0x01, 0x01, 0x01 }, | |
1828 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1829 | { 0xA8, 0x1F, 0xBD, 0x44, 0x8F, 0x9E, 0x52, 0x2F } }, | |
1830 | {25+11, 0, { 0x01, 0x01, 0x01, 0x08, 0x01, 0x01, 0x01, 0x01 }, | |
1831 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1832 | { 0x4F, 0x64, 0x4C, 0x92, 0xE1, 0x92, 0xDF, 0xED } }, | |
1833 | {26+11, 0, { 0x01, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01 }, | |
1834 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1835 | { 0x1A, 0xFA, 0x9A, 0x66, 0xA6, 0xDF, 0x92, 0xAE } }, | |
1836 | {27+11, 0, { 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x01 }, | |
1837 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1838 | { 0xB3, 0xC1, 0xCC, 0x71, 0x5C, 0xB8, 0x79, 0xD8 } }, | |
1839 | {28+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x80, 0x01, 0x01, 0x01 }, | |
1840 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1841 | { 0x19, 0xD0, 0x32, 0xE6, 0x4A, 0xB0, 0xBD, 0x8B } }, | |
1842 | {29+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x40, 0x01, 0x01, 0x01 }, | |
1843 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1844 | { 0x3C, 0xFA, 0xA7, 0xA7, 0xDC, 0x87, 0x20, 0xDC } }, | |
1845 | {30+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x20, 0x01, 0x01, 0x01 }, | |
1846 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1847 | { 0xB7, 0x26, 0x5F, 0x7F, 0x44, 0x7A, 0xC6, 0xF3 } }, | |
1848 | {31+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x10, 0x01, 0x01, 0x01 }, | |
1849 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1850 | { 0x9D, 0xB7, 0x3B, 0x3C, 0x0D, 0x16, 0x3F, 0x54 } }, | |
1851 | {32+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x08, 0x01, 0x01, 0x01 }, | |
1852 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1853 | { 0x81, 0x81, 0xB6, 0x5B, 0xAB, 0xF4, 0xA9, 0x75 } }, | |
1854 | {33+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01 }, | |
1855 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1856 | { 0x93, 0xC9, 0xB6, 0x40, 0x42, 0xEA, 0xA2, 0x40 } }, | |
1857 | {34+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01 }, | |
1858 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1859 | { 0x55, 0x70, 0x53, 0x08, 0x29, 0x70, 0x55, 0x92 } }, | |
1860 | {35+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x80, 0x01, 0x01 }, | |
1861 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1862 | { 0x86, 0x38, 0x80, 0x9E, 0x87, 0x87, 0x87, 0xA0 } }, | |
1863 | {36+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x40, 0x01, 0x01 }, | |
1864 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1865 | { 0x41, 0xB9, 0xA7, 0x9A, 0xF7, 0x9A, 0xC2, 0x08 } }, | |
1866 | {37+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x01, 0x01 }, | |
1867 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1868 | { 0x7A, 0x9B, 0xE4, 0x2F, 0x20, 0x09, 0xA8, 0x92 } }, | |
1869 | {38+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x10, 0x01, 0x01 }, | |
1870 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1871 | { 0x29, 0x03, 0x8D, 0x56, 0xBA, 0x6D, 0x27, 0x45 } }, | |
1872 | {39+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x08, 0x01, 0x01 }, | |
1873 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1874 | { 0x54, 0x95, 0xC6, 0xAB, 0xF1, 0xE5, 0xDF, 0x51 } }, | |
1875 | {40+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x04, 0x01, 0x01 }, | |
1876 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1877 | { 0xAE, 0x13, 0xDB, 0xD5, 0x61, 0x48, 0x89, 0x33 } }, | |
1878 | {41+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01 }, | |
1879 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1880 | { 0x02, 0x4D, 0x1F, 0xFA, 0x89, 0x04, 0xE3, 0x89 } }, | |
1881 | {42+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80, 0x01 }, | |
1882 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1883 | { 0xD1, 0x39, 0x97, 0x12, 0xF9, 0x9B, 0xF0, 0x2E } }, | |
1884 | {43+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x40, 0x01 }, | |
1885 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1886 | { 0x14, 0xC1, 0xD7, 0xC1, 0xCF, 0xFE, 0xC7, 0x9E } }, | |
1887 | {44+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x01 }, | |
1888 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1889 | { 0x1D, 0xE5, 0x27, 0x9D, 0xAE, 0x3B, 0xED, 0x6F } }, | |
1890 | {45+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x10, 0x01 }, | |
1891 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1892 | { 0xE9, 0x41, 0xA3, 0x3F, 0x85, 0x50, 0x13, 0x03 } }, | |
1893 | {46+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x08, 0x01 }, | |
1894 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1895 | { 0xDA, 0x99, 0xDB, 0xBC, 0x9A, 0x03, 0xF3, 0x79 } }, | |
1896 | {47+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x04, 0x01 }, | |
1897 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1898 | { 0xB7, 0xFC, 0x92, 0xF9, 0x1D, 0x8E, 0x92, 0xE9 } }, | |
1899 | {48+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01 }, | |
1900 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1901 | { 0xAE, 0x8E, 0x5C, 0xAA, 0x3C, 0xA0, 0x4E, 0x85 } }, | |
1902 | {49+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80 }, | |
1903 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1904 | { 0x9C, 0xC6, 0x2D, 0xF4, 0x3B, 0x6E, 0xED, 0x74 } }, | |
1905 | {50+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x40 }, | |
1906 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1907 | { 0xD8, 0x63, 0xDB, 0xB5, 0xC5, 0x9A, 0x91, 0xA0 } }, | |
1908 | {51+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20 }, | |
1909 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1910 | { 0xA1, 0xAB, 0x21, 0x90, 0x54, 0x5B, 0x91, 0xD7 } }, | |
1911 | {52+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x10 }, | |
1912 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1913 | { 0x08, 0x75, 0x04, 0x1E, 0x64, 0xC5, 0x70, 0xF7 } }, | |
1914 | {53+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x08 }, | |
1915 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1916 | { 0x5A, 0x59, 0x45, 0x28, 0xBE, 0xBE, 0xF1, 0xCC } }, | |
1917 | {54+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x04 }, | |
1918 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1919 | { 0xFC, 0xDB, 0x32, 0x91, 0xDE, 0x21, 0xF0, 0xC0 } }, | |
1920 | {55+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02 }, | |
1921 | { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, | |
1922 | { 0x86, 0x9E, 0xFD, 0x7F, 0x9F, 0x26, 0x5A, 0x09 } }, | |
1923 | #endif /* LTC_TEST_EXT */ | |
1753 | 1924 | |
1754 | 1925 | /*** more test cases you could add if you are not convinced (the above test cases aren't really too good): |
1755 | 1926 |
32 | 32 | &kasumi_test, |
33 | 33 | &kasumi_done, |
34 | 34 | &kasumi_keysize, |
35 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
35 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
36 | 36 | }; |
37 | 37 | |
38 | 38 | static u16 FI( u16 in, u16 subkey ) |
27 | 27 | &khazad_test, |
28 | 28 | &khazad_done, |
29 | 29 | &khazad_keysize, |
30 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
30 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
31 | 31 | }; |
32 | 32 | |
33 | 33 | #define R 8 |
28 | 28 | &kseed_test, |
29 | 29 | &kseed_done, |
30 | 30 | &kseed_keysize, |
31 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
31 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
32 | 32 | }; |
33 | 33 | |
34 | 34 | static const ulong32 SS0[256] = { |
115 | 115 | &multi2_test, |
116 | 116 | &multi2_done, |
117 | 117 | &multi2_keysize, |
118 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
118 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
119 | 119 | }; |
120 | 120 | |
121 | 121 | int multi2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
26 | 26 | &noekeon_test, |
27 | 27 | &noekeon_done, |
28 | 28 | &noekeon_keysize, |
29 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
29 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
30 | 30 | }; |
31 | 31 | |
32 | 32 | static const ulong32 RC[] = { |
35 | 35 | &rc2_test, |
36 | 36 | &rc2_done, |
37 | 37 | &rc2_keysize, |
38 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
38 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
39 | 39 | }; |
40 | 40 | |
41 | 41 | /* 256-entry permutation table, probably derived somehow from pi */ |
28 | 28 | &rc5_test, |
29 | 29 | &rc5_done, |
30 | 30 | &rc5_keysize, |
31 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
31 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
32 | 32 | }; |
33 | 33 | |
34 | 34 | static const ulong32 stab[50] = { |
27 | 27 | &rc6_test, |
28 | 28 | &rc6_done, |
29 | 29 | &rc6_keysize, |
30 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
30 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
31 | 31 | }; |
32 | 32 | |
33 | 33 | static const ulong32 stab[44] = { |
44 | 44 | &safer_k64_test, |
45 | 45 | &safer_done, |
46 | 46 | &safer_64_keysize, |
47 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
47 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
48 | 48 | }, |
49 | 49 | |
50 | 50 | safer_sk64_desc = { |
56 | 56 | &safer_sk64_test, |
57 | 57 | &safer_done, |
58 | 58 | &safer_64_keysize, |
59 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
59 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
60 | 60 | }, |
61 | 61 | |
62 | 62 | safer_k128_desc = { |
68 | 68 | &safer_sk128_test, |
69 | 69 | &safer_done, |
70 | 70 | &safer_128_keysize, |
71 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
71 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
72 | 72 | }, |
73 | 73 | |
74 | 74 | safer_sk128_desc = { |
80 | 80 | &safer_sk128_test, |
81 | 81 | &safer_done, |
82 | 82 | &safer_128_keysize, |
83 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
83 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
84 | 84 | }; |
85 | 85 | |
86 | 86 | /******************* Constants ************************************************/ |
30 | 30 | &saferp_test, |
31 | 31 | &saferp_done, |
32 | 32 | &saferp_keysize, |
33 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
33 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
34 | 34 | }; |
35 | 35 | |
36 | 36 | /* ROUND(b,i) |
27 | 27 | &skipjack_test, |
28 | 28 | &skipjack_done, |
29 | 29 | &skipjack_keysize, |
30 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
30 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
31 | 31 | }; |
32 | 32 | |
33 | 33 | static const unsigned char sbox[256] = { |
34 | 34 | &twofish_test, |
35 | 35 | &twofish_done, |
36 | 36 | &twofish_keysize, |
37 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
37 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
38 | 38 | }; |
39 | 39 | |
40 | 40 | /* the two polynomials */ |
27 | 27 | &xtea_test, |
28 | 28 | &xtea_done, |
29 | 29 | &xtea_keysize, |
30 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
30 | NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL | |
31 | 31 | }; |
32 | 32 | |
33 | 33 | int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) |
19 | 19 | /** |
20 | 20 | CCM encrypt/decrypt and produce an authentication tag |
21 | 21 | |
22 | *1 'pt' and 'ct' can both be 'in' or 'out', depending on 'direction' | |
22 | *1 'pt', 'ct' and 'tag' can both be 'in' or 'out', depending on 'direction' | |
23 | 23 | |
24 | 24 | @param cipher The index of the cipher desired |
25 | 25 | @param key The secret key to use |
32 | 32 | @param pt [*1] The plaintext |
33 | 33 | @param ptlen The length of the plaintext (octets) |
34 | 34 | @param ct [*1] The ciphertext |
35 | @param tag [out] The destination tag | |
36 | @param taglen [in/out] The max size and resulting size of the authentication tag | |
35 | @param tag [*1] The destination tag | |
36 | @param taglen The max size and resulting size of the authentication tag | |
37 | 37 | @param direction Encrypt or Decrypt direction (0 or 1) |
38 | 38 | @return CRYPT_OK if successful |
39 | 39 | */ |
47 | 47 | unsigned char *tag, unsigned long *taglen, |
48 | 48 | int direction) |
49 | 49 | { |
50 | unsigned char PAD[16], ctr[16], CTRPAD[16], b; | |
50 | unsigned char PAD[16], ctr[16], CTRPAD[16], ptTag[16], b, *pt_real; | |
51 | unsigned char *pt_work = NULL; | |
51 | 52 | symmetric_key *skey; |
52 | 53 | int err; |
53 | 54 | unsigned long len, L, x, y, z, CTRlen; |
55 | #ifdef LTC_FAST | |
56 | LTC_FAST_TYPE fastMask = -1; /* initialize fastMask at all zeroes */ | |
57 | #endif | |
58 | unsigned char mask = 0xff; /* initialize mask at all zeroes */ | |
54 | 59 | |
55 | 60 | if (uskey == NULL) { |
56 | 61 | LTC_ARGCHK(key != NULL); |
63 | 68 | LTC_ARGCHK(ct != NULL); |
64 | 69 | LTC_ARGCHK(tag != NULL); |
65 | 70 | LTC_ARGCHK(taglen != NULL); |
71 | ||
72 | pt_real = pt; | |
66 | 73 | |
67 | 74 | #ifdef LTC_FAST |
68 | 75 | if (16 % sizeof(LTC_FAST_TYPE)) { |
119 | 126 | L = 15 - noncelen; |
120 | 127 | } |
121 | 128 | |
122 | /* decrease noncelen to match L */ | |
123 | if ((noncelen + L) > 15) { | |
124 | noncelen = 15 - L; | |
125 | } | |
126 | ||
127 | 129 | /* allocate mem for the symmetric key */ |
128 | 130 | if (uskey == NULL) { |
129 | 131 | skey = XMALLOC(sizeof(*skey)); |
138 | 140 | } |
139 | 141 | } else { |
140 | 142 | skey = uskey; |
143 | } | |
144 | ||
145 | /* initialize buffer for pt */ | |
146 | if (direction == CCM_DECRYPT) { | |
147 | pt_work = XMALLOC(ptlen); | |
148 | if (pt_work == NULL) { | |
149 | goto error; | |
150 | } | |
151 | pt = pt_work; | |
141 | 152 | } |
142 | 153 | |
143 | 154 | /* form B_0 == flags | Nonce N | l(m) */ |
202 | 213 | PAD[x++] ^= header[y]; |
203 | 214 | } |
204 | 215 | |
205 | /* remainder? */ | |
206 | if (x != 0) { | |
207 | if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { | |
208 | goto error; | |
209 | } | |
216 | /* remainder */ | |
217 | if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { | |
218 | goto error; | |
210 | 219 | } |
211 | 220 | } |
212 | 221 | |
253 | 262 | goto error; |
254 | 263 | } |
255 | 264 | } |
256 | } else { | |
265 | } else { /* direction == CCM_DECRYPT */ | |
257 | 266 | for (; y < (ptlen & ~15); y += 16) { |
258 | 267 | /* increment the ctr? */ |
259 | 268 | for (z = 15; z > 15-L; z--) { |
327 | 336 | cipher_descriptor[cipher].done(skey); |
328 | 337 | } |
329 | 338 | |
330 | /* store the TAG */ | |
331 | for (x = 0; x < 16 && x < *taglen; x++) { | |
332 | tag[x] = PAD[x] ^ CTRPAD[x]; | |
333 | } | |
334 | *taglen = x; | |
339 | if (direction == CCM_ENCRYPT) { | |
340 | /* store the TAG */ | |
341 | for (x = 0; x < 16 && x < *taglen; x++) { | |
342 | tag[x] = PAD[x] ^ CTRPAD[x]; | |
343 | } | |
344 | *taglen = x; | |
345 | } else { /* direction == CCM_DECRYPT */ | |
346 | /* decrypt the tag */ | |
347 | for (x = 0; x < 16 && x < *taglen; x++) { | |
348 | ptTag[x] = tag[x] ^ CTRPAD[x]; | |
349 | } | |
350 | *taglen = x; | |
351 | ||
352 | /* check validity of the decrypted tag against the computed PAD (in constant time) */ | |
353 | /* HACK: the boolean value of XMEM_NEQ becomes either 0 (CRYPT_OK) or 1 (CRYPT_ERR). | |
354 | * there should be a better way of setting the correct error code in constant | |
355 | * time. | |
356 | */ | |
357 | err = XMEM_NEQ(ptTag, PAD, *taglen); | |
358 | ||
359 | /* Zero the plaintext if the tag was invalid (in constant time) */ | |
360 | if (ptlen > 0) { | |
361 | y = 0; | |
362 | mask *= 1 - err; /* mask = ( err ? 0 : 0xff ) */ | |
363 | #ifdef LTC_FAST | |
364 | fastMask *= 1 - err; | |
365 | if (ptlen & ~15) { | |
366 | for (; y < (ptlen & ~15); y += 16) { | |
367 | for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { | |
368 | *((LTC_FAST_TYPE*)(&pt_real[y+z])) = *((LTC_FAST_TYPE*)(&pt[y+z])) & fastMask; | |
369 | } | |
370 | } | |
371 | } | |
372 | #endif | |
373 | for (; y < ptlen; y++) { | |
374 | pt_real[y] = pt[y] & mask; | |
375 | } | |
376 | } | |
377 | } | |
335 | 378 | |
336 | 379 | #ifdef LTC_CLEAN_STACK |
380 | fastMask = 0; | |
381 | mask = 0; | |
337 | 382 | zeromem(skey, sizeof(*skey)); |
338 | 383 | zeromem(PAD, sizeof(PAD)); |
339 | 384 | zeromem(CTRPAD, sizeof(CTRPAD)); |
385 | if (pt_work != NULL) { | |
386 | zeromem(pt_work, ptlen); | |
387 | } | |
340 | 388 | #endif |
341 | 389 | error: |
390 | if (pt_work) { | |
391 | XFREE(pt_work); | |
392 | } | |
342 | 393 | if (skey != uskey) { |
343 | 394 | XFREE(skey); |
344 | 395 | } |
10 | 10 | |
11 | 11 | /* use configuration data */ |
12 | 12 | #include <tomcrypt_custom.h> |
13 | ||
14 | /* Define inline for MSVC<2015 */ | |
15 | # if defined(_MSC_VER) && _MSC_VER < 1900 | |
16 | # define inline __inline | |
17 | # endif | |
18 | 13 | |
19 | 14 | #ifdef __cplusplus |
20 | 15 | extern "C" { |
4 | 4 | #include <signal.h> |
5 | 5 | |
6 | 6 | /* this is the default LibTomCrypt macro */ |
7 | void crypt_argchk(char *v, char *s, int d); | |
8 | #define LTC_ARGCHK(x) if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } | |
9 | #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) | |
7 | #if defined(__clang__) || defined(__GNUC_MINOR__) | |
8 | #define NORETURN __attribute__ ((noreturn)) | |
9 | #else | |
10 | #define NORETURN | |
11 | #endif | |
12 | ||
13 | void crypt_argchk(char *v, char *s, int d) NORETURN; | |
14 | #define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | |
15 | #define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) | |
10 | 16 | |
11 | 17 | #elif ARGTYPE == 1 |
12 | 18 |
99 | 99 | typedef unsigned long ulong32; |
100 | 100 | #endif |
101 | 101 | |
102 | #ifdef LTC_NO_FAST | |
103 | #undef LTC_FAST | |
104 | #endif | |
105 | ||
106 | #ifdef LTC_FAST | |
107 | #if __GNUC__ < 4 /* if the compiler does not support gnu extensions, i.e. its neither clang nor gcc nor icc */ | |
108 | #error the LTC_FAST hack is only available on compilers that support __attribute__((may_alias)) - disable it for your compiler, and dont worry, it won`t buy you much anyway | |
109 | #else | |
110 | #ifdef ENDIAN_64BITWORD | |
111 | typedef ulong64 __attribute__((__may_alias__)) LTC_FAST_TYPE; | |
112 | #else | |
113 | typedef ulong32 __attribute__((__may_alias__)) LTC_FAST_TYPE; | |
114 | #endif | |
115 | #endif | |
116 | #endif /* LTC_FAST */ | |
117 | ||
102 | 118 | /* detect sparc and sparc64 */ |
103 | 119 | #if defined(__sparc__) |
104 | 120 | #define ENDIAN_BIG |
113 | 129 | typedef ulong64 ltc_mp_digit; |
114 | 130 | #else |
115 | 131 | typedef ulong32 ltc_mp_digit; |
116 | #endif | |
117 | ||
118 | #ifdef LTC_NO_FAST | |
119 | #ifdef LTC_FAST | |
120 | #undef LTC_FAST | |
121 | #endif | |
122 | #endif | |
123 | ||
124 | /* if the compiler does not support __attribute__((__may_alias__)) */ | |
125 | /* MSVC: http://stackoverflow.com/questions/70013/how-to-detect-if-im-compiling-code-with-visual-studio-2008 */ | |
126 | #if (defined(__GNUC__) && __GNUC__ < 4) || (defined(_MSC_VER) && _MSC_VER < 1300) | |
127 | #undef LTC_FAST | |
128 | 132 | #endif |
129 | 133 | |
130 | 134 | /* No asm is a quick way to disable anything "not portable" */ |
157 | 161 | #error Can not be 32 and 64 bit words... |
158 | 162 | #endif |
159 | 163 | |
160 | #ifdef LTC_FAST | |
161 | #ifdef ENDIAN_64BITWORD | |
162 | typedef ulong64 __attribute__((__may_alias__)) LTC_FAST_TYPE; | |
163 | #else | |
164 | typedef ulong32 __attribute__((__may_alias__)) LTC_FAST_TYPE; | |
165 | #endif | |
166 | #endif /* LTC_FAST */ | |
167 | ||
168 | 164 | /* gcc 4.3 and up has a bswap builtin; detect it by gcc version. |
169 | 165 | * clang also supports the bswap builtin, and although clang pretends |
170 | 166 | * to be gcc (macro-wise, anyway), clang pretends to be a version |
552 | 552 | const unsigned char *key, unsigned long keylen, |
553 | 553 | const unsigned char *in, unsigned long inlen, |
554 | 554 | unsigned char *out, unsigned long *outlen); |
555 | ||
556 | /** Accelerated XTS encryption | |
557 | @param pt Plaintext | |
558 | @param ct Ciphertext | |
559 | @param blocks The number of complete blocks to process | |
560 | @param tweak The 128-bit encryption tweak (input/output). | |
561 | The tweak should not be encrypted on input, but | |
562 | next tweak will be copied encrypted on output. | |
563 | @param skey1 The first scheduled key context | |
564 | @param skey2 The second scheduled key context | |
565 | @return CRYPT_OK if successful | |
566 | */ | |
567 | int (*accel_xts_encrypt)(const unsigned char *pt, unsigned char *ct, | |
568 | unsigned long blocks, unsigned char *tweak, symmetric_key *skey1, | |
569 | symmetric_key *skey2); | |
570 | ||
571 | /** Accelerated XTS decryption | |
572 | @param ct Ciphertext | |
573 | @param pt Plaintext | |
574 | @param blocks The number of complete blocks to process | |
575 | @param tweak The 128-bit encryption tweak (input/output). | |
576 | The tweak should not be encrypted on input, but | |
577 | next tweak will be copied encrypted on output. | |
578 | @param skey1 The first scheduled key context | |
579 | @param skey2 The second scheduled key context | |
580 | @return CRYPT_OK if successful | |
581 | */ | |
582 | int (*accel_xts_decrypt)(const unsigned char *ct, unsigned char *pt, | |
583 | unsigned long blocks, unsigned char *tweak, symmetric_key *skey1, | |
584 | symmetric_key *skey2); | |
555 | 585 | } cipher_descriptor[]; |
556 | 586 | |
557 | 587 | #ifdef LTC_BLOWFISH |
122 | 122 | |
123 | 123 | #define LTC_NO_MISC |
124 | 124 | #define LTC_BASE64 |
125 | #endif | |
126 | ||
127 | /* The minimal set of functionality to run the tests */ | |
128 | #ifdef LTC_MINIMAL | |
129 | #define LTC_SHA256 | |
130 | #define LTC_CTR_MODE | |
131 | #define LTC_RNG_MAKE_PRNG | |
132 | #define LTC_RNG_GET_BYTES | |
133 | #define LTC_YARROW | |
134 | #define LTC_DEVRANDOM | |
135 | #define LTC_TRY_URANDOM_FIRST | |
136 | ||
137 | #undef LTC_NO_FILE | |
125 | 138 | #endif |
126 | 139 | |
127 | 140 | /* Enable self-test test vector checking */ |
251 | 264 | |
252 | 265 | #endif /* LTC_NO_HASHES */ |
253 | 266 | |
267 | ||
254 | 268 | /* ---> MAC functions <--- */ |
255 | 269 | #ifndef LTC_NO_MACS |
256 | 270 | |
281 | 295 | #endif |
282 | 296 | |
283 | 297 | #endif /* LTC_NO_MACS */ |
298 | ||
284 | 299 | |
285 | 300 | /* --> Pseudo Random Number Generators <--- */ |
286 | 301 | #ifndef LTC_NO_PRNGS |
303 | 318 | |
304 | 319 | /* Fortuna PRNG */ |
305 | 320 | #define LTC_FORTUNA |
306 | /* reseed every N calls to the read function */ | |
307 | #define LTC_FORTUNA_WD 10 | |
308 | /* number of pools (4..32) can save a bit of ram by lowering the count */ | |
309 | #define LTC_FORTUNA_POOLS 32 | |
310 | 321 | |
311 | 322 | /* Greg's LTC_SOBER128 PRNG ;-0 */ |
312 | 323 | #define LTC_SOBER128 |
313 | 324 | |
314 | 325 | /* the *nix style /dev/random device */ |
315 | 326 | #define LTC_DEVRANDOM |
316 | /* try /dev/urandom before trying /dev/random */ | |
327 | /* try /dev/urandom before trying /dev/random | |
328 | * are you sure you want to disable this? http://www.2uo.de/myths-about-urandom/ */ | |
317 | 329 | #define LTC_TRY_URANDOM_FIRST |
318 | 330 | /* rng_get_bytes() */ |
319 | 331 | #define LTC_RNG_GET_BYTES |
322 | 334 | |
323 | 335 | #endif /* LTC_NO_PRNGS */ |
324 | 336 | |
337 | #ifdef LTC_FORTUNA | |
338 | ||
339 | #ifndef LTC_FORTUNA_WD | |
340 | /* reseed every N calls to the read function */ | |
341 | #define LTC_FORTUNA_WD 10 | |
342 | #endif | |
343 | ||
344 | #ifndef LTC_FORTUNA_POOLS | |
345 | /* number of pools (4..32) can save a bit of ram by lowering the count */ | |
346 | #define LTC_FORTUNA_POOLS 32 | |
347 | #endif | |
348 | ||
349 | #endif /* LTC_FORTUNA */ | |
350 | ||
351 | ||
325 | 352 | /* ---> Public Key Crypto <--- */ |
326 | 353 | #ifndef LTC_NO_PK |
327 | 354 | |
328 | 355 | /* Include RSA support */ |
329 | 356 | #define LTC_MRSA |
330 | ||
331 | #ifndef LTC_NO_RSA_BLINDING | |
332 | /* Enable RSA blinding when doing private key operations by default */ | |
333 | #define LTC_RSA_BLINDING | |
334 | #endif /* LTC_NO_RSA_BLINDING */ | |
335 | 357 | |
336 | 358 | /* Include Diffie-Hellman support */ |
337 | 359 | #ifndef GMP_DESC |
372 | 394 | /* do we want fixed point ECC */ |
373 | 395 | /* #define LTC_MECC_FP */ |
374 | 396 | |
375 | #ifndef LTC_NO_ECC_TIMING_RESISTANT | |
397 | #endif /* LTC_NO_PK */ | |
398 | ||
399 | #if defined(LTC_MRSA) && !defined(LTC_NO_RSA_BLINDING) | |
400 | /* Enable RSA blinding when doing private key operations by default */ | |
401 | #define LTC_RSA_BLINDING | |
402 | #endif /* LTC_NO_RSA_BLINDING */ | |
403 | ||
404 | #if defined(LTC_MRSA) && !defined(LTC_NO_RSA_CRT_HARDENING) | |
405 | /* Enable RSA CRT hardening when doing private key operations by default */ | |
406 | #define LTC_RSA_CRT_HARDENING | |
407 | #endif /* LTC_NO_RSA_CRT_HARDENING */ | |
408 | ||
409 | #if defined(LTC_MECC) && !defined(LTC_NO_ECC_TIMING_RESISTANT) | |
376 | 410 | /* Enable ECC timing resistant version by default */ |
377 | 411 | #define LTC_ECC_TIMING_RESISTANT |
378 | 412 | #endif |
379 | ||
380 | #endif /* LTC_NO_PK */ | |
381 | 413 | |
382 | 414 | /* define these PK sizes out of LTC_NO_PK |
383 | 415 | * to have them always defined |
428 | 460 | /* HKDF Key Derivation/Expansion stuff */ |
429 | 461 | #define LTC_HKDF |
430 | 462 | #endif /* LTC_NO_HKDF */ |
463 | ||
464 | #define LTC_ADLER32 | |
465 | ||
466 | #define LTC_CRC32 | |
431 | 467 | |
432 | 468 | #endif /* LTC_NO_MISC */ |
433 | 469 |
68 | 68 | #endif |
69 | 69 | */ |
70 | 70 | |
71 | #ifdef LTC_ADLER32 | |
72 | typedef struct adler32_state_s | |
73 | { | |
74 | unsigned short s[2]; | |
75 | } adler32_state; | |
76 | ||
77 | void adler32_init(adler32_state *ctx); | |
78 | void adler32_update(adler32_state *ctx, const unsigned char *input, unsigned long length); | |
79 | void adler32_finish(adler32_state *ctx, void *hash, unsigned long size); | |
80 | int adler32_test(void); | |
81 | #endif | |
82 | ||
83 | #ifdef LTC_CRC32 | |
84 | typedef struct crc32_state_s | |
85 | { | |
86 | ulong32 crc; | |
87 | } crc32_state; | |
88 | ||
89 | void crc32_init(crc32_state *ctx); | |
90 | void crc32_update(crc32_state *ctx, const unsigned char *input, unsigned long length); | |
91 | void crc32_finish(crc32_state *ctx, void *hash, unsigned long size); | |
92 | int crc32_test(void); | |
93 | #endif | |
94 | ||
95 | /* yeah it's not exactly in misc in the library, but in testprof/x86_prof.c */ | |
96 | #if defined(LTC_TEST) && defined(LTC_TEST_DBG) | |
97 | void print_hex(const char* what, const unsigned char* p, const unsigned long l); | |
98 | #endif | |
71 | 99 | |
72 | 100 | /* $Source$ */ |
73 | 101 | /* $Revision$ */ |
67 | 67 | if ((err = hash_memory(hash, key, keylen, hmac->key, &z)) != CRYPT_OK) { |
68 | 68 | goto LBL_ERR; |
69 | 69 | } |
70 | if(hashsize < LTC_HMAC_BLOCKSIZE) { | |
71 | zeromem((hmac->key) + hashsize, (size_t)(LTC_HMAC_BLOCKSIZE - hashsize)); | |
72 | } | |
73 | 70 | keylen = hashsize; |
74 | 71 | } else { |
75 | 72 | XMEMCPY(hmac->key, key, (size_t)keylen); |
76 | if(keylen < LTC_HMAC_BLOCKSIZE) { | |
77 | zeromem((hmac->key) + keylen, (size_t)(LTC_HMAC_BLOCKSIZE - keylen)); | |
78 | } | |
73 | } | |
74 | ||
75 | if(keylen < LTC_HMAC_BLOCKSIZE) { | |
76 | zeromem((hmac->key) + keylen, (size_t)(LTC_HMAC_BLOCKSIZE - keylen)); | |
79 | 77 | } |
80 | 78 | |
81 | 79 | /* Create the initial vector for step (3) */ |
13 | 13 | @file crypt.c |
14 | 14 | Build strings, Tom St Denis |
15 | 15 | */ |
16 | #define NAME_VALUE(s) #s"="NAME(s) | |
17 | #define NAME(s) #s | |
16 | 18 | |
17 | 19 | const char *crypt_build_settings = |
18 | 20 | "LibTomCrypt " SCRYPT " (Tom St Denis, tomstdenis@gmail.com)\n" |
19 | 21 | "LibTomCrypt is public domain software.\n" |
20 | "Built on " __DATE__ " at " __TIME__ "\n\n\n" | |
21 | "Endianness: " | |
22 | #if defined(INCLUDE_BUILD_DATE) | |
23 | "Built on " __DATE__ " at " __TIME__ "\n" | |
24 | #endif | |
25 | "\n\nEndianness: " | |
22 | 26 | #if defined(ENDIAN_NEUTRAL) |
23 | 27 | "neutral\n" |
24 | #elif defined(ENDIAN_LITTLE) | |
28 | #else | |
29 | #if defined(ENDIAN_LITTLE) | |
25 | 30 | "little" |
26 | #if defined(ENDIAN_32BITWORD) | |
27 | " (32-bit words)\n" | |
28 | #else | |
29 | " (64-bit words)\n" | |
30 | #endif | |
31 | 31 | #elif defined(ENDIAN_BIG) |
32 | 32 | "big" |
33 | #endif | |
33 | 34 | #if defined(ENDIAN_32BITWORD) |
34 | 35 | " (32-bit words)\n" |
35 | 36 | #else |
251 | 252 | |
252 | 253 | "\nPRNG:\n" |
253 | 254 | #if defined(LTC_YARROW) |
254 | " Yarrow\n" | |
255 | " Yarrow ("NAME_VALUE(LTC_YARROW_AES)")\n" | |
255 | 256 | #endif |
256 | 257 | #if defined(LTC_SPRNG) |
257 | 258 | " SPRNG\n" |
260 | 261 | " RC4\n" |
261 | 262 | #endif |
262 | 263 | #if defined(LTC_FORTUNA) |
263 | " Fortuna\n" | |
264 | " Fortuna (" NAME_VALUE(LTC_FORTUNA_POOLS) ", " NAME_VALUE(LTC_FORTUNA_WD) ")\n" | |
264 | 265 | #endif |
265 | 266 | #if defined(LTC_SOBER128) |
266 | 267 | " SOBER128\n" |
269 | 270 | "\nPK Algs:\n" |
270 | 271 | #if defined(LTC_MRSA) |
271 | 272 | " RSA" |
272 | #if defined(LTC_RSA_BLINDING) | |
273 | #if defined(LTC_RSA_BLINDING) && defined(LTC_RSA_CRT_HARDENING) | |
274 | " (with blinding and CRT hardening)" | |
275 | #elif defined(LTC_RSA_BLINDING) | |
273 | 276 | " (with blinding)" |
277 | #elif defined(LTC_RSA_CRT_HARDENING) | |
278 | " (with CRT hardening)" | |
274 | 279 | #endif |
275 | 280 | "\n" |
276 | 281 | #endif |
322 | 327 | #endif |
323 | 328 | |
324 | 329 | "\nVarious others: " |
330 | #if defined(LTC_ADLER32) | |
331 | " ADLER32 " | |
332 | #endif | |
325 | 333 | #if defined(LTC_BASE64) |
326 | 334 | " BASE64 " |
327 | 335 | #endif |
328 | 336 | #if defined(LTC_BASE64_URL) |
329 | 337 | " BASE64-URL-SAFE " |
330 | 338 | #endif |
339 | #if defined(LTC_CRC32) | |
340 | " CRC32 " | |
341 | #endif | |
331 | 342 | #if defined(LTC_DER) |
332 | 343 | " DER " |
333 | 344 | #endif |
345 | #if defined(LTC_DER_MAX_PUBKEY_SIZE) | |
346 | " " NAME_VALUE(LTC_DER_MAX_PUBKEY_SIZE) " " | |
347 | #endif | |
334 | 348 | #if defined(LTC_PKCS_1) |
335 | 349 | " PKCS#1 " |
336 | 350 | #endif |
343 | 357 | #if defined(MPI) |
344 | 358 | " MPI " |
345 | 359 | #endif |
360 | #if defined(LTC_DEVRANDOM) | |
361 | " LTC_DEVRANDOM " | |
362 | #endif | |
346 | 363 | #if defined(LTC_TRY_URANDOM_FIRST) |
347 | 364 | " LTC_TRY_URANDOM_FIRST " |
348 | 365 | #endif |
366 | #if defined(LTC_RNG_GET_BYTES) | |
367 | " LTC_RNG_GET_BYTES " | |
368 | #endif | |
369 | #if defined(LTC_RNG_MAKE_PRNG) | |
370 | " LTC_RNG_MAKE_PRNG " | |
371 | #endif | |
372 | #if defined(LTC_HASH_HELPERS) | |
373 | " LTC_HASH_HELPERS " | |
374 | #endif | |
375 | #if defined(LTC_VALGRIND) | |
376 | " LTC_VALGRIND " | |
377 | #endif | |
349 | 378 | #if defined(LTC_TEST) |
350 | 379 | " LTC_TEST " |
380 | #endif | |
381 | #if defined(LTC_TEST_EXT) | |
382 | " LTC_TEST_EXT " | |
351 | 383 | #endif |
352 | 384 | #if defined(LTC_SMALL_CODE) |
353 | 385 | " LTC_SMALL_CODE " |
12 | 12 | /** |
13 | 13 | @file crypt_argchk.c |
14 | 14 | Perform argument checking, Tom St Denis |
15 | */ | |
15 | */ | |
16 | 16 | |
17 | 17 | #if (ARGTYPE == 0) |
18 | #include <signal.h> | |
19 | 18 | void crypt_argchk(char *v, char *s, int d) |
20 | 19 | { |
21 | 20 | fprintf(stderr, "LTC_ARGCHK '%s' failure on line %d of file %s\n", |
22 | 21 | v, d, s); |
23 | (void)raise(SIGABRT); | |
22 | abort(); | |
24 | 23 | } |
25 | 24 | #endif |
26 | 25 |
15 | 15 | */ |
16 | 16 | |
17 | 17 | struct ltc_cipher_descriptor cipher_descriptor[TAB_SIZE] = { |
18 | { NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } | |
18 | { NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } | |
19 | 19 | }; |
20 | 20 | |
21 | 21 | LTC_MUTEX_GLOBAL(ltc_cipher_mutex) |
60 | 60 | if (T == NULL) { |
61 | 61 | return CRYPT_MEM; |
62 | 62 | } |
63 | XMEMCPY(T + hashsize, info, infolen); | |
63 | if (info != NULL) { | |
64 | XMEMCPY(T + hashsize, info, infolen); | |
65 | } | |
64 | 66 | |
65 | 67 | /* HMAC data T(1) doesn't include a previous hash value */ |
66 | 68 | dat = T + hashsize; |
46 | 46 | ++pb; |
47 | 47 | } |
48 | 48 | |
49 | ret |= ret >> 4; | |
50 | ret |= ret >> 2; | |
51 | ret |= ret >> 1; | |
52 | ret &= 1; | |
53 | ||
49 | 54 | return ret; |
50 | 55 | } |
51 | 56 |
76 | 76 | void dh_sizes(int *low, int *high) |
77 | 77 | { |
78 | 78 | int x; |
79 | LTC_ARGCHK(low != NULL); | |
80 | LTC_ARGCHK(high != NULL); | |
79 | LTC_ARGCHKVD(low != NULL); | |
80 | LTC_ARGCHKVD(high != NULL); | |
81 | 81 | *low = INT_MAX; |
82 | 82 | *high = 0; |
83 | 83 | for (x = 0; sets[x].size != 0; x++) { |
186 | 186 | */ |
187 | 187 | void dh_free(dh_key *key) |
188 | 188 | { |
189 | LTC_ARGCHK(key != NULL); | |
189 | LTC_ARGCHKVD(key != NULL); | |
190 | 190 | if ( key->x ) { |
191 | 191 | mp_clear( key->x ); |
192 | 192 | key->x = NULL; |
70 | 70 | |
71 | 71 | static inline void packet_store_header (unsigned char *dst, int section, int subsection) |
72 | 72 | { |
73 | LTC_ARGCHK(dst != NULL); | |
73 | LTC_ARGCHKVD(dst != NULL); | |
74 | 74 | |
75 | 75 | /* store version number */ |
76 | 76 | dst[0] = (unsigned char)(CRYPT&255); |
245 | 245 | if (inlen < keysize) { |
246 | 246 | err = CRYPT_INVALID_PACKET; |
247 | 247 | goto LBL_ERR; |
248 | } else { | |
249 | inlen -= keysize; | |
250 | 248 | } |
251 | 249 | |
252 | 250 | if (keysize > *outlen) { |
84 | 84 | |
85 | 85 | */ |
86 | 86 | |
87 | err = CRYPT_OK; | |
88 | 87 | ret = CRYPT_OK; |
89 | 88 | |
90 | 89 | /* must have leading 0x00 byte */ |
93 | 93 | |
94 | 94 | /* copy out the hash */ |
95 | 95 | XMEMCPY(hash, sig + x, hLen); |
96 | x += hLen; | |
97 | ||
96 | /* x += hLen; */ | |
98 | 97 | |
99 | 98 | /* check the MSB */ |
100 | 99 | if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen)))) != 0) { |
115 | 115 | x += modulus_len - saltlen - hLen - 2; |
116 | 116 | DB[x++] = 0x01; |
117 | 117 | XMEMCPY(DB + x, salt, saltlen); |
118 | x += saltlen; | |
118 | /* x += saltlen; */ | |
119 | 119 | |
120 | 120 | /* generate mask of length modulus_len - hLen - 1 from hash */ |
121 | 121 | if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { |
37 | 37 | void *rnd, *rndi /* inverse of rnd */; |
38 | 38 | #endif |
39 | 39 | unsigned long x; |
40 | int err; | |
40 | int err, no_crt; | |
41 | 41 | |
42 | 42 | LTC_ARGCHK(in != NULL); |
43 | 43 | LTC_ARGCHK(out != NULL); |
99 | 99 | } |
100 | 100 | #endif /* LTC_RSA_BLINDING */ |
101 | 101 | |
102 | if ((key->dP == NULL) || (mp_get_digit_count(key->dP) == 0)) { | |
102 | no_crt = (key->dP == NULL) || (mp_get_digit_count(key->dP) == 0); | |
103 | ||
104 | if (no_crt) { | |
103 | 105 | /* |
104 | 106 | * In case CRT optimization parameters are not provided, |
105 | 107 | * the private key is directly used to exptmod it |
126 | 128 | err = mp_mulmod( tmp, rndi, key->N, tmp); |
127 | 129 | if (err != CRYPT_OK) { |
128 | 130 | goto error; |
131 | } | |
132 | #endif | |
133 | ||
134 | #ifdef LTC_RSA_CRT_HARDENING | |
135 | if (!no_crt) { | |
136 | if ((err = mp_exptmod(tmp, key->e, key->N, tmpa)) != CRYPT_OK) { goto error; } | |
137 | if ((err = mp_read_unsigned_bin(tmpb, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; } | |
138 | if (mp_cmp(tmpa, tmpb) != LTC_MP_EQ) { err = CRYPT_ERROR; goto error; } | |
129 | 139 | } |
130 | 140 | #endif |
131 | 141 | } else { |
24 | 24 | int rsa_get_size(rsa_key *key) |
25 | 25 | { |
26 | 26 | int ret = INT_MAX; |
27 | LTC_ARGCHKVD(key != NULL); | |
27 | LTC_ARGCHK(key != NULL); | |
28 | 28 | |
29 | 29 | if (key) |
30 | 30 | { |
26 | 26 | int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key) |
27 | 27 | { |
28 | 28 | int ret = INT_MAX; |
29 | LTC_ARGCHKVD(key != NULL); | |
29 | LTC_ARGCHK(key != NULL); | |
30 | 30 | |
31 | 31 | if ((hash_is_valid(hash_idx) == CRYPT_OK) && |
32 | 32 | (padding == LTC_PKCS_1_PSS)) |
20 | 20 | static unsigned long rng_nix(unsigned char *buf, unsigned long len, |
21 | 21 | void (*callback)(void)) |
22 | 22 | { |
23 | /* LTC_UNUSED_PARAM(callback); */ | |
23 | LTC_UNUSED_PARAM(callback); | |
24 | 24 | #ifdef LTC_NO_FILE |
25 | 25 | LTC_UNUSED_PARAM(buf); |
26 | 26 | LTC_UNUSED_PARAM(len); |
106 | 106 | static unsigned long rng_win32(unsigned char *buf, unsigned long len, |
107 | 107 | void (*callback)(void)) |
108 | 108 | { |
109 | /* LTC_UNUSED_PARAM(callback); */ | |
109 | LTC_UNUSED_PARAM(callback); | |
110 | 110 | HCRYPTPROV hProv = 0; |
111 | 111 | if (!CryptAcquireContext(&hProv, NULL, MS_DEF_PROV, PROV_RSA_FULL, |
112 | 112 | (CRYPT_VERIFYCONTEXT | CRYPT_MACHINE_KEYSET)) && |
299 | 299 | #endif |
300 | 300 | |
301 | 301 | c = &(prng->sober128); |
302 | t = 0; | |
303 | 302 | tlen = outlen; |
304 | 303 | |
305 | 304 | /* handle any previously buffered bytes */ |
19 | 19 | is(unpack('H*', $tag3), $a{tag}, "enc: tag"); |
20 | 20 | my $pt3 = ccm_decrypt_verify('AES', $key, $nonce, $header, $ciphertext, $tag); |
21 | 21 | is(unpack('H*', $pt3), $a{plaintext}, "dec: plaintext"); |
22 | ||
22 | ok(!defined ccm_decrypt_verify('AES', $key, $nonce, $header, $ciphertext, "BAD__TAG")); | |
23 | 23 | } |
24 | 24 | |
25 | 25 | do_test(%$_) for ( |