Package list libcryptx-perl / a1bdcd8
update libtomcrypt to: 25410c75 2019-10-17 22:28:18 +0200 Karel Miko 2 years ago
63 changed file(s) with 1339 addition(s) and 605 deletion(s). Raw diff Collapse all Expand all
00 OBJS=ltc/ciphers/anubis.o ltc/ciphers/blowfish.o ltc/ciphers/camellia.o ltc/ciphers/cast5.o \
11 ltc/ciphers/des.o ltc/ciphers/idea.o ltc/ciphers/kasumi.o ltc/ciphers/khazad.o ltc/ciphers/kseed.o \
22 ltc/ciphers/multi2.o ltc/ciphers/noekeon.o ltc/ciphers/rc2.o ltc/ciphers/rc5.o ltc/ciphers/rc6.o \
3 ltc/ciphers/serpent.o ltc/ciphers/skipjack.o ltc/ciphers/xtea.o ltc/ciphers/aes/aes.o \
4 ltc/ciphers/safer/safer.o ltc/ciphers/safer/saferp.o ltc/ciphers/twofish/twofish.o \
3 ltc/ciphers/serpent.o ltc/ciphers/skipjack.o ltc/ciphers/tea.o ltc/ciphers/xtea.o \
4 ltc/ciphers/aes/aes.o ltc/ciphers/safer/safer.o ltc/ciphers/safer/saferp.o ltc/ciphers/twofish/twofish.o \
55 ltc/encauth/ccm/ccm_add_aad.o ltc/encauth/ccm/ccm_add_nonce.o ltc/encauth/ccm/ccm_done.o \
66 ltc/encauth/ccm/ccm_init.o ltc/encauth/ccm/ccm_memory.o ltc/encauth/ccm/ccm_process.o \
77 ltc/encauth/ccm/ccm_reset.o ltc/encauth/chachapoly/chacha20poly1305_add_aad.o ltc/encauth/chachapoly/chacha20poly1305_decrypt.o \
4343 ltc/misc/crc32.o ltc/misc/error_to_string.o ltc/misc/mem_neq.o ltc/misc/zeromem.o \
4444 ltc/misc/base16/base16_decode.o ltc/misc/base16/base16_encode.o ltc/misc/base32/base32_decode.o \
4545 ltc/misc/base32/base32_encode.o ltc/misc/base64/base64_decode.o ltc/misc/base64/base64_encode.o \
46 ltc/misc/crypt/crypt.o ltc/misc/crypt/crypt_argchk.o ltc/misc/crypt/crypt_cipher_descriptor.o \
46 ltc/misc/bcrypt/bcrypt.o ltc/misc/crypt/crypt.o ltc/misc/crypt/crypt_argchk.o ltc/misc/crypt/crypt_cipher_descriptor.o \
4747 ltc/misc/crypt/crypt_cipher_is_valid.o ltc/misc/crypt/crypt_constants.o ltc/misc/crypt/crypt_find_cipher.o \
4848 ltc/misc/crypt/crypt_find_cipher_any.o ltc/misc/crypt/crypt_find_cipher_id.o ltc/misc/crypt/crypt_find_hash.o \
4949 ltc/misc/crypt/crypt_find_hash_any.o ltc/misc/crypt/crypt_find_hash_id.o ltc/misc/crypt/crypt_find_hash_oid.o \
124124 ltc/pk/pkcs1/pkcs_1_oaep_encode.o ltc/pk/pkcs1/pkcs_1_os2ip.o ltc/pk/pkcs1/pkcs_1_pss_decode.o \
125125 ltc/pk/pkcs1/pkcs_1_pss_encode.o ltc/pk/pkcs1/pkcs_1_v1_5_decode.o ltc/pk/pkcs1/pkcs_1_v1_5_encode.o \
126126 ltc/pk/rsa/rsa_decrypt_key.o ltc/pk/rsa/rsa_encrypt_key.o ltc/pk/rsa/rsa_export.o \
127 ltc/pk/rsa/rsa_exptmod.o ltc/pk/rsa/rsa_free.o ltc/pk/rsa/rsa_get_size.o ltc/pk/rsa/rsa_import.o \
128 ltc/pk/rsa/rsa_import_pkcs8.o ltc/pk/rsa/rsa_import_x509.o ltc/pk/rsa/rsa_make_key.o \
129 ltc/pk/rsa/rsa_set.o ltc/pk/rsa/rsa_sign_hash.o ltc/pk/rsa/rsa_sign_saltlen_get.o \
130 ltc/pk/rsa/rsa_verify_hash.o ltc/pk/x25519/x25519_export.o ltc/pk/x25519/x25519_import.o \
131 ltc/pk/x25519/x25519_import_pkcs8.o ltc/pk/x25519/x25519_import_x509.o ltc/pk/x25519/x25519_make_key.o \
132 ltc/pk/x25519/x25519_set_key.o ltc/pk/x25519/x25519_shared_secret.o ltc/prngs/chacha20.o \
133 ltc/prngs/fortuna.o ltc/prngs/rc4.o ltc/prngs/rng_get_bytes.o ltc/prngs/rng_make_prng.o \
134 ltc/prngs/sober128.o ltc/prngs/sprng.o ltc/prngs/yarrow.o ltc/stream/chacha/chacha_crypt.o \
135 ltc/stream/chacha/chacha_done.o ltc/stream/chacha/chacha_ivctr32.o ltc/stream/chacha/chacha_ivctr64.o \
136 ltc/stream/chacha/chacha_keystream.o ltc/stream/chacha/chacha_memory.o ltc/stream/chacha/chacha_setup.o \
137 ltc/stream/rabbit/rabbit.o ltc/stream/rabbit/rabbit_memory.o ltc/stream/rc4/rc4_stream.o \
138 ltc/stream/rc4/rc4_stream_memory.o ltc/stream/salsa20/salsa20_crypt.o ltc/stream/salsa20/salsa20_done.o \
139 ltc/stream/salsa20/salsa20_ivctr64.o ltc/stream/salsa20/salsa20_keystream.o ltc/stream/salsa20/salsa20_memory.o \
140 ltc/stream/salsa20/salsa20_setup.o ltc/stream/salsa20/xsalsa20_memory.o ltc/stream/salsa20/xsalsa20_setup.o \
141 ltc/stream/sober128/sober128_stream.o ltc/stream/sober128/sober128_stream_memory.o \
142 ltc/stream/sosemanuk/sosemanuk.o ltc/stream/sosemanuk/sosemanuk_memory.o ltm/bncore.o \
143 ltm/bn_error.o ltm/bn_fast_mp_invmod.o ltm/bn_fast_mp_montgomery_reduce.o ltm/bn_fast_s_mp_mul_digs.o \
144 ltm/bn_fast_s_mp_mul_high_digs.o ltm/bn_fast_s_mp_sqr.o ltm/bn_mp_2expt.o ltm/bn_mp_abs.o \
145 ltm/bn_mp_add.o ltm/bn_mp_addmod.o ltm/bn_mp_add_d.o ltm/bn_mp_and.o ltm/bn_mp_clamp.o \
146 ltm/bn_mp_clear.o ltm/bn_mp_clear_multi.o ltm/bn_mp_cmp.o ltm/bn_mp_cmp_d.o ltm/bn_mp_cmp_mag.o \
147 ltm/bn_mp_cnt_lsb.o ltm/bn_mp_complement.o ltm/bn_mp_copy.o ltm/bn_mp_count_bits.o \
148 ltm/bn_mp_div.o ltm/bn_mp_div_2.o ltm/bn_mp_div_2d.o ltm/bn_mp_div_3.o ltm/bn_mp_div_d.o \
149 ltm/bn_mp_dr_is_modulus.o ltm/bn_mp_dr_reduce.o ltm/bn_mp_dr_setup.o ltm/bn_mp_exch.o \
150 ltm/bn_mp_export.o ltm/bn_mp_exptmod.o ltm/bn_mp_exptmod_fast.o ltm/bn_mp_expt_d.o \
151 ltm/bn_mp_expt_d_ex.o ltm/bn_mp_exteuclid.o ltm/bn_mp_fread.o ltm/bn_mp_fwrite.o \
152 ltm/bn_mp_gcd.o ltm/bn_mp_get_bit.o ltm/bn_mp_get_int.o ltm/bn_mp_get_long.o ltm/bn_mp_grow.o \
153 ltm/bn_mp_import.o ltm/bn_mp_init.o ltm/bn_mp_init_copy.o ltm/bn_mp_init_multi.o \
127 ltc/pk/rsa/rsa_exptmod.o ltc/pk/rsa/rsa_get_size.o ltc/pk/rsa/rsa_import.o ltc/pk/rsa/rsa_import_pkcs8.o \
128 ltc/pk/rsa/rsa_import_x509.o ltc/pk/rsa/rsa_key.o ltc/pk/rsa/rsa_make_key.o ltc/pk/rsa/rsa_set.o \
129 ltc/pk/rsa/rsa_sign_hash.o ltc/pk/rsa/rsa_sign_saltlen_get.o ltc/pk/rsa/rsa_verify_hash.o \
130 ltc/pk/x25519/x25519_export.o ltc/pk/x25519/x25519_import.o ltc/pk/x25519/x25519_import_pkcs8.o \
131 ltc/pk/x25519/x25519_import_x509.o ltc/pk/x25519/x25519_make_key.o ltc/pk/x25519/x25519_set_key.o \
132 ltc/pk/x25519/x25519_shared_secret.o ltc/prngs/chacha20.o ltc/prngs/fortuna.o ltc/prngs/rc4.o \
133 ltc/prngs/rng_get_bytes.o ltc/prngs/rng_make_prng.o ltc/prngs/sober128.o ltc/prngs/sprng.o \
134 ltc/prngs/yarrow.o ltc/stream/chacha/chacha_crypt.o ltc/stream/chacha/chacha_done.o \
135 ltc/stream/chacha/chacha_ivctr32.o ltc/stream/chacha/chacha_ivctr64.o ltc/stream/chacha/chacha_keystream.o \
136 ltc/stream/chacha/chacha_memory.o ltc/stream/chacha/chacha_setup.o ltc/stream/rabbit/rabbit.o \
137 ltc/stream/rabbit/rabbit_memory.o ltc/stream/rc4/rc4_stream.o ltc/stream/rc4/rc4_stream_memory.o \
138 ltc/stream/salsa20/salsa20_crypt.o ltc/stream/salsa20/salsa20_done.o ltc/stream/salsa20/salsa20_ivctr64.o \
139 ltc/stream/salsa20/salsa20_keystream.o ltc/stream/salsa20/salsa20_memory.o ltc/stream/salsa20/salsa20_setup.o \
140 ltc/stream/salsa20/xsalsa20_memory.o ltc/stream/salsa20/xsalsa20_setup.o ltc/stream/sober128/sober128_stream.o \
141 ltc/stream/sober128/sober128_stream_memory.o ltc/stream/sosemanuk/sosemanuk.o ltc/stream/sosemanuk/sosemanuk_memory.o \
142 ltm/bncore.o ltm/bn_error.o ltm/bn_fast_mp_invmod.o ltm/bn_fast_mp_montgomery_reduce.o \
143 ltm/bn_fast_s_mp_mul_digs.o ltm/bn_fast_s_mp_mul_high_digs.o ltm/bn_fast_s_mp_sqr.o \
144 ltm/bn_mp_2expt.o ltm/bn_mp_abs.o ltm/bn_mp_add.o ltm/bn_mp_addmod.o ltm/bn_mp_add_d.o \
145 ltm/bn_mp_and.o ltm/bn_mp_clamp.o ltm/bn_mp_clear.o ltm/bn_mp_clear_multi.o ltm/bn_mp_cmp.o \
146 ltm/bn_mp_cmp_d.o ltm/bn_mp_cmp_mag.o ltm/bn_mp_cnt_lsb.o ltm/bn_mp_complement.o \
147 ltm/bn_mp_copy.o ltm/bn_mp_count_bits.o ltm/bn_mp_div.o ltm/bn_mp_div_2.o ltm/bn_mp_div_2d.o \
148 ltm/bn_mp_div_3.o ltm/bn_mp_div_d.o ltm/bn_mp_dr_is_modulus.o ltm/bn_mp_dr_reduce.o \
149 ltm/bn_mp_dr_setup.o ltm/bn_mp_exch.o ltm/bn_mp_export.o ltm/bn_mp_exptmod.o ltm/bn_mp_exptmod_fast.o \
150 ltm/bn_mp_expt_d.o ltm/bn_mp_expt_d_ex.o ltm/bn_mp_exteuclid.o ltm/bn_mp_fread.o \
151 ltm/bn_mp_fwrite.o ltm/bn_mp_gcd.o ltm/bn_mp_get_bit.o ltm/bn_mp_get_int.o ltm/bn_mp_get_long.o \
152 ltm/bn_mp_grow.o ltm/bn_mp_import.o ltm/bn_mp_init.o ltm/bn_mp_init_copy.o ltm/bn_mp_init_multi.o \
154153 ltm/bn_mp_init_set.o ltm/bn_mp_init_set_int.o ltm/bn_mp_init_size.o ltm/bn_mp_invmod.o \
155154 ltm/bn_mp_invmod_slow.o ltm/bn_mp_is_square.o ltm/bn_mp_jacobi.o ltm/bn_mp_karatsuba_mul.o \
156155 ltm/bn_mp_karatsuba_sqr.o ltm/bn_mp_kronecker.o ltm/bn_mp_lcm.o ltm/bn_mp_lshd.o \
11 ltc/ciphers/des.obj ltc/ciphers/idea.obj ltc/ciphers/kasumi.obj ltc/ciphers/khazad.obj \
22 ltc/ciphers/kseed.obj ltc/ciphers/multi2.obj ltc/ciphers/noekeon.obj ltc/ciphers/rc2.obj \
33 ltc/ciphers/rc5.obj ltc/ciphers/rc6.obj ltc/ciphers/serpent.obj ltc/ciphers/skipjack.obj \
4 ltc/ciphers/xtea.obj ltc/ciphers/aes/aes.obj ltc/ciphers/safer/safer.obj ltc/ciphers/safer/saferp.obj \
5 ltc/ciphers/twofish/twofish.obj ltc/encauth/ccm/ccm_add_aad.obj ltc/encauth/ccm/ccm_add_nonce.obj \
6 ltc/encauth/ccm/ccm_done.obj ltc/encauth/ccm/ccm_init.obj ltc/encauth/ccm/ccm_memory.obj \
7 ltc/encauth/ccm/ccm_process.obj ltc/encauth/ccm/ccm_reset.obj ltc/encauth/chachapoly/chacha20poly1305_add_aad.obj \
8 ltc/encauth/chachapoly/chacha20poly1305_decrypt.obj ltc/encauth/chachapoly/chacha20poly1305_done.obj \
9 ltc/encauth/chachapoly/chacha20poly1305_encrypt.obj ltc/encauth/chachapoly/chacha20poly1305_init.obj \
10 ltc/encauth/chachapoly/chacha20poly1305_memory.obj ltc/encauth/chachapoly/chacha20poly1305_setiv.obj \
11 ltc/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.obj ltc/encauth/eax/eax_addheader.obj \
12 ltc/encauth/eax/eax_decrypt.obj ltc/encauth/eax/eax_decrypt_verify_memory.obj ltc/encauth/eax/eax_done.obj \
13 ltc/encauth/eax/eax_encrypt.obj ltc/encauth/eax/eax_encrypt_authenticate_memory.obj \
4 ltc/ciphers/tea.obj ltc/ciphers/xtea.obj ltc/ciphers/aes/aes.obj ltc/ciphers/safer/safer.obj \
5 ltc/ciphers/safer/saferp.obj ltc/ciphers/twofish/twofish.obj ltc/encauth/ccm/ccm_add_aad.obj \
6 ltc/encauth/ccm/ccm_add_nonce.obj ltc/encauth/ccm/ccm_done.obj ltc/encauth/ccm/ccm_init.obj \
7 ltc/encauth/ccm/ccm_memory.obj ltc/encauth/ccm/ccm_process.obj ltc/encauth/ccm/ccm_reset.obj \
8 ltc/encauth/chachapoly/chacha20poly1305_add_aad.obj ltc/encauth/chachapoly/chacha20poly1305_decrypt.obj \
9 ltc/encauth/chachapoly/chacha20poly1305_done.obj ltc/encauth/chachapoly/chacha20poly1305_encrypt.obj \
10 ltc/encauth/chachapoly/chacha20poly1305_init.obj ltc/encauth/chachapoly/chacha20poly1305_memory.obj \
11 ltc/encauth/chachapoly/chacha20poly1305_setiv.obj ltc/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.obj \
12 ltc/encauth/eax/eax_addheader.obj ltc/encauth/eax/eax_decrypt.obj ltc/encauth/eax/eax_decrypt_verify_memory.obj \
13 ltc/encauth/eax/eax_done.obj ltc/encauth/eax/eax_encrypt.obj ltc/encauth/eax/eax_encrypt_authenticate_memory.obj \
1414 ltc/encauth/eax/eax_init.obj ltc/encauth/gcm/gcm_add_aad.obj ltc/encauth/gcm/gcm_add_iv.obj \
1515 ltc/encauth/gcm/gcm_done.obj ltc/encauth/gcm/gcm_gf_mult.obj ltc/encauth/gcm/gcm_init.obj \
1616 ltc/encauth/gcm/gcm_memory.obj ltc/encauth/gcm/gcm_mult_h.obj ltc/encauth/gcm/gcm_process.obj \
4646 ltc/misc/crc32.obj ltc/misc/error_to_string.obj ltc/misc/mem_neq.obj ltc/misc/zeromem.obj \
4747 ltc/misc/base16/base16_decode.obj ltc/misc/base16/base16_encode.obj ltc/misc/base32/base32_decode.obj \
4848 ltc/misc/base32/base32_encode.obj ltc/misc/base64/base64_decode.obj ltc/misc/base64/base64_encode.obj \
49 ltc/misc/crypt/crypt.obj ltc/misc/crypt/crypt_argchk.obj ltc/misc/crypt/crypt_cipher_descriptor.obj \
50 ltc/misc/crypt/crypt_cipher_is_valid.obj ltc/misc/crypt/crypt_constants.obj ltc/misc/crypt/crypt_find_cipher.obj \
51 ltc/misc/crypt/crypt_find_cipher_any.obj ltc/misc/crypt/crypt_find_cipher_id.obj \
52 ltc/misc/crypt/crypt_find_hash.obj ltc/misc/crypt/crypt_find_hash_any.obj ltc/misc/crypt/crypt_find_hash_id.obj \
53 ltc/misc/crypt/crypt_find_hash_oid.obj ltc/misc/crypt/crypt_find_prng.obj ltc/misc/crypt/crypt_fsa.obj \
54 ltc/misc/crypt/crypt_hash_descriptor.obj ltc/misc/crypt/crypt_hash_is_valid.obj ltc/misc/crypt/crypt_inits.obj \
55 ltc/misc/crypt/crypt_ltc_mp_descriptor.obj ltc/misc/crypt/crypt_prng_descriptor.obj \
49 ltc/misc/bcrypt/bcrypt.obj ltc/misc/crypt/crypt.obj ltc/misc/crypt/crypt_argchk.obj \
50 ltc/misc/crypt/crypt_cipher_descriptor.obj ltc/misc/crypt/crypt_cipher_is_valid.obj \
51 ltc/misc/crypt/crypt_constants.obj ltc/misc/crypt/crypt_find_cipher.obj ltc/misc/crypt/crypt_find_cipher_any.obj \
52 ltc/misc/crypt/crypt_find_cipher_id.obj ltc/misc/crypt/crypt_find_hash.obj ltc/misc/crypt/crypt_find_hash_any.obj \
53 ltc/misc/crypt/crypt_find_hash_id.obj ltc/misc/crypt/crypt_find_hash_oid.obj ltc/misc/crypt/crypt_find_prng.obj \
54 ltc/misc/crypt/crypt_fsa.obj ltc/misc/crypt/crypt_hash_descriptor.obj ltc/misc/crypt/crypt_hash_is_valid.obj \
55 ltc/misc/crypt/crypt_inits.obj ltc/misc/crypt/crypt_ltc_mp_descriptor.obj ltc/misc/crypt/crypt_prng_descriptor.obj \
5656 ltc/misc/crypt/crypt_prng_is_valid.obj ltc/misc/crypt/crypt_prng_rng_descriptor.obj \
5757 ltc/misc/crypt/crypt_register_all_ciphers.obj ltc/misc/crypt/crypt_register_all_hashes.obj \
5858 ltc/misc/crypt/crypt_register_all_prngs.obj ltc/misc/crypt/crypt_register_cipher.obj \
131131 ltc/pk/pkcs1/pkcs_1_oaep_encode.obj ltc/pk/pkcs1/pkcs_1_os2ip.obj ltc/pk/pkcs1/pkcs_1_pss_decode.obj \
132132 ltc/pk/pkcs1/pkcs_1_pss_encode.obj ltc/pk/pkcs1/pkcs_1_v1_5_decode.obj ltc/pk/pkcs1/pkcs_1_v1_5_encode.obj \
133133 ltc/pk/rsa/rsa_decrypt_key.obj ltc/pk/rsa/rsa_encrypt_key.obj ltc/pk/rsa/rsa_export.obj \
134 ltc/pk/rsa/rsa_exptmod.obj ltc/pk/rsa/rsa_free.obj ltc/pk/rsa/rsa_get_size.obj ltc/pk/rsa/rsa_import.obj \
135 ltc/pk/rsa/rsa_import_pkcs8.obj ltc/pk/rsa/rsa_import_x509.obj ltc/pk/rsa/rsa_make_key.obj \
136 ltc/pk/rsa/rsa_set.obj ltc/pk/rsa/rsa_sign_hash.obj ltc/pk/rsa/rsa_sign_saltlen_get.obj \
134 ltc/pk/rsa/rsa_exptmod.obj ltc/pk/rsa/rsa_get_size.obj ltc/pk/rsa/rsa_import.obj \
135 ltc/pk/rsa/rsa_import_pkcs8.obj ltc/pk/rsa/rsa_import_x509.obj ltc/pk/rsa/rsa_key.obj \
136 ltc/pk/rsa/rsa_make_key.obj ltc/pk/rsa/rsa_set.obj ltc/pk/rsa/rsa_sign_hash.obj ltc/pk/rsa/rsa_sign_saltlen_get.obj \
137137 ltc/pk/rsa/rsa_verify_hash.obj ltc/pk/x25519/x25519_export.obj ltc/pk/x25519/x25519_import.obj \
138138 ltc/pk/x25519/x25519_import_pkcs8.obj ltc/pk/x25519/x25519_import_x509.obj ltc/pk/x25519/x25519_make_key.obj \
139139 ltc/pk/x25519/x25519_set_key.obj ltc/pk/x25519/x25519_shared_secret.obj ltc/prngs/chacha20.obj \
11301130 LTC_ARGCHK(pt != NULL);
11311131 LTC_ARGCHK(ct != NULL);
11321132 LTC_ARGCHK(skey != NULL);
1133
1134 if (skey->anubis.R < 12 || skey->anubis.R > 18) {
1135 return CRYPT_INVALID_ROUNDS;
1136 }
1137
11331138 anubis_crypt(pt, ct, skey->anubis.roundKeyEnc, skey->anubis.R);
11341139 return CRYPT_OK;
11351140 }
11461151 LTC_ARGCHK(pt != NULL);
11471152 LTC_ARGCHK(ct != NULL);
11481153 LTC_ARGCHK(skey != NULL);
1154
1155 if (skey->anubis.R < 12 || skey->anubis.R > 18) {
1156 return CRYPT_INVALID_ROUNDS;
1157 }
1158
11491159 anubis_crypt(ct, pt, skey->anubis.roundKeyDec, skey->anubis.R);
11501160 return CRYPT_OK;
11511161 }
294294 0xB74E6132UL, 0xCE77E25BUL, 0x578FDFE3UL, 0x3AC372E6UL }
295295 };
296296
297 #ifndef __GNUC__
298 #define F(x) ((S1[LTC_BYTE(x,3)] + S2[LTC_BYTE(x,2)]) ^ S3[LTC_BYTE(x,1)]) + S4[LTC_BYTE(x,0)]
299 #else
300 #define F(x) ((skey->blowfish.S[0][LTC_BYTE(x,3)] + skey->blowfish.S[1][LTC_BYTE(x,2)]) ^ skey->blowfish.S[2][LTC_BYTE(x,1)]) + skey->blowfish.S[3][LTC_BYTE(x,0)]
301 #endif
302
303 static void s_blowfish_encipher(ulong32 *L, ulong32 *R, const symmetric_key *skey)
304 {
305 int rounds;
306
307 ulong32 l, r;
308 #ifndef __GNUC__
309 const ulong32 *S1, *S2, *S3, *S4;
310
311 S1 = skey->blowfish.S[0];
312 S2 = skey->blowfish.S[1];
313 S3 = skey->blowfish.S[2];
314 S4 = skey->blowfish.S[3];
315 #endif
316
317 l = *L;
318 r = *R;
319
320 /* do 16 rounds */
321 for (rounds = 0; rounds < 16; ) {
322 l ^= skey->blowfish.K[rounds++]; r ^= F(l);
323 r ^= skey->blowfish.K[rounds++]; l ^= F(r);
324 l ^= skey->blowfish.K[rounds++]; r ^= F(l);
325 r ^= skey->blowfish.K[rounds++]; l ^= F(r);
326 }
327
328 /* last keying */
329 l ^= skey->blowfish.K[16];
330 r ^= skey->blowfish.K[17];
331
332 *L = r;
333 *R = l;
334 }
335
336 void blowfish_enc(ulong32 *data, unsigned long blocks, const symmetric_key *skey)
337 {
338 unsigned long i;
339 ulong32 *d = data;
340
341 for (i = 0; i < blocks; ++i) {
342 s_blowfish_encipher(d, d + 1, skey);
343 d += 2;
344 }
345 }
346
347 static ulong32 s_blowfish_stream2word(const unsigned char *d, int dlen, int *cur)
348 {
349 unsigned int z;
350 int y = *cur;
351 ulong32 ret = 0;
352
353 for (z = 0; z < 4; z++) {
354 ret = (ret << 8) | ((ulong32)d[y++] & 255);
355 if (y == dlen) {
356 y = 0;
357 }
358 }
359
360 *cur = y;
361 return ret;
362 }
363
297364 /**
298 Initialize the Blowfish block cipher
365 Expand the Blowfish internal state
299366 @param key The symmetric key you wish to pass
300367 @param keylen The key length in bytes
368 @param data The additional data you wish to pass (can be NULL)
369 @param datalen The additional data length in bytes
301370 @param num_rounds The number of rounds desired (0 for default)
302371 @param skey The key in as scheduled by this function.
303372 @return CRYPT_OK if successful
304373 */
305 int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
306 symmetric_key *skey)
307 {
308 ulong32 x, y, z, A;
309 unsigned char B[8];
374 int blowfish_expand(const unsigned char *key, int keylen,
375 const unsigned char *data, int datalen,
376 symmetric_key *skey)
377 {
378 ulong32 x, y, A, B[2];
379 int i;
310380
311381 LTC_ARGCHK(key != NULL);
312382 LTC_ARGCHK(skey != NULL);
313383
384 /* load in key bytes (Supplied by David Hopwood) */
385 i = 0;
386 for (x = 0; x < 18; x++) {
387 A = s_blowfish_stream2word(key, keylen, &i);
388 skey->blowfish.K[x] ^= A;
389 }
390
391
392 i = 0;
393 B[0] = 0;
394 B[1] = 0;
395 for (x = 0; x < 18; x += 2) {
396 if (data != NULL) {
397 B[0] ^= s_blowfish_stream2word(data, datalen, &i);
398 B[1] ^= s_blowfish_stream2word(data, datalen, &i);
399 }
400 /* encrypt it */
401 s_blowfish_encipher(&B[0], &B[1], skey);
402 /* copy it */
403 skey->blowfish.K[x] = B[0];
404 skey->blowfish.K[x+1] = B[1];
405 }
406
407 /* encrypt S array */
408 for (x = 0; x < 4; x++) {
409 for (y = 0; y < 256; y += 2) {
410 if (data != NULL) {
411 B[0] ^= s_blowfish_stream2word(data, datalen, &i);
412 B[1] ^= s_blowfish_stream2word(data, datalen, &i);
413 }
414 /* encrypt it */
415 s_blowfish_encipher(&B[0], &B[1], skey);
416 /* copy it */
417 skey->blowfish.S[x][y] = B[0];
418 skey->blowfish.S[x][y+1] = B[1];
419 }
420 }
421
422 #ifdef LTC_CLEAN_STACK
423 zeromem(B, sizeof(B));
424 #endif
425
426 return CRYPT_OK;
427 }
428
429 /**
430 Initialize the Blowfish block cipher
431 @param key The symmetric key you wish to pass
432 @param keylen The key length in bytes
433 @param num_rounds The number of rounds desired (0 for default)
434 @param skey The key in as scheduled by this function.
435 @return CRYPT_OK if successful
436 */
437 int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
438 symmetric_key *skey)
439 {
314440 /* check key length */
315441 if (keylen < 8 || keylen > 56) {
316442 return CRYPT_INVALID_KEYSIZE;
317443 }
318
319444 /* check rounds */
320445 if (num_rounds != 0 && num_rounds != 16) {
321446 return CRYPT_INVALID_ROUNDS;
322447 }
323448
324 /* load in key bytes (Supplied by David Hopwood) */
325 for (x = y = 0; x < 18; x++) {
326 A = 0;
327 for (z = 0; z < 4; z++) {
328 A = (A << 8) | ((ulong32)key[y++] & 255);
329 if (y == (ulong32)keylen) {
330 y = 0;
331 }
332 }
333 skey->blowfish.K[x] = ORIG_P[x] ^ A;
334 }
335
336 /* copy sboxes */
337 for (x = 0; x < 4; x++) {
338 for (y = 0; y < 256; y++) {
339 skey->blowfish.S[x][y] = ORIG_S[x][y];
340 }
341 }
342
343 /* encrypt K array */
344 for (x = 0; x < 8; x++) {
345 B[x] = 0;
346 }
347
348 for (x = 0; x < 18; x += 2) {
349 /* encrypt it */
350 blowfish_ecb_encrypt(B, B, skey);
351 /* copy it */
352 LOAD32H(skey->blowfish.K[x], &B[0]);
353 LOAD32H(skey->blowfish.K[x+1], &B[4]);
354 }
355
356 /* encrypt S array */
357 for (x = 0; x < 4; x++) {
358 for (y = 0; y < 256; y += 2) {
359 /* encrypt it */
360 blowfish_ecb_encrypt(B, B, skey);
361 /* copy it */
362 LOAD32H(skey->blowfish.S[x][y], &B[0]);
363 LOAD32H(skey->blowfish.S[x][y+1], &B[4]);
364 }
365 }
366
367 #ifdef LTC_CLEAN_STACK
368 zeromem(B, sizeof(B));
369 #endif
370
371 return CRYPT_OK;
372 }
373
374 #ifndef __GNUC__
375 #define F(x) ((S1[LTC_BYTE(x,3)] + S2[LTC_BYTE(x,2)]) ^ S3[LTC_BYTE(x,1)]) + S4[LTC_BYTE(x,0)]
376 #else
377 #define F(x) ((skey->blowfish.S[0][LTC_BYTE(x,3)] + skey->blowfish.S[1][LTC_BYTE(x,2)]) ^ skey->blowfish.S[2][LTC_BYTE(x,1)]) + skey->blowfish.S[3][LTC_BYTE(x,0)]
378 #endif
449 return blowfish_setup_with_data(key, keylen, NULL, 0, skey);
450 }
451
452 /**
453 Alternative initialize of the Blowfish block cipher
454 @param key The symmetric key you wish to pass
455 @param keylen The key length in bytes
456 @param data The additional data you wish to pass (can be NULL)
457 @param datalen The additional data length in bytes
458 @param num_rounds The number of rounds desired (0 for default)
459 @param skey The key in as scheduled by this function.
460 @return CRYPT_OK if successful
461 */
462
463 int blowfish_setup_with_data(const unsigned char *key, int keylen,
464 const unsigned char *data, int datalen,
465 symmetric_key *skey)
466 {
467 XMEMCPY(skey->blowfish.K, ORIG_P, sizeof(ORIG_P));
468 XMEMCPY(skey->blowfish.S, ORIG_S, sizeof(ORIG_S));
469 return blowfish_expand(key, keylen, data, datalen, skey);
470 }
379471
380472 /**
381473 Encrypts a block of text with Blowfish
391483 #endif
392484 {
393485 ulong32 L, R;
394 int r;
395 #ifndef __GNUC__
396 const ulong32 *S1, *S2, *S3, *S4;
397 #endif
398
399 LTC_ARGCHK(pt != NULL);
400 LTC_ARGCHK(ct != NULL);
401 LTC_ARGCHK(skey != NULL);
402
403 #ifndef __GNUC__
404 S1 = skey->blowfish.S[0];
405 S2 = skey->blowfish.S[1];
406 S3 = skey->blowfish.S[2];
407 S4 = skey->blowfish.S[3];
408 #endif
486
487 LTC_ARGCHK(pt != NULL);
488 LTC_ARGCHK(ct != NULL);
489 LTC_ARGCHK(skey != NULL);
409490
410491 /* load it */
411492 LOAD32H(L, &pt[0]);
412493 LOAD32H(R, &pt[4]);
413494
414 /* do 16 rounds */
415 for (r = 0; r < 16; ) {
416 L ^= skey->blowfish.K[r++]; R ^= F(L);
417 R ^= skey->blowfish.K[r++]; L ^= F(R);
418 L ^= skey->blowfish.K[r++]; R ^= F(L);
419 R ^= skey->blowfish.K[r++]; L ^= F(R);
420 }
421
422 /* last keying */
423 R ^= skey->blowfish.K[17];
424 L ^= skey->blowfish.K[16];
495 s_blowfish_encipher(&L, &R, skey);
425496
426497 /* store */
427 STORE32H(R, &ct[0]);
428 STORE32H(L, &ct[4]);
498 STORE32H(L, &ct[0]);
499 STORE32H(R, &ct[4]);
429500
430501 return CRYPT_OK;
431502 }
556627 for (y = 0; y < 1000; y++) blowfish_ecb_decrypt(tmp[0], tmp[0], &key);
557628 for (y = 0; y < 8; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR;
558629 }
630
631
559632 return CRYPT_OK;
560633 #endif
561634 }
16821682 #ifndef LTC_TEST
16831683 return CRYPT_NOP;
16841684 #else
1685 int err;
16861685 static const struct des_test_case {
1687 int num, mode; /* mode 1 = encrypt */
16881686 unsigned char key[8], txt[8], out[8];
16891687 } cases[] = {
1690 { 1, 1, { 0x10, 0x31, 0x6E, 0x02, 0x8C, 0x8F, 0x3B, 0x4A },
1691 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1692 { 0x82, 0xDC, 0xBA, 0xFB, 0xDE, 0xAB, 0x66, 0x02 } },
1693 { 2, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1694 { 0x95, 0xF8, 0xA5, 0xE5, 0xDD, 0x31, 0xD9, 0x00 },
1695 { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1696 { 3, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1697 { 0xDD, 0x7F, 0x12, 0x1C, 0xA5, 0x01, 0x56, 0x19 },
1698 { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1699 { 4, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1700 { 0x2E, 0x86, 0x53, 0x10, 0x4F, 0x38, 0x34, 0xEA },
1701 { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1702 { 5, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1703 { 0x4B, 0xD3, 0x88, 0xFF, 0x6C, 0xD8, 0x1D, 0x4F },
1704 { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1705 { 6, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1706 { 0x20, 0xB9, 0xE7, 0x67, 0xB2, 0xFB, 0x14, 0x56 },
1707 { 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1708 { 7, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1709 { 0x55, 0x57, 0x93, 0x80, 0xD7, 0x71, 0x38, 0xEF },
1710 { 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1711 { 8, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1712 { 0x6C, 0xC5, 0xDE, 0xFA, 0xAF, 0x04, 0x51, 0x2F },
1713 { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1714 { 9, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1715 { 0x0D, 0x9F, 0x27, 0x9B, 0xA5, 0xD8, 0x72, 0x60 },
1716 { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1717 {10, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1718 { 0xD9, 0x03, 0x1B, 0x02, 0x71, 0xBD, 0x5A, 0x0A },
1719 { 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1720
1721 { 1, 0, { 0x10, 0x31, 0x6E, 0x02, 0x8C, 0x8F, 0x3B, 0x4A },
1722 { 0x82, 0xDC, 0xBA, 0xFB, 0xDE, 0xAB, 0x66, 0x02 },
1723 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1724 { 2, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1725 { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1726 { 0x95, 0xF8, 0xA5, 0xE5, 0xDD, 0x31, 0xD9, 0x00 } },
1727 { 3, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1728 { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1729 { 0xDD, 0x7F, 0x12, 0x1C, 0xA5, 0x01, 0x56, 0x19 } },
1730 { 4, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1731 { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1732 { 0x2E, 0x86, 0x53, 0x10, 0x4F, 0x38, 0x34, 0xEA } },
1733 { 5, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1734 { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1735 { 0x4B, 0xD3, 0x88, 0xFF, 0x6C, 0xD8, 0x1D, 0x4F } },
1736 { 6, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1737 { 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1738 { 0x20, 0xB9, 0xE7, 0x67, 0xB2, 0xFB, 0x14, 0x56 } },
1739 { 7, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1740 { 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1741 { 0x55, 0x57, 0x93, 0x80, 0xD7, 0x71, 0x38, 0xEF } },
1742 { 8, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1743 { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1744 { 0x6C, 0xC5, 0xDE, 0xFA, 0xAF, 0x04, 0x51, 0x2F } },
1745 { 9, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1746 { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1747 { 0x0D, 0x9F, 0x27, 0x9B, 0xA5, 0xD8, 0x72, 0x60 } },
1748 {10, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1749 { 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1750 { 0xD9, 0x03, 0x1B, 0x02, 0x71, 0xBD, 0x5A, 0x0A } },
1751
1752 #ifdef LTC_TEST_EXT
1753 { 0+11, 0, { 0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1754 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1755 { 0x95, 0xA8, 0xD7, 0x28, 0x13, 0xDA, 0xA9, 0x4D } },
1756 { 1+11, 0, { 0x40, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1757 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1758 { 0x0E, 0xEC, 0x14, 0x87, 0xDD, 0x8C, 0x26, 0xD5 } },
1759 { 2+11, 0, { 0x20, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1760 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1761 { 0x7A, 0xD1, 0x6F, 0xFB, 0x79, 0xC4, 0x59, 0x26 } },
1762 { 3+11, 0, { 0x10, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1763 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1764 { 0xD3, 0x74, 0x62, 0x94, 0xCA, 0x6A, 0x6C, 0xF3 } },
1765 { 4+11, 0, { 0x08, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1766 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1767 { 0x80, 0x9F, 0x5F, 0x87, 0x3C, 0x1F, 0xD7, 0x61 } },
1768 { 5+11, 0, { 0x04, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1769 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1770 { 0xC0, 0x2F, 0xAF, 0xFE, 0xC9, 0x89, 0xD1, 0xFC } },
1771 { 6+11, 0, { 0x02, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1772 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1773 { 0x46, 0x15, 0xAA, 0x1D, 0x33, 0xE7, 0x2F, 0x10 } },
1774 { 7+11, 0, { 0x01, 0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1775 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1776 { 0x20, 0x55, 0x12, 0x33, 0x50, 0xC0, 0x08, 0x58 } },
1777 { 8+11, 0, { 0x01, 0x40, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1778 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1779 { 0xDF, 0x3B, 0x99, 0xD6, 0x57, 0x73, 0x97, 0xC8 } },
1780 { 9+11, 0, { 0x01, 0x20, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1781 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1782 { 0x31, 0xFE, 0x17, 0x36, 0x9B, 0x52, 0x88, 0xC9 } },
1783 {10+11, 0, { 0x01, 0x10, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1784 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1785 { 0xDF, 0xDD, 0x3C, 0xC6, 0x4D, 0xAE, 0x16, 0x42 } },
1786 {11+11, 0, { 0x01, 0x08, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1787 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1788 { 0x17, 0x8C, 0x83, 0xCE, 0x2B, 0x39, 0x9D, 0x94 } },
1789 {12+11, 0, { 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1790 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1791 { 0x50, 0xF6, 0x36, 0x32, 0x4A, 0x9B, 0x7F, 0x80 } },
1792 {13+11, 0, { 0x01, 0x02, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1793 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1794 { 0xA8, 0x46, 0x8E, 0xE3, 0xBC, 0x18, 0xF0, 0x6D } },
1795 {14+11, 0, { 0x01, 0x01, 0x80, 0x01, 0x01, 0x01, 0x01, 0x01 },
1796 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1797 { 0xA2, 0xDC, 0x9E, 0x92, 0xFD, 0x3C, 0xDE, 0x92 } },
1798 {15+11, 0, { 0x01, 0x01, 0x40, 0x01, 0x01, 0x01, 0x01, 0x01 },
1799 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1800 { 0xCA, 0xC0, 0x9F, 0x79, 0x7D, 0x03, 0x12, 0x87 } },
1801 {16+11, 0, { 0x01, 0x01, 0x20, 0x01, 0x01, 0x01, 0x01, 0x01 },
1802 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1803 { 0x90, 0xBA, 0x68, 0x0B, 0x22, 0xAE, 0xB5, 0x25 } },
1804 {17+11, 0, { 0x01, 0x01, 0x10, 0x01, 0x01, 0x01, 0x01, 0x01 },
1805 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1806 { 0xCE, 0x7A, 0x24, 0xF3, 0x50, 0xE2, 0x80, 0xB6 } },
1807 {18+11, 0, { 0x01, 0x01, 0x08, 0x01, 0x01, 0x01, 0x01, 0x01 },
1808 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1809 { 0x88, 0x2B, 0xFF, 0x0A, 0xA0, 0x1A, 0x0B, 0x87 } },
1810 {19+11, 0, { 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0x01 },
1811 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1812 { 0x25, 0x61, 0x02, 0x88, 0x92, 0x45, 0x11, 0xC2 } },
1813 {20+11, 0, { 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x01, 0x01 },
1814 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1815 { 0xC7, 0x15, 0x16, 0xC2, 0x9C, 0x75, 0xD1, 0x70 } },
1816 {21+11, 0, { 0x01, 0x01, 0x01, 0x80, 0x01, 0x01, 0x01, 0x01 },
1817 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1818 { 0x51, 0x99, 0xC2, 0x9A, 0x52, 0xC9, 0xF0, 0x59 } },
1819 {22+11, 0, { 0x01, 0x01, 0x01, 0x40, 0x01, 0x01, 0x01, 0x01 },
1820 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1821 { 0xC2, 0x2F, 0x0A, 0x29, 0x4A, 0x71, 0xF2, 0x9F } },
1822 {23+11, 0, { 0x01, 0x01, 0x01, 0x20, 0x01, 0x01, 0x01, 0x01 },
1823 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1824 { 0xEE, 0x37, 0x14, 0x83, 0x71, 0x4C, 0x02, 0xEA } },
1825 {24+11, 0, { 0x01, 0x01, 0x01, 0x10, 0x01, 0x01, 0x01, 0x01 },
1826 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1827 { 0xA8, 0x1F, 0xBD, 0x44, 0x8F, 0x9E, 0x52, 0x2F } },
1828 {25+11, 0, { 0x01, 0x01, 0x01, 0x08, 0x01, 0x01, 0x01, 0x01 },
1829 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1830 { 0x4F, 0x64, 0x4C, 0x92, 0xE1, 0x92, 0xDF, 0xED } },
1831 {26+11, 0, { 0x01, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01 },
1832 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1833 { 0x1A, 0xFA, 0x9A, 0x66, 0xA6, 0xDF, 0x92, 0xAE } },
1834 {27+11, 0, { 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x01 },
1835 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1836 { 0xB3, 0xC1, 0xCC, 0x71, 0x5C, 0xB8, 0x79, 0xD8 } },
1837 {28+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x80, 0x01, 0x01, 0x01 },
1838 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1839 { 0x19, 0xD0, 0x32, 0xE6, 0x4A, 0xB0, 0xBD, 0x8B } },
1840 {29+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x40, 0x01, 0x01, 0x01 },
1841 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1842 { 0x3C, 0xFA, 0xA7, 0xA7, 0xDC, 0x87, 0x20, 0xDC } },
1843 {30+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x20, 0x01, 0x01, 0x01 },
1844 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1845 { 0xB7, 0x26, 0x5F, 0x7F, 0x44, 0x7A, 0xC6, 0xF3 } },
1846 {31+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x10, 0x01, 0x01, 0x01 },
1847 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1848 { 0x9D, 0xB7, 0x3B, 0x3C, 0x0D, 0x16, 0x3F, 0x54 } },
1849 {32+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x08, 0x01, 0x01, 0x01 },
1850 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1851 { 0x81, 0x81, 0xB6, 0x5B, 0xAB, 0xF4, 0xA9, 0x75 } },
1852 {33+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01 },
1853 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1854 { 0x93, 0xC9, 0xB6, 0x40, 0x42, 0xEA, 0xA2, 0x40 } },
1855 {34+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01 },
1856 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1857 { 0x55, 0x70, 0x53, 0x08, 0x29, 0x70, 0x55, 0x92 } },
1858 {35+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x80, 0x01, 0x01 },
1859 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1860 { 0x86, 0x38, 0x80, 0x9E, 0x87, 0x87, 0x87, 0xA0 } },
1861 {36+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x40, 0x01, 0x01 },
1862 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1863 { 0x41, 0xB9, 0xA7, 0x9A, 0xF7, 0x9A, 0xC2, 0x08 } },
1864 {37+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x01, 0x01 },
1865 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1866 { 0x7A, 0x9B, 0xE4, 0x2F, 0x20, 0x09, 0xA8, 0x92 } },
1867 {38+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x10, 0x01, 0x01 },
1868 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1869 { 0x29, 0x03, 0x8D, 0x56, 0xBA, 0x6D, 0x27, 0x45 } },
1870 {39+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x08, 0x01, 0x01 },
1871 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1872 { 0x54, 0x95, 0xC6, 0xAB, 0xF1, 0xE5, 0xDF, 0x51 } },
1873 {40+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x04, 0x01, 0x01 },
1874 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1875 { 0xAE, 0x13, 0xDB, 0xD5, 0x61, 0x48, 0x89, 0x33 } },
1876 {41+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01 },
1877 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1878 { 0x02, 0x4D, 0x1F, 0xFA, 0x89, 0x04, 0xE3, 0x89 } },
1879 {42+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80, 0x01 },
1880 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1881 { 0xD1, 0x39, 0x97, 0x12, 0xF9, 0x9B, 0xF0, 0x2E } },
1882 {43+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x40, 0x01 },
1883 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1884 { 0x14, 0xC1, 0xD7, 0xC1, 0xCF, 0xFE, 0xC7, 0x9E } },
1885 {44+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x01 },
1886 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1887 { 0x1D, 0xE5, 0x27, 0x9D, 0xAE, 0x3B, 0xED, 0x6F } },
1888 {45+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x10, 0x01 },
1889 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1890 { 0xE9, 0x41, 0xA3, 0x3F, 0x85, 0x50, 0x13, 0x03 } },
1891 {46+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x08, 0x01 },
1892 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1893 { 0xDA, 0x99, 0xDB, 0xBC, 0x9A, 0x03, 0xF3, 0x79 } },
1894 {47+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x04, 0x01 },
1895 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1896 { 0xB7, 0xFC, 0x92, 0xF9, 0x1D, 0x8E, 0x92, 0xE9 } },
1897 {48+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01 },
1898 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1899 { 0xAE, 0x8E, 0x5C, 0xAA, 0x3C, 0xA0, 0x4E, 0x85 } },
1900 {49+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80 },
1901 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1902 { 0x9C, 0xC6, 0x2D, 0xF4, 0x3B, 0x6E, 0xED, 0x74 } },
1903 {50+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x40 },
1904 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1905 { 0xD8, 0x63, 0xDB, 0xB5, 0xC5, 0x9A, 0x91, 0xA0 } },
1906 {51+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20 },
1907 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1908 { 0xA1, 0xAB, 0x21, 0x90, 0x54, 0x5B, 0x91, 0xD7 } },
1909 {52+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x10 },
1910 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1911 { 0x08, 0x75, 0x04, 0x1E, 0x64, 0xC5, 0x70, 0xF7 } },
1912 {53+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x08 },
1913 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1914 { 0x5A, 0x59, 0x45, 0x28, 0xBE, 0xBE, 0xF1, 0xCC } },
1915 {54+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x04 },
1916 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1917 { 0xFC, 0xDB, 0x32, 0x91, 0xDE, 0x21, 0xF0, 0xC0 } },
1918 {55+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02 },
1919 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1920 { 0x86, 0x9E, 0xFD, 0x7F, 0x9F, 0x26, 0x5A, 0x09 } },
1921 #endif /* LTC_TEST_EXT */
1688 { { 0x10, 0x31, 0x6E, 0x02, 0x8C, 0x8F, 0x3B, 0x4A },
1689 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1690 { 0x82, 0xDC, 0xBA, 0xFB, 0xDE, 0xAB, 0x66, 0x02 } },
1691 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1692 { 0x95, 0xF8, 0xA5, 0xE5, 0xDD, 0x31, 0xD9, 0x00 },
1693 { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1694 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1695 { 0xDD, 0x7F, 0x12, 0x1C, 0xA5, 0x01, 0x56, 0x19 },
1696 { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1697 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1698 { 0x2E, 0x86, 0x53, 0x10, 0x4F, 0x38, 0x34, 0xEA },
1699 { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1700 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1701 { 0x4B, 0xD3, 0x88, 0xFF, 0x6C, 0xD8, 0x1D, 0x4F },
1702 { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1703 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1704 { 0x20, 0xB9, 0xE7, 0x67, 0xB2, 0xFB, 0x14, 0x56 },
1705 { 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1706 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1707 { 0x55, 0x57, 0x93, 0x80, 0xD7, 0x71, 0x38, 0xEF },
1708 { 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1709 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1710 { 0x6C, 0xC5, 0xDE, 0xFA, 0xAF, 0x04, 0x51, 0x2F },
1711 { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1712 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1713 { 0x0D, 0x9F, 0x27, 0x9B, 0xA5, 0xD8, 0x72, 0x60 },
1714 { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1715 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1716 { 0xD9, 0x03, 0x1B, 0x02, 0x71, 0xBD, 0x5A, 0x0A },
1717 { 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1718
1719 { { 0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1720 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1721 { 0x95, 0xA8, 0xD7, 0x28, 0x13, 0xDA, 0xA9, 0x4D } },
1722 { { 0x40, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1723 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1724 { 0x0E, 0xEC, 0x14, 0x87, 0xDD, 0x8C, 0x26, 0xD5 } },
1725 { { 0x20, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1726 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1727 { 0x7A, 0xD1, 0x6F, 0xFB, 0x79, 0xC4, 0x59, 0x26 } },
1728 { { 0x10, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1729 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1730 { 0xD3, 0x74, 0x62, 0x94, 0xCA, 0x6A, 0x6C, 0xF3 } },
1731 { { 0x08, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1732 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1733 { 0x80, 0x9F, 0x5F, 0x87, 0x3C, 0x1F, 0xD7, 0x61 } },
1734 { { 0x04, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1735 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1736 { 0xC0, 0x2F, 0xAF, 0xFE, 0xC9, 0x89, 0xD1, 0xFC } },
1737 { { 0x02, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1738 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1739 { 0x46, 0x15, 0xAA, 0x1D, 0x33, 0xE7, 0x2F, 0x10 } },
1740 { { 0x01, 0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1741 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1742 { 0x20, 0x55, 0x12, 0x33, 0x50, 0xC0, 0x08, 0x58 } },
1743 { { 0x01, 0x40, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1744 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1745 { 0xDF, 0x3B, 0x99, 0xD6, 0x57, 0x73, 0x97, 0xC8 } },
1746 { { 0x01, 0x20, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1747 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1748 { 0x31, 0xFE, 0x17, 0x36, 0x9B, 0x52, 0x88, 0xC9 } },
1749 { { 0x01, 0x10, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1750 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1751 { 0xDF, 0xDD, 0x3C, 0xC6, 0x4D, 0xAE, 0x16, 0x42 } },
1752 { { 0x01, 0x08, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1753 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1754 { 0x17, 0x8C, 0x83, 0xCE, 0x2B, 0x39, 0x9D, 0x94 } },
1755 { { 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1756 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1757 { 0x50, 0xF6, 0x36, 0x32, 0x4A, 0x9B, 0x7F, 0x80 } },
1758 { { 0x01, 0x02, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
1759 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1760 { 0xA8, 0x46, 0x8E, 0xE3, 0xBC, 0x18, 0xF0, 0x6D } },
1761 { { 0x01, 0x01, 0x80, 0x01, 0x01, 0x01, 0x01, 0x01 },
1762 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1763 { 0xA2, 0xDC, 0x9E, 0x92, 0xFD, 0x3C, 0xDE, 0x92 } },
1764 { { 0x01, 0x01, 0x40, 0x01, 0x01, 0x01, 0x01, 0x01 },
1765 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1766 { 0xCA, 0xC0, 0x9F, 0x79, 0x7D, 0x03, 0x12, 0x87 } },
1767 { { 0x01, 0x01, 0x20, 0x01, 0x01, 0x01, 0x01, 0x01 },
1768 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1769 { 0x90, 0xBA, 0x68, 0x0B, 0x22, 0xAE, 0xB5, 0x25 } },
1770 { { 0x01, 0x01, 0x10, 0x01, 0x01, 0x01, 0x01, 0x01 },
1771 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1772 { 0xCE, 0x7A, 0x24, 0xF3, 0x50, 0xE2, 0x80, 0xB6 } },
1773 { { 0x01, 0x01, 0x08, 0x01, 0x01, 0x01, 0x01, 0x01 },
1774 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1775 { 0x88, 0x2B, 0xFF, 0x0A, 0xA0, 0x1A, 0x0B, 0x87 } },
1776 { { 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0x01 },
1777 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1778 { 0x25, 0x61, 0x02, 0x88, 0x92, 0x45, 0x11, 0xC2 } },
1779 { { 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x01, 0x01 },
1780 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1781 { 0xC7, 0x15, 0x16, 0xC2, 0x9C, 0x75, 0xD1, 0x70 } },
1782 { { 0x01, 0x01, 0x01, 0x80, 0x01, 0x01, 0x01, 0x01 },
1783 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1784 { 0x51, 0x99, 0xC2, 0x9A, 0x52, 0xC9, 0xF0, 0x59 } },
1785 { { 0x01, 0x01, 0x01, 0x40, 0x01, 0x01, 0x01, 0x01 },
1786 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1787 { 0xC2, 0x2F, 0x0A, 0x29, 0x4A, 0x71, 0xF2, 0x9F } },
1788 { { 0x01, 0x01, 0x01, 0x20, 0x01, 0x01, 0x01, 0x01 },
1789 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1790 { 0xEE, 0x37, 0x14, 0x83, 0x71, 0x4C, 0x02, 0xEA } },
1791 { { 0x01, 0x01, 0x01, 0x10, 0x01, 0x01, 0x01, 0x01 },
1792 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1793 { 0xA8, 0x1F, 0xBD, 0x44, 0x8F, 0x9E, 0x52, 0x2F } },
1794 { { 0x01, 0x01, 0x01, 0x08, 0x01, 0x01, 0x01, 0x01 },
1795 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1796 { 0x4F, 0x64, 0x4C, 0x92, 0xE1, 0x92, 0xDF, 0xED } },
1797 { { 0x01, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01 },
1798 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1799 { 0x1A, 0xFA, 0x9A, 0x66, 0xA6, 0xDF, 0x92, 0xAE } },
1800 { { 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x01 },
1801 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1802 { 0xB3, 0xC1, 0xCC, 0x71, 0x5C, 0xB8, 0x79, 0xD8 } },
1803 { { 0x01, 0x01, 0x01, 0x01, 0x80, 0x01, 0x01, 0x01 },
1804 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1805 { 0x19, 0xD0, 0x32, 0xE6, 0x4A, 0xB0, 0xBD, 0x8B } },
1806 { { 0x01, 0x01, 0x01, 0x01, 0x40, 0x01, 0x01, 0x01 },
1807 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1808 { 0x3C, 0xFA, 0xA7, 0xA7, 0xDC, 0x87, 0x20, 0xDC } },
1809 { { 0x01, 0x01, 0x01, 0x01, 0x20, 0x01, 0x01, 0x01 },
1810 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1811 { 0xB7, 0x26, 0x5F, 0x7F, 0x44, 0x7A, 0xC6, 0xF3 } },
1812 { { 0x01, 0x01, 0x01, 0x01, 0x10, 0x01, 0x01, 0x01 },
1813 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1814 { 0x9D, 0xB7, 0x3B, 0x3C, 0x0D, 0x16, 0x3F, 0x54 } },
1815 { { 0x01, 0x01, 0x01, 0x01, 0x08, 0x01, 0x01, 0x01 },
1816 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1817 { 0x81, 0x81, 0xB6, 0x5B, 0xAB, 0xF4, 0xA9, 0x75 } },
1818 { { 0x01, 0x01, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01 },
1819 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1820 { 0x93, 0xC9, 0xB6, 0x40, 0x42, 0xEA, 0xA2, 0x40 } },
1821 { { 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01 },
1822 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1823 { 0x55, 0x70, 0x53, 0x08, 0x29, 0x70, 0x55, 0x92 } },
1824 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x80, 0x01, 0x01 },
1825 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1826 { 0x86, 0x38, 0x80, 0x9E, 0x87, 0x87, 0x87, 0xA0 } },
1827 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x40, 0x01, 0x01 },
1828 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1829 { 0x41, 0xB9, 0xA7, 0x9A, 0xF7, 0x9A, 0xC2, 0x08 } },
1830 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x01, 0x01 },
1831 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1832 { 0x7A, 0x9B, 0xE4, 0x2F, 0x20, 0x09, 0xA8, 0x92 } },
1833 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x10, 0x01, 0x01 },
1834 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1835 { 0x29, 0x03, 0x8D, 0x56, 0xBA, 0x6D, 0x27, 0x45 } },
1836 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x08, 0x01, 0x01 },
1837 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1838 { 0x54, 0x95, 0xC6, 0xAB, 0xF1, 0xE5, 0xDF, 0x51 } },
1839 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x04, 0x01, 0x01 },
1840 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1841 { 0xAE, 0x13, 0xDB, 0xD5, 0x61, 0x48, 0x89, 0x33 } },
1842 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01 },
1843 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1844 { 0x02, 0x4D, 0x1F, 0xFA, 0x89, 0x04, 0xE3, 0x89 } },
1845 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80, 0x01 },
1846 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1847 { 0xD1, 0x39, 0x97, 0x12, 0xF9, 0x9B, 0xF0, 0x2E } },
1848 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x40, 0x01 },
1849 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1850 { 0x14, 0xC1, 0xD7, 0xC1, 0xCF, 0xFE, 0xC7, 0x9E } },
1851 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x01 },
1852 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1853 { 0x1D, 0xE5, 0x27, 0x9D, 0xAE, 0x3B, 0xED, 0x6F } },
1854 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x10, 0x01 },
1855 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1856 { 0xE9, 0x41, 0xA3, 0x3F, 0x85, 0x50, 0x13, 0x03 } },
1857 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x08, 0x01 },
1858 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1859 { 0xDA, 0x99, 0xDB, 0xBC, 0x9A, 0x03, 0xF3, 0x79 } },
1860 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x04, 0x01 },
1861 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1862 { 0xB7, 0xFC, 0x92, 0xF9, 0x1D, 0x8E, 0x92, 0xE9 } },
1863 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01 },
1864 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1865 { 0xAE, 0x8E, 0x5C, 0xAA, 0x3C, 0xA0, 0x4E, 0x85 } },
1866 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80 },
1867 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1868 { 0x9C, 0xC6, 0x2D, 0xF4, 0x3B, 0x6E, 0xED, 0x74 } },
1869 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x40 },
1870 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1871 { 0xD8, 0x63, 0xDB, 0xB5, 0xC5, 0x9A, 0x91, 0xA0 } },
1872 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20 },
1873 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1874 { 0xA1, 0xAB, 0x21, 0x90, 0x54, 0x5B, 0x91, 0xD7 } },
1875 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x10 },
1876 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1877 { 0x08, 0x75, 0x04, 0x1E, 0x64, 0xC5, 0x70, 0xF7 } },
1878 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x08 },
1879 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1880 { 0x5A, 0x59, 0x45, 0x28, 0xBE, 0xBE, 0xF1, 0xCC } },
1881 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x04 },
1882 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1883 { 0xFC, 0xDB, 0x32, 0x91, 0xDE, 0x21, 0xF0, 0xC0 } },
1884 { { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02 },
1885 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1886 { 0x86, 0x9E, 0xFD, 0x7F, 0x9F, 0x26, 0x5A, 0x09 } },
19221887
19231888 /*** more test cases you could add if you are not convinced (the above test cases aren't really too good):
19241889
19611926 http://www.ecs.soton.ac.uk/~prw99r/ez438/vectors.txt
19621927 ***/
19631928 };
1964 int i, y;
1965 unsigned char tmp[8];
1966 symmetric_key des;
1967
1968 for(i=0; i < (int)(sizeof(cases)/sizeof(cases[0])); i++)
1929 unsigned char key[8], pt[8], ct[8], tmp[8];
1930 symmetric_key skey;
1931 int i, err;
1932
1933 for (i = 0; i < (int)(sizeof(cases)/sizeof(cases[0])); i++)
19691934 {
1970 if ((err = des_setup(cases[i].key, 8, 0, &des)) != CRYPT_OK) {
1971 return err;
1935 if ((err = des_setup(cases[i].key, 8, 0, &skey)) != CRYPT_OK) {
1936 return err;
19721937 }
1973 if (cases[i].mode != 0) {
1974 des_ecb_encrypt(cases[i].txt, tmp, &des);
1975 } else {
1976 des_ecb_decrypt(cases[i].txt, tmp, &des);
1938
1939 des_ecb_encrypt(cases[i].txt, ct, &skey);
1940
1941 if (compare_testvector(ct, sizeof(ct), cases[i].out, 8, "DES Encrypt", i) != 0) {
1942 return CRYPT_FAIL_TESTVECTOR;
19771943 }
19781944
1979 if (compare_testvector(cases[i].out, sizeof(tmp), tmp, sizeof(tmp), "DES", i) != 0) {
1980 return CRYPT_FAIL_TESTVECTOR;
1945 des_ecb_decrypt(ct, pt, &skey);
1946
1947 if (compare_testvector(pt, sizeof(pt), cases[i].txt, 8, "DES Decrypt", i) != 0) {
1948 return CRYPT_FAIL_TESTVECTOR;
19811949 }
1982
1983 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
1984 for (y = 0; y < 8; y++) tmp[y] = 0;
1985 for (y = 0; y < 1000; y++) des_ecb_encrypt(tmp, tmp, &des);
1986 for (y = 0; y < 1000; y++) des_ecb_decrypt(tmp, tmp, &des);
1987 for (y = 0; y < 8; y++) if (tmp[y] != 0) return CRYPT_FAIL_TESTVECTOR;
1950 }
1951
1952 /* See if we can encrypt all zero bytes 1000 times, decrypt and come back to where we started */
1953
1954 for (i = 0; i < 8; i++) key[i] = i;
1955
1956 if ((err = des_setup(key, 8, 0, &skey)) != CRYPT_OK) {
1957 return err;
1958 }
1959
1960 for (i = 0; i < 8; i++) pt[i] = tmp[i] = 0;
1961 for (i = 0; i < 1000; i++) des_ecb_encrypt(tmp, tmp, &skey);
1962 for (i = 0; i < 1000; i++) des_ecb_decrypt(tmp, tmp, &skey);
1963
1964 if (compare_testvector(tmp, 8, pt, 8, "DES", 0) != 0) {
1965 return CRYPT_FAIL_TESTVECTOR;
19881966 }
19891967
19901968 return CRYPT_OK;
19961974 #ifndef LTC_TEST
19971975 return CRYPT_NOP;
19981976 #else
1999 unsigned char key[24], pt[8], ct[8], tmp[8];
2000 symmetric_key skey;
2001 int x, err;
2002
2003 if ((err = des_test()) != CRYPT_OK) {
2004 return err;
2005 }
2006
2007 for (x = 0; x < 8; x++) {
2008 pt[x] = x;
2009 }
2010
2011 for (x = 0; x < 24; x++) {
2012 key[x] = x;
2013 }
2014
2015 if ((err = des3_setup(key, 24, 0, &skey)) != CRYPT_OK) {
2016 return err;
2017 }
2018
2019 des3_ecb_encrypt(pt, ct, &skey);
2020 des3_ecb_decrypt(ct, tmp, &skey);
2021
2022 if (compare_testvector(pt, 8, tmp, 8, "3DES", 0) != 0) {
2023 return CRYPT_FAIL_TESTVECTOR;
2024 }
2025
2026 return CRYPT_OK;
1977 static const struct des3_test_case {
1978 unsigned char key[16], txt[8], out[8];
1979 } cases[] = {
1980 /*
1981 https://www.cosic.esat.kuleuven.be/nessie/testvectors/bc/des/Triple-Des-2-Key-128-64.unverified.test-vectors
1982 */
1983 { { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1984 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1985 { 0xFA, 0xFD, 0x50, 0x84, 0x37, 0x4F, 0xCE, 0x34 } },
1986 { { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1987 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1988 { 0x60, 0xCC, 0x37, 0xB7, 0xB5, 0x37, 0xA1, 0xDC } },
1989 { { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1990 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
1991 { 0xBE, 0x3E, 0x73, 0x04, 0xFE, 0x92, 0xC2, 0xBC } },
1992 { { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0x00 },
1993 { 0xE5, 0xA9, 0xE3, 0x80, 0x03, 0xA5, 0xA0, 0xFD },
1994 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } },
1995 { { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F },
1996 { 0xE4, 0xFC, 0x19, 0xD6, 0x94, 0x63, 0xB7, 0x83 },
1997 { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 } },
1998 };
1999 unsigned char key[24], pt[8], ct[8], tmp[8];
2000 symmetric_key skey;
2001 int i, err;
2002
2003 if ((err = des_test()) != CRYPT_OK) {
2004 return err;
2005 }
2006
2007 for (i = 0; i < (int)(sizeof(cases)/sizeof(cases[0])); i++)
2008 {
2009 if ((err = des3_setup(cases[i].key, 16, 0, &skey)) != CRYPT_OK) {
2010 return err;
2011 }
2012
2013 des3_ecb_encrypt(cases[i].txt, ct, &skey);
2014
2015 if (compare_testvector(ct, sizeof(ct), cases[i].out, 8, "3DES Encrypt", i) != 0) {
2016 return CRYPT_FAIL_TESTVECTOR;
2017 }
2018
2019 des3_ecb_decrypt(ct, pt, &skey);
2020
2021 if (compare_testvector(pt, sizeof(pt), cases[i].txt, 8, "3DES Decrypt", i) != 0) {
2022 return CRYPT_FAIL_TESTVECTOR;
2023 }
2024 }
2025
2026 /* See if we can encrypt all zero bytes 1000 times, decrypt and come back to where we started */
2027
2028 for (i = 0; i < 24; i++) key[i] = i;
2029
2030 if ((err = des3_setup(key, 24, 0, &skey)) != CRYPT_OK) {
2031 return err;
2032 }
2033
2034 for (i = 0; i < 8; i++) pt[i] = tmp[i] = 0;
2035 for (i = 0; i < 1000; i++) des3_ecb_encrypt(tmp, tmp, &skey);
2036 for (i = 0; i < 1000; i++) des3_ecb_decrypt(tmp, tmp, &skey);
2037
2038 if (compare_testvector(tmp, 8, pt, 8, "3DES", 0) != 0) {
2039 return CRYPT_FAIL_TESTVECTOR;
2040 }
2041
2042 return CRYPT_OK;
20272043 #endif
20282044 }
20292045
135135 LTC_ARGCHK(pt != NULL);
136136 LTC_ARGCHK(ct != NULL);
137137
138 if (skey->rc5.rounds < 12 || skey->rc5.rounds > 24) {
139 return CRYPT_INVALID_ROUNDS;
140 }
141
138142 LOAD32L(A, &pt[0]);
139143 LOAD32L(B, &pt[4]);
140144 A += skey->rc5.K[0];
190194 LTC_ARGCHK(skey != NULL);
191195 LTC_ARGCHK(pt != NULL);
192196 LTC_ARGCHK(ct != NULL);
197
198 if (skey->rc5.rounds < 12 || skey->rc5.rounds > 24) {
199 return CRYPT_INVALID_ROUNDS;
200 }
193201
194202 LOAD32L(A, &ct[0]);
195203 LOAD32L(B, &ct[4]);
346346 LTC_ARGCHK(ct != NULL);
347347 LTC_ARGCHK(skey != NULL);
348348
349 if (skey->saferp.rounds < 8 || skey->saferp.rounds > 16) {
350 return CRYPT_INVALID_ROUNDS;
351 }
352
349353 /* do eight rounds */
350354 for (x = 0; x < 16; x++) {
351355 b[x] = pt[x];
409413 LTC_ARGCHK(pt != NULL);
410414 LTC_ARGCHK(ct != NULL);
411415 LTC_ARGCHK(skey != NULL);
416
417 if (skey->saferp.rounds < 8 || skey->saferp.rounds > 16) {
418 return CRYPT_INVALID_ROUNDS;
419 }
412420
413421 /* do eight rounds */
414422 b[0] = ct[0] ^ skey->saferp.K[skey->saferp.rounds*2][0];
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8
9 /**
10 @file tea.c
11 Implementation of TEA, Steffen Jaeckel
12 */
13 #include "tomcrypt_private.h"
14
15 #ifdef LTC_TEA
16
17 const struct ltc_cipher_descriptor tea_desc =
18 {
19 "tea",
20 26,
21 16, 16, 8, 32,
22 &tea_setup,
23 &tea_ecb_encrypt,
24 &tea_ecb_decrypt,
25 &tea_test,
26 &tea_done,
27 &tea_keysize,
28 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
29 };
30
31 #define DELTA 0x9E3779B9uL
32 #define SUM 0xC6EF3720uL
33
34 int tea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
35 {
36 LTC_ARGCHK(key != NULL);
37 LTC_ARGCHK(skey != NULL);
38
39 /* check arguments */
40 if (keylen != 16) {
41 return CRYPT_INVALID_KEYSIZE;
42 }
43
44 if (num_rounds != 0 && num_rounds != 32) {
45 return CRYPT_INVALID_ROUNDS;
46 }
47
48 /* load key */
49 LOAD32H(skey->tea.k[0], key+0);
50 LOAD32H(skey->tea.k[1], key+4);
51 LOAD32H(skey->tea.k[2], key+8);
52 LOAD32H(skey->tea.k[3], key+12);
53
54 return CRYPT_OK;
55 }
56
57 /**
58 Encrypts a block of text with TEA
59 @param pt The input plaintext (8 bytes)
60 @param ct The output ciphertext (8 bytes)
61 @param skey The key as scheduled
62 @return CRYPT_OK if successful
63 */
64 int tea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey)
65 {
66 ulong32 y, z, sum = 0;
67 const ulong32 delta = DELTA;
68 int r;
69
70 LTC_ARGCHK(pt != NULL);
71 LTC_ARGCHK(ct != NULL);
72 LTC_ARGCHK(skey != NULL);
73
74 LOAD32H(y, &pt[0]);
75 LOAD32H(z, &pt[4]);
76 for (r = 0; r < 32; r += 4) {
77 sum += delta;
78 y += ((z<<4) + skey->tea.k[0]) ^ (z + sum) ^ ((z>>5) + skey->tea.k[1]);
79 z += ((y<<4) + skey->tea.k[2]) ^ (y + sum) ^ ((y>>5) + skey->tea.k[3]);
80 }
81 STORE32H(y, &ct[0]);
82 STORE32H(z, &ct[4]);
83 return CRYPT_OK;
84 }
85
86 /**
87 Decrypts a block of text with TEA
88 @param ct The input ciphertext (8 bytes)
89 @param pt The output plaintext (8 bytes)
90 @param skey The key as scheduled
91 @return CRYPT_OK if successful
92 */
93 int tea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey)
94 {
95 ulong32 v0, v1, sum = SUM;
96 const ulong32 delta = DELTA;
97 int r;
98
99 LTC_ARGCHK(pt != NULL);
100 LTC_ARGCHK(ct != NULL);
101 LTC_ARGCHK(skey != NULL);
102
103 LOAD32H(v0, &ct[0]);
104 LOAD32H(v1, &ct[4]);
105
106 for (r = 0; r < 32; r++) {
107 v1 -= ((v0 << 4) + skey->tea.k[2]) ^ (v0 + sum) ^ ((v0 >> 5) + skey->tea.k[3]);
108 v0 -= ((v1 << 4) + skey->tea.k[0]) ^ (v1 + sum) ^ ((v1 >> 5) + skey->tea.k[1]);
109 sum -= delta;
110 }
111
112 STORE32H(v0, &pt[0]);
113 STORE32H(v1, &pt[4]);
114 return CRYPT_OK;
115 }
116
117 /**
118 Performs a self-test of the TEA block cipher
119 @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
120 */
121 int tea_test(void)
122 {
123 #ifndef LTC_TEST
124 return CRYPT_NOP;
125 #else
126 static const struct {
127 const char *key, *pt, *ct;
128 } tests[] = {
129 {
130 "00000000000000000000000000000000",
131 "0000000000000000",
132 "41ea3a0a94baa940"
133 }, {
134 "32a1e65408b63bb9214105744ec5d2e2",
135 "5ada1d89a9c3801a",
136 "dd46249e28aa0b4b"
137 }, {
138 "60388adadf70a1f5d9cb4e097d2c6c57",
139 "7a6adb4d69c53e0f",
140 "44b71215cf25368a"
141 }, {
142 "4368d2249bd0321eb7c56d5b63a1bfac",
143 "5a5d7ca2e186c41a",
144 "91f56dff7281794f"
145 }, {
146 "5c60bff27072d01c4513c5eb8f3a38ab",
147 "80d9c4adcf899635",
148 "2bb0f1b3c023ed11"
149 }
150 };
151 unsigned char ptct[2][8];
152 unsigned char tmp[2][8];
153 unsigned char key[16];
154 unsigned long l;
155 symmetric_key skey;
156 size_t i;
157 int err, y;
158 for (i = 0; i < sizeof(tests)/sizeof(tests[0]); i++) {
159 zeromem(&skey, sizeof(skey));
160
161 l = sizeof(key);
162 if ((err = base16_decode(tests[i].key, XSTRLEN(tests[i].key), key, &l)) != CRYPT) return err;
163 l = sizeof(ptct[0]);
164 if ((err = base16_decode(tests[i].pt, XSTRLEN(tests[i].pt), ptct[0], &l)) != CRYPT) return err;
165 l = sizeof(ptct[1]);
166 if ((err = base16_decode(tests[i].ct, XSTRLEN(tests[i].ct), ptct[1], &l)) != CRYPT) return err;
167
168 if ((err = tea_setup(key, 16, 0, &skey)) != CRYPT_OK) {
169 return err;
170 }
171 tea_ecb_encrypt(ptct[0], tmp[0], &skey);
172 tea_ecb_decrypt(tmp[0], tmp[1], &skey);
173
174 if (compare_testvector(tmp[0], 8, ptct[0], 8, "TEA Encrypt", i) != 0 ||
175 compare_testvector(tmp[1], 8, ptct[1], 8, "TEA Decrypt", i) != 0) {
176 return CRYPT_FAIL_TESTVECTOR;
177 }
178
179 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
180 for (y = 0; y < 8; y++) tmp[0][y] = 0;
181 for (y = 0; y < 1000; y++) tea_ecb_encrypt(tmp[0], tmp[0], &skey);
182 for (y = 0; y < 1000; y++) tea_ecb_decrypt(tmp[0], tmp[0], &skey);
183 for (y = 0; y < 8; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR;
184 } /* for */
185
186 return CRYPT_OK;
187 #endif
188 }
189
190 /** Terminate the context
191 @param skey The scheduled key
192 */
193 void tea_done(symmetric_key *skey)
194 {
195 LTC_UNUSED_PARAM(skey);
196 }
197
198 /**
199 Gets suitable key size
200 @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
201 @return CRYPT_OK if the input key size is acceptable.
202 */
203 int tea_keysize(int *keysize)
204 {
205 LTC_ARGCHK(keysize != NULL);
206 if (*keysize < 16) {
207 return CRYPT_INVALID_KEYSIZE;
208 }
209 *keysize = 16;
210 return CRYPT_OK;
211 }
212
213 #endif
214
215
216 /* ref: $Format:%D$ */
217 /* git commit: $Format:%H$ */
218 /* commit time: $Format:%ai$ */
88
99 /**
1010 @file xtea.c
11 Implementation of LTC_XTEA, Tom St Denis
11 Implementation of eXtended TEA, Tom St Denis
1212 */
1313 #include "tomcrypt_private.h"
1414
1212 */
1313 #include "tomcrypt_private.h"
1414
15 #if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST))
15 #if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || (defined(LTC_GCM_MODE) && defined(LTC_FAST))
1616
1717 /* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the
1818 * lower 16 bits are not zero'ed I removed the upper 14 bytes */
479479
480480 for (i = 0; tests[i].msg != NULL; i++) {
481481 blake2b_512_init(&md);
482 blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
482 blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
483483 blake2b_done(&md, tmp);
484484 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2B_512", i)) {
485485 return CRYPT_FAIL_TESTVECTOR;
526526
527527 for (i = 0; tests[i].msg != NULL; i++) {
528528 blake2b_384_init(&md);
529 blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
529 blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
530530 blake2b_done(&md, tmp);
531531 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2B_384", i)) {
532532 return CRYPT_FAIL_TESTVECTOR;
579579
580580 for (i = 0; tests[i].msg != NULL; i++) {
581581 blake2b_256_init(&md);
582 blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
582 blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
583583 blake2b_done(&md, tmp);
584584 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2B_256", i)) {
585585 return CRYPT_FAIL_TESTVECTOR;
620620
621621 for (i = 0; tests[i].msg != NULL; i++) {
622622 blake2b_160_init(&md);
623 blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
623 blake2b_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
624624 blake2b_done(&md, tmp);
625625 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2B_160", i)) {
626626 return CRYPT_FAIL_TESTVECTOR;
469469
470470 for (i = 0; tests[i].msg != NULL; i++) {
471471 blake2s_256_init(&md);
472 blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
472 blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
473473 blake2s_done(&md, tmp);
474474 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2S_256", i)) {
475475 return CRYPT_FAIL_TESTVECTOR;
513513
514514 for (i = 0; tests[i].msg != NULL; i++) {
515515 blake2s_224_init(&md);
516 blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
516 blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
517517 blake2s_done(&md, tmp);
518518 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2S_224", i)) {
519519 return CRYPT_FAIL_TESTVECTOR;
555555
556556 for (i = 0; tests[i].msg != NULL; i++) {
557557 blake2s_160_init(&md);
558 blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
558 blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
559559 blake2s_done(&md, tmp);
560560 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2S_160", i)) {
561561 return CRYPT_FAIL_TESTVECTOR;
595595
596596 for (i = 0; tests[i].msg != NULL; i++) {
597597 blake2s_128_init(&md);
598 blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
598 blake2s_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
599599 blake2s_done(&md, tmp);
600600 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "BLAKE2S_128", i)) {
601601 return CRYPT_FAIL_TESTVECTOR;
286286 if ((err = chc_init(&md)) != CRYPT_OK) {
287287 return err;
288288 }
289 if ((err = chc_process(&md, tests[i].msg, strlen((char *)tests[i].msg))) != CRYPT_OK) {
289 if ((err = chc_process(&md, tests[i].msg, XSTRLEN((char *)tests[i].msg))) != CRYPT_OK) {
290290 return err;
291291 }
292292 if ((err = chc_done(&md, tmp)) != CRYPT_OK) {
231231
232232 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
233233 md2_init(&md);
234 md2_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
234 md2_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
235235 md2_done(&md, tmp);
236236 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "MD2", i)) {
237237 return CRYPT_FAIL_TESTVECTOR;
285285
286286 for(i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
287287 md4_init(&md);
288 md4_process(&md, (unsigned char *)tests[i].input, (unsigned long)strlen(tests[i].input));
288 md4_process(&md, (unsigned char *)tests[i].input, (unsigned long)XSTRLEN(tests[i].input));
289289 md4_done(&md, tmp);
290290 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "MD4", i)) {
291291 return CRYPT_FAIL_TESTVECTOR;
346346
347347 for (i = 0; tests[i].msg != NULL; i++) {
348348 md5_init(&md);
349 md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
349 md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
350350 md5_done(&md, tmp);
351351 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "MD5", i)) {
352352 return CRYPT_FAIL_TESTVECTOR;
387387
388388 for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
389389 rmd128_init(&md);
390 rmd128_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg));
390 rmd128_process(&md, (unsigned char *)tests[i].msg, XSTRLEN(tests[i].msg));
391391 rmd128_done(&md, tmp);
392392 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD128", i)) {
393393 return CRYPT_FAIL_TESTVECTOR;
446446
447447 for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
448448 rmd160_init(&md);
449 rmd160_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg));
449 rmd160_process(&md, (unsigned char *)tests[i].msg, XSTRLEN(tests[i].msg));
450450 rmd160_done(&md, tmp);
451451 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD160", i)) {
452452 return CRYPT_FAIL_TESTVECTOR;
412412
413413 for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
414414 rmd256_init(&md);
415 rmd256_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg));
415 rmd256_process(&md, (unsigned char *)tests[i].msg, XSTRLEN(tests[i].msg));
416416 rmd256_done(&md, tmp);
417417 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD256", i)) {
418418 return CRYPT_FAIL_TESTVECTOR;
477477
478478 for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
479479 rmd320_init(&md);
480 rmd320_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg));
480 rmd320_process(&md, (unsigned char *)tests[i].msg, XSTRLEN(tests[i].msg));
481481 rmd320_done(&md, tmp);
482482 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD320", i)) {
483483 return CRYPT_FAIL_TESTVECTOR;
266266
267267 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
268268 sha1_init(&md);
269 sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
269 sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
270270 sha1_done(&md, tmp);
271271 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA1", i)) {
272272 return CRYPT_FAIL_TESTVECTOR;
110110
111111 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
112112 sha224_init(&md);
113 sha224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
113 sha224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
114114 sha224_done(&md, tmp);
115115 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA224", i)) {
116116 return CRYPT_FAIL_TESTVECTOR;
314314
315315 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
316316 sha256_init(&md);
317 sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
317 sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
318318 sha256_done(&md, tmp);
319319 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA256", i)) {
320320 return CRYPT_FAIL_TESTVECTOR;
116116
117117 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
118118 sha384_init(&md);
119 sha384_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
119 sha384_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
120120 sha384_done(&md, tmp);
121121 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA384", i)) {
122122 return CRYPT_FAIL_TESTVECTOR;
292292
293293 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
294294 sha512_init(&md);
295 sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
295 sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
296296 sha512_done(&md, tmp);
297297 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512", i)) {
298298 return CRYPT_FAIL_TESTVECTOR;
112112
113113 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
114114 sha512_224_init(&md);
115 sha512_224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
115 sha512_224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
116116 sha512_224_done(&md, tmp);
117117 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512-224", i)) {
118118 return CRYPT_FAIL_TESTVECTOR;
112112
113113 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
114114 sha512_256_init(&md);
115 sha512_256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
115 sha512_256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
116116 sha512_256_done(&md, tmp);
117117 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512-265", i)) {
118118 return CRYPT_FAIL_TESTVECTOR;
770770
771771 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
772772 tiger_init(&md);
773 tiger_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
773 tiger_process(&md, (unsigned char *)tests[i].msg, (unsigned long)XSTRLEN(tests[i].msg));
774774 tiger_done(&md, tmp);
775775 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "TIGER", i)) {
776776 return CRYPT_FAIL_TESTVECTOR;
1818 #include <limits.h>
1919
2020 /* use configuration data */
21 #include <tomcrypt_custom.h>
21 #include "tomcrypt_custom.h"
2222
2323 #ifdef __cplusplus
2424 extern "C" {
8080 CRYPT_HASH_OVERFLOW /* Hash applied to too many bits */
8181 };
8282
83 #include <tomcrypt_cfg.h>
84 #include <tomcrypt_macros.h>
85 #include <tomcrypt_cipher.h>
86 #include <tomcrypt_hash.h>
87 #include <tomcrypt_mac.h>
88 #include <tomcrypt_prng.h>
89 #include <tomcrypt_pk.h>
90 #include <tomcrypt_math.h>
91 #include <tomcrypt_misc.h>
92 #include <tomcrypt_argchk.h>
93 #include <tomcrypt_pkcs.h>
83 #include "tomcrypt_cfg.h"
84 #include "tomcrypt_macros.h"
85 #include "tomcrypt_cipher.h"
86 #include "tomcrypt_hash.h"
87 #include "tomcrypt_mac.h"
88 #include "tomcrypt_prng.h"
89 #include "tomcrypt_pk.h"
90 #include "tomcrypt_math.h"
91 #include "tomcrypt_misc.h"
92 #include "tomcrypt_argchk.h"
93 #include "tomcrypt_pkcs.h"
9494
9595 #ifdef __cplusplus
9696 }
293293 #define LTC_HAVE_ROTATE_BUILTIN
294294 #endif
295295
296 #if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__ >= 301)
297 #define LTC_DEPRECATED __attribute__((deprecated))
296 #if defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__ >= 405)
297 # define LTC_DEPRECATED(s) __attribute__((deprecated("replaced by " #s)))
298 # define PRIVATE_LTC_DEPRECATED_PRAGMA(s) _Pragma(#s)
299 # define LTC_DEPRECATED_PRAGMA(s) PRIVATE_LTC_DEPRECATED_PRAGMA(GCC warning s)
300 #elif defined(__GNUC__) && (__GNUC__ * 100 + __GNUC_MINOR__ >= 301)
301 # define LTC_DEPRECATED(s) __attribute__((deprecated))
302 # define LTC_DEPRECATED_PRAGMA(s)
298303 #elif defined(_MSC_VER) && _MSC_VER >= 1500
299304 /* supported since Visual Studio 2008 */
300 #define LTC_DEPRECATED __declspec(deprecated)
301 #else
302 #define LTC_DEPRECATED
303 #endif
304
305 # define LTC_DEPRECATED(s) __declspec(deprecated("replaced by " #s))
306 # define LTC_DEPRECATED_PRAGMA(s) __pragma(message(s))
307 #else
308 # define LTC_DEPRECATED(s)
309 # define LTC_DEPRECATED_PRAGMA(s)
310 #endif
305311 /* ref: $Format:%D$ */
306312 /* git commit: $Format:%H$ */
307313 /* commit time: $Format:%ai$ */
170170 };
171171 #endif
172172
173 #ifdef LTC_TEA
174 struct tea_key {
175 ulong32 k[4];
176 };
177 #endif
178
173179 typedef union Symmetric_key {
174180 #ifdef LTC_DES
175181 struct des_key des;
234240 #endif
235241 #ifdef LTC_SERPENT
236242 struct serpent_key serpent;
243 #endif
244 #ifdef LTC_TEA
245 struct tea_key tea;
237246 #endif
238247 void *data;
239248 } symmetric_key;
858867 extern const struct ltc_cipher_descriptor serpent_desc;
859868 #endif
860869
870 #ifdef LTC_TEA
871 int tea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
872 int tea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_key *skey);
873 int tea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, const symmetric_key *skey);
874 int tea_test(void);
875 void tea_done(symmetric_key *skey);
876 int tea_keysize(int *keysize);
877 extern const struct ltc_cipher_descriptor tea_desc;
878 #endif
879
861880 #ifdef LTC_ECB_MODE
862881 int ecb_start(int cipher, const unsigned char *key,
863882 int keylen, int num_rounds, symmetric_ECB *ecb);
4444 #ifndef XSTRCMP
4545 #define XSTRCMP strcmp
4646 #endif
47 #ifndef XSTRLEN
48 #define XSTRLEN strlen
49 #endif
4750 #ifndef XSTRNCPY
4851 #define XSTRNCPY strncpy
4952 #endif
5861
5962 #if ( defined(malloc) || defined(realloc) || defined(calloc) || defined(free) || \
6063 defined(memset) || defined(memcpy) || defined(memcmp) || defined(strcmp) || \
61 defined(strncpy) || defined(clock) || defined(qsort) ) && !defined(LTC_NO_PROTOTYPES)
64 defined(strlen) || defined(strncpy) || defined(clock) || defined(qsort) ) \
65 && !defined(LTC_NO_PROTOTYPES)
6266 #define LTC_NO_PROTOTYPES
6367 #endif
6468
206210 #define LTC_CAMELLIA
207211 #define LTC_IDEA
208212 #define LTC_SERPENT
213 #define LTC_TEA
209214
210215 /* stream ciphers */
211216 #define LTC_CHACHA
487492 #define LTC_BASE32
488493 /* Base16/hex encoding/decoding */
489494 #define LTC_BASE16
495
496 #define LTC_BCRYPT
497
498 #ifndef LTC_BCRYPT_DEFAULT_ROUNDS
499 #define LTC_BCRYPT_DEFAULT_ROUNDS 10
500 #endif
490501
491502 /* Keep LTC_NO_HKDF for compatibility reasons
492503 * superseeded by LTC_NO_MISC*/
599610 #error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled
600611 #endif
601612
613 #if defined(LTC_BCRYPT) && !defined(LTC_BLOWFISH)
614 #error LTC_BCRYPT requires LTC_BLOWFISH
615 #endif
616
602617 #if defined(LTC_CHACHA20POLY1305_MODE) && (!defined(LTC_CHACHA) || !defined(LTC_POLY1305))
603618 #error LTC_CHACHA20POLY1305_MODE requires LTC_CHACHA + LTC_POLY1305
604619 #endif
5858 unsigned char *out, unsigned long *outlen);
5959 #endif
6060
61 #ifdef LTC_BCRYPT
62 int bcrypt_pbkdf_openbsd(const void *secret, unsigned long secret_len,
63 const unsigned char *salt, unsigned long salt_len,
64 unsigned int rounds, int hash_idx,
65 unsigned char *out, unsigned long *outlen);
66 #endif
67
6168 /* ===> LTC_HKDF -- RFC5869 HMAC-based Key Derivation Function <=== */
6269 #ifdef LTC_HKDF
6370
101108 int crypt_list_all_sizes(char *names_list, unsigned int *names_list_size);
102109
103110 #ifdef LTM_DESC
104 LTC_DEPRECATED void init_LTM(void);
111 LTC_DEPRECATED(crypt_mp_init) void init_LTM(void);
105112 #endif
106113 #ifdef TFM_DESC
107 LTC_DEPRECATED void init_TFM(void);
114 LTC_DEPRECATED(crypt_mp_init) void init_TFM(void);
108115 #endif
109116 #ifdef GMP_DESC
110 LTC_DEPRECATED void init_GMP(void);
117 LTC_DEPRECATED(crypt_mp_init) void init_GMP(void);
111118 #endif
112119 int crypt_mp_init(const char* mpi);
113120
155162
156163 #ifdef LTC_SSH
157164 typedef enum ssh_data_type_ {
165 LTC_SSHDATA_EOL,
158166 LTC_SSHDATA_BYTE,
159167 LTC_SSHDATA_BOOLEAN,
160168 LTC_SSHDATA_UINT32,
162170 LTC_SSHDATA_STRING,
163171 LTC_SSHDATA_MPINT,
164172 LTC_SSHDATA_NAMELIST,
165 LTC_SSHDATA_EOL
166173 } ssh_data_type;
167174
168175 /* VA list handy helpers with tuples of <type, data> */
169176 int ssh_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...);
170 int ssh_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...);
177 int ssh_decode_sequence_multi(const unsigned char *in, unsigned long *inlen, ...);
171178 #endif /* LTC_SSH */
172179
173180 int compare_testvector(const void* is, const unsigned long is_len, const void* should, const unsigned long should_len, const char* what, int which);
7070 /*
7171 * Internal functions
7272 */
73
74
75 /* tomcrypt_cipher.h */
76
77 void blowfish_enc(ulong32 *data, unsigned long blocks, const symmetric_key *skey);
78 int blowfish_expand(const unsigned char *key, int keylen,
79 const unsigned char *data, int datalen,
80 symmetric_key *skey);
81 int blowfish_setup_with_data(const unsigned char *key, int keylen,
82 const unsigned char *data, int datalen,
83 symmetric_key *skey);
7384
7485 /* tomcrypt_hash.h */
7586
214225 int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen);
215226
216227 /* ---- DH Routines ---- */
228 #ifdef LTC_MRSA
229 int rsa_init(rsa_key *key);
230 void rsa_shrink_key(rsa_key *key);
231 #endif /* LTC_MRSA */
232
233 /* ---- DH Routines ---- */
217234 #ifdef LTC_MDH
218235 extern const ltc_dh_set_type ltc_dh_sets[];
219236
1414 #include <tommath.h>
1515
1616 static const struct {
17 int mpi_code, ltc_code;
17 mp_err mpi_code;
18 int ltc_code;
1819 } mpi_to_ltc_codes[] = {
1920 { MP_OKAY , CRYPT_OK},
2021 { MP_MEM , CRYPT_MEM},
2122 { MP_VAL , CRYPT_INVALID_ARG},
23 #if defined(MP_BUF) || defined(MP_USE_ENUMS)
24 { MP_ITER , CRYPT_INVALID_PACKET},
25 { MP_BUF , CRYPT_BUFFER_OVERFLOW},
26 #endif
2227 };
2328
2429 /**
2631 @param err The error to convert
2732 @return The equivalent LTC error code or CRYPT_ERROR if none found
2833 */
29 static int mpi_to_ltc_error(int err)
30 {
31 int x;
32
33 for (x = 0; x < (int)(sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0])); x++) {
34 static int mpi_to_ltc_error(mp_err err)
35 {
36 size_t x;
37
38 for (x = 0; x < sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0]); x++) {
3439 if (err == mpi_to_ltc_codes[x].mpi_code) {
3540 return mpi_to_ltc_codes[x].ltc_code;
3641 }
3843 return CRYPT_ERROR;
3944 }
4045
41 static int init(void **a)
42 {
43 int err;
44
46 static int init_mpi(void **a)
47 {
4548 LTC_ARGCHK(a != NULL);
4649
4750 *a = XCALLOC(1, sizeof(mp_int));
4851 if (*a == NULL) {
4952 return CRYPT_MEM;
50 }
51
53 } else {
54 return CRYPT_OK;
55 }
56 }
57
58 static int init(void **a)
59 {
60 int err;
61
62 LTC_ARGCHK(a != NULL);
63
64 if ((err = init_mpi(a)) != CRYPT_OK) {
65 return err;
66 }
5267 if ((err = mpi_to_ltc_error(mp_init(*a))) != CRYPT_OK) {
5368 XFREE(*a);
5469 }
7893
7994 static int init_copy(void **a, void *b)
8095 {
81 if (init(a) != CRYPT_OK) {
82 return CRYPT_MEM;
83 }
84 return copy(b, *a);
96 int err;
97 LTC_ARGCHK(a != NULL);
98 LTC_ARGCHK(b != NULL);
99 if ((err = init_mpi(a)) != CRYPT_OK) return err;
100 return mpi_to_ltc_error(mp_init_copy(*a, b));
85101 }
86102
87103 /* ---- trivial ---- */
124140
125141 static int compare(void *a, void *b)
126142 {
127 int ret;
128 LTC_ARGCHK(a != NULL);
129 LTC_ARGCHK(b != NULL);
130 ret = mp_cmp(a, b);
131 switch (ret) {
143 LTC_ARGCHK(a != NULL);
144 LTC_ARGCHK(b != NULL);
145 switch (mp_cmp(a, b)) {
132146 case MP_LT: return LTC_MP_LT;
133147 case MP_EQ: return LTC_MP_EQ;
134148 case MP_GT: return LTC_MP_GT;
138152
139153 static int compare_d(void *a, ltc_mp_digit b)
140154 {
141 int ret;
142 LTC_ARGCHK(a != NULL);
143 ret = mp_cmp_d(a, b);
144 switch (ret) {
155 LTC_ARGCHK(a != NULL);
156 switch (mp_cmp_d(a, b)) {
145157 case MP_LT: return LTC_MP_LT;
146158 case MP_EQ: return LTC_MP_EQ;
147159 case MP_GT: return LTC_MP_GT;
183195 {
184196 LTC_ARGCHK(a != NULL);
185197 LTC_ARGCHK(b != NULL);
198 #ifdef BN_MP_TORADIX_C
186199 return mpi_to_ltc_error(mp_toradix(a, b, radix));
200 #else
201 return mpi_to_ltc_error(mp_to_radix(a, b, SIZE_MAX, NULL, radix));
202 #endif
187203 }
188204
189205 /* get size as unsigned char string */
190206 static unsigned long unsigned_size(void *a)
191207 {
192208 LTC_ARGCHK(a != NULL);
209 #ifdef BN_MP_UNSIGNED_BIN_SIZE_C
193210 return mp_unsigned_bin_size(a);
211 #else
212 return (unsigned long)mp_ubin_size(a);
213 #endif
194214 }
195215
196216 /* store */
198218 {
199219 LTC_ARGCHK(a != NULL);
200220 LTC_ARGCHK(b != NULL);
221 #ifdef BN_MP_TO_UNSIGNED_BIN_C
201222 return mpi_to_ltc_error(mp_to_unsigned_bin(a, b));
223 #else
224 return mpi_to_ltc_error(mp_to_ubin(a, b, SIZE_MAX, NULL));
225 #endif
202226 }
203227
204228 /* read */
206230 {
207231 LTC_ARGCHK(a != NULL);
208232 LTC_ARGCHK(b != NULL);
233 #ifdef BN_MP_READ_UNSIGNED_BIN_C
209234 return mpi_to_ltc_error(mp_read_unsigned_bin(a, b, len));
235 #else
236 return mpi_to_ltc_error(mp_from_ubin(a, b, (size_t)len));
237 #endif
210238 }
211239
212240 /* add */
117117 unsigned char out[4];
118118 adler32_state ctx;
119119 adler32_init(&ctx);
120 adler32_update(&ctx, in, strlen(in));
120 adler32_update(&ctx, in, XSTRLEN(in));
121121 adler32_finish(&ctx, out, 4);
122122 if (compare_testvector(adler32, 4, out, 4, "adler32", 0)) {
123123 return CRYPT_FAIL_TESTVECTOR;
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt_private.h"
9
10 /**
11 @file bcrypt.c
12 bcrypt pbkdf, Steffen Jaeckel
13 */
14 #ifdef LTC_BCRYPT
15
16 #define BCRYPT_WORDS 8
17 #define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4)
18
19 static int _bcrypt_hash(const unsigned char *pt,
20 const unsigned char *pass, unsigned long passlen,
21 const unsigned char *salt, unsigned long saltlen,
22 unsigned char *out, unsigned long *outlen)
23 {
24 symmetric_key key;
25 int err, n;
26 ulong32 ct[BCRYPT_WORDS];
27
28 if ((err = blowfish_setup_with_data(pass, passlen, salt, saltlen, &key)) != CRYPT_OK) {
29 return err;
30 }
31 for (n = 0; n < 64; ++n) {
32 if ((err = blowfish_expand(salt, saltlen, NULL, 0, &key)) != CRYPT_OK) {
33 return err;
34 }
35 if ((err = blowfish_expand(pass, passlen, NULL, 0, &key)) != CRYPT_OK) {
36 return err;
37 }
38 }
39
40 for (n = 0; n < BCRYPT_WORDS; ++n) {
41 LOAD32H(ct[n], &pt[n*4]);
42 }
43
44 for (n = 0; n < 64; ++n) {
45 blowfish_enc(ct, BCRYPT_WORDS/2, &key);
46 }
47
48 for (n = 0; n < BCRYPT_WORDS; ++n) {
49 STORE32L(ct[n], &out[4 * n]);
50 }
51 *outlen = sizeof(ct);
52 #ifdef LTC_CLEAN_STACK
53 zeromem(&key, sizeof(key));
54 zeromem(ct, sizeof(ct));
55 #endif
56
57 return CRYPT_OK;
58 }
59
60 static int _bcrypt_pbkdf_hash(const unsigned char *pass, unsigned long passlen,
61 const unsigned char *salt, unsigned long saltlen,
62 unsigned char *out, unsigned long *outlen)
63 {
64 const unsigned char pt[] = "OxychromaticBlowfishSwatDynamite";
65 return _bcrypt_hash(pt, pass, passlen, salt, saltlen, out, outlen);
66 }
67
68 /**
69 Compatible to bcrypt_pbkdf() as provided in OpenBSD
70 @param password The input password (or key)
71 @param password_len The length of the password (octets)
72 @param salt The salt (or nonce)
73 @param salt_len The length of the salt (octets)
74 @param rounds # of iterations desired [read specs for more]
75 @param hash_idx The index of the hash desired
76 @param out [out] The destination for this algorithm
77 @param outlen [in/out] The desired size of the algorithm output
78 @return CRYPT_OK if successful
79 */
80 int bcrypt_pbkdf_openbsd(const void *secret, unsigned long secret_len,
81 const unsigned char *salt, unsigned long salt_len,
82 unsigned int rounds, int hash_idx,
83 unsigned char *out, unsigned long *outlen)
84 {
85 int err;
86 ulong32 blkno;
87 unsigned long left, itts, x, y, hashed_pass_len, step_size, steps, dest, used_rounds;
88 unsigned char *buf[3], blkbuf[4];
89 unsigned char *hashed_pass;
90
91 LTC_ARGCHK(secret != NULL);
92 LTC_ARGCHK(salt != NULL);
93 LTC_ARGCHK(out != NULL);
94 LTC_ARGCHK(outlen != NULL);
95
96 if ((secret_len == 0) || (salt_len == 0) || (*outlen == 0)) {
97 return CRYPT_INVALID_ARG;
98 }
99 /* test hash IDX */
100 if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
101 return err;
102 }
103 /* set default value for rounds if not given */
104 if (rounds == 0) {
105 used_rounds = LTC_BCRYPT_DEFAULT_ROUNDS;
106 } else {
107 used_rounds = rounds;
108 }
109
110 buf[0] = XMALLOC(MAXBLOCKSIZE * 3);
111 hashed_pass = XMALLOC(MAXBLOCKSIZE);
112 if (buf[0] == NULL || hashed_pass == NULL) {
113 if (hashed_pass != NULL) {
114 XFREE(hashed_pass);
115 }
116 if (buf[0] != NULL) {
117 XFREE(buf[0]);
118 }
119 return CRYPT_MEM;
120 }
121 /* buf[1] points to the second block of MAXBLOCKSIZE bytes */
122 buf[1] = buf[0] + MAXBLOCKSIZE;
123 buf[2] = buf[1] + MAXBLOCKSIZE;
124
125 step_size = (*outlen + BCRYPT_HASHSIZE - 1) / BCRYPT_HASHSIZE;
126 steps = (*outlen + step_size - 1) / step_size;
127
128 hashed_pass_len = MAXBLOCKSIZE;
129 if ((err = hash_memory(hash_idx, (unsigned char*)secret, secret_len, hashed_pass, &hashed_pass_len)) != CRYPT_OK) {
130 goto LBL_ERR;
131 }
132
133 left = *outlen;
134 blkno = 0;
135 while (left != 0) {
136 /* increment and store current block number */
137 ++blkno;
138 STORE32H(blkno, blkbuf);
139
140 /* process block number blkno */
141 zeromem(buf[0], MAXBLOCKSIZE*2);
142
143 x = MAXBLOCKSIZE;
144 if ((err = hash_memory_multi(hash_idx, buf[0], &x,
145 salt, salt_len,
146 blkbuf, 4uL,
147 NULL, 0)) != CRYPT_OK) {
148 goto LBL_ERR;
149 }
150 y = MAXBLOCKSIZE;
151 if ((err = _bcrypt_pbkdf_hash(hashed_pass, hashed_pass_len, buf[0], x, buf[1], &y)) != CRYPT_OK) {
152 goto LBL_ERR;
153 }
154 XMEMCPY(buf[2], buf[1], y);
155
156 /* now compute repeated and XOR it in buf[2] */
157 for (itts = 1; itts < used_rounds; ++itts) {
158 x = MAXBLOCKSIZE;
159 if ((err = hash_memory(hash_idx, buf[1], y, buf[0], &x)) != CRYPT_OK) {
160 goto LBL_ERR;
161 }
162 y = MAXBLOCKSIZE;
163 if ((err = _bcrypt_pbkdf_hash(hashed_pass, hashed_pass_len, buf[0], x, buf[1], &y)) != CRYPT_OK) {
164 goto LBL_ERR;
165 }
166 for (x = 0; x < y; x++) {
167 buf[2][x] ^= buf[1][x];
168 }
169 }
170
171 /* now emit upto `steps` bytes of buf[2] to output */
172 steps = MIN(steps, left);
173 for (y = 0; y < steps; ++y) {
174 dest = y * step_size + (blkno - 1);
175 if (dest >= *outlen)
176 break;
177 out[dest] = buf[2][y];
178 }
179 left -= y;
180 }
181
182 err = CRYPT_OK;
183 LBL_ERR:
184 #ifdef LTC_CLEAN_STACK
185 zeromem(buf[0], MAXBLOCKSIZE*3);
186 zeromem(hashed_pass, MAXBLOCKSIZE);
187 #endif
188
189 XFREE(hashed_pass);
190 XFREE(buf[0]);
191
192 return err;
193 }
194
195 #endif
196
197
198 /* ref: $Format:%D$ */
199 /* git commit: $Format:%H$ */
200 /* commit time: $Format:%ai$ */
187187 unsigned char out[4];
188188 crc32_state ctx;
189189 crc32_init(&ctx);
190 crc32_update(&ctx, in, strlen(in));
190 crc32_update(&ctx, in, XSTRLEN(in));
191191 crc32_finish(&ctx, out, 4);
192192 if (compare_testvector(crc32, 4, out, 4, "CRC32", 0)) {
193193 return CRYPT_FAIL_TESTVECTOR;
127127 #if defined(LTC_SERPENT)
128128 " Serpent\n"
129129 #endif
130 #if defined(LTC_TEA)
131 " TEA\n"
132 #endif
130133 "Stream ciphers built-in:\n"
131134 #if defined(LTC_CHACHA)
132135 " ChaCha\n"
430433 #if defined(LTC_BASE16)
431434 " BASE16 "
432435 #endif
436 #if defined(LTC_BCRYPT)
437 " BCRYPT "
438 " " NAME_VALUE(LTC_BCRYPT_DEFAULT_ROUNDS) " "
439 #endif
433440 #if defined(LTC_CRC32)
434441 " CRC32 "
435442 #endif
9797 #ifdef LTC_SERPENT
9898 REGISTER_CIPHER(&serpent_desc);
9999 #endif
100 #ifdef LTC_TEA
101 REGISTER_CIPHER(&tea_desc);
102 #endif
100103 return CRYPT_OK;
101104 }
102105
8383 */
8484 int padding_pad(unsigned char *data, unsigned long length, unsigned long* padded_length, unsigned long mode)
8585 {
86 unsigned long diff, l;
86 unsigned long l;
8787 enum padding_type type;
8888 int err;
89 unsigned char diff;
8990
9091 LTC_ARGCHK(data != NULL);
9192 LTC_ARGCHK(padded_length != NULL);
110111 return CRYPT_BUFFER_OVERFLOW;
111112 }
112113
113 diff = l - length;
114 if (diff > 255) return CRYPT_INVALID_ARG;
114 if (l - length > 255) return CRYPT_INVALID_ARG;
115 diff = (unsigned char)(l - length);
115116
116117 switch (type) {
117118 case LTC_PAD_PKCS7:
119120 break;
120121 #ifdef LTC_RNG_GET_BYTES
121122 case LTC_PAD_ISO_10126:
122 if (rng_get_bytes(&data[length], diff-1, NULL) != diff-1) {
123 if (rng_get_bytes(&data[length], diff-1u, NULL) != diff-1u) {
123124 return CRYPT_ERROR_READPRNG;
124125 }
125126 data[l-1] = diff;
1717
1818 /**
1919 Decode a SSH sequence using a VA list
20 @param in Data to decode
21 @param inlen Length of buffer to decode
22 @remark <...> is of the form <type, data> (int, void*) except for string <type, data, size>
20 @param in The input buffer
21 @param inlen [in/out] The length of the input buffer and on output the amount of decoded data
22 @remark <...> is of the form <type, data*> (int, <unsigned char*,ulong32*,ulong64*>) except for string&name-list <type, data, size*> (int, void*, unsigned long*)
2323 @return CRYPT_OK on success
2424 */
25 int ssh_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
25 int ssh_decode_sequence_multi(const unsigned char *in, unsigned long *inlen, ...)
2626 {
2727 int err;
2828 va_list args;
3232 char *sdata;
3333 ulong32 *u32data;
3434 ulong64 *u64data;
35 unsigned long bufsize;
35 unsigned long *bufsize;
3636 ulong32 size;
37 unsigned long remaining;
3738
3839 LTC_ARGCHK(in != NULL);
40 LTC_ARGCHK(inlen != NULL);
3941
42 remaining = *inlen;
4043 /* Decode values from buffer */
4144 va_start(args, inlen);
4245 while ((type = (ssh_data_type)va_arg(args, int)) != LTC_SSHDATA_EOL) {
4649 type == LTC_SSHDATA_MPINT)
4750 {
4851 /* Check we'll not read too far */
49 if (inlen < 4) {
52 if (remaining < 4) {
5053 err = CRYPT_BUFFER_OVERFLOW;
5154 goto error;
5255 }
7073 case LTC_SSHDATA_MPINT:
7174 LOAD32H(size, in);
7275 in += 4;
73 inlen -= 4;
76 remaining -= 4;
7477 break;
7578
7679 case LTC_SSHDATA_EOL:
8083 }
8184
8285 /* Check we'll not read too far */
83 if (inlen < size) {
86 if (remaining < size) {
8487 err = CRYPT_BUFFER_OVERFLOW;
8588 goto error;
8689 } else {
87 inlen -= size;
90 remaining -= size;
91 }
92
93 vdata = va_arg(args, void*);
94 if (vdata == NULL) {
95 err = CRYPT_INVALID_ARG;
96 goto error;
8897 }
8998
9099 /* Read data */
91100 switch (type) {
92101 case LTC_SSHDATA_BYTE:
93 cdata = va_arg(args, unsigned char*);
102 cdata = vdata;
94103 *cdata = *in++;
95104 break;
96105 case LTC_SSHDATA_BOOLEAN:
97 cdata = va_arg(args, unsigned char*);
106 cdata = vdata;
98107 /*
99108 The value 0 represents FALSE, and the value 1 represents TRUE. All non-zero values MUST be
100109 interpreted as TRUE; however, applications MUST NOT store values other than 0 and 1.
101 */
110 */
102111 *cdata = (*in++)?1:0;
103112 break;
104113 case LTC_SSHDATA_UINT32:
105 u32data = va_arg(args, ulong32*);
114 u32data = vdata;
106115 LOAD32H(*u32data, in);
107116 in += 4;
108117 break;
109118 case LTC_SSHDATA_UINT64:
110 u64data = va_arg(args, ulong64*);
119 u64data = vdata;
111120 LOAD64H(*u64data, in);
112121 in += 8;
113122 break;
114123 case LTC_SSHDATA_STRING:
115124 case LTC_SSHDATA_NAMELIST:
116 sdata = va_arg(args, char*);
117 bufsize = va_arg(args, unsigned long);
118 if (size >= bufsize) {
125 sdata = vdata;
126 bufsize = va_arg(args, unsigned long*);
127 if (bufsize == NULL) {
128 err = CRYPT_INVALID_ARG;
129 goto error;
130 }
131 if (size + 1 >= *bufsize) {
119132 err = CRYPT_BUFFER_OVERFLOW;
120133 goto error;
121134 }
122135 if (size > 0) {
123 XSTRNCPY(sdata, (const char *)in, size);
124 sdata[size] = '\0'; /* strncpy doesn't NUL-terminate */
125 } else {
126 *sdata = '\0';
136 XMEMCPY(sdata, (const char *)in, size);
127137 }
138 sdata[size] = '\0';
139 *bufsize = size;
128140 in += size;
129141 break;
130142 case LTC_SSHDATA_MPINT:
131 vdata = va_arg(args, void*);
132143 if (size == 0) {
133144 if ((err = mp_set(vdata, 0)) != CRYPT_OK) { goto error; }
134145 } else if ((in[0] & 0x80) != 0) {
149160 }
150161 err = CRYPT_OK;
151162
163 *inlen -= remaining;
164
152165 error:
153166 va_end(args);
154167 return err;
1919 Encode a SSH sequence using a VA list
2020 @param out [out] Destination for data
2121 @param outlen [in/out] Length of buffer and resulting length of output
22 @remark <...> is of the form <type, data> (int, void*)
22 @remark <...> is of the form <type, data> (int, <int,ulong32,ulong64>) except for string&name-list <type, data, size> (int, void*, unsigned long)
2323 @return CRYPT_OK on success
2424 */
2525 int ssh_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
2828 va_list args;
2929 ulong32 size;
3030 ssh_data_type type;
31 void *vdata;
32 const char *sdata;
31 void *vdata;
32 const char *sdata;
3333 int idata;
3434 ulong32 u32data;
3535 ulong64 u64data;
5757 break;
5858 case LTC_SSHDATA_STRING:
5959 case LTC_SSHDATA_NAMELIST:
60 sdata = va_arg(args, char*);
60 LTC_UNUSED_PARAM( va_arg(args, char*) );
61 size += va_arg(args, unsigned long);
6162 size += 4;
62 size += strlen(sdata);
6363 break;
6464 case LTC_SSHDATA_MPINT:
6565 vdata = va_arg(args, void*);
101101 /*
102102 The value 0 represents FALSE, and the value 1 represents TRUE. All non-zero values MUST be
103103 interpreted as TRUE; however, applications MUST NOT store values other than 0 and 1.
104 */
104 */
105105 *out++ = (idata)?1:0;
106106 break;
107107 case LTC_SSHDATA_UINT32:
117117 case LTC_SSHDATA_STRING:
118118 case LTC_SSHDATA_NAMELIST:
119119 sdata = va_arg(args, char*);
120 size = strlen(sdata);
120 size = va_arg(args, unsigned long);
121121 STORE32H(size, out);
122122 out += 4;
123123 XMEMCPY(out, sdata, size);
1010
1111 int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen)
1212 {
13 unsigned long i, j, limit, OID_len, oid_j;
13 unsigned long i, j, limit, oid_j;
14 size_t OID_len;
1415
1516 LTC_ARGCHK(oidlen != NULL);
1617
2021
2122 if (OID == NULL) return CRYPT_OK;
2223
23 OID_len = strlen(OID);
24 OID_len = XSTRLEN(OID);
2425 if (OID_len == 0) return CRYPT_OK;
2526
2627 for (i = 0, j = 0; i < OID_len; i++) {
113113 #ifdef LTC_SSH
114114 else if (sigformat == LTC_ECCSIG_RFC5656) {
115115 char name[64], name2[64];
116 unsigned long namelen = sizeof(name2);
116 unsigned long namelen = sizeof(name);
117 unsigned long name2len = sizeof(name2);
117118
118119 /* Decode as SSH data sequence, per RFC4251 */
119 if ((err = ssh_decode_sequence_multi(sig, siglen,
120 LTC_SSHDATA_STRING, name, 64,
120 if ((err = ssh_decode_sequence_multi(sig, &siglen,
121 LTC_SSHDATA_STRING, name, &namelen,
121122 LTC_SSHDATA_MPINT, r,
122123 LTC_SSHDATA_MPINT, s,
123124 LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { goto error; }
124125
125126
126127 /* Check curve matches identifier string */
127 if ((err = ecc_ssh_ecdsa_encode_name(name2, &namelen, key)) != CRYPT_OK) { goto error; }
128 if (XSTRCMP(name,name2) != 0) {
128 if ((err = ecc_ssh_ecdsa_encode_name(name2, &name2len, key)) != CRYPT_OK) { goto error; }
129 if ((namelen != name2len) || (XSTRCMP(name, name2) != 0)) {
129130 err = CRYPT_INVALID_ARG;
130131 goto error;
131132 }
163163
164164 /* Store as SSH data sequence, per RFC4251 */
165165 err = ssh_encode_sequence_multi(out, outlen,
166 LTC_SSHDATA_STRING, name,
166 LTC_SSHDATA_STRING, name, namelen,
167167 LTC_SSHDATA_MPINT, r,
168168 LTC_SSHDATA_MPINT, s,
169169 LTC_SSHDATA_EOL, NULL);
2424 {
2525 char oidstr[64];
2626 unsigned long oidlen = sizeof(oidstr);
27 unsigned long size = 0;
28 int err;
27 int err, size = 0;
2928
3029 LTC_ARGCHK(buffer != NULL);
3130 LTC_ARGCHK(buflen != NULL);
5150 size = snprintf(buffer, *buflen, "ecdsa-sha2-%s", oidstr);
5251 }
5352
54 /* snprintf returns size that would have been written, but limits to buflen-1 chars plus terminator */
55 if (size >= *buflen) {
53 /* snprintf returns a negative value on error
54 * or the size that would have been written, but limits to buflen-1 chars plus terminator */
55 if (size < 0) {
56 err = CRYPT_ERROR;
57 } else if ((unsigned)size >= *buflen) {
5658 err = CRYPT_BUFFER_OVERFLOW;
5759 } else {
5860 err = CRYPT_OK;
9999 #ifdef LTC_SSH
100100 else if (sigformat == LTC_ECCSIG_RFC5656) {
101101 char name[64], name2[64];
102 unsigned long namelen = sizeof(name2);
102 unsigned long namelen = sizeof(name);
103 unsigned long name2len = sizeof(name2);
103104
104105 /* Decode as SSH data sequence, per RFC4251 */
105 if ((err = ssh_decode_sequence_multi(sig, siglen,
106 LTC_SSHDATA_STRING, name, 64,
106 if ((err = ssh_decode_sequence_multi(sig, &siglen,
107 LTC_SSHDATA_STRING, name, &namelen,
107108 LTC_SSHDATA_MPINT, r,
108109 LTC_SSHDATA_MPINT, s,
109110 LTC_SSHDATA_EOL, NULL)) != CRYPT_OK) { goto error; }
110111
111112
112113 /* Check curve matches identifier string */
113 if ((err = ecc_ssh_ecdsa_encode_name(name2, &namelen, key)) != CRYPT_OK) { goto error; }
114 if (XSTRCMP(name,name2) != 0) {
114 if ((err = ecc_ssh_ecdsa_encode_name(name2, &name2len, key)) != CRYPT_OK) { goto error; }
115 if ((namelen != name2len) || (XSTRCMP(name, name2) != 0)) {
115116 err = CRYPT_INVALID_ARG;
116117 goto error;
117118 }
+0
-32
src/ltc/pk/rsa/rsa_free.c less more
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt_private.h"
9
10 /**
11 @file rsa_free.c
12 Free an RSA key, Tom St Denis
13 */
14
15 #ifdef LTC_MRSA
16
17 /**
18 Free an RSA key from memory
19 @param key The RSA key to free
20 */
21 void rsa_free(rsa_key *key)
22 {
23 LTC_ARGCHKVD(key != NULL);
24 mp_cleanup_multi(&key->q, &key->p, &key->qP, &key->dP, &key->dQ, &key->N, &key->d, &key->e, NULL);
25 }
26
27 #endif
28
29 /* ref: $Format:%D$ */
30 /* git commit: $Format:%H$ */
31 /* commit time: $Format:%ai$ */
3333 LTC_ARGCHK(ltc_mp.name != NULL);
3434
3535 /* init key */
36 if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
37 &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
36 if ((err = rsa_init(key)) != CRYPT_OK) {
3837 return err;
3938 }
4039
112111 goto LBL_FREE;
113112
114113 LBL_ERR:
115 mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
114 rsa_free(key);
116115
117116 LBL_FREE:
118117 if (tmpbuf != NULL) {
7777 buf2 = XMALLOC(buf2len);
7878 if (buf2 == NULL) { err = CRYPT_MEM; goto LBL_FREE1; }
7979
80 if ((err = mp_init_multi(&zero, &iter, NULL)) != CRYPT_OK) { goto LBL_FREE2; }
8081 /* init key */
81 err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, &zero, &iter, NULL);
82 if (err != CRYPT_OK) { goto LBL_FREE2; }
82 if ((err = rsa_init(key)) != CRYPT_OK) { goto LBL_FREE3; }
8383
8484 /* try to decode encrypted priv key */
8585 if ((err = pkcs8_decode_flexi(in, inlen, passwd, passwdlen, &l)) != CRYPT_OK) {
116116 if (err != CRYPT_OK) { goto LBL_ERR; }
117117 key->type = PK_PRIVATE;
118118 err = CRYPT_OK;
119 goto LBL_FREE2;
119 goto LBL_FREE3;
120120
121121 LBL_ERR:
122122 rsa_free(key);
123 LBL_FREE3:
124 mp_clear_multi(iter, zero, NULL);
125 if (l) der_free_sequence_flexi(l);
123126 LBL_FREE2:
124 if (l) der_free_sequence_flexi(l);
125 mp_clear_multi(iter, zero, NULL);
126127 XFREE(buf2);
127128 LBL_FREE1:
128129 XFREE(buf1);
3939 LTC_ARGCHK(ltc_mp.name != NULL);
4040
4141 /* init key */
42 if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
43 &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
42 if ((err = rsa_init(key)) != CRYPT_OK) {
4443 return err;
4544 }
4645
0 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
1 *
2 * LibTomCrypt is a library that provides various cryptographic
3 * algorithms in a highly modular and flexible manner.
4 *
5 * The library is free for all purposes without any express
6 * guarantee it works.
7 */
8 #include "tomcrypt_private.h"
9
10 /**
11 @file rsa_key.c
12 Free an RSA key, Tom St Denis
13 Basic operations on an RSA key, Steffen Jaeckel
14 */
15
16 #ifdef LTC_MRSA
17 #include <stdarg.h>
18
19 static void _mpi_shrink_multi(void **a, ...)
20 {
21 void **cur;
22 unsigned n;
23 int err;
24 va_list args;
25 void *tmp[10] = { 0 };
26 void **arg[10] = { 0 };
27
28 /* We re-allocate in the order that we received the varargs */
29 n = 0;
30 err = CRYPT_ERROR;
31 cur = a;
32 va_start(args, a);
33 while (cur != NULL) {
34 if (n >= sizeof(tmp)/sizeof(tmp[0])) {
35 goto out;
36 }
37 if (*cur != NULL) {
38 arg[n] = cur;
39 if ((err = mp_init_copy(&tmp[n], *arg[n])) != CRYPT_OK) {
40 goto out;
41 }
42 n++;
43 }
44 cur = va_arg(args, void**);
45 }
46 va_end(args);
47
48 /* but we clear the old values in the reverse order */
49 while (n != 0 && arg[--n] != NULL) {
50 mp_clear(*arg[n]);
51 *arg[n] = tmp[n];
52 }
53 out:
54 va_end(args);
55 /* clean-up after an error
56 * or after this was called with too many args
57 */
58 if ((err != CRYPT_OK) ||
59 (n >= sizeof(tmp)/sizeof(tmp[0]))) {
60 for (n = 0; n < sizeof(tmp)/sizeof(tmp[0]); ++n) {
61 if (tmp[n] != NULL) {
62 mp_clear(tmp[n]);
63 }
64 }
65 }
66 }
67
68 /**
69 This shrinks the allocated memory of a RSA key
70
71 It will use up some more memory temporarily,
72 but then it will free-up the entire sequence that
73 was once allocated when the key was created/populated.
74
75 This only works with libtommath >= 1.2.0 in earlier versions
76 it has the inverse effect due to the way it worked internally.
77 Also works for GNU MP, tomsfastmath naturally shows no effect.
78
79 @param key The RSA key to shrink
80 */
81 void rsa_shrink_key(rsa_key *key)
82 {
83 LTC_ARGCHKVD(key != NULL);
84 _mpi_shrink_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL);
85 }
86
87 /**
88 Init an RSA key
89 @param key The RSA key to free
90 @return CRYPT_OK if successful
91 */
92 int rsa_init(rsa_key *key)
93 {
94 LTC_ARGCHK(key != NULL);
95 return mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL);
96 }
97
98 /**
99 Free an RSA key from memory
100 @param key The RSA key to free
101 */
102 void rsa_free(rsa_key *key)
103 {
104 LTC_ARGCHKVD(key != NULL);
105 mp_cleanup_multi(&key->q, &key->p, &key->qP, &key->dP, &key->dQ, &key->N, &key->d, &key->e, NULL);
106 }
107
108 #endif
109
110 /* ref: $Format:%D$ */
111 /* git commit: $Format:%H$ */
112 /* commit time: $Format:%ai$ */
6767 if ((err = mp_lcm( tmp1, tmp2, tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = lcm(p-1, q-1) */
6868
6969 /* make key */
70 if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
70 if ((err = rsa_init(key)) != CRYPT_OK) {
7171 goto errkey;
7272 }
7373
7777
7878 /* optimize for CRT now */
7979 /* find d mod q-1 and d mod p-1 */
80 if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */
81 if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */
80 if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = p-1 */
81 if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = q-1 */
8282 if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { goto errkey; } /* dP = d mod p-1 */
8383 if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { goto errkey; } /* dQ = d mod q-1 */
8484 if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { goto errkey; } /* qP = 1/q mod p */
3434 LTC_ARGCHK(e != NULL);
3535 LTC_ARGCHK(ltc_mp.name != NULL);
3636
37 err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL);
38 if (err != CRYPT_OK) return err;
37 if ((err = rsa_init(key)) != CRYPT_OK) return err;
3938
4039 if ((err = mp_read_unsigned_bin(key->N , (unsigned char *)N , Nlen)) != CRYPT_OK) { goto LBL_ERR; }
4140 if ((err = mp_read_unsigned_bin(key->e , (unsigned char *)e , elen)) != CRYPT_OK) { goto LBL_ERR; }
236236 return err;
237237 }
238238 }
239 prng->u.fortuna.pool_idx = prng->u.fortuna.pool0_len = prng->u.fortuna.wd = 0;
240 prng->u.fortuna.reset_cnt = 0;
239 prng->u.fortuna.pool_idx = prng->u.fortuna.pool0_len = 0;
240 prng->u.fortuna.reset_cnt = prng->u.fortuna.wd = 0;
241241
242242 /* reset bufs */
243243 zeromem(prng->u.fortuna.K, 32);
1818 int chacha_done(chacha_state *st)
1919 {
2020 LTC_ARGCHK(st != NULL);
21 XMEMSET(st, 0, sizeof(chacha_state));
21 zeromem(st, sizeof(chacha_state));
2222 return CRYPT_OK;
2323 }
2424
3333
3434 if ((err = chacha_setup(&st, key, keylen, rounds)) != CRYPT_OK) goto WIPE_KEY;
3535 if (ivlen > 8) {
36 if ((err = chacha_ivctr32(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY;
36 if ((err = chacha_ivctr32(&st, iv, ivlen, (ulong32)counter)) != CRYPT_OK) goto WIPE_KEY;
3737 } else {
3838 if ((err = chacha_ivctr64(&st, iv, ivlen, counter)) != CRYPT_OK) goto WIPE_KEY;
3939 }
409409 0xea, 0xec, 0x34, 0x9d, 0x8f, 0xb4, 0x6b, 0x60,
410410 0x79, 0x1b, 0xea, 0x16, 0xcb, 0xef, 0x46, 0x87,
411411 0x60, 0xa6, 0x55, 0x14, 0xff, 0xca, 0xac };
412 unsigned long ptlen = strlen(pt);
412 unsigned long ptlen = XSTRLEN(pt);
413413 unsigned char out2[1000] = { 0 };
414414 unsigned char nulls[1000] = { 0 };
415415
9999 int rc4_stream_done(rc4_state *st)
100100 {
101101 LTC_ARGCHK(st != NULL);
102 XMEMSET(st, 0, sizeof(rc4_state));
102 zeromem(st, sizeof(rc4_state));
103103 return CRYPT_OK;
104104 }
105105
1818 int salsa20_done(salsa20_state *st)
1919 {
2020 LTC_ARGCHK(st != NULL);
21 XMEMSET(st, 0, sizeof(salsa20_state));
21 zeromem(st, sizeof(salsa20_state));
2222 return CRYPT_OK;
2323 }
2424
331331 int sober128_stream_done(sober128_state *st)
332332 {
333333 LTC_ARGCHK(st != NULL);
334 XMEMSET(st, 0, sizeof(sober128_state));
334 zeromem(st, sizeof(sober128_state));
335335 return CRYPT_OK;
336336 }
337337
804804 int sosemanuk_done(sosemanuk_state *st)
805805 {
806806 LTC_ARGCHK(st != NULL);
807 XMEMSET(st, 0, sizeof(sosemanuk_state));
807 zeromem(st, sizeof(sosemanuk_state));
808808 return CRYPT_OK;
809809 }
810810