+1

docs/CREDITS

reviewed

··· 738 738 The Pocket Quake team (Dan East and others) 739 739 The bzip2 team 740 740 The bsdiff team 741 741 + The libtomcrypt team

+29

utils/tomcrypt/LICENSE

reviewed

··· 1 1 + LibTomCrypt is licensed under DUAL licensing terms. 2 2 + 3 3 + Choose and use the license of your needs. 4 4 + 5 5 + [LICENSE #1] 6 6 + 7 7 + LibTomCrypt is public domain. As should all quality software be. 8 8 + 9 9 + Tom St Denis 10 10 + 11 11 + [/LICENSE #1] 12 12 + 13 13 + [LICENSE #2] 14 14 + 15 15 + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 16 16 + Version 2, December 2004 17 17 + 18 18 + Copyright (C) 2004 Sam Hocevar <sam@hocevar.net> 19 19 + 20 20 + Everyone is permitted to copy and distribute verbatim or modified 21 21 + copies of this license document, and changing it is allowed as long 22 22 + as the name is changed. 23 23 + 24 24 + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 25 25 + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 26 26 + 27 27 + 0. You just DO WHAT THE FUCK YOU WANT TO. 28 28 + 29 29 + [/LICENSE #2]

+7

utils/tomcrypt/README.ROCKBOX

reviewed

··· 1 1 + This folder contains the source from libtomcrypt. 2 2 + 3 3 + Only the source files that are actually used have been added. If more 4 4 + functionality is needed add the missing files. 5 5 + 6 6 + The source tree has last been synced with libtomcrypt 1.18.2 on 2020-08-08. 7 7 +

+743

utils/tomcrypt/src/ciphers/aes/aes.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /* AES implementation by Tom St Denis 11 11 + * 12 12 + * Derived from the Public Domain source code by 13 13 + 14 14 + --- 15 15 + * rijndael-alg-fst.c 16 16 + * 17 17 + * @version 3.0 (December 2000) 18 18 + * 19 19 + * Optimised ANSI C code for the Rijndael cipher (now AES) 20 20 + * 21 21 + * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> 22 22 + * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> 23 23 + * @author Paulo Barreto <paulo.barreto@terra.com.br> 24 24 + --- 25 25 + */ 26 26 + /** 27 27 + @file aes.c 28 28 + Implementation of AES 29 29 + */ 30 30 + 31 31 + #include "tomcrypt.h" 32 32 + 33 33 + #ifdef LTC_RIJNDAEL 34 34 + 35 35 + #ifndef ENCRYPT_ONLY 36 36 + 37 37 + #define SETUP rijndael_setup 38 38 + #define ECB_ENC rijndael_ecb_encrypt 39 39 + #define ECB_DEC rijndael_ecb_decrypt 40 40 + #define ECB_DONE rijndael_done 41 41 + #define ECB_TEST rijndael_test 42 42 + #define ECB_KS rijndael_keysize 43 43 + 44 44 + const struct ltc_cipher_descriptor rijndael_desc = 45 45 + { 46 46 + "rijndael", 47 47 + 6, 48 48 + 16, 32, 16, 10, 49 49 + SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, 50 50 + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL 51 51 + }; 52 52 + 53 53 + const struct ltc_cipher_descriptor aes_desc = 54 54 + { 55 55 + "aes", 56 56 + 6, 57 57 + 16, 32, 16, 10, 58 58 + SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, 59 59 + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL 60 60 + }; 61 61 + 62 62 + #else 63 63 + 64 64 + #define SETUP rijndael_enc_setup 65 65 + #define ECB_ENC rijndael_enc_ecb_encrypt 66 66 + #define ECB_KS rijndael_enc_keysize 67 67 + #define ECB_DONE rijndael_enc_done 68 68 + 69 69 + const struct ltc_cipher_descriptor rijndael_enc_desc = 70 70 + { 71 71 + "rijndael", 72 72 + 6, 73 73 + 16, 32, 16, 10, 74 74 + SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, 75 75 + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL 76 76 + }; 77 77 + 78 78 + const struct ltc_cipher_descriptor aes_enc_desc = 79 79 + { 80 80 + "aes", 81 81 + 6, 82 82 + 16, 32, 16, 10, 83 83 + SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, 84 84 + NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL 85 85 + }; 86 86 + 87 87 + #endif 88 88 + 89 89 + #define __LTC_AES_TAB_C__ 90 90 + #include "aes_tab.c" 91 91 + 92 92 + static ulong32 setup_mix(ulong32 temp) 93 93 + { 94 94 + return (Te4_3[byte(temp, 2)]) ^ 95 95 + (Te4_2[byte(temp, 1)]) ^ 96 96 + (Te4_1[byte(temp, 0)]) ^ 97 97 + (Te4_0[byte(temp, 3)]); 98 98 + } 99 99 + 100 100 + #ifndef ENCRYPT_ONLY 101 101 + #ifdef LTC_SMALL_CODE 102 102 + static ulong32 setup_mix2(ulong32 temp) 103 103 + { 104 104 + return Td0(255 & Te4[byte(temp, 3)]) ^ 105 105 + Td1(255 & Te4[byte(temp, 2)]) ^ 106 106 + Td2(255 & Te4[byte(temp, 1)]) ^ 107 107 + Td3(255 & Te4[byte(temp, 0)]); 108 108 + } 109 109 + #endif 110 110 + #endif 111 111 + 112 112 + /** 113 113 + Initialize the AES (Rijndael) block cipher 114 114 + @param key The symmetric key you wish to pass 115 115 + @param keylen The key length in bytes 116 116 + @param num_rounds The number of rounds desired (0 for default) 117 117 + @param skey The key in as scheduled by this function. 118 118 + @return CRYPT_OK if successful 119 119 + */ 120 120 + int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) 121 121 + { 122 122 + int i; 123 123 + ulong32 temp, *rk; 124 124 + #ifndef ENCRYPT_ONLY 125 125 + ulong32 *rrk; 126 126 + #endif 127 127 + LTC_ARGCHK(key != NULL); 128 128 + LTC_ARGCHK(skey != NULL); 129 129 + 130 130 + if (keylen != 16 && keylen != 24 && keylen != 32) { 131 131 + return CRYPT_INVALID_KEYSIZE; 132 132 + } 133 133 + 134 134 + if (num_rounds != 0 && num_rounds != (10 + ((keylen/8)-2)*2)) { 135 135 + return CRYPT_INVALID_ROUNDS; 136 136 + } 137 137 + 138 138 + skey->rijndael.Nr = 10 + ((keylen/8)-2)*2; 139 139 + 140 140 + /* setup the forward key */ 141 141 + i = 0; 142 142 + rk = skey->rijndael.eK; 143 143 + LOAD32H(rk[0], key ); 144 144 + LOAD32H(rk[1], key + 4); 145 145 + LOAD32H(rk[2], key + 8); 146 146 + LOAD32H(rk[3], key + 12); 147 147 + if (keylen == 16) { 148 148 + for (;;) { 149 149 + temp = rk[3]; 150 150 + rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i]; 151 151 + rk[5] = rk[1] ^ rk[4]; 152 152 + rk[6] = rk[2] ^ rk[5]; 153 153 + rk[7] = rk[3] ^ rk[6]; 154 154 + if (++i == 10) { 155 155 + break; 156 156 + } 157 157 + rk += 4; 158 158 + } 159 159 + } else if (keylen == 24) { 160 160 + LOAD32H(rk[4], key + 16); 161 161 + LOAD32H(rk[5], key + 20); 162 162 + for (;;) { 163 163 + #ifdef _MSC_VER 164 164 + temp = skey->rijndael.eK[rk - skey->rijndael.eK + 5]; 165 165 + #else 166 166 + temp = rk[5]; 167 167 + #endif 168 168 + rk[ 6] = rk[ 0] ^ setup_mix(temp) ^ rcon[i]; 169 169 + rk[ 7] = rk[ 1] ^ rk[ 6]; 170 170 + rk[ 8] = rk[ 2] ^ rk[ 7]; 171 171 + rk[ 9] = rk[ 3] ^ rk[ 8]; 172 172 + if (++i == 8) { 173 173 + break; 174 174 + } 175 175 + rk[10] = rk[ 4] ^ rk[ 9]; 176 176 + rk[11] = rk[ 5] ^ rk[10]; 177 177 + rk += 6; 178 178 + } 179 179 + } else if (keylen == 32) { 180 180 + LOAD32H(rk[4], key + 16); 181 181 + LOAD32H(rk[5], key + 20); 182 182 + LOAD32H(rk[6], key + 24); 183 183 + LOAD32H(rk[7], key + 28); 184 184 + for (;;) { 185 185 + #ifdef _MSC_VER 186 186 + temp = skey->rijndael.eK[rk - skey->rijndael.eK + 7]; 187 187 + #else 188 188 + temp = rk[7]; 189 189 + #endif 190 190 + rk[ 8] = rk[ 0] ^ setup_mix(temp) ^ rcon[i]; 191 191 + rk[ 9] = rk[ 1] ^ rk[ 8]; 192 192 + rk[10] = rk[ 2] ^ rk[ 9]; 193 193 + rk[11] = rk[ 3] ^ rk[10]; 194 194 + if (++i == 7) { 195 195 + break; 196 196 + } 197 197 + temp = rk[11]; 198 198 + rk[12] = rk[ 4] ^ setup_mix(RORc(temp, 8)); 199 199 + rk[13] = rk[ 5] ^ rk[12]; 200 200 + rk[14] = rk[ 6] ^ rk[13]; 201 201 + rk[15] = rk[ 7] ^ rk[14]; 202 202 + rk += 8; 203 203 + } 204 204 + } else { 205 205 + /* this can't happen */ 206 206 + /* coverity[dead_error_line] */ 207 207 + return CRYPT_ERROR; 208 208 + } 209 209 + 210 210 + #ifndef ENCRYPT_ONLY 211 211 + /* setup the inverse key now */ 212 212 + rk = skey->rijndael.dK; 213 213 + rrk = skey->rijndael.eK + (28 + keylen) - 4; 214 214 + 215 215 + /* apply the inverse MixColumn transform to all round keys but the first and the last: */ 216 216 + /* copy first */ 217 217 + *rk++ = *rrk++; 218 218 + *rk++ = *rrk++; 219 219 + *rk++ = *rrk++; 220 220 + *rk = *rrk; 221 221 + rk -= 3; rrk -= 3; 222 222 + 223 223 + for (i = 1; i < skey->rijndael.Nr; i++) { 224 224 + rrk -= 4; 225 225 + rk += 4; 226 226 + #ifdef LTC_SMALL_CODE 227 227 + temp = rrk[0]; 228 228 + rk[0] = setup_mix2(temp); 229 229 + temp = rrk[1]; 230 230 + rk[1] = setup_mix2(temp); 231 231 + temp = rrk[2]; 232 232 + rk[2] = setup_mix2(temp); 233 233 + temp = rrk[3]; 234 234 + rk[3] = setup_mix2(temp); 235 235 + #else 236 236 + temp = rrk[0]; 237 237 + rk[0] = 238 238 + Tks0[byte(temp, 3)] ^ 239 239 + Tks1[byte(temp, 2)] ^ 240 240 + Tks2[byte(temp, 1)] ^ 241 241 + Tks3[byte(temp, 0)]; 242 242 + temp = rrk[1]; 243 243 + rk[1] = 244 244 + Tks0[byte(temp, 3)] ^ 245 245 + Tks1[byte(temp, 2)] ^ 246 246 + Tks2[byte(temp, 1)] ^ 247 247 + Tks3[byte(temp, 0)]; 248 248 + temp = rrk[2]; 249 249 + rk[2] = 250 250 + Tks0[byte(temp, 3)] ^ 251 251 + Tks1[byte(temp, 2)] ^ 252 252 + Tks2[byte(temp, 1)] ^ 253 253 + Tks3[byte(temp, 0)]; 254 254 + temp = rrk[3]; 255 255 + rk[3] = 256 256 + Tks0[byte(temp, 3)] ^ 257 257 + Tks1[byte(temp, 2)] ^ 258 258 + Tks2[byte(temp, 1)] ^ 259 259 + Tks3[byte(temp, 0)]; 260 260 + #endif 261 261 + 262 262 + } 263 263 + 264 264 + /* copy last */ 265 265 + rrk -= 4; 266 266 + rk += 4; 267 267 + *rk++ = *rrk++; 268 268 + *rk++ = *rrk++; 269 269 + *rk++ = *rrk++; 270 270 + *rk = *rrk; 271 271 + #endif /* ENCRYPT_ONLY */ 272 272 + 273 273 + return CRYPT_OK; 274 274 + } 275 275 + 276 276 + /** 277 277 + Encrypts a block of text with AES 278 278 + @param pt The input plaintext (16 bytes) 279 279 + @param ct The output ciphertext (16 bytes) 280 280 + @param skey The key as scheduled 281 281 + @return CRYPT_OK if successful 282 282 + */ 283 283 + #ifdef LTC_CLEAN_STACK 284 284 + static int _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) 285 285 + #else 286 286 + int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) 287 287 + #endif 288 288 + { 289 289 + ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk; 290 290 + int Nr, r; 291 291 + 292 292 + LTC_ARGCHK(pt != NULL); 293 293 + LTC_ARGCHK(ct != NULL); 294 294 + LTC_ARGCHK(skey != NULL); 295 295 + 296 296 + Nr = skey->rijndael.Nr; 297 297 + rk = skey->rijndael.eK; 298 298 + 299 299 + /* 300 300 + * map byte array block to cipher state 301 301 + * and add initial round key: 302 302 + */ 303 303 + LOAD32H(s0, pt ); s0 ^= rk[0]; 304 304 + LOAD32H(s1, pt + 4); s1 ^= rk[1]; 305 305 + LOAD32H(s2, pt + 8); s2 ^= rk[2]; 306 306 + LOAD32H(s3, pt + 12); s3 ^= rk[3]; 307 307 + 308 308 + #ifdef LTC_SMALL_CODE 309 309 + 310 310 + for (r = 0; ; r++) { 311 311 + rk += 4; 312 312 + t0 = 313 313 + Te0(byte(s0, 3)) ^ 314 314 + Te1(byte(s1, 2)) ^ 315 315 + Te2(byte(s2, 1)) ^ 316 316 + Te3(byte(s3, 0)) ^ 317 317 + rk[0]; 318 318 + t1 = 319 319 + Te0(byte(s1, 3)) ^ 320 320 + Te1(byte(s2, 2)) ^ 321 321 + Te2(byte(s3, 1)) ^ 322 322 + Te3(byte(s0, 0)) ^ 323 323 + rk[1]; 324 324 + t2 = 325 325 + Te0(byte(s2, 3)) ^ 326 326 + Te1(byte(s3, 2)) ^ 327 327 + Te2(byte(s0, 1)) ^ 328 328 + Te3(byte(s1, 0)) ^ 329 329 + rk[2]; 330 330 + t3 = 331 331 + Te0(byte(s3, 3)) ^ 332 332 + Te1(byte(s0, 2)) ^ 333 333 + Te2(byte(s1, 1)) ^ 334 334 + Te3(byte(s2, 0)) ^ 335 335 + rk[3]; 336 336 + if (r == Nr-2) { 337 337 + break; 338 338 + } 339 339 + s0 = t0; s1 = t1; s2 = t2; s3 = t3; 340 340 + } 341 341 + rk += 4; 342 342 + 343 343 + #else 344 344 + 345 345 + /* 346 346 + * Nr - 1 full rounds: 347 347 + */ 348 348 + r = Nr >> 1; 349 349 + for (;;) { 350 350 + t0 = 351 351 + Te0(byte(s0, 3)) ^ 352 352 + Te1(byte(s1, 2)) ^ 353 353 + Te2(byte(s2, 1)) ^ 354 354 + Te3(byte(s3, 0)) ^ 355 355 + rk[4]; 356 356 + t1 = 357 357 + Te0(byte(s1, 3)) ^ 358 358 + Te1(byte(s2, 2)) ^ 359 359 + Te2(byte(s3, 1)) ^ 360 360 + Te3(byte(s0, 0)) ^ 361 361 + rk[5]; 362 362 + t2 = 363 363 + Te0(byte(s2, 3)) ^ 364 364 + Te1(byte(s3, 2)) ^ 365 365 + Te2(byte(s0, 1)) ^ 366 366 + Te3(byte(s1, 0)) ^ 367 367 + rk[6]; 368 368 + t3 = 369 369 + Te0(byte(s3, 3)) ^ 370 370 + Te1(byte(s0, 2)) ^ 371 371 + Te2(byte(s1, 1)) ^ 372 372 + Te3(byte(s2, 0)) ^ 373 373 + rk[7]; 374 374 + 375 375 + rk += 8; 376 376 + if (--r == 0) { 377 377 + break; 378 378 + } 379 379 + 380 380 + s0 = 381 381 + Te0(byte(t0, 3)) ^ 382 382 + Te1(byte(t1, 2)) ^ 383 383 + Te2(byte(t2, 1)) ^ 384 384 + Te3(byte(t3, 0)) ^ 385 385 + rk[0]; 386 386 + s1 = 387 387 + Te0(byte(t1, 3)) ^ 388 388 + Te1(byte(t2, 2)) ^ 389 389 + Te2(byte(t3, 1)) ^ 390 390 + Te3(byte(t0, 0)) ^ 391 391 + rk[1]; 392 392 + s2 = 393 393 + Te0(byte(t2, 3)) ^ 394 394 + Te1(byte(t3, 2)) ^ 395 395 + Te2(byte(t0, 1)) ^ 396 396 + Te3(byte(t1, 0)) ^ 397 397 + rk[2]; 398 398 + s3 = 399 399 + Te0(byte(t3, 3)) ^ 400 400 + Te1(byte(t0, 2)) ^ 401 401 + Te2(byte(t1, 1)) ^ 402 402 + Te3(byte(t2, 0)) ^ 403 403 + rk[3]; 404 404 + } 405 405 + 406 406 + #endif 407 407 + 408 408 + /* 409 409 + * apply last round and 410 410 + * map cipher state to byte array block: 411 411 + */ 412 412 + s0 = 413 413 + (Te4_3[byte(t0, 3)]) ^ 414 414 + (Te4_2[byte(t1, 2)]) ^ 415 415 + (Te4_1[byte(t2, 1)]) ^ 416 416 + (Te4_0[byte(t3, 0)]) ^ 417 417 + rk[0]; 418 418 + STORE32H(s0, ct); 419 419 + s1 = 420 420 + (Te4_3[byte(t1, 3)]) ^ 421 421 + (Te4_2[byte(t2, 2)]) ^ 422 422 + (Te4_1[byte(t3, 1)]) ^ 423 423 + (Te4_0[byte(t0, 0)]) ^ 424 424 + rk[1]; 425 425 + STORE32H(s1, ct+4); 426 426 + s2 = 427 427 + (Te4_3[byte(t2, 3)]) ^ 428 428 + (Te4_2[byte(t3, 2)]) ^ 429 429 + (Te4_1[byte(t0, 1)]) ^ 430 430 + (Te4_0[byte(t1, 0)]) ^ 431 431 + rk[2]; 432 432 + STORE32H(s2, ct+8); 433 433 + s3 = 434 434 + (Te4_3[byte(t3, 3)]) ^ 435 435 + (Te4_2[byte(t0, 2)]) ^ 436 436 + (Te4_1[byte(t1, 1)]) ^ 437 437 + (Te4_0[byte(t2, 0)]) ^ 438 438 + rk[3]; 439 439 + STORE32H(s3, ct+12); 440 440 + 441 441 + return CRYPT_OK; 442 442 + } 443 443 + 444 444 + #ifdef LTC_CLEAN_STACK 445 445 + int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) 446 446 + { 447 447 + int err = _rijndael_ecb_encrypt(pt, ct, skey); 448 448 + burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2); 449 449 + return err; 450 450 + } 451 451 + #endif 452 452 + 453 453 + #ifndef ENCRYPT_ONLY 454 454 + 455 455 + /** 456 456 + Decrypts a block of text with AES 457 457 + @param ct The input ciphertext (16 bytes) 458 458 + @param pt The output plaintext (16 bytes) 459 459 + @param skey The key as scheduled 460 460 + @return CRYPT_OK if successful 461 461 + */ 462 462 + #ifdef LTC_CLEAN_STACK 463 463 + static int _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) 464 464 + #else 465 465 + int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) 466 466 + #endif 467 467 + { 468 468 + ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk; 469 469 + int Nr, r; 470 470 + 471 471 + LTC_ARGCHK(pt != NULL); 472 472 + LTC_ARGCHK(ct != NULL); 473 473 + LTC_ARGCHK(skey != NULL); 474 474 + 475 475 + Nr = skey->rijndael.Nr; 476 476 + rk = skey->rijndael.dK; 477 477 + 478 478 + /* 479 479 + * map byte array block to cipher state 480 480 + * and add initial round key: 481 481 + */ 482 482 + LOAD32H(s0, ct ); s0 ^= rk[0]; 483 483 + LOAD32H(s1, ct + 4); s1 ^= rk[1]; 484 484 + LOAD32H(s2, ct + 8); s2 ^= rk[2]; 485 485 + LOAD32H(s3, ct + 12); s3 ^= rk[3]; 486 486 + 487 487 + #ifdef LTC_SMALL_CODE 488 488 + for (r = 0; ; r++) { 489 489 + rk += 4; 490 490 + t0 = 491 491 + Td0(byte(s0, 3)) ^ 492 492 + Td1(byte(s3, 2)) ^ 493 493 + Td2(byte(s2, 1)) ^ 494 494 + Td3(byte(s1, 0)) ^ 495 495 + rk[0]; 496 496 + t1 = 497 497 + Td0(byte(s1, 3)) ^ 498 498 + Td1(byte(s0, 2)) ^ 499 499 + Td2(byte(s3, 1)) ^ 500 500 + Td3(byte(s2, 0)) ^ 501 501 + rk[1]; 502 502 + t2 = 503 503 + Td0(byte(s2, 3)) ^ 504 504 + Td1(byte(s1, 2)) ^ 505 505 + Td2(byte(s0, 1)) ^ 506 506 + Td3(byte(s3, 0)) ^ 507 507 + rk[2]; 508 508 + t3 = 509 509 + Td0(byte(s3, 3)) ^ 510 510 + Td1(byte(s2, 2)) ^ 511 511 + Td2(byte(s1, 1)) ^ 512 512 + Td3(byte(s0, 0)) ^ 513 513 + rk[3]; 514 514 + if (r == Nr-2) { 515 515 + break; 516 516 + } 517 517 + s0 = t0; s1 = t1; s2 = t2; s3 = t3; 518 518 + } 519 519 + rk += 4; 520 520 + 521 521 + #else 522 522 + 523 523 + /* 524 524 + * Nr - 1 full rounds: 525 525 + */ 526 526 + r = Nr >> 1; 527 527 + for (;;) { 528 528 + 529 529 + t0 = 530 530 + Td0(byte(s0, 3)) ^ 531 531 + Td1(byte(s3, 2)) ^ 532 532 + Td2(byte(s2, 1)) ^ 533 533 + Td3(byte(s1, 0)) ^ 534 534 + rk[4]; 535 535 + t1 = 536 536 + Td0(byte(s1, 3)) ^ 537 537 + Td1(byte(s0, 2)) ^ 538 538 + Td2(byte(s3, 1)) ^ 539 539 + Td3(byte(s2, 0)) ^ 540 540 + rk[5]; 541 541 + t2 = 542 542 + Td0(byte(s2, 3)) ^ 543 543 + Td1(byte(s1, 2)) ^ 544 544 + Td2(byte(s0, 1)) ^ 545 545 + Td3(byte(s3, 0)) ^ 546 546 + rk[6]; 547 547 + t3 = 548 548 + Td0(byte(s3, 3)) ^ 549 549 + Td1(byte(s2, 2)) ^ 550 550 + Td2(byte(s1, 1)) ^ 551 551 + Td3(byte(s0, 0)) ^ 552 552 + rk[7]; 553 553 + 554 554 + rk += 8; 555 555 + if (--r == 0) { 556 556 + break; 557 557 + } 558 558 + 559 559 + 560 560 + s0 = 561 561 + Td0(byte(t0, 3)) ^ 562 562 + Td1(byte(t3, 2)) ^ 563 563 + Td2(byte(t2, 1)) ^ 564 564 + Td3(byte(t1, 0)) ^ 565 565 + rk[0]; 566 566 + s1 = 567 567 + Td0(byte(t1, 3)) ^ 568 568 + Td1(byte(t0, 2)) ^ 569 569 + Td2(byte(t3, 1)) ^ 570 570 + Td3(byte(t2, 0)) ^ 571 571 + rk[1]; 572 572 + s2 = 573 573 + Td0(byte(t2, 3)) ^ 574 574 + Td1(byte(t1, 2)) ^ 575 575 + Td2(byte(t0, 1)) ^ 576 576 + Td3(byte(t3, 0)) ^ 577 577 + rk[2]; 578 578 + s3 = 579 579 + Td0(byte(t3, 3)) ^ 580 580 + Td1(byte(t2, 2)) ^ 581 581 + Td2(byte(t1, 1)) ^ 582 582 + Td3(byte(t0, 0)) ^ 583 583 + rk[3]; 584 584 + } 585 585 + #endif 586 586 + 587 587 + /* 588 588 + * apply last round and 589 589 + * map cipher state to byte array block: 590 590 + */ 591 591 + s0 = 592 592 + (Td4[byte(t0, 3)] & 0xff000000) ^ 593 593 + (Td4[byte(t3, 2)] & 0x00ff0000) ^ 594 594 + (Td4[byte(t2, 1)] & 0x0000ff00) ^ 595 595 + (Td4[byte(t1, 0)] & 0x000000ff) ^ 596 596 + rk[0]; 597 597 + STORE32H(s0, pt); 598 598 + s1 = 599 599 + (Td4[byte(t1, 3)] & 0xff000000) ^ 600 600 + (Td4[byte(t0, 2)] & 0x00ff0000) ^ 601 601 + (Td4[byte(t3, 1)] & 0x0000ff00) ^ 602 602 + (Td4[byte(t2, 0)] & 0x000000ff) ^ 603 603 + rk[1]; 604 604 + STORE32H(s1, pt+4); 605 605 + s2 = 606 606 + (Td4[byte(t2, 3)] & 0xff000000) ^ 607 607 + (Td4[byte(t1, 2)] & 0x00ff0000) ^ 608 608 + (Td4[byte(t0, 1)] & 0x0000ff00) ^ 609 609 + (Td4[byte(t3, 0)] & 0x000000ff) ^ 610 610 + rk[2]; 611 611 + STORE32H(s2, pt+8); 612 612 + s3 = 613 613 + (Td4[byte(t3, 3)] & 0xff000000) ^ 614 614 + (Td4[byte(t2, 2)] & 0x00ff0000) ^ 615 615 + (Td4[byte(t1, 1)] & 0x0000ff00) ^ 616 616 + (Td4[byte(t0, 0)] & 0x000000ff) ^ 617 617 + rk[3]; 618 618 + STORE32H(s3, pt+12); 619 619 + 620 620 + return CRYPT_OK; 621 621 + } 622 622 + 623 623 + 624 624 + #ifdef LTC_CLEAN_STACK 625 625 + int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) 626 626 + { 627 627 + int err = _rijndael_ecb_decrypt(ct, pt, skey); 628 628 + burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2); 629 629 + return err; 630 630 + } 631 631 + #endif 632 632 + 633 633 + /** 634 634 + Performs a self-test of the AES block cipher 635 635 + @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled 636 636 + */ 637 637 + int ECB_TEST(void) 638 638 + { 639 639 + #ifndef LTC_TEST 640 640 + return CRYPT_NOP; 641 641 + #else 642 642 + int err; 643 643 + static const struct { 644 644 + int keylen; 645 645 + unsigned char key[32], pt[16], ct[16]; 646 646 + } tests[] = { 647 647 + { 16, 648 648 + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 649 649 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, 650 650 + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 651 651 + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, 652 652 + { 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, 653 653 + 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a } 654 654 + }, { 655 655 + 24, 656 656 + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 657 657 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 658 658 + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 }, 659 659 + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 660 660 + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, 661 661 + { 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0, 662 662 + 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91 } 663 663 + }, { 664 664 + 32, 665 665 + { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 666 666 + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 667 667 + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 668 668 + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, 669 669 + { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 670 670 + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, 671 671 + { 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf, 672 672 + 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89 } 673 673 + } 674 674 + }; 675 675 + 676 676 + symmetric_key key; 677 677 + unsigned char tmp[2][16]; 678 678 + int i, y; 679 679 + 680 680 + for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) { 681 681 + zeromem(&key, sizeof(key)); 682 682 + if ((err = rijndael_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) { 683 683 + return err; 684 684 + } 685 685 + 686 686 + rijndael_ecb_encrypt(tests[i].pt, tmp[0], &key); 687 687 + rijndael_ecb_decrypt(tmp[0], tmp[1], &key); 688 688 + if (compare_testvector(tmp[0], 16, tests[i].ct, 16, "AES Encrypt", i) || 689 689 + compare_testvector(tmp[1], 16, tests[i].pt, 16, "AES Decrypt", i)) { 690 690 + return CRYPT_FAIL_TESTVECTOR; 691 691 + } 692 692 + 693 693 + /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */ 694 694 + for (y = 0; y < 16; y++) tmp[0][y] = 0; 695 695 + for (y = 0; y < 1000; y++) rijndael_ecb_encrypt(tmp[0], tmp[0], &key); 696 696 + for (y = 0; y < 1000; y++) rijndael_ecb_decrypt(tmp[0], tmp[0], &key); 697 697 + for (y = 0; y < 16; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR; 698 698 + } 699 699 + return CRYPT_OK; 700 700 + #endif 701 701 + } 702 702 + 703 703 + #endif /* ENCRYPT_ONLY */ 704 704 + 705 705 + 706 706 + /** Terminate the context 707 707 + @param skey The scheduled key 708 708 + */ 709 709 + void ECB_DONE(symmetric_key *skey) 710 710 + { 711 711 + LTC_UNUSED_PARAM(skey); 712 712 + } 713 713 + 714 714 + 715 715 + /** 716 716 + Gets suitable key size 717 717 + @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. 718 718 + @return CRYPT_OK if the input key size is acceptable. 719 719 + */ 720 720 + int ECB_KS(int *keysize) 721 721 + { 722 722 + LTC_ARGCHK(keysize != NULL); 723 723 + 724 724 + if (*keysize < 16) 725 725 + return CRYPT_INVALID_KEYSIZE; 726 726 + if (*keysize < 24) { 727 727 + *keysize = 16; 728 728 + return CRYPT_OK; 729 729 + } else if (*keysize < 32) { 730 730 + *keysize = 24; 731 731 + return CRYPT_OK; 732 732 + } else { 733 733 + *keysize = 32; 734 734 + return CRYPT_OK; 735 735 + } 736 736 + } 737 737 + 738 738 + #endif 739 739 + 740 740 + 741 741 + /* ref: HEAD -> master, tag: v1.18.2 */ 742 742 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 743 743 + /* commit time: 2018-07-01 22:49:01 +0200 */

+1032

utils/tomcrypt/src/ciphers/aes/aes_tab.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + /* The precomputed tables for AES */ 10 10 + /* 11 11 + Te0[x] = S [x].[02, 01, 01, 03]; 12 12 + Te1[x] = S [x].[03, 02, 01, 01]; 13 13 + Te2[x] = S [x].[01, 03, 02, 01]; 14 14 + Te3[x] = S [x].[01, 01, 03, 02]; 15 15 + Te4[x] = S [x].[01, 01, 01, 01]; 16 16 + 17 17 + Td0[x] = Si[x].[0e, 09, 0d, 0b]; 18 18 + Td1[x] = Si[x].[0b, 0e, 09, 0d]; 19 19 + Td2[x] = Si[x].[0d, 0b, 0e, 09]; 20 20 + Td3[x] = Si[x].[09, 0d, 0b, 0e]; 21 21 + Td4[x] = Si[x].[01, 01, 01, 01]; 22 22 + */ 23 23 + 24 24 + #ifdef __LTC_AES_TAB_C__ 25 25 + 26 26 + /** 27 27 + @file aes_tab.c 28 28 + AES tables 29 29 + */ 30 30 + static const ulong32 TE0[256] = { 31 31 + 0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL, 32 32 + 0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL, 33 33 + 0x60303050UL, 0x02010103UL, 0xce6767a9UL, 0x562b2b7dUL, 34 34 + 0xe7fefe19UL, 0xb5d7d762UL, 0x4dababe6UL, 0xec76769aUL, 35 35 + 0x8fcaca45UL, 0x1f82829dUL, 0x89c9c940UL, 0xfa7d7d87UL, 36 36 + 0xeffafa15UL, 0xb25959ebUL, 0x8e4747c9UL, 0xfbf0f00bUL, 37 37 + 0x41adadecUL, 0xb3d4d467UL, 0x5fa2a2fdUL, 0x45afafeaUL, 38 38 + 0x239c9cbfUL, 0x53a4a4f7UL, 0xe4727296UL, 0x9bc0c05bUL, 39 39 + 0x75b7b7c2UL, 0xe1fdfd1cUL, 0x3d9393aeUL, 0x4c26266aUL, 40 40 + 0x6c36365aUL, 0x7e3f3f41UL, 0xf5f7f702UL, 0x83cccc4fUL, 41 41 + 0x6834345cUL, 0x51a5a5f4UL, 0xd1e5e534UL, 0xf9f1f108UL, 42 42 + 0xe2717193UL, 0xabd8d873UL, 0x62313153UL, 0x2a15153fUL, 43 43 + 0x0804040cUL, 0x95c7c752UL, 0x46232365UL, 0x9dc3c35eUL, 44 44 + 0x30181828UL, 0x379696a1UL, 0x0a05050fUL, 0x2f9a9ab5UL, 45 45 + 0x0e070709UL, 0x24121236UL, 0x1b80809bUL, 0xdfe2e23dUL, 46 46 + 0xcdebeb26UL, 0x4e272769UL, 0x7fb2b2cdUL, 0xea75759fUL, 47 47 + 0x1209091bUL, 0x1d83839eUL, 0x582c2c74UL, 0x341a1a2eUL, 48 48 + 0x361b1b2dUL, 0xdc6e6eb2UL, 0xb45a5aeeUL, 0x5ba0a0fbUL, 49 49 + 0xa45252f6UL, 0x763b3b4dUL, 0xb7d6d661UL, 0x7db3b3ceUL, 50 50 + 0x5229297bUL, 0xdde3e33eUL, 0x5e2f2f71UL, 0x13848497UL, 51 51 + 0xa65353f5UL, 0xb9d1d168UL, 0x00000000UL, 0xc1eded2cUL, 52 52 + 0x40202060UL, 0xe3fcfc1fUL, 0x79b1b1c8UL, 0xb65b5bedUL, 53 53 + 0xd46a6abeUL, 0x8dcbcb46UL, 0x67bebed9UL, 0x7239394bUL, 54 54 + 0x944a4adeUL, 0x984c4cd4UL, 0xb05858e8UL, 0x85cfcf4aUL, 55 55 + 0xbbd0d06bUL, 0xc5efef2aUL, 0x4faaaae5UL, 0xedfbfb16UL, 56 56 + 0x864343c5UL, 0x9a4d4dd7UL, 0x66333355UL, 0x11858594UL, 57 57 + 0x8a4545cfUL, 0xe9f9f910UL, 0x04020206UL, 0xfe7f7f81UL, 58 58 + 0xa05050f0UL, 0x783c3c44UL, 0x259f9fbaUL, 0x4ba8a8e3UL, 59 59 + 0xa25151f3UL, 0x5da3a3feUL, 0x804040c0UL, 0x058f8f8aUL, 60 60 + 0x3f9292adUL, 0x219d9dbcUL, 0x70383848UL, 0xf1f5f504UL, 61 61 + 0x63bcbcdfUL, 0x77b6b6c1UL, 0xafdada75UL, 0x42212163UL, 62 62 + 0x20101030UL, 0xe5ffff1aUL, 0xfdf3f30eUL, 0xbfd2d26dUL, 63 63 + 0x81cdcd4cUL, 0x180c0c14UL, 0x26131335UL, 0xc3ecec2fUL, 64 64 + 0xbe5f5fe1UL, 0x359797a2UL, 0x884444ccUL, 0x2e171739UL, 65 65 + 0x93c4c457UL, 0x55a7a7f2UL, 0xfc7e7e82UL, 0x7a3d3d47UL, 66 66 + 0xc86464acUL, 0xba5d5de7UL, 0x3219192bUL, 0xe6737395UL, 67 67 + 0xc06060a0UL, 0x19818198UL, 0x9e4f4fd1UL, 0xa3dcdc7fUL, 68 68 + 0x44222266UL, 0x542a2a7eUL, 0x3b9090abUL, 0x0b888883UL, 69 69 + 0x8c4646caUL, 0xc7eeee29UL, 0x6bb8b8d3UL, 0x2814143cUL, 70 70 + 0xa7dede79UL, 0xbc5e5ee2UL, 0x160b0b1dUL, 0xaddbdb76UL, 71 71 + 0xdbe0e03bUL, 0x64323256UL, 0x743a3a4eUL, 0x140a0a1eUL, 72 72 + 0x924949dbUL, 0x0c06060aUL, 0x4824246cUL, 0xb85c5ce4UL, 73 73 + 0x9fc2c25dUL, 0xbdd3d36eUL, 0x43acacefUL, 0xc46262a6UL, 74 74 + 0x399191a8UL, 0x319595a4UL, 0xd3e4e437UL, 0xf279798bUL, 75 75 + 0xd5e7e732UL, 0x8bc8c843UL, 0x6e373759UL, 0xda6d6db7UL, 76 76 + 0x018d8d8cUL, 0xb1d5d564UL, 0x9c4e4ed2UL, 0x49a9a9e0UL, 77 77 + 0xd86c6cb4UL, 0xac5656faUL, 0xf3f4f407UL, 0xcfeaea25UL, 78 78 + 0xca6565afUL, 0xf47a7a8eUL, 0x47aeaee9UL, 0x10080818UL, 79 79 + 0x6fbabad5UL, 0xf0787888UL, 0x4a25256fUL, 0x5c2e2e72UL, 80 80 + 0x381c1c24UL, 0x57a6a6f1UL, 0x73b4b4c7UL, 0x97c6c651UL, 81 81 + 0xcbe8e823UL, 0xa1dddd7cUL, 0xe874749cUL, 0x3e1f1f21UL, 82 82 + 0x964b4bddUL, 0x61bdbddcUL, 0x0d8b8b86UL, 0x0f8a8a85UL, 83 83 + 0xe0707090UL, 0x7c3e3e42UL, 0x71b5b5c4UL, 0xcc6666aaUL, 84 84 + 0x904848d8UL, 0x06030305UL, 0xf7f6f601UL, 0x1c0e0e12UL, 85 85 + 0xc26161a3UL, 0x6a35355fUL, 0xae5757f9UL, 0x69b9b9d0UL, 86 86 + 0x17868691UL, 0x99c1c158UL, 0x3a1d1d27UL, 0x279e9eb9UL, 87 87 + 0xd9e1e138UL, 0xebf8f813UL, 0x2b9898b3UL, 0x22111133UL, 88 88 + 0xd26969bbUL, 0xa9d9d970UL, 0x078e8e89UL, 0x339494a7UL, 89 89 + 0x2d9b9bb6UL, 0x3c1e1e22UL, 0x15878792UL, 0xc9e9e920UL, 90 90 + 0x87cece49UL, 0xaa5555ffUL, 0x50282878UL, 0xa5dfdf7aUL, 91 91 + 0x038c8c8fUL, 0x59a1a1f8UL, 0x09898980UL, 0x1a0d0d17UL, 92 92 + 0x65bfbfdaUL, 0xd7e6e631UL, 0x844242c6UL, 0xd06868b8UL, 93 93 + 0x824141c3UL, 0x299999b0UL, 0x5a2d2d77UL, 0x1e0f0f11UL, 94 94 + 0x7bb0b0cbUL, 0xa85454fcUL, 0x6dbbbbd6UL, 0x2c16163aUL, 95 95 + }; 96 96 + 97 97 + #if !defined(PELI_TAB) && defined(LTC_SMALL_CODE) 98 98 + static const ulong32 Te4[256] = { 99 99 + 0x63636363UL, 0x7c7c7c7cUL, 0x77777777UL, 0x7b7b7b7bUL, 100 100 + 0xf2f2f2f2UL, 0x6b6b6b6bUL, 0x6f6f6f6fUL, 0xc5c5c5c5UL, 101 101 + 0x30303030UL, 0x01010101UL, 0x67676767UL, 0x2b2b2b2bUL, 102 102 + 0xfefefefeUL, 0xd7d7d7d7UL, 0xababababUL, 0x76767676UL, 103 103 + 0xcacacacaUL, 0x82828282UL, 0xc9c9c9c9UL, 0x7d7d7d7dUL, 104 104 + 0xfafafafaUL, 0x59595959UL, 0x47474747UL, 0xf0f0f0f0UL, 105 105 + 0xadadadadUL, 0xd4d4d4d4UL, 0xa2a2a2a2UL, 0xafafafafUL, 106 106 + 0x9c9c9c9cUL, 0xa4a4a4a4UL, 0x72727272UL, 0xc0c0c0c0UL, 107 107 + 0xb7b7b7b7UL, 0xfdfdfdfdUL, 0x93939393UL, 0x26262626UL, 108 108 + 0x36363636UL, 0x3f3f3f3fUL, 0xf7f7f7f7UL, 0xccccccccUL, 109 109 + 0x34343434UL, 0xa5a5a5a5UL, 0xe5e5e5e5UL, 0xf1f1f1f1UL, 110 110 + 0x71717171UL, 0xd8d8d8d8UL, 0x31313131UL, 0x15151515UL, 111 111 + 0x04040404UL, 0xc7c7c7c7UL, 0x23232323UL, 0xc3c3c3c3UL, 112 112 + 0x18181818UL, 0x96969696UL, 0x05050505UL, 0x9a9a9a9aUL, 113 113 + 0x07070707UL, 0x12121212UL, 0x80808080UL, 0xe2e2e2e2UL, 114 114 + 0xebebebebUL, 0x27272727UL, 0xb2b2b2b2UL, 0x75757575UL, 115 115 + 0x09090909UL, 0x83838383UL, 0x2c2c2c2cUL, 0x1a1a1a1aUL, 116 116 + 0x1b1b1b1bUL, 0x6e6e6e6eUL, 0x5a5a5a5aUL, 0xa0a0a0a0UL, 117 117 + 0x52525252UL, 0x3b3b3b3bUL, 0xd6d6d6d6UL, 0xb3b3b3b3UL, 118 118 + 0x29292929UL, 0xe3e3e3e3UL, 0x2f2f2f2fUL, 0x84848484UL, 119 119 + 0x53535353UL, 0xd1d1d1d1UL, 0x00000000UL, 0xededededUL, 120 120 + 0x20202020UL, 0xfcfcfcfcUL, 0xb1b1b1b1UL, 0x5b5b5b5bUL, 121 121 + 0x6a6a6a6aUL, 0xcbcbcbcbUL, 0xbebebebeUL, 0x39393939UL, 122 122 + 0x4a4a4a4aUL, 0x4c4c4c4cUL, 0x58585858UL, 0xcfcfcfcfUL, 123 123 + 0xd0d0d0d0UL, 0xefefefefUL, 0xaaaaaaaaUL, 0xfbfbfbfbUL, 124 124 + 0x43434343UL, 0x4d4d4d4dUL, 0x33333333UL, 0x85858585UL, 125 125 + 0x45454545UL, 0xf9f9f9f9UL, 0x02020202UL, 0x7f7f7f7fUL, 126 126 + 0x50505050UL, 0x3c3c3c3cUL, 0x9f9f9f9fUL, 0xa8a8a8a8UL, 127 127 + 0x51515151UL, 0xa3a3a3a3UL, 0x40404040UL, 0x8f8f8f8fUL, 128 128 + 0x92929292UL, 0x9d9d9d9dUL, 0x38383838UL, 0xf5f5f5f5UL, 129 129 + 0xbcbcbcbcUL, 0xb6b6b6b6UL, 0xdadadadaUL, 0x21212121UL, 130 130 + 0x10101010UL, 0xffffffffUL, 0xf3f3f3f3UL, 0xd2d2d2d2UL, 131 131 + 0xcdcdcdcdUL, 0x0c0c0c0cUL, 0x13131313UL, 0xececececUL, 132 132 + 0x5f5f5f5fUL, 0x97979797UL, 0x44444444UL, 0x17171717UL, 133 133 + 0xc4c4c4c4UL, 0xa7a7a7a7UL, 0x7e7e7e7eUL, 0x3d3d3d3dUL, 134 134 + 0x64646464UL, 0x5d5d5d5dUL, 0x19191919UL, 0x73737373UL, 135 135 + 0x60606060UL, 0x81818181UL, 0x4f4f4f4fUL, 0xdcdcdcdcUL, 136 136 + 0x22222222UL, 0x2a2a2a2aUL, 0x90909090UL, 0x88888888UL, 137 137 + 0x46464646UL, 0xeeeeeeeeUL, 0xb8b8b8b8UL, 0x14141414UL, 138 138 + 0xdedededeUL, 0x5e5e5e5eUL, 0x0b0b0b0bUL, 0xdbdbdbdbUL, 139 139 + 0xe0e0e0e0UL, 0x32323232UL, 0x3a3a3a3aUL, 0x0a0a0a0aUL, 140 140 + 0x49494949UL, 0x06060606UL, 0x24242424UL, 0x5c5c5c5cUL, 141 141 + 0xc2c2c2c2UL, 0xd3d3d3d3UL, 0xacacacacUL, 0x62626262UL, 142 142 + 0x91919191UL, 0x95959595UL, 0xe4e4e4e4UL, 0x79797979UL, 143 143 + 0xe7e7e7e7UL, 0xc8c8c8c8UL, 0x37373737UL, 0x6d6d6d6dUL, 144 144 + 0x8d8d8d8dUL, 0xd5d5d5d5UL, 0x4e4e4e4eUL, 0xa9a9a9a9UL, 145 145 + 0x6c6c6c6cUL, 0x56565656UL, 0xf4f4f4f4UL, 0xeaeaeaeaUL, 146 146 + 0x65656565UL, 0x7a7a7a7aUL, 0xaeaeaeaeUL, 0x08080808UL, 147 147 + 0xbabababaUL, 0x78787878UL, 0x25252525UL, 0x2e2e2e2eUL, 148 148 + 0x1c1c1c1cUL, 0xa6a6a6a6UL, 0xb4b4b4b4UL, 0xc6c6c6c6UL, 149 149 + 0xe8e8e8e8UL, 0xddddddddUL, 0x74747474UL, 0x1f1f1f1fUL, 150 150 + 0x4b4b4b4bUL, 0xbdbdbdbdUL, 0x8b8b8b8bUL, 0x8a8a8a8aUL, 151 151 + 0x70707070UL, 0x3e3e3e3eUL, 0xb5b5b5b5UL, 0x66666666UL, 152 152 + 0x48484848UL, 0x03030303UL, 0xf6f6f6f6UL, 0x0e0e0e0eUL, 153 153 + 0x61616161UL, 0x35353535UL, 0x57575757UL, 0xb9b9b9b9UL, 154 154 + 0x86868686UL, 0xc1c1c1c1UL, 0x1d1d1d1dUL, 0x9e9e9e9eUL, 155 155 + 0xe1e1e1e1UL, 0xf8f8f8f8UL, 0x98989898UL, 0x11111111UL, 156 156 + 0x69696969UL, 0xd9d9d9d9UL, 0x8e8e8e8eUL, 0x94949494UL, 157 157 + 0x9b9b9b9bUL, 0x1e1e1e1eUL, 0x87878787UL, 0xe9e9e9e9UL, 158 158 + 0xcecececeUL, 0x55555555UL, 0x28282828UL, 0xdfdfdfdfUL, 159 159 + 0x8c8c8c8cUL, 0xa1a1a1a1UL, 0x89898989UL, 0x0d0d0d0dUL, 160 160 + 0xbfbfbfbfUL, 0xe6e6e6e6UL, 0x42424242UL, 0x68686868UL, 161 161 + 0x41414141UL, 0x99999999UL, 0x2d2d2d2dUL, 0x0f0f0f0fUL, 162 162 + 0xb0b0b0b0UL, 0x54545454UL, 0xbbbbbbbbUL, 0x16161616UL, 163 163 + }; 164 164 + #endif 165 165 + 166 166 + #ifndef ENCRYPT_ONLY 167 167 + 168 168 + static const ulong32 TD0[256] = { 169 169 + 0x51f4a750UL, 0x7e416553UL, 0x1a17a4c3UL, 0x3a275e96UL, 170 170 + 0x3bab6bcbUL, 0x1f9d45f1UL, 0xacfa58abUL, 0x4be30393UL, 171 171 + 0x2030fa55UL, 0xad766df6UL, 0x88cc7691UL, 0xf5024c25UL, 172 172 + 0x4fe5d7fcUL, 0xc52acbd7UL, 0x26354480UL, 0xb562a38fUL, 173 173 + 0xdeb15a49UL, 0x25ba1b67UL, 0x45ea0e98UL, 0x5dfec0e1UL, 174 174 + 0xc32f7502UL, 0x814cf012UL, 0x8d4697a3UL, 0x6bd3f9c6UL, 175 175 + 0x038f5fe7UL, 0x15929c95UL, 0xbf6d7aebUL, 0x955259daUL, 176 176 + 0xd4be832dUL, 0x587421d3UL, 0x49e06929UL, 0x8ec9c844UL, 177 177 + 0x75c2896aUL, 0xf48e7978UL, 0x99583e6bUL, 0x27b971ddUL, 178 178 + 0xbee14fb6UL, 0xf088ad17UL, 0xc920ac66UL, 0x7dce3ab4UL, 179 179 + 0x63df4a18UL, 0xe51a3182UL, 0x97513360UL, 0x62537f45UL, 180 180 + 0xb16477e0UL, 0xbb6bae84UL, 0xfe81a01cUL, 0xf9082b94UL, 181 181 + 0x70486858UL, 0x8f45fd19UL, 0x94de6c87UL, 0x527bf8b7UL, 182 182 + 0xab73d323UL, 0x724b02e2UL, 0xe31f8f57UL, 0x6655ab2aUL, 183 183 + 0xb2eb2807UL, 0x2fb5c203UL, 0x86c57b9aUL, 0xd33708a5UL, 184 184 + 0x302887f2UL, 0x23bfa5b2UL, 0x02036abaUL, 0xed16825cUL, 185 185 + 0x8acf1c2bUL, 0xa779b492UL, 0xf307f2f0UL, 0x4e69e2a1UL, 186 186 + 0x65daf4cdUL, 0x0605bed5UL, 0xd134621fUL, 0xc4a6fe8aUL, 187 187 + 0x342e539dUL, 0xa2f355a0UL, 0x058ae132UL, 0xa4f6eb75UL, 188 188 + 0x0b83ec39UL, 0x4060efaaUL, 0x5e719f06UL, 0xbd6e1051UL, 189 189 + 0x3e218af9UL, 0x96dd063dUL, 0xdd3e05aeUL, 0x4de6bd46UL, 190 190 + 0x91548db5UL, 0x71c45d05UL, 0x0406d46fUL, 0x605015ffUL, 191 191 + 0x1998fb24UL, 0xd6bde997UL, 0x894043ccUL, 0x67d99e77UL, 192 192 + 0xb0e842bdUL, 0x07898b88UL, 0xe7195b38UL, 0x79c8eedbUL, 193 193 + 0xa17c0a47UL, 0x7c420fe9UL, 0xf8841ec9UL, 0x00000000UL, 194 194 + 0x09808683UL, 0x322bed48UL, 0x1e1170acUL, 0x6c5a724eUL, 195 195 + 0xfd0efffbUL, 0x0f853856UL, 0x3daed51eUL, 0x362d3927UL, 196 196 + 0x0a0fd964UL, 0x685ca621UL, 0x9b5b54d1UL, 0x24362e3aUL, 197 197 + 0x0c0a67b1UL, 0x9357e70fUL, 0xb4ee96d2UL, 0x1b9b919eUL, 198 198 + 0x80c0c54fUL, 0x61dc20a2UL, 0x5a774b69UL, 0x1c121a16UL, 199 199 + 0xe293ba0aUL, 0xc0a02ae5UL, 0x3c22e043UL, 0x121b171dUL, 200 200 + 0x0e090d0bUL, 0xf28bc7adUL, 0x2db6a8b9UL, 0x141ea9c8UL, 201 201 + 0x57f11985UL, 0xaf75074cUL, 0xee99ddbbUL, 0xa37f60fdUL, 202 202 + 0xf701269fUL, 0x5c72f5bcUL, 0x44663bc5UL, 0x5bfb7e34UL, 203 203 + 0x8b432976UL, 0xcb23c6dcUL, 0xb6edfc68UL, 0xb8e4f163UL, 204 204 + 0xd731dccaUL, 0x42638510UL, 0x13972240UL, 0x84c61120UL, 205 205 + 0x854a247dUL, 0xd2bb3df8UL, 0xaef93211UL, 0xc729a16dUL, 206 206 + 0x1d9e2f4bUL, 0xdcb230f3UL, 0x0d8652ecUL, 0x77c1e3d0UL, 207 207 + 0x2bb3166cUL, 0xa970b999UL, 0x119448faUL, 0x47e96422UL, 208 208 + 0xa8fc8cc4UL, 0xa0f03f1aUL, 0x567d2cd8UL, 0x223390efUL, 209 209 + 0x87494ec7UL, 0xd938d1c1UL, 0x8ccaa2feUL, 0x98d40b36UL, 210 210 + 0xa6f581cfUL, 0xa57ade28UL, 0xdab78e26UL, 0x3fadbfa4UL, 211 211 + 0x2c3a9de4UL, 0x5078920dUL, 0x6a5fcc9bUL, 0x547e4662UL, 212 212 + 0xf68d13c2UL, 0x90d8b8e8UL, 0x2e39f75eUL, 0x82c3aff5UL, 213 213 + 0x9f5d80beUL, 0x69d0937cUL, 0x6fd52da9UL, 0xcf2512b3UL, 214 214 + 0xc8ac993bUL, 0x10187da7UL, 0xe89c636eUL, 0xdb3bbb7bUL, 215 215 + 0xcd267809UL, 0x6e5918f4UL, 0xec9ab701UL, 0x834f9aa8UL, 216 216 + 0xe6956e65UL, 0xaaffe67eUL, 0x21bccf08UL, 0xef15e8e6UL, 217 217 + 0xbae79bd9UL, 0x4a6f36ceUL, 0xea9f09d4UL, 0x29b07cd6UL, 218 218 + 0x31a4b2afUL, 0x2a3f2331UL, 0xc6a59430UL, 0x35a266c0UL, 219 219 + 0x744ebc37UL, 0xfc82caa6UL, 0xe090d0b0UL, 0x33a7d815UL, 220 220 + 0xf104984aUL, 0x41ecdaf7UL, 0x7fcd500eUL, 0x1791f62fUL, 221 221 + 0x764dd68dUL, 0x43efb04dUL, 0xccaa4d54UL, 0xe49604dfUL, 222 222 + 0x9ed1b5e3UL, 0x4c6a881bUL, 0xc12c1fb8UL, 0x4665517fUL, 223 223 + 0x9d5eea04UL, 0x018c355dUL, 0xfa877473UL, 0xfb0b412eUL, 224 224 + 0xb3671d5aUL, 0x92dbd252UL, 0xe9105633UL, 0x6dd64713UL, 225 225 + 0x9ad7618cUL, 0x37a10c7aUL, 0x59f8148eUL, 0xeb133c89UL, 226 226 + 0xcea927eeUL, 0xb761c935UL, 0xe11ce5edUL, 0x7a47b13cUL, 227 227 + 0x9cd2df59UL, 0x55f2733fUL, 0x1814ce79UL, 0x73c737bfUL, 228 228 + 0x53f7cdeaUL, 0x5ffdaa5bUL, 0xdf3d6f14UL, 0x7844db86UL, 229 229 + 0xcaaff381UL, 0xb968c43eUL, 0x3824342cUL, 0xc2a3405fUL, 230 230 + 0x161dc372UL, 0xbce2250cUL, 0x283c498bUL, 0xff0d9541UL, 231 231 + 0x39a80171UL, 0x080cb3deUL, 0xd8b4e49cUL, 0x6456c190UL, 232 232 + 0x7bcb8461UL, 0xd532b670UL, 0x486c5c74UL, 0xd0b85742UL, 233 233 + }; 234 234 + 235 235 + static const ulong32 Td4[256] = { 236 236 + 0x52525252UL, 0x09090909UL, 0x6a6a6a6aUL, 0xd5d5d5d5UL, 237 237 + 0x30303030UL, 0x36363636UL, 0xa5a5a5a5UL, 0x38383838UL, 238 238 + 0xbfbfbfbfUL, 0x40404040UL, 0xa3a3a3a3UL, 0x9e9e9e9eUL, 239 239 + 0x81818181UL, 0xf3f3f3f3UL, 0xd7d7d7d7UL, 0xfbfbfbfbUL, 240 240 + 0x7c7c7c7cUL, 0xe3e3e3e3UL, 0x39393939UL, 0x82828282UL, 241 241 + 0x9b9b9b9bUL, 0x2f2f2f2fUL, 0xffffffffUL, 0x87878787UL, 242 242 + 0x34343434UL, 0x8e8e8e8eUL, 0x43434343UL, 0x44444444UL, 243 243 + 0xc4c4c4c4UL, 0xdedededeUL, 0xe9e9e9e9UL, 0xcbcbcbcbUL, 244 244 + 0x54545454UL, 0x7b7b7b7bUL, 0x94949494UL, 0x32323232UL, 245 245 + 0xa6a6a6a6UL, 0xc2c2c2c2UL, 0x23232323UL, 0x3d3d3d3dUL, 246 246 + 0xeeeeeeeeUL, 0x4c4c4c4cUL, 0x95959595UL, 0x0b0b0b0bUL, 247 247 + 0x42424242UL, 0xfafafafaUL, 0xc3c3c3c3UL, 0x4e4e4e4eUL, 248 248 + 0x08080808UL, 0x2e2e2e2eUL, 0xa1a1a1a1UL, 0x66666666UL, 249 249 + 0x28282828UL, 0xd9d9d9d9UL, 0x24242424UL, 0xb2b2b2b2UL, 250 250 + 0x76767676UL, 0x5b5b5b5bUL, 0xa2a2a2a2UL, 0x49494949UL, 251 251 + 0x6d6d6d6dUL, 0x8b8b8b8bUL, 0xd1d1d1d1UL, 0x25252525UL, 252 252 + 0x72727272UL, 0xf8f8f8f8UL, 0xf6f6f6f6UL, 0x64646464UL, 253 253 + 0x86868686UL, 0x68686868UL, 0x98989898UL, 0x16161616UL, 254 254 + 0xd4d4d4d4UL, 0xa4a4a4a4UL, 0x5c5c5c5cUL, 0xccccccccUL, 255 255 + 0x5d5d5d5dUL, 0x65656565UL, 0xb6b6b6b6UL, 0x92929292UL, 256 256 + 0x6c6c6c6cUL, 0x70707070UL, 0x48484848UL, 0x50505050UL, 257 257 + 0xfdfdfdfdUL, 0xededededUL, 0xb9b9b9b9UL, 0xdadadadaUL, 258 258 + 0x5e5e5e5eUL, 0x15151515UL, 0x46464646UL, 0x57575757UL, 259 259 + 0xa7a7a7a7UL, 0x8d8d8d8dUL, 0x9d9d9d9dUL, 0x84848484UL, 260 260 + 0x90909090UL, 0xd8d8d8d8UL, 0xababababUL, 0x00000000UL, 261 261 + 0x8c8c8c8cUL, 0xbcbcbcbcUL, 0xd3d3d3d3UL, 0x0a0a0a0aUL, 262 262 + 0xf7f7f7f7UL, 0xe4e4e4e4UL, 0x58585858UL, 0x05050505UL, 263 263 + 0xb8b8b8b8UL, 0xb3b3b3b3UL, 0x45454545UL, 0x06060606UL, 264 264 + 0xd0d0d0d0UL, 0x2c2c2c2cUL, 0x1e1e1e1eUL, 0x8f8f8f8fUL, 265 265 + 0xcacacacaUL, 0x3f3f3f3fUL, 0x0f0f0f0fUL, 0x02020202UL, 266 266 + 0xc1c1c1c1UL, 0xafafafafUL, 0xbdbdbdbdUL, 0x03030303UL, 267 267 + 0x01010101UL, 0x13131313UL, 0x8a8a8a8aUL, 0x6b6b6b6bUL, 268 268 + 0x3a3a3a3aUL, 0x91919191UL, 0x11111111UL, 0x41414141UL, 269 269 + 0x4f4f4f4fUL, 0x67676767UL, 0xdcdcdcdcUL, 0xeaeaeaeaUL, 270 270 + 0x97979797UL, 0xf2f2f2f2UL, 0xcfcfcfcfUL, 0xcecececeUL, 271 271 + 0xf0f0f0f0UL, 0xb4b4b4b4UL, 0xe6e6e6e6UL, 0x73737373UL, 272 272 + 0x96969696UL, 0xacacacacUL, 0x74747474UL, 0x22222222UL, 273 273 + 0xe7e7e7e7UL, 0xadadadadUL, 0x35353535UL, 0x85858585UL, 274 274 + 0xe2e2e2e2UL, 0xf9f9f9f9UL, 0x37373737UL, 0xe8e8e8e8UL, 275 275 + 0x1c1c1c1cUL, 0x75757575UL, 0xdfdfdfdfUL, 0x6e6e6e6eUL, 276 276 + 0x47474747UL, 0xf1f1f1f1UL, 0x1a1a1a1aUL, 0x71717171UL, 277 277 + 0x1d1d1d1dUL, 0x29292929UL, 0xc5c5c5c5UL, 0x89898989UL, 278 278 + 0x6f6f6f6fUL, 0xb7b7b7b7UL, 0x62626262UL, 0x0e0e0e0eUL, 279 279 + 0xaaaaaaaaUL, 0x18181818UL, 0xbebebebeUL, 0x1b1b1b1bUL, 280 280 + 0xfcfcfcfcUL, 0x56565656UL, 0x3e3e3e3eUL, 0x4b4b4b4bUL, 281 281 + 0xc6c6c6c6UL, 0xd2d2d2d2UL, 0x79797979UL, 0x20202020UL, 282 282 + 0x9a9a9a9aUL, 0xdbdbdbdbUL, 0xc0c0c0c0UL, 0xfefefefeUL, 283 283 + 0x78787878UL, 0xcdcdcdcdUL, 0x5a5a5a5aUL, 0xf4f4f4f4UL, 284 284 + 0x1f1f1f1fUL, 0xddddddddUL, 0xa8a8a8a8UL, 0x33333333UL, 285 285 + 0x88888888UL, 0x07070707UL, 0xc7c7c7c7UL, 0x31313131UL, 286 286 + 0xb1b1b1b1UL, 0x12121212UL, 0x10101010UL, 0x59595959UL, 287 287 + 0x27272727UL, 0x80808080UL, 0xececececUL, 0x5f5f5f5fUL, 288 288 + 0x60606060UL, 0x51515151UL, 0x7f7f7f7fUL, 0xa9a9a9a9UL, 289 289 + 0x19191919UL, 0xb5b5b5b5UL, 0x4a4a4a4aUL, 0x0d0d0d0dUL, 290 290 + 0x2d2d2d2dUL, 0xe5e5e5e5UL, 0x7a7a7a7aUL, 0x9f9f9f9fUL, 291 291 + 0x93939393UL, 0xc9c9c9c9UL, 0x9c9c9c9cUL, 0xefefefefUL, 292 292 + 0xa0a0a0a0UL, 0xe0e0e0e0UL, 0x3b3b3b3bUL, 0x4d4d4d4dUL, 293 293 + 0xaeaeaeaeUL, 0x2a2a2a2aUL, 0xf5f5f5f5UL, 0xb0b0b0b0UL, 294 294 + 0xc8c8c8c8UL, 0xebebebebUL, 0xbbbbbbbbUL, 0x3c3c3c3cUL, 295 295 + 0x83838383UL, 0x53535353UL, 0x99999999UL, 0x61616161UL, 296 296 + 0x17171717UL, 0x2b2b2b2bUL, 0x04040404UL, 0x7e7e7e7eUL, 297 297 + 0xbabababaUL, 0x77777777UL, 0xd6d6d6d6UL, 0x26262626UL, 298 298 + 0xe1e1e1e1UL, 0x69696969UL, 0x14141414UL, 0x63636363UL, 299 299 + 0x55555555UL, 0x21212121UL, 0x0c0c0c0cUL, 0x7d7d7d7dUL, 300 300 + }; 301 301 + 302 302 + #endif /* ENCRYPT_ONLY */ 303 303 + 304 304 + #ifdef LTC_SMALL_CODE 305 305 + 306 306 + #define Te0(x) TE0[x] 307 307 + #define Te1(x) RORc(TE0[x], 8) 308 308 + #define Te2(x) RORc(TE0[x], 16) 309 309 + #define Te3(x) RORc(TE0[x], 24) 310 310 + 311 311 + #define Td0(x) TD0[x] 312 312 + #define Td1(x) RORc(TD0[x], 8) 313 313 + #define Td2(x) RORc(TD0[x], 16) 314 314 + #define Td3(x) RORc(TD0[x], 24) 315 315 + 316 316 + #define Te4_0 0x000000FF & Te4 317 317 + #define Te4_1 0x0000FF00 & Te4 318 318 + #define Te4_2 0x00FF0000 & Te4 319 319 + #define Te4_3 0xFF000000 & Te4 320 320 + 321 321 + #else 322 322 + 323 323 + #define Te0(x) TE0[x] 324 324 + #define Te1(x) TE1[x] 325 325 + #define Te2(x) TE2[x] 326 326 + #define Te3(x) TE3[x] 327 327 + 328 328 + #define Td0(x) TD0[x] 329 329 + #define Td1(x) TD1[x] 330 330 + #define Td2(x) TD2[x] 331 331 + #define Td3(x) TD3[x] 332 332 + 333 333 + static const ulong32 TE1[256] = { 334 334 + 0xa5c66363UL, 0x84f87c7cUL, 0x99ee7777UL, 0x8df67b7bUL, 335 335 + 0x0dfff2f2UL, 0xbdd66b6bUL, 0xb1de6f6fUL, 0x5491c5c5UL, 336 336 + 0x50603030UL, 0x03020101UL, 0xa9ce6767UL, 0x7d562b2bUL, 337 337 + 0x19e7fefeUL, 0x62b5d7d7UL, 0xe64dababUL, 0x9aec7676UL, 338 338 + 0x458fcacaUL, 0x9d1f8282UL, 0x4089c9c9UL, 0x87fa7d7dUL, 339 339 + 0x15effafaUL, 0xebb25959UL, 0xc98e4747UL, 0x0bfbf0f0UL, 340 340 + 0xec41adadUL, 0x67b3d4d4UL, 0xfd5fa2a2UL, 0xea45afafUL, 341 341 + 0xbf239c9cUL, 0xf753a4a4UL, 0x96e47272UL, 0x5b9bc0c0UL, 342 342 + 0xc275b7b7UL, 0x1ce1fdfdUL, 0xae3d9393UL, 0x6a4c2626UL, 343 343 + 0x5a6c3636UL, 0x417e3f3fUL, 0x02f5f7f7UL, 0x4f83ccccUL, 344 344 + 0x5c683434UL, 0xf451a5a5UL, 0x34d1e5e5UL, 0x08f9f1f1UL, 345 345 + 0x93e27171UL, 0x73abd8d8UL, 0x53623131UL, 0x3f2a1515UL, 346 346 + 0x0c080404UL, 0x5295c7c7UL, 0x65462323UL, 0x5e9dc3c3UL, 347 347 + 0x28301818UL, 0xa1379696UL, 0x0f0a0505UL, 0xb52f9a9aUL, 348 348 + 0x090e0707UL, 0x36241212UL, 0x9b1b8080UL, 0x3ddfe2e2UL, 349 349 + 0x26cdebebUL, 0x694e2727UL, 0xcd7fb2b2UL, 0x9fea7575UL, 350 350 + 0x1b120909UL, 0x9e1d8383UL, 0x74582c2cUL, 0x2e341a1aUL, 351 351 + 0x2d361b1bUL, 0xb2dc6e6eUL, 0xeeb45a5aUL, 0xfb5ba0a0UL, 352 352 + 0xf6a45252UL, 0x4d763b3bUL, 0x61b7d6d6UL, 0xce7db3b3UL, 353 353 + 0x7b522929UL, 0x3edde3e3UL, 0x715e2f2fUL, 0x97138484UL, 354 354 + 0xf5a65353UL, 0x68b9d1d1UL, 0x00000000UL, 0x2cc1ededUL, 355 355 + 0x60402020UL, 0x1fe3fcfcUL, 0xc879b1b1UL, 0xedb65b5bUL, 356 356 + 0xbed46a6aUL, 0x468dcbcbUL, 0xd967bebeUL, 0x4b723939UL, 357 357 + 0xde944a4aUL, 0xd4984c4cUL, 0xe8b05858UL, 0x4a85cfcfUL, 358 358 + 0x6bbbd0d0UL, 0x2ac5efefUL, 0xe54faaaaUL, 0x16edfbfbUL, 359 359 + 0xc5864343UL, 0xd79a4d4dUL, 0x55663333UL, 0x94118585UL, 360 360 + 0xcf8a4545UL, 0x10e9f9f9UL, 0x06040202UL, 0x81fe7f7fUL, 361 361 + 0xf0a05050UL, 0x44783c3cUL, 0xba259f9fUL, 0xe34ba8a8UL, 362 362 + 0xf3a25151UL, 0xfe5da3a3UL, 0xc0804040UL, 0x8a058f8fUL, 363 363 + 0xad3f9292UL, 0xbc219d9dUL, 0x48703838UL, 0x04f1f5f5UL, 364 364 + 0xdf63bcbcUL, 0xc177b6b6UL, 0x75afdadaUL, 0x63422121UL, 365 365 + 0x30201010UL, 0x1ae5ffffUL, 0x0efdf3f3UL, 0x6dbfd2d2UL, 366 366 + 0x4c81cdcdUL, 0x14180c0cUL, 0x35261313UL, 0x2fc3ececUL, 367 367 + 0xe1be5f5fUL, 0xa2359797UL, 0xcc884444UL, 0x392e1717UL, 368 368 + 0x5793c4c4UL, 0xf255a7a7UL, 0x82fc7e7eUL, 0x477a3d3dUL, 369 369 + 0xacc86464UL, 0xe7ba5d5dUL, 0x2b321919UL, 0x95e67373UL, 370 370 + 0xa0c06060UL, 0x98198181UL, 0xd19e4f4fUL, 0x7fa3dcdcUL, 371 371 + 0x66442222UL, 0x7e542a2aUL, 0xab3b9090UL, 0x830b8888UL, 372 372 + 0xca8c4646UL, 0x29c7eeeeUL, 0xd36bb8b8UL, 0x3c281414UL, 373 373 + 0x79a7dedeUL, 0xe2bc5e5eUL, 0x1d160b0bUL, 0x76addbdbUL, 374 374 + 0x3bdbe0e0UL, 0x56643232UL, 0x4e743a3aUL, 0x1e140a0aUL, 375 375 + 0xdb924949UL, 0x0a0c0606UL, 0x6c482424UL, 0xe4b85c5cUL, 376 376 + 0x5d9fc2c2UL, 0x6ebdd3d3UL, 0xef43acacUL, 0xa6c46262UL, 377 377 + 0xa8399191UL, 0xa4319595UL, 0x37d3e4e4UL, 0x8bf27979UL, 378 378 + 0x32d5e7e7UL, 0x438bc8c8UL, 0x596e3737UL, 0xb7da6d6dUL, 379 379 + 0x8c018d8dUL, 0x64b1d5d5UL, 0xd29c4e4eUL, 0xe049a9a9UL, 380 380 + 0xb4d86c6cUL, 0xfaac5656UL, 0x07f3f4f4UL, 0x25cfeaeaUL, 381 381 + 0xafca6565UL, 0x8ef47a7aUL, 0xe947aeaeUL, 0x18100808UL, 382 382 + 0xd56fbabaUL, 0x88f07878UL, 0x6f4a2525UL, 0x725c2e2eUL, 383 383 + 0x24381c1cUL, 0xf157a6a6UL, 0xc773b4b4UL, 0x5197c6c6UL, 384 384 + 0x23cbe8e8UL, 0x7ca1ddddUL, 0x9ce87474UL, 0x213e1f1fUL, 385 385 + 0xdd964b4bUL, 0xdc61bdbdUL, 0x860d8b8bUL, 0x850f8a8aUL, 386 386 + 0x90e07070UL, 0x427c3e3eUL, 0xc471b5b5UL, 0xaacc6666UL, 387 387 + 0xd8904848UL, 0x05060303UL, 0x01f7f6f6UL, 0x121c0e0eUL, 388 388 + 0xa3c26161UL, 0x5f6a3535UL, 0xf9ae5757UL, 0xd069b9b9UL, 389 389 + 0x91178686UL, 0x5899c1c1UL, 0x273a1d1dUL, 0xb9279e9eUL, 390 390 + 0x38d9e1e1UL, 0x13ebf8f8UL, 0xb32b9898UL, 0x33221111UL, 391 391 + 0xbbd26969UL, 0x70a9d9d9UL, 0x89078e8eUL, 0xa7339494UL, 392 392 + 0xb62d9b9bUL, 0x223c1e1eUL, 0x92158787UL, 0x20c9e9e9UL, 393 393 + 0x4987ceceUL, 0xffaa5555UL, 0x78502828UL, 0x7aa5dfdfUL, 394 394 + 0x8f038c8cUL, 0xf859a1a1UL, 0x80098989UL, 0x171a0d0dUL, 395 395 + 0xda65bfbfUL, 0x31d7e6e6UL, 0xc6844242UL, 0xb8d06868UL, 396 396 + 0xc3824141UL, 0xb0299999UL, 0x775a2d2dUL, 0x111e0f0fUL, 397 397 + 0xcb7bb0b0UL, 0xfca85454UL, 0xd66dbbbbUL, 0x3a2c1616UL, 398 398 + }; 399 399 + static const ulong32 TE2[256] = { 400 400 + 0x63a5c663UL, 0x7c84f87cUL, 0x7799ee77UL, 0x7b8df67bUL, 401 401 + 0xf20dfff2UL, 0x6bbdd66bUL, 0x6fb1de6fUL, 0xc55491c5UL, 402 402 + 0x30506030UL, 0x01030201UL, 0x67a9ce67UL, 0x2b7d562bUL, 403 403 + 0xfe19e7feUL, 0xd762b5d7UL, 0xabe64dabUL, 0x769aec76UL, 404 404 + 0xca458fcaUL, 0x829d1f82UL, 0xc94089c9UL, 0x7d87fa7dUL, 405 405 + 0xfa15effaUL, 0x59ebb259UL, 0x47c98e47UL, 0xf00bfbf0UL, 406 406 + 0xadec41adUL, 0xd467b3d4UL, 0xa2fd5fa2UL, 0xafea45afUL, 407 407 + 0x9cbf239cUL, 0xa4f753a4UL, 0x7296e472UL, 0xc05b9bc0UL, 408 408 + 0xb7c275b7UL, 0xfd1ce1fdUL, 0x93ae3d93UL, 0x266a4c26UL, 409 409 + 0x365a6c36UL, 0x3f417e3fUL, 0xf702f5f7UL, 0xcc4f83ccUL, 410 410 + 0x345c6834UL, 0xa5f451a5UL, 0xe534d1e5UL, 0xf108f9f1UL, 411 411 + 0x7193e271UL, 0xd873abd8UL, 0x31536231UL, 0x153f2a15UL, 412 412 + 0x040c0804UL, 0xc75295c7UL, 0x23654623UL, 0xc35e9dc3UL, 413 413 + 0x18283018UL, 0x96a13796UL, 0x050f0a05UL, 0x9ab52f9aUL, 414 414 + 0x07090e07UL, 0x12362412UL, 0x809b1b80UL, 0xe23ddfe2UL, 415 415 + 0xeb26cdebUL, 0x27694e27UL, 0xb2cd7fb2UL, 0x759fea75UL, 416 416 + 0x091b1209UL, 0x839e1d83UL, 0x2c74582cUL, 0x1a2e341aUL, 417 417 + 0x1b2d361bUL, 0x6eb2dc6eUL, 0x5aeeb45aUL, 0xa0fb5ba0UL, 418 418 + 0x52f6a452UL, 0x3b4d763bUL, 0xd661b7d6UL, 0xb3ce7db3UL, 419 419 + 0x297b5229UL, 0xe33edde3UL, 0x2f715e2fUL, 0x84971384UL, 420 420 + 0x53f5a653UL, 0xd168b9d1UL, 0x00000000UL, 0xed2cc1edUL, 421 421 + 0x20604020UL, 0xfc1fe3fcUL, 0xb1c879b1UL, 0x5bedb65bUL, 422 422 + 0x6abed46aUL, 0xcb468dcbUL, 0xbed967beUL, 0x394b7239UL, 423 423 + 0x4ade944aUL, 0x4cd4984cUL, 0x58e8b058UL, 0xcf4a85cfUL, 424 424 + 0xd06bbbd0UL, 0xef2ac5efUL, 0xaae54faaUL, 0xfb16edfbUL, 425 425 + 0x43c58643UL, 0x4dd79a4dUL, 0x33556633UL, 0x85941185UL, 426 426 + 0x45cf8a45UL, 0xf910e9f9UL, 0x02060402UL, 0x7f81fe7fUL, 427 427 + 0x50f0a050UL, 0x3c44783cUL, 0x9fba259fUL, 0xa8e34ba8UL, 428 428 + 0x51f3a251UL, 0xa3fe5da3UL, 0x40c08040UL, 0x8f8a058fUL, 429 429 + 0x92ad3f92UL, 0x9dbc219dUL, 0x38487038UL, 0xf504f1f5UL, 430 430 + 0xbcdf63bcUL, 0xb6c177b6UL, 0xda75afdaUL, 0x21634221UL, 431 431 + 0x10302010UL, 0xff1ae5ffUL, 0xf30efdf3UL, 0xd26dbfd2UL, 432 432 + 0xcd4c81cdUL, 0x0c14180cUL, 0x13352613UL, 0xec2fc3ecUL, 433 433 + 0x5fe1be5fUL, 0x97a23597UL, 0x44cc8844UL, 0x17392e17UL, 434 434 + 0xc45793c4UL, 0xa7f255a7UL, 0x7e82fc7eUL, 0x3d477a3dUL, 435 435 + 0x64acc864UL, 0x5de7ba5dUL, 0x192b3219UL, 0x7395e673UL, 436 436 + 0x60a0c060UL, 0x81981981UL, 0x4fd19e4fUL, 0xdc7fa3dcUL, 437 437 + 0x22664422UL, 0x2a7e542aUL, 0x90ab3b90UL, 0x88830b88UL, 438 438 + 0x46ca8c46UL, 0xee29c7eeUL, 0xb8d36bb8UL, 0x143c2814UL, 439 439 + 0xde79a7deUL, 0x5ee2bc5eUL, 0x0b1d160bUL, 0xdb76addbUL, 440 440 + 0xe03bdbe0UL, 0x32566432UL, 0x3a4e743aUL, 0x0a1e140aUL, 441 441 + 0x49db9249UL, 0x060a0c06UL, 0x246c4824UL, 0x5ce4b85cUL, 442 442 + 0xc25d9fc2UL, 0xd36ebdd3UL, 0xacef43acUL, 0x62a6c462UL, 443 443 + 0x91a83991UL, 0x95a43195UL, 0xe437d3e4UL, 0x798bf279UL, 444 444 + 0xe732d5e7UL, 0xc8438bc8UL, 0x37596e37UL, 0x6db7da6dUL, 445 445 + 0x8d8c018dUL, 0xd564b1d5UL, 0x4ed29c4eUL, 0xa9e049a9UL, 446 446 + 0x6cb4d86cUL, 0x56faac56UL, 0xf407f3f4UL, 0xea25cfeaUL, 447 447 + 0x65afca65UL, 0x7a8ef47aUL, 0xaee947aeUL, 0x08181008UL, 448 448 + 0xbad56fbaUL, 0x7888f078UL, 0x256f4a25UL, 0x2e725c2eUL, 449 449 + 0x1c24381cUL, 0xa6f157a6UL, 0xb4c773b4UL, 0xc65197c6UL, 450 450 + 0xe823cbe8UL, 0xdd7ca1ddUL, 0x749ce874UL, 0x1f213e1fUL, 451 451 + 0x4bdd964bUL, 0xbddc61bdUL, 0x8b860d8bUL, 0x8a850f8aUL, 452 452 + 0x7090e070UL, 0x3e427c3eUL, 0xb5c471b5UL, 0x66aacc66UL, 453 453 + 0x48d89048UL, 0x03050603UL, 0xf601f7f6UL, 0x0e121c0eUL, 454 454 + 0x61a3c261UL, 0x355f6a35UL, 0x57f9ae57UL, 0xb9d069b9UL, 455 455 + 0x86911786UL, 0xc15899c1UL, 0x1d273a1dUL, 0x9eb9279eUL, 456 456 + 0xe138d9e1UL, 0xf813ebf8UL, 0x98b32b98UL, 0x11332211UL, 457 457 + 0x69bbd269UL, 0xd970a9d9UL, 0x8e89078eUL, 0x94a73394UL, 458 458 + 0x9bb62d9bUL, 0x1e223c1eUL, 0x87921587UL, 0xe920c9e9UL, 459 459 + 0xce4987ceUL, 0x55ffaa55UL, 0x28785028UL, 0xdf7aa5dfUL, 460 460 + 0x8c8f038cUL, 0xa1f859a1UL, 0x89800989UL, 0x0d171a0dUL, 461 461 + 0xbfda65bfUL, 0xe631d7e6UL, 0x42c68442UL, 0x68b8d068UL, 462 462 + 0x41c38241UL, 0x99b02999UL, 0x2d775a2dUL, 0x0f111e0fUL, 463 463 + 0xb0cb7bb0UL, 0x54fca854UL, 0xbbd66dbbUL, 0x163a2c16UL, 464 464 + }; 465 465 + static const ulong32 TE3[256] = { 466 466 + 467 467 + 0x6363a5c6UL, 0x7c7c84f8UL, 0x777799eeUL, 0x7b7b8df6UL, 468 468 + 0xf2f20dffUL, 0x6b6bbdd6UL, 0x6f6fb1deUL, 0xc5c55491UL, 469 469 + 0x30305060UL, 0x01010302UL, 0x6767a9ceUL, 0x2b2b7d56UL, 470 470 + 0xfefe19e7UL, 0xd7d762b5UL, 0xababe64dUL, 0x76769aecUL, 471 471 + 0xcaca458fUL, 0x82829d1fUL, 0xc9c94089UL, 0x7d7d87faUL, 472 472 + 0xfafa15efUL, 0x5959ebb2UL, 0x4747c98eUL, 0xf0f00bfbUL, 473 473 + 0xadadec41UL, 0xd4d467b3UL, 0xa2a2fd5fUL, 0xafafea45UL, 474 474 + 0x9c9cbf23UL, 0xa4a4f753UL, 0x727296e4UL, 0xc0c05b9bUL, 475 475 + 0xb7b7c275UL, 0xfdfd1ce1UL, 0x9393ae3dUL, 0x26266a4cUL, 476 476 + 0x36365a6cUL, 0x3f3f417eUL, 0xf7f702f5UL, 0xcccc4f83UL, 477 477 + 0x34345c68UL, 0xa5a5f451UL, 0xe5e534d1UL, 0xf1f108f9UL, 478 478 + 0x717193e2UL, 0xd8d873abUL, 0x31315362UL, 0x15153f2aUL, 479 479 + 0x04040c08UL, 0xc7c75295UL, 0x23236546UL, 0xc3c35e9dUL, 480 480 + 0x18182830UL, 0x9696a137UL, 0x05050f0aUL, 0x9a9ab52fUL, 481 481 + 0x0707090eUL, 0x12123624UL, 0x80809b1bUL, 0xe2e23ddfUL, 482 482 + 0xebeb26cdUL, 0x2727694eUL, 0xb2b2cd7fUL, 0x75759feaUL, 483 483 + 0x09091b12UL, 0x83839e1dUL, 0x2c2c7458UL, 0x1a1a2e34UL, 484 484 + 0x1b1b2d36UL, 0x6e6eb2dcUL, 0x5a5aeeb4UL, 0xa0a0fb5bUL, 485 485 + 0x5252f6a4UL, 0x3b3b4d76UL, 0xd6d661b7UL, 0xb3b3ce7dUL, 486 486 + 0x29297b52UL, 0xe3e33eddUL, 0x2f2f715eUL, 0x84849713UL, 487 487 + 0x5353f5a6UL, 0xd1d168b9UL, 0x00000000UL, 0xeded2cc1UL, 488 488 + 0x20206040UL, 0xfcfc1fe3UL, 0xb1b1c879UL, 0x5b5bedb6UL, 489 489 + 0x6a6abed4UL, 0xcbcb468dUL, 0xbebed967UL, 0x39394b72UL, 490 490 + 0x4a4ade94UL, 0x4c4cd498UL, 0x5858e8b0UL, 0xcfcf4a85UL, 491 491 + 0xd0d06bbbUL, 0xefef2ac5UL, 0xaaaae54fUL, 0xfbfb16edUL, 492 492 + 0x4343c586UL, 0x4d4dd79aUL, 0x33335566UL, 0x85859411UL, 493 493 + 0x4545cf8aUL, 0xf9f910e9UL, 0x02020604UL, 0x7f7f81feUL, 494 494 + 0x5050f0a0UL, 0x3c3c4478UL, 0x9f9fba25UL, 0xa8a8e34bUL, 495 495 + 0x5151f3a2UL, 0xa3a3fe5dUL, 0x4040c080UL, 0x8f8f8a05UL, 496 496 + 0x9292ad3fUL, 0x9d9dbc21UL, 0x38384870UL, 0xf5f504f1UL, 497 497 + 0xbcbcdf63UL, 0xb6b6c177UL, 0xdada75afUL, 0x21216342UL, 498 498 + 0x10103020UL, 0xffff1ae5UL, 0xf3f30efdUL, 0xd2d26dbfUL, 499 499 + 0xcdcd4c81UL, 0x0c0c1418UL, 0x13133526UL, 0xecec2fc3UL, 500 500 + 0x5f5fe1beUL, 0x9797a235UL, 0x4444cc88UL, 0x1717392eUL, 501 501 + 0xc4c45793UL, 0xa7a7f255UL, 0x7e7e82fcUL, 0x3d3d477aUL, 502 502 + 0x6464acc8UL, 0x5d5de7baUL, 0x19192b32UL, 0x737395e6UL, 503 503 + 0x6060a0c0UL, 0x81819819UL, 0x4f4fd19eUL, 0xdcdc7fa3UL, 504 504 + 0x22226644UL, 0x2a2a7e54UL, 0x9090ab3bUL, 0x8888830bUL, 505 505 + 0x4646ca8cUL, 0xeeee29c7UL, 0xb8b8d36bUL, 0x14143c28UL, 506 506 + 0xdede79a7UL, 0x5e5ee2bcUL, 0x0b0b1d16UL, 0xdbdb76adUL, 507 507 + 0xe0e03bdbUL, 0x32325664UL, 0x3a3a4e74UL, 0x0a0a1e14UL, 508 508 + 0x4949db92UL, 0x06060a0cUL, 0x24246c48UL, 0x5c5ce4b8UL, 509 509 + 0xc2c25d9fUL, 0xd3d36ebdUL, 0xacacef43UL, 0x6262a6c4UL, 510 510 + 0x9191a839UL, 0x9595a431UL, 0xe4e437d3UL, 0x79798bf2UL, 511 511 + 0xe7e732d5UL, 0xc8c8438bUL, 0x3737596eUL, 0x6d6db7daUL, 512 512 + 0x8d8d8c01UL, 0xd5d564b1UL, 0x4e4ed29cUL, 0xa9a9e049UL, 513 513 + 0x6c6cb4d8UL, 0x5656faacUL, 0xf4f407f3UL, 0xeaea25cfUL, 514 514 + 0x6565afcaUL, 0x7a7a8ef4UL, 0xaeaee947UL, 0x08081810UL, 515 515 + 0xbabad56fUL, 0x787888f0UL, 0x25256f4aUL, 0x2e2e725cUL, 516 516 + 0x1c1c2438UL, 0xa6a6f157UL, 0xb4b4c773UL, 0xc6c65197UL, 517 517 + 0xe8e823cbUL, 0xdddd7ca1UL, 0x74749ce8UL, 0x1f1f213eUL, 518 518 + 0x4b4bdd96UL, 0xbdbddc61UL, 0x8b8b860dUL, 0x8a8a850fUL, 519 519 + 0x707090e0UL, 0x3e3e427cUL, 0xb5b5c471UL, 0x6666aaccUL, 520 520 + 0x4848d890UL, 0x03030506UL, 0xf6f601f7UL, 0x0e0e121cUL, 521 521 + 0x6161a3c2UL, 0x35355f6aUL, 0x5757f9aeUL, 0xb9b9d069UL, 522 522 + 0x86869117UL, 0xc1c15899UL, 0x1d1d273aUL, 0x9e9eb927UL, 523 523 + 0xe1e138d9UL, 0xf8f813ebUL, 0x9898b32bUL, 0x11113322UL, 524 524 + 0x6969bbd2UL, 0xd9d970a9UL, 0x8e8e8907UL, 0x9494a733UL, 525 525 + 0x9b9bb62dUL, 0x1e1e223cUL, 0x87879215UL, 0xe9e920c9UL, 526 526 + 0xcece4987UL, 0x5555ffaaUL, 0x28287850UL, 0xdfdf7aa5UL, 527 527 + 0x8c8c8f03UL, 0xa1a1f859UL, 0x89898009UL, 0x0d0d171aUL, 528 528 + 0xbfbfda65UL, 0xe6e631d7UL, 0x4242c684UL, 0x6868b8d0UL, 529 529 + 0x4141c382UL, 0x9999b029UL, 0x2d2d775aUL, 0x0f0f111eUL, 530 530 + 0xb0b0cb7bUL, 0x5454fca8UL, 0xbbbbd66dUL, 0x16163a2cUL, 531 531 + }; 532 532 + 533 533 + #ifndef PELI_TAB 534 534 + static const ulong32 Te4_0[] = { 535 535 + 0x00000063UL, 0x0000007cUL, 0x00000077UL, 0x0000007bUL, 0x000000f2UL, 0x0000006bUL, 0x0000006fUL, 0x000000c5UL, 536 536 + 0x00000030UL, 0x00000001UL, 0x00000067UL, 0x0000002bUL, 0x000000feUL, 0x000000d7UL, 0x000000abUL, 0x00000076UL, 537 537 + 0x000000caUL, 0x00000082UL, 0x000000c9UL, 0x0000007dUL, 0x000000faUL, 0x00000059UL, 0x00000047UL, 0x000000f0UL, 538 538 + 0x000000adUL, 0x000000d4UL, 0x000000a2UL, 0x000000afUL, 0x0000009cUL, 0x000000a4UL, 0x00000072UL, 0x000000c0UL, 539 539 + 0x000000b7UL, 0x000000fdUL, 0x00000093UL, 0x00000026UL, 0x00000036UL, 0x0000003fUL, 0x000000f7UL, 0x000000ccUL, 540 540 + 0x00000034UL, 0x000000a5UL, 0x000000e5UL, 0x000000f1UL, 0x00000071UL, 0x000000d8UL, 0x00000031UL, 0x00000015UL, 541 541 + 0x00000004UL, 0x000000c7UL, 0x00000023UL, 0x000000c3UL, 0x00000018UL, 0x00000096UL, 0x00000005UL, 0x0000009aUL, 542 542 + 0x00000007UL, 0x00000012UL, 0x00000080UL, 0x000000e2UL, 0x000000ebUL, 0x00000027UL, 0x000000b2UL, 0x00000075UL, 543 543 + 0x00000009UL, 0x00000083UL, 0x0000002cUL, 0x0000001aUL, 0x0000001bUL, 0x0000006eUL, 0x0000005aUL, 0x000000a0UL, 544 544 + 0x00000052UL, 0x0000003bUL, 0x000000d6UL, 0x000000b3UL, 0x00000029UL, 0x000000e3UL, 0x0000002fUL, 0x00000084UL, 545 545 + 0x00000053UL, 0x000000d1UL, 0x00000000UL, 0x000000edUL, 0x00000020UL, 0x000000fcUL, 0x000000b1UL, 0x0000005bUL, 546 546 + 0x0000006aUL, 0x000000cbUL, 0x000000beUL, 0x00000039UL, 0x0000004aUL, 0x0000004cUL, 0x00000058UL, 0x000000cfUL, 547 547 + 0x000000d0UL, 0x000000efUL, 0x000000aaUL, 0x000000fbUL, 0x00000043UL, 0x0000004dUL, 0x00000033UL, 0x00000085UL, 548 548 + 0x00000045UL, 0x000000f9UL, 0x00000002UL, 0x0000007fUL, 0x00000050UL, 0x0000003cUL, 0x0000009fUL, 0x000000a8UL, 549 549 + 0x00000051UL, 0x000000a3UL, 0x00000040UL, 0x0000008fUL, 0x00000092UL, 0x0000009dUL, 0x00000038UL, 0x000000f5UL, 550 550 + 0x000000bcUL, 0x000000b6UL, 0x000000daUL, 0x00000021UL, 0x00000010UL, 0x000000ffUL, 0x000000f3UL, 0x000000d2UL, 551 551 + 0x000000cdUL, 0x0000000cUL, 0x00000013UL, 0x000000ecUL, 0x0000005fUL, 0x00000097UL, 0x00000044UL, 0x00000017UL, 552 552 + 0x000000c4UL, 0x000000a7UL, 0x0000007eUL, 0x0000003dUL, 0x00000064UL, 0x0000005dUL, 0x00000019UL, 0x00000073UL, 553 553 + 0x00000060UL, 0x00000081UL, 0x0000004fUL, 0x000000dcUL, 0x00000022UL, 0x0000002aUL, 0x00000090UL, 0x00000088UL, 554 554 + 0x00000046UL, 0x000000eeUL, 0x000000b8UL, 0x00000014UL, 0x000000deUL, 0x0000005eUL, 0x0000000bUL, 0x000000dbUL, 555 555 + 0x000000e0UL, 0x00000032UL, 0x0000003aUL, 0x0000000aUL, 0x00000049UL, 0x00000006UL, 0x00000024UL, 0x0000005cUL, 556 556 + 0x000000c2UL, 0x000000d3UL, 0x000000acUL, 0x00000062UL, 0x00000091UL, 0x00000095UL, 0x000000e4UL, 0x00000079UL, 557 557 + 0x000000e7UL, 0x000000c8UL, 0x00000037UL, 0x0000006dUL, 0x0000008dUL, 0x000000d5UL, 0x0000004eUL, 0x000000a9UL, 558 558 + 0x0000006cUL, 0x00000056UL, 0x000000f4UL, 0x000000eaUL, 0x00000065UL, 0x0000007aUL, 0x000000aeUL, 0x00000008UL, 559 559 + 0x000000baUL, 0x00000078UL, 0x00000025UL, 0x0000002eUL, 0x0000001cUL, 0x000000a6UL, 0x000000b4UL, 0x000000c6UL, 560 560 + 0x000000e8UL, 0x000000ddUL, 0x00000074UL, 0x0000001fUL, 0x0000004bUL, 0x000000bdUL, 0x0000008bUL, 0x0000008aUL, 561 561 + 0x00000070UL, 0x0000003eUL, 0x000000b5UL, 0x00000066UL, 0x00000048UL, 0x00000003UL, 0x000000f6UL, 0x0000000eUL, 562 562 + 0x00000061UL, 0x00000035UL, 0x00000057UL, 0x000000b9UL, 0x00000086UL, 0x000000c1UL, 0x0000001dUL, 0x0000009eUL, 563 563 + 0x000000e1UL, 0x000000f8UL, 0x00000098UL, 0x00000011UL, 0x00000069UL, 0x000000d9UL, 0x0000008eUL, 0x00000094UL, 564 564 + 0x0000009bUL, 0x0000001eUL, 0x00000087UL, 0x000000e9UL, 0x000000ceUL, 0x00000055UL, 0x00000028UL, 0x000000dfUL, 565 565 + 0x0000008cUL, 0x000000a1UL, 0x00000089UL, 0x0000000dUL, 0x000000bfUL, 0x000000e6UL, 0x00000042UL, 0x00000068UL, 566 566 + 0x00000041UL, 0x00000099UL, 0x0000002dUL, 0x0000000fUL, 0x000000b0UL, 0x00000054UL, 0x000000bbUL, 0x00000016UL 567 567 + }; 568 568 + 569 569 + static const ulong32 Te4_1[] = { 570 570 + 0x00006300UL, 0x00007c00UL, 0x00007700UL, 0x00007b00UL, 0x0000f200UL, 0x00006b00UL, 0x00006f00UL, 0x0000c500UL, 571 571 + 0x00003000UL, 0x00000100UL, 0x00006700UL, 0x00002b00UL, 0x0000fe00UL, 0x0000d700UL, 0x0000ab00UL, 0x00007600UL, 572 572 + 0x0000ca00UL, 0x00008200UL, 0x0000c900UL, 0x00007d00UL, 0x0000fa00UL, 0x00005900UL, 0x00004700UL, 0x0000f000UL, 573 573 + 0x0000ad00UL, 0x0000d400UL, 0x0000a200UL, 0x0000af00UL, 0x00009c00UL, 0x0000a400UL, 0x00007200UL, 0x0000c000UL, 574 574 + 0x0000b700UL, 0x0000fd00UL, 0x00009300UL, 0x00002600UL, 0x00003600UL, 0x00003f00UL, 0x0000f700UL, 0x0000cc00UL, 575 575 + 0x00003400UL, 0x0000a500UL, 0x0000e500UL, 0x0000f100UL, 0x00007100UL, 0x0000d800UL, 0x00003100UL, 0x00001500UL, 576 576 + 0x00000400UL, 0x0000c700UL, 0x00002300UL, 0x0000c300UL, 0x00001800UL, 0x00009600UL, 0x00000500UL, 0x00009a00UL, 577 577 + 0x00000700UL, 0x00001200UL, 0x00008000UL, 0x0000e200UL, 0x0000eb00UL, 0x00002700UL, 0x0000b200UL, 0x00007500UL, 578 578 + 0x00000900UL, 0x00008300UL, 0x00002c00UL, 0x00001a00UL, 0x00001b00UL, 0x00006e00UL, 0x00005a00UL, 0x0000a000UL, 579 579 + 0x00005200UL, 0x00003b00UL, 0x0000d600UL, 0x0000b300UL, 0x00002900UL, 0x0000e300UL, 0x00002f00UL, 0x00008400UL, 580 580 + 0x00005300UL, 0x0000d100UL, 0x00000000UL, 0x0000ed00UL, 0x00002000UL, 0x0000fc00UL, 0x0000b100UL, 0x00005b00UL, 581 581 + 0x00006a00UL, 0x0000cb00UL, 0x0000be00UL, 0x00003900UL, 0x00004a00UL, 0x00004c00UL, 0x00005800UL, 0x0000cf00UL, 582 582 + 0x0000d000UL, 0x0000ef00UL, 0x0000aa00UL, 0x0000fb00UL, 0x00004300UL, 0x00004d00UL, 0x00003300UL, 0x00008500UL, 583 583 + 0x00004500UL, 0x0000f900UL, 0x00000200UL, 0x00007f00UL, 0x00005000UL, 0x00003c00UL, 0x00009f00UL, 0x0000a800UL, 584 584 + 0x00005100UL, 0x0000a300UL, 0x00004000UL, 0x00008f00UL, 0x00009200UL, 0x00009d00UL, 0x00003800UL, 0x0000f500UL, 585 585 + 0x0000bc00UL, 0x0000b600UL, 0x0000da00UL, 0x00002100UL, 0x00001000UL, 0x0000ff00UL, 0x0000f300UL, 0x0000d200UL, 586 586 + 0x0000cd00UL, 0x00000c00UL, 0x00001300UL, 0x0000ec00UL, 0x00005f00UL, 0x00009700UL, 0x00004400UL, 0x00001700UL, 587 587 + 0x0000c400UL, 0x0000a700UL, 0x00007e00UL, 0x00003d00UL, 0x00006400UL, 0x00005d00UL, 0x00001900UL, 0x00007300UL, 588 588 + 0x00006000UL, 0x00008100UL, 0x00004f00UL, 0x0000dc00UL, 0x00002200UL, 0x00002a00UL, 0x00009000UL, 0x00008800UL, 589 589 + 0x00004600UL, 0x0000ee00UL, 0x0000b800UL, 0x00001400UL, 0x0000de00UL, 0x00005e00UL, 0x00000b00UL, 0x0000db00UL, 590 590 + 0x0000e000UL, 0x00003200UL, 0x00003a00UL, 0x00000a00UL, 0x00004900UL, 0x00000600UL, 0x00002400UL, 0x00005c00UL, 591 591 + 0x0000c200UL, 0x0000d300UL, 0x0000ac00UL, 0x00006200UL, 0x00009100UL, 0x00009500UL, 0x0000e400UL, 0x00007900UL, 592 592 + 0x0000e700UL, 0x0000c800UL, 0x00003700UL, 0x00006d00UL, 0x00008d00UL, 0x0000d500UL, 0x00004e00UL, 0x0000a900UL, 593 593 + 0x00006c00UL, 0x00005600UL, 0x0000f400UL, 0x0000ea00UL, 0x00006500UL, 0x00007a00UL, 0x0000ae00UL, 0x00000800UL, 594 594 + 0x0000ba00UL, 0x00007800UL, 0x00002500UL, 0x00002e00UL, 0x00001c00UL, 0x0000a600UL, 0x0000b400UL, 0x0000c600UL, 595 595 + 0x0000e800UL, 0x0000dd00UL, 0x00007400UL, 0x00001f00UL, 0x00004b00UL, 0x0000bd00UL, 0x00008b00UL, 0x00008a00UL, 596 596 + 0x00007000UL, 0x00003e00UL, 0x0000b500UL, 0x00006600UL, 0x00004800UL, 0x00000300UL, 0x0000f600UL, 0x00000e00UL, 597 597 + 0x00006100UL, 0x00003500UL, 0x00005700UL, 0x0000b900UL, 0x00008600UL, 0x0000c100UL, 0x00001d00UL, 0x00009e00UL, 598 598 + 0x0000e100UL, 0x0000f800UL, 0x00009800UL, 0x00001100UL, 0x00006900UL, 0x0000d900UL, 0x00008e00UL, 0x00009400UL, 599 599 + 0x00009b00UL, 0x00001e00UL, 0x00008700UL, 0x0000e900UL, 0x0000ce00UL, 0x00005500UL, 0x00002800UL, 0x0000df00UL, 600 600 + 0x00008c00UL, 0x0000a100UL, 0x00008900UL, 0x00000d00UL, 0x0000bf00UL, 0x0000e600UL, 0x00004200UL, 0x00006800UL, 601 601 + 0x00004100UL, 0x00009900UL, 0x00002d00UL, 0x00000f00UL, 0x0000b000UL, 0x00005400UL, 0x0000bb00UL, 0x00001600UL 602 602 + }; 603 603 + 604 604 + static const ulong32 Te4_2[] = { 605 605 + 0x00630000UL, 0x007c0000UL, 0x00770000UL, 0x007b0000UL, 0x00f20000UL, 0x006b0000UL, 0x006f0000UL, 0x00c50000UL, 606 606 + 0x00300000UL, 0x00010000UL, 0x00670000UL, 0x002b0000UL, 0x00fe0000UL, 0x00d70000UL, 0x00ab0000UL, 0x00760000UL, 607 607 + 0x00ca0000UL, 0x00820000UL, 0x00c90000UL, 0x007d0000UL, 0x00fa0000UL, 0x00590000UL, 0x00470000UL, 0x00f00000UL, 608 608 + 0x00ad0000UL, 0x00d40000UL, 0x00a20000UL, 0x00af0000UL, 0x009c0000UL, 0x00a40000UL, 0x00720000UL, 0x00c00000UL, 609 609 + 0x00b70000UL, 0x00fd0000UL, 0x00930000UL, 0x00260000UL, 0x00360000UL, 0x003f0000UL, 0x00f70000UL, 0x00cc0000UL, 610 610 + 0x00340000UL, 0x00a50000UL, 0x00e50000UL, 0x00f10000UL, 0x00710000UL, 0x00d80000UL, 0x00310000UL, 0x00150000UL, 611 611 + 0x00040000UL, 0x00c70000UL, 0x00230000UL, 0x00c30000UL, 0x00180000UL, 0x00960000UL, 0x00050000UL, 0x009a0000UL, 612 612 + 0x00070000UL, 0x00120000UL, 0x00800000UL, 0x00e20000UL, 0x00eb0000UL, 0x00270000UL, 0x00b20000UL, 0x00750000UL, 613 613 + 0x00090000UL, 0x00830000UL, 0x002c0000UL, 0x001a0000UL, 0x001b0000UL, 0x006e0000UL, 0x005a0000UL, 0x00a00000UL, 614 614 + 0x00520000UL, 0x003b0000UL, 0x00d60000UL, 0x00b30000UL, 0x00290000UL, 0x00e30000UL, 0x002f0000UL, 0x00840000UL, 615 615 + 0x00530000UL, 0x00d10000UL, 0x00000000UL, 0x00ed0000UL, 0x00200000UL, 0x00fc0000UL, 0x00b10000UL, 0x005b0000UL, 616 616 + 0x006a0000UL, 0x00cb0000UL, 0x00be0000UL, 0x00390000UL, 0x004a0000UL, 0x004c0000UL, 0x00580000UL, 0x00cf0000UL, 617 617 + 0x00d00000UL, 0x00ef0000UL, 0x00aa0000UL, 0x00fb0000UL, 0x00430000UL, 0x004d0000UL, 0x00330000UL, 0x00850000UL, 618 618 + 0x00450000UL, 0x00f90000UL, 0x00020000UL, 0x007f0000UL, 0x00500000UL, 0x003c0000UL, 0x009f0000UL, 0x00a80000UL, 619 619 + 0x00510000UL, 0x00a30000UL, 0x00400000UL, 0x008f0000UL, 0x00920000UL, 0x009d0000UL, 0x00380000UL, 0x00f50000UL, 620 620 + 0x00bc0000UL, 0x00b60000UL, 0x00da0000UL, 0x00210000UL, 0x00100000UL, 0x00ff0000UL, 0x00f30000UL, 0x00d20000UL, 621 621 + 0x00cd0000UL, 0x000c0000UL, 0x00130000UL, 0x00ec0000UL, 0x005f0000UL, 0x00970000UL, 0x00440000UL, 0x00170000UL, 622 622 + 0x00c40000UL, 0x00a70000UL, 0x007e0000UL, 0x003d0000UL, 0x00640000UL, 0x005d0000UL, 0x00190000UL, 0x00730000UL, 623 623 + 0x00600000UL, 0x00810000UL, 0x004f0000UL, 0x00dc0000UL, 0x00220000UL, 0x002a0000UL, 0x00900000UL, 0x00880000UL, 624 624 + 0x00460000UL, 0x00ee0000UL, 0x00b80000UL, 0x00140000UL, 0x00de0000UL, 0x005e0000UL, 0x000b0000UL, 0x00db0000UL, 625 625 + 0x00e00000UL, 0x00320000UL, 0x003a0000UL, 0x000a0000UL, 0x00490000UL, 0x00060000UL, 0x00240000UL, 0x005c0000UL, 626 626 + 0x00c20000UL, 0x00d30000UL, 0x00ac0000UL, 0x00620000UL, 0x00910000UL, 0x00950000UL, 0x00e40000UL, 0x00790000UL, 627 627 + 0x00e70000UL, 0x00c80000UL, 0x00370000UL, 0x006d0000UL, 0x008d0000UL, 0x00d50000UL, 0x004e0000UL, 0x00a90000UL, 628 628 + 0x006c0000UL, 0x00560000UL, 0x00f40000UL, 0x00ea0000UL, 0x00650000UL, 0x007a0000UL, 0x00ae0000UL, 0x00080000UL, 629 629 + 0x00ba0000UL, 0x00780000UL, 0x00250000UL, 0x002e0000UL, 0x001c0000UL, 0x00a60000UL, 0x00b40000UL, 0x00c60000UL, 630 630 + 0x00e80000UL, 0x00dd0000UL, 0x00740000UL, 0x001f0000UL, 0x004b0000UL, 0x00bd0000UL, 0x008b0000UL, 0x008a0000UL, 631 631 + 0x00700000UL, 0x003e0000UL, 0x00b50000UL, 0x00660000UL, 0x00480000UL, 0x00030000UL, 0x00f60000UL, 0x000e0000UL, 632 632 + 0x00610000UL, 0x00350000UL, 0x00570000UL, 0x00b90000UL, 0x00860000UL, 0x00c10000UL, 0x001d0000UL, 0x009e0000UL, 633 633 + 0x00e10000UL, 0x00f80000UL, 0x00980000UL, 0x00110000UL, 0x00690000UL, 0x00d90000UL, 0x008e0000UL, 0x00940000UL, 634 634 + 0x009b0000UL, 0x001e0000UL, 0x00870000UL, 0x00e90000UL, 0x00ce0000UL, 0x00550000UL, 0x00280000UL, 0x00df0000UL, 635 635 + 0x008c0000UL, 0x00a10000UL, 0x00890000UL, 0x000d0000UL, 0x00bf0000UL, 0x00e60000UL, 0x00420000UL, 0x00680000UL, 636 636 + 0x00410000UL, 0x00990000UL, 0x002d0000UL, 0x000f0000UL, 0x00b00000UL, 0x00540000UL, 0x00bb0000UL, 0x00160000UL 637 637 + }; 638 638 + 639 639 + static const ulong32 Te4_3[] = { 640 640 + 0x63000000UL, 0x7c000000UL, 0x77000000UL, 0x7b000000UL, 0xf2000000UL, 0x6b000000UL, 0x6f000000UL, 0xc5000000UL, 641 641 + 0x30000000UL, 0x01000000UL, 0x67000000UL, 0x2b000000UL, 0xfe000000UL, 0xd7000000UL, 0xab000000UL, 0x76000000UL, 642 642 + 0xca000000UL, 0x82000000UL, 0xc9000000UL, 0x7d000000UL, 0xfa000000UL, 0x59000000UL, 0x47000000UL, 0xf0000000UL, 643 643 + 0xad000000UL, 0xd4000000UL, 0xa2000000UL, 0xaf000000UL, 0x9c000000UL, 0xa4000000UL, 0x72000000UL, 0xc0000000UL, 644 644 + 0xb7000000UL, 0xfd000000UL, 0x93000000UL, 0x26000000UL, 0x36000000UL, 0x3f000000UL, 0xf7000000UL, 0xcc000000UL, 645 645 + 0x34000000UL, 0xa5000000UL, 0xe5000000UL, 0xf1000000UL, 0x71000000UL, 0xd8000000UL, 0x31000000UL, 0x15000000UL, 646 646 + 0x04000000UL, 0xc7000000UL, 0x23000000UL, 0xc3000000UL, 0x18000000UL, 0x96000000UL, 0x05000000UL, 0x9a000000UL, 647 647 + 0x07000000UL, 0x12000000UL, 0x80000000UL, 0xe2000000UL, 0xeb000000UL, 0x27000000UL, 0xb2000000UL, 0x75000000UL, 648 648 + 0x09000000UL, 0x83000000UL, 0x2c000000UL, 0x1a000000UL, 0x1b000000UL, 0x6e000000UL, 0x5a000000UL, 0xa0000000UL, 649 649 + 0x52000000UL, 0x3b000000UL, 0xd6000000UL, 0xb3000000UL, 0x29000000UL, 0xe3000000UL, 0x2f000000UL, 0x84000000UL, 650 650 + 0x53000000UL, 0xd1000000UL, 0x00000000UL, 0xed000000UL, 0x20000000UL, 0xfc000000UL, 0xb1000000UL, 0x5b000000UL, 651 651 + 0x6a000000UL, 0xcb000000UL, 0xbe000000UL, 0x39000000UL, 0x4a000000UL, 0x4c000000UL, 0x58000000UL, 0xcf000000UL, 652 652 + 0xd0000000UL, 0xef000000UL, 0xaa000000UL, 0xfb000000UL, 0x43000000UL, 0x4d000000UL, 0x33000000UL, 0x85000000UL, 653 653 + 0x45000000UL, 0xf9000000UL, 0x02000000UL, 0x7f000000UL, 0x50000000UL, 0x3c000000UL, 0x9f000000UL, 0xa8000000UL, 654 654 + 0x51000000UL, 0xa3000000UL, 0x40000000UL, 0x8f000000UL, 0x92000000UL, 0x9d000000UL, 0x38000000UL, 0xf5000000UL, 655 655 + 0xbc000000UL, 0xb6000000UL, 0xda000000UL, 0x21000000UL, 0x10000000UL, 0xff000000UL, 0xf3000000UL, 0xd2000000UL, 656 656 + 0xcd000000UL, 0x0c000000UL, 0x13000000UL, 0xec000000UL, 0x5f000000UL, 0x97000000UL, 0x44000000UL, 0x17000000UL, 657 657 + 0xc4000000UL, 0xa7000000UL, 0x7e000000UL, 0x3d000000UL, 0x64000000UL, 0x5d000000UL, 0x19000000UL, 0x73000000UL, 658 658 + 0x60000000UL, 0x81000000UL, 0x4f000000UL, 0xdc000000UL, 0x22000000UL, 0x2a000000UL, 0x90000000UL, 0x88000000UL, 659 659 + 0x46000000UL, 0xee000000UL, 0xb8000000UL, 0x14000000UL, 0xde000000UL, 0x5e000000UL, 0x0b000000UL, 0xdb000000UL, 660 660 + 0xe0000000UL, 0x32000000UL, 0x3a000000UL, 0x0a000000UL, 0x49000000UL, 0x06000000UL, 0x24000000UL, 0x5c000000UL, 661 661 + 0xc2000000UL, 0xd3000000UL, 0xac000000UL, 0x62000000UL, 0x91000000UL, 0x95000000UL, 0xe4000000UL, 0x79000000UL, 662 662 + 0xe7000000UL, 0xc8000000UL, 0x37000000UL, 0x6d000000UL, 0x8d000000UL, 0xd5000000UL, 0x4e000000UL, 0xa9000000UL, 663 663 + 0x6c000000UL, 0x56000000UL, 0xf4000000UL, 0xea000000UL, 0x65000000UL, 0x7a000000UL, 0xae000000UL, 0x08000000UL, 664 664 + 0xba000000UL, 0x78000000UL, 0x25000000UL, 0x2e000000UL, 0x1c000000UL, 0xa6000000UL, 0xb4000000UL, 0xc6000000UL, 665 665 + 0xe8000000UL, 0xdd000000UL, 0x74000000UL, 0x1f000000UL, 0x4b000000UL, 0xbd000000UL, 0x8b000000UL, 0x8a000000UL, 666 666 + 0x70000000UL, 0x3e000000UL, 0xb5000000UL, 0x66000000UL, 0x48000000UL, 0x03000000UL, 0xf6000000UL, 0x0e000000UL, 667 667 + 0x61000000UL, 0x35000000UL, 0x57000000UL, 0xb9000000UL, 0x86000000UL, 0xc1000000UL, 0x1d000000UL, 0x9e000000UL, 668 668 + 0xe1000000UL, 0xf8000000UL, 0x98000000UL, 0x11000000UL, 0x69000000UL, 0xd9000000UL, 0x8e000000UL, 0x94000000UL, 669 669 + 0x9b000000UL, 0x1e000000UL, 0x87000000UL, 0xe9000000UL, 0xce000000UL, 0x55000000UL, 0x28000000UL, 0xdf000000UL, 670 670 + 0x8c000000UL, 0xa1000000UL, 0x89000000UL, 0x0d000000UL, 0xbf000000UL, 0xe6000000UL, 0x42000000UL, 0x68000000UL, 671 671 + 0x41000000UL, 0x99000000UL, 0x2d000000UL, 0x0f000000UL, 0xb0000000UL, 0x54000000UL, 0xbb000000UL, 0x16000000UL 672 672 + }; 673 673 + #endif /* pelimac */ 674 674 + 675 675 + #ifndef ENCRYPT_ONLY 676 676 + 677 677 + static const ulong32 TD1[256] = { 678 678 + 0x5051f4a7UL, 0x537e4165UL, 0xc31a17a4UL, 0x963a275eUL, 679 679 + 0xcb3bab6bUL, 0xf11f9d45UL, 0xabacfa58UL, 0x934be303UL, 680 680 + 0x552030faUL, 0xf6ad766dUL, 0x9188cc76UL, 0x25f5024cUL, 681 681 + 0xfc4fe5d7UL, 0xd7c52acbUL, 0x80263544UL, 0x8fb562a3UL, 682 682 + 0x49deb15aUL, 0x6725ba1bUL, 0x9845ea0eUL, 0xe15dfec0UL, 683 683 + 0x02c32f75UL, 0x12814cf0UL, 0xa38d4697UL, 0xc66bd3f9UL, 684 684 + 0xe7038f5fUL, 0x9515929cUL, 0xebbf6d7aUL, 0xda955259UL, 685 685 + 0x2dd4be83UL, 0xd3587421UL, 0x2949e069UL, 0x448ec9c8UL, 686 686 + 0x6a75c289UL, 0x78f48e79UL, 0x6b99583eUL, 0xdd27b971UL, 687 687 + 0xb6bee14fUL, 0x17f088adUL, 0x66c920acUL, 0xb47dce3aUL, 688 688 + 0x1863df4aUL, 0x82e51a31UL, 0x60975133UL, 0x4562537fUL, 689 689 + 0xe0b16477UL, 0x84bb6baeUL, 0x1cfe81a0UL, 0x94f9082bUL, 690 690 + 0x58704868UL, 0x198f45fdUL, 0x8794de6cUL, 0xb7527bf8UL, 691 691 + 0x23ab73d3UL, 0xe2724b02UL, 0x57e31f8fUL, 0x2a6655abUL, 692 692 + 0x07b2eb28UL, 0x032fb5c2UL, 0x9a86c57bUL, 0xa5d33708UL, 693 693 + 0xf2302887UL, 0xb223bfa5UL, 0xba02036aUL, 0x5ced1682UL, 694 694 + 0x2b8acf1cUL, 0x92a779b4UL, 0xf0f307f2UL, 0xa14e69e2UL, 695 695 + 0xcd65daf4UL, 0xd50605beUL, 0x1fd13462UL, 0x8ac4a6feUL, 696 696 + 0x9d342e53UL, 0xa0a2f355UL, 0x32058ae1UL, 0x75a4f6ebUL, 697 697 + 0x390b83ecUL, 0xaa4060efUL, 0x065e719fUL, 0x51bd6e10UL, 698 698 + 0xf93e218aUL, 0x3d96dd06UL, 0xaedd3e05UL, 0x464de6bdUL, 699 699 + 0xb591548dUL, 0x0571c45dUL, 0x6f0406d4UL, 0xff605015UL, 700 700 + 0x241998fbUL, 0x97d6bde9UL, 0xcc894043UL, 0x7767d99eUL, 701 701 + 0xbdb0e842UL, 0x8807898bUL, 0x38e7195bUL, 0xdb79c8eeUL, 702 702 + 0x47a17c0aUL, 0xe97c420fUL, 0xc9f8841eUL, 0x00000000UL, 703 703 + 0x83098086UL, 0x48322bedUL, 0xac1e1170UL, 0x4e6c5a72UL, 704 704 + 0xfbfd0effUL, 0x560f8538UL, 0x1e3daed5UL, 0x27362d39UL, 705 705 + 0x640a0fd9UL, 0x21685ca6UL, 0xd19b5b54UL, 0x3a24362eUL, 706 706 + 0xb10c0a67UL, 0x0f9357e7UL, 0xd2b4ee96UL, 0x9e1b9b91UL, 707 707 + 0x4f80c0c5UL, 0xa261dc20UL, 0x695a774bUL, 0x161c121aUL, 708 708 + 0x0ae293baUL, 0xe5c0a02aUL, 0x433c22e0UL, 0x1d121b17UL, 709 709 + 0x0b0e090dUL, 0xadf28bc7UL, 0xb92db6a8UL, 0xc8141ea9UL, 710 710 + 0x8557f119UL, 0x4caf7507UL, 0xbbee99ddUL, 0xfda37f60UL, 711 711 + 0x9ff70126UL, 0xbc5c72f5UL, 0xc544663bUL, 0x345bfb7eUL, 712 712 + 0x768b4329UL, 0xdccb23c6UL, 0x68b6edfcUL, 0x63b8e4f1UL, 713 713 + 0xcad731dcUL, 0x10426385UL, 0x40139722UL, 0x2084c611UL, 714 714 + 0x7d854a24UL, 0xf8d2bb3dUL, 0x11aef932UL, 0x6dc729a1UL, 715 715 + 0x4b1d9e2fUL, 0xf3dcb230UL, 0xec0d8652UL, 0xd077c1e3UL, 716 716 + 0x6c2bb316UL, 0x99a970b9UL, 0xfa119448UL, 0x2247e964UL, 717 717 + 0xc4a8fc8cUL, 0x1aa0f03fUL, 0xd8567d2cUL, 0xef223390UL, 718 718 + 0xc787494eUL, 0xc1d938d1UL, 0xfe8ccaa2UL, 0x3698d40bUL, 719 719 + 0xcfa6f581UL, 0x28a57adeUL, 0x26dab78eUL, 0xa43fadbfUL, 720 720 + 0xe42c3a9dUL, 0x0d507892UL, 0x9b6a5fccUL, 0x62547e46UL, 721 721 + 0xc2f68d13UL, 0xe890d8b8UL, 0x5e2e39f7UL, 0xf582c3afUL, 722 722 + 0xbe9f5d80UL, 0x7c69d093UL, 0xa96fd52dUL, 0xb3cf2512UL, 723 723 + 0x3bc8ac99UL, 0xa710187dUL, 0x6ee89c63UL, 0x7bdb3bbbUL, 724 724 + 0x09cd2678UL, 0xf46e5918UL, 0x01ec9ab7UL, 0xa8834f9aUL, 725 725 + 0x65e6956eUL, 0x7eaaffe6UL, 0x0821bccfUL, 0xe6ef15e8UL, 726 726 + 0xd9bae79bUL, 0xce4a6f36UL, 0xd4ea9f09UL, 0xd629b07cUL, 727 727 + 0xaf31a4b2UL, 0x312a3f23UL, 0x30c6a594UL, 0xc035a266UL, 728 728 + 0x37744ebcUL, 0xa6fc82caUL, 0xb0e090d0UL, 0x1533a7d8UL, 729 729 + 0x4af10498UL, 0xf741ecdaUL, 0x0e7fcd50UL, 0x2f1791f6UL, 730 730 + 0x8d764dd6UL, 0x4d43efb0UL, 0x54ccaa4dUL, 0xdfe49604UL, 731 731 + 0xe39ed1b5UL, 0x1b4c6a88UL, 0xb8c12c1fUL, 0x7f466551UL, 732 732 + 0x049d5eeaUL, 0x5d018c35UL, 0x73fa8774UL, 0x2efb0b41UL, 733 733 + 0x5ab3671dUL, 0x5292dbd2UL, 0x33e91056UL, 0x136dd647UL, 734 734 + 0x8c9ad761UL, 0x7a37a10cUL, 0x8e59f814UL, 0x89eb133cUL, 735 735 + 0xeecea927UL, 0x35b761c9UL, 0xede11ce5UL, 0x3c7a47b1UL, 736 736 + 0x599cd2dfUL, 0x3f55f273UL, 0x791814ceUL, 0xbf73c737UL, 737 737 + 0xea53f7cdUL, 0x5b5ffdaaUL, 0x14df3d6fUL, 0x867844dbUL, 738 738 + 0x81caaff3UL, 0x3eb968c4UL, 0x2c382434UL, 0x5fc2a340UL, 739 739 + 0x72161dc3UL, 0x0cbce225UL, 0x8b283c49UL, 0x41ff0d95UL, 740 740 + 0x7139a801UL, 0xde080cb3UL, 0x9cd8b4e4UL, 0x906456c1UL, 741 741 + 0x617bcb84UL, 0x70d532b6UL, 0x74486c5cUL, 0x42d0b857UL, 742 742 + }; 743 743 + static const ulong32 TD2[256] = { 744 744 + 0xa75051f4UL, 0x65537e41UL, 0xa4c31a17UL, 0x5e963a27UL, 745 745 + 0x6bcb3babUL, 0x45f11f9dUL, 0x58abacfaUL, 0x03934be3UL, 746 746 + 0xfa552030UL, 0x6df6ad76UL, 0x769188ccUL, 0x4c25f502UL, 747 747 + 0xd7fc4fe5UL, 0xcbd7c52aUL, 0x44802635UL, 0xa38fb562UL, 748 748 + 0x5a49deb1UL, 0x1b6725baUL, 0x0e9845eaUL, 0xc0e15dfeUL, 749 749 + 0x7502c32fUL, 0xf012814cUL, 0x97a38d46UL, 0xf9c66bd3UL, 750 750 + 0x5fe7038fUL, 0x9c951592UL, 0x7aebbf6dUL, 0x59da9552UL, 751 751 + 0x832dd4beUL, 0x21d35874UL, 0x692949e0UL, 0xc8448ec9UL, 752 752 + 0x896a75c2UL, 0x7978f48eUL, 0x3e6b9958UL, 0x71dd27b9UL, 753 753 + 0x4fb6bee1UL, 0xad17f088UL, 0xac66c920UL, 0x3ab47dceUL, 754 754 + 0x4a1863dfUL, 0x3182e51aUL, 0x33609751UL, 0x7f456253UL, 755 755 + 0x77e0b164UL, 0xae84bb6bUL, 0xa01cfe81UL, 0x2b94f908UL, 756 756 + 0x68587048UL, 0xfd198f45UL, 0x6c8794deUL, 0xf8b7527bUL, 757 757 + 0xd323ab73UL, 0x02e2724bUL, 0x8f57e31fUL, 0xab2a6655UL, 758 758 + 0x2807b2ebUL, 0xc2032fb5UL, 0x7b9a86c5UL, 0x08a5d337UL, 759 759 + 0x87f23028UL, 0xa5b223bfUL, 0x6aba0203UL, 0x825ced16UL, 760 760 + 0x1c2b8acfUL, 0xb492a779UL, 0xf2f0f307UL, 0xe2a14e69UL, 761 761 + 0xf4cd65daUL, 0xbed50605UL, 0x621fd134UL, 0xfe8ac4a6UL, 762 762 + 0x539d342eUL, 0x55a0a2f3UL, 0xe132058aUL, 0xeb75a4f6UL, 763 763 + 0xec390b83UL, 0xefaa4060UL, 0x9f065e71UL, 0x1051bd6eUL, 764 764 + 0x8af93e21UL, 0x063d96ddUL, 0x05aedd3eUL, 0xbd464de6UL, 765 765 + 0x8db59154UL, 0x5d0571c4UL, 0xd46f0406UL, 0x15ff6050UL, 766 766 + 0xfb241998UL, 0xe997d6bdUL, 0x43cc8940UL, 0x9e7767d9UL, 767 767 + 0x42bdb0e8UL, 0x8b880789UL, 0x5b38e719UL, 0xeedb79c8UL, 768 768 + 0x0a47a17cUL, 0x0fe97c42UL, 0x1ec9f884UL, 0x00000000UL, 769 769 + 0x86830980UL, 0xed48322bUL, 0x70ac1e11UL, 0x724e6c5aUL, 770 770 + 0xfffbfd0eUL, 0x38560f85UL, 0xd51e3daeUL, 0x3927362dUL, 771 771 + 0xd9640a0fUL, 0xa621685cUL, 0x54d19b5bUL, 0x2e3a2436UL, 772 772 + 0x67b10c0aUL, 0xe70f9357UL, 0x96d2b4eeUL, 0x919e1b9bUL, 773 773 + 0xc54f80c0UL, 0x20a261dcUL, 0x4b695a77UL, 0x1a161c12UL, 774 774 + 0xba0ae293UL, 0x2ae5c0a0UL, 0xe0433c22UL, 0x171d121bUL, 775 775 + 0x0d0b0e09UL, 0xc7adf28bUL, 0xa8b92db6UL, 0xa9c8141eUL, 776 776 + 0x198557f1UL, 0x074caf75UL, 0xddbbee99UL, 0x60fda37fUL, 777 777 + 0x269ff701UL, 0xf5bc5c72UL, 0x3bc54466UL, 0x7e345bfbUL, 778 778 + 0x29768b43UL, 0xc6dccb23UL, 0xfc68b6edUL, 0xf163b8e4UL, 779 779 + 0xdccad731UL, 0x85104263UL, 0x22401397UL, 0x112084c6UL, 780 780 + 0x247d854aUL, 0x3df8d2bbUL, 0x3211aef9UL, 0xa16dc729UL, 781 781 + 0x2f4b1d9eUL, 0x30f3dcb2UL, 0x52ec0d86UL, 0xe3d077c1UL, 782 782 + 0x166c2bb3UL, 0xb999a970UL, 0x48fa1194UL, 0x642247e9UL, 783 783 + 0x8cc4a8fcUL, 0x3f1aa0f0UL, 0x2cd8567dUL, 0x90ef2233UL, 784 784 + 0x4ec78749UL, 0xd1c1d938UL, 0xa2fe8ccaUL, 0x0b3698d4UL, 785 785 + 0x81cfa6f5UL, 0xde28a57aUL, 0x8e26dab7UL, 0xbfa43fadUL, 786 786 + 0x9de42c3aUL, 0x920d5078UL, 0xcc9b6a5fUL, 0x4662547eUL, 787 787 + 0x13c2f68dUL, 0xb8e890d8UL, 0xf75e2e39UL, 0xaff582c3UL, 788 788 + 0x80be9f5dUL, 0x937c69d0UL, 0x2da96fd5UL, 0x12b3cf25UL, 789 789 + 0x993bc8acUL, 0x7da71018UL, 0x636ee89cUL, 0xbb7bdb3bUL, 790 790 + 0x7809cd26UL, 0x18f46e59UL, 0xb701ec9aUL, 0x9aa8834fUL, 791 791 + 0x6e65e695UL, 0xe67eaaffUL, 0xcf0821bcUL, 0xe8e6ef15UL, 792 792 + 0x9bd9bae7UL, 0x36ce4a6fUL, 0x09d4ea9fUL, 0x7cd629b0UL, 793 793 + 0xb2af31a4UL, 0x23312a3fUL, 0x9430c6a5UL, 0x66c035a2UL, 794 794 + 0xbc37744eUL, 0xcaa6fc82UL, 0xd0b0e090UL, 0xd81533a7UL, 795 795 + 0x984af104UL, 0xdaf741ecUL, 0x500e7fcdUL, 0xf62f1791UL, 796 796 + 0xd68d764dUL, 0xb04d43efUL, 0x4d54ccaaUL, 0x04dfe496UL, 797 797 + 0xb5e39ed1UL, 0x881b4c6aUL, 0x1fb8c12cUL, 0x517f4665UL, 798 798 + 0xea049d5eUL, 0x355d018cUL, 0x7473fa87UL, 0x412efb0bUL, 799 799 + 0x1d5ab367UL, 0xd25292dbUL, 0x5633e910UL, 0x47136dd6UL, 800 800 + 0x618c9ad7UL, 0x0c7a37a1UL, 0x148e59f8UL, 0x3c89eb13UL, 801 801 + 0x27eecea9UL, 0xc935b761UL, 0xe5ede11cUL, 0xb13c7a47UL, 802 802 + 0xdf599cd2UL, 0x733f55f2UL, 0xce791814UL, 0x37bf73c7UL, 803 803 + 0xcdea53f7UL, 0xaa5b5ffdUL, 0x6f14df3dUL, 0xdb867844UL, 804 804 + 0xf381caafUL, 0xc43eb968UL, 0x342c3824UL, 0x405fc2a3UL, 805 805 + 0xc372161dUL, 0x250cbce2UL, 0x498b283cUL, 0x9541ff0dUL, 806 806 + 0x017139a8UL, 0xb3de080cUL, 0xe49cd8b4UL, 0xc1906456UL, 807 807 + 0x84617bcbUL, 0xb670d532UL, 0x5c74486cUL, 0x5742d0b8UL, 808 808 + }; 809 809 + static const ulong32 TD3[256] = { 810 810 + 0xf4a75051UL, 0x4165537eUL, 0x17a4c31aUL, 0x275e963aUL, 811 811 + 0xab6bcb3bUL, 0x9d45f11fUL, 0xfa58abacUL, 0xe303934bUL, 812 812 + 0x30fa5520UL, 0x766df6adUL, 0xcc769188UL, 0x024c25f5UL, 813 813 + 0xe5d7fc4fUL, 0x2acbd7c5UL, 0x35448026UL, 0x62a38fb5UL, 814 814 + 0xb15a49deUL, 0xba1b6725UL, 0xea0e9845UL, 0xfec0e15dUL, 815 815 + 0x2f7502c3UL, 0x4cf01281UL, 0x4697a38dUL, 0xd3f9c66bUL, 816 816 + 0x8f5fe703UL, 0x929c9515UL, 0x6d7aebbfUL, 0x5259da95UL, 817 817 + 0xbe832dd4UL, 0x7421d358UL, 0xe0692949UL, 0xc9c8448eUL, 818 818 + 0xc2896a75UL, 0x8e7978f4UL, 0x583e6b99UL, 0xb971dd27UL, 819 819 + 0xe14fb6beUL, 0x88ad17f0UL, 0x20ac66c9UL, 0xce3ab47dUL, 820 820 + 0xdf4a1863UL, 0x1a3182e5UL, 0x51336097UL, 0x537f4562UL, 821 821 + 0x6477e0b1UL, 0x6bae84bbUL, 0x81a01cfeUL, 0x082b94f9UL, 822 822 + 0x48685870UL, 0x45fd198fUL, 0xde6c8794UL, 0x7bf8b752UL, 823 823 + 0x73d323abUL, 0x4b02e272UL, 0x1f8f57e3UL, 0x55ab2a66UL, 824 824 + 0xeb2807b2UL, 0xb5c2032fUL, 0xc57b9a86UL, 0x3708a5d3UL, 825 825 + 0x2887f230UL, 0xbfa5b223UL, 0x036aba02UL, 0x16825cedUL, 826 826 + 0xcf1c2b8aUL, 0x79b492a7UL, 0x07f2f0f3UL, 0x69e2a14eUL, 827 827 + 0xdaf4cd65UL, 0x05bed506UL, 0x34621fd1UL, 0xa6fe8ac4UL, 828 828 + 0x2e539d34UL, 0xf355a0a2UL, 0x8ae13205UL, 0xf6eb75a4UL, 829 829 + 0x83ec390bUL, 0x60efaa40UL, 0x719f065eUL, 0x6e1051bdUL, 830 830 + 0x218af93eUL, 0xdd063d96UL, 0x3e05aeddUL, 0xe6bd464dUL, 831 831 + 0x548db591UL, 0xc45d0571UL, 0x06d46f04UL, 0x5015ff60UL, 832 832 + 0x98fb2419UL, 0xbde997d6UL, 0x4043cc89UL, 0xd99e7767UL, 833 833 + 0xe842bdb0UL, 0x898b8807UL, 0x195b38e7UL, 0xc8eedb79UL, 834 834 + 0x7c0a47a1UL, 0x420fe97cUL, 0x841ec9f8UL, 0x00000000UL, 835 835 + 0x80868309UL, 0x2bed4832UL, 0x1170ac1eUL, 0x5a724e6cUL, 836 836 + 0x0efffbfdUL, 0x8538560fUL, 0xaed51e3dUL, 0x2d392736UL, 837 837 + 0x0fd9640aUL, 0x5ca62168UL, 0x5b54d19bUL, 0x362e3a24UL, 838 838 + 0x0a67b10cUL, 0x57e70f93UL, 0xee96d2b4UL, 0x9b919e1bUL, 839 839 + 0xc0c54f80UL, 0xdc20a261UL, 0x774b695aUL, 0x121a161cUL, 840 840 + 0x93ba0ae2UL, 0xa02ae5c0UL, 0x22e0433cUL, 0x1b171d12UL, 841 841 + 0x090d0b0eUL, 0x8bc7adf2UL, 0xb6a8b92dUL, 0x1ea9c814UL, 842 842 + 0xf1198557UL, 0x75074cafUL, 0x99ddbbeeUL, 0x7f60fda3UL, 843 843 + 0x01269ff7UL, 0x72f5bc5cUL, 0x663bc544UL, 0xfb7e345bUL, 844 844 + 0x4329768bUL, 0x23c6dccbUL, 0xedfc68b6UL, 0xe4f163b8UL, 845 845 + 0x31dccad7UL, 0x63851042UL, 0x97224013UL, 0xc6112084UL, 846 846 + 0x4a247d85UL, 0xbb3df8d2UL, 0xf93211aeUL, 0x29a16dc7UL, 847 847 + 0x9e2f4b1dUL, 0xb230f3dcUL, 0x8652ec0dUL, 0xc1e3d077UL, 848 848 + 0xb3166c2bUL, 0x70b999a9UL, 0x9448fa11UL, 0xe9642247UL, 849 849 + 0xfc8cc4a8UL, 0xf03f1aa0UL, 0x7d2cd856UL, 0x3390ef22UL, 850 850 + 0x494ec787UL, 0x38d1c1d9UL, 0xcaa2fe8cUL, 0xd40b3698UL, 851 851 + 0xf581cfa6UL, 0x7ade28a5UL, 0xb78e26daUL, 0xadbfa43fUL, 852 852 + 0x3a9de42cUL, 0x78920d50UL, 0x5fcc9b6aUL, 0x7e466254UL, 853 853 + 0x8d13c2f6UL, 0xd8b8e890UL, 0x39f75e2eUL, 0xc3aff582UL, 854 854 + 0x5d80be9fUL, 0xd0937c69UL, 0xd52da96fUL, 0x2512b3cfUL, 855 855 + 0xac993bc8UL, 0x187da710UL, 0x9c636ee8UL, 0x3bbb7bdbUL, 856 856 + 0x267809cdUL, 0x5918f46eUL, 0x9ab701ecUL, 0x4f9aa883UL, 857 857 + 0x956e65e6UL, 0xffe67eaaUL, 0xbccf0821UL, 0x15e8e6efUL, 858 858 + 0xe79bd9baUL, 0x6f36ce4aUL, 0x9f09d4eaUL, 0xb07cd629UL, 859 859 + 0xa4b2af31UL, 0x3f23312aUL, 0xa59430c6UL, 0xa266c035UL, 860 860 + 0x4ebc3774UL, 0x82caa6fcUL, 0x90d0b0e0UL, 0xa7d81533UL, 861 861 + 0x04984af1UL, 0xecdaf741UL, 0xcd500e7fUL, 0x91f62f17UL, 862 862 + 0x4dd68d76UL, 0xefb04d43UL, 0xaa4d54ccUL, 0x9604dfe4UL, 863 863 + 0xd1b5e39eUL, 0x6a881b4cUL, 0x2c1fb8c1UL, 0x65517f46UL, 864 864 + 0x5eea049dUL, 0x8c355d01UL, 0x877473faUL, 0x0b412efbUL, 865 865 + 0x671d5ab3UL, 0xdbd25292UL, 0x105633e9UL, 0xd647136dUL, 866 866 + 0xd7618c9aUL, 0xa10c7a37UL, 0xf8148e59UL, 0x133c89ebUL, 867 867 + 0xa927eeceUL, 0x61c935b7UL, 0x1ce5ede1UL, 0x47b13c7aUL, 868 868 + 0xd2df599cUL, 0xf2733f55UL, 0x14ce7918UL, 0xc737bf73UL, 869 869 + 0xf7cdea53UL, 0xfdaa5b5fUL, 0x3d6f14dfUL, 0x44db8678UL, 870 870 + 0xaff381caUL, 0x68c43eb9UL, 0x24342c38UL, 0xa3405fc2UL, 871 871 + 0x1dc37216UL, 0xe2250cbcUL, 0x3c498b28UL, 0x0d9541ffUL, 872 872 + 0xa8017139UL, 0x0cb3de08UL, 0xb4e49cd8UL, 0x56c19064UL, 873 873 + 0xcb84617bUL, 0x32b670d5UL, 0x6c5c7448UL, 0xb85742d0UL, 874 874 + }; 875 875 + 876 876 + static const ulong32 Tks0[] = { 877 877 + 0x00000000UL, 0x0e090d0bUL, 0x1c121a16UL, 0x121b171dUL, 0x3824342cUL, 0x362d3927UL, 0x24362e3aUL, 0x2a3f2331UL, 878 878 + 0x70486858UL, 0x7e416553UL, 0x6c5a724eUL, 0x62537f45UL, 0x486c5c74UL, 0x4665517fUL, 0x547e4662UL, 0x5a774b69UL, 879 879 + 0xe090d0b0UL, 0xee99ddbbUL, 0xfc82caa6UL, 0xf28bc7adUL, 0xd8b4e49cUL, 0xd6bde997UL, 0xc4a6fe8aUL, 0xcaaff381UL, 880 880 + 0x90d8b8e8UL, 0x9ed1b5e3UL, 0x8ccaa2feUL, 0x82c3aff5UL, 0xa8fc8cc4UL, 0xa6f581cfUL, 0xb4ee96d2UL, 0xbae79bd9UL, 881 881 + 0xdb3bbb7bUL, 0xd532b670UL, 0xc729a16dUL, 0xc920ac66UL, 0xe31f8f57UL, 0xed16825cUL, 0xff0d9541UL, 0xf104984aUL, 882 882 + 0xab73d323UL, 0xa57ade28UL, 0xb761c935UL, 0xb968c43eUL, 0x9357e70fUL, 0x9d5eea04UL, 0x8f45fd19UL, 0x814cf012UL, 883 883 + 0x3bab6bcbUL, 0x35a266c0UL, 0x27b971ddUL, 0x29b07cd6UL, 0x038f5fe7UL, 0x0d8652ecUL, 0x1f9d45f1UL, 0x119448faUL, 884 884 + 0x4be30393UL, 0x45ea0e98UL, 0x57f11985UL, 0x59f8148eUL, 0x73c737bfUL, 0x7dce3ab4UL, 0x6fd52da9UL, 0x61dc20a2UL, 885 885 + 0xad766df6UL, 0xa37f60fdUL, 0xb16477e0UL, 0xbf6d7aebUL, 0x955259daUL, 0x9b5b54d1UL, 0x894043ccUL, 0x87494ec7UL, 886 886 + 0xdd3e05aeUL, 0xd33708a5UL, 0xc12c1fb8UL, 0xcf2512b3UL, 0xe51a3182UL, 0xeb133c89UL, 0xf9082b94UL, 0xf701269fUL, 887 887 + 0x4de6bd46UL, 0x43efb04dUL, 0x51f4a750UL, 0x5ffdaa5bUL, 0x75c2896aUL, 0x7bcb8461UL, 0x69d0937cUL, 0x67d99e77UL, 888 888 + 0x3daed51eUL, 0x33a7d815UL, 0x21bccf08UL, 0x2fb5c203UL, 0x058ae132UL, 0x0b83ec39UL, 0x1998fb24UL, 0x1791f62fUL, 889 889 + 0x764dd68dUL, 0x7844db86UL, 0x6a5fcc9bUL, 0x6456c190UL, 0x4e69e2a1UL, 0x4060efaaUL, 0x527bf8b7UL, 0x5c72f5bcUL, 890 890 + 0x0605bed5UL, 0x080cb3deUL, 0x1a17a4c3UL, 0x141ea9c8UL, 0x3e218af9UL, 0x302887f2UL, 0x223390efUL, 0x2c3a9de4UL, 891 891 + 0x96dd063dUL, 0x98d40b36UL, 0x8acf1c2bUL, 0x84c61120UL, 0xaef93211UL, 0xa0f03f1aUL, 0xb2eb2807UL, 0xbce2250cUL, 892 892 + 0xe6956e65UL, 0xe89c636eUL, 0xfa877473UL, 0xf48e7978UL, 0xdeb15a49UL, 0xd0b85742UL, 0xc2a3405fUL, 0xccaa4d54UL, 893 893 + 0x41ecdaf7UL, 0x4fe5d7fcUL, 0x5dfec0e1UL, 0x53f7cdeaUL, 0x79c8eedbUL, 0x77c1e3d0UL, 0x65daf4cdUL, 0x6bd3f9c6UL, 894 894 + 0x31a4b2afUL, 0x3fadbfa4UL, 0x2db6a8b9UL, 0x23bfa5b2UL, 0x09808683UL, 0x07898b88UL, 0x15929c95UL, 0x1b9b919eUL, 895 895 + 0xa17c0a47UL, 0xaf75074cUL, 0xbd6e1051UL, 0xb3671d5aUL, 0x99583e6bUL, 0x97513360UL, 0x854a247dUL, 0x8b432976UL, 896 896 + 0xd134621fUL, 0xdf3d6f14UL, 0xcd267809UL, 0xc32f7502UL, 0xe9105633UL, 0xe7195b38UL, 0xf5024c25UL, 0xfb0b412eUL, 897 897 + 0x9ad7618cUL, 0x94de6c87UL, 0x86c57b9aUL, 0x88cc7691UL, 0xa2f355a0UL, 0xacfa58abUL, 0xbee14fb6UL, 0xb0e842bdUL, 898 898 + 0xea9f09d4UL, 0xe49604dfUL, 0xf68d13c2UL, 0xf8841ec9UL, 0xd2bb3df8UL, 0xdcb230f3UL, 0xcea927eeUL, 0xc0a02ae5UL, 899 899 + 0x7a47b13cUL, 0x744ebc37UL, 0x6655ab2aUL, 0x685ca621UL, 0x42638510UL, 0x4c6a881bUL, 0x5e719f06UL, 0x5078920dUL, 900 900 + 0x0a0fd964UL, 0x0406d46fUL, 0x161dc372UL, 0x1814ce79UL, 0x322bed48UL, 0x3c22e043UL, 0x2e39f75eUL, 0x2030fa55UL, 901 901 + 0xec9ab701UL, 0xe293ba0aUL, 0xf088ad17UL, 0xfe81a01cUL, 0xd4be832dUL, 0xdab78e26UL, 0xc8ac993bUL, 0xc6a59430UL, 902 902 + 0x9cd2df59UL, 0x92dbd252UL, 0x80c0c54fUL, 0x8ec9c844UL, 0xa4f6eb75UL, 0xaaffe67eUL, 0xb8e4f163UL, 0xb6edfc68UL, 903 903 + 0x0c0a67b1UL, 0x02036abaUL, 0x10187da7UL, 0x1e1170acUL, 0x342e539dUL, 0x3a275e96UL, 0x283c498bUL, 0x26354480UL, 904 904 + 0x7c420fe9UL, 0x724b02e2UL, 0x605015ffUL, 0x6e5918f4UL, 0x44663bc5UL, 0x4a6f36ceUL, 0x587421d3UL, 0x567d2cd8UL, 905 905 + 0x37a10c7aUL, 0x39a80171UL, 0x2bb3166cUL, 0x25ba1b67UL, 0x0f853856UL, 0x018c355dUL, 0x13972240UL, 0x1d9e2f4bUL, 906 906 + 0x47e96422UL, 0x49e06929UL, 0x5bfb7e34UL, 0x55f2733fUL, 0x7fcd500eUL, 0x71c45d05UL, 0x63df4a18UL, 0x6dd64713UL, 907 907 + 0xd731dccaUL, 0xd938d1c1UL, 0xcb23c6dcUL, 0xc52acbd7UL, 0xef15e8e6UL, 0xe11ce5edUL, 0xf307f2f0UL, 0xfd0efffbUL, 908 908 + 0xa779b492UL, 0xa970b999UL, 0xbb6bae84UL, 0xb562a38fUL, 0x9f5d80beUL, 0x91548db5UL, 0x834f9aa8UL, 0x8d4697a3UL 909 909 + }; 910 910 + 911 911 + static const ulong32 Tks1[] = { 912 912 + 0x00000000UL, 0x0b0e090dUL, 0x161c121aUL, 0x1d121b17UL, 0x2c382434UL, 0x27362d39UL, 0x3a24362eUL, 0x312a3f23UL, 913 913 + 0x58704868UL, 0x537e4165UL, 0x4e6c5a72UL, 0x4562537fUL, 0x74486c5cUL, 0x7f466551UL, 0x62547e46UL, 0x695a774bUL, 914 914 + 0xb0e090d0UL, 0xbbee99ddUL, 0xa6fc82caUL, 0xadf28bc7UL, 0x9cd8b4e4UL, 0x97d6bde9UL, 0x8ac4a6feUL, 0x81caaff3UL, 915 915 + 0xe890d8b8UL, 0xe39ed1b5UL, 0xfe8ccaa2UL, 0xf582c3afUL, 0xc4a8fc8cUL, 0xcfa6f581UL, 0xd2b4ee96UL, 0xd9bae79bUL, 916 916 + 0x7bdb3bbbUL, 0x70d532b6UL, 0x6dc729a1UL, 0x66c920acUL, 0x57e31f8fUL, 0x5ced1682UL, 0x41ff0d95UL, 0x4af10498UL, 917 917 + 0x23ab73d3UL, 0x28a57adeUL, 0x35b761c9UL, 0x3eb968c4UL, 0x0f9357e7UL, 0x049d5eeaUL, 0x198f45fdUL, 0x12814cf0UL, 918 918 + 0xcb3bab6bUL, 0xc035a266UL, 0xdd27b971UL, 0xd629b07cUL, 0xe7038f5fUL, 0xec0d8652UL, 0xf11f9d45UL, 0xfa119448UL, 919 919 + 0x934be303UL, 0x9845ea0eUL, 0x8557f119UL, 0x8e59f814UL, 0xbf73c737UL, 0xb47dce3aUL, 0xa96fd52dUL, 0xa261dc20UL, 920 920 + 0xf6ad766dUL, 0xfda37f60UL, 0xe0b16477UL, 0xebbf6d7aUL, 0xda955259UL, 0xd19b5b54UL, 0xcc894043UL, 0xc787494eUL, 921 921 + 0xaedd3e05UL, 0xa5d33708UL, 0xb8c12c1fUL, 0xb3cf2512UL, 0x82e51a31UL, 0x89eb133cUL, 0x94f9082bUL, 0x9ff70126UL, 922 922 + 0x464de6bdUL, 0x4d43efb0UL, 0x5051f4a7UL, 0x5b5ffdaaUL, 0x6a75c289UL, 0x617bcb84UL, 0x7c69d093UL, 0x7767d99eUL, 923 923 + 0x1e3daed5UL, 0x1533a7d8UL, 0x0821bccfUL, 0x032fb5c2UL, 0x32058ae1UL, 0x390b83ecUL, 0x241998fbUL, 0x2f1791f6UL, 924 924 + 0x8d764dd6UL, 0x867844dbUL, 0x9b6a5fccUL, 0x906456c1UL, 0xa14e69e2UL, 0xaa4060efUL, 0xb7527bf8UL, 0xbc5c72f5UL, 925 925 + 0xd50605beUL, 0xde080cb3UL, 0xc31a17a4UL, 0xc8141ea9UL, 0xf93e218aUL, 0xf2302887UL, 0xef223390UL, 0xe42c3a9dUL, 926 926 + 0x3d96dd06UL, 0x3698d40bUL, 0x2b8acf1cUL, 0x2084c611UL, 0x11aef932UL, 0x1aa0f03fUL, 0x07b2eb28UL, 0x0cbce225UL, 927 927 + 0x65e6956eUL, 0x6ee89c63UL, 0x73fa8774UL, 0x78f48e79UL, 0x49deb15aUL, 0x42d0b857UL, 0x5fc2a340UL, 0x54ccaa4dUL, 928 928 + 0xf741ecdaUL, 0xfc4fe5d7UL, 0xe15dfec0UL, 0xea53f7cdUL, 0xdb79c8eeUL, 0xd077c1e3UL, 0xcd65daf4UL, 0xc66bd3f9UL, 929 929 + 0xaf31a4b2UL, 0xa43fadbfUL, 0xb92db6a8UL, 0xb223bfa5UL, 0x83098086UL, 0x8807898bUL, 0x9515929cUL, 0x9e1b9b91UL, 930 930 + 0x47a17c0aUL, 0x4caf7507UL, 0x51bd6e10UL, 0x5ab3671dUL, 0x6b99583eUL, 0x60975133UL, 0x7d854a24UL, 0x768b4329UL, 931 931 + 0x1fd13462UL, 0x14df3d6fUL, 0x09cd2678UL, 0x02c32f75UL, 0x33e91056UL, 0x38e7195bUL, 0x25f5024cUL, 0x2efb0b41UL, 932 932 + 0x8c9ad761UL, 0x8794de6cUL, 0x9a86c57bUL, 0x9188cc76UL, 0xa0a2f355UL, 0xabacfa58UL, 0xb6bee14fUL, 0xbdb0e842UL, 933 933 + 0xd4ea9f09UL, 0xdfe49604UL, 0xc2f68d13UL, 0xc9f8841eUL, 0xf8d2bb3dUL, 0xf3dcb230UL, 0xeecea927UL, 0xe5c0a02aUL, 934 934 + 0x3c7a47b1UL, 0x37744ebcUL, 0x2a6655abUL, 0x21685ca6UL, 0x10426385UL, 0x1b4c6a88UL, 0x065e719fUL, 0x0d507892UL, 935 935 + 0x640a0fd9UL, 0x6f0406d4UL, 0x72161dc3UL, 0x791814ceUL, 0x48322bedUL, 0x433c22e0UL, 0x5e2e39f7UL, 0x552030faUL, 936 936 + 0x01ec9ab7UL, 0x0ae293baUL, 0x17f088adUL, 0x1cfe81a0UL, 0x2dd4be83UL, 0x26dab78eUL, 0x3bc8ac99UL, 0x30c6a594UL, 937 937 + 0x599cd2dfUL, 0x5292dbd2UL, 0x4f80c0c5UL, 0x448ec9c8UL, 0x75a4f6ebUL, 0x7eaaffe6UL, 0x63b8e4f1UL, 0x68b6edfcUL, 938 938 + 0xb10c0a67UL, 0xba02036aUL, 0xa710187dUL, 0xac1e1170UL, 0x9d342e53UL, 0x963a275eUL, 0x8b283c49UL, 0x80263544UL, 939 939 + 0xe97c420fUL, 0xe2724b02UL, 0xff605015UL, 0xf46e5918UL, 0xc544663bUL, 0xce4a6f36UL, 0xd3587421UL, 0xd8567d2cUL, 940 940 + 0x7a37a10cUL, 0x7139a801UL, 0x6c2bb316UL, 0x6725ba1bUL, 0x560f8538UL, 0x5d018c35UL, 0x40139722UL, 0x4b1d9e2fUL, 941 941 + 0x2247e964UL, 0x2949e069UL, 0x345bfb7eUL, 0x3f55f273UL, 0x0e7fcd50UL, 0x0571c45dUL, 0x1863df4aUL, 0x136dd647UL, 942 942 + 0xcad731dcUL, 0xc1d938d1UL, 0xdccb23c6UL, 0xd7c52acbUL, 0xe6ef15e8UL, 0xede11ce5UL, 0xf0f307f2UL, 0xfbfd0effUL, 943 943 + 0x92a779b4UL, 0x99a970b9UL, 0x84bb6baeUL, 0x8fb562a3UL, 0xbe9f5d80UL, 0xb591548dUL, 0xa8834f9aUL, 0xa38d4697UL 944 944 + }; 945 945 + 946 946 + static const ulong32 Tks2[] = { 947 947 + 0x00000000UL, 0x0d0b0e09UL, 0x1a161c12UL, 0x171d121bUL, 0x342c3824UL, 0x3927362dUL, 0x2e3a2436UL, 0x23312a3fUL, 948 948 + 0x68587048UL, 0x65537e41UL, 0x724e6c5aUL, 0x7f456253UL, 0x5c74486cUL, 0x517f4665UL, 0x4662547eUL, 0x4b695a77UL, 949 949 + 0xd0b0e090UL, 0xddbbee99UL, 0xcaa6fc82UL, 0xc7adf28bUL, 0xe49cd8b4UL, 0xe997d6bdUL, 0xfe8ac4a6UL, 0xf381caafUL, 950 950 + 0xb8e890d8UL, 0xb5e39ed1UL, 0xa2fe8ccaUL, 0xaff582c3UL, 0x8cc4a8fcUL, 0x81cfa6f5UL, 0x96d2b4eeUL, 0x9bd9bae7UL, 951 951 + 0xbb7bdb3bUL, 0xb670d532UL, 0xa16dc729UL, 0xac66c920UL, 0x8f57e31fUL, 0x825ced16UL, 0x9541ff0dUL, 0x984af104UL, 952 952 + 0xd323ab73UL, 0xde28a57aUL, 0xc935b761UL, 0xc43eb968UL, 0xe70f9357UL, 0xea049d5eUL, 0xfd198f45UL, 0xf012814cUL, 953 953 + 0x6bcb3babUL, 0x66c035a2UL, 0x71dd27b9UL, 0x7cd629b0UL, 0x5fe7038fUL, 0x52ec0d86UL, 0x45f11f9dUL, 0x48fa1194UL, 954 954 + 0x03934be3UL, 0x0e9845eaUL, 0x198557f1UL, 0x148e59f8UL, 0x37bf73c7UL, 0x3ab47dceUL, 0x2da96fd5UL, 0x20a261dcUL, 955 955 + 0x6df6ad76UL, 0x60fda37fUL, 0x77e0b164UL, 0x7aebbf6dUL, 0x59da9552UL, 0x54d19b5bUL, 0x43cc8940UL, 0x4ec78749UL, 956 956 + 0x05aedd3eUL, 0x08a5d337UL, 0x1fb8c12cUL, 0x12b3cf25UL, 0x3182e51aUL, 0x3c89eb13UL, 0x2b94f908UL, 0x269ff701UL, 957 957 + 0xbd464de6UL, 0xb04d43efUL, 0xa75051f4UL, 0xaa5b5ffdUL, 0x896a75c2UL, 0x84617bcbUL, 0x937c69d0UL, 0x9e7767d9UL, 958 958 + 0xd51e3daeUL, 0xd81533a7UL, 0xcf0821bcUL, 0xc2032fb5UL, 0xe132058aUL, 0xec390b83UL, 0xfb241998UL, 0xf62f1791UL, 959 959 + 0xd68d764dUL, 0xdb867844UL, 0xcc9b6a5fUL, 0xc1906456UL, 0xe2a14e69UL, 0xefaa4060UL, 0xf8b7527bUL, 0xf5bc5c72UL, 960 960 + 0xbed50605UL, 0xb3de080cUL, 0xa4c31a17UL, 0xa9c8141eUL, 0x8af93e21UL, 0x87f23028UL, 0x90ef2233UL, 0x9de42c3aUL, 961 961 + 0x063d96ddUL, 0x0b3698d4UL, 0x1c2b8acfUL, 0x112084c6UL, 0x3211aef9UL, 0x3f1aa0f0UL, 0x2807b2ebUL, 0x250cbce2UL, 962 962 + 0x6e65e695UL, 0x636ee89cUL, 0x7473fa87UL, 0x7978f48eUL, 0x5a49deb1UL, 0x5742d0b8UL, 0x405fc2a3UL, 0x4d54ccaaUL, 963 963 + 0xdaf741ecUL, 0xd7fc4fe5UL, 0xc0e15dfeUL, 0xcdea53f7UL, 0xeedb79c8UL, 0xe3d077c1UL, 0xf4cd65daUL, 0xf9c66bd3UL, 964 964 + 0xb2af31a4UL, 0xbfa43fadUL, 0xa8b92db6UL, 0xa5b223bfUL, 0x86830980UL, 0x8b880789UL, 0x9c951592UL, 0x919e1b9bUL, 965 965 + 0x0a47a17cUL, 0x074caf75UL, 0x1051bd6eUL, 0x1d5ab367UL, 0x3e6b9958UL, 0x33609751UL, 0x247d854aUL, 0x29768b43UL, 966 966 + 0x621fd134UL, 0x6f14df3dUL, 0x7809cd26UL, 0x7502c32fUL, 0x5633e910UL, 0x5b38e719UL, 0x4c25f502UL, 0x412efb0bUL, 967 967 + 0x618c9ad7UL, 0x6c8794deUL, 0x7b9a86c5UL, 0x769188ccUL, 0x55a0a2f3UL, 0x58abacfaUL, 0x4fb6bee1UL, 0x42bdb0e8UL, 968 968 + 0x09d4ea9fUL, 0x04dfe496UL, 0x13c2f68dUL, 0x1ec9f884UL, 0x3df8d2bbUL, 0x30f3dcb2UL, 0x27eecea9UL, 0x2ae5c0a0UL, 969 969 + 0xb13c7a47UL, 0xbc37744eUL, 0xab2a6655UL, 0xa621685cUL, 0x85104263UL, 0x881b4c6aUL, 0x9f065e71UL, 0x920d5078UL, 970 970 + 0xd9640a0fUL, 0xd46f0406UL, 0xc372161dUL, 0xce791814UL, 0xed48322bUL, 0xe0433c22UL, 0xf75e2e39UL, 0xfa552030UL, 971 971 + 0xb701ec9aUL, 0xba0ae293UL, 0xad17f088UL, 0xa01cfe81UL, 0x832dd4beUL, 0x8e26dab7UL, 0x993bc8acUL, 0x9430c6a5UL, 972 972 + 0xdf599cd2UL, 0xd25292dbUL, 0xc54f80c0UL, 0xc8448ec9UL, 0xeb75a4f6UL, 0xe67eaaffUL, 0xf163b8e4UL, 0xfc68b6edUL, 973 973 + 0x67b10c0aUL, 0x6aba0203UL, 0x7da71018UL, 0x70ac1e11UL, 0x539d342eUL, 0x5e963a27UL, 0x498b283cUL, 0x44802635UL, 974 974 + 0x0fe97c42UL, 0x02e2724bUL, 0x15ff6050UL, 0x18f46e59UL, 0x3bc54466UL, 0x36ce4a6fUL, 0x21d35874UL, 0x2cd8567dUL, 975 975 + 0x0c7a37a1UL, 0x017139a8UL, 0x166c2bb3UL, 0x1b6725baUL, 0x38560f85UL, 0x355d018cUL, 0x22401397UL, 0x2f4b1d9eUL, 976 976 + 0x642247e9UL, 0x692949e0UL, 0x7e345bfbUL, 0x733f55f2UL, 0x500e7fcdUL, 0x5d0571c4UL, 0x4a1863dfUL, 0x47136dd6UL, 977 977 + 0xdccad731UL, 0xd1c1d938UL, 0xc6dccb23UL, 0xcbd7c52aUL, 0xe8e6ef15UL, 0xe5ede11cUL, 0xf2f0f307UL, 0xfffbfd0eUL, 978 978 + 0xb492a779UL, 0xb999a970UL, 0xae84bb6bUL, 0xa38fb562UL, 0x80be9f5dUL, 0x8db59154UL, 0x9aa8834fUL, 0x97a38d46UL 979 979 + }; 980 980 + 981 981 + static const ulong32 Tks3[] = { 982 982 + 0x00000000UL, 0x090d0b0eUL, 0x121a161cUL, 0x1b171d12UL, 0x24342c38UL, 0x2d392736UL, 0x362e3a24UL, 0x3f23312aUL, 983 983 + 0x48685870UL, 0x4165537eUL, 0x5a724e6cUL, 0x537f4562UL, 0x6c5c7448UL, 0x65517f46UL, 0x7e466254UL, 0x774b695aUL, 984 984 + 0x90d0b0e0UL, 0x99ddbbeeUL, 0x82caa6fcUL, 0x8bc7adf2UL, 0xb4e49cd8UL, 0xbde997d6UL, 0xa6fe8ac4UL, 0xaff381caUL, 985 985 + 0xd8b8e890UL, 0xd1b5e39eUL, 0xcaa2fe8cUL, 0xc3aff582UL, 0xfc8cc4a8UL, 0xf581cfa6UL, 0xee96d2b4UL, 0xe79bd9baUL, 986 986 + 0x3bbb7bdbUL, 0x32b670d5UL, 0x29a16dc7UL, 0x20ac66c9UL, 0x1f8f57e3UL, 0x16825cedUL, 0x0d9541ffUL, 0x04984af1UL, 987 987 + 0x73d323abUL, 0x7ade28a5UL, 0x61c935b7UL, 0x68c43eb9UL, 0x57e70f93UL, 0x5eea049dUL, 0x45fd198fUL, 0x4cf01281UL, 988 988 + 0xab6bcb3bUL, 0xa266c035UL, 0xb971dd27UL, 0xb07cd629UL, 0x8f5fe703UL, 0x8652ec0dUL, 0x9d45f11fUL, 0x9448fa11UL, 989 989 + 0xe303934bUL, 0xea0e9845UL, 0xf1198557UL, 0xf8148e59UL, 0xc737bf73UL, 0xce3ab47dUL, 0xd52da96fUL, 0xdc20a261UL, 990 990 + 0x766df6adUL, 0x7f60fda3UL, 0x6477e0b1UL, 0x6d7aebbfUL, 0x5259da95UL, 0x5b54d19bUL, 0x4043cc89UL, 0x494ec787UL, 991 991 + 0x3e05aeddUL, 0x3708a5d3UL, 0x2c1fb8c1UL, 0x2512b3cfUL, 0x1a3182e5UL, 0x133c89ebUL, 0x082b94f9UL, 0x01269ff7UL, 992 992 + 0xe6bd464dUL, 0xefb04d43UL, 0xf4a75051UL, 0xfdaa5b5fUL, 0xc2896a75UL, 0xcb84617bUL, 0xd0937c69UL, 0xd99e7767UL, 993 993 + 0xaed51e3dUL, 0xa7d81533UL, 0xbccf0821UL, 0xb5c2032fUL, 0x8ae13205UL, 0x83ec390bUL, 0x98fb2419UL, 0x91f62f17UL, 994 994 + 0x4dd68d76UL, 0x44db8678UL, 0x5fcc9b6aUL, 0x56c19064UL, 0x69e2a14eUL, 0x60efaa40UL, 0x7bf8b752UL, 0x72f5bc5cUL, 995 995 + 0x05bed506UL, 0x0cb3de08UL, 0x17a4c31aUL, 0x1ea9c814UL, 0x218af93eUL, 0x2887f230UL, 0x3390ef22UL, 0x3a9de42cUL, 996 996 + 0xdd063d96UL, 0xd40b3698UL, 0xcf1c2b8aUL, 0xc6112084UL, 0xf93211aeUL, 0xf03f1aa0UL, 0xeb2807b2UL, 0xe2250cbcUL, 997 997 + 0x956e65e6UL, 0x9c636ee8UL, 0x877473faUL, 0x8e7978f4UL, 0xb15a49deUL, 0xb85742d0UL, 0xa3405fc2UL, 0xaa4d54ccUL, 998 998 + 0xecdaf741UL, 0xe5d7fc4fUL, 0xfec0e15dUL, 0xf7cdea53UL, 0xc8eedb79UL, 0xc1e3d077UL, 0xdaf4cd65UL, 0xd3f9c66bUL, 999 999 + 0xa4b2af31UL, 0xadbfa43fUL, 0xb6a8b92dUL, 0xbfa5b223UL, 0x80868309UL, 0x898b8807UL, 0x929c9515UL, 0x9b919e1bUL, 1000 1000 + 0x7c0a47a1UL, 0x75074cafUL, 0x6e1051bdUL, 0x671d5ab3UL, 0x583e6b99UL, 0x51336097UL, 0x4a247d85UL, 0x4329768bUL, 1001 1001 + 0x34621fd1UL, 0x3d6f14dfUL, 0x267809cdUL, 0x2f7502c3UL, 0x105633e9UL, 0x195b38e7UL, 0x024c25f5UL, 0x0b412efbUL, 1002 1002 + 0xd7618c9aUL, 0xde6c8794UL, 0xc57b9a86UL, 0xcc769188UL, 0xf355a0a2UL, 0xfa58abacUL, 0xe14fb6beUL, 0xe842bdb0UL, 1003 1003 + 0x9f09d4eaUL, 0x9604dfe4UL, 0x8d13c2f6UL, 0x841ec9f8UL, 0xbb3df8d2UL, 0xb230f3dcUL, 0xa927eeceUL, 0xa02ae5c0UL, 1004 1004 + 0x47b13c7aUL, 0x4ebc3774UL, 0x55ab2a66UL, 0x5ca62168UL, 0x63851042UL, 0x6a881b4cUL, 0x719f065eUL, 0x78920d50UL, 1005 1005 + 0x0fd9640aUL, 0x06d46f04UL, 0x1dc37216UL, 0x14ce7918UL, 0x2bed4832UL, 0x22e0433cUL, 0x39f75e2eUL, 0x30fa5520UL, 1006 1006 + 0x9ab701ecUL, 0x93ba0ae2UL, 0x88ad17f0UL, 0x81a01cfeUL, 0xbe832dd4UL, 0xb78e26daUL, 0xac993bc8UL, 0xa59430c6UL, 1007 1007 + 0xd2df599cUL, 0xdbd25292UL, 0xc0c54f80UL, 0xc9c8448eUL, 0xf6eb75a4UL, 0xffe67eaaUL, 0xe4f163b8UL, 0xedfc68b6UL, 1008 1008 + 0x0a67b10cUL, 0x036aba02UL, 0x187da710UL, 0x1170ac1eUL, 0x2e539d34UL, 0x275e963aUL, 0x3c498b28UL, 0x35448026UL, 1009 1009 + 0x420fe97cUL, 0x4b02e272UL, 0x5015ff60UL, 0x5918f46eUL, 0x663bc544UL, 0x6f36ce4aUL, 0x7421d358UL, 0x7d2cd856UL, 1010 1010 + 0xa10c7a37UL, 0xa8017139UL, 0xb3166c2bUL, 0xba1b6725UL, 0x8538560fUL, 0x8c355d01UL, 0x97224013UL, 0x9e2f4b1dUL, 1011 1011 + 0xe9642247UL, 0xe0692949UL, 0xfb7e345bUL, 0xf2733f55UL, 0xcd500e7fUL, 0xc45d0571UL, 0xdf4a1863UL, 0xd647136dUL, 1012 1012 + 0x31dccad7UL, 0x38d1c1d9UL, 0x23c6dccbUL, 0x2acbd7c5UL, 0x15e8e6efUL, 0x1ce5ede1UL, 0x07f2f0f3UL, 0x0efffbfdUL, 1013 1013 + 0x79b492a7UL, 0x70b999a9UL, 0x6bae84bbUL, 0x62a38fb5UL, 0x5d80be9fUL, 0x548db591UL, 0x4f9aa883UL, 0x4697a38dUL 1014 1014 + }; 1015 1015 + 1016 1016 + #endif /* ENCRYPT_ONLY */ 1017 1017 + 1018 1018 + #endif /* SMALL CODE */ 1019 1019 + 1020 1020 + #ifndef PELI_TAB 1021 1021 + static const ulong32 rcon[] = { 1022 1022 + 0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL, 1023 1023 + 0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL, 1024 1024 + 0x1B000000UL, 0x36000000UL, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ 1025 1025 + }; 1026 1026 + #endif 1027 1027 + 1028 1028 + #endif /* __LTC_AES_TAB_C__ */ 1029 1029 + 1030 1030 + /* ref: HEAD -> master, tag: v1.18.2 */ 1031 1031 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 1032 1032 + /* commit time: 2018-07-01 22:49:01 +0200 */

+286

utils/tomcrypt/src/hashes/sha1.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + #include "tomcrypt.h" 10 10 + 11 11 + /** 12 12 + @file sha1.c 13 13 + LTC_SHA1 code by Tom St Denis 14 14 + */ 15 15 + 16 16 + 17 17 + #ifdef LTC_SHA1 18 18 + 19 19 + const struct ltc_hash_descriptor sha1_desc = 20 20 + { 21 21 + "sha1", 22 22 + 2, 23 23 + 20, 24 24 + 64, 25 25 + 26 26 + /* OID */ 27 27 + { 1, 3, 14, 3, 2, 26, }, 28 28 + 6, 29 29 + 30 30 + &sha1_init, 31 31 + &sha1_process, 32 32 + &sha1_done, 33 33 + &sha1_test, 34 34 + NULL 35 35 + }; 36 36 + 37 37 + #define F0(x,y,z) (z ^ (x & (y ^ z))) 38 38 + #define F1(x,y,z) (x ^ y ^ z) 39 39 + #define F2(x,y,z) ((x & y) | (z & (x | y))) 40 40 + #define F3(x,y,z) (x ^ y ^ z) 41 41 + 42 42 + #ifdef LTC_CLEAN_STACK 43 43 + static int _sha1_compress(hash_state *md, unsigned char *buf) 44 44 + #else 45 45 + static int sha1_compress(hash_state *md, unsigned char *buf) 46 46 + #endif 47 47 + { 48 48 + ulong32 a,b,c,d,e,W[80],i; 49 49 + #ifdef LTC_SMALL_CODE 50 50 + ulong32 t; 51 51 + #endif 52 52 + 53 53 + /* copy the state into 512-bits into W[0..15] */ 54 54 + for (i = 0; i < 16; i++) { 55 55 + LOAD32H(W[i], buf + (4*i)); 56 56 + } 57 57 + 58 58 + /* copy state */ 59 59 + a = md->sha1.state[0]; 60 60 + b = md->sha1.state[1]; 61 61 + c = md->sha1.state[2]; 62 62 + d = md->sha1.state[3]; 63 63 + e = md->sha1.state[4]; 64 64 + 65 65 + /* expand it */ 66 66 + for (i = 16; i < 80; i++) { 67 67 + W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); 68 68 + } 69 69 + 70 70 + /* compress */ 71 71 + /* round one */ 72 72 + #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); 73 73 + #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); 74 74 + #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); 75 75 + #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); 76 76 + 77 77 + #ifdef LTC_SMALL_CODE 78 78 + 79 79 + for (i = 0; i < 20; ) { 80 80 + FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; 81 81 + } 82 82 + 83 83 + for (; i < 40; ) { 84 84 + FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; 85 85 + } 86 86 + 87 87 + for (; i < 60; ) { 88 88 + FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; 89 89 + } 90 90 + 91 91 + for (; i < 80; ) { 92 92 + FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; 93 93 + } 94 94 + 95 95 + #else 96 96 + 97 97 + for (i = 0; i < 20; ) { 98 98 + FF0(a,b,c,d,e,i++); 99 99 + FF0(e,a,b,c,d,i++); 100 100 + FF0(d,e,a,b,c,i++); 101 101 + FF0(c,d,e,a,b,i++); 102 102 + FF0(b,c,d,e,a,i++); 103 103 + } 104 104 + 105 105 + /* round two */ 106 106 + for (; i < 40; ) { 107 107 + FF1(a,b,c,d,e,i++); 108 108 + FF1(e,a,b,c,d,i++); 109 109 + FF1(d,e,a,b,c,i++); 110 110 + FF1(c,d,e,a,b,i++); 111 111 + FF1(b,c,d,e,a,i++); 112 112 + } 113 113 + 114 114 + /* round three */ 115 115 + for (; i < 60; ) { 116 116 + FF2(a,b,c,d,e,i++); 117 117 + FF2(e,a,b,c,d,i++); 118 118 + FF2(d,e,a,b,c,i++); 119 119 + FF2(c,d,e,a,b,i++); 120 120 + FF2(b,c,d,e,a,i++); 121 121 + } 122 122 + 123 123 + /* round four */ 124 124 + for (; i < 80; ) { 125 125 + FF3(a,b,c,d,e,i++); 126 126 + FF3(e,a,b,c,d,i++); 127 127 + FF3(d,e,a,b,c,i++); 128 128 + FF3(c,d,e,a,b,i++); 129 129 + FF3(b,c,d,e,a,i++); 130 130 + } 131 131 + #endif 132 132 + 133 133 + #undef FF0 134 134 + #undef FF1 135 135 + #undef FF2 136 136 + #undef FF3 137 137 + 138 138 + /* store */ 139 139 + md->sha1.state[0] = md->sha1.state[0] + a; 140 140 + md->sha1.state[1] = md->sha1.state[1] + b; 141 141 + md->sha1.state[2] = md->sha1.state[2] + c; 142 142 + md->sha1.state[3] = md->sha1.state[3] + d; 143 143 + md->sha1.state[4] = md->sha1.state[4] + e; 144 144 + 145 145 + return CRYPT_OK; 146 146 + } 147 147 + 148 148 + #ifdef LTC_CLEAN_STACK 149 149 + static int sha1_compress(hash_state *md, unsigned char *buf) 150 150 + { 151 151 + int err; 152 152 + err = _sha1_compress(md, buf); 153 153 + burn_stack(sizeof(ulong32) * 87); 154 154 + return err; 155 155 + } 156 156 + #endif 157 157 + 158 158 + /** 159 159 + Initialize the hash state 160 160 + @param md The hash state you wish to initialize 161 161 + @return CRYPT_OK if successful 162 162 + */ 163 163 + int sha1_init(hash_state * md) 164 164 + { 165 165 + LTC_ARGCHK(md != NULL); 166 166 + md->sha1.state[0] = 0x67452301UL; 167 167 + md->sha1.state[1] = 0xefcdab89UL; 168 168 + md->sha1.state[2] = 0x98badcfeUL; 169 169 + md->sha1.state[3] = 0x10325476UL; 170 170 + md->sha1.state[4] = 0xc3d2e1f0UL; 171 171 + md->sha1.curlen = 0; 172 172 + md->sha1.length = 0; 173 173 + return CRYPT_OK; 174 174 + } 175 175 + 176 176 + /** 177 177 + Process a block of memory though the hash 178 178 + @param md The hash state 179 179 + @param in The data to hash 180 180 + @param inlen The length of the data (octets) 181 181 + @return CRYPT_OK if successful 182 182 + */ 183 183 + HASH_PROCESS(sha1_process, sha1_compress, sha1, 64) 184 184 + 185 185 + /** 186 186 + Terminate the hash to get the digest 187 187 + @param md The hash state 188 188 + @param out [out] The destination of the hash (20 bytes) 189 189 + @return CRYPT_OK if successful 190 190 + */ 191 191 + int sha1_done(hash_state * md, unsigned char *out) 192 192 + { 193 193 + int i; 194 194 + 195 195 + LTC_ARGCHK(md != NULL); 196 196 + LTC_ARGCHK(out != NULL); 197 197 + 198 198 + if (md->sha1.curlen >= sizeof(md->sha1.buf)) { 199 199 + return CRYPT_INVALID_ARG; 200 200 + } 201 201 + 202 202 + /* increase the length of the message */ 203 203 + md->sha1.length += md->sha1.curlen * 8; 204 204 + 205 205 + /* append the '1' bit */ 206 206 + md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80; 207 207 + 208 208 + /* if the length is currently above 56 bytes we append zeros 209 209 + * then compress. Then we can fall back to padding zeros and length 210 210 + * encoding like normal. 211 211 + */ 212 212 + if (md->sha1.curlen > 56) { 213 213 + while (md->sha1.curlen < 64) { 214 214 + md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; 215 215 + } 216 216 + sha1_compress(md, md->sha1.buf); 217 217 + md->sha1.curlen = 0; 218 218 + } 219 219 + 220 220 + /* pad upto 56 bytes of zeroes */ 221 221 + while (md->sha1.curlen < 56) { 222 222 + md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; 223 223 + } 224 224 + 225 225 + /* store length */ 226 226 + STORE64H(md->sha1.length, md->sha1.buf+56); 227 227 + sha1_compress(md, md->sha1.buf); 228 228 + 229 229 + /* copy output */ 230 230 + for (i = 0; i < 5; i++) { 231 231 + STORE32H(md->sha1.state[i], out+(4*i)); 232 232 + } 233 233 + #ifdef LTC_CLEAN_STACK 234 234 + zeromem(md, sizeof(hash_state)); 235 235 + #endif 236 236 + return CRYPT_OK; 237 237 + } 238 238 + 239 239 + /** 240 240 + Self-test the hash 241 241 + @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled 242 242 + */ 243 243 + int sha1_test(void) 244 244 + { 245 245 + #ifndef LTC_TEST 246 246 + return CRYPT_NOP; 247 247 + #else 248 248 + static const struct { 249 249 + const char *msg; 250 250 + unsigned char hash[20]; 251 251 + } tests[] = { 252 252 + { "abc", 253 253 + { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, 254 254 + 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, 255 255 + 0x9c, 0xd0, 0xd8, 0x9d } 256 256 + }, 257 257 + { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", 258 258 + { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, 259 259 + 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, 260 260 + 0xE5, 0x46, 0x70, 0xF1 } 261 261 + } 262 262 + }; 263 263 + 264 264 + int i; 265 265 + unsigned char tmp[20]; 266 266 + hash_state md; 267 267 + 268 268 + for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { 269 269 + sha1_init(&md); 270 270 + sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); 271 271 + sha1_done(&md, tmp); 272 272 + if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA1", i)) { 273 273 + return CRYPT_FAIL_TESTVECTOR; 274 274 + } 275 275 + } 276 276 + return CRYPT_OK; 277 277 + #endif 278 278 + } 279 279 + 280 280 + #endif 281 281 + 282 282 + 283 283 + 284 284 + /* ref: HEAD -> master, tag: v1.18.2 */ 285 285 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 286 286 + /* commit time: 2018-07-01 22:49:01 +0200 */

+105

utils/tomcrypt/src/headers/tomcrypt.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + #ifndef TOMCRYPT_H_ 11 11 + #define TOMCRYPT_H_ 12 12 + #include <assert.h> 13 13 + #include <stdio.h> 14 14 + #include <string.h> 15 15 + #include <stdlib.h> 16 16 + #include <stddef.h> 17 17 + #include <time.h> 18 18 + #include <ctype.h> 19 19 + #include <limits.h> 20 20 + 21 21 + /* use configuration data */ 22 22 + #include <tomcrypt_custom.h> 23 23 + 24 24 + #ifdef __cplusplus 25 25 + extern "C" { 26 26 + #endif 27 27 + 28 28 + /* version */ 29 29 + #define CRYPT 0x0118 30 30 + #define SCRYPT "1.18.2" 31 31 + 32 32 + /* max size of either a cipher/hash block or symmetric key [largest of the two] */ 33 33 + #define MAXBLOCKSIZE 128 34 34 + 35 35 + #ifndef TAB_SIZE 36 36 + /* descriptor table size */ 37 37 + #define TAB_SIZE 32 38 38 + #endif 39 39 + 40 40 + /* error codes [will be expanded in future releases] */ 41 41 + enum { 42 42 + CRYPT_OK=0, /* Result OK */ 43 43 + CRYPT_ERROR, /* Generic Error */ 44 44 + CRYPT_NOP, /* Not a failure but no operation was performed */ 45 45 + 46 46 + CRYPT_INVALID_KEYSIZE, /* Invalid key size given */ 47 47 + CRYPT_INVALID_ROUNDS, /* Invalid number of rounds */ 48 48 + CRYPT_FAIL_TESTVECTOR, /* Algorithm failed test vectors */ 49 49 + 50 50 + CRYPT_BUFFER_OVERFLOW, /* Not enough space for output */ 51 51 + CRYPT_INVALID_PACKET, /* Invalid input packet given */ 52 52 + 53 53 + CRYPT_INVALID_PRNGSIZE, /* Invalid number of bits for a PRNG */ 54 54 + CRYPT_ERROR_READPRNG, /* Could not read enough from PRNG */ 55 55 + 56 56 + CRYPT_INVALID_CIPHER, /* Invalid cipher specified */ 57 57 + CRYPT_INVALID_HASH, /* Invalid hash specified */ 58 58 + CRYPT_INVALID_PRNG, /* Invalid PRNG specified */ 59 59 + 60 60 + CRYPT_MEM, /* Out of memory */ 61 61 + 62 62 + CRYPT_PK_TYPE_MISMATCH, /* Not equivalent types of PK keys */ 63 63 + CRYPT_PK_NOT_PRIVATE, /* Requires a private PK key */ 64 64 + 65 65 + CRYPT_INVALID_ARG, /* Generic invalid argument */ 66 66 + CRYPT_FILE_NOTFOUND, /* File Not Found */ 67 67 + 68 68 + CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */ 69 69 + 70 70 + CRYPT_OVERFLOW, /* An overflow of a value was detected/prevented */ 71 71 + 72 72 + CRYPT_UNUSED1, /* UNUSED1 */ 73 73 + 74 74 + CRYPT_INPUT_TOO_LONG, /* The input was longer than expected. */ 75 75 + 76 76 + CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */ 77 77 + 78 78 + CRYPT_INVALID_PRIME_SIZE,/* Invalid size of prime requested */ 79 79 + CRYPT_PK_INVALID_PADDING, /* Invalid padding on input */ 80 80 + 81 81 + CRYPT_HASH_OVERFLOW /* Hash applied to too many bits */ 82 82 + }; 83 83 + 84 84 + #include <tomcrypt_cfg.h> 85 85 + #include <tomcrypt_macros.h> 86 86 + #include <tomcrypt_cipher.h> 87 87 + #include <tomcrypt_hash.h> 88 88 + #include <tomcrypt_mac.h> 89 89 + #include <tomcrypt_prng.h> 90 90 + #include <tomcrypt_pk.h> 91 91 + #include <tomcrypt_math.h> 92 92 + #include <tomcrypt_misc.h> 93 93 + #include <tomcrypt_argchk.h> 94 94 + #include <tomcrypt_pkcs.h> 95 95 + 96 96 + #ifdef __cplusplus 97 97 + } 98 98 + #endif 99 99 + 100 100 + #endif /* TOMCRYPT_H_ */ 101 101 + 102 102 + 103 103 + /* ref: HEAD -> master, tag: v1.18.2 */ 104 104 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 105 105 + /* commit time: 2018-07-01 22:49:01 +0200 */

+53

utils/tomcrypt/src/headers/tomcrypt_argchk.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /* Defines the LTC_ARGCHK macro used within the library */ 11 11 + /* ARGTYPE is defined in tomcrypt_cfg.h */ 12 12 + #if ARGTYPE == 0 13 13 + 14 14 + #include <signal.h> 15 15 + 16 16 + /* this is the default LibTomCrypt macro */ 17 17 + #if defined(__clang__) || defined(__GNUC_MINOR__) 18 18 + #define NORETURN __attribute__ ((noreturn)) 19 19 + #else 20 20 + #define NORETURN 21 21 + #endif 22 22 + 23 23 + void crypt_argchk(const char *v, const char *s, int d) NORETURN; 24 24 + #define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) 25 25 + #define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) 26 26 + 27 27 + #elif ARGTYPE == 1 28 28 + 29 29 + /* fatal type of error */ 30 30 + #define LTC_ARGCHK(x) assert((x)) 31 31 + #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) 32 32 + 33 33 + #elif ARGTYPE == 2 34 34 + 35 35 + #define LTC_ARGCHK(x) if (!(x)) { fprintf(stderr, "\nwarning: ARGCHK failed at %s:%d\n", __FILE__, __LINE__); } 36 36 + #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) 37 37 + 38 38 + #elif ARGTYPE == 3 39 39 + 40 40 + #define LTC_ARGCHK(x) 41 41 + #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) 42 42 + 43 43 + #elif ARGTYPE == 4 44 44 + 45 45 + #define LTC_ARGCHK(x) if (!(x)) return CRYPT_INVALID_ARG; 46 46 + #define LTC_ARGCHKVD(x) if (!(x)) return; 47 47 + 48 48 + #endif 49 49 + 50 50 + 51 51 + /* ref: HEAD -> master, tag: v1.18.2 */ 52 52 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 53 53 + /* commit time: 2018-07-01 22:49:01 +0200 */

+283

utils/tomcrypt/src/headers/tomcrypt_cfg.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /* This is the build config file. 11 11 + * 12 12 + * With this you can setup what to inlcude/exclude automatically during any build. Just comment 13 13 + * out the line that #define's the word for the thing you want to remove. phew! 14 14 + */ 15 15 + 16 16 + #ifndef TOMCRYPT_CFG_H 17 17 + #define TOMCRYPT_CFG_H 18 18 + 19 19 + #if defined(_WIN32) || defined(_MSC_VER) 20 20 + #define LTC_CALL __cdecl 21 21 + #elif !defined(LTC_CALL) 22 22 + #define LTC_CALL 23 23 + #endif 24 24 + 25 25 + #ifndef LTC_EXPORT 26 26 + #define LTC_EXPORT 27 27 + #endif 28 28 + 29 29 + /* certain platforms use macros for these, making the prototypes broken */ 30 30 + #ifndef LTC_NO_PROTOTYPES 31 31 + 32 32 + /* you can change how memory allocation works ... */ 33 33 + LTC_EXPORT void * LTC_CALL XMALLOC(size_t n); 34 34 + LTC_EXPORT void * LTC_CALL XREALLOC(void *p, size_t n); 35 35 + LTC_EXPORT void * LTC_CALL XCALLOC(size_t n, size_t s); 36 36 + LTC_EXPORT void LTC_CALL XFREE(void *p); 37 37 + 38 38 + LTC_EXPORT void LTC_CALL XQSORT(void *base, size_t nmemb, size_t size, int(*compar)(const void *, const void *)); 39 39 + 40 40 + 41 41 + /* change the clock function too */ 42 42 + LTC_EXPORT clock_t LTC_CALL XCLOCK(void); 43 43 + 44 44 + /* various other functions */ 45 45 + LTC_EXPORT void * LTC_CALL XMEMCPY(void *dest, const void *src, size_t n); 46 46 + LTC_EXPORT int LTC_CALL XMEMCMP(const void *s1, const void *s2, size_t n); 47 47 + LTC_EXPORT void * LTC_CALL XMEMSET(void *s, int c, size_t n); 48 48 + 49 49 + LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); 50 50 + 51 51 + #endif 52 52 + 53 53 + /* some compilers do not like "inline" (or maybe "static inline"), namely: HP cc, IBM xlc */ 54 54 + #if defined(__HP_cc) || defined(__xlc__) 55 55 + #define LTC_INLINE 56 56 + #elif defined(_MSC_VER) 57 57 + #define LTC_INLINE __inline 58 58 + #else 59 59 + #define LTC_INLINE inline 60 60 + #endif 61 61 + 62 62 + /* type of argument checking, 0=default, 1=fatal and 2=error+continue, 3=nothing */ 63 63 + #ifndef ARGTYPE 64 64 + #define ARGTYPE 0 65 65 + #endif 66 66 + 67 67 + #undef LTC_ENCRYPT 68 68 + #define LTC_ENCRYPT 0 69 69 + #undef LTC_DECRYPT 70 70 + #define LTC_DECRYPT 1 71 71 + 72 72 + /* Controls endianess and size of registers. Leave uncommented to get platform neutral [slower] code 73 73 + * 74 74 + * Note: in order to use the optimized macros your platform must support unaligned 32 and 64 bit read/writes. 75 75 + * The x86 platforms allow this but some others [ARM for instance] do not. On those platforms you **MUST** 76 76 + * use the portable [slower] macros. 77 77 + */ 78 78 + /* detect x86/i386 32bit */ 79 79 + #if defined(__i386__) || defined(__i386) || defined(_M_IX86) 80 80 + #define ENDIAN_LITTLE 81 81 + #define ENDIAN_32BITWORD 82 82 + #define LTC_FAST 83 83 + #endif 84 84 + 85 85 + /* detect amd64/x64 */ 86 86 + #if defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) 87 87 + #define ENDIAN_LITTLE 88 88 + #define ENDIAN_64BITWORD 89 89 + #define LTC_FAST 90 90 + #endif 91 91 + 92 92 + /* detect PPC32 */ 93 93 + #if defined(LTC_PPC32) 94 94 + #define ENDIAN_BIG 95 95 + #define ENDIAN_32BITWORD 96 96 + #define LTC_FAST 97 97 + #endif 98 98 + 99 99 + /* detects MIPS R5900 processors (PS2) */ 100 100 + #if (defined(__R5900) || defined(R5900) || defined(__R5900__)) && (defined(_mips) || defined(__mips__) || defined(mips)) 101 101 + #define ENDIAN_64BITWORD 102 102 + #if defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__) 103 103 + #define ENDIAN_BIG 104 104 + #endif 105 105 + #define ENDIAN_LITTLE 106 106 + #endif 107 107 + #endif 108 108 + 109 109 + /* detect AIX */ 110 110 + #if defined(_AIX) && defined(_BIG_ENDIAN) 111 111 + #define ENDIAN_BIG 112 112 + #if defined(__LP64__) || defined(_ARCH_PPC64) 113 113 + #define ENDIAN_64BITWORD 114 114 + #else 115 115 + #define ENDIAN_32BITWORD 116 116 + #endif 117 117 + #endif 118 118 + 119 119 + /* detect HP-UX */ 120 120 + #if defined(__hpux) || defined(__hpux__) 121 121 + #define ENDIAN_BIG 122 122 + #if defined(__ia64) || defined(__ia64__) || defined(__LP64__) 123 123 + #define ENDIAN_64BITWORD 124 124 + #else 125 125 + #define ENDIAN_32BITWORD 126 126 + #endif 127 127 + #endif 128 128 + 129 129 + /* detect Apple OS X */ 130 130 + #if defined(__APPLE__) && defined(__MACH__) 131 131 + #if defined(__LITTLE_ENDIAN__) || defined(__x86_64__) 132 132 + #define ENDIAN_LITTLE 133 133 + #else 134 134 + #define ENDIAN_BIG 135 135 + #endif 136 136 + #if defined(__LP64__) || defined(__x86_64__) 137 137 + #define ENDIAN_64BITWORD 138 138 + #else 139 139 + #define ENDIAN_32BITWORD 140 140 + #endif 141 141 + #endif 142 142 + 143 143 + /* detect SPARC and SPARC64 */ 144 144 + #if defined(__sparc__) || defined(__sparc) 145 145 + #define ENDIAN_BIG 146 146 + #if defined(__arch64__) || defined(__sparcv9) || defined(__sparc_v9__) 147 147 + #define ENDIAN_64BITWORD 148 148 + #else 149 149 + #define ENDIAN_32BITWORD 150 150 + #endif 151 151 + #endif 152 152 + 153 153 + /* detect IBM S390(x) */ 154 154 + #if defined(__s390x__) || defined(__s390__) 155 155 + #define ENDIAN_BIG 156 156 + #if defined(__s390x__) 157 157 + #define ENDIAN_64BITWORD 158 158 + #else 159 159 + #define ENDIAN_32BITWORD 160 160 + #endif 161 161 + #endif 162 162 + 163 163 + /* detect PPC64 */ 164 164 + #if defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) 165 165 + #define ENDIAN_64BITWORD 166 166 + #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ 167 167 + #define ENDIAN_BIG 168 168 + #elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 169 169 + #define ENDIAN_LITTLE 170 170 + #endif 171 171 + #define LTC_FAST 172 172 + #endif 173 173 + 174 174 + /* endianness fallback */ 175 175 + #if !defined(ENDIAN_BIG) && !defined(ENDIAN_LITTLE) 176 176 + #if defined(_BYTE_ORDER) && _BYTE_ORDER == _BIG_ENDIAN || \ 177 177 + defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN || \ 178 178 + defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ || \ 179 179 + defined(__BIG_ENDIAN__) || \ 180 180 + defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \ 181 181 + defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__) 182 182 + #define ENDIAN_BIG 183 183 + #elif defined(_BYTE_ORDER) && _BYTE_ORDER == _LITTLE_ENDIAN || \ 184 184 + defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN || \ 185 185 + defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ || \ 186 186 + defined(__LITTLE_ENDIAN__) || \ 187 187 + defined(__ARMEL__) || defined(__THUMBEL__) || defined(__AARCH64EL__) || \ 188 188 + defined(_MIPSEL) || defined(__MIPSEL) || defined(__MIPSEL__) 189 189 + #define ENDIAN_LITTLE 190 190 + #else 191 191 + #error Cannot detect endianness 192 192 + #endif 193 193 + #endif 194 194 + 195 195 + /* ulong64: 64-bit data type */ 196 196 + #ifdef _MSC_VER 197 197 + #define CONST64(n) n ## ui64 198 198 + typedef unsigned __int64 ulong64; 199 199 + #else 200 200 + #define CONST64(n) n ## ULL 201 201 + typedef unsigned long long ulong64; 202 202 + #endif 203 203 + 204 204 + /* ulong32: "32-bit at least" data type */ 205 205 + #if defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) || \ 206 206 + defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) || \ 207 207 + defined(__s390x__) || defined(__arch64__) || defined(__aarch64__) || \ 208 208 + defined(__sparcv9) || defined(__sparc_v9__) || defined(__sparc64__) || \ 209 209 + defined(__ia64) || defined(__ia64__) || defined(__itanium__) || defined(_M_IA64) || \ 210 210 + defined(__LP64__) || defined(_LP64) || defined(__64BIT__) 211 211 + typedef unsigned ulong32; 212 212 + #if !defined(ENDIAN_64BITWORD) && !defined(ENDIAN_32BITWORD) 213 213 + #define ENDIAN_64BITWORD 214 214 + #endif 215 215 + #else 216 216 + typedef unsigned long ulong32; 217 217 + #if !defined(ENDIAN_64BITWORD) && !defined(ENDIAN_32BITWORD) 218 218 + #define ENDIAN_32BITWORD 219 219 + #endif 220 220 + #endif 221 221 + 222 222 + #if defined(ENDIAN_64BITWORD) && !defined(_MSC_VER) 223 223 + typedef unsigned long long ltc_mp_digit; 224 224 + #else 225 225 + typedef unsigned long ltc_mp_digit; 226 226 + #endif 227 227 + 228 228 + /* No asm is a quick way to disable anything "not portable" */ 229 229 + #ifdef LTC_NO_ASM 230 230 + #define ENDIAN_NEUTRAL 231 231 + #undef ENDIAN_32BITWORD 232 232 + #undef ENDIAN_64BITWORD 233 233 + #undef LTC_FAST 234 234 + #define LTC_NO_ROLC 235 235 + #define LTC_NO_BSWAP 236 236 + #endif 237 237 + 238 238 + /* No LTC_FAST if: explicitly disabled OR non-gcc/non-clang compiler OR old gcc OR using -ansi -std=c99 */ 239 239 + #if defined(LTC_NO_FAST) || (__GNUC__ < 4) || defined(__STRICT_ANSI__) 240 240 + #undef LTC_FAST 241 241 + #endif 242 242 + 243 243 + #ifdef LTC_FAST 244 244 + #define LTC_FAST_TYPE_PTR_CAST(x) ((LTC_FAST_TYPE*)(void*)(x)) 245 245 + #ifdef ENDIAN_64BITWORD 246 246 + typedef ulong64 __attribute__((__may_alias__)) LTC_FAST_TYPE; 247 247 + #else 248 248 + typedef ulong32 __attribute__((__may_alias__)) LTC_FAST_TYPE; 249 249 + #endif 250 250 + #endif 251 251 + 252 252 + #if !defined(ENDIAN_NEUTRAL) && (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD)) 253 253 + #error You must specify a word size as well as endianess in tomcrypt_cfg.h 254 254 + #endif 255 255 + 256 256 + #if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) 257 257 + #define ENDIAN_NEUTRAL 258 258 + #endif 259 259 + 260 260 + #if (defined(ENDIAN_32BITWORD) && defined(ENDIAN_64BITWORD)) 261 261 + #error Cannot be 32 and 64 bit words... 262 262 + #endif 263 263 + 264 264 + /* gcc 4.3 and up has a bswap builtin; detect it by gcc version. 265 265 + * clang also supports the bswap builtin, and although clang pretends 266 266 + * to be gcc (macro-wise, anyway), clang pretends to be a version 267 267 + * prior to gcc 4.3, so we can't detect bswap that way. Instead, 268 268 + * clang has a __has_builtin mechanism that can be used to check 269 269 + * for builtins: 270 270 + * http://clang.llvm.org/docs/LanguageExtensions.html#feature_check */ 271 271 + #ifndef __has_builtin 272 272 + #define __has_builtin(x) 0 273 273 + #endif 274 274 + #if !defined(LTC_NO_BSWAP) && defined(__GNUC__) && \ 275 275 + ((__GNUC__ * 100 + __GNUC_MINOR__ >= 403) || \ 276 276 + (__has_builtin(__builtin_bswap32) && __has_builtin(__builtin_bswap64))) 277 277 + #define LTC_HAVE_BSWAP_BUILTIN 278 278 + #endif 279 279 + 280 280 + 281 281 + /* ref: HEAD -> master, tag: v1.18.2 */ 282 282 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 283 283 + /* commit time: 2018-07-01 22:49:01 +0200 */

+1008

utils/tomcrypt/src/headers/tomcrypt_cipher.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /* ---- SYMMETRIC KEY STUFF ----- 11 11 + * 12 12 + * We put each of the ciphers scheduled keys in their own structs then we put all of 13 13 + * the key formats in one union. This makes the function prototypes easier to use. 14 14 + */ 15 15 + #ifdef LTC_BLOWFISH 16 16 + struct blowfish_key { 17 17 + ulong32 S[4][256]; 18 18 + ulong32 K[18]; 19 19 + }; 20 20 + #endif 21 21 + 22 22 + #ifdef LTC_RC5 23 23 + struct rc5_key { 24 24 + int rounds; 25 25 + ulong32 K[50]; 26 26 + }; 27 27 + #endif 28 28 + 29 29 + #ifdef LTC_RC6 30 30 + struct rc6_key { 31 31 + ulong32 K[44]; 32 32 + }; 33 33 + #endif 34 34 + 35 35 + #ifdef LTC_SAFERP 36 36 + struct saferp_key { 37 37 + unsigned char K[33][16]; 38 38 + long rounds; 39 39 + }; 40 40 + #endif 41 41 + 42 42 + #ifdef LTC_RIJNDAEL 43 43 + struct rijndael_key { 44 44 + ulong32 eK[60], dK[60]; 45 45 + int Nr; 46 46 + }; 47 47 + #endif 48 48 + 49 49 + #ifdef LTC_KSEED 50 50 + struct kseed_key { 51 51 + ulong32 K[32], dK[32]; 52 52 + }; 53 53 + #endif 54 54 + 55 55 + #ifdef LTC_KASUMI 56 56 + struct kasumi_key { 57 57 + ulong32 KLi1[8], KLi2[8], 58 58 + KOi1[8], KOi2[8], KOi3[8], 59 59 + KIi1[8], KIi2[8], KIi3[8]; 60 60 + }; 61 61 + #endif 62 62 + 63 63 + #ifdef LTC_XTEA 64 64 + struct xtea_key { 65 65 + unsigned long A[32], B[32]; 66 66 + }; 67 67 + #endif 68 68 + 69 69 + #ifdef LTC_TWOFISH 70 70 + #ifndef LTC_TWOFISH_SMALL 71 71 + struct twofish_key { 72 72 + ulong32 S[4][256], K[40]; 73 73 + }; 74 74 + #else 75 75 + struct twofish_key { 76 76 + ulong32 K[40]; 77 77 + unsigned char S[32], start; 78 78 + }; 79 79 + #endif 80 80 + #endif 81 81 + 82 82 + #ifdef LTC_SAFER 83 83 + #define LTC_SAFER_K64_DEFAULT_NOF_ROUNDS 6 84 84 + #define LTC_SAFER_K128_DEFAULT_NOF_ROUNDS 10 85 85 + #define LTC_SAFER_SK64_DEFAULT_NOF_ROUNDS 8 86 86 + #define LTC_SAFER_SK128_DEFAULT_NOF_ROUNDS 10 87 87 + #define LTC_SAFER_MAX_NOF_ROUNDS 13 88 88 + #define LTC_SAFER_BLOCK_LEN 8 89 89 + #define LTC_SAFER_KEY_LEN (1 + LTC_SAFER_BLOCK_LEN * (1 + 2 * LTC_SAFER_MAX_NOF_ROUNDS)) 90 90 + typedef unsigned char safer_block_t[LTC_SAFER_BLOCK_LEN]; 91 91 + typedef unsigned char safer_key_t[LTC_SAFER_KEY_LEN]; 92 92 + struct safer_key { safer_key_t key; }; 93 93 + #endif 94 94 + 95 95 + #ifdef LTC_RC2 96 96 + struct rc2_key { unsigned xkey[64]; }; 97 97 + #endif 98 98 + 99 99 + #ifdef LTC_DES 100 100 + struct des_key { 101 101 + ulong32 ek[32], dk[32]; 102 102 + }; 103 103 + 104 104 + struct des3_key { 105 105 + ulong32 ek[3][32], dk[3][32]; 106 106 + }; 107 107 + #endif 108 108 + 109 109 + #ifdef LTC_CAST5 110 110 + struct cast5_key { 111 111 + ulong32 K[32], keylen; 112 112 + }; 113 113 + #endif 114 114 + 115 115 + #ifdef LTC_NOEKEON 116 116 + struct noekeon_key { 117 117 + ulong32 K[4], dK[4]; 118 118 + }; 119 119 + #endif 120 120 + 121 121 + #ifdef LTC_SKIPJACK 122 122 + struct skipjack_key { 123 123 + unsigned char key[10]; 124 124 + }; 125 125 + #endif 126 126 + 127 127 + #ifdef LTC_KHAZAD 128 128 + struct khazad_key { 129 129 + ulong64 roundKeyEnc[8 + 1]; 130 130 + ulong64 roundKeyDec[8 + 1]; 131 131 + }; 132 132 + #endif 133 133 + 134 134 + #ifdef LTC_ANUBIS 135 135 + struct anubis_key { 136 136 + int keyBits; 137 137 + int R; 138 138 + ulong32 roundKeyEnc[18 + 1][4]; 139 139 + ulong32 roundKeyDec[18 + 1][4]; 140 140 + }; 141 141 + #endif 142 142 + 143 143 + #ifdef LTC_MULTI2 144 144 + struct multi2_key { 145 145 + int N; 146 146 + ulong32 uk[8]; 147 147 + }; 148 148 + #endif 149 149 + 150 150 + #ifdef LTC_CAMELLIA 151 151 + struct camellia_key { 152 152 + int R; 153 153 + ulong64 kw[4], k[24], kl[6]; 154 154 + }; 155 155 + #endif 156 156 + 157 157 + typedef union Symmetric_key { 158 158 + #ifdef LTC_DES 159 159 + struct des_key des; 160 160 + struct des3_key des3; 161 161 + #endif 162 162 + #ifdef LTC_RC2 163 163 + struct rc2_key rc2; 164 164 + #endif 165 165 + #ifdef LTC_SAFER 166 166 + struct safer_key safer; 167 167 + #endif 168 168 + #ifdef LTC_TWOFISH 169 169 + struct twofish_key twofish; 170 170 + #endif 171 171 + #ifdef LTC_BLOWFISH 172 172 + struct blowfish_key blowfish; 173 173 + #endif 174 174 + #ifdef LTC_RC5 175 175 + struct rc5_key rc5; 176 176 + #endif 177 177 + #ifdef LTC_RC6 178 178 + struct rc6_key rc6; 179 179 + #endif 180 180 + #ifdef LTC_SAFERP 181 181 + struct saferp_key saferp; 182 182 + #endif 183 183 + #ifdef LTC_RIJNDAEL 184 184 + struct rijndael_key rijndael; 185 185 + #endif 186 186 + #ifdef LTC_XTEA 187 187 + struct xtea_key xtea; 188 188 + #endif 189 189 + #ifdef LTC_CAST5 190 190 + struct cast5_key cast5; 191 191 + #endif 192 192 + #ifdef LTC_NOEKEON 193 193 + struct noekeon_key noekeon; 194 194 + #endif 195 195 + #ifdef LTC_SKIPJACK 196 196 + struct skipjack_key skipjack; 197 197 + #endif 198 198 + #ifdef LTC_KHAZAD 199 199 + struct khazad_key khazad; 200 200 + #endif 201 201 + #ifdef LTC_ANUBIS 202 202 + struct anubis_key anubis; 203 203 + #endif 204 204 + #ifdef LTC_KSEED 205 205 + struct kseed_key kseed; 206 206 + #endif 207 207 + #ifdef LTC_KASUMI 208 208 + struct kasumi_key kasumi; 209 209 + #endif 210 210 + #ifdef LTC_MULTI2 211 211 + struct multi2_key multi2; 212 212 + #endif 213 213 + #ifdef LTC_CAMELLIA 214 214 + struct camellia_key camellia; 215 215 + #endif 216 216 + void *data; 217 217 + } symmetric_key; 218 218 + 219 219 + #ifdef LTC_ECB_MODE 220 220 + /** A block cipher ECB structure */ 221 221 + typedef struct { 222 222 + /** The index of the cipher chosen */ 223 223 + int cipher, 224 224 + /** The block size of the given cipher */ 225 225 + blocklen; 226 226 + /** The scheduled key */ 227 227 + symmetric_key key; 228 228 + } symmetric_ECB; 229 229 + #endif 230 230 + 231 231 + #ifdef LTC_CFB_MODE 232 232 + /** A block cipher CFB structure */ 233 233 + typedef struct { 234 234 + /** The index of the cipher chosen */ 235 235 + int cipher, 236 236 + /** The block size of the given cipher */ 237 237 + blocklen, 238 238 + /** The padding offset */ 239 239 + padlen; 240 240 + /** The current IV */ 241 241 + unsigned char IV[MAXBLOCKSIZE], 242 242 + /** The pad used to encrypt/decrypt */ 243 243 + pad[MAXBLOCKSIZE]; 244 244 + /** The scheduled key */ 245 245 + symmetric_key key; 246 246 + } symmetric_CFB; 247 247 + #endif 248 248 + 249 249 + #ifdef LTC_OFB_MODE 250 250 + /** A block cipher OFB structure */ 251 251 + typedef struct { 252 252 + /** The index of the cipher chosen */ 253 253 + int cipher, 254 254 + /** The block size of the given cipher */ 255 255 + blocklen, 256 256 + /** The padding offset */ 257 257 + padlen; 258 258 + /** The current IV */ 259 259 + unsigned char IV[MAXBLOCKSIZE]; 260 260 + /** The scheduled key */ 261 261 + symmetric_key key; 262 262 + } symmetric_OFB; 263 263 + #endif 264 264 + 265 265 + #ifdef LTC_CBC_MODE 266 266 + /** A block cipher CBC structure */ 267 267 + typedef struct { 268 268 + /** The index of the cipher chosen */ 269 269 + int cipher, 270 270 + /** The block size of the given cipher */ 271 271 + blocklen; 272 272 + /** The current IV */ 273 273 + unsigned char IV[MAXBLOCKSIZE]; 274 274 + /** The scheduled key */ 275 275 + symmetric_key key; 276 276 + } symmetric_CBC; 277 277 + #endif 278 278 + 279 279 + 280 280 + #ifdef LTC_CTR_MODE 281 281 + /** A block cipher CTR structure */ 282 282 + typedef struct { 283 283 + /** The index of the cipher chosen */ 284 284 + int cipher, 285 285 + /** The block size of the given cipher */ 286 286 + blocklen, 287 287 + /** The padding offset */ 288 288 + padlen, 289 289 + /** The mode (endianess) of the CTR, 0==little, 1==big */ 290 290 + mode, 291 291 + /** counter width */ 292 292 + ctrlen; 293 293 + 294 294 + /** The counter */ 295 295 + unsigned char ctr[MAXBLOCKSIZE], 296 296 + /** The pad used to encrypt/decrypt */ 297 297 + pad[MAXBLOCKSIZE]; 298 298 + /** The scheduled key */ 299 299 + symmetric_key key; 300 300 + } symmetric_CTR; 301 301 + #endif 302 302 + 303 303 + 304 304 + #ifdef LTC_LRW_MODE 305 305 + /** A LRW structure */ 306 306 + typedef struct { 307 307 + /** The index of the cipher chosen (must be a 128-bit block cipher) */ 308 308 + int cipher; 309 309 + 310 310 + /** The current IV */ 311 311 + unsigned char IV[16], 312 312 + 313 313 + /** the tweak key */ 314 314 + tweak[16], 315 315 + 316 316 + /** The current pad, it's the product of the first 15 bytes against the tweak key */ 317 317 + pad[16]; 318 318 + 319 319 + /** The scheduled symmetric key */ 320 320 + symmetric_key key; 321 321 + 322 322 + #ifdef LTC_LRW_TABLES 323 323 + /** The pre-computed multiplication table */ 324 324 + unsigned char PC[16][256][16]; 325 325 + #endif 326 326 + } symmetric_LRW; 327 327 + #endif 328 328 + 329 329 + #ifdef LTC_F8_MODE 330 330 + /** A block cipher F8 structure */ 331 331 + typedef struct { 332 332 + /** The index of the cipher chosen */ 333 333 + int cipher, 334 334 + /** The block size of the given cipher */ 335 335 + blocklen, 336 336 + /** The padding offset */ 337 337 + padlen; 338 338 + /** The current IV */ 339 339 + unsigned char IV[MAXBLOCKSIZE], 340 340 + MIV[MAXBLOCKSIZE]; 341 341 + /** Current block count */ 342 342 + ulong32 blockcnt; 343 343 + /** The scheduled key */ 344 344 + symmetric_key key; 345 345 + } symmetric_F8; 346 346 + #endif 347 347 + 348 348 + 349 349 + /** cipher descriptor table, last entry has "name == NULL" to mark the end of table */ 350 350 + extern struct ltc_cipher_descriptor { 351 351 + /** name of cipher */ 352 352 + const char *name; 353 353 + /** internal ID */ 354 354 + unsigned char ID; 355 355 + /** min keysize (octets) */ 356 356 + int min_key_length, 357 357 + /** max keysize (octets) */ 358 358 + max_key_length, 359 359 + /** block size (octets) */ 360 360 + block_length, 361 361 + /** default number of rounds */ 362 362 + default_rounds; 363 363 + /** Setup the cipher 364 364 + @param key The input symmetric key 365 365 + @param keylen The length of the input key (octets) 366 366 + @param num_rounds The requested number of rounds (0==default) 367 367 + @param skey [out] The destination of the scheduled key 368 368 + @return CRYPT_OK if successful 369 369 + */ 370 370 + int (*setup)(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 371 371 + /** Encrypt a block 372 372 + @param pt The plaintext 373 373 + @param ct [out] The ciphertext 374 374 + @param skey The scheduled key 375 375 + @return CRYPT_OK if successful 376 376 + */ 377 377 + int (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 378 378 + /** Decrypt a block 379 379 + @param ct The ciphertext 380 380 + @param pt [out] The plaintext 381 381 + @param skey The scheduled key 382 382 + @return CRYPT_OK if successful 383 383 + */ 384 384 + int (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 385 385 + /** Test the block cipher 386 386 + @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled 387 387 + */ 388 388 + int (*test)(void); 389 389 + 390 390 + /** Terminate the context 391 391 + @param skey The scheduled key 392 392 + */ 393 393 + void (*done)(symmetric_key *skey); 394 394 + 395 395 + /** Determine a key size 396 396 + @param keysize [in/out] The size of the key desired and the suggested size 397 397 + @return CRYPT_OK if successful 398 398 + */ 399 399 + int (*keysize)(int *keysize); 400 400 + 401 401 + /** Accelerators **/ 402 402 + /** Accelerated ECB encryption 403 403 + @param pt Plaintext 404 404 + @param ct Ciphertext 405 405 + @param blocks The number of complete blocks to process 406 406 + @param skey The scheduled key context 407 407 + @return CRYPT_OK if successful 408 408 + */ 409 409 + int (*accel_ecb_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, symmetric_key *skey); 410 410 + 411 411 + /** Accelerated ECB decryption 412 412 + @param pt Plaintext 413 413 + @param ct Ciphertext 414 414 + @param blocks The number of complete blocks to process 415 415 + @param skey The scheduled key context 416 416 + @return CRYPT_OK if successful 417 417 + */ 418 418 + int (*accel_ecb_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, symmetric_key *skey); 419 419 + 420 420 + /** Accelerated CBC encryption 421 421 + @param pt Plaintext 422 422 + @param ct Ciphertext 423 423 + @param blocks The number of complete blocks to process 424 424 + @param IV The initial value (input/output) 425 425 + @param skey The scheduled key context 426 426 + @return CRYPT_OK if successful 427 427 + */ 428 428 + int (*accel_cbc_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, symmetric_key *skey); 429 429 + 430 430 + /** Accelerated CBC decryption 431 431 + @param pt Plaintext 432 432 + @param ct Ciphertext 433 433 + @param blocks The number of complete blocks to process 434 434 + @param IV The initial value (input/output) 435 435 + @param skey The scheduled key context 436 436 + @return CRYPT_OK if successful 437 437 + */ 438 438 + int (*accel_cbc_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, symmetric_key *skey); 439 439 + 440 440 + /** Accelerated CTR encryption 441 441 + @param pt Plaintext 442 442 + @param ct Ciphertext 443 443 + @param blocks The number of complete blocks to process 444 444 + @param IV The initial value (input/output) 445 445 + @param mode little or big endian counter (mode=0 or mode=1) 446 446 + @param skey The scheduled key context 447 447 + @return CRYPT_OK if successful 448 448 + */ 449 449 + int (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey); 450 450 + 451 451 + /** Accelerated LRW 452 452 + @param pt Plaintext 453 453 + @param ct Ciphertext 454 454 + @param blocks The number of complete blocks to process 455 455 + @param IV The initial value (input/output) 456 456 + @param tweak The LRW tweak 457 457 + @param skey The scheduled key context 458 458 + @return CRYPT_OK if successful 459 459 + */ 460 460 + int (*accel_lrw_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey); 461 461 + 462 462 + /** Accelerated LRW 463 463 + @param ct Ciphertext 464 464 + @param pt Plaintext 465 465 + @param blocks The number of complete blocks to process 466 466 + @param IV The initial value (input/output) 467 467 + @param tweak The LRW tweak 468 468 + @param skey The scheduled key context 469 469 + @return CRYPT_OK if successful 470 470 + */ 471 471 + int (*accel_lrw_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey); 472 472 + 473 473 + /** Accelerated CCM packet (one-shot) 474 474 + @param key The secret key to use 475 475 + @param keylen The length of the secret key (octets) 476 476 + @param uskey A previously scheduled key [optional can be NULL] 477 477 + @param nonce The session nonce [use once] 478 478 + @param noncelen The length of the nonce 479 479 + @param header The header for the session 480 480 + @param headerlen The length of the header (octets) 481 481 + @param pt [out] The plaintext 482 482 + @param ptlen The length of the plaintext (octets) 483 483 + @param ct [out] The ciphertext 484 484 + @param tag [out] The destination tag 485 485 + @param taglen [in/out] The max size and resulting size of the authentication tag 486 486 + @param direction Encrypt or Decrypt direction (0 or 1) 487 487 + @return CRYPT_OK if successful 488 488 + */ 489 489 + int (*accel_ccm_memory)( 490 490 + const unsigned char *key, unsigned long keylen, 491 491 + symmetric_key *uskey, 492 492 + const unsigned char *nonce, unsigned long noncelen, 493 493 + const unsigned char *header, unsigned long headerlen, 494 494 + unsigned char *pt, unsigned long ptlen, 495 495 + unsigned char *ct, 496 496 + unsigned char *tag, unsigned long *taglen, 497 497 + int direction); 498 498 + 499 499 + /** Accelerated GCM packet (one shot) 500 500 + @param key The secret key 501 501 + @param keylen The length of the secret key 502 502 + @param IV The initialization vector 503 503 + @param IVlen The length of the initialization vector 504 504 + @param adata The additional authentication data (header) 505 505 + @param adatalen The length of the adata 506 506 + @param pt The plaintext 507 507 + @param ptlen The length of the plaintext (ciphertext length is the same) 508 508 + @param ct The ciphertext 509 509 + @param tag [out] The MAC tag 510 510 + @param taglen [in/out] The MAC tag length 511 511 + @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT) 512 512 + @return CRYPT_OK on success 513 513 + */ 514 514 + int (*accel_gcm_memory)( 515 515 + const unsigned char *key, unsigned long keylen, 516 516 + const unsigned char *IV, unsigned long IVlen, 517 517 + const unsigned char *adata, unsigned long adatalen, 518 518 + unsigned char *pt, unsigned long ptlen, 519 519 + unsigned char *ct, 520 520 + unsigned char *tag, unsigned long *taglen, 521 521 + int direction); 522 522 + 523 523 + /** Accelerated one shot LTC_OMAC 524 524 + @param key The secret key 525 525 + @param keylen The key length (octets) 526 526 + @param in The message 527 527 + @param inlen Length of message (octets) 528 528 + @param out [out] Destination for tag 529 529 + @param outlen [in/out] Initial and final size of out 530 530 + @return CRYPT_OK on success 531 531 + */ 532 532 + int (*omac_memory)( 533 533 + const unsigned char *key, unsigned long keylen, 534 534 + const unsigned char *in, unsigned long inlen, 535 535 + unsigned char *out, unsigned long *outlen); 536 536 + 537 537 + /** Accelerated one shot XCBC 538 538 + @param key The secret key 539 539 + @param keylen The key length (octets) 540 540 + @param in The message 541 541 + @param inlen Length of message (octets) 542 542 + @param out [out] Destination for tag 543 543 + @param outlen [in/out] Initial and final size of out 544 544 + @return CRYPT_OK on success 545 545 + */ 546 546 + int (*xcbc_memory)( 547 547 + const unsigned char *key, unsigned long keylen, 548 548 + const unsigned char *in, unsigned long inlen, 549 549 + unsigned char *out, unsigned long *outlen); 550 550 + 551 551 + /** Accelerated one shot F9 552 552 + @param key The secret key 553 553 + @param keylen The key length (octets) 554 554 + @param in The message 555 555 + @param inlen Length of message (octets) 556 556 + @param out [out] Destination for tag 557 557 + @param outlen [in/out] Initial and final size of out 558 558 + @return CRYPT_OK on success 559 559 + @remark Requires manual padding 560 560 + */ 561 561 + int (*f9_memory)( 562 562 + const unsigned char *key, unsigned long keylen, 563 563 + const unsigned char *in, unsigned long inlen, 564 564 + unsigned char *out, unsigned long *outlen); 565 565 + 566 566 + /** Accelerated XTS encryption 567 567 + @param pt Plaintext 568 568 + @param ct Ciphertext 569 569 + @param blocks The number of complete blocks to process 570 570 + @param tweak The 128-bit encryption tweak (input/output). 571 571 + The tweak should not be encrypted on input, but 572 572 + next tweak will be copied encrypted on output. 573 573 + @param skey1 The first scheduled key context 574 574 + @param skey2 The second scheduled key context 575 575 + @return CRYPT_OK if successful 576 576 + */ 577 577 + int (*accel_xts_encrypt)(const unsigned char *pt, unsigned char *ct, 578 578 + unsigned long blocks, unsigned char *tweak, symmetric_key *skey1, 579 579 + symmetric_key *skey2); 580 580 + 581 581 + /** Accelerated XTS decryption 582 582 + @param ct Ciphertext 583 583 + @param pt Plaintext 584 584 + @param blocks The number of complete blocks to process 585 585 + @param tweak The 128-bit encryption tweak (input/output). 586 586 + The tweak should not be encrypted on input, but 587 587 + next tweak will be copied encrypted on output. 588 588 + @param skey1 The first scheduled key context 589 589 + @param skey2 The second scheduled key context 590 590 + @return CRYPT_OK if successful 591 591 + */ 592 592 + int (*accel_xts_decrypt)(const unsigned char *ct, unsigned char *pt, 593 593 + unsigned long blocks, unsigned char *tweak, symmetric_key *skey1, 594 594 + symmetric_key *skey2); 595 595 + } cipher_descriptor[]; 596 596 + 597 597 + #ifdef LTC_BLOWFISH 598 598 + int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 599 599 + int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 600 600 + int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 601 601 + int blowfish_test(void); 602 602 + void blowfish_done(symmetric_key *skey); 603 603 + int blowfish_keysize(int *keysize); 604 604 + extern const struct ltc_cipher_descriptor blowfish_desc; 605 605 + #endif 606 606 + 607 607 + #ifdef LTC_RC5 608 608 + int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 609 609 + int rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 610 610 + int rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 611 611 + int rc5_test(void); 612 612 + void rc5_done(symmetric_key *skey); 613 613 + int rc5_keysize(int *keysize); 614 614 + extern const struct ltc_cipher_descriptor rc5_desc; 615 615 + #endif 616 616 + 617 617 + #ifdef LTC_RC6 618 618 + int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 619 619 + int rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 620 620 + int rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 621 621 + int rc6_test(void); 622 622 + void rc6_done(symmetric_key *skey); 623 623 + int rc6_keysize(int *keysize); 624 624 + extern const struct ltc_cipher_descriptor rc6_desc; 625 625 + #endif 626 626 + 627 627 + #ifdef LTC_RC2 628 628 + int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 629 629 + int rc2_setup_ex(const unsigned char *key, int keylen, int bits, int num_rounds, symmetric_key *skey); 630 630 + int rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 631 631 + int rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 632 632 + int rc2_test(void); 633 633 + void rc2_done(symmetric_key *skey); 634 634 + int rc2_keysize(int *keysize); 635 635 + extern const struct ltc_cipher_descriptor rc2_desc; 636 636 + #endif 637 637 + 638 638 + #ifdef LTC_SAFERP 639 639 + int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 640 640 + int saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 641 641 + int saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 642 642 + int saferp_test(void); 643 643 + void saferp_done(symmetric_key *skey); 644 644 + int saferp_keysize(int *keysize); 645 645 + extern const struct ltc_cipher_descriptor saferp_desc; 646 646 + #endif 647 647 + 648 648 + #ifdef LTC_SAFER 649 649 + int safer_k64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 650 650 + int safer_sk64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 651 651 + int safer_k128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 652 652 + int safer_sk128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 653 653 + int safer_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key); 654 654 + int safer_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key); 655 655 + int safer_k64_test(void); 656 656 + int safer_sk64_test(void); 657 657 + int safer_sk128_test(void); 658 658 + void safer_done(symmetric_key *skey); 659 659 + int safer_64_keysize(int *keysize); 660 660 + int safer_128_keysize(int *keysize); 661 661 + extern const struct ltc_cipher_descriptor safer_k64_desc, safer_k128_desc, safer_sk64_desc, safer_sk128_desc; 662 662 + #endif 663 663 + 664 664 + #ifdef LTC_RIJNDAEL 665 665 + 666 666 + /* make aes an alias */ 667 667 + #define aes_setup rijndael_setup 668 668 + #define aes_ecb_encrypt rijndael_ecb_encrypt 669 669 + #define aes_ecb_decrypt rijndael_ecb_decrypt 670 670 + #define aes_test rijndael_test 671 671 + #define aes_done rijndael_done 672 672 + #define aes_keysize rijndael_keysize 673 673 + 674 674 + #define aes_enc_setup rijndael_enc_setup 675 675 + #define aes_enc_ecb_encrypt rijndael_enc_ecb_encrypt 676 676 + #define aes_enc_keysize rijndael_enc_keysize 677 677 + 678 678 + int rijndael_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 679 679 + int rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 680 680 + int rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 681 681 + int rijndael_test(void); 682 682 + void rijndael_done(symmetric_key *skey); 683 683 + int rijndael_keysize(int *keysize); 684 684 + int rijndael_enc_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 685 685 + int rijndael_enc_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 686 686 + void rijndael_enc_done(symmetric_key *skey); 687 687 + int rijndael_enc_keysize(int *keysize); 688 688 + extern const struct ltc_cipher_descriptor rijndael_desc, aes_desc; 689 689 + extern const struct ltc_cipher_descriptor rijndael_enc_desc, aes_enc_desc; 690 690 + #endif 691 691 + 692 692 + #ifdef LTC_XTEA 693 693 + int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 694 694 + int xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 695 695 + int xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 696 696 + int xtea_test(void); 697 697 + void xtea_done(symmetric_key *skey); 698 698 + int xtea_keysize(int *keysize); 699 699 + extern const struct ltc_cipher_descriptor xtea_desc; 700 700 + #endif 701 701 + 702 702 + #ifdef LTC_TWOFISH 703 703 + int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 704 704 + int twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 705 705 + int twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 706 706 + int twofish_test(void); 707 707 + void twofish_done(symmetric_key *skey); 708 708 + int twofish_keysize(int *keysize); 709 709 + extern const struct ltc_cipher_descriptor twofish_desc; 710 710 + #endif 711 711 + 712 712 + #ifdef LTC_DES 713 713 + int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 714 714 + int des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 715 715 + int des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 716 716 + int des_test(void); 717 717 + void des_done(symmetric_key *skey); 718 718 + int des_keysize(int *keysize); 719 719 + int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 720 720 + int des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 721 721 + int des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 722 722 + int des3_test(void); 723 723 + void des3_done(symmetric_key *skey); 724 724 + int des3_keysize(int *keysize); 725 725 + extern const struct ltc_cipher_descriptor des_desc, des3_desc; 726 726 + #endif 727 727 + 728 728 + #ifdef LTC_CAST5 729 729 + int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 730 730 + int cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 731 731 + int cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 732 732 + int cast5_test(void); 733 733 + void cast5_done(symmetric_key *skey); 734 734 + int cast5_keysize(int *keysize); 735 735 + extern const struct ltc_cipher_descriptor cast5_desc; 736 736 + #endif 737 737 + 738 738 + #ifdef LTC_NOEKEON 739 739 + int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 740 740 + int noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 741 741 + int noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 742 742 + int noekeon_test(void); 743 743 + void noekeon_done(symmetric_key *skey); 744 744 + int noekeon_keysize(int *keysize); 745 745 + extern const struct ltc_cipher_descriptor noekeon_desc; 746 746 + #endif 747 747 + 748 748 + #ifdef LTC_SKIPJACK 749 749 + int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 750 750 + int skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 751 751 + int skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 752 752 + int skipjack_test(void); 753 753 + void skipjack_done(symmetric_key *skey); 754 754 + int skipjack_keysize(int *keysize); 755 755 + extern const struct ltc_cipher_descriptor skipjack_desc; 756 756 + #endif 757 757 + 758 758 + #ifdef LTC_KHAZAD 759 759 + int khazad_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 760 760 + int khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 761 761 + int khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 762 762 + int khazad_test(void); 763 763 + void khazad_done(symmetric_key *skey); 764 764 + int khazad_keysize(int *keysize); 765 765 + extern const struct ltc_cipher_descriptor khazad_desc; 766 766 + #endif 767 767 + 768 768 + #ifdef LTC_ANUBIS 769 769 + int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 770 770 + int anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 771 771 + int anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 772 772 + int anubis_test(void); 773 773 + void anubis_done(symmetric_key *skey); 774 774 + int anubis_keysize(int *keysize); 775 775 + extern const struct ltc_cipher_descriptor anubis_desc; 776 776 + #endif 777 777 + 778 778 + #ifdef LTC_KSEED 779 779 + int kseed_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 780 780 + int kseed_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 781 781 + int kseed_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 782 782 + int kseed_test(void); 783 783 + void kseed_done(symmetric_key *skey); 784 784 + int kseed_keysize(int *keysize); 785 785 + extern const struct ltc_cipher_descriptor kseed_desc; 786 786 + #endif 787 787 + 788 788 + #ifdef LTC_KASUMI 789 789 + int kasumi_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 790 790 + int kasumi_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 791 791 + int kasumi_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 792 792 + int kasumi_test(void); 793 793 + void kasumi_done(symmetric_key *skey); 794 794 + int kasumi_keysize(int *keysize); 795 795 + extern const struct ltc_cipher_descriptor kasumi_desc; 796 796 + #endif 797 797 + 798 798 + 799 799 + #ifdef LTC_MULTI2 800 800 + int multi2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 801 801 + int multi2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 802 802 + int multi2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 803 803 + int multi2_test(void); 804 804 + void multi2_done(symmetric_key *skey); 805 805 + int multi2_keysize(int *keysize); 806 806 + extern const struct ltc_cipher_descriptor multi2_desc; 807 807 + #endif 808 808 + 809 809 + #ifdef LTC_CAMELLIA 810 810 + int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); 811 811 + int camellia_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); 812 812 + int camellia_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); 813 813 + int camellia_test(void); 814 814 + void camellia_done(symmetric_key *skey); 815 815 + int camellia_keysize(int *keysize); 816 816 + extern const struct ltc_cipher_descriptor camellia_desc; 817 817 + #endif 818 818 + 819 819 + #ifdef LTC_ECB_MODE 820 820 + int ecb_start(int cipher, const unsigned char *key, 821 821 + int keylen, int num_rounds, symmetric_ECB *ecb); 822 822 + int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb); 823 823 + int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_ECB *ecb); 824 824 + int ecb_done(symmetric_ECB *ecb); 825 825 + #endif 826 826 + 827 827 + #ifdef LTC_CFB_MODE 828 828 + int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, 829 829 + int keylen, int num_rounds, symmetric_CFB *cfb); 830 830 + int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb); 831 831 + int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb); 832 832 + int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb); 833 833 + int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb); 834 834 + int cfb_done(symmetric_CFB *cfb); 835 835 + #endif 836 836 + 837 837 + #ifdef LTC_OFB_MODE 838 838 + int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key, 839 839 + int keylen, int num_rounds, symmetric_OFB *ofb); 840 840 + int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb); 841 841 + int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb); 842 842 + int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb); 843 843 + int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb); 844 844 + int ofb_done(symmetric_OFB *ofb); 845 845 + #endif 846 846 + 847 847 + #ifdef LTC_CBC_MODE 848 848 + int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key, 849 849 + int keylen, int num_rounds, symmetric_CBC *cbc); 850 850 + int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc); 851 851 + int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CBC *cbc); 852 852 + int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc); 853 853 + int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc); 854 854 + int cbc_done(symmetric_CBC *cbc); 855 855 + #endif 856 856 + 857 857 + #ifdef LTC_CTR_MODE 858 858 + 859 859 + #define CTR_COUNTER_LITTLE_ENDIAN 0x0000 860 860 + #define CTR_COUNTER_BIG_ENDIAN 0x1000 861 861 + #define LTC_CTR_RFC3686 0x2000 862 862 + 863 863 + int ctr_start( int cipher, 864 864 + const unsigned char *IV, 865 865 + const unsigned char *key, int keylen, 866 866 + int num_rounds, int ctr_mode, 867 867 + symmetric_CTR *ctr); 868 868 + int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr); 869 869 + int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr); 870 870 + int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr); 871 871 + int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr); 872 872 + int ctr_done(symmetric_CTR *ctr); 873 873 + int ctr_test(void); 874 874 + #endif 875 875 + 876 876 + #ifdef LTC_LRW_MODE 877 877 + 878 878 + #define LRW_ENCRYPT LTC_ENCRYPT 879 879 + #define LRW_DECRYPT LTC_DECRYPT 880 880 + 881 881 + int lrw_start( int cipher, 882 882 + const unsigned char *IV, 883 883 + const unsigned char *key, int keylen, 884 884 + const unsigned char *tweak, 885 885 + int num_rounds, 886 886 + symmetric_LRW *lrw); 887 887 + int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw); 888 888 + int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw); 889 889 + int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw); 890 890 + int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw); 891 891 + int lrw_done(symmetric_LRW *lrw); 892 892 + int lrw_test(void); 893 893 + 894 894 + /* don't call */ 895 895 + int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw); 896 896 + #endif 897 897 + 898 898 + #ifdef LTC_F8_MODE 899 899 + int f8_start( int cipher, const unsigned char *IV, 900 900 + const unsigned char *key, int keylen, 901 901 + const unsigned char *salt_key, int skeylen, 902 902 + int num_rounds, symmetric_F8 *f8); 903 903 + int f8_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_F8 *f8); 904 904 + int f8_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_F8 *f8); 905 905 + int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8); 906 906 + int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8); 907 907 + int f8_done(symmetric_F8 *f8); 908 908 + int f8_test_mode(void); 909 909 + #endif 910 910 + 911 911 + #ifdef LTC_XTS_MODE 912 912 + typedef struct { 913 913 + symmetric_key key1, key2; 914 914 + int cipher; 915 915 + } symmetric_xts; 916 916 + 917 917 + int xts_start( int cipher, 918 918 + const unsigned char *key1, 919 919 + const unsigned char *key2, 920 920 + unsigned long keylen, 921 921 + int num_rounds, 922 922 + symmetric_xts *xts); 923 923 + 924 924 + int xts_encrypt( 925 925 + const unsigned char *pt, unsigned long ptlen, 926 926 + unsigned char *ct, 927 927 + unsigned char *tweak, 928 928 + symmetric_xts *xts); 929 929 + int xts_decrypt( 930 930 + const unsigned char *ct, unsigned long ptlen, 931 931 + unsigned char *pt, 932 932 + unsigned char *tweak, 933 933 + symmetric_xts *xts); 934 934 + 935 935 + void xts_done(symmetric_xts *xts); 936 936 + int xts_test(void); 937 937 + void xts_mult_x(unsigned char *I); 938 938 + #endif 939 939 + 940 940 + int find_cipher(const char *name); 941 941 + int find_cipher_any(const char *name, int blocklen, int keylen); 942 942 + int find_cipher_id(unsigned char ID); 943 943 + int register_cipher(const struct ltc_cipher_descriptor *cipher); 944 944 + int unregister_cipher(const struct ltc_cipher_descriptor *cipher); 945 945 + int register_all_ciphers(void); 946 946 + int cipher_is_valid(int idx); 947 947 + 948 948 + LTC_MUTEX_PROTO(ltc_cipher_mutex) 949 949 + 950 950 + /* ---- stream ciphers ---- */ 951 951 + 952 952 + #ifdef LTC_CHACHA 953 953 + 954 954 + typedef struct { 955 955 + ulong32 input[16]; 956 956 + unsigned char kstream[64]; 957 957 + unsigned long ksleft; 958 958 + unsigned long ivlen; 959 959 + int rounds; 960 960 + } chacha_state; 961 961 + 962 962 + int chacha_setup(chacha_state *st, const unsigned char *key, unsigned long keylen, int rounds); 963 963 + int chacha_ivctr32(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong32 counter); 964 964 + int chacha_ivctr64(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 counter); 965 965 + int chacha_crypt(chacha_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); 966 966 + int chacha_keystream(chacha_state *st, unsigned char *out, unsigned long outlen); 967 967 + int chacha_done(chacha_state *st); 968 968 + int chacha_test(void); 969 969 + 970 970 + #endif /* LTC_CHACHA */ 971 971 + 972 972 + #ifdef LTC_RC4_STREAM 973 973 + 974 974 + typedef struct { 975 975 + unsigned int x, y; 976 976 + unsigned char buf[256]; 977 977 + } rc4_state; 978 978 + 979 979 + int rc4_stream_setup(rc4_state *st, const unsigned char *key, unsigned long keylen); 980 980 + int rc4_stream_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); 981 981 + int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen); 982 982 + int rc4_stream_done(rc4_state *st); 983 983 + int rc4_stream_test(void); 984 984 + 985 985 + #endif /* LTC_RC4_STREAM */ 986 986 + 987 987 + #ifdef LTC_SOBER128_STREAM 988 988 + 989 989 + typedef struct { 990 990 + ulong32 R[17], /* Working storage for the shift register */ 991 991 + initR[17], /* saved register contents */ 992 992 + konst, /* key dependent constant */ 993 993 + sbuf; /* partial word encryption buffer */ 994 994 + int nbuf; /* number of part-word stream bits buffered */ 995 995 + } sober128_state; 996 996 + 997 997 + int sober128_stream_setup(sober128_state *st, const unsigned char *key, unsigned long keylen); 998 998 + int sober128_stream_setiv(sober128_state *st, const unsigned char *iv, unsigned long ivlen); 999 999 + int sober128_stream_crypt(sober128_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); 1000 1000 + int sober128_stream_keystream(sober128_state *st, unsigned char *out, unsigned long outlen); 1001 1001 + int sober128_stream_done(sober128_state *st); 1002 1002 + int sober128_stream_test(void); 1003 1003 + 1004 1004 + #endif /* LTC_SOBER128_STREAM */ 1005 1005 + 1006 1006 + /* ref: HEAD -> master, tag: v1.18.2 */ 1007 1007 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 1008 1008 + /* commit time: 2018-07-01 22:49:01 +0200 */

+590

utils/tomcrypt/src/headers/tomcrypt_custom.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + #ifndef TOMCRYPT_CUSTOM_H_ 11 11 + #define TOMCRYPT_CUSTOM_H_ 12 12 + 13 13 + /* macros for various libc functions you can change for embedded targets */ 14 14 + #ifndef XMALLOC 15 15 + #define XMALLOC malloc 16 16 + #endif 17 17 + #ifndef XREALLOC 18 18 + #define XREALLOC realloc 19 19 + #endif 20 20 + #ifndef XCALLOC 21 21 + #define XCALLOC calloc 22 22 + #endif 23 23 + #ifndef XFREE 24 24 + #define XFREE free 25 25 + #endif 26 26 + 27 27 + #ifndef XMEMSET 28 28 + #define XMEMSET memset 29 29 + #endif 30 30 + #ifndef XMEMCPY 31 31 + #define XMEMCPY memcpy 32 32 + #endif 33 33 + #ifndef XMEMMOVE 34 34 + #define XMEMMOVE memmove 35 35 + #endif 36 36 + #ifndef XMEMCMP 37 37 + #define XMEMCMP memcmp 38 38 + #endif 39 39 + /* A memory compare function that has to run in constant time, 40 40 + * c.f. mem_neq() API summary. 41 41 + */ 42 42 + #ifndef XMEM_NEQ 43 43 + #define XMEM_NEQ mem_neq 44 44 + #endif 45 45 + #ifndef XSTRCMP 46 46 + #define XSTRCMP strcmp 47 47 + #endif 48 48 + 49 49 + #ifndef XCLOCK 50 50 + #define XCLOCK clock 51 51 + #endif 52 52 + 53 53 + #ifndef XQSORT 54 54 + #define XQSORT qsort 55 55 + #endif 56 56 + 57 57 + #if ( defined(malloc) || defined(realloc) || defined(calloc) || defined(free) || \ 58 58 + defined(memset) || defined(memcpy) || defined(memcmp) || defined(strcmp) || \ 59 59 + defined(clock) || defined(qsort) ) && !defined(LTC_NO_PROTOTYPES) 60 60 + #define LTC_NO_PROTOTYPES 61 61 + #endif 62 62 + 63 63 + /* shortcut to disable automatic inclusion */ 64 64 + #if defined LTC_NOTHING && !defined LTC_EASY 65 65 + #define LTC_NO_CIPHERS 66 66 + #define LTC_NO_MODES 67 67 + #define LTC_NO_HASHES 68 68 + #define LTC_NO_MACS 69 69 + #define LTC_NO_PRNGS 70 70 + #define LTC_NO_PK 71 71 + #define LTC_NO_PKCS 72 72 + #define LTC_NO_MISC 73 73 + #endif /* LTC_NOTHING */ 74 74 + 75 75 + /* Easy button? */ 76 76 + #ifdef LTC_EASY 77 77 + #define LTC_NO_CIPHERS 78 78 + #define LTC_RIJNDAEL 79 79 + #define LTC_BLOWFISH 80 80 + #define LTC_DES 81 81 + #define LTC_CAST5 82 82 + 83 83 + #define LTC_NO_MODES 84 84 + #define LTC_ECB_MODE 85 85 + #define LTC_CBC_MODE 86 86 + #define LTC_CTR_MODE 87 87 + 88 88 + #define LTC_NO_HASHES 89 89 + #define LTC_SHA1 90 90 + #define LTC_SHA3 91 91 + #define LTC_SHA512 92 92 + #define LTC_SHA384 93 93 + #define LTC_SHA256 94 94 + #define LTC_SHA224 95 95 + #define LTC_HASH_HELPERS 96 96 + 97 97 + #define LTC_NO_MACS 98 98 + #define LTC_HMAC 99 99 + #define LTC_OMAC 100 100 + #define LTC_CCM_MODE 101 101 + 102 102 + #define LTC_NO_PRNGS 103 103 + #define LTC_SPRNG 104 104 + #define LTC_YARROW 105 105 + #define LTC_DEVRANDOM 106 106 + #define LTC_TRY_URANDOM_FIRST 107 107 + #define LTC_RNG_GET_BYTES 108 108 + #define LTC_RNG_MAKE_PRNG 109 109 + 110 110 + #define LTC_NO_PK 111 111 + #define LTC_MRSA 112 112 + #define LTC_MECC 113 113 + 114 114 + #define LTC_NO_MISC 115 115 + #define LTC_BASE64 116 116 + #endif 117 117 + 118 118 + /* The minimal set of functionality to run the tests */ 119 119 + #ifdef LTC_MINIMAL 120 120 + #define LTC_RIJNDAEL 121 121 + #define LTC_SHA256 122 122 + #define LTC_YARROW 123 123 + #define LTC_CTR_MODE 124 124 + 125 125 + #define LTC_RNG_MAKE_PRNG 126 126 + #define LTC_RNG_GET_BYTES 127 127 + #define LTC_DEVRANDOM 128 128 + #define LTC_TRY_URANDOM_FIRST 129 129 + 130 130 + #undef LTC_NO_FILE 131 131 + #endif 132 132 + 133 133 + /* Enable self-test test vector checking */ 134 134 + #ifndef LTC_NO_TEST 135 135 + #define LTC_TEST 136 136 + #endif 137 137 + /* Enable extended self-tests */ 138 138 + /* #define LTC_TEST_EXT */ 139 139 + 140 140 + /* Use small code where possible */ 141 141 + /* #define LTC_SMALL_CODE */ 142 142 + 143 143 + /* clean the stack of functions which put private information on stack */ 144 144 + /* #define LTC_CLEAN_STACK */ 145 145 + 146 146 + /* disable all file related functions */ 147 147 + /* #define LTC_NO_FILE */ 148 148 + 149 149 + /* disable all forms of ASM */ 150 150 + /* #define LTC_NO_ASM */ 151 151 + 152 152 + /* disable FAST mode */ 153 153 + /* #define LTC_NO_FAST */ 154 154 + 155 155 + /* disable BSWAP on x86 */ 156 156 + /* #define LTC_NO_BSWAP */ 157 157 + 158 158 + /* ---> math provider? <--- */ 159 159 + #ifndef LTC_NO_MATH 160 160 + 161 161 + /* LibTomMath */ 162 162 + /* #define LTM_DESC */ 163 163 + 164 164 + /* TomsFastMath */ 165 165 + /* #define TFM_DESC */ 166 166 + 167 167 + /* GNU Multiple Precision Arithmetic Library */ 168 168 + /* #define GMP_DESC */ 169 169 + 170 170 + #endif /* LTC_NO_MATH */ 171 171 + 172 172 + /* ---> Symmetric Block Ciphers <--- */ 173 173 + #ifndef LTC_NO_CIPHERS 174 174 + 175 175 + #define LTC_BLOWFISH 176 176 + #define LTC_RC2 177 177 + #define LTC_RC5 178 178 + #define LTC_RC6 179 179 + #define LTC_SAFERP 180 180 + #define LTC_RIJNDAEL 181 181 + #define LTC_XTEA 182 182 + /* _TABLES tells it to use tables during setup, _SMALL means to use the smaller scheduled key format 183 183 + * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */ 184 184 + #define LTC_TWOFISH 185 185 + #ifndef LTC_NO_TABLES 186 186 + #define LTC_TWOFISH_TABLES 187 187 + /* #define LTC_TWOFISH_ALL_TABLES */ 188 188 + #else 189 189 + #define LTC_TWOFISH_SMALL 190 190 + #endif 191 191 + /* #define LTC_TWOFISH_SMALL */ 192 192 + /* LTC_DES includes EDE triple-DES */ 193 193 + #define LTC_DES 194 194 + #define LTC_CAST5 195 195 + #define LTC_NOEKEON 196 196 + #define LTC_SKIPJACK 197 197 + #define LTC_SAFER 198 198 + #define LTC_KHAZAD 199 199 + #define LTC_ANUBIS 200 200 + #define LTC_ANUBIS_TWEAK 201 201 + #define LTC_KSEED 202 202 + #define LTC_KASUMI 203 203 + #define LTC_MULTI2 204 204 + #define LTC_CAMELLIA 205 205 + 206 206 + /* stream ciphers */ 207 207 + #define LTC_CHACHA 208 208 + #define LTC_RC4_STREAM 209 209 + #define LTC_SOBER128_STREAM 210 210 + 211 211 + #endif /* LTC_NO_CIPHERS */ 212 212 + 213 213 + 214 214 + /* ---> Block Cipher Modes of Operation <--- */ 215 215 + #ifndef LTC_NO_MODES 216 216 + 217 217 + #define LTC_CFB_MODE 218 218 + #define LTC_OFB_MODE 219 219 + #define LTC_ECB_MODE 220 220 + #define LTC_CBC_MODE 221 221 + #define LTC_CTR_MODE 222 222 + 223 223 + /* F8 chaining mode */ 224 224 + #define LTC_F8_MODE 225 225 + 226 226 + /* LRW mode */ 227 227 + #define LTC_LRW_MODE 228 228 + #ifndef LTC_NO_TABLES 229 229 + /* like GCM mode this will enable 16 8x128 tables [64KB] that make 230 230 + * seeking very fast. 231 231 + */ 232 232 + #define LTC_LRW_TABLES 233 233 + #endif 234 234 + 235 235 + /* XTS mode */ 236 236 + #define LTC_XTS_MODE 237 237 + 238 238 + #endif /* LTC_NO_MODES */ 239 239 + 240 240 + /* ---> One-Way Hash Functions <--- */ 241 241 + #ifndef LTC_NO_HASHES 242 242 + 243 243 + #define LTC_CHC_HASH 244 244 + #define LTC_WHIRLPOOL 245 245 + #define LTC_SHA3 246 246 + #define LTC_SHA512 247 247 + #define LTC_SHA512_256 248 248 + #define LTC_SHA512_224 249 249 + #define LTC_SHA384 250 250 + #define LTC_SHA256 251 251 + #define LTC_SHA224 252 252 + #define LTC_TIGER 253 253 + #define LTC_SHA1 254 254 + #define LTC_MD5 255 255 + #define LTC_MD4 256 256 + #define LTC_MD2 257 257 + #define LTC_RIPEMD128 258 258 + #define LTC_RIPEMD160 259 259 + #define LTC_RIPEMD256 260 260 + #define LTC_RIPEMD320 261 261 + #define LTC_BLAKE2S 262 262 + #define LTC_BLAKE2B 263 263 + 264 264 + #define LTC_HASH_HELPERS 265 265 + 266 266 + #endif /* LTC_NO_HASHES */ 267 267 + 268 268 + 269 269 + /* ---> MAC functions <--- */ 270 270 + #ifndef LTC_NO_MACS 271 271 + 272 272 + #define LTC_HMAC 273 273 + #define LTC_OMAC 274 274 + #define LTC_PMAC 275 275 + #define LTC_XCBC 276 276 + #define LTC_F9_MODE 277 277 + #define LTC_PELICAN 278 278 + #define LTC_POLY1305 279 279 + #define LTC_BLAKE2SMAC 280 280 + #define LTC_BLAKE2BMAC 281 281 + 282 282 + /* ---> Encrypt + Authenticate Modes <--- */ 283 283 + 284 284 + #define LTC_EAX_MODE 285 285 + 286 286 + #define LTC_OCB_MODE 287 287 + #define LTC_OCB3_MODE 288 288 + #define LTC_CCM_MODE 289 289 + #define LTC_GCM_MODE 290 290 + #define LTC_CHACHA20POLY1305_MODE 291 291 + 292 292 + /* Use 64KiB tables */ 293 293 + #ifndef LTC_NO_TABLES 294 294 + #define LTC_GCM_TABLES 295 295 + #endif 296 296 + 297 297 + /* USE SSE2? requires GCC works on x86_32 and x86_64*/ 298 298 + #ifdef LTC_GCM_TABLES 299 299 + /* #define LTC_GCM_TABLES_SSE2 */ 300 300 + #endif 301 301 + 302 302 + #endif /* LTC_NO_MACS */ 303 303 + 304 304 + 305 305 + /* --> Pseudo Random Number Generators <--- */ 306 306 + #ifndef LTC_NO_PRNGS 307 307 + 308 308 + /* Yarrow */ 309 309 + #define LTC_YARROW 310 310 + 311 311 + /* a PRNG that simply reads from an available system source */ 312 312 + #define LTC_SPRNG 313 313 + 314 314 + /* The RC4 stream cipher based PRNG */ 315 315 + #define LTC_RC4 316 316 + 317 317 + /* The ChaCha20 stream cipher based PRNG */ 318 318 + #define LTC_CHACHA20_PRNG 319 319 + 320 320 + /* Fortuna PRNG */ 321 321 + #define LTC_FORTUNA 322 322 + 323 323 + /* Greg's SOBER128 stream cipher based PRNG */ 324 324 + #define LTC_SOBER128 325 325 + 326 326 + /* the *nix style /dev/random device */ 327 327 + #define LTC_DEVRANDOM 328 328 + /* try /dev/urandom before trying /dev/random 329 329 + * are you sure you want to disable this? http://www.2uo.de/myths-about-urandom/ */ 330 330 + #define LTC_TRY_URANDOM_FIRST 331 331 + /* rng_get_bytes() */ 332 332 + #define LTC_RNG_GET_BYTES 333 333 + /* rng_make_prng() */ 334 334 + #define LTC_RNG_MAKE_PRNG 335 335 + 336 336 + /* enable the ltc_rng hook to integrate e.g. embedded hardware RNG's easily */ 337 337 + /* #define LTC_PRNG_ENABLE_LTC_RNG */ 338 338 + 339 339 + #endif /* LTC_NO_PRNGS */ 340 340 + 341 341 + #ifdef LTC_YARROW 342 342 + 343 343 + /* which descriptor of AES to use? */ 344 344 + /* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */ 345 345 + #ifdef ENCRYPT_ONLY 346 346 + #define LTC_YARROW_AES 0 347 347 + #else 348 348 + #define LTC_YARROW_AES 2 349 349 + #endif 350 350 + 351 351 + #endif 352 352 + 353 353 + #ifdef LTC_FORTUNA 354 354 + 355 355 + #ifndef LTC_FORTUNA_WD 356 356 + /* reseed every N calls to the read function */ 357 357 + #define LTC_FORTUNA_WD 10 358 358 + #endif 359 359 + 360 360 + #ifndef LTC_FORTUNA_POOLS 361 361 + /* number of pools (4..32) can save a bit of ram by lowering the count */ 362 362 + #define LTC_FORTUNA_POOLS 32 363 363 + #endif 364 364 + 365 365 + #endif /* LTC_FORTUNA */ 366 366 + 367 367 + 368 368 + /* ---> Public Key Crypto <--- */ 369 369 + #ifndef LTC_NO_PK 370 370 + 371 371 + /* Include RSA support */ 372 372 + #define LTC_MRSA 373 373 + 374 374 + /* Include Diffie-Hellman support */ 375 375 + /* is_prime fails for GMP */ 376 376 + #define LTC_MDH 377 377 + /* Supported Key Sizes */ 378 378 + #define LTC_DH768 379 379 + #define LTC_DH1024 380 380 + #define LTC_DH1536 381 381 + #define LTC_DH2048 382 382 + 383 383 + #ifndef TFM_DESC 384 384 + /* tfm has a problem in fp_isprime for larger key sizes */ 385 385 + #define LTC_DH3072 386 386 + #define LTC_DH4096 387 387 + #define LTC_DH6144 388 388 + #define LTC_DH8192 389 389 + #endif 390 390 + 391 391 + /* Include Katja (a Rabin variant like RSA) */ 392 392 + /* #define LTC_MKAT */ 393 393 + 394 394 + /* Digital Signature Algorithm */ 395 395 + #define LTC_MDSA 396 396 + 397 397 + /* ECC */ 398 398 + #define LTC_MECC 399 399 + 400 400 + /* use Shamir's trick for point mul (speeds up signature verification) */ 401 401 + #define LTC_ECC_SHAMIR 402 402 + 403 403 + #if defined(TFM_DESC) && defined(LTC_MECC) 404 404 + #define LTC_MECC_ACCEL 405 405 + #endif 406 406 + 407 407 + /* do we want fixed point ECC */ 408 408 + /* #define LTC_MECC_FP */ 409 409 + 410 410 + #endif /* LTC_NO_PK */ 411 411 + 412 412 + #if defined(LTC_MRSA) && !defined(LTC_NO_RSA_BLINDING) 413 413 + /* Enable RSA blinding when doing private key operations by default */ 414 414 + #define LTC_RSA_BLINDING 415 415 + #endif /* LTC_NO_RSA_BLINDING */ 416 416 + 417 417 + #if defined(LTC_MRSA) && !defined(LTC_NO_RSA_CRT_HARDENING) 418 418 + /* Enable RSA CRT hardening when doing private key operations by default */ 419 419 + #define LTC_RSA_CRT_HARDENING 420 420 + #endif /* LTC_NO_RSA_CRT_HARDENING */ 421 421 + 422 422 + #if defined(LTC_MECC) && !defined(LTC_NO_ECC_TIMING_RESISTANT) 423 423 + /* Enable ECC timing resistant version by default */ 424 424 + #define LTC_ECC_TIMING_RESISTANT 425 425 + #endif 426 426 + 427 427 + /* PKCS #1 (RSA) and #5 (Password Handling) stuff */ 428 428 + #ifndef LTC_NO_PKCS 429 429 + 430 430 + #define LTC_PKCS_1 431 431 + #define LTC_PKCS_5 432 432 + 433 433 + /* Include ASN.1 DER (required by DSA/RSA) */ 434 434 + #define LTC_DER 435 435 + 436 436 + #endif /* LTC_NO_PKCS */ 437 437 + 438 438 + /* misc stuff */ 439 439 + #ifndef LTC_NO_MISC 440 440 + 441 441 + /* Various tidbits of modern neatoness */ 442 442 + #define LTC_BASE64 443 443 + /* ... and it's URL safe version */ 444 444 + #define LTC_BASE64_URL 445 445 + 446 446 + /* Keep LTC_NO_HKDF for compatibility reasons 447 447 + * superseeded by LTC_NO_MISC*/ 448 448 + #ifndef LTC_NO_HKDF 449 449 + /* HKDF Key Derivation/Expansion stuff */ 450 450 + #define LTC_HKDF 451 451 + #endif /* LTC_NO_HKDF */ 452 452 + 453 453 + #define LTC_ADLER32 454 454 + 455 455 + #define LTC_CRC32 456 456 + 457 457 + #endif /* LTC_NO_MISC */ 458 458 + 459 459 + /* cleanup */ 460 460 + 461 461 + #ifdef LTC_MECC 462 462 + /* Supported ECC Key Sizes */ 463 463 + #ifndef LTC_NO_CURVES 464 464 + #define LTC_ECC112 465 465 + #define LTC_ECC128 466 466 + #define LTC_ECC160 467 467 + #define LTC_ECC192 468 468 + #define LTC_ECC224 469 469 + #define LTC_ECC256 470 470 + #define LTC_ECC384 471 471 + #define LTC_ECC521 472 472 + #endif 473 473 + #endif 474 474 + 475 475 + #if defined(LTC_DER) 476 476 + #ifndef LTC_DER_MAX_RECURSION 477 477 + /* Maximum recursion limit when processing nested ASN.1 types. */ 478 478 + #define LTC_DER_MAX_RECURSION 30 479 479 + #endif 480 480 + #endif 481 481 + 482 482 + #if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT) 483 483 + /* Include the MPI functionality? (required by the PK algorithms) */ 484 484 + #define LTC_MPI 485 485 + 486 486 + #ifndef LTC_PK_MAX_RETRIES 487 487 + /* iterations limit for retry-loops */ 488 488 + #define LTC_PK_MAX_RETRIES 20 489 489 + #endif 490 490 + #endif 491 491 + 492 492 + #ifdef LTC_MRSA 493 493 + #define LTC_PKCS_1 494 494 + #endif 495 495 + 496 496 + #if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL) 497 497 + #error Pelican-MAC requires LTC_RIJNDAEL 498 498 + #endif 499 499 + 500 500 + #if defined(LTC_EAX_MODE) && !(defined(LTC_CTR_MODE) && defined(LTC_OMAC)) 501 501 + #error LTC_EAX_MODE requires CTR and LTC_OMAC mode 502 502 + #endif 503 503 + 504 504 + #if defined(LTC_YARROW) && !defined(LTC_CTR_MODE) 505 505 + #error LTC_YARROW requires LTC_CTR_MODE chaining mode to be defined! 506 506 + #endif 507 507 + 508 508 + #if defined(LTC_DER) && !defined(LTC_MPI) 509 509 + #error ASN.1 DER requires MPI functionality 510 510 + #endif 511 511 + 512 512 + #if (defined(LTC_MDSA) || defined(LTC_MRSA) || defined(LTC_MECC) || defined(LTC_MKAT)) && !defined(LTC_DER) 513 513 + #error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled 514 514 + #endif 515 515 + 516 516 + #if defined(LTC_CHACHA20POLY1305_MODE) && (!defined(LTC_CHACHA) || !defined(LTC_POLY1305)) 517 517 + #error LTC_CHACHA20POLY1305_MODE requires LTC_CHACHA + LTC_POLY1305 518 518 + #endif 519 519 + 520 520 + #if defined(LTC_CHACHA20_PRNG) && !defined(LTC_CHACHA) 521 521 + #error LTC_CHACHA20_PRNG requires LTC_CHACHA 522 522 + #endif 523 523 + 524 524 + #if defined(LTC_RC4) && !defined(LTC_RC4_STREAM) 525 525 + #error LTC_RC4 requires LTC_RC4_STREAM 526 526 + #endif 527 527 + 528 528 + #if defined(LTC_SOBER128) && !defined(LTC_SOBER128_STREAM) 529 529 + #error LTC_SOBER128 requires LTC_SOBER128_STREAM 530 530 + #endif 531 531 + 532 532 + #if defined(LTC_BLAKE2SMAC) && !defined(LTC_BLAKE2S) 533 533 + #error LTC_BLAKE2SMAC requires LTC_BLAKE2S 534 534 + #endif 535 535 + 536 536 + #if defined(LTC_BLAKE2BMAC) && !defined(LTC_BLAKE2B) 537 537 + #error LTC_BLAKE2BMAC requires LTC_BLAKE2B 538 538 + #endif 539 539 + 540 540 + #if defined(LTC_SPRNG) && !defined(LTC_RNG_GET_BYTES) 541 541 + #error LTC_SPRNG requires LTC_RNG_GET_BYTES 542 542 + #endif 543 543 + 544 544 + #if defined(LTC_NO_MATH) && (defined(LTM_DESC) || defined(TFM_DESC) || defined(GMP_DESC)) 545 545 + #error LTC_NO_MATH defined, but also a math descriptor 546 546 + #endif 547 547 + 548 548 + /* THREAD management */ 549 549 + #ifdef LTC_PTHREAD 550 550 + 551 551 + #include <pthread.h> 552 552 + 553 553 + #define LTC_MUTEX_GLOBAL(x) pthread_mutex_t x = PTHREAD_MUTEX_INITIALIZER; 554 554 + #define LTC_MUTEX_PROTO(x) extern pthread_mutex_t x; 555 555 + #define LTC_MUTEX_TYPE(x) pthread_mutex_t x; 556 556 + #define LTC_MUTEX_INIT(x) LTC_ARGCHK(pthread_mutex_init(x, NULL) == 0); 557 557 + #define LTC_MUTEX_LOCK(x) LTC_ARGCHK(pthread_mutex_lock(x) == 0); 558 558 + #define LTC_MUTEX_UNLOCK(x) LTC_ARGCHK(pthread_mutex_unlock(x) == 0); 559 559 + #define LTC_MUTEX_DESTROY(x) LTC_ARGCHK(pthread_mutex_destroy(x) == 0); 560 560 + 561 561 + #else 562 562 + 563 563 + /* default no functions */ 564 564 + #define LTC_MUTEX_GLOBAL(x) 565 565 + #define LTC_MUTEX_PROTO(x) 566 566 + #define LTC_MUTEX_TYPE(x) 567 567 + #define LTC_MUTEX_INIT(x) 568 568 + #define LTC_MUTEX_LOCK(x) 569 569 + #define LTC_MUTEX_UNLOCK(x) 570 570 + #define LTC_MUTEX_DESTROY(x) 571 571 + 572 572 + #endif 573 573 + 574 574 + /* Debuggers */ 575 575 + 576 576 + /* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */ 577 577 + /* #define LTC_VALGRIND */ 578 578 + 579 579 + #endif 580 580 + 581 581 + #ifndef LTC_NO_FILE 582 582 + /* buffer size for reading from a file via fread(..) */ 583 583 + #ifndef LTC_FILE_READ_BUFSIZE 584 584 + #define LTC_FILE_READ_BUFSIZE 8192 585 585 + #endif 586 586 + #endif 587 587 + 588 588 + /* ref: HEAD -> master, tag: v1.18.2 */ 589 589 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 590 590 + /* commit time: 2018-07-01 22:49:01 +0200 */

+531

utils/tomcrypt/src/headers/tomcrypt_hash.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /* ---- HASH FUNCTIONS ---- */ 11 11 + #ifdef LTC_SHA3 12 12 + struct sha3_state { 13 13 + ulong64 saved; /* the portion of the input message that we didn't consume yet */ 14 14 + ulong64 s[25]; 15 15 + unsigned char sb[25 * 8]; /* used for storing `ulong64 s[25]` as little-endian bytes */ 16 16 + unsigned short byte_index; /* 0..7--the next byte after the set one (starts from 0; 0--none are buffered) */ 17 17 + unsigned short word_index; /* 0..24--the next word to integrate input (starts from 0) */ 18 18 + unsigned short capacity_words; /* the double size of the hash output in words (e.g. 16 for Keccak 512) */ 19 19 + unsigned short xof_flag; 20 20 + }; 21 21 + #endif 22 22 + 23 23 + #ifdef LTC_SHA512 24 24 + struct sha512_state { 25 25 + ulong64 length, state[8]; 26 26 + unsigned long curlen; 27 27 + unsigned char buf[128]; 28 28 + }; 29 29 + #endif 30 30 + 31 31 + #ifdef LTC_SHA256 32 32 + struct sha256_state { 33 33 + ulong64 length; 34 34 + ulong32 state[8], curlen; 35 35 + unsigned char buf[64]; 36 36 + }; 37 37 + #endif 38 38 + 39 39 + #ifdef LTC_SHA1 40 40 + struct sha1_state { 41 41 + ulong64 length; 42 42 + ulong32 state[5], curlen; 43 43 + unsigned char buf[64]; 44 44 + }; 45 45 + #endif 46 46 + 47 47 + #ifdef LTC_MD5 48 48 + struct md5_state { 49 49 + ulong64 length; 50 50 + ulong32 state[4], curlen; 51 51 + unsigned char buf[64]; 52 52 + }; 53 53 + #endif 54 54 + 55 55 + #ifdef LTC_MD4 56 56 + struct md4_state { 57 57 + ulong64 length; 58 58 + ulong32 state[4], curlen; 59 59 + unsigned char buf[64]; 60 60 + }; 61 61 + #endif 62 62 + 63 63 + #ifdef LTC_TIGER 64 64 + struct tiger_state { 65 65 + ulong64 state[3], length; 66 66 + unsigned long curlen; 67 67 + unsigned char buf[64]; 68 68 + }; 69 69 + #endif 70 70 + 71 71 + #ifdef LTC_MD2 72 72 + struct md2_state { 73 73 + unsigned char chksum[16], X[48], buf[16]; 74 74 + unsigned long curlen; 75 75 + }; 76 76 + #endif 77 77 + 78 78 + #ifdef LTC_RIPEMD128 79 79 + struct rmd128_state { 80 80 + ulong64 length; 81 81 + unsigned char buf[64]; 82 82 + ulong32 curlen, state[4]; 83 83 + }; 84 84 + #endif 85 85 + 86 86 + #ifdef LTC_RIPEMD160 87 87 + struct rmd160_state { 88 88 + ulong64 length; 89 89 + unsigned char buf[64]; 90 90 + ulong32 curlen, state[5]; 91 91 + }; 92 92 + #endif 93 93 + 94 94 + #ifdef LTC_RIPEMD256 95 95 + struct rmd256_state { 96 96 + ulong64 length; 97 97 + unsigned char buf[64]; 98 98 + ulong32 curlen, state[8]; 99 99 + }; 100 100 + #endif 101 101 + 102 102 + #ifdef LTC_RIPEMD320 103 103 + struct rmd320_state { 104 104 + ulong64 length; 105 105 + unsigned char buf[64]; 106 106 + ulong32 curlen, state[10]; 107 107 + }; 108 108 + #endif 109 109 + 110 110 + #ifdef LTC_WHIRLPOOL 111 111 + struct whirlpool_state { 112 112 + ulong64 length, state[8]; 113 113 + unsigned char buf[64]; 114 114 + ulong32 curlen; 115 115 + }; 116 116 + #endif 117 117 + 118 118 + #ifdef LTC_CHC_HASH 119 119 + struct chc_state { 120 120 + ulong64 length; 121 121 + unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE]; 122 122 + ulong32 curlen; 123 123 + }; 124 124 + #endif 125 125 + 126 126 + #ifdef LTC_BLAKE2S 127 127 + struct blake2s_state { 128 128 + ulong32 h[8]; 129 129 + ulong32 t[2]; 130 130 + ulong32 f[2]; 131 131 + unsigned char buf[64]; 132 132 + unsigned long curlen; 133 133 + unsigned long outlen; 134 134 + unsigned char last_node; 135 135 + }; 136 136 + #endif 137 137 + 138 138 + #ifdef LTC_BLAKE2B 139 139 + struct blake2b_state { 140 140 + ulong64 h[8]; 141 141 + ulong64 t[2]; 142 142 + ulong64 f[2]; 143 143 + unsigned char buf[128]; 144 144 + unsigned long curlen; 145 145 + unsigned long outlen; 146 146 + unsigned char last_node; 147 147 + }; 148 148 + #endif 149 149 + 150 150 + typedef union Hash_state { 151 151 + char dummy[1]; 152 152 + #ifdef LTC_CHC_HASH 153 153 + struct chc_state chc; 154 154 + #endif 155 155 + #ifdef LTC_WHIRLPOOL 156 156 + struct whirlpool_state whirlpool; 157 157 + #endif 158 158 + #ifdef LTC_SHA3 159 159 + struct sha3_state sha3; 160 160 + #endif 161 161 + #ifdef LTC_SHA512 162 162 + struct sha512_state sha512; 163 163 + #endif 164 164 + #ifdef LTC_SHA256 165 165 + struct sha256_state sha256; 166 166 + #endif 167 167 + #ifdef LTC_SHA1 168 168 + struct sha1_state sha1; 169 169 + #endif 170 170 + #ifdef LTC_MD5 171 171 + struct md5_state md5; 172 172 + #endif 173 173 + #ifdef LTC_MD4 174 174 + struct md4_state md4; 175 175 + #endif 176 176 + #ifdef LTC_MD2 177 177 + struct md2_state md2; 178 178 + #endif 179 179 + #ifdef LTC_TIGER 180 180 + struct tiger_state tiger; 181 181 + #endif 182 182 + #ifdef LTC_RIPEMD128 183 183 + struct rmd128_state rmd128; 184 184 + #endif 185 185 + #ifdef LTC_RIPEMD160 186 186 + struct rmd160_state rmd160; 187 187 + #endif 188 188 + #ifdef LTC_RIPEMD256 189 189 + struct rmd256_state rmd256; 190 190 + #endif 191 191 + #ifdef LTC_RIPEMD320 192 192 + struct rmd320_state rmd320; 193 193 + #endif 194 194 + #ifdef LTC_BLAKE2S 195 195 + struct blake2s_state blake2s; 196 196 + #endif 197 197 + #ifdef LTC_BLAKE2B 198 198 + struct blake2b_state blake2b; 199 199 + #endif 200 200 + 201 201 + void *data; 202 202 + } hash_state; 203 203 + 204 204 + /** hash descriptor */ 205 205 + extern struct ltc_hash_descriptor { 206 206 + /** name of hash */ 207 207 + const char *name; 208 208 + /** internal ID */ 209 209 + unsigned char ID; 210 210 + /** Size of digest in octets */ 211 211 + unsigned long hashsize; 212 212 + /** Input block size in octets */ 213 213 + unsigned long blocksize; 214 214 + /** ASN.1 OID */ 215 215 + unsigned long OID[16]; 216 216 + /** Length of DER encoding */ 217 217 + unsigned long OIDlen; 218 218 + 219 219 + /** Init a hash state 220 220 + @param hash The hash to initialize 221 221 + @return CRYPT_OK if successful 222 222 + */ 223 223 + int (*init)(hash_state *hash); 224 224 + /** Process a block of data 225 225 + @param hash The hash state 226 226 + @param in The data to hash 227 227 + @param inlen The length of the data (octets) 228 228 + @return CRYPT_OK if successful 229 229 + */ 230 230 + int (*process)(hash_state *hash, const unsigned char *in, unsigned long inlen); 231 231 + /** Produce the digest and store it 232 232 + @param hash The hash state 233 233 + @param out [out] The destination of the digest 234 234 + @return CRYPT_OK if successful 235 235 + */ 236 236 + int (*done)(hash_state *hash, unsigned char *out); 237 237 + /** Self-test 238 238 + @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled 239 239 + */ 240 240 + int (*test)(void); 241 241 + 242 242 + /* accelerated hmac callback: if you need to-do multiple packets just use the generic hmac_memory and provide a hash callback */ 243 243 + int (*hmac_block)(const unsigned char *key, unsigned long keylen, 244 244 + const unsigned char *in, unsigned long inlen, 245 245 + unsigned char *out, unsigned long *outlen); 246 246 + 247 247 + } hash_descriptor[]; 248 248 + 249 249 + #ifdef LTC_CHC_HASH 250 250 + int chc_register(int cipher); 251 251 + int chc_init(hash_state * md); 252 252 + int chc_process(hash_state * md, const unsigned char *in, unsigned long inlen); 253 253 + int chc_done(hash_state * md, unsigned char *hash); 254 254 + int chc_test(void); 255 255 + extern const struct ltc_hash_descriptor chc_desc; 256 256 + #endif 257 257 + 258 258 + #ifdef LTC_WHIRLPOOL 259 259 + int whirlpool_init(hash_state * md); 260 260 + int whirlpool_process(hash_state * md, const unsigned char *in, unsigned long inlen); 261 261 + int whirlpool_done(hash_state * md, unsigned char *hash); 262 262 + int whirlpool_test(void); 263 263 + extern const struct ltc_hash_descriptor whirlpool_desc; 264 264 + #endif 265 265 + 266 266 + #ifdef LTC_SHA3 267 267 + int sha3_512_init(hash_state * md); 268 268 + int sha3_512_test(void); 269 269 + extern const struct ltc_hash_descriptor sha3_512_desc; 270 270 + int sha3_384_init(hash_state * md); 271 271 + int sha3_384_test(void); 272 272 + extern const struct ltc_hash_descriptor sha3_384_desc; 273 273 + int sha3_256_init(hash_state * md); 274 274 + int sha3_256_test(void); 275 275 + extern const struct ltc_hash_descriptor sha3_256_desc; 276 276 + int sha3_224_init(hash_state * md); 277 277 + int sha3_224_test(void); 278 278 + extern const struct ltc_hash_descriptor sha3_224_desc; 279 279 + /* process + done are the same for all variants */ 280 280 + int sha3_process(hash_state * md, const unsigned char *in, unsigned long inlen); 281 281 + int sha3_done(hash_state *md, unsigned char *hash); 282 282 + /* SHAKE128 + SHAKE256 */ 283 283 + int sha3_shake_init(hash_state *md, int num); 284 284 + #define sha3_shake_process(a,b,c) sha3_process(a,b,c) 285 285 + int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen); 286 286 + int sha3_shake_test(void); 287 287 + int sha3_shake_memory(int num, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); 288 288 + #endif 289 289 + 290 290 + #ifdef LTC_SHA512 291 291 + int sha512_init(hash_state * md); 292 292 + int sha512_process(hash_state * md, const unsigned char *in, unsigned long inlen); 293 293 + int sha512_done(hash_state * md, unsigned char *hash); 294 294 + int sha512_test(void); 295 295 + extern const struct ltc_hash_descriptor sha512_desc; 296 296 + #endif 297 297 + 298 298 + #ifdef LTC_SHA384 299 299 + #ifndef LTC_SHA512 300 300 + #error LTC_SHA512 is required for LTC_SHA384 301 301 + #endif 302 302 + int sha384_init(hash_state * md); 303 303 + #define sha384_process sha512_process 304 304 + int sha384_done(hash_state * md, unsigned char *hash); 305 305 + int sha384_test(void); 306 306 + extern const struct ltc_hash_descriptor sha384_desc; 307 307 + #endif 308 308 + 309 309 + #ifdef LTC_SHA512_256 310 310 + #ifndef LTC_SHA512 311 311 + #error LTC_SHA512 is required for LTC_SHA512_256 312 312 + #endif 313 313 + int sha512_256_init(hash_state * md); 314 314 + #define sha512_256_process sha512_process 315 315 + int sha512_256_done(hash_state * md, unsigned char *hash); 316 316 + int sha512_256_test(void); 317 317 + extern const struct ltc_hash_descriptor sha512_256_desc; 318 318 + #endif 319 319 + 320 320 + #ifdef LTC_SHA512_224 321 321 + #ifndef LTC_SHA512 322 322 + #error LTC_SHA512 is required for LTC_SHA512_224 323 323 + #endif 324 324 + int sha512_224_init(hash_state * md); 325 325 + #define sha512_224_process sha512_process 326 326 + int sha512_224_done(hash_state * md, unsigned char *hash); 327 327 + int sha512_224_test(void); 328 328 + extern const struct ltc_hash_descriptor sha512_224_desc; 329 329 + #endif 330 330 + 331 331 + #ifdef LTC_SHA256 332 332 + int sha256_init(hash_state * md); 333 333 + int sha256_process(hash_state * md, const unsigned char *in, unsigned long inlen); 334 334 + int sha256_done(hash_state * md, unsigned char *hash); 335 335 + int sha256_test(void); 336 336 + extern const struct ltc_hash_descriptor sha256_desc; 337 337 + 338 338 + #ifdef LTC_SHA224 339 339 + #ifndef LTC_SHA256 340 340 + #error LTC_SHA256 is required for LTC_SHA224 341 341 + #endif 342 342 + int sha224_init(hash_state * md); 343 343 + #define sha224_process sha256_process 344 344 + int sha224_done(hash_state * md, unsigned char *hash); 345 345 + int sha224_test(void); 346 346 + extern const struct ltc_hash_descriptor sha224_desc; 347 347 + #endif 348 348 + #endif 349 349 + 350 350 + #ifdef LTC_SHA1 351 351 + int sha1_init(hash_state * md); 352 352 + int sha1_process(hash_state * md, const unsigned char *in, unsigned long inlen); 353 353 + int sha1_done(hash_state * md, unsigned char *hash); 354 354 + int sha1_test(void); 355 355 + extern const struct ltc_hash_descriptor sha1_desc; 356 356 + #endif 357 357 + 358 358 + #ifdef LTC_BLAKE2S 359 359 + extern const struct ltc_hash_descriptor blake2s_256_desc; 360 360 + int blake2s_256_init(hash_state * md); 361 361 + int blake2s_256_test(void); 362 362 + 363 363 + extern const struct ltc_hash_descriptor blake2s_224_desc; 364 364 + int blake2s_224_init(hash_state * md); 365 365 + int blake2s_224_test(void); 366 366 + 367 367 + extern const struct ltc_hash_descriptor blake2s_160_desc; 368 368 + int blake2s_160_init(hash_state * md); 369 369 + int blake2s_160_test(void); 370 370 + 371 371 + extern const struct ltc_hash_descriptor blake2s_128_desc; 372 372 + int blake2s_128_init(hash_state * md); 373 373 + int blake2s_128_test(void); 374 374 + 375 375 + int blake2s_init(hash_state * md, unsigned long outlen, const unsigned char *key, unsigned long keylen); 376 376 + int blake2s_process(hash_state * md, const unsigned char *in, unsigned long inlen); 377 377 + int blake2s_done(hash_state * md, unsigned char *hash); 378 378 + #endif 379 379 + 380 380 + #ifdef LTC_BLAKE2B 381 381 + extern const struct ltc_hash_descriptor blake2b_512_desc; 382 382 + int blake2b_512_init(hash_state * md); 383 383 + int blake2b_512_test(void); 384 384 + 385 385 + extern const struct ltc_hash_descriptor blake2b_384_desc; 386 386 + int blake2b_384_init(hash_state * md); 387 387 + int blake2b_384_test(void); 388 388 + 389 389 + extern const struct ltc_hash_descriptor blake2b_256_desc; 390 390 + int blake2b_256_init(hash_state * md); 391 391 + int blake2b_256_test(void); 392 392 + 393 393 + extern const struct ltc_hash_descriptor blake2b_160_desc; 394 394 + int blake2b_160_init(hash_state * md); 395 395 + int blake2b_160_test(void); 396 396 + 397 397 + int blake2b_init(hash_state * md, unsigned long outlen, const unsigned char *key, unsigned long keylen); 398 398 + int blake2b_process(hash_state * md, const unsigned char *in, unsigned long inlen); 399 399 + int blake2b_done(hash_state * md, unsigned char *hash); 400 400 + #endif 401 401 + 402 402 + #ifdef LTC_MD5 403 403 + int md5_init(hash_state * md); 404 404 + int md5_process(hash_state * md, const unsigned char *in, unsigned long inlen); 405 405 + int md5_done(hash_state * md, unsigned char *hash); 406 406 + int md5_test(void); 407 407 + extern const struct ltc_hash_descriptor md5_desc; 408 408 + #endif 409 409 + 410 410 + #ifdef LTC_MD4 411 411 + int md4_init(hash_state * md); 412 412 + int md4_process(hash_state * md, const unsigned char *in, unsigned long inlen); 413 413 + int md4_done(hash_state * md, unsigned char *hash); 414 414 + int md4_test(void); 415 415 + extern const struct ltc_hash_descriptor md4_desc; 416 416 + #endif 417 417 + 418 418 + #ifdef LTC_MD2 419 419 + int md2_init(hash_state * md); 420 420 + int md2_process(hash_state * md, const unsigned char *in, unsigned long inlen); 421 421 + int md2_done(hash_state * md, unsigned char *hash); 422 422 + int md2_test(void); 423 423 + extern const struct ltc_hash_descriptor md2_desc; 424 424 + #endif 425 425 + 426 426 + #ifdef LTC_TIGER 427 427 + int tiger_init(hash_state * md); 428 428 + int tiger_process(hash_state * md, const unsigned char *in, unsigned long inlen); 429 429 + int tiger_done(hash_state * md, unsigned char *hash); 430 430 + int tiger_test(void); 431 431 + extern const struct ltc_hash_descriptor tiger_desc; 432 432 + #endif 433 433 + 434 434 + #ifdef LTC_RIPEMD128 435 435 + int rmd128_init(hash_state * md); 436 436 + int rmd128_process(hash_state * md, const unsigned char *in, unsigned long inlen); 437 437 + int rmd128_done(hash_state * md, unsigned char *hash); 438 438 + int rmd128_test(void); 439 439 + extern const struct ltc_hash_descriptor rmd128_desc; 440 440 + #endif 441 441 + 442 442 + #ifdef LTC_RIPEMD160 443 443 + int rmd160_init(hash_state * md); 444 444 + int rmd160_process(hash_state * md, const unsigned char *in, unsigned long inlen); 445 445 + int rmd160_done(hash_state * md, unsigned char *hash); 446 446 + int rmd160_test(void); 447 447 + extern const struct ltc_hash_descriptor rmd160_desc; 448 448 + #endif 449 449 + 450 450 + #ifdef LTC_RIPEMD256 451 451 + int rmd256_init(hash_state * md); 452 452 + int rmd256_process(hash_state * md, const unsigned char *in, unsigned long inlen); 453 453 + int rmd256_done(hash_state * md, unsigned char *hash); 454 454 + int rmd256_test(void); 455 455 + extern const struct ltc_hash_descriptor rmd256_desc; 456 456 + #endif 457 457 + 458 458 + #ifdef LTC_RIPEMD320 459 459 + int rmd320_init(hash_state * md); 460 460 + int rmd320_process(hash_state * md, const unsigned char *in, unsigned long inlen); 461 461 + int rmd320_done(hash_state * md, unsigned char *hash); 462 462 + int rmd320_test(void); 463 463 + extern const struct ltc_hash_descriptor rmd320_desc; 464 464 + #endif 465 465 + 466 466 + 467 467 + int find_hash(const char *name); 468 468 + int find_hash_id(unsigned char ID); 469 469 + int find_hash_oid(const unsigned long *ID, unsigned long IDlen); 470 470 + int find_hash_any(const char *name, int digestlen); 471 471 + int register_hash(const struct ltc_hash_descriptor *hash); 472 472 + int unregister_hash(const struct ltc_hash_descriptor *hash); 473 473 + int register_all_hashes(void); 474 474 + int hash_is_valid(int idx); 475 475 + 476 476 + LTC_MUTEX_PROTO(ltc_hash_mutex) 477 477 + 478 478 + int hash_memory(int hash, 479 479 + const unsigned char *in, unsigned long inlen, 480 480 + unsigned char *out, unsigned long *outlen); 481 481 + int hash_memory_multi(int hash, unsigned char *out, unsigned long *outlen, 482 482 + const unsigned char *in, unsigned long inlen, ...); 483 483 + 484 484 + #ifndef LTC_NO_FILE 485 485 + int hash_filehandle(int hash, FILE *in, unsigned char *out, unsigned long *outlen); 486 486 + int hash_file(int hash, const char *fname, unsigned char *out, unsigned long *outlen); 487 487 + #endif 488 488 + 489 489 + /* a simple macro for making hash "process" functions */ 490 490 + #define HASH_PROCESS(func_name, compress_name, state_var, block_size) \ 491 491 + int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ 492 492 + { \ 493 493 + unsigned long n; \ 494 494 + int err; \ 495 495 + LTC_ARGCHK(md != NULL); \ 496 496 + LTC_ARGCHK(in != NULL); \ 497 497 + if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ 498 498 + return CRYPT_INVALID_ARG; \ 499 499 + } \ 500 500 + if ((md-> state_var .length + inlen) < md-> state_var .length) { \ 501 501 + return CRYPT_HASH_OVERFLOW; \ 502 502 + } \ 503 503 + while (inlen > 0) { \ 504 504 + if (md-> state_var .curlen == 0 && inlen >= block_size) { \ 505 505 + if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ 506 506 + return err; \ 507 507 + } \ 508 508 + md-> state_var .length += block_size * 8; \ 509 509 + in += block_size; \ 510 510 + inlen -= block_size; \ 511 511 + } else { \ 512 512 + n = MIN(inlen, (block_size - md-> state_var .curlen)); \ 513 513 + XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ 514 514 + md-> state_var .curlen += n; \ 515 515 + in += n; \ 516 516 + inlen -= n; \ 517 517 + if (md-> state_var .curlen == block_size) { \ 518 518 + if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ 519 519 + return err; \ 520 520 + } \ 521 521 + md-> state_var .length += 8*block_size; \ 522 522 + md-> state_var .curlen = 0; \ 523 523 + } \ 524 524 + } \ 525 525 + } \ 526 526 + return CRYPT_OK; \ 527 527 + } 528 528 + 529 529 + /* ref: HEAD -> master, tag: v1.18.2 */ 530 530 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 531 531 + /* commit time: 2018-07-01 22:49:01 +0200 */

+565

utils/tomcrypt/src/headers/tomcrypt_mac.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + #ifdef LTC_HMAC 11 11 + typedef struct Hmac_state { 12 12 + hash_state md; 13 13 + int hash; 14 14 + hash_state hashstate; 15 15 + unsigned char *key; 16 16 + } hmac_state; 17 17 + 18 18 + int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen); 19 19 + int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen); 20 20 + int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen); 21 21 + int hmac_test(void); 22 22 + int hmac_memory(int hash, 23 23 + const unsigned char *key, unsigned long keylen, 24 24 + const unsigned char *in, unsigned long inlen, 25 25 + unsigned char *out, unsigned long *outlen); 26 26 + int hmac_memory_multi(int hash, 27 27 + const unsigned char *key, unsigned long keylen, 28 28 + unsigned char *out, unsigned long *outlen, 29 29 + const unsigned char *in, unsigned long inlen, ...); 30 30 + int hmac_file(int hash, const char *fname, const unsigned char *key, 31 31 + unsigned long keylen, 32 32 + unsigned char *dst, unsigned long *dstlen); 33 33 + #endif 34 34 + 35 35 + #ifdef LTC_OMAC 36 36 + 37 37 + typedef struct { 38 38 + int cipher_idx, 39 39 + buflen, 40 40 + blklen; 41 41 + unsigned char block[MAXBLOCKSIZE], 42 42 + prev[MAXBLOCKSIZE], 43 43 + Lu[2][MAXBLOCKSIZE]; 44 44 + symmetric_key key; 45 45 + } omac_state; 46 46 + 47 47 + int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen); 48 48 + int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen); 49 49 + int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen); 50 50 + int omac_memory(int cipher, 51 51 + const unsigned char *key, unsigned long keylen, 52 52 + const unsigned char *in, unsigned long inlen, 53 53 + unsigned char *out, unsigned long *outlen); 54 54 + int omac_memory_multi(int cipher, 55 55 + const unsigned char *key, unsigned long keylen, 56 56 + unsigned char *out, unsigned long *outlen, 57 57 + const unsigned char *in, unsigned long inlen, ...); 58 58 + int omac_file(int cipher, 59 59 + const unsigned char *key, unsigned long keylen, 60 60 + const char *filename, 61 61 + unsigned char *out, unsigned long *outlen); 62 62 + int omac_test(void); 63 63 + #endif /* LTC_OMAC */ 64 64 + 65 65 + #ifdef LTC_PMAC 66 66 + 67 67 + typedef struct { 68 68 + unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ 69 69 + Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ 70 70 + Lr[MAXBLOCKSIZE], /* L * x^-1 */ 71 71 + block[MAXBLOCKSIZE], /* currently accumulated block */ 72 72 + checksum[MAXBLOCKSIZE]; /* current checksum */ 73 73 + 74 74 + symmetric_key key; /* scheduled key for cipher */ 75 75 + unsigned long block_index; /* index # for current block */ 76 76 + int cipher_idx, /* cipher idx */ 77 77 + block_len, /* length of block */ 78 78 + buflen; /* number of bytes in the buffer */ 79 79 + } pmac_state; 80 80 + 81 81 + int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen); 82 82 + int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen); 83 83 + int pmac_done(pmac_state *pmac, unsigned char *out, unsigned long *outlen); 84 84 + 85 85 + int pmac_memory(int cipher, 86 86 + const unsigned char *key, unsigned long keylen, 87 87 + const unsigned char *msg, unsigned long msglen, 88 88 + unsigned char *out, unsigned long *outlen); 89 89 + 90 90 + int pmac_memory_multi(int cipher, 91 91 + const unsigned char *key, unsigned long keylen, 92 92 + unsigned char *out, unsigned long *outlen, 93 93 + const unsigned char *in, unsigned long inlen, ...); 94 94 + 95 95 + int pmac_file(int cipher, 96 96 + const unsigned char *key, unsigned long keylen, 97 97 + const char *filename, 98 98 + unsigned char *out, unsigned long *outlen); 99 99 + 100 100 + int pmac_test(void); 101 101 + 102 102 + /* internal functions */ 103 103 + int pmac_ntz(unsigned long x); 104 104 + void pmac_shift_xor(pmac_state *pmac); 105 105 + 106 106 + #endif /* PMAC */ 107 107 + 108 108 + #ifdef LTC_POLY1305 109 109 + typedef struct { 110 110 + ulong32 r[5]; 111 111 + ulong32 h[5]; 112 112 + ulong32 pad[4]; 113 113 + unsigned long leftover; 114 114 + unsigned char buffer[16]; 115 115 + int final; 116 116 + } poly1305_state; 117 117 + 118 118 + int poly1305_init(poly1305_state *st, const unsigned char *key, unsigned long keylen); 119 119 + int poly1305_process(poly1305_state *st, const unsigned char *in, unsigned long inlen); 120 120 + int poly1305_done(poly1305_state *st, unsigned char *mac, unsigned long *maclen); 121 121 + int poly1305_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen); 122 122 + int poly1305_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...); 123 123 + int poly1305_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen); 124 124 + int poly1305_test(void); 125 125 + #endif /* LTC_POLY1305 */ 126 126 + 127 127 + #ifdef LTC_BLAKE2SMAC 128 128 + typedef hash_state blake2smac_state; 129 129 + int blake2smac_init(blake2smac_state *st, unsigned long outlen, const unsigned char *key, unsigned long keylen); 130 130 + int blake2smac_process(blake2smac_state *st, const unsigned char *in, unsigned long inlen); 131 131 + int blake2smac_done(blake2smac_state *st, unsigned char *mac, unsigned long *maclen); 132 132 + int blake2smac_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen); 133 133 + int blake2smac_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...); 134 134 + int blake2smac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen); 135 135 + int blake2smac_test(void); 136 136 + #endif /* LTC_BLAKE2SMAC */ 137 137 + 138 138 + #ifdef LTC_BLAKE2BMAC 139 139 + typedef hash_state blake2bmac_state; 140 140 + int blake2bmac_init(blake2bmac_state *st, unsigned long outlen, const unsigned char *key, unsigned long keylen); 141 141 + int blake2bmac_process(blake2bmac_state *st, const unsigned char *in, unsigned long inlen); 142 142 + int blake2bmac_done(blake2bmac_state *st, unsigned char *mac, unsigned long *maclen); 143 143 + int blake2bmac_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen); 144 144 + int blake2bmac_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...); 145 145 + int blake2bmac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen); 146 146 + int blake2bmac_test(void); 147 147 + #endif /* LTC_BLAKE2BMAC */ 148 148 + 149 149 + #ifdef LTC_EAX_MODE 150 150 + 151 151 + #if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE)) 152 152 + #error LTC_EAX_MODE requires LTC_OMAC and CTR 153 153 + #endif 154 154 + 155 155 + typedef struct { 156 156 + unsigned char N[MAXBLOCKSIZE]; 157 157 + symmetric_CTR ctr; 158 158 + omac_state headeromac, ctomac; 159 159 + } eax_state; 160 160 + 161 161 + int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen, 162 162 + const unsigned char *nonce, unsigned long noncelen, 163 163 + const unsigned char *header, unsigned long headerlen); 164 164 + 165 165 + int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length); 166 166 + int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length); 167 167 + int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length); 168 168 + int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen); 169 169 + 170 170 + int eax_encrypt_authenticate_memory(int cipher, 171 171 + const unsigned char *key, unsigned long keylen, 172 172 + const unsigned char *nonce, unsigned long noncelen, 173 173 + const unsigned char *header, unsigned long headerlen, 174 174 + const unsigned char *pt, unsigned long ptlen, 175 175 + unsigned char *ct, 176 176 + unsigned char *tag, unsigned long *taglen); 177 177 + 178 178 + int eax_decrypt_verify_memory(int cipher, 179 179 + const unsigned char *key, unsigned long keylen, 180 180 + const unsigned char *nonce, unsigned long noncelen, 181 181 + const unsigned char *header, unsigned long headerlen, 182 182 + const unsigned char *ct, unsigned long ctlen, 183 183 + unsigned char *pt, 184 184 + unsigned char *tag, unsigned long taglen, 185 185 + int *stat); 186 186 + 187 187 + int eax_test(void); 188 188 + #endif /* EAX MODE */ 189 189 + 190 190 + #ifdef LTC_OCB_MODE 191 191 + typedef struct { 192 192 + unsigned char L[MAXBLOCKSIZE], /* L value */ 193 193 + Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ 194 194 + Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ 195 195 + Lr[MAXBLOCKSIZE], /* L * x^-1 */ 196 196 + R[MAXBLOCKSIZE], /* R value */ 197 197 + checksum[MAXBLOCKSIZE]; /* current checksum */ 198 198 + 199 199 + symmetric_key key; /* scheduled key for cipher */ 200 200 + unsigned long block_index; /* index # for current block */ 201 201 + int cipher, /* cipher idx */ 202 202 + block_len; /* length of block */ 203 203 + } ocb_state; 204 204 + 205 205 + int ocb_init(ocb_state *ocb, int cipher, 206 206 + const unsigned char *key, unsigned long keylen, const unsigned char *nonce); 207 207 + 208 208 + int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct); 209 209 + int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt); 210 210 + 211 211 + int ocb_done_encrypt(ocb_state *ocb, 212 212 + const unsigned char *pt, unsigned long ptlen, 213 213 + unsigned char *ct, 214 214 + unsigned char *tag, unsigned long *taglen); 215 215 + 216 216 + int ocb_done_decrypt(ocb_state *ocb, 217 217 + const unsigned char *ct, unsigned long ctlen, 218 218 + unsigned char *pt, 219 219 + const unsigned char *tag, unsigned long taglen, int *stat); 220 220 + 221 221 + int ocb_encrypt_authenticate_memory(int cipher, 222 222 + const unsigned char *key, unsigned long keylen, 223 223 + const unsigned char *nonce, 224 224 + const unsigned char *pt, unsigned long ptlen, 225 225 + unsigned char *ct, 226 226 + unsigned char *tag, unsigned long *taglen); 227 227 + 228 228 + int ocb_decrypt_verify_memory(int cipher, 229 229 + const unsigned char *key, unsigned long keylen, 230 230 + const unsigned char *nonce, 231 231 + const unsigned char *ct, unsigned long ctlen, 232 232 + unsigned char *pt, 233 233 + const unsigned char *tag, unsigned long taglen, 234 234 + int *stat); 235 235 + 236 236 + int ocb_test(void); 237 237 + 238 238 + /* internal functions */ 239 239 + void ocb_shift_xor(ocb_state *ocb, unsigned char *Z); 240 240 + int ocb_ntz(unsigned long x); 241 241 + int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, 242 242 + unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode); 243 243 + 244 244 + #endif /* LTC_OCB_MODE */ 245 245 + 246 246 + #ifdef LTC_OCB3_MODE 247 247 + typedef struct { 248 248 + unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */ 249 249 + Offset_current[MAXBLOCKSIZE], /* Offset_{current_block_index} value */ 250 250 + L_dollar[MAXBLOCKSIZE], /* L_$ value */ 251 251 + L_star[MAXBLOCKSIZE], /* L_* value */ 252 252 + L_[32][MAXBLOCKSIZE], /* L_{i} values */ 253 253 + tag_part[MAXBLOCKSIZE], /* intermediate result of tag calculation */ 254 254 + checksum[MAXBLOCKSIZE]; /* current checksum */ 255 255 + 256 256 + /* AAD related members */ 257 257 + unsigned char aSum_current[MAXBLOCKSIZE], /* AAD related helper variable */ 258 258 + aOffset_current[MAXBLOCKSIZE], /* AAD related helper variable */ 259 259 + adata_buffer[MAXBLOCKSIZE]; /* AAD buffer */ 260 260 + int adata_buffer_bytes; /* bytes in AAD buffer */ 261 261 + unsigned long ablock_index; /* index # for current adata (AAD) block */ 262 262 + 263 263 + symmetric_key key; /* scheduled key for cipher */ 264 264 + unsigned long block_index; /* index # for current data block */ 265 265 + int cipher, /* cipher idx */ 266 266 + tag_len, /* length of tag */ 267 267 + block_len; /* length of block */ 268 268 + } ocb3_state; 269 269 + 270 270 + int ocb3_init(ocb3_state *ocb, int cipher, 271 271 + const unsigned char *key, unsigned long keylen, 272 272 + const unsigned char *nonce, unsigned long noncelen, 273 273 + unsigned long taglen); 274 274 + 275 275 + int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct); 276 276 + int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt); 277 277 + int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct); 278 278 + int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt); 279 279 + int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen); 280 280 + int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen); 281 281 + 282 282 + int ocb3_encrypt_authenticate_memory(int cipher, 283 283 + const unsigned char *key, unsigned long keylen, 284 284 + const unsigned char *nonce, unsigned long noncelen, 285 285 + const unsigned char *adata, unsigned long adatalen, 286 286 + const unsigned char *pt, unsigned long ptlen, 287 287 + unsigned char *ct, 288 288 + unsigned char *tag, unsigned long *taglen); 289 289 + 290 290 + int ocb3_decrypt_verify_memory(int cipher, 291 291 + const unsigned char *key, unsigned long keylen, 292 292 + const unsigned char *nonce, unsigned long noncelen, 293 293 + const unsigned char *adata, unsigned long adatalen, 294 294 + const unsigned char *ct, unsigned long ctlen, 295 295 + unsigned char *pt, 296 296 + const unsigned char *tag, unsigned long taglen, 297 297 + int *stat); 298 298 + 299 299 + int ocb3_test(void); 300 300 + 301 301 + #ifdef LTC_SOURCE 302 302 + /* internal helper functions */ 303 303 + int ocb3_int_ntz(unsigned long x); 304 304 + void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len); 305 305 + #endif /* LTC_SOURCE */ 306 306 + 307 307 + #endif /* LTC_OCB3_MODE */ 308 308 + 309 309 + #ifdef LTC_CCM_MODE 310 310 + 311 311 + #define CCM_ENCRYPT LTC_ENCRYPT 312 312 + #define CCM_DECRYPT LTC_DECRYPT 313 313 + 314 314 + typedef struct { 315 315 + symmetric_key K; 316 316 + int cipher, /* which cipher */ 317 317 + taglen, /* length of the tag */ 318 318 + x; /* index in PAD */ 319 319 + 320 320 + unsigned long L, /* L value */ 321 321 + ptlen, /* length that will be enc / dec */ 322 322 + current_ptlen, /* current processed length */ 323 323 + aadlen, /* length of the aad */ 324 324 + current_aadlen, /* length of the currently provided add */ 325 325 + noncelen; /* length of the nonce */ 326 326 + 327 327 + unsigned char PAD[16], 328 328 + ctr[16], 329 329 + CTRPAD[16], 330 330 + CTRlen; 331 331 + } ccm_state; 332 332 + 333 333 + int ccm_init(ccm_state *ccm, int cipher, 334 334 + const unsigned char *key, int keylen, int ptlen, int taglen, int aad_len); 335 335 + 336 336 + int ccm_reset(ccm_state *ccm); 337 337 + 338 338 + int ccm_add_nonce(ccm_state *ccm, 339 339 + const unsigned char *nonce, unsigned long noncelen); 340 340 + 341 341 + int ccm_add_aad(ccm_state *ccm, 342 342 + const unsigned char *adata, unsigned long adatalen); 343 343 + 344 344 + int ccm_process(ccm_state *ccm, 345 345 + unsigned char *pt, unsigned long ptlen, 346 346 + unsigned char *ct, 347 347 + int direction); 348 348 + 349 349 + int ccm_done(ccm_state *ccm, 350 350 + unsigned char *tag, unsigned long *taglen); 351 351 + 352 352 + int ccm_memory(int cipher, 353 353 + const unsigned char *key, unsigned long keylen, 354 354 + symmetric_key *uskey, 355 355 + const unsigned char *nonce, unsigned long noncelen, 356 356 + const unsigned char *header, unsigned long headerlen, 357 357 + unsigned char *pt, unsigned long ptlen, 358 358 + unsigned char *ct, 359 359 + unsigned char *tag, unsigned long *taglen, 360 360 + int direction); 361 361 + 362 362 + int ccm_test(void); 363 363 + 364 364 + #endif /* LTC_CCM_MODE */ 365 365 + 366 366 + #if defined(LRW_MODE) || defined(LTC_GCM_MODE) 367 367 + void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c); 368 368 + #endif 369 369 + 370 370 + 371 371 + /* table shared between GCM and LRW */ 372 372 + #if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST)) 373 373 + extern const unsigned char gcm_shift_table[]; 374 374 + #endif 375 375 + 376 376 + #ifdef LTC_GCM_MODE 377 377 + 378 378 + #define GCM_ENCRYPT LTC_ENCRYPT 379 379 + #define GCM_DECRYPT LTC_DECRYPT 380 380 + 381 381 + #define LTC_GCM_MODE_IV 0 382 382 + #define LTC_GCM_MODE_AAD 1 383 383 + #define LTC_GCM_MODE_TEXT 2 384 384 + 385 385 + typedef struct { 386 386 + symmetric_key K; 387 387 + unsigned char H[16], /* multiplier */ 388 388 + X[16], /* accumulator */ 389 389 + Y[16], /* counter */ 390 390 + Y_0[16], /* initial counter */ 391 391 + buf[16]; /* buffer for stuff */ 392 392 + 393 393 + int cipher, /* which cipher */ 394 394 + ivmode, /* Which mode is the IV in? */ 395 395 + mode, /* mode the GCM code is in */ 396 396 + buflen; /* length of data in buf */ 397 397 + 398 398 + ulong64 totlen, /* 64-bit counter used for IV and AAD */ 399 399 + pttotlen; /* 64-bit counter for the PT */ 400 400 + 401 401 + #ifdef LTC_GCM_TABLES 402 402 + unsigned char PC[16][256][16] /* 16 tables of 8x128 */ 403 403 + #ifdef LTC_GCM_TABLES_SSE2 404 404 + __attribute__ ((aligned (16))) 405 405 + #endif 406 406 + ; 407 407 + #endif 408 408 + } gcm_state; 409 409 + 410 410 + void gcm_mult_h(gcm_state *gcm, unsigned char *I); 411 411 + 412 412 + int gcm_init(gcm_state *gcm, int cipher, 413 413 + const unsigned char *key, int keylen); 414 414 + 415 415 + int gcm_reset(gcm_state *gcm); 416 416 + 417 417 + int gcm_add_iv(gcm_state *gcm, 418 418 + const unsigned char *IV, unsigned long IVlen); 419 419 + 420 420 + int gcm_add_aad(gcm_state *gcm, 421 421 + const unsigned char *adata, unsigned long adatalen); 422 422 + 423 423 + int gcm_process(gcm_state *gcm, 424 424 + unsigned char *pt, unsigned long ptlen, 425 425 + unsigned char *ct, 426 426 + int direction); 427 427 + 428 428 + int gcm_done(gcm_state *gcm, 429 429 + unsigned char *tag, unsigned long *taglen); 430 430 + 431 431 + int gcm_memory( int cipher, 432 432 + const unsigned char *key, unsigned long keylen, 433 433 + const unsigned char *IV, unsigned long IVlen, 434 434 + const unsigned char *adata, unsigned long adatalen, 435 435 + unsigned char *pt, unsigned long ptlen, 436 436 + unsigned char *ct, 437 437 + unsigned char *tag, unsigned long *taglen, 438 438 + int direction); 439 439 + int gcm_test(void); 440 440 + 441 441 + #endif /* LTC_GCM_MODE */ 442 442 + 443 443 + #ifdef LTC_PELICAN 444 444 + 445 445 + typedef struct pelican_state 446 446 + { 447 447 + symmetric_key K; 448 448 + unsigned char state[16]; 449 449 + int buflen; 450 450 + } pelican_state; 451 451 + 452 452 + int pelican_init(pelican_state *pelmac, const unsigned char *key, unsigned long keylen); 453 453 + int pelican_process(pelican_state *pelmac, const unsigned char *in, unsigned long inlen); 454 454 + int pelican_done(pelican_state *pelmac, unsigned char *out); 455 455 + int pelican_test(void); 456 456 + 457 457 + int pelican_memory(const unsigned char *key, unsigned long keylen, 458 458 + const unsigned char *in, unsigned long inlen, 459 459 + unsigned char *out); 460 460 + 461 461 + #endif 462 462 + 463 463 + #ifdef LTC_XCBC 464 464 + 465 465 + /* add this to "keylen" to xcbc_init to use a pure three-key XCBC MAC */ 466 466 + #define LTC_XCBC_PURE 0x8000UL 467 467 + 468 468 + typedef struct { 469 469 + unsigned char K[3][MAXBLOCKSIZE], 470 470 + IV[MAXBLOCKSIZE]; 471 471 + 472 472 + symmetric_key key; 473 473 + 474 474 + int cipher, 475 475 + buflen, 476 476 + blocksize; 477 477 + } xcbc_state; 478 478 + 479 479 + int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen); 480 480 + int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen); 481 481 + int xcbc_done(xcbc_state *xcbc, unsigned char *out, unsigned long *outlen); 482 482 + int xcbc_memory(int cipher, 483 483 + const unsigned char *key, unsigned long keylen, 484 484 + const unsigned char *in, unsigned long inlen, 485 485 + unsigned char *out, unsigned long *outlen); 486 486 + int xcbc_memory_multi(int cipher, 487 487 + const unsigned char *key, unsigned long keylen, 488 488 + unsigned char *out, unsigned long *outlen, 489 489 + const unsigned char *in, unsigned long inlen, ...); 490 490 + int xcbc_file(int cipher, 491 491 + const unsigned char *key, unsigned long keylen, 492 492 + const char *filename, 493 493 + unsigned char *out, unsigned long *outlen); 494 494 + int xcbc_test(void); 495 495 + 496 496 + #endif 497 497 + 498 498 + #ifdef LTC_F9_MODE 499 499 + 500 500 + typedef struct { 501 501 + unsigned char akey[MAXBLOCKSIZE], 502 502 + ACC[MAXBLOCKSIZE], 503 503 + IV[MAXBLOCKSIZE]; 504 504 + 505 505 + symmetric_key key; 506 506 + 507 507 + int cipher, 508 508 + buflen, 509 509 + keylen, 510 510 + blocksize; 511 511 + } f9_state; 512 512 + 513 513 + int f9_init(f9_state *f9, int cipher, const unsigned char *key, unsigned long keylen); 514 514 + int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen); 515 515 + int f9_done(f9_state *f9, unsigned char *out, unsigned long *outlen); 516 516 + int f9_memory(int cipher, 517 517 + const unsigned char *key, unsigned long keylen, 518 518 + const unsigned char *in, unsigned long inlen, 519 519 + unsigned char *out, unsigned long *outlen); 520 520 + int f9_memory_multi(int cipher, 521 521 + const unsigned char *key, unsigned long keylen, 522 522 + unsigned char *out, unsigned long *outlen, 523 523 + const unsigned char *in, unsigned long inlen, ...); 524 524 + int f9_file(int cipher, 525 525 + const unsigned char *key, unsigned long keylen, 526 526 + const char *filename, 527 527 + unsigned char *out, unsigned long *outlen); 528 528 + int f9_test(void); 529 529 + 530 530 + #endif 531 531 + 532 532 + #ifdef LTC_CHACHA20POLY1305_MODE 533 533 + 534 534 + typedef struct { 535 535 + poly1305_state poly; 536 536 + chacha_state chacha; 537 537 + ulong64 aadlen; 538 538 + ulong64 ctlen; 539 539 + int aadflg; 540 540 + } chacha20poly1305_state; 541 541 + 542 542 + #define CHACHA20POLY1305_ENCRYPT LTC_ENCRYPT 543 543 + #define CHACHA20POLY1305_DECRYPT LTC_DECRYPT 544 544 + 545 545 + int chacha20poly1305_init(chacha20poly1305_state *st, const unsigned char *key, unsigned long keylen); 546 546 + int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen); 547 547 + int chacha20poly1305_setiv_rfc7905(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 sequence_number); 548 548 + int chacha20poly1305_add_aad(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen); 549 549 + int chacha20poly1305_encrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); 550 550 + int chacha20poly1305_decrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); 551 551 + int chacha20poly1305_done(chacha20poly1305_state *st, unsigned char *tag, unsigned long *taglen); 552 552 + int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen, 553 553 + const unsigned char *iv, unsigned long ivlen, 554 554 + const unsigned char *aad, unsigned long aadlen, 555 555 + const unsigned char *in, unsigned long inlen, 556 556 + unsigned char *out, 557 557 + unsigned char *tag, unsigned long *taglen, 558 558 + int direction); 559 559 + int chacha20poly1305_test(void); 560 560 + 561 561 + #endif /* LTC_CHACHA20POLY1305_MODE */ 562 562 + 563 563 + /* ref: HEAD -> master, tag: v1.18.2 */ 564 564 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 565 565 + /* commit time: 2018-07-01 22:49:01 +0200 */

+446

utils/tomcrypt/src/headers/tomcrypt_macros.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /* ---- HELPER MACROS ---- */ 11 11 + #ifdef ENDIAN_NEUTRAL 12 12 + 13 13 + #define STORE32L(x, y) \ 14 14 + do { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ 15 15 + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) 16 16 + 17 17 + #define LOAD32L(x, y) \ 18 18 + do { x = ((ulong32)((y)[3] & 255)<<24) | \ 19 19 + ((ulong32)((y)[2] & 255)<<16) | \ 20 20 + ((ulong32)((y)[1] & 255)<<8) | \ 21 21 + ((ulong32)((y)[0] & 255)); } while(0) 22 22 + 23 23 + #define STORE64L(x, y) \ 24 24 + do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ 25 25 + (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ 26 26 + (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ 27 27 + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) 28 28 + 29 29 + #define LOAD64L(x, y) \ 30 30 + do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ 31 31 + (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ 32 32 + (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ 33 33 + (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) 34 34 + 35 35 + #define STORE32H(x, y) \ 36 36 + do { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ 37 37 + (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } while(0) 38 38 + 39 39 + #define LOAD32H(x, y) \ 40 40 + do { x = ((ulong32)((y)[0] & 255)<<24) | \ 41 41 + ((ulong32)((y)[1] & 255)<<16) | \ 42 42 + ((ulong32)((y)[2] & 255)<<8) | \ 43 43 + ((ulong32)((y)[3] & 255)); } while(0) 44 44 + 45 45 + #define STORE64H(x, y) \ 46 46 + do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ 47 47 + (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ 48 48 + (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ 49 49 + (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) 50 50 + 51 51 + #define LOAD64H(x, y) \ 52 52 + do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ 53 53 + (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ 54 54 + (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ 55 55 + (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } while(0) 56 56 + 57 57 + 58 58 + #elif defined(ENDIAN_LITTLE) 59 59 + 60 60 + #ifdef LTC_HAVE_BSWAP_BUILTIN 61 61 + 62 62 + #define STORE32H(x, y) \ 63 63 + do { ulong32 __t = __builtin_bswap32 ((x)); \ 64 64 + XMEMCPY ((y), &__t, 4); } while(0) 65 65 + 66 66 + #define LOAD32H(x, y) \ 67 67 + do { XMEMCPY (&(x), (y), 4); \ 68 68 + (x) = __builtin_bswap32 ((x)); } while(0) 69 69 + 70 70 + #elif !defined(LTC_NO_BSWAP) && (defined(INTEL_CC) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__) || defined(__x86_64__)))) 71 71 + 72 72 + #define STORE32H(x, y) \ 73 73 + asm __volatile__ ( \ 74 74 + "bswapl %0 \n\t" \ 75 75 + "movl %0,(%1)\n\t" \ 76 76 + "bswapl %0 \n\t" \ 77 77 + ::"r"(x), "r"(y)); 78 78 + 79 79 + #define LOAD32H(x, y) \ 80 80 + asm __volatile__ ( \ 81 81 + "movl (%1),%0\n\t" \ 82 82 + "bswapl %0\n\t" \ 83 83 + :"=r"(x): "r"(y)); 84 84 + 85 85 + #else 86 86 + 87 87 + #define STORE32H(x, y) \ 88 88 + do { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ 89 89 + (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } while(0) 90 90 + 91 91 + #define LOAD32H(x, y) \ 92 92 + do { x = ((ulong32)((y)[0] & 255)<<24) | \ 93 93 + ((ulong32)((y)[1] & 255)<<16) | \ 94 94 + ((ulong32)((y)[2] & 255)<<8) | \ 95 95 + ((ulong32)((y)[3] & 255)); } while(0) 96 96 + 97 97 + #endif 98 98 + 99 99 + #ifdef LTC_HAVE_BSWAP_BUILTIN 100 100 + 101 101 + #define STORE64H(x, y) \ 102 102 + do { ulong64 __t = __builtin_bswap64 ((x)); \ 103 103 + XMEMCPY ((y), &__t, 8); } while(0) 104 104 + 105 105 + #define LOAD64H(x, y) \ 106 106 + do { XMEMCPY (&(x), (y), 8); \ 107 107 + (x) = __builtin_bswap64 ((x)); } while(0) 108 108 + 109 109 + /* x86_64 processor */ 110 110 + #elif !defined(LTC_NO_BSWAP) && (defined(__GNUC__) && defined(__x86_64__)) 111 111 + 112 112 + #define STORE64H(x, y) \ 113 113 + asm __volatile__ ( \ 114 114 + "bswapq %0 \n\t" \ 115 115 + "movq %0,(%1)\n\t" \ 116 116 + "bswapq %0 \n\t" \ 117 117 + ::"r"(x), "r"(y): "memory"); 118 118 + 119 119 + #define LOAD64H(x, y) \ 120 120 + asm __volatile__ ( \ 121 121 + "movq (%1),%0\n\t" \ 122 122 + "bswapq %0\n\t" \ 123 123 + :"=r"(x): "r"(y): "memory"); 124 124 + 125 125 + #else 126 126 + 127 127 + #define STORE64H(x, y) \ 128 128 + do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ 129 129 + (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ 130 130 + (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ 131 131 + (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) 132 132 + 133 133 + #define LOAD64H(x, y) \ 134 134 + do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ 135 135 + (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ 136 136 + (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ 137 137 + (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } while(0) 138 138 + 139 139 + #endif 140 140 + 141 141 + #ifdef ENDIAN_32BITWORD 142 142 + 143 143 + #define STORE32L(x, y) \ 144 144 + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) 145 145 + 146 146 + #define LOAD32L(x, y) \ 147 147 + do { XMEMCPY(&(x), y, 4); } while(0) 148 148 + 149 149 + #define STORE64L(x, y) \ 150 150 + do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ 151 151 + (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ 152 152 + (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ 153 153 + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) 154 154 + 155 155 + #define LOAD64L(x, y) \ 156 156 + do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ 157 157 + (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ 158 158 + (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ 159 159 + (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) 160 160 + 161 161 + #else /* 64-bit words then */ 162 162 + 163 163 + #define STORE32L(x, y) \ 164 164 + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) 165 165 + 166 166 + #define LOAD32L(x, y) \ 167 167 + do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0) 168 168 + 169 169 + #define STORE64L(x, y) \ 170 170 + do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0) 171 171 + 172 172 + #define LOAD64L(x, y) \ 173 173 + do { XMEMCPY(&(x), y, 8); } while(0) 174 174 + 175 175 + #endif /* ENDIAN_64BITWORD */ 176 176 + 177 177 + #elif defined(ENDIAN_BIG) 178 178 + 179 179 + #define STORE32L(x, y) \ 180 180 + do { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ 181 181 + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) 182 182 + 183 183 + #define LOAD32L(x, y) \ 184 184 + do { x = ((ulong32)((y)[3] & 255)<<24) | \ 185 185 + ((ulong32)((y)[2] & 255)<<16) | \ 186 186 + ((ulong32)((y)[1] & 255)<<8) | \ 187 187 + ((ulong32)((y)[0] & 255)); } while(0) 188 188 + 189 189 + #define STORE64L(x, y) \ 190 190 + do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ 191 191 + (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ 192 192 + (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ 193 193 + (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) 194 194 + 195 195 + #define LOAD64L(x, y) \ 196 196 + do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \ 197 197 + (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32) | \ 198 198 + (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16) | \ 199 199 + (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) 200 200 + 201 201 + #ifdef ENDIAN_32BITWORD 202 202 + 203 203 + #define STORE32H(x, y) \ 204 204 + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) 205 205 + 206 206 + #define LOAD32H(x, y) \ 207 207 + do { XMEMCPY(&(x), y, 4); } while(0) 208 208 + 209 209 + #define STORE64H(x, y) \ 210 210 + do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ 211 211 + (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ 212 212 + (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ 213 213 + (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) 214 214 + 215 215 + #define LOAD64H(x, y) \ 216 216 + do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \ 217 217 + (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32)| \ 218 218 + (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16)| \ 219 219 + (((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); } while(0) 220 220 + 221 221 + #else /* 64-bit words then */ 222 222 + 223 223 + #define STORE32H(x, y) \ 224 224 + do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) 225 225 + 226 226 + #define LOAD32H(x, y) \ 227 227 + do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0) 228 228 + 229 229 + #define STORE64H(x, y) \ 230 230 + do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0) 231 231 + 232 232 + #define LOAD64H(x, y) \ 233 233 + do { XMEMCPY(&(x), y, 8); } while(0) 234 234 + 235 235 + #endif /* ENDIAN_64BITWORD */ 236 236 + #endif /* ENDIAN_BIG */ 237 237 + 238 238 + #define BSWAP(x) ( ((x>>24)&0x000000FFUL) | ((x<<24)&0xFF000000UL) | \ 239 239 + ((x>>8)&0x0000FF00UL) | ((x<<8)&0x00FF0000UL) ) 240 240 + 241 241 + 242 242 + /* 32-bit Rotates */ 243 243 + #if defined(_MSC_VER) 244 244 + #define LTC_ROx_ASM 245 245 + 246 246 + /* instrinsic rotate */ 247 247 + #include <stdlib.h> 248 248 + #pragma intrinsic(_lrotr,_lrotl) 249 249 + #define ROR(x,n) _lrotr(x,n) 250 250 + #define ROL(x,n) _lrotl(x,n) 251 251 + #define RORc(x,n) _lrotr(x,n) 252 252 + #define ROLc(x,n) _lrotl(x,n) 253 253 + 254 254 + #elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM) 255 255 + #define LTC_ROx_ASM 256 256 + 257 257 + static inline ulong32 ROL(ulong32 word, int i) 258 258 + { 259 259 + asm ("roll %%cl,%0" 260 260 + :"=r" (word) 261 261 + :"0" (word),"c" (i)); 262 262 + return word; 263 263 + } 264 264 + 265 265 + static inline ulong32 ROR(ulong32 word, int i) 266 266 + { 267 267 + asm ("rorl %%cl,%0" 268 268 + :"=r" (word) 269 269 + :"0" (word),"c" (i)); 270 270 + return word; 271 271 + } 272 272 + 273 273 + #ifndef LTC_NO_ROLC 274 274 + 275 275 + #define ROLc(word,i) ({ \ 276 276 + ulong32 __ROLc_tmp = (word); \ 277 277 + __asm__ ("roll %2, %0" : \ 278 278 + "=r" (__ROLc_tmp) : \ 279 279 + "0" (__ROLc_tmp), \ 280 280 + "I" (i)); \ 281 281 + __ROLc_tmp; \ 282 282 + }) 283 283 + #define RORc(word,i) ({ \ 284 284 + ulong32 __RORc_tmp = (word); \ 285 285 + __asm__ ("rorl %2, %0" : \ 286 286 + "=r" (__RORc_tmp) : \ 287 287 + "0" (__RORc_tmp), \ 288 288 + "I" (i)); \ 289 289 + __RORc_tmp; \ 290 290 + }) 291 291 + 292 292 + #else 293 293 + 294 294 + #define ROLc ROL 295 295 + #define RORc ROR 296 296 + 297 297 + #endif 298 298 + 299 299 + #elif !defined(__STRICT_ANSI__) && defined(LTC_PPC32) 300 300 + #define LTC_ROx_ASM 301 301 + 302 302 + static inline ulong32 ROL(ulong32 word, int i) 303 303 + { 304 304 + asm ("rotlw %0,%0,%2" 305 305 + :"=r" (word) 306 306 + :"0" (word),"r" (i)); 307 307 + return word; 308 308 + } 309 309 + 310 310 + static inline ulong32 ROR(ulong32 word, int i) 311 311 + { 312 312 + asm ("rotlw %0,%0,%2" 313 313 + :"=r" (word) 314 314 + :"0" (word),"r" (32-i)); 315 315 + return word; 316 316 + } 317 317 + 318 318 + #ifndef LTC_NO_ROLC 319 319 + 320 320 + static inline ulong32 ROLc(ulong32 word, const int i) 321 321 + { 322 322 + asm ("rotlwi %0,%0,%2" 323 323 + :"=r" (word) 324 324 + :"0" (word),"I" (i)); 325 325 + return word; 326 326 + } 327 327 + 328 328 + static inline ulong32 RORc(ulong32 word, const int i) 329 329 + { 330 330 + asm ("rotrwi %0,%0,%2" 331 331 + :"=r" (word) 332 332 + :"0" (word),"I" (i)); 333 333 + return word; 334 334 + } 335 335 + 336 336 + #else 337 337 + 338 338 + #define ROLc ROL 339 339 + #define RORc ROR 340 340 + 341 341 + #endif 342 342 + 343 343 + 344 344 + #else 345 345 + 346 346 + /* rotates the hard way */ 347 347 + #define ROL(x, y) ( (((ulong32)(x)<<(ulong32)((y)&31)) | (((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) 348 348 + #define ROR(x, y) ( ((((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((y)&31)) | ((ulong32)(x)<<(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) 349 349 + #define ROLc(x, y) ( (((ulong32)(x)<<(ulong32)((y)&31)) | (((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) 350 350 + #define RORc(x, y) ( ((((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((y)&31)) | ((ulong32)(x)<<(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) 351 351 + 352 352 + #endif 353 353 + 354 354 + 355 355 + /* 64-bit Rotates */ 356 356 + #if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(_WIN64) && !defined(LTC_NO_ASM) 357 357 + 358 358 + static inline ulong64 ROL64(ulong64 word, int i) 359 359 + { 360 360 + asm("rolq %%cl,%0" 361 361 + :"=r" (word) 362 362 + :"0" (word),"c" (i)); 363 363 + return word; 364 364 + } 365 365 + 366 366 + static inline ulong64 ROR64(ulong64 word, int i) 367 367 + { 368 368 + asm("rorq %%cl,%0" 369 369 + :"=r" (word) 370 370 + :"0" (word),"c" (i)); 371 371 + return word; 372 372 + } 373 373 + 374 374 + #ifndef LTC_NO_ROLC 375 375 + 376 376 + #define ROL64c(word,i) ({ \ 377 377 + ulong64 __ROL64c_tmp = word; \ 378 378 + __asm__ ("rolq %2, %0" : \ 379 379 + "=r" (__ROL64c_tmp) : \ 380 380 + "0" (__ROL64c_tmp), \ 381 381 + "J" (i)); \ 382 382 + __ROL64c_tmp; \ 383 383 + }) 384 384 + #define ROR64c(word,i) ({ \ 385 385 + ulong64 __ROR64c_tmp = word; \ 386 386 + __asm__ ("rorq %2, %0" : \ 387 387 + "=r" (__ROR64c_tmp) : \ 388 388 + "0" (__ROR64c_tmp), \ 389 389 + "J" (i)); \ 390 390 + __ROR64c_tmp; \ 391 391 + }) 392 392 + 393 393 + #else /* LTC_NO_ROLC */ 394 394 + 395 395 + #define ROL64c ROL64 396 396 + #define ROR64c ROR64 397 397 + 398 398 + #endif 399 399 + 400 400 + #else /* Not x86_64 */ 401 401 + 402 402 + #define ROL64(x, y) \ 403 403 + ( (((x)<<((ulong64)(y)&63)) | \ 404 404 + (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) 405 405 + 406 406 + #define ROR64(x, y) \ 407 407 + ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ 408 408 + ((x)<<(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) 409 409 + 410 410 + #define ROL64c(x, y) \ 411 411 + ( (((x)<<((ulong64)(y)&63)) | \ 412 412 + (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) 413 413 + 414 414 + #define ROR64c(x, y) \ 415 415 + ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ 416 416 + ((x)<<(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) 417 417 + 418 418 + #endif 419 419 + 420 420 + #ifndef MAX 421 421 + #define MAX(x, y) ( ((x)>(y))?(x):(y) ) 422 422 + #endif 423 423 + 424 424 + #ifndef MIN 425 425 + #define MIN(x, y) ( ((x)<(y))?(x):(y) ) 426 426 + #endif 427 427 + 428 428 + #ifndef LTC_UNUSED_PARAM 429 429 + #define LTC_UNUSED_PARAM(x) (void)(x) 430 430 + #endif 431 431 + 432 432 + /* extract a byte portably */ 433 433 + #ifdef _MSC_VER 434 434 + #define byte(x, n) ((unsigned char)((x) >> (8 * (n)))) 435 435 + #else 436 436 + #define byte(x, n) (((x) >> (8 * (n))) & 255) 437 437 + #endif 438 438 + 439 439 + /* there is no snprintf before Visual C++ 2015 */ 440 440 + #if defined(_MSC_VER) && _MSC_VER < 1900 441 441 + #define snprintf _snprintf 442 442 + #endif 443 443 + 444 444 + /* ref: HEAD -> master, tag: v1.18.2 */ 445 445 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 446 446 + /* commit time: 2018-07-01 22:49:01 +0200 */

+583

utils/tomcrypt/src/headers/tomcrypt_math.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /** math functions **/ 11 11 + 12 12 + #define LTC_MP_LT -1 13 13 + #define LTC_MP_EQ 0 14 14 + #define LTC_MP_GT 1 15 15 + 16 16 + #define LTC_MP_NO 0 17 17 + #define LTC_MP_YES 1 18 18 + 19 19 + #ifndef LTC_MECC 20 20 + typedef void ecc_point; 21 21 + #endif 22 22 + 23 23 + #ifndef LTC_MRSA 24 24 + typedef void rsa_key; 25 25 + #endif 26 26 + 27 27 + #ifndef LTC_MILLER_RABIN_REPS 28 28 + /* Number of rounds of the Miller-Rabin test 29 29 + * "Reasonable values of reps are between 15 and 50." c.f. gmp doc of mpz_probab_prime_p() 30 30 + * As of https://security.stackexchange.com/a/4546 we should use 40 rounds */ 31 31 + #define LTC_MILLER_RABIN_REPS 40 32 32 + #endif 33 33 + 34 34 + int radix_to_bin(const void *in, int radix, void *out, unsigned long *len); 35 35 + 36 36 + /** math descriptor */ 37 37 + typedef struct { 38 38 + /** Name of the math provider */ 39 39 + const char *name; 40 40 + 41 41 + /** Bits per digit, amount of bits must fit in an unsigned long */ 42 42 + int bits_per_digit; 43 43 + 44 44 + /* ---- init/deinit functions ---- */ 45 45 + 46 46 + /** initialize a bignum 47 47 + @param a The number to initialize 48 48 + @return CRYPT_OK on success 49 49 + */ 50 50 + int (*init)(void **a); 51 51 + 52 52 + /** init copy 53 53 + @param dst The number to initialize and write to 54 54 + @param src The number to copy from 55 55 + @return CRYPT_OK on success 56 56 + */ 57 57 + int (*init_copy)(void **dst, void *src); 58 58 + 59 59 + /** deinit 60 60 + @param a The number to free 61 61 + @return CRYPT_OK on success 62 62 + */ 63 63 + void (*deinit)(void *a); 64 64 + 65 65 + /* ---- data movement ---- */ 66 66 + 67 67 + /** negate 68 68 + @param src The number to negate 69 69 + @param dst The destination 70 70 + @return CRYPT_OK on success 71 71 + */ 72 72 + int (*neg)(void *src, void *dst); 73 73 + 74 74 + /** copy 75 75 + @param src The number to copy from 76 76 + @param dst The number to write to 77 77 + @return CRYPT_OK on success 78 78 + */ 79 79 + int (*copy)(void *src, void *dst); 80 80 + 81 81 + /* ---- trivial low level functions ---- */ 82 82 + 83 83 + /** set small constant 84 84 + @param a Number to write to 85 85 + @param n Source upto bits_per_digit (actually meant for very small constants) 86 86 + @return CRYPT_OK on success 87 87 + */ 88 88 + int (*set_int)(void *a, ltc_mp_digit n); 89 89 + 90 90 + /** get small constant 91 91 + @param a Small number to read, 92 92 + only fetches up to bits_per_digit from the number 93 93 + @return The lower bits_per_digit of the integer (unsigned) 94 94 + */ 95 95 + unsigned long (*get_int)(void *a); 96 96 + 97 97 + /** get digit n 98 98 + @param a The number to read from 99 99 + @param n The number of the digit to fetch 100 100 + @return The bits_per_digit sized n'th digit of a 101 101 + */ 102 102 + ltc_mp_digit (*get_digit)(void *a, int n); 103 103 + 104 104 + /** Get the number of digits that represent the number 105 105 + @param a The number to count 106 106 + @return The number of digits used to represent the number 107 107 + */ 108 108 + int (*get_digit_count)(void *a); 109 109 + 110 110 + /** compare two integers 111 111 + @param a The left side integer 112 112 + @param b The right side integer 113 113 + @return LTC_MP_LT if a < b, 114 114 + LTC_MP_GT if a > b and 115 115 + LTC_MP_EQ otherwise. (signed comparison) 116 116 + */ 117 117 + int (*compare)(void *a, void *b); 118 118 + 119 119 + /** compare against int 120 120 + @param a The left side integer 121 121 + @param b The right side integer (upto bits_per_digit) 122 122 + @return LTC_MP_LT if a < b, 123 123 + LTC_MP_GT if a > b and 124 124 + LTC_MP_EQ otherwise. (signed comparison) 125 125 + */ 126 126 + int (*compare_d)(void *a, ltc_mp_digit n); 127 127 + 128 128 + /** Count the number of bits used to represent the integer 129 129 + @param a The integer to count 130 130 + @return The number of bits required to represent the integer 131 131 + */ 132 132 + int (*count_bits)(void * a); 133 133 + 134 134 + /** Count the number of LSB bits which are zero 135 135 + @param a The integer to count 136 136 + @return The number of contiguous zero LSB bits 137 137 + */ 138 138 + int (*count_lsb_bits)(void *a); 139 139 + 140 140 + /** Compute a power of two 141 141 + @param a The integer to store the power in 142 142 + @param n The power of two you want to store (a = 2^n) 143 143 + @return CRYPT_OK on success 144 144 + */ 145 145 + int (*twoexpt)(void *a , int n); 146 146 + 147 147 + /* ---- radix conversions ---- */ 148 148 + 149 149 + /** read ascii string 150 150 + @param a The integer to store into 151 151 + @param str The string to read 152 152 + @param radix The radix the integer has been represented in (2-64) 153 153 + @return CRYPT_OK on success 154 154 + */ 155 155 + int (*read_radix)(void *a, const char *str, int radix); 156 156 + 157 157 + /** write number to string 158 158 + @param a The integer to store 159 159 + @param str The destination for the string 160 160 + @param radix The radix the integer is to be represented in (2-64) 161 161 + @return CRYPT_OK on success 162 162 + */ 163 163 + int (*write_radix)(void *a, char *str, int radix); 164 164 + 165 165 + /** get size as unsigned char string 166 166 + @param a The integer to get the size (when stored in array of octets) 167 167 + @return The length of the integer in octets 168 168 + */ 169 169 + unsigned long (*unsigned_size)(void *a); 170 170 + 171 171 + /** store an integer as an array of octets 172 172 + @param src The integer to store 173 173 + @param dst The buffer to store the integer in 174 174 + @return CRYPT_OK on success 175 175 + */ 176 176 + int (*unsigned_write)(void *src, unsigned char *dst); 177 177 + 178 178 + /** read an array of octets and store as integer 179 179 + @param dst The integer to load 180 180 + @param src The array of octets 181 181 + @param len The number of octets 182 182 + @return CRYPT_OK on success 183 183 + */ 184 184 + int (*unsigned_read)( void *dst, 185 185 + unsigned char *src, 186 186 + unsigned long len); 187 187 + 188 188 + /* ---- basic math ---- */ 189 189 + 190 190 + /** add two integers 191 191 + @param a The first source integer 192 192 + @param b The second source integer 193 193 + @param c The destination of "a + b" 194 194 + @return CRYPT_OK on success 195 195 + */ 196 196 + int (*add)(void *a, void *b, void *c); 197 197 + 198 198 + /** add two integers 199 199 + @param a The first source integer 200 200 + @param b The second source integer 201 201 + (single digit of upto bits_per_digit in length) 202 202 + @param c The destination of "a + b" 203 203 + @return CRYPT_OK on success 204 204 + */ 205 205 + int (*addi)(void *a, ltc_mp_digit b, void *c); 206 206 + 207 207 + /** subtract two integers 208 208 + @param a The first source integer 209 209 + @param b The second source integer 210 210 + @param c The destination of "a - b" 211 211 + @return CRYPT_OK on success 212 212 + */ 213 213 + int (*sub)(void *a, void *b, void *c); 214 214 + 215 215 + /** subtract two integers 216 216 + @param a The first source integer 217 217 + @param b The second source integer 218 218 + (single digit of upto bits_per_digit in length) 219 219 + @param c The destination of "a - b" 220 220 + @return CRYPT_OK on success 221 221 + */ 222 222 + int (*subi)(void *a, ltc_mp_digit b, void *c); 223 223 + 224 224 + /** multiply two integers 225 225 + @param a The first source integer 226 226 + @param b The second source integer 227 227 + (single digit of upto bits_per_digit in length) 228 228 + @param c The destination of "a * b" 229 229 + @return CRYPT_OK on success 230 230 + */ 231 231 + int (*mul)(void *a, void *b, void *c); 232 232 + 233 233 + /** multiply two integers 234 234 + @param a The first source integer 235 235 + @param b The second source integer 236 236 + (single digit of upto bits_per_digit in length) 237 237 + @param c The destination of "a * b" 238 238 + @return CRYPT_OK on success 239 239 + */ 240 240 + int (*muli)(void *a, ltc_mp_digit b, void *c); 241 241 + 242 242 + /** Square an integer 243 243 + @param a The integer to square 244 244 + @param b The destination 245 245 + @return CRYPT_OK on success 246 246 + */ 247 247 + int (*sqr)(void *a, void *b); 248 248 + 249 249 + /** Divide an integer 250 250 + @param a The dividend 251 251 + @param b The divisor 252 252 + @param c The quotient (can be NULL to signify don't care) 253 253 + @param d The remainder (can be NULL to signify don't care) 254 254 + @return CRYPT_OK on success 255 255 + */ 256 256 + int (*mpdiv)(void *a, void *b, void *c, void *d); 257 257 + 258 258 + /** divide by two 259 259 + @param a The integer to divide (shift right) 260 260 + @param b The destination 261 261 + @return CRYPT_OK on success 262 262 + */ 263 263 + int (*div_2)(void *a, void *b); 264 264 + 265 265 + /** Get remainder (small value) 266 266 + @param a The integer to reduce 267 267 + @param b The modulus (upto bits_per_digit in length) 268 268 + @param c The destination for the residue 269 269 + @return CRYPT_OK on success 270 270 + */ 271 271 + int (*modi)(void *a, ltc_mp_digit b, ltc_mp_digit *c); 272 272 + 273 273 + /** gcd 274 274 + @param a The first integer 275 275 + @param b The second integer 276 276 + @param c The destination for (a, b) 277 277 + @return CRYPT_OK on success 278 278 + */ 279 279 + int (*gcd)(void *a, void *b, void *c); 280 280 + 281 281 + /** lcm 282 282 + @param a The first integer 283 283 + @param b The second integer 284 284 + @param c The destination for [a, b] 285 285 + @return CRYPT_OK on success 286 286 + */ 287 287 + int (*lcm)(void *a, void *b, void *c); 288 288 + 289 289 + /** Modular multiplication 290 290 + @param a The first source 291 291 + @param b The second source 292 292 + @param c The modulus 293 293 + @param d The destination (a*b mod c) 294 294 + @return CRYPT_OK on success 295 295 + */ 296 296 + int (*mulmod)(void *a, void *b, void *c, void *d); 297 297 + 298 298 + /** Modular squaring 299 299 + @param a The first source 300 300 + @param b The modulus 301 301 + @param c The destination (a*a mod b) 302 302 + @return CRYPT_OK on success 303 303 + */ 304 304 + int (*sqrmod)(void *a, void *b, void *c); 305 305 + 306 306 + /** Modular inversion 307 307 + @param a The value to invert 308 308 + @param b The modulus 309 309 + @param c The destination (1/a mod b) 310 310 + @return CRYPT_OK on success 311 311 + */ 312 312 + int (*invmod)(void *, void *, void *); 313 313 + 314 314 + /* ---- reduction ---- */ 315 315 + 316 316 + /** setup Montgomery 317 317 + @param a The modulus 318 318 + @param b The destination for the reduction digit 319 319 + @return CRYPT_OK on success 320 320 + */ 321 321 + int (*montgomery_setup)(void *a, void **b); 322 322 + 323 323 + /** get normalization value 324 324 + @param a The destination for the normalization value 325 325 + @param b The modulus 326 326 + @return CRYPT_OK on success 327 327 + */ 328 328 + int (*montgomery_normalization)(void *a, void *b); 329 329 + 330 330 + /** reduce a number 331 331 + @param a The number [and dest] to reduce 332 332 + @param b The modulus 333 333 + @param c The value "b" from montgomery_setup() 334 334 + @return CRYPT_OK on success 335 335 + */ 336 336 + int (*montgomery_reduce)(void *a, void *b, void *c); 337 337 + 338 338 + /** clean up (frees memory) 339 339 + @param a The value "b" from montgomery_setup() 340 340 + @return CRYPT_OK on success 341 341 + */ 342 342 + void (*montgomery_deinit)(void *a); 343 343 + 344 344 + /* ---- exponentiation ---- */ 345 345 + 346 346 + /** Modular exponentiation 347 347 + @param a The base integer 348 348 + @param b The power (can be negative) integer 349 349 + @param c The modulus integer 350 350 + @param d The destination 351 351 + @return CRYPT_OK on success 352 352 + */ 353 353 + int (*exptmod)(void *a, void *b, void *c, void *d); 354 354 + 355 355 + /** Primality testing 356 356 + @param a The integer to test 357 357 + @param b The number of Miller-Rabin tests that shall be executed 358 358 + @param c The destination of the result (FP_YES if prime) 359 359 + @return CRYPT_OK on success 360 360 + */ 361 361 + int (*isprime)(void *a, int b, int *c); 362 362 + 363 363 + /* ---- (optional) ecc point math ---- */ 364 364 + 365 365 + /** ECC GF(p) point multiplication (from the NIST curves) 366 366 + @param k The integer to multiply the point by 367 367 + @param G The point to multiply 368 368 + @param R The destination for kG 369 369 + @param modulus The modulus for the field 370 370 + @param map Boolean indicated whether to map back to affine or not 371 371 + (can be ignored if you work in affine only) 372 372 + @return CRYPT_OK on success 373 373 + */ 374 374 + int (*ecc_ptmul)( void *k, 375 375 + ecc_point *G, 376 376 + ecc_point *R, 377 377 + void *modulus, 378 378 + int map); 379 379 + 380 380 + /** ECC GF(p) point addition 381 381 + @param P The first point 382 382 + @param Q The second point 383 383 + @param R The destination of P + Q 384 384 + @param modulus The modulus 385 385 + @param mp The "b" value from montgomery_setup() 386 386 + @return CRYPT_OK on success 387 387 + */ 388 388 + int (*ecc_ptadd)(ecc_point *P, 389 389 + ecc_point *Q, 390 390 + ecc_point *R, 391 391 + void *modulus, 392 392 + void *mp); 393 393 + 394 394 + /** ECC GF(p) point double 395 395 + @param P The first point 396 396 + @param R The destination of 2P 397 397 + @param modulus The modulus 398 398 + @param mp The "b" value from montgomery_setup() 399 399 + @return CRYPT_OK on success 400 400 + */ 401 401 + int (*ecc_ptdbl)(ecc_point *P, 402 402 + ecc_point *R, 403 403 + void *modulus, 404 404 + void *mp); 405 405 + 406 406 + /** ECC mapping from projective to affine, 407 407 + currently uses (x,y,z) => (x/z^2, y/z^3, 1) 408 408 + @param P The point to map 409 409 + @param modulus The modulus 410 410 + @param mp The "b" value from montgomery_setup() 411 411 + @return CRYPT_OK on success 412 412 + @remark The mapping can be different but keep in mind a 413 413 + ecc_point only has three integers (x,y,z) so if 414 414 + you use a different mapping you have to make it fit. 415 415 + */ 416 416 + int (*ecc_map)(ecc_point *P, void *modulus, void *mp); 417 417 + 418 418 + /** Computes kA*A + kB*B = C using Shamir's Trick 419 419 + @param A First point to multiply 420 420 + @param kA What to multiple A by 421 421 + @param B Second point to multiply 422 422 + @param kB What to multiple B by 423 423 + @param C [out] Destination point (can overlap with A or B) 424 424 + @param modulus Modulus for curve 425 425 + @return CRYPT_OK on success 426 426 + */ 427 427 + int (*ecc_mul2add)(ecc_point *A, void *kA, 428 428 + ecc_point *B, void *kB, 429 429 + ecc_point *C, 430 430 + void *modulus); 431 431 + 432 432 + /* ---- (optional) rsa optimized math (for internal CRT) ---- */ 433 433 + 434 434 + /** RSA Key Generation 435 435 + @param prng An active PRNG state 436 436 + @param wprng The index of the PRNG desired 437 437 + @param size The size of the key in octets 438 438 + @param e The "e" value (public key). 439 439 + e==65537 is a good choice 440 440 + @param key [out] Destination of a newly created private key pair 441 441 + @return CRYPT_OK if successful, upon error all allocated ram is freed 442 442 + */ 443 443 + int (*rsa_keygen)(prng_state *prng, 444 444 + int wprng, 445 445 + int size, 446 446 + long e, 447 447 + rsa_key *key); 448 448 + 449 449 + /** RSA exponentiation 450 450 + @param in The octet array representing the base 451 451 + @param inlen The length of the input 452 452 + @param out The destination (to be stored in an octet array format) 453 453 + @param outlen The length of the output buffer and the resulting size 454 454 + (zero padded to the size of the modulus) 455 455 + @param which PK_PUBLIC for public RSA and PK_PRIVATE for private RSA 456 456 + @param key The RSA key to use 457 457 + @return CRYPT_OK on success 458 458 + */ 459 459 + int (*rsa_me)(const unsigned char *in, unsigned long inlen, 460 460 + unsigned char *out, unsigned long *outlen, int which, 461 461 + rsa_key *key); 462 462 + 463 463 + /* ---- basic math continued ---- */ 464 464 + 465 465 + /** Modular addition 466 466 + @param a The first source 467 467 + @param b The second source 468 468 + @param c The modulus 469 469 + @param d The destination (a + b mod c) 470 470 + @return CRYPT_OK on success 471 471 + */ 472 472 + int (*addmod)(void *a, void *b, void *c, void *d); 473 473 + 474 474 + /** Modular substraction 475 475 + @param a The first source 476 476 + @param b The second source 477 477 + @param c The modulus 478 478 + @param d The destination (a - b mod c) 479 479 + @return CRYPT_OK on success 480 480 + */ 481 481 + int (*submod)(void *a, void *b, void *c, void *d); 482 482 + 483 483 + /* ---- misc stuff ---- */ 484 484 + 485 485 + /** Make a pseudo-random mpi 486 486 + @param a The mpi to make random 487 487 + @param size The desired length 488 488 + @return CRYPT_OK on success 489 489 + */ 490 490 + int (*rand)(void *a, int size); 491 491 + } ltc_math_descriptor; 492 492 + 493 493 + extern ltc_math_descriptor ltc_mp; 494 494 + 495 495 + int ltc_init_multi(void **a, ...); 496 496 + void ltc_deinit_multi(void *a, ...); 497 497 + void ltc_cleanup_multi(void **a, ...); 498 498 + 499 499 + #ifdef LTM_DESC 500 500 + extern const ltc_math_descriptor ltm_desc; 501 501 + #endif 502 502 + 503 503 + #ifdef TFM_DESC 504 504 + extern const ltc_math_descriptor tfm_desc; 505 505 + #endif 506 506 + 507 507 + #ifdef GMP_DESC 508 508 + extern const ltc_math_descriptor gmp_desc; 509 509 + #endif 510 510 + 511 511 + #if !defined(DESC_DEF_ONLY) && defined(LTC_SOURCE) 512 512 + 513 513 + #define MP_DIGIT_BIT ltc_mp.bits_per_digit 514 514 + 515 515 + /* some handy macros */ 516 516 + #define mp_init(a) ltc_mp.init(a) 517 517 + #define mp_init_multi ltc_init_multi 518 518 + #define mp_clear(a) ltc_mp.deinit(a) 519 519 + #define mp_clear_multi ltc_deinit_multi 520 520 + #define mp_cleanup_multi ltc_cleanup_multi 521 521 + #define mp_init_copy(a, b) ltc_mp.init_copy(a, b) 522 522 + 523 523 + #define mp_neg(a, b) ltc_mp.neg(a, b) 524 524 + #define mp_copy(a, b) ltc_mp.copy(a, b) 525 525 + 526 526 + #define mp_set(a, b) ltc_mp.set_int(a, b) 527 527 + #define mp_set_int(a, b) ltc_mp.set_int(a, b) 528 528 + #define mp_get_int(a) ltc_mp.get_int(a) 529 529 + #define mp_get_digit(a, n) ltc_mp.get_digit(a, n) 530 530 + #define mp_get_digit_count(a) ltc_mp.get_digit_count(a) 531 531 + #define mp_cmp(a, b) ltc_mp.compare(a, b) 532 532 + #define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) 533 533 + #define mp_count_bits(a) ltc_mp.count_bits(a) 534 534 + #define mp_cnt_lsb(a) ltc_mp.count_lsb_bits(a) 535 535 + #define mp_2expt(a, b) ltc_mp.twoexpt(a, b) 536 536 + 537 537 + #define mp_read_radix(a, b, c) ltc_mp.read_radix(a, b, c) 538 538 + #define mp_toradix(a, b, c) ltc_mp.write_radix(a, b, c) 539 539 + #define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a) 540 540 + #define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b) 541 541 + #define mp_read_unsigned_bin(a, b, c) ltc_mp.unsigned_read(a, b, c) 542 542 + 543 543 + #define mp_add(a, b, c) ltc_mp.add(a, b, c) 544 544 + #define mp_add_d(a, b, c) ltc_mp.addi(a, b, c) 545 545 + #define mp_sub(a, b, c) ltc_mp.sub(a, b, c) 546 546 + #define mp_sub_d(a, b, c) ltc_mp.subi(a, b, c) 547 547 + #define mp_mul(a, b, c) ltc_mp.mul(a, b, c) 548 548 + #define mp_mul_d(a, b, c) ltc_mp.muli(a, b, c) 549 549 + #define mp_sqr(a, b) ltc_mp.sqr(a, b) 550 550 + #define mp_div(a, b, c, d) ltc_mp.mpdiv(a, b, c, d) 551 551 + #define mp_div_2(a, b) ltc_mp.div_2(a, b) 552 552 + #define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c) 553 553 + #define mp_mod_d(a, b, c) ltc_mp.modi(a, b, c) 554 554 + #define mp_gcd(a, b, c) ltc_mp.gcd(a, b, c) 555 555 + #define mp_lcm(a, b, c) ltc_mp.lcm(a, b, c) 556 556 + 557 557 + #define mp_addmod(a, b, c, d) ltc_mp.addmod(a, b, c, d) 558 558 + #define mp_submod(a, b, c, d) ltc_mp.submod(a, b, c, d) 559 559 + #define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) 560 560 + #define mp_sqrmod(a, b, c) ltc_mp.sqrmod(a, b, c) 561 561 + #define mp_invmod(a, b, c) ltc_mp.invmod(a, b, c) 562 562 + 563 563 + #define mp_montgomery_setup(a, b) ltc_mp.montgomery_setup(a, b) 564 564 + #define mp_montgomery_normalization(a, b) ltc_mp.montgomery_normalization(a, b) 565 565 + #define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) 566 566 + #define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a) 567 567 + 568 568 + #define mp_exptmod(a,b,c,d) ltc_mp.exptmod(a,b,c,d) 569 569 + #define mp_prime_is_prime(a, b, c) ltc_mp.isprime(a, b, c) 570 570 + 571 571 + #define mp_iszero(a) (mp_cmp_d(a, 0) == LTC_MP_EQ ? LTC_MP_YES : LTC_MP_NO) 572 572 + #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) 573 573 + #define mp_exch(a, b) do { void *ABC__tmp = a; a = b; b = ABC__tmp; } while(0) 574 574 + 575 575 + #define mp_tohex(a, b) mp_toradix(a, b, 16) 576 576 + 577 577 + #define mp_rand(a, b) ltc_mp.rand(a, b) 578 578 + 579 579 + #endif 580 580 + 581 581 + /* ref: HEAD -> master, tag: v1.18.2 */ 582 582 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 583 583 + /* commit time: 2018-07-01 22:49:01 +0200 */

+113

utils/tomcrypt/src/headers/tomcrypt_misc.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /* ---- LTC_BASE64 Routines ---- */ 11 11 + #ifdef LTC_BASE64 12 12 + int base64_encode(const unsigned char *in, unsigned long len, 13 13 + unsigned char *out, unsigned long *outlen); 14 14 + 15 15 + int base64_decode(const unsigned char *in, unsigned long len, 16 16 + unsigned char *out, unsigned long *outlen); 17 17 + int base64_strict_decode(const unsigned char *in, unsigned long len, 18 18 + unsigned char *out, unsigned long *outlen); 19 19 + #endif 20 20 + 21 21 + #ifdef LTC_BASE64_URL 22 22 + int base64url_encode(const unsigned char *in, unsigned long len, 23 23 + unsigned char *out, unsigned long *outlen); 24 24 + int base64url_strict_encode(const unsigned char *in, unsigned long inlen, 25 25 + unsigned char *out, unsigned long *outlen); 26 26 + 27 27 + int base64url_decode(const unsigned char *in, unsigned long len, 28 28 + unsigned char *out, unsigned long *outlen); 29 29 + int base64url_strict_decode(const unsigned char *in, unsigned long len, 30 30 + unsigned char *out, unsigned long *outlen); 31 31 + #endif 32 32 + 33 33 + /* ===> LTC_HKDF -- RFC5869 HMAC-based Key Derivation Function <=== */ 34 34 + #ifdef LTC_HKDF 35 35 + 36 36 + int hkdf_test(void); 37 37 + 38 38 + int hkdf_extract(int hash_idx, 39 39 + const unsigned char *salt, unsigned long saltlen, 40 40 + const unsigned char *in, unsigned long inlen, 41 41 + unsigned char *out, unsigned long *outlen); 42 42 + 43 43 + int hkdf_expand(int hash_idx, 44 44 + const unsigned char *info, unsigned long infolen, 45 45 + const unsigned char *in, unsigned long inlen, 46 46 + unsigned char *out, unsigned long outlen); 47 47 + 48 48 + int hkdf(int hash_idx, 49 49 + const unsigned char *salt, unsigned long saltlen, 50 50 + const unsigned char *info, unsigned long infolen, 51 51 + const unsigned char *in, unsigned long inlen, 52 52 + unsigned char *out, unsigned long outlen); 53 53 + 54 54 + #endif /* LTC_HKDF */ 55 55 + 56 56 + /* ---- MEM routines ---- */ 57 57 + int mem_neq(const void *a, const void *b, size_t len); 58 58 + void zeromem(volatile void *dst, size_t len); 59 59 + void burn_stack(unsigned long len); 60 60 + 61 61 + const char *error_to_string(int err); 62 62 + 63 63 + extern const char *crypt_build_settings; 64 64 + 65 65 + /* ---- HMM ---- */ 66 66 + int crypt_fsa(void *mp, ...); 67 67 + 68 68 + /* ---- Dynamic language support ---- */ 69 69 + int crypt_get_constant(const char* namein, int *valueout); 70 70 + int crypt_list_all_constants(char *names_list, unsigned int *names_list_size); 71 71 + 72 72 + int crypt_get_size(const char* namein, unsigned int *sizeout); 73 73 + int crypt_list_all_sizes(char *names_list, unsigned int *names_list_size); 74 74 + 75 75 + #ifdef LTM_DESC 76 76 + void init_LTM(void); 77 77 + #endif 78 78 + #ifdef TFM_DESC 79 79 + void init_TFM(void); 80 80 + #endif 81 81 + #ifdef GMP_DESC 82 82 + void init_GMP(void); 83 83 + #endif 84 84 + 85 85 + #ifdef LTC_ADLER32 86 86 + typedef struct adler32_state_s 87 87 + { 88 88 + unsigned short s[2]; 89 89 + } adler32_state; 90 90 + 91 91 + void adler32_init(adler32_state *ctx); 92 92 + void adler32_update(adler32_state *ctx, const unsigned char *input, unsigned long length); 93 93 + void adler32_finish(adler32_state *ctx, void *hash, unsigned long size); 94 94 + int adler32_test(void); 95 95 + #endif 96 96 + 97 97 + #ifdef LTC_CRC32 98 98 + typedef struct crc32_state_s 99 99 + { 100 100 + ulong32 crc; 101 101 + } crc32_state; 102 102 + 103 103 + void crc32_init(crc32_state *ctx); 104 104 + void crc32_update(crc32_state *ctx, const unsigned char *input, unsigned long length); 105 105 + void crc32_finish(crc32_state *ctx, void *hash, unsigned long size); 106 106 + int crc32_test(void); 107 107 + #endif 108 108 + 109 109 + int compare_testvector(const void* is, const unsigned long is_len, const void* should, const unsigned long should_len, const char* what, int which); 110 110 + 111 111 + /* ref: HEAD -> master, tag: v1.18.2 */ 112 112 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 113 113 + /* commit time: 2018-07-01 22:49:01 +0200 */

+747

utils/tomcrypt/src/headers/tomcrypt_pk.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /* ---- NUMBER THEORY ---- */ 11 11 + 12 12 + enum { 13 13 + PK_PUBLIC=0, 14 14 + PK_PRIVATE=1 15 15 + }; 16 16 + 17 17 + /* Indicates standard output formats that can be read e.g. by OpenSSL or GnuTLS */ 18 18 + #define PK_STD 0x1000 19 19 + 20 20 + int rand_prime(void *N, long len, prng_state *prng, int wprng); 21 21 + 22 22 + #ifdef LTC_SOURCE 23 23 + /* internal helper functions */ 24 24 + int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); 25 25 + int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng); 26 26 + 27 27 + enum public_key_algorithms { 28 28 + PKA_RSA, 29 29 + PKA_DSA 30 30 + }; 31 31 + 32 32 + typedef struct Oid { 33 33 + unsigned long OID[16]; 34 34 + /** Number of OID digits in use */ 35 35 + unsigned long OIDlen; 36 36 + } oid_st; 37 37 + 38 38 + int pk_get_oid(int pk, oid_st *st); 39 39 + #endif /* LTC_SOURCE */ 40 40 + 41 41 + /* ---- RSA ---- */ 42 42 + #ifdef LTC_MRSA 43 43 + 44 44 + /** RSA PKCS style key */ 45 45 + typedef struct Rsa_key { 46 46 + /** Type of key, PK_PRIVATE or PK_PUBLIC */ 47 47 + int type; 48 48 + /** The public exponent */ 49 49 + void *e; 50 50 + /** The private exponent */ 51 51 + void *d; 52 52 + /** The modulus */ 53 53 + void *N; 54 54 + /** The p factor of N */ 55 55 + void *p; 56 56 + /** The q factor of N */ 57 57 + void *q; 58 58 + /** The 1/q mod p CRT param */ 59 59 + void *qP; 60 60 + /** The d mod (p - 1) CRT param */ 61 61 + void *dP; 62 62 + /** The d mod (q - 1) CRT param */ 63 63 + void *dQ; 64 64 + } rsa_key; 65 65 + 66 66 + int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key); 67 67 + 68 68 + int rsa_get_size(rsa_key *key); 69 69 + 70 70 + int rsa_exptmod(const unsigned char *in, unsigned long inlen, 71 71 + unsigned char *out, unsigned long *outlen, int which, 72 72 + rsa_key *key); 73 73 + 74 74 + void rsa_free(rsa_key *key); 75 75 + 76 76 + /* These use PKCS #1 v2.0 padding */ 77 77 + #define rsa_encrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, _key) \ 78 78 + rsa_encrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, LTC_PKCS_1_OAEP, _key) 79 79 + 80 80 + #define rsa_decrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, _stat, _key) \ 81 81 + rsa_decrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, LTC_PKCS_1_OAEP, _stat, _key) 82 82 + 83 83 + #define rsa_sign_hash(_in, _inlen, _out, _outlen, _prng, _prng_idx, _hash_idx, _saltlen, _key) \ 84 84 + rsa_sign_hash_ex(_in, _inlen, _out, _outlen, LTC_PKCS_1_PSS, _prng, _prng_idx, _hash_idx, _saltlen, _key) 85 85 + 86 86 + #define rsa_verify_hash(_sig, _siglen, _hash, _hashlen, _hash_idx, _saltlen, _stat, _key) \ 87 87 + rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_PKCS_1_PSS, _hash_idx, _saltlen, _stat, _key) 88 88 + 89 89 + #define rsa_sign_saltlen_get_max(_hash_idx, _key) \ 90 90 + rsa_sign_saltlen_get_max_ex(LTC_PKCS_1_PSS, _hash_idx, _key) 91 91 + 92 92 + /* These can be switched between PKCS #1 v2.x and PKCS #1 v1.5 paddings */ 93 93 + int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, 94 94 + unsigned char *out, unsigned long *outlen, 95 95 + const unsigned char *lparam, unsigned long lparamlen, 96 96 + prng_state *prng, int prng_idx, int hash_idx, int padding, rsa_key *key); 97 97 + 98 98 + int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, 99 99 + unsigned char *out, unsigned long *outlen, 100 100 + const unsigned char *lparam, unsigned long lparamlen, 101 101 + int hash_idx, int padding, 102 102 + int *stat, rsa_key *key); 103 103 + 104 104 + int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, 105 105 + unsigned char *out, unsigned long *outlen, 106 106 + int padding, 107 107 + prng_state *prng, int prng_idx, 108 108 + int hash_idx, unsigned long saltlen, 109 109 + rsa_key *key); 110 110 + 111 111 + int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, 112 112 + const unsigned char *hash, unsigned long hashlen, 113 113 + int padding, 114 114 + int hash_idx, unsigned long saltlen, 115 115 + int *stat, rsa_key *key); 116 116 + 117 117 + int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key); 118 118 + 119 119 + /* PKCS #1 import/export */ 120 120 + int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key); 121 121 + int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); 122 122 + 123 123 + int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key); 124 124 + int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, 125 125 + const void *passwd, unsigned long passwdlen, rsa_key *key); 126 126 + 127 127 + int rsa_set_key(const unsigned char *N, unsigned long Nlen, 128 128 + const unsigned char *e, unsigned long elen, 129 129 + const unsigned char *d, unsigned long dlen, 130 130 + rsa_key *key); 131 131 + int rsa_set_factors(const unsigned char *p, unsigned long plen, 132 132 + const unsigned char *q, unsigned long qlen, 133 133 + rsa_key *key); 134 134 + int rsa_set_crt_params(const unsigned char *dP, unsigned long dPlen, 135 135 + const unsigned char *dQ, unsigned long dQlen, 136 136 + const unsigned char *qP, unsigned long qPlen, 137 137 + rsa_key *key); 138 138 + #endif 139 139 + 140 140 + /* ---- Katja ---- */ 141 141 + #ifdef LTC_MKAT 142 142 + 143 143 + /* Min and Max KAT key sizes (in bits) */ 144 144 + #define MIN_KAT_SIZE 1024 145 145 + #define MAX_KAT_SIZE 4096 146 146 + 147 147 + /** Katja PKCS style key */ 148 148 + typedef struct KAT_key { 149 149 + /** Type of key, PK_PRIVATE or PK_PUBLIC */ 150 150 + int type; 151 151 + /** The private exponent */ 152 152 + void *d; 153 153 + /** The modulus */ 154 154 + void *N; 155 155 + /** The p factor of N */ 156 156 + void *p; 157 157 + /** The q factor of N */ 158 158 + void *q; 159 159 + /** The 1/q mod p CRT param */ 160 160 + void *qP; 161 161 + /** The d mod (p - 1) CRT param */ 162 162 + void *dP; 163 163 + /** The d mod (q - 1) CRT param */ 164 164 + void *dQ; 165 165 + /** The pq param */ 166 166 + void *pq; 167 167 + } katja_key; 168 168 + 169 169 + int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key); 170 170 + 171 171 + int katja_exptmod(const unsigned char *in, unsigned long inlen, 172 172 + unsigned char *out, unsigned long *outlen, int which, 173 173 + katja_key *key); 174 174 + 175 175 + void katja_free(katja_key *key); 176 176 + 177 177 + /* These use PKCS #1 v2.0 padding */ 178 178 + int katja_encrypt_key(const unsigned char *in, unsigned long inlen, 179 179 + unsigned char *out, unsigned long *outlen, 180 180 + const unsigned char *lparam, unsigned long lparamlen, 181 181 + prng_state *prng, int prng_idx, int hash_idx, katja_key *key); 182 182 + 183 183 + int katja_decrypt_key(const unsigned char *in, unsigned long inlen, 184 184 + unsigned char *out, unsigned long *outlen, 185 185 + const unsigned char *lparam, unsigned long lparamlen, 186 186 + int hash_idx, int *stat, 187 187 + katja_key *key); 188 188 + 189 189 + /* PKCS #1 import/export */ 190 190 + int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key); 191 191 + int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key); 192 192 + 193 193 + #endif 194 194 + 195 195 + /* ---- DH Routines ---- */ 196 196 + #ifdef LTC_MDH 197 197 + 198 198 + typedef struct { 199 199 + int type; 200 200 + void *x; 201 201 + void *y; 202 202 + void *base; 203 203 + void *prime; 204 204 + } dh_key; 205 205 + 206 206 + int dh_get_groupsize(dh_key *key); 207 207 + 208 208 + int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key); 209 209 + int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key); 210 210 + 211 211 + int dh_set_pg(const unsigned char *p, unsigned long plen, 212 212 + const unsigned char *g, unsigned long glen, 213 213 + dh_key *key); 214 214 + int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key); 215 215 + int dh_set_pg_groupsize(int groupsize, dh_key *key); 216 216 + 217 217 + int dh_set_key(const unsigned char *in, unsigned long inlen, int type, dh_key *key); 218 218 + int dh_generate_key(prng_state *prng, int wprng, dh_key *key); 219 219 + 220 220 + int dh_shared_secret(dh_key *private_key, dh_key *public_key, 221 221 + unsigned char *out, unsigned long *outlen); 222 222 + 223 223 + void dh_free(dh_key *key); 224 224 + 225 225 + int dh_export_key(void *out, unsigned long *outlen, int type, dh_key *key); 226 226 + 227 227 + #ifdef LTC_SOURCE 228 228 + typedef struct { 229 229 + int size; 230 230 + const char *name, *base, *prime; 231 231 + } ltc_dh_set_type; 232 232 + 233 233 + extern const ltc_dh_set_type ltc_dh_sets[]; 234 234 + 235 235 + /* internal helper functions */ 236 236 + int dh_check_pubkey(dh_key *key); 237 237 + #endif 238 238 + 239 239 + #endif /* LTC_MDH */ 240 240 + 241 241 + 242 242 + /* ---- ECC Routines ---- */ 243 243 + #ifdef LTC_MECC 244 244 + 245 245 + /* size of our temp buffers for exported keys */ 246 246 + #define ECC_BUF_SIZE 256 247 247 + 248 248 + /* max private key size */ 249 249 + #define ECC_MAXSIZE 66 250 250 + 251 251 + /** Structure defines a NIST GF(p) curve */ 252 252 + typedef struct { 253 253 + /** The size of the curve in octets */ 254 254 + int size; 255 255 + 256 256 + /** name of curve */ 257 257 + const char *name; 258 258 + 259 259 + /** The prime that defines the field the curve is in (encoded in hex) */ 260 260 + const char *prime; 261 261 + 262 262 + /** The fields B param (hex) */ 263 263 + const char *B; 264 264 + 265 265 + /** The order of the curve (hex) */ 266 266 + const char *order; 267 267 + 268 268 + /** The x co-ordinate of the base point on the curve (hex) */ 269 269 + const char *Gx; 270 270 + 271 271 + /** The y co-ordinate of the base point on the curve (hex) */ 272 272 + const char *Gy; 273 273 + } ltc_ecc_set_type; 274 274 + 275 275 + /** A point on a ECC curve, stored in Jacbobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpretted as affine */ 276 276 + typedef struct { 277 277 + /** The x co-ordinate */ 278 278 + void *x; 279 279 + 280 280 + /** The y co-ordinate */ 281 281 + void *y; 282 282 + 283 283 + /** The z co-ordinate */ 284 284 + void *z; 285 285 + } ecc_point; 286 286 + 287 287 + /** An ECC key */ 288 288 + typedef struct { 289 289 + /** Type of key, PK_PRIVATE or PK_PUBLIC */ 290 290 + int type; 291 291 + 292 292 + /** Index into the ltc_ecc_sets[] for the parameters of this curve; if -1, then this key is using user supplied curve in dp */ 293 293 + int idx; 294 294 + 295 295 + /** pointer to domain parameters; either points to NIST curves (identified by idx >= 0) or user supplied curve */ 296 296 + const ltc_ecc_set_type *dp; 297 297 + 298 298 + /** The public key */ 299 299 + ecc_point pubkey; 300 300 + 301 301 + /** The private key */ 302 302 + void *k; 303 303 + } ecc_key; 304 304 + 305 305 + /** the ECC params provided */ 306 306 + extern const ltc_ecc_set_type ltc_ecc_sets[]; 307 307 + 308 308 + int ecc_test(void); 309 309 + void ecc_sizes(int *low, int *high); 310 310 + int ecc_get_size(ecc_key *key); 311 311 + 312 312 + int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key); 313 313 + int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp); 314 314 + void ecc_free(ecc_key *key); 315 315 + 316 316 + int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key); 317 317 + int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key); 318 318 + int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp); 319 319 + 320 320 + int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen); 321 321 + int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key); 322 322 + int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp); 323 323 + 324 324 + int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, 325 325 + unsigned char *out, unsigned long *outlen); 326 326 + 327 327 + int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, 328 328 + unsigned char *out, unsigned long *outlen, 329 329 + prng_state *prng, int wprng, int hash, 330 330 + ecc_key *key); 331 331 + 332 332 + int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, 333 333 + unsigned char *out, unsigned long *outlen, 334 334 + ecc_key *key); 335 335 + 336 336 + int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen, 337 337 + unsigned char *out, unsigned long *outlen, 338 338 + prng_state *prng, int wprng, ecc_key *key); 339 339 + 340 340 + int ecc_sign_hash(const unsigned char *in, unsigned long inlen, 341 341 + unsigned char *out, unsigned long *outlen, 342 342 + prng_state *prng, int wprng, ecc_key *key); 343 343 + 344 344 + int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen, 345 345 + const unsigned char *hash, unsigned long hashlen, 346 346 + int *stat, ecc_key *key); 347 347 + 348 348 + int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, 349 349 + const unsigned char *hash, unsigned long hashlen, 350 350 + int *stat, ecc_key *key); 351 351 + 352 352 + /* low level functions */ 353 353 + ecc_point *ltc_ecc_new_point(void); 354 354 + void ltc_ecc_del_point(ecc_point *p); 355 355 + int ltc_ecc_is_valid_idx(int n); 356 356 + 357 357 + /* point ops (mp == montgomery digit) */ 358 358 + #if !defined(LTC_MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC) 359 359 + /* R = 2P */ 360 360 + int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp); 361 361 + 362 362 + /* R = P + Q */ 363 363 + int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp); 364 364 + #endif 365 365 + 366 366 + #if defined(LTC_MECC_FP) 367 367 + /* optimized point multiplication using fixed point cache (HAC algorithm 14.117) */ 368 368 + int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map); 369 369 + 370 370 + /* functions for saving/loading/freeing/adding to fixed point cache */ 371 371 + int ltc_ecc_fp_save_state(unsigned char **out, unsigned long *outlen); 372 372 + int ltc_ecc_fp_restore_state(unsigned char *in, unsigned long inlen); 373 373 + void ltc_ecc_fp_free(void); 374 374 + int ltc_ecc_fp_add_point(ecc_point *g, void *modulus, int lock); 375 375 + 376 376 + /* lock/unlock all points currently in fixed point cache */ 377 377 + void ltc_ecc_fp_tablelock(int lock); 378 378 + #endif 379 379 + 380 380 + /* R = kG */ 381 381 + int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map); 382 382 + 383 383 + #ifdef LTC_ECC_SHAMIR 384 384 + /* kA*A + kB*B = C */ 385 385 + int ltc_ecc_mul2add(ecc_point *A, void *kA, 386 386 + ecc_point *B, void *kB, 387 387 + ecc_point *C, 388 388 + void *modulus); 389 389 + 390 390 + #ifdef LTC_MECC_FP 391 391 + /* Shamir's trick with optimized point multiplication using fixed point cache */ 392 392 + int ltc_ecc_fp_mul2add(ecc_point *A, void *kA, 393 393 + ecc_point *B, void *kB, 394 394 + ecc_point *C, void *modulus); 395 395 + #endif 396 396 + 397 397 + #endif 398 398 + 399 399 + 400 400 + /* map P to affine from projective */ 401 401 + int ltc_ecc_map(ecc_point *P, void *modulus, void *mp); 402 402 + 403 403 + #endif 404 404 + 405 405 + #ifdef LTC_MDSA 406 406 + 407 407 + /* Max diff between group and modulus size in bytes */ 408 408 + #define LTC_MDSA_DELTA 512 409 409 + 410 410 + /* Max DSA group size in bytes (default allows 4k-bit groups) */ 411 411 + #define LTC_MDSA_MAX_GROUP 512 412 412 + 413 413 + /** DSA key structure */ 414 414 + typedef struct { 415 415 + /** The key type, PK_PRIVATE or PK_PUBLIC */ 416 416 + int type; 417 417 + 418 418 + /** The order of the sub-group used in octets */ 419 419 + int qord; 420 420 + 421 421 + /** The generator */ 422 422 + void *g; 423 423 + 424 424 + /** The prime used to generate the sub-group */ 425 425 + void *q; 426 426 + 427 427 + /** The large prime that generats the field the contains the sub-group */ 428 428 + void *p; 429 429 + 430 430 + /** The private key */ 431 431 + void *x; 432 432 + 433 433 + /** The public key */ 434 434 + void *y; 435 435 + } dsa_key; 436 436 + 437 437 + int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); 438 438 + 439 439 + int dsa_set_pqg(const unsigned char *p, unsigned long plen, 440 440 + const unsigned char *q, unsigned long qlen, 441 441 + const unsigned char *g, unsigned long glen, 442 442 + dsa_key *key); 443 443 + int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, dsa_key *key); 444 444 + int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); 445 445 + 446 446 + int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key *key); 447 447 + int dsa_generate_key(prng_state *prng, int wprng, dsa_key *key); 448 448 + 449 449 + void dsa_free(dsa_key *key); 450 450 + 451 451 + int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, 452 452 + void *r, void *s, 453 453 + prng_state *prng, int wprng, dsa_key *key); 454 454 + 455 455 + int dsa_sign_hash(const unsigned char *in, unsigned long inlen, 456 456 + unsigned char *out, unsigned long *outlen, 457 457 + prng_state *prng, int wprng, dsa_key *key); 458 458 + 459 459 + int dsa_verify_hash_raw( void *r, void *s, 460 460 + const unsigned char *hash, unsigned long hashlen, 461 461 + int *stat, dsa_key *key); 462 462 + 463 463 + int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, 464 464 + const unsigned char *hash, unsigned long hashlen, 465 465 + int *stat, dsa_key *key); 466 466 + 467 467 + int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, 468 468 + unsigned char *out, unsigned long *outlen, 469 469 + prng_state *prng, int wprng, int hash, 470 470 + dsa_key *key); 471 471 + 472 472 + int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, 473 473 + unsigned char *out, unsigned long *outlen, 474 474 + dsa_key *key); 475 475 + 476 476 + int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); 477 477 + int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); 478 478 + int dsa_verify_key(dsa_key *key, int *stat); 479 479 + #ifdef LTC_SOURCE 480 480 + /* internal helper functions */ 481 481 + int dsa_int_validate_xy(dsa_key *key, int *stat); 482 482 + int dsa_int_validate_pqg(dsa_key *key, int *stat); 483 483 + int dsa_int_validate_primes(dsa_key *key, int *stat); 484 484 + #endif 485 485 + int dsa_shared_secret(void *private_key, void *base, 486 486 + dsa_key *public_key, 487 487 + unsigned char *out, unsigned long *outlen); 488 488 + #endif 489 489 + 490 490 + #ifdef LTC_DER 491 491 + /* DER handling */ 492 492 + 493 493 + typedef enum ltc_asn1_type_ { 494 494 + /* 0 */ 495 495 + LTC_ASN1_EOL, 496 496 + LTC_ASN1_BOOLEAN, 497 497 + LTC_ASN1_INTEGER, 498 498 + LTC_ASN1_SHORT_INTEGER, 499 499 + LTC_ASN1_BIT_STRING, 500 500 + /* 5 */ 501 501 + LTC_ASN1_OCTET_STRING, 502 502 + LTC_ASN1_NULL, 503 503 + LTC_ASN1_OBJECT_IDENTIFIER, 504 504 + LTC_ASN1_IA5_STRING, 505 505 + LTC_ASN1_PRINTABLE_STRING, 506 506 + /* 10 */ 507 507 + LTC_ASN1_UTF8_STRING, 508 508 + LTC_ASN1_UTCTIME, 509 509 + LTC_ASN1_CHOICE, 510 510 + LTC_ASN1_SEQUENCE, 511 511 + LTC_ASN1_SET, 512 512 + /* 15 */ 513 513 + LTC_ASN1_SETOF, 514 514 + LTC_ASN1_RAW_BIT_STRING, 515 515 + LTC_ASN1_TELETEX_STRING, 516 516 + LTC_ASN1_CONSTRUCTED, 517 517 + LTC_ASN1_CONTEXT_SPECIFIC, 518 518 + /* 20 */ 519 519 + LTC_ASN1_GENERALIZEDTIME, 520 520 + } ltc_asn1_type; 521 521 + 522 522 + /** A LTC ASN.1 list type */ 523 523 + typedef struct ltc_asn1_list_ { 524 524 + /** The LTC ASN.1 enumerated type identifier */ 525 525 + ltc_asn1_type type; 526 526 + /** The data to encode or place for decoding */ 527 527 + void *data; 528 528 + /** The size of the input or resulting output */ 529 529 + unsigned long size; 530 530 + /** The used flag, this is used by the CHOICE ASN.1 type to indicate which choice was made */ 531 531 + int used; 532 532 + /** prev/next entry in the list */ 533 533 + struct ltc_asn1_list_ *prev, *next, *child, *parent; 534 534 + } ltc_asn1_list; 535 535 + 536 536 + #define LTC_SET_ASN1(list, index, Type, Data, Size) \ 537 537 + do { \ 538 538 + int LTC_MACRO_temp = (index); \ 539 539 + ltc_asn1_list *LTC_MACRO_list = (list); \ 540 540 + LTC_MACRO_list[LTC_MACRO_temp].type = (Type); \ 541 541 + LTC_MACRO_list[LTC_MACRO_temp].data = (void*)(Data); \ 542 542 + LTC_MACRO_list[LTC_MACRO_temp].size = (Size); \ 543 543 + LTC_MACRO_list[LTC_MACRO_temp].used = 0; \ 544 544 + } while (0) 545 545 + 546 546 + /* SEQUENCE */ 547 547 + int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen, 548 548 + unsigned char *out, unsigned long *outlen, int type_of); 549 549 + 550 550 + #define der_encode_sequence(list, inlen, out, outlen) der_encode_sequence_ex(list, inlen, out, outlen, LTC_ASN1_SEQUENCE) 551 551 + 552 552 + int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, 553 553 + ltc_asn1_list *list, unsigned long outlen, int ordered); 554 554 + 555 555 + #define der_decode_sequence(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 1) 556 556 + 557 557 + int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, 558 558 + unsigned long *outlen); 559 559 + 560 560 + 561 561 + #ifdef LTC_SOURCE 562 562 + /* internal helper functions */ 563 563 + int der_length_sequence_ex(ltc_asn1_list *list, unsigned long inlen, 564 564 + unsigned long *outlen, unsigned long *payloadlen); 565 565 + /* SUBJECT PUBLIC KEY INFO */ 566 566 + int der_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, 567 567 + unsigned int algorithm, void* public_key, unsigned long public_key_len, 568 568 + unsigned long parameters_type, void* parameters, unsigned long parameters_len); 569 569 + 570 570 + int der_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, 571 571 + unsigned int algorithm, void* public_key, unsigned long* public_key_len, 572 572 + unsigned long parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len); 573 573 + #endif /* LTC_SOURCE */ 574 574 + 575 575 + /* SET */ 576 576 + #define der_decode_set(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 0) 577 577 + #define der_length_set der_length_sequence 578 578 + int der_encode_set(ltc_asn1_list *list, unsigned long inlen, 579 579 + unsigned char *out, unsigned long *outlen); 580 580 + 581 581 + int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, 582 582 + unsigned char *out, unsigned long *outlen); 583 583 + 584 584 + /* VA list handy helpers with triplets of <type, size, data> */ 585 585 + int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...); 586 586 + int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...); 587 587 + 588 588 + /* FLEXI DECODER handle unknown list decoder */ 589 589 + int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out); 590 590 + #define der_free_sequence_flexi der_sequence_free 591 591 + void der_sequence_free(ltc_asn1_list *in); 592 592 + void der_sequence_shrink(ltc_asn1_list *in); 593 593 + 594 594 + /* BOOLEAN */ 595 595 + int der_length_boolean(unsigned long *outlen); 596 596 + int der_encode_boolean(int in, 597 597 + unsigned char *out, unsigned long *outlen); 598 598 + int der_decode_boolean(const unsigned char *in, unsigned long inlen, 599 599 + int *out); 600 600 + /* INTEGER */ 601 601 + int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen); 602 602 + int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num); 603 603 + int der_length_integer(void *num, unsigned long *len); 604 604 + 605 605 + /* INTEGER -- handy for 0..2^32-1 values */ 606 606 + int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsigned long *num); 607 607 + int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned long *outlen); 608 608 + int der_length_short_integer(unsigned long num, unsigned long *outlen); 609 609 + 610 610 + /* BIT STRING */ 611 611 + int der_encode_bit_string(const unsigned char *in, unsigned long inlen, 612 612 + unsigned char *out, unsigned long *outlen); 613 613 + int der_decode_bit_string(const unsigned char *in, unsigned long inlen, 614 614 + unsigned char *out, unsigned long *outlen); 615 615 + int der_encode_raw_bit_string(const unsigned char *in, unsigned long inlen, 616 616 + unsigned char *out, unsigned long *outlen); 617 617 + int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, 618 618 + unsigned char *out, unsigned long *outlen); 619 619 + int der_length_bit_string(unsigned long nbits, unsigned long *outlen); 620 620 + 621 621 + /* OCTET STRING */ 622 622 + int der_encode_octet_string(const unsigned char *in, unsigned long inlen, 623 623 + unsigned char *out, unsigned long *outlen); 624 624 + int der_decode_octet_string(const unsigned char *in, unsigned long inlen, 625 625 + unsigned char *out, unsigned long *outlen); 626 626 + int der_length_octet_string(unsigned long noctets, unsigned long *outlen); 627 627 + 628 628 + /* OBJECT IDENTIFIER */ 629 629 + int der_encode_object_identifier(unsigned long *words, unsigned long nwords, 630 630 + unsigned char *out, unsigned long *outlen); 631 631 + int der_decode_object_identifier(const unsigned char *in, unsigned long inlen, 632 632 + unsigned long *words, unsigned long *outlen); 633 633 + int der_length_object_identifier(unsigned long *words, unsigned long nwords, unsigned long *outlen); 634 634 + unsigned long der_object_identifier_bits(unsigned long x); 635 635 + 636 636 + /* IA5 STRING */ 637 637 + int der_encode_ia5_string(const unsigned char *in, unsigned long inlen, 638 638 + unsigned char *out, unsigned long *outlen); 639 639 + int der_decode_ia5_string(const unsigned char *in, unsigned long inlen, 640 640 + unsigned char *out, unsigned long *outlen); 641 641 + int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); 642 642 + 643 643 + int der_ia5_char_encode(int c); 644 644 + int der_ia5_value_decode(int v); 645 645 + 646 646 + /* TELETEX STRING */ 647 647 + int der_decode_teletex_string(const unsigned char *in, unsigned long inlen, 648 648 + unsigned char *out, unsigned long *outlen); 649 649 + int der_length_teletex_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); 650 650 + 651 651 + #ifdef LTC_SOURCE 652 652 + /* internal helper functions */ 653 653 + int der_teletex_char_encode(int c); 654 654 + int der_teletex_value_decode(int v); 655 655 + #endif /* LTC_SOURCE */ 656 656 + 657 657 + 658 658 + /* PRINTABLE STRING */ 659 659 + int der_encode_printable_string(const unsigned char *in, unsigned long inlen, 660 660 + unsigned char *out, unsigned long *outlen); 661 661 + int der_decode_printable_string(const unsigned char *in, unsigned long inlen, 662 662 + unsigned char *out, unsigned long *outlen); 663 663 + int der_length_printable_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); 664 664 + 665 665 + int der_printable_char_encode(int c); 666 666 + int der_printable_value_decode(int v); 667 667 + 668 668 + /* UTF-8 */ 669 669 + #if (defined(SIZE_MAX) || __STDC_VERSION__ >= 199901L || defined(WCHAR_MAX) || defined(__WCHAR_MAX__) || defined(_WCHAR_T) || defined(_WCHAR_T_DEFINED) || defined (__WCHAR_TYPE__)) && !defined(LTC_NO_WCHAR) 670 670 + #if defined(__WCHAR_MAX__) 671 671 + #define LTC_WCHAR_MAX __WCHAR_MAX__ 672 672 + #else 673 673 + #include <wchar.h> 674 674 + #define LTC_WCHAR_MAX WCHAR_MAX 675 675 + #endif 676 676 + /* please note that it might happen that LTC_WCHAR_MAX is undefined */ 677 677 + #else 678 678 + typedef ulong32 wchar_t; 679 679 + #define LTC_WCHAR_MAX 0xFFFFFFFF 680 680 + #endif 681 681 + 682 682 + int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, 683 683 + unsigned char *out, unsigned long *outlen); 684 684 + 685 685 + int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, 686 686 + wchar_t *out, unsigned long *outlen); 687 687 + unsigned long der_utf8_charsize(const wchar_t c); 688 688 + #ifdef LTC_SOURCE 689 689 + /* internal helper functions */ 690 690 + int der_utf8_valid_char(const wchar_t c); 691 691 + #endif /* LTC_SOURCE */ 692 692 + int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen); 693 693 + 694 694 + 695 695 + /* CHOICE */ 696 696 + int der_decode_choice(const unsigned char *in, unsigned long *inlen, 697 697 + ltc_asn1_list *list, unsigned long outlen); 698 698 + 699 699 + /* UTCTime */ 700 700 + typedef struct { 701 701 + unsigned YY, /* year */ 702 702 + MM, /* month */ 703 703 + DD, /* day */ 704 704 + hh, /* hour */ 705 705 + mm, /* minute */ 706 706 + ss, /* second */ 707 707 + off_dir, /* timezone offset direction 0 == +, 1 == - */ 708 708 + off_hh, /* timezone offset hours */ 709 709 + off_mm; /* timezone offset minutes */ 710 710 + } ltc_utctime; 711 711 + 712 712 + int der_encode_utctime(ltc_utctime *utctime, 713 713 + unsigned char *out, unsigned long *outlen); 714 714 + 715 715 + int der_decode_utctime(const unsigned char *in, unsigned long *inlen, 716 716 + ltc_utctime *out); 717 717 + 718 718 + int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen); 719 719 + 720 720 + /* GeneralizedTime */ 721 721 + typedef struct { 722 722 + unsigned YYYY, /* year */ 723 723 + MM, /* month */ 724 724 + DD, /* day */ 725 725 + hh, /* hour */ 726 726 + mm, /* minute */ 727 727 + ss, /* second */ 728 728 + fs, /* fractional seconds */ 729 729 + off_dir, /* timezone offset direction 0 == +, 1 == - */ 730 730 + off_hh, /* timezone offset hours */ 731 731 + off_mm; /* timezone offset minutes */ 732 732 + } ltc_generalizedtime; 733 733 + 734 734 + int der_encode_generalizedtime(ltc_generalizedtime *gtime, 735 735 + unsigned char *out, unsigned long *outlen); 736 736 + 737 737 + int der_decode_generalizedtime(const unsigned char *in, unsigned long *inlen, 738 738 + ltc_generalizedtime *out); 739 739 + 740 740 + int der_length_generalizedtime(ltc_generalizedtime *gtime, unsigned long *outlen); 741 741 + 742 742 + 743 743 + #endif 744 744 + 745 745 + /* ref: HEAD -> master, tag: v1.18.2 */ 746 746 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 747 747 + /* commit time: 2018-07-01 22:49:01 +0200 */

+108

utils/tomcrypt/src/headers/tomcrypt_pkcs.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /* PKCS Header Info */ 11 11 + 12 12 + /* ===> PKCS #1 -- RSA Cryptography <=== */ 13 13 + #ifdef LTC_PKCS_1 14 14 + 15 15 + enum ltc_pkcs_1_v1_5_blocks 16 16 + { 17 17 + LTC_PKCS_1_EMSA = 1, /* Block type 1 (PKCS #1 v1.5 signature padding) */ 18 18 + LTC_PKCS_1_EME = 2 /* Block type 2 (PKCS #1 v1.5 encryption padding) */ 19 19 + }; 20 20 + 21 21 + enum ltc_pkcs_1_paddings 22 22 + { 23 23 + LTC_PKCS_1_V1_5 = 1, /* PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */ 24 24 + LTC_PKCS_1_OAEP = 2, /* PKCS #1 v2.0 encryption padding */ 25 25 + LTC_PKCS_1_PSS = 3, /* PKCS #1 v2.1 signature padding */ 26 26 + LTC_PKCS_1_V1_5_NA1 = 4 /* PKCS #1 v1.5 padding - No ASN.1 (\sa ltc_pkcs_1_v1_5_blocks) */ 27 27 + }; 28 28 + 29 29 + int pkcs_1_mgf1( int hash_idx, 30 30 + const unsigned char *seed, unsigned long seedlen, 31 31 + unsigned char *mask, unsigned long masklen); 32 32 + 33 33 + int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out); 34 34 + int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen); 35 35 + 36 36 + /* *** v1.5 padding */ 37 37 + int pkcs_1_v1_5_encode(const unsigned char *msg, 38 38 + unsigned long msglen, 39 39 + int block_type, 40 40 + unsigned long modulus_bitlen, 41 41 + prng_state *prng, 42 42 + int prng_idx, 43 43 + unsigned char *out, 44 44 + unsigned long *outlen); 45 45 + 46 46 + int pkcs_1_v1_5_decode(const unsigned char *msg, 47 47 + unsigned long msglen, 48 48 + int block_type, 49 49 + unsigned long modulus_bitlen, 50 50 + unsigned char *out, 51 51 + unsigned long *outlen, 52 52 + int *is_valid); 53 53 + 54 54 + /* *** v2.1 padding */ 55 55 + int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, 56 56 + const unsigned char *lparam, unsigned long lparamlen, 57 57 + unsigned long modulus_bitlen, prng_state *prng, 58 58 + int prng_idx, int hash_idx, 59 59 + unsigned char *out, unsigned long *outlen); 60 60 + 61 61 + int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, 62 62 + const unsigned char *lparam, unsigned long lparamlen, 63 63 + unsigned long modulus_bitlen, int hash_idx, 64 64 + unsigned char *out, unsigned long *outlen, 65 65 + int *res); 66 66 + 67 67 + int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, 68 68 + unsigned long saltlen, prng_state *prng, 69 69 + int prng_idx, int hash_idx, 70 70 + unsigned long modulus_bitlen, 71 71 + unsigned char *out, unsigned long *outlen); 72 72 + 73 73 + int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, 74 74 + const unsigned char *sig, unsigned long siglen, 75 75 + unsigned long saltlen, int hash_idx, 76 76 + unsigned long modulus_bitlen, int *res); 77 77 + 78 78 + #endif /* LTC_PKCS_1 */ 79 79 + 80 80 + /* ===> PKCS #5 -- Password Based Cryptography <=== */ 81 81 + #ifdef LTC_PKCS_5 82 82 + 83 83 + /* Algorithm #1 (PBKDF1) */ 84 84 + int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, 85 85 + const unsigned char *salt, 86 86 + int iteration_count, int hash_idx, 87 87 + unsigned char *out, unsigned long *outlen); 88 88 + 89 89 + /* Algorithm #1 (PBKDF1) - OpenSSL-compatible variant for arbitrarily-long keys. 90 90 + Compatible with EVP_BytesToKey() */ 91 91 + int pkcs_5_alg1_openssl(const unsigned char *password, 92 92 + unsigned long password_len, 93 93 + const unsigned char *salt, 94 94 + int iteration_count, int hash_idx, 95 95 + unsigned char *out, unsigned long *outlen); 96 96 + 97 97 + /* Algorithm #2 (PBKDF2) */ 98 98 + int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, 99 99 + const unsigned char *salt, unsigned long salt_len, 100 100 + int iteration_count, int hash_idx, 101 101 + unsigned char *out, unsigned long *outlen); 102 102 + 103 103 + int pkcs_5_test (void); 104 104 + #endif /* LTC_PKCS_5 */ 105 105 + 106 106 + /* ref: HEAD -> master, tag: v1.18.2 */ 107 107 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 108 108 + /* commit time: 2018-07-01 22:49:01 +0200 */

+447

utils/tomcrypt/src/headers/tomcrypt_private.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis */ 2 2 + /* SPDX-License-Identifier: Unlicense */ 3 3 + 4 4 + #include "tomcrypt.h" 5 5 + 6 6 + /* 7 7 + * Internal Macros 8 8 + */ 9 9 + 10 10 + #define LTC_PAD_MASK (0xF000U) 11 11 + 12 12 + /* 13 13 + * Internal Enums 14 14 + */ 15 15 + 16 16 + enum ltc_oid_id { 17 17 + PKA_RSA, 18 18 + PKA_DSA, 19 19 + PKA_EC, 20 20 + PKA_EC_PRIMEF, 21 21 + PKA_X25519, 22 22 + PKA_ED25519, 23 23 + }; 24 24 + 25 25 + /* 26 26 + * Internal Types 27 27 + */ 28 28 + 29 29 + typedef struct { 30 30 + int size; 31 31 + const char *name, *base, *prime; 32 32 + } ltc_dh_set_type; 33 33 + 34 34 + 35 35 + typedef int (*fn_kdf_t)(const unsigned char *password, unsigned long password_len, 36 36 + const unsigned char *salt, unsigned long salt_len, 37 37 + int iteration_count, int hash_idx, 38 38 + unsigned char *out, unsigned long *outlen); 39 39 + 40 40 + typedef struct { 41 41 + /* KDF */ 42 42 + fn_kdf_t kdf; 43 43 + /* Hash or HMAC */ 44 44 + const char* h; 45 45 + /* cipher */ 46 46 + const char* c; 47 47 + unsigned long keylen; 48 48 + /* not used for pbkdf2 */ 49 49 + unsigned long blocklen; 50 50 + } pbes_properties; 51 51 + 52 52 + typedef struct 53 53 + { 54 54 + pbes_properties type; 55 55 + const void *pwd; 56 56 + unsigned long pwdlen; 57 57 + ltc_asn1_list *enc_data; 58 58 + ltc_asn1_list *salt; 59 59 + ltc_asn1_list *iv; 60 60 + unsigned long iterations; 61 61 + /* only used for RC2 */ 62 62 + unsigned long key_bits; 63 63 + } pbes_arg; 64 64 + 65 65 + /* 66 66 + * Internal functions 67 67 + */ 68 68 + 69 69 + 70 70 + /* tomcrypt_cipher.h */ 71 71 + 72 72 + void blowfish_enc(ulong32 *data, unsigned long blocks, const symmetric_key *skey); 73 73 + int blowfish_expand(const unsigned char *key, int keylen, 74 74 + const unsigned char *data, int datalen, 75 75 + symmetric_key *skey); 76 76 + int blowfish_setup_with_data(const unsigned char *key, int keylen, 77 77 + const unsigned char *data, int datalen, 78 78 + symmetric_key *skey); 79 79 + 80 80 + /* tomcrypt_hash.h */ 81 81 + 82 82 + /* a simple macro for making hash "process" functions */ 83 83 + #define HASH_PROCESS(func_name, compress_name, state_var, block_size) \ 84 84 + int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ 85 85 + { \ 86 86 + unsigned long n; \ 87 87 + int err; \ 88 88 + LTC_ARGCHK(md != NULL); \ 89 89 + LTC_ARGCHK(in != NULL); \ 90 90 + if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ 91 91 + return CRYPT_INVALID_ARG; \ 92 92 + } \ 93 93 + if ((md-> state_var .length + inlen) < md-> state_var .length) { \ 94 94 + return CRYPT_HASH_OVERFLOW; \ 95 95 + } \ 96 96 + while (inlen > 0) { \ 97 97 + if (md-> state_var .curlen == 0 && inlen >= block_size) { \ 98 98 + if ((err = compress_name (md, in)) != CRYPT_OK) { \ 99 99 + return err; \ 100 100 + } \ 101 101 + md-> state_var .length += block_size * 8; \ 102 102 + in += block_size; \ 103 103 + inlen -= block_size; \ 104 104 + } else { \ 105 105 + n = MIN(inlen, (block_size - md-> state_var .curlen)); \ 106 106 + XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ 107 107 + md-> state_var .curlen += n; \ 108 108 + in += n; \ 109 109 + inlen -= n; \ 110 110 + if (md-> state_var .curlen == block_size) { \ 111 111 + if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ 112 112 + return err; \ 113 113 + } \ 114 114 + md-> state_var .length += 8*block_size; \ 115 115 + md-> state_var .curlen = 0; \ 116 116 + } \ 117 117 + } \ 118 118 + } \ 119 119 + return CRYPT_OK; \ 120 120 + } 121 121 + 122 122 + 123 123 + /* tomcrypt_mac.h */ 124 124 + 125 125 + int ocb3_int_ntz(unsigned long x); 126 126 + void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len); 127 127 + 128 128 + 129 129 + /* tomcrypt_math.h */ 130 130 + 131 131 + #if !defined(DESC_DEF_ONLY) 132 132 + 133 133 + #define MP_DIGIT_BIT ltc_mp.bits_per_digit 134 134 + 135 135 + /* some handy macros */ 136 136 + #define mp_init(a) ltc_mp.init(a) 137 137 + #define mp_init_multi ltc_init_multi 138 138 + #define mp_clear(a) ltc_mp.deinit(a) 139 139 + #define mp_clear_multi ltc_deinit_multi 140 140 + #define mp_cleanup_multi ltc_cleanup_multi 141 141 + #define mp_init_copy(a, b) ltc_mp.init_copy(a, b) 142 142 + 143 143 + #define mp_neg(a, b) ltc_mp.neg(a, b) 144 144 + #define mp_copy(a, b) ltc_mp.copy(a, b) 145 145 + 146 146 + #define mp_set(a, b) ltc_mp.set_int(a, b) 147 147 + #define mp_set_int(a, b) ltc_mp.set_int(a, b) 148 148 + #define mp_get_int(a) ltc_mp.get_int(a) 149 149 + #define mp_get_digit(a, n) ltc_mp.get_digit(a, n) 150 150 + #define mp_get_digit_count(a) ltc_mp.get_digit_count(a) 151 151 + #define mp_cmp(a, b) ltc_mp.compare(a, b) 152 152 + #define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) 153 153 + #define mp_count_bits(a) ltc_mp.count_bits(a) 154 154 + #define mp_cnt_lsb(a) ltc_mp.count_lsb_bits(a) 155 155 + #define mp_2expt(a, b) ltc_mp.twoexpt(a, b) 156 156 + 157 157 + #define mp_read_radix(a, b, c) ltc_mp.read_radix(a, b, c) 158 158 + #define mp_toradix(a, b, c) ltc_mp.write_radix(a, b, c) 159 159 + #define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a) 160 160 + #define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b) 161 161 + #define mp_read_unsigned_bin(a, b, c) ltc_mp.unsigned_read(a, b, c) 162 162 + 163 163 + #define mp_add(a, b, c) ltc_mp.add(a, b, c) 164 164 + #define mp_add_d(a, b, c) ltc_mp.addi(a, b, c) 165 165 + #define mp_sub(a, b, c) ltc_mp.sub(a, b, c) 166 166 + #define mp_sub_d(a, b, c) ltc_mp.subi(a, b, c) 167 167 + #define mp_mul(a, b, c) ltc_mp.mul(a, b, c) 168 168 + #define mp_mul_d(a, b, c) ltc_mp.muli(a, b, c) 169 169 + #define mp_sqr(a, b) ltc_mp.sqr(a, b) 170 170 + #define mp_sqrtmod_prime(a, b, c) ltc_mp.sqrtmod_prime(a, b, c) 171 171 + #define mp_div(a, b, c, d) ltc_mp.mpdiv(a, b, c, d) 172 172 + #define mp_div_2(a, b) ltc_mp.div_2(a, b) 173 173 + #define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c) 174 174 + #define mp_mod_d(a, b, c) ltc_mp.modi(a, b, c) 175 175 + #define mp_gcd(a, b, c) ltc_mp.gcd(a, b, c) 176 176 + #define mp_lcm(a, b, c) ltc_mp.lcm(a, b, c) 177 177 + 178 178 + #define mp_addmod(a, b, c, d) ltc_mp.addmod(a, b, c, d) 179 179 + #define mp_submod(a, b, c, d) ltc_mp.submod(a, b, c, d) 180 180 + #define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) 181 181 + #define mp_sqrmod(a, b, c) ltc_mp.sqrmod(a, b, c) 182 182 + #define mp_invmod(a, b, c) ltc_mp.invmod(a, b, c) 183 183 + 184 184 + #define mp_montgomery_setup(a, b) ltc_mp.montgomery_setup(a, b) 185 185 + #define mp_montgomery_normalization(a, b) ltc_mp.montgomery_normalization(a, b) 186 186 + #define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) 187 187 + #define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a) 188 188 + 189 189 + #define mp_exptmod(a,b,c,d) ltc_mp.exptmod(a,b,c,d) 190 190 + #define mp_prime_is_prime(a, b, c) ltc_mp.isprime(a, b, c) 191 191 + 192 192 + #define mp_iszero(a) (mp_cmp_d(a, 0) == LTC_MP_EQ ? LTC_MP_YES : LTC_MP_NO) 193 193 + #define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) 194 194 + #define mp_exch(a, b) do { void *ABC__tmp = a; a = b; b = ABC__tmp; } while(0) 195 195 + 196 196 + #define mp_tohex(a, b) mp_toradix(a, b, 16) 197 197 + 198 198 + #define mp_rand(a, b) ltc_mp.rand(a, b) 199 199 + 200 200 + #endif 201 201 + 202 202 + 203 203 + /* tomcrypt_misc.h */ 204 204 + 205 205 + void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz); 206 206 + 207 207 + int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *dec_size); 208 208 + 209 209 + int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res); 210 210 + int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res); 211 211 + 212 212 + 213 213 + /* tomcrypt_pk.h */ 214 214 + 215 215 + int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); 216 216 + int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng); 217 217 + 218 218 + int pk_get_oid(enum ltc_oid_id id, const char **st); 219 219 + int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen); 220 220 + int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen); 221 221 + 222 222 + /* ---- DH Routines ---- */ 223 223 + #ifdef LTC_MRSA 224 224 + int rsa_init(rsa_key *key); 225 225 + void rsa_shrink_key(rsa_key *key); 226 226 + #endif /* LTC_MRSA */ 227 227 + 228 228 + /* ---- DH Routines ---- */ 229 229 + #ifdef LTC_MDH 230 230 + extern const ltc_dh_set_type ltc_dh_sets[]; 231 231 + 232 232 + int dh_check_pubkey(const dh_key *key); 233 233 + #endif /* LTC_MDH */ 234 234 + 235 235 + /* ---- ECC Routines ---- */ 236 236 + #ifdef LTC_MECC 237 237 + int ecc_set_curve_from_mpis(void *a, void *b, void *prime, void *order, void *gx, void *gy, unsigned long cofactor, ecc_key *key); 238 238 + int ecc_copy_curve(const ecc_key *srckey, ecc_key *key); 239 239 + int ecc_set_curve_by_size(int size, ecc_key *key); 240 240 + int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long inlen, ecc_key *key); 241 241 + 242 242 + #ifdef LTC_SSH 243 243 + int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long *buflen, const ecc_key *key); 244 244 + #endif 245 245 + 246 246 + /* low level functions */ 247 247 + ecc_point *ltc_ecc_new_point(void); 248 248 + void ltc_ecc_del_point(ecc_point *p); 249 249 + int ltc_ecc_set_point_xyz(ltc_mp_digit x, ltc_mp_digit y, ltc_mp_digit z, ecc_point *p); 250 250 + int ltc_ecc_copy_point(const ecc_point *src, ecc_point *dst); 251 251 + int ltc_ecc_is_point(const ltc_ecc_dp *dp, void *x, void *y); 252 252 + int ltc_ecc_is_point_at_infinity(const ecc_point *P, void *modulus, int *retval); 253 253 + int ltc_ecc_import_point(const unsigned char *in, unsigned long inlen, void *prime, void *a, void *b, void *x, void *y); 254 254 + int ltc_ecc_export_point(unsigned char *out, unsigned long *outlen, void *x, void *y, unsigned long size, int compressed); 255 255 + int ltc_ecc_verify_key(const ecc_key *key); 256 256 + 257 257 + /* point ops (mp == montgomery digit) */ 258 258 + #if !defined(LTC_MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC) 259 259 + /* R = 2P */ 260 260 + int ltc_ecc_projective_dbl_point(const ecc_point *P, ecc_point *R, void *ma, void *modulus, void *mp); 261 261 + 262 262 + /* R = P + Q */ 263 263 + int ltc_ecc_projective_add_point(const ecc_point *P, const ecc_point *Q, ecc_point *R, void *ma, void *modulus, void *mp); 264 264 + #endif 265 265 + 266 266 + #if defined(LTC_MECC_FP) 267 267 + /* optimized point multiplication using fixed point cache (HAC algorithm 14.117) */ 268 268 + int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *a, void *modulus, int map); 269 269 + 270 270 + /* functions for saving/loading/freeing/adding to fixed point cache */ 271 271 + int ltc_ecc_fp_save_state(unsigned char **out, unsigned long *outlen); 272 272 + int ltc_ecc_fp_restore_state(unsigned char *in, unsigned long inlen); 273 273 + void ltc_ecc_fp_free(void); 274 274 + int ltc_ecc_fp_add_point(ecc_point *g, void *modulus, int lock); 275 275 + 276 276 + /* lock/unlock all points currently in fixed point cache */ 277 277 + void ltc_ecc_fp_tablelock(int lock); 278 278 + #endif 279 279 + 280 280 + /* R = kG */ 281 281 + int ltc_ecc_mulmod(void *k, const ecc_point *G, ecc_point *R, void *a, void *modulus, int map); 282 282 + 283 283 + #ifdef LTC_ECC_SHAMIR 284 284 + /* kA*A + kB*B = C */ 285 285 + int ltc_ecc_mul2add(const ecc_point *A, void *kA, 286 286 + const ecc_point *B, void *kB, 287 287 + ecc_point *C, 288 288 + void *ma, 289 289 + void *modulus); 290 290 + 291 291 + #ifdef LTC_MECC_FP 292 292 + /* Shamir's trick with optimized point multiplication using fixed point cache */ 293 293 + int ltc_ecc_fp_mul2add(const ecc_point *A, void *kA, 294 294 + const ecc_point *B, void *kB, 295 295 + ecc_point *C, 296 296 + void *ma, 297 297 + void *modulus); 298 298 + #endif 299 299 + 300 300 + #endif 301 301 + 302 302 + 303 303 + /* map P to affine from projective */ 304 304 + int ltc_ecc_map(ecc_point *P, void *modulus, void *mp); 305 305 + #endif /* LTC_MECC */ 306 306 + 307 307 + #ifdef LTC_MDSA 308 308 + int dsa_int_validate_xy(const dsa_key *key, int *stat); 309 309 + int dsa_int_validate_pqg(const dsa_key *key, int *stat); 310 310 + int dsa_int_validate_primes(const dsa_key *key, int *stat); 311 311 + #endif /* LTC_MDSA */ 312 312 + 313 313 + 314 314 + #ifdef LTC_CURVE25519 315 315 + 316 316 + int tweetnacl_crypto_sign( 317 317 + unsigned char *sm,unsigned long long *smlen, 318 318 + const unsigned char *m,unsigned long long mlen, 319 319 + const unsigned char *sk, const unsigned char *pk); 320 320 + int tweetnacl_crypto_sign_open( 321 321 + int *stat, 322 322 + unsigned char *m,unsigned long long *mlen, 323 323 + const unsigned char *sm,unsigned long long smlen, 324 324 + const unsigned char *pk); 325 325 + int tweetnacl_crypto_sign_keypair(prng_state *prng, int wprng, unsigned char *pk,unsigned char *sk); 326 326 + int tweetnacl_crypto_sk_to_pk(unsigned char *pk, const unsigned char *sk); 327 327 + int tweetnacl_crypto_scalarmult(unsigned char *q, const unsigned char *n, const unsigned char *p); 328 328 + int tweetnacl_crypto_scalarmult_base(unsigned char *q,const unsigned char *n); 329 329 + 330 330 + typedef int (*sk_to_pk)(unsigned char *pk ,const unsigned char *sk); 331 331 + int ec25519_import_pkcs8(const unsigned char *in, unsigned long inlen, 332 332 + const void *pwd, unsigned long pwdlen, 333 333 + enum ltc_oid_id id, sk_to_pk fp, 334 334 + curve25519_key *key); 335 335 + int ec25519_export( unsigned char *out, unsigned long *outlen, 336 336 + int which, 337 337 + const curve25519_key *key); 338 338 + #endif /* LTC_CURVE25519 */ 339 339 + 340 340 + #ifdef LTC_DER 341 341 + 342 342 + #define LTC_ASN1_IS_TYPE(e, t) (((e) != NULL) && ((e)->type == (t))) 343 343 + 344 344 + /* DER handling */ 345 345 + int der_decode_custom_type_ex(const unsigned char *in, unsigned long inlen, 346 346 + ltc_asn1_list *root, 347 347 + ltc_asn1_list *list, unsigned long outlen, unsigned int flags); 348 348 + 349 349 + int der_encode_asn1_identifier(const ltc_asn1_list *id, unsigned char *out, unsigned long *outlen); 350 350 + int der_decode_asn1_identifier(const unsigned char *in, unsigned long *inlen, ltc_asn1_list *id); 351 351 + int der_length_asn1_identifier(const ltc_asn1_list *id, unsigned long *idlen); 352 352 + 353 353 + int der_encode_asn1_length(unsigned long len, unsigned char* out, unsigned long* outlen); 354 354 + int der_decode_asn1_length(const unsigned char *in, unsigned long *inlen, unsigned long *outlen); 355 355 + int der_length_asn1_length(unsigned long len, unsigned long *outlen); 356 356 + 357 357 + int der_length_sequence_ex(const ltc_asn1_list *list, unsigned long inlen, 358 358 + unsigned long *outlen, unsigned long *payloadlen); 359 359 + 360 360 + extern const ltc_asn1_type der_asn1_tag_to_type_map[]; 361 361 + extern const unsigned long der_asn1_tag_to_type_map_sz; 362 362 + 363 363 + extern const int der_asn1_type_to_identifier_map[]; 364 364 + extern const unsigned long der_asn1_type_to_identifier_map_sz; 365 365 + 366 366 + int der_decode_sequence_multi_ex(const unsigned char *in, unsigned long inlen, unsigned int flags, ...); 367 367 + 368 368 + int der_teletex_char_encode(int c); 369 369 + int der_teletex_value_decode(int v); 370 370 + 371 371 + int der_utf8_valid_char(const wchar_t c); 372 372 + 373 373 + typedef int (*public_key_decode_cb)(const unsigned char *in, unsigned long inlen, void *ctx); 374 374 + 375 375 + int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen, 376 376 + enum ltc_oid_id algorithm, ltc_asn1_type param_type, 377 377 + ltc_asn1_list* parameters, unsigned long *parameters_len, 378 378 + public_key_decode_cb callback, void *ctx); 379 379 + 380 380 + /* SUBJECT PUBLIC KEY INFO */ 381 381 + int x509_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, 382 382 + unsigned int algorithm, const void* public_key, unsigned long public_key_len, 383 383 + ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len); 384 384 + 385 385 + int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, 386 386 + unsigned int algorithm, void* public_key, unsigned long* public_key_len, 387 387 + ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len); 388 388 + 389 389 + int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size); 390 390 + int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2); 391 391 + 392 392 + #endif /* LTC_DER */ 393 393 + 394 394 + /* tomcrypt_pkcs.h */ 395 395 + 396 396 + #ifdef LTC_PKCS_8 397 397 + 398 398 + int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen, 399 399 + const void *pwd, unsigned long pwdlen, 400 400 + ltc_asn1_list **decoded_list); 401 401 + 402 402 + #endif /* LTC_PKCS_8 */ 403 403 + 404 404 + 405 405 + #ifdef LTC_PKCS_12 406 406 + 407 407 + int pkcs12_utf8_to_utf16(const unsigned char *in, unsigned long inlen, 408 408 + unsigned char *out, unsigned long *outlen); 409 409 + 410 410 + int pkcs12_kdf( int hash_id, 411 411 + const unsigned char *pw, unsigned long pwlen, 412 412 + const unsigned char *salt, unsigned long saltlen, 413 413 + unsigned int iterations, unsigned char purpose, 414 414 + unsigned char *out, unsigned long outlen); 415 415 + 416 416 + #endif /* LTC_PKCS_12 */ 417 417 + 418 418 + /* tomcrypt_prng.h */ 419 419 + 420 420 + #define LTC_PRNG_EXPORT(which) \ 421 421 + int which ## _export(unsigned char *out, unsigned long *outlen, prng_state *prng) \ 422 422 + { \ 423 423 + unsigned long len = which ## _desc.export_size; \ 424 424 + \ 425 425 + LTC_ARGCHK(prng != NULL); \ 426 426 + LTC_ARGCHK(out != NULL); \ 427 427 + LTC_ARGCHK(outlen != NULL); \ 428 428 + \ 429 429 + if (*outlen < len) { \ 430 430 + *outlen = len; \ 431 431 + return CRYPT_BUFFER_OVERFLOW; \ 432 432 + } \ 433 433 + \ 434 434 + if (which ## _read(out, len, prng) != len) { \ 435 435 + return CRYPT_ERROR_READPRNG; \ 436 436 + } \ 437 437 + \ 438 438 + *outlen = len; \ 439 439 + return CRYPT_OK; \ 440 440 + } 441 441 + 442 442 + /* extract a byte portably */ 443 443 + #ifdef _MSC_VER 444 444 + #define LTC_BYTE(x, n) ((unsigned char)((x) >> (8 * (n)))) 445 445 + #else 446 446 + #define LTC_BYTE(x, n) (((x) >> (8 * (n))) & 255) 447 447 + #endif

+232

utils/tomcrypt/src/headers/tomcrypt_prng.h

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + /* ---- PRNG Stuff ---- */ 11 11 + #ifdef LTC_YARROW 12 12 + struct yarrow_prng { 13 13 + int cipher, hash; 14 14 + unsigned char pool[MAXBLOCKSIZE]; 15 15 + symmetric_CTR ctr; 16 16 + }; 17 17 + #endif 18 18 + 19 19 + #ifdef LTC_RC4 20 20 + struct rc4_prng { 21 21 + rc4_state s; 22 22 + }; 23 23 + #endif 24 24 + 25 25 + #ifdef LTC_CHACHA20_PRNG 26 26 + struct chacha20_prng { 27 27 + chacha_state s; /* chacha state */ 28 28 + unsigned char ent[40]; /* entropy buffer */ 29 29 + unsigned long idx; /* entropy counter */ 30 30 + }; 31 31 + #endif 32 32 + 33 33 + #ifdef LTC_FORTUNA 34 34 + struct fortuna_prng { 35 35 + hash_state pool[LTC_FORTUNA_POOLS]; /* the pools */ 36 36 + 37 37 + symmetric_key skey; 38 38 + 39 39 + unsigned char K[32], /* the current key */ 40 40 + IV[16]; /* IV for CTR mode */ 41 41 + 42 42 + unsigned long pool_idx, /* current pool we will add to */ 43 43 + pool0_len, /* length of 0'th pool */ 44 44 + wd; 45 45 + 46 46 + ulong64 reset_cnt; /* number of times we have reset */ 47 47 + }; 48 48 + #endif 49 49 + 50 50 + #ifdef LTC_SOBER128 51 51 + struct sober128_prng { 52 52 + sober128_state s; /* sober128 state */ 53 53 + unsigned char ent[40]; /* entropy buffer */ 54 54 + unsigned long idx; /* entropy counter */ 55 55 + }; 56 56 + #endif 57 57 + 58 58 + typedef struct { 59 59 + union { 60 60 + char dummy[1]; 61 61 + #ifdef LTC_YARROW 62 62 + struct yarrow_prng yarrow; 63 63 + #endif 64 64 + #ifdef LTC_RC4 65 65 + struct rc4_prng rc4; 66 66 + #endif 67 67 + #ifdef LTC_CHACHA20_PRNG 68 68 + struct chacha20_prng chacha; 69 69 + #endif 70 70 + #ifdef LTC_FORTUNA 71 71 + struct fortuna_prng fortuna; 72 72 + #endif 73 73 + #ifdef LTC_SOBER128 74 74 + struct sober128_prng sober128; 75 75 + #endif 76 76 + }; 77 77 + short ready; /* ready flag 0-1 */ 78 78 + LTC_MUTEX_TYPE(lock) /* lock */ 79 79 + } prng_state; 80 80 + 81 81 + /** PRNG descriptor */ 82 82 + extern struct ltc_prng_descriptor { 83 83 + /** Name of the PRNG */ 84 84 + const char *name; 85 85 + /** size in bytes of exported state */ 86 86 + int export_size; 87 87 + /** Start a PRNG state 88 88 + @param prng [out] The state to initialize 89 89 + @return CRYPT_OK if successful 90 90 + */ 91 91 + int (*start)(prng_state *prng); 92 92 + /** Add entropy to the PRNG 93 93 + @param in The entropy 94 94 + @param inlen Length of the entropy (octets)\ 95 95 + @param prng The PRNG state 96 96 + @return CRYPT_OK if successful 97 97 + */ 98 98 + int (*add_entropy)(const unsigned char *in, unsigned long inlen, prng_state *prng); 99 99 + /** Ready a PRNG state to read from 100 100 + @param prng The PRNG state to ready 101 101 + @return CRYPT_OK if successful 102 102 + */ 103 103 + int (*ready)(prng_state *prng); 104 104 + /** Read from the PRNG 105 105 + @param out [out] Where to store the data 106 106 + @param outlen Length of data desired (octets) 107 107 + @param prng The PRNG state to read from 108 108 + @return Number of octets read 109 109 + */ 110 110 + unsigned long (*read)(unsigned char *out, unsigned long outlen, prng_state *prng); 111 111 + /** Terminate a PRNG state 112 112 + @param prng The PRNG state to terminate 113 113 + @return CRYPT_OK if successful 114 114 + */ 115 115 + int (*done)(prng_state *prng); 116 116 + /** Export a PRNG state 117 117 + @param out [out] The destination for the state 118 118 + @param outlen [in/out] The max size and resulting size of the PRNG state 119 119 + @param prng The PRNG to export 120 120 + @return CRYPT_OK if successful 121 121 + */ 122 122 + int (*pexport)(unsigned char *out, unsigned long *outlen, prng_state *prng); 123 123 + /** Import a PRNG state 124 124 + @param in The data to import 125 125 + @param inlen The length of the data to import (octets) 126 126 + @param prng The PRNG to initialize/import 127 127 + @return CRYPT_OK if successful 128 128 + */ 129 129 + int (*pimport)(const unsigned char *in, unsigned long inlen, prng_state *prng); 130 130 + /** Self-test the PRNG 131 131 + @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled 132 132 + */ 133 133 + int (*test)(void); 134 134 + } prng_descriptor[]; 135 135 + 136 136 + #ifdef LTC_YARROW 137 137 + int yarrow_start(prng_state *prng); 138 138 + int yarrow_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); 139 139 + int yarrow_ready(prng_state *prng); 140 140 + unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *prng); 141 141 + int yarrow_done(prng_state *prng); 142 142 + int yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng); 143 143 + int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng); 144 144 + int yarrow_test(void); 145 145 + extern const struct ltc_prng_descriptor yarrow_desc; 146 146 + #endif 147 147 + 148 148 + #ifdef LTC_FORTUNA 149 149 + int fortuna_start(prng_state *prng); 150 150 + int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); 151 151 + int fortuna_ready(prng_state *prng); 152 152 + unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state *prng); 153 153 + int fortuna_done(prng_state *prng); 154 154 + int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng); 155 155 + int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prng); 156 156 + int fortuna_test(void); 157 157 + extern const struct ltc_prng_descriptor fortuna_desc; 158 158 + #endif 159 159 + 160 160 + #ifdef LTC_RC4 161 161 + int rc4_start(prng_state *prng); 162 162 + int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); 163 163 + int rc4_ready(prng_state *prng); 164 164 + unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prng); 165 165 + int rc4_done(prng_state *prng); 166 166 + int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng); 167 167 + int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng); 168 168 + int rc4_test(void); 169 169 + extern const struct ltc_prng_descriptor rc4_desc; 170 170 + #endif 171 171 + 172 172 + #ifdef LTC_CHACHA20_PRNG 173 173 + int chacha20_prng_start(prng_state *prng); 174 174 + int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); 175 175 + int chacha20_prng_ready(prng_state *prng); 176 176 + unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng); 177 177 + int chacha20_prng_done(prng_state *prng); 178 178 + int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *prng); 179 179 + int chacha20_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng); 180 180 + int chacha20_prng_test(void); 181 181 + extern const struct ltc_prng_descriptor chacha20_prng_desc; 182 182 + #endif 183 183 + 184 184 + #ifdef LTC_SPRNG 185 185 + int sprng_start(prng_state *prng); 186 186 + int sprng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); 187 187 + int sprng_ready(prng_state *prng); 188 188 + unsigned long sprng_read(unsigned char *out, unsigned long outlen, prng_state *prng); 189 189 + int sprng_done(prng_state *prng); 190 190 + int sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng); 191 191 + int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng); 192 192 + int sprng_test(void); 193 193 + extern const struct ltc_prng_descriptor sprng_desc; 194 194 + #endif 195 195 + 196 196 + #ifdef LTC_SOBER128 197 197 + int sober128_start(prng_state *prng); 198 198 + int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); 199 199 + int sober128_ready(prng_state *prng); 200 200 + unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state *prng); 201 201 + int sober128_done(prng_state *prng); 202 202 + int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng); 203 203 + int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng); 204 204 + int sober128_test(void); 205 205 + extern const struct ltc_prng_descriptor sober128_desc; 206 206 + #endif 207 207 + 208 208 + int find_prng(const char *name); 209 209 + int register_prng(const struct ltc_prng_descriptor *prng); 210 210 + int unregister_prng(const struct ltc_prng_descriptor *prng); 211 211 + int register_all_prngs(void); 212 212 + int prng_is_valid(int idx); 213 213 + LTC_MUTEX_PROTO(ltc_prng_mutex) 214 214 + 215 215 + /* Slow RNG you **might** be able to use to seed a PRNG with. Be careful as this 216 216 + * might not work on all platforms as planned 217 217 + */ 218 218 + unsigned long rng_get_bytes(unsigned char *out, 219 219 + unsigned long outlen, 220 220 + void (*callback)(void)); 221 221 + 222 222 + int rng_make_prng(int bits, int wprng, prng_state *prng, void (*callback)(void)); 223 223 + 224 224 + #ifdef LTC_PRNG_ENABLE_LTC_RNG 225 225 + extern unsigned long (*ltc_rng)(unsigned char *out, unsigned long outlen, 226 226 + void (*callback)(void)); 227 227 + #endif 228 228 + 229 229 + 230 230 + /* ref: HEAD -> master, tag: v1.18.2 */ 231 231 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 232 232 + /* commit time: 2018-07-01 22:49:01 +0200 */

+87

utils/tomcrypt/src/misc/compare_testvector.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + 10 10 + #include "tomcrypt.h" 11 11 + 12 12 + /** 13 13 + @file compare_testvector.c 14 14 + Function to compare two testvectors and print a (detailed) error-message if required, Steffen Jaeckel 15 15 + */ 16 16 + 17 17 + #if defined(LTC_TEST) && defined(LTC_TEST_DBG) 18 18 + static void _print_hex(const char* what, const void* v, const unsigned long l) 19 19 + { 20 20 + const unsigned char* p = v; 21 21 + unsigned long x, y = 0, z; 22 22 + fprintf(stderr, "%s contents: \n", what); 23 23 + for (x = 0; x < l; ) { 24 24 + fprintf(stderr, "%02X ", p[x]); 25 25 + if (!(++x % 16) || x == l) { 26 26 + if((x % 16) != 0) { 27 27 + z = 16 - (x % 16); 28 28 + if(z >= 8) 29 29 + fprintf(stderr, " "); 30 30 + for (; z != 0; --z) { 31 31 + fprintf(stderr, " "); 32 32 + } 33 33 + } 34 34 + fprintf(stderr, " | "); 35 35 + for(; y < x; y++) { 36 36 + if((y % 8) == 0) 37 37 + fprintf(stderr, " "); 38 38 + if(isgraph(p[y])) 39 39 + fprintf(stderr, "%c", p[y]); 40 40 + else 41 41 + fprintf(stderr, "."); 42 42 + } 43 43 + fprintf(stderr, "\n"); 44 44 + } 45 45 + else if((x % 8) == 0) { 46 46 + fprintf(stderr, " "); 47 47 + } 48 48 + } 49 49 + } 50 50 + #endif 51 51 + 52 52 + /** 53 53 + Compare two test-vectors 54 54 + 55 55 + @param is The data as it is 56 56 + @param is_len The length of is 57 57 + @param should The data as it should 58 58 + @param should_len The length of should 59 59 + @param what The type of the data 60 60 + @param which The iteration count 61 61 + @return 0 on equality, -1 or 1 on difference 62 62 + */ 63 63 + int compare_testvector(const void* is, const unsigned long is_len, const void* should, const unsigned long should_len, const char* what, int which) 64 64 + { 65 65 + int res = 0; 66 66 + if(is_len != should_len) 67 67 + res = is_len > should_len ? -1 : 1; 68 68 + else 69 69 + res = XMEMCMP(is, should, is_len); 70 70 + 71 71 + #if defined(LTC_TEST) && defined(LTC_TEST_DBG) 72 72 + if (res != 0) { 73 73 + fprintf(stderr, "Testvector #%i of %s failed:\n", which, what); 74 74 + _print_hex("SHOULD", should, should_len); 75 75 + _print_hex("IS ", is, is_len); 76 76 + } 77 77 + #else 78 78 + LTC_UNUSED_PARAM(which); 79 79 + LTC_UNUSED_PARAM(what); 80 80 + #endif 81 81 + 82 82 + return res; 83 83 + } 84 84 + 85 85 + /* ref: HEAD -> master, tag: v1.18.2 */ 86 86 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 87 87 + /* commit time: 2018-07-01 22:49:01 +0200 */

+27

utils/tomcrypt/src/misc/crypt/crypt_argchk.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + #include "tomcrypt.h" 10 10 + 11 11 + /** 12 12 + @file crypt_argchk.c 13 13 + Perform argument checking, Tom St Denis 14 14 + */ 15 15 + 16 16 + #if (ARGTYPE == 0) 17 17 + void crypt_argchk(const char *v, const char *s, int d) 18 18 + { 19 19 + fprintf(stderr, "LTC_ARGCHK '%s' failure on line %d of file %s\n", 20 20 + v, d, s); 21 21 + abort(); 22 22 + } 23 23 + #endif 24 24 + 25 25 + /* ref: HEAD -> master, tag: v1.18.2 */ 26 26 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 27 27 + /* commit time: 2018-07-01 22:49:01 +0200 */

+25

utils/tomcrypt/src/misc/crypt/crypt_cipher_descriptor.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + #include "tomcrypt.h" 10 10 + 11 11 + /** 12 12 + @file crypt_cipher_descriptor.c 13 13 + Stores the cipher descriptor table, Tom St Denis 14 14 + */ 15 15 + 16 16 + struct ltc_cipher_descriptor cipher_descriptor[TAB_SIZE] = { 17 17 + { NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } 18 18 + }; 19 19 + 20 20 + LTC_MUTEX_GLOBAL(ltc_cipher_mutex) 21 21 + 22 22 + 23 23 + /* ref: HEAD -> master, tag: v1.18.2 */ 24 24 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 25 25 + /* commit time: 2018-07-01 22:49:01 +0200 */

+34

utils/tomcrypt/src/misc/crypt/crypt_cipher_is_valid.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + #include "tomcrypt.h" 10 10 + 11 11 + /** 12 12 + @file crypt_cipher_is_valid.c 13 13 + Determine if cipher is valid, Tom St Denis 14 14 + */ 15 15 + 16 16 + /* 17 17 + Test if a cipher index is valid 18 18 + @param idx The index of the cipher to search for 19 19 + @return CRYPT_OK if valid 20 20 + */ 21 21 + int cipher_is_valid(int idx) 22 22 + { 23 23 + LTC_MUTEX_LOCK(&ltc_cipher_mutex); 24 24 + if (idx < 0 || idx >= TAB_SIZE || cipher_descriptor[idx].name == NULL) { 25 25 + LTC_MUTEX_UNLOCK(&ltc_cipher_mutex); 26 26 + return CRYPT_INVALID_CIPHER; 27 27 + } 28 28 + LTC_MUTEX_UNLOCK(&ltc_cipher_mutex); 29 29 + return CRYPT_OK; 30 30 + } 31 31 + 32 32 + /* ref: HEAD -> master, tag: v1.18.2 */ 33 33 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 34 34 + /* commit time: 2018-07-01 22:49:01 +0200 */

+52

utils/tomcrypt/src/misc/crypt/crypt_register_cipher.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + #include "tomcrypt.h" 10 10 + 11 11 + /** 12 12 + @file crypt_register_cipher.c 13 13 + Register a cipher, Tom St Denis 14 14 + */ 15 15 + 16 16 + /** 17 17 + Register a cipher with the descriptor table 18 18 + @param cipher The cipher you wish to register 19 19 + @return value >= 0 if successfully added (or already present), -1 if unsuccessful 20 20 + */ 21 21 + int register_cipher(const struct ltc_cipher_descriptor *cipher) 22 22 + { 23 23 + int x; 24 24 + 25 25 + LTC_ARGCHK(cipher != NULL); 26 26 + 27 27 + /* is it already registered? */ 28 28 + LTC_MUTEX_LOCK(&ltc_cipher_mutex); 29 29 + for (x = 0; x < TAB_SIZE; x++) { 30 30 + if (cipher_descriptor[x].name != NULL && cipher_descriptor[x].ID == cipher->ID) { 31 31 + LTC_MUTEX_UNLOCK(&ltc_cipher_mutex); 32 32 + return x; 33 33 + } 34 34 + } 35 35 + 36 36 + /* find a blank spot */ 37 37 + for (x = 0; x < TAB_SIZE; x++) { 38 38 + if (cipher_descriptor[x].name == NULL) { 39 39 + XMEMCPY(&cipher_descriptor[x], cipher, sizeof(struct ltc_cipher_descriptor)); 40 40 + LTC_MUTEX_UNLOCK(&ltc_cipher_mutex); 41 41 + return x; 42 42 + } 43 43 + } 44 44 + 45 45 + /* no spot */ 46 46 + LTC_MUTEX_UNLOCK(&ltc_cipher_mutex); 47 47 + return -1; 48 48 + } 49 49 + 50 50 + /* ref: HEAD -> master, tag: v1.18.2 */ 51 51 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 52 52 + /* commit time: 2018-07-01 22:49:01 +0200 */

+32

utils/tomcrypt/src/misc/zeromem.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + #include "tomcrypt.h" 10 10 + 11 11 + /** 12 12 + @file zeromem.c 13 13 + Zero a block of memory, Tom St Denis 14 14 + */ 15 15 + 16 16 + /** 17 17 + Zero a block of memory 18 18 + @param out The destination of the area to zero 19 19 + @param outlen The length of the area to zero (octets) 20 20 + */ 21 21 + void zeromem(volatile void *out, size_t outlen) 22 22 + { 23 23 + volatile char *mem = out; 24 24 + LTC_ARGCHKVD(out != NULL); 25 25 + while (outlen-- > 0) { 26 26 + *mem++ = '\0'; 27 27 + } 28 28 + } 29 29 + 30 30 + /* ref: HEAD -> master, tag: v1.18.2 */ 31 31 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 32 32 + /* commit time: 2018-07-01 22:49:01 +0200 */

+95

utils/tomcrypt/src/modes/cbc/cbc_decrypt.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + #include "tomcrypt.h" 10 10 + 11 11 + /** 12 12 + @file cbc_decrypt.c 13 13 + CBC implementation, encrypt block, Tom St Denis 14 14 + */ 15 15 + 16 16 + 17 17 + #ifdef LTC_CBC_MODE 18 18 + 19 19 + /** 20 20 + CBC decrypt 21 21 + @param ct Ciphertext 22 22 + @param pt [out] Plaintext 23 23 + @param len The number of bytes to process (must be multiple of block length) 24 24 + @param cbc CBC state 25 25 + @return CRYPT_OK if successful 26 26 + */ 27 27 + int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CBC *cbc) 28 28 + { 29 29 + int x, err; 30 30 + unsigned char tmp[16]; 31 31 + #ifdef LTC_FAST 32 32 + LTC_FAST_TYPE tmpy; 33 33 + #else 34 34 + unsigned char tmpy; 35 35 + #endif 36 36 + 37 37 + LTC_ARGCHK(pt != NULL); 38 38 + LTC_ARGCHK(ct != NULL); 39 39 + LTC_ARGCHK(cbc != NULL); 40 40 + 41 41 + if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { 42 42 + return err; 43 43 + } 44 44 + 45 45 + /* is blocklen valid? */ 46 46 + if (cbc->blocklen < 1 || cbc->blocklen > (int)sizeof(cbc->IV) || cbc->blocklen > (int)sizeof(tmp)) { 47 47 + return CRYPT_INVALID_ARG; 48 48 + } 49 49 + 50 50 + if (len % cbc->blocklen) { 51 51 + return CRYPT_INVALID_ARG; 52 52 + } 53 53 + #ifdef LTC_FAST 54 54 + if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) { 55 55 + return CRYPT_INVALID_ARG; 56 56 + } 57 57 + #endif 58 58 + 59 59 + if (cipher_descriptor[cbc->cipher].accel_cbc_decrypt != NULL) { 60 60 + return cipher_descriptor[cbc->cipher].accel_cbc_decrypt(ct, pt, len / cbc->blocklen, cbc->IV, &cbc->key); 61 61 + } else { 62 62 + while (len) { 63 63 + /* decrypt */ 64 64 + if ((err = cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key)) != CRYPT_OK) { 65 65 + return err; 66 66 + } 67 67 + 68 68 + /* xor IV against plaintext */ 69 69 + #if defined(LTC_FAST) 70 70 + for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { 71 71 + tmpy = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) ^ *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)tmp + x)); 72 72 + *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)); 73 73 + *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)) = tmpy; 74 74 + } 75 75 + #else 76 76 + for (x = 0; x < cbc->blocklen; x++) { 77 77 + tmpy = tmp[x] ^ cbc->IV[x]; 78 78 + cbc->IV[x] = ct[x]; 79 79 + pt[x] = tmpy; 80 80 + } 81 81 + #endif 82 82 + 83 83 + ct += cbc->blocklen; 84 84 + pt += cbc->blocklen; 85 85 + len -= cbc->blocklen; 86 86 + } 87 87 + } 88 88 + return CRYPT_OK; 89 89 + } 90 90 + 91 91 + #endif 92 92 + 93 93 + /* ref: HEAD -> master, tag: v1.18.2 */ 94 94 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 95 95 + /* commit time: 2018-07-01 22:49:01 +0200 */

+96

utils/tomcrypt/src/modes/cbc/cbc_encrypt.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + #include "tomcrypt.h" 10 10 + 11 11 + /** 12 12 + @file cbc_encrypt.c 13 13 + CBC implementation, encrypt block, Tom St Denis 14 14 + */ 15 15 + 16 16 + 17 17 + #ifdef LTC_CBC_MODE 18 18 + 19 19 + /** 20 20 + CBC encrypt 21 21 + @param pt Plaintext 22 22 + @param ct [out] Ciphertext 23 23 + @param len The number of bytes to process (must be multiple of block length) 24 24 + @param cbc CBC state 25 25 + @return CRYPT_OK if successful 26 26 + */ 27 27 + int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc) 28 28 + { 29 29 + int x, err; 30 30 + 31 31 + LTC_ARGCHK(pt != NULL); 32 32 + LTC_ARGCHK(ct != NULL); 33 33 + LTC_ARGCHK(cbc != NULL); 34 34 + 35 35 + if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { 36 36 + return err; 37 37 + } 38 38 + 39 39 + /* is blocklen valid? */ 40 40 + if (cbc->blocklen < 1 || cbc->blocklen > (int)sizeof(cbc->IV)) { 41 41 + return CRYPT_INVALID_ARG; 42 42 + } 43 43 + 44 44 + if (len % cbc->blocklen) { 45 45 + return CRYPT_INVALID_ARG; 46 46 + } 47 47 + #ifdef LTC_FAST 48 48 + if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) { 49 49 + return CRYPT_INVALID_ARG; 50 50 + } 51 51 + #endif 52 52 + 53 53 + if (cipher_descriptor[cbc->cipher].accel_cbc_encrypt != NULL) { 54 54 + return cipher_descriptor[cbc->cipher].accel_cbc_encrypt(pt, ct, len / cbc->blocklen, cbc->IV, &cbc->key); 55 55 + } else { 56 56 + while (len) { 57 57 + /* xor IV against plaintext */ 58 58 + #if defined(LTC_FAST) 59 59 + for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { 60 60 + *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) ^= *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)); 61 61 + } 62 62 + #else 63 63 + for (x = 0; x < cbc->blocklen; x++) { 64 64 + cbc->IV[x] ^= pt[x]; 65 65 + } 66 66 + #endif 67 67 + 68 68 + /* encrypt */ 69 69 + if ((err = cipher_descriptor[cbc->cipher].ecb_encrypt(cbc->IV, ct, &cbc->key)) != CRYPT_OK) { 70 70 + return err; 71 71 + } 72 72 + 73 73 + /* store IV [ciphertext] for a future block */ 74 74 + #if defined(LTC_FAST) 75 75 + for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { 76 76 + *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)); 77 77 + } 78 78 + #else 79 79 + for (x = 0; x < cbc->blocklen; x++) { 80 80 + cbc->IV[x] = ct[x]; 81 81 + } 82 82 + #endif 83 83 + 84 84 + ct += cbc->blocklen; 85 85 + pt += cbc->blocklen; 86 86 + len -= cbc->blocklen; 87 87 + } 88 88 + } 89 89 + return CRYPT_OK; 90 90 + } 91 91 + 92 92 + #endif 93 93 + 94 94 + /* ref: HEAD -> master, tag: v1.18.2 */ 95 95 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 96 96 + /* commit time: 2018-07-01 22:49:01 +0200 */

+60

utils/tomcrypt/src/modes/cbc/cbc_start.c

reviewed

··· 1 1 + /* LibTomCrypt, modular cryptographic library -- Tom St Denis 2 2 + * 3 3 + * LibTomCrypt is a library that provides various cryptographic 4 4 + * algorithms in a highly modular and flexible manner. 5 5 + * 6 6 + * The library is free for all purposes without any express 7 7 + * guarantee it works. 8 8 + */ 9 9 + #include "tomcrypt.h" 10 10 + 11 11 + /** 12 12 + @file cbc_start.c 13 13 + CBC implementation, start chain, Tom St Denis 14 14 + */ 15 15 + 16 16 + #ifdef LTC_CBC_MODE 17 17 + 18 18 + /** 19 19 + Initialize a CBC context 20 20 + @param cipher The index of the cipher desired 21 21 + @param IV The initialization vector 22 22 + @param key The secret key 23 23 + @param keylen The length of the secret key (octets) 24 24 + @param num_rounds Number of rounds in the cipher desired (0 for default) 25 25 + @param cbc The CBC state to initialize 26 26 + @return CRYPT_OK if successful 27 27 + */ 28 28 + int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key, 29 29 + int keylen, int num_rounds, symmetric_CBC *cbc) 30 30 + { 31 31 + int x, err; 32 32 + 33 33 + LTC_ARGCHK(IV != NULL); 34 34 + LTC_ARGCHK(key != NULL); 35 35 + LTC_ARGCHK(cbc != NULL); 36 36 + 37 37 + /* bad param? */ 38 38 + if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { 39 39 + return err; 40 40 + } 41 41 + 42 42 + /* setup cipher */ 43 43 + if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cbc->key)) != CRYPT_OK) { 44 44 + return err; 45 45 + } 46 46 + 47 47 + /* copy IV */ 48 48 + cbc->blocklen = cipher_descriptor[cipher].block_length; 49 49 + cbc->cipher = cipher; 50 50 + for (x = 0; x < cbc->blocklen; x++) { 51 51 + cbc->IV[x] = IV[x]; 52 52 + } 53 53 + return CRYPT_OK; 54 54 + } 55 55 + 56 56 + #endif 57 57 + 58 58 + /* ref: HEAD -> master, tag: v1.18.2 */ 59 59 + /* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */ 60 60 + /* commit time: 2018-07-01 22:49:01 +0200 */