added libtomcrypt-0.93
This commit is contained in:
parent
033cec5f75
commit
53f7f3badd
11
aes.c
11
aes.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* AES implementation by Tom St Denis
|
||||
*
|
||||
* Derived from the Public Domain source code by
|
||||
|
10
aes_tab.c
10
aes_tab.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* The precomputed tables for AES */
|
||||
/*
|
||||
Te0[x] = S [x].[02, 01, 01, 03];
|
||||
|
10
base64.c
10
base64.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* compliant base64 code donated by Wayne Scott (wscott@bitmover.com) */
|
||||
#include "mycrypt.h"
|
||||
|
||||
|
53
bits.c
53
bits.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* portable way to get secure random bits to feed a PRNG */
|
||||
#include "mycrypt.h"
|
||||
|
||||
@ -35,45 +45,8 @@ static unsigned long rng_nix(unsigned char *buf, unsigned long len,
|
||||
|
||||
#endif /* DEVRANDOM */
|
||||
|
||||
#ifdef SONY_PS2
|
||||
#include <eetypes.h>
|
||||
#include <eeregs.h>
|
||||
#define min(a,b) ((a) < (b) ? (a) : (b))
|
||||
// Very simple/stupid MD5-based RNG that samples "entropy" from various PS2 control registers
|
||||
static unsigned long rng_ps2(unsigned char *buf, unsigned long len,
|
||||
void (*callback)(void))
|
||||
{
|
||||
static unsigned long lastx[2] = { 0xaab7cb4b2fd3b2b9, 0xcec58aff72afe49f }; // md5sum of bits.c
|
||||
unsigned long j;
|
||||
unsigned int samples[10]; // number of sample data sources
|
||||
int l;
|
||||
hash_state md;
|
||||
|
||||
for (j = 0; j < len; j += sizeof(lastx)) {
|
||||
md5_init(&md);
|
||||
samples[0] = *T2_COUNT;
|
||||
samples[1] = *T3_COUNT;
|
||||
samples[2] = *IPU_TOP;
|
||||
samples[3] = *GIF_TAG0;
|
||||
samples[4] = *GIF_TAG1;
|
||||
samples[5] = *GIF_TAG2;
|
||||
samples[6] = *VIF1_CODE;
|
||||
samples[7] = *VIF0_CODE;
|
||||
samples[8] = *D0_MADR;
|
||||
samples[9] = *D1_MADR;
|
||||
md5_process(&md, (unsigned char *)(&samples[0]), sizeof(samples));
|
||||
// include previous round
|
||||
md5_process(&md, (unsigned char *)(&lastx[0]), sizeof(lastx));
|
||||
md5_done(&md, (unsigned char *)(&lastx[0]));
|
||||
l = min(sizeof(lastx), len-j);
|
||||
memcpy(buf+j, &lastx[0], l); //min(sizeof(lastx), len-j));
|
||||
}
|
||||
return len;
|
||||
}
|
||||
#endif /* SONY_PS2 */
|
||||
|
||||
/* on ANSI C platforms with 100 < CLOCKS_PER_SEC < 10000 */
|
||||
#if !defined(SONY_PS2) && defined(CLOCKS_PER_SEC)
|
||||
#if defined(CLOCKS_PER_SEC)
|
||||
|
||||
#define ANSI_RNG
|
||||
|
||||
@ -143,9 +116,7 @@ unsigned long rng_get_bytes(unsigned char *buf, unsigned long len,
|
||||
|
||||
_ARGCHK(buf != NULL);
|
||||
|
||||
#ifdef SONY_PS2
|
||||
x = rng_ps2(buf, len, callback); if (x != 0) { return x; }
|
||||
#elif defined(DEVRANDOM)
|
||||
#if defined(DEVRANDOM)
|
||||
x = rng_nix(buf, len, callback); if (x != 0) { return x; }
|
||||
#endif
|
||||
#ifdef WIN32
|
||||
|
22
blowfish.c
22
blowfish.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef BLOWFISH
|
||||
@ -350,7 +360,11 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds,
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#ifndef __GNUC__
|
||||
#define F(x) ((S1[byte(x,3)] + S2[byte(x,2)]) ^ S3[byte(x,1)]) + S4[byte(x,0)]
|
||||
#else
|
||||
#define F(x) ((key->blowfish.S[0][byte(x,3)] + key->blowfish.S[1][byte(x,2)]) ^ key->blowfish.S[2][byte(x,1)]) + key->blowfish.S[3][byte(x,0)]
|
||||
#endif
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
static void _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key)
|
||||
@ -360,16 +374,20 @@ void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_
|
||||
{
|
||||
ulong32 L, R;
|
||||
int r;
|
||||
#ifndef __GNUC__
|
||||
ulong32 *S1, *S2, *S3, *S4;
|
||||
#endif
|
||||
|
||||
_ARGCHK(pt != NULL);
|
||||
_ARGCHK(ct != NULL);
|
||||
_ARGCHK(key != NULL);
|
||||
|
||||
#ifndef __GNUC__
|
||||
S1 = key->blowfish.S[0];
|
||||
S2 = key->blowfish.S[1];
|
||||
S3 = key->blowfish.S[2];
|
||||
S4 = key->blowfish.S[3];
|
||||
#endif
|
||||
|
||||
/* load it */
|
||||
LOAD32H(L, &pt[0]);
|
||||
@ -408,16 +426,20 @@ void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_
|
||||
{
|
||||
ulong32 L, R;
|
||||
int r;
|
||||
#ifndef __GNUC__
|
||||
ulong32 *S1, *S2, *S3, *S4;
|
||||
#endif
|
||||
|
||||
_ARGCHK(pt != NULL);
|
||||
_ARGCHK(ct != NULL);
|
||||
_ARGCHK(key != NULL);
|
||||
|
||||
#ifndef __GNUC__
|
||||
S1 = key->blowfish.S[0];
|
||||
S2 = key->blowfish.S[1];
|
||||
S3 = key->blowfish.S[2];
|
||||
S4 = key->blowfish.S[3];
|
||||
#endif
|
||||
|
||||
/* load it */
|
||||
LOAD32H(R, &ct[0]);
|
||||
|
10
cast5.c
10
cast5.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* Implementation of CAST5 (RFC 2144) by Tom St Denis */
|
||||
#include "mycrypt.h"
|
||||
|
||||
|
10
cbc.c
10
cbc.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef CBC
|
||||
|
10
cfb.c
10
cfb.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef CFB
|
||||
|
19
changes
19
changes
@ -1,3 +1,22 @@
|
||||
Jan 25th, 2004
|
||||
v0.93 -- [note: deleted v0.93 changes by accident... recreating from memory...]
|
||||
-- Fix to RC2 to not deference pointer before ARGCHK
|
||||
-- Fix to NOEKEON to match published test vectors as well as cleaned up the code a bit
|
||||
-- Optimized Twofish [down to 28 cycles/byte on my box] and Blowfish
|
||||
-- Fix to OMAC to test cipher block size first [prevents wasting any time]
|
||||
-- Added more OMAC test vectors
|
||||
-- Added EAX Encrypt+Authenticate support
|
||||
-- Fix to DSA to check return of a few LTM functions I forgot [mp_to_unsigned_bin]
|
||||
-- Added common headers to all C files
|
||||
-- CTR mode supports big and little [default] endian counters now.
|
||||
-- fix to find_cipher_any() so that it can handle a fragmented cipher_descriptor table.
|
||||
-- added find_hash_any() akin to find_cipher_any().
|
||||
-- Added EAX code to demos/tv_gen.c Hazaa!
|
||||
-- Removed SONY defines and files from codebase.
|
||||
-- Added OCB support [patents be damned] and to demos/tv_gen.c
|
||||
-- Merge all of the INPUT/OUTPUT BIGNUM macros (less toc) into mycrypt_pk.h
|
||||
-- Made appropriate changes to the debug string in crypt.c
|
||||
|
||||
Dec 24th, 2003
|
||||
v0.92 -- Updated the config.pl script so the options have more details.
|
||||
-- Updated demos/tv_gen to include RIPEMD hashes
|
||||
|
@ -62,6 +62,8 @@
|
||||
"RIPEMD160,Include RIPEMD-160 one-way hash,y",
|
||||
"HMAC,Include Hash based Message Authentication Support,y",
|
||||
"OMAC,Include OMAC1 Message Authentication Support,y",
|
||||
"EAX_MODE,Include EAX Encrypt-and-Authenticate Support,y",
|
||||
"OCB_MODE,Include OCB Encrypt-and-Authenticate Support,y",
|
||||
|
||||
"BASE64,Include Base64 encoding support,y",
|
||||
|
||||
@ -151,7 +153,7 @@ for (@settings) {
|
||||
|
||||
# output objects
|
||||
print OUT "\ndefault: library\n\n";
|
||||
print OUT "OBJECTS = keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o des.o safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o mpi.o prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o\n\n";
|
||||
print OUT "OBJECTS = keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o des.o safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o mpi.o prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o eax.o ocb.o \n\n";
|
||||
|
||||
# some depends
|
||||
print OUT "rsa.o: rsa_sys.c\ndh.o: dh_sys.c\necc.o: ecc_sys.c\naes.o: aes.c aes_tab.c\ntwofish.o: twofish.c twofish_tab.c\nsha512.o: sha384.c sha512.c\nsha256.o: sha256.c sha224.c\n\n";
|
||||
|
56
crypt.c
56
crypt.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
#include <signal.h>
|
||||
|
||||
@ -109,13 +119,8 @@ struct _prng_descriptor prng_descriptor[TAB_SIZE] = {
|
||||
#if (ARGTYPE == 0)
|
||||
void crypt_argchk(char *v, char *s, int d)
|
||||
{
|
||||
#ifdef SONY_PS2
|
||||
printf("_ARGCHK '%s' failure on line %d of file %s\n",
|
||||
v, d, s);
|
||||
#else
|
||||
fprintf(stderr, "_ARGCHK '%s' failure on line %d of file %s\n",
|
||||
v, d, s);
|
||||
#endif
|
||||
(void)raise(SIGABRT);
|
||||
}
|
||||
#endif
|
||||
@ -189,7 +194,10 @@ int find_cipher_any(const char *name, int blocklen, int keylen)
|
||||
x = find_cipher(name);
|
||||
if (x != -1) return x;
|
||||
|
||||
for (x = 0; cipher_descriptor[x].name != NULL && x < TAB_SIZE; x++) {
|
||||
for (x = 0; x < TAB_SIZE; x++) {
|
||||
if (cipher_descriptor[x].name == NULL) {
|
||||
continue;
|
||||
}
|
||||
if (blocklen <= (int)cipher_descriptor[x].block_length && keylen <= (int)cipher_descriptor[x].max_key_length) {
|
||||
return x;
|
||||
}
|
||||
@ -197,6 +205,30 @@ int find_cipher_any(const char *name, int blocklen, int keylen)
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* return first hash with at least [amount over] digestlen bytes of output */
|
||||
int find_hash_any(const char *name, int digestlen)
|
||||
{
|
||||
int x, y, z;
|
||||
_ARGCHK(name != NULL);
|
||||
|
||||
x = find_hash(name);
|
||||
if (x != -1) return x;
|
||||
|
||||
y = MAXBLOCKSIZE+1;
|
||||
z = -1;
|
||||
for (x = 0; x < TAB_SIZE; x++) {
|
||||
if (hash_descriptor[x].name == NULL) {
|
||||
continue;
|
||||
}
|
||||
if ((int)hash_descriptor[x].hashsize >= digestlen && (int)hash_descriptor[x].hashsize < y) {
|
||||
z = x;
|
||||
y = hash_descriptor[x].hashsize;
|
||||
}
|
||||
}
|
||||
return z;
|
||||
}
|
||||
|
||||
|
||||
int register_cipher(const struct _cipher_descriptor *cipher)
|
||||
{
|
||||
int x;
|
||||
@ -494,6 +526,9 @@ const char *crypt_build_settings =
|
||||
#if defined(MECC)
|
||||
" ECC\n"
|
||||
#endif
|
||||
#if defined(MDSA)
|
||||
" DSA\n"
|
||||
#endif
|
||||
#if defined(KR)
|
||||
" KR\n"
|
||||
#endif
|
||||
@ -528,6 +563,15 @@ const char *crypt_build_settings =
|
||||
#if defined(HMAC)
|
||||
" HMAC "
|
||||
#endif
|
||||
#if defined(OMAC)
|
||||
" OMAC "
|
||||
#endif
|
||||
#if defined(EAX_MODE)
|
||||
" EAX_MODE "
|
||||
#endif
|
||||
#if defined(OCB_MODE)
|
||||
" OCB_MODE "
|
||||
#endif
|
||||
#if defined(TRY_UNRANDOM_FIRST)
|
||||
" TRY_UNRANDOM_FIRST "
|
||||
#endif
|
||||
|
@ -24,6 +24,9 @@
|
||||
\BOOKMARK [2][-]{subsection.3.4.1}{Background}{section.3.4}
|
||||
\BOOKMARK [2][-]{subsection.3.4.2}{Choice of Mode}{section.3.4}
|
||||
\BOOKMARK [2][-]{subsection.3.4.3}{Implementation}{section.3.4}
|
||||
\BOOKMARK [1][-]{section.3.5}{Encrypt and Authenticate Modes}{chapter.3}
|
||||
\BOOKMARK [2][-]{subsection.3.5.1}{EAX Mode}{section.3.5}
|
||||
\BOOKMARK [2][-]{subsection.3.5.2}{OCB Mode}{section.3.5}
|
||||
\BOOKMARK [0][-]{chapter.4}{One-Way Cryptographic Hash Functions}{}
|
||||
\BOOKMARK [1][-]{section.4.1}{Core Functions}{chapter.4}
|
||||
\BOOKMARK [1][-]{section.4.2}{Hash Descriptors}{chapter.4}
|
||||
|
170
crypt.tex
170
crypt.tex
@ -47,7 +47,7 @@
|
||||
\def\gap{\vspace{0.5ex}}
|
||||
\makeindex
|
||||
\begin{document}
|
||||
\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.92}
|
||||
\title{A Tiny Crypto Library, \\ LibTomCrypt \\ Version 0.93}
|
||||
\author{Tom St Denis \\
|
||||
Algonquin College \\
|
||||
\\
|
||||
@ -784,6 +784,174 @@ int main(void)
|
||||
\end{verbatim}
|
||||
\end{small}
|
||||
|
||||
\section{Encrypt and Authenticate Modes}
|
||||
|
||||
\subsection{EAX Mode}
|
||||
LibTomCrypt provides support for a mode called EAX\footnote{See
|
||||
M. Bellare, P. Rogaway, D. Wagner, A Conventional Authenticated-Encryption Mode.} in a manner similar to the
|
||||
way it was intended to be used.
|
||||
|
||||
First a short description of what EAX mode is before I explain how to use it. EAX is a mode that requires a cipher,
|
||||
CTR and OMAC support and provides encryption and authentication. It is initialized with a random ``nonce'' that can
|
||||
be shared publicly as well as a ``header'' which can be fixed and public as well as a random secret symmetric key.
|
||||
|
||||
The ``header'' data is meant to be meta-data associated with a stream that isn't private (e.g. protocol messages). It can
|
||||
be added at anytime during an EAX stream and is part of the authentication tag. That is, changes in the meta-data can
|
||||
be detected by an invalid output tag.
|
||||
|
||||
The mode can then process plaintext producing ciphertext as well as compute a partial checksum. The actual checksum
|
||||
called a ``tag'' is only emitted when the message is finished. In the interim though the user can process any arbitrary
|
||||
sized message block to send to the recipient as ciphertext. This makes the EAX mode especially suited for streaming modes
|
||||
of operation.
|
||||
|
||||
The mode is initialized with the following function.
|
||||
\begin{verbatim}
|
||||
int eax_init(eax_state *eax, int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce, unsigned long noncelen,
|
||||
const unsigned char *header, unsigned long headerlen);
|
||||
\end{verbatim}
|
||||
|
||||
Where ``eax'' is the EAX state. ``cipher'' is the index of the desired cipher in the descriptor table.
|
||||
``key'' is the shared secret symmetric key of length ``keylen''. ``nonce'' is the random public string of
|
||||
length ``noncelen''. ``header'' is the random (or fixed or \textbf{NULL}) header for the message of length
|
||||
``headerlen''.
|
||||
|
||||
When this function completes ``eax'' will be initialized such that you can now either have data decrypted or
|
||||
encrypted in EAX mode. Note that if ``headerlen'' is zero you may pass ``header'' as \textbf{NULL}. It will still
|
||||
initialize the EAX ``H'' value to the correct value.
|
||||
|
||||
To encrypt or decrypt data in a streaming mode use the following.
|
||||
\begin{verbatim}
|
||||
int eax_encrypt(eax_state *eax, const unsigned char *pt,
|
||||
unsigned char *ct, unsigned long length);
|
||||
|
||||
int eax_decrypt(eax_state *eax, const unsigned char *ct,
|
||||
unsigned char *pt, unsigned long length);
|
||||
\end{verbatim}
|
||||
The function ``eax\_encrypt'' will encrypt the bytes in ``pt'' of ``length'' bytes and store the ciphertext in
|
||||
``ct''. Note that ``ct'' and ``pt'' may be the same region in memory. This function will also send the ciphertext
|
||||
through the OMAC function. The function ``eax\_decrypt'' decrypts ``ct'' and stores it in ``pt''. This also allows
|
||||
``pt'' and ``ct'' to be the same region in memory.
|
||||
|
||||
Note that both of these functions allow you to send the data in any granularity but the order is important. While
|
||||
the eax\_init() function allows you to add initial header data to the stream you can also add header data during the
|
||||
EAX stream with the following.
|
||||
|
||||
Also note that you cannot both encrypt or decrypt with the same ``eax'' context. For bi-directional communication you
|
||||
will need to initialize two EAX contexts (preferably with different headers and nonces).
|
||||
|
||||
\begin{verbatim}
|
||||
int eax_addheader(eax_state *eax,
|
||||
const unsigned char *header, unsigned long length);
|
||||
\end{verbatim}
|
||||
|
||||
This will add the ``length'' bytes from ``header'' to the given ``eax'' stream. Once the message is finished the
|
||||
``tag'' (checksum) may be computed with the following function.
|
||||
|
||||
\begin{verbatim}
|
||||
int eax_done(eax_state *eax,
|
||||
unsigned char *tag, unsigned long *taglen);
|
||||
\end{verbatim}
|
||||
This will terminate the EAX state ``eax'' and store upto ``taglen'' bytes of the message tag in ``tag''. The function
|
||||
then stores how many bytes of the tag were written out back into ``taglen''.
|
||||
|
||||
The EAX mode code can be tested to ensure it matches the test vectors by calling the following function.
|
||||
\begin{verbatim}
|
||||
int eax_test(void);
|
||||
\end{verbatim}
|
||||
This requires that the AES (or Rijndael) block cipher be registered with the cipher\_descriptor table first.
|
||||
|
||||
\subsection{OCB Mode}
|
||||
LibTomCrypt provides support for a mode called OCB\footnote{See
|
||||
P. Rogaway, M. Bellare, J. Black, T. Krovetz, ``OCB: A Block Cipher Mode of Operation for Efficient Authenticated Encryption''.}
|
||||
in a mode somewhat similar to as it was meant to be used.
|
||||
|
||||
OCB is an encryption protocol that simultaneously provides authentication. It is slightly faster to use than EAX mode
|
||||
but is less flexible. Let's review how to initialize an OCB context.
|
||||
|
||||
\begin{verbatim}
|
||||
int ocb_init(ocb_state *ocb, int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce);
|
||||
\end{verbatim}
|
||||
|
||||
This will initialize the ``ocb'' context using cipher descriptor ``cipher''. It will use a ``key'' of length ``keylen''
|
||||
and the random ``nonce''. Note that ``nonce'' must be a random (public) string the same length as the block ciphers
|
||||
block size (e.g. 16 for AES).
|
||||
|
||||
This mode has no ``Associated Data'' like EAX mode does which means you cannot authenticate metadata along with the stream.
|
||||
To encrypt or decrypt data use the following.
|
||||
|
||||
\begin{verbatim}
|
||||
int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
|
||||
int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
|
||||
\end{verbatim}
|
||||
|
||||
This will encrypt (or decrypt for the latter) a fixed length of data from ``pt'' to ``ct'' (vice versa for the latter).
|
||||
They assume that ``pt'' and ``ct'' are the same size as the block cipher's block size. Note that you cannot call
|
||||
both functions given a single ``ocb'' state. For bi-directional communication you will have to initialize two ``ocb''
|
||||
states (with difference nonces). Also ``pt'' and ``ct'' may point to the same location in memory.
|
||||
|
||||
When you are finished encrypting the message you call the following function to compute the tag.
|
||||
|
||||
\begin{verbatim}
|
||||
int ocb_done_encrypt(ocb_state *ocb,
|
||||
const unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct,
|
||||
unsigned char *tag, unsigned long *taglen);
|
||||
\end{verbatim}
|
||||
|
||||
This will terminate an encrypt stream ``ocb''. If you have trailing bytes of plaintext that will not complete a block
|
||||
you can pass them here. This will also encrypt the ``ptlen'' bytes in ``pt'' and store them in ``ct''. It will also
|
||||
store upto ``taglen'' bytes of the tag into ``tag''.
|
||||
|
||||
Note that ``ptlen'' must be less than or equal to the block size of block cipher chosen. Also note that if you have
|
||||
an input message equal to the length of the block size then you pass the data here (not to ocb\_encrypt()) only.
|
||||
|
||||
To terminate a decrypt stream and compared the tag you call the following.
|
||||
|
||||
\begin{verbatim}
|
||||
int ocb_done_decrypt(ocb_state *ocb,
|
||||
const unsigned char *ct, unsigned long ctlen,
|
||||
unsigned char *pt,
|
||||
const unsigned char *tag, unsigned long taglen, int *res);
|
||||
\end{verbatim}
|
||||
|
||||
Similarly to the previous function you can pass trailing message bytes into this function. This will compute the
|
||||
tag of the message (internally) and then compare it against the ``taglen'' bytes of ``tag'' provided. By default
|
||||
``res'' is set to zero. If all ``taglen'' bytes of ``tag'' can be verified then ``res'' is set to one (authenticated
|
||||
message).
|
||||
|
||||
To make life simpler the following two functions are provided for memory bound OCB.
|
||||
|
||||
\begin{verbatim}
|
||||
int ocb_encrypt_authenticate_memory(int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce,
|
||||
const unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct,
|
||||
unsigned char *tag, unsigned long *taglen);
|
||||
\end{verbatim}
|
||||
|
||||
This will OCB encrypt the message ``pt'' of length ``ptlen'' and store the ciphertext in ``ct''. The length ``ptlen''
|
||||
can be any arbitrary length.
|
||||
|
||||
\begin{verbatim}
|
||||
int ocb_decrypt_verify_memory(int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce,
|
||||
const unsigned char *ct, unsigned long ctlen,
|
||||
unsigned char *pt,
|
||||
const unsigned char *tag, unsigned long taglen,
|
||||
int *res);
|
||||
\end{verbatim}
|
||||
|
||||
Similarly this will OCB decrypt and compare the internally computed tag against the tag provided. ``res'' is set
|
||||
appropriately.
|
||||
|
||||
|
||||
|
||||
\chapter{One-Way Cryptographic Hash Functions}
|
||||
\section{Core Functions}
|
||||
|
||||
|
30
ctr.c
30
ctr.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef CTR
|
||||
@ -25,6 +35,7 @@ int ctr_start(int cipher, const unsigned char *count, const unsigned char *key,
|
||||
ctr->blocklen = cipher_descriptor[cipher].block_length;
|
||||
ctr->cipher = cipher;
|
||||
ctr->padlen = 0;
|
||||
ctr->mode = 0;
|
||||
for (x = 0; x < ctr->blocklen; x++) {
|
||||
ctr->ctr[x] = count[x];
|
||||
}
|
||||
@ -54,10 +65,21 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
|
||||
/* is the pad empty? */
|
||||
if (ctr->padlen == ctr->blocklen) {
|
||||
/* increment counter */
|
||||
for (x = 0; x < ctr->blocklen; x++) {
|
||||
ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255;
|
||||
if (ctr->ctr[x] != (unsigned char)0) {
|
||||
break;
|
||||
if (ctr->mode == 0) {
|
||||
/* little-endian */
|
||||
for (x = 0; x < ctr->blocklen; x++) {
|
||||
ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255;
|
||||
if (ctr->ctr[x] != (unsigned char)0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
/* big-endian */
|
||||
for (x = ctr->blocklen-1; x >= 0; x--) {
|
||||
ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255;
|
||||
if (ctr->ctr[x] != (unsigned char)0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
12
demos/test.c
12
demos/test.c
@ -1837,11 +1837,21 @@ main (void)
|
||||
if (hmac_test() != CRYPT_OK) exit(EXIT_FAILURE);
|
||||
#endif
|
||||
|
||||
#ifdef HMAC
|
||||
#ifdef OMAC
|
||||
printf ("OMAC: %s\n", omac_test () == CRYPT_OK ? "passed" : "failed");
|
||||
if (omac_test() != CRYPT_OK) exit(EXIT_FAILURE);
|
||||
#endif
|
||||
|
||||
#ifdef EAX_MODE
|
||||
printf ("EAX : %s\n", eax_test () == CRYPT_OK ? "passed" : "failed");
|
||||
if (eax_test() != CRYPT_OK) exit(EXIT_FAILURE);
|
||||
#endif
|
||||
|
||||
#ifdef OCB_MODE
|
||||
printf ("OCB : %s\n", ocb_test () == CRYPT_OK ? "passed" : "failed");
|
||||
if (ocb_test() != CRYPT_OK) exit(EXIT_FAILURE);
|
||||
#endif
|
||||
|
||||
store_tests ();
|
||||
cipher_tests ();
|
||||
hash_tests ();
|
||||
|
@ -1,47 +0,0 @@
|
||||
; x86 timer in NASM
|
||||
;
|
||||
; Tom St Denis, tomstdenis@iahu.ca
|
||||
[bits 32]
|
||||
[section .data]
|
||||
time dd 0, 0
|
||||
|
||||
[section .text]
|
||||
|
||||
%ifdef USE_ELF
|
||||
[global t_start]
|
||||
t_start:
|
||||
%else
|
||||
[global _t_start]
|
||||
_t_start:
|
||||
%endif
|
||||
push eax
|
||||
push ebx
|
||||
push ecx
|
||||
push edx
|
||||
cpuid
|
||||
rdtsc
|
||||
mov [time+0],edx
|
||||
mov [time+4],eax
|
||||
pop edx
|
||||
pop ecx
|
||||
pop ebx
|
||||
pop eax
|
||||
ret
|
||||
|
||||
%ifdef USE_ELF
|
||||
[global t_read]
|
||||
t_read:
|
||||
%else
|
||||
[global _t_read]
|
||||
_t_read:
|
||||
%endif
|
||||
push ebx
|
||||
push ecx
|
||||
cpuid
|
||||
rdtsc
|
||||
sub eax,[time+4]
|
||||
sbb edx,[time+0]
|
||||
pop ecx
|
||||
pop ebx
|
||||
ret
|
||||
|
@ -1,7 +0,0 @@
|
||||
/*
|
||||
* The working version of this file can be found
|
||||
* at the PlayStation(r)2 Developer Network website
|
||||
* under the libtomcrypt project.
|
||||
*/
|
||||
|
||||
#error Please download the implemented version of this file from the PlayStation(r)2 Developer Network website
|
@ -1,51 +0,0 @@
|
||||
#ifndef __TIMER_H__
|
||||
#define __TIMER_H__
|
||||
/****************************************************************************
|
||||
*
|
||||
* Copyright (c) 2000, Sony Computer Entertainment of America Inc.
|
||||
* All rights reserved
|
||||
* SCEA Confidential
|
||||
*
|
||||
* Document: TIMER.H
|
||||
* Author: Ben Wiggins
|
||||
* Date: 7/15/2002
|
||||
* Header: Timer stuff
|
||||
*
|
||||
****************************************************************************/
|
||||
/*============================================================================
|
||||
= INTERFACE REQUIRED HEADERS
|
||||
============================================================================*/
|
||||
/*============================================================================
|
||||
= INTERFACE DEFINITIONS / ENUMERATIONS / SIMPLE TYPEDEFS
|
||||
============================================================================*/
|
||||
/*============================================================================
|
||||
= INTERFACE STRUCTURES / UTILITY CLASSES
|
||||
============================================================================*/
|
||||
/*============================================================================
|
||||
= INTERFACE DATA DECLARATIONS
|
||||
============================================================================*/
|
||||
/*============================================================================
|
||||
= INTERFACE FUNCTION PROTOTYPES
|
||||
============================================================================*/
|
||||
void TIMER_Init(void);
|
||||
void TIMER_Shutdown(void);
|
||||
double TIMER_GetTime(void);
|
||||
|
||||
#include <time.h>
|
||||
#ifdef CLOCKS_PER_SEC
|
||||
#undef CLOCKS_PER_SEC
|
||||
#endif
|
||||
#define CLOCKS_PER_SEC 576000
|
||||
extern clock_t TIMER_clock(void);
|
||||
|
||||
/*============================================================================
|
||||
= INTERFACE TRAILING HEADERS
|
||||
============================================================================*/
|
||||
|
||||
/****************************************************************************
|
||||
*
|
||||
* END HEADER TIMER.H
|
||||
*
|
||||
****************************************************************************/
|
||||
#endif // __TIMER_H__
|
||||
|
134
demos/tv_gen.c
134
demos/tv_gen.c
@ -269,14 +269,138 @@ void omac_gen(void)
|
||||
fclose(out);
|
||||
}
|
||||
|
||||
void eax_gen(void)
|
||||
{
|
||||
int err, kl, x, y1, z;
|
||||
FILE *out;
|
||||
unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], header[MAXBLOCKSIZE*2],
|
||||
plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
|
||||
unsigned long len;
|
||||
|
||||
out = fopen("eax_tv.txt", "w");
|
||||
fprintf(out, "EAX Test Vectors. Uses the 00010203...NN-1 pattern for header/nonce/plaintext/key. The outputs\n"
|
||||
"are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous\n"
|
||||
"step repeated sufficiently.\n\n");
|
||||
|
||||
for (x = 0; cipher_descriptor[x].name != NULL; x++) {
|
||||
kl = cipher_descriptor[x].block_length;
|
||||
|
||||
/* skip ciphers which do not have 64 or 128 bit block sizes */
|
||||
if (kl != 8 && kl != 16) continue;
|
||||
|
||||
if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
|
||||
kl = cipher_descriptor[x].max_key_length;
|
||||
}
|
||||
fprintf(out, "EAX-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
|
||||
|
||||
/* the key */
|
||||
for (z = 0; z < kl; z++) {
|
||||
key[z] = (z & 255);
|
||||
}
|
||||
|
||||
for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
|
||||
for (z = 0; z < y1; z++) {
|
||||
plaintext[z] = (unsigned char)(z & 255);
|
||||
nonce[z] = (unsigned char)(z & 255);
|
||||
header[z] = (unsigned char)(z & 255);
|
||||
}
|
||||
len = sizeof(tag);
|
||||
if ((err = eax_encrypt_authenticate_memory(x, key, kl, nonce, y1, header, y1, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
|
||||
printf("Error EAX'ing: %s\n", error_to_string(err));
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
fprintf(out, "%3d: ", y1);
|
||||
for (z = 0; z < y1; z++) {
|
||||
fprintf(out, "%02X", plaintext[z]);
|
||||
}
|
||||
fprintf(out, ", ");
|
||||
for (z = 0; z <(int)len; z++) {
|
||||
fprintf(out, "%02X", tag[z]);
|
||||
}
|
||||
fprintf(out, "\n");
|
||||
|
||||
/* forward the key */
|
||||
for (z = 0; z < kl; z++) {
|
||||
key[z] = tag[z % len];
|
||||
}
|
||||
}
|
||||
fprintf(out, "\n");
|
||||
}
|
||||
fclose(out);
|
||||
}
|
||||
|
||||
void ocb_gen(void)
|
||||
{
|
||||
int err, kl, x, y1, z;
|
||||
FILE *out;
|
||||
unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2],
|
||||
plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
|
||||
unsigned long len;
|
||||
|
||||
out = fopen("ocb_tv.txt", "w");
|
||||
fprintf(out, "OCB Test Vectors. Uses the 00010203...NN-1 pattern for nonce/plaintext/key. The outputs\n"
|
||||
"are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous\n"
|
||||
"step repeated sufficiently. The nonce is fixed throughout.\n\n");
|
||||
|
||||
for (x = 0; cipher_descriptor[x].name != NULL; x++) {
|
||||
kl = cipher_descriptor[x].block_length;
|
||||
|
||||
/* skip ciphers which do not have 64 or 128 bit block sizes */
|
||||
if (kl != 8 && kl != 16) continue;
|
||||
|
||||
if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
|
||||
kl = cipher_descriptor[x].max_key_length;
|
||||
}
|
||||
fprintf(out, "OCB-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
|
||||
|
||||
/* the key */
|
||||
for (z = 0; z < kl; z++) {
|
||||
key[z] = (z & 255);
|
||||
}
|
||||
|
||||
/* fixed nonce */
|
||||
for (z = 0; z < cipher_descriptor[x].block_length; z++) {
|
||||
nonce[z] = z;
|
||||
}
|
||||
|
||||
for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
|
||||
for (z = 0; z < y1; z++) {
|
||||
plaintext[z] = (unsigned char)(z & 255);
|
||||
}
|
||||
len = sizeof(tag);
|
||||
if ((err = ocb_encrypt_authenticate_memory(x, key, kl, nonce, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
|
||||
printf("Error OCB'ing: %s\n", error_to_string(err));
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
fprintf(out, "%3d: ", y1);
|
||||
for (z = 0; z < y1; z++) {
|
||||
fprintf(out, "%02X", plaintext[z]);
|
||||
}
|
||||
fprintf(out, ", ");
|
||||
for (z = 0; z <(int)len; z++) {
|
||||
fprintf(out, "%02X", tag[z]);
|
||||
}
|
||||
fprintf(out, "\n");
|
||||
|
||||
/* forward the key */
|
||||
for (z = 0; z < kl; z++) {
|
||||
key[z] = tag[z % len];
|
||||
}
|
||||
}
|
||||
fprintf(out, "\n");
|
||||
}
|
||||
fclose(out);
|
||||
}
|
||||
|
||||
int main(void)
|
||||
{
|
||||
reg_algs();
|
||||
hash_gen();
|
||||
cipher_gen();
|
||||
hmac_gen();
|
||||
omac_gen();
|
||||
|
||||
printf("Generating hash vectors..."); fflush(stdout); hash_gen(); printf("done\n");
|
||||
printf("Generating cipher vectors..."); fflush(stdout); cipher_gen(); printf("done\n");
|
||||
printf("Generating HMAC vectors..."); fflush(stdout); hmac_gen(); printf("done\n");
|
||||
printf("Generating OMAC vectors..."); fflush(stdout); omac_gen(); printf("done\n");
|
||||
printf("Generating EAX vectors..."); fflush(stdout); eax_gen(); printf("done\n");
|
||||
printf("Generating OCB vectors..."); fflush(stdout); ocb_gen(); printf("done\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
10
des.c
10
des.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* DES code submitted by Dobes Vandermeer */
|
||||
#include "mycrypt.h"
|
||||
|
||||
|
49
dh.c
49
dh.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef MDH
|
||||
@ -279,45 +289,6 @@ void dh_free(dh_key *key)
|
||||
mp_clear_multi(&key->x, &key->y, NULL);
|
||||
}
|
||||
|
||||
#define OUTPUT_BIGNUM(num, buf2, y, z) \
|
||||
{ \
|
||||
z = (unsigned long)mp_unsigned_bin_size(num); \
|
||||
STORE32L(z, buf2+y); \
|
||||
y += 4; \
|
||||
if ((err = mp_to_unsigned_bin(num, buf2+y)) != MP_OKAY) { return mpi_to_ltc_error(err); } \
|
||||
y += z; \
|
||||
}
|
||||
|
||||
|
||||
#define INPUT_BIGNUM(num, in, x, y) \
|
||||
{ \
|
||||
/* load value */ \
|
||||
if (y + 4 > inlen) { \
|
||||
err = CRYPT_INVALID_PACKET; \
|
||||
goto error; \
|
||||
} \
|
||||
LOAD32L(x, in+y); \
|
||||
y += 4; \
|
||||
\
|
||||
/* sanity check... */ \
|
||||
if (x+y > inlen) { \
|
||||
err = CRYPT_INVALID_PACKET; \
|
||||
goto error; \
|
||||
} \
|
||||
\
|
||||
/* load it */ \
|
||||
if ((err = mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x)) != MP_OKAY) {\
|
||||
err = mpi_to_ltc_error(err); \
|
||||
goto error; \
|
||||
} \
|
||||
y += x; \
|
||||
if ((err = mp_shrink(num)) != MP_OKAY) { \
|
||||
err = mpi_to_ltc_error(err); \
|
||||
goto error; \
|
||||
} \
|
||||
}
|
||||
|
||||
|
||||
int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key)
|
||||
{
|
||||
unsigned char buf2[1536];
|
||||
|
10
dh_sys.c
10
dh_sys.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
int dh_encrypt_key(const unsigned char *inkey, unsigned long keylen,
|
||||
unsigned char *out, unsigned long *len,
|
||||
prng_state *prng, int wprng, int hash,
|
||||
|
79
dsa.c
79
dsa.c
@ -1,9 +1,17 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef MDSA
|
||||
|
||||
#define DRAW(x) { char __buf[1000]; mp_toradix(x, __buf, 16); printf("\n%s == %s\n", #x, __buf); }
|
||||
|
||||
int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key)
|
||||
{
|
||||
mp_int tmp, tmp2;
|
||||
@ -80,7 +88,7 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size,
|
||||
err = CRYPT_ERROR_READPRNG;
|
||||
goto error2;
|
||||
}
|
||||
if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != MP_OKAY) { goto error; }
|
||||
if ((err = mp_read_unsigned_bin(&key->x, buf, group_size)) != MP_OKAY) { goto error; }
|
||||
} while (mp_cmp_d(&key->x, 1) != MP_GT);
|
||||
if ((err = mp_exptmod(&key->g, &key->x, &key->p, &key->y)) != MP_OKAY) { goto error; }
|
||||
|
||||
@ -146,14 +154,23 @@ int dsa_sign_hash(const unsigned char *in, unsigned long inlen,
|
||||
if ((err = mp_init_multi(&k, &kinv, &r, &s, &tmp, NULL)) != MP_OKAY) { goto error; }
|
||||
|
||||
retry:
|
||||
/* gen random k */
|
||||
if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) {
|
||||
err = CRYPT_ERROR_READPRNG;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* read k */
|
||||
if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != MP_OKAY) { goto error; }
|
||||
do {
|
||||
/* gen random k */
|
||||
if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) {
|
||||
err = CRYPT_ERROR_READPRNG;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* read k */
|
||||
if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != MP_OKAY) { goto error; }
|
||||
|
||||
/* k > 1 ? */
|
||||
if (mp_cmp_d(&k, 1) != MP_GT) { goto retry; }
|
||||
|
||||
/* test gcd */
|
||||
if ((err = mp_gcd(&k, &key->q, &tmp)) != MP_OKAY) { goto error; }
|
||||
} while (mp_cmp_d(&tmp, 1) != MP_EQ);
|
||||
|
||||
/* now find 1/k mod q */
|
||||
if ((err = mp_invmod(&k, &key->q, &kinv)) != MP_OKAY) { goto error; }
|
||||
@ -190,7 +207,7 @@ retry:
|
||||
out[y++] = (len & 255);
|
||||
|
||||
/* store r */
|
||||
mp_to_unsigned_bin(&r, out+y);
|
||||
if ((err = mp_to_unsigned_bin(&r, out+y)) != MP_OKAY) { goto error; }
|
||||
y += len;
|
||||
|
||||
/* store length of s */
|
||||
@ -199,7 +216,7 @@ retry:
|
||||
out[y++] = (len & 255);
|
||||
|
||||
/* store s */
|
||||
mp_to_unsigned_bin(&s, out+y);
|
||||
if ((err = mp_to_unsigned_bin(&s, out+y)) != MP_OKAY) { goto error; }
|
||||
y += len;
|
||||
|
||||
/* reset size */
|
||||
@ -297,19 +314,11 @@ done : mp_clear_multi(&r, &s, &w, &v, &u1, &u2, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
#define OUTPUT_BIGNUM(num, buf2, y, z) \
|
||||
{ \
|
||||
z = (unsigned long)mp_unsigned_bin_size(num); \
|
||||
if ((y + 4 + z) > *outlen) { return CRYPT_BUFFER_OVERFLOW; } \
|
||||
STORE32L(z, out+y); \
|
||||
y += 4; \
|
||||
if (mp_to_unsigned_bin(num, out+y) != MP_OKAY) { return CRYPT_MEM; } \
|
||||
y += z; \
|
||||
}
|
||||
|
||||
int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key)
|
||||
{
|
||||
unsigned long y, z;
|
||||
int err;
|
||||
|
||||
_ARGCHK(out != NULL);
|
||||
_ARGCHK(outlen != NULL);
|
||||
@ -352,34 +361,6 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#define INPUT_BIGNUM(num, in, x, y) \
|
||||
{ \
|
||||
/* load value */ \
|
||||
if (y+4 > inlen) { \
|
||||
err = CRYPT_INVALID_PACKET; \
|
||||
goto error; \
|
||||
} \
|
||||
LOAD32L(x, in+y); \
|
||||
y += 4; \
|
||||
\
|
||||
/* sanity check... */ \
|
||||
if (y+x > inlen) { \
|
||||
err = CRYPT_INVALID_PACKET; \
|
||||
goto error; \
|
||||
} \
|
||||
\
|
||||
/* load it */ \
|
||||
if (mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x) != MP_OKAY) {\
|
||||
err = CRYPT_MEM; \
|
||||
goto error; \
|
||||
} \
|
||||
y += x; \
|
||||
if (mp_shrink(num) != MP_OKAY) { \
|
||||
err = CRYPT_MEM; \
|
||||
goto error; \
|
||||
} \
|
||||
}
|
||||
|
||||
int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
|
||||
{
|
||||
unsigned long x, y;
|
||||
|
451
eax.c
Normal file
451
eax.c
Normal file
@ -0,0 +1,451 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef EAX_MODE
|
||||
|
||||
int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce, unsigned long noncelen,
|
||||
const unsigned char *header, unsigned long headerlen)
|
||||
{
|
||||
unsigned char buf[MAXBLOCKSIZE];
|
||||
int err, blklen;
|
||||
omac_state omac;
|
||||
unsigned long len;
|
||||
|
||||
|
||||
_ARGCHK(eax != NULL);
|
||||
_ARGCHK(key != NULL);
|
||||
_ARGCHK(nonce != NULL);
|
||||
if (headerlen > 0) {
|
||||
_ARGCHK(header != NULL);
|
||||
}
|
||||
|
||||
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
blklen = cipher_descriptor[cipher].block_length;
|
||||
|
||||
/* N = OMAC_0K(nonce) */
|
||||
zeromem(buf, sizeof(buf));
|
||||
if ((err = omac_init(&omac, cipher, key, keylen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* omac the [0]_n */
|
||||
if ((err = omac_process(&omac, buf, blklen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
/* omac the nonce */
|
||||
if ((err = omac_process(&omac, nonce, noncelen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
/* store result */
|
||||
len = sizeof(eax->N);
|
||||
if ((err = omac_done(&omac, eax->N, &len)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* H = OMAC_1K(header) */
|
||||
zeromem(buf, sizeof(buf));
|
||||
buf[blklen - 1] = 1;
|
||||
|
||||
if ((err = omac_init(&eax->headeromac, cipher, key, keylen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* omac the [1]_n */
|
||||
if ((err = omac_process(&eax->headeromac, buf, blklen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
/* omac the header */
|
||||
if (headerlen != 0) {
|
||||
if ((err = omac_process(&eax->headeromac, header, headerlen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
}
|
||||
|
||||
/* note we don't finish the headeromac, this allows us to add more header later */
|
||||
|
||||
/* setup the CTR mode */
|
||||
if ((err = ctr_start(cipher, eax->N, key, keylen, 0, &eax->ctr)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
/* use big-endian counter */
|
||||
eax->ctr.mode = 1;
|
||||
|
||||
/* setup the OMAC for the ciphertext */
|
||||
if ((err = omac_init(&eax->ctomac, cipher, key, keylen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* omac [2]_n */
|
||||
zeromem(buf, sizeof(buf));
|
||||
buf[blklen-1] = 2;
|
||||
if ((err = omac_process(&eax->ctomac, buf, blklen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
zeromem(buf, sizeof(buf));
|
||||
zeromem(&omac, sizeof(omac));
|
||||
#endif
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length)
|
||||
{
|
||||
int err;
|
||||
|
||||
_ARGCHK(eax != NULL);
|
||||
_ARGCHK(pt != NULL);
|
||||
_ARGCHK(ct != NULL);
|
||||
|
||||
/* encrypt */
|
||||
if ((err = ctr_encrypt(pt, ct, length, &eax->ctr)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* omac ciphertext */
|
||||
return omac_process(&eax->ctomac, ct, length);
|
||||
}
|
||||
|
||||
int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length)
|
||||
{
|
||||
int err;
|
||||
|
||||
_ARGCHK(eax != NULL);
|
||||
_ARGCHK(pt != NULL);
|
||||
_ARGCHK(ct != NULL);
|
||||
|
||||
/* omac ciphertext */
|
||||
if ((err = omac_process(&eax->ctomac, ct, length)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* decrypt */
|
||||
return ctr_decrypt(ct, pt, length, &eax->ctr);
|
||||
}
|
||||
|
||||
/* add header (metadata) to the stream */
|
||||
int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length)
|
||||
{
|
||||
_ARGCHK(eax != NULL);
|
||||
_ARGCHK(header != NULL);
|
||||
return omac_process(&eax->headeromac, header, length);
|
||||
}
|
||||
|
||||
int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
|
||||
{
|
||||
int err;
|
||||
unsigned char headermac[MAXBLOCKSIZE], ctmac[MAXBLOCKSIZE];
|
||||
unsigned long x, len;
|
||||
|
||||
_ARGCHK(eax != NULL);
|
||||
_ARGCHK(tag != NULL);
|
||||
_ARGCHK(taglen != NULL);
|
||||
|
||||
/* finish ctomac */
|
||||
len = sizeof(ctmac);
|
||||
if ((err = omac_done(&eax->ctomac, ctmac, &len)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* finish headeromac */
|
||||
|
||||
/* note we specifically don't reset len so the two lens are minimal */
|
||||
|
||||
if ((err = omac_done(&eax->headeromac, headermac, &len)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* compute N xor H xor C */
|
||||
for (x = 0; x < len && x < *taglen; x++) {
|
||||
tag[x] = eax->N[x] ^ headermac[x] ^ ctmac[x];
|
||||
}
|
||||
*taglen = x;
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
zeromem(ctmac, sizeof(ctmac));
|
||||
zeromem(headermac, sizeof(headermac));
|
||||
#endif
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int eax_encrypt_authenticate_memory(int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce, unsigned long noncelen,
|
||||
const unsigned char *header, unsigned long headerlen,
|
||||
const unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct,
|
||||
unsigned char *tag, unsigned long *taglen)
|
||||
{
|
||||
int err;
|
||||
eax_state eax;
|
||||
|
||||
if ((err = eax_init(&eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if ((err = eax_encrypt(&eax, pt, ct, ptlen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if ((err = eax_done(&eax, tag, taglen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
zeromem(&eax, sizeof(eax));
|
||||
#endif
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int eax_decrypt_verify_memory(int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce, unsigned long noncelen,
|
||||
const unsigned char *header, unsigned long headerlen,
|
||||
const unsigned char *ct, unsigned long ctlen,
|
||||
unsigned char *pt,
|
||||
unsigned char *tag, unsigned long taglen,
|
||||
int *res)
|
||||
{
|
||||
int err;
|
||||
eax_state eax;
|
||||
unsigned char buf[MAXBLOCKSIZE];
|
||||
unsigned long buflen;
|
||||
|
||||
_ARGCHK(res != NULL);
|
||||
|
||||
/* default to zero */
|
||||
*res = 0;
|
||||
|
||||
if ((err = eax_init(&eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if ((err = eax_decrypt(&eax, ct, pt, ctlen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
buflen = MIN(sizeof(buf), taglen);
|
||||
if ((err = eax_done(&eax, buf, &buflen)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* compare tags */
|
||||
if (buflen >= taglen && memcmp(buf, tag, taglen) == 0) {
|
||||
*res = 1;
|
||||
}
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
zeromem(&eax, sizeof(eax));
|
||||
zeromem(buf, sizeof(buf));
|
||||
#endif
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int eax_test(void)
|
||||
{
|
||||
#ifndef LTC_TEST
|
||||
return CRYPT_NOP;
|
||||
#else
|
||||
static const struct {
|
||||
int keylen,
|
||||
noncelen,
|
||||
headerlen,
|
||||
msglen;
|
||||
|
||||
unsigned char key[MAXBLOCKSIZE],
|
||||
nonce[MAXBLOCKSIZE],
|
||||
header[MAXBLOCKSIZE],
|
||||
plaintext[MAXBLOCKSIZE],
|
||||
ciphertext[MAXBLOCKSIZE],
|
||||
tag[MAXBLOCKSIZE];
|
||||
} tests[] = {
|
||||
|
||||
/* NULL message */
|
||||
{
|
||||
16, 0, 0, 0,
|
||||
/* key */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* nonce */
|
||||
{ 0 },
|
||||
/* header */
|
||||
{ 0 },
|
||||
/* plaintext */
|
||||
{ 0 },
|
||||
/* ciphertext */
|
||||
{ 0 },
|
||||
/* tag */
|
||||
{ 0x9a, 0xd0, 0x7e, 0x7d, 0xbf, 0xf3, 0x01, 0xf5,
|
||||
0x05, 0xde, 0x59, 0x6b, 0x96, 0x15, 0xdf, 0xff }
|
||||
},
|
||||
|
||||
/* test with nonce */
|
||||
{
|
||||
16, 16, 0, 0,
|
||||
/* key */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* nonce */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* header */
|
||||
{ 0 },
|
||||
/* plaintext */
|
||||
{ 0 },
|
||||
/* ciphertext */
|
||||
{ 0 },
|
||||
/* tag */
|
||||
{ 0x1c, 0xe1, 0x0d, 0x3e, 0xff, 0xd4, 0xca, 0xdb,
|
||||
0xe2, 0xe4, 0x4b, 0x58, 0xd6, 0x0a, 0xb9, 0xec }
|
||||
},
|
||||
|
||||
/* test with header [no nonce] */
|
||||
{
|
||||
16, 0, 16, 0,
|
||||
/* key */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* nonce */
|
||||
{ 0 },
|
||||
/* header */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* plaintext */
|
||||
{ 0 },
|
||||
/* ciphertext */
|
||||
{ 0 },
|
||||
/* tag */
|
||||
{ 0x3a, 0x69, 0x8f, 0x7a, 0x27, 0x0e, 0x51, 0xb0,
|
||||
0xf6, 0x5b, 0x3d, 0x3e, 0x47, 0x19, 0x3c, 0xff }
|
||||
},
|
||||
|
||||
/* test with header + nonce + plaintext */
|
||||
{
|
||||
16, 16, 16, 32,
|
||||
/* key */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* nonce */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* header */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* plaintext */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
|
||||
/* ciphertext */
|
||||
{ 0x29, 0xd8, 0x78, 0xd1, 0xa3, 0xbe, 0x85, 0x7b,
|
||||
0x6f, 0xb8, 0xc8, 0xea, 0x59, 0x50, 0xa7, 0x78,
|
||||
0x33, 0x1f, 0xbf, 0x2c, 0xcf, 0x33, 0x98, 0x6f,
|
||||
0x35, 0xe8, 0xcf, 0x12, 0x1d, 0xcb, 0x30, 0xbc },
|
||||
/* tag */
|
||||
{ 0x4f, 0xbe, 0x03, 0x38, 0xbe, 0x1c, 0x8c, 0x7e,
|
||||
0x1d, 0x7a, 0xe7, 0xe4, 0x5b, 0x92, 0xc5, 0x87 }
|
||||
},
|
||||
|
||||
/* test with header + nonce + plaintext [not even sizes!] */
|
||||
{
|
||||
16, 15, 14, 29,
|
||||
/* key */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* nonce */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e },
|
||||
/* header */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d },
|
||||
/* plaintext */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
|
||||
0x18, 0x19, 0x1a, 0x1b, 0x1c },
|
||||
/* ciphertext */
|
||||
{ 0xdd, 0x25, 0xc7, 0x54, 0xc5, 0xb1, 0x7c, 0x59,
|
||||
0x28, 0xb6, 0x9b, 0x73, 0x15, 0x5f, 0x7b, 0xb8,
|
||||
0x88, 0x8f, 0xaf, 0x37, 0x09, 0x1a, 0xd9, 0x2c,
|
||||
0x8a, 0x24, 0xdb, 0x86, 0x8b },
|
||||
/* tag */
|
||||
{ 0x0d, 0x1a, 0x14, 0xe5, 0x22, 0x24, 0xff, 0xd2,
|
||||
0x3a, 0x05, 0xfa, 0x02, 0xcd, 0xef, 0x52, 0xda }
|
||||
},
|
||||
};
|
||||
int err, x, idx, res;
|
||||
unsigned long len;
|
||||
unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
|
||||
|
||||
/* AES can be under rijndael or aes... try to find it */
|
||||
if ((idx = find_cipher("aes")) == -1) {
|
||||
if ((idx = find_cipher("rijndael")) == -1) {
|
||||
return CRYPT_NOP;
|
||||
}
|
||||
}
|
||||
|
||||
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
|
||||
len = sizeof(outtag);
|
||||
if ((err = eax_encrypt_authenticate_memory(idx, tests[x].key, tests[x].keylen,
|
||||
tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen,
|
||||
tests[x].plaintext, tests[x].msglen, outct, outtag, &len)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if (memcmp(outct, tests[x].ciphertext, tests[x].msglen) || memcmp(outtag, tests[x].tag, len)) {
|
||||
#if 0
|
||||
unsigned long y;
|
||||
printf("\n\nFailure: \nCT:\n");
|
||||
for (y = 0; y < (unsigned long)tests[x].msglen; ) {
|
||||
printf("0x%02x", outct[y]);
|
||||
if (y < (unsigned long)(tests[x].msglen-1)) printf(", ");
|
||||
if (!(++y % 8)) printf("\n");
|
||||
}
|
||||
printf("\nTAG:\n");
|
||||
for (y = 0; y < len; ) {
|
||||
printf("0x%02x", outtag[y]);
|
||||
if (y < len-1) printf(", ");
|
||||
if (!(++y % 8)) printf("\n");
|
||||
}
|
||||
#endif
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
}
|
||||
|
||||
/* test decrypt */
|
||||
if ((err = eax_decrypt_verify_memory(idx, tests[x].key, tests[x].keylen,
|
||||
tests[x].nonce, tests[x].noncelen, tests[x].header, tests[x].headerlen,
|
||||
outct, tests[x].msglen, outct, outtag, len, &res)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if (res != 1 || memcmp(outct, tests[x].plaintext, tests[x].msglen)) {
|
||||
#if 0
|
||||
unsigned long y;
|
||||
printf("\n\nFailure (res == %d): \nPT:\n", res);
|
||||
for (y = 0; y < (unsigned long)tests[x].msglen; ) {
|
||||
printf("0x%02x", outct[y]);
|
||||
if (y < (unsigned long)(tests[x].msglen-1)) printf(", ");
|
||||
if (!(++y % 8)) printf("\n");
|
||||
}
|
||||
printf("\n\n");
|
||||
#endif
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
}
|
||||
|
||||
}
|
||||
return CRYPT_OK;
|
||||
#endif /* LTC_TEST */
|
||||
}
|
||||
|
||||
#endif /* EAX_MODE */
|
10
ecb.c
10
ecb.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef ECB
|
||||
|
49
ecc.c
49
ecc.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b
|
||||
*
|
||||
* All curves taken from NIST recommendation paper of July 1999
|
||||
@ -743,44 +754,6 @@ done:
|
||||
return res;
|
||||
}
|
||||
|
||||
#define OUTPUT_BIGNUM(num, buf2, y, z) \
|
||||
{ \
|
||||
z = (unsigned long)mp_unsigned_bin_size(num); \
|
||||
STORE32L(z, buf2+y); \
|
||||
y += 4; \
|
||||
if (mp_to_unsigned_bin(num, buf2+y) != MP_OKAY) { return CRYPT_MEM; } \
|
||||
y += z; \
|
||||
}
|
||||
|
||||
|
||||
#define INPUT_BIGNUM(num, in, x, y) \
|
||||
{ \
|
||||
/* load value */ \
|
||||
if (y+4 > inlen) { \
|
||||
err = CRYPT_INVALID_PACKET; \
|
||||
goto error; \
|
||||
} \
|
||||
LOAD32L(x, in+y); \
|
||||
y += 4; \
|
||||
\
|
||||
/* sanity check... */ \
|
||||
if (y+x > inlen) { \
|
||||
err = CRYPT_INVALID_PACKET; \
|
||||
goto error; \
|
||||
} \
|
||||
\
|
||||
/* load it */ \
|
||||
if (mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x) != MP_OKAY) {\
|
||||
err = CRYPT_MEM; \
|
||||
goto error; \
|
||||
} \
|
||||
y += x; \
|
||||
if (mp_shrink(num) != MP_OKAY) { \
|
||||
err = CRYPT_MEM; \
|
||||
goto error; \
|
||||
} \
|
||||
}
|
||||
|
||||
int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key)
|
||||
{
|
||||
unsigned long y, z;
|
||||
|
10
ecc_sys.c
10
ecc_sys.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
int ecc_encrypt_key(const unsigned char *inkey, unsigned long keylen,
|
||||
unsigned char *out, unsigned long *len,
|
||||
prng_state *prng, int wprng, int hash,
|
||||
|
10
gf.c
10
gf.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* polynomial basis GF(2^w) routines */
|
||||
#include "mycrypt.h"
|
||||
|
||||
|
10
hash.c
10
hash.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
int hash_memory(int hash, const unsigned char *data, unsigned long len, unsigned char *dst, unsigned long *outlen)
|
||||
|
10
hmac.c
10
hmac.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* Submited by Dobes Vandermeer (dobes@smartt.com) */
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
10
keyring.c
10
keyring.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* Provides keyring functionality for libtomcrypt, Tom St Denis */
|
||||
#include <mycrypt.h>
|
||||
|
||||
|
4
makefile
4
makefile
@ -9,7 +9,7 @@
|
||||
# a build. This is easy to remedy though, for those that have problems.
|
||||
|
||||
# The version
|
||||
VERSION=0.92
|
||||
VERSION=0.93
|
||||
|
||||
#ch1-01-1
|
||||
# Compiler and Linker Names
|
||||
@ -66,7 +66,7 @@ OBJECTS=keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o \
|
||||
bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o \
|
||||
md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o des.o \
|
||||
safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o \
|
||||
prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o $(MPIOBJECT)
|
||||
prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o eax.o ocb.o $(MPIOBJECT)
|
||||
|
||||
TESTOBJECTS=demos/test.o
|
||||
HASHOBJECTS=demos/hashsum.o
|
||||
|
@ -22,7 +22,7 @@ OBJECTS=keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o \
|
||||
bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o \
|
||||
md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o des.o \
|
||||
safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o \
|
||||
prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o $(MPIOBJECT)
|
||||
prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o eax.o ocb.o $(MPIOBJECT)
|
||||
|
||||
ltc_dll: $(OBJECTS) $(MPIOBJECT)
|
||||
gcc -mno-cygwin -mdll -o libtomcrypt.dll -Wl,--out-implib=libtomcrypt.dll.a -Wl,--export-all-symbols *.o -ladvapi32
|
||||
|
@ -11,7 +11,7 @@ bits.obj yarrow.obj cfb.obj ofb.obj ecb.obj ctr.obj cbc.obj hash.obj tiger.obj s
|
||||
md5.obj md4.obj md2.obj sha256.obj sha512.obj xtea.obj aes.obj des.obj \
|
||||
safer_tab.obj safer.obj safer+.obj rc4.obj rc2.obj rc6.obj rc5.obj cast5.obj noekeon.obj \
|
||||
blowfish.obj crypt.obj mpi.obj prime.obj twofish.obj packet.obj hmac.obj strings.obj rmd128.obj rmd160.obj \
|
||||
skipjack.obj omac.obj dsa.obj
|
||||
skipjack.obj omac.obj dsa.obj eax.obj ocb.obj
|
||||
|
||||
library: $(OBJECTS)
|
||||
lib /out:tomcrypt.lib $(OBJECTS)
|
||||
|
@ -9,7 +9,7 @@ CFLAGS += -Os -Wall -Wsign-compare -W -Wno-unused -Werror -I./
|
||||
|
||||
default: library
|
||||
|
||||
OBJECTS = keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o des.o safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o mpi.o prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o
|
||||
OBJECTS = keyring.o gf.o mem.o sprng.o ecc.o base64.o dh.o rsa.o bits.o yarrow.o cfb.o ofb.o ecb.o ctr.o cbc.o hash.o tiger.o sha1.o md5.o md4.o md2.o sha256.o sha512.o xtea.o aes.o des.o safer_tab.o safer.o safer+.o rc4.o rc2.o rc6.o rc5.o cast5.o noekeon.o blowfish.o crypt.o mpi.o prime.o twofish.o packet.o hmac.o strings.o rmd128.o rmd160.o skipjack.o omac.o dsa.o eax.o ocb.o
|
||||
|
||||
rsa.o: rsa_sys.c
|
||||
dh.o: dh_sys.c
|
||||
|
10
md2.c
10
md2.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* MD2 (RFC 1319) hash function implementation by Tom St Denis */
|
||||
#include "mycrypt.h"
|
||||
|
||||
|
10
md4.c
10
md4.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* Submitted by Dobes Vandermeer (dobes@smartt.com) */
|
||||
#include "mycrypt.h"
|
||||
|
||||
|
13
md5.c
13
md5.c
@ -1,3 +1,16 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* MD5 hash function by Tom St Denis */
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef MD5
|
||||
|
10
mem.c
10
mem.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
void zeromem(void *dst, size_t len)
|
||||
|
138
mpi.c
138
mpi.c
@ -1902,7 +1902,7 @@ mp_div_3 (mp_int * a, mp_int *c, mp_digit * d)
|
||||
t = (w * ((mp_word)b)) >> ((mp_word)DIGIT_BIT);
|
||||
|
||||
/* now subtract 3 * [w/3] from w, to get the remainder */
|
||||
w -= (t << ((mp_word)1)) + t;
|
||||
w -= t+t+t;
|
||||
|
||||
/* fixup the remainder as required since
|
||||
* the optimization is not exact.
|
||||
@ -1966,8 +1966,7 @@ static int s_is_power_of_two(mp_digit b, int *p)
|
||||
}
|
||||
|
||||
/* single digit division (based on routine from MPI) */
|
||||
int
|
||||
mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
|
||||
int mp_div_d (mp_int * a, mp_digit b, mp_int * c, mp_digit * d)
|
||||
{
|
||||
mp_int q;
|
||||
mp_word w;
|
||||
@ -2665,6 +2664,79 @@ __M:
|
||||
|
||||
/* End: bn_mp_exptmod_fast.c */
|
||||
|
||||
/* Start: bn_mp_exteuclid.c */
|
||||
/* LibTomMath, multiple-precision integer library -- Tom St Denis
|
||||
*
|
||||
* LibTomMath is a library that provides multiple-precision
|
||||
* integer arithmetic as well as number theoretic functionality.
|
||||
*
|
||||
* The library was designed directly after the MPI library by
|
||||
* Michael Fromberger but has been written from scratch with
|
||||
* additional optimizations in place.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* guarantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://math.libtomcrypt.org
|
||||
*/
|
||||
#include <tommath.h>
|
||||
|
||||
/* Extended euclidean algorithm of (a, b) produces
|
||||
a*u1 + b*u2 = u3
|
||||
*/
|
||||
int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3)
|
||||
{
|
||||
mp_int u1,u2,u3,v1,v2,v3,t1,t2,t3,q,tmp;
|
||||
int err;
|
||||
|
||||
if ((err = mp_init_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL)) != MP_OKAY) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* initialize, (u1,u2,u3) = (1,0,a) */
|
||||
mp_set(&u1, 1);
|
||||
if ((err = mp_copy(a, &u3)) != MP_OKAY) { goto _ERR; }
|
||||
|
||||
/* initialize, (v1,v2,v3) = (0,1,b) */
|
||||
mp_set(&v2, 1);
|
||||
if ((err = mp_copy(b, &v3)) != MP_OKAY) { goto _ERR; }
|
||||
|
||||
/* loop while v3 != 0 */
|
||||
while (mp_iszero(&v3) == MP_NO) {
|
||||
/* q = u3/v3 */
|
||||
if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY) { goto _ERR; }
|
||||
|
||||
/* (t1,t2,t3) = (u1,u2,u3) - (v1,v2,v3)q */
|
||||
if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY) { goto _ERR; }
|
||||
if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY) { goto _ERR; }
|
||||
if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY) { goto _ERR; }
|
||||
if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY) { goto _ERR; }
|
||||
if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY) { goto _ERR; }
|
||||
if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY) { goto _ERR; }
|
||||
|
||||
/* (u1,u2,u3) = (v1,v2,v3) */
|
||||
if ((err = mp_copy(&v1, &u1)) != MP_OKAY) { goto _ERR; }
|
||||
if ((err = mp_copy(&v2, &u2)) != MP_OKAY) { goto _ERR; }
|
||||
if ((err = mp_copy(&v3, &u3)) != MP_OKAY) { goto _ERR; }
|
||||
|
||||
/* (v1,v2,v3) = (t1,t2,t3) */
|
||||
if ((err = mp_copy(&t1, &v1)) != MP_OKAY) { goto _ERR; }
|
||||
if ((err = mp_copy(&t2, &v2)) != MP_OKAY) { goto _ERR; }
|
||||
if ((err = mp_copy(&t3, &v3)) != MP_OKAY) { goto _ERR; }
|
||||
}
|
||||
|
||||
/* copy result out */
|
||||
if (U1 != NULL) { mp_exch(U1, &u1); }
|
||||
if (U2 != NULL) { mp_exch(U2, &u2); }
|
||||
if (U3 != NULL) { mp_exch(U3, &u3); }
|
||||
|
||||
err = MP_OKAY;
|
||||
_ERR: mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL);
|
||||
return err;
|
||||
}
|
||||
|
||||
/* End: bn_mp_exteuclid.c */
|
||||
|
||||
/* Start: bn_mp_fread.c */
|
||||
/* LibTomMath, multiple-precision integer library -- Tom St Denis
|
||||
*
|
||||
@ -2752,9 +2824,8 @@ int mp_fwrite(mp_int *a, int radix, FILE *stream)
|
||||
char *buf;
|
||||
int err, len, x;
|
||||
|
||||
len = mp_radix_size(a, radix);
|
||||
if (len == 0) {
|
||||
return MP_VAL;
|
||||
if ((err = mp_radix_size(a, radix, &len)) != MP_OKAY) {
|
||||
return err;
|
||||
}
|
||||
|
||||
buf = XMALLOC (len);
|
||||
@ -4201,7 +4272,6 @@ int mp_mul (mp_int * a, mp_int * b, mp_int * c)
|
||||
} else {
|
||||
res = s_mp_mul (a, b, c);
|
||||
}
|
||||
|
||||
}
|
||||
c->sign = neg;
|
||||
return res;
|
||||
@ -5251,26 +5321,28 @@ error:
|
||||
#include <tommath.h>
|
||||
|
||||
/* returns size of ASCII reprensentation */
|
||||
int
|
||||
mp_radix_size (mp_int * a, int radix)
|
||||
int mp_radix_size (mp_int * a, int radix, int *size)
|
||||
{
|
||||
int res, digs;
|
||||
mp_int t;
|
||||
mp_digit d;
|
||||
|
||||
*size = 0;
|
||||
|
||||
/* special case for binary */
|
||||
if (radix == 2) {
|
||||
return mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1;
|
||||
*size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1;
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
/* make sure the radix is in range */
|
||||
if (radix < 2 || radix > 64) {
|
||||
return 0;
|
||||
return MP_VAL;
|
||||
}
|
||||
|
||||
/* init a copy of the input */
|
||||
if ((res = mp_init_copy (&t, a)) != MP_OKAY) {
|
||||
return 0;
|
||||
return res;
|
||||
}
|
||||
|
||||
/* digs is the digit count */
|
||||
@ -5293,7 +5365,8 @@ mp_radix_size (mp_int * a, int radix)
|
||||
mp_clear (&t);
|
||||
|
||||
/* return digs + 1, the 1 is for the NULL byte that would be required. */
|
||||
return digs + 1;
|
||||
*size = digs + 1;
|
||||
return MP_OKAY;
|
||||
}
|
||||
|
||||
|
||||
@ -5392,8 +5465,7 @@ mp_rand (mp_int * a, int digits)
|
||||
#include <tommath.h>
|
||||
|
||||
/* read a string [ASCII] in a given radix */
|
||||
int
|
||||
mp_read_radix (mp_int * a, char *str, int radix)
|
||||
int mp_read_radix (mp_int * a, char *str, int radix)
|
||||
{
|
||||
int y, res, neg;
|
||||
char ch;
|
||||
@ -5989,7 +6061,7 @@ int mp_set_int (mp_int * a, unsigned long b)
|
||||
int mp_shrink (mp_int * a)
|
||||
{
|
||||
mp_digit *tmp;
|
||||
if (a->alloc != a->used) {
|
||||
if (a->alloc != a->used && a->used > 0) {
|
||||
if ((tmp = OPT_CAST XREALLOC (a->dp, sizeof (mp_digit) * a->used)) == NULL) {
|
||||
return MP_MEM;
|
||||
}
|
||||
@ -6019,8 +6091,7 @@ int mp_shrink (mp_int * a)
|
||||
#include <tommath.h>
|
||||
|
||||
/* get the size for an signed equivalent */
|
||||
int
|
||||
mp_signed_bin_size (mp_int * a)
|
||||
int mp_signed_bin_size (mp_int * a)
|
||||
{
|
||||
return 1 + mp_unsigned_bin_size (a);
|
||||
}
|
||||
@ -6049,6 +6120,7 @@ int
|
||||
mp_sqr (mp_int * a, mp_int * b)
|
||||
{
|
||||
int res;
|
||||
|
||||
/* use Toom-Cook? */
|
||||
if (a->used >= TOOM_SQR_CUTOFF) {
|
||||
res = mp_toom_sqr(a, b);
|
||||
@ -6892,8 +6964,7 @@ ERR:
|
||||
#include <tommath.h>
|
||||
|
||||
/* stores a bignum as a ASCII string in a given radix (2..64) */
|
||||
int
|
||||
mp_toradix (mp_int * a, char *str, int radix)
|
||||
int mp_toradix (mp_int * a, char *str, int radix)
|
||||
{
|
||||
int res, digs;
|
||||
mp_int t;
|
||||
@ -7086,25 +7157,7 @@ static const struct {
|
||||
{ 1408, 3 },
|
||||
{ 1536, 3 },
|
||||
{ 1664, 3 },
|
||||
{ 1792, 2 },
|
||||
{ 1920, 2 },
|
||||
{ 2048, 2 },
|
||||
{ 2176, 2 },
|
||||
{ 2304, 2 },
|
||||
{ 2432, 2 },
|
||||
{ 2560, 2 },
|
||||
{ 2688, 2 },
|
||||
{ 2816, 2 },
|
||||
{ 2944, 2 },
|
||||
{ 3072, 2 },
|
||||
{ 3200, 2 },
|
||||
{ 3328, 2 },
|
||||
{ 3456, 2 },
|
||||
{ 3584, 2 },
|
||||
{ 3712, 2 },
|
||||
{ 3840, 1 },
|
||||
{ 3968, 1 },
|
||||
{ 4096, 1 } };
|
||||
{ 1792, 2 } };
|
||||
|
||||
/* returns # of RM trials required for a given bit size */
|
||||
int mp_prime_rabin_miller_trials(int size)
|
||||
@ -7351,8 +7404,7 @@ s_mp_add (mp_int * a, mp_int * b, mp_int * c)
|
||||
#define TAB_SIZE 256
|
||||
#endif
|
||||
|
||||
int
|
||||
s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
|
||||
int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
|
||||
{
|
||||
mp_int M[TAB_SIZE], res, mu;
|
||||
mp_digit buf;
|
||||
@ -7516,10 +7568,10 @@ s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y)
|
||||
|
||||
/* then multiply */
|
||||
if ((err = mp_mul (&res, &M[bitbuf], &res)) != MP_OKAY) {
|
||||
goto __MU;
|
||||
goto __RES;
|
||||
}
|
||||
if ((err = mp_reduce (&res, P, &mu)) != MP_OKAY) {
|
||||
goto __MU;
|
||||
goto __RES;
|
||||
}
|
||||
|
||||
/* empty window and reset */
|
||||
|
@ -16,8 +16,8 @@ extern "C" {
|
||||
#endif
|
||||
|
||||
/* version */
|
||||
#define CRYPT 0x0092
|
||||
#define SCRYPT "0.92"
|
||||
#define CRYPT 0x0093
|
||||
#define SCRYPT "0.93"
|
||||
|
||||
/* max size of either a cipher/hash block or symmetric key [largest of the two] */
|
||||
#define MAXBLOCKSIZE 128
|
||||
|
@ -173,7 +173,7 @@ typedef struct Symmetric_CBC {
|
||||
|
||||
/* A block cipher CTR structure */
|
||||
typedef struct Symmetric_CTR {
|
||||
int cipher, blocklen, padlen;
|
||||
int cipher, blocklen, padlen, mode;
|
||||
unsigned char ctr[MAXBLOCKSIZE], pad[MAXBLOCKSIZE];
|
||||
symmetric_key key;
|
||||
} symmetric_CTR;
|
||||
@ -365,6 +365,8 @@ extern int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long
|
||||
extern int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr);
|
||||
#endif
|
||||
|
||||
|
||||
|
||||
extern int find_cipher(const char *name);
|
||||
extern int find_cipher_any(const char *name, int blocklen, int keylen);
|
||||
extern int find_cipher_id(unsigned char ID);
|
||||
|
@ -49,6 +49,8 @@
|
||||
#define RIPEMD160
|
||||
#define HMAC
|
||||
#define OMAC
|
||||
#define EAX_MODE
|
||||
#define OCB_MODE
|
||||
#define BASE64
|
||||
#define YARROW
|
||||
#define SPRNG
|
||||
|
@ -208,6 +208,7 @@ extern const struct _hash_descriptor rmd160_desc;
|
||||
|
||||
extern int find_hash(const char *name);
|
||||
extern int find_hash_id(unsigned char ID);
|
||||
extern int find_hash_any(const char *name, int digestlen);
|
||||
extern int register_hash(const struct _hash_descriptor *hash);
|
||||
extern int unregister_hash(const struct _hash_descriptor *hash);
|
||||
extern int hash_is_valid(int idx);
|
||||
@ -291,3 +292,94 @@ extern int omac_file(int cipher, const unsigned char *key, unsigned long keylen,
|
||||
extern int omac_test(void);
|
||||
#endif
|
||||
|
||||
#ifdef EAX_MODE
|
||||
|
||||
#if !(defined(OMAC) && defined(CTR))
|
||||
#error EAX_MODE requires OMAC and CTR
|
||||
#endif
|
||||
|
||||
typedef struct {
|
||||
unsigned char N[MAXBLOCKSIZE];
|
||||
symmetric_CTR ctr;
|
||||
omac_state headeromac, ctomac;
|
||||
} eax_state;
|
||||
|
||||
extern int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce, unsigned long noncelen,
|
||||
const unsigned char *header, unsigned long headerlen);
|
||||
|
||||
extern int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length);
|
||||
extern int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length);
|
||||
extern int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length);
|
||||
extern int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen);
|
||||
|
||||
extern int eax_encrypt_authenticate_memory(int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce, unsigned long noncelen,
|
||||
const unsigned char *header, unsigned long headerlen,
|
||||
const unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct,
|
||||
unsigned char *tag, unsigned long *taglen);
|
||||
|
||||
extern int eax_decrypt_verify_memory(int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce, unsigned long noncelen,
|
||||
const unsigned char *header, unsigned long headerlen,
|
||||
const unsigned char *ct, unsigned long ctlen,
|
||||
unsigned char *pt,
|
||||
unsigned char *tag, unsigned long taglen,
|
||||
int *res);
|
||||
|
||||
extern int eax_test(void);
|
||||
#endif /* EAX MODE */
|
||||
|
||||
#ifdef OCB_MODE
|
||||
typedef struct {
|
||||
unsigned char L[MAXBLOCKSIZE], /* L value */
|
||||
Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
|
||||
Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
|
||||
Lr[MAXBLOCKSIZE], /* L * x^-1 */
|
||||
R[MAXBLOCKSIZE], /* R value */
|
||||
checksum[MAXBLOCKSIZE]; /* current checksum */
|
||||
|
||||
symmetric_key key; /* scheduled key for cipher */
|
||||
unsigned long block_index; /* index # for current block */
|
||||
int cipher, /* cipher idx */
|
||||
block_len, /* length of block */
|
||||
poly; /* which set of polys to use */
|
||||
} ocb_state;
|
||||
|
||||
extern int ocb_init(ocb_state *ocb, int cipher,
|
||||
const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
|
||||
|
||||
extern int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
|
||||
extern int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
|
||||
|
||||
extern int ocb_done_encrypt(ocb_state *ocb,
|
||||
const unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct,
|
||||
unsigned char *tag, unsigned long *taglen);
|
||||
|
||||
extern int ocb_done_decrypt(ocb_state *ocb,
|
||||
const unsigned char *ct, unsigned long ctlen,
|
||||
unsigned char *pt,
|
||||
const unsigned char *tag, unsigned long taglen, int *res);
|
||||
|
||||
extern int ocb_encrypt_authenticate_memory(int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce,
|
||||
const unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct,
|
||||
unsigned char *tag, unsigned long *taglen);
|
||||
|
||||
extern int ocb_decrypt_verify_memory(int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce,
|
||||
const unsigned char *ct, unsigned long ctlen,
|
||||
unsigned char *pt,
|
||||
const unsigned char *tag, unsigned long taglen,
|
||||
int *res);
|
||||
|
||||
extern int ocb_test(void);
|
||||
|
||||
#endif /* OCB_MODE */
|
||||
|
42
mycrypt_pk.h
42
mycrypt_pk.h
@ -3,6 +3,48 @@
|
||||
|
||||
#include "tommath.h"
|
||||
|
||||
|
||||
/* in/out macros */
|
||||
|
||||
#define OUTPUT_BIGNUM(num, buf2, y, z) \
|
||||
{ \
|
||||
z = (unsigned long)mp_unsigned_bin_size(num); \
|
||||
STORE32L(z, buf2+y); \
|
||||
y += 4; \
|
||||
if ((err = mp_to_unsigned_bin(num, buf2+y)) != MP_OKAY) { return mpi_to_ltc_error(err); } \
|
||||
y += z; \
|
||||
}
|
||||
|
||||
|
||||
#define INPUT_BIGNUM(num, in, x, y) \
|
||||
{ \
|
||||
/* load value */ \
|
||||
if (y + 4 > inlen) { \
|
||||
err = CRYPT_INVALID_PACKET; \
|
||||
goto error; \
|
||||
} \
|
||||
LOAD32L(x, in+y); \
|
||||
y += 4; \
|
||||
\
|
||||
/* sanity check... */ \
|
||||
if (x+y > inlen) { \
|
||||
err = CRYPT_INVALID_PACKET; \
|
||||
goto error; \
|
||||
} \
|
||||
\
|
||||
/* load it */ \
|
||||
if ((err = mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x)) != MP_OKAY) {\
|
||||
err = mpi_to_ltc_error(err); \
|
||||
goto error; \
|
||||
} \
|
||||
y += x; \
|
||||
if ((err = mp_shrink(num)) != MP_OKAY) { \
|
||||
err = mpi_to_ltc_error(err); \
|
||||
goto error; \
|
||||
} \
|
||||
}
|
||||
|
||||
|
||||
extern int is_prime(mp_int *, int *);
|
||||
extern int rand_prime(mp_int *N, long len, prng_state *prng, int wprng);
|
||||
extern mp_err mp_init_multi(mp_int* mp, ...);
|
||||
|
86
noekeon.c
86
noekeon.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* Implementation of the Noekeon block cipher by Tom St Denis */
|
||||
#include "mycrypt.h"
|
||||
|
||||
@ -65,15 +75,15 @@ int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
|
||||
return CRYPT_INVALID_ROUNDS;
|
||||
}
|
||||
|
||||
LOAD32L(skey->noekeon.K[0],&key[0]);
|
||||
LOAD32L(skey->noekeon.K[1],&key[4]);
|
||||
LOAD32L(skey->noekeon.K[2],&key[8]);
|
||||
LOAD32L(skey->noekeon.K[3],&key[12]);
|
||||
LOAD32H(skey->noekeon.K[0],&key[0]);
|
||||
LOAD32H(skey->noekeon.K[1],&key[4]);
|
||||
LOAD32H(skey->noekeon.K[2],&key[8]);
|
||||
LOAD32H(skey->noekeon.K[3],&key[12]);
|
||||
|
||||
LOAD32L(skey->noekeon.dK[0],&key[0]);
|
||||
LOAD32L(skey->noekeon.dK[1],&key[4]);
|
||||
LOAD32L(skey->noekeon.dK[2],&key[8]);
|
||||
LOAD32L(skey->noekeon.dK[3],&key[12]);
|
||||
LOAD32H(skey->noekeon.dK[0],&key[0]);
|
||||
LOAD32H(skey->noekeon.dK[1],&key[4]);
|
||||
LOAD32H(skey->noekeon.dK[2],&key[8]);
|
||||
LOAD32H(skey->noekeon.dK[3],&key[12]);
|
||||
|
||||
kTHETA(skey->noekeon.dK[0], skey->noekeon.dK[1], skey->noekeon.dK[2], skey->noekeon.dK[3]);
|
||||
|
||||
@ -95,22 +105,8 @@ void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
|
||||
_ARGCHK(pt != NULL);
|
||||
_ARGCHK(ct != NULL);
|
||||
|
||||
LOAD32L(a,&pt[0]); LOAD32L(b,&pt[4]);
|
||||
LOAD32L(c,&pt[8]); LOAD32L(d,&pt[12]);
|
||||
|
||||
|
||||
#ifdef SMALL_CODE
|
||||
#define ROUND \
|
||||
a ^= RC[r]; \
|
||||
THETA(key->noekeon.K, a,b,c,d); \
|
||||
PI1(a,b,c,d); \
|
||||
GAMMA(a,b,c,d); \
|
||||
PI2(a,b,c,d);
|
||||
|
||||
for (r = 0; r < 16; ++r) {
|
||||
ROUND;
|
||||
}
|
||||
#else
|
||||
LOAD32H(a,&pt[0]); LOAD32H(b,&pt[4]);
|
||||
LOAD32H(c,&pt[8]); LOAD32H(d,&pt[12]);
|
||||
|
||||
#define ROUND(i) \
|
||||
a ^= RC[i]; \
|
||||
@ -119,6 +115,11 @@ void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
|
||||
GAMMA(a,b,c,d); \
|
||||
PI2(a,b,c,d);
|
||||
|
||||
#ifdef SMALL_CODE
|
||||
for (r = 0; r < 16; ++r) {
|
||||
ROUND(r);
|
||||
}
|
||||
#else
|
||||
ROUND( 0); ROUND( 1); ROUND( 2); ROUND( 3);
|
||||
ROUND( 4); ROUND( 5); ROUND( 6); ROUND( 7);
|
||||
ROUND( 8); ROUND( 9); ROUND(10); ROUND(11);
|
||||
@ -130,8 +131,8 @@ void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
|
||||
a ^= RC[16];
|
||||
THETA(key->noekeon.K, a, b, c, d);
|
||||
|
||||
STORE32L(a,&ct[0]); STORE32L(b,&ct[4]);
|
||||
STORE32L(c,&ct[8]); STORE32L(d,&ct[12]);
|
||||
STORE32H(a,&ct[0]); STORE32H(b,&ct[4]);
|
||||
STORE32H(c,&ct[8]); STORE32H(d,&ct[12]);
|
||||
}
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
@ -157,25 +158,10 @@ void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
|
||||
_ARGCHK(pt != NULL);
|
||||
_ARGCHK(ct != NULL);
|
||||
|
||||
LOAD32L(a,&ct[0]); LOAD32L(b,&ct[4]);
|
||||
LOAD32L(c,&ct[8]); LOAD32L(d,&ct[12]);
|
||||
LOAD32H(a,&ct[0]); LOAD32H(b,&ct[4]);
|
||||
LOAD32H(c,&ct[8]); LOAD32H(d,&ct[12]);
|
||||
|
||||
|
||||
#ifdef SMALL_CODE
|
||||
|
||||
#define ROUND \
|
||||
THETA(key->noekeon.dK, a,b,c,d); \
|
||||
a ^= RC[r]; \
|
||||
PI1(a,b,c,d); \
|
||||
GAMMA(a,b,c,d); \
|
||||
PI2(a,b,c,d);
|
||||
|
||||
for (r = 16; r > 0; --r) {
|
||||
ROUND;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
#define ROUND(i) \
|
||||
THETA(key->noekeon.dK, a,b,c,d); \
|
||||
a ^= RC[i]; \
|
||||
@ -183,19 +169,23 @@ void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
|
||||
GAMMA(a,b,c,d); \
|
||||
PI2(a,b,c,d);
|
||||
|
||||
#ifdef SMALL_CODE
|
||||
for (r = 16; r > 0; --r) {
|
||||
ROUND(r);
|
||||
}
|
||||
#else
|
||||
ROUND(16); ROUND(15); ROUND(14); ROUND(13);
|
||||
ROUND(12); ROUND(11); ROUND(10); ROUND( 9);
|
||||
ROUND( 8); ROUND( 7); ROUND( 6); ROUND( 5);
|
||||
ROUND( 4); ROUND( 3); ROUND( 2); ROUND( 1);
|
||||
|
||||
#endif
|
||||
|
||||
#undef ROUND
|
||||
|
||||
THETA(key->noekeon.dK, a,b,c,d);
|
||||
a ^= RC[0];
|
||||
STORE32L(a,&pt[0]); STORE32L(b, &pt[4]);
|
||||
STORE32L(c,&pt[8]); STORE32L(d, &pt[12]);
|
||||
STORE32H(a,&pt[0]); STORE32H(b, &pt[4]);
|
||||
STORE32H(c,&pt[8]); STORE32H(d, &pt[12]);
|
||||
}
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
@ -219,8 +209,8 @@ int noekeon_test(void)
|
||||
16,
|
||||
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
|
||||
{ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 },
|
||||
{ 0x57, 0x9a, 0x6c, 0xe8, 0x91, 0x16, 0x52, 0x53,
|
||||
0x32, 0x00, 0xca, 0x0a, 0x17, 0x5d, 0x28, 0x0e }
|
||||
{ 0x18, 0xa6, 0xec, 0xe5, 0x28, 0xaa, 0x79, 0x73,
|
||||
0x28, 0xb2, 0xc0, 0x91, 0xa0, 0x2f, 0x54, 0xc5}
|
||||
}
|
||||
};
|
||||
symmetric_key key;
|
||||
|
@ -1647,56 +1647,56 @@ Key Size: 16 bytes
|
||||
|
||||
Cipher: noekeon
|
||||
Key Size: 16 bytes
|
||||
0: 579A6CE8911652533200CA0A175D280E
|
||||
1: 63912A26125657DEA632A0AE4111D4EE
|
||||
2: 0F25F642860261CDC4474D6CFC6F3D90
|
||||
3: 5747B5798279426E91FD69C6F471B608
|
||||
4: 298B7486227A423729EEB0BFD653DCD1
|
||||
5: 47FFD11C5F6B5638F846FE55F9BCF192
|
||||
6: BF7F5610C79727BFF3A0E2318F35F92C
|
||||
7: 418713351CA5800DEFD0976872B6BD5F
|
||||
8: 46B0BFA8FFCF1B90294AD630CEF353F7
|
||||
9: 933E10C381138CFA2419D56BFF3DBF24
|
||||
10: F47B4FD4B400E3A5CAE5C2E2732AF77D
|
||||
11: 7BEAFF8299E5C530A9F0928195798D5D
|
||||
12: A254293BCC71E208698AFAA1C5630C29
|
||||
13: 6374FEF1DFC16151F31E71BFE476DD2B
|
||||
14: 578ADFFE69E5072E5AC617E99C2A890C
|
||||
15: DB8EABA030B5B7425A279E397260D385
|
||||
16: B886B5150FABE45F81C111317AA8E1FA
|
||||
17: 0156DE757EC43054CA2B8BD300B3A43A
|
||||
18: FB423A1AD74955E5E937DEFEBC130A96
|
||||
19: 4358F88BCA4649A5C12A2E438F7A416F
|
||||
20: B8A8B6A336B7A750EC5C8A635A1DE2C4
|
||||
21: 2397C77016C8D1FAA5913390EB66B9D1
|
||||
22: F458C608E1A35743726EDA8E94F236F6
|
||||
23: D91DCCAF1419704CF7C39DD486C48BB0
|
||||
24: 551C9932FF89212454061D77E9E58897
|
||||
25: 5FB1F24CA23AB487ACC825F900B43DEA
|
||||
26: 76DFFAFB4A7F79B5748795BBB687BA11
|
||||
27: 70D34BC18EC3DA47F5E7AF716F5E767A
|
||||
28: 4E8410F31F869487956CCA4922E4A787
|
||||
29: 68519971FD65F6076FBFDE99AE5F5878
|
||||
30: 8C1C64C7E1650F5A09822597A3E25E9B
|
||||
31: 82EE58A56C050612BC9AD23AB83B2D5F
|
||||
32: 741B22347DC979154DC4FF81ACCEB0A1
|
||||
33: 79D8A56ACA0EB5A0FD6ABB34DF4EC2AE
|
||||
34: CAA1D93E89FFEC73689B642628297342
|
||||
35: 529BC07FB15CA79BBD93F63E14899898
|
||||
36: 7027D39A8CF02F8FB14D87940ED4EA15
|
||||
37: 4CF18E695D534EF04B8C15974FA31A53
|
||||
38: 113C632737E908F45DF5238904A88B95
|
||||
39: 723A9D4DFCEE39D6A2C1D90C1AFF9FE8
|
||||
40: BEA1D634560BF4F2DB05A40B79C13413
|
||||
41: D3B75F2568C0F57E13C8A19E4AC192B6
|
||||
42: 27CCAFC6BCDFB20344102D2021879828
|
||||
43: FE94A00B65DAF91DF1E99FA2784F930D
|
||||
44: 24626085EC4C2F85968E4C60CD591E3F
|
||||
45: 2612AE4CE03A5E1066AAAEDEF388E8CE
|
||||
46: 4B8E6E59642E19874DF38BB66F65F0A5
|
||||
47: 47C145C37C2C048E73E7E85F28B2662C
|
||||
48: 79D71CD15255964407198165F32C26F4
|
||||
49: 8F02BA60E7E3FC32223CDFD308D4C6FC
|
||||
0: 18A6ECE528AA797328B2C091A02F54C5
|
||||
1: 2A570E89CD8B7EEEE2C0249C8B68682E
|
||||
2: 828F4F6E3F3CB82EEEF26F37B26AEA78
|
||||
3: A3CA71833499F244BF26F487620266A4
|
||||
4: 333ACCE84B0A9DE91A22D1407F9DA83C
|
||||
5: 224285F3DB3D0D184D53F8FFDC8008D0
|
||||
6: DE39E2973025FE9EC1ACDE8F06985F91
|
||||
7: 2F00F45A01B1B0AA979E164DC5CCFE10
|
||||
8: 43775F3CBEE629EF6A9BA77CA36171D9
|
||||
9: 1E6A67ABF1B6ACF59FB484866AC15A86
|
||||
10: 70490989E2CD2145730921CCC37F0A17
|
||||
11: 67B0DD0EA903486B1CB56591FCF42678
|
||||
12: 774AAB71FF28E49A30E1E718D98114E8
|
||||
13: DF4797990E1C65C9F6735BD967164D45
|
||||
14: DE2779DF26FC1B99F576ED4CFBAE76CB
|
||||
15: A13AD17440641B3460A01175E3274AB9
|
||||
16: 1166499165F2A1196CA2DB831F264E77
|
||||
17: 35D24A385416CF2A44AB97A4AEC45E14
|
||||
18: D3D0E0DC962B1AD1AED92F57129088B2
|
||||
19: 00EF3E246B32634ABAF8BEE31D5C592A
|
||||
20: 79BBF3F807675B9F264BABC67DF4C2AB
|
||||
21: F391F2D58F0998F24BC9E5FA75DB9E99
|
||||
22: 066EF13C2617E97E6015B86BA1E059B2
|
||||
23: 5B0E2D7AE1E2734B9D5734C87F7BE272
|
||||
24: CDF7020212B7CF21F4817829386A6F8E
|
||||
25: 24873E1A0EF4908DF85114ED9BDB0168
|
||||
26: 99904360C843472F71AB86B26DC78A00
|
||||
27: BEE70B3735A67268578FF107C328940B
|
||||
28: 97DBB283536BC8AE8DBF56F3474C7740
|
||||
29: 2F4C903975EF709E004D24DC132A8A51
|
||||
30: 3EF0859A281782F905198C607FBE5C43
|
||||
31: 2D9CD48BC6A99E86468CBDD2A55C7D5F
|
||||
32: 5518D3ED18D5E5A62752CDF0846D0C77
|
||||
33: F751E9CAF107BAD8A1F1F9C374277A6A
|
||||
34: C5BA4DE907C41221FBABC5EC43710D0C
|
||||
35: 5CA48836330870365A10E7B676695C9D
|
||||
36: 937A964E0EA4D246E97293375B167EFD
|
||||
37: C0A876CB6957717541A90CCCB034BFB8
|
||||
38: A57C93A09F9160A28D3D4DEDC987746C
|
||||
39: 1FFA1E0B5EE0F0A18425F62717254419
|
||||
40: 8411C87262AE482CFC43C3092BEAFD90
|
||||
41: 0B9BB379FB3587A9ACEEED4771D8DC20
|
||||
42: 3B32EDBF9557E1DFBCEEC269B51FA494
|
||||
43: D1104E2888679A9EF6A13AE00ED7E1FB
|
||||
44: 0EC9849BAD58A279B42B5BA629B0045B
|
||||
45: CF206E8D3399918E75DE4765DD743060
|
||||
46: 55CCEB28E27D4DC7CE2546454FFD2C33
|
||||
47: 6E2339281583420B76E1750D35296C12
|
||||
48: 7800EC3D8C344BE7F2D2812F5AFF3DA4
|
||||
49: B80F4B0BDAA54A04D5A26BCA185F4EA2
|
||||
|
||||
|
||||
Cipher: skipjack
|
||||
|
407
notes/eax_tv.txt
Normal file
407
notes/eax_tv.txt
Normal file
@ -0,0 +1,407 @@
|
||||
EAX Test Vectors. Uses the 00010203...NN-1 pattern for header/nonce/plaintext/key. The outputs
|
||||
are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous
|
||||
step repeated sufficiently.
|
||||
|
||||
EAX-aes (16 byte key)
|
||||
0: , 9AD07E7DBFF301F505DE596B9615DFFF
|
||||
1: 47, 57C4AC75A42D05260AFA093ACD4499ED
|
||||
2: C4E2, 26C5AB00325306772E6F6E4C8093F3D2
|
||||
3: 16177B, 852260F91F27898D4FC176E311F6E1D1
|
||||
4: F09F68BE, 700766CA231643B5D60C3B91B1B700C1
|
||||
5: 8472705EDF, AC4C3359326EEA4CF71FC03E0E0292F2
|
||||
6: 14C25EB5FD0D, 8DBD749CA79CCF11C1B370F8C975858C
|
||||
7: F6A37F60670A85, AFBD1D5921557187504ADE61014C9622
|
||||
8: 1AACFEAE8FBAD833, 82F477325D6F76BB81940AE25F9801C2
|
||||
9: 069414324EC293697C, B980E21C09CA129B69E9032D980A9DC5
|
||||
10: D8174DE9A2FC92B7DA9C, 1E42CC58BA2C8BFD83806444EA29DB61
|
||||
11: 2C087DEA30F8B7EE510990, 83DB400A080C4D43CAA6EC3F1085A923
|
||||
12: F36B93C272A703D3422C6A11, 1370C3AF2F3392916364BBBCC2C62EC1
|
||||
13: A0F33477BAE2E28E6747AA3193, B626DC719528CAC65DB0EF94E35422CE
|
||||
14: FCF5193506052E8BFA095C1A5205, F5BD02E0B3C91CC7D6FAAA8A9A76CE6A
|
||||
15: 3797D7F8599B8EEAB39C56241880DC, 0B70003E77146B903F06EF294FECD517
|
||||
16: C4BAD0E0356FFD369110C048D45D81BE, DE7C2B1D83BE2CC8EA402ABE1038BB79
|
||||
17: AF5C358BD31CDCAC2F0EA5252F1C3BE1E4, 2D700986F93B22DFE6695C2A243B4E42
|
||||
18: 7DEF9056FBDAF491D7206B26B19DEF617AA1, E71A7D00BE972D85C77931D7591B2151
|
||||
19: 6E9B2C0A90BF9D38A6EA3B5D2B9B2D97F938EB, 5B483D7F15C39602C2918181E57DA341
|
||||
20: 7C5F68DEE9BBA3B04F11D5FC7C9C7FE6E8B5025C, 0AE6A12D37A9C10BB1A494E16705DC05
|
||||
21: AF0A886BF673BC72045FC074F06A0176C96105E2E6, 06B2DC9A2868C23F86D710E01E37E07B
|
||||
22: 5F228A986DFE4301EDBAF07A02E114F1B30932995CD1, 74EBF68627C78B1FD024A59B56B2A8FA
|
||||
23: 911322F60555118CBECD8DD82F186AC19514316E8D48BA, B6A8BAF2F175CD0C71B63B1EF37E185E
|
||||
24: E7F52730CFB808EFDB376A5D5DF31A7EF8292DC5FC37E9BC, BA2AD158A2D2E5CE01296402B592E1DB
|
||||
25: B3F8D7CA47D8D86E94D670AFBAFA3B8D9E186C97DC029D4705, 709D2D2B9975D4729C19D4EAC430E65E
|
||||
26: 7178FEC027AFADDC2C03518E75CF34D207CAC2EB1537A0DBA520, A315F034CE5E66601444402520F55DE2
|
||||
27: FC230B2B8522F53459D0B968421469BBA7E683ACB0190393B2870F, 48679A78E470E175CF3D3E9B46CEDFCE
|
||||
28: 35A641127C78C721ECDC50866C21637FDC9515E41CE60F09015EA713, 0062987222F6412B7AAF8A9ABF6FBF98
|
||||
29: 3D42D6C113421743C08A6F682CFA0E517D5531BB66241C02EC4DCC26F7, B1AAFE11FA2D6E0C870177DDD7F98FF0
|
||||
30: DAD065B4669B7C59C8392D8E7BD7E64BC01CEFFF27E335B25A328D356F0E, 8973B9B9ECF26DAB58CCF0787EE928E5
|
||||
31: EBE626F9E241FD233D9781C359430C982667AA26921B62E98FAEC502C01B0B, 2AC0D7052A2CDCCE8E26FEA7595198AA
|
||||
32: 64D842B66796A797C2B4C6905742FDF2148FFC445E192F9E03B53810C082F788, 9778B345EC12D222DCC6DBABD2651750
|
||||
|
||||
EAX-blowfish (8 byte key)
|
||||
0: , D8C4C23A6AC0B7B7
|
||||
1: 2A, 5E0E4BDDB60772FB
|
||||
2: 7695, 7581B16CCC9C45F1
|
||||
3: EB14C8, 6223A121CFA216C7
|
||||
4: 5A5C809C, 4A47658796337D6A
|
||||
5: 8BC2041181, E1FBA8DBA00571FC
|
||||
6: 89C666F015FA, 2B4A76A0E699FCFE
|
||||
7: 86C1FA92484AF6, 31B3B738A261D6F5
|
||||
8: D1F401C145C9328B, 4C4A045EB489F59C
|
||||
9: 70C9C7753698324A73, AB298B5B20567EB4
|
||||
10: A50D9D88DC101B6DC8D2, 529DFCBFD13B8E6C
|
||||
11: 7CC2885C2BE79C44F28FF2, 566255022B40C81C
|
||||
12: 6902D58347C29250EE07981C, 34619AF18E14C690
|
||||
13: AB6C3C4AD3EC45143392B642DA, E6D2DD323DA175BB
|
||||
14: 7065B28BA8AB67B2FB7B6D5E3FAF, AEDCAA54F4B0772F
|
||||
15: CBBA14A74AD4ADC0EF036EDAE42D51, F2BFFA4D81BAC034
|
||||
16: 60A315193F58144F5701D547C79FEEED, 912FDBDB05467DF5
|
||||
|
||||
EAX-xtea (16 byte key)
|
||||
0: , 86881D824E3BC561
|
||||
1: EE, 4C3505F04611D9C2
|
||||
2: 80C8, 6A3428BEEAD60738
|
||||
3: BF88E7, 04F1E99E9F5906C2
|
||||
4: E06574B7, 33B0153AAEF9776F
|
||||
5: 42D950AF63, 4A0F415640322FDF
|
||||
6: C30F6AD46EC9, 9646FE909D2B95CB
|
||||
7: A0049FCA856A14, A0257289C6BBF278
|
||||
8: 2814B0C1358440E0, C4B0A2354925E887
|
||||
9: BF4F062B52C1E489CF, B56442A3CA57A041
|
||||
10: 63DF433956831B8780FC, ADF9ED0B46DCA19E
|
||||
11: C317FD079817F50E0E8A16, 2EA0EC993FC603AE
|
||||
12: 2BD12FDDD81EB11660346D2A, FBC6F69125BBA88D
|
||||
13: 85D356536FE2843C6BBE60EDBC, BB2FEFD04F230E79
|
||||
14: 22493009DB01B4746F4927A8C4FB, 64CC08471D93C9AC
|
||||
15: C0F3C0DB08DC93FBA725D1E02DE084, 77B762213DDCCFFE
|
||||
16: 568B66D3112556BD98FF9339E9C002E5, C8355F508219FE0C
|
||||
|
||||
EAX-rc5 (8 byte key)
|
||||
0: , 169C7954341EF44D
|
||||
1: 22, DABFDA9A0B0BA067
|
||||
2: 2E54, 6A3D6D9AA5877C5A
|
||||
3: 2A6ECF, 2A34A3AF5DE8919E
|
||||
4: 9CC5F84F, D3F673EDAF75E3B5
|
||||
5: FF5611756C, CC647FAAC8D49BF1
|
||||
6: 74C939BEB31C, C335999CCFE8F5FA
|
||||
7: 7976B6F7709B5F, 2A7969C5FD063A88
|
||||
8: 421EEC5022276174, 2C9BFB1EAC3C54A2
|
||||
9: 6A4761CD266B1C0ECB, 3EA3CCEBC85FAC4E
|
||||
10: 7C09201098E764239A2E, 8043ABA9BF4D5AEE
|
||||
11: 8CE26277562F646DE33C88, D72AED48895E3B40
|
||||
12: 52150F44D37D121560DA87F6, 58E865E22B485906
|
||||
13: BA0A73B45F93ECFBFC3AB3D8D0, 683D52FA47FB1A52
|
||||
14: 96546CBE01054AD24CC95DB54724, D80D0D530E5D1DDE
|
||||
15: 61E654BB18CD26FC36C09F874DC2C7, C65884CB9D9FEC1E
|
||||
16: 1D77B8BF02CDEAB4A707C07628826D5B, F18D1730C3D64701
|
||||
|
||||
EAX-rc6 (16 byte key)
|
||||
0: , 1DF8B0B92A3F0C951C425AF4830E63FD
|
||||
1: 1A, 8A2959EBBE90180999994DEB7036DB85
|
||||
2: 435D, 7EF00CB57DB7B4155DB530D75CE6B025
|
||||
3: 08A6CF, 2ED6AF0F2D5BAB05F623D389480A01F2
|
||||
4: A86E54D3, FC69547C8BD922A5BF2F7B26C4D20F98
|
||||
5: ED0822E439, 0007A3C6DEFC6C912C0E5B853B520368
|
||||
6: 7BEFC7FD4054, D32C43A4D1086D57C5BCFAEE04EBC600
|
||||
7: 5235E58E79287C, A27E9C781327C0FC7C55410EB0C828A9
|
||||
8: CEB5EE99BE521F4D, 547F46383987F2A3582A81A3BCF9B280
|
||||
9: 0358B063D5F99C3770, C0A73730512CDA6AD49599775D59EDA1
|
||||
10: 434B9AEE07DFADD0A332, 499BD88881E558E09A8E822BE27D2496
|
||||
11: D47849E650F350BB622D74, 638E37A84E7FAAF8F5D77F1B061773DC
|
||||
12: 814592F568284085E79A024B, 9EB1405E8422FE50BC0D88D837A2C650
|
||||
13: 6F2B55EC91B591082053AF692E, C48F91EF01AA43A1EE3B36D233DDD48B
|
||||
14: 506CBDD2901838EE2F178B6953DA, 03778957F536509BFCA577B23A18F726
|
||||
15: 446EE435D3D1848B51BB8C5F7BE4A1, 1129EAEAADE534940546D43242A4C839
|
||||
16: FB9D2B150C42465B1685D8F069CC06DB, 41E2940F5DC63CB4E2FBEC25ED8A31E6
|
||||
17: 9684F683260107BE8FEBBEE1D3EEDAA7BD, BAE7C116F7FF96631F4ACEE95C65CEF3
|
||||
18: 5082B1FE48CD3AB58F63C2DCFDD4069AC736, 19AC7B8EE315CBB7131A283851B32266
|
||||
19: 8C72AE495B6F003A3C784D144E84E88885F78E, FA4CEC023740A8D670E351FBCF62C1CB
|
||||
20: 815D6361C7AE34C9D796ADF9C71ABC46AEF88BC9, 9A1F7288C61A6623B9A82748137ED7CC
|
||||
21: 904A853E2E96BD2B85AAB3F5DFB900E9B3642EE667, 9AA90DBDD461CAD20495DCFBCB513DD2
|
||||
22: 79D738A462F727B3D3C529ED999B6FDCCD991D1C5A4D, BF0987BEDDE650D73CAE7D380FED3431
|
||||
23: B2DEFDB7D503A84E83155A04B8DE8C8DBB68C2FC475007, B7CE900CF43CD518024123C76F6DA328
|
||||
24: 9E723E15439E12F6C46DF8A309AE1E97B6FD18436259CFB0, DF8B6E1E23512CC4CF5FF531A1908F69
|
||||
25: A7F0AD03CEBCC9202718AA164886E1026975306A664C5AC7A9, 4A771BF8B9A4325705C85E5499FD98E9
|
||||
26: A53A92AD1C6835F28E04EF591E783D36F3D76E489B31B87BEB7A, AA263B52A6E6A043DE4D7029D4DC73F5
|
||||
27: 79BE3C38291A7F77E932C8A9DEAC08DE6442EA9B3895B101A14E7B, 33B84DE06342E675E019CD0237292ED0
|
||||
28: FA108123C5A69571CFDFE8C3D00535121FDE3096DDC0D700F8F26A5A, 764025D7CA1A3F2C54D28956423B0C77
|
||||
29: 36EC2D67FD977BD2B73DB6D8EB756B3EADA13690E1B6DFC12A4781B34B, 4BC6B38DE3B02283D92F4DF19A5C48C5
|
||||
30: 96D3243C945905C9732B5927E46F00886D511463B38C86002FC26B65AB8C, 5B5511CDEC35687AB8425AB22D58B4F1
|
||||
31: 9CF83B87BEA3374AF7722E999863E3DABB858B0383383EAC7757F5B80FD44B, 1E0CBC961940FDA93B73A92DACFD67F3
|
||||
32: CE3BC3C9FA5EF4AFE5272B3EDD24B1B003FED2C2E501528CFF44D3FABFF52CB4, DC94FDDC78AAB2B7CAA1E1EF149AC355
|
||||
|
||||
EAX-safer+ (16 byte key)
|
||||
0: , B120C7B37450C46189712E4DFD1F0C44
|
||||
1: CA, 82BA1869C5FF1EF2A4F6ADC1E7DC1F1D
|
||||
2: DD20, 6BD5601B16C9943A84AC1F99A176E6D1
|
||||
3: C1C09F, 0911DC63AA414C004E2BD825BECDC93B
|
||||
4: 27E43F59, BD858F084B082F76814DC385E1FB20D1
|
||||
5: 2A9A92F246, 5ADC4A32491934AC0BD00FCE686B26F1
|
||||
6: 52C78C0CD6F4, F35886F46C03EDCA10B3D01CF07B1E0A
|
||||
7: 23E0D3CED3795F, FE33D96FC98B78A30C0A412C60E93992
|
||||
8: CD3FC9961559F239, 9982364A61609FC41068260267231EE9
|
||||
9: 6EA46CB7AD7505C1BC, BB15053EF0F78B9091B3064118F3E9BF
|
||||
10: 05D9BA230A56CCA0703A, 1338E68E3DC992B6EB2685C668E75869
|
||||
11: 7AAD6049DFDCA6771AE42B, 35267E431051E1812495615324C4CBE6
|
||||
12: 8695091532B83B23C296F620, 7B2EEA861E9A91E6B6A911E10FC3FDD1
|
||||
13: D909DA4BC7372ACAEA78E6A0EE, EA6C1CD16180DF0B07F4E204A4B4FACB
|
||||
14: 7DEC8443600D0563AEFE87A2064F, DA454728069B3B409889664783588189
|
||||
15: C042FE656742CD2FE5D9C212D18C6C, 5929E4AECC2CA047BAE948E7023FE4D0
|
||||
16: 0B84D3CF59EEF7319633F4A397D47CF8, 31F892FFDB7535DF5D9143456E404163
|
||||
17: 8C9E57AAFA7969B142742B63AB73286600, C418231C44F96660DDBA8C26B3BB3681
|
||||
18: E9EED66D370A3A6A39C7E0E570D96F807EAC, A4AFE8D1D3C31B956A3BDBD043E7A665
|
||||
19: 1A5D47992DA5597D1449B4C8DD47B7404C7657, F3ECEE5182014FC3365FDBC4C33CC06A
|
||||
20: E7C7945FD1AFD3F5DCE666D8A5A2E8A3C11A7A5F, 86D78B2FBA7597B8806BED505B52BDF6
|
||||
21: 9E2165B47B29CBC4ACD50660E011D691F061209969, E9B1E860BD02085177E1A94E1EE6F3F0
|
||||
22: 48EA2945C8DD3FE09407BAC8973A861DB15B788C8FFD, 502926712EDB1B3DD13806052C6C75D7
|
||||
23: F37D46B35B60819EA52B00457D79155C04B55972D0DFA9, BB2B7D210BF0570F422640BF81F39B9E
|
||||
24: 12E85C0C78227205CC682360C79E35BF58EC6551CF8FE2D0, 042990D7A58D458C570A15DD375DB4E7
|
||||
25: 4F6C15109DE980DD14A7F4C27F48671E4787C53A564232F427, B097A5990D8067DD89C21473150C070F
|
||||
26: AAC472E49DB101B564A8A01E2C80C0C6AE9065D332C2DE79FAB6, ACDD587A7DB86542E195DF73AF1C1CBC
|
||||
27: B9912CE18019C31692A1F7E11D9CCB20297ACCB9DC62C47C01D2C2, B0ACBF028CA5B15E0035D2EB8CA916BE
|
||||
28: B4F2B1FE14A1ECDC9C8EA1A0120395E6ED1E69D3FC85DD0F3F90F350, 9A561EBC769369B95B9CB74FC6AC27D3
|
||||
29: 3FE397C8AD02689B7437A37861F0907AF1F6014A293B46419348771C5A, 6B7BEB9BD5018FECD71BE5081C7C2544
|
||||
30: 5019089142199F7207E1B7731B8B247A18A685B231499DF12A73F5D67D37, 307E93446777005BA1B088F178A0DB6E
|
||||
31: EAE8F9F02F8DB3D70B78B08CFB0949D99F1A86C958A8E3823736BCEAB86BE1, 6C94F48591C18BF9C450515B73379973
|
||||
32: B9C795F7A87305B4AD36DBA10B3B1C70B329D29E49C8C6A932D96A74334AEE4A, D18E6E233FEFD6E5C7148BDC1504299C
|
||||
|
||||
EAX-twofish (16 byte key)
|
||||
0: , DB0C02CB069E3773296D3BD4A87A381B
|
||||
1: 99, 7D21D19E9C440F68E99F1F2EA2668694
|
||||
2: 0696, EA590EC417C88E23FD23917F9ECFB0C6
|
||||
3: B9B082, 82D4C9B68DDB02C906496413E13A2D68
|
||||
4: D6B29D74, 5BCE5CA4F662E883BF7FCAAE5FB2CE01
|
||||
5: A59C9CB009, CBFB04226D1029A7EC9D64A48A6729BE
|
||||
6: F4924FE3E355, 3D85B3900DECA0528C815F1447A1F209
|
||||
7: 679C88D52FB519, 931C7A863C3701D8015FDBD8696C6C30
|
||||
8: 26DA41C0D115375E, 7627E23E791A4DCB0FA5ED71B1ED2288
|
||||
9: 8FEC6EB7016AD2B178, F65ED0286A724F0CB2EA317D5022B0D8
|
||||
10: B5F22415B1334133C531, 87C4F3A8991BBB85984BC4D3305A5CF1
|
||||
11: 23E1D0ED2E820AFE7DA2FE, 100499F1093FAB2ECF73B643594E98E3
|
||||
12: 79519ABA91F46B8DAD6D5335, FBDCD1FCDB20AB99135F28A714C6992F
|
||||
13: 5968D0B4198A0AAD3D0395018F, 781F22E2DA98F83398FCF911B2010057
|
||||
14: 4E55B14432B601E3EF2EF567CB15, 8BF6E53D7657E56EA3DA1BFD9C9EC06E
|
||||
15: 6ED89651CE19B3DD1EE5C8780B5015, 131CFD657D32D4E1B35140ADDCA0E13A
|
||||
16: 2295A968B4D072D12757756247554850, F35FAC95C2AA4155450EAAA6E2E789B5
|
||||
17: F9B2AA2AA502EA79BBA0C5EAD932B8E1EE, 0ED81AA40B9BF39A9AAEDDDB7A04BEA6
|
||||
18: 385055F1C1C26C0472A504B4CD225DCA55FE, 24831680B56368231AC54227D737F582
|
||||
19: 771529585C741A3F8B1C973709892F255A99EE, 2A132B4BF96FD5109DB04459103F5E84
|
||||
20: E7A2197D9FAA8AB8B303B5EC71AE34AD5EC5DD66, CCAB6518371EC8E0A9E9EE4F7CA5878B
|
||||
21: 279E54F755EAC6B57375B9EC4406E43DB3139D740C, 7B6F26F2C0ECC9F2DF4EDD7513E6E0B7
|
||||
22: 27816AA94CBA2BF98E49E595AF5B3FAD12BF1D6F1AC6, D04876C5492D275F15C834E3CF794F0E
|
||||
23: B5658DC148855F68B282211D879F688F3C142FE555CF81, 4539CDA8A65DB9047AAD76B421B81120
|
||||
24: 72F0BD4F939C2C9B4FA734DCB0AE4FB9BD342BC8459ED2FE, CEA8469BC0457EBF3418C1114288C904
|
||||
25: 70568245E6E6BD5D11AD0C74030D7AE08BA05057DEA0FBF4AD, 71554FDE6B87477A51EE4499D78783D2
|
||||
26: 8702D35BE07D7ADF70684046CC6C72FBBBF821E0BBCCBC973601, 33CC6FBFDA15E306919E0C3BB2E22BB6
|
||||
27: 0BA23F4A6174165D4A8BA80B7C875340B0F8B2A6967D34E106BC22, 00E6679496714236EECEC84B9AF3072E
|
||||
28: B9E25ABA84C6BD95B5149E7616FE2E1D6FAACEAAD77A636C60279176, 8D8AD0B9D4C709E1DA370EE01611482A
|
||||
29: 74759711F6D542581F9F83498FB616638D092732BA07109BF4B5BE045C, 71A40DC777BD09F75362F7B20E0B7576
|
||||
30: ADBF7E98926484BA2C7F6CD7CD9734FC19265F68AF3BFCAEB025F6296E37, 8DF15B5F69B67F7DABE44E3666B55047
|
||||
31: 2DC26D449379997D110309B2A0DC2760FCE8CADB4B14ED580F86C70F69C9BA, EFCB60EB2B25737E256BC76700B198EF
|
||||
32: 2B1890EB9FC0B8293E45D42D2126F4072754AA54E220C853C5F20FBA86BE0795, 1A1B15BBC287372FB9AF035FB124B6A1
|
||||
|
||||
EAX-safer-k64 (8 byte key)
|
||||
0: , 9065118C8F6F7842
|
||||
1: A1, 1926B3F5112C33BA
|
||||
2: 2E9A, 5FA6078A0AA7B7C8
|
||||
3: 56FCE2, 984E385F9441FEC8
|
||||
4: C33ACE8A, 24AC1CBBCCD0D00A
|
||||
5: 24307E196B, DD2D52EFCA571B68
|
||||
6: 31471EAA5155, EB41C2B36FAAA774
|
||||
7: 03D397F6CFFF62, 7DFBC8485C8B169B
|
||||
8: 8FA39E282C21B5B2, 2C7EC769966B36D7
|
||||
9: FEA5402D9A8BE34946, A058E165B5FFB556
|
||||
10: 6CDEF76554CA845193F0, FED516001FFE039A
|
||||
11: DC50D19E98463543D94820, 8F9CCF32394498A1
|
||||
12: 42D8DC34F1974FB4EB2535D7, 77F648526BCBB5AF
|
||||
13: B75F1299EF6211A6318F6A8EAA, C5086AEA1BE7640B
|
||||
14: 1E28D68373330829DD1FFC5D083E, 33EDA06A7B5929A2
|
||||
15: 85529CF87C4706751B0D47CC89CEA6, D031905D6141CBED
|
||||
16: FE5CB61BAF93B30ED3C296EE85F51864, CC484888F0ABD922
|
||||
|
||||
EAX-safer-sk64 (8 byte key)
|
||||
0: , 5254AB3079CDCB78
|
||||
1: 75, 798DCF14FEF8F4D1
|
||||
2: 0300, D5FCA75DAC97849C
|
||||
3: 520F98, 10E357957CE20898
|
||||
4: 80E2764D, 5C7F46656C6A46EA
|
||||
5: C48960CDAA, 3CCF44BD41F01CA8
|
||||
6: E0E60BD9AA2C, EBB493983FCEE79D
|
||||
7: D13D8804906A1B, 6EDDCA919978F0B6
|
||||
8: B7AE14C37A343BFB, 2369E38A9B686747
|
||||
9: 5DE326BBCC7D0D35E9, 041E5EE8568E941C
|
||||
10: 13494F5B0635BA3D6E53, EAEEA8AFA55141DD
|
||||
11: A9BB35B14C831FDA0D83F7, 4002A696F1363987
|
||||
12: E242043A1C355409819FABFC, 63A085B8886C5FDC
|
||||
13: 204598B889272C6FE694BDBB4D, 194A1530138EFECE
|
||||
14: EE3F39E0823A82615679C664DEBF, 1EFF8134C8BEFB3A
|
||||
15: 8579D87FD3B5E2780BC229665F1D1B, A832CD3E1C1C2289
|
||||
16: 74D7290D72DA67C4A9EAD434AE3A0A85, 96BAA615A5253CB5
|
||||
|
||||
EAX-safer-k128 (16 byte key)
|
||||
0: , 7E32E3F943777EE7
|
||||
1: D1, BA00336F561731A7
|
||||
2: F6D7, 8E3862846CD1F482
|
||||
3: 5323B5, BD1B8C27B061969B
|
||||
4: A3EC3416, 170BBB9CE17D1D62
|
||||
5: 0C74D66716, 7BD024B890C5CE01
|
||||
6: 6158A630EB37, B5C5BD0652ACB712
|
||||
7: 17F2D0E019947D, F9FF81E2638EC21C
|
||||
8: 68E135CC154509C8, AA9EAEF8426886AA
|
||||
9: EDB1ABE0B486749C21, 355C99E4651C0400
|
||||
10: DB0C30E9367A72E8F5B2, 631B5671B8A1DB9A
|
||||
11: D4E5453D9A4C9DB5170FCE, 75A2DF0042E14D82
|
||||
12: 3F429CC9A550CBDA44107AA7, 2C2977EA13FEBD45
|
||||
13: A7CA22A97C2361171B415E7083, BFE81185F31727A8
|
||||
14: 170F79D8B0E3F77299C44208C5B1, D5ED9F9459DF9C22
|
||||
15: 2E24312D2AE5D5F09D5410900A4BBA, 2FC865CA96EA5A7E
|
||||
16: 8F3C49A316BA27067FF2C6D99EC8C846, 9D840F40CDB62E4B
|
||||
|
||||
EAX-safer-sk128 (16 byte key)
|
||||
0: , 22D90A75BBA5F298
|
||||
1: 3F, 98C31AB2DE61DE82
|
||||
2: 584D, F4701D4A1A09928C
|
||||
3: B9DEAD, 6E221A98505153DA
|
||||
4: 06D4A6EB, 0E57C51B96BA13B6
|
||||
5: 7B58B441CA, E28CCF271F5D0A29
|
||||
6: 7950E0D1EC24, 2ACDDE6E38180C07
|
||||
7: 65A4F4E098D7C6, 7DC1C9E9602BACF2
|
||||
8: FEBE4E72BAA0848F, C4607EA3F138BAD9
|
||||
9: 9B7BD6D6D655985AA3, 8B2C58A9530EA6AC
|
||||
10: 60C92F925D1478470203, 51E6F5F6DC996F84
|
||||
11: 7B40769370E651F64AA654, 74F1F8A8D3F4B9AF
|
||||
12: 7215832C2FB9C54DF7A9C686, 9BF9AEF14F9151D1
|
||||
13: AD0F9C79008572AB8AE2466EFF, F375D0583D921B69
|
||||
14: C05076E2C330A0D25D7CEC80597F, 843C12F84B00A8E0
|
||||
15: D18F0563AB0278140B0CD9A9B07B34, 262B1688E16A171E
|
||||
16: 650747091F5C532EE37D2D78EE1EC605, 1BAC36144F9A0E8D
|
||||
|
||||
EAX-rc2 (8 byte key)
|
||||
0: , D6CC8632EEE0F46B
|
||||
1: 4C, EA19572CB8970CB4
|
||||
2: 5537, 3EDD3253F6D0C1A8
|
||||
3: 206FA6, 20FA88F03F240D31
|
||||
4: 17EE8B40, 702E8194F1FCBFDE
|
||||
5: 2A89287136, 31C5534786E15FB3
|
||||
6: 3A6AEDC7066B, 3C663A4081E1D243
|
||||
7: 8BC5203947A644, 6AAC806C92BFBD6E
|
||||
8: 2E0274BBE14D21A3, CEB0E0CB73C3664C
|
||||
9: 9C4B292B0CF17E3A29, F23CD535559023EC
|
||||
10: 8E322734308F85662877, 46363D7EFC322821
|
||||
11: C413C405767FF5F98E3667, E7BA35D8F3678E7E
|
||||
12: D77806B7A218098B1569EADC, BA67C306E5C0181B
|
||||
13: 4BE5EF74F9E9799A4D636FEA9F, 4C511C44ADBA4030
|
||||
14: 7E19969170C2C8D8AEBA8C7FBC2C, 54CC6D466A2DF6DA
|
||||
15: 2EF1CEDC1DD3403CF440FC5561BE33, 61C6FB277E93701F
|
||||
16: DE052719153EBACE9D7B19F52AC4282F, 4AC2A96F2FA8634C
|
||||
|
||||
EAX-des (8 byte key)
|
||||
0: , 44048B7F240B6F5F
|
||||
1: 0A, 37009B7D4E09953A
|
||||
2: 03BA, BFD2FD7758961728
|
||||
3: 37EE10, 16A6AF96DE888A19
|
||||
4: 07F44290, 100CA84AA0EDAA1D
|
||||
5: 389EF0023B, 9614FB800A533268
|
||||
6: 3F4DBA8AA01C, EFA6B55B7ED5E40F
|
||||
7: 8C7B837896EAE7, C113CE8F664CE3D4
|
||||
8: 7011D993D8EDB0C7, B4C370A919F60497
|
||||
9: 0DEB30A31351B13D7B, 00ABC82DC5F3A1AF
|
||||
10: 8D3897B2CBE323D6EE1C, 7A2D15627CA1441B
|
||||
11: DBC002C817DEBFB419F94B, D8EB87F86D6ACDEF
|
||||
12: 17048E2976FA85AA849E9A80, 229FCD1C9D1E3B9C
|
||||
13: 30B989EF646544885A478AC198, C1B7EB4F799105C8
|
||||
14: 5C2E12A7F118A08D6FD585F9C839, C358679FEE6FE7D7
|
||||
15: 8D1A1E888BBB8648E638C4E74E11B8, 685E006C441448B8
|
||||
16: 93AE906B8BE4EAC8ED6D8F48F04A7AFF, 71DD7AF752FE28FB
|
||||
|
||||
EAX-3des (24 byte key)
|
||||
0: , 8914311BB990B725
|
||||
1: D8, 2094EDC5D03E54B1
|
||||
2: FEE5, 781CFB0EBE3895CA
|
||||
3: DECF5E, 59918E8A5C4B459B
|
||||
4: BD583AAD, 2013BEEBEEA795A1
|
||||
5: 2BC01C6C78, 0B1134DBBEAB5D3F
|
||||
6: 4D5EAF01A895, AB4D17516ECBA50A
|
||||
7: AF229F90614480, D3113C0A9D133CD4
|
||||
8: BCA6F375DF4568E0, 8E9EAEC8E77786BC
|
||||
9: 575F34219E6DD8DB4C, B40C75139E5D1860
|
||||
10: A199B8AC433B615EC96F, 774AF803698ADE3D
|
||||
11: 718A2975DD9A872A68AE10, 3B9460F849CBA7FB
|
||||
12: AB38E148180F6E2FFBB96F91, E3EE3B8FC50DADBC
|
||||
13: EB10E0233507459D4A6C29EE80, 8D90B46BB1EAB27E
|
||||
14: EB48559C320DFB056C37458E19B5, 9315F0C4AF8500EB
|
||||
15: 9E8C73EADA105749B5D8D97392EDC3, 2E749EE66C1E6A16
|
||||
16: 600FA4149AF252C87B828C780AEFF8BC, 33D7D11DCDC19936
|
||||
|
||||
EAX-cast5 (8 byte key)
|
||||
0: , 382FB8F7E9F69FDC
|
||||
1: 99, 20DA959849B3F7AB
|
||||
2: C54B, D05547C6AFA3484A
|
||||
3: 579836, AAA92B2321FC50C5
|
||||
4: FEB7AE55, 639EDF01C4FB965D
|
||||
5: EA8A6023FA, 01274B3ED5CE102C
|
||||
6: B7C4E995121F, 712BFE27CAFF6DDE
|
||||
7: F44236660B0004, FAC51D1DF8EC7093
|
||||
8: 01CD7E3D0BF29E8A, 049C47A45D868D0B
|
||||
9: DAB170493DFD6E0365, 6F3AEDD9A3ECF4FD
|
||||
10: 82C9EEC4803D9CD11FA8, 32683C0A9128C6EA
|
||||
11: 324AC59E87B244ECE0F32F, F6B095AAB49353CF
|
||||
12: DBDDAB11D02C9CA5843C406E, EA728FC46DDD3B04
|
||||
13: D67376C2A4AD92E7DD80E39303, CAF72B7E7C237EB3
|
||||
14: F2B9BBEF08036C2982C6DDD06918, 70A29D780C22752C
|
||||
15: 96E3D9141F8EBF520540C2BC9A9C23, CEFC86A1CD48203D
|
||||
16: 70CABBA983179106AE7FCD5F1F31D5C3, BF7F9168F4F82F56
|
||||
|
||||
EAX-noekeon (16 byte key)
|
||||
0: , 556805EEA595CFB9A30FAD196103D7FD
|
||||
1: F5, 0A7DAEDFB656526CEF4DDBA8087A227A
|
||||
2: 7B8C, 249895D79962D5B4D18FE07366281B72
|
||||
3: ACFF15, DCC489D24832EB106F576AE6B6EB957A
|
||||
4: 08ADE7DB, 0D3215999E9960EDAB29B78744C7F139
|
||||
5: 66139213F6, 505E1E7141D043E903C26EE0959EEECD
|
||||
6: 078B79F880A8, 35B7EB326A55E50332866EEDB682EC20
|
||||
7: 2809E34D9667D4, FFDEC555F68524A09A6ABACA372077D9
|
||||
8: 93D267DE1EC635D3, 4FF3561990A56E4B374618722EF850FF
|
||||
9: F377A4D93FF32F4A51, 91D4070423A90FC54D305169C03F49ED
|
||||
10: 6244B717E082993EB7A1, 2E3A8A354AFA9473667ED7FDD46BE9FC
|
||||
11: E917559625D25E6E5F2EDA, 19295C37A70314CC9A1D11FDE8D23C92
|
||||
12: 1E6DF2EE112A893AB14DFA92, 12C4A89D4CD65F8116A03A135AFD3701
|
||||
13: 47B18CD762E011770E203CF605, 434909A97E118B20D3AEDC79AFE33A9E
|
||||
14: 72D9A1A7DA6F33D5E0B927F9F32C, 779C23714FCAA2B2321EC7FB5B03E222
|
||||
15: DA8B830FFCB3DB274807F780D33240, EDC2F1C8A401F328A53392597730B007
|
||||
16: B53DD2BB840AD933D36A7B5FFDCCFBBB, 4EC0E6D1F916BF633869239B672B37A1
|
||||
17: 42936BB9A936C30408660855F4F47F3314, F0DAA6DDA15585E1697ABBB4790B15B5
|
||||
18: 00372E47F5BA016F1B2A1E680B76AB02052A, CDBF3D241BF7FF96D3DFBEDDB872E901
|
||||
19: 8AA236B0C8BEF6F67A97C2DF90628F6E5838FF, 731DCD61F7F26004C03519F9500EA824
|
||||
20: 55338647812FC9D86CBDDCED7120268A4D43F8BA, 0E61B3C835CAD95FD49FEF002C014E72
|
||||
21: 435820B28E52154B47A04D5E635D8FE37FA47FC985, F6A96DCE4917E8D7C610923627E80970
|
||||
22: 0D30C15B6FEB4A48B14DD15D41A4B25D442AA677B25C, 28E15CCB74AE992C68BDDC8D87802050
|
||||
23: D9D701F9AD6B0E13D2CDDA15A5194E7CE8BD2C02137391, 2DB9A15884E9C996C3D6B5BDA44B9598
|
||||
24: E2390AC5CE10CCFBC72106A52C7F180CB477E3C193CBACA8, 22D3F7DCD6947EA4E78DF57A8E1A9A59
|
||||
25: ADEFB7D9500658D34996AF6BE6336CD78891064EA1DB8E9785, F239D67D039A15C620A7CD4BE4796B3F
|
||||
26: 89964C90ABF54A6DF9F13C3681E70C702D80A17BE79F8160F30E, 6336F729ECE1ED7368669D75B7E2DCBA
|
||||
27: 576B2813CECDA4F905BD5D58349EF070FF41B7EB6BB2B01B061B0B, 125324CBF2ACF1011A44A99A11EC8AFC
|
||||
28: 430B957481748519A60494F0B5F698F34B1A8235B00AC0D1F0A4442E, 1E80A7FCEBBB8E1E12D6831906154485
|
||||
29: E781BFE5FCDE0BFC056CC86C4A0B9DD3B815BE8CA678204CF47289B5B5, 190D5AAA9EC1CB4CC86FACE53BF1201B
|
||||
30: 78BFAC07A9B7B2AE9329BF9F9BF18A1A49DD9587001EFCA00E9AD9752764, 4FB5ECBEEB0995C150EBC66508FA19C1
|
||||
31: 7D6C20694109DE21F7955855A8FF832347518DD496C2A114DF142C68ACDEAA, B25D4BB34056DC091A7A3950D46C32EC
|
||||
32: 3E1E4395DEC1AFEA9212B95F37E679B6E2D14DF23C5DE49018C2C8038CC4AD45, 9A6DE7BD41A21918AD504490EF4E581D
|
||||
|
||||
EAX-skipjack (10 byte key)
|
||||
0: , 85F74B6AFFB10ACD
|
||||
1: 3F, 604DF8BDD98A0B3F
|
||||
2: EA87, 792374FE07588BF9
|
||||
3: 0169CA, 489AB8AF69DA3306
|
||||
4: A7AC3EB1, 428DAF508E24B583
|
||||
5: AA9028D5B3, C0A44EDA71FB2C86
|
||||
6: DA97BA88A061, DA2EC34077F42585
|
||||
7: 7E25FAA41CEBC8, 36D4987551E06D5B
|
||||
8: F662DA6C9001CBFE, B7DEF76680C316A9
|
||||
9: 6D3F73EC716E1DA897, 5F0F83BAE4D3513B
|
||||
10: 2A300F585BEE9C889743, F4756C24DEB72A9C
|
||||
11: 80518B010DD77C82D19106, 50FF5CAA365F4A70
|
||||
12: 6E579A2173C861B6F37B4CD3, 81E3E5ABBA8F0292
|
||||
13: 5B04829880A72C38871C7021F3, 6B26F463708A3294
|
||||
14: 934177878E9A9A9FB4DEB3895922, EBC1C32F0A2A3E96
|
||||
15: 07AF486D1C458AAB2DBF13C3243FAD, 87288E41A9E64089
|
||||
16: 84059283DF9A2A8563E7AF69235F26DF, 351652A0DBCE9D6E
|
||||
|
407
notes/ocb_tv.txt
Normal file
407
notes/ocb_tv.txt
Normal file
@ -0,0 +1,407 @@
|
||||
OCB Test Vectors. Uses the 00010203...NN-1 pattern for nonce/plaintext/key. The outputs
|
||||
are of the form ciphertext,tag for a given NN. The key for step N>1 is the tag of the previous
|
||||
step repeated sufficiently. The nonce is fixed throughout.
|
||||
|
||||
OCB-aes (16 byte key)
|
||||
0: , 04ADA45E947BC5B6E00F4C8B8053902D
|
||||
1: 40, 2FD20C96473DC80B70AF13AFA11D9B4E
|
||||
2: 133A, 2CCFC6DC16D5587FF3CB3F91C533622D
|
||||
3: 12E5E1, C93F3E09B9029E15185FEA44B3F6BF02
|
||||
4: 3865E0A7, 7410F5F5886E2C5EF4A699A58C498C41
|
||||
5: F0DAFA15D2, 44FE6EE9B2C980684FEDEC658802A63D
|
||||
6: 432E308C6BA1, F7174691EDCF8D7152AFF61F20AC6B8F
|
||||
7: B353379859776A, B087536DAD5C6E38E7C58C4A70074222
|
||||
8: 0C78BEF929856517, 6499752674000993174D1D1B210FD727
|
||||
9: A447088E4FDAA6FC94, B9C1AD71C969357FA2409D71AD334C26
|
||||
10: 962F7E06CD4CBFE64D60, 41E9C22DAB0E6EFE5869D5C1CA016869
|
||||
11: E420A8485EFF0BE6E59FA3, 8B555F3331ECBCFBCE60284DF0CE1D29
|
||||
12: 60AF8E70FE864404C77323BB, 479C3E8E93EE0C20E9E4CA8455149F99
|
||||
13: 6BE58932CBBA39ADDA999B35EC, 8DAC0E379861AA327DFA52DF712E771A
|
||||
14: 3404A18D1A5F40EC3EBF3701BB67, B915A619EC2B25453B8195806C538872
|
||||
15: 2F527E106EB32D5EA6CC2071706FDE, 172559FC20A29D0E1BAF61750951BC66
|
||||
16: A4F288797EF24DD1209E76322006405A, 0F91836E1769B6F329AF0A7FC69AB07D
|
||||
17: 8A3B6F2B48E2F6DE3E02D6A166E1E15595, 17BB024582DBEFAE6893BC8903418042
|
||||
18: 5D7D954BFE815CE208AD04214F6AC62C0A54, 4CA6796851083AD43733E8E4D964FC23
|
||||
19: A37B487B9D3B05287378108BEBD44B9A7B785D, A4402359F7E4F4BF70B3DF6600061C6E
|
||||
20: 39341E78E5BDF7BE950B00423E186B91314B7BEF, 49B7E1545C20B0E86D0CDA4F90CC6ABA
|
||||
21: 3D4E872C6103DB1064AD853D2978E8C5AB12FB69E1, 3551930A00FD2B663B094E6CBAD5BADC
|
||||
22: 62C36316C5C5BF07296D9210E12BBD9542ADD2384193, 72F4B05BE37D61D2F4EBE778426BD170
|
||||
23: E3A1EEFB5A1EC7857E6E419C18C1BA3F08AE2DB82220CC, 19F59932FD089F936B56E26768A9F2D5
|
||||
24: 7AB0FECF7E6DCC1A7328496873DA608C2F90F6F539F76CC6, 067252CA3D59354F70C6EE6C201679B9
|
||||
25: E811F085FD5460D3AFA4A2A389CFDDE8ACCCB9B16D75D55860, 94403E24AEB19FCEF4A7D600E5B39199
|
||||
26: 92F42E16B838E63E4A826029126D74782DD8FCB6C8443F355732, E7F3B2F1F537D8A7DFC9FB766EE90687
|
||||
27: 21E99ED0E5550487CD1966F1845FF302ADB6AA97781875090538A3, 4C8299570BC6BA9AB83B9B14D39D0395
|
||||
28: 9E8A5A8BFB43D79EDC027DA82C035CA9CABBC41DB66D6256D4A30456, 3D055A9F6D6F0DADEA447157A03B06A6
|
||||
29: F46CDF2B8E55840F27BEFC0136826912BECD86AEF88CD9B97E597C69FA, 75AB6940C71DF2041F9B1B11F33EC1B5
|
||||
30: ED8DB3940AFEC7F990736E58CBFFD703317E79022FE951B07717EED12653, AEBD2F849E019AE82162F8A2494C3715
|
||||
31: CD44A4CE400373FFCBEE37A79A650F73FF767F9D1EBB13F9AC7DF90A013667, 3DBEB69ADFBC8B0547A823237EF4FA68
|
||||
32: 1BFC4EF0E39A9624C74B72329F525296C75FE9B6371700F9430FAD11016FCE6F, 8C341B4333EEA104A2D813AF71E603E6
|
||||
|
||||
OCB-blowfish (8 byte key)
|
||||
0: , 07B7752047F9E0AE
|
||||
1: 72, DC5AEC862D059BF4
|
||||
2: AA44, 3C9F6D8E6A88B5BC
|
||||
3: D58CDC, 5305AE3B67CA99D7
|
||||
4: 40AAF438, 306EBBE817191E72
|
||||
5: 83C6195BBC, 03EFAF8AB3F3A797
|
||||
6: 4CA887041A55, 45685403FADBD62F
|
||||
7: AAEFC9AFC97E1B, 9658D436EBE2B562
|
||||
8: 298ADEC7EE78361E, B90F2F68A2512CCF
|
||||
9: 12D0BF9A2091678026, DA2AA0CEAA665CCE
|
||||
10: 6E6FBED771FC0F458878, FB74D5C5E3801106
|
||||
11: C7ED5B6E6306306E9492C7, 7B9EDE455D6FB117
|
||||
12: A2E9E854EC2F47E367285401, 4E8610D388D8590A
|
||||
13: 358787DE6F716BDBDD1ABF35C5, 026140FE56B18F40
|
||||
14: 927A4E1EAAD8F9A7A1976353840B, 3FFCB2659DCECCFA
|
||||
15: F02A0044174580B388CD92C92A640A, E4FAA7636675F470
|
||||
16: FAC9731332BDF622E4070F35DA928DFF, B0FDD13E2BFF9971
|
||||
|
||||
OCB-xtea (16 byte key)
|
||||
0: , 56722ECFE6ED1300
|
||||
1: 42, 1B8DC606F46D0C70
|
||||
2: 5AFE, C37DA08565D490AF
|
||||
3: 2210D8, C1F685A65A5D96C2
|
||||
4: 3760B566, A3820E4369714716
|
||||
5: DE9A8858D3, ED81EB4158EB9D32
|
||||
6: 4822F1279F1A, 152823C615E44F93
|
||||
7: B83B447A71F943, F9D4243069C2D675
|
||||
8: 968ABEA6B6C65A78, 012DED12CE8E6898
|
||||
9: B1A37D0FFB6A6FC8A2, F749AB7C40152D6E
|
||||
10: 4D48A2868E751C5CBE21, F8CB1C58475FAFA7
|
||||
11: 0C81558633A9130A6CC9AE, B5D2075CD13D9AFD
|
||||
12: C76717CB2F62C3AEC139906C, B9518A5031D84B19
|
||||
13: 11F7EA02488D7BB84209CDB03C, B4009DC8D6EF5C4F
|
||||
14: 4E621DDE6BD1B7944285A1CBD396, 95C178682BBB014F
|
||||
15: 98C771287305A8DD1F0EA001AB3FB0, DBBF192B778BB9AD
|
||||
16: 13AE423AB94556C3594C15F745BB6887, 4785C52B73DE0864
|
||||
|
||||
OCB-rc5 (8 byte key)
|
||||
0: , E7462C3C0C95A73E
|
||||
1: 7B, 4A2E2F035C687741
|
||||
2: 5D18, 67AFF1894807B8CD
|
||||
3: 2D22D8, 0C5FF43CA669E036
|
||||
4: 341397B9, 96B16C84B8507879
|
||||
5: 78DD453CE9, AE90A02A9A427B82
|
||||
6: 607F75BEB5AF, E11F4897573F6672
|
||||
7: 09A273F40C1F2E, 47038024E2F82A75
|
||||
8: 0519985EF3CE9A54, BA78310DB98100D4
|
||||
9: 66F8D6AF3B453E175A, 8E8A6032D7BA4D8E
|
||||
10: 8EA2CCD6592C9AA13B1F, 8E169657A578DA1D
|
||||
11: 6046093C8B4C5668182A86, 1E263CA9C35E06C0
|
||||
12: 7D41AAD34685C2E6A050B860, 96AE4FDBF038AAAB
|
||||
13: F5E6D3B7773BADDEAABA140123, 7FEE0722FCC229A1
|
||||
14: 44FA523DD21E9A57685B154113A3, 5F4F727124C9A45F
|
||||
15: 373B75BADE72A31B61D7FAAA2DFF1A, 526D5C55FBB13C70
|
||||
16: B245D9B51E69EFF0D0F33463886B22F0, 5A575D73F0E1DD6C
|
||||
|
||||
OCB-rc6 (16 byte key)
|
||||
0: , 27B9E3F544B8F567EEBF98ED5FD55C76
|
||||
1: 50, 19639C6FB84C516252045735CBFEB2B1
|
||||
2: F537, 645D0FC41CCD140DB055F7E0C63F58E8
|
||||
3: 2F980F, 317F9D3CD0DAB3C309D17432FD7A802E
|
||||
4: D868693F, E48D64588DFB9AE80C5F0B471A133B96
|
||||
5: C171238B7D, E9027C03EA694306AE9AF3AE4C4E418B
|
||||
6: 2BBB09C1C87D, 6491FB907923B31B3904DAF44E155DB8
|
||||
7: 344E1A1B4CF7AE, A13A7BDB91291914B33A814FF5D3FB3E
|
||||
8: F21AF3A1D17299FD, 367371D31EF18B597348AEC1F2415111
|
||||
9: CEBDDD6DC10BF92082, 8C9EB873E39EEC6D123DC69350178DDB
|
||||
10: 7932B646E83EB855C568, B147A3F6D63EBA4B79300B1BAFE72F6B
|
||||
11: 1100687B3E8BAAEA85A8C7, 6AA2C7009E9BCC19D51E18F472260C65
|
||||
12: 2C7BECF92891FC7B95FE6142, A83FE40AB2A5E176AC7835005E43CDD5
|
||||
13: 29467982D6361D53357F314332, 93EF8D80A786EAFF9F59CD3365AE62B7
|
||||
14: CDC2FB60BB5AAB6E6028032DD04F, 6FBD59FFAAF6DB2E0A0CC08AD16FD36A
|
||||
15: 8BA02FAB113254ED8EC51337605315, DB4C8651CA878CC6FAE2FDC361C1E2AA
|
||||
16: F36A825E7903BA24D8EF48E49DC2EE12, FF9BCF7D6904CF072FBAAE5EA7637DCB
|
||||
17: F22042261E247A450CCFDB90D54D42EF36, B3E2972C2B6EB9F80B9E9D5BF395B771
|
||||
18: B1F0C3216D75C7D5F5C6834F352FEBAE4E26, 5BDDDEB129C08A9D918238B74A436AE7
|
||||
19: 308F653B63C08990E34655FD0E556AD14ADBD2, 7132EF067DFEC0B16F2E4EE6FD7111DF
|
||||
20: 65CFEFB0F8258FA5F77AF744A97398CA768169C1, 18EA953A7C3A764DEA9A0A67A12FCA32
|
||||
21: DA01CBB6F33C91A50B49C6A6FEB95BDDEF0905F7F9, 8F29E4BA14C1707C32F3EAD642D6020F
|
||||
22: BC35EE861788C672AE10348080346442955D6AD9CA23, D11F8A6E94E663FBFAB79FC124781A2A
|
||||
23: 02B52941575D7EDE96D336EC26290EC32D2558CC1EB2EE, 84656D07A6502A48E99E760E911531BF
|
||||
24: 0CB126C57FD06737F728090D945D7A3154316BE109A26D82, 7B242FDC18DD934F9A3486CB5B242F1D
|
||||
25: D80B8743F79DAAAA6D531E90C72EEE91721B0DBF7D7C3A7BB8, ABDDED12108723E86D4B72E2E88DAF1F
|
||||
26: 7C94C0174515FC33D8E9265AC8288E8019F6975626F7FF92AAE0, 113140E6C100BF737B5BA7411B35E3C5
|
||||
27: 0B26D5C8F433E566096D7659ABDEE87183E3AF942859B1FA92CC86, 0BE6A8E265B619D83058C90B758D963E
|
||||
28: 61FBC6C671AC58DD515024C9E9ABB774DE2F013EAB00226F00E944B9, 0D095AB152C2FE6ACFF2527E89938A82
|
||||
29: 0D8116EB2BA5C1DA6EB9070B00F819C3CE817085AE3D8BE8028B9F28F0, AA0A1670057C9F7A291BDD45730AF3D1
|
||||
30: D40E8399579309A395093DD35889A558D8602D2A7C5C4CADC4E5C0195232, E534C6F04E12D2E6D97ACCFAD57C22E2
|
||||
31: 25037C853CFF6296747B5310F1959ED0628847D8996E10414B1979E340F43F, 8DFB20AFE1B20A702AAACE1C3B9A3E3F
|
||||
32: E1C2DA2341C0DF0515F11C7AA2EFC88BECEC0228BE220615A5A26F0D9CE164DC, 5AAC9903CB8E340D031688ACDF5D203B
|
||||
|
||||
OCB-safer+ (16 byte key)
|
||||
0: , 88618DEF98FE588E23107E9A5D89C26B
|
||||
1: 68, 78C82478DC13012FBC3F600C7A27A208
|
||||
2: 49E0, 6C2823D624ECAD05081E558DBA873883
|
||||
3: 0DACDA, D977DA0446DB3FE2E31EF6423C84D3D1
|
||||
4: 9C81B7EC, 96ED39E22316D48B0652851F3F2EF14C
|
||||
5: BCE204E7C7, 2F2A2556CF50BC372E8D5EB0B196E072
|
||||
6: 51D55B2149F9, 29E5DC8856E0ADD3FF50FD3611C336B5
|
||||
7: 92C82E4C3DCFE1, AD9091779ED4426389E4FD148CECBC36
|
||||
8: 6B7A7E80C71CFEC8, DE0EB38592298B6C98D79DBAF4388062
|
||||
9: 8578B7FF0338C7261A, 8F5B1C5055E789E0D062403099F5B736
|
||||
10: 31D3E598CF921C73AAD5, 0AC8BC98F0C0822FF677F1873BA246EF
|
||||
11: 350F10E54E34F1E132B51F, 2F22E4D9FE1E9D5B6FA2DB02CD2112D6
|
||||
12: A41B0CEEA3B156043A9B3289, 78B8DBBE1259DA24797A65A0A6F21813
|
||||
13: 97AA05B4EFDA98212538D90826, C49EB0F9110C6A8F64D68CA1AA05D317
|
||||
14: E7CC0F8CEB35EB63BB5CE067302B, 2318A68066C4692BB7DAD31269E80EB0
|
||||
15: 9530B10F9D82F2F01220E507C45DBF, F66FC64518F87E40141E273968644EA0
|
||||
16: 8FA4B27A1F279E426403D0A4960666F3, E297DDC3038C6754B09972C9A81FA346
|
||||
17: F2DA0B5E70287E504F1606AAE4A60DCD43, DBB1D3FCED2731757271C451FA89BAC2
|
||||
18: 9F39E37F53A7EB41B471CD9B09C89E2640E9, 5B7139A288009BF029D8BC11610BE58A
|
||||
19: E07FD02F121F0D497339A3F604CBCCE91AD43F, 7970D40B8C4A728A351F6055B87E451C
|
||||
20: 344D288DE671675A2539720EC6C36A7C75627F76, 8C14F47BBE0F60117FEC9B3055F122CB
|
||||
21: 4E8FAA2AC06045F7FCCC386E7BD258F6796256E901, 6C02374CCB50A0E50A39DBC648E70DFB
|
||||
22: 8FC9ED1351E05EA5E04799A518CF52F21CF689B18EB8, 97A2732C6149FC54C21E5AB8B69C2A94
|
||||
23: 9B0809249A4D0C8F095AD270FEF3DF72232FE807A92243, FA55F25502F7FEBDFB4638FF27AC7E0A
|
||||
24: 2B2E0239FC8C1A78011D73890A1169A117B7CC1E8B5B7B77, 02E373B8D36E675D47AD9BB0AC661BD9
|
||||
25: 28D5A76CE1064E266FCADE5CB7A908E29B60B19482B1C40B3C, 689E34472FE29EACBFBB9BB059DBC90D
|
||||
26: 6A1C1885DC27697AE22D8AAE9850A8752B4F9D75A7AFF65E4182, 28B6A0DADDB7783929D7C774820CA679
|
||||
27: 8A414CEBE09F7397D1C997645FA3AF71D19F5BD6227EA0CB47034B, 3C1441F1A4054A37C98DB6EA0268E417
|
||||
28: 7CEB9392C3E73183567D7876F86E5373B64F01A0D1C0AC0AA0A01413, DD9BA754BA874DDBC6FB531ED46D9CC0
|
||||
29: 59D7302D064F375940FA8C6D7ED4E4EB27025514576D4ED31037CFCD28, 4A7A7E25C56C0676F9471B0440856F86
|
||||
30: C738EAD06D011F8F6D39076C660A8BBCE69F470D747E8BAACAB6624E59F9, 474664ED7DC02BE63C7165860464188B
|
||||
31: AE8386752CD19641133432F27A923AC03E790D6324E7D951866B30B930ECFC, 017375CF18EC2AB24D19E10459977233
|
||||
32: DB277B162E172882DC35C0D13E8CDD2A51022F711A67491F9788F83C4953342F, F289BFE53BACA5D9818B118E5A236300
|
||||
|
||||
OCB-twofish (16 byte key)
|
||||
0: , 2CD8EF22E5457C7FE4016B0FB82FD204
|
||||
1: 5E, 3E38069A9B48C86A6D5B30230AA8FB5D
|
||||
2: 16C5, 88018710A0DE759BB40F63D01D3BFEC5
|
||||
3: 3BB919, 541D64B63CF6256A2B91641C4AD7881D
|
||||
4: 18BF1940, EEB4B67CC606C3BED042713A1C07E148
|
||||
5: B83ECCDD6A, 99AD31F23F10784CC315534AD7DC3227
|
||||
6: 2C6EB390D4CB, 239FD47E333C9E628F53A0AAFFABAB95
|
||||
7: 77A6F443656C96, 6669B100ED5816E5E7EBC6E6FFE9FD28
|
||||
8: 48ABD8C0E7880A3F, 2927A8138FF76C35644C1C260A470E61
|
||||
9: 58618862492B904056, ADA18B1602AB662B1DADA3D17AFDA16F
|
||||
10: 421666490D83177D6662, 31A434A1AF320564DAC4AB41CB95CCBE
|
||||
11: E6C856656011B22865BB56, 8308CBA4CA2DFB3BBF50B406AF9787B4
|
||||
12: C00BDBC3ED137D4DF4AE64A1, 3A6AAAD853FD891608E6E524CC71291D
|
||||
13: 51FC0197213EAE6C779B0D9591, 2E013655C557BF924C3377119D445A08
|
||||
14: EFFA38E05FDC7E40A0F73CF9EE75, A20C214FEF00C5B836816D91784EA349
|
||||
15: 5121A8E7DA2F34FCB27A211AC7B17F, FC16C8CC0F76AED1502E54E5578FA4FE
|
||||
16: C7B4BACC25D34E3235AF82EF4682BF71, 4A2D4172B5BE33532BDC16792840F807
|
||||
17: 67C6376AA0C00FBAB7ECAE408F20004842, ED2BE2756636BEEF1EE5DA5CF727E89D
|
||||
18: 8E2262CDDF6A2523565B6B63BB86311EBA9D, 6E36E1B6ED9E116581B155B5B3CD3A4E
|
||||
19: A683E2D02AAA473F66FE1B88278C83D1E934DA, 216A3EA8AA533F47F668D8A0D2D7C59B
|
||||
20: AF5E282860165A89CE43987CD12D54E09F24F930, AAA981071FD86D7FD3D5E1A9B7B0F54E
|
||||
21: 8CC3AEA5C625B1BD7B7982E0933340C7C6F697A7F3, 211BC13BBB33CA9D9C09FF71E6C6FF0E
|
||||
22: E7A0BD9580F60EE6FB96830BC03B9DB1C714A5FB1E3A, E80D8AE804A1FC572719C9891728EB0C
|
||||
23: 8957615AC77DB6D23C5156709A8426D5D947B3BF83F80D, 839A17904B6EF3367F41D86641179E64
|
||||
24: 89F7444059A006913EC23BC6FA07E2EDA6929F9425ED55B5, 94D3B35D083A99D7CAD703C730B7AC3F
|
||||
25: 166189030E95293421581FBC56598AC6ACF597FD07BCAB8BA7, B85DFECEB4953DCD16F1D294B77F5251
|
||||
26: 9D1CBB72E273243A031E061FD1B7B21283C43C607ECEB5F604A3, 37A1370BAE41F2E1A538904B623591F4
|
||||
27: D5C870356DA4B1A6B5B80958049A04F4B463453F5D54EDC3B90EFB, B1D6913246CCF26C063E282D7B9AECA2
|
||||
28: FFF152D69AE294A239FB875C038688F0C2025F6B924EA69ED633D974, 8DA6C7D7A7535D33E92776BD51CE7732
|
||||
29: B327AE2D692BDA7B4F0F46B8025B2D09EACA670F8E4B2D32CB538774C3, 721861B534B2C4DD83B9C3652BB78083
|
||||
30: FED1AEDC7737586AE88324ADDE9C8396AAD39C1A24773185F47F83A4C9F2, 5987D5FE9CD91AC15C434DECBBE96F49
|
||||
31: 3B8D6C999FA569F5BF275654ECDD27465420E4A4FD0B791B3082B6746E7494, 92CDADC59BAAB01CFEE801288F669BC6
|
||||
32: 57A44D012A7D8EC832121B9DD374990C2236A5B5CDE525A105309A5DAB860B04, 13B2461EFBBF3E37C594C10BE45EB3FF
|
||||
|
||||
OCB-safer-k64 (8 byte key)
|
||||
0: , 0EDD2A1AB692AA7A
|
||||
1: 20, D8E0A4AA7186D93B
|
||||
2: 3A72, D35ED39A0DE9BB7A
|
||||
3: 63E95A, 5DCC145AC083EBE1
|
||||
4: 66CCE936, 43DC4736618962EE
|
||||
5: 81E790856A, 67FE11BBAC7F0CF4
|
||||
6: 2FCC612AFA2D, D9A73706F6BF0562
|
||||
7: 8D65EC96919C6A, 9859A2C2F467F271
|
||||
8: B968DFF1928FFA70, D6379C99C09205E2
|
||||
9: 1D5AEB22616196731D, 91F6EB57D46B3F4E
|
||||
10: 8712826B41AF01B45F95, 7482C4B662B4D51F
|
||||
11: C3DC292B6D37DC8299F005, D66EDF92D14E89ED
|
||||
12: 41E72489BC2089E3632C50BB, 1D058C13D261FF52
|
||||
13: 257A6510FB990950D8CA3B6BB2, C7366DDB55647661
|
||||
14: 74C037F38910E25D746D3A41C422, 6A89AD8D5763B669
|
||||
15: 58610E575C2938BACF63E9612A5704, FC40C717D3962A95
|
||||
16: C23657B24E3497C7C3A53C8D99866586, 8092D335D30512A8
|
||||
|
||||
OCB-safer-sk64 (8 byte key)
|
||||
0: , 76F16BDCE55B3E23
|
||||
1: 6F, 9BB975FF089B072D
|
||||
2: D0DB, D469B44427B54009
|
||||
3: 9124AE, 29DEEE037ED01B57
|
||||
4: 3CB507B4, 3B2099163A662E8A
|
||||
5: 24916556E2, C645411E75A45A76
|
||||
6: 3861F27498B1, 27CD404E5CBE2530
|
||||
7: B9A4F0F215AD46, EC8ED0F8F5BFA762
|
||||
8: 35F39C5CF8FC195F, D2EF40AB639C6841
|
||||
9: EF387F42DFB145C157, 78A3687643B6A8BF
|
||||
10: 609B7AD698D6E75FC8A7, 19F2B4BA46C226A8
|
||||
11: 9EB389D840B5575A431015, D6D5CD12B0A8D58C
|
||||
12: 773D76C86FC6548E9C3F7106, C84DA314B3D2A265
|
||||
13: FA9F6A22A448EA8EBC4D5CA1D7, A1F9A8800DEE87F3
|
||||
14: 8588A29BDA0F754902F45177D98E, FAE4F6A46C282C58
|
||||
15: 3661A78146680EBD27E1B0A8411F6F, DBDA06B42AFE89E6
|
||||
16: A7817AFDD86A73DBD088D726950885BC, 39EE24F1DDB14EFE
|
||||
|
||||
OCB-safer-k128 (16 byte key)
|
||||
0: , 4919F68F6BC44ABC
|
||||
1: FE, 62E1BB4260A41E8B
|
||||
2: 29D3, 84F7E10309B5A9F6
|
||||
3: 82CAE3, 21AD21271DEECC38
|
||||
4: E8CFF492, 30A28F17566BD7B7
|
||||
5: 42D790100D, 2712BB75C619F235
|
||||
6: 1D7EF9DAD397, 29EA0096FE1B0F8E
|
||||
7: 2328AE9F5F8F23, 823FBB72027588FE
|
||||
8: F1EE17CE5D1D962A, 7E763B44190D412A
|
||||
9: 59995D24D2F343CAE5, D0442E8DA4B7A738
|
||||
10: 89470C900512352C0AAD, A1B8267CEAC51DE7
|
||||
11: FA01A56CF4043DC9016507, 3F04CA39354B7945
|
||||
12: 234CE53F33CC18BC1D87581B, 26045CD92EEB0B7C
|
||||
13: 09F0F817F0A1C34CC1882349D9, D6690B0CD95E3B81
|
||||
14: EE59B78A5EA7A7565519BD8394C5, BA02E6FBDAA3D9C0
|
||||
15: BBE92ED57326C0B8BD718A161F93A2, 6F92501366610B24
|
||||
16: E7FF3C9225C652EC6E89F4D514AB9529, FB797311AE38EEAC
|
||||
|
||||
OCB-safer-sk128 (16 byte key)
|
||||
0: , E523C6DBB3CA178D
|
||||
1: CD, AA12FD56D9ADDB4B
|
||||
2: 0CC4, 98012452ED510588
|
||||
3: 426651, 7FBDB6A5B8960251
|
||||
4: 9EEBE085, 0697D2EB8824BC84
|
||||
5: 346C825C29, 5BECAECCA943C6CB
|
||||
6: 12C8F7C7174F, D6F614EB7FF14058
|
||||
7: 06494CBE89E31E, 51A7F4E7D1B85EB8
|
||||
8: AB7DB8E035CD48D5, F18EDA93515A11D2
|
||||
9: 5F66C9179485A4C178, 77B2EABD6B9D32E9
|
||||
10: 44E2F4B20A7B5BC5321E, EB0D98A55F19267C
|
||||
11: 807F11C15D37266D9CAC24, A28A19BDF9967E04
|
||||
12: 403E55B8744B21CE9EF5F67C, 5E4F91E64F5034CA
|
||||
13: C38DB3813C26D0DCDB4B3A78EE, C4C9A3A3B057511B
|
||||
14: 67FFA142996CE550C513F59F8277, DA59DD302D5B0BC7
|
||||
15: A88F78F05F9AFF45F2625D1F450CB1, E4A32284D3D6EC35
|
||||
16: 2EC309FC14CA2483FA63A5EA28070833, 3689A7737D796A82
|
||||
|
||||
OCB-rc2 (8 byte key)
|
||||
0: , 1A073F25FF5690BE
|
||||
1: E4, 6EC51CC8940B5924
|
||||
2: 4468, 4C549CEC13F5744D
|
||||
3: D2CE47, 3B34AA5CACF700A0
|
||||
4: 4D98182B, 43851C4905037752
|
||||
5: 5784656E03, B1956D2F35E190D6
|
||||
6: 612EC3D4BBBA, 0DA8B476C515C20F
|
||||
7: 88CA9BED760036, FA5C4349AB03192F
|
||||
8: 61219479ECCDC295, 024AFAC39AF5DE41
|
||||
9: B2205D0B520ECD3C98, E8D7F09F54045A91
|
||||
10: C4B8820AAF0CAFC7F16B, 32AC2DA632FFA7C8
|
||||
11: 4EF4A33C630329020CA0B6, 00B94EC22CAA440F
|
||||
12: B26FFEC28419F7ED99B241FB, E484E08689C26430
|
||||
13: 588D22959AB8D1582049EE0486, EE7E0E38A42BCE31
|
||||
14: 86A1FD658FC2AC0E1ECE0D528AA7, CDEC84E55E0BE78C
|
||||
15: C00B073B48026E16562924BFC8EE5A, C65C71EBEA6016B6
|
||||
16: D4E298B1E610FEBAC020BA0D0507F0F1, 68B094F6F2C46BA5
|
||||
|
||||
OCB-des (8 byte key)
|
||||
0: , 8A65BD7DE54082AD
|
||||
1: 7E, 91C5CD7987CC46CC
|
||||
2: A275, B76B5A4ADB75D0B0
|
||||
3: AB0C5D, 2C463609C9933886
|
||||
4: C1ED86D4, E79AE10223890163
|
||||
5: C4D04AEDEB, 509A81814B7873A9
|
||||
6: E0FD095B644F, DE5139ADD9BE6250
|
||||
7: CDD1164659654B, B0536BB2817725FC
|
||||
8: 759F0E801E5AD992, 71EEB01DFFD9D946
|
||||
9: A1E8BCFC90324AA3F3, 5B61AE171ACD4721
|
||||
10: 3D0BE9B40B8B7933976E, 1D33B66102AE70BF
|
||||
11: 338F0213A7C843CC335E20, 215F1AF51474E391
|
||||
12: 9B05F57853F4319140533EBD, ED4425C38848550D
|
||||
13: 16CCD44B543C1B6939D9F7122C, 22B0577679223676
|
||||
14: 092E7CE7DFE6C7B07A672680AF81, 761C1C267F62CFC4
|
||||
15: ACE1AB7120D4092868143FC3E76179, 165DACD587304D1C
|
||||
16: 9D3764DCD797FDA981A440BFBFCB0F2C, 538254F6164119C4
|
||||
|
||||
OCB-3des (24 byte key)
|
||||
0: , 9CB7074F93CD37DD
|
||||
1: 90, DC4E7B29A434DAA3
|
||||
2: 3139, 09BF34C4F770ADC7
|
||||
3: 77161A, 9ACB27184F3BF196
|
||||
4: 1F7666B5, C6578EB1CCE25553
|
||||
5: 043240D354, 23D090F6DACE0B03
|
||||
6: BA84DE76B081, BEBC521446F286C4
|
||||
7: 3EF4272C6AF1BB, A99BD626436F2586
|
||||
8: ECE6A8B0C4EF8D63, B675ACED7D2B28FA
|
||||
9: D4FCF97B677A2CDC2B, BC6B8BC16BFBFB20
|
||||
10: DF899D92AD0FBB3CA443, 23D486A6B0DBD5D1
|
||||
11: 1A95F4AF984ECAD4CA52EF, 34DEF497F95BF424
|
||||
12: D32ADD65BA8604BFB0980BF6, 01C2758914C4D0DE
|
||||
13: 6D477BC51505C8FD9EDA926596, C5A338A6AF687597
|
||||
14: 37AE388D897D22789CB79B17E1F1, 75E7372DD653DF15
|
||||
15: F24F950FF2DD2054510E67EFCDC4DF, 705A27ECFAE74710
|
||||
16: 1D8AD09B1124EFF0817871754FE6ED40, 3D143151197C59B4
|
||||
|
||||
OCB-cast5 (8 byte key)
|
||||
0: , 77E8002236021687
|
||||
1: 98, 9D73A3403B345699
|
||||
2: BF24, 80A7E8123CF54C9D
|
||||
3: 93369E, 01A967A92245F16E
|
||||
4: 5D917EED, FFFB66F53851ABFD
|
||||
5: CA6E2BAEFB, 53596129002C9B7C
|
||||
6: A66DE171E377, 25BC0AD3B0AC21AF
|
||||
7: 04A05EADA80780, 7703120B8DF8B98A
|
||||
8: DD040CCEA55C8830, E4B8ECEAADC292A1
|
||||
9: FEEB112E469F4AB637, 92F0ABA0A554C9B6
|
||||
10: 5BE2019137752075F35D, 0DC52AED0F2C3894
|
||||
11: 75DEFFAF2C152E6745A97F, 7752A70A2D9D184C
|
||||
12: EF90E23366790D62DAE5BA66, 829A9C7684D03C5E
|
||||
13: 0A4689BD15E338056782F19B13, 5676FAE6E2745929
|
||||
14: 2534CCD55A471E5840447B6BAE6A, 33D1B4876EFD5FE0
|
||||
15: 6FC1B4FD3A202CB14D9ECCF88F0E55, 13D8EDBE1BE8F0A5
|
||||
16: E8BACB11E0864011D72B599025DA2FDF, FE7397323F7DF138
|
||||
|
||||
OCB-noekeon (16 byte key)
|
||||
0: , 72751E743D0B7A07EFB23444F1492DDC
|
||||
1: 65, 2BDF86A7C46460BDBB8252E176CB7105
|
||||
2: 9BAE, DB8AFF53F1AEF4FC5A9BF3E1A5DE9430
|
||||
3: 96C214, 25585611B7FE5EC176627DB0BADCBEA4
|
||||
4: B6046645, 32F5FF1347797760C872D92FB3E48085
|
||||
5: E5C89E89E7, 5B1868C4655FF6B28BEEDB0C8A37CBC6
|
||||
6: CB6CC16CBAA8, 8A7C7213989BE3D89D8EBE31024DDDE1
|
||||
7: D09EE74CF99850, 565DA08FB8F154FDBAB27E432324BF77
|
||||
8: F389A90F999147CC, 618535B5685A9F76012B99B0C6FDFAD5
|
||||
9: 32B110B50A8D6F67D9, 379DBCC0B20E3523935621A7C1506A28
|
||||
10: CAF759FE91C8794D8D93, 50EA638B83E1C85F210989495A8724CC
|
||||
11: 332B07DA0F942C8F22C1E7, 504DCD9521A42C77C05CE9ABF8FB4FA0
|
||||
12: D0C422738243A89E54B734A3, FD4FF9C337CF2785EBEC0C128482371B
|
||||
13: B899277B6557E5E685A5649E64, 868F039212C96E212E280A4DBA6555FE
|
||||
14: 15E617DAACB18D93428C3BA043B1, E072A199CFAA617CEA2A176B75682516
|
||||
15: 58B04DDD83045E773811BD6C371978, 6EEA2DCB6DECFC0B542DECAAD37024B3
|
||||
16: 8DE6C50DD08FD141E7FF20FE3262A340, 6F826FA2FCF34E4285975DE9FB0FC4D4
|
||||
17: A14711565B0CBA6C88370737F97F803F7E, D84950FCD2C72536711A1503348975A7
|
||||
18: 5AEE5927EF89D3A09CDA7CC7183EEB701471, FC8DB44F4D6188581A0567C3DF2C498D
|
||||
19: 12ECFBFF02C5A37DFE7772732659ADFD7DC349, 8ED7F4AB648339A174ADA3317BF82C64
|
||||
20: F57930534156A623A05FA3A30B4CE5339E8209A7, C78081E80D95BE642DC4F194C902AC3B
|
||||
21: FF92DF299ADF1EBD22CEAE3876B5DED0AE5EEE2F9B, C491571613AA18C9C4305A9595575EE1
|
||||
22: 2BBCC3079A01962F7B406662A20924C2AA5D65493FCE, 6AF63F2B8831F8CD41522D32A8BD1C1B
|
||||
23: 9F05A8AF6256ED46EED6BE3E5F9F5F13A3804AC0DFC110, E310472DB635D60B5BAD5F5B3E24E768
|
||||
24: DCD82591D67AEEDA00ECAC67E91BC62CF42FE69D6B9A427A, 9758F103B57D3AE6533F736F17C95D48
|
||||
25: B6388AD629A4A951F2CDE98C80A81C8C499ABFE073EE81FD6A, 70A8217A7652D8325EB717359C1D7830
|
||||
26: 51D9F3341368BE00BE709F6F009BA53F852CA27ADEF439CB5A59, 6772C710B9D6159F1B0F4BC2BD5DC1A4
|
||||
27: 4710196F162BFF2BD87945AE012CE9FFC7C6EB651C716DCFBB6706, A338043240EA22FB4B50A1D6BCA241FA
|
||||
28: 8120FAF7FC1FD6157519A296EC5513F2907ECB8792219CFBE0A3E17E, 45EA2ADF503BCDFD60EDFEA24168D539
|
||||
29: 34FFD8289321EBD9029158A2C217DC867436CF5346B3B940B3B9339C0A, 3A7C1C2F5CFADF3F4C601C005333826D
|
||||
30: 8E97C51214057F523B915BE5EE84D72979254577077FD6D9FDA63215668A, BB5E2FC288DE613716BA3F3A69F6D17A
|
||||
31: F1A13BEC82D4FB33A5E5E6E1A5DD47DDC7F67AF5EBCAE980AB1B641A76FBDE, A2BBEA281BA38731F855EF8533B94C60
|
||||
32: 77CC8CB5ECBD4CDFC9BA9414B6E6596D7ED01B24C46D9EBCFE150FEA2687EFC3, 5295D9ECAB6E2CC4C6C60D27F4A5E7F9
|
||||
|
||||
OCB-skipjack (10 byte key)
|
||||
0: , 90EAAB5131AEB43B
|
||||
1: 01, D8C438498F94B782
|
||||
2: 23BD, 6D650F6CB26C0BEE
|
||||
3: E5D16E, E4459817F4A898E6
|
||||
4: 126212FE, D97B43C7BFB83262
|
||||
5: A1580EA0A3, BC7C325FF295A404
|
||||
6: 9374B704E26D, 97DBA225A0F0136E
|
||||
7: BC2E8E234CBE33, 4603D9A50B9915ED
|
||||
8: C7629762CF53A687, 5DAF80ABDD01CD74
|
||||
9: 151D35020935EFB225, 0898987E5F710240
|
||||
10: 934BF9846689A0DDC434, FF698391DE287C55
|
||||
11: 8AF680448D95D32DE31B03, F60110D8968D1FB5
|
||||
12: E03FDF4028EBB30164C297D7, A80E7FD7A5028E62
|
||||
13: 614BF4A0A567314FA3990020FC, 6B1C9D495FED96C7
|
||||
14: D8BFFD57B4BB8C100F3F026105C3, 2F99A8895B86B798
|
||||
15: 81B2DD86C7252B4FD8D4FD385E65BB, 7788260BCABCCC8F
|
||||
16: 8AE9FEF234B5FC98AE95C1AFD6780C61, B332941A6EB467F7
|
||||
|
@ -352,39 +352,39 @@ OMAC-cast5 (8 byte key)
|
||||
16: E8B0B219D4CB699B
|
||||
|
||||
OMAC-noekeon (16 byte key)
|
||||
0: 897F93D42DF43E4FDACB0E19A27D0CF5
|
||||
1: 3FAB4FD1A374C36E80D0535ADA81583A
|
||||
2: 209F1B04BD823B068BC19CEF40B875DB
|
||||
3: E8FC96A2D8EB9BDA9E8A4EA8F6FE611A
|
||||
4: 35DE59C345C4AF97924187A6EA73F556
|
||||
5: 59793AB3D84D614D8AEE6E233B3DE755
|
||||
6: 64DCB7E74485DF98F4DC70B14DD26107
|
||||
7: 42E87ABB43E4504DB362B59A9BBC28DC
|
||||
8: 98EC0C30C1AFBF4BC9A2DF421AC446E4
|
||||
9: 8B3B59B481B7AFDB6BC593E2BB2A80B2
|
||||
10: 0F60392A9518682015F43B8109E3A773
|
||||
11: A99BEC6BB467B5949EC4819B8FB47874
|
||||
12: 8E15ED270998CD1D7226B2BB9B5A8BC8
|
||||
13: B4D637277DE68E507DD95E6EC495B364
|
||||
14: DCCF001FA3A9AB5C58213CEB90B341E7
|
||||
15: 508C01FDA50B06DDC1AF9CD78F0FD2C7
|
||||
16: 3DB78001DE8115BE9E0B884AE4243926
|
||||
17: 165951DF3F7D28AD6A2FE56DC32A0F60
|
||||
18: 155944AEA14A6E08283421E8F19FE6F3
|
||||
19: 151BEE5BC94004DFD407A0EFE51F8D9A
|
||||
20: 081C3192C00D7BACB147FDDA5C460A4A
|
||||
21: BEEB181DB90F5B3B1DD5BCFFC87C66DE
|
||||
22: D83B9F8AFD912D8424C85AB0FBDD4751
|
||||
23: A3BAF0E00DEBFB9C3A7B65A5AFCEE670
|
||||
24: D03695C35C7D36C05FD26ADBF070E559
|
||||
25: 5BFAA49199ABCE1CFBA626D30FA6AB0F
|
||||
26: 9C3601196AD328AADBE62C730ECCC888
|
||||
27: 75D79E48C5797963EBAF466BC0E1639E
|
||||
28: 968DF7D963E6D023EC8421C7B2787E7B
|
||||
29: 5E315EB6B6E583E7D8CF78A3A81D28C9
|
||||
30: 322E00FC522FA7B41A6564E37F3D9DDC
|
||||
31: AAB04CB0B25A7A7951C75592BA7CB360
|
||||
32: CD5B1ED284EDCD493EFE133ECEA0F822
|
||||
0: EC61647B281C47C1B43F9815064BF953
|
||||
1: B100B1B6CD96DCED8F47A77E70670A92
|
||||
2: A96CDE3C48831A6B0A5ADFECA6399BDB
|
||||
3: 14E75E7CAD840208834918B29A5D4430
|
||||
4: 9577083713AE6E44EEC987C77C93C072
|
||||
5: 2A738C02841E461238C02F5CFC8E66A6
|
||||
6: A901327E451BE0D2D9DEC83DEEA9A022
|
||||
7: 5ED7EE1BE04A64A689D15F6970A821A6
|
||||
8: BA053E24FCFD02C731A8CFCA19EE66A0
|
||||
9: 57139CA8C91072555B29F85A19E2C84D
|
||||
10: 4585EAC7EFB84869FD96EE7A5FDD350B
|
||||
11: 62AF6C415CA73E54E82EA306254C1BDE
|
||||
12: 75304F9724BD364F84371EE154F5210E
|
||||
13: 7FE5DBCEE826760434745D417453182B
|
||||
14: EC98DA2A580E9131218D1CDE835423D4
|
||||
15: 631BD9EAFD1AE445F2C1C35E2B4416ED
|
||||
16: CA2D902A1D83388FE35BAB7C29F359BA
|
||||
17: 0DBF0AF7FCBEEE21FB6159C0A2FFCD4C
|
||||
18: BD7CD2C49241032DA33B1975EE2EE982
|
||||
19: B30B090EE8626D77D310EDB957552D46
|
||||
20: 64F608AC5707C381AC6878AA38345144
|
||||
21: 28513CA7795B23A02B37DC3732413D23
|
||||
22: 9F440700094517847E9E013C8915C433
|
||||
23: 8CA483F313D20BFE7E0C089DAA4145BD
|
||||
24: FA44872743E20E5E0A069B3C4578DB50
|
||||
25: F6DE8FFBECD52CC1F213CD9E406DF3BC
|
||||
26: B9702B7E846735A3DCC0724255F88FEC
|
||||
27: A1DDAFED2B1732C7BA89C2F194AF039E
|
||||
28: 2549C5F0E30F8F4002431D2C098805B8
|
||||
29: 52E3836181BF5C9B09A507D5330CD14F
|
||||
30: 01C55DCBCCFD9D7A4D27BDE2A89AA8EF
|
||||
31: 3CF721A0CF006702CDA91F2FF3E4D5E3
|
||||
32: 6D264B9065BE98C170E68E9D2A4DE86E
|
||||
|
||||
OMAC-skipjack (10 byte key)
|
||||
0: 84EDFA769040603C
|
||||
|
@ -25,11 +25,11 @@ Blowfish | 4,168 |
|
||||
SAFER+ | 532 |
|
||||
Serpent | 528 |
|
||||
Rijndael | 516 |
|
||||
RC5 | 204 |
|
||||
XTEA | 256 |
|
||||
RC2 | 256 |
|
||||
DES | 256 |
|
||||
SAFER [#] | 217 |
|
||||
RC5 | 204 |
|
||||
Twofish [*] | 193 |
|
||||
RC6 | 176 |
|
||||
CAST5 | 132 |
|
||||
|
561
ocb.c
Normal file
561
ocb.c
Normal file
@ -0,0 +1,561 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#define OCB_MODE
|
||||
#ifdef OCB_MODE
|
||||
|
||||
static const struct {
|
||||
int len;
|
||||
unsigned char poly_div[MAXBLOCKSIZE],
|
||||
poly_mul[MAXBLOCKSIZE];
|
||||
} polys[] = {
|
||||
{
|
||||
8,
|
||||
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D },
|
||||
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B }
|
||||
}, {
|
||||
16,
|
||||
{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 },
|
||||
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 }
|
||||
}
|
||||
};
|
||||
|
||||
int ocb_init(ocb_state *ocb, int cipher,
|
||||
const unsigned char *key, unsigned long keylen, const unsigned char *nonce)
|
||||
{
|
||||
int x, y, z, m, p, err;
|
||||
unsigned char tmp[MAXBLOCKSIZE];
|
||||
|
||||
_ARGCHK(ocb != NULL);
|
||||
_ARGCHK(key != NULL);
|
||||
_ARGCHK(nonce != NULL);
|
||||
|
||||
/* valid cipher? */
|
||||
if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* determine which polys to use */
|
||||
ocb->block_len = cipher_descriptor[cipher].block_length;
|
||||
for (ocb->poly = 0; ocb->poly < (int)(sizeof(polys)/sizeof(polys[0])); ocb->poly++) {
|
||||
if (polys[ocb->poly].len == ocb->block_len) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (polys[ocb->poly].len != ocb->block_len) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
/* schedule the key */
|
||||
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ocb->key)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* find L = E[0] */
|
||||
zeromem(ocb->L, ocb->block_len);
|
||||
cipher_descriptor[cipher].ecb_encrypt(ocb->L, ocb->L, &ocb->key);
|
||||
|
||||
/* find R = E[N xor L] */
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
ocb->R[x] = ocb->L[x] ^ nonce[x];
|
||||
}
|
||||
cipher_descriptor[cipher].ecb_encrypt(ocb->R, ocb->R, &ocb->key);
|
||||
|
||||
/* find Ls[i] = L << i for i == 0..31 */
|
||||
memcpy(ocb->Ls[0], ocb->L, ocb->block_len);
|
||||
for (x = 1; x < 32; x++) {
|
||||
m = ocb->Ls[x-1][0] >> 7;
|
||||
for (y = 0; y < ocb->block_len-1; y++) {
|
||||
ocb->Ls[x][y] = ((ocb->Ls[x-1][y] << 1) | (ocb->Ls[x-1][y+1] >> 7)) & 255;
|
||||
}
|
||||
ocb->Ls[x][ocb->block_len-1] = (ocb->Ls[x-1][ocb->block_len-1] << 1) & 255;
|
||||
|
||||
if (m == 1) {
|
||||
for (y = 0; y < ocb->block_len; y++) {
|
||||
ocb->Ls[x][y] ^= polys[ocb->poly].poly_mul[y];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* find Lr = L / x */
|
||||
m = ocb->L[ocb->block_len-1] & 1;
|
||||
|
||||
/* shift right */
|
||||
for (x = ocb->block_len - 1; x > 0; x--) {
|
||||
ocb->Lr[x] = ((ocb->L[x] >> 1) | (ocb->L[x-1] << 7)) & 255;
|
||||
}
|
||||
ocb->Lr[0] = ocb->L[0] >> 1;
|
||||
|
||||
if (m == 1) {
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
ocb->Lr[x] ^= polys[ocb->poly].poly_div[x];
|
||||
}
|
||||
}
|
||||
|
||||
/* set Li, checksum */
|
||||
zeromem(ocb->Li, ocb->block_len);
|
||||
zeromem(ocb->checksum, ocb->block_len);
|
||||
|
||||
/* set other params */
|
||||
ocb->block_index = 1;
|
||||
ocb->cipher = cipher;
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
static int ntz(unsigned long x)
|
||||
{
|
||||
int c;
|
||||
x &= 0xFFFFFFFFUL;
|
||||
c = 0;
|
||||
while ((x & 1) == 0) {
|
||||
++c;
|
||||
x >>= 1;
|
||||
}
|
||||
return c;
|
||||
}
|
||||
|
||||
static void shift_xor(ocb_state *ocb, unsigned char *Z)
|
||||
{
|
||||
int x, y;
|
||||
y = ntz(ocb->block_index++);
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
ocb->Li[x] ^= ocb->Ls[y][x];
|
||||
Z[x] = ocb->Li[x] ^ ocb->R[x];
|
||||
}
|
||||
}
|
||||
|
||||
int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct)
|
||||
{
|
||||
unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
|
||||
int err, x, y;
|
||||
|
||||
_ARGCHK(ocb != NULL);
|
||||
_ARGCHK(pt != NULL);
|
||||
_ARGCHK(ct != NULL);
|
||||
if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
/* compute checksum */
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
ocb->checksum[x] ^= pt[x];
|
||||
}
|
||||
|
||||
/* Get Z[i] value */
|
||||
shift_xor(ocb, Z);
|
||||
|
||||
/* xor pt in, encrypt, xor Z out */
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
tmp[x] = pt[x] ^ Z[x];
|
||||
}
|
||||
cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, ct, &ocb->key);
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
ct[x] ^= Z[x];
|
||||
}
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
zeromem(Z, sizeof(Z));
|
||||
zeromem(tmp, sizeof(tmp));
|
||||
#endif
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt)
|
||||
{
|
||||
unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE];
|
||||
int err, x, y;
|
||||
|
||||
_ARGCHK(ocb != NULL);
|
||||
_ARGCHK(pt != NULL);
|
||||
_ARGCHK(ct != NULL);
|
||||
if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
/* Get Z[i] value */
|
||||
shift_xor(ocb, Z);
|
||||
|
||||
/* xor ct in, encrypt, xor Z out */
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
tmp[x] = ct[x] ^ Z[x];
|
||||
}
|
||||
cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, pt, &ocb->key);
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
pt[x] ^= Z[x];
|
||||
}
|
||||
|
||||
/* compute checksum */
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
ocb->checksum[x] ^= pt[x];
|
||||
}
|
||||
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
zeromem(Z, sizeof(Z));
|
||||
zeromem(tmp, sizeof(tmp));
|
||||
#endif
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
|
||||
/* Since the last block is encrypted in CTR mode the same code can
|
||||
* be used to finish a decrypt or encrypt stream. The only difference
|
||||
* is we XOR the final ciphertext into the checksum so we have to xor it
|
||||
* before we CTR [decrypt] or after [encrypt]
|
||||
*
|
||||
* the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it...
|
||||
*/
|
||||
static int _ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode)
|
||||
|
||||
{
|
||||
unsigned char Z[MAXBLOCKSIZE], Y[MAXBLOCKSIZE], X[MAXBLOCKSIZE];
|
||||
int err, x, y;
|
||||
|
||||
_ARGCHK(ocb != NULL);
|
||||
_ARGCHK(pt != NULL);
|
||||
_ARGCHK(ct != NULL);
|
||||
_ARGCHK(tag != NULL);
|
||||
_ARGCHK(taglen != NULL);
|
||||
if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length ||
|
||||
(int)ptlen > ocb->block_len || (int)ptlen < 0) {
|
||||
return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
/* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */
|
||||
shift_xor(ocb, X);
|
||||
memcpy(Z, X, ocb->block_len);
|
||||
|
||||
X[ocb->block_len-1] ^= ptlen&255;
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
X[x] ^= ocb->Lr[x];
|
||||
}
|
||||
|
||||
/* Y[m] = E(X[m])) */
|
||||
cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key);
|
||||
|
||||
if (mode == 1) {
|
||||
/* decrypt mode, so let's xor it first */
|
||||
/* xor C[m] into checksum */
|
||||
for (x = 0; x < (int)ptlen; x++) {
|
||||
ocb->checksum[x] ^= ct[x];
|
||||
}
|
||||
}
|
||||
|
||||
/* C[m] = P[m] xor Y[m] */
|
||||
for (x = 0; x < (int)ptlen; x++) {
|
||||
ct[x] = pt[x] ^ Y[x];
|
||||
}
|
||||
|
||||
if (mode == 0) {
|
||||
/* encrypt mode */
|
||||
/* xor C[m] into checksum */
|
||||
for (x = 0; x < (int)ptlen; x++) {
|
||||
ocb->checksum[x] ^= ct[x];
|
||||
}
|
||||
}
|
||||
|
||||
/* xor Y[m] and Z[m] into checksum */
|
||||
for (x = 0; x < ocb->block_len; x++) {
|
||||
ocb->checksum[x] ^= Y[x] ^ Z[x];
|
||||
}
|
||||
|
||||
/* encrypt checksum, er... tag!! */
|
||||
cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key);
|
||||
|
||||
/* now store it */
|
||||
for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) {
|
||||
tag[x] = X[x];
|
||||
}
|
||||
*taglen = x;
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
zeromem(X, sizeof(X));
|
||||
zeromem(Y, sizeof(Y));
|
||||
zeromem(Z, sizeof(Z));
|
||||
#endif
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct, unsigned char *tag, unsigned long *taglen)
|
||||
{
|
||||
return _ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0);
|
||||
}
|
||||
|
||||
|
||||
int ocb_done_decrypt(ocb_state *ocb,
|
||||
const unsigned char *ct, unsigned long ctlen,
|
||||
unsigned char *pt,
|
||||
const unsigned char *tag, unsigned long taglen, int *res)
|
||||
{
|
||||
int err;
|
||||
unsigned char tagbuf[MAXBLOCKSIZE];
|
||||
unsigned long tagbuflen;
|
||||
|
||||
|
||||
_ARGCHK(ocb != NULL);
|
||||
_ARGCHK(pt != NULL);
|
||||
_ARGCHK(ct != NULL);
|
||||
_ARGCHK(tag != NULL);
|
||||
_ARGCHK(res != NULL);
|
||||
|
||||
*res = 0;
|
||||
|
||||
tagbuflen = sizeof(tagbuf);
|
||||
if ((err = _ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if (taglen <= tagbuflen && memcmp(tagbuf, tag, taglen) == 0) {
|
||||
*res = 1;
|
||||
}
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
zeromem(tagbuf, sizeof(tagbuf));
|
||||
#endif
|
||||
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
int ocb_encrypt_authenticate_memory(int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce,
|
||||
const unsigned char *pt, unsigned long ptlen,
|
||||
unsigned char *ct,
|
||||
unsigned char *tag, unsigned long *taglen)
|
||||
{
|
||||
int err, n;
|
||||
ocb_state ocb;
|
||||
|
||||
if ((err = ocb_init(&ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
while (ptlen > (unsigned long)ocb.block_len) {
|
||||
if ((err = ocb_encrypt(&ocb, pt, ct)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
ptlen -= ocb.block_len;
|
||||
pt += ocb.block_len;
|
||||
ct += ocb.block_len;
|
||||
}
|
||||
|
||||
err = ocb_done_encrypt(&ocb, pt, ptlen, ct, tag, taglen);
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
zeromem(&ocb, sizeof(ocb));
|
||||
#endif
|
||||
return err;
|
||||
}
|
||||
|
||||
int ocb_decrypt_verify_memory(int cipher,
|
||||
const unsigned char *key, unsigned long keylen,
|
||||
const unsigned char *nonce,
|
||||
const unsigned char *ct, unsigned long ctlen,
|
||||
unsigned char *pt,
|
||||
const unsigned char *tag, unsigned long taglen,
|
||||
int *res)
|
||||
{
|
||||
int err, n;
|
||||
ocb_state ocb;
|
||||
|
||||
if ((err = ocb_init(&ocb, cipher, key, keylen, nonce)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
while (ctlen > (unsigned long)ocb.block_len) {
|
||||
if ((err = ocb_decrypt(&ocb, ct, pt)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
ctlen -= ocb.block_len;
|
||||
pt += ocb.block_len;
|
||||
ct += ocb.block_len;
|
||||
}
|
||||
|
||||
err = ocb_done_decrypt(&ocb, ct, ctlen, pt, tag, taglen, res);
|
||||
|
||||
#ifdef CLEAN_STACK
|
||||
zeromem(&ocb, sizeof(ocb));
|
||||
#endif
|
||||
return err;
|
||||
}
|
||||
|
||||
int ocb_test(void)
|
||||
{
|
||||
#ifndef LTC_TEST
|
||||
return CRYPT_NOP;
|
||||
#else
|
||||
static const struct {
|
||||
int ptlen;
|
||||
unsigned char key[16], nonce[16], pt[32], ct[32], tag[16];
|
||||
} tests[] = {
|
||||
|
||||
/* NULL message */
|
||||
{
|
||||
0,
|
||||
/* key */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* nonce */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* pt */
|
||||
{ 0x00 },
|
||||
/* ct */
|
||||
{ 0x00 },
|
||||
/* tag */
|
||||
{ 0x04, 0xad, 0xa4, 0x5e, 0x94, 0x7b, 0xc5, 0xb6,
|
||||
0xe0, 0x0f, 0x4c, 0x8b, 0x80, 0x53, 0x90, 0x2d }
|
||||
},
|
||||
|
||||
/* one byte message */
|
||||
{
|
||||
1,
|
||||
/* key */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* nonce */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* pt */
|
||||
{ 0x11 },
|
||||
/* ct */
|
||||
{ 0x6f },
|
||||
/* tag */
|
||||
{ 0xe2, 0x61, 0x42, 0x3e, 0xbb, 0x0e, 0x7f, 0x3b,
|
||||
0xa6, 0xdd, 0xf1, 0x3e, 0xe8, 0x0b, 0x7b, 0x00}
|
||||
},
|
||||
|
||||
/* 16 byte message */
|
||||
{
|
||||
16,
|
||||
/* key */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* nonce */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* pt */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* ct */
|
||||
{ 0x6a, 0xaf, 0xac, 0x40, 0x6d, 0xfa, 0x87, 0x40,
|
||||
0x57, 0xc7, 0xdb, 0xe9, 0x6f, 0x1b, 0x39, 0x53 },
|
||||
/* tag */
|
||||
{ 0xff, 0xbf, 0x96, 0x87, 0x72, 0xfe, 0xee, 0x59,
|
||||
0x08, 0x1f, 0xc7, 0x8c, 0x8f, 0xd9, 0x16, 0xc2 }
|
||||
},
|
||||
|
||||
/* 17 byte message */
|
||||
{
|
||||
17,
|
||||
/* key */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* nonce */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
|
||||
/* pt */
|
||||
{ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
|
||||
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
|
||||
0x10 },
|
||||
/* ct */
|
||||
{ 0x8c, 0x94, 0xbd, 0xd4, 0x2d, 0xdd, 0x1c, 0x40,
|
||||
0xbe, 0xe0, 0x06, 0xb5, 0xab, 0x54, 0x3b, 0x00,
|
||||
0x20 },
|
||||
/* tag */
|
||||
{ 0x0e, 0x72, 0x7c, 0x88, 0x73, 0xbb, 0x66, 0xd7,
|
||||
0x4a, 0x4f, 0xd4, 0x84, 0x83, 0xc7, 0x9a, 0x29 }
|
||||
}
|
||||
|
||||
};
|
||||
|
||||
int err, x, idx, res;
|
||||
unsigned long len;
|
||||
unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
|
||||
|
||||
/* AES can be under rijndael or aes... try to find it */
|
||||
if ((idx = find_cipher("aes")) == -1) {
|
||||
if ((idx = find_cipher("rijndael")) == -1) {
|
||||
return CRYPT_NOP;
|
||||
}
|
||||
}
|
||||
|
||||
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
|
||||
len = sizeof(outtag);
|
||||
if ((err = ocb_encrypt_authenticate_memory(idx, tests[x].key, 16,
|
||||
tests[x].nonce, tests[x].pt, tests[x].ptlen, outct, outtag, &len)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if (memcmp(outtag, tests[x].tag, len) || memcmp(outct, tests[x].ct, tests[x].ptlen)) {
|
||||
#if 0
|
||||
unsigned long y;
|
||||
printf("\n\nFailure: \nCT:\n");
|
||||
for (y = 0; y < (unsigned long)tests[x].ptlen; ) {
|
||||
printf("0x%02x", outct[y]);
|
||||
if (y < (unsigned long)(tests[x].ptlen-1)) printf(", ");
|
||||
if (!(++y % 8)) printf("\n");
|
||||
}
|
||||
printf("\nTAG:\n");
|
||||
for (y = 0; y < len; ) {
|
||||
printf("0x%02x", outtag[y]);
|
||||
if (y < len-1) printf(", ");
|
||||
if (!(++y % 8)) printf("\n");
|
||||
}
|
||||
#endif
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
}
|
||||
|
||||
if ((err = ocb_decrypt_verify_memory(idx, tests[x].key, 16, tests[x].nonce, outct, tests[x].ptlen,
|
||||
outct, tests[x].tag, len, &res)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
if (res != 1 || memcmp(tests[x].pt, outct, tests[x].ptlen)) {
|
||||
#if 0
|
||||
unsigned long y;
|
||||
printf("\n\nFailure-decrypt: \nPT:\n");
|
||||
for (y = 0; y < (unsigned long)tests[x].ptlen; ) {
|
||||
printf("0x%02x", outct[y]);
|
||||
if (y < (unsigned long)(tests[x].ptlen-1)) printf(", ");
|
||||
if (!(++y % 8)) printf("\n");
|
||||
}
|
||||
printf("\nres = %d\n\n", res);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
return CRYPT_OK;
|
||||
#endif /* LTC_TEST */
|
||||
}
|
||||
|
||||
#endif /* OCB_MODE */
|
||||
|
||||
|
||||
/* some comments
|
||||
|
||||
-- it's hard to seek
|
||||
-- hard to stream [you can't emit ciphertext until full block]
|
||||
-- The setup is somewhat complicated...
|
||||
*/
|
10
ofb.c
10
ofb.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef OFB
|
||||
|
106
omac.c
106
omac.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/* OMAC1 Support by Tom St Denis (for 64 and 128 bit block ciphers only) */
|
||||
#include "mycrypt.h"
|
||||
|
||||
@ -15,16 +25,6 @@ int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned l
|
||||
return err;
|
||||
}
|
||||
|
||||
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &omac->key)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* ok now we need Lu and Lu^2 [calc one from the other] */
|
||||
|
||||
/* first calc L which is Ek(0) */
|
||||
zeromem(omac->Lu[0], cipher_descriptor[cipher].block_length);
|
||||
cipher_descriptor[cipher].ecb_encrypt(omac->Lu[0], omac->Lu[0], &omac->key);
|
||||
|
||||
/* now setup the system */
|
||||
switch (cipher_descriptor[cipher].block_length) {
|
||||
case 8: mask = 0x1B;
|
||||
@ -36,6 +36,16 @@ int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned l
|
||||
default: return CRYPT_INVALID_ARG;
|
||||
}
|
||||
|
||||
if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &omac->key)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
/* ok now we need Lu and Lu^2 [calc one from the other] */
|
||||
|
||||
/* first calc L which is Ek(0) */
|
||||
zeromem(omac->Lu[0], cipher_descriptor[cipher].block_length);
|
||||
cipher_descriptor[cipher].ecb_encrypt(omac->Lu[0], omac->Lu[0], &omac->key);
|
||||
|
||||
/* now do the mults, whoopy! */
|
||||
for (x = 0; x < 2; x++) {
|
||||
/* if msb(L * u^(x+1)) = 0 then just shift, otherwise shift and xor constant mask */
|
||||
@ -57,7 +67,7 @@ int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned l
|
||||
omac->cipher_idx = cipher;
|
||||
omac->buflen = 0;
|
||||
omac->blklen = len;
|
||||
zeromem(omac->prev, sizeof(omac->prev));
|
||||
zeromem(omac->prev, sizeof(omac->prev));
|
||||
zeromem(omac->block, sizeof(omac->block));
|
||||
|
||||
return CRYPT_OK;
|
||||
@ -209,17 +219,54 @@ int omac_test(void)
|
||||
#if !defined(LTC_TEST)
|
||||
return CRYPT_NOP;
|
||||
#else
|
||||
static const unsigned char key[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
|
||||
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c };
|
||||
static const unsigned char pt[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
|
||||
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
|
||||
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
|
||||
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
|
||||
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 };
|
||||
static const unsigned char tag[] = { 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
|
||||
0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 };
|
||||
static const struct {
|
||||
int keylen, msglen;
|
||||
unsigned char key[32], msg[64], tag[16];
|
||||
} tests[] = {
|
||||
{ 16, 0,
|
||||
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
|
||||
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
|
||||
{ 0x00 },
|
||||
{ 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
|
||||
0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 }
|
||||
},
|
||||
{ 16, 16,
|
||||
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
|
||||
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
|
||||
{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
|
||||
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a },
|
||||
{ 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
|
||||
0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c }
|
||||
},
|
||||
{ 16, 40,
|
||||
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
|
||||
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
|
||||
{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
|
||||
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
|
||||
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
|
||||
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
|
||||
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11 },
|
||||
{ 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
|
||||
0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 }
|
||||
},
|
||||
{ 16, 64,
|
||||
{ 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
|
||||
0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c },
|
||||
{ 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
|
||||
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
|
||||
0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
|
||||
0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
|
||||
0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
|
||||
0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
|
||||
0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
|
||||
0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 },
|
||||
{ 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
|
||||
0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }
|
||||
}
|
||||
|
||||
};
|
||||
unsigned char out[16];
|
||||
int err, idx;
|
||||
int x, y, err, idx;
|
||||
unsigned long len;
|
||||
|
||||
|
||||
@ -229,13 +276,18 @@ int omac_test(void)
|
||||
return CRYPT_NOP;
|
||||
}
|
||||
}
|
||||
len = sizeof(out);
|
||||
if ((err = omac_memory(idx, key, 16, pt, 40, out, &len)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if (memcmp(out, tag, 16) != 0) {
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
|
||||
len = sizeof(out);
|
||||
if ((err = omac_memory(idx, tests[x].key, tests[x].keylen, tests[x].msg, tests[x].msglen, out, &len)) != CRYPT_OK) {
|
||||
return err;
|
||||
}
|
||||
|
||||
if (memcmp(out, tests[x].tag, 16) != 0) {
|
||||
printf("\n\nTag: ");
|
||||
for (y = 0; y < 16; y++) printf("%02x", out[y]); printf("\n\n");
|
||||
return CRYPT_FAIL_TESTVECTOR;
|
||||
}
|
||||
}
|
||||
return CRYPT_OK;
|
||||
#endif
|
||||
|
10
packet.c
10
packet.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef PACKET
|
||||
|
10
prime.c
10
prime.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef MPI
|
||||
|
18
rc2.c
18
rc2.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
/**********************************************************************\
|
||||
* To commemorate the 1996 RSA Data Security Conference, the following *
|
||||
* code is released into the public domain by its author. Prost! *
|
||||
@ -116,13 +126,15 @@ void rc2_ecb_encrypt( const unsigned char *plain,
|
||||
symmetric_key *skey)
|
||||
#endif
|
||||
{
|
||||
unsigned *xkey = skey->rc2.xkey;
|
||||
unsigned *xkey;
|
||||
unsigned x76, x54, x32, x10, i;
|
||||
|
||||
_ARGCHK(plain != NULL);
|
||||
_ARGCHK(cipher != NULL);
|
||||
_ARGCHK(skey != NULL);
|
||||
|
||||
xkey = skey->rc2.xkey;
|
||||
|
||||
x76 = ((unsigned)plain[7] << 8) + (unsigned)plain[6];
|
||||
x54 = ((unsigned)plain[5] << 8) + (unsigned)plain[4];
|
||||
x32 = ((unsigned)plain[3] << 8) + (unsigned)plain[2];
|
||||
@ -184,13 +196,15 @@ void rc2_ecb_decrypt( const unsigned char *cipher,
|
||||
#endif
|
||||
{
|
||||
unsigned x76, x54, x32, x10;
|
||||
unsigned *xkey = skey->rc2.xkey;
|
||||
unsigned *xkey;
|
||||
int i;
|
||||
|
||||
_ARGCHK(plain != NULL);
|
||||
_ARGCHK(cipher != NULL);
|
||||
_ARGCHK(skey != NULL);
|
||||
|
||||
xkey = skey->rc2.xkey;
|
||||
|
||||
x76 = ((unsigned)cipher[7] << 8) + (unsigned)cipher[6];
|
||||
x54 = ((unsigned)cipher[5] << 8) + (unsigned)cipher[4];
|
||||
x32 = ((unsigned)cipher[3] << 8) + (unsigned)cipher[2];
|
||||
|
10
rc4.c
10
rc4.c
@ -1,3 +1,13 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef RC4
|
||||
|
13
rc5.c
13
rc5.c
@ -1,3 +1,16 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* RC5 code by Tom St Denis */
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef RC5
|
||||
|
12
rc6.c
12
rc6.c
@ -1,3 +1,15 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* RC6 code by Tom St Denis */
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef RC6
|
||||
|
11
rmd128.c
11
rmd128.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* Implementation of RIPEMD-128 based on the source by Antoon Bosselaers, ESAT-COSIC
|
||||
*
|
||||
* This source has been radically overhauled to be portable and work within
|
||||
|
11
rmd160.c
11
rmd160.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* Implementation of RIPEMD-160 based on the source by Antoon Bosselaers, ESAT-COSIC
|
||||
*
|
||||
* This source has been radically overhauled to be portable and work within
|
||||
|
54
rsa.c
54
rsa.c
@ -1,3 +1,15 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* RSA Code by Tom St Denis */
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef MRSA
|
||||
@ -308,49 +320,11 @@ int rsa_depad(const unsigned char *in, unsigned long inlen,
|
||||
return CRYPT_OK;
|
||||
}
|
||||
|
||||
#define OUTPUT_BIGNUM(num, buf2, y, z) \
|
||||
{ \
|
||||
z = (unsigned long)mp_unsigned_bin_size(num); \
|
||||
STORE32L(z, buf2+y); \
|
||||
y += 4; \
|
||||
if (mp_to_unsigned_bin(num, buf2+y) != MP_OKAY) { return CRYPT_MEM; } \
|
||||
y += z; \
|
||||
}
|
||||
|
||||
|
||||
#define INPUT_BIGNUM(num, in, x, y) \
|
||||
{ \
|
||||
/* load value */ \
|
||||
if (y + 4 > inlen) { \
|
||||
err = CRYPT_INVALID_PACKET; \
|
||||
goto error2; \
|
||||
} \
|
||||
LOAD32L(x, in+y); \
|
||||
y += 4; \
|
||||
\
|
||||
/* sanity check... */ \
|
||||
if (y+x > inlen) { \
|
||||
err = CRYPT_INVALID_PACKET; \
|
||||
goto error2; \
|
||||
} \
|
||||
\
|
||||
/* load it */ \
|
||||
if (mp_read_unsigned_bin(num, (unsigned char *)in+y, (int)x) != MP_OKAY) {\
|
||||
err = CRYPT_MEM; \
|
||||
goto error2; \
|
||||
} \
|
||||
y += x; \
|
||||
\
|
||||
if (mp_shrink(num) != MP_OKAY) { \
|
||||
err = CRYPT_MEM; \
|
||||
goto error2; \
|
||||
} \
|
||||
}
|
||||
|
||||
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key)
|
||||
{
|
||||
unsigned char buf2[5120];
|
||||
unsigned long y, z;
|
||||
int err;
|
||||
|
||||
_ARGCHK(out != NULL);
|
||||
_ARGCHK(outlen != NULL);
|
||||
@ -464,7 +438,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
||||
}
|
||||
|
||||
return CRYPT_OK;
|
||||
error2:
|
||||
error:
|
||||
mp_clear_multi(&key->d, &key->e, &key->N, &key->dQ, &key->dP,
|
||||
&key->pQ, &key->qP, &key->p, &key->q, NULL);
|
||||
return err;
|
||||
|
11
rsa_sys.c
11
rsa_sys.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* these are smaller routines written by Clay Culver. They do the same function as the rsa_encrypt/decrypt
|
||||
* except that they are used to RSA encrypt/decrypt a single value and not a packet.
|
||||
*/
|
||||
|
11
safer+.c
11
safer+.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* SAFER+ Implementation by Tom St Denis */
|
||||
#include "mycrypt.h"
|
||||
|
||||
|
11
safer.c
11
safer.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/*******************************************************************************
|
||||
*
|
||||
* FILE: safer.c
|
||||
|
11
safer_tab.c
11
safer_tab.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
||||
#if defined(SAFERP) || defined(SAFER)
|
||||
|
12
sha1.c
12
sha1.c
@ -1,3 +1,15 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* SHA1 code by Tom St Denis */
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef SHA1
|
||||
|
11
sha224.c
11
sha224.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* SHA-224 new NIST standard based off of SHA-256 truncated to 224 bits */
|
||||
const struct _hash_descriptor sha224_desc =
|
||||
{
|
||||
|
14
sha256.c
14
sha256.c
@ -1,3 +1,17 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
|
||||
/* SHA256 by Tom St Denis */
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef SHA256
|
||||
|
11
sha384.c
11
sha384.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* included in sha512.c */
|
||||
|
||||
const struct _hash_descriptor sha384_desc =
|
||||
|
13
sha512.c
13
sha512.c
@ -1,3 +1,16 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* SHA512 by Tom St Denis */
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef SHA512
|
||||
|
11
skipjack.c
11
skipjack.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* Skipjack Implementation by Tom St Denis */
|
||||
#include "mycrypt.h"
|
||||
|
||||
|
11
sprng.c
11
sprng.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* A secure PRNG using the RNG functions. Basically this is a
|
||||
* wrapper that allows you to use a secure RNG as a PRNG
|
||||
* in the various other functions.
|
||||
|
11
strings.c
11
strings.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* Future releases will make use of this */
|
||||
#include "mycrypt.h"
|
||||
|
||||
|
11
tiger.c
11
tiger.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef TIGER
|
||||
|
@ -338,6 +338,9 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c);
|
||||
/* c = (a, b) */
|
||||
int mp_gcd(mp_int *a, mp_int *b, mp_int *c);
|
||||
|
||||
/* produces value such that U1*a + U2*b = U3 */
|
||||
int mp_exteuclid(mp_int *a, mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3);
|
||||
|
||||
/* c = [a, b] or (a*b)/(a, b) */
|
||||
int mp_lcm(mp_int *a, mp_int *b, mp_int *c);
|
||||
|
||||
@ -466,7 +469,7 @@ int mp_to_signed_bin(mp_int *a, unsigned char *b);
|
||||
|
||||
int mp_read_radix(mp_int *a, char *str, int radix);
|
||||
int mp_toradix(mp_int *a, char *str, int radix);
|
||||
int mp_radix_size(mp_int *a, int radix);
|
||||
int mp_radix_size(mp_int *a, int radix, int *size);
|
||||
|
||||
int mp_fread(mp_int *a, int radix, FILE *stream);
|
||||
int mp_fwrite(mp_int *a, int radix, FILE *stream);
|
||||
|
47
twofish.c
47
twofish.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
/* Implementation of Twofish by Tom St Denis */
|
||||
#include "mycrypt.h"
|
||||
|
||||
@ -467,18 +478,17 @@ void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_k
|
||||
d ^= key->twofish.K[3];
|
||||
|
||||
k = key->twofish.K + 8;
|
||||
for (r = 0; r < 16; r += 2) {
|
||||
t1 = g_func(a, key);
|
||||
for (r = 8; r != 0; --r) {
|
||||
t2 = g1_func(b, key);
|
||||
c = ROR(c ^ (t1 + t2 + k[0]), 1);
|
||||
d = ROL(d, 1) ^ (t2 + t2 + t1 + k[1]);
|
||||
k += 2;
|
||||
t1 = g_func(a, key) + t2;
|
||||
c = ROR(c ^ (t1 + k[0]), 1);
|
||||
d = ROL(d, 1) ^ (t2 + t1 + k[1]);
|
||||
|
||||
t1 = g_func(c, key);
|
||||
t2 = g1_func(d, key);
|
||||
a = ROR(a ^ (t1 + t2 + k[0]), 1);
|
||||
b = ROL(b, 1) ^ (t2 + t2 + t1 + k[1]);
|
||||
k += 2;
|
||||
t1 = g_func(c, key) + t2;
|
||||
a = ROR(a ^ (t1 + k[2]), 1);
|
||||
b = ROL(b, 1) ^ (t2 + t1 + k[3]);
|
||||
k += 4;
|
||||
}
|
||||
|
||||
/* output with "undo last swap" */
|
||||
@ -533,19 +543,18 @@ void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_k
|
||||
c = ta ^ key->twofish.K[4];
|
||||
d = tb ^ key->twofish.K[5];
|
||||
|
||||
k = key->twofish.K + 38;
|
||||
for (r = 14; r >= 0; r -= 2) {
|
||||
t1 = g_func(c, key);
|
||||
k = key->twofish.K + 36;
|
||||
for (r = 8; r != 0; --r) {
|
||||
t2 = g1_func(d, key);
|
||||
a = ROL(a, 1) ^ (t1 + t2 + k[0]);
|
||||
b = ROR(b ^ (t2 + t2 + t1 + k[1]), 1);
|
||||
k -= 2;
|
||||
t1 = g_func(c, key) + t2;
|
||||
a = ROL(a, 1) ^ (t1 + k[2]);
|
||||
b = ROR(b ^ (t2 + t1 + k[3]), 1);
|
||||
|
||||
t1 = g_func(a, key);
|
||||
t2 = g1_func(b, key);
|
||||
c = ROL(c, 1) ^ (t1 + t2 + k[0]);
|
||||
d = ROR(d ^ (t2 + t2 + t1 + k[1]), 1);
|
||||
k -= 2;
|
||||
t1 = g_func(a, key) + t2;
|
||||
c = ROL(c, 1) ^ (t1 + k[0]);
|
||||
d = ROR(d ^ (t2 + t1 + k[1]), 1);
|
||||
k -= 4;
|
||||
}
|
||||
|
||||
/* pre-white */
|
||||
|
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
#ifdef TWOFISH_TABLES
|
||||
|
||||
/* pre generated 8x8 tables from the four 4x4s */
|
||||
|
11
xtea.c
11
xtea.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef XTEA
|
||||
|
11
yarrow.c
11
yarrow.c
@ -1,3 +1,14 @@
|
||||
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||
*
|
||||
* LibTomCrypt is a library that provides various cryptographic
|
||||
* algorithms in a highly modular and flexible manner.
|
||||
*
|
||||
* The library is free for all purposes without any express
|
||||
* gurantee it works.
|
||||
*
|
||||
* Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
|
||||
*/
|
||||
|
||||
#include "mycrypt.h"
|
||||
|
||||
#ifdef YARROW
|
||||
|
Loading…
Reference in New Issue
Block a user