From: Hans Leidekker <hans@codeweavers.com> --- configure.ac | 2 - libs/tomcrypt/LICENSE | 29 - libs/tomcrypt/Makefile.in | 303 - libs/tomcrypt/mpi.c | 8586 ----------------- libs/tomcrypt/src/ciphers/aes/aes.c | 738 -- libs/tomcrypt/src/ciphers/aes/aes_tab.c | 1028 -- libs/tomcrypt/src/ciphers/blowfish.c | 589 -- libs/tomcrypt/src/ciphers/des.c | 2081 ---- libs/tomcrypt/src/ciphers/rc2.c | 410 - libs/tomcrypt/src/encauth/ccm/ccm_add_aad.c | 59 - libs/tomcrypt/src/encauth/ccm/ccm_add_nonce.c | 109 - libs/tomcrypt/src/encauth/ccm/ccm_done.c | 61 - libs/tomcrypt/src/encauth/ccm/ccm_init.c | 77 - libs/tomcrypt/src/encauth/ccm/ccm_memory.c | 403 - libs/tomcrypt/src/encauth/ccm/ccm_process.c | 84 - libs/tomcrypt/src/encauth/ccm/ccm_reset.c | 31 - libs/tomcrypt/src/encauth/eax/eax_addheader.c | 32 - libs/tomcrypt/src/encauth/eax/eax_decrypt.c | 44 - .../encauth/eax/eax_decrypt_verify_memory.c | 105 - libs/tomcrypt/src/encauth/eax/eax_done.c | 88 - libs/tomcrypt/src/encauth/eax/eax_encrypt.c | 44 - .../eax/eax_encrypt_authenticate_memory.c | 76 - libs/tomcrypt/src/encauth/eax/eax_init.c | 138 - libs/tomcrypt/src/encauth/gcm/gcm_add_aad.c | 119 - libs/tomcrypt/src/encauth/gcm/gcm_add_iv.c | 87 - libs/tomcrypt/src/encauth/gcm/gcm_done.c | 85 - libs/tomcrypt/src/encauth/gcm/gcm_gf_mult.c | 214 - libs/tomcrypt/src/encauth/gcm/gcm_init.c | 101 - libs/tomcrypt/src/encauth/gcm/gcm_memory.c | 101 - libs/tomcrypt/src/encauth/gcm/gcm_mult_h.c | 53 - libs/tomcrypt/src/encauth/gcm/gcm_process.c | 156 - libs/tomcrypt/src/encauth/gcm/gcm_reset.c | 38 - libs/tomcrypt/src/encauth/ocb/ocb_decrypt.c | 72 - .../encauth/ocb/ocb_decrypt_verify_memory.c | 80 - .../src/encauth/ocb/ocb_done_decrypt.c | 73 - .../src/encauth/ocb/ocb_done_encrypt.c | 39 - libs/tomcrypt/src/encauth/ocb/ocb_encrypt.c | 66 - .../ocb/ocb_encrypt_authenticate_memory.c | 78 - libs/tomcrypt/src/encauth/ocb/ocb_init.c | 135 - libs/tomcrypt/src/encauth/ocb/ocb_ntz.c | 36 - libs/tomcrypt/src/encauth/ocb/ocb_shift_xor.c | 33 - libs/tomcrypt/src/encauth/ocb/s_ocb_done.c | 141 - libs/tomcrypt/src/encauth/ocb3/ocb3_add_aad.c | 102 - libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt.c | 82 - .../src/encauth/ocb3/ocb3_decrypt_last.c | 106 - .../encauth/ocb3/ocb3_decrypt_verify_memory.c | 106 - libs/tomcrypt/src/encauth/ocb3/ocb3_done.c | 88 - libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt.c | 82 - .../ocb3/ocb3_encrypt_authenticate_memory.c | 78 - .../src/encauth/ocb3/ocb3_encrypt_last.c | 108 - libs/tomcrypt/src/encauth/ocb3/ocb3_init.c | 192 - libs/tomcrypt/src/encauth/ocb3/ocb3_int_ntz.c | 35 - .../src/encauth/ocb3/ocb3_int_xor_blocks.c | 36 - libs/tomcrypt/src/hashes/md2.c | 245 - libs/tomcrypt/src/hashes/md4.c | 300 - libs/tomcrypt/src/hashes/md5.c | 360 - libs/tomcrypt/src/hashes/rmd128.c | 401 - libs/tomcrypt/src/hashes/rmd160.c | 460 - libs/tomcrypt/src/hashes/rmd256.c | 426 - libs/tomcrypt/src/hashes/rmd320.c | 491 - libs/tomcrypt/src/hashes/sha1.c | 280 - libs/tomcrypt/src/hashes/sha2/sha224.c | 124 - libs/tomcrypt/src/hashes/sha2/sha256.c | 328 - libs/tomcrypt/src/hashes/sha2/sha384.c | 130 - libs/tomcrypt/src/hashes/sha2/sha512.c | 306 - libs/tomcrypt/src/hashes/sha2/sha512_224.c | 126 - libs/tomcrypt/src/hashes/sha2/sha512_256.c | 126 - libs/tomcrypt/src/hashes/sha3.c | 302 - libs/tomcrypt/src/headers/tomcrypt.h | 100 - libs/tomcrypt/src/headers/tomcrypt_argchk.h | 48 - libs/tomcrypt/src/headers/tomcrypt_cfg.h | 278 - libs/tomcrypt/src/headers/tomcrypt_cipher.h | 1004 -- libs/tomcrypt/src/headers/tomcrypt_custom.h | 586 -- libs/tomcrypt/src/headers/tomcrypt_hash.h | 527 - libs/tomcrypt/src/headers/tomcrypt_mac.h | 561 -- libs/tomcrypt/src/headers/tomcrypt_macros.h | 442 - libs/tomcrypt/src/headers/tomcrypt_math.h | 579 -- libs/tomcrypt/src/headers/tomcrypt_misc.h | 109 - libs/tomcrypt/src/headers/tomcrypt_pk.h | 743 -- libs/tomcrypt/src/headers/tomcrypt_pkcs.h | 104 - libs/tomcrypt/src/headers/tomcrypt_prng.h | 227 - libs/tomcrypt/src/headers/tommath.h | 609 -- libs/tomcrypt/src/headers/tommath_private.h | 117 - libs/tomcrypt/src/mac/hmac/hmac_done.c | 103 - libs/tomcrypt/src/mac/hmac/hmac_init.c | 104 - libs/tomcrypt/src/mac/hmac/hmac_memory.c | 81 - .../tomcrypt/src/mac/hmac/hmac_memory_multi.c | 85 - libs/tomcrypt/src/mac/hmac/hmac_process.c | 36 - libs/tomcrypt/src/mac/omac/omac_done.c | 79 - libs/tomcrypt/src/mac/omac/omac_init.c | 95 - libs/tomcrypt/src/mac/omac/omac_memory.c | 79 - .../tomcrypt/src/mac/omac/omac_memory_multi.c | 84 - libs/tomcrypt/src/mac/omac/omac_process.c | 85 - libs/tomcrypt/src/mac/pmac/pmac_done.c | 67 - libs/tomcrypt/src/mac/pmac/pmac_init.c | 144 - libs/tomcrypt/src/mac/pmac/pmac_memory.c | 68 - .../tomcrypt/src/mac/pmac/pmac_memory_multi.c | 83 - libs/tomcrypt/src/mac/pmac/pmac_ntz.c | 33 - libs/tomcrypt/src/mac/pmac/pmac_process.c | 94 - libs/tomcrypt/src/mac/pmac/pmac_shift_xor.c | 38 - libs/tomcrypt/src/mac/xcbc/xcbc_done.c | 70 - libs/tomcrypt/src/mac/xcbc/xcbc_init.c | 101 - libs/tomcrypt/src/mac/xcbc/xcbc_memory.c | 65 - .../tomcrypt/src/mac/xcbc/xcbc_memory_multi.c | 84 - libs/tomcrypt/src/mac/xcbc/xcbc_process.c | 68 - libs/tomcrypt/src/math/fp/ltc_ecc_fp_mulmod.c | 1579 --- libs/tomcrypt/src/math/ltm_desc.c | 509 - libs/tomcrypt/src/math/multi.c | 72 - libs/tomcrypt/src/math/radix_to_bin.c | 58 - libs/tomcrypt/src/math/rand_bn.c | 71 - libs/tomcrypt/src/math/rand_prime.c | 83 - libs/tomcrypt/src/math/tfm_desc.c | 803 -- libs/tomcrypt/src/misc/adler32.c | 127 - libs/tomcrypt/src/misc/base64/base64_decode.c | 191 - libs/tomcrypt/src/misc/base64/base64_encode.c | 119 - libs/tomcrypt/src/misc/burn_stack.c | 26 - libs/tomcrypt/src/misc/crc32.c | 198 - .../src/misc/crypt/crypt_cipher_descriptor.c | 20 - .../src/misc/crypt/crypt_cipher_is_valid.c | 30 - .../src/misc/crypt/crypt_find_cipher.c | 34 - .../src/misc/crypt/crypt_find_cipher_any.c | 44 - .../src/misc/crypt/crypt_find_cipher_id.c | 34 - .../tomcrypt/src/misc/crypt/crypt_find_hash.c | 34 - .../src/misc/crypt/crypt_find_hash_any.c | 43 - .../src/misc/crypt/crypt_find_hash_id.c | 34 - .../src/misc/crypt/crypt_find_hash_oid.c | 29 - .../tomcrypt/src/misc/crypt/crypt_find_prng.c | 34 - .../src/misc/crypt/crypt_hash_descriptor.c | 20 - .../src/misc/crypt/crypt_hash_is_valid.c | 30 - libs/tomcrypt/src/misc/crypt/crypt_inits.c | 38 - .../src/misc/crypt/crypt_ltc_mp_descriptor.c | 12 - .../src/misc/crypt/crypt_prng_descriptor.c | 19 - .../src/misc/crypt/crypt_prng_is_valid.c | 30 - .../misc/crypt/crypt_prng_rng_descriptor.c | 13 - .../src/misc/crypt/crypt_register_cipher.c | 48 - .../src/misc/crypt/crypt_register_hash.c | 48 - .../src/misc/crypt/crypt_register_prng.c | 48 - .../src/misc/crypt/crypt_unregister_cipher.c | 39 - .../src/misc/crypt/crypt_unregister_hash.c | 38 - .../src/misc/crypt/crypt_unregister_prng.c | 38 - libs/tomcrypt/src/misc/mem_neq.c | 59 - libs/tomcrypt/src/misc/pk_get_oid.c | 40 - libs/tomcrypt/src/misc/pkcs5/pkcs_5_1.c | 183 - libs/tomcrypt/src/misc/pkcs5/pkcs_5_2.c | 122 - libs/tomcrypt/src/misc/zeromem.c | 28 - libs/tomcrypt/src/modes/cbc/cbc_decrypt.c | 91 - libs/tomcrypt/src/modes/cbc/cbc_done.c | 36 - libs/tomcrypt/src/modes/cbc/cbc_encrypt.c | 92 - libs/tomcrypt/src/modes/cbc/cbc_getiv.c | 40 - libs/tomcrypt/src/modes/cbc/cbc_setiv.c | 37 - libs/tomcrypt/src/modes/cbc/cbc_start.c | 56 - libs/tomcrypt/src/modes/cfb/cfb_decrypt.c | 60 - libs/tomcrypt/src/modes/cfb/cfb_done.c | 36 - libs/tomcrypt/src/modes/cfb/cfb_encrypt.c | 59 - libs/tomcrypt/src/modes/cfb/cfb_getiv.c | 40 - libs/tomcrypt/src/modes/cfb/cfb_setiv.c | 45 - libs/tomcrypt/src/modes/cfb/cfb_start.c | 59 - libs/tomcrypt/src/modes/ctr/ctr_decrypt.c | 35 - libs/tomcrypt/src/modes/ctr/ctr_done.c | 36 - libs/tomcrypt/src/modes/ctr/ctr_encrypt.c | 135 - libs/tomcrypt/src/modes/ctr/ctr_getiv.c | 40 - libs/tomcrypt/src/modes/ctr/ctr_setiv.c | 49 - libs/tomcrypt/src/modes/ctr/ctr_start.c | 95 - libs/tomcrypt/src/modes/ecb/ecb_decrypt.c | 55 - libs/tomcrypt/src/modes/ecb/ecb_done.c | 36 - libs/tomcrypt/src/modes/ecb/ecb_encrypt.c | 55 - libs/tomcrypt/src/modes/ecb/ecb_start.c | 42 - libs/tomcrypt/src/modes/f8/f8_decrypt.c | 35 - libs/tomcrypt/src/modes/f8/f8_done.c | 36 - libs/tomcrypt/src/modes/f8/f8_encrypt.c | 97 - libs/tomcrypt/src/modes/f8/f8_getiv.c | 40 - libs/tomcrypt/src/modes/f8/f8_setiv.c | 45 - libs/tomcrypt/src/modes/f8/f8_start.c | 92 - libs/tomcrypt/src/modes/f8/f8_test_mode.c | 70 - libs/tomcrypt/src/modes/lrw/lrw_decrypt.c | 45 - libs/tomcrypt/src/modes/lrw/lrw_done.c | 37 - libs/tomcrypt/src/modes/lrw/lrw_encrypt.c | 45 - libs/tomcrypt/src/modes/lrw/lrw_getiv.c | 40 - libs/tomcrypt/src/modes/lrw/lrw_process.c | 115 - libs/tomcrypt/src/modes/lrw/lrw_setiv.c | 74 - libs/tomcrypt/src/modes/lrw/lrw_start.c | 98 - libs/tomcrypt/src/modes/ofb/ofb_decrypt.c | 35 - libs/tomcrypt/src/modes/ofb/ofb_done.c | 36 - libs/tomcrypt/src/modes/ofb/ofb_encrypt.c | 54 - libs/tomcrypt/src/modes/ofb/ofb_getiv.c | 40 - libs/tomcrypt/src/modes/ofb/ofb_setiv.c | 45 - libs/tomcrypt/src/modes/ofb/ofb_start.c | 54 - libs/tomcrypt/src/modes/xts/xts_decrypt.c | 152 - libs/tomcrypt/src/modes/xts/xts_done.c | 27 - libs/tomcrypt/src/modes/xts/xts_encrypt.c | 153 - libs/tomcrypt/src/modes/xts/xts_init.c | 57 - libs/tomcrypt/src/modes/xts/xts_mult_x.c | 35 - .../pk/asn1/der/bit/der_decode_bit_string.c | 96 - .../asn1/der/bit/der_decode_raw_bit_string.c | 103 - .../pk/asn1/der/bit/der_encode_bit_string.c | 83 - .../asn1/der/bit/der_encode_raw_bit_string.c | 86 - .../pk/asn1/der/bit/der_length_bit_string.c | 47 - .../pk/asn1/der/boolean/der_decode_boolean.c | 41 - .../pk/asn1/der/boolean/der_encode_boolean.c | 45 - .../pk/asn1/der/boolean/der_length_boolean.c | 29 - .../pk/asn1/der/choice/der_decode_choice.c | 219 - .../der_decode_generalizedtime.c | 140 - .../der_encode_generalizedtime.c | 104 - .../der_length_generalizedtime.c | 54 - .../pk/asn1/der/ia5/der_decode_ia5_string.c | 90 - .../pk/asn1/der/ia5/der_encode_ia5_string.c | 79 - .../pk/asn1/der/ia5/der_length_ia5_string.c | 187 - .../pk/asn1/der/integer/der_decode_integer.c | 104 - .../pk/asn1/der/integer/der_encode_integer.c | 124 - .../pk/asn1/der/integer/der_length_integer.c | 75 - .../der_decode_object_identifier.c | 102 - .../der_encode_object_identifier.c | 105 - .../der_length_object_identifier.c | 83 - .../asn1/der/octet/der_decode_octet_string.c | 85 - .../asn1/der/octet/der_encode_octet_string.c | 80 - .../asn1/der/octet/der_length_octet_string.c | 46 - .../der_decode_printable_string.c | 90 - .../der_encode_printable_string.c | 79 - .../der_length_printable_string.c | 159 - .../der/sequence/der_decode_sequence_ex.c | 324 - .../der/sequence/der_decode_sequence_flexi.c | 479 - .../der/sequence/der_decode_sequence_multi.c | 140 - .../der_decode_subject_public_key_info.c | 108 - .../der/sequence/der_encode_sequence_ex.c | 213 - .../der/sequence/der_encode_sequence_multi.c | 144 - .../der_encode_subject_public_key_info.c | 66 - .../asn1/der/sequence/der_length_sequence.c | 189 - .../pk/asn1/der/sequence/der_sequence_free.c | 59 - .../asn1/der/sequence/der_sequence_shrink.c | 46 - .../src/pk/asn1/der/set/der_encode_set.c | 104 - .../src/pk/asn1/der/set/der_encode_setof.c | 157 - .../short_integer/der_decode_short_integer.c | 62 - .../short_integer/der_encode_short_integer.c | 91 - .../short_integer/der_length_short_integer.c | 64 - .../der_decode_teletex_string.c | 89 - .../der_length_teletex_string.c | 203 - .../pk/asn1/der/utctime/der_decode_utctime.c | 121 - .../pk/asn1/der/utctime/der_encode_utctime.c | 77 - .../pk/asn1/der/utctime/der_length_utctime.c | 40 - .../pk/asn1/der/utf8/der_decode_utf8_string.c | 110 - .../pk/asn1/der/utf8/der_encode_utf8_string.c | 100 - .../pk/asn1/der/utf8/der_length_utf8_string.c | 97 - libs/tomcrypt/src/pk/dh/dh.c | 233 - libs/tomcrypt/src/pk/dh/dh_check_pubkey.c | 61 - libs/tomcrypt/src/pk/dh/dh_export.c | 58 - libs/tomcrypt/src/pk/dh/dh_export_key.c | 43 - libs/tomcrypt/src/pk/dh/dh_free.c | 24 - libs/tomcrypt/src/pk/dh/dh_generate_key.c | 98 - libs/tomcrypt/src/pk/dh/dh_import.c | 95 - libs/tomcrypt/src/pk/dh/dh_set.c | 120 - libs/tomcrypt/src/pk/dh/dh_set_pg_dhparam.c | 50 - libs/tomcrypt/src/pk/dh/dh_shared_secret.c | 76 - libs/tomcrypt/src/pk/dsa/dsa_decrypt_key.c | 134 - libs/tomcrypt/src/pk/dsa/dsa_encrypt_key.c | 124 - libs/tomcrypt/src/pk/dsa/dsa_export.c | 111 - libs/tomcrypt/src/pk/dsa/dsa_free.c | 29 - libs/tomcrypt/src/pk/dsa/dsa_generate_key.c | 43 - libs/tomcrypt/src/pk/dsa/dsa_generate_pqg.c | 240 - libs/tomcrypt/src/pk/dsa/dsa_import.c | 148 - libs/tomcrypt/src/pk/dsa/dsa_make_key.c | 37 - libs/tomcrypt/src/pk/dsa/dsa_set.c | 108 - .../src/pk/dsa/dsa_set_pqg_dsaparam.c | 63 - libs/tomcrypt/src/pk/dsa/dsa_shared_secret.c | 66 - libs/tomcrypt/src/pk/dsa/dsa_sign_hash.c | 148 - libs/tomcrypt/src/pk/dsa/dsa_verify_hash.c | 132 - libs/tomcrypt/src/pk/dsa/dsa_verify_key.c | 195 - libs/tomcrypt/src/pk/ecc/ecc.c | 120 - .../src/pk/ecc/ecc_ansi_x963_export.c | 73 - .../src/pk/ecc/ecc_ansi_x963_import.c | 98 - libs/tomcrypt/src/pk/ecc/ecc_decrypt_key.c | 144 - libs/tomcrypt/src/pk/ecc/ecc_encrypt_key.c | 130 - libs/tomcrypt/src/pk/ecc/ecc_export.c | 76 - libs/tomcrypt/src/pk/ecc/ecc_free.c | 34 - libs/tomcrypt/src/pk/ecc/ecc_get_size.c | 38 - libs/tomcrypt/src/pk/ecc/ecc_import.c | 170 - libs/tomcrypt/src/pk/ecc/ecc_make_key.c | 124 - libs/tomcrypt/src/pk/ecc/ecc_shared_secret.c | 89 - libs/tomcrypt/src/pk/ecc/ecc_sign_hash.c | 167 - libs/tomcrypt/src/pk/ecc/ecc_sizes.c | 42 - libs/tomcrypt/src/pk/ecc/ecc_verify_hash.c | 196 - .../src/pk/ecc/ltc_ecc_is_valid_idx.c | 40 - libs/tomcrypt/src/pk/ecc/ltc_ecc_map.c | 69 - libs/tomcrypt/src/pk/ecc/ltc_ecc_mul2add.c | 202 - libs/tomcrypt/src/pk/ecc/ltc_ecc_mulmod.c | 216 - .../src/pk/ecc/ltc_ecc_mulmod_timing.c | 159 - libs/tomcrypt/src/pk/ecc/ltc_ecc_points.c | 54 - .../src/pk/ecc/ltc_ecc_projective_add_point.c | 189 - .../src/pk/ecc/ltc_ecc_projective_dbl_point.c | 141 - libs/tomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c | 44 - libs/tomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c | 102 - .../src/pk/pkcs1/pkcs_1_oaep_decode.c | 181 - .../src/pk/pkcs1/pkcs_1_oaep_encode.c | 166 - libs/tomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c | 29 - .../tomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c | 172 - .../tomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c | 170 - .../src/pk/pkcs1/pkcs_1_v1_5_decode.c | 108 - .../src/pk/pkcs1/pkcs_1_v1_5_encode.c | 105 - libs/tomcrypt/src/pk/rsa/rsa_decrypt_key.c | 99 - libs/tomcrypt/src/pk/rsa/rsa_encrypt_key.c | 96 - libs/tomcrypt/src/pk/rsa/rsa_export.c | 93 - libs/tomcrypt/src/pk/rsa/rsa_exptmod.c | 178 - libs/tomcrypt/src/pk/rsa/rsa_free.c | 28 - libs/tomcrypt/src/pk/rsa/rsa_get_size.c | 36 - libs/tomcrypt/src/pk/rsa/rsa_import.c | 124 - libs/tomcrypt/src/pk/rsa/rsa_import_pkcs8.c | 149 - libs/tomcrypt/src/pk/rsa/rsa_import_x509.c | 113 - libs/tomcrypt/src/pk/rsa/rsa_make_key.c | 103 - libs/tomcrypt/src/pk/rsa/rsa_set.c | 130 - libs/tomcrypt/src/pk/rsa/rsa_sign_hash.c | 142 - .../src/pk/rsa/rsa_sign_saltlen_get.c | 43 - libs/tomcrypt/src/pk/rsa/rsa_verify_hash.c | 189 - libs/tomcrypt/src/prngs/rc4.c | 246 - libs/tomcrypt/src/prngs/rng_get_bytes.c | 143 - libs/tomcrypt/src/prngs/rng_make_prng.c | 64 - libs/tomcrypt/src/prngs/sprng.c | 154 - libs/tomcrypt/src/stream/rc4/rc4_stream.c | 107 - 316 files changed, 51774 deletions(-) delete mode 100644 libs/tomcrypt/LICENSE delete mode 100644 libs/tomcrypt/Makefile.in delete mode 100644 libs/tomcrypt/mpi.c delete mode 100644 libs/tomcrypt/src/ciphers/aes/aes.c delete mode 100644 libs/tomcrypt/src/ciphers/aes/aes_tab.c delete mode 100644 libs/tomcrypt/src/ciphers/blowfish.c delete mode 100644 libs/tomcrypt/src/ciphers/des.c delete mode 100644 libs/tomcrypt/src/ciphers/rc2.c delete mode 100644 libs/tomcrypt/src/encauth/ccm/ccm_add_aad.c delete mode 100644 libs/tomcrypt/src/encauth/ccm/ccm_add_nonce.c delete mode 100644 libs/tomcrypt/src/encauth/ccm/ccm_done.c delete mode 100644 libs/tomcrypt/src/encauth/ccm/ccm_init.c delete mode 100644 libs/tomcrypt/src/encauth/ccm/ccm_memory.c delete mode 100644 libs/tomcrypt/src/encauth/ccm/ccm_process.c delete mode 100644 libs/tomcrypt/src/encauth/ccm/ccm_reset.c delete mode 100644 libs/tomcrypt/src/encauth/eax/eax_addheader.c delete mode 100644 libs/tomcrypt/src/encauth/eax/eax_decrypt.c delete mode 100644 libs/tomcrypt/src/encauth/eax/eax_decrypt_verify_memory.c delete mode 100644 libs/tomcrypt/src/encauth/eax/eax_done.c delete mode 100644 libs/tomcrypt/src/encauth/eax/eax_encrypt.c delete mode 100644 libs/tomcrypt/src/encauth/eax/eax_encrypt_authenticate_memory.c delete mode 100644 libs/tomcrypt/src/encauth/eax/eax_init.c delete mode 100644 libs/tomcrypt/src/encauth/gcm/gcm_add_aad.c delete mode 100644 libs/tomcrypt/src/encauth/gcm/gcm_add_iv.c delete mode 100644 libs/tomcrypt/src/encauth/gcm/gcm_done.c delete mode 100644 libs/tomcrypt/src/encauth/gcm/gcm_gf_mult.c delete mode 100644 libs/tomcrypt/src/encauth/gcm/gcm_init.c delete mode 100644 libs/tomcrypt/src/encauth/gcm/gcm_memory.c delete mode 100644 libs/tomcrypt/src/encauth/gcm/gcm_mult_h.c delete mode 100644 libs/tomcrypt/src/encauth/gcm/gcm_process.c delete mode 100644 libs/tomcrypt/src/encauth/gcm/gcm_reset.c delete mode 100644 libs/tomcrypt/src/encauth/ocb/ocb_decrypt.c delete mode 100644 libs/tomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c delete mode 100644 libs/tomcrypt/src/encauth/ocb/ocb_done_decrypt.c delete mode 100644 libs/tomcrypt/src/encauth/ocb/ocb_done_encrypt.c delete mode 100644 libs/tomcrypt/src/encauth/ocb/ocb_encrypt.c delete mode 100644 libs/tomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c delete mode 100644 libs/tomcrypt/src/encauth/ocb/ocb_init.c delete mode 100644 libs/tomcrypt/src/encauth/ocb/ocb_ntz.c delete mode 100644 libs/tomcrypt/src/encauth/ocb/ocb_shift_xor.c delete mode 100644 libs/tomcrypt/src/encauth/ocb/s_ocb_done.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_add_aad.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt_last.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt_verify_memory.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_done.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt_last.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_init.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_int_ntz.c delete mode 100644 libs/tomcrypt/src/encauth/ocb3/ocb3_int_xor_blocks.c delete mode 100644 libs/tomcrypt/src/hashes/md2.c delete mode 100644 libs/tomcrypt/src/hashes/md4.c delete mode 100644 libs/tomcrypt/src/hashes/md5.c delete mode 100644 libs/tomcrypt/src/hashes/rmd128.c delete mode 100644 libs/tomcrypt/src/hashes/rmd160.c delete mode 100644 libs/tomcrypt/src/hashes/rmd256.c delete mode 100644 libs/tomcrypt/src/hashes/rmd320.c delete mode 100644 libs/tomcrypt/src/hashes/sha1.c delete mode 100644 libs/tomcrypt/src/hashes/sha2/sha224.c delete mode 100644 libs/tomcrypt/src/hashes/sha2/sha256.c delete mode 100644 libs/tomcrypt/src/hashes/sha2/sha384.c delete mode 100644 libs/tomcrypt/src/hashes/sha2/sha512.c delete mode 100644 libs/tomcrypt/src/hashes/sha2/sha512_224.c delete mode 100644 libs/tomcrypt/src/hashes/sha2/sha512_256.c delete mode 100644 libs/tomcrypt/src/hashes/sha3.c delete mode 100644 libs/tomcrypt/src/headers/tomcrypt.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_argchk.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_cfg.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_cipher.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_custom.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_hash.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_mac.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_macros.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_math.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_misc.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_pk.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_pkcs.h delete mode 100644 libs/tomcrypt/src/headers/tomcrypt_prng.h delete mode 100644 libs/tomcrypt/src/headers/tommath.h delete mode 100644 libs/tomcrypt/src/headers/tommath_private.h delete mode 100644 libs/tomcrypt/src/mac/hmac/hmac_done.c delete mode 100644 libs/tomcrypt/src/mac/hmac/hmac_init.c delete mode 100644 libs/tomcrypt/src/mac/hmac/hmac_memory.c delete mode 100644 libs/tomcrypt/src/mac/hmac/hmac_memory_multi.c delete mode 100644 libs/tomcrypt/src/mac/hmac/hmac_process.c delete mode 100644 libs/tomcrypt/src/mac/omac/omac_done.c delete mode 100644 libs/tomcrypt/src/mac/omac/omac_init.c delete mode 100644 libs/tomcrypt/src/mac/omac/omac_memory.c delete mode 100644 libs/tomcrypt/src/mac/omac/omac_memory_multi.c delete mode 100644 libs/tomcrypt/src/mac/omac/omac_process.c delete mode 100644 libs/tomcrypt/src/mac/pmac/pmac_done.c delete mode 100644 libs/tomcrypt/src/mac/pmac/pmac_init.c delete mode 100644 libs/tomcrypt/src/mac/pmac/pmac_memory.c delete mode 100644 libs/tomcrypt/src/mac/pmac/pmac_memory_multi.c delete mode 100644 libs/tomcrypt/src/mac/pmac/pmac_ntz.c delete mode 100644 libs/tomcrypt/src/mac/pmac/pmac_process.c delete mode 100644 libs/tomcrypt/src/mac/pmac/pmac_shift_xor.c delete mode 100644 libs/tomcrypt/src/mac/xcbc/xcbc_done.c delete mode 100644 libs/tomcrypt/src/mac/xcbc/xcbc_init.c delete mode 100644 libs/tomcrypt/src/mac/xcbc/xcbc_memory.c delete mode 100644 libs/tomcrypt/src/mac/xcbc/xcbc_memory_multi.c delete mode 100644 libs/tomcrypt/src/mac/xcbc/xcbc_process.c delete mode 100644 libs/tomcrypt/src/math/fp/ltc_ecc_fp_mulmod.c delete mode 100644 libs/tomcrypt/src/math/ltm_desc.c delete mode 100644 libs/tomcrypt/src/math/multi.c delete mode 100644 libs/tomcrypt/src/math/radix_to_bin.c delete mode 100644 libs/tomcrypt/src/math/rand_bn.c delete mode 100644 libs/tomcrypt/src/math/rand_prime.c delete mode 100644 libs/tomcrypt/src/math/tfm_desc.c delete mode 100644 libs/tomcrypt/src/misc/adler32.c delete mode 100644 libs/tomcrypt/src/misc/base64/base64_decode.c delete mode 100644 libs/tomcrypt/src/misc/base64/base64_encode.c delete mode 100644 libs/tomcrypt/src/misc/burn_stack.c delete mode 100644 libs/tomcrypt/src/misc/crc32.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_cipher_descriptor.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_cipher_is_valid.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_find_cipher.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_find_cipher_any.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_find_cipher_id.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_find_hash.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_find_hash_any.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_find_hash_id.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_find_hash_oid.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_find_prng.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_hash_descriptor.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_hash_is_valid.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_inits.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_ltc_mp_descriptor.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_prng_descriptor.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_prng_is_valid.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_prng_rng_descriptor.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_register_cipher.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_register_hash.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_register_prng.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_unregister_cipher.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_unregister_hash.c delete mode 100644 libs/tomcrypt/src/misc/crypt/crypt_unregister_prng.c delete mode 100644 libs/tomcrypt/src/misc/mem_neq.c delete mode 100644 libs/tomcrypt/src/misc/pk_get_oid.c delete mode 100644 libs/tomcrypt/src/misc/pkcs5/pkcs_5_1.c delete mode 100644 libs/tomcrypt/src/misc/pkcs5/pkcs_5_2.c delete mode 100644 libs/tomcrypt/src/misc/zeromem.c delete mode 100644 libs/tomcrypt/src/modes/cbc/cbc_decrypt.c delete mode 100644 libs/tomcrypt/src/modes/cbc/cbc_done.c delete mode 100644 libs/tomcrypt/src/modes/cbc/cbc_encrypt.c delete mode 100644 libs/tomcrypt/src/modes/cbc/cbc_getiv.c delete mode 100644 libs/tomcrypt/src/modes/cbc/cbc_setiv.c delete mode 100644 libs/tomcrypt/src/modes/cbc/cbc_start.c delete mode 100644 libs/tomcrypt/src/modes/cfb/cfb_decrypt.c delete mode 100644 libs/tomcrypt/src/modes/cfb/cfb_done.c delete mode 100644 libs/tomcrypt/src/modes/cfb/cfb_encrypt.c delete mode 100644 libs/tomcrypt/src/modes/cfb/cfb_getiv.c delete mode 100644 libs/tomcrypt/src/modes/cfb/cfb_setiv.c delete mode 100644 libs/tomcrypt/src/modes/cfb/cfb_start.c delete mode 100644 libs/tomcrypt/src/modes/ctr/ctr_decrypt.c delete mode 100644 libs/tomcrypt/src/modes/ctr/ctr_done.c delete mode 100644 libs/tomcrypt/src/modes/ctr/ctr_encrypt.c delete mode 100644 libs/tomcrypt/src/modes/ctr/ctr_getiv.c delete mode 100644 libs/tomcrypt/src/modes/ctr/ctr_setiv.c delete mode 100644 libs/tomcrypt/src/modes/ctr/ctr_start.c delete mode 100644 libs/tomcrypt/src/modes/ecb/ecb_decrypt.c delete mode 100644 libs/tomcrypt/src/modes/ecb/ecb_done.c delete mode 100644 libs/tomcrypt/src/modes/ecb/ecb_encrypt.c delete mode 100644 libs/tomcrypt/src/modes/ecb/ecb_start.c delete mode 100644 libs/tomcrypt/src/modes/f8/f8_decrypt.c delete mode 100644 libs/tomcrypt/src/modes/f8/f8_done.c delete mode 100644 libs/tomcrypt/src/modes/f8/f8_encrypt.c delete mode 100644 libs/tomcrypt/src/modes/f8/f8_getiv.c delete mode 100644 libs/tomcrypt/src/modes/f8/f8_setiv.c delete mode 100644 libs/tomcrypt/src/modes/f8/f8_start.c delete mode 100644 libs/tomcrypt/src/modes/f8/f8_test_mode.c delete mode 100644 libs/tomcrypt/src/modes/lrw/lrw_decrypt.c delete mode 100644 libs/tomcrypt/src/modes/lrw/lrw_done.c delete mode 100644 libs/tomcrypt/src/modes/lrw/lrw_encrypt.c delete mode 100644 libs/tomcrypt/src/modes/lrw/lrw_getiv.c delete mode 100644 libs/tomcrypt/src/modes/lrw/lrw_process.c delete mode 100644 libs/tomcrypt/src/modes/lrw/lrw_setiv.c delete mode 100644 libs/tomcrypt/src/modes/lrw/lrw_start.c delete mode 100644 libs/tomcrypt/src/modes/ofb/ofb_decrypt.c delete mode 100644 libs/tomcrypt/src/modes/ofb/ofb_done.c delete mode 100644 libs/tomcrypt/src/modes/ofb/ofb_encrypt.c delete mode 100644 libs/tomcrypt/src/modes/ofb/ofb_getiv.c delete mode 100644 libs/tomcrypt/src/modes/ofb/ofb_setiv.c delete mode 100644 libs/tomcrypt/src/modes/ofb/ofb_start.c delete mode 100644 libs/tomcrypt/src/modes/xts/xts_decrypt.c delete mode 100644 libs/tomcrypt/src/modes/xts/xts_done.c delete mode 100644 libs/tomcrypt/src/modes/xts/xts_encrypt.c delete mode 100644 libs/tomcrypt/src/modes/xts/xts_init.c delete mode 100644 libs/tomcrypt/src/modes/xts/xts_mult_x.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/bit/der_decode_raw_bit_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/bit/der_encode_raw_bit_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/choice/der_decode_choice.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_length_generalizedtime.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/integer/der_decode_integer.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/integer/der_encode_integer.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/integer/der_length_integer.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_ex.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_subject_public_key_info.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/sequence/der_sequence_shrink.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/set/der_encode_set.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/set/der_encode_setof.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/teletex_string/der_decode_teletex_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/teletex_string/der_length_teletex_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c delete mode 100644 libs/tomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c delete mode 100644 libs/tomcrypt/src/pk/dh/dh.c delete mode 100644 libs/tomcrypt/src/pk/dh/dh_check_pubkey.c delete mode 100644 libs/tomcrypt/src/pk/dh/dh_export.c delete mode 100644 libs/tomcrypt/src/pk/dh/dh_export_key.c delete mode 100644 libs/tomcrypt/src/pk/dh/dh_free.c delete mode 100644 libs/tomcrypt/src/pk/dh/dh_generate_key.c delete mode 100644 libs/tomcrypt/src/pk/dh/dh_import.c delete mode 100644 libs/tomcrypt/src/pk/dh/dh_set.c delete mode 100644 libs/tomcrypt/src/pk/dh/dh_set_pg_dhparam.c delete mode 100644 libs/tomcrypt/src/pk/dh/dh_shared_secret.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_decrypt_key.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_encrypt_key.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_export.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_free.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_generate_key.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_generate_pqg.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_import.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_make_key.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_set.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_set_pqg_dsaparam.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_shared_secret.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_sign_hash.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_verify_hash.c delete mode 100644 libs/tomcrypt/src/pk/dsa/dsa_verify_key.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_ansi_x963_export.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_ansi_x963_import.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_decrypt_key.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_encrypt_key.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_export.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_free.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_get_size.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_import.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_make_key.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_shared_secret.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_sign_hash.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_sizes.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ecc_verify_hash.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ltc_ecc_map.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ltc_ecc_mul2add.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ltc_ecc_mulmod.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ltc_ecc_points.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c delete mode 100644 libs/tomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c delete mode 100644 libs/tomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c delete mode 100644 libs/tomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c delete mode 100644 libs/tomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c delete mode 100644 libs/tomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c delete mode 100644 libs/tomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c delete mode 100644 libs/tomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c delete mode 100644 libs/tomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c delete mode 100644 libs/tomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c delete mode 100644 libs/tomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_decrypt_key.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_encrypt_key.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_export.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_exptmod.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_free.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_get_size.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_import.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_import_pkcs8.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_import_x509.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_make_key.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_set.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_sign_hash.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_sign_saltlen_get.c delete mode 100644 libs/tomcrypt/src/pk/rsa/rsa_verify_hash.c delete mode 100644 libs/tomcrypt/src/prngs/rc4.c delete mode 100644 libs/tomcrypt/src/prngs/rng_get_bytes.c delete mode 100644 libs/tomcrypt/src/prngs/rng_make_prng.c delete mode 100644 libs/tomcrypt/src/prngs/sprng.c delete mode 100644 libs/tomcrypt/src/stream/rc4/rc4_stream.c diff --git a/configure.ac b/configure.ac index 74f6e988df8..d597bad3750 100644 --- a/configure.ac +++ b/configure.ac @@ -1240,7 +1240,6 @@ WINE_EXTLIB_FLAGS(PNG, png, "png \$(ZLIB_PE_LIBS)", "-I\$(top_srcdir)/libs/png") WINE_EXTLIB_FLAGS(SQLITE3, sqlite3, sqlite3) WINE_EXTLIB_FLAGS(SYMCRYPT, symcrypt, symcrypt, "-I\$(top_srcdir)/libs/symcrypt/inc") WINE_EXTLIB_FLAGS(TIFF, tiff, "tiff \$(ZLIB_PE_LIBS)", "-I\$(top_srcdir)/libs/tiff/libtiff") -WINE_EXTLIB_FLAGS(TOMCRYPT, tomcrypt, tomcrypt, "-I\$(top_srcdir)/libs/tomcrypt/src/headers -DLTC_NO_PROTOTYPES -DLTC_SOURCE") WINE_EXTLIB_FLAGS(UNWIND, unwind, unwind, "-I\$(top_srcdir)/libs/unwind/include") WINE_EXTLIB_FLAGS(VKD3D, vkd3d, vkd3d, "-I\$(top_srcdir)/libs/vkd3d/include") WINE_EXTLIB_FLAGS(XML2, xml2, xml2, "-I\$(top_srcdir)/libs/xml2/include -DLIBXML_STATIC") @@ -3536,7 +3535,6 @@ WINE_CONFIG_MAKEFILE(libs/strmiids) WINE_CONFIG_MAKEFILE(libs/strsafe) WINE_CONFIG_MAKEFILE(libs/symcrypt) WINE_CONFIG_MAKEFILE(libs/tiff) -WINE_CONFIG_MAKEFILE(libs/tomcrypt) WINE_CONFIG_MAKEFILE(libs/unwind) WINE_CONFIG_MAKEFILE(libs/uuid) WINE_CONFIG_MAKEFILE(libs/vkd3d) diff --git a/libs/tomcrypt/LICENSE b/libs/tomcrypt/LICENSE deleted file mode 100644 index 07f8582bfdc..00000000000 --- a/libs/tomcrypt/LICENSE +++ /dev/null @@ -1,29 +0,0 @@ -LibTomCrypt is licensed under DUAL licensing terms. - -Choose and use the license of your needs. - -[LICENSE #1] - -LibTomCrypt is public domain. As should all quality software be. - -Tom St Denis - -[/LICENSE #1] - -[LICENSE #2] - - DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE - Version 2, December 2004 - - Copyright (C) 2004 Sam Hocevar <sam@hocevar.net> - - Everyone is permitted to copy and distribute verbatim or modified - copies of this license document, and changing it is allowed as long - as the name is changed. - - DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - - 0. You just DO WHAT THE FUCK YOU WANT TO. - -[/LICENSE #2] diff --git a/libs/tomcrypt/Makefile.in b/libs/tomcrypt/Makefile.in deleted file mode 100644 index cf77b9f3358..00000000000 --- a/libs/tomcrypt/Makefile.in +++ /dev/null @@ -1,303 +0,0 @@ -STATICLIB = libtomcrypt.a -EXTRAINCL = $(TOMCRYPT_PE_CFLAGS) -EXTRADEFS = -D_ACRTIMP= -DLTC_NO_TEST -DMP_32BIT= - -SOURCES = \ - mpi.c \ - src/ciphers/aes/aes.c \ - src/ciphers/aes/aes_tab.c \ - src/ciphers/blowfish.c \ - src/ciphers/des.c \ - src/ciphers/rc2.c \ - src/encauth/ccm/ccm_add_aad.c \ - src/encauth/ccm/ccm_add_nonce.c \ - src/encauth/ccm/ccm_done.c \ - src/encauth/ccm/ccm_init.c \ - src/encauth/ccm/ccm_memory.c \ - src/encauth/ccm/ccm_process.c \ - src/encauth/ccm/ccm_reset.c \ - src/encauth/eax/eax_addheader.c \ - src/encauth/eax/eax_decrypt.c \ - src/encauth/eax/eax_decrypt_verify_memory.c \ - src/encauth/eax/eax_done.c \ - src/encauth/eax/eax_encrypt.c \ - src/encauth/eax/eax_encrypt_authenticate_memory.c \ - src/encauth/eax/eax_init.c \ - src/encauth/gcm/gcm_add_aad.c \ - src/encauth/gcm/gcm_add_iv.c \ - src/encauth/gcm/gcm_done.c \ - src/encauth/gcm/gcm_gf_mult.c \ - src/encauth/gcm/gcm_init.c \ - src/encauth/gcm/gcm_memory.c \ - src/encauth/gcm/gcm_mult_h.c \ - src/encauth/gcm/gcm_process.c \ - src/encauth/gcm/gcm_reset.c \ - src/encauth/ocb/ocb_decrypt.c \ - src/encauth/ocb/ocb_decrypt_verify_memory.c \ - src/encauth/ocb/ocb_done_decrypt.c \ - src/encauth/ocb/ocb_done_encrypt.c \ - src/encauth/ocb/ocb_encrypt.c \ - src/encauth/ocb/ocb_encrypt_authenticate_memory.c \ - src/encauth/ocb/ocb_init.c \ - src/encauth/ocb/ocb_ntz.c \ - src/encauth/ocb/ocb_shift_xor.c \ - src/encauth/ocb/s_ocb_done.c \ - src/encauth/ocb3/ocb3_add_aad.c \ - src/encauth/ocb3/ocb3_decrypt.c \ - src/encauth/ocb3/ocb3_decrypt_last.c \ - src/encauth/ocb3/ocb3_decrypt_verify_memory.c \ - src/encauth/ocb3/ocb3_done.c \ - src/encauth/ocb3/ocb3_encrypt.c \ - src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c \ - src/encauth/ocb3/ocb3_encrypt_last.c \ - src/encauth/ocb3/ocb3_init.c \ - src/encauth/ocb3/ocb3_int_ntz.c \ - src/encauth/ocb3/ocb3_int_xor_blocks.c \ - src/hashes/md2.c \ - src/hashes/md4.c \ - src/hashes/md5.c \ - src/hashes/rmd128.c \ - src/hashes/rmd160.c \ - src/hashes/rmd256.c \ - src/hashes/rmd320.c \ - src/hashes/sha1.c \ - src/hashes/sha2/sha224.c \ - src/hashes/sha2/sha256.c \ - src/hashes/sha2/sha384.c \ - src/hashes/sha2/sha512.c \ - src/hashes/sha2/sha512_224.c \ - src/hashes/sha2/sha512_256.c \ - src/hashes/sha3.c \ - src/mac/hmac/hmac_done.c \ - src/mac/hmac/hmac_init.c \ - src/mac/hmac/hmac_memory.c \ - src/mac/hmac/hmac_memory_multi.c \ - src/mac/hmac/hmac_process.c \ - src/mac/omac/omac_done.c \ - src/mac/omac/omac_init.c \ - src/mac/omac/omac_memory.c \ - src/mac/omac/omac_memory_multi.c \ - src/mac/omac/omac_process.c \ - src/mac/pmac/pmac_done.c \ - src/mac/pmac/pmac_init.c \ - src/mac/pmac/pmac_memory.c \ - src/mac/pmac/pmac_memory_multi.c \ - src/mac/pmac/pmac_ntz.c \ - src/mac/pmac/pmac_process.c \ - src/mac/pmac/pmac_shift_xor.c \ - src/mac/xcbc/xcbc_done.c \ - src/mac/xcbc/xcbc_init.c \ - src/mac/xcbc/xcbc_memory.c \ - src/mac/xcbc/xcbc_memory_multi.c \ - src/mac/xcbc/xcbc_process.c \ - src/math/fp/ltc_ecc_fp_mulmod.c \ - src/math/ltm_desc.c \ - src/math/multi.c \ - src/math/radix_to_bin.c \ - src/math/rand_bn.c \ - src/math/rand_prime.c \ - src/math/tfm_desc.c \ - src/misc/adler32.c \ - src/misc/base64/base64_decode.c \ - src/misc/base64/base64_encode.c \ - src/misc/burn_stack.c \ - src/misc/crc32.c \ - src/misc/crypt/crypt_cipher_descriptor.c \ - src/misc/crypt/crypt_cipher_is_valid.c \ - src/misc/crypt/crypt_find_cipher.c \ - src/misc/crypt/crypt_find_cipher_any.c \ - src/misc/crypt/crypt_find_cipher_id.c \ - src/misc/crypt/crypt_find_hash.c \ - src/misc/crypt/crypt_find_hash_any.c \ - src/misc/crypt/crypt_find_hash_id.c \ - src/misc/crypt/crypt_find_hash_oid.c \ - src/misc/crypt/crypt_find_prng.c \ - src/misc/crypt/crypt_hash_descriptor.c \ - src/misc/crypt/crypt_hash_is_valid.c \ - src/misc/crypt/crypt_inits.c \ - src/misc/crypt/crypt_ltc_mp_descriptor.c \ - src/misc/crypt/crypt_prng_descriptor.c \ - src/misc/crypt/crypt_prng_is_valid.c \ - src/misc/crypt/crypt_prng_rng_descriptor.c \ - src/misc/crypt/crypt_register_cipher.c \ - src/misc/crypt/crypt_register_hash.c \ - src/misc/crypt/crypt_register_prng.c \ - src/misc/crypt/crypt_unregister_cipher.c \ - src/misc/crypt/crypt_unregister_hash.c \ - src/misc/crypt/crypt_unregister_prng.c \ - src/misc/mem_neq.c \ - src/misc/pk_get_oid.c \ - src/misc/pkcs5/pkcs_5_1.c \ - src/misc/pkcs5/pkcs_5_2.c \ - src/misc/zeromem.c \ - src/modes/cbc/cbc_decrypt.c \ - src/modes/cbc/cbc_done.c \ - src/modes/cbc/cbc_encrypt.c \ - src/modes/cbc/cbc_getiv.c \ - src/modes/cbc/cbc_setiv.c \ - src/modes/cbc/cbc_start.c \ - src/modes/cfb/cfb_decrypt.c \ - src/modes/cfb/cfb_done.c \ - src/modes/cfb/cfb_encrypt.c \ - src/modes/cfb/cfb_getiv.c \ - src/modes/cfb/cfb_setiv.c \ - src/modes/cfb/cfb_start.c \ - src/modes/ctr/ctr_decrypt.c \ - src/modes/ctr/ctr_done.c \ - src/modes/ctr/ctr_encrypt.c \ - src/modes/ctr/ctr_getiv.c \ - src/modes/ctr/ctr_setiv.c \ - src/modes/ctr/ctr_start.c \ - src/modes/ecb/ecb_decrypt.c \ - src/modes/ecb/ecb_done.c \ - src/modes/ecb/ecb_encrypt.c \ - src/modes/ecb/ecb_start.c \ - src/modes/f8/f8_decrypt.c \ - src/modes/f8/f8_done.c \ - src/modes/f8/f8_encrypt.c \ - src/modes/f8/f8_getiv.c \ - src/modes/f8/f8_setiv.c \ - src/modes/f8/f8_start.c \ - src/modes/f8/f8_test_mode.c \ - src/modes/lrw/lrw_decrypt.c \ - src/modes/lrw/lrw_done.c \ - src/modes/lrw/lrw_encrypt.c \ - src/modes/lrw/lrw_getiv.c \ - src/modes/lrw/lrw_process.c \ - src/modes/lrw/lrw_setiv.c \ - src/modes/lrw/lrw_start.c \ - src/modes/ofb/ofb_decrypt.c \ - src/modes/ofb/ofb_done.c \ - src/modes/ofb/ofb_encrypt.c \ - src/modes/ofb/ofb_getiv.c \ - src/modes/ofb/ofb_setiv.c \ - src/modes/ofb/ofb_start.c \ - src/modes/xts/xts_decrypt.c \ - src/modes/xts/xts_done.c \ - src/modes/xts/xts_encrypt.c \ - src/modes/xts/xts_init.c \ - src/modes/xts/xts_mult_x.c \ - src/pk/asn1/der/bit/der_decode_bit_string.c \ - src/pk/asn1/der/bit/der_decode_raw_bit_string.c \ - src/pk/asn1/der/bit/der_encode_bit_string.c \ - src/pk/asn1/der/bit/der_encode_raw_bit_string.c \ - src/pk/asn1/der/bit/der_length_bit_string.c \ - src/pk/asn1/der/boolean/der_decode_boolean.c \ - src/pk/asn1/der/boolean/der_encode_boolean.c \ - src/pk/asn1/der/boolean/der_length_boolean.c \ - src/pk/asn1/der/choice/der_decode_choice.c \ - src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.c \ - src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.c \ - src/pk/asn1/der/generalizedtime/der_length_generalizedtime.c \ - src/pk/asn1/der/ia5/der_decode_ia5_string.c \ - src/pk/asn1/der/ia5/der_encode_ia5_string.c \ - src/pk/asn1/der/ia5/der_length_ia5_string.c \ - src/pk/asn1/der/integer/der_decode_integer.c \ - src/pk/asn1/der/integer/der_encode_integer.c \ - src/pk/asn1/der/integer/der_length_integer.c \ - src/pk/asn1/der/object_identifier/der_decode_object_identifier.c \ - src/pk/asn1/der/object_identifier/der_encode_object_identifier.c \ - src/pk/asn1/der/object_identifier/der_length_object_identifier.c \ - src/pk/asn1/der/octet/der_decode_octet_string.c \ - src/pk/asn1/der/octet/der_encode_octet_string.c \ - src/pk/asn1/der/octet/der_length_octet_string.c \ - src/pk/asn1/der/printable_string/der_decode_printable_string.c \ - src/pk/asn1/der/printable_string/der_encode_printable_string.c \ - src/pk/asn1/der/printable_string/der_length_printable_string.c \ - src/pk/asn1/der/sequence/der_decode_sequence_ex.c \ - src/pk/asn1/der/sequence/der_decode_sequence_flexi.c \ - src/pk/asn1/der/sequence/der_decode_sequence_multi.c \ - src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c \ - src/pk/asn1/der/sequence/der_encode_sequence_ex.c \ - src/pk/asn1/der/sequence/der_encode_sequence_multi.c \ - src/pk/asn1/der/sequence/der_encode_subject_public_key_info.c \ - src/pk/asn1/der/sequence/der_length_sequence.c \ - src/pk/asn1/der/sequence/der_sequence_free.c \ - src/pk/asn1/der/sequence/der_sequence_shrink.c \ - src/pk/asn1/der/set/der_encode_set.c \ - src/pk/asn1/der/set/der_encode_setof.c \ - src/pk/asn1/der/short_integer/der_decode_short_integer.c \ - src/pk/asn1/der/short_integer/der_encode_short_integer.c \ - src/pk/asn1/der/short_integer/der_length_short_integer.c \ - src/pk/asn1/der/teletex_string/der_decode_teletex_string.c \ - src/pk/asn1/der/teletex_string/der_length_teletex_string.c \ - src/pk/asn1/der/utctime/der_decode_utctime.c \ - src/pk/asn1/der/utctime/der_encode_utctime.c \ - src/pk/asn1/der/utctime/der_length_utctime.c \ - src/pk/asn1/der/utf8/der_decode_utf8_string.c \ - src/pk/asn1/der/utf8/der_encode_utf8_string.c \ - src/pk/asn1/der/utf8/der_length_utf8_string.c \ - src/pk/dh/dh.c \ - src/pk/dh/dh_check_pubkey.c \ - src/pk/dh/dh_export.c \ - src/pk/dh/dh_export_key.c \ - src/pk/dh/dh_free.c \ - src/pk/dh/dh_generate_key.c \ - src/pk/dh/dh_import.c \ - src/pk/dh/dh_set.c \ - src/pk/dh/dh_set_pg_dhparam.c \ - src/pk/dh/dh_shared_secret.c \ - src/pk/dsa/dsa_decrypt_key.c \ - src/pk/dsa/dsa_encrypt_key.c \ - src/pk/dsa/dsa_export.c \ - src/pk/dsa/dsa_free.c \ - src/pk/dsa/dsa_generate_key.c \ - src/pk/dsa/dsa_generate_pqg.c \ - src/pk/dsa/dsa_import.c \ - src/pk/dsa/dsa_make_key.c \ - src/pk/dsa/dsa_set.c \ - src/pk/dsa/dsa_set_pqg_dsaparam.c \ - src/pk/dsa/dsa_shared_secret.c \ - src/pk/dsa/dsa_sign_hash.c \ - src/pk/dsa/dsa_verify_hash.c \ - src/pk/dsa/dsa_verify_key.c \ - src/pk/ecc/ecc.c \ - src/pk/ecc/ecc_ansi_x963_export.c \ - src/pk/ecc/ecc_ansi_x963_import.c \ - src/pk/ecc/ecc_decrypt_key.c \ - src/pk/ecc/ecc_encrypt_key.c \ - src/pk/ecc/ecc_export.c \ - src/pk/ecc/ecc_free.c \ - src/pk/ecc/ecc_get_size.c \ - src/pk/ecc/ecc_import.c \ - src/pk/ecc/ecc_make_key.c \ - src/pk/ecc/ecc_shared_secret.c \ - src/pk/ecc/ecc_sign_hash.c \ - src/pk/ecc/ecc_sizes.c \ - src/pk/ecc/ecc_verify_hash.c \ - src/pk/ecc/ltc_ecc_is_valid_idx.c \ - src/pk/ecc/ltc_ecc_map.c \ - src/pk/ecc/ltc_ecc_mul2add.c \ - src/pk/ecc/ltc_ecc_mulmod.c \ - src/pk/ecc/ltc_ecc_mulmod_timing.c \ - src/pk/ecc/ltc_ecc_points.c \ - src/pk/ecc/ltc_ecc_projective_add_point.c \ - src/pk/ecc/ltc_ecc_projective_dbl_point.c \ - src/pk/pkcs1/pkcs_1_i2osp.c \ - src/pk/pkcs1/pkcs_1_mgf1.c \ - src/pk/pkcs1/pkcs_1_oaep_decode.c \ - src/pk/pkcs1/pkcs_1_oaep_encode.c \ - src/pk/pkcs1/pkcs_1_os2ip.c \ - src/pk/pkcs1/pkcs_1_pss_decode.c \ - src/pk/pkcs1/pkcs_1_pss_encode.c \ - src/pk/pkcs1/pkcs_1_v1_5_decode.c \ - src/pk/pkcs1/pkcs_1_v1_5_encode.c \ - src/pk/rsa/rsa_decrypt_key.c \ - src/pk/rsa/rsa_encrypt_key.c \ - src/pk/rsa/rsa_export.c \ - src/pk/rsa/rsa_exptmod.c \ - src/pk/rsa/rsa_free.c \ - src/pk/rsa/rsa_get_size.c \ - src/pk/rsa/rsa_import.c \ - src/pk/rsa/rsa_import_pkcs8.c \ - src/pk/rsa/rsa_import_x509.c \ - src/pk/rsa/rsa_make_key.c \ - src/pk/rsa/rsa_set.c \ - src/pk/rsa/rsa_sign_hash.c \ - src/pk/rsa/rsa_sign_saltlen_get.c \ - src/pk/rsa/rsa_verify_hash.c \ - src/prngs/rc4.c \ - src/prngs/rng_get_bytes.c \ - src/prngs/rng_make_prng.c \ - src/prngs/sprng.c \ - src/stream/rc4/rc4_stream.c diff --git a/libs/tomcrypt/mpi.c b/libs/tomcrypt/mpi.c deleted file mode 100644 index c110a78e987..00000000000 --- a/libs/tomcrypt/mpi.c +++ /dev/null @@ -1,8586 +0,0 @@ -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * SPDX-License-Identifier: Unlicense - */ - -#include <stdarg.h> -#include "tommath_private.h" - -/* Start: bn_fast_mp_invmod.c */ - -/* computes the modular inverse via binary extended euclidean algorithm, - * that is c = 1/a mod b - * - * Based on slow invmod except this is optimized for the case where b is - * odd as per HAC Note 14.64 on pp. 610 - */ -int fast_mp_invmod(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_int x, y, u, v, B, D; - int res, neg; - - /* 2. [modified] b must be odd */ - if (mp_iseven(b) == MP_YES) { - return MP_VAL; - } - - /* init all our temps */ - if ((res = mp_init_multi(&x, &y, &u, &v, &B, &D, NULL)) != MP_OKAY) { - return res; - } - - /* x == modulus, y == value to invert */ - if ((res = mp_copy(b, &x)) != MP_OKAY) { - goto LBL_ERR; - } - - /* we need y = |a| */ - if ((res = mp_mod(a, b, &y)) != MP_OKAY) { - goto LBL_ERR; - } - - /* if one of x,y is zero return an error! */ - if ((mp_iszero(&x) == MP_YES) || (mp_iszero(&y) == MP_YES)) { - res = MP_VAL; - goto LBL_ERR; - } - - /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */ - if ((res = mp_copy(&x, &u)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_copy(&y, &v)) != MP_OKAY) { - goto LBL_ERR; - } - mp_set(&D, 1uL); - -top: - /* 4. while u is even do */ - while (mp_iseven(&u) == MP_YES) { - /* 4.1 u = u/2 */ - if ((res = mp_div_2(&u, &u)) != MP_OKAY) { - goto LBL_ERR; - } - /* 4.2 if B is odd then */ - if (mp_isodd(&B) == MP_YES) { - if ((res = mp_sub(&B, &x, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* B = B/2 */ - if ((res = mp_div_2(&B, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* 5. while v is even do */ - while (mp_iseven(&v) == MP_YES) { - /* 5.1 v = v/2 */ - if ((res = mp_div_2(&v, &v)) != MP_OKAY) { - goto LBL_ERR; - } - /* 5.2 if D is odd then */ - if (mp_isodd(&D) == MP_YES) { - /* D = (D-x)/2 */ - if ((res = mp_sub(&D, &x, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* D = D/2 */ - if ((res = mp_div_2(&D, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* 6. if u >= v then */ - if (mp_cmp(&u, &v) != MP_LT) { - /* u = u - v, B = B - D */ - if ((res = mp_sub(&u, &v, &u)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&B, &D, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } else { - /* v - v - u, D = D - B */ - if ((res = mp_sub(&v, &u, &v)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&D, &B, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* if not zero goto step 4 */ - if (mp_iszero(&u) == MP_NO) { - goto top; - } - - /* now a = C, b = D, gcd == g*v */ - - /* if v != 1 then there is no inverse */ - if (mp_cmp_d(&v, 1uL) != MP_EQ) { - res = MP_VAL; - goto LBL_ERR; - } - - /* b is now the inverse */ - neg = a->sign; - while (D.sign == MP_NEG) { - if ((res = mp_add(&D, b, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* too big */ - while (mp_cmp_mag(&D, b) != MP_LT) { - if ((res = mp_sub(&D, b, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - - mp_exch(&D, c); - c->sign = neg; - res = MP_OKAY; - -LBL_ERR: - mp_clear_multi(&x, &y, &u, &v, &B, &D, NULL); - return res; -} - -/* End: bn_fast_mp_invmod.c */ - -/* Start: bn_fast_mp_montgomery_reduce.c */ - -/* computes xR**-1 == x (mod N) via Montgomery Reduction - * - * This is an optimized implementation of montgomery_reduce - * which uses the comba method to quickly calculate the columns of the - * reduction. - * - * Based on Algorithm 14.32 on pp.601 of HAC. -*/ -int fast_mp_montgomery_reduce(mp_int *x, const mp_int *n, mp_digit rho) -{ - int ix, res, olduse; - mp_word W[MP_WARRAY]; - - if (x->used > (int)MP_WARRAY) { - return MP_VAL; - } - - /* get old used count */ - olduse = x->used; - - /* grow a as required */ - if (x->alloc < (n->used + 1)) { - if ((res = mp_grow(x, n->used + 1)) != MP_OKAY) { - return res; - } - } - - /* first we have to get the digits of the input into - * an array of double precision words W[...] - */ - { - mp_word *_W; - mp_digit *tmpx; - - /* alias for the W[] array */ - _W = W; - - /* alias for the digits of x*/ - tmpx = x->dp; - - /* copy the digits of a into W[0..a->used-1] */ - for (ix = 0; ix < x->used; ix++) { - *_W++ = *tmpx++; - } - - /* zero the high words of W[a->used..m->used*2] */ - for (; ix < ((n->used * 2) + 1); ix++) { - *_W++ = 0; - } - } - - /* now we proceed to zero successive digits - * from the least significant upwards - */ - for (ix = 0; ix < n->used; ix++) { - /* mu = ai * m' mod b - * - * We avoid a double precision multiplication (which isn't required) - * by casting the value down to a mp_digit. Note this requires - * that W[ix-1] have the carry cleared (see after the inner loop) - */ - mp_digit mu; - mu = ((W[ix] & MP_MASK) * rho) & MP_MASK; - - /* a = a + mu * m * b**i - * - * This is computed in place and on the fly. The multiplication - * by b**i is handled by offseting which columns the results - * are added to. - * - * Note the comba method normally doesn't handle carries in the - * inner loop In this case we fix the carry from the previous - * column since the Montgomery reduction requires digits of the - * result (so far) [see above] to work. This is - * handled by fixing up one carry after the inner loop. The - * carry fixups are done in order so after these loops the - * first m->used words of W[] have the carries fixed - */ - { - int iy; - mp_digit *tmpn; - mp_word *_W; - - /* alias for the digits of the modulus */ - tmpn = n->dp; - - /* Alias for the columns set by an offset of ix */ - _W = W + ix; - - /* inner loop */ - for (iy = 0; iy < n->used; iy++) { - *_W++ += (mp_word)mu * (mp_word)*tmpn++; - } - } - - /* now fix carry for next digit, W[ix+1] */ - W[ix + 1] += W[ix] >> (mp_word)DIGIT_BIT; - } - - /* now we have to propagate the carries and - * shift the words downward [all those least - * significant digits we zeroed]. - */ - { - mp_digit *tmpx; - mp_word *_W, *_W1; - - /* nox fix rest of carries */ - - /* alias for current word */ - _W1 = W + ix; - - /* alias for next word, where the carry goes */ - _W = W + ++ix; - - for (; ix <= ((n->used * 2) + 1); ix++) { - *_W++ += *_W1++ >> (mp_word)DIGIT_BIT; - } - - /* copy out, A = A/b**n - * - * The result is A/b**n but instead of converting from an - * array of mp_word to mp_digit than calling mp_rshd - * we just copy them in the right order - */ - - /* alias for destination word */ - tmpx = x->dp; - - /* alias for shifted double precision result */ - _W = W + n->used; - - for (ix = 0; ix < (n->used + 1); ix++) { - *tmpx++ = *_W++ & (mp_word)MP_MASK; - } - - /* zero oldused digits, if the input a was larger than - * m->used+1 we'll have to clear the digits - */ - for (; ix < olduse; ix++) { - *tmpx++ = 0; - } - } - - /* set the max used and clamp */ - x->used = n->used + 1; - mp_clamp(x); - - /* if A >= m then A = A - m */ - if (mp_cmp_mag(x, n) != MP_LT) { - return s_mp_sub(x, n, x); - } - return MP_OKAY; -} - -/* End: bn_fast_mp_montgomery_reduce.c */ - -/* Start: bn_fast_s_mp_mul_digs.c */ - -/* Fast (comba) multiplier - * - * This is the fast column-array [comba] multiplier. It is - * designed to compute the columns of the product first - * then handle the carries afterwards. This has the effect - * of making the nested loops that compute the columns very - * simple and schedulable on super-scalar processors. - * - * This has been modified to produce a variable number of - * digits of output so if say only a half-product is required - * you don't have to compute the upper half (a feature - * required for fast Barrett reduction). - * - * Based on Algorithm 14.12 on pp.595 of HAC. - * - */ -int fast_s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs) -{ - int olduse, res, pa, ix, iz; - mp_digit W[MP_WARRAY]; - mp_word _W; - - /* grow the destination as required */ - if (c->alloc < digs) { - if ((res = mp_grow(c, digs)) != MP_OKAY) { - return res; - } - } - - /* number of output digits to produce */ - pa = MIN(digs, a->used + b->used); - - /* clear the carry */ - _W = 0; - for (ix = 0; ix < pa; ix++) { - int tx, ty; - int iy; - mp_digit *tmpx, *tmpy; - - /* get offsets into the two bignums */ - ty = MIN(b->used-1, ix); - tx = ix - ty; - - /* setup temp aliases */ - tmpx = a->dp + tx; - tmpy = b->dp + ty; - - /* this is the number of times the loop will iterrate, essentially - while (tx++ < a->used && ty-- >= 0) { ... } - */ - iy = MIN(a->used-tx, ty+1); - - /* execute loop */ - for (iz = 0; iz < iy; ++iz) { - _W += (mp_word)*tmpx++ * (mp_word)*tmpy--; - - } - - /* store term */ - W[ix] = (mp_digit)_W & MP_MASK; - - /* make next carry */ - _W = _W >> (mp_word)DIGIT_BIT; - } - - /* setup dest */ - olduse = c->used; - c->used = pa; - - { - mp_digit *tmpc; - tmpc = c->dp; - for (ix = 0; ix < pa; ix++) { - /* now extract the previous digit [below the carry] */ - *tmpc++ = W[ix]; - } - - /* clear unused digits [that existed in the old copy of c] */ - for (; ix < olduse; ix++) { - *tmpc++ = 0; - } - } - mp_clamp(c); - return MP_OKAY; -} - -/* End: bn_fast_s_mp_mul_digs.c */ - -/* Start: bn_fast_s_mp_mul_high_digs.c */ - -/* this is a modified version of fast_s_mul_digs that only produces - * output digits *above* digs. See the comments for fast_s_mul_digs - * to see how it works. - * - * This is used in the Barrett reduction since for one of the multiplications - * only the higher digits were needed. This essentially halves the work. - * - * Based on Algorithm 14.12 on pp.595 of HAC. - */ -int fast_s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs) -{ - int olduse, res, pa, ix, iz; - mp_digit W[MP_WARRAY]; - mp_word _W; - - /* grow the destination as required */ - pa = a->used + b->used; - if (c->alloc < pa) { - if ((res = mp_grow(c, pa)) != MP_OKAY) { - return res; - } - } - - /* number of output digits to produce */ - pa = a->used + b->used; - _W = 0; - for (ix = digs; ix < pa; ix++) { - int tx, ty, iy; - mp_digit *tmpx, *tmpy; - - /* get offsets into the two bignums */ - ty = MIN(b->used-1, ix); - tx = ix - ty; - - /* setup temp aliases */ - tmpx = a->dp + tx; - tmpy = b->dp + ty; - - /* this is the number of times the loop will iterrate, essentially its - while (tx++ < a->used && ty-- >= 0) { ... } - */ - iy = MIN(a->used-tx, ty+1); - - /* execute loop */ - for (iz = 0; iz < iy; iz++) { - _W += (mp_word)*tmpx++ * (mp_word)*tmpy--; - } - - /* store term */ - W[ix] = (mp_digit)_W & MP_MASK; - - /* make next carry */ - _W = _W >> (mp_word)DIGIT_BIT; - } - - /* setup dest */ - olduse = c->used; - c->used = pa; - - { - mp_digit *tmpc; - - tmpc = c->dp + digs; - for (ix = digs; ix < pa; ix++) { - /* now extract the previous digit [below the carry] */ - *tmpc++ = W[ix]; - } - - /* clear unused digits [that existed in the old copy of c] */ - for (; ix < olduse; ix++) { - *tmpc++ = 0; - } - } - mp_clamp(c); - return MP_OKAY; -} - -/* End: bn_fast_s_mp_mul_high_digs.c */ - -/* Start: bn_fast_s_mp_sqr.c */ - -/* the jist of squaring... - * you do like mult except the offset of the tmpx [one that - * starts closer to zero] can't equal the offset of tmpy. - * So basically you set up iy like before then you min it with - * (ty-tx) so that it never happens. You double all those - * you add in the inner loop - -After that loop you do the squares and add them in. -*/ - -int fast_s_mp_sqr(const mp_int *a, mp_int *b) -{ - int olduse, res, pa, ix, iz; - mp_digit W[MP_WARRAY], *tmpx; - mp_word W1; - - /* grow the destination as required */ - pa = a->used + a->used; - if (b->alloc < pa) { - if ((res = mp_grow(b, pa)) != MP_OKAY) { - return res; - } - } - - /* number of output digits to produce */ - W1 = 0; - for (ix = 0; ix < pa; ix++) { - int tx, ty, iy; - mp_word _W; - mp_digit *tmpy; - - /* clear counter */ - _W = 0; - - /* get offsets into the two bignums */ - ty = MIN(a->used-1, ix); - tx = ix - ty; - - /* setup temp aliases */ - tmpx = a->dp + tx; - tmpy = a->dp + ty; - - /* this is the number of times the loop will iterrate, essentially - while (tx++ < a->used && ty-- >= 0) { ... } - */ - iy = MIN(a->used-tx, ty+1); - - /* now for squaring tx can never equal ty - * we halve the distance since they approach at a rate of 2x - * and we have to round because odd cases need to be executed - */ - iy = MIN(iy, ((ty-tx)+1)>>1); - - /* execute loop */ - for (iz = 0; iz < iy; iz++) { - _W += (mp_word)*tmpx++ * (mp_word)*tmpy--; - } - - /* double the inner product and add carry */ - _W = _W + _W + W1; - - /* even columns have the square term in them */ - if (((unsigned)ix & 1u) == 0u) { - _W += (mp_word)a->dp[ix>>1] * (mp_word)a->dp[ix>>1]; - } - - /* store it */ - W[ix] = _W & MP_MASK; - - /* make next carry */ - W1 = _W >> (mp_word)DIGIT_BIT; - } - - /* setup dest */ - olduse = b->used; - b->used = a->used+a->used; - - { - mp_digit *tmpb; - tmpb = b->dp; - for (ix = 0; ix < pa; ix++) { - *tmpb++ = W[ix] & MP_MASK; - } - - /* clear unused digits [that existed in the old copy of c] */ - for (; ix < olduse; ix++) { - *tmpb++ = 0; - } - } - mp_clamp(b); - return MP_OKAY; -} - -/* End: bn_fast_s_mp_sqr.c */ - -/* Start: bn_mp_2expt.c */ - -/* computes a = 2**b - * - * Simple algorithm which zeroes the int, grows it then just sets one bit - * as required. - */ -int mp_2expt(mp_int *a, int b) -{ - int res; - - /* zero a as per default */ - mp_zero(a); - - /* grow a to accomodate the single bit */ - if ((res = mp_grow(a, (b / DIGIT_BIT) + 1)) != MP_OKAY) { - return res; - } - - /* set the used count of where the bit will go */ - a->used = (b / DIGIT_BIT) + 1; - - /* put the single bit in its place */ - a->dp[b / DIGIT_BIT] = (mp_digit)1 << (mp_digit)(b % DIGIT_BIT); - - return MP_OKAY; -} - -/* End: bn_mp_2expt.c */ - -/* Start: bn_mp_abs.c */ - -/* b = |a| - * - * Simple function copies the input and fixes the sign to positive - */ -int mp_abs(const mp_int *a, mp_int *b) -{ - int res; - - /* copy a to b */ - if (a != b) { - if ((res = mp_copy(a, b)) != MP_OKAY) { - return res; - } - } - - /* force the sign of b to positive */ - b->sign = MP_ZPOS; - - return MP_OKAY; -} - -/* End: bn_mp_abs.c */ - -/* Start: bn_mp_add.c */ - -/* high level addition (handles signs) */ -int mp_add(const mp_int *a, const mp_int *b, mp_int *c) -{ - int sa, sb, res; - - /* get sign of both inputs */ - sa = a->sign; - sb = b->sign; - - /* handle two cases, not four */ - if (sa == sb) { - /* both positive or both negative */ - /* add their magnitudes, copy the sign */ - c->sign = sa; - res = s_mp_add(a, b, c); - } else { - /* one positive, the other negative */ - /* subtract the one with the greater magnitude from */ - /* the one of the lesser magnitude. The result gets */ - /* the sign of the one with the greater magnitude. */ - if (mp_cmp_mag(a, b) == MP_LT) { - c->sign = sb; - res = s_mp_sub(b, a, c); - } else { - c->sign = sa; - res = s_mp_sub(a, b, c); - } - } - return res; -} - -/* End: bn_mp_add.c */ - -/* Start: bn_mp_add_d.c */ - -/* single digit addition */ -int mp_add_d(const mp_int *a, mp_digit b, mp_int *c) -{ - int res, ix, oldused; - mp_digit *tmpa, *tmpc, mu; - - /* grow c as required */ - if (c->alloc < (a->used + 1)) { - if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) { - return res; - } - } - - /* if a is negative and |a| >= b, call c = |a| - b */ - if ((a->sign == MP_NEG) && ((a->used > 1) || (a->dp[0] >= b))) { - mp_int a_ = *a; - /* temporarily fix sign of a */ - a_.sign = MP_ZPOS; - - /* c = |a| - b */ - res = mp_sub_d(&a_, b, c); - - /* fix sign */ - c->sign = MP_NEG; - - /* clamp */ - mp_clamp(c); - - return res; - } - - /* old number of used digits in c */ - oldused = c->used; - - /* source alias */ - tmpa = a->dp; - - /* destination alias */ - tmpc = c->dp; - - /* if a is positive */ - if (a->sign == MP_ZPOS) { - /* add digit, after this we're propagating - * the carry. - */ - *tmpc = *tmpa++ + b; - mu = *tmpc >> DIGIT_BIT; - *tmpc++ &= MP_MASK; - - /* now handle rest of the digits */ - for (ix = 1; ix < a->used; ix++) { - *tmpc = *tmpa++ + mu; - mu = *tmpc >> DIGIT_BIT; - *tmpc++ &= MP_MASK; - } - /* set final carry */ - ix++; - *tmpc++ = mu; - - /* setup size */ - c->used = a->used + 1; - } else { - /* a was negative and |a| < b */ - c->used = 1; - - /* the result is a single digit */ - if (a->used == 1) { - *tmpc++ = b - a->dp[0]; - } else { - *tmpc++ = b; - } - - /* setup count so the clearing of oldused - * can fall through correctly - */ - ix = 1; - } - - /* sign always positive */ - c->sign = MP_ZPOS; - - /* now zero to oldused */ - while (ix++ < oldused) { - *tmpc++ = 0; - } - mp_clamp(c); - - return MP_OKAY; -} - -/* End: bn_mp_add_d.c */ - -/* Start: bn_mp_addmod.c */ - -/* d = a + b (mod c) */ -int mp_addmod(const mp_int *a, const mp_int *b, const mp_int *c, mp_int *d) -{ - int res; - mp_int t; - - if ((res = mp_init(&t)) != MP_OKAY) { - return res; - } - - if ((res = mp_add(a, b, &t)) != MP_OKAY) { - mp_clear(&t); - return res; - } - res = mp_mod(&t, c, d); - mp_clear(&t); - return res; -} - -/* End: bn_mp_addmod.c */ - -/* Start: bn_mp_and.c */ - -/* AND two ints together */ -int mp_and(const mp_int *a, const mp_int *b, mp_int *c) -{ - int res, ix, px; - mp_int t; - const mp_int *x; - - if (a->used > b->used) { - if ((res = mp_init_copy(&t, a)) != MP_OKAY) { - return res; - } - px = b->used; - x = b; - } else { - if ((res = mp_init_copy(&t, b)) != MP_OKAY) { - return res; - } - px = a->used; - x = a; - } - - for (ix = 0; ix < px; ix++) { - t.dp[ix] &= x->dp[ix]; - } - - /* zero digits above the last from the smallest mp_int */ - for (; ix < t.used; ix++) { - t.dp[ix] = 0; - } - - mp_clamp(&t); - mp_exch(c, &t); - mp_clear(&t); - return MP_OKAY; -} - -/* End: bn_mp_and.c */ - -/* Start: bn_mp_clamp.c */ - -/* trim unused digits - * - * This is used to ensure that leading zero digits are - * trimed and the leading "used" digit will be non-zero - * Typically very fast. Also fixes the sign if there - * are no more leading digits - */ -void mp_clamp(mp_int *a) -{ - /* decrease used while the most significant digit is - * zero. - */ - while ((a->used > 0) && (a->dp[a->used - 1] == 0u)) { - --(a->used); - } - - /* reset the sign flag if used == 0 */ - if (a->used == 0) { - a->sign = MP_ZPOS; - } -} - -/* End: bn_mp_clamp.c */ - -/* Start: bn_mp_clear.c */ - -/* clear one (frees) */ -void mp_clear(mp_int *a) -{ - int i; - - /* only do anything if a hasn't been freed previously */ - if (a->dp != NULL) { - /* first zero the digits */ - for (i = 0; i < a->used; i++) { - a->dp[i] = 0; - } - - /* free ram */ - XFREE(a->dp); - - /* reset members to make debugging easier */ - a->dp = NULL; - a->alloc = a->used = 0; - a->sign = MP_ZPOS; - } -} - -/* End: bn_mp_clear.c */ - -/* Start: bn_mp_clear_multi.c */ - -void mp_clear_multi(mp_int *mp, ...) -{ - mp_int *next_mp = mp; - va_list args; - va_start(args, mp); - while (next_mp != NULL) { - mp_clear(next_mp); - next_mp = va_arg(args, mp_int *); - } - va_end(args); -} - -/* End: bn_mp_clear_multi.c */ - -/* Start: bn_mp_cmp.c */ - -/* compare two ints (signed)*/ -int mp_cmp(const mp_int *a, const mp_int *b) -{ - /* compare based on sign */ - if (a->sign != b->sign) { - if (a->sign == MP_NEG) { - return MP_LT; - } else { - return MP_GT; - } - } - - /* compare digits */ - if (a->sign == MP_NEG) { - /* if negative compare opposite direction */ - return mp_cmp_mag(b, a); - } else { - return mp_cmp_mag(a, b); - } -} - -/* End: bn_mp_cmp.c */ - -/* Start: bn_mp_cmp_d.c */ - -/* compare a digit */ -int mp_cmp_d(const mp_int *a, mp_digit b) -{ - /* compare based on sign */ - if (a->sign == MP_NEG) { - return MP_LT; - } - - /* compare based on magnitude */ - if (a->used > 1) { - return MP_GT; - } - - /* compare the only digit of a to b */ - if (a->dp[0] > b) { - return MP_GT; - } else if (a->dp[0] < b) { - return MP_LT; - } else { - return MP_EQ; - } -} - -/* End: bn_mp_cmp_d.c */ - -/* Start: bn_mp_cmp_mag.c */ - -/* compare maginitude of two ints (unsigned) */ -int mp_cmp_mag(const mp_int *a, const mp_int *b) -{ - int n; - mp_digit *tmpa, *tmpb; - - /* compare based on # of non-zero digits */ - if (a->used > b->used) { - return MP_GT; - } - - if (a->used < b->used) { - return MP_LT; - } - - /* alias for a */ - tmpa = a->dp + (a->used - 1); - - /* alias for b */ - tmpb = b->dp + (a->used - 1); - - /* compare based on digits */ - for (n = 0; n < a->used; ++n, --tmpa, --tmpb) { - if (*tmpa > *tmpb) { - return MP_GT; - } - - if (*tmpa < *tmpb) { - return MP_LT; - } - } - return MP_EQ; -} - -/* End: bn_mp_cmp_mag.c */ - -/* Start: bn_mp_cnt_lsb.c */ - -static const int lnz[16] = { - 4, 0, 1, 0, 2, 0, 1, 0, 3, 0, 1, 0, 2, 0, 1, 0 -}; - -/* Counts the number of lsbs which are zero before the first zero bit */ -int mp_cnt_lsb(const mp_int *a) -{ - int x; - mp_digit q, qq; - - /* easy out */ - if (mp_iszero(a) == MP_YES) { - return 0; - } - - /* scan lower digits until non-zero */ - for (x = 0; (x < a->used) && (a->dp[x] == 0u); x++) {} - q = a->dp[x]; - x *= DIGIT_BIT; - - /* now scan this digit until a 1 is found */ - if ((q & 1u) == 0u) { - do { - qq = q & 15u; - x += lnz[qq]; - q >>= 4; - } while (qq == 0u); - } - return x; -} - -/* End: bn_mp_cnt_lsb.c */ - -/* Start: bn_mp_complement.c */ - -/* b = ~a */ -int mp_complement(const mp_int *a, mp_int *b) -{ - int res = mp_neg(a, b); - return (res == MP_OKAY) ? mp_sub_d(b, 1uL, b) : res; -} - -/* End: bn_mp_complement.c */ - -/* Start: bn_mp_copy.c */ - -/* copy, b = a */ -int mp_copy(const mp_int *a, mp_int *b) -{ - int res, n; - - /* if dst == src do nothing */ - if (a == b) { - return MP_OKAY; - } - - /* grow dest */ - if (b->alloc < a->used) { - if ((res = mp_grow(b, a->used)) != MP_OKAY) { - return res; - } - } - - /* zero b and copy the parameters over */ - { - mp_digit *tmpa, *tmpb; - - /* pointer aliases */ - - /* source */ - tmpa = a->dp; - - /* destination */ - tmpb = b->dp; - - /* copy all the digits */ - for (n = 0; n < a->used; n++) { - *tmpb++ = *tmpa++; - } - - /* clear high digits */ - for (; n < b->used; n++) { - *tmpb++ = 0; - } - } - - /* copy used count and sign */ - b->used = a->used; - b->sign = a->sign; - return MP_OKAY; -} - -/* End: bn_mp_copy.c */ - -/* Start: bn_mp_count_bits.c */ - -/* returns the number of bits in an int */ -int mp_count_bits(const mp_int *a) -{ - int r; - mp_digit q; - - /* shortcut */ - if (a->used == 0) { - return 0; - } - - /* get number of digits and add that */ - r = (a->used - 1) * DIGIT_BIT; - - /* take the last digit and count the bits in it */ - q = a->dp[a->used - 1]; - while (q > (mp_digit)0) { - ++r; - q >>= (mp_digit)1; - } - return r; -} - -/* End: bn_mp_count_bits.c */ - -/* Start: bn_mp_div.c */ - -/* integer signed division. - * c*b + d == a [e.g. a/b, c=quotient, d=remainder] - * HAC pp.598 Algorithm 14.20 - * - * Note that the description in HAC is horribly - * incomplete. For example, it doesn't consider - * the case where digits are removed from 'x' in - * the inner loop. It also doesn't consider the - * case that y has fewer than three digits, etc.. - * - * The overall algorithm is as described as - * 14.20 from HAC but fixed to treat these cases. -*/ -int mp_div(const mp_int *a, const mp_int *b, mp_int *c, mp_int *d) -{ - mp_int q, x, y, t1, t2; - int res, n, t, i, norm, neg; - - /* is divisor zero ? */ - if (mp_iszero(b) == MP_YES) { - return MP_VAL; - } - - /* if a < b then q=0, r = a */ - if (mp_cmp_mag(a, b) == MP_LT) { - if (d != NULL) { - res = mp_copy(a, d); - } else { - res = MP_OKAY; - } - if (c != NULL) { - mp_zero(c); - } - return res; - } - - if ((res = mp_init_size(&q, a->used + 2)) != MP_OKAY) { - return res; - } - q.used = a->used + 2; - - if ((res = mp_init(&t1)) != MP_OKAY) { - goto LBL_Q; - } - - if ((res = mp_init(&t2)) != MP_OKAY) { - goto LBL_T1; - } - - if ((res = mp_init_copy(&x, a)) != MP_OKAY) { - goto LBL_T2; - } - - if ((res = mp_init_copy(&y, b)) != MP_OKAY) { - goto LBL_X; - } - - /* fix the sign */ - neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; - x.sign = y.sign = MP_ZPOS; - - /* normalize both x and y, ensure that y >= b/2, [b == 2**DIGIT_BIT] */ - norm = mp_count_bits(&y) % DIGIT_BIT; - if (norm < (DIGIT_BIT - 1)) { - norm = (DIGIT_BIT - 1) - norm; - if ((res = mp_mul_2d(&x, norm, &x)) != MP_OKAY) { - goto LBL_Y; - } - if ((res = mp_mul_2d(&y, norm, &y)) != MP_OKAY) { - goto LBL_Y; - } - } else { - norm = 0; - } - - /* note hac does 0 based, so if used==5 then its 0,1,2,3,4, e.g. use 4 */ - n = x.used - 1; - t = y.used - 1; - - /* while (x >= y*b**n-t) do { q[n-t] += 1; x -= y*b**{n-t} } */ - if ((res = mp_lshd(&y, n - t)) != MP_OKAY) { /* y = y*b**{n-t} */ - goto LBL_Y; - } - - while (mp_cmp(&x, &y) != MP_LT) { - ++(q.dp[n - t]); - if ((res = mp_sub(&x, &y, &x)) != MP_OKAY) { - goto LBL_Y; - } - } - - /* reset y by shifting it back down */ - mp_rshd(&y, n - t); - - /* step 3. for i from n down to (t + 1) */ - for (i = n; i >= (t + 1); i--) { - if (i > x.used) { - continue; - } - - /* step 3.1 if xi == yt then set q{i-t-1} to b-1, - * otherwise set q{i-t-1} to (xi*b + x{i-1})/yt */ - if (x.dp[i] == y.dp[t]) { - q.dp[(i - t) - 1] = ((mp_digit)1 << (mp_digit)DIGIT_BIT) - (mp_digit)1; - } else { - mp_word tmp; - tmp = (mp_word)x.dp[i] << (mp_word)DIGIT_BIT; - tmp |= (mp_word)x.dp[i - 1]; - tmp /= (mp_word)y.dp[t]; - if (tmp > (mp_word)MP_MASK) { - tmp = MP_MASK; - } - q.dp[(i - t) - 1] = (mp_digit)(tmp & (mp_word)MP_MASK); - } - - /* while (q{i-t-1} * (yt * b + y{t-1})) > - xi * b**2 + xi-1 * b + xi-2 - - do q{i-t-1} -= 1; - */ - q.dp[(i - t) - 1] = (q.dp[(i - t) - 1] + 1uL) & (mp_digit)MP_MASK; - do { - q.dp[(i - t) - 1] = (q.dp[(i - t) - 1] - 1uL) & (mp_digit)MP_MASK; - - /* find left hand */ - mp_zero(&t1); - t1.dp[0] = ((t - 1) < 0) ? 0u : y.dp[t - 1]; - t1.dp[1] = y.dp[t]; - t1.used = 2; - if ((res = mp_mul_d(&t1, q.dp[(i - t) - 1], &t1)) != MP_OKAY) { - goto LBL_Y; - } - - /* find right hand */ - t2.dp[0] = ((i - 2) < 0) ? 0u : x.dp[i - 2]; - t2.dp[1] = ((i - 1) < 0) ? 0u : x.dp[i - 1]; - t2.dp[2] = x.dp[i]; - t2.used = 3; - } while (mp_cmp_mag(&t1, &t2) == MP_GT); - - /* step 3.3 x = x - q{i-t-1} * y * b**{i-t-1} */ - if ((res = mp_mul_d(&y, q.dp[(i - t) - 1], &t1)) != MP_OKAY) { - goto LBL_Y; - } - - if ((res = mp_lshd(&t1, (i - t) - 1)) != MP_OKAY) { - goto LBL_Y; - } - - if ((res = mp_sub(&x, &t1, &x)) != MP_OKAY) { - goto LBL_Y; - } - - /* if x < 0 then { x = x + y*b**{i-t-1}; q{i-t-1} -= 1; } */ - if (x.sign == MP_NEG) { - if ((res = mp_copy(&y, &t1)) != MP_OKAY) { - goto LBL_Y; - } - if ((res = mp_lshd(&t1, (i - t) - 1)) != MP_OKAY) { - goto LBL_Y; - } - if ((res = mp_add(&x, &t1, &x)) != MP_OKAY) { - goto LBL_Y; - } - - q.dp[(i - t) - 1] = (q.dp[(i - t) - 1] - 1uL) & MP_MASK; - } - } - - /* now q is the quotient and x is the remainder - * [which we have to normalize] - */ - - /* get sign before writing to c */ - x.sign = (x.used == 0) ? MP_ZPOS : a->sign; - - if (c != NULL) { - mp_clamp(&q); - mp_exch(&q, c); - c->sign = neg; - } - - if (d != NULL) { - if ((res = mp_div_2d(&x, norm, &x, NULL)) != MP_OKAY) { - goto LBL_Y; - } - mp_exch(&x, d); - } - - res = MP_OKAY; - -LBL_Y: - mp_clear(&y); -LBL_X: - mp_clear(&x); -LBL_T2: - mp_clear(&t2); -LBL_T1: - mp_clear(&t1); -LBL_Q: - mp_clear(&q); - return res; -} - -/* End: bn_mp_div.c */ - -/* Start: bn_mp_div_2.c */ - -/* b = a/2 */ -int mp_div_2(const mp_int *a, mp_int *b) -{ - int x, res, oldused; - - /* copy */ - if (b->alloc < a->used) { - if ((res = mp_grow(b, a->used)) != MP_OKAY) { - return res; - } - } - - oldused = b->used; - b->used = a->used; - { - mp_digit r, rr, *tmpa, *tmpb; - - /* source alias */ - tmpa = a->dp + b->used - 1; - - /* dest alias */ - tmpb = b->dp + b->used - 1; - - /* carry */ - r = 0; - for (x = b->used - 1; x >= 0; x--) { - /* get the carry for the next iteration */ - rr = *tmpa & 1u; - - /* shift the current digit, add in carry and store */ - *tmpb-- = (*tmpa-- >> 1) | (r << (DIGIT_BIT - 1)); - - /* forward carry to next iteration */ - r = rr; - } - - /* zero excess digits */ - tmpb = b->dp + b->used; - for (x = b->used; x < oldused; x++) { - *tmpb++ = 0; - } - } - b->sign = a->sign; - mp_clamp(b); - return MP_OKAY; -} - -/* End: bn_mp_div_2.c */ - -/* Start: bn_mp_div_2d.c */ - -/* shift right by a certain bit count (store quotient in c, optional remainder in d) */ -int mp_div_2d(const mp_int *a, int b, mp_int *c, mp_int *d) -{ - mp_digit D, r, rr; - int x, res; - - /* if the shift count is <= 0 then we do no work */ - if (b <= 0) { - res = mp_copy(a, c); - if (d != NULL) { - mp_zero(d); - } - return res; - } - - /* copy */ - if ((res = mp_copy(a, c)) != MP_OKAY) { - return res; - } - /* 'a' should not be used after here - it might be the same as d */ - - /* get the remainder */ - if (d != NULL) { - if ((res = mp_mod_2d(a, b, d)) != MP_OKAY) { - return res; - } - } - - /* shift by as many digits in the bit count */ - if (b >= DIGIT_BIT) { - mp_rshd(c, b / DIGIT_BIT); - } - - /* shift any bit count < DIGIT_BIT */ - D = (mp_digit)(b % DIGIT_BIT); - if (D != 0u) { - mp_digit *tmpc, mask, shift; - - /* mask */ - mask = ((mp_digit)1 << D) - 1uL; - - /* shift for lsb */ - shift = (mp_digit)DIGIT_BIT - D; - - /* alias */ - tmpc = c->dp + (c->used - 1); - - /* carry */ - r = 0; - for (x = c->used - 1; x >= 0; x--) { - /* get the lower bits of this word in a temp */ - rr = *tmpc & mask; - - /* shift the current word and mix in the carry bits from the previous word */ - *tmpc = (*tmpc >> D) | (r << shift); - --tmpc; - - /* set the carry to the carry bits of the current word found above */ - r = rr; - } - } - mp_clamp(c); - return MP_OKAY; -} - -/* End: bn_mp_div_2d.c */ - -/* Start: bn_mp_div_3.c */ - -/* divide by three (based on routine from MPI and the GMP manual) */ -int mp_div_3(const mp_int *a, mp_int *c, mp_digit *d) -{ - mp_int q; - mp_word w, t; - mp_digit b; - int res, ix; - - /* b = 2**DIGIT_BIT / 3 */ - b = ((mp_word)1 << (mp_word)DIGIT_BIT) / (mp_word)3; - - if ((res = mp_init_size(&q, a->used)) != MP_OKAY) { - return res; - } - - q.used = a->used; - q.sign = a->sign; - w = 0; - for (ix = a->used - 1; ix >= 0; ix--) { - w = (w << (mp_word)DIGIT_BIT) | (mp_word)a->dp[ix]; - - if (w >= 3u) { - /* multiply w by [1/3] */ - t = (w * (mp_word)b) >> (mp_word)DIGIT_BIT; - - /* now subtract 3 * [w/3] from w, to get the remainder */ - w -= t+t+t; - - /* fixup the remainder as required since - * the optimization is not exact. - */ - while (w >= 3u) { - t += 1u; - w -= 3u; - } - } else { - t = 0; - } - q.dp[ix] = (mp_digit)t; - } - - /* [optional] store the remainder */ - if (d != NULL) { - *d = (mp_digit)w; - } - - /* [optional] store the quotient */ - if (c != NULL) { - mp_clamp(&q); - mp_exch(&q, c); - } - mp_clear(&q); - - return res; -} - -/* End: bn_mp_div_3.c */ - -/* Start: bn_mp_div_d.c */ - -static int s_is_power_of_two(mp_digit b, int *p) -{ - int x; - - /* fast return if no power of two */ - if ((b == 0u) || ((b & (b-1u)) != 0u)) { - return 0; - } - - for (x = 0; x < DIGIT_BIT; x++) { - if (b == ((mp_digit)1<<(mp_digit)x)) { - *p = x; - return 1; - } - } - return 0; -} - -/* single digit division (based on routine from MPI) */ -int mp_div_d(const mp_int *a, mp_digit b, mp_int *c, mp_digit *d) -{ - mp_int q; - mp_word w; - mp_digit t; - int res, ix; - - /* cannot divide by zero */ - if (b == 0u) { - return MP_VAL; - } - - /* quick outs */ - if ((b == 1u) || (mp_iszero(a) == MP_YES)) { - if (d != NULL) { - *d = 0; - } - if (c != NULL) { - return mp_copy(a, c); - } - return MP_OKAY; - } - - /* power of two ? */ - if (s_is_power_of_two(b, &ix) == 1) { - if (d != NULL) { - *d = a->dp[0] & (((mp_digit)1<<(mp_digit)ix) - 1uL); - } - if (c != NULL) { - return mp_div_2d(a, ix, c, NULL); - } - return MP_OKAY; - } - - /* three? */ - if (b == 3u) { - return mp_div_3(a, c, d); - } - - /* no easy answer [c'est la vie]. Just division */ - if ((res = mp_init_size(&q, a->used)) != MP_OKAY) { - return res; - } - - q.used = a->used; - q.sign = a->sign; - w = 0; - for (ix = a->used - 1; ix >= 0; ix--) { - w = (w << (mp_word)DIGIT_BIT) | (mp_word)a->dp[ix]; - - if (w >= b) { - t = (mp_digit)(w / b); - w -= (mp_word)t * (mp_word)b; - } else { - t = 0; - } - q.dp[ix] = t; - } - - if (d != NULL) { - *d = (mp_digit)w; - } - - if (c != NULL) { - mp_clamp(&q); - mp_exch(&q, c); - } - mp_clear(&q); - - return res; -} - -/* End: bn_mp_div_d.c */ - -/* Start: bn_mp_dr_is_modulus.c */ - -/* determines if a number is a valid DR modulus */ -int mp_dr_is_modulus(const mp_int *a) -{ - int ix; - - /* must be at least two digits */ - if (a->used < 2) { - return 0; - } - - /* must be of the form b**k - a [a <= b] so all - * but the first digit must be equal to -1 (mod b). - */ - for (ix = 1; ix < a->used; ix++) { - if (a->dp[ix] != MP_MASK) { - return 0; - } - } - return 1; -} - -/* End: bn_mp_dr_is_modulus.c */ - -/* Start: bn_mp_dr_reduce.c */ - -/* reduce "x" in place modulo "n" using the Diminished Radix algorithm. - * - * Based on algorithm from the paper - * - * "Generating Efficient Primes for Discrete Log Cryptosystems" - * Chae Hoon Lim, Pil Joong Lee, - * POSTECH Information Research Laboratories - * - * The modulus must be of a special format [see manual] - * - * Has been modified to use algorithm 7.10 from the LTM book instead - * - * Input x must be in the range 0 <= x <= (n-1)**2 - */ -int mp_dr_reduce(mp_int *x, const mp_int *n, mp_digit k) -{ - int err, i, m; - mp_word r; - mp_digit mu, *tmpx1, *tmpx2; - - /* m = digits in modulus */ - m = n->used; - - /* ensure that "x" has at least 2m digits */ - if (x->alloc < (m + m)) { - if ((err = mp_grow(x, m + m)) != MP_OKAY) { - return err; - } - } - - /* top of loop, this is where the code resumes if - * another reduction pass is required. - */ -top: - /* aliases for digits */ - /* alias for lower half of x */ - tmpx1 = x->dp; - - /* alias for upper half of x, or x/B**m */ - tmpx2 = x->dp + m; - - /* set carry to zero */ - mu = 0; - - /* compute (x mod B**m) + k * [x/B**m] inline and inplace */ - for (i = 0; i < m; i++) { - r = ((mp_word)*tmpx2++ * (mp_word)k) + *tmpx1 + mu; - *tmpx1++ = (mp_digit)(r & MP_MASK); - mu = (mp_digit)(r >> ((mp_word)DIGIT_BIT)); - } - - /* set final carry */ - *tmpx1++ = mu; - - /* zero words above m */ - for (i = m + 1; i < x->used; i++) { - *tmpx1++ = 0; - } - - /* clamp, sub and return */ - mp_clamp(x); - - /* if x >= n then subtract and reduce again - * Each successive "recursion" makes the input smaller and smaller. - */ - if (mp_cmp_mag(x, n) != MP_LT) { - if ((err = s_mp_sub(x, n, x)) != MP_OKAY) { - return err; - } - goto top; - } - return MP_OKAY; -} - -/* End: bn_mp_dr_reduce.c */ - -/* Start: bn_mp_dr_setup.c */ -#include "tommath_private.h" - -/* determines the setup value */ -void mp_dr_setup(const mp_int *a, mp_digit *d) -{ - /* the casts are required if DIGIT_BIT is one less than - * the number of bits in a mp_digit [e.g. DIGIT_BIT==31] - */ - *d = (mp_digit)(((mp_word)1 << (mp_word)DIGIT_BIT) - (mp_word)a->dp[0]); -} - -/* End: bn_mp_dr_setup.c */ - -/* Start: bn_mp_exch.c */ - -/* swap the elements of two integers, for cases where you can't simply swap the - * mp_int pointers around - */ -void mp_exch(mp_int *a, mp_int *b) -{ - mp_int t; - - t = *a; - *a = *b; - *b = t; -} - -/* End: bn_mp_exch.c */ - -/* Start: bn_mp_export.c */ - -/* based on gmp's mpz_export. - * see http://gmplib.org/manual/Integer-Import-and-Export.html - */ -int mp_export(void *rop, size_t *countp, int order, size_t size, - int endian, size_t nails, const mp_int *op) -{ - int result; - size_t odd_nails, nail_bytes, i, j, bits, count; - unsigned char odd_nail_mask; - - mp_int t; - - if ((result = mp_init_copy(&t, op)) != MP_OKAY) { - return result; - } - - if (endian == 0) { - union { - unsigned int i; - char c[4]; - } lint; - lint.i = 0x01020304; - - endian = (lint.c[0] == '\x04') ? -1 : 1; - } - - odd_nails = (nails % 8u); - odd_nail_mask = 0xff; - for (i = 0; i < odd_nails; ++i) { - odd_nail_mask ^= (unsigned char)(1u << (7u - i)); - } - nail_bytes = nails / 8u; - - bits = (size_t)mp_count_bits(&t); - count = (bits / ((size * 8u) - nails)) + (((bits % ((size * 8u) - nails)) != 0u) ? 1u : 0u); - - for (i = 0; i < count; ++i) { - for (j = 0; j < size; ++j) { - unsigned char *byte = (unsigned char *)rop + - (((order == -1) ? i : ((count - 1u) - i)) * size) + - ((endian == -1) ? j : ((size - 1u) - j)); - - if (j >= (size - nail_bytes)) { - *byte = 0; - continue; - } - - *byte = (unsigned char)((j == ((size - nail_bytes) - 1u)) ? (t.dp[0] & odd_nail_mask) : (t.dp[0] & 0xFFuL)); - - if ((result = mp_div_2d(&t, (j == ((size - nail_bytes) - 1u)) ? (int)(8u - odd_nails) : 8, &t, NULL)) != MP_OKAY) { - mp_clear(&t); - return result; - } - } - } - - mp_clear(&t); - - if (countp != NULL) { - *countp = count; - } - - return MP_OKAY; -} - -/* End: bn_mp_export.c */ - -/* Start: bn_mp_expt_d.c */ - -/* wrapper function for mp_expt_d_ex() */ -int mp_expt_d(const mp_int *a, mp_digit b, mp_int *c) -{ - return mp_expt_d_ex(a, b, c, 0); -} - -/* End: bn_mp_expt_d.c */ - -/* Start: bn_mp_expt_d_ex.c */ - -/* calculate c = a**b using a square-multiply algorithm */ -int mp_expt_d_ex(const mp_int *a, mp_digit b, mp_int *c, int fast) -{ - int res; - unsigned int x; - - mp_int g; - - if ((res = mp_init_copy(&g, a)) != MP_OKAY) { - return res; - } - - /* set initial result */ - mp_set(c, 1uL); - - if (fast != 0) { - while (b > 0u) { - /* if the bit is set multiply */ - if ((b & 1u) != 0u) { - if ((res = mp_mul(c, &g, c)) != MP_OKAY) { - mp_clear(&g); - return res; - } - } - - /* square */ - if (b > 1u) { - if ((res = mp_sqr(&g, &g)) != MP_OKAY) { - mp_clear(&g); - return res; - } - } - - /* shift to next bit */ - b >>= 1; - } - } else { - for (x = 0; x < (unsigned)DIGIT_BIT; x++) { - /* square */ - if ((res = mp_sqr(c, c)) != MP_OKAY) { - mp_clear(&g); - return res; - } - - /* if the bit is set multiply */ - if ((b & ((mp_digit)1 << (DIGIT_BIT - 1))) != 0u) { - if ((res = mp_mul(c, &g, c)) != MP_OKAY) { - mp_clear(&g); - return res; - } - } - - /* shift to next bit */ - b <<= 1; - } - } /* if ... else */ - - mp_clear(&g); - return MP_OKAY; -} - -/* End: bn_mp_expt_d_ex.c */ - -/* Start: bn_mp_exptmod.c */ - -/* this is a shell function that calls either the normal or Montgomery - * exptmod functions. Originally the call to the montgomery code was - * embedded in the normal function but that wasted alot of stack space - * for nothing (since 99% of the time the Montgomery code would be called) - */ -int mp_exptmod(const mp_int *G, const mp_int *X, const mp_int *P, mp_int *Y) -{ - int dr; - - /* modulus P must be positive */ - if (P->sign == MP_NEG) { - return MP_VAL; - } - - /* if exponent X is negative we have to recurse */ - if (X->sign == MP_NEG) { - mp_int tmpG, tmpX; - int err; - - /* first compute 1/G mod P */ - if ((err = mp_init(&tmpG)) != MP_OKAY) { - return err; - } - if ((err = mp_invmod(G, P, &tmpG)) != MP_OKAY) { - mp_clear(&tmpG); - return err; - } - - /* now get |X| */ - if ((err = mp_init(&tmpX)) != MP_OKAY) { - mp_clear(&tmpG); - return err; - } - if ((err = mp_abs(X, &tmpX)) != MP_OKAY) { - mp_clear_multi(&tmpG, &tmpX, NULL); - return err; - } - - /* and now compute (1/G)**|X| instead of G**X [X < 0] */ - err = mp_exptmod(&tmpG, &tmpX, P, Y); - mp_clear_multi(&tmpG, &tmpX, NULL); - return err; - } - - /* modified diminished radix reduction */ - if (mp_reduce_is_2k_l(P) == MP_YES) { - return s_mp_exptmod(G, X, P, Y, 1); - } - - /* is it a DR modulus? */ - dr = mp_dr_is_modulus(P); - - /* if not, is it a unrestricted DR modulus? */ - if (dr == 0) { - dr = mp_reduce_is_2k(P) << 1; - } - - /* if the modulus is odd or dr != 0 use the montgomery method */ - if ((mp_isodd(P) == MP_YES) || (dr != 0)) { - return mp_exptmod_fast(G, X, P, Y, dr); - } else { - /* otherwise use the generic Barrett reduction technique */ - return s_mp_exptmod(G, X, P, Y, 0); - } -} - -/* End: bn_mp_exptmod.c */ - -/* Start: bn_mp_exptmod_fast.c */ - -/* computes Y == G**X mod P, HAC pp.616, Algorithm 14.85 - * - * Uses a left-to-right k-ary sliding window to compute the modular exponentiation. - * The value of k changes based on the size of the exponent. - * - * Uses Montgomery or Diminished Radix reduction [whichever appropriate] - */ - -#ifdef MP_LOW_MEM -# define TAB_SIZE 32 -#else -# define TAB_SIZE 256 -#endif - -int mp_exptmod_fast(const mp_int *G, const mp_int *X, const mp_int *P, mp_int *Y, int redmode) -{ - mp_int M[TAB_SIZE], res; - mp_digit buf, mp; - int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; - - /* use a pointer to the reduction algorithm. This allows us to use - * one of many reduction algorithms without modding the guts of - * the code with if statements everywhere. - */ - int (*redux)(mp_int *x, const mp_int *n, mp_digit rho); - - /* find window size */ - x = mp_count_bits(X); - if (x <= 7) { - winsize = 2; - } else if (x <= 36) { - winsize = 3; - } else if (x <= 140) { - winsize = 4; - } else if (x <= 450) { - winsize = 5; - } else if (x <= 1303) { - winsize = 6; - } else if (x <= 3529) { - winsize = 7; - } else { - winsize = 8; - } - -#ifdef MP_LOW_MEM - if (winsize > 5) { - winsize = 5; - } -#endif - - /* init M array */ - /* init first cell */ - if ((err = mp_init_size(&M[1], P->alloc)) != MP_OKAY) { - return err; - } - - /* now init the second half of the array */ - for (x = 1<<(winsize-1); x < (1 << winsize); x++) { - if ((err = mp_init_size(&M[x], P->alloc)) != MP_OKAY) { - for (y = 1<<(winsize-1); y < x; y++) { - mp_clear(&M[y]); - } - mp_clear(&M[1]); - return err; - } - } - - /* determine and setup reduction code */ - if (redmode == 0) { - /* now setup montgomery */ - if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) { - goto LBL_M; - } - - /* automatically pick the comba one if available (saves quite a few calls/ifs) */ - if ((((P->used * 2) + 1) < (int)MP_WARRAY) && - (P->used < (1 << ((CHAR_BIT * sizeof(mp_word)) - (2 * DIGIT_BIT))))) { - redux = fast_mp_montgomery_reduce; - } else - { - /* use slower baseline Montgomery method */ - redux = mp_montgomery_reduce; - } - } else if (redmode == 1) { - /* setup DR reduction for moduli of the form B**k - b */ - mp_dr_setup(P, &mp); - redux = mp_dr_reduce; - } else { - /* setup DR reduction for moduli of the form 2**k - b */ - if ((err = mp_reduce_2k_setup(P, &mp)) != MP_OKAY) { - goto LBL_M; - } - redux = mp_reduce_2k; - } - - /* setup result */ - if ((err = mp_init_size(&res, P->alloc)) != MP_OKAY) { - goto LBL_M; - } - - /* create M table - * - - * - * The first half of the table is not computed though accept for M[0] and M[1] - */ - - if (redmode == 0) { - /* now we need R mod m */ - if ((err = mp_montgomery_calc_normalization(&res, P)) != MP_OKAY) { - goto LBL_RES; - } - - /* now set M[1] to G * R mod m */ - if ((err = mp_mulmod(G, &res, P, &M[1])) != MP_OKAY) { - goto LBL_RES; - } - } else { - mp_set(&res, 1uL); - if ((err = mp_mod(G, P, &M[1])) != MP_OKAY) { - goto LBL_RES; - } - } - - /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times */ - if ((err = mp_copy(&M[1], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) { - goto LBL_RES; - } - - for (x = 0; x < (winsize - 1); x++) { - if ((err = mp_sqr(&M[(size_t)1 << (winsize - 1)], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&M[(size_t)1 << (winsize - 1)], P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - - /* create upper table */ - for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { - if ((err = mp_mul(&M[x - 1], &M[1], &M[x])) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&M[x], P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - - /* set initial mode and bit cnt */ - mode = 0; - bitcnt = 1; - buf = 0; - digidx = X->used - 1; - bitcpy = 0; - bitbuf = 0; - - for (;;) { - /* grab next digit as required */ - if (--bitcnt == 0) { - /* if digidx == -1 we are out of digits so break */ - if (digidx == -1) { - break; - } - /* read next digit and reset bitcnt */ - buf = X->dp[digidx--]; - bitcnt = (int)DIGIT_BIT; - } - - /* grab the next msb from the exponent */ - y = (mp_digit)(buf >> (DIGIT_BIT - 1)) & 1; - buf <<= (mp_digit)1; - - /* if the bit is zero and mode == 0 then we ignore it - * These represent the leading zero bits before the first 1 bit - * in the exponent. Technically this opt is not required but it - * does lower the # of trivial squaring/reductions used - */ - if ((mode == 0) && (y == 0)) { - continue; - } - - /* if the bit is zero and mode == 1 then we square */ - if ((mode == 1) && (y == 0)) { - if ((err = mp_sqr(&res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - continue; - } - - /* else we add it to the window */ - bitbuf |= (y << (winsize - ++bitcpy)); - mode = 2; - - if (bitcpy == winsize) { - /* ok window is filled so square as required and multiply */ - /* square first */ - for (x = 0; x < winsize; x++) { - if ((err = mp_sqr(&res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - - /* then multiply */ - if ((err = mp_mul(&res, &M[bitbuf], &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - - /* empty window and reset */ - bitcpy = 0; - bitbuf = 0; - mode = 1; - } - } - - /* if bits remain then square/multiply */ - if ((mode == 2) && (bitcpy > 0)) { - /* square then multiply if the bit is set */ - for (x = 0; x < bitcpy; x++) { - if ((err = mp_sqr(&res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - - /* get next bit of the window */ - bitbuf <<= 1; - if ((bitbuf & (1 << winsize)) != 0) { - /* then multiply */ - if ((err = mp_mul(&res, &M[1], &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - } - } - - if (redmode == 0) { - /* fixup result if Montgomery reduction is used - * recall that any value in a Montgomery system is - * actually multiplied by R mod n. So we have - * to reduce one more time to cancel out the factor - * of R. - */ - if ((err = redux(&res, P, mp)) != MP_OKAY) { - goto LBL_RES; - } - } - - /* swap res with Y */ - mp_exch(&res, Y); - err = MP_OKAY; -LBL_RES: - mp_clear(&res); -LBL_M: - mp_clear(&M[1]); - for (x = 1<<(winsize-1); x < (1 << winsize); x++) { - mp_clear(&M[x]); - } - return err; -} - -/* End: bn_mp_exptmod_fast.c */ - -/* Start: bn_mp_exteuclid.c */ - -/* Extended euclidean algorithm of (a, b) produces - a*u1 + b*u2 = u3 - */ -int mp_exteuclid(const mp_int *a, const mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3) -{ - mp_int u1, u2, u3, v1, v2, v3, t1, t2, t3, q, tmp; - int err; - - if ((err = mp_init_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL)) != MP_OKAY) { - return err; - } - - /* initialize, (u1,u2,u3) = (1,0,a) */ - mp_set(&u1, 1uL); - if ((err = mp_copy(a, &u3)) != MP_OKAY) { - goto LBL_ERR; - } - - /* initialize, (v1,v2,v3) = (0,1,b) */ - mp_set(&v2, 1uL); - if ((err = mp_copy(b, &v3)) != MP_OKAY) { - goto LBL_ERR; - } - - /* loop while v3 != 0 */ - while (mp_iszero(&v3) == MP_NO) { - /* q = u3/v3 */ - if ((err = mp_div(&u3, &v3, &q, NULL)) != MP_OKAY) { - goto LBL_ERR; - } - - /* (t1,t2,t3) = (u1,u2,u3) - (v1,v2,v3)q */ - if ((err = mp_mul(&v1, &q, &tmp)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_sub(&u1, &tmp, &t1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_mul(&v2, &q, &tmp)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_sub(&u2, &tmp, &t2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_mul(&v3, &q, &tmp)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_sub(&u3, &tmp, &t3)) != MP_OKAY) { - goto LBL_ERR; - } - - /* (u1,u2,u3) = (v1,v2,v3) */ - if ((err = mp_copy(&v1, &u1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_copy(&v2, &u2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_copy(&v3, &u3)) != MP_OKAY) { - goto LBL_ERR; - } - - /* (v1,v2,v3) = (t1,t2,t3) */ - if ((err = mp_copy(&t1, &v1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_copy(&t2, &v2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_copy(&t3, &v3)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* make sure U3 >= 0 */ - if (u3.sign == MP_NEG) { - if ((err = mp_neg(&u1, &u1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_neg(&u2, &u2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((err = mp_neg(&u3, &u3)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* copy result out */ - if (U1 != NULL) { - mp_exch(U1, &u1); - } - if (U2 != NULL) { - mp_exch(U2, &u2); - } - if (U3 != NULL) { - mp_exch(U3, &u3); - } - - err = MP_OKAY; -LBL_ERR: - mp_clear_multi(&u1, &u2, &u3, &v1, &v2, &v3, &t1, &t2, &t3, &q, &tmp, NULL); - return err; -} - -/* End: bn_mp_exteuclid.c */ - -/* Start: bn_mp_gcd.c */ - -/* Greatest Common Divisor using the binary method */ -int mp_gcd(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_int u, v; - int k, u_lsb, v_lsb, res; - - /* either zero than gcd is the largest */ - if (mp_iszero(a) == MP_YES) { - return mp_abs(b, c); - } - if (mp_iszero(b) == MP_YES) { - return mp_abs(a, c); - } - - /* get copies of a and b we can modify */ - if ((res = mp_init_copy(&u, a)) != MP_OKAY) { - return res; - } - - if ((res = mp_init_copy(&v, b)) != MP_OKAY) { - goto LBL_U; - } - - /* must be positive for the remainder of the algorithm */ - u.sign = v.sign = MP_ZPOS; - - /* B1. Find the common power of two for u and v */ - u_lsb = mp_cnt_lsb(&u); - v_lsb = mp_cnt_lsb(&v); - k = MIN(u_lsb, v_lsb); - - if (k > 0) { - /* divide the power of two out */ - if ((res = mp_div_2d(&u, k, &u, NULL)) != MP_OKAY) { - goto LBL_V; - } - - if ((res = mp_div_2d(&v, k, &v, NULL)) != MP_OKAY) { - goto LBL_V; - } - } - - /* divide any remaining factors of two out */ - if (u_lsb != k) { - if ((res = mp_div_2d(&u, u_lsb - k, &u, NULL)) != MP_OKAY) { - goto LBL_V; - } - } - - if (v_lsb != k) { - if ((res = mp_div_2d(&v, v_lsb - k, &v, NULL)) != MP_OKAY) { - goto LBL_V; - } - } - - while (mp_iszero(&v) == MP_NO) { - /* make sure v is the largest */ - if (mp_cmp_mag(&u, &v) == MP_GT) { - /* swap u and v to make sure v is >= u */ - mp_exch(&u, &v); - } - - /* subtract smallest from largest */ - if ((res = s_mp_sub(&v, &u, &v)) != MP_OKAY) { - goto LBL_V; - } - - /* Divide out all factors of two */ - if ((res = mp_div_2d(&v, mp_cnt_lsb(&v), &v, NULL)) != MP_OKAY) { - goto LBL_V; - } - } - - /* multiply by 2**k which we divided out at the beginning */ - if ((res = mp_mul_2d(&u, k, c)) != MP_OKAY) { - goto LBL_V; - } - c->sign = MP_ZPOS; - res = MP_OKAY; -LBL_V: - mp_clear(&u); -LBL_U: - mp_clear(&v); - return res; -} - -/* End: bn_mp_gcd.c */ - -/* Start: bn_mp_get_bit.c */ - -/* Checks the bit at position b and returns MP_YES - if the bit is 1, MP_NO if it is 0 and MP_VAL - in case of error */ -int mp_get_bit(const mp_int *a, int b) -{ - int limb; - mp_digit bit, isset; - - if (b < 0) { - return MP_VAL; - } - - limb = b / DIGIT_BIT; - - /* - * Zero is a special value with the member "used" set to zero. - * Needs to be tested before the check for the upper boundary - * otherwise (limb >= a->used) would be true for a = 0 - */ - - if (mp_iszero(a) != MP_NO) { - return MP_NO; - } - - if (limb >= a->used) { - return MP_VAL; - } - - bit = (mp_digit)(1) << (b % DIGIT_BIT); - - isset = a->dp[limb] & bit; - return (isset != 0u) ? MP_YES : MP_NO; -} - -/* End: bn_mp_get_bit.c */ - -/* Start: bn_mp_get_double.c */ - -double mp_get_double(const mp_int *a) -{ - int i; - double d = 0.0, fac = 1.0; - for (i = 0; i < DIGIT_BIT; ++i) { - fac *= 2.0; - } - for (i = USED(a); i --> 0;) { - d = (d * fac) + (double)DIGIT(a, i); - } - return (mp_isneg(a) != MP_NO) ? -d : d; -} - -/* End: bn_mp_get_double.c */ - -/* Start: bn_mp_get_int.c */ - -/* get the lower 32-bits of an mp_int */ -unsigned long mp_get_int(const mp_int *a) -{ - int i; - mp_min_u32 res; - - if (a->used == 0) { - return 0; - } - - /* get number of digits of the lsb we have to read */ - i = MIN(a->used, ((((int)sizeof(unsigned long) * CHAR_BIT) + DIGIT_BIT - 1) / DIGIT_BIT)) - 1; - - /* get most significant digit of result */ - res = DIGIT(a, i); - - while (--i >= 0) { - res = (res << DIGIT_BIT) | DIGIT(a, i); - } - - /* force result to 32-bits always so it is consistent on non 32-bit platforms */ - return res & 0xFFFFFFFFUL; -} - -/* End: bn_mp_get_int.c */ - -/* Start: bn_mp_get_long.c */ - -/* get the lower unsigned long of an mp_int, platform dependent */ -unsigned long mp_get_long(const mp_int *a) -{ - int i; - unsigned long res; - - if (a->used == 0) { - return 0; - } - - /* get number of digits of the lsb we have to read */ - i = MIN(a->used, ((((int)sizeof(unsigned long) * CHAR_BIT) + DIGIT_BIT - 1) / DIGIT_BIT)) - 1; - - /* get most significant digit of result */ - res = DIGIT(a, i); - -#if (ULONG_MAX != 0xffffffffuL) || (DIGIT_BIT < 32) - while (--i >= 0) { - res = (res << DIGIT_BIT) | DIGIT(a, i); - } -#endif - return res; -} - -/* End: bn_mp_get_long.c */ - -/* Start: bn_mp_get_long_long.c */ - -/* get the lower unsigned long long of an mp_int, platform dependent */ -unsigned long long mp_get_long_long(const mp_int *a) -{ - int i; - unsigned long long res; - - if (a->used == 0) { - return 0; - } - - /* get number of digits of the lsb we have to read */ - i = MIN(a->used, ((((int)sizeof(unsigned long long) * CHAR_BIT) + DIGIT_BIT - 1) / DIGIT_BIT)) - 1; - - /* get most significant digit of result */ - res = DIGIT(a, i); - -#if DIGIT_BIT < 64 - while (--i >= 0) { - res = (res << DIGIT_BIT) | DIGIT(a, i); - } -#endif - return res; -} - -/* End: bn_mp_get_long_long.c */ - -/* Start: bn_mp_grow.c */ - -/* grow as required */ -int mp_grow(mp_int *a, int size) -{ - int i; - mp_digit *tmp; - - /* if the alloc size is smaller alloc more ram */ - if (a->alloc < size) { - /* ensure there are always at least MP_PREC digits extra on top */ - size += (MP_PREC * 2) - (size % MP_PREC); - - /* reallocate the array a->dp - * - * We store the return in a temporary variable - * in case the operation failed we don't want - * to overwrite the dp member of a. - */ - tmp = OPT_CAST(mp_digit) XREALLOC(a->dp, sizeof(mp_digit) * (size_t)size); - if (tmp == NULL) { - /* reallocation failed but "a" is still valid [can be freed] */ - return MP_MEM; - } - - /* reallocation succeeded so set a->dp */ - a->dp = tmp; - - /* zero excess digits */ - i = a->alloc; - a->alloc = size; - for (; i < a->alloc; i++) { - a->dp[i] = 0; - } - } - return MP_OKAY; -} - -/* End: bn_mp_grow.c */ - -/* Start: bn_mp_import.c */ - -/* based on gmp's mpz_import. - * see http://gmplib.org/manual/Integer-Import-and-Export.html - */ -int mp_import(mp_int *rop, size_t count, int order, size_t size, - int endian, size_t nails, const void *op) -{ - int result; - size_t odd_nails, nail_bytes, i, j; - unsigned char odd_nail_mask; - - mp_zero(rop); - - if (endian == 0) { - union { - unsigned int i; - char c[4]; - } lint; - lint.i = 0x01020304; - - endian = (lint.c[0] == '\x04') ? -1 : 1; - } - - odd_nails = (nails % 8u); - odd_nail_mask = 0xff; - for (i = 0; i < odd_nails; ++i) { - odd_nail_mask ^= (unsigned char)(1u << (7u - i)); - } - nail_bytes = nails / 8u; - - for (i = 0; i < count; ++i) { - for (j = 0; j < (size - nail_bytes); ++j) { - unsigned char byte = *((unsigned char *)op + - (((order == 1) ? i : ((count - 1u) - i)) * size) + - ((endian == 1) ? (j + nail_bytes) : (((size - 1u) - j) - nail_bytes))); - - if ((result = mp_mul_2d(rop, (j == 0u) ? (int)(8u - odd_nails) : 8, rop)) != MP_OKAY) { - return result; - } - - rop->dp[0] |= (j == 0u) ? (mp_digit)(byte & odd_nail_mask) : (mp_digit)byte; - rop->used += 1; - } - } - - mp_clamp(rop); - - return MP_OKAY; -} - -/* End: bn_mp_import.c */ - -/* Start: bn_mp_init.c */ - -/* init a new mp_int */ -int mp_init(mp_int *a) -{ - int i; - - /* allocate memory required and clear it */ - a->dp = OPT_CAST(mp_digit) XMALLOC(sizeof(mp_digit) * (size_t)MP_PREC); - if (a->dp == NULL) { - return MP_MEM; - } - - /* set the digits to zero */ - for (i = 0; i < MP_PREC; i++) { - a->dp[i] = 0; - } - - /* set the used to zero, allocated digits to the default precision - * and sign to positive */ - a->used = 0; - a->alloc = MP_PREC; - a->sign = MP_ZPOS; - - return MP_OKAY; -} - -/* End: bn_mp_init.c */ - -/* Start: bn_mp_init_copy.c */ - -/* creates "a" then copies b into it */ -int mp_init_copy(mp_int *a, const mp_int *b) -{ - int res; - - if ((res = mp_init_size(a, b->used)) != MP_OKAY) { - return res; - } - - if ((res = mp_copy(b, a)) != MP_OKAY) { - mp_clear(a); - } - - return res; -} - -/* End: bn_mp_init_copy.c */ - -/* Start: bn_mp_init_multi.c */ - -int mp_init_multi(mp_int *mp, ...) -{ - mp_err res = MP_OKAY; /* Assume ok until proven otherwise */ - int n = 0; /* Number of ok inits */ - mp_int *cur_arg = mp; - va_list args; - - va_start(args, mp); /* init args to next argument from caller */ - while (cur_arg != NULL) { - if (mp_init(cur_arg) != MP_OKAY) { - /* Oops - error! Back-track and mp_clear what we already - succeeded in init-ing, then return error. - */ - va_list clean_args; - - /* now start cleaning up */ - cur_arg = mp; - va_start(clean_args, mp); - while (n-- != 0) { - mp_clear(cur_arg); - cur_arg = va_arg(clean_args, mp_int *); - } - va_end(clean_args); - res = MP_MEM; - break; - } - n++; - cur_arg = va_arg(args, mp_int *); - } - va_end(args); - return res; /* Assumed ok, if error flagged above. */ -} - -/* End: bn_mp_init_multi.c */ - -/* Start: bn_mp_init_set.c */ - -/* initialize and set a digit */ -int mp_init_set(mp_int *a, mp_digit b) -{ - int err; - if ((err = mp_init(a)) != MP_OKAY) { - return err; - } - mp_set(a, b); - return err; -} - -/* End: bn_mp_init_set.c */ - -/* Start: bn_mp_init_set_int.c */ - -/* initialize and set a digit */ -int mp_init_set_int(mp_int *a, unsigned long b) -{ - int err; - if ((err = mp_init(a)) != MP_OKAY) { - return err; - } - return mp_set_int(a, b); -} - -/* End: bn_mp_init_set_int.c */ - -/* Start: bn_mp_init_size.c */ - -/* init an mp_init for a given size */ -int mp_init_size(mp_int *a, int size) -{ - int x; - - /* pad size so there are always extra digits */ - size += (MP_PREC * 2) - (size % MP_PREC); - - /* alloc mem */ - a->dp = OPT_CAST(mp_digit) XMALLOC(sizeof(mp_digit) * (size_t)size); - if (a->dp == NULL) { - return MP_MEM; - } - - /* set the members */ - a->used = 0; - a->alloc = size; - a->sign = MP_ZPOS; - - /* zero the digits */ - for (x = 0; x < size; x++) { - a->dp[x] = 0; - } - - return MP_OKAY; -} - -/* End: bn_mp_init_size.c */ - -/* Start: bn_mp_invmod.c */ - -/* hac 14.61, pp608 */ -int mp_invmod(const mp_int *a, const mp_int *b, mp_int *c) -{ - /* b cannot be negative and has to be >1 */ - if ((b->sign == MP_NEG) || (mp_cmp_d(b, 1uL) != MP_GT)) { - return MP_VAL; - } - - /* if the modulus is odd we can use a faster routine instead */ - if ((mp_isodd(b) == MP_YES)) { - return fast_mp_invmod(a, b, c); - } - - return mp_invmod_slow(a, b, c); -} - -/* End: bn_mp_invmod.c */ - -/* Start: bn_mp_invmod_slow.c */ - -/* hac 14.61, pp608 */ -int mp_invmod_slow(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_int x, y, u, v, A, B, C, D; - int res; - - /* b cannot be negative */ - if ((b->sign == MP_NEG) || (mp_iszero(b) == MP_YES)) { - return MP_VAL; - } - - /* init temps */ - if ((res = mp_init_multi(&x, &y, &u, &v, - &A, &B, &C, &D, NULL)) != MP_OKAY) { - return res; - } - - /* x = a, y = b */ - if ((res = mp_mod(a, b, &x)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_copy(b, &y)) != MP_OKAY) { - goto LBL_ERR; - } - - /* 2. [modified] if x,y are both even then return an error! */ - if ((mp_iseven(&x) == MP_YES) && (mp_iseven(&y) == MP_YES)) { - res = MP_VAL; - goto LBL_ERR; - } - - /* 3. u=x, v=y, A=1, B=0, C=0,D=1 */ - if ((res = mp_copy(&x, &u)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_copy(&y, &v)) != MP_OKAY) { - goto LBL_ERR; - } - mp_set(&A, 1uL); - mp_set(&D, 1uL); - -top: - /* 4. while u is even do */ - while (mp_iseven(&u) == MP_YES) { - /* 4.1 u = u/2 */ - if ((res = mp_div_2(&u, &u)) != MP_OKAY) { - goto LBL_ERR; - } - /* 4.2 if A or B is odd then */ - if ((mp_isodd(&A) == MP_YES) || (mp_isodd(&B) == MP_YES)) { - /* A = (A+y)/2, B = (B-x)/2 */ - if ((res = mp_add(&A, &y, &A)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&B, &x, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* A = A/2, B = B/2 */ - if ((res = mp_div_2(&A, &A)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_div_2(&B, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* 5. while v is even do */ - while (mp_iseven(&v) == MP_YES) { - /* 5.1 v = v/2 */ - if ((res = mp_div_2(&v, &v)) != MP_OKAY) { - goto LBL_ERR; - } - /* 5.2 if C or D is odd then */ - if ((mp_isodd(&C) == MP_YES) || (mp_isodd(&D) == MP_YES)) { - /* C = (C+y)/2, D = (D-x)/2 */ - if ((res = mp_add(&C, &y, &C)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&D, &x, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - /* C = C/2, D = D/2 */ - if ((res = mp_div_2(&C, &C)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_div_2(&D, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* 6. if u >= v then */ - if (mp_cmp(&u, &v) != MP_LT) { - /* u = u - v, A = A - C, B = B - D */ - if ((res = mp_sub(&u, &v, &u)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&A, &C, &A)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&B, &D, &B)) != MP_OKAY) { - goto LBL_ERR; - } - } else { - /* v - v - u, C = C - A, D = D - B */ - if ((res = mp_sub(&v, &u, &v)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&C, &A, &C)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sub(&D, &B, &D)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* if not zero goto step 4 */ - if (mp_iszero(&u) == MP_NO) - goto top; - - /* now a = C, b = D, gcd == g*v */ - - /* if v != 1 then there is no inverse */ - if (mp_cmp_d(&v, 1uL) != MP_EQ) { - res = MP_VAL; - goto LBL_ERR; - } - - /* if its too low */ - while (mp_cmp_d(&C, 0uL) == MP_LT) { - if ((res = mp_add(&C, b, &C)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* too big */ - while (mp_cmp_mag(&C, b) != MP_LT) { - if ((res = mp_sub(&C, b, &C)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* C is now the inverse */ - mp_exch(&C, c); - res = MP_OKAY; -LBL_ERR: - mp_clear_multi(&x, &y, &u, &v, &A, &B, &C, &D, NULL); - return res; -} - -/* End: bn_mp_invmod_slow.c */ - -/* Start: bn_mp_is_square.c */ - -/* Check if remainders are possible squares - fast exclude non-squares */ -static const char rem_128[128] = { - 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, - 0, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, - 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, - 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, - 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, - 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, - 1, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, - 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1 -}; - -static const char rem_105[105] = { - 0, 0, 1, 1, 0, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, - 0, 0, 1, 1, 1, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, - 0, 1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1, - 1, 0, 1, 1, 0, 1, 0, 1, 1, 1, 1, 1, 1, 1, 1, - 0, 1, 1, 1, 0, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, - 1, 1, 1, 1, 0, 1, 0, 1, 1, 0, 0, 1, 1, 1, 1, - 1, 0, 1, 1, 1, 1, 1, 1, 1, 0, 0, 1, 1, 1, 1 -}; - -/* Store non-zero to ret if arg is square, and zero if not */ -int mp_is_square(const mp_int *arg, int *ret) -{ - int res; - mp_digit c; - mp_int t; - unsigned long r; - - /* Default to Non-square :) */ - *ret = MP_NO; - - if (arg->sign == MP_NEG) { - return MP_VAL; - } - - /* digits used? (TSD) */ - if (arg->used == 0) { - return MP_OKAY; - } - - /* First check mod 128 (suppose that DIGIT_BIT is at least 7) */ - if (rem_128[127u & DIGIT(arg, 0)] == (char)1) { - return MP_OKAY; - } - - /* Next check mod 105 (3*5*7) */ - if ((res = mp_mod_d(arg, 105uL, &c)) != MP_OKAY) { - return res; - } - if (rem_105[c] == (char)1) { - return MP_OKAY; - } - - - if ((res = mp_init_set_int(&t, 11L*13L*17L*19L*23L*29L*31L)) != MP_OKAY) { - return res; - } - if ((res = mp_mod(arg, &t, &t)) != MP_OKAY) { - goto LBL_ERR; - } - r = mp_get_int(&t); - /* Check for other prime modules, note it's not an ERROR but we must - * free "t" so the easiest way is to goto LBL_ERR. We know that res - * is already equal to MP_OKAY from the mp_mod call - */ - if (((1uL<<(r%11uL)) & 0x5C4uL) != 0uL) goto LBL_ERR; - if (((1uL<<(r%13uL)) & 0x9E4uL) != 0uL) goto LBL_ERR; - if (((1uL<<(r%17uL)) & 0x5CE8uL) != 0uL) goto LBL_ERR; - if (((1uL<<(r%19uL)) & 0x4F50CuL) != 0uL) goto LBL_ERR; - if (((1uL<<(r%23uL)) & 0x7ACCA0uL) != 0uL) goto LBL_ERR; - if (((1uL<<(r%29uL)) & 0xC2EDD0CuL) != 0uL) goto LBL_ERR; - if (((1uL<<(r%31uL)) & 0x6DE2B848uL) != 0uL) goto LBL_ERR; - - /* Final check - is sqr(sqrt(arg)) == arg ? */ - if ((res = mp_sqrt(arg, &t)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sqr(&t, &t)) != MP_OKAY) { - goto LBL_ERR; - } - - *ret = (mp_cmp_mag(&t, arg) == MP_EQ) ? MP_YES : MP_NO; -LBL_ERR: - mp_clear(&t); - return res; -} - -/* End: bn_mp_is_square.c */ - -/* Start: bn_mp_jacobi.c */ - -/* computes the jacobi c = (a | n) (or Legendre if n is prime) - * Kept for legacy reasons, please use mp_kronecker() instead - */ -int mp_jacobi(const mp_int *a, const mp_int *n, int *c) -{ - /* if a < 0 return MP_VAL */ - if (mp_isneg(a) == MP_YES) { - return MP_VAL; - } - - /* if n <= 0 return MP_VAL */ - if (mp_cmp_d(n, 0uL) != MP_GT) { - return MP_VAL; - } - - return mp_kronecker(a, n, c); -} - -/* End: bn_mp_jacobi.c */ - -/* Start: bn_mp_karatsuba_mul.c */ - -/* c = |a| * |b| using Karatsuba Multiplication using - * three half size multiplications - * - * Let B represent the radix [e.g. 2**DIGIT_BIT] and - * let n represent half of the number of digits in - * the min(a,b) - * - * a = a1 * B**n + a0 - * b = b1 * B**n + b0 - * - * Then, a * b => - a1b1 * B**2n + ((a1 + a0)(b1 + b0) - (a0b0 + a1b1)) * B + a0b0 - * - * Note that a1b1 and a0b0 are used twice and only need to be - * computed once. So in total three half size (half # of - * digit) multiplications are performed, a0b0, a1b1 and - * (a1+b1)(a0+b0) - * - * Note that a multiplication of half the digits requires - * 1/4th the number of single precision multiplications so in - * total after one call 25% of the single precision multiplications - * are saved. Note also that the call to mp_mul can end up back - * in this function if the a0, a1, b0, or b1 are above the threshold. - * This is known as divide-and-conquer and leads to the famous - * O(N**lg(3)) or O(N**1.584) work which is asymptopically lower than - * the standard O(N**2) that the baseline/comba methods use. - * Generally though the overhead of this method doesn't pay off - * until a certain size (N ~ 80) is reached. - */ -int mp_karatsuba_mul(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_int x0, x1, y0, y1, t1, x0y0, x1y1; - int B, err; - - /* default the return code to an error */ - err = MP_MEM; - - /* min # of digits */ - B = MIN(a->used, b->used); - - /* now divide in two */ - B = B >> 1; - - /* init copy all the temps */ - if (mp_init_size(&x0, B) != MP_OKAY) - goto LBL_ERR; - if (mp_init_size(&x1, a->used - B) != MP_OKAY) - goto X0; - if (mp_init_size(&y0, B) != MP_OKAY) - goto X1; - if (mp_init_size(&y1, b->used - B) != MP_OKAY) - goto Y0; - - /* init temps */ - if (mp_init_size(&t1, B * 2) != MP_OKAY) - goto Y1; - if (mp_init_size(&x0y0, B * 2) != MP_OKAY) - goto T1; - if (mp_init_size(&x1y1, B * 2) != MP_OKAY) - goto X0Y0; - - /* now shift the digits */ - x0.used = y0.used = B; - x1.used = a->used - B; - y1.used = b->used - B; - - { - int x; - mp_digit *tmpa, *tmpb, *tmpx, *tmpy; - - /* we copy the digits directly instead of using higher level functions - * since we also need to shift the digits - */ - tmpa = a->dp; - tmpb = b->dp; - - tmpx = x0.dp; - tmpy = y0.dp; - for (x = 0; x < B; x++) { - *tmpx++ = *tmpa++; - *tmpy++ = *tmpb++; - } - - tmpx = x1.dp; - for (x = B; x < a->used; x++) { - *tmpx++ = *tmpa++; - } - - tmpy = y1.dp; - for (x = B; x < b->used; x++) { - *tmpy++ = *tmpb++; - } - } - - /* only need to clamp the lower words since by definition the - * upper words x1/y1 must have a known number of digits - */ - mp_clamp(&x0); - mp_clamp(&y0); - - /* now calc the products x0y0 and x1y1 */ - /* after this x0 is no longer required, free temp [x0==t2]! */ - if (mp_mul(&x0, &y0, &x0y0) != MP_OKAY) - goto X1Y1; /* x0y0 = x0*y0 */ - if (mp_mul(&x1, &y1, &x1y1) != MP_OKAY) - goto X1Y1; /* x1y1 = x1*y1 */ - - /* now calc x1+x0 and y1+y0 */ - if (s_mp_add(&x1, &x0, &t1) != MP_OKAY) - goto X1Y1; /* t1 = x1 - x0 */ - if (s_mp_add(&y1, &y0, &x0) != MP_OKAY) - goto X1Y1; /* t2 = y1 - y0 */ - if (mp_mul(&t1, &x0, &t1) != MP_OKAY) - goto X1Y1; /* t1 = (x1 + x0) * (y1 + y0) */ - - /* add x0y0 */ - if (mp_add(&x0y0, &x1y1, &x0) != MP_OKAY) - goto X1Y1; /* t2 = x0y0 + x1y1 */ - if (s_mp_sub(&t1, &x0, &t1) != MP_OKAY) - goto X1Y1; /* t1 = (x1+x0)*(y1+y0) - (x1y1 + x0y0) */ - - /* shift by B */ - if (mp_lshd(&t1, B) != MP_OKAY) - goto X1Y1; /* t1 = (x0y0 + x1y1 - (x1-x0)*(y1-y0))<<B */ - if (mp_lshd(&x1y1, B * 2) != MP_OKAY) - goto X1Y1; /* x1y1 = x1y1 << 2*B */ - - if (mp_add(&x0y0, &t1, &t1) != MP_OKAY) - goto X1Y1; /* t1 = x0y0 + t1 */ - if (mp_add(&t1, &x1y1, c) != MP_OKAY) - goto X1Y1; /* t1 = x0y0 + t1 + x1y1 */ - - /* Algorithm succeeded set the return code to MP_OKAY */ - err = MP_OKAY; - -X1Y1: - mp_clear(&x1y1); -X0Y0: - mp_clear(&x0y0); -T1: - mp_clear(&t1); -Y1: - mp_clear(&y1); -Y0: - mp_clear(&y0); -X1: - mp_clear(&x1); -X0: - mp_clear(&x0); -LBL_ERR: - return err; -} - -/* End: bn_mp_karatsuba_mul.c */ - -/* Start: bn_mp_karatsuba_sqr.c */ - -/* Karatsuba squaring, computes b = a*a using three - * half size squarings - * - * See comments of karatsuba_mul for details. It - * is essentially the same algorithm but merely - * tuned to perform recursive squarings. - */ -int mp_karatsuba_sqr(const mp_int *a, mp_int *b) -{ - mp_int x0, x1, t1, t2, x0x0, x1x1; - int B, err; - - err = MP_MEM; - - /* min # of digits */ - B = a->used; - - /* now divide in two */ - B = B >> 1; - - /* init copy all the temps */ - if (mp_init_size(&x0, B) != MP_OKAY) - goto LBL_ERR; - if (mp_init_size(&x1, a->used - B) != MP_OKAY) - goto X0; - - /* init temps */ - if (mp_init_size(&t1, a->used * 2) != MP_OKAY) - goto X1; - if (mp_init_size(&t2, a->used * 2) != MP_OKAY) - goto T1; - if (mp_init_size(&x0x0, B * 2) != MP_OKAY) - goto T2; - if (mp_init_size(&x1x1, (a->used - B) * 2) != MP_OKAY) - goto X0X0; - - { - int x; - mp_digit *dst, *src; - - src = a->dp; - - /* now shift the digits */ - dst = x0.dp; - for (x = 0; x < B; x++) { - *dst++ = *src++; - } - - dst = x1.dp; - for (x = B; x < a->used; x++) { - *dst++ = *src++; - } - } - - x0.used = B; - x1.used = a->used - B; - - mp_clamp(&x0); - - /* now calc the products x0*x0 and x1*x1 */ - if (mp_sqr(&x0, &x0x0) != MP_OKAY) - goto X1X1; /* x0x0 = x0*x0 */ - if (mp_sqr(&x1, &x1x1) != MP_OKAY) - goto X1X1; /* x1x1 = x1*x1 */ - - /* now calc (x1+x0)**2 */ - if (s_mp_add(&x1, &x0, &t1) != MP_OKAY) - goto X1X1; /* t1 = x1 - x0 */ - if (mp_sqr(&t1, &t1) != MP_OKAY) - goto X1X1; /* t1 = (x1 - x0) * (x1 - x0) */ - - /* add x0y0 */ - if (s_mp_add(&x0x0, &x1x1, &t2) != MP_OKAY) - goto X1X1; /* t2 = x0x0 + x1x1 */ - if (s_mp_sub(&t1, &t2, &t1) != MP_OKAY) - goto X1X1; /* t1 = (x1+x0)**2 - (x0x0 + x1x1) */ - - /* shift by B */ - if (mp_lshd(&t1, B) != MP_OKAY) - goto X1X1; /* t1 = (x0x0 + x1x1 - (x1-x0)*(x1-x0))<<B */ - if (mp_lshd(&x1x1, B * 2) != MP_OKAY) - goto X1X1; /* x1x1 = x1x1 << 2*B */ - - if (mp_add(&x0x0, &t1, &t1) != MP_OKAY) - goto X1X1; /* t1 = x0x0 + t1 */ - if (mp_add(&t1, &x1x1, b) != MP_OKAY) - goto X1X1; /* t1 = x0x0 + t1 + x1x1 */ - - err = MP_OKAY; - -X1X1: - mp_clear(&x1x1); -X0X0: - mp_clear(&x0x0); -T2: - mp_clear(&t2); -T1: - mp_clear(&t1); -X1: - mp_clear(&x1); -X0: - mp_clear(&x0); -LBL_ERR: - return err; -} - -/* End: bn_mp_karatsuba_sqr.c */ - -/* Start: bn_mp_kronecker.c */ - -/* - Kronecker symbol (a|p) - Straightforward implementation of algorithm 1.4.10 in - Henri Cohen: "A Course in Computational Algebraic Number Theory" - - @book{cohen2013course, - title={A course in computational algebraic number theory}, - author={Cohen, Henri}, - volume={138}, - year={2013}, - publisher={Springer Science \& Business Media} - } - */ -int mp_kronecker(const mp_int *a, const mp_int *p, int *c) -{ - mp_int a1, p1, r; - - int e = MP_OKAY; - int v, k; - - static const int table[8] = {0, 1, 0, -1, 0, -1, 0, 1}; - - if (mp_iszero(p) != MP_NO) { - if ((a->used == 1) && (a->dp[0] == 1u)) { - *c = 1; - return e; - } else { - *c = 0; - return e; - } - } - - if ((mp_iseven(a) != MP_NO) && (mp_iseven(p) != MP_NO)) { - *c = 0; - return e; - } - - if ((e = mp_init_copy(&a1, a)) != MP_OKAY) { - return e; - } - if ((e = mp_init_copy(&p1, p)) != MP_OKAY) { - goto LBL_KRON_0; - } - - v = mp_cnt_lsb(&p1); - if ((e = mp_div_2d(&p1, v, &p1, NULL)) != MP_OKAY) { - goto LBL_KRON_1; - } - - if ((v & 0x1) == 0) { - k = 1; - } else { - k = table[a->dp[0] & 7u]; - } - - if (p1.sign == MP_NEG) { - p1.sign = MP_ZPOS; - if (a1.sign == MP_NEG) { - k = -k; - } - } - - if ((e = mp_init(&r)) != MP_OKAY) { - goto LBL_KRON_1; - } - - for (;;) { - if (mp_iszero(&a1) != MP_NO) { - if (mp_cmp_d(&p1, 1uL) == MP_EQ) { - *c = k; - goto LBL_KRON; - } else { - *c = 0; - goto LBL_KRON; - } - } - - v = mp_cnt_lsb(&a1); - if ((e = mp_div_2d(&a1, v, &a1, NULL)) != MP_OKAY) { - goto LBL_KRON; - } - - if ((v & 0x1) == 1) { - k = k * table[p1.dp[0] & 7u]; - } - - if (a1.sign == MP_NEG) { - /* - * Compute k = (-1)^((a1)*(p1-1)/4) * k - * a1.dp[0] + 1 cannot overflow because the MSB - * of the type mp_digit is not set by definition - */ - if (((a1.dp[0] + 1u) & p1.dp[0] & 2u) != 0u) { - k = -k; - } - } else { - /* compute k = (-1)^((a1-1)*(p1-1)/4) * k */ - if ((a1.dp[0] & p1.dp[0] & 2u) != 0u) { - k = -k; - } - } - - if ((e = mp_copy(&a1, &r)) != MP_OKAY) { - goto LBL_KRON; - } - r.sign = MP_ZPOS; - if ((e = mp_mod(&p1, &r, &a1)) != MP_OKAY) { - goto LBL_KRON; - } - if ((e = mp_copy(&r, &p1)) != MP_OKAY) { - goto LBL_KRON; - } - } - -LBL_KRON: - mp_clear(&r); -LBL_KRON_1: - mp_clear(&p1); -LBL_KRON_0: - mp_clear(&a1); - - return e; -} - -/* End: bn_mp_kronecker.c */ - -/* Start: bn_mp_lcm.c */ - -/* computes least common multiple as |a*b|/(a, b) */ -int mp_lcm(const mp_int *a, const mp_int *b, mp_int *c) -{ - int res; - mp_int t1, t2; - - - if ((res = mp_init_multi(&t1, &t2, NULL)) != MP_OKAY) { - return res; - } - - /* t1 = get the GCD of the two inputs */ - if ((res = mp_gcd(a, b, &t1)) != MP_OKAY) { - goto LBL_T; - } - - /* divide the smallest by the GCD */ - if (mp_cmp_mag(a, b) == MP_LT) { - /* store quotient in t2 such that t2 * b is the LCM */ - if ((res = mp_div(a, &t1, &t2, NULL)) != MP_OKAY) { - goto LBL_T; - } - res = mp_mul(b, &t2, c); - } else { - /* store quotient in t2 such that t2 * a is the LCM */ - if ((res = mp_div(b, &t1, &t2, NULL)) != MP_OKAY) { - goto LBL_T; - } - res = mp_mul(a, &t2, c); - } - - /* fix the sign to positive */ - c->sign = MP_ZPOS; - -LBL_T: - mp_clear_multi(&t1, &t2, NULL); - return res; -} - -/* End: bn_mp_lcm.c */ - -/* Start: bn_mp_lshd.c */ - -/* shift left a certain amount of digits */ -int mp_lshd(mp_int *a, int b) -{ - int x, res; - - /* if its less than zero return */ - if (b <= 0) { - return MP_OKAY; - } - /* no need to shift 0 around */ - if (mp_iszero(a) == MP_YES) { - return MP_OKAY; - } - - /* grow to fit the new digits */ - if (a->alloc < (a->used + b)) { - if ((res = mp_grow(a, a->used + b)) != MP_OKAY) { - return res; - } - } - - { - mp_digit *top, *bottom; - - /* increment the used by the shift amount then copy upwards */ - a->used += b; - - /* top */ - top = a->dp + a->used - 1; - - /* base */ - bottom = (a->dp + a->used - 1) - b; - - /* much like mp_rshd this is implemented using a sliding window - * except the window goes the otherway around. Copying from - * the bottom to the top. see bn_mp_rshd.c for more info. - */ - for (x = a->used - 1; x >= b; x--) { - *top-- = *bottom--; - } - - /* zero the lower digits */ - top = a->dp; - for (x = 0; x < b; x++) { - *top++ = 0; - } - } - return MP_OKAY; -} - -/* End: bn_mp_lshd.c */ - -/* Start: bn_mp_mod.c */ - -/* c = a mod b, 0 <= c < b if b > 0, b < c <= 0 if b < 0 */ -int mp_mod(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_int t; - int res; - - if ((res = mp_init_size(&t, b->used)) != MP_OKAY) { - return res; - } - - if ((res = mp_div(a, b, NULL, &t)) != MP_OKAY) { - mp_clear(&t); - return res; - } - - if ((mp_iszero(&t) != MP_NO) || (t.sign == b->sign)) { - res = MP_OKAY; - mp_exch(&t, c); - } else { - res = mp_add(b, &t, c); - } - - mp_clear(&t); - return res; -} - -/* End: bn_mp_mod.c */ - -/* Start: bn_mp_mod_2d.c */ - -/* calc a value mod 2**b */ -int mp_mod_2d(const mp_int *a, int b, mp_int *c) -{ - int x, res; - - /* if b is <= 0 then zero the int */ - if (b <= 0) { - mp_zero(c); - return MP_OKAY; - } - - /* if the modulus is larger than the value than return */ - if (b >= (a->used * DIGIT_BIT)) { - res = mp_copy(a, c); - return res; - } - - /* copy */ - if ((res = mp_copy(a, c)) != MP_OKAY) { - return res; - } - - /* zero digits above the last digit of the modulus */ - for (x = (b / DIGIT_BIT) + (((b % DIGIT_BIT) == 0) ? 0 : 1); x < c->used; x++) { - c->dp[x] = 0; - } - /* clear the digit that is not completely outside/inside the modulus */ - c->dp[b / DIGIT_BIT] &= - ((mp_digit)1 << (mp_digit)(b % DIGIT_BIT)) - (mp_digit)1; - mp_clamp(c); - return MP_OKAY; -} - -/* End: bn_mp_mod_2d.c */ - -/* Start: bn_mp_mod_d.c */ - -int mp_mod_d(const mp_int *a, mp_digit b, mp_digit *c) -{ - return mp_div_d(a, b, NULL, c); -} - -/* End: bn_mp_mod_d.c */ - -/* Start: bn_mp_montgomery_calc_normalization.c */ - -/* - * shifts with subtractions when the result is greater than b. - * - * The method is slightly modified to shift B unconditionally upto just under - * the leading bit of b. This saves alot of multiple precision shifting. - */ -int mp_montgomery_calc_normalization(mp_int *a, const mp_int *b) -{ - int x, bits, res; - - /* how many bits of last digit does b use */ - bits = mp_count_bits(b) % DIGIT_BIT; - - if (b->used > 1) { - if ((res = mp_2expt(a, ((b->used - 1) * DIGIT_BIT) + bits - 1)) != MP_OKAY) { - return res; - } - } else { - mp_set(a, 1uL); - bits = 1; - } - - - /* now compute C = A * B mod b */ - for (x = bits - 1; x < (int)DIGIT_BIT; x++) { - if ((res = mp_mul_2(a, a)) != MP_OKAY) { - return res; - } - if (mp_cmp_mag(a, b) != MP_LT) { - if ((res = s_mp_sub(a, b, a)) != MP_OKAY) { - return res; - } - } - } - - return MP_OKAY; -} - -/* End: bn_mp_montgomery_calc_normalization.c */ - -/* Start: bn_mp_montgomery_reduce.c */ - -/* computes xR**-1 == x (mod N) via Montgomery Reduction */ -int mp_montgomery_reduce(mp_int *x, const mp_int *n, mp_digit rho) -{ - int ix, res, digs; - mp_digit mu; - - /* can the fast reduction [comba] method be used? - * - * Note that unlike in mul you're safely allowed *less* - * than the available columns [255 per default] since carries - * are fixed up in the inner loop. - */ - digs = (n->used * 2) + 1; - if ((digs < (int)MP_WARRAY) && - (x->used <= (int)MP_WARRAY) && - (n->used < - (int)(1u << (((size_t)CHAR_BIT * sizeof(mp_word)) - (2u * (size_t)DIGIT_BIT))))) { - return fast_mp_montgomery_reduce(x, n, rho); - } - - /* grow the input as required */ - if (x->alloc < digs) { - if ((res = mp_grow(x, digs)) != MP_OKAY) { - return res; - } - } - x->used = digs; - - for (ix = 0; ix < n->used; ix++) { - /* mu = ai * rho mod b - * - * The value of rho must be precalculated via - * montgomery_setup() such that - * it equals -1/n0 mod b this allows the - * following inner loop to reduce the - * input one digit at a time - */ - mu = (mp_digit)(((mp_word)x->dp[ix] * (mp_word)rho) & MP_MASK); - - /* a = a + mu * m * b**i */ - { - int iy; - mp_digit *tmpn, *tmpx, u; - mp_word r; - - /* alias for digits of the modulus */ - tmpn = n->dp; - - /* alias for the digits of x [the input] */ - tmpx = x->dp + ix; - - /* set the carry to zero */ - u = 0; - - /* Multiply and add in place */ - for (iy = 0; iy < n->used; iy++) { - /* compute product and sum */ - r = ((mp_word)mu * (mp_word)*tmpn++) + - (mp_word)u + (mp_word)*tmpx; - - /* get carry */ - u = (mp_digit)(r >> (mp_word)DIGIT_BIT); - - /* fix digit */ - *tmpx++ = (mp_digit)(r & (mp_word)MP_MASK); - } - /* At this point the ix'th digit of x should be zero */ - - - /* propagate carries upwards as required*/ - while (u != 0u) { - *tmpx += u; - u = *tmpx >> DIGIT_BIT; - *tmpx++ &= MP_MASK; - } - } - } - - /* at this point the n.used'th least - * significant digits of x are all zero - * which means we can shift x to the - * right by n.used digits and the - * residue is unchanged. - */ - - /* x = x/b**n.used */ - mp_clamp(x); - mp_rshd(x, n->used); - - /* if x >= n then x = x - n */ - if (mp_cmp_mag(x, n) != MP_LT) { - return s_mp_sub(x, n, x); - } - - return MP_OKAY; -} - -/* End: bn_mp_montgomery_reduce.c */ - -/* Start: bn_mp_montgomery_setup.c */ - -/* setups the montgomery reduction stuff */ -int mp_montgomery_setup(const mp_int *n, mp_digit *rho) -{ - mp_digit x, b; - - /* fast inversion mod 2**k - * - * Based on the fact that - * - * XA = 1 (mod 2**n) => (X(2-XA)) A = 1 (mod 2**2n) - * => 2*X*A - X*X*A*A = 1 - * => 2*(1) - (1) = 1 - */ - b = n->dp[0]; - - if ((b & 1u) == 0u) { - return MP_VAL; - } - - x = (((b + 2u) & 4u) << 1) + b; /* here x*a==1 mod 2**4 */ - x *= 2u - (b * x); /* here x*a==1 mod 2**8 */ -#if !defined(MP_8BIT) - x *= 2u - (b * x); /* here x*a==1 mod 2**16 */ -#endif -#if defined(MP_64BIT) || !(defined(MP_8BIT) || defined(MP_16BIT)) - x *= 2u - (b * x); /* here x*a==1 mod 2**32 */ -#endif -#ifdef MP_64BIT - x *= 2u - (b * x); /* here x*a==1 mod 2**64 */ -#endif - - /* rho = -1/m mod b */ - *rho = (mp_digit)(((mp_word)1 << (mp_word)DIGIT_BIT) - x) & MP_MASK; - - return MP_OKAY; -} - -/* End: bn_mp_montgomery_setup.c */ - -/* Start: bn_mp_mul.c */ - -/* high level multiplication (handles sign) */ -int mp_mul(const mp_int *a, const mp_int *b, mp_int *c) -{ - int res, neg; - neg = (a->sign == b->sign) ? MP_ZPOS : MP_NEG; - - /* use Toom-Cook? */ - if (MIN(a->used, b->used) >= TOOM_MUL_CUTOFF) { - res = mp_toom_mul(a, b, c); - } else - /* use Karatsuba? */ - if (MIN(a->used, b->used) >= KARATSUBA_MUL_CUTOFF) { - res = mp_karatsuba_mul(a, b, c); - } else - { - /* can we use the fast multiplier? - * - * The fast multiplier can be used if the output will - * have less than MP_WARRAY digits and the number of - * digits won't affect carry propagation - */ - int digs = a->used + b->used + 1; - - if ((digs < (int)MP_WARRAY) && - (MIN(a->used, b->used) <= - (int)(1u << (((size_t)CHAR_BIT * sizeof(mp_word)) - (2u * (size_t)DIGIT_BIT))))) { - res = fast_s_mp_mul_digs(a, b, c, digs); - } else - { - res = s_mp_mul(a, b, c); /* uses s_mp_mul_digs */ - } - } - c->sign = (c->used > 0) ? neg : MP_ZPOS; - return res; -} - -/* End: bn_mp_mul.c */ - -/* Start: bn_mp_mul_2.c */ - -/* b = a*2 */ -int mp_mul_2(const mp_int *a, mp_int *b) -{ - int x, res, oldused; - - /* grow to accomodate result */ - if (b->alloc < (a->used + 1)) { - if ((res = mp_grow(b, a->used + 1)) != MP_OKAY) { - return res; - } - } - - oldused = b->used; - b->used = a->used; - - { - mp_digit r, rr, *tmpa, *tmpb; - - /* alias for source */ - tmpa = a->dp; - - /* alias for dest */ - tmpb = b->dp; - - /* carry */ - r = 0; - for (x = 0; x < a->used; x++) { - - /* get what will be the *next* carry bit from the - * MSB of the current digit - */ - rr = *tmpa >> (mp_digit)(DIGIT_BIT - 1); - - /* now shift up this digit, add in the carry [from the previous] */ - *tmpb++ = ((*tmpa++ << 1uL) | r) & MP_MASK; - - /* copy the carry that would be from the source - * digit into the next iteration - */ - r = rr; - } - - /* new leading digit? */ - if (r != 0u) { - /* add a MSB which is always 1 at this point */ - *tmpb = 1; - ++(b->used); - } - - /* now zero any excess digits on the destination - * that we didn't write to - */ - tmpb = b->dp + b->used; - for (x = b->used; x < oldused; x++) { - *tmpb++ = 0; - } - } - b->sign = a->sign; - return MP_OKAY; -} - -/* End: bn_mp_mul_2.c */ - -/* Start: bn_mp_mul_2d.c */ - -/* shift left by a certain bit count */ -int mp_mul_2d(const mp_int *a, int b, mp_int *c) -{ - mp_digit d; - int res; - - /* copy */ - if (a != c) { - if ((res = mp_copy(a, c)) != MP_OKAY) { - return res; - } - } - - if (c->alloc < (c->used + (b / DIGIT_BIT) + 1)) { - if ((res = mp_grow(c, c->used + (b / DIGIT_BIT) + 1)) != MP_OKAY) { - return res; - } - } - - /* shift by as many digits in the bit count */ - if (b >= DIGIT_BIT) { - if ((res = mp_lshd(c, b / DIGIT_BIT)) != MP_OKAY) { - return res; - } - } - - /* shift any bit count < DIGIT_BIT */ - d = (mp_digit)(b % DIGIT_BIT); - if (d != 0u) { - mp_digit *tmpc, shift, mask, r, rr; - int x; - - /* bitmask for carries */ - mask = ((mp_digit)1 << d) - (mp_digit)1; - - /* shift for msbs */ - shift = (mp_digit)DIGIT_BIT - d; - - /* alias */ - tmpc = c->dp; - - /* carry */ - r = 0; - for (x = 0; x < c->used; x++) { - /* get the higher bits of the current word */ - rr = (*tmpc >> shift) & mask; - - /* shift the current word and OR in the carry */ - *tmpc = ((*tmpc << d) | r) & MP_MASK; - ++tmpc; - - /* set the carry to the carry bits of the current word */ - r = rr; - } - - /* set final carry */ - if (r != 0u) { - c->dp[(c->used)++] = r; - } - } - mp_clamp(c); - return MP_OKAY; -} - -/* End: bn_mp_mul_2d.c */ - -/* Start: bn_mp_mul_d.c */ - -/* multiply by a digit */ -int mp_mul_d(const mp_int *a, mp_digit b, mp_int *c) -{ - mp_digit u, *tmpa, *tmpc; - mp_word r; - int ix, res, olduse; - - /* make sure c is big enough to hold a*b */ - if (c->alloc < (a->used + 1)) { - if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) { - return res; - } - } - - /* get the original destinations used count */ - olduse = c->used; - - /* set the sign */ - c->sign = a->sign; - - /* alias for a->dp [source] */ - tmpa = a->dp; - - /* alias for c->dp [dest] */ - tmpc = c->dp; - - /* zero carry */ - u = 0; - - /* compute columns */ - for (ix = 0; ix < a->used; ix++) { - /* compute product and carry sum for this term */ - r = (mp_word)u + ((mp_word)*tmpa++ * (mp_word)b); - - /* mask off higher bits to get a single digit */ - *tmpc++ = (mp_digit)(r & (mp_word)MP_MASK); - - /* send carry into next iteration */ - u = (mp_digit)(r >> (mp_word)DIGIT_BIT); - } - - /* store final carry [if any] and increment ix offset */ - *tmpc++ = u; - ++ix; - - /* now zero digits above the top */ - while (ix++ < olduse) { - *tmpc++ = 0; - } - - /* set used count */ - c->used = a->used + 1; - mp_clamp(c); - - return MP_OKAY; -} - -/* End: bn_mp_mul_d.c */ - -/* Start: bn_mp_mulmod.c */ - -/* d = a * b (mod c) */ -int mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *c, mp_int *d) -{ - int res; - mp_int t; - - if ((res = mp_init_size(&t, c->used)) != MP_OKAY) { - return res; - } - - if ((res = mp_mul(a, b, &t)) != MP_OKAY) { - mp_clear(&t); - return res; - } - res = mp_mod(&t, c, d); - mp_clear(&t); - return res; -} - -/* End: bn_mp_mulmod.c */ - -/* Start: bn_mp_n_root.c */ - -/* wrapper function for mp_n_root_ex() - * computes c = (a)**(1/b) such that (c)**b <= a and (c+1)**b > a - */ -int mp_n_root(const mp_int *a, mp_digit b, mp_int *c) -{ - return mp_n_root_ex(a, b, c, 0); -} - -/* End: bn_mp_n_root.c */ - -/* Start: bn_mp_n_root_ex.c */ - -/* find the n'th root of an integer - * - * Result found such that (c)**b <= a and (c+1)**b > a - * - * This algorithm uses Newton's approximation - * x[i+1] = x[i] - f(x[i])/f'(x[i]) - * which will find the root in log(N) time where - * each step involves a fair bit. This is not meant to - * find huge roots [square and cube, etc]. - */ -int mp_n_root_ex(const mp_int *a, mp_digit b, mp_int *c, int fast) -{ - mp_int t1, t2, t3, a_; - int res; - - /* input must be positive if b is even */ - if (((b & 1u) == 0u) && (a->sign == MP_NEG)) { - return MP_VAL; - } - - if ((res = mp_init(&t1)) != MP_OKAY) { - return res; - } - - if ((res = mp_init(&t2)) != MP_OKAY) { - goto LBL_T1; - } - - if ((res = mp_init(&t3)) != MP_OKAY) { - goto LBL_T2; - } - - /* if a is negative fudge the sign but keep track */ - a_ = *a; - a_.sign = MP_ZPOS; - - /* t2 = 2 */ - mp_set(&t2, 2uL); - - do { - /* t1 = t2 */ - if ((res = mp_copy(&t2, &t1)) != MP_OKAY) { - goto LBL_T3; - } - - /* t2 = t1 - ((t1**b - a) / (b * t1**(b-1))) */ - - /* t3 = t1**(b-1) */ - if ((res = mp_expt_d_ex(&t1, b - 1u, &t3, fast)) != MP_OKAY) { - goto LBL_T3; - } - - /* numerator */ - /* t2 = t1**b */ - if ((res = mp_mul(&t3, &t1, &t2)) != MP_OKAY) { - goto LBL_T3; - } - - /* t2 = t1**b - a */ - if ((res = mp_sub(&t2, &a_, &t2)) != MP_OKAY) { - goto LBL_T3; - } - - /* denominator */ - /* t3 = t1**(b-1) * b */ - if ((res = mp_mul_d(&t3, b, &t3)) != MP_OKAY) { - goto LBL_T3; - } - - /* t3 = (t1**b - a)/(b * t1**(b-1)) */ - if ((res = mp_div(&t2, &t3, &t3, NULL)) != MP_OKAY) { - goto LBL_T3; - } - - if ((res = mp_sub(&t1, &t3, &t2)) != MP_OKAY) { - goto LBL_T3; - } - } while (mp_cmp(&t1, &t2) != MP_EQ); - - /* result can be off by a few so check */ - for (;;) { - if ((res = mp_expt_d_ex(&t1, b, &t2, fast)) != MP_OKAY) { - goto LBL_T3; - } - - if (mp_cmp(&t2, &a_) == MP_GT) { - if ((res = mp_sub_d(&t1, 1uL, &t1)) != MP_OKAY) { - goto LBL_T3; - } - } else { - break; - } - } - - /* set the result */ - mp_exch(&t1, c); - - /* set the sign of the result */ - c->sign = a->sign; - - res = MP_OKAY; - -LBL_T3: - mp_clear(&t3); -LBL_T2: - mp_clear(&t2); -LBL_T1: - mp_clear(&t1); - return res; -} - -/* End: bn_mp_n_root_ex.c */ - -/* Start: bn_mp_neg.c */ - -/* b = -a */ -int mp_neg(const mp_int *a, mp_int *b) -{ - int res; - if (a != b) { - if ((res = mp_copy(a, b)) != MP_OKAY) { - return res; - } - } - - if (mp_iszero(b) != MP_YES) { - b->sign = (a->sign == MP_ZPOS) ? MP_NEG : MP_ZPOS; - } else { - b->sign = MP_ZPOS; - } - - return MP_OKAY; -} - -/* End: bn_mp_neg.c */ - -/* Start: bn_mp_or.c */ - -/* OR two ints together */ -int mp_or(const mp_int *a, const mp_int *b, mp_int *c) -{ - int res, ix, px; - mp_int t; - const mp_int *x; - - if (a->used > b->used) { - if ((res = mp_init_copy(&t, a)) != MP_OKAY) { - return res; - } - px = b->used; - x = b; - } else { - if ((res = mp_init_copy(&t, b)) != MP_OKAY) { - return res; - } - px = a->used; - x = a; - } - - for (ix = 0; ix < px; ix++) { - t.dp[ix] |= x->dp[ix]; - } - mp_clamp(&t); - mp_exch(c, &t); - mp_clear(&t); - return MP_OKAY; -} - -/* End: bn_mp_or.c */ - -/* Start: bn_mp_prime_fermat.c */ - -/* performs one Fermat test. - * - * If "a" were prime then b**a == b (mod a) since the order of - * the multiplicative sub-group would be phi(a) = a-1. That means - * it would be the same as b**(a mod (a-1)) == b**1 == b (mod a). - * - * Sets result to 1 if the congruence holds, or zero otherwise. - */ -int mp_prime_fermat(const mp_int *a, const mp_int *b, int *result) -{ - mp_int t; - int err; - - /* default to composite */ - *result = MP_NO; - - /* ensure b > 1 */ - if (mp_cmp_d(b, 1uL) != MP_GT) { - return MP_VAL; - } - - /* init t */ - if ((err = mp_init(&t)) != MP_OKAY) { - return err; - } - - /* compute t = b**a mod a */ - if ((err = mp_exptmod(b, a, a, &t)) != MP_OKAY) { - goto LBL_T; - } - - /* is it equal to b? */ - if (mp_cmp(&t, b) == MP_EQ) { - *result = MP_YES; - } - - err = MP_OKAY; -LBL_T: - mp_clear(&t); - return err; -} - -/* End: bn_mp_prime_fermat.c */ - -/* Start: bn_mp_prime_frobenius_underwood.c */ - -/* - * See file bn_mp_prime_is_prime.c or the documentation in doc/bn.tex for the details - */ -#ifndef LTM_USE_FIPS_ONLY - -#ifdef MP_8BIT -/* - * floor of positive solution of - * (2^16)-1 = (a+4)*(2*a+5) - * TODO: Both values are smaller than N^(1/4), would have to use a bigint - * for a instead but any a biger than about 120 are already so rare that - * it is possible to ignore them and still get enough pseudoprimes. - * But it is still a restriction of the set of available pseudoprimes - * which makes this implementation less secure if used stand-alone. - */ -#define LTM_FROBENIUS_UNDERWOOD_A 177 -#else -#define LTM_FROBENIUS_UNDERWOOD_A 32764 -#endif -int mp_prime_frobenius_underwood(const mp_int *N, int *result) -{ - mp_int T1z, T2z, Np1z, sz, tz; - - int a, ap2, length, i, j, isset; - int e; - - *result = MP_NO; - - if ((e = mp_init_multi(&T1z, &T2z, &Np1z, &sz, &tz, NULL)) != MP_OKAY) { - return e; - } - - for (a = 0; a < LTM_FROBENIUS_UNDERWOOD_A; a++) { - /* TODO: That's ugly! No, really, it is! */ - if ((a==2) || (a==4) || (a==7) || (a==8) || (a==10) || - (a==14) || (a==18) || (a==23) || (a==26) || (a==28)) { - continue; - } - /* (32764^2 - 4) < 2^31, no bigint for >MP_8BIT needed) */ - if ((e = mp_set_long(&T1z, (unsigned long)a)) != MP_OKAY) { - goto LBL_FU_ERR; - } - - if ((e = mp_sqr(&T1z, &T1z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - - if ((e = mp_sub_d(&T1z, 4uL, &T1z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - - if ((e = mp_kronecker(&T1z, N, &j)) != MP_OKAY) { - goto LBL_FU_ERR; - } - - if (j == -1) { - break; - } - - if (j == 0) { - /* composite */ - goto LBL_FU_ERR; - } - } - /* Tell it a composite and set return value accordingly */ - if (a >= LTM_FROBENIUS_UNDERWOOD_A) { - e = MP_ITER; - goto LBL_FU_ERR; - } - /* Composite if N and (a+4)*(2*a+5) are not coprime */ - if ((e = mp_set_long(&T1z, (unsigned long)((a+4)*((2*a)+5)))) != MP_OKAY) { - goto LBL_FU_ERR; - } - - if ((e = mp_gcd(N, &T1z, &T1z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - - if (!((T1z.used == 1) && (T1z.dp[0] == 1u))) { - goto LBL_FU_ERR; - } - - ap2 = a + 2; - if ((e = mp_add_d(N, 1uL, &Np1z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - - mp_set(&sz, 1uL); - mp_set(&tz, 2uL); - length = mp_count_bits(&Np1z); - - for (i = length - 2; i >= 0; i--) { - /* - * temp = (sz*(a*sz+2*tz))%N; - * tz = ((tz-sz)*(tz+sz))%N; - * sz = temp; - */ - if ((e = mp_mul_2(&tz, &T2z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - - /* a = 0 at about 50% of the cases (non-square and odd input) */ - if (a != 0) { - if ((e = mp_mul_d(&sz, (mp_digit)a, &T1z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((e = mp_add(&T1z, &T2z, &T2z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - } - - if ((e = mp_mul(&T2z, &sz, &T1z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((e = mp_sub(&tz, &sz, &T2z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((e = mp_add(&sz, &tz, &sz)) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((e = mp_mul(&sz, &T2z, &tz)) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((e = mp_mod(&tz, N, &tz)) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((e = mp_mod(&T1z, N, &sz)) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((isset = mp_get_bit(&Np1z, i)) == MP_VAL) { - e = isset; - goto LBL_FU_ERR; - } - if (isset == MP_YES) { - /* - * temp = (a+2) * sz + tz - * tz = 2 * tz - sz - * sz = temp - */ - if (a == 0) { - if ((e = mp_mul_2(&sz, &T1z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - } else { - if ((e = mp_mul_d(&sz, (mp_digit)ap2, &T1z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - } - if ((e = mp_add(&T1z, &tz, &T1z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((e = mp_mul_2(&tz, &T2z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((e = mp_sub(&T2z, &sz, &tz)) != MP_OKAY) { - goto LBL_FU_ERR; - } - mp_exch(&sz, &T1z); - } - } - - if ((e = mp_set_long(&T1z, (unsigned long)((2 * a) + 5))) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((e = mp_mod(&T1z, N, &T1z)) != MP_OKAY) { - goto LBL_FU_ERR; - } - if ((mp_iszero(&sz) != MP_NO) && (mp_cmp(&tz, &T1z) == MP_EQ)) { - *result = MP_YES; - goto LBL_FU_ERR; - } - -LBL_FU_ERR: - mp_clear_multi(&tz, &sz, &Np1z, &T2z, &T1z, NULL); - return e; -} - -#endif - -/* End: bn_mp_prime_frobenius_underwood.c */ - -/* Start: bn_mp_prime_is_divisible.c */ - -/* determines if an integers is divisible by one - * of the first PRIME_SIZE primes or not - * - * sets result to 0 if not, 1 if yes - */ -int mp_prime_is_divisible(const mp_int *a, int *result) -{ - int err, ix; - mp_digit res; - - /* default to not */ - *result = MP_NO; - - for (ix = 0; ix < PRIME_SIZE; ix++) { - /* what is a mod LBL_prime_tab[ix] */ - if ((err = mp_mod_d(a, ltm_prime_tab[ix], &res)) != MP_OKAY) { - return err; - } - - /* is the residue zero? */ - if (res == 0u) { - *result = MP_YES; - return MP_OKAY; - } - } - - return MP_OKAY; -} - -/* End: bn_mp_prime_is_divisible.c */ - -/* Start: bn_mp_prime_is_prime.c */ - -/* portable integer log of two with small footprint */ -static unsigned int s_floor_ilog2(int value) -{ - unsigned int r = 0; - while ((value >>= 1) != 0) { - r++; - } - return r; -} - - -int mp_prime_is_prime(const mp_int *a, int t, int *result) -{ - mp_int b; - int ix, err, res, p_max = 0, size_a, len; - unsigned int fips_rand, mask; - - /* default to no */ - *result = MP_NO; - - /* valid value of t? */ - if (t > PRIME_SIZE) { - return MP_VAL; - } - - /* Some shortcuts */ - /* N > 3 */ - if (a->used == 1) { - if ((a->dp[0] == 0u) || (a->dp[0] == 1u)) { - *result = 0; - return MP_OKAY; - } - if (a->dp[0] == 2u) { - *result = 1; - return MP_OKAY; - } - } - - /* N must be odd */ - if (mp_iseven(a) == MP_YES) { - return MP_OKAY; - } - /* N is not a perfect square: floor(sqrt(N))^2 != N */ - if ((err = mp_is_square(a, &res)) != MP_OKAY) { - return err; - } - if (res != 0) { - return MP_OKAY; - } - - /* is the input equal to one of the primes in the table? */ - for (ix = 0; ix < PRIME_SIZE; ix++) { - if (mp_cmp_d(a, ltm_prime_tab[ix]) == MP_EQ) { - *result = MP_YES; - return MP_OKAY; - } - } -#ifdef MP_8BIT - /* The search in the loop above was exhaustive in this case */ - if ((a->used == 1) && (PRIME_SIZE >= 31)) { - return MP_OKAY; - } -#endif - - /* first perform trial division */ - if ((err = mp_prime_is_divisible(a, &res)) != MP_OKAY) { - return err; - } - - /* return if it was trivially divisible */ - if (res == MP_YES) { - return MP_OKAY; - } - - /* - Run the Miller-Rabin test with base 2 for the BPSW test. - */ - if ((err = mp_init_set(&b, 2uL)) != MP_OKAY) { - return err; - } - - if ((err = mp_prime_miller_rabin(a, &b, &res)) != MP_OKAY) { - goto LBL_B; - } - if (res == MP_NO) { - goto LBL_B; - } - /* - Rumours have it that Mathematica does a second M-R test with base 3. - Other rumours have it that their strong L-S test is slightly different. - It does not hurt, though, beside a bit of extra runtime. - */ - b.dp[0]++; - if ((err = mp_prime_miller_rabin(a, &b, &res)) != MP_OKAY) { - goto LBL_B; - } - if (res == MP_NO) { - goto LBL_B; - } - - /* - * Both, the Frobenius-Underwood test and the the Lucas-Selfridge test are quite - * slow so if speed is an issue, define LTM_USE_FIPS_ONLY to use M-R tests with - * bases 2, 3 and t random bases. - */ -#ifndef LTM_USE_FIPS_ONLY - if (t >= 0) { - /* - * Use a Frobenius-Underwood test instead of the Lucas-Selfridge test for - * MP_8BIT (It is unknown if the Lucas-Selfridge test works with 16-bit - * integers but the necesssary analysis is on the todo-list). - */ -#if defined (MP_8BIT) || defined (LTM_USE_FROBENIUS_TEST) - err = mp_prime_frobenius_underwood(a, &res); - if ((err != MP_OKAY) && (err != MP_ITER)) { - goto LBL_B; - } - if (res == MP_NO) { - goto LBL_B; - } -#else - if ((err = mp_prime_strong_lucas_selfridge(a, &res)) != MP_OKAY) { - goto LBL_B; - } - if (res == MP_NO) { - goto LBL_B; - } -#endif - } -#endif - - /* run at least one Miller-Rabin test with a random base */ - if (t == 0) { - t = 1; - } - - /* - abs(t) extra rounds of M-R to extend the range of primes it can find if t < 0. - Only recommended if the input range is known to be < 3317044064679887385961981 - - It uses the bases for a deterministic M-R test if input < 3317044064679887385961981 - The caller has to check the size. - - Not for cryptographic use because with known bases strong M-R pseudoprimes can - be constructed. Use at least one M-R test with a random base (t >= 1). - - The 1119 bit large number - - 80383745745363949125707961434194210813883768828755814583748891752229742737653\ - 33652186502336163960045457915042023603208766569966760987284043965408232928738\ - 79185086916685732826776177102938969773947016708230428687109997439976544144845\ - 34115587245063340927902227529622941498423068816854043264575340183297861112989\ - 60644845216191652872597534901 - - has been constructed by F. Arnault (F. Arnault, "Rabin-Miller primality test: - composite numbers which pass it.", Mathematics of Computation, 1995, 64. Jg., - Nr. 209, S. 355-361), is a semiprime with the two factors - - 40095821663949960541830645208454685300518816604113250877450620473800321707011\ - 96242716223191597219733582163165085358166969145233813917169287527980445796800\ - 452592031836601 - - 20047910831974980270915322604227342650259408302056625438725310236900160853505\ - 98121358111595798609866791081582542679083484572616906958584643763990222898400\ - 226296015918301 - - and it is a strong pseudoprime to all forty-six prime M-R bases up to 200 - - It does not fail the strong Bailley-PSP test as implemented here, it is just - given as an example, if not the reason to use the BPSW-test instead of M-R-tests - with a sequence of primes 2...n. - - */ - if (t < 0) { - t = -t; - /* - Sorenson, Jonathan; Webster, Jonathan (2015). - "Strong Pseudoprimes to Twelve Prime Bases". - */ - /* 0x437ae92817f9fc85b7e5 = 318665857834031151167461 */ - if ((err = mp_read_radix(&b, "437ae92817f9fc85b7e5", 16)) != MP_OKAY) { - goto LBL_B; - } - - if (mp_cmp(a, &b) == MP_LT) { - p_max = 12; - } else { - /* 0x2be6951adc5b22410a5fd = 3317044064679887385961981 */ - if ((err = mp_read_radix(&b, "2be6951adc5b22410a5fd", 16)) != MP_OKAY) { - goto LBL_B; - } - - if (mp_cmp(a, &b) == MP_LT) { - p_max = 13; - } else { - err = MP_VAL; - goto LBL_B; - } - } - - /* for compatibility with the current API (well, compatible within a sign's width) */ - if (p_max < t) { - p_max = t; - } - - if (p_max > PRIME_SIZE) { - err = MP_VAL; - goto LBL_B; - } - /* we did bases 2 and 3 already, skip them */ - for (ix = 2; ix < p_max; ix++) { - mp_set(&b, ltm_prime_tab[ix]); - if ((err = mp_prime_miller_rabin(a, &b, &res)) != MP_OKAY) { - goto LBL_B; - } - if (res == MP_NO) { - goto LBL_B; - } - } - } - /* - Do "t" M-R tests with random bases between 3 and "a". - See Fips 186.4 p. 126ff - */ - else if (t > 0) { - /* - * The mp_digit's have a defined bit-size but the size of the - * array a.dp is a simple 'int' and this library can not assume full - * compliance to the current C-standard (ISO/IEC 9899:2011) because - * it gets used for small embeded processors, too. Some of those MCUs - * have compilers that one cannot call standard compliant by any means. - * Hence the ugly type-fiddling in the following code. - */ - size_a = mp_count_bits(a); - mask = (1u << s_floor_ilog2(size_a)) - 1u; - /* - Assuming the General Rieman hypothesis (never thought to write that in a - comment) the upper bound can be lowered to 2*(log a)^2. - E. Bach, "Explicit bounds for primality testing and related problems," - Math. Comp. 55 (1990), 355-380. - - size_a = (size_a/10) * 7; - len = 2 * (size_a * size_a); - - E.g.: a number of size 2^2048 would be reduced to the upper limit - - floor(2048/10)*7 = 1428 - 2 * 1428^2 = 4078368 - - (would have been ~4030331.9962 with floats and natural log instead) - That number is smaller than 2^28, the default bit-size of mp_digit. - */ - - /* - How many tests, you might ask? Dana Jacobsen of Math::Prime::Util fame - does exactly 1. In words: one. Look at the end of _GMP_is_prime() in - Math-Prime-Util-GMP-0.50/primality.c if you do not believe it. - - The function mp_rand() goes to some length to use a cryptographically - good PRNG. That also means that the chance to always get the same base - in the loop is non-zero, although very low. - If the BPSW test and/or the addtional Frobenious test have been - performed instead of just the Miller-Rabin test with the bases 2 and 3, - a single extra test should suffice, so such a very unlikely event - will not do much harm. - - To preemptivly answer the dangling question: no, a witness does not - need to be prime. - */ - for (ix = 0; ix < t; ix++) { - /* mp_rand() guarantees the first digit to be non-zero */ - if ((err = mp_rand(&b, 1)) != MP_OKAY) { - goto LBL_B; - } - /* - * Reduce digit before casting because mp_digit might be bigger than - * an unsigned int and "mask" on the other side is most probably not. - */ - fips_rand = (unsigned int)(b.dp[0] & (mp_digit) mask); -#ifdef MP_8BIT - /* - * One 8-bit digit is too small, so concatenate two if the size of - * unsigned int allows for it. - */ - if (((sizeof(unsigned int) * CHAR_BIT)/2) >= (sizeof(mp_digit) * CHAR_BIT)) { - if ((err = mp_rand(&b, 1)) != MP_OKAY) { - goto LBL_B; - } - fips_rand <<= sizeof(mp_digit) * CHAR_BIT; - fips_rand |= (unsigned int) b.dp[0]; - fips_rand &= mask; - } -#endif - if (fips_rand > (unsigned int)(INT_MAX - DIGIT_BIT)) { - len = INT_MAX / DIGIT_BIT; - } else { - len = (((int)fips_rand + DIGIT_BIT) / DIGIT_BIT); - } - /* Unlikely. */ - if (len < 0) { - ix--; - continue; - } - /* - * As mentioned above, one 8-bit digit is too small and - * although it can only happen in the unlikely case that - * an "unsigned int" is smaller than 16 bit a simple test - * is cheap and the correction even cheaper. - */ -#ifdef MP_8BIT - /* All "a" < 2^8 have been caught before */ - if (len == 1) { - len++; - } -#endif - if ((err = mp_rand(&b, len)) != MP_OKAY) { - goto LBL_B; - } - /* - * That number might got too big and the witness has to be - * smaller than or equal to "a" - */ - len = mp_count_bits(&b); - if (len > size_a) { - len = len - size_a; - if ((err = mp_div_2d(&b, len, &b, NULL)) != MP_OKAY) { - goto LBL_B; - } - } - - /* Although the chance for b <= 3 is miniscule, try again. */ - if (mp_cmp_d(&b, 3uL) != MP_GT) { - ix--; - continue; - } - if ((err = mp_prime_miller_rabin(a, &b, &res)) != MP_OKAY) { - goto LBL_B; - } - if (res == MP_NO) { - goto LBL_B; - } - } - } - - /* passed the test */ - *result = MP_YES; -LBL_B: - mp_clear(&b); - return err; -} - -/* End: bn_mp_prime_is_prime.c */ - -/* Start: bn_mp_prime_miller_rabin.c */ - -/* Miller-Rabin test of "a" to the base of "b" as described in - * HAC pp. 139 Algorithm 4.24 - * - * Sets result to 0 if definitely composite or 1 if probably prime. - * Randomly the chance of error is no more than 1/4 and often - * very much lower. - */ -int mp_prime_miller_rabin(const mp_int *a, const mp_int *b, int *result) -{ - mp_int n1, y, r; - int s, j, err; - - /* default */ - *result = MP_NO; - - /* ensure b > 1 */ - if (mp_cmp_d(b, 1uL) != MP_GT) { - return MP_VAL; - } - - /* get n1 = a - 1 */ - if ((err = mp_init_copy(&n1, a)) != MP_OKAY) { - return err; - } - if ((err = mp_sub_d(&n1, 1uL, &n1)) != MP_OKAY) { - goto LBL_N1; - } - - /* set 2**s * r = n1 */ - if ((err = mp_init_copy(&r, &n1)) != MP_OKAY) { - goto LBL_N1; - } - - /* count the number of least significant bits - * which are zero - */ - s = mp_cnt_lsb(&r); - - /* now divide n - 1 by 2**s */ - if ((err = mp_div_2d(&r, s, &r, NULL)) != MP_OKAY) { - goto LBL_R; - } - - /* compute y = b**r mod a */ - if ((err = mp_init(&y)) != MP_OKAY) { - goto LBL_R; - } - if ((err = mp_exptmod(b, &r, a, &y)) != MP_OKAY) { - goto LBL_Y; - } - - /* if y != 1 and y != n1 do */ - if ((mp_cmp_d(&y, 1uL) != MP_EQ) && (mp_cmp(&y, &n1) != MP_EQ)) { - j = 1; - /* while j <= s-1 and y != n1 */ - while ((j <= (s - 1)) && (mp_cmp(&y, &n1) != MP_EQ)) { - if ((err = mp_sqrmod(&y, a, &y)) != MP_OKAY) { - goto LBL_Y; - } - - /* if y == 1 then composite */ - if (mp_cmp_d(&y, 1uL) == MP_EQ) { - goto LBL_Y; - } - - ++j; - } - - /* if y != n1 then composite */ - if (mp_cmp(&y, &n1) != MP_EQ) { - goto LBL_Y; - } - } - - /* probably prime now */ - *result = MP_YES; -LBL_Y: - mp_clear(&y); -LBL_R: - mp_clear(&r); -LBL_N1: - mp_clear(&n1); - return err; -} - -/* End: bn_mp_prime_miller_rabin.c */ - -/* Start: bn_mp_prime_next_prime.c */ - -/* finds the next prime after the number "a" using "t" trials - * of Miller-Rabin. - * - * bbs_style = 1 means the prime must be congruent to 3 mod 4 - */ -int mp_prime_next_prime(mp_int *a, int t, int bbs_style) -{ - int err, res = MP_NO, x, y; - mp_digit res_tab[PRIME_SIZE], step, kstep; - mp_int b; - - /* force positive */ - a->sign = MP_ZPOS; - - /* simple algo if a is less than the largest prime in the table */ - if (mp_cmp_d(a, ltm_prime_tab[PRIME_SIZE-1]) == MP_LT) { - /* find which prime it is bigger than */ - for (x = PRIME_SIZE - 2; x >= 0; x--) { - if (mp_cmp_d(a, ltm_prime_tab[x]) != MP_LT) { - if (bbs_style == 1) { - /* ok we found a prime smaller or - * equal [so the next is larger] - * - * however, the prime must be - * congruent to 3 mod 4 - */ - if ((ltm_prime_tab[x + 1] & 3u) != 3u) { - /* scan upwards for a prime congruent to 3 mod 4 */ - for (y = x + 1; y < PRIME_SIZE; y++) { - if ((ltm_prime_tab[y] & 3u) == 3u) { - mp_set(a, ltm_prime_tab[y]); - return MP_OKAY; - } - } - } - } else { - mp_set(a, ltm_prime_tab[x + 1]); - return MP_OKAY; - } - } - } - /* at this point a maybe 1 */ - if (mp_cmp_d(a, 1uL) == MP_EQ) { - mp_set(a, 2uL); - return MP_OKAY; - } - /* fall through to the sieve */ - } - - /* generate a prime congruent to 3 mod 4 or 1/3 mod 4? */ - if (bbs_style == 1) { - kstep = 4; - } else { - kstep = 2; - } - - /* at this point we will use a combination of a sieve and Miller-Rabin */ - - if (bbs_style == 1) { - /* if a mod 4 != 3 subtract the correct value to make it so */ - if ((a->dp[0] & 3u) != 3u) { - if ((err = mp_sub_d(a, (a->dp[0] & 3u) + 1u, a)) != MP_OKAY) { - return err; - }; - } - } else { - if (mp_iseven(a) == MP_YES) { - /* force odd */ - if ((err = mp_sub_d(a, 1uL, a)) != MP_OKAY) { - return err; - } - } - } - - /* generate the restable */ - for (x = 1; x < PRIME_SIZE; x++) { - if ((err = mp_mod_d(a, ltm_prime_tab[x], res_tab + x)) != MP_OKAY) { - return err; - } - } - - /* init temp used for Miller-Rabin Testing */ - if ((err = mp_init(&b)) != MP_OKAY) { - return err; - } - - for (;;) { - /* skip to the next non-trivially divisible candidate */ - step = 0; - do { - /* y == 1 if any residue was zero [e.g. cannot be prime] */ - y = 0; - - /* increase step to next candidate */ - step += kstep; - - /* compute the new residue without using division */ - for (x = 1; x < PRIME_SIZE; x++) { - /* add the step to each residue */ - res_tab[x] += kstep; - - /* subtract the modulus [instead of using division] */ - if (res_tab[x] >= ltm_prime_tab[x]) { - res_tab[x] -= ltm_prime_tab[x]; - } - - /* set flag if zero */ - if (res_tab[x] == 0u) { - y = 1; - } - } - } while ((y == 1) && (step < (((mp_digit)1 << DIGIT_BIT) - kstep))); - - /* add the step */ - if ((err = mp_add_d(a, step, a)) != MP_OKAY) { - goto LBL_ERR; - } - - /* if didn't pass sieve and step == MAX then skip test */ - if ((y == 1) && (step >= (((mp_digit)1 << DIGIT_BIT) - kstep))) { - continue; - } - - if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { - goto LBL_ERR; - } - if (res == MP_YES) { - break; - } - } - - err = MP_OKAY; -LBL_ERR: - mp_clear(&b); - return err; -} - -/* End: bn_mp_prime_next_prime.c */ - -/* Start: bn_mp_prime_rabin_miller_trials.c */ - -static const struct { - int k, t; -} sizes[] = { - { 80, -1 }, /* Use deterministic algorithm for size <= 80 bits */ - { 81, 39 }, - { 96, 37 }, - { 128, 32 }, - { 160, 27 }, - { 192, 21 }, - { 256, 16 }, - { 384, 10 }, - { 512, 7 }, - { 640, 6 }, - { 768, 5 }, - { 896, 4 }, - { 1024, 4 }, - { 2048, 2 }, - { 4096, 1 }, -}; - -/* returns # of RM trials required for a given bit size and max. error of 2^(-96)*/ -int mp_prime_rabin_miller_trials(int size) -{ - int x; - - for (x = 0; x < (int)(sizeof(sizes)/(sizeof(sizes[0]))); x++) { - if (sizes[x].k == size) { - return sizes[x].t; - } else if (sizes[x].k > size) { - return (x == 0) ? sizes[0].t : sizes[x - 1].t; - } - } - return sizes[x-1].t + 1; -} - -/* End: bn_mp_prime_rabin_miller_trials.c */ - -/* Start: bn_mp_prime_random_ex.c */ - -/* makes a truly random prime of a given size (bits), - * - * Flags are as follows: - * - * LTM_PRIME_BBS - make prime congruent to 3 mod 4 - * LTM_PRIME_SAFE - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS) - * LTM_PRIME_2MSB_ON - make the 2nd highest bit one - * - * You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can - * have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself - * so it can be NULL - * - */ - -/* This is possibly the mother of all prime generation functions, muahahahahaha! */ -int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback cb, void *dat) -{ - unsigned char *tmp, maskAND, maskOR_msb, maskOR_lsb; - int res, err, bsize, maskOR_msb_offset; - - /* sanity check the input */ - if ((size <= 1) || (t <= 0)) { - return MP_VAL; - } - - /* LTM_PRIME_SAFE implies LTM_PRIME_BBS */ - if ((flags & LTM_PRIME_SAFE) != 0) { - flags |= LTM_PRIME_BBS; - } - - /* calc the byte size */ - bsize = (size>>3) + ((size&7)?1:0); - - /* we need a buffer of bsize bytes */ - tmp = OPT_CAST(unsigned char) XMALLOC((size_t)bsize); - if (tmp == NULL) { - return MP_MEM; - } - - /* calc the maskAND value for the MSbyte*/ - maskAND = ((size&7) == 0) ? 0xFF : (0xFF >> (8 - (size & 7))); - - /* calc the maskOR_msb */ - maskOR_msb = 0; - maskOR_msb_offset = ((size & 7) == 1) ? 1 : 0; - if ((flags & LTM_PRIME_2MSB_ON) != 0) { - maskOR_msb |= 0x80 >> ((9 - size) & 7); - } - - /* get the maskOR_lsb */ - maskOR_lsb = 1; - if ((flags & LTM_PRIME_BBS) != 0) { - maskOR_lsb |= 3; - } - - do { - /* read the bytes */ - if (cb(tmp, bsize, dat) != bsize) { - err = MP_VAL; - goto error; - } - - /* work over the MSbyte */ - tmp[0] &= maskAND; - tmp[0] |= 1 << ((size - 1) & 7); - - /* mix in the maskORs */ - tmp[maskOR_msb_offset] |= maskOR_msb; - tmp[bsize-1] |= maskOR_lsb; - - /* read it in */ - if ((err = mp_read_unsigned_bin(a, tmp, bsize)) != MP_OKAY) { - goto error; - } - - /* is it prime? */ - if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { - goto error; - } - if (res == MP_NO) { - continue; - } - - if ((flags & LTM_PRIME_SAFE) != 0) { - /* see if (a-1)/2 is prime */ - if ((err = mp_sub_d(a, 1uL, a)) != MP_OKAY) { - goto error; - } - if ((err = mp_div_2(a, a)) != MP_OKAY) { - goto error; - } - - /* is it prime? */ - if ((err = mp_prime_is_prime(a, t, &res)) != MP_OKAY) { - goto error; - } - } - } while (res == MP_NO); - - if ((flags & LTM_PRIME_SAFE) != 0) { - /* restore a to the original value */ - if ((err = mp_mul_2(a, a)) != MP_OKAY) { - goto error; - } - if ((err = mp_add_d(a, 1uL, a)) != MP_OKAY) { - goto error; - } - } - - err = MP_OKAY; -error: - XFREE(tmp); - return err; -} - -/* End: bn_mp_prime_random_ex.c */ - -/* Start: bn_mp_prime_strong_lucas_selfridge.c */ - -/* - * See file bn_mp_prime_is_prime.c or the documentation in doc/bn.tex for the details - */ -#ifndef LTM_USE_FIPS_ONLY - -/* - * 8-bit is just too small. You can try the Frobenius test - * but that frobenius test can fail, too, for the same reason. - */ -#ifndef MP_8BIT - -/* - * multiply bigint a with int d and put the result in c - * Like mp_mul_d() but with a signed long as the small input - */ -static int s_mp_mul_si(const mp_int *a, long d, mp_int *c) -{ - mp_int t; - int err, neg = 0; - - if ((err = mp_init(&t)) != MP_OKAY) { - return err; - } - if (d < 0) { - neg = 1; - d = -d; - } - - /* - * mp_digit might be smaller than a long, which excludes - * the use of mp_mul_d() here. - */ - if ((err = mp_set_long(&t, (unsigned long) d)) != MP_OKAY) { - goto LBL_MPMULSI_ERR; - } - if ((err = mp_mul(a, &t, c)) != MP_OKAY) { - goto LBL_MPMULSI_ERR; - } - if (neg == 1) { - c->sign = (a->sign == MP_NEG) ? MP_ZPOS: MP_NEG; - } -LBL_MPMULSI_ERR: - mp_clear(&t); - return err; -} -/* - Strong Lucas-Selfridge test. - returns MP_YES if it is a strong L-S prime, MP_NO if it is composite - - Code ported from Thomas Ray Nicely's implementation of the BPSW test - at http://www.trnicely.net/misc/bpsw.html - - Freeware copyright (C) 2016 Thomas R. Nicely <http://www.trnicely.net>. - Released into the public domain by the author, who disclaims any legal - liability arising from its use - - The multi-line comments are made by Thomas R. Nicely and are copied verbatim. - Additional comments marked "CZ" (without the quotes) are by the code-portist. - - (If that name sounds familiar, he is the guy who found the fdiv bug in the - Pentium (P5x, I think) Intel processor) -*/ -int mp_prime_strong_lucas_selfridge(const mp_int *a, int *result) -{ - /* CZ TODO: choose better variable names! */ - mp_int Dz, gcd, Np1, Uz, Vz, U2mz, V2mz, Qmz, Q2mz, Qkdz, T1z, T2z, T3z, T4z, Q2kdz; - /* CZ TODO: Some of them need the full 32 bit, hence the (temporary) exclusion of MP_8BIT */ - int32_t D, Ds, J, sign, P, Q, r, s, u, Nbits; - int e; - int isset, oddness; - - *result = MP_NO; - /* - Find the first element D in the sequence {5, -7, 9, -11, 13, ...} - such that Jacobi(D,N) = -1 (Selfridge's algorithm). Theory - indicates that, if N is not a perfect square, D will "nearly - always" be "small." Just in case, an overflow trap for D is - included. - */ - - if ((e = mp_init_multi(&Dz, &gcd, &Np1, &Uz, &Vz, &U2mz, &V2mz, &Qmz, &Q2mz, &Qkdz, &T1z, &T2z, &T3z, &T4z, &Q2kdz, - NULL)) != MP_OKAY) { - return e; - } - - D = 5; - sign = 1; - - for (;;) { - Ds = sign * D; - sign = -sign; - if ((e = mp_set_long(&Dz, (unsigned long)D)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_gcd(a, &Dz, &gcd)) != MP_OKAY) { - goto LBL_LS_ERR; - } - /* if 1 < GCD < N then N is composite with factor "D", and - Jacobi(D,N) is technically undefined (but often returned - as zero). */ - if ((mp_cmp_d(&gcd, 1uL) == MP_GT) && (mp_cmp(&gcd, a) == MP_LT)) { - goto LBL_LS_ERR; - } - if (Ds < 0) { - Dz.sign = MP_NEG; - } - if ((e = mp_kronecker(&Dz, a, &J)) != MP_OKAY) { - goto LBL_LS_ERR; - } - - if (J == -1) { - break; - } - D += 2; - - if (D > (INT_MAX - 2)) { - e = MP_VAL; - goto LBL_LS_ERR; - } - } - - - - P = 1; /* Selfridge's choice */ - Q = (1 - Ds) / 4; /* Required so D = P*P - 4*Q */ - - /* NOTE: The conditions (a) N does not divide Q, and - (b) D is square-free or not a perfect square, are included by - some authors; e.g., "Prime numbers and computer methods for - factorization," Hans Riesel (2nd ed., 1994, Birkhauser, Boston), - p. 130. For this particular application of Lucas sequences, - these conditions were found to be immaterial. */ - - /* Now calculate N - Jacobi(D,N) = N + 1 (even), and calculate the - odd positive integer d and positive integer s for which - N + 1 = 2^s*d (similar to the step for N - 1 in Miller's test). - The strong Lucas-Selfridge test then returns N as a strong - Lucas probable prime (slprp) if any of the following - conditions is met: U_d=0, V_d=0, V_2d=0, V_4d=0, V_8d=0, - V_16d=0, ..., etc., ending with V_{2^(s-1)*d}=V_{(N+1)/2}=0 - (all equalities mod N). Thus d is the highest index of U that - must be computed (since V_2m is independent of U), compared - to U_{N+1} for the standard Lucas-Selfridge test; and no - index of V beyond (N+1)/2 is required, just as in the - standard Lucas-Selfridge test. However, the quantity Q^d must - be computed for use (if necessary) in the latter stages of - the test. The result is that the strong Lucas-Selfridge test - has a running time only slightly greater (order of 10 %) than - that of the standard Lucas-Selfridge test, while producing - only (roughly) 30 % as many pseudoprimes (and every strong - Lucas pseudoprime is also a standard Lucas pseudoprime). Thus - the evidence indicates that the strong Lucas-Selfridge test is - more effective than the standard Lucas-Selfridge test, and a - Baillie-PSW test based on the strong Lucas-Selfridge test - should be more reliable. */ - - if ((e = mp_add_d(a, 1uL, &Np1)) != MP_OKAY) { - goto LBL_LS_ERR; - } - s = mp_cnt_lsb(&Np1); - - /* CZ - * This should round towards zero because - * Thomas R. Nicely used GMP's mpz_tdiv_q_2exp() - * and mp_div_2d() is equivalent. Additionally: - * dividing an even number by two does not produce - * any leftovers. - */ - if ((e = mp_div_2d(&Np1, s, &Dz, NULL)) != MP_OKAY) { - goto LBL_LS_ERR; - } - /* We must now compute U_d and V_d. Since d is odd, the accumulated - values U and V are initialized to U_1 and V_1 (if the target - index were even, U and V would be initialized instead to U_0=0 - and V_0=2). The values of U_2m and V_2m are also initialized to - U_1 and V_1; the FOR loop calculates in succession U_2 and V_2, - U_4 and V_4, U_8 and V_8, etc. If the corresponding bits - (1, 2, 3, ...) of t are on (the zero bit having been accounted - for in the initialization of U and V), these values are then - combined with the previous totals for U and V, using the - composition formulas for addition of indices. */ - - mp_set(&Uz, 1uL); /* U=U_1 */ - mp_set(&Vz, (mp_digit)P); /* V=V_1 */ - mp_set(&U2mz, 1uL); /* U_1 */ - mp_set(&V2mz, (mp_digit)P); /* V_1 */ - - if (Q < 0) { - Q = -Q; - if ((e = mp_set_long(&Qmz, (unsigned long)Q)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mul_2(&Qmz, &Q2mz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - /* Initializes calculation of Q^d */ - if ((e = mp_set_long(&Qkdz, (unsigned long)Q)) != MP_OKAY) { - goto LBL_LS_ERR; - } - Qmz.sign = MP_NEG; - Q2mz.sign = MP_NEG; - Qkdz.sign = MP_NEG; - Q = -Q; - } else { - if ((e = mp_set_long(&Qmz, (unsigned long)Q)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mul_2(&Qmz, &Q2mz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - /* Initializes calculation of Q^d */ - if ((e = mp_set_long(&Qkdz, (unsigned long)Q)) != MP_OKAY) { - goto LBL_LS_ERR; - } - } - - Nbits = mp_count_bits(&Dz); - - for (u = 1; u < Nbits; u++) { /* zero bit off, already accounted for */ - /* Formulas for doubling of indices (carried out mod N). Note that - * the indices denoted as "2m" are actually powers of 2, specifically - * 2^(ul-1) beginning each loop and 2^ul ending each loop. - * - * U_2m = U_m*V_m - * V_2m = V_m*V_m - 2*Q^m - */ - - if ((e = mp_mul(&U2mz, &V2mz, &U2mz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mod(&U2mz, a, &U2mz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_sqr(&V2mz, &V2mz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_sub(&V2mz, &Q2mz, &V2mz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mod(&V2mz, a, &V2mz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - /* Must calculate powers of Q for use in V_2m, also for Q^d later */ - if ((e = mp_sqr(&Qmz, &Qmz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - /* prevents overflow */ /* CZ still necessary without a fixed prealloc'd mem.? */ - if ((e = mp_mod(&Qmz, a, &Qmz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mul_2(&Qmz, &Q2mz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((isset = mp_get_bit(&Dz, u)) == MP_VAL) { - e = isset; - goto LBL_LS_ERR; - } - if (isset == MP_YES) { - /* Formulas for addition of indices (carried out mod N); - * - * U_(m+n) = (U_m*V_n + U_n*V_m)/2 - * V_(m+n) = (V_m*V_n + D*U_m*U_n)/2 - * - * Be careful with division by 2 (mod N)! - */ - if ((e = mp_mul(&U2mz, &Vz, &T1z)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mul(&Uz, &V2mz, &T2z)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mul(&V2mz, &Vz, &T3z)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mul(&U2mz, &Uz, &T4z)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = s_mp_mul_si(&T4z, (long)Ds, &T4z)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_add(&T1z, &T2z, &Uz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if (mp_isodd(&Uz) != MP_NO) { - if ((e = mp_add(&Uz, a, &Uz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - } - /* CZ - * This should round towards negative infinity because - * Thomas R. Nicely used GMP's mpz_fdiv_q_2exp(). - * But mp_div_2() does not do so, it is truncating instead. - */ - oddness = mp_isodd(&Uz); - if ((e = mp_div_2(&Uz, &Uz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((Uz.sign == MP_NEG) && (oddness != MP_NO)) { - if ((e = mp_sub_d(&Uz, 1uL, &Uz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - } - if ((e = mp_add(&T3z, &T4z, &Vz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if (mp_isodd(&Vz) != MP_NO) { - if ((e = mp_add(&Vz, a, &Vz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - } - oddness = mp_isodd(&Vz); - if ((e = mp_div_2(&Vz, &Vz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((Vz.sign == MP_NEG) && (oddness != MP_NO)) { - if ((e = mp_sub_d(&Vz, 1uL, &Vz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - } - if ((e = mp_mod(&Uz, a, &Uz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mod(&Vz, a, &Vz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - /* Calculating Q^d for later use */ - if ((e = mp_mul(&Qkdz, &Qmz, &Qkdz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mod(&Qkdz, a, &Qkdz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - } - } - - /* If U_d or V_d is congruent to 0 mod N, then N is a prime or a - strong Lucas pseudoprime. */ - if ((mp_iszero(&Uz) != MP_NO) || (mp_iszero(&Vz) != MP_NO)) { - *result = MP_YES; - goto LBL_LS_ERR; - } - - /* NOTE: Ribenboim ("The new book of prime number records," 3rd ed., - 1995/6) omits the condition V0 on p.142, but includes it on - p. 130. The condition is NECESSARY; otherwise the test will - return false negatives---e.g., the primes 29 and 2000029 will be - returned as composite. */ - - /* Otherwise, we must compute V_2d, V_4d, V_8d, ..., V_{2^(s-1)*d} - by repeated use of the formula V_2m = V_m*V_m - 2*Q^m. If any of - these are congruent to 0 mod N, then N is a prime or a strong - Lucas pseudoprime. */ - - /* Initialize 2*Q^(d*2^r) for V_2m */ - if ((e = mp_mul_2(&Qkdz, &Q2kdz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - - for (r = 1; r < s; r++) { - if ((e = mp_sqr(&Vz, &Vz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_sub(&Vz, &Q2kdz, &Vz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mod(&Vz, a, &Vz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if (mp_iszero(&Vz) != MP_NO) { - *result = MP_YES; - goto LBL_LS_ERR; - } - /* Calculate Q^{d*2^r} for next r (final iteration irrelevant). */ - if (r < (s - 1)) { - if ((e = mp_sqr(&Qkdz, &Qkdz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mod(&Qkdz, a, &Qkdz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - if ((e = mp_mul_2(&Qkdz, &Q2kdz)) != MP_OKAY) { - goto LBL_LS_ERR; - } - } - } -LBL_LS_ERR: - mp_clear_multi(&Q2kdz, &T4z, &T3z, &T2z, &T1z, &Qkdz, &Q2mz, &Qmz, &V2mz, &U2mz, &Vz, &Uz, &Np1, &gcd, &Dz, NULL); - return e; -} -#endif -#endif - -/* End: bn_mp_prime_strong_lucas_selfridge.c */ - -/* Start: bn_mp_radix_size.c */ - -/* returns size of ASCII reprensentation */ -int mp_radix_size(const mp_int *a, int radix, int *size) -{ - int res, digs; - mp_int t; - mp_digit d; - - *size = 0; - - /* make sure the radix is in range */ - if ((radix < 2) || (radix > 64)) { - return MP_VAL; - } - - if (mp_iszero(a) == MP_YES) { - *size = 2; - return MP_OKAY; - } - - /* special case for binary */ - if (radix == 2) { - *size = mp_count_bits(a) + ((a->sign == MP_NEG) ? 1 : 0) + 1; - return MP_OKAY; - } - - /* digs is the digit count */ - digs = 0; - - /* if it's negative add one for the sign */ - if (a->sign == MP_NEG) { - ++digs; - } - - /* init a copy of the input */ - if ((res = mp_init_copy(&t, a)) != MP_OKAY) { - return res; - } - - /* force temp to positive */ - t.sign = MP_ZPOS; - - /* fetch out all of the digits */ - while (mp_iszero(&t) == MP_NO) { - if ((res = mp_div_d(&t, (mp_digit)radix, &t, &d)) != MP_OKAY) { - mp_clear(&t); - return res; - } - ++digs; - } - mp_clear(&t); - - /* return digs + 1, the 1 is for the NULL byte that would be required. */ - *size = digs + 1; - return MP_OKAY; -} - -/* End: bn_mp_radix_size.c */ - -/* Start: bn_mp_radix_smap.c */ - -/* chars used in radix conversions */ -const char *const mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"; -const uint8_t mp_s_rmap_reverse[] = { - 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f, /* ()*+,-./ */ - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, /* 01234567 */ - 0x08, 0x09, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, /* 89:;<=>? */ - 0xff, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, /* @ABCDEFG */ - 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, /* HIJKLMNO */ - 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, /* PQRSTUVW */ - 0x21, 0x22, 0x23, 0xff, 0xff, 0xff, 0xff, 0xff, /* XYZ[\]^_ */ - 0xff, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, /* `abcdefg */ - 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32, /* hijklmno */ - 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, /* pqrstuvw */ - 0x3b, 0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff, /* xyz{|}~. */ -}; -const size_t mp_s_rmap_reverse_sz = sizeof(mp_s_rmap_reverse); - -/* End: bn_mp_radix_smap.c */ - -/* Start: bn_mp_rand.c */ - -/* First the OS-specific special cases - * - *BSD - * - Windows - */ -#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || defined(__DragonFly__) -#define MP_ARC4RANDOM -#define MP_GEN_RANDOM_MAX 0xffffffffu -#define MP_GEN_RANDOM_SHIFT 32 - -static int s_read_arc4random(mp_digit *p) -{ - mp_digit d = 0, msk = 0; - do { - d <<= MP_GEN_RANDOM_SHIFT; - d |= ((mp_digit) arc4random()); - msk <<= MP_GEN_RANDOM_SHIFT; - msk |= (MP_MASK & MP_GEN_RANDOM_MAX); - } while ((MP_MASK & msk) != MP_MASK); - *p = d; - return MP_OKAY; -} -#endif - -#if defined(_WIN32) || defined(_WIN32_WCE) -#define MP_WIN_CSP - -#ifndef _WIN32_WINNT -#define _WIN32_WINNT 0x0400 -#endif -#ifdef _WIN32_WCE -#define UNDER_CE -#define ARM -#endif - -#define WIN32_LEAN_AND_MEAN -#include <windows.h> -#include <ntsecapi.h> - -static int s_read_win_csp(mp_digit *p) -{ - int ret = -1; - if (RtlGenRandom(p, sizeof(*p)) == TRUE) { - ret = MP_OKAY; - } - return ret; -} -#endif /* WIN32 */ - -#if !defined(MP_WIN_CSP) && defined(__linux__) && defined(__GLIBC_PREREQ) -#if __GLIBC_PREREQ(2, 25) -#define MP_GETRANDOM -#include <sys/random.h> -#include <errno.h> - -static int s_read_getrandom(mp_digit *p) -{ - int ret; - do { - ret = getrandom(p, sizeof(*p), 0); - } while ((ret == -1) && (errno == EINTR)); - if (ret == sizeof(*p)) return MP_OKAY; - return -1; -} -#endif -#endif - -/* We assume all platforms besides windows provide "/dev/urandom". - * In case yours doesn't, define MP_NO_DEV_URANDOM at compile-time. - */ -#if !defined(MP_WIN_CSP) && !defined(MP_NO_DEV_URANDOM) -#ifndef MP_DEV_URANDOM -#define MP_DEV_URANDOM "/dev/urandom" -#endif -#include <fcntl.h> -#include <errno.h> -#include <unistd.h> - -static int s_read_dev_urandom(mp_digit *p) -{ - ssize_t r; - int fd; - do { - fd = open(MP_DEV_URANDOM, O_RDONLY); - } while ((fd == -1) && (errno == EINTR)); - if (fd == -1) return -1; - do { - r = read(fd, p, sizeof(*p)); - } while ((r == -1) && (errno == EINTR)); - close(fd); - if (r != sizeof(*p)) return -1; - return MP_OKAY; -} -#endif - -#if defined(MP_PRNG_ENABLE_LTM_RNG) -unsigned long (*ltm_rng)(unsigned char *out, unsigned long outlen, void (*callback)(void)); -void (*ltm_rng_callback)(void); - -static int s_read_ltm_rng(mp_digit *p) -{ - unsigned long ret; - if (ltm_rng == NULL) return -1; - ret = ltm_rng((void *)p, sizeof(*p), ltm_rng_callback); - if (ret != sizeof(*p)) return -1; - return MP_OKAY; -} -#endif - -static int s_rand_digit(mp_digit *p) -{ - int ret = -1; - -#if defined(MP_ARC4RANDOM) - ret = s_read_arc4random(p); - if (ret == MP_OKAY) return ret; -#endif - -#if defined(MP_WIN_CSP) - ret = s_read_win_csp(p); - if (ret == MP_OKAY) return ret; -#else - -#if defined(MP_GETRANDOM) - ret = s_read_getrandom(p); - if (ret == MP_OKAY) return ret; -#endif -#if defined(MP_DEV_URANDOM) - ret = s_read_dev_urandom(p); - if (ret == MP_OKAY) return ret; -#endif - -#endif /* MP_WIN_CSP */ - -#if defined(MP_PRNG_ENABLE_LTM_RNG) - ret = s_read_ltm_rng(p); - if (ret == MP_OKAY) return ret; -#endif - - return ret; -} - -/* makes a pseudo-random int of a given size */ -int mp_rand_digit(mp_digit *r) -{ - int ret = s_rand_digit(r); - *r &= MP_MASK; - return ret; -} - -int mp_rand(mp_int *a, int digits) -{ - int res; - mp_digit d; - - mp_zero(a); - if (digits <= 0) { - return MP_OKAY; - } - - /* first place a random non-zero digit */ - do { - if (mp_rand_digit(&d) != MP_OKAY) { - return MP_VAL; - } - } while (d == 0u); - - if ((res = mp_add_d(a, d, a)) != MP_OKAY) { - return res; - } - - while (--digits > 0) { - if ((res = mp_lshd(a, 1)) != MP_OKAY) { - return res; - } - - if (mp_rand_digit(&d) != MP_OKAY) { - return MP_VAL; - } - if ((res = mp_add_d(a, d, a)) != MP_OKAY) { - return res; - } - } - - return MP_OKAY; -} - -/* Start: bn_mp_read_radix.c */ - -/* read a string [ASCII] in a given radix */ -int mp_read_radix(mp_int *a, const char *str, int radix) -{ - int y, res, neg; - unsigned pos; - char ch; - - /* zero the digit bignum */ - mp_zero(a); - - /* make sure the radix is ok */ - if ((radix < 2) || (radix > 64)) { - return MP_VAL; - } - - /* if the leading digit is a - * minus set the sign to negative. - */ - if (*str == '-') { - ++str; - neg = MP_NEG; - } else { - neg = MP_ZPOS; - } - - /* set the integer to the default of zero */ - mp_zero(a); - - /* process each digit of the string */ - while (*str != '\0') { - /* if the radix <= 36 the conversion is case insensitive - * this allows numbers like 1AB and 1ab to represent the same value - * [e.g. in hex] - */ - ch = (radix <= 36) ? (char)toupper((int)*str) : *str; - pos = (unsigned)(ch - '('); - if (mp_s_rmap_reverse_sz < pos) { - break; - } - y = (int)mp_s_rmap_reverse[pos]; - - /* if the char was found in the map - * and is less than the given radix add it - * to the number, otherwise exit the loop. - */ - if ((y == 0xff) || (y >= radix)) { - break; - } - if ((res = mp_mul_d(a, (mp_digit)radix, a)) != MP_OKAY) { - return res; - } - if ((res = mp_add_d(a, (mp_digit)y, a)) != MP_OKAY) { - return res; - } - ++str; - } - - /* if an illegal character was found, fail. */ - if (!((*str == '\0') || (*str == '\r') || (*str == '\n'))) { - mp_zero(a); - return MP_VAL; - } - - /* set the sign only if a != 0 */ - if (mp_iszero(a) != MP_YES) { - a->sign = neg; - } - return MP_OKAY; -} - -/* End: bn_mp_read_radix.c */ - -/* Start: bn_mp_read_signed_bin.c */ - -/* read signed bin, big endian, first byte is 0==positive or 1==negative */ -int mp_read_signed_bin(mp_int *a, const unsigned char *b, int c) -{ - int res; - - /* read magnitude */ - if ((res = mp_read_unsigned_bin(a, b + 1, c - 1)) != MP_OKAY) { - return res; - } - - /* first byte is 0 for positive, non-zero for negative */ - if (b[0] == (unsigned char)0) { - a->sign = MP_ZPOS; - } else { - a->sign = MP_NEG; - } - - return MP_OKAY; -} - -/* End: bn_mp_read_signed_bin.c */ - -/* Start: bn_mp_read_unsigned_bin.c */ - -/* reads a unsigned char array, assumes the msb is stored first [big endian] */ -int mp_read_unsigned_bin(mp_int *a, const unsigned char *b, int c) -{ - int res; - - /* make sure there are at least two digits */ - if (a->alloc < 2) { - if ((res = mp_grow(a, 2)) != MP_OKAY) { - return res; - } - } - - /* zero the int */ - mp_zero(a); - - /* read the bytes in */ - while (c-- > 0) { - if ((res = mp_mul_2d(a, 8, a)) != MP_OKAY) { - return res; - } - -#ifndef MP_8BIT - a->dp[0] |= *b++; - a->used += 1; -#else - a->dp[0] = (*b & MP_MASK); - a->dp[1] |= ((*b++ >> 7) & 1u); - a->used += 2; -#endif - } - mp_clamp(a); - return MP_OKAY; -} - -/* End: bn_mp_read_unsigned_bin.c */ - -/* Start: bn_mp_reduce.c */ - -/* reduces x mod m, assumes 0 < x < m**2, mu is - * precomputed via mp_reduce_setup. - * From HAC pp.604 Algorithm 14.42 - */ -int mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu) -{ - mp_int q; - int res, um = m->used; - - /* q = x */ - if ((res = mp_init_copy(&q, x)) != MP_OKAY) { - return res; - } - - /* q1 = x / b**(k-1) */ - mp_rshd(&q, um - 1); - - /* according to HAC this optimization is ok */ - if ((mp_digit)um > ((mp_digit)1 << (DIGIT_BIT - 1))) { - if ((res = mp_mul(&q, mu, &q)) != MP_OKAY) { - goto CLEANUP; - } - } else { - if ((res = s_mp_mul_high_digs(&q, mu, &q, um)) != MP_OKAY) { - goto CLEANUP; - } - } - - /* q3 = q2 / b**(k+1) */ - mp_rshd(&q, um + 1); - - /* x = x mod b**(k+1), quick (no division) */ - if ((res = mp_mod_2d(x, DIGIT_BIT * (um + 1), x)) != MP_OKAY) { - goto CLEANUP; - } - - /* q = q * m mod b**(k+1), quick (no division) */ - if ((res = s_mp_mul_digs(&q, m, &q, um + 1)) != MP_OKAY) { - goto CLEANUP; - } - - /* x = x - q */ - if ((res = mp_sub(x, &q, x)) != MP_OKAY) { - goto CLEANUP; - } - - /* If x < 0, add b**(k+1) to it */ - if (mp_cmp_d(x, 0uL) == MP_LT) { - mp_set(&q, 1uL); - if ((res = mp_lshd(&q, um + 1)) != MP_OKAY) - goto CLEANUP; - if ((res = mp_add(x, &q, x)) != MP_OKAY) - goto CLEANUP; - } - - /* Back off if it's too big */ - while (mp_cmp(x, m) != MP_LT) { - if ((res = s_mp_sub(x, m, x)) != MP_OKAY) { - goto CLEANUP; - } - } - -CLEANUP: - mp_clear(&q); - - return res; -} - -/* End: bn_mp_reduce.c */ - -/* Start: bn_mp_reduce_2k.c */ - -/* reduces a modulo n where n is of the form 2**p - d */ -int mp_reduce_2k(mp_int *a, const mp_int *n, mp_digit d) -{ - mp_int q; - int p, res; - - if ((res = mp_init(&q)) != MP_OKAY) { - return res; - } - - p = mp_count_bits(n); -top: - /* q = a/2**p, a = a mod 2**p */ - if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) { - goto LBL_ERR; - } - - if (d != 1u) { - /* q = q * d */ - if ((res = mp_mul_d(&q, d, &q)) != MP_OKAY) { - goto LBL_ERR; - } - } - - /* a = a + q */ - if ((res = s_mp_add(a, &q, a)) != MP_OKAY) { - goto LBL_ERR; - } - - if (mp_cmp_mag(a, n) != MP_LT) { - if ((res = s_mp_sub(a, n, a)) != MP_OKAY) { - goto LBL_ERR; - } - goto top; - } - -LBL_ERR: - mp_clear(&q); - return res; -} - -/* End: bn_mp_reduce_2k.c */ - -/* Start: bn_mp_reduce_2k_l.c */ - -/* reduces a modulo n where n is of the form 2**p - d - This differs from reduce_2k since "d" can be larger - than a single digit. -*/ -int mp_reduce_2k_l(mp_int *a, const mp_int *n, const mp_int *d) -{ - mp_int q; - int p, res; - - if ((res = mp_init(&q)) != MP_OKAY) { - return res; - } - - p = mp_count_bits(n); -top: - /* q = a/2**p, a = a mod 2**p */ - if ((res = mp_div_2d(a, p, &q, a)) != MP_OKAY) { - goto LBL_ERR; - } - - /* q = q * d */ - if ((res = mp_mul(&q, d, &q)) != MP_OKAY) { - goto LBL_ERR; - } - - /* a = a + q */ - if ((res = s_mp_add(a, &q, a)) != MP_OKAY) { - goto LBL_ERR; - } - - if (mp_cmp_mag(a, n) != MP_LT) { - if ((res = s_mp_sub(a, n, a)) != MP_OKAY) { - goto LBL_ERR; - } - goto top; - } - -LBL_ERR: - mp_clear(&q); - return res; -} - -/* End: bn_mp_reduce_2k_l.c */ - -/* Start: bn_mp_reduce_2k_setup.c */ - -/* determines the setup value */ -int mp_reduce_2k_setup(const mp_int *a, mp_digit *d) -{ - int res, p; - mp_int tmp; - - if ((res = mp_init(&tmp)) != MP_OKAY) { - return res; - } - - p = mp_count_bits(a); - if ((res = mp_2expt(&tmp, p)) != MP_OKAY) { - mp_clear(&tmp); - return res; - } - - if ((res = s_mp_sub(&tmp, a, &tmp)) != MP_OKAY) { - mp_clear(&tmp); - return res; - } - - *d = tmp.dp[0]; - mp_clear(&tmp); - return MP_OKAY; -} - -/* End: bn_mp_reduce_2k_setup.c */ - -/* Start: bn_mp_reduce_2k_setup_l.c */ - -/* determines the setup value */ -int mp_reduce_2k_setup_l(const mp_int *a, mp_int *d) -{ - int res; - mp_int tmp; - - if ((res = mp_init(&tmp)) != MP_OKAY) { - return res; - } - - if ((res = mp_2expt(&tmp, mp_count_bits(a))) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = s_mp_sub(&tmp, a, d)) != MP_OKAY) { - goto LBL_ERR; - } - -LBL_ERR: - mp_clear(&tmp); - return res; -} - -/* End: bn_mp_reduce_2k_setup_l.c */ - -/* Start: bn_mp_reduce_is_2k.c */ - -/* determines if mp_reduce_2k can be used */ -int mp_reduce_is_2k(const mp_int *a) -{ - int ix, iy, iw; - mp_digit iz; - - if (a->used == 0) { - return MP_NO; - } else if (a->used == 1) { - return MP_YES; - } else if (a->used > 1) { - iy = mp_count_bits(a); - iz = 1; - iw = 1; - - /* Test every bit from the second digit up, must be 1 */ - for (ix = DIGIT_BIT; ix < iy; ix++) { - if ((a->dp[iw] & iz) == 0u) { - return MP_NO; - } - iz <<= 1; - if (iz > (mp_digit)MP_MASK) { - ++iw; - iz = 1; - } - } - } - return MP_YES; -} - -/* End: bn_mp_reduce_is_2k.c */ - -/* Start: bn_mp_reduce_is_2k_l.c */ - -/* determines if reduce_2k_l can be used */ -int mp_reduce_is_2k_l(const mp_int *a) -{ - int ix, iy; - - if (a->used == 0) { - return MP_NO; - } else if (a->used == 1) { - return MP_YES; - } else if (a->used > 1) { - /* if more than half of the digits are -1 we're sold */ - for (iy = ix = 0; ix < a->used; ix++) { - if (a->dp[ix] == MP_MASK) { - ++iy; - } - } - return (iy >= (a->used/2)) ? MP_YES : MP_NO; - - } - return MP_NO; -} - -/* End: bn_mp_reduce_is_2k_l.c */ - -/* Start: bn_mp_reduce_setup.c */ - -/* pre-calculate the value required for Barrett reduction - * For a given modulus "b" it calulates the value required in "a" - */ -int mp_reduce_setup(mp_int *a, const mp_int *b) -{ - int res; - - if ((res = mp_2expt(a, b->used * 2 * DIGIT_BIT)) != MP_OKAY) { - return res; - } - return mp_div(a, b, a, NULL); -} - -/* End: bn_mp_reduce_setup.c */ - -/* Start: bn_mp_rshd.c */ - -/* shift right a certain amount of digits */ -void mp_rshd(mp_int *a, int b) -{ - int x; - - /* if b <= 0 then ignore it */ - if (b <= 0) { - return; - } - - /* if b > used then simply zero it and return */ - if (a->used <= b) { - mp_zero(a); - return; - } - - { - mp_digit *bottom, *top; - - /* shift the digits down */ - - /* bottom */ - bottom = a->dp; - - /* top [offset into digits] */ - top = a->dp + b; - - /* this is implemented as a sliding window where - * the window is b-digits long and digits from - * the top of the window are copied to the bottom - * - * e.g. - - b-2 | b-1 | b0 | b1 | b2 | ... | bb | ----> - /\ | ----> - \-------------------/ ----> - */ - for (x = 0; x < (a->used - b); x++) { - *bottom++ = *top++; - } - - /* zero the top digits */ - for (; x < a->used; x++) { - *bottom++ = 0; - } - } - - /* remove excess digits */ - a->used -= b; -} - -/* End: bn_mp_rshd.c */ - -/* Start: bn_mp_set.c */ - -/* set to a digit */ -void mp_set(mp_int *a, mp_digit b) -{ - mp_zero(a); - a->dp[0] = b & MP_MASK; - a->used = (a->dp[0] != 0u) ? 1 : 0; -} - -/* End: bn_mp_set.c */ - -/* Start: bn_mp_set_int.c */ - -/* set a 32-bit const */ -int mp_set_int(mp_int *a, unsigned long b) -{ - int x, res; - - mp_zero(a); - - /* set four bits at a time */ - for (x = 0; x < 8; x++) { - /* shift the number up four bits */ - if ((res = mp_mul_2d(a, 4, a)) != MP_OKAY) { - return res; - } - - /* OR in the top four bits of the source */ - a->dp[0] |= (mp_digit)(b >> 28) & 15uL; - - /* shift the source up to the next four bits */ - b <<= 4; - - /* ensure that digits are not clamped off */ - a->used += 1; - } - mp_clamp(a); - return MP_OKAY; -} - -/* End: bn_mp_set_int.c */ - -/* Start: bn_mp_set_long.c */ - -/* set a platform dependent unsigned long int */ -MP_SET_XLONG(mp_set_long, unsigned long) - -/* End: bn_mp_set_long.c */ - -/* Start: bn_mp_set_long_long.c */ - -/* set a platform dependent unsigned long long int */ -MP_SET_XLONG(mp_set_long_long, unsigned long long) - -/* End: bn_mp_set_long_long.c */ - -/* Start: bn_mp_shrink.c */ - -/* shrink a bignum */ -int mp_shrink(mp_int *a) -{ - mp_digit *tmp; - int used = 1; - - if (a->used > 0) { - used = a->used; - } - - if (a->alloc != used) { - if ((tmp = OPT_CAST(mp_digit) XREALLOC(a->dp, sizeof(mp_digit) * (size_t)used)) == NULL) { - return MP_MEM; - } - a->dp = tmp; - a->alloc = used; - } - return MP_OKAY; -} - -/* End: bn_mp_shrink.c */ - -/* Start: bn_mp_signed_bin_size.c */ - -/* get the size for an signed equivalent */ -int mp_signed_bin_size(const mp_int *a) -{ - return 1 + mp_unsigned_bin_size(a); -} - -/* End: bn_mp_signed_bin_size.c */ - -/* Start: bn_mp_sqr.c */ - -/* computes b = a*a */ -int mp_sqr(const mp_int *a, mp_int *b) -{ - int res; - - /* use Toom-Cook? */ - if (a->used >= TOOM_SQR_CUTOFF) { - res = mp_toom_sqr(a, b); - /* Karatsuba? */ - } else - if (a->used >= KARATSUBA_SQR_CUTOFF) { - res = mp_karatsuba_sqr(a, b); - } else - { - /* can we use the fast comba multiplier? */ - if ((((a->used * 2) + 1) < (int)MP_WARRAY) && - (a->used < - (int)(1u << (((sizeof(mp_word) * (size_t)CHAR_BIT) - (2u * (size_t)DIGIT_BIT)) - 1u)))) { - res = fast_s_mp_sqr(a, b); - } else - { - res = s_mp_sqr(a, b); - } - } - b->sign = MP_ZPOS; - return res; -} - -/* End: bn_mp_sqr.c */ - -/* Start: bn_mp_sqrmod.c */ - -/* c = a * a (mod b) */ -int mp_sqrmod(const mp_int *a, const mp_int *b, mp_int *c) -{ - int res; - mp_int t; - - if ((res = mp_init(&t)) != MP_OKAY) { - return res; - } - - if ((res = mp_sqr(a, &t)) != MP_OKAY) { - mp_clear(&t); - return res; - } - res = mp_mod(&t, b, c); - mp_clear(&t); - return res; -} - -/* End: bn_mp_sqrmod.c */ - -/* Start: bn_mp_sqrt.c */ - -/* this function is less generic than mp_n_root, simpler and faster */ -int mp_sqrt(const mp_int *arg, mp_int *ret) -{ - int res; - mp_int t1, t2; - - /* must be positive */ - if (arg->sign == MP_NEG) { - return MP_VAL; - } - - /* easy out */ - if (mp_iszero(arg) == MP_YES) { - mp_zero(ret); - return MP_OKAY; - } - - if ((res = mp_init_copy(&t1, arg)) != MP_OKAY) { - return res; - } - - if ((res = mp_init(&t2)) != MP_OKAY) { - goto E2; - } - - /* First approx. (not very bad for large arg) */ - mp_rshd(&t1, t1.used/2); - - /* t1 > 0 */ - if ((res = mp_div(arg, &t1, &t2, NULL)) != MP_OKAY) { - goto E1; - } - if ((res = mp_add(&t1, &t2, &t1)) != MP_OKAY) { - goto E1; - } - if ((res = mp_div_2(&t1, &t1)) != MP_OKAY) { - goto E1; - } - /* And now t1 > sqrt(arg) */ - do { - if ((res = mp_div(arg, &t1, &t2, NULL)) != MP_OKAY) { - goto E1; - } - if ((res = mp_add(&t1, &t2, &t1)) != MP_OKAY) { - goto E1; - } - if ((res = mp_div_2(&t1, &t1)) != MP_OKAY) { - goto E1; - } - /* t1 >= sqrt(arg) >= t2 at this point */ - } while (mp_cmp_mag(&t1, &t2) == MP_GT); - - mp_exch(&t1, ret); - -E1: - mp_clear(&t2); -E2: - mp_clear(&t1); - return res; -} - -/* End: bn_mp_sqrt.c */ - -/* Start: bn_mp_sqrtmod_prime.c */ - -/* Tonelli-Shanks algorithm - * https://en.wikipedia.org/wiki/Tonelli%E2%80%93Shanks_algorithm - * https://gmplib.org/list-archives/gmp-discuss/2013-April/005300.html - * - */ - -int mp_sqrtmod_prime(const mp_int *n, const mp_int *prime, mp_int *ret) -{ - int res, legendre; - mp_int t1, C, Q, S, Z, M, T, R, two; - mp_digit i; - - /* first handle the simple cases */ - if (mp_cmp_d(n, 0uL) == MP_EQ) { - mp_zero(ret); - return MP_OKAY; - } - if (mp_cmp_d(prime, 2uL) == MP_EQ) return MP_VAL; /* prime must be odd */ - if ((res = mp_jacobi(n, prime, &legendre)) != MP_OKAY) return res; - if (legendre == -1) return MP_VAL; /* quadratic non-residue mod prime */ - - if ((res = mp_init_multi(&t1, &C, &Q, &S, &Z, &M, &T, &R, &two, NULL)) != MP_OKAY) { - return res; - } - - /* SPECIAL CASE: if prime mod 4 == 3 - * compute directly: res = n^(prime+1)/4 mod prime - * Handbook of Applied Cryptography algorithm 3.36 - */ - if ((res = mp_mod_d(prime, 4uL, &i)) != MP_OKAY) goto cleanup; - if (i == 3u) { - if ((res = mp_add_d(prime, 1uL, &t1)) != MP_OKAY) goto cleanup; - if ((res = mp_div_2(&t1, &t1)) != MP_OKAY) goto cleanup; - if ((res = mp_div_2(&t1, &t1)) != MP_OKAY) goto cleanup; - if ((res = mp_exptmod(n, &t1, prime, ret)) != MP_OKAY) goto cleanup; - res = MP_OKAY; - goto cleanup; - } - - /* NOW: Tonelli-Shanks algorithm */ - - /* factor out powers of 2 from prime-1, defining Q and S as: prime-1 = Q*2^S */ - if ((res = mp_copy(prime, &Q)) != MP_OKAY) goto cleanup; - if ((res = mp_sub_d(&Q, 1uL, &Q)) != MP_OKAY) goto cleanup; - /* Q = prime - 1 */ - mp_zero(&S); - /* S = 0 */ - while (mp_iseven(&Q) != MP_NO) { - if ((res = mp_div_2(&Q, &Q)) != MP_OKAY) goto cleanup; - /* Q = Q / 2 */ - if ((res = mp_add_d(&S, 1uL, &S)) != MP_OKAY) goto cleanup; - /* S = S + 1 */ - } - - /* find a Z such that the Legendre symbol (Z|prime) == -1 */ - if ((res = mp_set_int(&Z, 2uL)) != MP_OKAY) goto cleanup; - /* Z = 2 */ - while (1) { - if ((res = mp_jacobi(&Z, prime, &legendre)) != MP_OKAY) goto cleanup; - if (legendre == -1) break; - if ((res = mp_add_d(&Z, 1uL, &Z)) != MP_OKAY) goto cleanup; - /* Z = Z + 1 */ - } - - if ((res = mp_exptmod(&Z, &Q, prime, &C)) != MP_OKAY) goto cleanup; - /* C = Z ^ Q mod prime */ - if ((res = mp_add_d(&Q, 1uL, &t1)) != MP_OKAY) goto cleanup; - if ((res = mp_div_2(&t1, &t1)) != MP_OKAY) goto cleanup; - /* t1 = (Q + 1) / 2 */ - if ((res = mp_exptmod(n, &t1, prime, &R)) != MP_OKAY) goto cleanup; - /* R = n ^ ((Q + 1) / 2) mod prime */ - if ((res = mp_exptmod(n, &Q, prime, &T)) != MP_OKAY) goto cleanup; - /* T = n ^ Q mod prime */ - if ((res = mp_copy(&S, &M)) != MP_OKAY) goto cleanup; - /* M = S */ - if ((res = mp_set_int(&two, 2uL)) != MP_OKAY) goto cleanup; - - res = MP_VAL; - while (1) { - if ((res = mp_copy(&T, &t1)) != MP_OKAY) goto cleanup; - i = 0; - while (1) { - if (mp_cmp_d(&t1, 1uL) == MP_EQ) break; - if ((res = mp_exptmod(&t1, &two, prime, &t1)) != MP_OKAY) goto cleanup; - i++; - } - if (i == 0u) { - if ((res = mp_copy(&R, ret)) != MP_OKAY) goto cleanup; - res = MP_OKAY; - goto cleanup; - } - if ((res = mp_sub_d(&M, i, &t1)) != MP_OKAY) goto cleanup; - if ((res = mp_sub_d(&t1, 1uL, &t1)) != MP_OKAY) goto cleanup; - if ((res = mp_exptmod(&two, &t1, prime, &t1)) != MP_OKAY) goto cleanup; - /* t1 = 2 ^ (M - i - 1) */ - if ((res = mp_exptmod(&C, &t1, prime, &t1)) != MP_OKAY) goto cleanup; - /* t1 = C ^ (2 ^ (M - i - 1)) mod prime */ - if ((res = mp_sqrmod(&t1, prime, &C)) != MP_OKAY) goto cleanup; - /* C = (t1 * t1) mod prime */ - if ((res = mp_mulmod(&R, &t1, prime, &R)) != MP_OKAY) goto cleanup; - /* R = (R * t1) mod prime */ - if ((res = mp_mulmod(&T, &C, prime, &T)) != MP_OKAY) goto cleanup; - /* T = (T * C) mod prime */ - mp_set(&M, i); - /* M = i */ - } - -cleanup: - mp_clear_multi(&t1, &C, &Q, &S, &Z, &M, &T, &R, &two, NULL); - return res; -} - -/* End: bn_mp_sqrtmod_prime.c */ - -/* Start: bn_mp_sub.c */ - -/* high level subtraction (handles signs) */ -int mp_sub(const mp_int *a, const mp_int *b, mp_int *c) -{ - int sa, sb, res; - - sa = a->sign; - sb = b->sign; - - if (sa != sb) { - /* subtract a negative from a positive, OR */ - /* subtract a positive from a negative. */ - /* In either case, ADD their magnitudes, */ - /* and use the sign of the first number. */ - c->sign = sa; - res = s_mp_add(a, b, c); - } else { - /* subtract a positive from a positive, OR */ - /* subtract a negative from a negative. */ - /* First, take the difference between their */ - /* magnitudes, then... */ - if (mp_cmp_mag(a, b) != MP_LT) { - /* Copy the sign from the first */ - c->sign = sa; - /* The first has a larger or equal magnitude */ - res = s_mp_sub(a, b, c); - } else { - /* The result has the *opposite* sign from */ - /* the first number. */ - c->sign = (sa == MP_ZPOS) ? MP_NEG : MP_ZPOS; - /* The second has a larger magnitude */ - res = s_mp_sub(b, a, c); - } - } - return res; -} - -/* End: bn_mp_sub.c */ - -/* Start: bn_mp_sub_d.c */ - -/* single digit subtraction */ -int mp_sub_d(const mp_int *a, mp_digit b, mp_int *c) -{ - mp_digit *tmpa, *tmpc, mu; - int res, ix, oldused; - - /* grow c as required */ - if (c->alloc < (a->used + 1)) { - if ((res = mp_grow(c, a->used + 1)) != MP_OKAY) { - return res; - } - } - - /* if a is negative just do an unsigned - * addition [with fudged signs] - */ - if (a->sign == MP_NEG) { - mp_int a_ = *a; - a_.sign = MP_ZPOS; - res = mp_add_d(&a_, b, c); - c->sign = MP_NEG; - - /* clamp */ - mp_clamp(c); - - return res; - } - - /* setup regs */ - oldused = c->used; - tmpa = a->dp; - tmpc = c->dp; - - /* if a <= b simply fix the single digit */ - if (((a->used == 1) && (a->dp[0] <= b)) || (a->used == 0)) { - if (a->used == 1) { - *tmpc++ = b - *tmpa; - } else { - *tmpc++ = b; - } - ix = 1; - - /* negative/1digit */ - c->sign = MP_NEG; - c->used = 1; - } else { - /* positive/size */ - c->sign = MP_ZPOS; - c->used = a->used; - - /* subtract first digit */ - *tmpc = *tmpa++ - b; - mu = *tmpc >> ((sizeof(mp_digit) * (size_t)CHAR_BIT) - 1u); - *tmpc++ &= MP_MASK; - - /* handle rest of the digits */ - for (ix = 1; ix < a->used; ix++) { - *tmpc = *tmpa++ - mu; - mu = *tmpc >> ((sizeof(mp_digit) * (size_t)CHAR_BIT) - 1u); - *tmpc++ &= MP_MASK; - } - } - - /* zero excess digits */ - while (ix++ < oldused) { - *tmpc++ = 0; - } - mp_clamp(c); - return MP_OKAY; -} - -/* End: bn_mp_sub_d.c */ - -/* Start: bn_mp_submod.c */ - -/* d = a - b (mod c) */ -int mp_submod(const mp_int *a, const mp_int *b, const mp_int *c, mp_int *d) -{ - int res; - mp_int t; - - - if ((res = mp_init(&t)) != MP_OKAY) { - return res; - } - - if ((res = mp_sub(a, b, &t)) != MP_OKAY) { - mp_clear(&t); - return res; - } - res = mp_mod(&t, c, d); - mp_clear(&t); - return res; -} - -/* End: bn_mp_submod.c */ - -/* Start: bn_mp_tc_and.c */ - -/* two complement and */ -int mp_tc_and(const mp_int *a, const mp_int *b, mp_int *c) -{ - int res = MP_OKAY, bits, abits, bbits; - int as = mp_isneg(a), bs = mp_isneg(b); - mp_int *mx = NULL, _mx, acpy, bcpy; - - if ((as != MP_NO) || (bs != MP_NO)) { - abits = mp_count_bits(a); - bbits = mp_count_bits(b); - bits = MAX(abits, bbits); - res = mp_init_set_int(&_mx, 1uL); - if (res != MP_OKAY) { - goto end; - } - - mx = &_mx; - res = mp_mul_2d(mx, bits + 1, mx); - if (res != MP_OKAY) { - goto end; - } - - if (as != MP_NO) { - res = mp_init(&acpy); - if (res != MP_OKAY) { - goto end; - } - - res = mp_add(mx, a, &acpy); - if (res != MP_OKAY) { - mp_clear(&acpy); - goto end; - } - a = &acpy; - } - if (bs != MP_NO) { - res = mp_init(&bcpy); - if (res != MP_OKAY) { - goto end; - } - - res = mp_add(mx, b, &bcpy); - if (res != MP_OKAY) { - mp_clear(&bcpy); - goto end; - } - b = &bcpy; - } - } - - res = mp_and(a, b, c); - - if ((as != MP_NO) && (bs != MP_NO) && (res == MP_OKAY)) { - res = mp_sub(c, mx, c); - } - -end: - if (a == &acpy) { - mp_clear(&acpy); - } - - if (b == &bcpy) { - mp_clear(&bcpy); - } - - if (mx == &_mx) { - mp_clear(mx); - } - - return res; -} - -/* End: bn_mp_tc_and.c */ - -/* Start: bn_mp_tc_div_2d.c */ - -/* two complement right shift */ -int mp_tc_div_2d(const mp_int *a, int b, mp_int *c) -{ - int res; - if (mp_isneg(a) == MP_NO) { - return mp_div_2d(a, b, c, NULL); - } - - res = mp_add_d(a, 1uL, c); - if (res != MP_OKAY) { - return res; - } - - res = mp_div_2d(c, b, c, NULL); - return (res == MP_OKAY) ? mp_sub_d(c, 1uL, c) : res; -} - -/* End: bn_mp_tc_div_2d.c */ - -/* Start: bn_mp_tc_or.c */ - -/* two complement or */ -int mp_tc_or(const mp_int *a, const mp_int *b, mp_int *c) -{ - int res = MP_OKAY, bits, abits, bbits; - int as = mp_isneg(a), bs = mp_isneg(b); - mp_int *mx = NULL, _mx, acpy, bcpy; - - if ((as != MP_NO) || (bs != MP_NO)) { - abits = mp_count_bits(a); - bbits = mp_count_bits(b); - bits = MAX(abits, bbits); - res = mp_init_set_int(&_mx, 1uL); - if (res != MP_OKAY) { - goto end; - } - - mx = &_mx; - res = mp_mul_2d(mx, bits + 1, mx); - if (res != MP_OKAY) { - goto end; - } - - if (as != MP_NO) { - res = mp_init(&acpy); - if (res != MP_OKAY) { - goto end; - } - - res = mp_add(mx, a, &acpy); - if (res != MP_OKAY) { - mp_clear(&acpy); - goto end; - } - a = &acpy; - } - if (bs != MP_NO) { - res = mp_init(&bcpy); - if (res != MP_OKAY) { - goto end; - } - - res = mp_add(mx, b, &bcpy); - if (res != MP_OKAY) { - mp_clear(&bcpy); - goto end; - } - b = &bcpy; - } - } - - res = mp_or(a, b, c); - - if (((as != MP_NO) || (bs != MP_NO)) && (res == MP_OKAY)) { - res = mp_sub(c, mx, c); - } - -end: - if (a == &acpy) { - mp_clear(&acpy); - } - - if (b == &bcpy) { - mp_clear(&bcpy); - } - - if (mx == &_mx) { - mp_clear(mx); - } - - return res; -} - -/* End: bn_mp_tc_or.c */ - -/* Start: bn_mp_tc_xor.c */ - -/* two complement xor */ -int mp_tc_xor(const mp_int *a, const mp_int *b, mp_int *c) -{ - int res = MP_OKAY, bits, abits, bbits; - int as = mp_isneg(a), bs = mp_isneg(b); - mp_int *mx = NULL, _mx, acpy, bcpy; - - if ((as != MP_NO) || (bs != MP_NO)) { - abits = mp_count_bits(a); - bbits = mp_count_bits(b); - bits = MAX(abits, bbits); - res = mp_init_set_int(&_mx, 1uL); - if (res != MP_OKAY) { - goto end; - } - - mx = &_mx; - res = mp_mul_2d(mx, bits + 1, mx); - if (res != MP_OKAY) { - goto end; - } - - if (as != MP_NO) { - res = mp_init(&acpy); - if (res != MP_OKAY) { - goto end; - } - - res = mp_add(mx, a, &acpy); - if (res != MP_OKAY) { - mp_clear(&acpy); - goto end; - } - a = &acpy; - } - if (bs != MP_NO) { - res = mp_init(&bcpy); - if (res != MP_OKAY) { - goto end; - } - - res = mp_add(mx, b, &bcpy); - if (res != MP_OKAY) { - mp_clear(&bcpy); - goto end; - } - b = &bcpy; - } - } - - res = mp_xor(a, b, c); - - if ((as != bs) && (res == MP_OKAY)) { - res = mp_sub(c, mx, c); - } - -end: - if (a == &acpy) { - mp_clear(&acpy); - } - - if (b == &bcpy) { - mp_clear(&bcpy); - } - - if (mx == &_mx) { - mp_clear(mx); - } - - return res; -} - -/* End: bn_mp_tc_xor.c */ - -/* Start: bn_mp_to_signed_bin.c */ - -/* store in signed [big endian] format */ -int mp_to_signed_bin(const mp_int *a, unsigned char *b) -{ - int res; - - if ((res = mp_to_unsigned_bin(a, b + 1)) != MP_OKAY) { - return res; - } - b[0] = (a->sign == MP_ZPOS) ? (unsigned char)0 : (unsigned char)1; - return MP_OKAY; -} - -/* End: bn_mp_to_signed_bin.c */ - -/* Start: bn_mp_to_signed_bin_n.c */ - -/* store in signed [big endian] format */ -int mp_to_signed_bin_n(const mp_int *a, unsigned char *b, unsigned long *outlen) -{ - if (*outlen < (unsigned long)mp_signed_bin_size(a)) { - return MP_VAL; - } - *outlen = (unsigned long)mp_signed_bin_size(a); - return mp_to_signed_bin(a, b); -} - -/* End: bn_mp_to_signed_bin_n.c */ - -/* Start: bn_mp_to_unsigned_bin.c */ - -/* store in unsigned [big endian] format */ -int mp_to_unsigned_bin(const mp_int *a, unsigned char *b) -{ - int x, res; - mp_int t; - - if ((res = mp_init_copy(&t, a)) != MP_OKAY) { - return res; - } - - x = 0; - while (mp_iszero(&t) == MP_NO) { -#ifndef MP_8BIT - b[x++] = (unsigned char)(t.dp[0] & 255u); -#else - b[x++] = (unsigned char)(t.dp[0] | ((t.dp[1] & 1u) << 7)); -#endif - if ((res = mp_div_2d(&t, 8, &t, NULL)) != MP_OKAY) { - mp_clear(&t); - return res; - } - } - bn_reverse(b, x); - mp_clear(&t); - return MP_OKAY; -} - -/* End: bn_mp_to_unsigned_bin.c */ - -/* Start: bn_mp_to_unsigned_bin_n.c */ - -/* store in unsigned [big endian] format */ -int mp_to_unsigned_bin_n(const mp_int *a, unsigned char *b, unsigned long *outlen) -{ - if (*outlen < (unsigned long)mp_unsigned_bin_size(a)) { - return MP_VAL; - } - *outlen = (unsigned long)mp_unsigned_bin_size(a); - return mp_to_unsigned_bin(a, b); -} - -/* End: bn_mp_to_unsigned_bin_n.c */ - -/* Start: bn_mp_toom_mul.c */ - -/* multiplication using the Toom-Cook 3-way algorithm - * - * Much more complicated than Karatsuba but has a lower - * asymptotic running time of O(N**1.464). This algorithm is - * only particularly useful on VERY large inputs - * (we're talking 1000s of digits here...). -*/ -int mp_toom_mul(const mp_int *a, const mp_int *b, mp_int *c) -{ - mp_int w0, w1, w2, w3, w4, tmp1, tmp2, a0, a1, a2, b0, b1, b2; - int res, B; - - /* init temps */ - if ((res = mp_init_multi(&w0, &w1, &w2, &w3, &w4, - &a0, &a1, &a2, &b0, &b1, - &b2, &tmp1, &tmp2, NULL)) != MP_OKAY) { - return res; - } - - /* B */ - B = MIN(a->used, b->used) / 3; - - /* a = a2 * B**2 + a1 * B + a0 */ - if ((res = mp_mod_2d(a, DIGIT_BIT * B, &a0)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_copy(a, &a1)) != MP_OKAY) { - goto LBL_ERR; - } - mp_rshd(&a1, B); - if ((res = mp_mod_2d(&a1, DIGIT_BIT * B, &a1)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_copy(a, &a2)) != MP_OKAY) { - goto LBL_ERR; - } - mp_rshd(&a2, B*2); - - /* b = b2 * B**2 + b1 * B + b0 */ - if ((res = mp_mod_2d(b, DIGIT_BIT * B, &b0)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_copy(b, &b1)) != MP_OKAY) { - goto LBL_ERR; - } - mp_rshd(&b1, B); - (void)mp_mod_2d(&b1, DIGIT_BIT * B, &b1); - - if ((res = mp_copy(b, &b2)) != MP_OKAY) { - goto LBL_ERR; - } - mp_rshd(&b2, B*2); - - /* w0 = a0*b0 */ - if ((res = mp_mul(&a0, &b0, &w0)) != MP_OKAY) { - goto LBL_ERR; - } - - /* w4 = a2 * b2 */ - if ((res = mp_mul(&a2, &b2, &w4)) != MP_OKAY) { - goto LBL_ERR; - } - - /* w1 = (a2 + 2(a1 + 2a0))(b2 + 2(b1 + 2b0)) */ - if ((res = mp_mul_2(&a0, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, &a1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_mul_2(&tmp1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, &a2, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_mul_2(&b0, &tmp2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp2, &b1, &tmp2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_mul_2(&tmp2, &tmp2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp2, &b2, &tmp2)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_mul(&tmp1, &tmp2, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - - /* w3 = (a0 + 2(a1 + 2a2))(b0 + 2(b1 + 2b2)) */ - if ((res = mp_mul_2(&a2, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, &a1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_mul_2(&tmp1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, &a0, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_mul_2(&b2, &tmp2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp2, &b1, &tmp2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_mul_2(&tmp2, &tmp2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp2, &b0, &tmp2)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_mul(&tmp1, &tmp2, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - - - /* w2 = (a2 + a1 + a0)(b2 + b1 + b0) */ - if ((res = mp_add(&a2, &a1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, &a0, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&b2, &b1, &tmp2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp2, &b0, &tmp2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_mul(&tmp1, &tmp2, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - - /* now solve the matrix - - 0 0 0 0 1 - 1 2 4 8 16 - 1 1 1 1 1 - 16 8 4 2 1 - 1 0 0 0 0 - - using 12 subtractions, 4 shifts, - 2 small divisions and 1 small multiplication - */ - - /* r1 - r4 */ - if ((res = mp_sub(&w1, &w4, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3 - r0 */ - if ((res = mp_sub(&w3, &w0, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - /* r1/2 */ - if ((res = mp_div_2(&w1, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3/2 */ - if ((res = mp_div_2(&w3, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - /* r2 - r0 - r4 */ - if ((res = mp_sub(&w2, &w0, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&w2, &w4, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - /* r1 - r2 */ - if ((res = mp_sub(&w1, &w2, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3 - r2 */ - if ((res = mp_sub(&w3, &w2, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - /* r1 - 8r0 */ - if ((res = mp_mul_2d(&w0, 3, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&w1, &tmp1, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3 - 8r4 */ - if ((res = mp_mul_2d(&w4, 3, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&w3, &tmp1, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - /* 3r2 - r1 - r3 */ - if ((res = mp_mul_d(&w2, 3uL, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&w2, &w1, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&w2, &w3, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - /* r1 - r2 */ - if ((res = mp_sub(&w1, &w2, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3 - r2 */ - if ((res = mp_sub(&w3, &w2, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - /* r1/3 */ - if ((res = mp_div_3(&w1, &w1, NULL)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3/3 */ - if ((res = mp_div_3(&w3, &w3, NULL)) != MP_OKAY) { - goto LBL_ERR; - } - - /* at this point shift W[n] by B*n */ - if ((res = mp_lshd(&w1, 1*B)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_lshd(&w2, 2*B)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_lshd(&w3, 3*B)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_lshd(&w4, 4*B)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_add(&w0, &w1, c)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&w2, &w3, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&w4, &tmp1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, c, c)) != MP_OKAY) { - goto LBL_ERR; - } - -LBL_ERR: - mp_clear_multi(&w0, &w1, &w2, &w3, &w4, - &a0, &a1, &a2, &b0, &b1, - &b2, &tmp1, &tmp2, NULL); - return res; -} - -/* End: bn_mp_toom_mul.c */ - -/* Start: bn_mp_toom_sqr.c */ - -/* squaring using Toom-Cook 3-way algorithm */ -int mp_toom_sqr(const mp_int *a, mp_int *b) -{ - mp_int w0, w1, w2, w3, w4, tmp1, a0, a1, a2; - int res, B; - - /* init temps */ - if ((res = mp_init_multi(&w0, &w1, &w2, &w3, &w4, &a0, &a1, &a2, &tmp1, NULL)) != MP_OKAY) { - return res; - } - - /* B */ - B = a->used / 3; - - /* a = a2 * B**2 + a1 * B + a0 */ - if ((res = mp_mod_2d(a, DIGIT_BIT * B, &a0)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_copy(a, &a1)) != MP_OKAY) { - goto LBL_ERR; - } - mp_rshd(&a1, B); - if ((res = mp_mod_2d(&a1, DIGIT_BIT * B, &a1)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_copy(a, &a2)) != MP_OKAY) { - goto LBL_ERR; - } - mp_rshd(&a2, B*2); - - /* w0 = a0*a0 */ - if ((res = mp_sqr(&a0, &w0)) != MP_OKAY) { - goto LBL_ERR; - } - - /* w4 = a2 * a2 */ - if ((res = mp_sqr(&a2, &w4)) != MP_OKAY) { - goto LBL_ERR; - } - - /* w1 = (a2 + 2(a1 + 2a0))**2 */ - if ((res = mp_mul_2(&a0, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, &a1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_mul_2(&tmp1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, &a2, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sqr(&tmp1, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - - /* w3 = (a0 + 2(a1 + 2a2))**2 */ - if ((res = mp_mul_2(&a2, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, &a1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_mul_2(&tmp1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, &a0, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_sqr(&tmp1, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - - - /* w2 = (a2 + a1 + a0)**2 */ - if ((res = mp_add(&a2, &a1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, &a0, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sqr(&tmp1, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - - /* now solve the matrix - - 0 0 0 0 1 - 1 2 4 8 16 - 1 1 1 1 1 - 16 8 4 2 1 - 1 0 0 0 0 - - using 12 subtractions, 4 shifts, 2 small divisions and 1 small multiplication. - */ - - /* r1 - r4 */ - if ((res = mp_sub(&w1, &w4, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3 - r0 */ - if ((res = mp_sub(&w3, &w0, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - /* r1/2 */ - if ((res = mp_div_2(&w1, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3/2 */ - if ((res = mp_div_2(&w3, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - /* r2 - r0 - r4 */ - if ((res = mp_sub(&w2, &w0, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&w2, &w4, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - /* r1 - r2 */ - if ((res = mp_sub(&w1, &w2, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3 - r2 */ - if ((res = mp_sub(&w3, &w2, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - /* r1 - 8r0 */ - if ((res = mp_mul_2d(&w0, 3, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&w1, &tmp1, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3 - 8r4 */ - if ((res = mp_mul_2d(&w4, 3, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&w3, &tmp1, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - /* 3r2 - r1 - r3 */ - if ((res = mp_mul_d(&w2, 3uL, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&w2, &w1, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_sub(&w2, &w3, &w2)) != MP_OKAY) { - goto LBL_ERR; - } - /* r1 - r2 */ - if ((res = mp_sub(&w1, &w2, &w1)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3 - r2 */ - if ((res = mp_sub(&w3, &w2, &w3)) != MP_OKAY) { - goto LBL_ERR; - } - /* r1/3 */ - if ((res = mp_div_3(&w1, &w1, NULL)) != MP_OKAY) { - goto LBL_ERR; - } - /* r3/3 */ - if ((res = mp_div_3(&w3, &w3, NULL)) != MP_OKAY) { - goto LBL_ERR; - } - - /* at this point shift W[n] by B*n */ - if ((res = mp_lshd(&w1, 1*B)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_lshd(&w2, 2*B)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_lshd(&w3, 3*B)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_lshd(&w4, 4*B)) != MP_OKAY) { - goto LBL_ERR; - } - - if ((res = mp_add(&w0, &w1, b)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&w2, &w3, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&w4, &tmp1, &tmp1)) != MP_OKAY) { - goto LBL_ERR; - } - if ((res = mp_add(&tmp1, b, b)) != MP_OKAY) { - goto LBL_ERR; - } - -LBL_ERR: - mp_clear_multi(&w0, &w1, &w2, &w3, &w4, &a0, &a1, &a2, &tmp1, NULL); - return res; -} - -/* End: bn_mp_toom_sqr.c */ - -/* Start: bn_mp_toradix.c */ - -/* stores a bignum as a ASCII string in a given radix (2..64) */ -int mp_toradix(const mp_int *a, char *str, int radix) -{ - int res, digs; - mp_int t; - mp_digit d; - char *_s = str; - - /* check range of the radix */ - if ((radix < 2) || (radix > 64)) { - return MP_VAL; - } - - /* quick out if its zero */ - if (mp_iszero(a) == MP_YES) { - *str++ = '0'; - *str = '\0'; - return MP_OKAY; - } - - if ((res = mp_init_copy(&t, a)) != MP_OKAY) { - return res; - } - - /* if it is negative output a - */ - if (t.sign == MP_NEG) { - ++_s; - *str++ = '-'; - t.sign = MP_ZPOS; - } - - digs = 0; - while (mp_iszero(&t) == MP_NO) { - if ((res = mp_div_d(&t, (mp_digit)radix, &t, &d)) != MP_OKAY) { - mp_clear(&t); - return res; - } - *str++ = mp_s_rmap[d]; - ++digs; - } - - /* reverse the digits of the string. In this case _s points - * to the first digit [exluding the sign] of the number] - */ - bn_reverse((unsigned char *)_s, digs); - - /* append a NULL so the string is properly terminated */ - *str = '\0'; - - mp_clear(&t); - return MP_OKAY; -} - -/* End: bn_mp_toradix.c */ - -/* Start: bn_mp_toradix_n.c */ - -/* stores a bignum as a ASCII string in a given radix (2..64) - * - * Stores upto maxlen-1 chars and always a NULL byte - */ -int mp_toradix_n(const mp_int *a, char *str, int radix, int maxlen) -{ - int res, digs; - mp_int t; - mp_digit d; - char *_s = str; - - /* check range of the maxlen, radix */ - if ((maxlen < 2) || (radix < 2) || (radix > 64)) { - return MP_VAL; - } - - /* quick out if its zero */ - if (mp_iszero(a) == MP_YES) { - *str++ = '0'; - *str = '\0'; - return MP_OKAY; - } - - if ((res = mp_init_copy(&t, a)) != MP_OKAY) { - return res; - } - - /* if it is negative output a - */ - if (t.sign == MP_NEG) { - /* we have to reverse our digits later... but not the - sign!! */ - ++_s; - - /* store the flag and mark the number as positive */ - *str++ = '-'; - t.sign = MP_ZPOS; - - /* subtract a char */ - --maxlen; - } - - digs = 0; - while (mp_iszero(&t) == MP_NO) { - if (--maxlen < 1) { - /* no more room */ - break; - } - if ((res = mp_div_d(&t, (mp_digit)radix, &t, &d)) != MP_OKAY) { - mp_clear(&t); - return res; - } - *str++ = mp_s_rmap[d]; - ++digs; - } - - /* reverse the digits of the string. In this case _s points - * to the first digit [exluding the sign] of the number - */ - bn_reverse((unsigned char *)_s, digs); - - /* append a NULL so the string is properly terminated */ - *str = '\0'; - - mp_clear(&t); - return MP_OKAY; -} - -/* End: bn_mp_toradix_n.c */ - -/* Start: bn_mp_unsigned_bin_size.c */ - -/* get the size for an unsigned equivalent */ -int mp_unsigned_bin_size(const mp_int *a) -{ - int size = mp_count_bits(a); - return (size / 8) + ((((unsigned)size & 7u) != 0u) ? 1 : 0); -} - -/* End: bn_mp_unsigned_bin_size.c */ - -/* Start: bn_mp_xor.c */ - -/* XOR two ints together */ -int mp_xor(const mp_int *a, const mp_int *b, mp_int *c) -{ - int res, ix, px; - mp_int t; - const mp_int *x; - - if (a->used > b->used) { - if ((res = mp_init_copy(&t, a)) != MP_OKAY) { - return res; - } - px = b->used; - x = b; - } else { - if ((res = mp_init_copy(&t, b)) != MP_OKAY) { - return res; - } - px = a->used; - x = a; - } - - for (ix = 0; ix < px; ix++) { - t.dp[ix] ^= x->dp[ix]; - } - mp_clamp(&t); - mp_exch(c, &t); - mp_clear(&t); - return MP_OKAY; -} - -/* End: bn_mp_xor.c */ - -/* Start: bn_mp_zero.c */ - -/* set to zero */ -void mp_zero(mp_int *a) -{ - int n; - mp_digit *tmp; - - a->sign = MP_ZPOS; - a->used = 0; - - tmp = a->dp; - for (n = 0; n < a->alloc; n++) { - *tmp++ = 0; - } -} - -/* End: bn_mp_zero.c */ - -/* Start: bn_prime_tab.c */ - -const mp_digit ltm_prime_tab[] = { - 0x0002, 0x0003, 0x0005, 0x0007, 0x000B, 0x000D, 0x0011, 0x0013, - 0x0017, 0x001D, 0x001F, 0x0025, 0x0029, 0x002B, 0x002F, 0x0035, - 0x003B, 0x003D, 0x0043, 0x0047, 0x0049, 0x004F, 0x0053, 0x0059, - 0x0061, 0x0065, 0x0067, 0x006B, 0x006D, 0x0071, 0x007F, -#ifndef MP_8BIT - 0x0083, - 0x0089, 0x008B, 0x0095, 0x0097, 0x009D, 0x00A3, 0x00A7, 0x00AD, - 0x00B3, 0x00B5, 0x00BF, 0x00C1, 0x00C5, 0x00C7, 0x00D3, 0x00DF, - 0x00E3, 0x00E5, 0x00E9, 0x00EF, 0x00F1, 0x00FB, 0x0101, 0x0107, - 0x010D, 0x010F, 0x0115, 0x0119, 0x011B, 0x0125, 0x0133, 0x0137, - - 0x0139, 0x013D, 0x014B, 0x0151, 0x015B, 0x015D, 0x0161, 0x0167, - 0x016F, 0x0175, 0x017B, 0x017F, 0x0185, 0x018D, 0x0191, 0x0199, - 0x01A3, 0x01A5, 0x01AF, 0x01B1, 0x01B7, 0x01BB, 0x01C1, 0x01C9, - 0x01CD, 0x01CF, 0x01D3, 0x01DF, 0x01E7, 0x01EB, 0x01F3, 0x01F7, - 0x01FD, 0x0209, 0x020B, 0x021D, 0x0223, 0x022D, 0x0233, 0x0239, - 0x023B, 0x0241, 0x024B, 0x0251, 0x0257, 0x0259, 0x025F, 0x0265, - 0x0269, 0x026B, 0x0277, 0x0281, 0x0283, 0x0287, 0x028D, 0x0293, - 0x0295, 0x02A1, 0x02A5, 0x02AB, 0x02B3, 0x02BD, 0x02C5, 0x02CF, - - 0x02D7, 0x02DD, 0x02E3, 0x02E7, 0x02EF, 0x02F5, 0x02F9, 0x0301, - 0x0305, 0x0313, 0x031D, 0x0329, 0x032B, 0x0335, 0x0337, 0x033B, - 0x033D, 0x0347, 0x0355, 0x0359, 0x035B, 0x035F, 0x036D, 0x0371, - 0x0373, 0x0377, 0x038B, 0x038F, 0x0397, 0x03A1, 0x03A9, 0x03AD, - 0x03B3, 0x03B9, 0x03C7, 0x03CB, 0x03D1, 0x03D7, 0x03DF, 0x03E5, - 0x03F1, 0x03F5, 0x03FB, 0x03FD, 0x0407, 0x0409, 0x040F, 0x0419, - 0x041B, 0x0425, 0x0427, 0x042D, 0x043F, 0x0443, 0x0445, 0x0449, - 0x044F, 0x0455, 0x045D, 0x0463, 0x0469, 0x047F, 0x0481, 0x048B, - - 0x0493, 0x049D, 0x04A3, 0x04A9, 0x04B1, 0x04BD, 0x04C1, 0x04C7, - 0x04CD, 0x04CF, 0x04D5, 0x04E1, 0x04EB, 0x04FD, 0x04FF, 0x0503, - 0x0509, 0x050B, 0x0511, 0x0515, 0x0517, 0x051B, 0x0527, 0x0529, - 0x052F, 0x0551, 0x0557, 0x055D, 0x0565, 0x0577, 0x0581, 0x058F, - 0x0593, 0x0595, 0x0599, 0x059F, 0x05A7, 0x05AB, 0x05AD, 0x05B3, - 0x05BF, 0x05C9, 0x05CB, 0x05CF, 0x05D1, 0x05D5, 0x05DB, 0x05E7, - 0x05F3, 0x05FB, 0x0607, 0x060D, 0x0611, 0x0617, 0x061F, 0x0623, - 0x062B, 0x062F, 0x063D, 0x0641, 0x0647, 0x0649, 0x064D, 0x0653 -#endif -}; - -/* End: bn_prime_tab.c */ - -/* Start: bn_reverse.c */ - -/* reverse an array, used for radix code */ -void bn_reverse(unsigned char *s, int len) -{ - int ix, iy; - unsigned char t; - - ix = 0; - iy = len - 1; - while (ix < iy) { - t = s[ix]; - s[ix] = s[iy]; - s[iy] = t; - ++ix; - --iy; - } -} - -/* End: bn_reverse.c */ - -/* Start: bn_s_mp_add.c */ - -/* low level addition, based on HAC pp.594, Algorithm 14.7 */ -int s_mp_add(const mp_int *a, const mp_int *b, mp_int *c) -{ - const mp_int *x; - int olduse, res, min, max; - - /* find sizes, we let |a| <= |b| which means we have to sort - * them. "x" will point to the input with the most digits - */ - if (a->used > b->used) { - min = b->used; - max = a->used; - x = a; - } else { - min = a->used; - max = b->used; - x = b; - } - - /* init result */ - if (c->alloc < (max + 1)) { - if ((res = mp_grow(c, max + 1)) != MP_OKAY) { - return res; - } - } - - /* get old used digit count and set new one */ - olduse = c->used; - c->used = max + 1; - - { - mp_digit u, *tmpa, *tmpb, *tmpc; - int i; - - /* alias for digit pointers */ - - /* first input */ - tmpa = a->dp; - - /* second input */ - tmpb = b->dp; - - /* destination */ - tmpc = c->dp; - - /* zero the carry */ - u = 0; - for (i = 0; i < min; i++) { - /* Compute the sum at one digit, T[i] = A[i] + B[i] + U */ - *tmpc = *tmpa++ + *tmpb++ + u; - - /* U = carry bit of T[i] */ - u = *tmpc >> (mp_digit)DIGIT_BIT; - - /* take away carry bit from T[i] */ - *tmpc++ &= MP_MASK; - } - - /* now copy higher words if any, that is in A+B - * if A or B has more digits add those in - */ - if (min != max) { - for (; i < max; i++) { - /* T[i] = X[i] + U */ - *tmpc = x->dp[i] + u; - - /* U = carry bit of T[i] */ - u = *tmpc >> (mp_digit)DIGIT_BIT; - - /* take away carry bit from T[i] */ - *tmpc++ &= MP_MASK; - } - } - - /* add carry */ - *tmpc++ = u; - - /* clear digits above oldused */ - for (i = c->used; i < olduse; i++) { - *tmpc++ = 0; - } - } - - mp_clamp(c); - return MP_OKAY; -} - -/* End: bn_s_mp_add.c */ - -/* Start: bn_s_mp_exptmod.c */ - -#ifdef MP_LOW_MEM -# define TAB_SIZE 32 -#else -# define TAB_SIZE 256 -#endif - -int s_mp_exptmod(const mp_int *G, const mp_int *X, const mp_int *P, mp_int *Y, int redmode) -{ - mp_int M[TAB_SIZE], res, mu; - mp_digit buf; - int err, bitbuf, bitcpy, bitcnt, mode, digidx, x, y, winsize; - int (*redux)(mp_int *x, const mp_int *m, const mp_int *mu); - - /* find window size */ - x = mp_count_bits(X); - if (x <= 7) { - winsize = 2; - } else if (x <= 36) { - winsize = 3; - } else if (x <= 140) { - winsize = 4; - } else if (x <= 450) { - winsize = 5; - } else if (x <= 1303) { - winsize = 6; - } else if (x <= 3529) { - winsize = 7; - } else { - winsize = 8; - } - -#ifdef MP_LOW_MEM - if (winsize > 5) { - winsize = 5; - } -#endif - - /* init M array */ - /* init first cell */ - if ((err = mp_init(&M[1])) != MP_OKAY) { - return err; - } - - /* now init the second half of the array */ - for (x = 1<<(winsize-1); x < (1 << winsize); x++) { - if ((err = mp_init(&M[x])) != MP_OKAY) { - for (y = 1<<(winsize-1); y < x; y++) { - mp_clear(&M[y]); - } - mp_clear(&M[1]); - return err; - } - } - - /* create mu, used for Barrett reduction */ - if ((err = mp_init(&mu)) != MP_OKAY) { - goto LBL_M; - } - - if (redmode == 0) { - if ((err = mp_reduce_setup(&mu, P)) != MP_OKAY) { - goto LBL_MU; - } - redux = mp_reduce; - } else { - if ((err = mp_reduce_2k_setup_l(P, &mu)) != MP_OKAY) { - goto LBL_MU; - } - redux = mp_reduce_2k_l; - } - - /* create M table - * - * The M table contains powers of the base, - * e.g. M[x] = G**x mod P - * - * The first half of the table is not - * computed though accept for M[0] and M[1] - */ - if ((err = mp_mod(G, P, &M[1])) != MP_OKAY) { - goto LBL_MU; - } - - /* compute the value at M[1<<(winsize-1)] by squaring - * M[1] (winsize-1) times - */ - if ((err = mp_copy(&M[1], &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) { - goto LBL_MU; - } - - for (x = 0; x < (winsize - 1); x++) { - /* square it */ - if ((err = mp_sqr(&M[(size_t)1 << (winsize - 1)], - &M[(size_t)1 << (winsize - 1)])) != MP_OKAY) { - goto LBL_MU; - } - - /* reduce modulo P */ - if ((err = redux(&M[(size_t)1 << (winsize - 1)], P, &mu)) != MP_OKAY) { - goto LBL_MU; - } - } - - /* create upper table, that is M[x] = M[x-1] * M[1] (mod P) - * for x = (2**(winsize - 1) + 1) to (2**winsize - 1) - */ - for (x = (1 << (winsize - 1)) + 1; x < (1 << winsize); x++) { - if ((err = mp_mul(&M[x - 1], &M[1], &M[x])) != MP_OKAY) { - goto LBL_MU; - } - if ((err = redux(&M[x], P, &mu)) != MP_OKAY) { - goto LBL_MU; - } - } - - /* setup result */ - if ((err = mp_init(&res)) != MP_OKAY) { - goto LBL_MU; - } - mp_set(&res, 1uL); - - /* set initial mode and bit cnt */ - mode = 0; - bitcnt = 1; - buf = 0; - digidx = X->used - 1; - bitcpy = 0; - bitbuf = 0; - - for (;;) { - /* grab next digit as required */ - if (--bitcnt == 0) { - /* if digidx == -1 we are out of digits */ - if (digidx == -1) { - break; - } - /* read next digit and reset the bitcnt */ - buf = X->dp[digidx--]; - bitcnt = (int)DIGIT_BIT; - } - - /* grab the next msb from the exponent */ - y = (buf >> (mp_digit)(DIGIT_BIT - 1)) & 1; - buf <<= (mp_digit)1; - - /* if the bit is zero and mode == 0 then we ignore it - * These represent the leading zero bits before the first 1 bit - * in the exponent. Technically this opt is not required but it - * does lower the # of trivial squaring/reductions used - */ - if ((mode == 0) && (y == 0)) { - continue; - } - - /* if the bit is zero and mode == 1 then we square */ - if ((mode == 1) && (y == 0)) { - if ((err = mp_sqr(&res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, &mu)) != MP_OKAY) { - goto LBL_RES; - } - continue; - } - - /* else we add it to the window */ - bitbuf |= (y << (winsize - ++bitcpy)); - mode = 2; - - if (bitcpy == winsize) { - /* ok window is filled so square as required and multiply */ - /* square first */ - for (x = 0; x < winsize; x++) { - if ((err = mp_sqr(&res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, &mu)) != MP_OKAY) { - goto LBL_RES; - } - } - - /* then multiply */ - if ((err = mp_mul(&res, &M[bitbuf], &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, &mu)) != MP_OKAY) { - goto LBL_RES; - } - - /* empty window and reset */ - bitcpy = 0; - bitbuf = 0; - mode = 1; - } - } - - /* if bits remain then square/multiply */ - if ((mode == 2) && (bitcpy > 0)) { - /* square then multiply if the bit is set */ - for (x = 0; x < bitcpy; x++) { - if ((err = mp_sqr(&res, &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, &mu)) != MP_OKAY) { - goto LBL_RES; - } - - bitbuf <<= 1; - if ((bitbuf & (1 << winsize)) != 0) { - /* then multiply */ - if ((err = mp_mul(&res, &M[1], &res)) != MP_OKAY) { - goto LBL_RES; - } - if ((err = redux(&res, P, &mu)) != MP_OKAY) { - goto LBL_RES; - } - } - } - } - - mp_exch(&res, Y); - err = MP_OKAY; -LBL_RES: - mp_clear(&res); -LBL_MU: - mp_clear(&mu); -LBL_M: - mp_clear(&M[1]); - for (x = 1<<(winsize-1); x < (1 << winsize); x++) { - mp_clear(&M[x]); - } - return err; -} - -/* End: bn_s_mp_exptmod.c */ - -/* Start: bn_s_mp_mul_digs.c */ - -/* multiplies |a| * |b| and only computes upto digs digits of result - * HAC pp. 595, Algorithm 14.12 Modified so you can control how - * many digits of output are created. - */ -int s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs) -{ - mp_int t; - int res, pa, pb, ix, iy; - mp_digit u; - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - - /* can we use the fast multiplier? */ - if ((digs < (int)MP_WARRAY) && - (MIN(a->used, b->used) < - (int)(1u << (((size_t)CHAR_BIT * sizeof(mp_word)) - (2u * (size_t)DIGIT_BIT))))) { - return fast_s_mp_mul_digs(a, b, c, digs); - } - - if ((res = mp_init_size(&t, digs)) != MP_OKAY) { - return res; - } - t.used = digs; - - /* compute the digits of the product directly */ - pa = a->used; - for (ix = 0; ix < pa; ix++) { - /* set the carry to zero */ - u = 0; - - /* limit ourselves to making digs digits of output */ - pb = MIN(b->used, digs - ix); - - /* setup some aliases */ - /* copy of the digit from a used within the nested loop */ - tmpx = a->dp[ix]; - - /* an alias for the destination shifted ix places */ - tmpt = t.dp + ix; - - /* an alias for the digits of b */ - tmpy = b->dp; - - /* compute the columns of the output and propagate the carry */ - for (iy = 0; iy < pb; iy++) { - /* compute the column as a mp_word */ - r = (mp_word)*tmpt + - ((mp_word)tmpx * (mp_word)*tmpy++) + - (mp_word)u; - - /* the new column is the lower part of the result */ - *tmpt++ = (mp_digit)(r & (mp_word)MP_MASK); - - /* get the carry word from the result */ - u = (mp_digit)(r >> (mp_word)DIGIT_BIT); - } - /* set carry if it is placed below digs */ - if ((ix + iy) < digs) { - *tmpt = u; - } - } - - mp_clamp(&t); - mp_exch(&t, c); - - mp_clear(&t); - return MP_OKAY; -} - -/* End: bn_s_mp_mul_digs.c */ - -/* Start: bn_s_mp_mul_high_digs.c */ - -/* multiplies |a| * |b| and does not compute the lower digs digits - * [meant to get the higher part of the product] - */ -int s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs) -{ - mp_int t; - int res, pa, pb, ix, iy; - mp_digit u; - mp_word r; - mp_digit tmpx, *tmpt, *tmpy; - - /* can we use the fast multiplier? */ - if (((a->used + b->used + 1) < (int)MP_WARRAY) - && (MIN(a->used, b->used) < (int)(1u << (((size_t)CHAR_BIT * sizeof(mp_word)) - (2u * (size_t)DIGIT_BIT))))) { - return fast_s_mp_mul_high_digs(a, b, c, digs); - } - - if ((res = mp_init_size(&t, a->used + b->used + 1)) != MP_OKAY) { - return res; - } - t.used = a->used + b->used + 1; - - pa = a->used; - pb = b->used; - for (ix = 0; ix < pa; ix++) { - /* clear the carry */ - u = 0; - - /* left hand side of A[ix] * B[iy] */ - tmpx = a->dp[ix]; - - /* alias to the address of where the digits will be stored */ - tmpt = &(t.dp[digs]); - - /* alias for where to read the right hand side from */ - tmpy = b->dp + (digs - ix); - - for (iy = digs - ix; iy < pb; iy++) { - /* calculate the double precision result */ - r = (mp_word)*tmpt + - ((mp_word)tmpx * (mp_word)*tmpy++) + - (mp_word)u; - - /* get the lower part */ - *tmpt++ = (mp_digit)(r & (mp_word)MP_MASK); - - /* carry the carry */ - u = (mp_digit)(r >> (mp_word)DIGIT_BIT); - } - *tmpt = u; - } - mp_clamp(&t); - mp_exch(&t, c); - mp_clear(&t); - return MP_OKAY; -} - -/* End: bn_s_mp_mul_high_digs.c */ - -/* Start: bn_s_mp_sqr.c */ - -/* low level squaring, b = a*a, HAC pp.596-597, Algorithm 14.16 */ -int s_mp_sqr(const mp_int *a, mp_int *b) -{ - mp_int t; - int res, ix, iy, pa; - mp_word r; - mp_digit u, tmpx, *tmpt; - - pa = a->used; - if ((res = mp_init_size(&t, (2 * pa) + 1)) != MP_OKAY) { - return res; - } - - /* default used is maximum possible size */ - t.used = (2 * pa) + 1; - - for (ix = 0; ix < pa; ix++) { - /* first calculate the digit at 2*ix */ - /* calculate double precision result */ - r = (mp_word)t.dp[2*ix] + - ((mp_word)a->dp[ix] * (mp_word)a->dp[ix]); - - /* store lower part in result */ - t.dp[ix+ix] = (mp_digit)(r & (mp_word)MP_MASK); - - /* get the carry */ - u = (mp_digit)(r >> (mp_word)DIGIT_BIT); - - /* left hand side of A[ix] * A[iy] */ - tmpx = a->dp[ix]; - - /* alias for where to store the results */ - tmpt = t.dp + ((2 * ix) + 1); - - for (iy = ix + 1; iy < pa; iy++) { - /* first calculate the product */ - r = (mp_word)tmpx * (mp_word)a->dp[iy]; - - /* now calculate the double precision result, note we use - * addition instead of *2 since it's easier to optimize - */ - r = (mp_word)*tmpt + r + r + (mp_word)u; - - /* store lower part */ - *tmpt++ = (mp_digit)(r & (mp_word)MP_MASK); - - /* get carry */ - u = (mp_digit)(r >> (mp_word)DIGIT_BIT); - } - /* propagate upwards */ - while (u != 0uL) { - r = (mp_word)*tmpt + (mp_word)u; - *tmpt++ = (mp_digit)(r & (mp_word)MP_MASK); - u = (mp_digit)(r >> (mp_word)DIGIT_BIT); - } - } - - mp_clamp(&t); - mp_exch(&t, b); - mp_clear(&t); - return MP_OKAY; -} - -/* End: bn_s_mp_sqr.c */ - -/* Start: bn_s_mp_sub.c */ - -/* low level subtraction (assumes |a| > |b|), HAC pp.595 Algorithm 14.9 */ -int s_mp_sub(const mp_int *a, const mp_int *b, mp_int *c) -{ - int olduse, res, min, max; - - /* find sizes */ - min = b->used; - max = a->used; - - /* init result */ - if (c->alloc < max) { - if ((res = mp_grow(c, max)) != MP_OKAY) { - return res; - } - } - olduse = c->used; - c->used = max; - - { - mp_digit u, *tmpa, *tmpb, *tmpc; - int i; - - /* alias for digit pointers */ - tmpa = a->dp; - tmpb = b->dp; - tmpc = c->dp; - - /* set carry to zero */ - u = 0; - for (i = 0; i < min; i++) { - /* T[i] = A[i] - B[i] - U */ - *tmpc = (*tmpa++ - *tmpb++) - u; - - /* U = carry bit of T[i] - * Note this saves performing an AND operation since - * if a carry does occur it will propagate all the way to the - * MSB. As a result a single shift is enough to get the carry - */ - u = *tmpc >> (((size_t)CHAR_BIT * sizeof(mp_digit)) - 1u); - - /* Clear carry from T[i] */ - *tmpc++ &= MP_MASK; - } - - /* now copy higher words if any, e.g. if A has more digits than B */ - for (; i < max; i++) { - /* T[i] = A[i] - U */ - *tmpc = *tmpa++ - u; - - /* U = carry bit of T[i] */ - u = *tmpc >> (((size_t)CHAR_BIT * sizeof(mp_digit)) - 1u); - - /* Clear carry from T[i] */ - *tmpc++ &= MP_MASK; - } - - /* clear digits above used (since we may not have grown result above) */ - for (i = c->used; i < olduse; i++) { - *tmpc++ = 0; - } - } - - mp_clamp(c); - return MP_OKAY; -} - -/* End: bn_s_mp_sub.c */ - -/* Start: bncore.c */ - -/* Known optimal configurations - - CPU /Compiler /MUL CUTOFF/SQR CUTOFF -------------------------------------------------------------- - Intel P4 Northwood /GCC v3.4.1 / 88/ 128/LTM 0.32 ;-) - AMD Athlon64 /GCC v3.4.4 / 80/ 120/LTM 0.35 - -*/ - -int KARATSUBA_MUL_CUTOFF = 80, /* Min. number of digits before Karatsuba multiplication is used. */ - KARATSUBA_SQR_CUTOFF = 120, /* Min. number of digits before Karatsuba squaring is used. */ - - TOOM_MUL_CUTOFF = 350, /* no optimal values of these are known yet so set em high */ - TOOM_SQR_CUTOFF = 400; - -/* End: bncore.c */ diff --git a/libs/tomcrypt/src/ciphers/aes/aes.c b/libs/tomcrypt/src/ciphers/aes/aes.c deleted file mode 100644 index e55966ff282..00000000000 --- a/libs/tomcrypt/src/ciphers/aes/aes.c +++ /dev/null @@ -1,738 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* AES implementation by Tom St Denis - * - * Derived from the Public Domain source code by - ---- - * rijndael-alg-fst.c - * - * @version 3.0 (December 2000) - * - * Optimised ANSI C code for the Rijndael cipher (now AES) - * - * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> - * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> - * @author Paulo Barreto <paulo.barreto@terra.com.br> ---- - */ -/** - @file aes.c - Implementation of AES -*/ - -#include "tomcrypt.h" - -#ifdef LTC_RIJNDAEL - -#ifndef ENCRYPT_ONLY - -#define SETUP rijndael_setup -#define ECB_ENC rijndael_ecb_encrypt -#define ECB_DEC rijndael_ecb_decrypt -#define ECB_DONE rijndael_done -#define ECB_TEST rijndael_test -#define ECB_KS rijndael_keysize - -const struct ltc_cipher_descriptor rijndael_desc = -{ - "rijndael", - 6, - 16, 32, 16, 10, - SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; - -const struct ltc_cipher_descriptor aes_desc = -{ - "aes", - 6, - 16, 32, 16, 10, - SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; - -#else - -#define SETUP rijndael_enc_setup -#define ECB_ENC rijndael_enc_ecb_encrypt -#define ECB_KS rijndael_enc_keysize -#define ECB_DONE rijndael_enc_done - -const struct ltc_cipher_descriptor rijndael_enc_desc = -{ - "rijndael", - 6, - 16, 32, 16, 10, - SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; - -const struct ltc_cipher_descriptor aes_enc_desc = -{ - "aes", - 6, - 16, 32, 16, 10, - SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; - -#endif - -#define __LTC_AES_TAB_C__ -#include "aes_tab.c" - -static ulong32 setup_mix(ulong32 temp) -{ - return (Te4_3[byte(temp, 2)]) ^ - (Te4_2[byte(temp, 1)]) ^ - (Te4_1[byte(temp, 0)]) ^ - (Te4_0[byte(temp, 3)]); -} - -#ifndef ENCRYPT_ONLY -#ifdef LTC_SMALL_CODE -static ulong32 setup_mix2(ulong32 temp) -{ - return Td0(255 & Te4[byte(temp, 3)]) ^ - Td1(255 & Te4[byte(temp, 2)]) ^ - Td2(255 & Te4[byte(temp, 1)]) ^ - Td3(255 & Te4[byte(temp, 0)]); -} -#endif -#endif - - /** - Initialize the AES (Rijndael) block cipher - @param key The symmetric key you wish to pass - @param keylen The key length in bytes - @param num_rounds The number of rounds desired (0 for default) - @param skey The key in as scheduled by this function. - @return CRYPT_OK if successful - */ -int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) -{ - int i; - ulong32 temp, *rk; -#ifndef ENCRYPT_ONLY - ulong32 *rrk; -#endif - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(skey != NULL); - - if (keylen != 16 && keylen != 24 && keylen != 32) { - return CRYPT_INVALID_KEYSIZE; - } - - if (num_rounds != 0 && num_rounds != (10 + ((keylen/8)-2)*2)) { - return CRYPT_INVALID_ROUNDS; - } - - skey->rijndael.Nr = 10 + ((keylen/8)-2)*2; - - /* setup the forward key */ - i = 0; - rk = skey->rijndael.eK; - LOAD32H(rk[0], key ); - LOAD32H(rk[1], key + 4); - LOAD32H(rk[2], key + 8); - LOAD32H(rk[3], key + 12); - if (keylen == 16) { - for (;;) { - temp = rk[3]; - rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i]; - rk[5] = rk[1] ^ rk[4]; - rk[6] = rk[2] ^ rk[5]; - rk[7] = rk[3] ^ rk[6]; - if (++i == 10) { - break; - } - rk += 4; - } - } else if (keylen == 24) { - LOAD32H(rk[4], key + 16); - LOAD32H(rk[5], key + 20); - for (;;) { - #ifdef _MSC_VER - temp = skey->rijndael.eK[rk - skey->rijndael.eK + 5]; - #else - temp = rk[5]; - #endif - rk[ 6] = rk[ 0] ^ setup_mix(temp) ^ rcon[i]; - rk[ 7] = rk[ 1] ^ rk[ 6]; - rk[ 8] = rk[ 2] ^ rk[ 7]; - rk[ 9] = rk[ 3] ^ rk[ 8]; - if (++i == 8) { - break; - } - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; - rk += 6; - } - } else if (keylen == 32) { - LOAD32H(rk[4], key + 16); - LOAD32H(rk[5], key + 20); - LOAD32H(rk[6], key + 24); - LOAD32H(rk[7], key + 28); - for (;;) { - #ifdef _MSC_VER - temp = skey->rijndael.eK[rk - skey->rijndael.eK + 7]; - #else - temp = rk[7]; - #endif - rk[ 8] = rk[ 0] ^ setup_mix(temp) ^ rcon[i]; - rk[ 9] = rk[ 1] ^ rk[ 8]; - rk[10] = rk[ 2] ^ rk[ 9]; - rk[11] = rk[ 3] ^ rk[10]; - if (++i == 7) { - break; - } - temp = rk[11]; - rk[12] = rk[ 4] ^ setup_mix(RORc(temp, 8)); - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; - rk += 8; - } - } else { - /* this can't happen */ - /* coverity[dead_error_line] */ - return CRYPT_ERROR; - } - -#ifndef ENCRYPT_ONLY - /* setup the inverse key now */ - rk = skey->rijndael.dK; - rrk = skey->rijndael.eK + (28 + keylen) - 4; - - /* apply the inverse MixColumn transform to all round keys but the first and the last: */ - /* copy first */ - *rk++ = *rrk++; - *rk++ = *rrk++; - *rk++ = *rrk++; - *rk = *rrk; - rk -= 3; rrk -= 3; - - for (i = 1; i < skey->rijndael.Nr; i++) { - rrk -= 4; - rk += 4; - #ifdef LTC_SMALL_CODE - temp = rrk[0]; - rk[0] = setup_mix2(temp); - temp = rrk[1]; - rk[1] = setup_mix2(temp); - temp = rrk[2]; - rk[2] = setup_mix2(temp); - temp = rrk[3]; - rk[3] = setup_mix2(temp); - #else - temp = rrk[0]; - rk[0] = - Tks0[byte(temp, 3)] ^ - Tks1[byte(temp, 2)] ^ - Tks2[byte(temp, 1)] ^ - Tks3[byte(temp, 0)]; - temp = rrk[1]; - rk[1] = - Tks0[byte(temp, 3)] ^ - Tks1[byte(temp, 2)] ^ - Tks2[byte(temp, 1)] ^ - Tks3[byte(temp, 0)]; - temp = rrk[2]; - rk[2] = - Tks0[byte(temp, 3)] ^ - Tks1[byte(temp, 2)] ^ - Tks2[byte(temp, 1)] ^ - Tks3[byte(temp, 0)]; - temp = rrk[3]; - rk[3] = - Tks0[byte(temp, 3)] ^ - Tks1[byte(temp, 2)] ^ - Tks2[byte(temp, 1)] ^ - Tks3[byte(temp, 0)]; - #endif - - } - - /* copy last */ - rrk -= 4; - rk += 4; - *rk++ = *rrk++; - *rk++ = *rrk++; - *rk++ = *rrk++; - *rk = *rrk; -#endif /* ENCRYPT_ONLY */ - - return CRYPT_OK; -} - -/** - Encrypts a block of text with AES - @param pt The input plaintext (16 bytes) - @param ct The output ciphertext (16 bytes) - @param skey The key as scheduled - @return CRYPT_OK if successful -*/ -#ifdef LTC_CLEAN_STACK -static int _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) -#else -int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) -#endif -{ - ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk; - int Nr, r; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(skey != NULL); - - Nr = skey->rijndael.Nr; - rk = skey->rijndael.eK; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - LOAD32H(s0, pt ); s0 ^= rk[0]; - LOAD32H(s1, pt + 4); s1 ^= rk[1]; - LOAD32H(s2, pt + 8); s2 ^= rk[2]; - LOAD32H(s3, pt + 12); s3 ^= rk[3]; - -#ifdef LTC_SMALL_CODE - - for (r = 0; ; r++) { - rk += 4; - t0 = - Te0(byte(s0, 3)) ^ - Te1(byte(s1, 2)) ^ - Te2(byte(s2, 1)) ^ - Te3(byte(s3, 0)) ^ - rk[0]; - t1 = - Te0(byte(s1, 3)) ^ - Te1(byte(s2, 2)) ^ - Te2(byte(s3, 1)) ^ - Te3(byte(s0, 0)) ^ - rk[1]; - t2 = - Te0(byte(s2, 3)) ^ - Te1(byte(s3, 2)) ^ - Te2(byte(s0, 1)) ^ - Te3(byte(s1, 0)) ^ - rk[2]; - t3 = - Te0(byte(s3, 3)) ^ - Te1(byte(s0, 2)) ^ - Te2(byte(s1, 1)) ^ - Te3(byte(s2, 0)) ^ - rk[3]; - if (r == Nr-2) { - break; - } - s0 = t0; s1 = t1; s2 = t2; s3 = t3; - } - rk += 4; - -#else - - /* - * Nr - 1 full rounds: - */ - r = Nr >> 1; - for (;;) { - t0 = - Te0(byte(s0, 3)) ^ - Te1(byte(s1, 2)) ^ - Te2(byte(s2, 1)) ^ - Te3(byte(s3, 0)) ^ - rk[4]; - t1 = - Te0(byte(s1, 3)) ^ - Te1(byte(s2, 2)) ^ - Te2(byte(s3, 1)) ^ - Te3(byte(s0, 0)) ^ - rk[5]; - t2 = - Te0(byte(s2, 3)) ^ - Te1(byte(s3, 2)) ^ - Te2(byte(s0, 1)) ^ - Te3(byte(s1, 0)) ^ - rk[6]; - t3 = - Te0(byte(s3, 3)) ^ - Te1(byte(s0, 2)) ^ - Te2(byte(s1, 1)) ^ - Te3(byte(s2, 0)) ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - s0 = - Te0(byte(t0, 3)) ^ - Te1(byte(t1, 2)) ^ - Te2(byte(t2, 1)) ^ - Te3(byte(t3, 0)) ^ - rk[0]; - s1 = - Te0(byte(t1, 3)) ^ - Te1(byte(t2, 2)) ^ - Te2(byte(t3, 1)) ^ - Te3(byte(t0, 0)) ^ - rk[1]; - s2 = - Te0(byte(t2, 3)) ^ - Te1(byte(t3, 2)) ^ - Te2(byte(t0, 1)) ^ - Te3(byte(t1, 0)) ^ - rk[2]; - s3 = - Te0(byte(t3, 3)) ^ - Te1(byte(t0, 2)) ^ - Te2(byte(t1, 1)) ^ - Te3(byte(t2, 0)) ^ - rk[3]; - } - -#endif - - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Te4_3[byte(t0, 3)]) ^ - (Te4_2[byte(t1, 2)]) ^ - (Te4_1[byte(t2, 1)]) ^ - (Te4_0[byte(t3, 0)]) ^ - rk[0]; - STORE32H(s0, ct); - s1 = - (Te4_3[byte(t1, 3)]) ^ - (Te4_2[byte(t2, 2)]) ^ - (Te4_1[byte(t3, 1)]) ^ - (Te4_0[byte(t0, 0)]) ^ - rk[1]; - STORE32H(s1, ct+4); - s2 = - (Te4_3[byte(t2, 3)]) ^ - (Te4_2[byte(t3, 2)]) ^ - (Te4_1[byte(t0, 1)]) ^ - (Te4_0[byte(t1, 0)]) ^ - rk[2]; - STORE32H(s2, ct+8); - s3 = - (Te4_3[byte(t3, 3)]) ^ - (Te4_2[byte(t0, 2)]) ^ - (Te4_1[byte(t1, 1)]) ^ - (Te4_0[byte(t2, 0)]) ^ - rk[3]; - STORE32H(s3, ct+12); - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) -{ - int err = _rijndael_ecb_encrypt(pt, ct, skey); - burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2); - return err; -} -#endif - -#ifndef ENCRYPT_ONLY - -/** - Decrypts a block of text with AES - @param ct The input ciphertext (16 bytes) - @param pt The output plaintext (16 bytes) - @param skey The key as scheduled - @return CRYPT_OK if successful -*/ -#ifdef LTC_CLEAN_STACK -static int _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) -#else -int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) -#endif -{ - ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk; - int Nr, r; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(skey != NULL); - - Nr = skey->rijndael.Nr; - rk = skey->rijndael.dK; - - /* - * map byte array block to cipher state - * and add initial round key: - */ - LOAD32H(s0, ct ); s0 ^= rk[0]; - LOAD32H(s1, ct + 4); s1 ^= rk[1]; - LOAD32H(s2, ct + 8); s2 ^= rk[2]; - LOAD32H(s3, ct + 12); s3 ^= rk[3]; - -#ifdef LTC_SMALL_CODE - for (r = 0; ; r++) { - rk += 4; - t0 = - Td0(byte(s0, 3)) ^ - Td1(byte(s3, 2)) ^ - Td2(byte(s2, 1)) ^ - Td3(byte(s1, 0)) ^ - rk[0]; - t1 = - Td0(byte(s1, 3)) ^ - Td1(byte(s0, 2)) ^ - Td2(byte(s3, 1)) ^ - Td3(byte(s2, 0)) ^ - rk[1]; - t2 = - Td0(byte(s2, 3)) ^ - Td1(byte(s1, 2)) ^ - Td2(byte(s0, 1)) ^ - Td3(byte(s3, 0)) ^ - rk[2]; - t3 = - Td0(byte(s3, 3)) ^ - Td1(byte(s2, 2)) ^ - Td2(byte(s1, 1)) ^ - Td3(byte(s0, 0)) ^ - rk[3]; - if (r == Nr-2) { - break; - } - s0 = t0; s1 = t1; s2 = t2; s3 = t3; - } - rk += 4; - -#else - - /* - * Nr - 1 full rounds: - */ - r = Nr >> 1; - for (;;) { - - t0 = - Td0(byte(s0, 3)) ^ - Td1(byte(s3, 2)) ^ - Td2(byte(s2, 1)) ^ - Td3(byte(s1, 0)) ^ - rk[4]; - t1 = - Td0(byte(s1, 3)) ^ - Td1(byte(s0, 2)) ^ - Td2(byte(s3, 1)) ^ - Td3(byte(s2, 0)) ^ - rk[5]; - t2 = - Td0(byte(s2, 3)) ^ - Td1(byte(s1, 2)) ^ - Td2(byte(s0, 1)) ^ - Td3(byte(s3, 0)) ^ - rk[6]; - t3 = - Td0(byte(s3, 3)) ^ - Td1(byte(s2, 2)) ^ - Td2(byte(s1, 1)) ^ - Td3(byte(s0, 0)) ^ - rk[7]; - - rk += 8; - if (--r == 0) { - break; - } - - - s0 = - Td0(byte(t0, 3)) ^ - Td1(byte(t3, 2)) ^ - Td2(byte(t2, 1)) ^ - Td3(byte(t1, 0)) ^ - rk[0]; - s1 = - Td0(byte(t1, 3)) ^ - Td1(byte(t0, 2)) ^ - Td2(byte(t3, 1)) ^ - Td3(byte(t2, 0)) ^ - rk[1]; - s2 = - Td0(byte(t2, 3)) ^ - Td1(byte(t1, 2)) ^ - Td2(byte(t0, 1)) ^ - Td3(byte(t3, 0)) ^ - rk[2]; - s3 = - Td0(byte(t3, 3)) ^ - Td1(byte(t2, 2)) ^ - Td2(byte(t1, 1)) ^ - Td3(byte(t0, 0)) ^ - rk[3]; - } -#endif - - /* - * apply last round and - * map cipher state to byte array block: - */ - s0 = - (Td4[byte(t0, 3)] & 0xff000000) ^ - (Td4[byte(t3, 2)] & 0x00ff0000) ^ - (Td4[byte(t2, 1)] & 0x0000ff00) ^ - (Td4[byte(t1, 0)] & 0x000000ff) ^ - rk[0]; - STORE32H(s0, pt); - s1 = - (Td4[byte(t1, 3)] & 0xff000000) ^ - (Td4[byte(t0, 2)] & 0x00ff0000) ^ - (Td4[byte(t3, 1)] & 0x0000ff00) ^ - (Td4[byte(t2, 0)] & 0x000000ff) ^ - rk[1]; - STORE32H(s1, pt+4); - s2 = - (Td4[byte(t2, 3)] & 0xff000000) ^ - (Td4[byte(t1, 2)] & 0x00ff0000) ^ - (Td4[byte(t0, 1)] & 0x0000ff00) ^ - (Td4[byte(t3, 0)] & 0x000000ff) ^ - rk[2]; - STORE32H(s2, pt+8); - s3 = - (Td4[byte(t3, 3)] & 0xff000000) ^ - (Td4[byte(t2, 2)] & 0x00ff0000) ^ - (Td4[byte(t1, 1)] & 0x0000ff00) ^ - (Td4[byte(t0, 0)] & 0x000000ff) ^ - rk[3]; - STORE32H(s3, pt+12); - - return CRYPT_OK; -} - - -#ifdef LTC_CLEAN_STACK -int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) -{ - int err = _rijndael_ecb_decrypt(ct, pt, skey); - burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2); - return err; -} -#endif - -/** - Performs a self-test of the AES block cipher - @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled -*/ -int ECB_TEST(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - int err; - static const struct { - int keylen; - unsigned char key[32], pt[16], ct[16]; - } tests[] = { - { 16, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f }, - { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, - { 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30, - 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a } - }, { - 24, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 }, - { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, - { 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0, - 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91 } - }, { - 32, - { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, - 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, - 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f }, - { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, - 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }, - { 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf, - 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89 } - } - }; - - symmetric_key key; - unsigned char tmp[2][16]; - int i, y; - - for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) { - zeromem(&key, sizeof(key)); - if ((err = rijndael_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) { - return err; - } - - rijndael_ecb_encrypt(tests[i].pt, tmp[0], &key); - rijndael_ecb_decrypt(tmp[0], tmp[1], &key); - if (compare_testvector(tmp[0], 16, tests[i].ct, 16, "AES Encrypt", i) || - compare_testvector(tmp[1], 16, tests[i].pt, 16, "AES Decrypt", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - - /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */ - for (y = 0; y < 16; y++) tmp[0][y] = 0; - for (y = 0; y < 1000; y++) rijndael_ecb_encrypt(tmp[0], tmp[0], &key); - for (y = 0; y < 1000; y++) rijndael_ecb_decrypt(tmp[0], tmp[0], &key); - for (y = 0; y < 16; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR; - } - return CRYPT_OK; - #endif -} - -#endif /* ENCRYPT_ONLY */ - - -/** Terminate the context - @param skey The scheduled key -*/ -void ECB_DONE(symmetric_key *skey) -{ - LTC_UNUSED_PARAM(skey); -} - - -/** - Gets suitable key size - @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. - @return CRYPT_OK if the input key size is acceptable. -*/ -int ECB_KS(int *keysize) -{ - LTC_ARGCHK(keysize != NULL); - - if (*keysize < 16) - return CRYPT_INVALID_KEYSIZE; - if (*keysize < 24) { - *keysize = 16; - return CRYPT_OK; - } else if (*keysize < 32) { - *keysize = 24; - return CRYPT_OK; - } else { - *keysize = 32; - return CRYPT_OK; - } -} - -#endif diff --git a/libs/tomcrypt/src/ciphers/aes/aes_tab.c b/libs/tomcrypt/src/ciphers/aes/aes_tab.c deleted file mode 100644 index df5ccb4a8f0..00000000000 --- a/libs/tomcrypt/src/ciphers/aes/aes_tab.c +++ /dev/null @@ -1,1028 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -/* The precomputed tables for AES */ -/* -Te0[x] = S [x].[02, 01, 01, 03]; -Te1[x] = S [x].[03, 02, 01, 01]; -Te2[x] = S [x].[01, 03, 02, 01]; -Te3[x] = S [x].[01, 01, 03, 02]; -Te4[x] = S [x].[01, 01, 01, 01]; - -Td0[x] = Si[x].[0e, 09, 0d, 0b]; -Td1[x] = Si[x].[0b, 0e, 09, 0d]; -Td2[x] = Si[x].[0d, 0b, 0e, 09]; -Td3[x] = Si[x].[09, 0d, 0b, 0e]; -Td4[x] = Si[x].[01, 01, 01, 01]; -*/ - -#ifdef __LTC_AES_TAB_C__ - -/** - @file aes_tab.c - AES tables -*/ -static const ulong32 TE0[256] = { - 0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL, - 0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL, - 0x60303050UL, 0x02010103UL, 0xce6767a9UL, 0x562b2b7dUL, - 0xe7fefe19UL, 0xb5d7d762UL, 0x4dababe6UL, 0xec76769aUL, - 0x8fcaca45UL, 0x1f82829dUL, 0x89c9c940UL, 0xfa7d7d87UL, - 0xeffafa15UL, 0xb25959ebUL, 0x8e4747c9UL, 0xfbf0f00bUL, - 0x41adadecUL, 0xb3d4d467UL, 0x5fa2a2fdUL, 0x45afafeaUL, - 0x239c9cbfUL, 0x53a4a4f7UL, 0xe4727296UL, 0x9bc0c05bUL, - 0x75b7b7c2UL, 0xe1fdfd1cUL, 0x3d9393aeUL, 0x4c26266aUL, - 0x6c36365aUL, 0x7e3f3f41UL, 0xf5f7f702UL, 0x83cccc4fUL, - 0x6834345cUL, 0x51a5a5f4UL, 0xd1e5e534UL, 0xf9f1f108UL, - 0xe2717193UL, 0xabd8d873UL, 0x62313153UL, 0x2a15153fUL, - 0x0804040cUL, 0x95c7c752UL, 0x46232365UL, 0x9dc3c35eUL, - 0x30181828UL, 0x379696a1UL, 0x0a05050fUL, 0x2f9a9ab5UL, - 0x0e070709UL, 0x24121236UL, 0x1b80809bUL, 0xdfe2e23dUL, - 0xcdebeb26UL, 0x4e272769UL, 0x7fb2b2cdUL, 0xea75759fUL, - 0x1209091bUL, 0x1d83839eUL, 0x582c2c74UL, 0x341a1a2eUL, - 0x361b1b2dUL, 0xdc6e6eb2UL, 0xb45a5aeeUL, 0x5ba0a0fbUL, - 0xa45252f6UL, 0x763b3b4dUL, 0xb7d6d661UL, 0x7db3b3ceUL, - 0x5229297bUL, 0xdde3e33eUL, 0x5e2f2f71UL, 0x13848497UL, - 0xa65353f5UL, 0xb9d1d168UL, 0x00000000UL, 0xc1eded2cUL, - 0x40202060UL, 0xe3fcfc1fUL, 0x79b1b1c8UL, 0xb65b5bedUL, - 0xd46a6abeUL, 0x8dcbcb46UL, 0x67bebed9UL, 0x7239394bUL, - 0x944a4adeUL, 0x984c4cd4UL, 0xb05858e8UL, 0x85cfcf4aUL, - 0xbbd0d06bUL, 0xc5efef2aUL, 0x4faaaae5UL, 0xedfbfb16UL, - 0x864343c5UL, 0x9a4d4dd7UL, 0x66333355UL, 0x11858594UL, - 0x8a4545cfUL, 0xe9f9f910UL, 0x04020206UL, 0xfe7f7f81UL, - 0xa05050f0UL, 0x783c3c44UL, 0x259f9fbaUL, 0x4ba8a8e3UL, - 0xa25151f3UL, 0x5da3a3feUL, 0x804040c0UL, 0x058f8f8aUL, - 0x3f9292adUL, 0x219d9dbcUL, 0x70383848UL, 0xf1f5f504UL, - 0x63bcbcdfUL, 0x77b6b6c1UL, 0xafdada75UL, 0x42212163UL, - 0x20101030UL, 0xe5ffff1aUL, 0xfdf3f30eUL, 0xbfd2d26dUL, - 0x81cdcd4cUL, 0x180c0c14UL, 0x26131335UL, 0xc3ecec2fUL, - 0xbe5f5fe1UL, 0x359797a2UL, 0x884444ccUL, 0x2e171739UL, - 0x93c4c457UL, 0x55a7a7f2UL, 0xfc7e7e82UL, 0x7a3d3d47UL, - 0xc86464acUL, 0xba5d5de7UL, 0x3219192bUL, 0xe6737395UL, - 0xc06060a0UL, 0x19818198UL, 0x9e4f4fd1UL, 0xa3dcdc7fUL, - 0x44222266UL, 0x542a2a7eUL, 0x3b9090abUL, 0x0b888883UL, - 0x8c4646caUL, 0xc7eeee29UL, 0x6bb8b8d3UL, 0x2814143cUL, - 0xa7dede79UL, 0xbc5e5ee2UL, 0x160b0b1dUL, 0xaddbdb76UL, - 0xdbe0e03bUL, 0x64323256UL, 0x743a3a4eUL, 0x140a0a1eUL, - 0x924949dbUL, 0x0c06060aUL, 0x4824246cUL, 0xb85c5ce4UL, - 0x9fc2c25dUL, 0xbdd3d36eUL, 0x43acacefUL, 0xc46262a6UL, - 0x399191a8UL, 0x319595a4UL, 0xd3e4e437UL, 0xf279798bUL, - 0xd5e7e732UL, 0x8bc8c843UL, 0x6e373759UL, 0xda6d6db7UL, - 0x018d8d8cUL, 0xb1d5d564UL, 0x9c4e4ed2UL, 0x49a9a9e0UL, - 0xd86c6cb4UL, 0xac5656faUL, 0xf3f4f407UL, 0xcfeaea25UL, - 0xca6565afUL, 0xf47a7a8eUL, 0x47aeaee9UL, 0x10080818UL, - 0x6fbabad5UL, 0xf0787888UL, 0x4a25256fUL, 0x5c2e2e72UL, - 0x381c1c24UL, 0x57a6a6f1UL, 0x73b4b4c7UL, 0x97c6c651UL, - 0xcbe8e823UL, 0xa1dddd7cUL, 0xe874749cUL, 0x3e1f1f21UL, - 0x964b4bddUL, 0x61bdbddcUL, 0x0d8b8b86UL, 0x0f8a8a85UL, - 0xe0707090UL, 0x7c3e3e42UL, 0x71b5b5c4UL, 0xcc6666aaUL, - 0x904848d8UL, 0x06030305UL, 0xf7f6f601UL, 0x1c0e0e12UL, - 0xc26161a3UL, 0x6a35355fUL, 0xae5757f9UL, 0x69b9b9d0UL, - 0x17868691UL, 0x99c1c158UL, 0x3a1d1d27UL, 0x279e9eb9UL, - 0xd9e1e138UL, 0xebf8f813UL, 0x2b9898b3UL, 0x22111133UL, - 0xd26969bbUL, 0xa9d9d970UL, 0x078e8e89UL, 0x339494a7UL, - 0x2d9b9bb6UL, 0x3c1e1e22UL, 0x15878792UL, 0xc9e9e920UL, - 0x87cece49UL, 0xaa5555ffUL, 0x50282878UL, 0xa5dfdf7aUL, - 0x038c8c8fUL, 0x59a1a1f8UL, 0x09898980UL, 0x1a0d0d17UL, - 0x65bfbfdaUL, 0xd7e6e631UL, 0x844242c6UL, 0xd06868b8UL, - 0x824141c3UL, 0x299999b0UL, 0x5a2d2d77UL, 0x1e0f0f11UL, - 0x7bb0b0cbUL, 0xa85454fcUL, 0x6dbbbbd6UL, 0x2c16163aUL, -}; - -#if !defined(PELI_TAB) && defined(LTC_SMALL_CODE) -static const ulong32 Te4[256] = { - 0x63636363UL, 0x7c7c7c7cUL, 0x77777777UL, 0x7b7b7b7bUL, - 0xf2f2f2f2UL, 0x6b6b6b6bUL, 0x6f6f6f6fUL, 0xc5c5c5c5UL, - 0x30303030UL, 0x01010101UL, 0x67676767UL, 0x2b2b2b2bUL, - 0xfefefefeUL, 0xd7d7d7d7UL, 0xababababUL, 0x76767676UL, - 0xcacacacaUL, 0x82828282UL, 0xc9c9c9c9UL, 0x7d7d7d7dUL, - 0xfafafafaUL, 0x59595959UL, 0x47474747UL, 0xf0f0f0f0UL, - 0xadadadadUL, 0xd4d4d4d4UL, 0xa2a2a2a2UL, 0xafafafafUL, - 0x9c9c9c9cUL, 0xa4a4a4a4UL, 0x72727272UL, 0xc0c0c0c0UL, - 0xb7b7b7b7UL, 0xfdfdfdfdUL, 0x93939393UL, 0x26262626UL, - 0x36363636UL, 0x3f3f3f3fUL, 0xf7f7f7f7UL, 0xccccccccUL, - 0x34343434UL, 0xa5a5a5a5UL, 0xe5e5e5e5UL, 0xf1f1f1f1UL, - 0x71717171UL, 0xd8d8d8d8UL, 0x31313131UL, 0x15151515UL, - 0x04040404UL, 0xc7c7c7c7UL, 0x23232323UL, 0xc3c3c3c3UL, - 0x18181818UL, 0x96969696UL, 0x05050505UL, 0x9a9a9a9aUL, - 0x07070707UL, 0x12121212UL, 0x80808080UL, 0xe2e2e2e2UL, - 0xebebebebUL, 0x27272727UL, 0xb2b2b2b2UL, 0x75757575UL, - 0x09090909UL, 0x83838383UL, 0x2c2c2c2cUL, 0x1a1a1a1aUL, - 0x1b1b1b1bUL, 0x6e6e6e6eUL, 0x5a5a5a5aUL, 0xa0a0a0a0UL, - 0x52525252UL, 0x3b3b3b3bUL, 0xd6d6d6d6UL, 0xb3b3b3b3UL, - 0x29292929UL, 0xe3e3e3e3UL, 0x2f2f2f2fUL, 0x84848484UL, - 0x53535353UL, 0xd1d1d1d1UL, 0x00000000UL, 0xededededUL, - 0x20202020UL, 0xfcfcfcfcUL, 0xb1b1b1b1UL, 0x5b5b5b5bUL, - 0x6a6a6a6aUL, 0xcbcbcbcbUL, 0xbebebebeUL, 0x39393939UL, - 0x4a4a4a4aUL, 0x4c4c4c4cUL, 0x58585858UL, 0xcfcfcfcfUL, - 0xd0d0d0d0UL, 0xefefefefUL, 0xaaaaaaaaUL, 0xfbfbfbfbUL, - 0x43434343UL, 0x4d4d4d4dUL, 0x33333333UL, 0x85858585UL, - 0x45454545UL, 0xf9f9f9f9UL, 0x02020202UL, 0x7f7f7f7fUL, - 0x50505050UL, 0x3c3c3c3cUL, 0x9f9f9f9fUL, 0xa8a8a8a8UL, - 0x51515151UL, 0xa3a3a3a3UL, 0x40404040UL, 0x8f8f8f8fUL, - 0x92929292UL, 0x9d9d9d9dUL, 0x38383838UL, 0xf5f5f5f5UL, - 0xbcbcbcbcUL, 0xb6b6b6b6UL, 0xdadadadaUL, 0x21212121UL, - 0x10101010UL, 0xffffffffUL, 0xf3f3f3f3UL, 0xd2d2d2d2UL, - 0xcdcdcdcdUL, 0x0c0c0c0cUL, 0x13131313UL, 0xececececUL, - 0x5f5f5f5fUL, 0x97979797UL, 0x44444444UL, 0x17171717UL, - 0xc4c4c4c4UL, 0xa7a7a7a7UL, 0x7e7e7e7eUL, 0x3d3d3d3dUL, - 0x64646464UL, 0x5d5d5d5dUL, 0x19191919UL, 0x73737373UL, - 0x60606060UL, 0x81818181UL, 0x4f4f4f4fUL, 0xdcdcdcdcUL, - 0x22222222UL, 0x2a2a2a2aUL, 0x90909090UL, 0x88888888UL, - 0x46464646UL, 0xeeeeeeeeUL, 0xb8b8b8b8UL, 0x14141414UL, - 0xdedededeUL, 0x5e5e5e5eUL, 0x0b0b0b0bUL, 0xdbdbdbdbUL, - 0xe0e0e0e0UL, 0x32323232UL, 0x3a3a3a3aUL, 0x0a0a0a0aUL, - 0x49494949UL, 0x06060606UL, 0x24242424UL, 0x5c5c5c5cUL, - 0xc2c2c2c2UL, 0xd3d3d3d3UL, 0xacacacacUL, 0x62626262UL, - 0x91919191UL, 0x95959595UL, 0xe4e4e4e4UL, 0x79797979UL, - 0xe7e7e7e7UL, 0xc8c8c8c8UL, 0x37373737UL, 0x6d6d6d6dUL, - 0x8d8d8d8dUL, 0xd5d5d5d5UL, 0x4e4e4e4eUL, 0xa9a9a9a9UL, - 0x6c6c6c6cUL, 0x56565656UL, 0xf4f4f4f4UL, 0xeaeaeaeaUL, - 0x65656565UL, 0x7a7a7a7aUL, 0xaeaeaeaeUL, 0x08080808UL, - 0xbabababaUL, 0x78787878UL, 0x25252525UL, 0x2e2e2e2eUL, - 0x1c1c1c1cUL, 0xa6a6a6a6UL, 0xb4b4b4b4UL, 0xc6c6c6c6UL, - 0xe8e8e8e8UL, 0xddddddddUL, 0x74747474UL, 0x1f1f1f1fUL, - 0x4b4b4b4bUL, 0xbdbdbdbdUL, 0x8b8b8b8bUL, 0x8a8a8a8aUL, - 0x70707070UL, 0x3e3e3e3eUL, 0xb5b5b5b5UL, 0x66666666UL, - 0x48484848UL, 0x03030303UL, 0xf6f6f6f6UL, 0x0e0e0e0eUL, - 0x61616161UL, 0x35353535UL, 0x57575757UL, 0xb9b9b9b9UL, - 0x86868686UL, 0xc1c1c1c1UL, 0x1d1d1d1dUL, 0x9e9e9e9eUL, - 0xe1e1e1e1UL, 0xf8f8f8f8UL, 0x98989898UL, 0x11111111UL, - 0x69696969UL, 0xd9d9d9d9UL, 0x8e8e8e8eUL, 0x94949494UL, - 0x9b9b9b9bUL, 0x1e1e1e1eUL, 0x87878787UL, 0xe9e9e9e9UL, - 0xcecececeUL, 0x55555555UL, 0x28282828UL, 0xdfdfdfdfUL, - 0x8c8c8c8cUL, 0xa1a1a1a1UL, 0x89898989UL, 0x0d0d0d0dUL, - 0xbfbfbfbfUL, 0xe6e6e6e6UL, 0x42424242UL, 0x68686868UL, - 0x41414141UL, 0x99999999UL, 0x2d2d2d2dUL, 0x0f0f0f0fUL, - 0xb0b0b0b0UL, 0x54545454UL, 0xbbbbbbbbUL, 0x16161616UL, -}; -#endif - -#ifndef ENCRYPT_ONLY - -static const ulong32 TD0[256] = { - 0x51f4a750UL, 0x7e416553UL, 0x1a17a4c3UL, 0x3a275e96UL, - 0x3bab6bcbUL, 0x1f9d45f1UL, 0xacfa58abUL, 0x4be30393UL, - 0x2030fa55UL, 0xad766df6UL, 0x88cc7691UL, 0xf5024c25UL, - 0x4fe5d7fcUL, 0xc52acbd7UL, 0x26354480UL, 0xb562a38fUL, - 0xdeb15a49UL, 0x25ba1b67UL, 0x45ea0e98UL, 0x5dfec0e1UL, - 0xc32f7502UL, 0x814cf012UL, 0x8d4697a3UL, 0x6bd3f9c6UL, - 0x038f5fe7UL, 0x15929c95UL, 0xbf6d7aebUL, 0x955259daUL, - 0xd4be832dUL, 0x587421d3UL, 0x49e06929UL, 0x8ec9c844UL, - 0x75c2896aUL, 0xf48e7978UL, 0x99583e6bUL, 0x27b971ddUL, - 0xbee14fb6UL, 0xf088ad17UL, 0xc920ac66UL, 0x7dce3ab4UL, - 0x63df4a18UL, 0xe51a3182UL, 0x97513360UL, 0x62537f45UL, - 0xb16477e0UL, 0xbb6bae84UL, 0xfe81a01cUL, 0xf9082b94UL, - 0x70486858UL, 0x8f45fd19UL, 0x94de6c87UL, 0x527bf8b7UL, - 0xab73d323UL, 0x724b02e2UL, 0xe31f8f57UL, 0x6655ab2aUL, - 0xb2eb2807UL, 0x2fb5c203UL, 0x86c57b9aUL, 0xd33708a5UL, - 0x302887f2UL, 0x23bfa5b2UL, 0x02036abaUL, 0xed16825cUL, - 0x8acf1c2bUL, 0xa779b492UL, 0xf307f2f0UL, 0x4e69e2a1UL, - 0x65daf4cdUL, 0x0605bed5UL, 0xd134621fUL, 0xc4a6fe8aUL, - 0x342e539dUL, 0xa2f355a0UL, 0x058ae132UL, 0xa4f6eb75UL, - 0x0b83ec39UL, 0x4060efaaUL, 0x5e719f06UL, 0xbd6e1051UL, - 0x3e218af9UL, 0x96dd063dUL, 0xdd3e05aeUL, 0x4de6bd46UL, - 0x91548db5UL, 0x71c45d05UL, 0x0406d46fUL, 0x605015ffUL, - 0x1998fb24UL, 0xd6bde997UL, 0x894043ccUL, 0x67d99e77UL, - 0xb0e842bdUL, 0x07898b88UL, 0xe7195b38UL, 0x79c8eedbUL, - 0xa17c0a47UL, 0x7c420fe9UL, 0xf8841ec9UL, 0x00000000UL, - 0x09808683UL, 0x322bed48UL, 0x1e1170acUL, 0x6c5a724eUL, - 0xfd0efffbUL, 0x0f853856UL, 0x3daed51eUL, 0x362d3927UL, - 0x0a0fd964UL, 0x685ca621UL, 0x9b5b54d1UL, 0x24362e3aUL, - 0x0c0a67b1UL, 0x9357e70fUL, 0xb4ee96d2UL, 0x1b9b919eUL, - 0x80c0c54fUL, 0x61dc20a2UL, 0x5a774b69UL, 0x1c121a16UL, - 0xe293ba0aUL, 0xc0a02ae5UL, 0x3c22e043UL, 0x121b171dUL, - 0x0e090d0bUL, 0xf28bc7adUL, 0x2db6a8b9UL, 0x141ea9c8UL, - 0x57f11985UL, 0xaf75074cUL, 0xee99ddbbUL, 0xa37f60fdUL, - 0xf701269fUL, 0x5c72f5bcUL, 0x44663bc5UL, 0x5bfb7e34UL, - 0x8b432976UL, 0xcb23c6dcUL, 0xb6edfc68UL, 0xb8e4f163UL, - 0xd731dccaUL, 0x42638510UL, 0x13972240UL, 0x84c61120UL, - 0x854a247dUL, 0xd2bb3df8UL, 0xaef93211UL, 0xc729a16dUL, - 0x1d9e2f4bUL, 0xdcb230f3UL, 0x0d8652ecUL, 0x77c1e3d0UL, - 0x2bb3166cUL, 0xa970b999UL, 0x119448faUL, 0x47e96422UL, - 0xa8fc8cc4UL, 0xa0f03f1aUL, 0x567d2cd8UL, 0x223390efUL, - 0x87494ec7UL, 0xd938d1c1UL, 0x8ccaa2feUL, 0x98d40b36UL, - 0xa6f581cfUL, 0xa57ade28UL, 0xdab78e26UL, 0x3fadbfa4UL, - 0x2c3a9de4UL, 0x5078920dUL, 0x6a5fcc9bUL, 0x547e4662UL, - 0xf68d13c2UL, 0x90d8b8e8UL, 0x2e39f75eUL, 0x82c3aff5UL, - 0x9f5d80beUL, 0x69d0937cUL, 0x6fd52da9UL, 0xcf2512b3UL, - 0xc8ac993bUL, 0x10187da7UL, 0xe89c636eUL, 0xdb3bbb7bUL, - 0xcd267809UL, 0x6e5918f4UL, 0xec9ab701UL, 0x834f9aa8UL, - 0xe6956e65UL, 0xaaffe67eUL, 0x21bccf08UL, 0xef15e8e6UL, - 0xbae79bd9UL, 0x4a6f36ceUL, 0xea9f09d4UL, 0x29b07cd6UL, - 0x31a4b2afUL, 0x2a3f2331UL, 0xc6a59430UL, 0x35a266c0UL, - 0x744ebc37UL, 0xfc82caa6UL, 0xe090d0b0UL, 0x33a7d815UL, - 0xf104984aUL, 0x41ecdaf7UL, 0x7fcd500eUL, 0x1791f62fUL, - 0x764dd68dUL, 0x43efb04dUL, 0xccaa4d54UL, 0xe49604dfUL, - 0x9ed1b5e3UL, 0x4c6a881bUL, 0xc12c1fb8UL, 0x4665517fUL, - 0x9d5eea04UL, 0x018c355dUL, 0xfa877473UL, 0xfb0b412eUL, - 0xb3671d5aUL, 0x92dbd252UL, 0xe9105633UL, 0x6dd64713UL, - 0x9ad7618cUL, 0x37a10c7aUL, 0x59f8148eUL, 0xeb133c89UL, - 0xcea927eeUL, 0xb761c935UL, 0xe11ce5edUL, 0x7a47b13cUL, - 0x9cd2df59UL, 0x55f2733fUL, 0x1814ce79UL, 0x73c737bfUL, - 0x53f7cdeaUL, 0x5ffdaa5bUL, 0xdf3d6f14UL, 0x7844db86UL, - 0xcaaff381UL, 0xb968c43eUL, 0x3824342cUL, 0xc2a3405fUL, - 0x161dc372UL, 0xbce2250cUL, 0x283c498bUL, 0xff0d9541UL, - 0x39a80171UL, 0x080cb3deUL, 0xd8b4e49cUL, 0x6456c190UL, - 0x7bcb8461UL, 0xd532b670UL, 0x486c5c74UL, 0xd0b85742UL, -}; - -static const ulong32 Td4[256] = { - 0x52525252UL, 0x09090909UL, 0x6a6a6a6aUL, 0xd5d5d5d5UL, - 0x30303030UL, 0x36363636UL, 0xa5a5a5a5UL, 0x38383838UL, - 0xbfbfbfbfUL, 0x40404040UL, 0xa3a3a3a3UL, 0x9e9e9e9eUL, - 0x81818181UL, 0xf3f3f3f3UL, 0xd7d7d7d7UL, 0xfbfbfbfbUL, - 0x7c7c7c7cUL, 0xe3e3e3e3UL, 0x39393939UL, 0x82828282UL, - 0x9b9b9b9bUL, 0x2f2f2f2fUL, 0xffffffffUL, 0x87878787UL, - 0x34343434UL, 0x8e8e8e8eUL, 0x43434343UL, 0x44444444UL, - 0xc4c4c4c4UL, 0xdedededeUL, 0xe9e9e9e9UL, 0xcbcbcbcbUL, - 0x54545454UL, 0x7b7b7b7bUL, 0x94949494UL, 0x32323232UL, - 0xa6a6a6a6UL, 0xc2c2c2c2UL, 0x23232323UL, 0x3d3d3d3dUL, - 0xeeeeeeeeUL, 0x4c4c4c4cUL, 0x95959595UL, 0x0b0b0b0bUL, - 0x42424242UL, 0xfafafafaUL, 0xc3c3c3c3UL, 0x4e4e4e4eUL, - 0x08080808UL, 0x2e2e2e2eUL, 0xa1a1a1a1UL, 0x66666666UL, - 0x28282828UL, 0xd9d9d9d9UL, 0x24242424UL, 0xb2b2b2b2UL, - 0x76767676UL, 0x5b5b5b5bUL, 0xa2a2a2a2UL, 0x49494949UL, - 0x6d6d6d6dUL, 0x8b8b8b8bUL, 0xd1d1d1d1UL, 0x25252525UL, - 0x72727272UL, 0xf8f8f8f8UL, 0xf6f6f6f6UL, 0x64646464UL, - 0x86868686UL, 0x68686868UL, 0x98989898UL, 0x16161616UL, - 0xd4d4d4d4UL, 0xa4a4a4a4UL, 0x5c5c5c5cUL, 0xccccccccUL, - 0x5d5d5d5dUL, 0x65656565UL, 0xb6b6b6b6UL, 0x92929292UL, - 0x6c6c6c6cUL, 0x70707070UL, 0x48484848UL, 0x50505050UL, - 0xfdfdfdfdUL, 0xededededUL, 0xb9b9b9b9UL, 0xdadadadaUL, - 0x5e5e5e5eUL, 0x15151515UL, 0x46464646UL, 0x57575757UL, - 0xa7a7a7a7UL, 0x8d8d8d8dUL, 0x9d9d9d9dUL, 0x84848484UL, - 0x90909090UL, 0xd8d8d8d8UL, 0xababababUL, 0x00000000UL, - 0x8c8c8c8cUL, 0xbcbcbcbcUL, 0xd3d3d3d3UL, 0x0a0a0a0aUL, - 0xf7f7f7f7UL, 0xe4e4e4e4UL, 0x58585858UL, 0x05050505UL, - 0xb8b8b8b8UL, 0xb3b3b3b3UL, 0x45454545UL, 0x06060606UL, - 0xd0d0d0d0UL, 0x2c2c2c2cUL, 0x1e1e1e1eUL, 0x8f8f8f8fUL, - 0xcacacacaUL, 0x3f3f3f3fUL, 0x0f0f0f0fUL, 0x02020202UL, - 0xc1c1c1c1UL, 0xafafafafUL, 0xbdbdbdbdUL, 0x03030303UL, - 0x01010101UL, 0x13131313UL, 0x8a8a8a8aUL, 0x6b6b6b6bUL, - 0x3a3a3a3aUL, 0x91919191UL, 0x11111111UL, 0x41414141UL, - 0x4f4f4f4fUL, 0x67676767UL, 0xdcdcdcdcUL, 0xeaeaeaeaUL, - 0x97979797UL, 0xf2f2f2f2UL, 0xcfcfcfcfUL, 0xcecececeUL, - 0xf0f0f0f0UL, 0xb4b4b4b4UL, 0xe6e6e6e6UL, 0x73737373UL, - 0x96969696UL, 0xacacacacUL, 0x74747474UL, 0x22222222UL, - 0xe7e7e7e7UL, 0xadadadadUL, 0x35353535UL, 0x85858585UL, - 0xe2e2e2e2UL, 0xf9f9f9f9UL, 0x37373737UL, 0xe8e8e8e8UL, - 0x1c1c1c1cUL, 0x75757575UL, 0xdfdfdfdfUL, 0x6e6e6e6eUL, - 0x47474747UL, 0xf1f1f1f1UL, 0x1a1a1a1aUL, 0x71717171UL, - 0x1d1d1d1dUL, 0x29292929UL, 0xc5c5c5c5UL, 0x89898989UL, - 0x6f6f6f6fUL, 0xb7b7b7b7UL, 0x62626262UL, 0x0e0e0e0eUL, - 0xaaaaaaaaUL, 0x18181818UL, 0xbebebebeUL, 0x1b1b1b1bUL, - 0xfcfcfcfcUL, 0x56565656UL, 0x3e3e3e3eUL, 0x4b4b4b4bUL, - 0xc6c6c6c6UL, 0xd2d2d2d2UL, 0x79797979UL, 0x20202020UL, - 0x9a9a9a9aUL, 0xdbdbdbdbUL, 0xc0c0c0c0UL, 0xfefefefeUL, - 0x78787878UL, 0xcdcdcdcdUL, 0x5a5a5a5aUL, 0xf4f4f4f4UL, - 0x1f1f1f1fUL, 0xddddddddUL, 0xa8a8a8a8UL, 0x33333333UL, - 0x88888888UL, 0x07070707UL, 0xc7c7c7c7UL, 0x31313131UL, - 0xb1b1b1b1UL, 0x12121212UL, 0x10101010UL, 0x59595959UL, - 0x27272727UL, 0x80808080UL, 0xececececUL, 0x5f5f5f5fUL, - 0x60606060UL, 0x51515151UL, 0x7f7f7f7fUL, 0xa9a9a9a9UL, - 0x19191919UL, 0xb5b5b5b5UL, 0x4a4a4a4aUL, 0x0d0d0d0dUL, - 0x2d2d2d2dUL, 0xe5e5e5e5UL, 0x7a7a7a7aUL, 0x9f9f9f9fUL, - 0x93939393UL, 0xc9c9c9c9UL, 0x9c9c9c9cUL, 0xefefefefUL, - 0xa0a0a0a0UL, 0xe0e0e0e0UL, 0x3b3b3b3bUL, 0x4d4d4d4dUL, - 0xaeaeaeaeUL, 0x2a2a2a2aUL, 0xf5f5f5f5UL, 0xb0b0b0b0UL, - 0xc8c8c8c8UL, 0xebebebebUL, 0xbbbbbbbbUL, 0x3c3c3c3cUL, - 0x83838383UL, 0x53535353UL, 0x99999999UL, 0x61616161UL, - 0x17171717UL, 0x2b2b2b2bUL, 0x04040404UL, 0x7e7e7e7eUL, - 0xbabababaUL, 0x77777777UL, 0xd6d6d6d6UL, 0x26262626UL, - 0xe1e1e1e1UL, 0x69696969UL, 0x14141414UL, 0x63636363UL, - 0x55555555UL, 0x21212121UL, 0x0c0c0c0cUL, 0x7d7d7d7dUL, -}; - -#endif /* ENCRYPT_ONLY */ - -#ifdef LTC_SMALL_CODE - -#define Te0(x) TE0[x] -#define Te1(x) RORc(TE0[x], 8) -#define Te2(x) RORc(TE0[x], 16) -#define Te3(x) RORc(TE0[x], 24) - -#define Td0(x) TD0[x] -#define Td1(x) RORc(TD0[x], 8) -#define Td2(x) RORc(TD0[x], 16) -#define Td3(x) RORc(TD0[x], 24) - -#define Te4_0 0x000000FF & Te4 -#define Te4_1 0x0000FF00 & Te4 -#define Te4_2 0x00FF0000 & Te4 -#define Te4_3 0xFF000000 & Te4 - -#else - -#define Te0(x) TE0[x] -#define Te1(x) TE1[x] -#define Te2(x) TE2[x] -#define Te3(x) TE3[x] - -#define Td0(x) TD0[x] -#define Td1(x) TD1[x] -#define Td2(x) TD2[x] -#define Td3(x) TD3[x] - -static const ulong32 TE1[256] = { - 0xa5c66363UL, 0x84f87c7cUL, 0x99ee7777UL, 0x8df67b7bUL, - 0x0dfff2f2UL, 0xbdd66b6bUL, 0xb1de6f6fUL, 0x5491c5c5UL, - 0x50603030UL, 0x03020101UL, 0xa9ce6767UL, 0x7d562b2bUL, - 0x19e7fefeUL, 0x62b5d7d7UL, 0xe64dababUL, 0x9aec7676UL, - 0x458fcacaUL, 0x9d1f8282UL, 0x4089c9c9UL, 0x87fa7d7dUL, - 0x15effafaUL, 0xebb25959UL, 0xc98e4747UL, 0x0bfbf0f0UL, - 0xec41adadUL, 0x67b3d4d4UL, 0xfd5fa2a2UL, 0xea45afafUL, - 0xbf239c9cUL, 0xf753a4a4UL, 0x96e47272UL, 0x5b9bc0c0UL, - 0xc275b7b7UL, 0x1ce1fdfdUL, 0xae3d9393UL, 0x6a4c2626UL, - 0x5a6c3636UL, 0x417e3f3fUL, 0x02f5f7f7UL, 0x4f83ccccUL, - 0x5c683434UL, 0xf451a5a5UL, 0x34d1e5e5UL, 0x08f9f1f1UL, - 0x93e27171UL, 0x73abd8d8UL, 0x53623131UL, 0x3f2a1515UL, - 0x0c080404UL, 0x5295c7c7UL, 0x65462323UL, 0x5e9dc3c3UL, - 0x28301818UL, 0xa1379696UL, 0x0f0a0505UL, 0xb52f9a9aUL, - 0x090e0707UL, 0x36241212UL, 0x9b1b8080UL, 0x3ddfe2e2UL, - 0x26cdebebUL, 0x694e2727UL, 0xcd7fb2b2UL, 0x9fea7575UL, - 0x1b120909UL, 0x9e1d8383UL, 0x74582c2cUL, 0x2e341a1aUL, - 0x2d361b1bUL, 0xb2dc6e6eUL, 0xeeb45a5aUL, 0xfb5ba0a0UL, - 0xf6a45252UL, 0x4d763b3bUL, 0x61b7d6d6UL, 0xce7db3b3UL, - 0x7b522929UL, 0x3edde3e3UL, 0x715e2f2fUL, 0x97138484UL, - 0xf5a65353UL, 0x68b9d1d1UL, 0x00000000UL, 0x2cc1ededUL, - 0x60402020UL, 0x1fe3fcfcUL, 0xc879b1b1UL, 0xedb65b5bUL, - 0xbed46a6aUL, 0x468dcbcbUL, 0xd967bebeUL, 0x4b723939UL, - 0xde944a4aUL, 0xd4984c4cUL, 0xe8b05858UL, 0x4a85cfcfUL, - 0x6bbbd0d0UL, 0x2ac5efefUL, 0xe54faaaaUL, 0x16edfbfbUL, - 0xc5864343UL, 0xd79a4d4dUL, 0x55663333UL, 0x94118585UL, - 0xcf8a4545UL, 0x10e9f9f9UL, 0x06040202UL, 0x81fe7f7fUL, - 0xf0a05050UL, 0x44783c3cUL, 0xba259f9fUL, 0xe34ba8a8UL, - 0xf3a25151UL, 0xfe5da3a3UL, 0xc0804040UL, 0x8a058f8fUL, - 0xad3f9292UL, 0xbc219d9dUL, 0x48703838UL, 0x04f1f5f5UL, - 0xdf63bcbcUL, 0xc177b6b6UL, 0x75afdadaUL, 0x63422121UL, - 0x30201010UL, 0x1ae5ffffUL, 0x0efdf3f3UL, 0x6dbfd2d2UL, - 0x4c81cdcdUL, 0x14180c0cUL, 0x35261313UL, 0x2fc3ececUL, - 0xe1be5f5fUL, 0xa2359797UL, 0xcc884444UL, 0x392e1717UL, - 0x5793c4c4UL, 0xf255a7a7UL, 0x82fc7e7eUL, 0x477a3d3dUL, - 0xacc86464UL, 0xe7ba5d5dUL, 0x2b321919UL, 0x95e67373UL, - 0xa0c06060UL, 0x98198181UL, 0xd19e4f4fUL, 0x7fa3dcdcUL, - 0x66442222UL, 0x7e542a2aUL, 0xab3b9090UL, 0x830b8888UL, - 0xca8c4646UL, 0x29c7eeeeUL, 0xd36bb8b8UL, 0x3c281414UL, - 0x79a7dedeUL, 0xe2bc5e5eUL, 0x1d160b0bUL, 0x76addbdbUL, - 0x3bdbe0e0UL, 0x56643232UL, 0x4e743a3aUL, 0x1e140a0aUL, - 0xdb924949UL, 0x0a0c0606UL, 0x6c482424UL, 0xe4b85c5cUL, - 0x5d9fc2c2UL, 0x6ebdd3d3UL, 0xef43acacUL, 0xa6c46262UL, - 0xa8399191UL, 0xa4319595UL, 0x37d3e4e4UL, 0x8bf27979UL, - 0x32d5e7e7UL, 0x438bc8c8UL, 0x596e3737UL, 0xb7da6d6dUL, - 0x8c018d8dUL, 0x64b1d5d5UL, 0xd29c4e4eUL, 0xe049a9a9UL, - 0xb4d86c6cUL, 0xfaac5656UL, 0x07f3f4f4UL, 0x25cfeaeaUL, - 0xafca6565UL, 0x8ef47a7aUL, 0xe947aeaeUL, 0x18100808UL, - 0xd56fbabaUL, 0x88f07878UL, 0x6f4a2525UL, 0x725c2e2eUL, - 0x24381c1cUL, 0xf157a6a6UL, 0xc773b4b4UL, 0x5197c6c6UL, - 0x23cbe8e8UL, 0x7ca1ddddUL, 0x9ce87474UL, 0x213e1f1fUL, - 0xdd964b4bUL, 0xdc61bdbdUL, 0x860d8b8bUL, 0x850f8a8aUL, - 0x90e07070UL, 0x427c3e3eUL, 0xc471b5b5UL, 0xaacc6666UL, - 0xd8904848UL, 0x05060303UL, 0x01f7f6f6UL, 0x121c0e0eUL, - 0xa3c26161UL, 0x5f6a3535UL, 0xf9ae5757UL, 0xd069b9b9UL, - 0x91178686UL, 0x5899c1c1UL, 0x273a1d1dUL, 0xb9279e9eUL, - 0x38d9e1e1UL, 0x13ebf8f8UL, 0xb32b9898UL, 0x33221111UL, - 0xbbd26969UL, 0x70a9d9d9UL, 0x89078e8eUL, 0xa7339494UL, - 0xb62d9b9bUL, 0x223c1e1eUL, 0x92158787UL, 0x20c9e9e9UL, - 0x4987ceceUL, 0xffaa5555UL, 0x78502828UL, 0x7aa5dfdfUL, - 0x8f038c8cUL, 0xf859a1a1UL, 0x80098989UL, 0x171a0d0dUL, - 0xda65bfbfUL, 0x31d7e6e6UL, 0xc6844242UL, 0xb8d06868UL, - 0xc3824141UL, 0xb0299999UL, 0x775a2d2dUL, 0x111e0f0fUL, - 0xcb7bb0b0UL, 0xfca85454UL, 0xd66dbbbbUL, 0x3a2c1616UL, -}; -static const ulong32 TE2[256] = { - 0x63a5c663UL, 0x7c84f87cUL, 0x7799ee77UL, 0x7b8df67bUL, - 0xf20dfff2UL, 0x6bbdd66bUL, 0x6fb1de6fUL, 0xc55491c5UL, - 0x30506030UL, 0x01030201UL, 0x67a9ce67UL, 0x2b7d562bUL, - 0xfe19e7feUL, 0xd762b5d7UL, 0xabe64dabUL, 0x769aec76UL, - 0xca458fcaUL, 0x829d1f82UL, 0xc94089c9UL, 0x7d87fa7dUL, - 0xfa15effaUL, 0x59ebb259UL, 0x47c98e47UL, 0xf00bfbf0UL, - 0xadec41adUL, 0xd467b3d4UL, 0xa2fd5fa2UL, 0xafea45afUL, - 0x9cbf239cUL, 0xa4f753a4UL, 0x7296e472UL, 0xc05b9bc0UL, - 0xb7c275b7UL, 0xfd1ce1fdUL, 0x93ae3d93UL, 0x266a4c26UL, - 0x365a6c36UL, 0x3f417e3fUL, 0xf702f5f7UL, 0xcc4f83ccUL, - 0x345c6834UL, 0xa5f451a5UL, 0xe534d1e5UL, 0xf108f9f1UL, - 0x7193e271UL, 0xd873abd8UL, 0x31536231UL, 0x153f2a15UL, - 0x040c0804UL, 0xc75295c7UL, 0x23654623UL, 0xc35e9dc3UL, - 0x18283018UL, 0x96a13796UL, 0x050f0a05UL, 0x9ab52f9aUL, - 0x07090e07UL, 0x12362412UL, 0x809b1b80UL, 0xe23ddfe2UL, - 0xeb26cdebUL, 0x27694e27UL, 0xb2cd7fb2UL, 0x759fea75UL, - 0x091b1209UL, 0x839e1d83UL, 0x2c74582cUL, 0x1a2e341aUL, - 0x1b2d361bUL, 0x6eb2dc6eUL, 0x5aeeb45aUL, 0xa0fb5ba0UL, - 0x52f6a452UL, 0x3b4d763bUL, 0xd661b7d6UL, 0xb3ce7db3UL, - 0x297b5229UL, 0xe33edde3UL, 0x2f715e2fUL, 0x84971384UL, - 0x53f5a653UL, 0xd168b9d1UL, 0x00000000UL, 0xed2cc1edUL, - 0x20604020UL, 0xfc1fe3fcUL, 0xb1c879b1UL, 0x5bedb65bUL, - 0x6abed46aUL, 0xcb468dcbUL, 0xbed967beUL, 0x394b7239UL, - 0x4ade944aUL, 0x4cd4984cUL, 0x58e8b058UL, 0xcf4a85cfUL, - 0xd06bbbd0UL, 0xef2ac5efUL, 0xaae54faaUL, 0xfb16edfbUL, - 0x43c58643UL, 0x4dd79a4dUL, 0x33556633UL, 0x85941185UL, - 0x45cf8a45UL, 0xf910e9f9UL, 0x02060402UL, 0x7f81fe7fUL, - 0x50f0a050UL, 0x3c44783cUL, 0x9fba259fUL, 0xa8e34ba8UL, - 0x51f3a251UL, 0xa3fe5da3UL, 0x40c08040UL, 0x8f8a058fUL, - 0x92ad3f92UL, 0x9dbc219dUL, 0x38487038UL, 0xf504f1f5UL, - 0xbcdf63bcUL, 0xb6c177b6UL, 0xda75afdaUL, 0x21634221UL, - 0x10302010UL, 0xff1ae5ffUL, 0xf30efdf3UL, 0xd26dbfd2UL, - 0xcd4c81cdUL, 0x0c14180cUL, 0x13352613UL, 0xec2fc3ecUL, - 0x5fe1be5fUL, 0x97a23597UL, 0x44cc8844UL, 0x17392e17UL, - 0xc45793c4UL, 0xa7f255a7UL, 0x7e82fc7eUL, 0x3d477a3dUL, - 0x64acc864UL, 0x5de7ba5dUL, 0x192b3219UL, 0x7395e673UL, - 0x60a0c060UL, 0x81981981UL, 0x4fd19e4fUL, 0xdc7fa3dcUL, - 0x22664422UL, 0x2a7e542aUL, 0x90ab3b90UL, 0x88830b88UL, - 0x46ca8c46UL, 0xee29c7eeUL, 0xb8d36bb8UL, 0x143c2814UL, - 0xde79a7deUL, 0x5ee2bc5eUL, 0x0b1d160bUL, 0xdb76addbUL, - 0xe03bdbe0UL, 0x32566432UL, 0x3a4e743aUL, 0x0a1e140aUL, - 0x49db9249UL, 0x060a0c06UL, 0x246c4824UL, 0x5ce4b85cUL, - 0xc25d9fc2UL, 0xd36ebdd3UL, 0xacef43acUL, 0x62a6c462UL, - 0x91a83991UL, 0x95a43195UL, 0xe437d3e4UL, 0x798bf279UL, - 0xe732d5e7UL, 0xc8438bc8UL, 0x37596e37UL, 0x6db7da6dUL, - 0x8d8c018dUL, 0xd564b1d5UL, 0x4ed29c4eUL, 0xa9e049a9UL, - 0x6cb4d86cUL, 0x56faac56UL, 0xf407f3f4UL, 0xea25cfeaUL, - 0x65afca65UL, 0x7a8ef47aUL, 0xaee947aeUL, 0x08181008UL, - 0xbad56fbaUL, 0x7888f078UL, 0x256f4a25UL, 0x2e725c2eUL, - 0x1c24381cUL, 0xa6f157a6UL, 0xb4c773b4UL, 0xc65197c6UL, - 0xe823cbe8UL, 0xdd7ca1ddUL, 0x749ce874UL, 0x1f213e1fUL, - 0x4bdd964bUL, 0xbddc61bdUL, 0x8b860d8bUL, 0x8a850f8aUL, - 0x7090e070UL, 0x3e427c3eUL, 0xb5c471b5UL, 0x66aacc66UL, - 0x48d89048UL, 0x03050603UL, 0xf601f7f6UL, 0x0e121c0eUL, - 0x61a3c261UL, 0x355f6a35UL, 0x57f9ae57UL, 0xb9d069b9UL, - 0x86911786UL, 0xc15899c1UL, 0x1d273a1dUL, 0x9eb9279eUL, - 0xe138d9e1UL, 0xf813ebf8UL, 0x98b32b98UL, 0x11332211UL, - 0x69bbd269UL, 0xd970a9d9UL, 0x8e89078eUL, 0x94a73394UL, - 0x9bb62d9bUL, 0x1e223c1eUL, 0x87921587UL, 0xe920c9e9UL, - 0xce4987ceUL, 0x55ffaa55UL, 0x28785028UL, 0xdf7aa5dfUL, - 0x8c8f038cUL, 0xa1f859a1UL, 0x89800989UL, 0x0d171a0dUL, - 0xbfda65bfUL, 0xe631d7e6UL, 0x42c68442UL, 0x68b8d068UL, - 0x41c38241UL, 0x99b02999UL, 0x2d775a2dUL, 0x0f111e0fUL, - 0xb0cb7bb0UL, 0x54fca854UL, 0xbbd66dbbUL, 0x163a2c16UL, -}; -static const ulong32 TE3[256] = { - - 0x6363a5c6UL, 0x7c7c84f8UL, 0x777799eeUL, 0x7b7b8df6UL, - 0xf2f20dffUL, 0x6b6bbdd6UL, 0x6f6fb1deUL, 0xc5c55491UL, - 0x30305060UL, 0x01010302UL, 0x6767a9ceUL, 0x2b2b7d56UL, - 0xfefe19e7UL, 0xd7d762b5UL, 0xababe64dUL, 0x76769aecUL, - 0xcaca458fUL, 0x82829d1fUL, 0xc9c94089UL, 0x7d7d87faUL, - 0xfafa15efUL, 0x5959ebb2UL, 0x4747c98eUL, 0xf0f00bfbUL, - 0xadadec41UL, 0xd4d467b3UL, 0xa2a2fd5fUL, 0xafafea45UL, - 0x9c9cbf23UL, 0xa4a4f753UL, 0x727296e4UL, 0xc0c05b9bUL, - 0xb7b7c275UL, 0xfdfd1ce1UL, 0x9393ae3dUL, 0x26266a4cUL, - 0x36365a6cUL, 0x3f3f417eUL, 0xf7f702f5UL, 0xcccc4f83UL, - 0x34345c68UL, 0xa5a5f451UL, 0xe5e534d1UL, 0xf1f108f9UL, - 0x717193e2UL, 0xd8d873abUL, 0x31315362UL, 0x15153f2aUL, - 0x04040c08UL, 0xc7c75295UL, 0x23236546UL, 0xc3c35e9dUL, - 0x18182830UL, 0x9696a137UL, 0x05050f0aUL, 0x9a9ab52fUL, - 0x0707090eUL, 0x12123624UL, 0x80809b1bUL, 0xe2e23ddfUL, - 0xebeb26cdUL, 0x2727694eUL, 0xb2b2cd7fUL, 0x75759feaUL, - 0x09091b12UL, 0x83839e1dUL, 0x2c2c7458UL, 0x1a1a2e34UL, - 0x1b1b2d36UL, 0x6e6eb2dcUL, 0x5a5aeeb4UL, 0xa0a0fb5bUL, - 0x5252f6a4UL, 0x3b3b4d76UL, 0xd6d661b7UL, 0xb3b3ce7dUL, - 0x29297b52UL, 0xe3e33eddUL, 0x2f2f715eUL, 0x84849713UL, - 0x5353f5a6UL, 0xd1d168b9UL, 0x00000000UL, 0xeded2cc1UL, - 0x20206040UL, 0xfcfc1fe3UL, 0xb1b1c879UL, 0x5b5bedb6UL, - 0x6a6abed4UL, 0xcbcb468dUL, 0xbebed967UL, 0x39394b72UL, - 0x4a4ade94UL, 0x4c4cd498UL, 0x5858e8b0UL, 0xcfcf4a85UL, - 0xd0d06bbbUL, 0xefef2ac5UL, 0xaaaae54fUL, 0xfbfb16edUL, - 0x4343c586UL, 0x4d4dd79aUL, 0x33335566UL, 0x85859411UL, - 0x4545cf8aUL, 0xf9f910e9UL, 0x02020604UL, 0x7f7f81feUL, - 0x5050f0a0UL, 0x3c3c4478UL, 0x9f9fba25UL, 0xa8a8e34bUL, - 0x5151f3a2UL, 0xa3a3fe5dUL, 0x4040c080UL, 0x8f8f8a05UL, - 0x9292ad3fUL, 0x9d9dbc21UL, 0x38384870UL, 0xf5f504f1UL, - 0xbcbcdf63UL, 0xb6b6c177UL, 0xdada75afUL, 0x21216342UL, - 0x10103020UL, 0xffff1ae5UL, 0xf3f30efdUL, 0xd2d26dbfUL, - 0xcdcd4c81UL, 0x0c0c1418UL, 0x13133526UL, 0xecec2fc3UL, - 0x5f5fe1beUL, 0x9797a235UL, 0x4444cc88UL, 0x1717392eUL, - 0xc4c45793UL, 0xa7a7f255UL, 0x7e7e82fcUL, 0x3d3d477aUL, - 0x6464acc8UL, 0x5d5de7baUL, 0x19192b32UL, 0x737395e6UL, - 0x6060a0c0UL, 0x81819819UL, 0x4f4fd19eUL, 0xdcdc7fa3UL, - 0x22226644UL, 0x2a2a7e54UL, 0x9090ab3bUL, 0x8888830bUL, - 0x4646ca8cUL, 0xeeee29c7UL, 0xb8b8d36bUL, 0x14143c28UL, - 0xdede79a7UL, 0x5e5ee2bcUL, 0x0b0b1d16UL, 0xdbdb76adUL, - 0xe0e03bdbUL, 0x32325664UL, 0x3a3a4e74UL, 0x0a0a1e14UL, - 0x4949db92UL, 0x06060a0cUL, 0x24246c48UL, 0x5c5ce4b8UL, - 0xc2c25d9fUL, 0xd3d36ebdUL, 0xacacef43UL, 0x6262a6c4UL, - 0x9191a839UL, 0x9595a431UL, 0xe4e437d3UL, 0x79798bf2UL, - 0xe7e732d5UL, 0xc8c8438bUL, 0x3737596eUL, 0x6d6db7daUL, - 0x8d8d8c01UL, 0xd5d564b1UL, 0x4e4ed29cUL, 0xa9a9e049UL, - 0x6c6cb4d8UL, 0x5656faacUL, 0xf4f407f3UL, 0xeaea25cfUL, - 0x6565afcaUL, 0x7a7a8ef4UL, 0xaeaee947UL, 0x08081810UL, - 0xbabad56fUL, 0x787888f0UL, 0x25256f4aUL, 0x2e2e725cUL, - 0x1c1c2438UL, 0xa6a6f157UL, 0xb4b4c773UL, 0xc6c65197UL, - 0xe8e823cbUL, 0xdddd7ca1UL, 0x74749ce8UL, 0x1f1f213eUL, - 0x4b4bdd96UL, 0xbdbddc61UL, 0x8b8b860dUL, 0x8a8a850fUL, - 0x707090e0UL, 0x3e3e427cUL, 0xb5b5c471UL, 0x6666aaccUL, - 0x4848d890UL, 0x03030506UL, 0xf6f601f7UL, 0x0e0e121cUL, - 0x6161a3c2UL, 0x35355f6aUL, 0x5757f9aeUL, 0xb9b9d069UL, - 0x86869117UL, 0xc1c15899UL, 0x1d1d273aUL, 0x9e9eb927UL, - 0xe1e138d9UL, 0xf8f813ebUL, 0x9898b32bUL, 0x11113322UL, - 0x6969bbd2UL, 0xd9d970a9UL, 0x8e8e8907UL, 0x9494a733UL, - 0x9b9bb62dUL, 0x1e1e223cUL, 0x87879215UL, 0xe9e920c9UL, - 0xcece4987UL, 0x5555ffaaUL, 0x28287850UL, 0xdfdf7aa5UL, - 0x8c8c8f03UL, 0xa1a1f859UL, 0x89898009UL, 0x0d0d171aUL, - 0xbfbfda65UL, 0xe6e631d7UL, 0x4242c684UL, 0x6868b8d0UL, - 0x4141c382UL, 0x9999b029UL, 0x2d2d775aUL, 0x0f0f111eUL, - 0xb0b0cb7bUL, 0x5454fca8UL, 0xbbbbd66dUL, 0x16163a2cUL, -}; - -#ifndef PELI_TAB -static const ulong32 Te4_0[] = { -0x00000063UL, 0x0000007cUL, 0x00000077UL, 0x0000007bUL, 0x000000f2UL, 0x0000006bUL, 0x0000006fUL, 0x000000c5UL, -0x00000030UL, 0x00000001UL, 0x00000067UL, 0x0000002bUL, 0x000000feUL, 0x000000d7UL, 0x000000abUL, 0x00000076UL, -0x000000caUL, 0x00000082UL, 0x000000c9UL, 0x0000007dUL, 0x000000faUL, 0x00000059UL, 0x00000047UL, 0x000000f0UL, -0x000000adUL, 0x000000d4UL, 0x000000a2UL, 0x000000afUL, 0x0000009cUL, 0x000000a4UL, 0x00000072UL, 0x000000c0UL, -0x000000b7UL, 0x000000fdUL, 0x00000093UL, 0x00000026UL, 0x00000036UL, 0x0000003fUL, 0x000000f7UL, 0x000000ccUL, -0x00000034UL, 0x000000a5UL, 0x000000e5UL, 0x000000f1UL, 0x00000071UL, 0x000000d8UL, 0x00000031UL, 0x00000015UL, -0x00000004UL, 0x000000c7UL, 0x00000023UL, 0x000000c3UL, 0x00000018UL, 0x00000096UL, 0x00000005UL, 0x0000009aUL, -0x00000007UL, 0x00000012UL, 0x00000080UL, 0x000000e2UL, 0x000000ebUL, 0x00000027UL, 0x000000b2UL, 0x00000075UL, -0x00000009UL, 0x00000083UL, 0x0000002cUL, 0x0000001aUL, 0x0000001bUL, 0x0000006eUL, 0x0000005aUL, 0x000000a0UL, -0x00000052UL, 0x0000003bUL, 0x000000d6UL, 0x000000b3UL, 0x00000029UL, 0x000000e3UL, 0x0000002fUL, 0x00000084UL, -0x00000053UL, 0x000000d1UL, 0x00000000UL, 0x000000edUL, 0x00000020UL, 0x000000fcUL, 0x000000b1UL, 0x0000005bUL, -0x0000006aUL, 0x000000cbUL, 0x000000beUL, 0x00000039UL, 0x0000004aUL, 0x0000004cUL, 0x00000058UL, 0x000000cfUL, -0x000000d0UL, 0x000000efUL, 0x000000aaUL, 0x000000fbUL, 0x00000043UL, 0x0000004dUL, 0x00000033UL, 0x00000085UL, -0x00000045UL, 0x000000f9UL, 0x00000002UL, 0x0000007fUL, 0x00000050UL, 0x0000003cUL, 0x0000009fUL, 0x000000a8UL, -0x00000051UL, 0x000000a3UL, 0x00000040UL, 0x0000008fUL, 0x00000092UL, 0x0000009dUL, 0x00000038UL, 0x000000f5UL, -0x000000bcUL, 0x000000b6UL, 0x000000daUL, 0x00000021UL, 0x00000010UL, 0x000000ffUL, 0x000000f3UL, 0x000000d2UL, -0x000000cdUL, 0x0000000cUL, 0x00000013UL, 0x000000ecUL, 0x0000005fUL, 0x00000097UL, 0x00000044UL, 0x00000017UL, -0x000000c4UL, 0x000000a7UL, 0x0000007eUL, 0x0000003dUL, 0x00000064UL, 0x0000005dUL, 0x00000019UL, 0x00000073UL, -0x00000060UL, 0x00000081UL, 0x0000004fUL, 0x000000dcUL, 0x00000022UL, 0x0000002aUL, 0x00000090UL, 0x00000088UL, -0x00000046UL, 0x000000eeUL, 0x000000b8UL, 0x00000014UL, 0x000000deUL, 0x0000005eUL, 0x0000000bUL, 0x000000dbUL, -0x000000e0UL, 0x00000032UL, 0x0000003aUL, 0x0000000aUL, 0x00000049UL, 0x00000006UL, 0x00000024UL, 0x0000005cUL, -0x000000c2UL, 0x000000d3UL, 0x000000acUL, 0x00000062UL, 0x00000091UL, 0x00000095UL, 0x000000e4UL, 0x00000079UL, -0x000000e7UL, 0x000000c8UL, 0x00000037UL, 0x0000006dUL, 0x0000008dUL, 0x000000d5UL, 0x0000004eUL, 0x000000a9UL, -0x0000006cUL, 0x00000056UL, 0x000000f4UL, 0x000000eaUL, 0x00000065UL, 0x0000007aUL, 0x000000aeUL, 0x00000008UL, -0x000000baUL, 0x00000078UL, 0x00000025UL, 0x0000002eUL, 0x0000001cUL, 0x000000a6UL, 0x000000b4UL, 0x000000c6UL, -0x000000e8UL, 0x000000ddUL, 0x00000074UL, 0x0000001fUL, 0x0000004bUL, 0x000000bdUL, 0x0000008bUL, 0x0000008aUL, -0x00000070UL, 0x0000003eUL, 0x000000b5UL, 0x00000066UL, 0x00000048UL, 0x00000003UL, 0x000000f6UL, 0x0000000eUL, -0x00000061UL, 0x00000035UL, 0x00000057UL, 0x000000b9UL, 0x00000086UL, 0x000000c1UL, 0x0000001dUL, 0x0000009eUL, -0x000000e1UL, 0x000000f8UL, 0x00000098UL, 0x00000011UL, 0x00000069UL, 0x000000d9UL, 0x0000008eUL, 0x00000094UL, -0x0000009bUL, 0x0000001eUL, 0x00000087UL, 0x000000e9UL, 0x000000ceUL, 0x00000055UL, 0x00000028UL, 0x000000dfUL, -0x0000008cUL, 0x000000a1UL, 0x00000089UL, 0x0000000dUL, 0x000000bfUL, 0x000000e6UL, 0x00000042UL, 0x00000068UL, -0x00000041UL, 0x00000099UL, 0x0000002dUL, 0x0000000fUL, 0x000000b0UL, 0x00000054UL, 0x000000bbUL, 0x00000016UL -}; - -static const ulong32 Te4_1[] = { -0x00006300UL, 0x00007c00UL, 0x00007700UL, 0x00007b00UL, 0x0000f200UL, 0x00006b00UL, 0x00006f00UL, 0x0000c500UL, -0x00003000UL, 0x00000100UL, 0x00006700UL, 0x00002b00UL, 0x0000fe00UL, 0x0000d700UL, 0x0000ab00UL, 0x00007600UL, -0x0000ca00UL, 0x00008200UL, 0x0000c900UL, 0x00007d00UL, 0x0000fa00UL, 0x00005900UL, 0x00004700UL, 0x0000f000UL, -0x0000ad00UL, 0x0000d400UL, 0x0000a200UL, 0x0000af00UL, 0x00009c00UL, 0x0000a400UL, 0x00007200UL, 0x0000c000UL, -0x0000b700UL, 0x0000fd00UL, 0x00009300UL, 0x00002600UL, 0x00003600UL, 0x00003f00UL, 0x0000f700UL, 0x0000cc00UL, -0x00003400UL, 0x0000a500UL, 0x0000e500UL, 0x0000f100UL, 0x00007100UL, 0x0000d800UL, 0x00003100UL, 0x00001500UL, -0x00000400UL, 0x0000c700UL, 0x00002300UL, 0x0000c300UL, 0x00001800UL, 0x00009600UL, 0x00000500UL, 0x00009a00UL, -0x00000700UL, 0x00001200UL, 0x00008000UL, 0x0000e200UL, 0x0000eb00UL, 0x00002700UL, 0x0000b200UL, 0x00007500UL, -0x00000900UL, 0x00008300UL, 0x00002c00UL, 0x00001a00UL, 0x00001b00UL, 0x00006e00UL, 0x00005a00UL, 0x0000a000UL, -0x00005200UL, 0x00003b00UL, 0x0000d600UL, 0x0000b300UL, 0x00002900UL, 0x0000e300UL, 0x00002f00UL, 0x00008400UL, -0x00005300UL, 0x0000d100UL, 0x00000000UL, 0x0000ed00UL, 0x00002000UL, 0x0000fc00UL, 0x0000b100UL, 0x00005b00UL, -0x00006a00UL, 0x0000cb00UL, 0x0000be00UL, 0x00003900UL, 0x00004a00UL, 0x00004c00UL, 0x00005800UL, 0x0000cf00UL, -0x0000d000UL, 0x0000ef00UL, 0x0000aa00UL, 0x0000fb00UL, 0x00004300UL, 0x00004d00UL, 0x00003300UL, 0x00008500UL, -0x00004500UL, 0x0000f900UL, 0x00000200UL, 0x00007f00UL, 0x00005000UL, 0x00003c00UL, 0x00009f00UL, 0x0000a800UL, -0x00005100UL, 0x0000a300UL, 0x00004000UL, 0x00008f00UL, 0x00009200UL, 0x00009d00UL, 0x00003800UL, 0x0000f500UL, -0x0000bc00UL, 0x0000b600UL, 0x0000da00UL, 0x00002100UL, 0x00001000UL, 0x0000ff00UL, 0x0000f300UL, 0x0000d200UL, -0x0000cd00UL, 0x00000c00UL, 0x00001300UL, 0x0000ec00UL, 0x00005f00UL, 0x00009700UL, 0x00004400UL, 0x00001700UL, -0x0000c400UL, 0x0000a700UL, 0x00007e00UL, 0x00003d00UL, 0x00006400UL, 0x00005d00UL, 0x00001900UL, 0x00007300UL, -0x00006000UL, 0x00008100UL, 0x00004f00UL, 0x0000dc00UL, 0x00002200UL, 0x00002a00UL, 0x00009000UL, 0x00008800UL, -0x00004600UL, 0x0000ee00UL, 0x0000b800UL, 0x00001400UL, 0x0000de00UL, 0x00005e00UL, 0x00000b00UL, 0x0000db00UL, -0x0000e000UL, 0x00003200UL, 0x00003a00UL, 0x00000a00UL, 0x00004900UL, 0x00000600UL, 0x00002400UL, 0x00005c00UL, -0x0000c200UL, 0x0000d300UL, 0x0000ac00UL, 0x00006200UL, 0x00009100UL, 0x00009500UL, 0x0000e400UL, 0x00007900UL, -0x0000e700UL, 0x0000c800UL, 0x00003700UL, 0x00006d00UL, 0x00008d00UL, 0x0000d500UL, 0x00004e00UL, 0x0000a900UL, -0x00006c00UL, 0x00005600UL, 0x0000f400UL, 0x0000ea00UL, 0x00006500UL, 0x00007a00UL, 0x0000ae00UL, 0x00000800UL, -0x0000ba00UL, 0x00007800UL, 0x00002500UL, 0x00002e00UL, 0x00001c00UL, 0x0000a600UL, 0x0000b400UL, 0x0000c600UL, -0x0000e800UL, 0x0000dd00UL, 0x00007400UL, 0x00001f00UL, 0x00004b00UL, 0x0000bd00UL, 0x00008b00UL, 0x00008a00UL, -0x00007000UL, 0x00003e00UL, 0x0000b500UL, 0x00006600UL, 0x00004800UL, 0x00000300UL, 0x0000f600UL, 0x00000e00UL, -0x00006100UL, 0x00003500UL, 0x00005700UL, 0x0000b900UL, 0x00008600UL, 0x0000c100UL, 0x00001d00UL, 0x00009e00UL, -0x0000e100UL, 0x0000f800UL, 0x00009800UL, 0x00001100UL, 0x00006900UL, 0x0000d900UL, 0x00008e00UL, 0x00009400UL, -0x00009b00UL, 0x00001e00UL, 0x00008700UL, 0x0000e900UL, 0x0000ce00UL, 0x00005500UL, 0x00002800UL, 0x0000df00UL, -0x00008c00UL, 0x0000a100UL, 0x00008900UL, 0x00000d00UL, 0x0000bf00UL, 0x0000e600UL, 0x00004200UL, 0x00006800UL, -0x00004100UL, 0x00009900UL, 0x00002d00UL, 0x00000f00UL, 0x0000b000UL, 0x00005400UL, 0x0000bb00UL, 0x00001600UL -}; - -static const ulong32 Te4_2[] = { -0x00630000UL, 0x007c0000UL, 0x00770000UL, 0x007b0000UL, 0x00f20000UL, 0x006b0000UL, 0x006f0000UL, 0x00c50000UL, -0x00300000UL, 0x00010000UL, 0x00670000UL, 0x002b0000UL, 0x00fe0000UL, 0x00d70000UL, 0x00ab0000UL, 0x00760000UL, -0x00ca0000UL, 0x00820000UL, 0x00c90000UL, 0x007d0000UL, 0x00fa0000UL, 0x00590000UL, 0x00470000UL, 0x00f00000UL, -0x00ad0000UL, 0x00d40000UL, 0x00a20000UL, 0x00af0000UL, 0x009c0000UL, 0x00a40000UL, 0x00720000UL, 0x00c00000UL, -0x00b70000UL, 0x00fd0000UL, 0x00930000UL, 0x00260000UL, 0x00360000UL, 0x003f0000UL, 0x00f70000UL, 0x00cc0000UL, -0x00340000UL, 0x00a50000UL, 0x00e50000UL, 0x00f10000UL, 0x00710000UL, 0x00d80000UL, 0x00310000UL, 0x00150000UL, -0x00040000UL, 0x00c70000UL, 0x00230000UL, 0x00c30000UL, 0x00180000UL, 0x00960000UL, 0x00050000UL, 0x009a0000UL, -0x00070000UL, 0x00120000UL, 0x00800000UL, 0x00e20000UL, 0x00eb0000UL, 0x00270000UL, 0x00b20000UL, 0x00750000UL, -0x00090000UL, 0x00830000UL, 0x002c0000UL, 0x001a0000UL, 0x001b0000UL, 0x006e0000UL, 0x005a0000UL, 0x00a00000UL, -0x00520000UL, 0x003b0000UL, 0x00d60000UL, 0x00b30000UL, 0x00290000UL, 0x00e30000UL, 0x002f0000UL, 0x00840000UL, -0x00530000UL, 0x00d10000UL, 0x00000000UL, 0x00ed0000UL, 0x00200000UL, 0x00fc0000UL, 0x00b10000UL, 0x005b0000UL, -0x006a0000UL, 0x00cb0000UL, 0x00be0000UL, 0x00390000UL, 0x004a0000UL, 0x004c0000UL, 0x00580000UL, 0x00cf0000UL, -0x00d00000UL, 0x00ef0000UL, 0x00aa0000UL, 0x00fb0000UL, 0x00430000UL, 0x004d0000UL, 0x00330000UL, 0x00850000UL, -0x00450000UL, 0x00f90000UL, 0x00020000UL, 0x007f0000UL, 0x00500000UL, 0x003c0000UL, 0x009f0000UL, 0x00a80000UL, -0x00510000UL, 0x00a30000UL, 0x00400000UL, 0x008f0000UL, 0x00920000UL, 0x009d0000UL, 0x00380000UL, 0x00f50000UL, -0x00bc0000UL, 0x00b60000UL, 0x00da0000UL, 0x00210000UL, 0x00100000UL, 0x00ff0000UL, 0x00f30000UL, 0x00d20000UL, -0x00cd0000UL, 0x000c0000UL, 0x00130000UL, 0x00ec0000UL, 0x005f0000UL, 0x00970000UL, 0x00440000UL, 0x00170000UL, -0x00c40000UL, 0x00a70000UL, 0x007e0000UL, 0x003d0000UL, 0x00640000UL, 0x005d0000UL, 0x00190000UL, 0x00730000UL, -0x00600000UL, 0x00810000UL, 0x004f0000UL, 0x00dc0000UL, 0x00220000UL, 0x002a0000UL, 0x00900000UL, 0x00880000UL, -0x00460000UL, 0x00ee0000UL, 0x00b80000UL, 0x00140000UL, 0x00de0000UL, 0x005e0000UL, 0x000b0000UL, 0x00db0000UL, -0x00e00000UL, 0x00320000UL, 0x003a0000UL, 0x000a0000UL, 0x00490000UL, 0x00060000UL, 0x00240000UL, 0x005c0000UL, -0x00c20000UL, 0x00d30000UL, 0x00ac0000UL, 0x00620000UL, 0x00910000UL, 0x00950000UL, 0x00e40000UL, 0x00790000UL, -0x00e70000UL, 0x00c80000UL, 0x00370000UL, 0x006d0000UL, 0x008d0000UL, 0x00d50000UL, 0x004e0000UL, 0x00a90000UL, -0x006c0000UL, 0x00560000UL, 0x00f40000UL, 0x00ea0000UL, 0x00650000UL, 0x007a0000UL, 0x00ae0000UL, 0x00080000UL, -0x00ba0000UL, 0x00780000UL, 0x00250000UL, 0x002e0000UL, 0x001c0000UL, 0x00a60000UL, 0x00b40000UL, 0x00c60000UL, -0x00e80000UL, 0x00dd0000UL, 0x00740000UL, 0x001f0000UL, 0x004b0000UL, 0x00bd0000UL, 0x008b0000UL, 0x008a0000UL, -0x00700000UL, 0x003e0000UL, 0x00b50000UL, 0x00660000UL, 0x00480000UL, 0x00030000UL, 0x00f60000UL, 0x000e0000UL, -0x00610000UL, 0x00350000UL, 0x00570000UL, 0x00b90000UL, 0x00860000UL, 0x00c10000UL, 0x001d0000UL, 0x009e0000UL, -0x00e10000UL, 0x00f80000UL, 0x00980000UL, 0x00110000UL, 0x00690000UL, 0x00d90000UL, 0x008e0000UL, 0x00940000UL, -0x009b0000UL, 0x001e0000UL, 0x00870000UL, 0x00e90000UL, 0x00ce0000UL, 0x00550000UL, 0x00280000UL, 0x00df0000UL, -0x008c0000UL, 0x00a10000UL, 0x00890000UL, 0x000d0000UL, 0x00bf0000UL, 0x00e60000UL, 0x00420000UL, 0x00680000UL, -0x00410000UL, 0x00990000UL, 0x002d0000UL, 0x000f0000UL, 0x00b00000UL, 0x00540000UL, 0x00bb0000UL, 0x00160000UL -}; - -static const ulong32 Te4_3[] = { -0x63000000UL, 0x7c000000UL, 0x77000000UL, 0x7b000000UL, 0xf2000000UL, 0x6b000000UL, 0x6f000000UL, 0xc5000000UL, -0x30000000UL, 0x01000000UL, 0x67000000UL, 0x2b000000UL, 0xfe000000UL, 0xd7000000UL, 0xab000000UL, 0x76000000UL, -0xca000000UL, 0x82000000UL, 0xc9000000UL, 0x7d000000UL, 0xfa000000UL, 0x59000000UL, 0x47000000UL, 0xf0000000UL, -0xad000000UL, 0xd4000000UL, 0xa2000000UL, 0xaf000000UL, 0x9c000000UL, 0xa4000000UL, 0x72000000UL, 0xc0000000UL, -0xb7000000UL, 0xfd000000UL, 0x93000000UL, 0x26000000UL, 0x36000000UL, 0x3f000000UL, 0xf7000000UL, 0xcc000000UL, -0x34000000UL, 0xa5000000UL, 0xe5000000UL, 0xf1000000UL, 0x71000000UL, 0xd8000000UL, 0x31000000UL, 0x15000000UL, -0x04000000UL, 0xc7000000UL, 0x23000000UL, 0xc3000000UL, 0x18000000UL, 0x96000000UL, 0x05000000UL, 0x9a000000UL, -0x07000000UL, 0x12000000UL, 0x80000000UL, 0xe2000000UL, 0xeb000000UL, 0x27000000UL, 0xb2000000UL, 0x75000000UL, -0x09000000UL, 0x83000000UL, 0x2c000000UL, 0x1a000000UL, 0x1b000000UL, 0x6e000000UL, 0x5a000000UL, 0xa0000000UL, -0x52000000UL, 0x3b000000UL, 0xd6000000UL, 0xb3000000UL, 0x29000000UL, 0xe3000000UL, 0x2f000000UL, 0x84000000UL, -0x53000000UL, 0xd1000000UL, 0x00000000UL, 0xed000000UL, 0x20000000UL, 0xfc000000UL, 0xb1000000UL, 0x5b000000UL, -0x6a000000UL, 0xcb000000UL, 0xbe000000UL, 0x39000000UL, 0x4a000000UL, 0x4c000000UL, 0x58000000UL, 0xcf000000UL, -0xd0000000UL, 0xef000000UL, 0xaa000000UL, 0xfb000000UL, 0x43000000UL, 0x4d000000UL, 0x33000000UL, 0x85000000UL, -0x45000000UL, 0xf9000000UL, 0x02000000UL, 0x7f000000UL, 0x50000000UL, 0x3c000000UL, 0x9f000000UL, 0xa8000000UL, -0x51000000UL, 0xa3000000UL, 0x40000000UL, 0x8f000000UL, 0x92000000UL, 0x9d000000UL, 0x38000000UL, 0xf5000000UL, -0xbc000000UL, 0xb6000000UL, 0xda000000UL, 0x21000000UL, 0x10000000UL, 0xff000000UL, 0xf3000000UL, 0xd2000000UL, -0xcd000000UL, 0x0c000000UL, 0x13000000UL, 0xec000000UL, 0x5f000000UL, 0x97000000UL, 0x44000000UL, 0x17000000UL, -0xc4000000UL, 0xa7000000UL, 0x7e000000UL, 0x3d000000UL, 0x64000000UL, 0x5d000000UL, 0x19000000UL, 0x73000000UL, -0x60000000UL, 0x81000000UL, 0x4f000000UL, 0xdc000000UL, 0x22000000UL, 0x2a000000UL, 0x90000000UL, 0x88000000UL, -0x46000000UL, 0xee000000UL, 0xb8000000UL, 0x14000000UL, 0xde000000UL, 0x5e000000UL, 0x0b000000UL, 0xdb000000UL, -0xe0000000UL, 0x32000000UL, 0x3a000000UL, 0x0a000000UL, 0x49000000UL, 0x06000000UL, 0x24000000UL, 0x5c000000UL, -0xc2000000UL, 0xd3000000UL, 0xac000000UL, 0x62000000UL, 0x91000000UL, 0x95000000UL, 0xe4000000UL, 0x79000000UL, -0xe7000000UL, 0xc8000000UL, 0x37000000UL, 0x6d000000UL, 0x8d000000UL, 0xd5000000UL, 0x4e000000UL, 0xa9000000UL, -0x6c000000UL, 0x56000000UL, 0xf4000000UL, 0xea000000UL, 0x65000000UL, 0x7a000000UL, 0xae000000UL, 0x08000000UL, -0xba000000UL, 0x78000000UL, 0x25000000UL, 0x2e000000UL, 0x1c000000UL, 0xa6000000UL, 0xb4000000UL, 0xc6000000UL, -0xe8000000UL, 0xdd000000UL, 0x74000000UL, 0x1f000000UL, 0x4b000000UL, 0xbd000000UL, 0x8b000000UL, 0x8a000000UL, -0x70000000UL, 0x3e000000UL, 0xb5000000UL, 0x66000000UL, 0x48000000UL, 0x03000000UL, 0xf6000000UL, 0x0e000000UL, -0x61000000UL, 0x35000000UL, 0x57000000UL, 0xb9000000UL, 0x86000000UL, 0xc1000000UL, 0x1d000000UL, 0x9e000000UL, -0xe1000000UL, 0xf8000000UL, 0x98000000UL, 0x11000000UL, 0x69000000UL, 0xd9000000UL, 0x8e000000UL, 0x94000000UL, -0x9b000000UL, 0x1e000000UL, 0x87000000UL, 0xe9000000UL, 0xce000000UL, 0x55000000UL, 0x28000000UL, 0xdf000000UL, -0x8c000000UL, 0xa1000000UL, 0x89000000UL, 0x0d000000UL, 0xbf000000UL, 0xe6000000UL, 0x42000000UL, 0x68000000UL, -0x41000000UL, 0x99000000UL, 0x2d000000UL, 0x0f000000UL, 0xb0000000UL, 0x54000000UL, 0xbb000000UL, 0x16000000UL -}; -#endif /* pelimac */ - -#ifndef ENCRYPT_ONLY - -static const ulong32 TD1[256] = { - 0x5051f4a7UL, 0x537e4165UL, 0xc31a17a4UL, 0x963a275eUL, - 0xcb3bab6bUL, 0xf11f9d45UL, 0xabacfa58UL, 0x934be303UL, - 0x552030faUL, 0xf6ad766dUL, 0x9188cc76UL, 0x25f5024cUL, - 0xfc4fe5d7UL, 0xd7c52acbUL, 0x80263544UL, 0x8fb562a3UL, - 0x49deb15aUL, 0x6725ba1bUL, 0x9845ea0eUL, 0xe15dfec0UL, - 0x02c32f75UL, 0x12814cf0UL, 0xa38d4697UL, 0xc66bd3f9UL, - 0xe7038f5fUL, 0x9515929cUL, 0xebbf6d7aUL, 0xda955259UL, - 0x2dd4be83UL, 0xd3587421UL, 0x2949e069UL, 0x448ec9c8UL, - 0x6a75c289UL, 0x78f48e79UL, 0x6b99583eUL, 0xdd27b971UL, - 0xb6bee14fUL, 0x17f088adUL, 0x66c920acUL, 0xb47dce3aUL, - 0x1863df4aUL, 0x82e51a31UL, 0x60975133UL, 0x4562537fUL, - 0xe0b16477UL, 0x84bb6baeUL, 0x1cfe81a0UL, 0x94f9082bUL, - 0x58704868UL, 0x198f45fdUL, 0x8794de6cUL, 0xb7527bf8UL, - 0x23ab73d3UL, 0xe2724b02UL, 0x57e31f8fUL, 0x2a6655abUL, - 0x07b2eb28UL, 0x032fb5c2UL, 0x9a86c57bUL, 0xa5d33708UL, - 0xf2302887UL, 0xb223bfa5UL, 0xba02036aUL, 0x5ced1682UL, - 0x2b8acf1cUL, 0x92a779b4UL, 0xf0f307f2UL, 0xa14e69e2UL, - 0xcd65daf4UL, 0xd50605beUL, 0x1fd13462UL, 0x8ac4a6feUL, - 0x9d342e53UL, 0xa0a2f355UL, 0x32058ae1UL, 0x75a4f6ebUL, - 0x390b83ecUL, 0xaa4060efUL, 0x065e719fUL, 0x51bd6e10UL, - 0xf93e218aUL, 0x3d96dd06UL, 0xaedd3e05UL, 0x464de6bdUL, - 0xb591548dUL, 0x0571c45dUL, 0x6f0406d4UL, 0xff605015UL, - 0x241998fbUL, 0x97d6bde9UL, 0xcc894043UL, 0x7767d99eUL, - 0xbdb0e842UL, 0x8807898bUL, 0x38e7195bUL, 0xdb79c8eeUL, - 0x47a17c0aUL, 0xe97c420fUL, 0xc9f8841eUL, 0x00000000UL, - 0x83098086UL, 0x48322bedUL, 0xac1e1170UL, 0x4e6c5a72UL, - 0xfbfd0effUL, 0x560f8538UL, 0x1e3daed5UL, 0x27362d39UL, - 0x640a0fd9UL, 0x21685ca6UL, 0xd19b5b54UL, 0x3a24362eUL, - 0xb10c0a67UL, 0x0f9357e7UL, 0xd2b4ee96UL, 0x9e1b9b91UL, - 0x4f80c0c5UL, 0xa261dc20UL, 0x695a774bUL, 0x161c121aUL, - 0x0ae293baUL, 0xe5c0a02aUL, 0x433c22e0UL, 0x1d121b17UL, - 0x0b0e090dUL, 0xadf28bc7UL, 0xb92db6a8UL, 0xc8141ea9UL, - 0x8557f119UL, 0x4caf7507UL, 0xbbee99ddUL, 0xfda37f60UL, - 0x9ff70126UL, 0xbc5c72f5UL, 0xc544663bUL, 0x345bfb7eUL, - 0x768b4329UL, 0xdccb23c6UL, 0x68b6edfcUL, 0x63b8e4f1UL, - 0xcad731dcUL, 0x10426385UL, 0x40139722UL, 0x2084c611UL, - 0x7d854a24UL, 0xf8d2bb3dUL, 0x11aef932UL, 0x6dc729a1UL, - 0x4b1d9e2fUL, 0xf3dcb230UL, 0xec0d8652UL, 0xd077c1e3UL, - 0x6c2bb316UL, 0x99a970b9UL, 0xfa119448UL, 0x2247e964UL, - 0xc4a8fc8cUL, 0x1aa0f03fUL, 0xd8567d2cUL, 0xef223390UL, - 0xc787494eUL, 0xc1d938d1UL, 0xfe8ccaa2UL, 0x3698d40bUL, - 0xcfa6f581UL, 0x28a57adeUL, 0x26dab78eUL, 0xa43fadbfUL, - 0xe42c3a9dUL, 0x0d507892UL, 0x9b6a5fccUL, 0x62547e46UL, - 0xc2f68d13UL, 0xe890d8b8UL, 0x5e2e39f7UL, 0xf582c3afUL, - 0xbe9f5d80UL, 0x7c69d093UL, 0xa96fd52dUL, 0xb3cf2512UL, - 0x3bc8ac99UL, 0xa710187dUL, 0x6ee89c63UL, 0x7bdb3bbbUL, - 0x09cd2678UL, 0xf46e5918UL, 0x01ec9ab7UL, 0xa8834f9aUL, - 0x65e6956eUL, 0x7eaaffe6UL, 0x0821bccfUL, 0xe6ef15e8UL, - 0xd9bae79bUL, 0xce4a6f36UL, 0xd4ea9f09UL, 0xd629b07cUL, - 0xaf31a4b2UL, 0x312a3f23UL, 0x30c6a594UL, 0xc035a266UL, - 0x37744ebcUL, 0xa6fc82caUL, 0xb0e090d0UL, 0x1533a7d8UL, - 0x4af10498UL, 0xf741ecdaUL, 0x0e7fcd50UL, 0x2f1791f6UL, - 0x8d764dd6UL, 0x4d43efb0UL, 0x54ccaa4dUL, 0xdfe49604UL, - 0xe39ed1b5UL, 0x1b4c6a88UL, 0xb8c12c1fUL, 0x7f466551UL, - 0x049d5eeaUL, 0x5d018c35UL, 0x73fa8774UL, 0x2efb0b41UL, - 0x5ab3671dUL, 0x5292dbd2UL, 0x33e91056UL, 0x136dd647UL, - 0x8c9ad761UL, 0x7a37a10cUL, 0x8e59f814UL, 0x89eb133cUL, - 0xeecea927UL, 0x35b761c9UL, 0xede11ce5UL, 0x3c7a47b1UL, - 0x599cd2dfUL, 0x3f55f273UL, 0x791814ceUL, 0xbf73c737UL, - 0xea53f7cdUL, 0x5b5ffdaaUL, 0x14df3d6fUL, 0x867844dbUL, - 0x81caaff3UL, 0x3eb968c4UL, 0x2c382434UL, 0x5fc2a340UL, - 0x72161dc3UL, 0x0cbce225UL, 0x8b283c49UL, 0x41ff0d95UL, - 0x7139a801UL, 0xde080cb3UL, 0x9cd8b4e4UL, 0x906456c1UL, - 0x617bcb84UL, 0x70d532b6UL, 0x74486c5cUL, 0x42d0b857UL, -}; -static const ulong32 TD2[256] = { - 0xa75051f4UL, 0x65537e41UL, 0xa4c31a17UL, 0x5e963a27UL, - 0x6bcb3babUL, 0x45f11f9dUL, 0x58abacfaUL, 0x03934be3UL, - 0xfa552030UL, 0x6df6ad76UL, 0x769188ccUL, 0x4c25f502UL, - 0xd7fc4fe5UL, 0xcbd7c52aUL, 0x44802635UL, 0xa38fb562UL, - 0x5a49deb1UL, 0x1b6725baUL, 0x0e9845eaUL, 0xc0e15dfeUL, - 0x7502c32fUL, 0xf012814cUL, 0x97a38d46UL, 0xf9c66bd3UL, - 0x5fe7038fUL, 0x9c951592UL, 0x7aebbf6dUL, 0x59da9552UL, - 0x832dd4beUL, 0x21d35874UL, 0x692949e0UL, 0xc8448ec9UL, - 0x896a75c2UL, 0x7978f48eUL, 0x3e6b9958UL, 0x71dd27b9UL, - 0x4fb6bee1UL, 0xad17f088UL, 0xac66c920UL, 0x3ab47dceUL, - 0x4a1863dfUL, 0x3182e51aUL, 0x33609751UL, 0x7f456253UL, - 0x77e0b164UL, 0xae84bb6bUL, 0xa01cfe81UL, 0x2b94f908UL, - 0x68587048UL, 0xfd198f45UL, 0x6c8794deUL, 0xf8b7527bUL, - 0xd323ab73UL, 0x02e2724bUL, 0x8f57e31fUL, 0xab2a6655UL, - 0x2807b2ebUL, 0xc2032fb5UL, 0x7b9a86c5UL, 0x08a5d337UL, - 0x87f23028UL, 0xa5b223bfUL, 0x6aba0203UL, 0x825ced16UL, - 0x1c2b8acfUL, 0xb492a779UL, 0xf2f0f307UL, 0xe2a14e69UL, - 0xf4cd65daUL, 0xbed50605UL, 0x621fd134UL, 0xfe8ac4a6UL, - 0x539d342eUL, 0x55a0a2f3UL, 0xe132058aUL, 0xeb75a4f6UL, - 0xec390b83UL, 0xefaa4060UL, 0x9f065e71UL, 0x1051bd6eUL, - 0x8af93e21UL, 0x063d96ddUL, 0x05aedd3eUL, 0xbd464de6UL, - 0x8db59154UL, 0x5d0571c4UL, 0xd46f0406UL, 0x15ff6050UL, - 0xfb241998UL, 0xe997d6bdUL, 0x43cc8940UL, 0x9e7767d9UL, - 0x42bdb0e8UL, 0x8b880789UL, 0x5b38e719UL, 0xeedb79c8UL, - 0x0a47a17cUL, 0x0fe97c42UL, 0x1ec9f884UL, 0x00000000UL, - 0x86830980UL, 0xed48322bUL, 0x70ac1e11UL, 0x724e6c5aUL, - 0xfffbfd0eUL, 0x38560f85UL, 0xd51e3daeUL, 0x3927362dUL, - 0xd9640a0fUL, 0xa621685cUL, 0x54d19b5bUL, 0x2e3a2436UL, - 0x67b10c0aUL, 0xe70f9357UL, 0x96d2b4eeUL, 0x919e1b9bUL, - 0xc54f80c0UL, 0x20a261dcUL, 0x4b695a77UL, 0x1a161c12UL, - 0xba0ae293UL, 0x2ae5c0a0UL, 0xe0433c22UL, 0x171d121bUL, - 0x0d0b0e09UL, 0xc7adf28bUL, 0xa8b92db6UL, 0xa9c8141eUL, - 0x198557f1UL, 0x074caf75UL, 0xddbbee99UL, 0x60fda37fUL, - 0x269ff701UL, 0xf5bc5c72UL, 0x3bc54466UL, 0x7e345bfbUL, - 0x29768b43UL, 0xc6dccb23UL, 0xfc68b6edUL, 0xf163b8e4UL, - 0xdccad731UL, 0x85104263UL, 0x22401397UL, 0x112084c6UL, - 0x247d854aUL, 0x3df8d2bbUL, 0x3211aef9UL, 0xa16dc729UL, - 0x2f4b1d9eUL, 0x30f3dcb2UL, 0x52ec0d86UL, 0xe3d077c1UL, - 0x166c2bb3UL, 0xb999a970UL, 0x48fa1194UL, 0x642247e9UL, - 0x8cc4a8fcUL, 0x3f1aa0f0UL, 0x2cd8567dUL, 0x90ef2233UL, - 0x4ec78749UL, 0xd1c1d938UL, 0xa2fe8ccaUL, 0x0b3698d4UL, - 0x81cfa6f5UL, 0xde28a57aUL, 0x8e26dab7UL, 0xbfa43fadUL, - 0x9de42c3aUL, 0x920d5078UL, 0xcc9b6a5fUL, 0x4662547eUL, - 0x13c2f68dUL, 0xb8e890d8UL, 0xf75e2e39UL, 0xaff582c3UL, - 0x80be9f5dUL, 0x937c69d0UL, 0x2da96fd5UL, 0x12b3cf25UL, - 0x993bc8acUL, 0x7da71018UL, 0x636ee89cUL, 0xbb7bdb3bUL, - 0x7809cd26UL, 0x18f46e59UL, 0xb701ec9aUL, 0x9aa8834fUL, - 0x6e65e695UL, 0xe67eaaffUL, 0xcf0821bcUL, 0xe8e6ef15UL, - 0x9bd9bae7UL, 0x36ce4a6fUL, 0x09d4ea9fUL, 0x7cd629b0UL, - 0xb2af31a4UL, 0x23312a3fUL, 0x9430c6a5UL, 0x66c035a2UL, - 0xbc37744eUL, 0xcaa6fc82UL, 0xd0b0e090UL, 0xd81533a7UL, - 0x984af104UL, 0xdaf741ecUL, 0x500e7fcdUL, 0xf62f1791UL, - 0xd68d764dUL, 0xb04d43efUL, 0x4d54ccaaUL, 0x04dfe496UL, - 0xb5e39ed1UL, 0x881b4c6aUL, 0x1fb8c12cUL, 0x517f4665UL, - 0xea049d5eUL, 0x355d018cUL, 0x7473fa87UL, 0x412efb0bUL, - 0x1d5ab367UL, 0xd25292dbUL, 0x5633e910UL, 0x47136dd6UL, - 0x618c9ad7UL, 0x0c7a37a1UL, 0x148e59f8UL, 0x3c89eb13UL, - 0x27eecea9UL, 0xc935b761UL, 0xe5ede11cUL, 0xb13c7a47UL, - 0xdf599cd2UL, 0x733f55f2UL, 0xce791814UL, 0x37bf73c7UL, - 0xcdea53f7UL, 0xaa5b5ffdUL, 0x6f14df3dUL, 0xdb867844UL, - 0xf381caafUL, 0xc43eb968UL, 0x342c3824UL, 0x405fc2a3UL, - 0xc372161dUL, 0x250cbce2UL, 0x498b283cUL, 0x9541ff0dUL, - 0x017139a8UL, 0xb3de080cUL, 0xe49cd8b4UL, 0xc1906456UL, - 0x84617bcbUL, 0xb670d532UL, 0x5c74486cUL, 0x5742d0b8UL, -}; -static const ulong32 TD3[256] = { - 0xf4a75051UL, 0x4165537eUL, 0x17a4c31aUL, 0x275e963aUL, - 0xab6bcb3bUL, 0x9d45f11fUL, 0xfa58abacUL, 0xe303934bUL, - 0x30fa5520UL, 0x766df6adUL, 0xcc769188UL, 0x024c25f5UL, - 0xe5d7fc4fUL, 0x2acbd7c5UL, 0x35448026UL, 0x62a38fb5UL, - 0xb15a49deUL, 0xba1b6725UL, 0xea0e9845UL, 0xfec0e15dUL, - 0x2f7502c3UL, 0x4cf01281UL, 0x4697a38dUL, 0xd3f9c66bUL, - 0x8f5fe703UL, 0x929c9515UL, 0x6d7aebbfUL, 0x5259da95UL, - 0xbe832dd4UL, 0x7421d358UL, 0xe0692949UL, 0xc9c8448eUL, - 0xc2896a75UL, 0x8e7978f4UL, 0x583e6b99UL, 0xb971dd27UL, - 0xe14fb6beUL, 0x88ad17f0UL, 0x20ac66c9UL, 0xce3ab47dUL, - 0xdf4a1863UL, 0x1a3182e5UL, 0x51336097UL, 0x537f4562UL, - 0x6477e0b1UL, 0x6bae84bbUL, 0x81a01cfeUL, 0x082b94f9UL, - 0x48685870UL, 0x45fd198fUL, 0xde6c8794UL, 0x7bf8b752UL, - 0x73d323abUL, 0x4b02e272UL, 0x1f8f57e3UL, 0x55ab2a66UL, - 0xeb2807b2UL, 0xb5c2032fUL, 0xc57b9a86UL, 0x3708a5d3UL, - 0x2887f230UL, 0xbfa5b223UL, 0x036aba02UL, 0x16825cedUL, - 0xcf1c2b8aUL, 0x79b492a7UL, 0x07f2f0f3UL, 0x69e2a14eUL, - 0xdaf4cd65UL, 0x05bed506UL, 0x34621fd1UL, 0xa6fe8ac4UL, - 0x2e539d34UL, 0xf355a0a2UL, 0x8ae13205UL, 0xf6eb75a4UL, - 0x83ec390bUL, 0x60efaa40UL, 0x719f065eUL, 0x6e1051bdUL, - 0x218af93eUL, 0xdd063d96UL, 0x3e05aeddUL, 0xe6bd464dUL, - 0x548db591UL, 0xc45d0571UL, 0x06d46f04UL, 0x5015ff60UL, - 0x98fb2419UL, 0xbde997d6UL, 0x4043cc89UL, 0xd99e7767UL, - 0xe842bdb0UL, 0x898b8807UL, 0x195b38e7UL, 0xc8eedb79UL, - 0x7c0a47a1UL, 0x420fe97cUL, 0x841ec9f8UL, 0x00000000UL, - 0x80868309UL, 0x2bed4832UL, 0x1170ac1eUL, 0x5a724e6cUL, - 0x0efffbfdUL, 0x8538560fUL, 0xaed51e3dUL, 0x2d392736UL, - 0x0fd9640aUL, 0x5ca62168UL, 0x5b54d19bUL, 0x362e3a24UL, - 0x0a67b10cUL, 0x57e70f93UL, 0xee96d2b4UL, 0x9b919e1bUL, - 0xc0c54f80UL, 0xdc20a261UL, 0x774b695aUL, 0x121a161cUL, - 0x93ba0ae2UL, 0xa02ae5c0UL, 0x22e0433cUL, 0x1b171d12UL, - 0x090d0b0eUL, 0x8bc7adf2UL, 0xb6a8b92dUL, 0x1ea9c814UL, - 0xf1198557UL, 0x75074cafUL, 0x99ddbbeeUL, 0x7f60fda3UL, - 0x01269ff7UL, 0x72f5bc5cUL, 0x663bc544UL, 0xfb7e345bUL, - 0x4329768bUL, 0x23c6dccbUL, 0xedfc68b6UL, 0xe4f163b8UL, - 0x31dccad7UL, 0x63851042UL, 0x97224013UL, 0xc6112084UL, - 0x4a247d85UL, 0xbb3df8d2UL, 0xf93211aeUL, 0x29a16dc7UL, - 0x9e2f4b1dUL, 0xb230f3dcUL, 0x8652ec0dUL, 0xc1e3d077UL, - 0xb3166c2bUL, 0x70b999a9UL, 0x9448fa11UL, 0xe9642247UL, - 0xfc8cc4a8UL, 0xf03f1aa0UL, 0x7d2cd856UL, 0x3390ef22UL, - 0x494ec787UL, 0x38d1c1d9UL, 0xcaa2fe8cUL, 0xd40b3698UL, - 0xf581cfa6UL, 0x7ade28a5UL, 0xb78e26daUL, 0xadbfa43fUL, - 0x3a9de42cUL, 0x78920d50UL, 0x5fcc9b6aUL, 0x7e466254UL, - 0x8d13c2f6UL, 0xd8b8e890UL, 0x39f75e2eUL, 0xc3aff582UL, - 0x5d80be9fUL, 0xd0937c69UL, 0xd52da96fUL, 0x2512b3cfUL, - 0xac993bc8UL, 0x187da710UL, 0x9c636ee8UL, 0x3bbb7bdbUL, - 0x267809cdUL, 0x5918f46eUL, 0x9ab701ecUL, 0x4f9aa883UL, - 0x956e65e6UL, 0xffe67eaaUL, 0xbccf0821UL, 0x15e8e6efUL, - 0xe79bd9baUL, 0x6f36ce4aUL, 0x9f09d4eaUL, 0xb07cd629UL, - 0xa4b2af31UL, 0x3f23312aUL, 0xa59430c6UL, 0xa266c035UL, - 0x4ebc3774UL, 0x82caa6fcUL, 0x90d0b0e0UL, 0xa7d81533UL, - 0x04984af1UL, 0xecdaf741UL, 0xcd500e7fUL, 0x91f62f17UL, - 0x4dd68d76UL, 0xefb04d43UL, 0xaa4d54ccUL, 0x9604dfe4UL, - 0xd1b5e39eUL, 0x6a881b4cUL, 0x2c1fb8c1UL, 0x65517f46UL, - 0x5eea049dUL, 0x8c355d01UL, 0x877473faUL, 0x0b412efbUL, - 0x671d5ab3UL, 0xdbd25292UL, 0x105633e9UL, 0xd647136dUL, - 0xd7618c9aUL, 0xa10c7a37UL, 0xf8148e59UL, 0x133c89ebUL, - 0xa927eeceUL, 0x61c935b7UL, 0x1ce5ede1UL, 0x47b13c7aUL, - 0xd2df599cUL, 0xf2733f55UL, 0x14ce7918UL, 0xc737bf73UL, - 0xf7cdea53UL, 0xfdaa5b5fUL, 0x3d6f14dfUL, 0x44db8678UL, - 0xaff381caUL, 0x68c43eb9UL, 0x24342c38UL, 0xa3405fc2UL, - 0x1dc37216UL, 0xe2250cbcUL, 0x3c498b28UL, 0x0d9541ffUL, - 0xa8017139UL, 0x0cb3de08UL, 0xb4e49cd8UL, 0x56c19064UL, - 0xcb84617bUL, 0x32b670d5UL, 0x6c5c7448UL, 0xb85742d0UL, -}; - -static const ulong32 Tks0[] = { -0x00000000UL, 0x0e090d0bUL, 0x1c121a16UL, 0x121b171dUL, 0x3824342cUL, 0x362d3927UL, 0x24362e3aUL, 0x2a3f2331UL, -0x70486858UL, 0x7e416553UL, 0x6c5a724eUL, 0x62537f45UL, 0x486c5c74UL, 0x4665517fUL, 0x547e4662UL, 0x5a774b69UL, -0xe090d0b0UL, 0xee99ddbbUL, 0xfc82caa6UL, 0xf28bc7adUL, 0xd8b4e49cUL, 0xd6bde997UL, 0xc4a6fe8aUL, 0xcaaff381UL, -0x90d8b8e8UL, 0x9ed1b5e3UL, 0x8ccaa2feUL, 0x82c3aff5UL, 0xa8fc8cc4UL, 0xa6f581cfUL, 0xb4ee96d2UL, 0xbae79bd9UL, -0xdb3bbb7bUL, 0xd532b670UL, 0xc729a16dUL, 0xc920ac66UL, 0xe31f8f57UL, 0xed16825cUL, 0xff0d9541UL, 0xf104984aUL, -0xab73d323UL, 0xa57ade28UL, 0xb761c935UL, 0xb968c43eUL, 0x9357e70fUL, 0x9d5eea04UL, 0x8f45fd19UL, 0x814cf012UL, -0x3bab6bcbUL, 0x35a266c0UL, 0x27b971ddUL, 0x29b07cd6UL, 0x038f5fe7UL, 0x0d8652ecUL, 0x1f9d45f1UL, 0x119448faUL, -0x4be30393UL, 0x45ea0e98UL, 0x57f11985UL, 0x59f8148eUL, 0x73c737bfUL, 0x7dce3ab4UL, 0x6fd52da9UL, 0x61dc20a2UL, -0xad766df6UL, 0xa37f60fdUL, 0xb16477e0UL, 0xbf6d7aebUL, 0x955259daUL, 0x9b5b54d1UL, 0x894043ccUL, 0x87494ec7UL, -0xdd3e05aeUL, 0xd33708a5UL, 0xc12c1fb8UL, 0xcf2512b3UL, 0xe51a3182UL, 0xeb133c89UL, 0xf9082b94UL, 0xf701269fUL, -0x4de6bd46UL, 0x43efb04dUL, 0x51f4a750UL, 0x5ffdaa5bUL, 0x75c2896aUL, 0x7bcb8461UL, 0x69d0937cUL, 0x67d99e77UL, -0x3daed51eUL, 0x33a7d815UL, 0x21bccf08UL, 0x2fb5c203UL, 0x058ae132UL, 0x0b83ec39UL, 0x1998fb24UL, 0x1791f62fUL, -0x764dd68dUL, 0x7844db86UL, 0x6a5fcc9bUL, 0x6456c190UL, 0x4e69e2a1UL, 0x4060efaaUL, 0x527bf8b7UL, 0x5c72f5bcUL, -0x0605bed5UL, 0x080cb3deUL, 0x1a17a4c3UL, 0x141ea9c8UL, 0x3e218af9UL, 0x302887f2UL, 0x223390efUL, 0x2c3a9de4UL, -0x96dd063dUL, 0x98d40b36UL, 0x8acf1c2bUL, 0x84c61120UL, 0xaef93211UL, 0xa0f03f1aUL, 0xb2eb2807UL, 0xbce2250cUL, -0xe6956e65UL, 0xe89c636eUL, 0xfa877473UL, 0xf48e7978UL, 0xdeb15a49UL, 0xd0b85742UL, 0xc2a3405fUL, 0xccaa4d54UL, -0x41ecdaf7UL, 0x4fe5d7fcUL, 0x5dfec0e1UL, 0x53f7cdeaUL, 0x79c8eedbUL, 0x77c1e3d0UL, 0x65daf4cdUL, 0x6bd3f9c6UL, -0x31a4b2afUL, 0x3fadbfa4UL, 0x2db6a8b9UL, 0x23bfa5b2UL, 0x09808683UL, 0x07898b88UL, 0x15929c95UL, 0x1b9b919eUL, -0xa17c0a47UL, 0xaf75074cUL, 0xbd6e1051UL, 0xb3671d5aUL, 0x99583e6bUL, 0x97513360UL, 0x854a247dUL, 0x8b432976UL, -0xd134621fUL, 0xdf3d6f14UL, 0xcd267809UL, 0xc32f7502UL, 0xe9105633UL, 0xe7195b38UL, 0xf5024c25UL, 0xfb0b412eUL, -0x9ad7618cUL, 0x94de6c87UL, 0x86c57b9aUL, 0x88cc7691UL, 0xa2f355a0UL, 0xacfa58abUL, 0xbee14fb6UL, 0xb0e842bdUL, -0xea9f09d4UL, 0xe49604dfUL, 0xf68d13c2UL, 0xf8841ec9UL, 0xd2bb3df8UL, 0xdcb230f3UL, 0xcea927eeUL, 0xc0a02ae5UL, -0x7a47b13cUL, 0x744ebc37UL, 0x6655ab2aUL, 0x685ca621UL, 0x42638510UL, 0x4c6a881bUL, 0x5e719f06UL, 0x5078920dUL, -0x0a0fd964UL, 0x0406d46fUL, 0x161dc372UL, 0x1814ce79UL, 0x322bed48UL, 0x3c22e043UL, 0x2e39f75eUL, 0x2030fa55UL, -0xec9ab701UL, 0xe293ba0aUL, 0xf088ad17UL, 0xfe81a01cUL, 0xd4be832dUL, 0xdab78e26UL, 0xc8ac993bUL, 0xc6a59430UL, -0x9cd2df59UL, 0x92dbd252UL, 0x80c0c54fUL, 0x8ec9c844UL, 0xa4f6eb75UL, 0xaaffe67eUL, 0xb8e4f163UL, 0xb6edfc68UL, -0x0c0a67b1UL, 0x02036abaUL, 0x10187da7UL, 0x1e1170acUL, 0x342e539dUL, 0x3a275e96UL, 0x283c498bUL, 0x26354480UL, -0x7c420fe9UL, 0x724b02e2UL, 0x605015ffUL, 0x6e5918f4UL, 0x44663bc5UL, 0x4a6f36ceUL, 0x587421d3UL, 0x567d2cd8UL, -0x37a10c7aUL, 0x39a80171UL, 0x2bb3166cUL, 0x25ba1b67UL, 0x0f853856UL, 0x018c355dUL, 0x13972240UL, 0x1d9e2f4bUL, -0x47e96422UL, 0x49e06929UL, 0x5bfb7e34UL, 0x55f2733fUL, 0x7fcd500eUL, 0x71c45d05UL, 0x63df4a18UL, 0x6dd64713UL, -0xd731dccaUL, 0xd938d1c1UL, 0xcb23c6dcUL, 0xc52acbd7UL, 0xef15e8e6UL, 0xe11ce5edUL, 0xf307f2f0UL, 0xfd0efffbUL, -0xa779b492UL, 0xa970b999UL, 0xbb6bae84UL, 0xb562a38fUL, 0x9f5d80beUL, 0x91548db5UL, 0x834f9aa8UL, 0x8d4697a3UL -}; - -static const ulong32 Tks1[] = { -0x00000000UL, 0x0b0e090dUL, 0x161c121aUL, 0x1d121b17UL, 0x2c382434UL, 0x27362d39UL, 0x3a24362eUL, 0x312a3f23UL, -0x58704868UL, 0x537e4165UL, 0x4e6c5a72UL, 0x4562537fUL, 0x74486c5cUL, 0x7f466551UL, 0x62547e46UL, 0x695a774bUL, -0xb0e090d0UL, 0xbbee99ddUL, 0xa6fc82caUL, 0xadf28bc7UL, 0x9cd8b4e4UL, 0x97d6bde9UL, 0x8ac4a6feUL, 0x81caaff3UL, -0xe890d8b8UL, 0xe39ed1b5UL, 0xfe8ccaa2UL, 0xf582c3afUL, 0xc4a8fc8cUL, 0xcfa6f581UL, 0xd2b4ee96UL, 0xd9bae79bUL, -0x7bdb3bbbUL, 0x70d532b6UL, 0x6dc729a1UL, 0x66c920acUL, 0x57e31f8fUL, 0x5ced1682UL, 0x41ff0d95UL, 0x4af10498UL, -0x23ab73d3UL, 0x28a57adeUL, 0x35b761c9UL, 0x3eb968c4UL, 0x0f9357e7UL, 0x049d5eeaUL, 0x198f45fdUL, 0x12814cf0UL, -0xcb3bab6bUL, 0xc035a266UL, 0xdd27b971UL, 0xd629b07cUL, 0xe7038f5fUL, 0xec0d8652UL, 0xf11f9d45UL, 0xfa119448UL, -0x934be303UL, 0x9845ea0eUL, 0x8557f119UL, 0x8e59f814UL, 0xbf73c737UL, 0xb47dce3aUL, 0xa96fd52dUL, 0xa261dc20UL, -0xf6ad766dUL, 0xfda37f60UL, 0xe0b16477UL, 0xebbf6d7aUL, 0xda955259UL, 0xd19b5b54UL, 0xcc894043UL, 0xc787494eUL, -0xaedd3e05UL, 0xa5d33708UL, 0xb8c12c1fUL, 0xb3cf2512UL, 0x82e51a31UL, 0x89eb133cUL, 0x94f9082bUL, 0x9ff70126UL, -0x464de6bdUL, 0x4d43efb0UL, 0x5051f4a7UL, 0x5b5ffdaaUL, 0x6a75c289UL, 0x617bcb84UL, 0x7c69d093UL, 0x7767d99eUL, -0x1e3daed5UL, 0x1533a7d8UL, 0x0821bccfUL, 0x032fb5c2UL, 0x32058ae1UL, 0x390b83ecUL, 0x241998fbUL, 0x2f1791f6UL, -0x8d764dd6UL, 0x867844dbUL, 0x9b6a5fccUL, 0x906456c1UL, 0xa14e69e2UL, 0xaa4060efUL, 0xb7527bf8UL, 0xbc5c72f5UL, -0xd50605beUL, 0xde080cb3UL, 0xc31a17a4UL, 0xc8141ea9UL, 0xf93e218aUL, 0xf2302887UL, 0xef223390UL, 0xe42c3a9dUL, -0x3d96dd06UL, 0x3698d40bUL, 0x2b8acf1cUL, 0x2084c611UL, 0x11aef932UL, 0x1aa0f03fUL, 0x07b2eb28UL, 0x0cbce225UL, -0x65e6956eUL, 0x6ee89c63UL, 0x73fa8774UL, 0x78f48e79UL, 0x49deb15aUL, 0x42d0b857UL, 0x5fc2a340UL, 0x54ccaa4dUL, -0xf741ecdaUL, 0xfc4fe5d7UL, 0xe15dfec0UL, 0xea53f7cdUL, 0xdb79c8eeUL, 0xd077c1e3UL, 0xcd65daf4UL, 0xc66bd3f9UL, -0xaf31a4b2UL, 0xa43fadbfUL, 0xb92db6a8UL, 0xb223bfa5UL, 0x83098086UL, 0x8807898bUL, 0x9515929cUL, 0x9e1b9b91UL, -0x47a17c0aUL, 0x4caf7507UL, 0x51bd6e10UL, 0x5ab3671dUL, 0x6b99583eUL, 0x60975133UL, 0x7d854a24UL, 0x768b4329UL, -0x1fd13462UL, 0x14df3d6fUL, 0x09cd2678UL, 0x02c32f75UL, 0x33e91056UL, 0x38e7195bUL, 0x25f5024cUL, 0x2efb0b41UL, -0x8c9ad761UL, 0x8794de6cUL, 0x9a86c57bUL, 0x9188cc76UL, 0xa0a2f355UL, 0xabacfa58UL, 0xb6bee14fUL, 0xbdb0e842UL, -0xd4ea9f09UL, 0xdfe49604UL, 0xc2f68d13UL, 0xc9f8841eUL, 0xf8d2bb3dUL, 0xf3dcb230UL, 0xeecea927UL, 0xe5c0a02aUL, -0x3c7a47b1UL, 0x37744ebcUL, 0x2a6655abUL, 0x21685ca6UL, 0x10426385UL, 0x1b4c6a88UL, 0x065e719fUL, 0x0d507892UL, -0x640a0fd9UL, 0x6f0406d4UL, 0x72161dc3UL, 0x791814ceUL, 0x48322bedUL, 0x433c22e0UL, 0x5e2e39f7UL, 0x552030faUL, -0x01ec9ab7UL, 0x0ae293baUL, 0x17f088adUL, 0x1cfe81a0UL, 0x2dd4be83UL, 0x26dab78eUL, 0x3bc8ac99UL, 0x30c6a594UL, -0x599cd2dfUL, 0x5292dbd2UL, 0x4f80c0c5UL, 0x448ec9c8UL, 0x75a4f6ebUL, 0x7eaaffe6UL, 0x63b8e4f1UL, 0x68b6edfcUL, -0xb10c0a67UL, 0xba02036aUL, 0xa710187dUL, 0xac1e1170UL, 0x9d342e53UL, 0x963a275eUL, 0x8b283c49UL, 0x80263544UL, -0xe97c420fUL, 0xe2724b02UL, 0xff605015UL, 0xf46e5918UL, 0xc544663bUL, 0xce4a6f36UL, 0xd3587421UL, 0xd8567d2cUL, -0x7a37a10cUL, 0x7139a801UL, 0x6c2bb316UL, 0x6725ba1bUL, 0x560f8538UL, 0x5d018c35UL, 0x40139722UL, 0x4b1d9e2fUL, -0x2247e964UL, 0x2949e069UL, 0x345bfb7eUL, 0x3f55f273UL, 0x0e7fcd50UL, 0x0571c45dUL, 0x1863df4aUL, 0x136dd647UL, -0xcad731dcUL, 0xc1d938d1UL, 0xdccb23c6UL, 0xd7c52acbUL, 0xe6ef15e8UL, 0xede11ce5UL, 0xf0f307f2UL, 0xfbfd0effUL, -0x92a779b4UL, 0x99a970b9UL, 0x84bb6baeUL, 0x8fb562a3UL, 0xbe9f5d80UL, 0xb591548dUL, 0xa8834f9aUL, 0xa38d4697UL -}; - -static const ulong32 Tks2[] = { -0x00000000UL, 0x0d0b0e09UL, 0x1a161c12UL, 0x171d121bUL, 0x342c3824UL, 0x3927362dUL, 0x2e3a2436UL, 0x23312a3fUL, -0x68587048UL, 0x65537e41UL, 0x724e6c5aUL, 0x7f456253UL, 0x5c74486cUL, 0x517f4665UL, 0x4662547eUL, 0x4b695a77UL, -0xd0b0e090UL, 0xddbbee99UL, 0xcaa6fc82UL, 0xc7adf28bUL, 0xe49cd8b4UL, 0xe997d6bdUL, 0xfe8ac4a6UL, 0xf381caafUL, -0xb8e890d8UL, 0xb5e39ed1UL, 0xa2fe8ccaUL, 0xaff582c3UL, 0x8cc4a8fcUL, 0x81cfa6f5UL, 0x96d2b4eeUL, 0x9bd9bae7UL, -0xbb7bdb3bUL, 0xb670d532UL, 0xa16dc729UL, 0xac66c920UL, 0x8f57e31fUL, 0x825ced16UL, 0x9541ff0dUL, 0x984af104UL, -0xd323ab73UL, 0xde28a57aUL, 0xc935b761UL, 0xc43eb968UL, 0xe70f9357UL, 0xea049d5eUL, 0xfd198f45UL, 0xf012814cUL, -0x6bcb3babUL, 0x66c035a2UL, 0x71dd27b9UL, 0x7cd629b0UL, 0x5fe7038fUL, 0x52ec0d86UL, 0x45f11f9dUL, 0x48fa1194UL, -0x03934be3UL, 0x0e9845eaUL, 0x198557f1UL, 0x148e59f8UL, 0x37bf73c7UL, 0x3ab47dceUL, 0x2da96fd5UL, 0x20a261dcUL, -0x6df6ad76UL, 0x60fda37fUL, 0x77e0b164UL, 0x7aebbf6dUL, 0x59da9552UL, 0x54d19b5bUL, 0x43cc8940UL, 0x4ec78749UL, -0x05aedd3eUL, 0x08a5d337UL, 0x1fb8c12cUL, 0x12b3cf25UL, 0x3182e51aUL, 0x3c89eb13UL, 0x2b94f908UL, 0x269ff701UL, -0xbd464de6UL, 0xb04d43efUL, 0xa75051f4UL, 0xaa5b5ffdUL, 0x896a75c2UL, 0x84617bcbUL, 0x937c69d0UL, 0x9e7767d9UL, -0xd51e3daeUL, 0xd81533a7UL, 0xcf0821bcUL, 0xc2032fb5UL, 0xe132058aUL, 0xec390b83UL, 0xfb241998UL, 0xf62f1791UL, -0xd68d764dUL, 0xdb867844UL, 0xcc9b6a5fUL, 0xc1906456UL, 0xe2a14e69UL, 0xefaa4060UL, 0xf8b7527bUL, 0xf5bc5c72UL, -0xbed50605UL, 0xb3de080cUL, 0xa4c31a17UL, 0xa9c8141eUL, 0x8af93e21UL, 0x87f23028UL, 0x90ef2233UL, 0x9de42c3aUL, -0x063d96ddUL, 0x0b3698d4UL, 0x1c2b8acfUL, 0x112084c6UL, 0x3211aef9UL, 0x3f1aa0f0UL, 0x2807b2ebUL, 0x250cbce2UL, -0x6e65e695UL, 0x636ee89cUL, 0x7473fa87UL, 0x7978f48eUL, 0x5a49deb1UL, 0x5742d0b8UL, 0x405fc2a3UL, 0x4d54ccaaUL, -0xdaf741ecUL, 0xd7fc4fe5UL, 0xc0e15dfeUL, 0xcdea53f7UL, 0xeedb79c8UL, 0xe3d077c1UL, 0xf4cd65daUL, 0xf9c66bd3UL, -0xb2af31a4UL, 0xbfa43fadUL, 0xa8b92db6UL, 0xa5b223bfUL, 0x86830980UL, 0x8b880789UL, 0x9c951592UL, 0x919e1b9bUL, -0x0a47a17cUL, 0x074caf75UL, 0x1051bd6eUL, 0x1d5ab367UL, 0x3e6b9958UL, 0x33609751UL, 0x247d854aUL, 0x29768b43UL, -0x621fd134UL, 0x6f14df3dUL, 0x7809cd26UL, 0x7502c32fUL, 0x5633e910UL, 0x5b38e719UL, 0x4c25f502UL, 0x412efb0bUL, -0x618c9ad7UL, 0x6c8794deUL, 0x7b9a86c5UL, 0x769188ccUL, 0x55a0a2f3UL, 0x58abacfaUL, 0x4fb6bee1UL, 0x42bdb0e8UL, -0x09d4ea9fUL, 0x04dfe496UL, 0x13c2f68dUL, 0x1ec9f884UL, 0x3df8d2bbUL, 0x30f3dcb2UL, 0x27eecea9UL, 0x2ae5c0a0UL, -0xb13c7a47UL, 0xbc37744eUL, 0xab2a6655UL, 0xa621685cUL, 0x85104263UL, 0x881b4c6aUL, 0x9f065e71UL, 0x920d5078UL, -0xd9640a0fUL, 0xd46f0406UL, 0xc372161dUL, 0xce791814UL, 0xed48322bUL, 0xe0433c22UL, 0xf75e2e39UL, 0xfa552030UL, -0xb701ec9aUL, 0xba0ae293UL, 0xad17f088UL, 0xa01cfe81UL, 0x832dd4beUL, 0x8e26dab7UL, 0x993bc8acUL, 0x9430c6a5UL, -0xdf599cd2UL, 0xd25292dbUL, 0xc54f80c0UL, 0xc8448ec9UL, 0xeb75a4f6UL, 0xe67eaaffUL, 0xf163b8e4UL, 0xfc68b6edUL, -0x67b10c0aUL, 0x6aba0203UL, 0x7da71018UL, 0x70ac1e11UL, 0x539d342eUL, 0x5e963a27UL, 0x498b283cUL, 0x44802635UL, -0x0fe97c42UL, 0x02e2724bUL, 0x15ff6050UL, 0x18f46e59UL, 0x3bc54466UL, 0x36ce4a6fUL, 0x21d35874UL, 0x2cd8567dUL, -0x0c7a37a1UL, 0x017139a8UL, 0x166c2bb3UL, 0x1b6725baUL, 0x38560f85UL, 0x355d018cUL, 0x22401397UL, 0x2f4b1d9eUL, -0x642247e9UL, 0x692949e0UL, 0x7e345bfbUL, 0x733f55f2UL, 0x500e7fcdUL, 0x5d0571c4UL, 0x4a1863dfUL, 0x47136dd6UL, -0xdccad731UL, 0xd1c1d938UL, 0xc6dccb23UL, 0xcbd7c52aUL, 0xe8e6ef15UL, 0xe5ede11cUL, 0xf2f0f307UL, 0xfffbfd0eUL, -0xb492a779UL, 0xb999a970UL, 0xae84bb6bUL, 0xa38fb562UL, 0x80be9f5dUL, 0x8db59154UL, 0x9aa8834fUL, 0x97a38d46UL -}; - -static const ulong32 Tks3[] = { -0x00000000UL, 0x090d0b0eUL, 0x121a161cUL, 0x1b171d12UL, 0x24342c38UL, 0x2d392736UL, 0x362e3a24UL, 0x3f23312aUL, -0x48685870UL, 0x4165537eUL, 0x5a724e6cUL, 0x537f4562UL, 0x6c5c7448UL, 0x65517f46UL, 0x7e466254UL, 0x774b695aUL, -0x90d0b0e0UL, 0x99ddbbeeUL, 0x82caa6fcUL, 0x8bc7adf2UL, 0xb4e49cd8UL, 0xbde997d6UL, 0xa6fe8ac4UL, 0xaff381caUL, -0xd8b8e890UL, 0xd1b5e39eUL, 0xcaa2fe8cUL, 0xc3aff582UL, 0xfc8cc4a8UL, 0xf581cfa6UL, 0xee96d2b4UL, 0xe79bd9baUL, -0x3bbb7bdbUL, 0x32b670d5UL, 0x29a16dc7UL, 0x20ac66c9UL, 0x1f8f57e3UL, 0x16825cedUL, 0x0d9541ffUL, 0x04984af1UL, -0x73d323abUL, 0x7ade28a5UL, 0x61c935b7UL, 0x68c43eb9UL, 0x57e70f93UL, 0x5eea049dUL, 0x45fd198fUL, 0x4cf01281UL, -0xab6bcb3bUL, 0xa266c035UL, 0xb971dd27UL, 0xb07cd629UL, 0x8f5fe703UL, 0x8652ec0dUL, 0x9d45f11fUL, 0x9448fa11UL, -0xe303934bUL, 0xea0e9845UL, 0xf1198557UL, 0xf8148e59UL, 0xc737bf73UL, 0xce3ab47dUL, 0xd52da96fUL, 0xdc20a261UL, -0x766df6adUL, 0x7f60fda3UL, 0x6477e0b1UL, 0x6d7aebbfUL, 0x5259da95UL, 0x5b54d19bUL, 0x4043cc89UL, 0x494ec787UL, -0x3e05aeddUL, 0x3708a5d3UL, 0x2c1fb8c1UL, 0x2512b3cfUL, 0x1a3182e5UL, 0x133c89ebUL, 0x082b94f9UL, 0x01269ff7UL, -0xe6bd464dUL, 0xefb04d43UL, 0xf4a75051UL, 0xfdaa5b5fUL, 0xc2896a75UL, 0xcb84617bUL, 0xd0937c69UL, 0xd99e7767UL, -0xaed51e3dUL, 0xa7d81533UL, 0xbccf0821UL, 0xb5c2032fUL, 0x8ae13205UL, 0x83ec390bUL, 0x98fb2419UL, 0x91f62f17UL, -0x4dd68d76UL, 0x44db8678UL, 0x5fcc9b6aUL, 0x56c19064UL, 0x69e2a14eUL, 0x60efaa40UL, 0x7bf8b752UL, 0x72f5bc5cUL, -0x05bed506UL, 0x0cb3de08UL, 0x17a4c31aUL, 0x1ea9c814UL, 0x218af93eUL, 0x2887f230UL, 0x3390ef22UL, 0x3a9de42cUL, -0xdd063d96UL, 0xd40b3698UL, 0xcf1c2b8aUL, 0xc6112084UL, 0xf93211aeUL, 0xf03f1aa0UL, 0xeb2807b2UL, 0xe2250cbcUL, -0x956e65e6UL, 0x9c636ee8UL, 0x877473faUL, 0x8e7978f4UL, 0xb15a49deUL, 0xb85742d0UL, 0xa3405fc2UL, 0xaa4d54ccUL, -0xecdaf741UL, 0xe5d7fc4fUL, 0xfec0e15dUL, 0xf7cdea53UL, 0xc8eedb79UL, 0xc1e3d077UL, 0xdaf4cd65UL, 0xd3f9c66bUL, -0xa4b2af31UL, 0xadbfa43fUL, 0xb6a8b92dUL, 0xbfa5b223UL, 0x80868309UL, 0x898b8807UL, 0x929c9515UL, 0x9b919e1bUL, -0x7c0a47a1UL, 0x75074cafUL, 0x6e1051bdUL, 0x671d5ab3UL, 0x583e6b99UL, 0x51336097UL, 0x4a247d85UL, 0x4329768bUL, -0x34621fd1UL, 0x3d6f14dfUL, 0x267809cdUL, 0x2f7502c3UL, 0x105633e9UL, 0x195b38e7UL, 0x024c25f5UL, 0x0b412efbUL, -0xd7618c9aUL, 0xde6c8794UL, 0xc57b9a86UL, 0xcc769188UL, 0xf355a0a2UL, 0xfa58abacUL, 0xe14fb6beUL, 0xe842bdb0UL, -0x9f09d4eaUL, 0x9604dfe4UL, 0x8d13c2f6UL, 0x841ec9f8UL, 0xbb3df8d2UL, 0xb230f3dcUL, 0xa927eeceUL, 0xa02ae5c0UL, -0x47b13c7aUL, 0x4ebc3774UL, 0x55ab2a66UL, 0x5ca62168UL, 0x63851042UL, 0x6a881b4cUL, 0x719f065eUL, 0x78920d50UL, -0x0fd9640aUL, 0x06d46f04UL, 0x1dc37216UL, 0x14ce7918UL, 0x2bed4832UL, 0x22e0433cUL, 0x39f75e2eUL, 0x30fa5520UL, -0x9ab701ecUL, 0x93ba0ae2UL, 0x88ad17f0UL, 0x81a01cfeUL, 0xbe832dd4UL, 0xb78e26daUL, 0xac993bc8UL, 0xa59430c6UL, -0xd2df599cUL, 0xdbd25292UL, 0xc0c54f80UL, 0xc9c8448eUL, 0xf6eb75a4UL, 0xffe67eaaUL, 0xe4f163b8UL, 0xedfc68b6UL, -0x0a67b10cUL, 0x036aba02UL, 0x187da710UL, 0x1170ac1eUL, 0x2e539d34UL, 0x275e963aUL, 0x3c498b28UL, 0x35448026UL, -0x420fe97cUL, 0x4b02e272UL, 0x5015ff60UL, 0x5918f46eUL, 0x663bc544UL, 0x6f36ce4aUL, 0x7421d358UL, 0x7d2cd856UL, -0xa10c7a37UL, 0xa8017139UL, 0xb3166c2bUL, 0xba1b6725UL, 0x8538560fUL, 0x8c355d01UL, 0x97224013UL, 0x9e2f4b1dUL, -0xe9642247UL, 0xe0692949UL, 0xfb7e345bUL, 0xf2733f55UL, 0xcd500e7fUL, 0xc45d0571UL, 0xdf4a1863UL, 0xd647136dUL, -0x31dccad7UL, 0x38d1c1d9UL, 0x23c6dccbUL, 0x2acbd7c5UL, 0x15e8e6efUL, 0x1ce5ede1UL, 0x07f2f0f3UL, 0x0efffbfdUL, -0x79b492a7UL, 0x70b999a9UL, 0x6bae84bbUL, 0x62a38fb5UL, 0x5d80be9fUL, 0x548db591UL, 0x4f9aa883UL, 0x4697a38dUL -}; - -#endif /* ENCRYPT_ONLY */ - -#endif /* SMALL CODE */ - -#ifndef PELI_TAB -static const ulong32 rcon[] = { - 0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL, - 0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL, - 0x1B000000UL, 0x36000000UL, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -}; -#endif - -#endif /* __LTC_AES_TAB_C__ */ diff --git a/libs/tomcrypt/src/ciphers/blowfish.c b/libs/tomcrypt/src/ciphers/blowfish.c deleted file mode 100644 index 745b59ea283..00000000000 --- a/libs/tomcrypt/src/ciphers/blowfish.c +++ /dev/null @@ -1,589 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -/** - @file blowfish.c - Implementation of the Blowfish block cipher, Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_BLOWFISH - -const struct ltc_cipher_descriptor blowfish_desc = -{ - "blowfish", - 0, - 8, 56, 8, 16, - &blowfish_setup, - &blowfish_ecb_encrypt, - &blowfish_ecb_decrypt, - &blowfish_test, - &blowfish_done, - &blowfish_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; - -static const ulong32 ORIG_P[16 + 2] = { - 0x243F6A88UL, 0x85A308D3UL, 0x13198A2EUL, 0x03707344UL, - 0xA4093822UL, 0x299F31D0UL, 0x082EFA98UL, 0xEC4E6C89UL, - 0x452821E6UL, 0x38D01377UL, 0xBE5466CFUL, 0x34E90C6CUL, - 0xC0AC29B7UL, 0xC97C50DDUL, 0x3F84D5B5UL, 0xB5470917UL, - 0x9216D5D9UL, 0x8979FB1BUL -}; - -static const ulong32 ORIG_S[4][256] = { - { 0xD1310BA6UL, 0x98DFB5ACUL, 0x2FFD72DBUL, 0xD01ADFB7UL, - 0xB8E1AFEDUL, 0x6A267E96UL, 0xBA7C9045UL, 0xF12C7F99UL, - 0x24A19947UL, 0xB3916CF7UL, 0x0801F2E2UL, 0x858EFC16UL, - 0x636920D8UL, 0x71574E69UL, 0xA458FEA3UL, 0xF4933D7EUL, - 0x0D95748FUL, 0x728EB658UL, 0x718BCD58UL, 0x82154AEEUL, - 0x7B54A41DUL, 0xC25A59B5UL, 0x9C30D539UL, 0x2AF26013UL, - 0xC5D1B023UL, 0x286085F0UL, 0xCA417918UL, 0xB8DB38EFUL, - 0x8E79DCB0UL, 0x603A180EUL, 0x6C9E0E8BUL, 0xB01E8A3EUL, - 0xD71577C1UL, 0xBD314B27UL, 0x78AF2FDAUL, 0x55605C60UL, - 0xE65525F3UL, 0xAA55AB94UL, 0x57489862UL, 0x63E81440UL, - 0x55CA396AUL, 0x2AAB10B6UL, 0xB4CC5C34UL, 0x1141E8CEUL, - 0xA15486AFUL, 0x7C72E993UL, 0xB3EE1411UL, 0x636FBC2AUL, - 0x2BA9C55DUL, 0x741831F6UL, 0xCE5C3E16UL, 0x9B87931EUL, - 0xAFD6BA33UL, 0x6C24CF5CUL, 0x7A325381UL, 0x28958677UL, - 0x3B8F4898UL, 0x6B4BB9AFUL, 0xC4BFE81BUL, 0x66282193UL, - 0x61D809CCUL, 0xFB21A991UL, 0x487CAC60UL, 0x5DEC8032UL, - 0xEF845D5DUL, 0xE98575B1UL, 0xDC262302UL, 0xEB651B88UL, - 0x23893E81UL, 0xD396ACC5UL, 0x0F6D6FF3UL, 0x83F44239UL, - 0x2E0B4482UL, 0xA4842004UL, 0x69C8F04AUL, 0x9E1F9B5EUL, - 0x21C66842UL, 0xF6E96C9AUL, 0x670C9C61UL, 0xABD388F0UL, - 0x6A51A0D2UL, 0xD8542F68UL, 0x960FA728UL, 0xAB5133A3UL, - 0x6EEF0B6CUL, 0x137A3BE4UL, 0xBA3BF050UL, 0x7EFB2A98UL, - 0xA1F1651DUL, 0x39AF0176UL, 0x66CA593EUL, 0x82430E88UL, - 0x8CEE8619UL, 0x456F9FB4UL, 0x7D84A5C3UL, 0x3B8B5EBEUL, - 0xE06F75D8UL, 0x85C12073UL, 0x401A449FUL, 0x56C16AA6UL, - 0x4ED3AA62UL, 0x363F7706UL, 0x1BFEDF72UL, 0x429B023DUL, - 0x37D0D724UL, 0xD00A1248UL, 0xDB0FEAD3UL, 0x49F1C09BUL, - 0x075372C9UL, 0x80991B7BUL, 0x25D479D8UL, 0xF6E8DEF7UL, - 0xE3FE501AUL, 0xB6794C3BUL, 0x976CE0BDUL, 0x04C006BAUL, - 0xC1A94FB6UL, 0x409F60C4UL, 0x5E5C9EC2UL, 0x196A2463UL, - 0x68FB6FAFUL, 0x3E6C53B5UL, 0x1339B2EBUL, 0x3B52EC6FUL, - 0x6DFC511FUL, 0x9B30952CUL, 0xCC814544UL, 0xAF5EBD09UL, - 0xBEE3D004UL, 0xDE334AFDUL, 0x660F2807UL, 0x192E4BB3UL, - 0xC0CBA857UL, 0x45C8740FUL, 0xD20B5F39UL, 0xB9D3FBDBUL, - 0x5579C0BDUL, 0x1A60320AUL, 0xD6A100C6UL, 0x402C7279UL, - 0x679F25FEUL, 0xFB1FA3CCUL, 0x8EA5E9F8UL, 0xDB3222F8UL, - 0x3C7516DFUL, 0xFD616B15UL, 0x2F501EC8UL, 0xAD0552ABUL, - 0x323DB5FAUL, 0xFD238760UL, 0x53317B48UL, 0x3E00DF82UL, - 0x9E5C57BBUL, 0xCA6F8CA0UL, 0x1A87562EUL, 0xDF1769DBUL, - 0xD542A8F6UL, 0x287EFFC3UL, 0xAC6732C6UL, 0x8C4F5573UL, - 0x695B27B0UL, 0xBBCA58C8UL, 0xE1FFA35DUL, 0xB8F011A0UL, - 0x10FA3D98UL, 0xFD2183B8UL, 0x4AFCB56CUL, 0x2DD1D35BUL, - 0x9A53E479UL, 0xB6F84565UL, 0xD28E49BCUL, 0x4BFB9790UL, - 0xE1DDF2DAUL, 0xA4CB7E33UL, 0x62FB1341UL, 0xCEE4C6E8UL, - 0xEF20CADAUL, 0x36774C01UL, 0xD07E9EFEUL, 0x2BF11FB4UL, - 0x95DBDA4DUL, 0xAE909198UL, 0xEAAD8E71UL, 0x6B93D5A0UL, - 0xD08ED1D0UL, 0xAFC725E0UL, 0x8E3C5B2FUL, 0x8E7594B7UL, - 0x8FF6E2FBUL, 0xF2122B64UL, 0x8888B812UL, 0x900DF01CUL, - 0x4FAD5EA0UL, 0x688FC31CUL, 0xD1CFF191UL, 0xB3A8C1ADUL, - 0x2F2F2218UL, 0xBE0E1777UL, 0xEA752DFEUL, 0x8B021FA1UL, - 0xE5A0CC0FUL, 0xB56F74E8UL, 0x18ACF3D6UL, 0xCE89E299UL, - 0xB4A84FE0UL, 0xFD13E0B7UL, 0x7CC43B81UL, 0xD2ADA8D9UL, - 0x165FA266UL, 0x80957705UL, 0x93CC7314UL, 0x211A1477UL, - 0xE6AD2065UL, 0x77B5FA86UL, 0xC75442F5UL, 0xFB9D35CFUL, - 0xEBCDAF0CUL, 0x7B3E89A0UL, 0xD6411BD3UL, 0xAE1E7E49UL, - 0x00250E2DUL, 0x2071B35EUL, 0x226800BBUL, 0x57B8E0AFUL, - 0x2464369BUL, 0xF009B91EUL, 0x5563911DUL, 0x59DFA6AAUL, - 0x78C14389UL, 0xD95A537FUL, 0x207D5BA2UL, 0x02E5B9C5UL, - 0x83260376UL, 0x6295CFA9UL, 0x11C81968UL, 0x4E734A41UL, - 0xB3472DCAUL, 0x7B14A94AUL, 0x1B510052UL, 0x9A532915UL, - 0xD60F573FUL, 0xBC9BC6E4UL, 0x2B60A476UL, 0x81E67400UL, - 0x08BA6FB5UL, 0x571BE91FUL, 0xF296EC6BUL, 0x2A0DD915UL, - 0xB6636521UL, 0xE7B9F9B6UL, 0xFF34052EUL, 0xC5855664UL, - 0x53B02D5DUL, 0xA99F8FA1UL, 0x08BA4799UL, 0x6E85076AUL }, - { 0x4B7A70E9UL, 0xB5B32944UL, 0xDB75092EUL, 0xC4192623UL, - 0xAD6EA6B0UL, 0x49A7DF7DUL, 0x9CEE60B8UL, 0x8FEDB266UL, - 0xECAA8C71UL, 0x699A17FFUL, 0x5664526CUL, 0xC2B19EE1UL, - 0x193602A5UL, 0x75094C29UL, 0xA0591340UL, 0xE4183A3EUL, - 0x3F54989AUL, 0x5B429D65UL, 0x6B8FE4D6UL, 0x99F73FD6UL, - 0xA1D29C07UL, 0xEFE830F5UL, 0x4D2D38E6UL, 0xF0255DC1UL, - 0x4CDD2086UL, 0x8470EB26UL, 0x6382E9C6UL, 0x021ECC5EUL, - 0x09686B3FUL, 0x3EBAEFC9UL, 0x3C971814UL, 0x6B6A70A1UL, - 0x687F3584UL, 0x52A0E286UL, 0xB79C5305UL, 0xAA500737UL, - 0x3E07841CUL, 0x7FDEAE5CUL, 0x8E7D44ECUL, 0x5716F2B8UL, - 0xB03ADA37UL, 0xF0500C0DUL, 0xF01C1F04UL, 0x0200B3FFUL, - 0xAE0CF51AUL, 0x3CB574B2UL, 0x25837A58UL, 0xDC0921BDUL, - 0xD19113F9UL, 0x7CA92FF6UL, 0x94324773UL, 0x22F54701UL, - 0x3AE5E581UL, 0x37C2DADCUL, 0xC8B57634UL, 0x9AF3DDA7UL, - 0xA9446146UL, 0x0FD0030EUL, 0xECC8C73EUL, 0xA4751E41UL, - 0xE238CD99UL, 0x3BEA0E2FUL, 0x3280BBA1UL, 0x183EB331UL, - 0x4E548B38UL, 0x4F6DB908UL, 0x6F420D03UL, 0xF60A04BFUL, - 0x2CB81290UL, 0x24977C79UL, 0x5679B072UL, 0xBCAF89AFUL, - 0xDE9A771FUL, 0xD9930810UL, 0xB38BAE12UL, 0xDCCF3F2EUL, - 0x5512721FUL, 0x2E6B7124UL, 0x501ADDE6UL, 0x9F84CD87UL, - 0x7A584718UL, 0x7408DA17UL, 0xBC9F9ABCUL, 0xE94B7D8CUL, - 0xEC7AEC3AUL, 0xDB851DFAUL, 0x63094366UL, 0xC464C3D2UL, - 0xEF1C1847UL, 0x3215D908UL, 0xDD433B37UL, 0x24C2BA16UL, - 0x12A14D43UL, 0x2A65C451UL, 0x50940002UL, 0x133AE4DDUL, - 0x71DFF89EUL, 0x10314E55UL, 0x81AC77D6UL, 0x5F11199BUL, - 0x043556F1UL, 0xD7A3C76BUL, 0x3C11183BUL, 0x5924A509UL, - 0xF28FE6EDUL, 0x97F1FBFAUL, 0x9EBABF2CUL, 0x1E153C6EUL, - 0x86E34570UL, 0xEAE96FB1UL, 0x860E5E0AUL, 0x5A3E2AB3UL, - 0x771FE71CUL, 0x4E3D06FAUL, 0x2965DCB9UL, 0x99E71D0FUL, - 0x803E89D6UL, 0x5266C825UL, 0x2E4CC978UL, 0x9C10B36AUL, - 0xC6150EBAUL, 0x94E2EA78UL, 0xA5FC3C53UL, 0x1E0A2DF4UL, - 0xF2F74EA7UL, 0x361D2B3DUL, 0x1939260FUL, 0x19C27960UL, - 0x5223A708UL, 0xF71312B6UL, 0xEBADFE6EUL, 0xEAC31F66UL, - 0xE3BC4595UL, 0xA67BC883UL, 0xB17F37D1UL, 0x018CFF28UL, - 0xC332DDEFUL, 0xBE6C5AA5UL, 0x65582185UL, 0x68AB9802UL, - 0xEECEA50FUL, 0xDB2F953BUL, 0x2AEF7DADUL, 0x5B6E2F84UL, - 0x1521B628UL, 0x29076170UL, 0xECDD4775UL, 0x619F1510UL, - 0x13CCA830UL, 0xEB61BD96UL, 0x0334FE1EUL, 0xAA0363CFUL, - 0xB5735C90UL, 0x4C70A239UL, 0xD59E9E0BUL, 0xCBAADE14UL, - 0xEECC86BCUL, 0x60622CA7UL, 0x9CAB5CABUL, 0xB2F3846EUL, - 0x648B1EAFUL, 0x19BDF0CAUL, 0xA02369B9UL, 0x655ABB50UL, - 0x40685A32UL, 0x3C2AB4B3UL, 0x319EE9D5UL, 0xC021B8F7UL, - 0x9B540B19UL, 0x875FA099UL, 0x95F7997EUL, 0x623D7DA8UL, - 0xF837889AUL, 0x97E32D77UL, 0x11ED935FUL, 0x16681281UL, - 0x0E358829UL, 0xC7E61FD6UL, 0x96DEDFA1UL, 0x7858BA99UL, - 0x57F584A5UL, 0x1B227263UL, 0x9B83C3FFUL, 0x1AC24696UL, - 0xCDB30AEBUL, 0x532E3054UL, 0x8FD948E4UL, 0x6DBC3128UL, - 0x58EBF2EFUL, 0x34C6FFEAUL, 0xFE28ED61UL, 0xEE7C3C73UL, - 0x5D4A14D9UL, 0xE864B7E3UL, 0x42105D14UL, 0x203E13E0UL, - 0x45EEE2B6UL, 0xA3AAABEAUL, 0xDB6C4F15UL, 0xFACB4FD0UL, - 0xC742F442UL, 0xEF6ABBB5UL, 0x654F3B1DUL, 0x41CD2105UL, - 0xD81E799EUL, 0x86854DC7UL, 0xE44B476AUL, 0x3D816250UL, - 0xCF62A1F2UL, 0x5B8D2646UL, 0xFC8883A0UL, 0xC1C7B6A3UL, - 0x7F1524C3UL, 0x69CB7492UL, 0x47848A0BUL, 0x5692B285UL, - 0x095BBF00UL, 0xAD19489DUL, 0x1462B174UL, 0x23820E00UL, - 0x58428D2AUL, 0x0C55F5EAUL, 0x1DADF43EUL, 0x233F7061UL, - 0x3372F092UL, 0x8D937E41UL, 0xD65FECF1UL, 0x6C223BDBUL, - 0x7CDE3759UL, 0xCBEE7460UL, 0x4085F2A7UL, 0xCE77326EUL, - 0xA6078084UL, 0x19F8509EUL, 0xE8EFD855UL, 0x61D99735UL, - 0xA969A7AAUL, 0xC50C06C2UL, 0x5A04ABFCUL, 0x800BCADCUL, - 0x9E447A2EUL, 0xC3453484UL, 0xFDD56705UL, 0x0E1E9EC9UL, - 0xDB73DBD3UL, 0x105588CDUL, 0x675FDA79UL, 0xE3674340UL, - 0xC5C43465UL, 0x713E38D8UL, 0x3D28F89EUL, 0xF16DFF20UL, - 0x153E21E7UL, 0x8FB03D4AUL, 0xE6E39F2BUL, 0xDB83ADF7UL }, - { 0xE93D5A68UL, 0x948140F7UL, 0xF64C261CUL, 0x94692934UL, - 0x411520F7UL, 0x7602D4F7UL, 0xBCF46B2EUL, 0xD4A20068UL, - 0xD4082471UL, 0x3320F46AUL, 0x43B7D4B7UL, 0x500061AFUL, - 0x1E39F62EUL, 0x97244546UL, 0x14214F74UL, 0xBF8B8840UL, - 0x4D95FC1DUL, 0x96B591AFUL, 0x70F4DDD3UL, 0x66A02F45UL, - 0xBFBC09ECUL, 0x03BD9785UL, 0x7FAC6DD0UL, 0x31CB8504UL, - 0x96EB27B3UL, 0x55FD3941UL, 0xDA2547E6UL, 0xABCA0A9AUL, - 0x28507825UL, 0x530429F4UL, 0x0A2C86DAUL, 0xE9B66DFBUL, - 0x68DC1462UL, 0xD7486900UL, 0x680EC0A4UL, 0x27A18DEEUL, - 0x4F3FFEA2UL, 0xE887AD8CUL, 0xB58CE006UL, 0x7AF4D6B6UL, - 0xAACE1E7CUL, 0xD3375FECUL, 0xCE78A399UL, 0x406B2A42UL, - 0x20FE9E35UL, 0xD9F385B9UL, 0xEE39D7ABUL, 0x3B124E8BUL, - 0x1DC9FAF7UL, 0x4B6D1856UL, 0x26A36631UL, 0xEAE397B2UL, - 0x3A6EFA74UL, 0xDD5B4332UL, 0x6841E7F7UL, 0xCA7820FBUL, - 0xFB0AF54EUL, 0xD8FEB397UL, 0x454056ACUL, 0xBA489527UL, - 0x55533A3AUL, 0x20838D87UL, 0xFE6BA9B7UL, 0xD096954BUL, - 0x55A867BCUL, 0xA1159A58UL, 0xCCA92963UL, 0x99E1DB33UL, - 0xA62A4A56UL, 0x3F3125F9UL, 0x5EF47E1CUL, 0x9029317CUL, - 0xFDF8E802UL, 0x04272F70UL, 0x80BB155CUL, 0x05282CE3UL, - 0x95C11548UL, 0xE4C66D22UL, 0x48C1133FUL, 0xC70F86DCUL, - 0x07F9C9EEUL, 0x41041F0FUL, 0x404779A4UL, 0x5D886E17UL, - 0x325F51EBUL, 0xD59BC0D1UL, 0xF2BCC18FUL, 0x41113564UL, - 0x257B7834UL, 0x602A9C60UL, 0xDFF8E8A3UL, 0x1F636C1BUL, - 0x0E12B4C2UL, 0x02E1329EUL, 0xAF664FD1UL, 0xCAD18115UL, - 0x6B2395E0UL, 0x333E92E1UL, 0x3B240B62UL, 0xEEBEB922UL, - 0x85B2A20EUL, 0xE6BA0D99UL, 0xDE720C8CUL, 0x2DA2F728UL, - 0xD0127845UL, 0x95B794FDUL, 0x647D0862UL, 0xE7CCF5F0UL, - 0x5449A36FUL, 0x877D48FAUL, 0xC39DFD27UL, 0xF33E8D1EUL, - 0x0A476341UL, 0x992EFF74UL, 0x3A6F6EABUL, 0xF4F8FD37UL, - 0xA812DC60UL, 0xA1EBDDF8UL, 0x991BE14CUL, 0xDB6E6B0DUL, - 0xC67B5510UL, 0x6D672C37UL, 0x2765D43BUL, 0xDCD0E804UL, - 0xF1290DC7UL, 0xCC00FFA3UL, 0xB5390F92UL, 0x690FED0BUL, - 0x667B9FFBUL, 0xCEDB7D9CUL, 0xA091CF0BUL, 0xD9155EA3UL, - 0xBB132F88UL, 0x515BAD24UL, 0x7B9479BFUL, 0x763BD6EBUL, - 0x37392EB3UL, 0xCC115979UL, 0x8026E297UL, 0xF42E312DUL, - 0x6842ADA7UL, 0xC66A2B3BUL, 0x12754CCCUL, 0x782EF11CUL, - 0x6A124237UL, 0xB79251E7UL, 0x06A1BBE6UL, 0x4BFB6350UL, - 0x1A6B1018UL, 0x11CAEDFAUL, 0x3D25BDD8UL, 0xE2E1C3C9UL, - 0x44421659UL, 0x0A121386UL, 0xD90CEC6EUL, 0xD5ABEA2AUL, - 0x64AF674EUL, 0xDA86A85FUL, 0xBEBFE988UL, 0x64E4C3FEUL, - 0x9DBC8057UL, 0xF0F7C086UL, 0x60787BF8UL, 0x6003604DUL, - 0xD1FD8346UL, 0xF6381FB0UL, 0x7745AE04UL, 0xD736FCCCUL, - 0x83426B33UL, 0xF01EAB71UL, 0xB0804187UL, 0x3C005E5FUL, - 0x77A057BEUL, 0xBDE8AE24UL, 0x55464299UL, 0xBF582E61UL, - 0x4E58F48FUL, 0xF2DDFDA2UL, 0xF474EF38UL, 0x8789BDC2UL, - 0x5366F9C3UL, 0xC8B38E74UL, 0xB475F255UL, 0x46FCD9B9UL, - 0x7AEB2661UL, 0x8B1DDF84UL, 0x846A0E79UL, 0x915F95E2UL, - 0x466E598EUL, 0x20B45770UL, 0x8CD55591UL, 0xC902DE4CUL, - 0xB90BACE1UL, 0xBB8205D0UL, 0x11A86248UL, 0x7574A99EUL, - 0xB77F19B6UL, 0xE0A9DC09UL, 0x662D09A1UL, 0xC4324633UL, - 0xE85A1F02UL, 0x09F0BE8CUL, 0x4A99A025UL, 0x1D6EFE10UL, - 0x1AB93D1DUL, 0x0BA5A4DFUL, 0xA186F20FUL, 0x2868F169UL, - 0xDCB7DA83UL, 0x573906FEUL, 0xA1E2CE9BUL, 0x4FCD7F52UL, - 0x50115E01UL, 0xA70683FAUL, 0xA002B5C4UL, 0x0DE6D027UL, - 0x9AF88C27UL, 0x773F8641UL, 0xC3604C06UL, 0x61A806B5UL, - 0xF0177A28UL, 0xC0F586E0UL, 0x006058AAUL, 0x30DC7D62UL, - 0x11E69ED7UL, 0x2338EA63UL, 0x53C2DD94UL, 0xC2C21634UL, - 0xBBCBEE56UL, 0x90BCB6DEUL, 0xEBFC7DA1UL, 0xCE591D76UL, - 0x6F05E409UL, 0x4B7C0188UL, 0x39720A3DUL, 0x7C927C24UL, - 0x86E3725FUL, 0x724D9DB9UL, 0x1AC15BB4UL, 0xD39EB8FCUL, - 0xED545578UL, 0x08FCA5B5UL, 0xD83D7CD3UL, 0x4DAD0FC4UL, - 0x1E50EF5EUL, 0xB161E6F8UL, 0xA28514D9UL, 0x6C51133CUL, - 0x6FD5C7E7UL, 0x56E14EC4UL, 0x362ABFCEUL, 0xDDC6C837UL, - 0xD79A3234UL, 0x92638212UL, 0x670EFA8EUL, 0x406000E0UL }, - { 0x3A39CE37UL, 0xD3FAF5CFUL, 0xABC27737UL, 0x5AC52D1BUL, - 0x5CB0679EUL, 0x4FA33742UL, 0xD3822740UL, 0x99BC9BBEUL, - 0xD5118E9DUL, 0xBF0F7315UL, 0xD62D1C7EUL, 0xC700C47BUL, - 0xB78C1B6BUL, 0x21A19045UL, 0xB26EB1BEUL, 0x6A366EB4UL, - 0x5748AB2FUL, 0xBC946E79UL, 0xC6A376D2UL, 0x6549C2C8UL, - 0x530FF8EEUL, 0x468DDE7DUL, 0xD5730A1DUL, 0x4CD04DC6UL, - 0x2939BBDBUL, 0xA9BA4650UL, 0xAC9526E8UL, 0xBE5EE304UL, - 0xA1FAD5F0UL, 0x6A2D519AUL, 0x63EF8CE2UL, 0x9A86EE22UL, - 0xC089C2B8UL, 0x43242EF6UL, 0xA51E03AAUL, 0x9CF2D0A4UL, - 0x83C061BAUL, 0x9BE96A4DUL, 0x8FE51550UL, 0xBA645BD6UL, - 0x2826A2F9UL, 0xA73A3AE1UL, 0x4BA99586UL, 0xEF5562E9UL, - 0xC72FEFD3UL, 0xF752F7DAUL, 0x3F046F69UL, 0x77FA0A59UL, - 0x80E4A915UL, 0x87B08601UL, 0x9B09E6ADUL, 0x3B3EE593UL, - 0xE990FD5AUL, 0x9E34D797UL, 0x2CF0B7D9UL, 0x022B8B51UL, - 0x96D5AC3AUL, 0x017DA67DUL, 0xD1CF3ED6UL, 0x7C7D2D28UL, - 0x1F9F25CFUL, 0xADF2B89BUL, 0x5AD6B472UL, 0x5A88F54CUL, - 0xE029AC71UL, 0xE019A5E6UL, 0x47B0ACFDUL, 0xED93FA9BUL, - 0xE8D3C48DUL, 0x283B57CCUL, 0xF8D56629UL, 0x79132E28UL, - 0x785F0191UL, 0xED756055UL, 0xF7960E44UL, 0xE3D35E8CUL, - 0x15056DD4UL, 0x88F46DBAUL, 0x03A16125UL, 0x0564F0BDUL, - 0xC3EB9E15UL, 0x3C9057A2UL, 0x97271AECUL, 0xA93A072AUL, - 0x1B3F6D9BUL, 0x1E6321F5UL, 0xF59C66FBUL, 0x26DCF319UL, - 0x7533D928UL, 0xB155FDF5UL, 0x03563482UL, 0x8ABA3CBBUL, - 0x28517711UL, 0xC20AD9F8UL, 0xABCC5167UL, 0xCCAD925FUL, - 0x4DE81751UL, 0x3830DC8EUL, 0x379D5862UL, 0x9320F991UL, - 0xEA7A90C2UL, 0xFB3E7BCEUL, 0x5121CE64UL, 0x774FBE32UL, - 0xA8B6E37EUL, 0xC3293D46UL, 0x48DE5369UL, 0x6413E680UL, - 0xA2AE0810UL, 0xDD6DB224UL, 0x69852DFDUL, 0x09072166UL, - 0xB39A460AUL, 0x6445C0DDUL, 0x586CDECFUL, 0x1C20C8AEUL, - 0x5BBEF7DDUL, 0x1B588D40UL, 0xCCD2017FUL, 0x6BB4E3BBUL, - 0xDDA26A7EUL, 0x3A59FF45UL, 0x3E350A44UL, 0xBCB4CDD5UL, - 0x72EACEA8UL, 0xFA6484BBUL, 0x8D6612AEUL, 0xBF3C6F47UL, - 0xD29BE463UL, 0x542F5D9EUL, 0xAEC2771BUL, 0xF64E6370UL, - 0x740E0D8DUL, 0xE75B1357UL, 0xF8721671UL, 0xAF537D5DUL, - 0x4040CB08UL, 0x4EB4E2CCUL, 0x34D2466AUL, 0x0115AF84UL, - 0xE1B00428UL, 0x95983A1DUL, 0x06B89FB4UL, 0xCE6EA048UL, - 0x6F3F3B82UL, 0x3520AB82UL, 0x011A1D4BUL, 0x277227F8UL, - 0x611560B1UL, 0xE7933FDCUL, 0xBB3A792BUL, 0x344525BDUL, - 0xA08839E1UL, 0x51CE794BUL, 0x2F32C9B7UL, 0xA01FBAC9UL, - 0xE01CC87EUL, 0xBCC7D1F6UL, 0xCF0111C3UL, 0xA1E8AAC7UL, - 0x1A908749UL, 0xD44FBD9AUL, 0xD0DADECBUL, 0xD50ADA38UL, - 0x0339C32AUL, 0xC6913667UL, 0x8DF9317CUL, 0xE0B12B4FUL, - 0xF79E59B7UL, 0x43F5BB3AUL, 0xF2D519FFUL, 0x27D9459CUL, - 0xBF97222CUL, 0x15E6FC2AUL, 0x0F91FC71UL, 0x9B941525UL, - 0xFAE59361UL, 0xCEB69CEBUL, 0xC2A86459UL, 0x12BAA8D1UL, - 0xB6C1075EUL, 0xE3056A0CUL, 0x10D25065UL, 0xCB03A442UL, - 0xE0EC6E0EUL, 0x1698DB3BUL, 0x4C98A0BEUL, 0x3278E964UL, - 0x9F1F9532UL, 0xE0D392DFUL, 0xD3A0342BUL, 0x8971F21EUL, - 0x1B0A7441UL, 0x4BA3348CUL, 0xC5BE7120UL, 0xC37632D8UL, - 0xDF359F8DUL, 0x9B992F2EUL, 0xE60B6F47UL, 0x0FE3F11DUL, - 0xE54CDA54UL, 0x1EDAD891UL, 0xCE6279CFUL, 0xCD3E7E6FUL, - 0x1618B166UL, 0xFD2C1D05UL, 0x848FD2C5UL, 0xF6FB2299UL, - 0xF523F357UL, 0xA6327623UL, 0x93A83531UL, 0x56CCCD02UL, - 0xACF08162UL, 0x5A75EBB5UL, 0x6E163697UL, 0x88D273CCUL, - 0xDE966292UL, 0x81B949D0UL, 0x4C50901BUL, 0x71C65614UL, - 0xE6C6C7BDUL, 0x327A140AUL, 0x45E1D006UL, 0xC3F27B9AUL, - 0xC9AA53FDUL, 0x62A80F00UL, 0xBB25BFE2UL, 0x35BDD2F6UL, - 0x71126905UL, 0xB2040222UL, 0xB6CBCF7CUL, 0xCD769C2BUL, - 0x53113EC0UL, 0x1640E3D3UL, 0x38ABBD60UL, 0x2547ADF0UL, - 0xBA38209CUL, 0xF746CE76UL, 0x77AFA1C5UL, 0x20756060UL, - 0x85CBFE4EUL, 0x8AE88DD8UL, 0x7AAAF9B0UL, 0x4CF9AA7EUL, - 0x1948C25CUL, 0x02FB8A8CUL, 0x01C36AE4UL, 0xD6EBE1F9UL, - 0x90D4F869UL, 0xA65CDEA0UL, 0x3F09252DUL, 0xC208E69FUL, - 0xB74E6132UL, 0xCE77E25BUL, 0x578FDFE3UL, 0x3AC372E6UL } -}; - - /** - Initialize the Blowfish block cipher - @param key The symmetric key you wish to pass - @param keylen The key length in bytes - @param num_rounds The number of rounds desired (0 for default) - @param skey The key in as scheduled by this function. - @return CRYPT_OK if successful - */ -int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, - symmetric_key *skey) -{ - ulong32 x, y, z, A; - unsigned char B[8]; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(skey != NULL); - - /* check key length */ - if (keylen < 8 || keylen > 56) { - return CRYPT_INVALID_KEYSIZE; - } - - /* check rounds */ - if (num_rounds != 0 && num_rounds != 16) { - return CRYPT_INVALID_ROUNDS; - } - - /* load in key bytes (Supplied by David Hopwood) */ - for (x = y = 0; x < 18; x++) { - A = 0; - for (z = 0; z < 4; z++) { - A = (A << 8) | ((ulong32)key[y++] & 255); - if (y == (ulong32)keylen) { - y = 0; - } - } - skey->blowfish.K[x] = ORIG_P[x] ^ A; - } - - /* copy sboxes */ - for (x = 0; x < 4; x++) { - for (y = 0; y < 256; y++) { - skey->blowfish.S[x][y] = ORIG_S[x][y]; - } - } - - /* encrypt K array */ - for (x = 0; x < 8; x++) { - B[x] = 0; - } - - for (x = 0; x < 18; x += 2) { - /* encrypt it */ - blowfish_ecb_encrypt(B, B, skey); - /* copy it */ - LOAD32H(skey->blowfish.K[x], &B[0]); - LOAD32H(skey->blowfish.K[x+1], &B[4]); - } - - /* encrypt S array */ - for (x = 0; x < 4; x++) { - for (y = 0; y < 256; y += 2) { - /* encrypt it */ - blowfish_ecb_encrypt(B, B, skey); - /* copy it */ - LOAD32H(skey->blowfish.S[x][y], &B[0]); - LOAD32H(skey->blowfish.S[x][y+1], &B[4]); - } - } - -#ifdef LTC_CLEAN_STACK - zeromem(B, sizeof(B)); -#endif - - return CRYPT_OK; -} - -#ifndef __GNUC__ -#define F(x) ((S1[byte(x,3)] + S2[byte(x,2)]) ^ S3[byte(x,1)]) + S4[byte(x,0)] -#else -#define F(x) ((skey->blowfish.S[0][byte(x,3)] + skey->blowfish.S[1][byte(x,2)]) ^ skey->blowfish.S[2][byte(x,1)]) + skey->blowfish.S[3][byte(x,0)] -#endif - -/** - Encrypts a block of text with Blowfish - @param pt The input plaintext (8 bytes) - @param ct The output ciphertext (8 bytes) - @param skey The key as scheduled - @return CRYPT_OK if successful -*/ -#ifdef LTC_CLEAN_STACK -static int _blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) -#else -int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) -#endif -{ - ulong32 L, R; - int r; -#ifndef __GNUC__ - ulong32 *S1, *S2, *S3, *S4; -#endif - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(skey != NULL); - -#ifndef __GNUC__ - S1 = skey->blowfish.S[0]; - S2 = skey->blowfish.S[1]; - S3 = skey->blowfish.S[2]; - S4 = skey->blowfish.S[3]; -#endif - - /* load it */ - LOAD32H(L, &pt[0]); - LOAD32H(R, &pt[4]); - - /* do 16 rounds */ - for (r = 0; r < 16; ) { - L ^= skey->blowfish.K[r++]; R ^= F(L); - R ^= skey->blowfish.K[r++]; L ^= F(R); - L ^= skey->blowfish.K[r++]; R ^= F(L); - R ^= skey->blowfish.K[r++]; L ^= F(R); - } - - /* last keying */ - R ^= skey->blowfish.K[17]; - L ^= skey->blowfish.K[16]; - - /* store */ - STORE32H(R, &ct[0]); - STORE32H(L, &ct[4]); - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) -{ - int err = _blowfish_ecb_encrypt(pt, ct, skey); - burn_stack(sizeof(ulong32) * 2 + sizeof(int)); - return err; -} -#endif - -/** - Decrypts a block of text with Blowfish - @param ct The input ciphertext (8 bytes) - @param pt The output plaintext (8 bytes) - @param skey The key as scheduled - @return CRYPT_OK if successful -*/ -#ifdef LTC_CLEAN_STACK -static int _blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) -#else -int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) -#endif -{ - ulong32 L, R; - int r; -#ifndef __GNUC__ - ulong32 *S1, *S2, *S3, *S4; -#endif - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(skey != NULL); - -#ifndef __GNUC__ - S1 = skey->blowfish.S[0]; - S2 = skey->blowfish.S[1]; - S3 = skey->blowfish.S[2]; - S4 = skey->blowfish.S[3]; -#endif - - /* load it */ - LOAD32H(R, &ct[0]); - LOAD32H(L, &ct[4]); - - /* undo last keying */ - R ^= skey->blowfish.K[17]; - L ^= skey->blowfish.K[16]; - - /* do 16 rounds */ - for (r = 15; r > 0; ) { - L ^= F(R); R ^= skey->blowfish.K[r--]; - R ^= F(L); L ^= skey->blowfish.K[r--]; - L ^= F(R); R ^= skey->blowfish.K[r--]; - R ^= F(L); L ^= skey->blowfish.K[r--]; - } - - /* store */ - STORE32H(L, &pt[0]); - STORE32H(R, &pt[4]); - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) -{ - int err = _blowfish_ecb_decrypt(ct, pt, skey); - burn_stack(sizeof(ulong32) * 2 + sizeof(int)); - return err; -} -#endif - - -/** - Performs a self-test of the Blowfish block cipher - @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled -*/ -int blowfish_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - int err; - symmetric_key key; - static const struct { - unsigned char key[8], pt[8], ct[8]; - } tests[] = { - { - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - { 0x4E, 0xF9, 0x97, 0x45, 0x61, 0x98, 0xDD, 0x78} - }, - { - { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF}, - { 0x51, 0x86, 0x6F, 0xD5, 0xB8, 0x5E, 0xCB, 0x8A} - }, - { - { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, - { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01}, - { 0x7D, 0x85, 0x6F, 0x9A, 0x61, 0x30, 0x63, 0xF2} - } - }; - unsigned char tmp[2][8]; - int x, y; - - for (x = 0; x < (int)(sizeof(tests) / sizeof(tests[0])); x++) { - /* setup key */ - if ((err = blowfish_setup(tests[x].key, 8, 16, &key)) != CRYPT_OK) { - return err; - } - - /* encrypt and decrypt */ - blowfish_ecb_encrypt(tests[x].pt, tmp[0], &key); - blowfish_ecb_decrypt(tmp[0], tmp[1], &key); - - /* compare */ - if ((compare_testvector(tmp[0], 8, tests[x].ct, 8, "Blowfish Encrypt", x) != 0) || - (compare_testvector(tmp[1], 8, tests[x].pt, 8, "Blowfish Decrypt", x) != 0)) { - return CRYPT_FAIL_TESTVECTOR; - } - - /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */ - for (y = 0; y < 8; y++) tmp[0][y] = 0; - for (y = 0; y < 1000; y++) blowfish_ecb_encrypt(tmp[0], tmp[0], &key); - for (y = 0; y < 1000; y++) blowfish_ecb_decrypt(tmp[0], tmp[0], &key); - for (y = 0; y < 8; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR; - } - return CRYPT_OK; - #endif -} - -/** Terminate the context - @param skey The scheduled key -*/ -void blowfish_done(symmetric_key *skey) -{ - LTC_UNUSED_PARAM(skey); -} - -/** - Gets suitable key size - @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. - @return CRYPT_OK if the input key size is acceptable. -*/ -int blowfish_keysize(int *keysize) -{ - LTC_ARGCHK(keysize != NULL); - - if (*keysize < 8) { - return CRYPT_INVALID_KEYSIZE; - } else if (*keysize > 56) { - *keysize = 56; - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/ciphers/des.c b/libs/tomcrypt/src/ciphers/des.c deleted file mode 100644 index 5c6c85f5087..00000000000 --- a/libs/tomcrypt/src/ciphers/des.c +++ /dev/null @@ -1,2081 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file des.c - DES code submitted by Dobes Vandermeer -*/ - -#ifdef LTC_DES - -#define EN0 0 -#define DE1 1 - -const struct ltc_cipher_descriptor des_desc = -{ - "des", - 13, - 8, 8, 8, 16, - &des_setup, - &des_ecb_encrypt, - &des_ecb_decrypt, - &des_test, - &des_done, - &des_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; - -const struct ltc_cipher_descriptor des3_desc = -{ - "3des", - 14, - 16, 24, 8, 16, - &des3_setup, - &des3_ecb_encrypt, - &des3_ecb_decrypt, - &des3_test, - &des3_done, - &des3_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; - -static const ulong32 bytebit[8] = -{ - 0200, 0100, 040, 020, 010, 04, 02, 01 -}; - -static const ulong32 bigbyte[24] = -{ - 0x800000UL, 0x400000UL, 0x200000UL, 0x100000UL, - 0x80000UL, 0x40000UL, 0x20000UL, 0x10000UL, - 0x8000UL, 0x4000UL, 0x2000UL, 0x1000UL, - 0x800UL, 0x400UL, 0x200UL, 0x100UL, - 0x80UL, 0x40UL, 0x20UL, 0x10UL, - 0x8UL, 0x4UL, 0x2UL, 0x1L -}; - -/* Use the key schedule specific in the standard (ANSI X3.92-1981) */ - -static const unsigned char pc1[56] = { - 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, - 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, - 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, - 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 -}; - -static const unsigned char totrot[16] = { - 1, 2, 4, 6, - 8, 10, 12, 14, - 15, 17, 19, 21, - 23, 25, 27, 28 -}; - -static const unsigned char pc2[48] = { - 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, - 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, - 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, - 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 -}; - - -static const ulong32 SP1[64] = -{ - 0x01010400UL, 0x00000000UL, 0x00010000UL, 0x01010404UL, - 0x01010004UL, 0x00010404UL, 0x00000004UL, 0x00010000UL, - 0x00000400UL, 0x01010400UL, 0x01010404UL, 0x00000400UL, - 0x01000404UL, 0x01010004UL, 0x01000000UL, 0x00000004UL, - 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00010400UL, - 0x00010400UL, 0x01010000UL, 0x01010000UL, 0x01000404UL, - 0x00010004UL, 0x01000004UL, 0x01000004UL, 0x00010004UL, - 0x00000000UL, 0x00000404UL, 0x00010404UL, 0x01000000UL, - 0x00010000UL, 0x01010404UL, 0x00000004UL, 0x01010000UL, - 0x01010400UL, 0x01000000UL, 0x01000000UL, 0x00000400UL, - 0x01010004UL, 0x00010000UL, 0x00010400UL, 0x01000004UL, - 0x00000400UL, 0x00000004UL, 0x01000404UL, 0x00010404UL, - 0x01010404UL, 0x00010004UL, 0x01010000UL, 0x01000404UL, - 0x01000004UL, 0x00000404UL, 0x00010404UL, 0x01010400UL, - 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00000000UL, - 0x00010004UL, 0x00010400UL, 0x00000000UL, 0x01010004UL -}; - -static const ulong32 SP2[64] = -{ - 0x80108020UL, 0x80008000UL, 0x00008000UL, 0x00108020UL, - 0x00100000UL, 0x00000020UL, 0x80100020UL, 0x80008020UL, - 0x80000020UL, 0x80108020UL, 0x80108000UL, 0x80000000UL, - 0x80008000UL, 0x00100000UL, 0x00000020UL, 0x80100020UL, - 0x00108000UL, 0x00100020UL, 0x80008020UL, 0x00000000UL, - 0x80000000UL, 0x00008000UL, 0x00108020UL, 0x80100000UL, - 0x00100020UL, 0x80000020UL, 0x00000000UL, 0x00108000UL, - 0x00008020UL, 0x80108000UL, 0x80100000UL, 0x00008020UL, - 0x00000000UL, 0x00108020UL, 0x80100020UL, 0x00100000UL, - 0x80008020UL, 0x80100000UL, 0x80108000UL, 0x00008000UL, - 0x80100000UL, 0x80008000UL, 0x00000020UL, 0x80108020UL, - 0x00108020UL, 0x00000020UL, 0x00008000UL, 0x80000000UL, - 0x00008020UL, 0x80108000UL, 0x00100000UL, 0x80000020UL, - 0x00100020UL, 0x80008020UL, 0x80000020UL, 0x00100020UL, - 0x00108000UL, 0x00000000UL, 0x80008000UL, 0x00008020UL, - 0x80000000UL, 0x80100020UL, 0x80108020UL, 0x00108000UL -}; - -static const ulong32 SP3[64] = -{ - 0x00000208UL, 0x08020200UL, 0x00000000UL, 0x08020008UL, - 0x08000200UL, 0x00000000UL, 0x00020208UL, 0x08000200UL, - 0x00020008UL, 0x08000008UL, 0x08000008UL, 0x00020000UL, - 0x08020208UL, 0x00020008UL, 0x08020000UL, 0x00000208UL, - 0x08000000UL, 0x00000008UL, 0x08020200UL, 0x00000200UL, - 0x00020200UL, 0x08020000UL, 0x08020008UL, 0x00020208UL, - 0x08000208UL, 0x00020200UL, 0x00020000UL, 0x08000208UL, - 0x00000008UL, 0x08020208UL, 0x00000200UL, 0x08000000UL, - 0x08020200UL, 0x08000000UL, 0x00020008UL, 0x00000208UL, - 0x00020000UL, 0x08020200UL, 0x08000200UL, 0x00000000UL, - 0x00000200UL, 0x00020008UL, 0x08020208UL, 0x08000200UL, - 0x08000008UL, 0x00000200UL, 0x00000000UL, 0x08020008UL, - 0x08000208UL, 0x00020000UL, 0x08000000UL, 0x08020208UL, - 0x00000008UL, 0x00020208UL, 0x00020200UL, 0x08000008UL, - 0x08020000UL, 0x08000208UL, 0x00000208UL, 0x08020000UL, - 0x00020208UL, 0x00000008UL, 0x08020008UL, 0x00020200UL -}; - -static const ulong32 SP4[64] = -{ - 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, - 0x00802080UL, 0x00800081UL, 0x00800001UL, 0x00002001UL, - 0x00000000UL, 0x00802000UL, 0x00802000UL, 0x00802081UL, - 0x00000081UL, 0x00000000UL, 0x00800080UL, 0x00800001UL, - 0x00000001UL, 0x00002000UL, 0x00800000UL, 0x00802001UL, - 0x00000080UL, 0x00800000UL, 0x00002001UL, 0x00002080UL, - 0x00800081UL, 0x00000001UL, 0x00002080UL, 0x00800080UL, - 0x00002000UL, 0x00802080UL, 0x00802081UL, 0x00000081UL, - 0x00800080UL, 0x00800001UL, 0x00802000UL, 0x00802081UL, - 0x00000081UL, 0x00000000UL, 0x00000000UL, 0x00802000UL, - 0x00002080UL, 0x00800080UL, 0x00800081UL, 0x00000001UL, - 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, - 0x00802081UL, 0x00000081UL, 0x00000001UL, 0x00002000UL, - 0x00800001UL, 0x00002001UL, 0x00802080UL, 0x00800081UL, - 0x00002001UL, 0x00002080UL, 0x00800000UL, 0x00802001UL, - 0x00000080UL, 0x00800000UL, 0x00002000UL, 0x00802080UL -}; - -static const ulong32 SP5[64] = -{ - 0x00000100UL, 0x02080100UL, 0x02080000UL, 0x42000100UL, - 0x00080000UL, 0x00000100UL, 0x40000000UL, 0x02080000UL, - 0x40080100UL, 0x00080000UL, 0x02000100UL, 0x40080100UL, - 0x42000100UL, 0x42080000UL, 0x00080100UL, 0x40000000UL, - 0x02000000UL, 0x40080000UL, 0x40080000UL, 0x00000000UL, - 0x40000100UL, 0x42080100UL, 0x42080100UL, 0x02000100UL, - 0x42080000UL, 0x40000100UL, 0x00000000UL, 0x42000000UL, - 0x02080100UL, 0x02000000UL, 0x42000000UL, 0x00080100UL, - 0x00080000UL, 0x42000100UL, 0x00000100UL, 0x02000000UL, - 0x40000000UL, 0x02080000UL, 0x42000100UL, 0x40080100UL, - 0x02000100UL, 0x40000000UL, 0x42080000UL, 0x02080100UL, - 0x40080100UL, 0x00000100UL, 0x02000000UL, 0x42080000UL, - 0x42080100UL, 0x00080100UL, 0x42000000UL, 0x42080100UL, - 0x02080000UL, 0x00000000UL, 0x40080000UL, 0x42000000UL, - 0x00080100UL, 0x02000100UL, 0x40000100UL, 0x00080000UL, - 0x00000000UL, 0x40080000UL, 0x02080100UL, 0x40000100UL -}; - -static const ulong32 SP6[64] = -{ - 0x20000010UL, 0x20400000UL, 0x00004000UL, 0x20404010UL, - 0x20400000UL, 0x00000010UL, 0x20404010UL, 0x00400000UL, - 0x20004000UL, 0x00404010UL, 0x00400000UL, 0x20000010UL, - 0x00400010UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, - 0x00000000UL, 0x00400010UL, 0x20004010UL, 0x00004000UL, - 0x00404000UL, 0x20004010UL, 0x00000010UL, 0x20400010UL, - 0x20400010UL, 0x00000000UL, 0x00404010UL, 0x20404000UL, - 0x00004010UL, 0x00404000UL, 0x20404000UL, 0x20000000UL, - 0x20004000UL, 0x00000010UL, 0x20400010UL, 0x00404000UL, - 0x20404010UL, 0x00400000UL, 0x00004010UL, 0x20000010UL, - 0x00400000UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, - 0x20000010UL, 0x20404010UL, 0x00404000UL, 0x20400000UL, - 0x00404010UL, 0x20404000UL, 0x00000000UL, 0x20400010UL, - 0x00000010UL, 0x00004000UL, 0x20400000UL, 0x00404010UL, - 0x00004000UL, 0x00400010UL, 0x20004010UL, 0x00000000UL, - 0x20404000UL, 0x20000000UL, 0x00400010UL, 0x20004010UL -}; - -static const ulong32 SP7[64] = -{ - 0x00200000UL, 0x04200002UL, 0x04000802UL, 0x00000000UL, - 0x00000800UL, 0x04000802UL, 0x00200802UL, 0x04200800UL, - 0x04200802UL, 0x00200000UL, 0x00000000UL, 0x04000002UL, - 0x00000002UL, 0x04000000UL, 0x04200002UL, 0x00000802UL, - 0x04000800UL, 0x00200802UL, 0x00200002UL, 0x04000800UL, - 0x04000002UL, 0x04200000UL, 0x04200800UL, 0x00200002UL, - 0x04200000UL, 0x00000800UL, 0x00000802UL, 0x04200802UL, - 0x00200800UL, 0x00000002UL, 0x04000000UL, 0x00200800UL, - 0x04000000UL, 0x00200800UL, 0x00200000UL, 0x04000802UL, - 0x04000802UL, 0x04200002UL, 0x04200002UL, 0x00000002UL, - 0x00200002UL, 0x04000000UL, 0x04000800UL, 0x00200000UL, - 0x04200800UL, 0x00000802UL, 0x00200802UL, 0x04200800UL, - 0x00000802UL, 0x04000002UL, 0x04200802UL, 0x04200000UL, - 0x00200800UL, 0x00000000UL, 0x00000002UL, 0x04200802UL, - 0x00000000UL, 0x00200802UL, 0x04200000UL, 0x00000800UL, - 0x04000002UL, 0x04000800UL, 0x00000800UL, 0x00200002UL -}; - -static const ulong32 SP8[64] = -{ - 0x10001040UL, 0x00001000UL, 0x00040000UL, 0x10041040UL, - 0x10000000UL, 0x10001040UL, 0x00000040UL, 0x10000000UL, - 0x00040040UL, 0x10040000UL, 0x10041040UL, 0x00041000UL, - 0x10041000UL, 0x00041040UL, 0x00001000UL, 0x00000040UL, - 0x10040000UL, 0x10000040UL, 0x10001000UL, 0x00001040UL, - 0x00041000UL, 0x00040040UL, 0x10040040UL, 0x10041000UL, - 0x00001040UL, 0x00000000UL, 0x00000000UL, 0x10040040UL, - 0x10000040UL, 0x10001000UL, 0x00041040UL, 0x00040000UL, - 0x00041040UL, 0x00040000UL, 0x10041000UL, 0x00001000UL, - 0x00000040UL, 0x10040040UL, 0x00001000UL, 0x00041040UL, - 0x10001000UL, 0x00000040UL, 0x10000040UL, 0x10040000UL, - 0x10040040UL, 0x10000000UL, 0x00040000UL, 0x10001040UL, - 0x00000000UL, 0x10041040UL, 0x00040040UL, 0x10000040UL, - 0x10040000UL, 0x10001000UL, 0x10001040UL, 0x00000000UL, - 0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL, - 0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL -}; - -#ifndef LTC_SMALL_CODE - -static const ulong64 des_ip[8][256] = { - -{ CONST64(0x0000000000000000), CONST64(0x0000001000000000), CONST64(0x0000000000000010), CONST64(0x0000001000000010), - CONST64(0x0000100000000000), CONST64(0x0000101000000000), CONST64(0x0000100000000010), CONST64(0x0000101000000010), - CONST64(0x0000000000001000), CONST64(0x0000001000001000), CONST64(0x0000000000001010), CONST64(0x0000001000001010), - CONST64(0x0000100000001000), CONST64(0x0000101000001000), CONST64(0x0000100000001010), CONST64(0x0000101000001010), - CONST64(0x0010000000000000), CONST64(0x0010001000000000), CONST64(0x0010000000000010), CONST64(0x0010001000000010), - CONST64(0x0010100000000000), CONST64(0x0010101000000000), CONST64(0x0010100000000010), CONST64(0x0010101000000010), - CONST64(0x0010000000001000), CONST64(0x0010001000001000), CONST64(0x0010000000001010), CONST64(0x0010001000001010), - CONST64(0x0010100000001000), CONST64(0x0010101000001000), CONST64(0x0010100000001010), CONST64(0x0010101000001010), - CONST64(0x0000000000100000), CONST64(0x0000001000100000), CONST64(0x0000000000100010), CONST64(0x0000001000100010), - CONST64(0x0000100000100000), CONST64(0x0000101000100000), CONST64(0x0000100000100010), CONST64(0x0000101000100010), - CONST64(0x0000000000101000), CONST64(0x0000001000101000), CONST64(0x0000000000101010), CONST64(0x0000001000101010), - CONST64(0x0000100000101000), CONST64(0x0000101000101000), CONST64(0x0000100000101010), CONST64(0x0000101000101010), - CONST64(0x0010000000100000), CONST64(0x0010001000100000), CONST64(0x0010000000100010), CONST64(0x0010001000100010), - CONST64(0x0010100000100000), CONST64(0x0010101000100000), CONST64(0x0010100000100010), CONST64(0x0010101000100010), - CONST64(0x0010000000101000), CONST64(0x0010001000101000), CONST64(0x0010000000101010), CONST64(0x0010001000101010), - CONST64(0x0010100000101000), CONST64(0x0010101000101000), CONST64(0x0010100000101010), CONST64(0x0010101000101010), - CONST64(0x1000000000000000), CONST64(0x1000001000000000), CONST64(0x1000000000000010), CONST64(0x1000001000000010), - CONST64(0x1000100000000000), CONST64(0x1000101000000000), CONST64(0x1000100000000010), CONST64(0x1000101000000010), - CONST64(0x1000000000001000), CONST64(0x1000001000001000), CONST64(0x1000000000001010), CONST64(0x1000001000001010), - CONST64(0x1000100000001000), CONST64(0x1000101000001000), CONST64(0x1000100000001010), CONST64(0x1000101000001010), - CONST64(0x1010000000000000), CONST64(0x1010001000000000), CONST64(0x1010000000000010), CONST64(0x1010001000000010), - CONST64(0x1010100000000000), CONST64(0x1010101000000000), CONST64(0x1010100000000010), CONST64(0x1010101000000010), - CONST64(0x1010000000001000), CONST64(0x1010001000001000), CONST64(0x1010000000001010), CONST64(0x1010001000001010), - CONST64(0x1010100000001000), CONST64(0x1010101000001000), CONST64(0x1010100000001010), CONST64(0x1010101000001010), - CONST64(0x1000000000100000), CONST64(0x1000001000100000), CONST64(0x1000000000100010), CONST64(0x1000001000100010), - CONST64(0x1000100000100000), CONST64(0x1000101000100000), CONST64(0x1000100000100010), CONST64(0x1000101000100010), - CONST64(0x1000000000101000), CONST64(0x1000001000101000), CONST64(0x1000000000101010), CONST64(0x1000001000101010), - CONST64(0x1000100000101000), CONST64(0x1000101000101000), CONST64(0x1000100000101010), CONST64(0x1000101000101010), - CONST64(0x1010000000100000), CONST64(0x1010001000100000), CONST64(0x1010000000100010), CONST64(0x1010001000100010), - CONST64(0x1010100000100000), CONST64(0x1010101000100000), CONST64(0x1010100000100010), CONST64(0x1010101000100010), - CONST64(0x1010000000101000), CONST64(0x1010001000101000), CONST64(0x1010000000101010), CONST64(0x1010001000101010), - CONST64(0x1010100000101000), CONST64(0x1010101000101000), CONST64(0x1010100000101010), CONST64(0x1010101000101010), - CONST64(0x0000000010000000), CONST64(0x0000001010000000), CONST64(0x0000000010000010), CONST64(0x0000001010000010), - CONST64(0x0000100010000000), CONST64(0x0000101010000000), CONST64(0x0000100010000010), CONST64(0x0000101010000010), - CONST64(0x0000000010001000), CONST64(0x0000001010001000), CONST64(0x0000000010001010), CONST64(0x0000001010001010), - CONST64(0x0000100010001000), CONST64(0x0000101010001000), CONST64(0x0000100010001010), CONST64(0x0000101010001010), - CONST64(0x0010000010000000), CONST64(0x0010001010000000), CONST64(0x0010000010000010), CONST64(0x0010001010000010), - CONST64(0x0010100010000000), CONST64(0x0010101010000000), CONST64(0x0010100010000010), CONST64(0x0010101010000010), - CONST64(0x0010000010001000), CONST64(0x0010001010001000), CONST64(0x0010000010001010), CONST64(0x0010001010001010), - CONST64(0x0010100010001000), CONST64(0x0010101010001000), CONST64(0x0010100010001010), CONST64(0x0010101010001010), - CONST64(0x0000000010100000), CONST64(0x0000001010100000), CONST64(0x0000000010100010), CONST64(0x0000001010100010), - CONST64(0x0000100010100000), CONST64(0x0000101010100000), CONST64(0x0000100010100010), CONST64(0x0000101010100010), - CONST64(0x0000000010101000), CONST64(0x0000001010101000), CONST64(0x0000000010101010), CONST64(0x0000001010101010), - CONST64(0x0000100010101000), CONST64(0x0000101010101000), CONST64(0x0000100010101010), CONST64(0x0000101010101010), - CONST64(0x0010000010100000), CONST64(0x0010001010100000), CONST64(0x0010000010100010), CONST64(0x0010001010100010), - CONST64(0x0010100010100000), CONST64(0x0010101010100000), CONST64(0x0010100010100010), CONST64(0x0010101010100010), - CONST64(0x0010000010101000), CONST64(0x0010001010101000), CONST64(0x0010000010101010), CONST64(0x0010001010101010), - CONST64(0x0010100010101000), CONST64(0x0010101010101000), CONST64(0x0010100010101010), CONST64(0x0010101010101010), - CONST64(0x1000000010000000), CONST64(0x1000001010000000), CONST64(0x1000000010000010), CONST64(0x1000001010000010), - CONST64(0x1000100010000000), CONST64(0x1000101010000000), CONST64(0x1000100010000010), CONST64(0x1000101010000010), - CONST64(0x1000000010001000), CONST64(0x1000001010001000), CONST64(0x1000000010001010), CONST64(0x1000001010001010), - CONST64(0x1000100010001000), CONST64(0x1000101010001000), CONST64(0x1000100010001010), CONST64(0x1000101010001010), - CONST64(0x1010000010000000), CONST64(0x1010001010000000), CONST64(0x1010000010000010), CONST64(0x1010001010000010), - CONST64(0x1010100010000000), CONST64(0x1010101010000000), CONST64(0x1010100010000010), CONST64(0x1010101010000010), - CONST64(0x1010000010001000), CONST64(0x1010001010001000), CONST64(0x1010000010001010), CONST64(0x1010001010001010), - CONST64(0x1010100010001000), CONST64(0x1010101010001000), CONST64(0x1010100010001010), CONST64(0x1010101010001010), - CONST64(0x1000000010100000), CONST64(0x1000001010100000), CONST64(0x1000000010100010), CONST64(0x1000001010100010), - CONST64(0x1000100010100000), CONST64(0x1000101010100000), CONST64(0x1000100010100010), CONST64(0x1000101010100010), - CONST64(0x1000000010101000), CONST64(0x1000001010101000), CONST64(0x1000000010101010), CONST64(0x1000001010101010), - CONST64(0x1000100010101000), CONST64(0x1000101010101000), CONST64(0x1000100010101010), CONST64(0x1000101010101010), - CONST64(0x1010000010100000), CONST64(0x1010001010100000), CONST64(0x1010000010100010), CONST64(0x1010001010100010), - CONST64(0x1010100010100000), CONST64(0x1010101010100000), CONST64(0x1010100010100010), CONST64(0x1010101010100010), - CONST64(0x1010000010101000), CONST64(0x1010001010101000), CONST64(0x1010000010101010), CONST64(0x1010001010101010), - CONST64(0x1010100010101000), CONST64(0x1010101010101000), CONST64(0x1010100010101010), CONST64(0x1010101010101010) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000000800000000), CONST64(0x0000000000000008), CONST64(0x0000000800000008), - CONST64(0x0000080000000000), CONST64(0x0000080800000000), CONST64(0x0000080000000008), CONST64(0x0000080800000008), - CONST64(0x0000000000000800), CONST64(0x0000000800000800), CONST64(0x0000000000000808), CONST64(0x0000000800000808), - CONST64(0x0000080000000800), CONST64(0x0000080800000800), CONST64(0x0000080000000808), CONST64(0x0000080800000808), - CONST64(0x0008000000000000), CONST64(0x0008000800000000), CONST64(0x0008000000000008), CONST64(0x0008000800000008), - CONST64(0x0008080000000000), CONST64(0x0008080800000000), CONST64(0x0008080000000008), CONST64(0x0008080800000008), - CONST64(0x0008000000000800), CONST64(0x0008000800000800), CONST64(0x0008000000000808), CONST64(0x0008000800000808), - CONST64(0x0008080000000800), CONST64(0x0008080800000800), CONST64(0x0008080000000808), CONST64(0x0008080800000808), - CONST64(0x0000000000080000), CONST64(0x0000000800080000), CONST64(0x0000000000080008), CONST64(0x0000000800080008), - CONST64(0x0000080000080000), CONST64(0x0000080800080000), CONST64(0x0000080000080008), CONST64(0x0000080800080008), - CONST64(0x0000000000080800), CONST64(0x0000000800080800), CONST64(0x0000000000080808), CONST64(0x0000000800080808), - CONST64(0x0000080000080800), CONST64(0x0000080800080800), CONST64(0x0000080000080808), CONST64(0x0000080800080808), - CONST64(0x0008000000080000), CONST64(0x0008000800080000), CONST64(0x0008000000080008), CONST64(0x0008000800080008), - CONST64(0x0008080000080000), CONST64(0x0008080800080000), CONST64(0x0008080000080008), CONST64(0x0008080800080008), - CONST64(0x0008000000080800), CONST64(0x0008000800080800), CONST64(0x0008000000080808), CONST64(0x0008000800080808), - CONST64(0x0008080000080800), CONST64(0x0008080800080800), CONST64(0x0008080000080808), CONST64(0x0008080800080808), - CONST64(0x0800000000000000), CONST64(0x0800000800000000), CONST64(0x0800000000000008), CONST64(0x0800000800000008), - CONST64(0x0800080000000000), CONST64(0x0800080800000000), CONST64(0x0800080000000008), CONST64(0x0800080800000008), - CONST64(0x0800000000000800), CONST64(0x0800000800000800), CONST64(0x0800000000000808), CONST64(0x0800000800000808), - CONST64(0x0800080000000800), CONST64(0x0800080800000800), CONST64(0x0800080000000808), CONST64(0x0800080800000808), - CONST64(0x0808000000000000), CONST64(0x0808000800000000), CONST64(0x0808000000000008), CONST64(0x0808000800000008), - CONST64(0x0808080000000000), CONST64(0x0808080800000000), CONST64(0x0808080000000008), CONST64(0x0808080800000008), - CONST64(0x0808000000000800), CONST64(0x0808000800000800), CONST64(0x0808000000000808), CONST64(0x0808000800000808), - CONST64(0x0808080000000800), CONST64(0x0808080800000800), CONST64(0x0808080000000808), CONST64(0x0808080800000808), - CONST64(0x0800000000080000), CONST64(0x0800000800080000), CONST64(0x0800000000080008), CONST64(0x0800000800080008), - CONST64(0x0800080000080000), CONST64(0x0800080800080000), CONST64(0x0800080000080008), CONST64(0x0800080800080008), - CONST64(0x0800000000080800), CONST64(0x0800000800080800), CONST64(0x0800000000080808), CONST64(0x0800000800080808), - CONST64(0x0800080000080800), CONST64(0x0800080800080800), CONST64(0x0800080000080808), CONST64(0x0800080800080808), - CONST64(0x0808000000080000), CONST64(0x0808000800080000), CONST64(0x0808000000080008), CONST64(0x0808000800080008), - CONST64(0x0808080000080000), CONST64(0x0808080800080000), CONST64(0x0808080000080008), CONST64(0x0808080800080008), - CONST64(0x0808000000080800), CONST64(0x0808000800080800), CONST64(0x0808000000080808), CONST64(0x0808000800080808), - CONST64(0x0808080000080800), CONST64(0x0808080800080800), CONST64(0x0808080000080808), CONST64(0x0808080800080808), - CONST64(0x0000000008000000), CONST64(0x0000000808000000), CONST64(0x0000000008000008), CONST64(0x0000000808000008), - CONST64(0x0000080008000000), CONST64(0x0000080808000000), CONST64(0x0000080008000008), CONST64(0x0000080808000008), - CONST64(0x0000000008000800), CONST64(0x0000000808000800), CONST64(0x0000000008000808), CONST64(0x0000000808000808), - CONST64(0x0000080008000800), CONST64(0x0000080808000800), CONST64(0x0000080008000808), CONST64(0x0000080808000808), - CONST64(0x0008000008000000), CONST64(0x0008000808000000), CONST64(0x0008000008000008), CONST64(0x0008000808000008), - CONST64(0x0008080008000000), CONST64(0x0008080808000000), CONST64(0x0008080008000008), CONST64(0x0008080808000008), - CONST64(0x0008000008000800), CONST64(0x0008000808000800), CONST64(0x0008000008000808), CONST64(0x0008000808000808), - CONST64(0x0008080008000800), CONST64(0x0008080808000800), CONST64(0x0008080008000808), CONST64(0x0008080808000808), - CONST64(0x0000000008080000), CONST64(0x0000000808080000), CONST64(0x0000000008080008), CONST64(0x0000000808080008), - CONST64(0x0000080008080000), CONST64(0x0000080808080000), CONST64(0x0000080008080008), CONST64(0x0000080808080008), - CONST64(0x0000000008080800), CONST64(0x0000000808080800), CONST64(0x0000000008080808), CONST64(0x0000000808080808), - CONST64(0x0000080008080800), CONST64(0x0000080808080800), CONST64(0x0000080008080808), CONST64(0x0000080808080808), - CONST64(0x0008000008080000), CONST64(0x0008000808080000), CONST64(0x0008000008080008), CONST64(0x0008000808080008), - CONST64(0x0008080008080000), CONST64(0x0008080808080000), CONST64(0x0008080008080008), CONST64(0x0008080808080008), - CONST64(0x0008000008080800), CONST64(0x0008000808080800), CONST64(0x0008000008080808), CONST64(0x0008000808080808), - CONST64(0x0008080008080800), CONST64(0x0008080808080800), CONST64(0x0008080008080808), CONST64(0x0008080808080808), - CONST64(0x0800000008000000), CONST64(0x0800000808000000), CONST64(0x0800000008000008), CONST64(0x0800000808000008), - CONST64(0x0800080008000000), CONST64(0x0800080808000000), CONST64(0x0800080008000008), CONST64(0x0800080808000008), - CONST64(0x0800000008000800), CONST64(0x0800000808000800), CONST64(0x0800000008000808), CONST64(0x0800000808000808), - CONST64(0x0800080008000800), CONST64(0x0800080808000800), CONST64(0x0800080008000808), CONST64(0x0800080808000808), - CONST64(0x0808000008000000), CONST64(0x0808000808000000), CONST64(0x0808000008000008), CONST64(0x0808000808000008), - CONST64(0x0808080008000000), CONST64(0x0808080808000000), CONST64(0x0808080008000008), CONST64(0x0808080808000008), - CONST64(0x0808000008000800), CONST64(0x0808000808000800), CONST64(0x0808000008000808), CONST64(0x0808000808000808), - CONST64(0x0808080008000800), CONST64(0x0808080808000800), CONST64(0x0808080008000808), CONST64(0x0808080808000808), - CONST64(0x0800000008080000), CONST64(0x0800000808080000), CONST64(0x0800000008080008), CONST64(0x0800000808080008), - CONST64(0x0800080008080000), CONST64(0x0800080808080000), CONST64(0x0800080008080008), CONST64(0x0800080808080008), - CONST64(0x0800000008080800), CONST64(0x0800000808080800), CONST64(0x0800000008080808), CONST64(0x0800000808080808), - CONST64(0x0800080008080800), CONST64(0x0800080808080800), CONST64(0x0800080008080808), CONST64(0x0800080808080808), - CONST64(0x0808000008080000), CONST64(0x0808000808080000), CONST64(0x0808000008080008), CONST64(0x0808000808080008), - CONST64(0x0808080008080000), CONST64(0x0808080808080000), CONST64(0x0808080008080008), CONST64(0x0808080808080008), - CONST64(0x0808000008080800), CONST64(0x0808000808080800), CONST64(0x0808000008080808), CONST64(0x0808000808080808), - CONST64(0x0808080008080800), CONST64(0x0808080808080800), CONST64(0x0808080008080808), CONST64(0x0808080808080808) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000000400000000), CONST64(0x0000000000000004), CONST64(0x0000000400000004), - CONST64(0x0000040000000000), CONST64(0x0000040400000000), CONST64(0x0000040000000004), CONST64(0x0000040400000004), - CONST64(0x0000000000000400), CONST64(0x0000000400000400), CONST64(0x0000000000000404), CONST64(0x0000000400000404), - CONST64(0x0000040000000400), CONST64(0x0000040400000400), CONST64(0x0000040000000404), CONST64(0x0000040400000404), - CONST64(0x0004000000000000), CONST64(0x0004000400000000), CONST64(0x0004000000000004), CONST64(0x0004000400000004), - CONST64(0x0004040000000000), CONST64(0x0004040400000000), CONST64(0x0004040000000004), CONST64(0x0004040400000004), - CONST64(0x0004000000000400), CONST64(0x0004000400000400), CONST64(0x0004000000000404), CONST64(0x0004000400000404), - CONST64(0x0004040000000400), CONST64(0x0004040400000400), CONST64(0x0004040000000404), CONST64(0x0004040400000404), - CONST64(0x0000000000040000), CONST64(0x0000000400040000), CONST64(0x0000000000040004), CONST64(0x0000000400040004), - CONST64(0x0000040000040000), CONST64(0x0000040400040000), CONST64(0x0000040000040004), CONST64(0x0000040400040004), - CONST64(0x0000000000040400), CONST64(0x0000000400040400), CONST64(0x0000000000040404), CONST64(0x0000000400040404), - CONST64(0x0000040000040400), CONST64(0x0000040400040400), CONST64(0x0000040000040404), CONST64(0x0000040400040404), - CONST64(0x0004000000040000), CONST64(0x0004000400040000), CONST64(0x0004000000040004), CONST64(0x0004000400040004), - CONST64(0x0004040000040000), CONST64(0x0004040400040000), CONST64(0x0004040000040004), CONST64(0x0004040400040004), - CONST64(0x0004000000040400), CONST64(0x0004000400040400), CONST64(0x0004000000040404), CONST64(0x0004000400040404), - CONST64(0x0004040000040400), CONST64(0x0004040400040400), CONST64(0x0004040000040404), CONST64(0x0004040400040404), - CONST64(0x0400000000000000), CONST64(0x0400000400000000), CONST64(0x0400000000000004), CONST64(0x0400000400000004), - CONST64(0x0400040000000000), CONST64(0x0400040400000000), CONST64(0x0400040000000004), CONST64(0x0400040400000004), - CONST64(0x0400000000000400), CONST64(0x0400000400000400), CONST64(0x0400000000000404), CONST64(0x0400000400000404), - CONST64(0x0400040000000400), CONST64(0x0400040400000400), CONST64(0x0400040000000404), CONST64(0x0400040400000404), - CONST64(0x0404000000000000), CONST64(0x0404000400000000), CONST64(0x0404000000000004), CONST64(0x0404000400000004), - CONST64(0x0404040000000000), CONST64(0x0404040400000000), CONST64(0x0404040000000004), CONST64(0x0404040400000004), - CONST64(0x0404000000000400), CONST64(0x0404000400000400), CONST64(0x0404000000000404), CONST64(0x0404000400000404), - CONST64(0x0404040000000400), CONST64(0x0404040400000400), CONST64(0x0404040000000404), CONST64(0x0404040400000404), - CONST64(0x0400000000040000), CONST64(0x0400000400040000), CONST64(0x0400000000040004), CONST64(0x0400000400040004), - CONST64(0x0400040000040000), CONST64(0x0400040400040000), CONST64(0x0400040000040004), CONST64(0x0400040400040004), - CONST64(0x0400000000040400), CONST64(0x0400000400040400), CONST64(0x0400000000040404), CONST64(0x0400000400040404), - CONST64(0x0400040000040400), CONST64(0x0400040400040400), CONST64(0x0400040000040404), CONST64(0x0400040400040404), - CONST64(0x0404000000040000), CONST64(0x0404000400040000), CONST64(0x0404000000040004), CONST64(0x0404000400040004), - CONST64(0x0404040000040000), CONST64(0x0404040400040000), CONST64(0x0404040000040004), CONST64(0x0404040400040004), - CONST64(0x0404000000040400), CONST64(0x0404000400040400), CONST64(0x0404000000040404), CONST64(0x0404000400040404), - CONST64(0x0404040000040400), CONST64(0x0404040400040400), CONST64(0x0404040000040404), CONST64(0x0404040400040404), - CONST64(0x0000000004000000), CONST64(0x0000000404000000), CONST64(0x0000000004000004), CONST64(0x0000000404000004), - CONST64(0x0000040004000000), CONST64(0x0000040404000000), CONST64(0x0000040004000004), CONST64(0x0000040404000004), - CONST64(0x0000000004000400), CONST64(0x0000000404000400), CONST64(0x0000000004000404), CONST64(0x0000000404000404), - CONST64(0x0000040004000400), CONST64(0x0000040404000400), CONST64(0x0000040004000404), CONST64(0x0000040404000404), - CONST64(0x0004000004000000), CONST64(0x0004000404000000), CONST64(0x0004000004000004), CONST64(0x0004000404000004), - CONST64(0x0004040004000000), CONST64(0x0004040404000000), CONST64(0x0004040004000004), CONST64(0x0004040404000004), - CONST64(0x0004000004000400), CONST64(0x0004000404000400), CONST64(0x0004000004000404), CONST64(0x0004000404000404), - CONST64(0x0004040004000400), CONST64(0x0004040404000400), CONST64(0x0004040004000404), CONST64(0x0004040404000404), - CONST64(0x0000000004040000), CONST64(0x0000000404040000), CONST64(0x0000000004040004), CONST64(0x0000000404040004), - CONST64(0x0000040004040000), CONST64(0x0000040404040000), CONST64(0x0000040004040004), CONST64(0x0000040404040004), - CONST64(0x0000000004040400), CONST64(0x0000000404040400), CONST64(0x0000000004040404), CONST64(0x0000000404040404), - CONST64(0x0000040004040400), CONST64(0x0000040404040400), CONST64(0x0000040004040404), CONST64(0x0000040404040404), - CONST64(0x0004000004040000), CONST64(0x0004000404040000), CONST64(0x0004000004040004), CONST64(0x0004000404040004), - CONST64(0x0004040004040000), CONST64(0x0004040404040000), CONST64(0x0004040004040004), CONST64(0x0004040404040004), - CONST64(0x0004000004040400), CONST64(0x0004000404040400), CONST64(0x0004000004040404), CONST64(0x0004000404040404), - CONST64(0x0004040004040400), CONST64(0x0004040404040400), CONST64(0x0004040004040404), CONST64(0x0004040404040404), - CONST64(0x0400000004000000), CONST64(0x0400000404000000), CONST64(0x0400000004000004), CONST64(0x0400000404000004), - CONST64(0x0400040004000000), CONST64(0x0400040404000000), CONST64(0x0400040004000004), CONST64(0x0400040404000004), - CONST64(0x0400000004000400), CONST64(0x0400000404000400), CONST64(0x0400000004000404), CONST64(0x0400000404000404), - CONST64(0x0400040004000400), CONST64(0x0400040404000400), CONST64(0x0400040004000404), CONST64(0x0400040404000404), - CONST64(0x0404000004000000), CONST64(0x0404000404000000), CONST64(0x0404000004000004), CONST64(0x0404000404000004), - CONST64(0x0404040004000000), CONST64(0x0404040404000000), CONST64(0x0404040004000004), CONST64(0x0404040404000004), - CONST64(0x0404000004000400), CONST64(0x0404000404000400), CONST64(0x0404000004000404), CONST64(0x0404000404000404), - CONST64(0x0404040004000400), CONST64(0x0404040404000400), CONST64(0x0404040004000404), CONST64(0x0404040404000404), - CONST64(0x0400000004040000), CONST64(0x0400000404040000), CONST64(0x0400000004040004), CONST64(0x0400000404040004), - CONST64(0x0400040004040000), CONST64(0x0400040404040000), CONST64(0x0400040004040004), CONST64(0x0400040404040004), - CONST64(0x0400000004040400), CONST64(0x0400000404040400), CONST64(0x0400000004040404), CONST64(0x0400000404040404), - CONST64(0x0400040004040400), CONST64(0x0400040404040400), CONST64(0x0400040004040404), CONST64(0x0400040404040404), - CONST64(0x0404000004040000), CONST64(0x0404000404040000), CONST64(0x0404000004040004), CONST64(0x0404000404040004), - CONST64(0x0404040004040000), CONST64(0x0404040404040000), CONST64(0x0404040004040004), CONST64(0x0404040404040004), - CONST64(0x0404000004040400), CONST64(0x0404000404040400), CONST64(0x0404000004040404), CONST64(0x0404000404040404), - CONST64(0x0404040004040400), CONST64(0x0404040404040400), CONST64(0x0404040004040404), CONST64(0x0404040404040404) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000000200000000), CONST64(0x0000000000000002), CONST64(0x0000000200000002), - CONST64(0x0000020000000000), CONST64(0x0000020200000000), CONST64(0x0000020000000002), CONST64(0x0000020200000002), - CONST64(0x0000000000000200), CONST64(0x0000000200000200), CONST64(0x0000000000000202), CONST64(0x0000000200000202), - CONST64(0x0000020000000200), CONST64(0x0000020200000200), CONST64(0x0000020000000202), CONST64(0x0000020200000202), - CONST64(0x0002000000000000), CONST64(0x0002000200000000), CONST64(0x0002000000000002), CONST64(0x0002000200000002), - CONST64(0x0002020000000000), CONST64(0x0002020200000000), CONST64(0x0002020000000002), CONST64(0x0002020200000002), - CONST64(0x0002000000000200), CONST64(0x0002000200000200), CONST64(0x0002000000000202), CONST64(0x0002000200000202), - CONST64(0x0002020000000200), CONST64(0x0002020200000200), CONST64(0x0002020000000202), CONST64(0x0002020200000202), - CONST64(0x0000000000020000), CONST64(0x0000000200020000), CONST64(0x0000000000020002), CONST64(0x0000000200020002), - CONST64(0x0000020000020000), CONST64(0x0000020200020000), CONST64(0x0000020000020002), CONST64(0x0000020200020002), - CONST64(0x0000000000020200), CONST64(0x0000000200020200), CONST64(0x0000000000020202), CONST64(0x0000000200020202), - CONST64(0x0000020000020200), CONST64(0x0000020200020200), CONST64(0x0000020000020202), CONST64(0x0000020200020202), - CONST64(0x0002000000020000), CONST64(0x0002000200020000), CONST64(0x0002000000020002), CONST64(0x0002000200020002), - CONST64(0x0002020000020000), CONST64(0x0002020200020000), CONST64(0x0002020000020002), CONST64(0x0002020200020002), - CONST64(0x0002000000020200), CONST64(0x0002000200020200), CONST64(0x0002000000020202), CONST64(0x0002000200020202), - CONST64(0x0002020000020200), CONST64(0x0002020200020200), CONST64(0x0002020000020202), CONST64(0x0002020200020202), - CONST64(0x0200000000000000), CONST64(0x0200000200000000), CONST64(0x0200000000000002), CONST64(0x0200000200000002), - CONST64(0x0200020000000000), CONST64(0x0200020200000000), CONST64(0x0200020000000002), CONST64(0x0200020200000002), - CONST64(0x0200000000000200), CONST64(0x0200000200000200), CONST64(0x0200000000000202), CONST64(0x0200000200000202), - CONST64(0x0200020000000200), CONST64(0x0200020200000200), CONST64(0x0200020000000202), CONST64(0x0200020200000202), - CONST64(0x0202000000000000), CONST64(0x0202000200000000), CONST64(0x0202000000000002), CONST64(0x0202000200000002), - CONST64(0x0202020000000000), CONST64(0x0202020200000000), CONST64(0x0202020000000002), CONST64(0x0202020200000002), - CONST64(0x0202000000000200), CONST64(0x0202000200000200), CONST64(0x0202000000000202), CONST64(0x0202000200000202), - CONST64(0x0202020000000200), CONST64(0x0202020200000200), CONST64(0x0202020000000202), CONST64(0x0202020200000202), - CONST64(0x0200000000020000), CONST64(0x0200000200020000), CONST64(0x0200000000020002), CONST64(0x0200000200020002), - CONST64(0x0200020000020000), CONST64(0x0200020200020000), CONST64(0x0200020000020002), CONST64(0x0200020200020002), - CONST64(0x0200000000020200), CONST64(0x0200000200020200), CONST64(0x0200000000020202), CONST64(0x0200000200020202), - CONST64(0x0200020000020200), CONST64(0x0200020200020200), CONST64(0x0200020000020202), CONST64(0x0200020200020202), - CONST64(0x0202000000020000), CONST64(0x0202000200020000), CONST64(0x0202000000020002), CONST64(0x0202000200020002), - CONST64(0x0202020000020000), CONST64(0x0202020200020000), CONST64(0x0202020000020002), CONST64(0x0202020200020002), - CONST64(0x0202000000020200), CONST64(0x0202000200020200), CONST64(0x0202000000020202), CONST64(0x0202000200020202), - CONST64(0x0202020000020200), CONST64(0x0202020200020200), CONST64(0x0202020000020202), CONST64(0x0202020200020202), - CONST64(0x0000000002000000), CONST64(0x0000000202000000), CONST64(0x0000000002000002), CONST64(0x0000000202000002), - CONST64(0x0000020002000000), CONST64(0x0000020202000000), CONST64(0x0000020002000002), CONST64(0x0000020202000002), - CONST64(0x0000000002000200), CONST64(0x0000000202000200), CONST64(0x0000000002000202), CONST64(0x0000000202000202), - CONST64(0x0000020002000200), CONST64(0x0000020202000200), CONST64(0x0000020002000202), CONST64(0x0000020202000202), - CONST64(0x0002000002000000), CONST64(0x0002000202000000), CONST64(0x0002000002000002), CONST64(0x0002000202000002), - CONST64(0x0002020002000000), CONST64(0x0002020202000000), CONST64(0x0002020002000002), CONST64(0x0002020202000002), - CONST64(0x0002000002000200), CONST64(0x0002000202000200), CONST64(0x0002000002000202), CONST64(0x0002000202000202), - CONST64(0x0002020002000200), CONST64(0x0002020202000200), CONST64(0x0002020002000202), CONST64(0x0002020202000202), - CONST64(0x0000000002020000), CONST64(0x0000000202020000), CONST64(0x0000000002020002), CONST64(0x0000000202020002), - CONST64(0x0000020002020000), CONST64(0x0000020202020000), CONST64(0x0000020002020002), CONST64(0x0000020202020002), - CONST64(0x0000000002020200), CONST64(0x0000000202020200), CONST64(0x0000000002020202), CONST64(0x0000000202020202), - CONST64(0x0000020002020200), CONST64(0x0000020202020200), CONST64(0x0000020002020202), CONST64(0x0000020202020202), - CONST64(0x0002000002020000), CONST64(0x0002000202020000), CONST64(0x0002000002020002), CONST64(0x0002000202020002), - CONST64(0x0002020002020000), CONST64(0x0002020202020000), CONST64(0x0002020002020002), CONST64(0x0002020202020002), - CONST64(0x0002000002020200), CONST64(0x0002000202020200), CONST64(0x0002000002020202), CONST64(0x0002000202020202), - CONST64(0x0002020002020200), CONST64(0x0002020202020200), CONST64(0x0002020002020202), CONST64(0x0002020202020202), - CONST64(0x0200000002000000), CONST64(0x0200000202000000), CONST64(0x0200000002000002), CONST64(0x0200000202000002), - CONST64(0x0200020002000000), CONST64(0x0200020202000000), CONST64(0x0200020002000002), CONST64(0x0200020202000002), - CONST64(0x0200000002000200), CONST64(0x0200000202000200), CONST64(0x0200000002000202), CONST64(0x0200000202000202), - CONST64(0x0200020002000200), CONST64(0x0200020202000200), CONST64(0x0200020002000202), CONST64(0x0200020202000202), - CONST64(0x0202000002000000), CONST64(0x0202000202000000), CONST64(0x0202000002000002), CONST64(0x0202000202000002), - CONST64(0x0202020002000000), CONST64(0x0202020202000000), CONST64(0x0202020002000002), CONST64(0x0202020202000002), - CONST64(0x0202000002000200), CONST64(0x0202000202000200), CONST64(0x0202000002000202), CONST64(0x0202000202000202), - CONST64(0x0202020002000200), CONST64(0x0202020202000200), CONST64(0x0202020002000202), CONST64(0x0202020202000202), - CONST64(0x0200000002020000), CONST64(0x0200000202020000), CONST64(0x0200000002020002), CONST64(0x0200000202020002), - CONST64(0x0200020002020000), CONST64(0x0200020202020000), CONST64(0x0200020002020002), CONST64(0x0200020202020002), - CONST64(0x0200000002020200), CONST64(0x0200000202020200), CONST64(0x0200000002020202), CONST64(0x0200000202020202), - CONST64(0x0200020002020200), CONST64(0x0200020202020200), CONST64(0x0200020002020202), CONST64(0x0200020202020202), - CONST64(0x0202000002020000), CONST64(0x0202000202020000), CONST64(0x0202000002020002), CONST64(0x0202000202020002), - CONST64(0x0202020002020000), CONST64(0x0202020202020000), CONST64(0x0202020002020002), CONST64(0x0202020202020002), - CONST64(0x0202000002020200), CONST64(0x0202000202020200), CONST64(0x0202000002020202), CONST64(0x0202000202020202), - CONST64(0x0202020002020200), CONST64(0x0202020202020200), CONST64(0x0202020002020202), CONST64(0x0202020202020202) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000010000000000), CONST64(0x0000000000000100), CONST64(0x0000010000000100), - CONST64(0x0001000000000000), CONST64(0x0001010000000000), CONST64(0x0001000000000100), CONST64(0x0001010000000100), - CONST64(0x0000000000010000), CONST64(0x0000010000010000), CONST64(0x0000000000010100), CONST64(0x0000010000010100), - CONST64(0x0001000000010000), CONST64(0x0001010000010000), CONST64(0x0001000000010100), CONST64(0x0001010000010100), - CONST64(0x0100000000000000), CONST64(0x0100010000000000), CONST64(0x0100000000000100), CONST64(0x0100010000000100), - CONST64(0x0101000000000000), CONST64(0x0101010000000000), CONST64(0x0101000000000100), CONST64(0x0101010000000100), - CONST64(0x0100000000010000), CONST64(0x0100010000010000), CONST64(0x0100000000010100), CONST64(0x0100010000010100), - CONST64(0x0101000000010000), CONST64(0x0101010000010000), CONST64(0x0101000000010100), CONST64(0x0101010000010100), - CONST64(0x0000000001000000), CONST64(0x0000010001000000), CONST64(0x0000000001000100), CONST64(0x0000010001000100), - CONST64(0x0001000001000000), CONST64(0x0001010001000000), CONST64(0x0001000001000100), CONST64(0x0001010001000100), - CONST64(0x0000000001010000), CONST64(0x0000010001010000), CONST64(0x0000000001010100), CONST64(0x0000010001010100), - CONST64(0x0001000001010000), CONST64(0x0001010001010000), CONST64(0x0001000001010100), CONST64(0x0001010001010100), - CONST64(0x0100000001000000), CONST64(0x0100010001000000), CONST64(0x0100000001000100), CONST64(0x0100010001000100), - CONST64(0x0101000001000000), CONST64(0x0101010001000000), CONST64(0x0101000001000100), CONST64(0x0101010001000100), - CONST64(0x0100000001010000), CONST64(0x0100010001010000), CONST64(0x0100000001010100), CONST64(0x0100010001010100), - CONST64(0x0101000001010000), CONST64(0x0101010001010000), CONST64(0x0101000001010100), CONST64(0x0101010001010100), - CONST64(0x0000000100000000), CONST64(0x0000010100000000), CONST64(0x0000000100000100), CONST64(0x0000010100000100), - CONST64(0x0001000100000000), CONST64(0x0001010100000000), CONST64(0x0001000100000100), CONST64(0x0001010100000100), - CONST64(0x0000000100010000), CONST64(0x0000010100010000), CONST64(0x0000000100010100), CONST64(0x0000010100010100), - CONST64(0x0001000100010000), CONST64(0x0001010100010000), CONST64(0x0001000100010100), CONST64(0x0001010100010100), - CONST64(0x0100000100000000), CONST64(0x0100010100000000), CONST64(0x0100000100000100), CONST64(0x0100010100000100), - CONST64(0x0101000100000000), CONST64(0x0101010100000000), CONST64(0x0101000100000100), CONST64(0x0101010100000100), - CONST64(0x0100000100010000), CONST64(0x0100010100010000), CONST64(0x0100000100010100), CONST64(0x0100010100010100), - CONST64(0x0101000100010000), CONST64(0x0101010100010000), CONST64(0x0101000100010100), CONST64(0x0101010100010100), - CONST64(0x0000000101000000), CONST64(0x0000010101000000), CONST64(0x0000000101000100), CONST64(0x0000010101000100), - CONST64(0x0001000101000000), CONST64(0x0001010101000000), CONST64(0x0001000101000100), CONST64(0x0001010101000100), - CONST64(0x0000000101010000), CONST64(0x0000010101010000), CONST64(0x0000000101010100), CONST64(0x0000010101010100), - CONST64(0x0001000101010000), CONST64(0x0001010101010000), CONST64(0x0001000101010100), CONST64(0x0001010101010100), - CONST64(0x0100000101000000), CONST64(0x0100010101000000), CONST64(0x0100000101000100), CONST64(0x0100010101000100), - CONST64(0x0101000101000000), CONST64(0x0101010101000000), CONST64(0x0101000101000100), CONST64(0x0101010101000100), - CONST64(0x0100000101010000), CONST64(0x0100010101010000), CONST64(0x0100000101010100), CONST64(0x0100010101010100), - CONST64(0x0101000101010000), CONST64(0x0101010101010000), CONST64(0x0101000101010100), CONST64(0x0101010101010100), - CONST64(0x0000000000000001), CONST64(0x0000010000000001), CONST64(0x0000000000000101), CONST64(0x0000010000000101), - CONST64(0x0001000000000001), CONST64(0x0001010000000001), CONST64(0x0001000000000101), CONST64(0x0001010000000101), - CONST64(0x0000000000010001), CONST64(0x0000010000010001), CONST64(0x0000000000010101), CONST64(0x0000010000010101), - CONST64(0x0001000000010001), CONST64(0x0001010000010001), CONST64(0x0001000000010101), CONST64(0x0001010000010101), - CONST64(0x0100000000000001), CONST64(0x0100010000000001), CONST64(0x0100000000000101), CONST64(0x0100010000000101), - CONST64(0x0101000000000001), CONST64(0x0101010000000001), CONST64(0x0101000000000101), CONST64(0x0101010000000101), - CONST64(0x0100000000010001), CONST64(0x0100010000010001), CONST64(0x0100000000010101), CONST64(0x0100010000010101), - CONST64(0x0101000000010001), CONST64(0x0101010000010001), CONST64(0x0101000000010101), CONST64(0x0101010000010101), - CONST64(0x0000000001000001), CONST64(0x0000010001000001), CONST64(0x0000000001000101), CONST64(0x0000010001000101), - CONST64(0x0001000001000001), CONST64(0x0001010001000001), CONST64(0x0001000001000101), CONST64(0x0001010001000101), - CONST64(0x0000000001010001), CONST64(0x0000010001010001), CONST64(0x0000000001010101), CONST64(0x0000010001010101), - CONST64(0x0001000001010001), CONST64(0x0001010001010001), CONST64(0x0001000001010101), CONST64(0x0001010001010101), - CONST64(0x0100000001000001), CONST64(0x0100010001000001), CONST64(0x0100000001000101), CONST64(0x0100010001000101), - CONST64(0x0101000001000001), CONST64(0x0101010001000001), CONST64(0x0101000001000101), CONST64(0x0101010001000101), - CONST64(0x0100000001010001), CONST64(0x0100010001010001), CONST64(0x0100000001010101), CONST64(0x0100010001010101), - CONST64(0x0101000001010001), CONST64(0x0101010001010001), CONST64(0x0101000001010101), CONST64(0x0101010001010101), - CONST64(0x0000000100000001), CONST64(0x0000010100000001), CONST64(0x0000000100000101), CONST64(0x0000010100000101), - CONST64(0x0001000100000001), CONST64(0x0001010100000001), CONST64(0x0001000100000101), CONST64(0x0001010100000101), - CONST64(0x0000000100010001), CONST64(0x0000010100010001), CONST64(0x0000000100010101), CONST64(0x0000010100010101), - CONST64(0x0001000100010001), CONST64(0x0001010100010001), CONST64(0x0001000100010101), CONST64(0x0001010100010101), - CONST64(0x0100000100000001), CONST64(0x0100010100000001), CONST64(0x0100000100000101), CONST64(0x0100010100000101), - CONST64(0x0101000100000001), CONST64(0x0101010100000001), CONST64(0x0101000100000101), CONST64(0x0101010100000101), - CONST64(0x0100000100010001), CONST64(0x0100010100010001), CONST64(0x0100000100010101), CONST64(0x0100010100010101), - CONST64(0x0101000100010001), CONST64(0x0101010100010001), CONST64(0x0101000100010101), CONST64(0x0101010100010101), - CONST64(0x0000000101000001), CONST64(0x0000010101000001), CONST64(0x0000000101000101), CONST64(0x0000010101000101), - CONST64(0x0001000101000001), CONST64(0x0001010101000001), CONST64(0x0001000101000101), CONST64(0x0001010101000101), - CONST64(0x0000000101010001), CONST64(0x0000010101010001), CONST64(0x0000000101010101), CONST64(0x0000010101010101), - CONST64(0x0001000101010001), CONST64(0x0001010101010001), CONST64(0x0001000101010101), CONST64(0x0001010101010101), - CONST64(0x0100000101000001), CONST64(0x0100010101000001), CONST64(0x0100000101000101), CONST64(0x0100010101000101), - CONST64(0x0101000101000001), CONST64(0x0101010101000001), CONST64(0x0101000101000101), CONST64(0x0101010101000101), - CONST64(0x0100000101010001), CONST64(0x0100010101010001), CONST64(0x0100000101010101), CONST64(0x0100010101010101), - CONST64(0x0101000101010001), CONST64(0x0101010101010001), CONST64(0x0101000101010101), CONST64(0x0101010101010101) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000008000000000), CONST64(0x0000000000000080), CONST64(0x0000008000000080), - CONST64(0x0000800000000000), CONST64(0x0000808000000000), CONST64(0x0000800000000080), CONST64(0x0000808000000080), - CONST64(0x0000000000008000), CONST64(0x0000008000008000), CONST64(0x0000000000008080), CONST64(0x0000008000008080), - CONST64(0x0000800000008000), CONST64(0x0000808000008000), CONST64(0x0000800000008080), CONST64(0x0000808000008080), - CONST64(0x0080000000000000), CONST64(0x0080008000000000), CONST64(0x0080000000000080), CONST64(0x0080008000000080), - CONST64(0x0080800000000000), CONST64(0x0080808000000000), CONST64(0x0080800000000080), CONST64(0x0080808000000080), - CONST64(0x0080000000008000), CONST64(0x0080008000008000), CONST64(0x0080000000008080), CONST64(0x0080008000008080), - CONST64(0x0080800000008000), CONST64(0x0080808000008000), CONST64(0x0080800000008080), CONST64(0x0080808000008080), - CONST64(0x0000000000800000), CONST64(0x0000008000800000), CONST64(0x0000000000800080), CONST64(0x0000008000800080), - CONST64(0x0000800000800000), CONST64(0x0000808000800000), CONST64(0x0000800000800080), CONST64(0x0000808000800080), - CONST64(0x0000000000808000), CONST64(0x0000008000808000), CONST64(0x0000000000808080), CONST64(0x0000008000808080), - CONST64(0x0000800000808000), CONST64(0x0000808000808000), CONST64(0x0000800000808080), CONST64(0x0000808000808080), - CONST64(0x0080000000800000), CONST64(0x0080008000800000), CONST64(0x0080000000800080), CONST64(0x0080008000800080), - CONST64(0x0080800000800000), CONST64(0x0080808000800000), CONST64(0x0080800000800080), CONST64(0x0080808000800080), - CONST64(0x0080000000808000), CONST64(0x0080008000808000), CONST64(0x0080000000808080), CONST64(0x0080008000808080), - CONST64(0x0080800000808000), CONST64(0x0080808000808000), CONST64(0x0080800000808080), CONST64(0x0080808000808080), - CONST64(0x8000000000000000), CONST64(0x8000008000000000), CONST64(0x8000000000000080), CONST64(0x8000008000000080), - CONST64(0x8000800000000000), CONST64(0x8000808000000000), CONST64(0x8000800000000080), CONST64(0x8000808000000080), - CONST64(0x8000000000008000), CONST64(0x8000008000008000), CONST64(0x8000000000008080), CONST64(0x8000008000008080), - CONST64(0x8000800000008000), CONST64(0x8000808000008000), CONST64(0x8000800000008080), CONST64(0x8000808000008080), - CONST64(0x8080000000000000), CONST64(0x8080008000000000), CONST64(0x8080000000000080), CONST64(0x8080008000000080), - CONST64(0x8080800000000000), CONST64(0x8080808000000000), CONST64(0x8080800000000080), CONST64(0x8080808000000080), - CONST64(0x8080000000008000), CONST64(0x8080008000008000), CONST64(0x8080000000008080), CONST64(0x8080008000008080), - CONST64(0x8080800000008000), CONST64(0x8080808000008000), CONST64(0x8080800000008080), CONST64(0x8080808000008080), - CONST64(0x8000000000800000), CONST64(0x8000008000800000), CONST64(0x8000000000800080), CONST64(0x8000008000800080), - CONST64(0x8000800000800000), CONST64(0x8000808000800000), CONST64(0x8000800000800080), CONST64(0x8000808000800080), - CONST64(0x8000000000808000), CONST64(0x8000008000808000), CONST64(0x8000000000808080), CONST64(0x8000008000808080), - CONST64(0x8000800000808000), CONST64(0x8000808000808000), CONST64(0x8000800000808080), CONST64(0x8000808000808080), - CONST64(0x8080000000800000), CONST64(0x8080008000800000), CONST64(0x8080000000800080), CONST64(0x8080008000800080), - CONST64(0x8080800000800000), CONST64(0x8080808000800000), CONST64(0x8080800000800080), CONST64(0x8080808000800080), - CONST64(0x8080000000808000), CONST64(0x8080008000808000), CONST64(0x8080000000808080), CONST64(0x8080008000808080), - CONST64(0x8080800000808000), CONST64(0x8080808000808000), CONST64(0x8080800000808080), CONST64(0x8080808000808080), - CONST64(0x0000000080000000), CONST64(0x0000008080000000), CONST64(0x0000000080000080), CONST64(0x0000008080000080), - CONST64(0x0000800080000000), CONST64(0x0000808080000000), CONST64(0x0000800080000080), CONST64(0x0000808080000080), - CONST64(0x0000000080008000), CONST64(0x0000008080008000), CONST64(0x0000000080008080), CONST64(0x0000008080008080), - CONST64(0x0000800080008000), CONST64(0x0000808080008000), CONST64(0x0000800080008080), CONST64(0x0000808080008080), - CONST64(0x0080000080000000), CONST64(0x0080008080000000), CONST64(0x0080000080000080), CONST64(0x0080008080000080), - CONST64(0x0080800080000000), CONST64(0x0080808080000000), CONST64(0x0080800080000080), CONST64(0x0080808080000080), - CONST64(0x0080000080008000), CONST64(0x0080008080008000), CONST64(0x0080000080008080), CONST64(0x0080008080008080), - CONST64(0x0080800080008000), CONST64(0x0080808080008000), CONST64(0x0080800080008080), CONST64(0x0080808080008080), - CONST64(0x0000000080800000), CONST64(0x0000008080800000), CONST64(0x0000000080800080), CONST64(0x0000008080800080), - CONST64(0x0000800080800000), CONST64(0x0000808080800000), CONST64(0x0000800080800080), CONST64(0x0000808080800080), - CONST64(0x0000000080808000), CONST64(0x0000008080808000), CONST64(0x0000000080808080), CONST64(0x0000008080808080), - CONST64(0x0000800080808000), CONST64(0x0000808080808000), CONST64(0x0000800080808080), CONST64(0x0000808080808080), - CONST64(0x0080000080800000), CONST64(0x0080008080800000), CONST64(0x0080000080800080), CONST64(0x0080008080800080), - CONST64(0x0080800080800000), CONST64(0x0080808080800000), CONST64(0x0080800080800080), CONST64(0x0080808080800080), - CONST64(0x0080000080808000), CONST64(0x0080008080808000), CONST64(0x0080000080808080), CONST64(0x0080008080808080), - CONST64(0x0080800080808000), CONST64(0x0080808080808000), CONST64(0x0080800080808080), CONST64(0x0080808080808080), - CONST64(0x8000000080000000), CONST64(0x8000008080000000), CONST64(0x8000000080000080), CONST64(0x8000008080000080), - CONST64(0x8000800080000000), CONST64(0x8000808080000000), CONST64(0x8000800080000080), CONST64(0x8000808080000080), - CONST64(0x8000000080008000), CONST64(0x8000008080008000), CONST64(0x8000000080008080), CONST64(0x8000008080008080), - CONST64(0x8000800080008000), CONST64(0x8000808080008000), CONST64(0x8000800080008080), CONST64(0x8000808080008080), - CONST64(0x8080000080000000), CONST64(0x8080008080000000), CONST64(0x8080000080000080), CONST64(0x8080008080000080), - CONST64(0x8080800080000000), CONST64(0x8080808080000000), CONST64(0x8080800080000080), CONST64(0x8080808080000080), - CONST64(0x8080000080008000), CONST64(0x8080008080008000), CONST64(0x8080000080008080), CONST64(0x8080008080008080), - CONST64(0x8080800080008000), CONST64(0x8080808080008000), CONST64(0x8080800080008080), CONST64(0x8080808080008080), - CONST64(0x8000000080800000), CONST64(0x8000008080800000), CONST64(0x8000000080800080), CONST64(0x8000008080800080), - CONST64(0x8000800080800000), CONST64(0x8000808080800000), CONST64(0x8000800080800080), CONST64(0x8000808080800080), - CONST64(0x8000000080808000), CONST64(0x8000008080808000), CONST64(0x8000000080808080), CONST64(0x8000008080808080), - CONST64(0x8000800080808000), CONST64(0x8000808080808000), CONST64(0x8000800080808080), CONST64(0x8000808080808080), - CONST64(0x8080000080800000), CONST64(0x8080008080800000), CONST64(0x8080000080800080), CONST64(0x8080008080800080), - CONST64(0x8080800080800000), CONST64(0x8080808080800000), CONST64(0x8080800080800080), CONST64(0x8080808080800080), - CONST64(0x8080000080808000), CONST64(0x8080008080808000), CONST64(0x8080000080808080), CONST64(0x8080008080808080), - CONST64(0x8080800080808000), CONST64(0x8080808080808000), CONST64(0x8080800080808080), CONST64(0x8080808080808080) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000004000000000), CONST64(0x0000000000000040), CONST64(0x0000004000000040), - CONST64(0x0000400000000000), CONST64(0x0000404000000000), CONST64(0x0000400000000040), CONST64(0x0000404000000040), - CONST64(0x0000000000004000), CONST64(0x0000004000004000), CONST64(0x0000000000004040), CONST64(0x0000004000004040), - CONST64(0x0000400000004000), CONST64(0x0000404000004000), CONST64(0x0000400000004040), CONST64(0x0000404000004040), - CONST64(0x0040000000000000), CONST64(0x0040004000000000), CONST64(0x0040000000000040), CONST64(0x0040004000000040), - CONST64(0x0040400000000000), CONST64(0x0040404000000000), CONST64(0x0040400000000040), CONST64(0x0040404000000040), - CONST64(0x0040000000004000), CONST64(0x0040004000004000), CONST64(0x0040000000004040), CONST64(0x0040004000004040), - CONST64(0x0040400000004000), CONST64(0x0040404000004000), CONST64(0x0040400000004040), CONST64(0x0040404000004040), - CONST64(0x0000000000400000), CONST64(0x0000004000400000), CONST64(0x0000000000400040), CONST64(0x0000004000400040), - CONST64(0x0000400000400000), CONST64(0x0000404000400000), CONST64(0x0000400000400040), CONST64(0x0000404000400040), - CONST64(0x0000000000404000), CONST64(0x0000004000404000), CONST64(0x0000000000404040), CONST64(0x0000004000404040), - CONST64(0x0000400000404000), CONST64(0x0000404000404000), CONST64(0x0000400000404040), CONST64(0x0000404000404040), - CONST64(0x0040000000400000), CONST64(0x0040004000400000), CONST64(0x0040000000400040), CONST64(0x0040004000400040), - CONST64(0x0040400000400000), CONST64(0x0040404000400000), CONST64(0x0040400000400040), CONST64(0x0040404000400040), - CONST64(0x0040000000404000), CONST64(0x0040004000404000), CONST64(0x0040000000404040), CONST64(0x0040004000404040), - CONST64(0x0040400000404000), CONST64(0x0040404000404000), CONST64(0x0040400000404040), CONST64(0x0040404000404040), - CONST64(0x4000000000000000), CONST64(0x4000004000000000), CONST64(0x4000000000000040), CONST64(0x4000004000000040), - CONST64(0x4000400000000000), CONST64(0x4000404000000000), CONST64(0x4000400000000040), CONST64(0x4000404000000040), - CONST64(0x4000000000004000), CONST64(0x4000004000004000), CONST64(0x4000000000004040), CONST64(0x4000004000004040), - CONST64(0x4000400000004000), CONST64(0x4000404000004000), CONST64(0x4000400000004040), CONST64(0x4000404000004040), - CONST64(0x4040000000000000), CONST64(0x4040004000000000), CONST64(0x4040000000000040), CONST64(0x4040004000000040), - CONST64(0x4040400000000000), CONST64(0x4040404000000000), CONST64(0x4040400000000040), CONST64(0x4040404000000040), - CONST64(0x4040000000004000), CONST64(0x4040004000004000), CONST64(0x4040000000004040), CONST64(0x4040004000004040), - CONST64(0x4040400000004000), CONST64(0x4040404000004000), CONST64(0x4040400000004040), CONST64(0x4040404000004040), - CONST64(0x4000000000400000), CONST64(0x4000004000400000), CONST64(0x4000000000400040), CONST64(0x4000004000400040), - CONST64(0x4000400000400000), CONST64(0x4000404000400000), CONST64(0x4000400000400040), CONST64(0x4000404000400040), - CONST64(0x4000000000404000), CONST64(0x4000004000404000), CONST64(0x4000000000404040), CONST64(0x4000004000404040), - CONST64(0x4000400000404000), CONST64(0x4000404000404000), CONST64(0x4000400000404040), CONST64(0x4000404000404040), - CONST64(0x4040000000400000), CONST64(0x4040004000400000), CONST64(0x4040000000400040), CONST64(0x4040004000400040), - CONST64(0x4040400000400000), CONST64(0x4040404000400000), CONST64(0x4040400000400040), CONST64(0x4040404000400040), - CONST64(0x4040000000404000), CONST64(0x4040004000404000), CONST64(0x4040000000404040), CONST64(0x4040004000404040), - CONST64(0x4040400000404000), CONST64(0x4040404000404000), CONST64(0x4040400000404040), CONST64(0x4040404000404040), - CONST64(0x0000000040000000), CONST64(0x0000004040000000), CONST64(0x0000000040000040), CONST64(0x0000004040000040), - CONST64(0x0000400040000000), CONST64(0x0000404040000000), CONST64(0x0000400040000040), CONST64(0x0000404040000040), - CONST64(0x0000000040004000), CONST64(0x0000004040004000), CONST64(0x0000000040004040), CONST64(0x0000004040004040), - CONST64(0x0000400040004000), CONST64(0x0000404040004000), CONST64(0x0000400040004040), CONST64(0x0000404040004040), - CONST64(0x0040000040000000), CONST64(0x0040004040000000), CONST64(0x0040000040000040), CONST64(0x0040004040000040), - CONST64(0x0040400040000000), CONST64(0x0040404040000000), CONST64(0x0040400040000040), CONST64(0x0040404040000040), - CONST64(0x0040000040004000), CONST64(0x0040004040004000), CONST64(0x0040000040004040), CONST64(0x0040004040004040), - CONST64(0x0040400040004000), CONST64(0x0040404040004000), CONST64(0x0040400040004040), CONST64(0x0040404040004040), - CONST64(0x0000000040400000), CONST64(0x0000004040400000), CONST64(0x0000000040400040), CONST64(0x0000004040400040), - CONST64(0x0000400040400000), CONST64(0x0000404040400000), CONST64(0x0000400040400040), CONST64(0x0000404040400040), - CONST64(0x0000000040404000), CONST64(0x0000004040404000), CONST64(0x0000000040404040), CONST64(0x0000004040404040), - CONST64(0x0000400040404000), CONST64(0x0000404040404000), CONST64(0x0000400040404040), CONST64(0x0000404040404040), - CONST64(0x0040000040400000), CONST64(0x0040004040400000), CONST64(0x0040000040400040), CONST64(0x0040004040400040), - CONST64(0x0040400040400000), CONST64(0x0040404040400000), CONST64(0x0040400040400040), CONST64(0x0040404040400040), - CONST64(0x0040000040404000), CONST64(0x0040004040404000), CONST64(0x0040000040404040), CONST64(0x0040004040404040), - CONST64(0x0040400040404000), CONST64(0x0040404040404000), CONST64(0x0040400040404040), CONST64(0x0040404040404040), - CONST64(0x4000000040000000), CONST64(0x4000004040000000), CONST64(0x4000000040000040), CONST64(0x4000004040000040), - CONST64(0x4000400040000000), CONST64(0x4000404040000000), CONST64(0x4000400040000040), CONST64(0x4000404040000040), - CONST64(0x4000000040004000), CONST64(0x4000004040004000), CONST64(0x4000000040004040), CONST64(0x4000004040004040), - CONST64(0x4000400040004000), CONST64(0x4000404040004000), CONST64(0x4000400040004040), CONST64(0x4000404040004040), - CONST64(0x4040000040000000), CONST64(0x4040004040000000), CONST64(0x4040000040000040), CONST64(0x4040004040000040), - CONST64(0x4040400040000000), CONST64(0x4040404040000000), CONST64(0x4040400040000040), CONST64(0x4040404040000040), - CONST64(0x4040000040004000), CONST64(0x4040004040004000), CONST64(0x4040000040004040), CONST64(0x4040004040004040), - CONST64(0x4040400040004000), CONST64(0x4040404040004000), CONST64(0x4040400040004040), CONST64(0x4040404040004040), - CONST64(0x4000000040400000), CONST64(0x4000004040400000), CONST64(0x4000000040400040), CONST64(0x4000004040400040), - CONST64(0x4000400040400000), CONST64(0x4000404040400000), CONST64(0x4000400040400040), CONST64(0x4000404040400040), - CONST64(0x4000000040404000), CONST64(0x4000004040404000), CONST64(0x4000000040404040), CONST64(0x4000004040404040), - CONST64(0x4000400040404000), CONST64(0x4000404040404000), CONST64(0x4000400040404040), CONST64(0x4000404040404040), - CONST64(0x4040000040400000), CONST64(0x4040004040400000), CONST64(0x4040000040400040), CONST64(0x4040004040400040), - CONST64(0x4040400040400000), CONST64(0x4040404040400000), CONST64(0x4040400040400040), CONST64(0x4040404040400040), - CONST64(0x4040000040404000), CONST64(0x4040004040404000), CONST64(0x4040000040404040), CONST64(0x4040004040404040), - CONST64(0x4040400040404000), CONST64(0x4040404040404000), CONST64(0x4040400040404040), CONST64(0x4040404040404040) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000002000000000), CONST64(0x0000000000000020), CONST64(0x0000002000000020), - CONST64(0x0000200000000000), CONST64(0x0000202000000000), CONST64(0x0000200000000020), CONST64(0x0000202000000020), - CONST64(0x0000000000002000), CONST64(0x0000002000002000), CONST64(0x0000000000002020), CONST64(0x0000002000002020), - CONST64(0x0000200000002000), CONST64(0x0000202000002000), CONST64(0x0000200000002020), CONST64(0x0000202000002020), - CONST64(0x0020000000000000), CONST64(0x0020002000000000), CONST64(0x0020000000000020), CONST64(0x0020002000000020), - CONST64(0x0020200000000000), CONST64(0x0020202000000000), CONST64(0x0020200000000020), CONST64(0x0020202000000020), - CONST64(0x0020000000002000), CONST64(0x0020002000002000), CONST64(0x0020000000002020), CONST64(0x0020002000002020), - CONST64(0x0020200000002000), CONST64(0x0020202000002000), CONST64(0x0020200000002020), CONST64(0x0020202000002020), - CONST64(0x0000000000200000), CONST64(0x0000002000200000), CONST64(0x0000000000200020), CONST64(0x0000002000200020), - CONST64(0x0000200000200000), CONST64(0x0000202000200000), CONST64(0x0000200000200020), CONST64(0x0000202000200020), - CONST64(0x0000000000202000), CONST64(0x0000002000202000), CONST64(0x0000000000202020), CONST64(0x0000002000202020), - CONST64(0x0000200000202000), CONST64(0x0000202000202000), CONST64(0x0000200000202020), CONST64(0x0000202000202020), - CONST64(0x0020000000200000), CONST64(0x0020002000200000), CONST64(0x0020000000200020), CONST64(0x0020002000200020), - CONST64(0x0020200000200000), CONST64(0x0020202000200000), CONST64(0x0020200000200020), CONST64(0x0020202000200020), - CONST64(0x0020000000202000), CONST64(0x0020002000202000), CONST64(0x0020000000202020), CONST64(0x0020002000202020), - CONST64(0x0020200000202000), CONST64(0x0020202000202000), CONST64(0x0020200000202020), CONST64(0x0020202000202020), - CONST64(0x2000000000000000), CONST64(0x2000002000000000), CONST64(0x2000000000000020), CONST64(0x2000002000000020), - CONST64(0x2000200000000000), CONST64(0x2000202000000000), CONST64(0x2000200000000020), CONST64(0x2000202000000020), - CONST64(0x2000000000002000), CONST64(0x2000002000002000), CONST64(0x2000000000002020), CONST64(0x2000002000002020), - CONST64(0x2000200000002000), CONST64(0x2000202000002000), CONST64(0x2000200000002020), CONST64(0x2000202000002020), - CONST64(0x2020000000000000), CONST64(0x2020002000000000), CONST64(0x2020000000000020), CONST64(0x2020002000000020), - CONST64(0x2020200000000000), CONST64(0x2020202000000000), CONST64(0x2020200000000020), CONST64(0x2020202000000020), - CONST64(0x2020000000002000), CONST64(0x2020002000002000), CONST64(0x2020000000002020), CONST64(0x2020002000002020), - CONST64(0x2020200000002000), CONST64(0x2020202000002000), CONST64(0x2020200000002020), CONST64(0x2020202000002020), - CONST64(0x2000000000200000), CONST64(0x2000002000200000), CONST64(0x2000000000200020), CONST64(0x2000002000200020), - CONST64(0x2000200000200000), CONST64(0x2000202000200000), CONST64(0x2000200000200020), CONST64(0x2000202000200020), - CONST64(0x2000000000202000), CONST64(0x2000002000202000), CONST64(0x2000000000202020), CONST64(0x2000002000202020), - CONST64(0x2000200000202000), CONST64(0x2000202000202000), CONST64(0x2000200000202020), CONST64(0x2000202000202020), - CONST64(0x2020000000200000), CONST64(0x2020002000200000), CONST64(0x2020000000200020), CONST64(0x2020002000200020), - CONST64(0x2020200000200000), CONST64(0x2020202000200000), CONST64(0x2020200000200020), CONST64(0x2020202000200020), - CONST64(0x2020000000202000), CONST64(0x2020002000202000), CONST64(0x2020000000202020), CONST64(0x2020002000202020), - CONST64(0x2020200000202000), CONST64(0x2020202000202000), CONST64(0x2020200000202020), CONST64(0x2020202000202020), - CONST64(0x0000000020000000), CONST64(0x0000002020000000), CONST64(0x0000000020000020), CONST64(0x0000002020000020), - CONST64(0x0000200020000000), CONST64(0x0000202020000000), CONST64(0x0000200020000020), CONST64(0x0000202020000020), - CONST64(0x0000000020002000), CONST64(0x0000002020002000), CONST64(0x0000000020002020), CONST64(0x0000002020002020), - CONST64(0x0000200020002000), CONST64(0x0000202020002000), CONST64(0x0000200020002020), CONST64(0x0000202020002020), - CONST64(0x0020000020000000), CONST64(0x0020002020000000), CONST64(0x0020000020000020), CONST64(0x0020002020000020), - CONST64(0x0020200020000000), CONST64(0x0020202020000000), CONST64(0x0020200020000020), CONST64(0x0020202020000020), - CONST64(0x0020000020002000), CONST64(0x0020002020002000), CONST64(0x0020000020002020), CONST64(0x0020002020002020), - CONST64(0x0020200020002000), CONST64(0x0020202020002000), CONST64(0x0020200020002020), CONST64(0x0020202020002020), - CONST64(0x0000000020200000), CONST64(0x0000002020200000), CONST64(0x0000000020200020), CONST64(0x0000002020200020), - CONST64(0x0000200020200000), CONST64(0x0000202020200000), CONST64(0x0000200020200020), CONST64(0x0000202020200020), - CONST64(0x0000000020202000), CONST64(0x0000002020202000), CONST64(0x0000000020202020), CONST64(0x0000002020202020), - CONST64(0x0000200020202000), CONST64(0x0000202020202000), CONST64(0x0000200020202020), CONST64(0x0000202020202020), - CONST64(0x0020000020200000), CONST64(0x0020002020200000), CONST64(0x0020000020200020), CONST64(0x0020002020200020), - CONST64(0x0020200020200000), CONST64(0x0020202020200000), CONST64(0x0020200020200020), CONST64(0x0020202020200020), - CONST64(0x0020000020202000), CONST64(0x0020002020202000), CONST64(0x0020000020202020), CONST64(0x0020002020202020), - CONST64(0x0020200020202000), CONST64(0x0020202020202000), CONST64(0x0020200020202020), CONST64(0x0020202020202020), - CONST64(0x2000000020000000), CONST64(0x2000002020000000), CONST64(0x2000000020000020), CONST64(0x2000002020000020), - CONST64(0x2000200020000000), CONST64(0x2000202020000000), CONST64(0x2000200020000020), CONST64(0x2000202020000020), - CONST64(0x2000000020002000), CONST64(0x2000002020002000), CONST64(0x2000000020002020), CONST64(0x2000002020002020), - CONST64(0x2000200020002000), CONST64(0x2000202020002000), CONST64(0x2000200020002020), CONST64(0x2000202020002020), - CONST64(0x2020000020000000), CONST64(0x2020002020000000), CONST64(0x2020000020000020), CONST64(0x2020002020000020), - CONST64(0x2020200020000000), CONST64(0x2020202020000000), CONST64(0x2020200020000020), CONST64(0x2020202020000020), - CONST64(0x2020000020002000), CONST64(0x2020002020002000), CONST64(0x2020000020002020), CONST64(0x2020002020002020), - CONST64(0x2020200020002000), CONST64(0x2020202020002000), CONST64(0x2020200020002020), CONST64(0x2020202020002020), - CONST64(0x2000000020200000), CONST64(0x2000002020200000), CONST64(0x2000000020200020), CONST64(0x2000002020200020), - CONST64(0x2000200020200000), CONST64(0x2000202020200000), CONST64(0x2000200020200020), CONST64(0x2000202020200020), - CONST64(0x2000000020202000), CONST64(0x2000002020202000), CONST64(0x2000000020202020), CONST64(0x2000002020202020), - CONST64(0x2000200020202000), CONST64(0x2000202020202000), CONST64(0x2000200020202020), CONST64(0x2000202020202020), - CONST64(0x2020000020200000), CONST64(0x2020002020200000), CONST64(0x2020000020200020), CONST64(0x2020002020200020), - CONST64(0x2020200020200000), CONST64(0x2020202020200000), CONST64(0x2020200020200020), CONST64(0x2020202020200020), - CONST64(0x2020000020202000), CONST64(0x2020002020202000), CONST64(0x2020000020202020), CONST64(0x2020002020202020), - CONST64(0x2020200020202000), CONST64(0x2020202020202000), CONST64(0x2020200020202020), CONST64(0x2020202020202020) - }}; - -static const ulong64 des_fp[8][256] = { - -{ CONST64(0x0000000000000000), CONST64(0x0000008000000000), CONST64(0x0000000002000000), CONST64(0x0000008002000000), - CONST64(0x0000000000020000), CONST64(0x0000008000020000), CONST64(0x0000000002020000), CONST64(0x0000008002020000), - CONST64(0x0000000000000200), CONST64(0x0000008000000200), CONST64(0x0000000002000200), CONST64(0x0000008002000200), - CONST64(0x0000000000020200), CONST64(0x0000008000020200), CONST64(0x0000000002020200), CONST64(0x0000008002020200), - CONST64(0x0000000000000002), CONST64(0x0000008000000002), CONST64(0x0000000002000002), CONST64(0x0000008002000002), - CONST64(0x0000000000020002), CONST64(0x0000008000020002), CONST64(0x0000000002020002), CONST64(0x0000008002020002), - CONST64(0x0000000000000202), CONST64(0x0000008000000202), CONST64(0x0000000002000202), CONST64(0x0000008002000202), - CONST64(0x0000000000020202), CONST64(0x0000008000020202), CONST64(0x0000000002020202), CONST64(0x0000008002020202), - CONST64(0x0200000000000000), CONST64(0x0200008000000000), CONST64(0x0200000002000000), CONST64(0x0200008002000000), - CONST64(0x0200000000020000), CONST64(0x0200008000020000), CONST64(0x0200000002020000), CONST64(0x0200008002020000), - CONST64(0x0200000000000200), CONST64(0x0200008000000200), CONST64(0x0200000002000200), CONST64(0x0200008002000200), - CONST64(0x0200000000020200), CONST64(0x0200008000020200), CONST64(0x0200000002020200), CONST64(0x0200008002020200), - CONST64(0x0200000000000002), CONST64(0x0200008000000002), CONST64(0x0200000002000002), CONST64(0x0200008002000002), - CONST64(0x0200000000020002), CONST64(0x0200008000020002), CONST64(0x0200000002020002), CONST64(0x0200008002020002), - CONST64(0x0200000000000202), CONST64(0x0200008000000202), CONST64(0x0200000002000202), CONST64(0x0200008002000202), - CONST64(0x0200000000020202), CONST64(0x0200008000020202), CONST64(0x0200000002020202), CONST64(0x0200008002020202), - CONST64(0x0002000000000000), CONST64(0x0002008000000000), CONST64(0x0002000002000000), CONST64(0x0002008002000000), - CONST64(0x0002000000020000), CONST64(0x0002008000020000), CONST64(0x0002000002020000), CONST64(0x0002008002020000), - CONST64(0x0002000000000200), CONST64(0x0002008000000200), CONST64(0x0002000002000200), CONST64(0x0002008002000200), - CONST64(0x0002000000020200), CONST64(0x0002008000020200), CONST64(0x0002000002020200), CONST64(0x0002008002020200), - CONST64(0x0002000000000002), CONST64(0x0002008000000002), CONST64(0x0002000002000002), CONST64(0x0002008002000002), - CONST64(0x0002000000020002), CONST64(0x0002008000020002), CONST64(0x0002000002020002), CONST64(0x0002008002020002), - CONST64(0x0002000000000202), CONST64(0x0002008000000202), CONST64(0x0002000002000202), CONST64(0x0002008002000202), - CONST64(0x0002000000020202), CONST64(0x0002008000020202), CONST64(0x0002000002020202), CONST64(0x0002008002020202), - CONST64(0x0202000000000000), CONST64(0x0202008000000000), CONST64(0x0202000002000000), CONST64(0x0202008002000000), - CONST64(0x0202000000020000), CONST64(0x0202008000020000), CONST64(0x0202000002020000), CONST64(0x0202008002020000), - CONST64(0x0202000000000200), CONST64(0x0202008000000200), CONST64(0x0202000002000200), CONST64(0x0202008002000200), - CONST64(0x0202000000020200), CONST64(0x0202008000020200), CONST64(0x0202000002020200), CONST64(0x0202008002020200), - CONST64(0x0202000000000002), CONST64(0x0202008000000002), CONST64(0x0202000002000002), CONST64(0x0202008002000002), - CONST64(0x0202000000020002), CONST64(0x0202008000020002), CONST64(0x0202000002020002), CONST64(0x0202008002020002), - CONST64(0x0202000000000202), CONST64(0x0202008000000202), CONST64(0x0202000002000202), CONST64(0x0202008002000202), - CONST64(0x0202000000020202), CONST64(0x0202008000020202), CONST64(0x0202000002020202), CONST64(0x0202008002020202), - CONST64(0x0000020000000000), CONST64(0x0000028000000000), CONST64(0x0000020002000000), CONST64(0x0000028002000000), - CONST64(0x0000020000020000), CONST64(0x0000028000020000), CONST64(0x0000020002020000), CONST64(0x0000028002020000), - CONST64(0x0000020000000200), CONST64(0x0000028000000200), CONST64(0x0000020002000200), CONST64(0x0000028002000200), - CONST64(0x0000020000020200), CONST64(0x0000028000020200), CONST64(0x0000020002020200), CONST64(0x0000028002020200), - CONST64(0x0000020000000002), CONST64(0x0000028000000002), CONST64(0x0000020002000002), CONST64(0x0000028002000002), - CONST64(0x0000020000020002), CONST64(0x0000028000020002), CONST64(0x0000020002020002), CONST64(0x0000028002020002), - CONST64(0x0000020000000202), CONST64(0x0000028000000202), CONST64(0x0000020002000202), CONST64(0x0000028002000202), - CONST64(0x0000020000020202), CONST64(0x0000028000020202), CONST64(0x0000020002020202), CONST64(0x0000028002020202), - CONST64(0x0200020000000000), CONST64(0x0200028000000000), CONST64(0x0200020002000000), CONST64(0x0200028002000000), - CONST64(0x0200020000020000), CONST64(0x0200028000020000), CONST64(0x0200020002020000), CONST64(0x0200028002020000), - CONST64(0x0200020000000200), CONST64(0x0200028000000200), CONST64(0x0200020002000200), CONST64(0x0200028002000200), - CONST64(0x0200020000020200), CONST64(0x0200028000020200), CONST64(0x0200020002020200), CONST64(0x0200028002020200), - CONST64(0x0200020000000002), CONST64(0x0200028000000002), CONST64(0x0200020002000002), CONST64(0x0200028002000002), - CONST64(0x0200020000020002), CONST64(0x0200028000020002), CONST64(0x0200020002020002), CONST64(0x0200028002020002), - CONST64(0x0200020000000202), CONST64(0x0200028000000202), CONST64(0x0200020002000202), CONST64(0x0200028002000202), - CONST64(0x0200020000020202), CONST64(0x0200028000020202), CONST64(0x0200020002020202), CONST64(0x0200028002020202), - CONST64(0x0002020000000000), CONST64(0x0002028000000000), CONST64(0x0002020002000000), CONST64(0x0002028002000000), - CONST64(0x0002020000020000), CONST64(0x0002028000020000), CONST64(0x0002020002020000), CONST64(0x0002028002020000), - CONST64(0x0002020000000200), CONST64(0x0002028000000200), CONST64(0x0002020002000200), CONST64(0x0002028002000200), - CONST64(0x0002020000020200), CONST64(0x0002028000020200), CONST64(0x0002020002020200), CONST64(0x0002028002020200), - CONST64(0x0002020000000002), CONST64(0x0002028000000002), CONST64(0x0002020002000002), CONST64(0x0002028002000002), - CONST64(0x0002020000020002), CONST64(0x0002028000020002), CONST64(0x0002020002020002), CONST64(0x0002028002020002), - CONST64(0x0002020000000202), CONST64(0x0002028000000202), CONST64(0x0002020002000202), CONST64(0x0002028002000202), - CONST64(0x0002020000020202), CONST64(0x0002028000020202), CONST64(0x0002020002020202), CONST64(0x0002028002020202), - CONST64(0x0202020000000000), CONST64(0x0202028000000000), CONST64(0x0202020002000000), CONST64(0x0202028002000000), - CONST64(0x0202020000020000), CONST64(0x0202028000020000), CONST64(0x0202020002020000), CONST64(0x0202028002020000), - CONST64(0x0202020000000200), CONST64(0x0202028000000200), CONST64(0x0202020002000200), CONST64(0x0202028002000200), - CONST64(0x0202020000020200), CONST64(0x0202028000020200), CONST64(0x0202020002020200), CONST64(0x0202028002020200), - CONST64(0x0202020000000002), CONST64(0x0202028000000002), CONST64(0x0202020002000002), CONST64(0x0202028002000002), - CONST64(0x0202020000020002), CONST64(0x0202028000020002), CONST64(0x0202020002020002), CONST64(0x0202028002020002), - CONST64(0x0202020000000202), CONST64(0x0202028000000202), CONST64(0x0202020002000202), CONST64(0x0202028002000202), - CONST64(0x0202020000020202), CONST64(0x0202028000020202), CONST64(0x0202020002020202), CONST64(0x0202028002020202) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000000200000000), CONST64(0x0000000008000000), CONST64(0x0000000208000000), - CONST64(0x0000000000080000), CONST64(0x0000000200080000), CONST64(0x0000000008080000), CONST64(0x0000000208080000), - CONST64(0x0000000000000800), CONST64(0x0000000200000800), CONST64(0x0000000008000800), CONST64(0x0000000208000800), - CONST64(0x0000000000080800), CONST64(0x0000000200080800), CONST64(0x0000000008080800), CONST64(0x0000000208080800), - CONST64(0x0000000000000008), CONST64(0x0000000200000008), CONST64(0x0000000008000008), CONST64(0x0000000208000008), - CONST64(0x0000000000080008), CONST64(0x0000000200080008), CONST64(0x0000000008080008), CONST64(0x0000000208080008), - CONST64(0x0000000000000808), CONST64(0x0000000200000808), CONST64(0x0000000008000808), CONST64(0x0000000208000808), - CONST64(0x0000000000080808), CONST64(0x0000000200080808), CONST64(0x0000000008080808), CONST64(0x0000000208080808), - CONST64(0x0800000000000000), CONST64(0x0800000200000000), CONST64(0x0800000008000000), CONST64(0x0800000208000000), - CONST64(0x0800000000080000), CONST64(0x0800000200080000), CONST64(0x0800000008080000), CONST64(0x0800000208080000), - CONST64(0x0800000000000800), CONST64(0x0800000200000800), CONST64(0x0800000008000800), CONST64(0x0800000208000800), - CONST64(0x0800000000080800), CONST64(0x0800000200080800), CONST64(0x0800000008080800), CONST64(0x0800000208080800), - CONST64(0x0800000000000008), CONST64(0x0800000200000008), CONST64(0x0800000008000008), CONST64(0x0800000208000008), - CONST64(0x0800000000080008), CONST64(0x0800000200080008), CONST64(0x0800000008080008), CONST64(0x0800000208080008), - CONST64(0x0800000000000808), CONST64(0x0800000200000808), CONST64(0x0800000008000808), CONST64(0x0800000208000808), - CONST64(0x0800000000080808), CONST64(0x0800000200080808), CONST64(0x0800000008080808), CONST64(0x0800000208080808), - CONST64(0x0008000000000000), CONST64(0x0008000200000000), CONST64(0x0008000008000000), CONST64(0x0008000208000000), - CONST64(0x0008000000080000), CONST64(0x0008000200080000), CONST64(0x0008000008080000), CONST64(0x0008000208080000), - CONST64(0x0008000000000800), CONST64(0x0008000200000800), CONST64(0x0008000008000800), CONST64(0x0008000208000800), - CONST64(0x0008000000080800), CONST64(0x0008000200080800), CONST64(0x0008000008080800), CONST64(0x0008000208080800), - CONST64(0x0008000000000008), CONST64(0x0008000200000008), CONST64(0x0008000008000008), CONST64(0x0008000208000008), - CONST64(0x0008000000080008), CONST64(0x0008000200080008), CONST64(0x0008000008080008), CONST64(0x0008000208080008), - CONST64(0x0008000000000808), CONST64(0x0008000200000808), CONST64(0x0008000008000808), CONST64(0x0008000208000808), - CONST64(0x0008000000080808), CONST64(0x0008000200080808), CONST64(0x0008000008080808), CONST64(0x0008000208080808), - CONST64(0x0808000000000000), CONST64(0x0808000200000000), CONST64(0x0808000008000000), CONST64(0x0808000208000000), - CONST64(0x0808000000080000), CONST64(0x0808000200080000), CONST64(0x0808000008080000), CONST64(0x0808000208080000), - CONST64(0x0808000000000800), CONST64(0x0808000200000800), CONST64(0x0808000008000800), CONST64(0x0808000208000800), - CONST64(0x0808000000080800), CONST64(0x0808000200080800), CONST64(0x0808000008080800), CONST64(0x0808000208080800), - CONST64(0x0808000000000008), CONST64(0x0808000200000008), CONST64(0x0808000008000008), CONST64(0x0808000208000008), - CONST64(0x0808000000080008), CONST64(0x0808000200080008), CONST64(0x0808000008080008), CONST64(0x0808000208080008), - CONST64(0x0808000000000808), CONST64(0x0808000200000808), CONST64(0x0808000008000808), CONST64(0x0808000208000808), - CONST64(0x0808000000080808), CONST64(0x0808000200080808), CONST64(0x0808000008080808), CONST64(0x0808000208080808), - CONST64(0x0000080000000000), CONST64(0x0000080200000000), CONST64(0x0000080008000000), CONST64(0x0000080208000000), - CONST64(0x0000080000080000), CONST64(0x0000080200080000), CONST64(0x0000080008080000), CONST64(0x0000080208080000), - CONST64(0x0000080000000800), CONST64(0x0000080200000800), CONST64(0x0000080008000800), CONST64(0x0000080208000800), - CONST64(0x0000080000080800), CONST64(0x0000080200080800), CONST64(0x0000080008080800), CONST64(0x0000080208080800), - CONST64(0x0000080000000008), CONST64(0x0000080200000008), CONST64(0x0000080008000008), CONST64(0x0000080208000008), - CONST64(0x0000080000080008), CONST64(0x0000080200080008), CONST64(0x0000080008080008), CONST64(0x0000080208080008), - CONST64(0x0000080000000808), CONST64(0x0000080200000808), CONST64(0x0000080008000808), CONST64(0x0000080208000808), - CONST64(0x0000080000080808), CONST64(0x0000080200080808), CONST64(0x0000080008080808), CONST64(0x0000080208080808), - CONST64(0x0800080000000000), CONST64(0x0800080200000000), CONST64(0x0800080008000000), CONST64(0x0800080208000000), - CONST64(0x0800080000080000), CONST64(0x0800080200080000), CONST64(0x0800080008080000), CONST64(0x0800080208080000), - CONST64(0x0800080000000800), CONST64(0x0800080200000800), CONST64(0x0800080008000800), CONST64(0x0800080208000800), - CONST64(0x0800080000080800), CONST64(0x0800080200080800), CONST64(0x0800080008080800), CONST64(0x0800080208080800), - CONST64(0x0800080000000008), CONST64(0x0800080200000008), CONST64(0x0800080008000008), CONST64(0x0800080208000008), - CONST64(0x0800080000080008), CONST64(0x0800080200080008), CONST64(0x0800080008080008), CONST64(0x0800080208080008), - CONST64(0x0800080000000808), CONST64(0x0800080200000808), CONST64(0x0800080008000808), CONST64(0x0800080208000808), - CONST64(0x0800080000080808), CONST64(0x0800080200080808), CONST64(0x0800080008080808), CONST64(0x0800080208080808), - CONST64(0x0008080000000000), CONST64(0x0008080200000000), CONST64(0x0008080008000000), CONST64(0x0008080208000000), - CONST64(0x0008080000080000), CONST64(0x0008080200080000), CONST64(0x0008080008080000), CONST64(0x0008080208080000), - CONST64(0x0008080000000800), CONST64(0x0008080200000800), CONST64(0x0008080008000800), CONST64(0x0008080208000800), - CONST64(0x0008080000080800), CONST64(0x0008080200080800), CONST64(0x0008080008080800), CONST64(0x0008080208080800), - CONST64(0x0008080000000008), CONST64(0x0008080200000008), CONST64(0x0008080008000008), CONST64(0x0008080208000008), - CONST64(0x0008080000080008), CONST64(0x0008080200080008), CONST64(0x0008080008080008), CONST64(0x0008080208080008), - CONST64(0x0008080000000808), CONST64(0x0008080200000808), CONST64(0x0008080008000808), CONST64(0x0008080208000808), - CONST64(0x0008080000080808), CONST64(0x0008080200080808), CONST64(0x0008080008080808), CONST64(0x0008080208080808), - CONST64(0x0808080000000000), CONST64(0x0808080200000000), CONST64(0x0808080008000000), CONST64(0x0808080208000000), - CONST64(0x0808080000080000), CONST64(0x0808080200080000), CONST64(0x0808080008080000), CONST64(0x0808080208080000), - CONST64(0x0808080000000800), CONST64(0x0808080200000800), CONST64(0x0808080008000800), CONST64(0x0808080208000800), - CONST64(0x0808080000080800), CONST64(0x0808080200080800), CONST64(0x0808080008080800), CONST64(0x0808080208080800), - CONST64(0x0808080000000008), CONST64(0x0808080200000008), CONST64(0x0808080008000008), CONST64(0x0808080208000008), - CONST64(0x0808080000080008), CONST64(0x0808080200080008), CONST64(0x0808080008080008), CONST64(0x0808080208080008), - CONST64(0x0808080000000808), CONST64(0x0808080200000808), CONST64(0x0808080008000808), CONST64(0x0808080208000808), - CONST64(0x0808080000080808), CONST64(0x0808080200080808), CONST64(0x0808080008080808), CONST64(0x0808080208080808) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000000800000000), CONST64(0x0000000020000000), CONST64(0x0000000820000000), - CONST64(0x0000000000200000), CONST64(0x0000000800200000), CONST64(0x0000000020200000), CONST64(0x0000000820200000), - CONST64(0x0000000000002000), CONST64(0x0000000800002000), CONST64(0x0000000020002000), CONST64(0x0000000820002000), - CONST64(0x0000000000202000), CONST64(0x0000000800202000), CONST64(0x0000000020202000), CONST64(0x0000000820202000), - CONST64(0x0000000000000020), CONST64(0x0000000800000020), CONST64(0x0000000020000020), CONST64(0x0000000820000020), - CONST64(0x0000000000200020), CONST64(0x0000000800200020), CONST64(0x0000000020200020), CONST64(0x0000000820200020), - CONST64(0x0000000000002020), CONST64(0x0000000800002020), CONST64(0x0000000020002020), CONST64(0x0000000820002020), - CONST64(0x0000000000202020), CONST64(0x0000000800202020), CONST64(0x0000000020202020), CONST64(0x0000000820202020), - CONST64(0x2000000000000000), CONST64(0x2000000800000000), CONST64(0x2000000020000000), CONST64(0x2000000820000000), - CONST64(0x2000000000200000), CONST64(0x2000000800200000), CONST64(0x2000000020200000), CONST64(0x2000000820200000), - CONST64(0x2000000000002000), CONST64(0x2000000800002000), CONST64(0x2000000020002000), CONST64(0x2000000820002000), - CONST64(0x2000000000202000), CONST64(0x2000000800202000), CONST64(0x2000000020202000), CONST64(0x2000000820202000), - CONST64(0x2000000000000020), CONST64(0x2000000800000020), CONST64(0x2000000020000020), CONST64(0x2000000820000020), - CONST64(0x2000000000200020), CONST64(0x2000000800200020), CONST64(0x2000000020200020), CONST64(0x2000000820200020), - CONST64(0x2000000000002020), CONST64(0x2000000800002020), CONST64(0x2000000020002020), CONST64(0x2000000820002020), - CONST64(0x2000000000202020), CONST64(0x2000000800202020), CONST64(0x2000000020202020), CONST64(0x2000000820202020), - CONST64(0x0020000000000000), CONST64(0x0020000800000000), CONST64(0x0020000020000000), CONST64(0x0020000820000000), - CONST64(0x0020000000200000), CONST64(0x0020000800200000), CONST64(0x0020000020200000), CONST64(0x0020000820200000), - CONST64(0x0020000000002000), CONST64(0x0020000800002000), CONST64(0x0020000020002000), CONST64(0x0020000820002000), - CONST64(0x0020000000202000), CONST64(0x0020000800202000), CONST64(0x0020000020202000), CONST64(0x0020000820202000), - CONST64(0x0020000000000020), CONST64(0x0020000800000020), CONST64(0x0020000020000020), CONST64(0x0020000820000020), - CONST64(0x0020000000200020), CONST64(0x0020000800200020), CONST64(0x0020000020200020), CONST64(0x0020000820200020), - CONST64(0x0020000000002020), CONST64(0x0020000800002020), CONST64(0x0020000020002020), CONST64(0x0020000820002020), - CONST64(0x0020000000202020), CONST64(0x0020000800202020), CONST64(0x0020000020202020), CONST64(0x0020000820202020), - CONST64(0x2020000000000000), CONST64(0x2020000800000000), CONST64(0x2020000020000000), CONST64(0x2020000820000000), - CONST64(0x2020000000200000), CONST64(0x2020000800200000), CONST64(0x2020000020200000), CONST64(0x2020000820200000), - CONST64(0x2020000000002000), CONST64(0x2020000800002000), CONST64(0x2020000020002000), CONST64(0x2020000820002000), - CONST64(0x2020000000202000), CONST64(0x2020000800202000), CONST64(0x2020000020202000), CONST64(0x2020000820202000), - CONST64(0x2020000000000020), CONST64(0x2020000800000020), CONST64(0x2020000020000020), CONST64(0x2020000820000020), - CONST64(0x2020000000200020), CONST64(0x2020000800200020), CONST64(0x2020000020200020), CONST64(0x2020000820200020), - CONST64(0x2020000000002020), CONST64(0x2020000800002020), CONST64(0x2020000020002020), CONST64(0x2020000820002020), - CONST64(0x2020000000202020), CONST64(0x2020000800202020), CONST64(0x2020000020202020), CONST64(0x2020000820202020), - CONST64(0x0000200000000000), CONST64(0x0000200800000000), CONST64(0x0000200020000000), CONST64(0x0000200820000000), - CONST64(0x0000200000200000), CONST64(0x0000200800200000), CONST64(0x0000200020200000), CONST64(0x0000200820200000), - CONST64(0x0000200000002000), CONST64(0x0000200800002000), CONST64(0x0000200020002000), CONST64(0x0000200820002000), - CONST64(0x0000200000202000), CONST64(0x0000200800202000), CONST64(0x0000200020202000), CONST64(0x0000200820202000), - CONST64(0x0000200000000020), CONST64(0x0000200800000020), CONST64(0x0000200020000020), CONST64(0x0000200820000020), - CONST64(0x0000200000200020), CONST64(0x0000200800200020), CONST64(0x0000200020200020), CONST64(0x0000200820200020), - CONST64(0x0000200000002020), CONST64(0x0000200800002020), CONST64(0x0000200020002020), CONST64(0x0000200820002020), - CONST64(0x0000200000202020), CONST64(0x0000200800202020), CONST64(0x0000200020202020), CONST64(0x0000200820202020), - CONST64(0x2000200000000000), CONST64(0x2000200800000000), CONST64(0x2000200020000000), CONST64(0x2000200820000000), - CONST64(0x2000200000200000), CONST64(0x2000200800200000), CONST64(0x2000200020200000), CONST64(0x2000200820200000), - CONST64(0x2000200000002000), CONST64(0x2000200800002000), CONST64(0x2000200020002000), CONST64(0x2000200820002000), - CONST64(0x2000200000202000), CONST64(0x2000200800202000), CONST64(0x2000200020202000), CONST64(0x2000200820202000), - CONST64(0x2000200000000020), CONST64(0x2000200800000020), CONST64(0x2000200020000020), CONST64(0x2000200820000020), - CONST64(0x2000200000200020), CONST64(0x2000200800200020), CONST64(0x2000200020200020), CONST64(0x2000200820200020), - CONST64(0x2000200000002020), CONST64(0x2000200800002020), CONST64(0x2000200020002020), CONST64(0x2000200820002020), - CONST64(0x2000200000202020), CONST64(0x2000200800202020), CONST64(0x2000200020202020), CONST64(0x2000200820202020), - CONST64(0x0020200000000000), CONST64(0x0020200800000000), CONST64(0x0020200020000000), CONST64(0x0020200820000000), - CONST64(0x0020200000200000), CONST64(0x0020200800200000), CONST64(0x0020200020200000), CONST64(0x0020200820200000), - CONST64(0x0020200000002000), CONST64(0x0020200800002000), CONST64(0x0020200020002000), CONST64(0x0020200820002000), - CONST64(0x0020200000202000), CONST64(0x0020200800202000), CONST64(0x0020200020202000), CONST64(0x0020200820202000), - CONST64(0x0020200000000020), CONST64(0x0020200800000020), CONST64(0x0020200020000020), CONST64(0x0020200820000020), - CONST64(0x0020200000200020), CONST64(0x0020200800200020), CONST64(0x0020200020200020), CONST64(0x0020200820200020), - CONST64(0x0020200000002020), CONST64(0x0020200800002020), CONST64(0x0020200020002020), CONST64(0x0020200820002020), - CONST64(0x0020200000202020), CONST64(0x0020200800202020), CONST64(0x0020200020202020), CONST64(0x0020200820202020), - CONST64(0x2020200000000000), CONST64(0x2020200800000000), CONST64(0x2020200020000000), CONST64(0x2020200820000000), - CONST64(0x2020200000200000), CONST64(0x2020200800200000), CONST64(0x2020200020200000), CONST64(0x2020200820200000), - CONST64(0x2020200000002000), CONST64(0x2020200800002000), CONST64(0x2020200020002000), CONST64(0x2020200820002000), - CONST64(0x2020200000202000), CONST64(0x2020200800202000), CONST64(0x2020200020202000), CONST64(0x2020200820202000), - CONST64(0x2020200000000020), CONST64(0x2020200800000020), CONST64(0x2020200020000020), CONST64(0x2020200820000020), - CONST64(0x2020200000200020), CONST64(0x2020200800200020), CONST64(0x2020200020200020), CONST64(0x2020200820200020), - CONST64(0x2020200000002020), CONST64(0x2020200800002020), CONST64(0x2020200020002020), CONST64(0x2020200820002020), - CONST64(0x2020200000202020), CONST64(0x2020200800202020), CONST64(0x2020200020202020), CONST64(0x2020200820202020) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000002000000000), CONST64(0x0000000080000000), CONST64(0x0000002080000000), - CONST64(0x0000000000800000), CONST64(0x0000002000800000), CONST64(0x0000000080800000), CONST64(0x0000002080800000), - CONST64(0x0000000000008000), CONST64(0x0000002000008000), CONST64(0x0000000080008000), CONST64(0x0000002080008000), - CONST64(0x0000000000808000), CONST64(0x0000002000808000), CONST64(0x0000000080808000), CONST64(0x0000002080808000), - CONST64(0x0000000000000080), CONST64(0x0000002000000080), CONST64(0x0000000080000080), CONST64(0x0000002080000080), - CONST64(0x0000000000800080), CONST64(0x0000002000800080), CONST64(0x0000000080800080), CONST64(0x0000002080800080), - CONST64(0x0000000000008080), CONST64(0x0000002000008080), CONST64(0x0000000080008080), CONST64(0x0000002080008080), - CONST64(0x0000000000808080), CONST64(0x0000002000808080), CONST64(0x0000000080808080), CONST64(0x0000002080808080), - CONST64(0x8000000000000000), CONST64(0x8000002000000000), CONST64(0x8000000080000000), CONST64(0x8000002080000000), - CONST64(0x8000000000800000), CONST64(0x8000002000800000), CONST64(0x8000000080800000), CONST64(0x8000002080800000), - CONST64(0x8000000000008000), CONST64(0x8000002000008000), CONST64(0x8000000080008000), CONST64(0x8000002080008000), - CONST64(0x8000000000808000), CONST64(0x8000002000808000), CONST64(0x8000000080808000), CONST64(0x8000002080808000), - CONST64(0x8000000000000080), CONST64(0x8000002000000080), CONST64(0x8000000080000080), CONST64(0x8000002080000080), - CONST64(0x8000000000800080), CONST64(0x8000002000800080), CONST64(0x8000000080800080), CONST64(0x8000002080800080), - CONST64(0x8000000000008080), CONST64(0x8000002000008080), CONST64(0x8000000080008080), CONST64(0x8000002080008080), - CONST64(0x8000000000808080), CONST64(0x8000002000808080), CONST64(0x8000000080808080), CONST64(0x8000002080808080), - CONST64(0x0080000000000000), CONST64(0x0080002000000000), CONST64(0x0080000080000000), CONST64(0x0080002080000000), - CONST64(0x0080000000800000), CONST64(0x0080002000800000), CONST64(0x0080000080800000), CONST64(0x0080002080800000), - CONST64(0x0080000000008000), CONST64(0x0080002000008000), CONST64(0x0080000080008000), CONST64(0x0080002080008000), - CONST64(0x0080000000808000), CONST64(0x0080002000808000), CONST64(0x0080000080808000), CONST64(0x0080002080808000), - CONST64(0x0080000000000080), CONST64(0x0080002000000080), CONST64(0x0080000080000080), CONST64(0x0080002080000080), - CONST64(0x0080000000800080), CONST64(0x0080002000800080), CONST64(0x0080000080800080), CONST64(0x0080002080800080), - CONST64(0x0080000000008080), CONST64(0x0080002000008080), CONST64(0x0080000080008080), CONST64(0x0080002080008080), - CONST64(0x0080000000808080), CONST64(0x0080002000808080), CONST64(0x0080000080808080), CONST64(0x0080002080808080), - CONST64(0x8080000000000000), CONST64(0x8080002000000000), CONST64(0x8080000080000000), CONST64(0x8080002080000000), - CONST64(0x8080000000800000), CONST64(0x8080002000800000), CONST64(0x8080000080800000), CONST64(0x8080002080800000), - CONST64(0x8080000000008000), CONST64(0x8080002000008000), CONST64(0x8080000080008000), CONST64(0x8080002080008000), - CONST64(0x8080000000808000), CONST64(0x8080002000808000), CONST64(0x8080000080808000), CONST64(0x8080002080808000), - CONST64(0x8080000000000080), CONST64(0x8080002000000080), CONST64(0x8080000080000080), CONST64(0x8080002080000080), - CONST64(0x8080000000800080), CONST64(0x8080002000800080), CONST64(0x8080000080800080), CONST64(0x8080002080800080), - CONST64(0x8080000000008080), CONST64(0x8080002000008080), CONST64(0x8080000080008080), CONST64(0x8080002080008080), - CONST64(0x8080000000808080), CONST64(0x8080002000808080), CONST64(0x8080000080808080), CONST64(0x8080002080808080), - CONST64(0x0000800000000000), CONST64(0x0000802000000000), CONST64(0x0000800080000000), CONST64(0x0000802080000000), - CONST64(0x0000800000800000), CONST64(0x0000802000800000), CONST64(0x0000800080800000), CONST64(0x0000802080800000), - CONST64(0x0000800000008000), CONST64(0x0000802000008000), CONST64(0x0000800080008000), CONST64(0x0000802080008000), - CONST64(0x0000800000808000), CONST64(0x0000802000808000), CONST64(0x0000800080808000), CONST64(0x0000802080808000), - CONST64(0x0000800000000080), CONST64(0x0000802000000080), CONST64(0x0000800080000080), CONST64(0x0000802080000080), - CONST64(0x0000800000800080), CONST64(0x0000802000800080), CONST64(0x0000800080800080), CONST64(0x0000802080800080), - CONST64(0x0000800000008080), CONST64(0x0000802000008080), CONST64(0x0000800080008080), CONST64(0x0000802080008080), - CONST64(0x0000800000808080), CONST64(0x0000802000808080), CONST64(0x0000800080808080), CONST64(0x0000802080808080), - CONST64(0x8000800000000000), CONST64(0x8000802000000000), CONST64(0x8000800080000000), CONST64(0x8000802080000000), - CONST64(0x8000800000800000), CONST64(0x8000802000800000), CONST64(0x8000800080800000), CONST64(0x8000802080800000), - CONST64(0x8000800000008000), CONST64(0x8000802000008000), CONST64(0x8000800080008000), CONST64(0x8000802080008000), - CONST64(0x8000800000808000), CONST64(0x8000802000808000), CONST64(0x8000800080808000), CONST64(0x8000802080808000), - CONST64(0x8000800000000080), CONST64(0x8000802000000080), CONST64(0x8000800080000080), CONST64(0x8000802080000080), - CONST64(0x8000800000800080), CONST64(0x8000802000800080), CONST64(0x8000800080800080), CONST64(0x8000802080800080), - CONST64(0x8000800000008080), CONST64(0x8000802000008080), CONST64(0x8000800080008080), CONST64(0x8000802080008080), - CONST64(0x8000800000808080), CONST64(0x8000802000808080), CONST64(0x8000800080808080), CONST64(0x8000802080808080), - CONST64(0x0080800000000000), CONST64(0x0080802000000000), CONST64(0x0080800080000000), CONST64(0x0080802080000000), - CONST64(0x0080800000800000), CONST64(0x0080802000800000), CONST64(0x0080800080800000), CONST64(0x0080802080800000), - CONST64(0x0080800000008000), CONST64(0x0080802000008000), CONST64(0x0080800080008000), CONST64(0x0080802080008000), - CONST64(0x0080800000808000), CONST64(0x0080802000808000), CONST64(0x0080800080808000), CONST64(0x0080802080808000), - CONST64(0x0080800000000080), CONST64(0x0080802000000080), CONST64(0x0080800080000080), CONST64(0x0080802080000080), - CONST64(0x0080800000800080), CONST64(0x0080802000800080), CONST64(0x0080800080800080), CONST64(0x0080802080800080), - CONST64(0x0080800000008080), CONST64(0x0080802000008080), CONST64(0x0080800080008080), CONST64(0x0080802080008080), - CONST64(0x0080800000808080), CONST64(0x0080802000808080), CONST64(0x0080800080808080), CONST64(0x0080802080808080), - CONST64(0x8080800000000000), CONST64(0x8080802000000000), CONST64(0x8080800080000000), CONST64(0x8080802080000000), - CONST64(0x8080800000800000), CONST64(0x8080802000800000), CONST64(0x8080800080800000), CONST64(0x8080802080800000), - CONST64(0x8080800000008000), CONST64(0x8080802000008000), CONST64(0x8080800080008000), CONST64(0x8080802080008000), - CONST64(0x8080800000808000), CONST64(0x8080802000808000), CONST64(0x8080800080808000), CONST64(0x8080802080808000), - CONST64(0x8080800000000080), CONST64(0x8080802000000080), CONST64(0x8080800080000080), CONST64(0x8080802080000080), - CONST64(0x8080800000800080), CONST64(0x8080802000800080), CONST64(0x8080800080800080), CONST64(0x8080802080800080), - CONST64(0x8080800000008080), CONST64(0x8080802000008080), CONST64(0x8080800080008080), CONST64(0x8080802080008080), - CONST64(0x8080800000808080), CONST64(0x8080802000808080), CONST64(0x8080800080808080), CONST64(0x8080802080808080) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000004000000000), CONST64(0x0000000001000000), CONST64(0x0000004001000000), - CONST64(0x0000000000010000), CONST64(0x0000004000010000), CONST64(0x0000000001010000), CONST64(0x0000004001010000), - CONST64(0x0000000000000100), CONST64(0x0000004000000100), CONST64(0x0000000001000100), CONST64(0x0000004001000100), - CONST64(0x0000000000010100), CONST64(0x0000004000010100), CONST64(0x0000000001010100), CONST64(0x0000004001010100), - CONST64(0x0000000000000001), CONST64(0x0000004000000001), CONST64(0x0000000001000001), CONST64(0x0000004001000001), - CONST64(0x0000000000010001), CONST64(0x0000004000010001), CONST64(0x0000000001010001), CONST64(0x0000004001010001), - CONST64(0x0000000000000101), CONST64(0x0000004000000101), CONST64(0x0000000001000101), CONST64(0x0000004001000101), - CONST64(0x0000000000010101), CONST64(0x0000004000010101), CONST64(0x0000000001010101), CONST64(0x0000004001010101), - CONST64(0x0100000000000000), CONST64(0x0100004000000000), CONST64(0x0100000001000000), CONST64(0x0100004001000000), - CONST64(0x0100000000010000), CONST64(0x0100004000010000), CONST64(0x0100000001010000), CONST64(0x0100004001010000), - CONST64(0x0100000000000100), CONST64(0x0100004000000100), CONST64(0x0100000001000100), CONST64(0x0100004001000100), - CONST64(0x0100000000010100), CONST64(0x0100004000010100), CONST64(0x0100000001010100), CONST64(0x0100004001010100), - CONST64(0x0100000000000001), CONST64(0x0100004000000001), CONST64(0x0100000001000001), CONST64(0x0100004001000001), - CONST64(0x0100000000010001), CONST64(0x0100004000010001), CONST64(0x0100000001010001), CONST64(0x0100004001010001), - CONST64(0x0100000000000101), CONST64(0x0100004000000101), CONST64(0x0100000001000101), CONST64(0x0100004001000101), - CONST64(0x0100000000010101), CONST64(0x0100004000010101), CONST64(0x0100000001010101), CONST64(0x0100004001010101), - CONST64(0x0001000000000000), CONST64(0x0001004000000000), CONST64(0x0001000001000000), CONST64(0x0001004001000000), - CONST64(0x0001000000010000), CONST64(0x0001004000010000), CONST64(0x0001000001010000), CONST64(0x0001004001010000), - CONST64(0x0001000000000100), CONST64(0x0001004000000100), CONST64(0x0001000001000100), CONST64(0x0001004001000100), - CONST64(0x0001000000010100), CONST64(0x0001004000010100), CONST64(0x0001000001010100), CONST64(0x0001004001010100), - CONST64(0x0001000000000001), CONST64(0x0001004000000001), CONST64(0x0001000001000001), CONST64(0x0001004001000001), - CONST64(0x0001000000010001), CONST64(0x0001004000010001), CONST64(0x0001000001010001), CONST64(0x0001004001010001), - CONST64(0x0001000000000101), CONST64(0x0001004000000101), CONST64(0x0001000001000101), CONST64(0x0001004001000101), - CONST64(0x0001000000010101), CONST64(0x0001004000010101), CONST64(0x0001000001010101), CONST64(0x0001004001010101), - CONST64(0x0101000000000000), CONST64(0x0101004000000000), CONST64(0x0101000001000000), CONST64(0x0101004001000000), - CONST64(0x0101000000010000), CONST64(0x0101004000010000), CONST64(0x0101000001010000), CONST64(0x0101004001010000), - CONST64(0x0101000000000100), CONST64(0x0101004000000100), CONST64(0x0101000001000100), CONST64(0x0101004001000100), - CONST64(0x0101000000010100), CONST64(0x0101004000010100), CONST64(0x0101000001010100), CONST64(0x0101004001010100), - CONST64(0x0101000000000001), CONST64(0x0101004000000001), CONST64(0x0101000001000001), CONST64(0x0101004001000001), - CONST64(0x0101000000010001), CONST64(0x0101004000010001), CONST64(0x0101000001010001), CONST64(0x0101004001010001), - CONST64(0x0101000000000101), CONST64(0x0101004000000101), CONST64(0x0101000001000101), CONST64(0x0101004001000101), - CONST64(0x0101000000010101), CONST64(0x0101004000010101), CONST64(0x0101000001010101), CONST64(0x0101004001010101), - CONST64(0x0000010000000000), CONST64(0x0000014000000000), CONST64(0x0000010001000000), CONST64(0x0000014001000000), - CONST64(0x0000010000010000), CONST64(0x0000014000010000), CONST64(0x0000010001010000), CONST64(0x0000014001010000), - CONST64(0x0000010000000100), CONST64(0x0000014000000100), CONST64(0x0000010001000100), CONST64(0x0000014001000100), - CONST64(0x0000010000010100), CONST64(0x0000014000010100), CONST64(0x0000010001010100), CONST64(0x0000014001010100), - CONST64(0x0000010000000001), CONST64(0x0000014000000001), CONST64(0x0000010001000001), CONST64(0x0000014001000001), - CONST64(0x0000010000010001), CONST64(0x0000014000010001), CONST64(0x0000010001010001), CONST64(0x0000014001010001), - CONST64(0x0000010000000101), CONST64(0x0000014000000101), CONST64(0x0000010001000101), CONST64(0x0000014001000101), - CONST64(0x0000010000010101), CONST64(0x0000014000010101), CONST64(0x0000010001010101), CONST64(0x0000014001010101), - CONST64(0x0100010000000000), CONST64(0x0100014000000000), CONST64(0x0100010001000000), CONST64(0x0100014001000000), - CONST64(0x0100010000010000), CONST64(0x0100014000010000), CONST64(0x0100010001010000), CONST64(0x0100014001010000), - CONST64(0x0100010000000100), CONST64(0x0100014000000100), CONST64(0x0100010001000100), CONST64(0x0100014001000100), - CONST64(0x0100010000010100), CONST64(0x0100014000010100), CONST64(0x0100010001010100), CONST64(0x0100014001010100), - CONST64(0x0100010000000001), CONST64(0x0100014000000001), CONST64(0x0100010001000001), CONST64(0x0100014001000001), - CONST64(0x0100010000010001), CONST64(0x0100014000010001), CONST64(0x0100010001010001), CONST64(0x0100014001010001), - CONST64(0x0100010000000101), CONST64(0x0100014000000101), CONST64(0x0100010001000101), CONST64(0x0100014001000101), - CONST64(0x0100010000010101), CONST64(0x0100014000010101), CONST64(0x0100010001010101), CONST64(0x0100014001010101), - CONST64(0x0001010000000000), CONST64(0x0001014000000000), CONST64(0x0001010001000000), CONST64(0x0001014001000000), - CONST64(0x0001010000010000), CONST64(0x0001014000010000), CONST64(0x0001010001010000), CONST64(0x0001014001010000), - CONST64(0x0001010000000100), CONST64(0x0001014000000100), CONST64(0x0001010001000100), CONST64(0x0001014001000100), - CONST64(0x0001010000010100), CONST64(0x0001014000010100), CONST64(0x0001010001010100), CONST64(0x0001014001010100), - CONST64(0x0001010000000001), CONST64(0x0001014000000001), CONST64(0x0001010001000001), CONST64(0x0001014001000001), - CONST64(0x0001010000010001), CONST64(0x0001014000010001), CONST64(0x0001010001010001), CONST64(0x0001014001010001), - CONST64(0x0001010000000101), CONST64(0x0001014000000101), CONST64(0x0001010001000101), CONST64(0x0001014001000101), - CONST64(0x0001010000010101), CONST64(0x0001014000010101), CONST64(0x0001010001010101), CONST64(0x0001014001010101), - CONST64(0x0101010000000000), CONST64(0x0101014000000000), CONST64(0x0101010001000000), CONST64(0x0101014001000000), - CONST64(0x0101010000010000), CONST64(0x0101014000010000), CONST64(0x0101010001010000), CONST64(0x0101014001010000), - CONST64(0x0101010000000100), CONST64(0x0101014000000100), CONST64(0x0101010001000100), CONST64(0x0101014001000100), - CONST64(0x0101010000010100), CONST64(0x0101014000010100), CONST64(0x0101010001010100), CONST64(0x0101014001010100), - CONST64(0x0101010000000001), CONST64(0x0101014000000001), CONST64(0x0101010001000001), CONST64(0x0101014001000001), - CONST64(0x0101010000010001), CONST64(0x0101014000010001), CONST64(0x0101010001010001), CONST64(0x0101014001010001), - CONST64(0x0101010000000101), CONST64(0x0101014000000101), CONST64(0x0101010001000101), CONST64(0x0101014001000101), - CONST64(0x0101010000010101), CONST64(0x0101014000010101), CONST64(0x0101010001010101), CONST64(0x0101014001010101) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000000100000000), CONST64(0x0000000004000000), CONST64(0x0000000104000000), - CONST64(0x0000000000040000), CONST64(0x0000000100040000), CONST64(0x0000000004040000), CONST64(0x0000000104040000), - CONST64(0x0000000000000400), CONST64(0x0000000100000400), CONST64(0x0000000004000400), CONST64(0x0000000104000400), - CONST64(0x0000000000040400), CONST64(0x0000000100040400), CONST64(0x0000000004040400), CONST64(0x0000000104040400), - CONST64(0x0000000000000004), CONST64(0x0000000100000004), CONST64(0x0000000004000004), CONST64(0x0000000104000004), - CONST64(0x0000000000040004), CONST64(0x0000000100040004), CONST64(0x0000000004040004), CONST64(0x0000000104040004), - CONST64(0x0000000000000404), CONST64(0x0000000100000404), CONST64(0x0000000004000404), CONST64(0x0000000104000404), - CONST64(0x0000000000040404), CONST64(0x0000000100040404), CONST64(0x0000000004040404), CONST64(0x0000000104040404), - CONST64(0x0400000000000000), CONST64(0x0400000100000000), CONST64(0x0400000004000000), CONST64(0x0400000104000000), - CONST64(0x0400000000040000), CONST64(0x0400000100040000), CONST64(0x0400000004040000), CONST64(0x0400000104040000), - CONST64(0x0400000000000400), CONST64(0x0400000100000400), CONST64(0x0400000004000400), CONST64(0x0400000104000400), - CONST64(0x0400000000040400), CONST64(0x0400000100040400), CONST64(0x0400000004040400), CONST64(0x0400000104040400), - CONST64(0x0400000000000004), CONST64(0x0400000100000004), CONST64(0x0400000004000004), CONST64(0x0400000104000004), - CONST64(0x0400000000040004), CONST64(0x0400000100040004), CONST64(0x0400000004040004), CONST64(0x0400000104040004), - CONST64(0x0400000000000404), CONST64(0x0400000100000404), CONST64(0x0400000004000404), CONST64(0x0400000104000404), - CONST64(0x0400000000040404), CONST64(0x0400000100040404), CONST64(0x0400000004040404), CONST64(0x0400000104040404), - CONST64(0x0004000000000000), CONST64(0x0004000100000000), CONST64(0x0004000004000000), CONST64(0x0004000104000000), - CONST64(0x0004000000040000), CONST64(0x0004000100040000), CONST64(0x0004000004040000), CONST64(0x0004000104040000), - CONST64(0x0004000000000400), CONST64(0x0004000100000400), CONST64(0x0004000004000400), CONST64(0x0004000104000400), - CONST64(0x0004000000040400), CONST64(0x0004000100040400), CONST64(0x0004000004040400), CONST64(0x0004000104040400), - CONST64(0x0004000000000004), CONST64(0x0004000100000004), CONST64(0x0004000004000004), CONST64(0x0004000104000004), - CONST64(0x0004000000040004), CONST64(0x0004000100040004), CONST64(0x0004000004040004), CONST64(0x0004000104040004), - CONST64(0x0004000000000404), CONST64(0x0004000100000404), CONST64(0x0004000004000404), CONST64(0x0004000104000404), - CONST64(0x0004000000040404), CONST64(0x0004000100040404), CONST64(0x0004000004040404), CONST64(0x0004000104040404), - CONST64(0x0404000000000000), CONST64(0x0404000100000000), CONST64(0x0404000004000000), CONST64(0x0404000104000000), - CONST64(0x0404000000040000), CONST64(0x0404000100040000), CONST64(0x0404000004040000), CONST64(0x0404000104040000), - CONST64(0x0404000000000400), CONST64(0x0404000100000400), CONST64(0x0404000004000400), CONST64(0x0404000104000400), - CONST64(0x0404000000040400), CONST64(0x0404000100040400), CONST64(0x0404000004040400), CONST64(0x0404000104040400), - CONST64(0x0404000000000004), CONST64(0x0404000100000004), CONST64(0x0404000004000004), CONST64(0x0404000104000004), - CONST64(0x0404000000040004), CONST64(0x0404000100040004), CONST64(0x0404000004040004), CONST64(0x0404000104040004), - CONST64(0x0404000000000404), CONST64(0x0404000100000404), CONST64(0x0404000004000404), CONST64(0x0404000104000404), - CONST64(0x0404000000040404), CONST64(0x0404000100040404), CONST64(0x0404000004040404), CONST64(0x0404000104040404), - CONST64(0x0000040000000000), CONST64(0x0000040100000000), CONST64(0x0000040004000000), CONST64(0x0000040104000000), - CONST64(0x0000040000040000), CONST64(0x0000040100040000), CONST64(0x0000040004040000), CONST64(0x0000040104040000), - CONST64(0x0000040000000400), CONST64(0x0000040100000400), CONST64(0x0000040004000400), CONST64(0x0000040104000400), - CONST64(0x0000040000040400), CONST64(0x0000040100040400), CONST64(0x0000040004040400), CONST64(0x0000040104040400), - CONST64(0x0000040000000004), CONST64(0x0000040100000004), CONST64(0x0000040004000004), CONST64(0x0000040104000004), - CONST64(0x0000040000040004), CONST64(0x0000040100040004), CONST64(0x0000040004040004), CONST64(0x0000040104040004), - CONST64(0x0000040000000404), CONST64(0x0000040100000404), CONST64(0x0000040004000404), CONST64(0x0000040104000404), - CONST64(0x0000040000040404), CONST64(0x0000040100040404), CONST64(0x0000040004040404), CONST64(0x0000040104040404), - CONST64(0x0400040000000000), CONST64(0x0400040100000000), CONST64(0x0400040004000000), CONST64(0x0400040104000000), - CONST64(0x0400040000040000), CONST64(0x0400040100040000), CONST64(0x0400040004040000), CONST64(0x0400040104040000), - CONST64(0x0400040000000400), CONST64(0x0400040100000400), CONST64(0x0400040004000400), CONST64(0x0400040104000400), - CONST64(0x0400040000040400), CONST64(0x0400040100040400), CONST64(0x0400040004040400), CONST64(0x0400040104040400), - CONST64(0x0400040000000004), CONST64(0x0400040100000004), CONST64(0x0400040004000004), CONST64(0x0400040104000004), - CONST64(0x0400040000040004), CONST64(0x0400040100040004), CONST64(0x0400040004040004), CONST64(0x0400040104040004), - CONST64(0x0400040000000404), CONST64(0x0400040100000404), CONST64(0x0400040004000404), CONST64(0x0400040104000404), - CONST64(0x0400040000040404), CONST64(0x0400040100040404), CONST64(0x0400040004040404), CONST64(0x0400040104040404), - CONST64(0x0004040000000000), CONST64(0x0004040100000000), CONST64(0x0004040004000000), CONST64(0x0004040104000000), - CONST64(0x0004040000040000), CONST64(0x0004040100040000), CONST64(0x0004040004040000), CONST64(0x0004040104040000), - CONST64(0x0004040000000400), CONST64(0x0004040100000400), CONST64(0x0004040004000400), CONST64(0x0004040104000400), - CONST64(0x0004040000040400), CONST64(0x0004040100040400), CONST64(0x0004040004040400), CONST64(0x0004040104040400), - CONST64(0x0004040000000004), CONST64(0x0004040100000004), CONST64(0x0004040004000004), CONST64(0x0004040104000004), - CONST64(0x0004040000040004), CONST64(0x0004040100040004), CONST64(0x0004040004040004), CONST64(0x0004040104040004), - CONST64(0x0004040000000404), CONST64(0x0004040100000404), CONST64(0x0004040004000404), CONST64(0x0004040104000404), - CONST64(0x0004040000040404), CONST64(0x0004040100040404), CONST64(0x0004040004040404), CONST64(0x0004040104040404), - CONST64(0x0404040000000000), CONST64(0x0404040100000000), CONST64(0x0404040004000000), CONST64(0x0404040104000000), - CONST64(0x0404040000040000), CONST64(0x0404040100040000), CONST64(0x0404040004040000), CONST64(0x0404040104040000), - CONST64(0x0404040000000400), CONST64(0x0404040100000400), CONST64(0x0404040004000400), CONST64(0x0404040104000400), - CONST64(0x0404040000040400), CONST64(0x0404040100040400), CONST64(0x0404040004040400), CONST64(0x0404040104040400), - CONST64(0x0404040000000004), CONST64(0x0404040100000004), CONST64(0x0404040004000004), CONST64(0x0404040104000004), - CONST64(0x0404040000040004), CONST64(0x0404040100040004), CONST64(0x0404040004040004), CONST64(0x0404040104040004), - CONST64(0x0404040000000404), CONST64(0x0404040100000404), CONST64(0x0404040004000404), CONST64(0x0404040104000404), - CONST64(0x0404040000040404), CONST64(0x0404040100040404), CONST64(0x0404040004040404), CONST64(0x0404040104040404) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000000400000000), CONST64(0x0000000010000000), CONST64(0x0000000410000000), - CONST64(0x0000000000100000), CONST64(0x0000000400100000), CONST64(0x0000000010100000), CONST64(0x0000000410100000), - CONST64(0x0000000000001000), CONST64(0x0000000400001000), CONST64(0x0000000010001000), CONST64(0x0000000410001000), - CONST64(0x0000000000101000), CONST64(0x0000000400101000), CONST64(0x0000000010101000), CONST64(0x0000000410101000), - CONST64(0x0000000000000010), CONST64(0x0000000400000010), CONST64(0x0000000010000010), CONST64(0x0000000410000010), - CONST64(0x0000000000100010), CONST64(0x0000000400100010), CONST64(0x0000000010100010), CONST64(0x0000000410100010), - CONST64(0x0000000000001010), CONST64(0x0000000400001010), CONST64(0x0000000010001010), CONST64(0x0000000410001010), - CONST64(0x0000000000101010), CONST64(0x0000000400101010), CONST64(0x0000000010101010), CONST64(0x0000000410101010), - CONST64(0x1000000000000000), CONST64(0x1000000400000000), CONST64(0x1000000010000000), CONST64(0x1000000410000000), - CONST64(0x1000000000100000), CONST64(0x1000000400100000), CONST64(0x1000000010100000), CONST64(0x1000000410100000), - CONST64(0x1000000000001000), CONST64(0x1000000400001000), CONST64(0x1000000010001000), CONST64(0x1000000410001000), - CONST64(0x1000000000101000), CONST64(0x1000000400101000), CONST64(0x1000000010101000), CONST64(0x1000000410101000), - CONST64(0x1000000000000010), CONST64(0x1000000400000010), CONST64(0x1000000010000010), CONST64(0x1000000410000010), - CONST64(0x1000000000100010), CONST64(0x1000000400100010), CONST64(0x1000000010100010), CONST64(0x1000000410100010), - CONST64(0x1000000000001010), CONST64(0x1000000400001010), CONST64(0x1000000010001010), CONST64(0x1000000410001010), - CONST64(0x1000000000101010), CONST64(0x1000000400101010), CONST64(0x1000000010101010), CONST64(0x1000000410101010), - CONST64(0x0010000000000000), CONST64(0x0010000400000000), CONST64(0x0010000010000000), CONST64(0x0010000410000000), - CONST64(0x0010000000100000), CONST64(0x0010000400100000), CONST64(0x0010000010100000), CONST64(0x0010000410100000), - CONST64(0x0010000000001000), CONST64(0x0010000400001000), CONST64(0x0010000010001000), CONST64(0x0010000410001000), - CONST64(0x0010000000101000), CONST64(0x0010000400101000), CONST64(0x0010000010101000), CONST64(0x0010000410101000), - CONST64(0x0010000000000010), CONST64(0x0010000400000010), CONST64(0x0010000010000010), CONST64(0x0010000410000010), - CONST64(0x0010000000100010), CONST64(0x0010000400100010), CONST64(0x0010000010100010), CONST64(0x0010000410100010), - CONST64(0x0010000000001010), CONST64(0x0010000400001010), CONST64(0x0010000010001010), CONST64(0x0010000410001010), - CONST64(0x0010000000101010), CONST64(0x0010000400101010), CONST64(0x0010000010101010), CONST64(0x0010000410101010), - CONST64(0x1010000000000000), CONST64(0x1010000400000000), CONST64(0x1010000010000000), CONST64(0x1010000410000000), - CONST64(0x1010000000100000), CONST64(0x1010000400100000), CONST64(0x1010000010100000), CONST64(0x1010000410100000), - CONST64(0x1010000000001000), CONST64(0x1010000400001000), CONST64(0x1010000010001000), CONST64(0x1010000410001000), - CONST64(0x1010000000101000), CONST64(0x1010000400101000), CONST64(0x1010000010101000), CONST64(0x1010000410101000), - CONST64(0x1010000000000010), CONST64(0x1010000400000010), CONST64(0x1010000010000010), CONST64(0x1010000410000010), - CONST64(0x1010000000100010), CONST64(0x1010000400100010), CONST64(0x1010000010100010), CONST64(0x1010000410100010), - CONST64(0x1010000000001010), CONST64(0x1010000400001010), CONST64(0x1010000010001010), CONST64(0x1010000410001010), - CONST64(0x1010000000101010), CONST64(0x1010000400101010), CONST64(0x1010000010101010), CONST64(0x1010000410101010), - CONST64(0x0000100000000000), CONST64(0x0000100400000000), CONST64(0x0000100010000000), CONST64(0x0000100410000000), - CONST64(0x0000100000100000), CONST64(0x0000100400100000), CONST64(0x0000100010100000), CONST64(0x0000100410100000), - CONST64(0x0000100000001000), CONST64(0x0000100400001000), CONST64(0x0000100010001000), CONST64(0x0000100410001000), - CONST64(0x0000100000101000), CONST64(0x0000100400101000), CONST64(0x0000100010101000), CONST64(0x0000100410101000), - CONST64(0x0000100000000010), CONST64(0x0000100400000010), CONST64(0x0000100010000010), CONST64(0x0000100410000010), - CONST64(0x0000100000100010), CONST64(0x0000100400100010), CONST64(0x0000100010100010), CONST64(0x0000100410100010), - CONST64(0x0000100000001010), CONST64(0x0000100400001010), CONST64(0x0000100010001010), CONST64(0x0000100410001010), - CONST64(0x0000100000101010), CONST64(0x0000100400101010), CONST64(0x0000100010101010), CONST64(0x0000100410101010), - CONST64(0x1000100000000000), CONST64(0x1000100400000000), CONST64(0x1000100010000000), CONST64(0x1000100410000000), - CONST64(0x1000100000100000), CONST64(0x1000100400100000), CONST64(0x1000100010100000), CONST64(0x1000100410100000), - CONST64(0x1000100000001000), CONST64(0x1000100400001000), CONST64(0x1000100010001000), CONST64(0x1000100410001000), - CONST64(0x1000100000101000), CONST64(0x1000100400101000), CONST64(0x1000100010101000), CONST64(0x1000100410101000), - CONST64(0x1000100000000010), CONST64(0x1000100400000010), CONST64(0x1000100010000010), CONST64(0x1000100410000010), - CONST64(0x1000100000100010), CONST64(0x1000100400100010), CONST64(0x1000100010100010), CONST64(0x1000100410100010), - CONST64(0x1000100000001010), CONST64(0x1000100400001010), CONST64(0x1000100010001010), CONST64(0x1000100410001010), - CONST64(0x1000100000101010), CONST64(0x1000100400101010), CONST64(0x1000100010101010), CONST64(0x1000100410101010), - CONST64(0x0010100000000000), CONST64(0x0010100400000000), CONST64(0x0010100010000000), CONST64(0x0010100410000000), - CONST64(0x0010100000100000), CONST64(0x0010100400100000), CONST64(0x0010100010100000), CONST64(0x0010100410100000), - CONST64(0x0010100000001000), CONST64(0x0010100400001000), CONST64(0x0010100010001000), CONST64(0x0010100410001000), - CONST64(0x0010100000101000), CONST64(0x0010100400101000), CONST64(0x0010100010101000), CONST64(0x0010100410101000), - CONST64(0x0010100000000010), CONST64(0x0010100400000010), CONST64(0x0010100010000010), CONST64(0x0010100410000010), - CONST64(0x0010100000100010), CONST64(0x0010100400100010), CONST64(0x0010100010100010), CONST64(0x0010100410100010), - CONST64(0x0010100000001010), CONST64(0x0010100400001010), CONST64(0x0010100010001010), CONST64(0x0010100410001010), - CONST64(0x0010100000101010), CONST64(0x0010100400101010), CONST64(0x0010100010101010), CONST64(0x0010100410101010), - CONST64(0x1010100000000000), CONST64(0x1010100400000000), CONST64(0x1010100010000000), CONST64(0x1010100410000000), - CONST64(0x1010100000100000), CONST64(0x1010100400100000), CONST64(0x1010100010100000), CONST64(0x1010100410100000), - CONST64(0x1010100000001000), CONST64(0x1010100400001000), CONST64(0x1010100010001000), CONST64(0x1010100410001000), - CONST64(0x1010100000101000), CONST64(0x1010100400101000), CONST64(0x1010100010101000), CONST64(0x1010100410101000), - CONST64(0x1010100000000010), CONST64(0x1010100400000010), CONST64(0x1010100010000010), CONST64(0x1010100410000010), - CONST64(0x1010100000100010), CONST64(0x1010100400100010), CONST64(0x1010100010100010), CONST64(0x1010100410100010), - CONST64(0x1010100000001010), CONST64(0x1010100400001010), CONST64(0x1010100010001010), CONST64(0x1010100410001010), - CONST64(0x1010100000101010), CONST64(0x1010100400101010), CONST64(0x1010100010101010), CONST64(0x1010100410101010) - }, -{ CONST64(0x0000000000000000), CONST64(0x0000001000000000), CONST64(0x0000000040000000), CONST64(0x0000001040000000), - CONST64(0x0000000000400000), CONST64(0x0000001000400000), CONST64(0x0000000040400000), CONST64(0x0000001040400000), - CONST64(0x0000000000004000), CONST64(0x0000001000004000), CONST64(0x0000000040004000), CONST64(0x0000001040004000), - CONST64(0x0000000000404000), CONST64(0x0000001000404000), CONST64(0x0000000040404000), CONST64(0x0000001040404000), - CONST64(0x0000000000000040), CONST64(0x0000001000000040), CONST64(0x0000000040000040), CONST64(0x0000001040000040), - CONST64(0x0000000000400040), CONST64(0x0000001000400040), CONST64(0x0000000040400040), CONST64(0x0000001040400040), - CONST64(0x0000000000004040), CONST64(0x0000001000004040), CONST64(0x0000000040004040), CONST64(0x0000001040004040), - CONST64(0x0000000000404040), CONST64(0x0000001000404040), CONST64(0x0000000040404040), CONST64(0x0000001040404040), - CONST64(0x4000000000000000), CONST64(0x4000001000000000), CONST64(0x4000000040000000), CONST64(0x4000001040000000), - CONST64(0x4000000000400000), CONST64(0x4000001000400000), CONST64(0x4000000040400000), CONST64(0x4000001040400000), - CONST64(0x4000000000004000), CONST64(0x4000001000004000), CONST64(0x4000000040004000), CONST64(0x4000001040004000), - CONST64(0x4000000000404000), CONST64(0x4000001000404000), CONST64(0x4000000040404000), CONST64(0x4000001040404000), - CONST64(0x4000000000000040), CONST64(0x4000001000000040), CONST64(0x4000000040000040), CONST64(0x4000001040000040), - CONST64(0x4000000000400040), CONST64(0x4000001000400040), CONST64(0x4000000040400040), CONST64(0x4000001040400040), - CONST64(0x4000000000004040), CONST64(0x4000001000004040), CONST64(0x4000000040004040), CONST64(0x4000001040004040), - CONST64(0x4000000000404040), CONST64(0x4000001000404040), CONST64(0x4000000040404040), CONST64(0x4000001040404040), - CONST64(0x0040000000000000), CONST64(0x0040001000000000), CONST64(0x0040000040000000), CONST64(0x0040001040000000), - CONST64(0x0040000000400000), CONST64(0x0040001000400000), CONST64(0x0040000040400000), CONST64(0x0040001040400000), - CONST64(0x0040000000004000), CONST64(0x0040001000004000), CONST64(0x0040000040004000), CONST64(0x0040001040004000), - CONST64(0x0040000000404000), CONST64(0x0040001000404000), CONST64(0x0040000040404000), CONST64(0x0040001040404000), - CONST64(0x0040000000000040), CONST64(0x0040001000000040), CONST64(0x0040000040000040), CONST64(0x0040001040000040), - CONST64(0x0040000000400040), CONST64(0x0040001000400040), CONST64(0x0040000040400040), CONST64(0x0040001040400040), - CONST64(0x0040000000004040), CONST64(0x0040001000004040), CONST64(0x0040000040004040), CONST64(0x0040001040004040), - CONST64(0x0040000000404040), CONST64(0x0040001000404040), CONST64(0x0040000040404040), CONST64(0x0040001040404040), - CONST64(0x4040000000000000), CONST64(0x4040001000000000), CONST64(0x4040000040000000), CONST64(0x4040001040000000), - CONST64(0x4040000000400000), CONST64(0x4040001000400000), CONST64(0x4040000040400000), CONST64(0x4040001040400000), - CONST64(0x4040000000004000), CONST64(0x4040001000004000), CONST64(0x4040000040004000), CONST64(0x4040001040004000), - CONST64(0x4040000000404000), CONST64(0x4040001000404000), CONST64(0x4040000040404000), CONST64(0x4040001040404000), - CONST64(0x4040000000000040), CONST64(0x4040001000000040), CONST64(0x4040000040000040), CONST64(0x4040001040000040), - CONST64(0x4040000000400040), CONST64(0x4040001000400040), CONST64(0x4040000040400040), CONST64(0x4040001040400040), - CONST64(0x4040000000004040), CONST64(0x4040001000004040), CONST64(0x4040000040004040), CONST64(0x4040001040004040), - CONST64(0x4040000000404040), CONST64(0x4040001000404040), CONST64(0x4040000040404040), CONST64(0x4040001040404040), - CONST64(0x0000400000000000), CONST64(0x0000401000000000), CONST64(0x0000400040000000), CONST64(0x0000401040000000), - CONST64(0x0000400000400000), CONST64(0x0000401000400000), CONST64(0x0000400040400000), CONST64(0x0000401040400000), - CONST64(0x0000400000004000), CONST64(0x0000401000004000), CONST64(0x0000400040004000), CONST64(0x0000401040004000), - CONST64(0x0000400000404000), CONST64(0x0000401000404000), CONST64(0x0000400040404000), CONST64(0x0000401040404000), - CONST64(0x0000400000000040), CONST64(0x0000401000000040), CONST64(0x0000400040000040), CONST64(0x0000401040000040), - CONST64(0x0000400000400040), CONST64(0x0000401000400040), CONST64(0x0000400040400040), CONST64(0x0000401040400040), - CONST64(0x0000400000004040), CONST64(0x0000401000004040), CONST64(0x0000400040004040), CONST64(0x0000401040004040), - CONST64(0x0000400000404040), CONST64(0x0000401000404040), CONST64(0x0000400040404040), CONST64(0x0000401040404040), - CONST64(0x4000400000000000), CONST64(0x4000401000000000), CONST64(0x4000400040000000), CONST64(0x4000401040000000), - CONST64(0x4000400000400000), CONST64(0x4000401000400000), CONST64(0x4000400040400000), CONST64(0x4000401040400000), - CONST64(0x4000400000004000), CONST64(0x4000401000004000), CONST64(0x4000400040004000), CONST64(0x4000401040004000), - CONST64(0x4000400000404000), CONST64(0x4000401000404000), CONST64(0x4000400040404000), CONST64(0x4000401040404000), - CONST64(0x4000400000000040), CONST64(0x4000401000000040), CONST64(0x4000400040000040), CONST64(0x4000401040000040), - CONST64(0x4000400000400040), CONST64(0x4000401000400040), CONST64(0x4000400040400040), CONST64(0x4000401040400040), - CONST64(0x4000400000004040), CONST64(0x4000401000004040), CONST64(0x4000400040004040), CONST64(0x4000401040004040), - CONST64(0x4000400000404040), CONST64(0x4000401000404040), CONST64(0x4000400040404040), CONST64(0x4000401040404040), - CONST64(0x0040400000000000), CONST64(0x0040401000000000), CONST64(0x0040400040000000), CONST64(0x0040401040000000), - CONST64(0x0040400000400000), CONST64(0x0040401000400000), CONST64(0x0040400040400000), CONST64(0x0040401040400000), - CONST64(0x0040400000004000), CONST64(0x0040401000004000), CONST64(0x0040400040004000), CONST64(0x0040401040004000), - CONST64(0x0040400000404000), CONST64(0x0040401000404000), CONST64(0x0040400040404000), CONST64(0x0040401040404000), - CONST64(0x0040400000000040), CONST64(0x0040401000000040), CONST64(0x0040400040000040), CONST64(0x0040401040000040), - CONST64(0x0040400000400040), CONST64(0x0040401000400040), CONST64(0x0040400040400040), CONST64(0x0040401040400040), - CONST64(0x0040400000004040), CONST64(0x0040401000004040), CONST64(0x0040400040004040), CONST64(0x0040401040004040), - CONST64(0x0040400000404040), CONST64(0x0040401000404040), CONST64(0x0040400040404040), CONST64(0x0040401040404040), - CONST64(0x4040400000000000), CONST64(0x4040401000000000), CONST64(0x4040400040000000), CONST64(0x4040401040000000), - CONST64(0x4040400000400000), CONST64(0x4040401000400000), CONST64(0x4040400040400000), CONST64(0x4040401040400000), - CONST64(0x4040400000004000), CONST64(0x4040401000004000), CONST64(0x4040400040004000), CONST64(0x4040401040004000), - CONST64(0x4040400000404000), CONST64(0x4040401000404000), CONST64(0x4040400040404000), CONST64(0x4040401040404000), - CONST64(0x4040400000000040), CONST64(0x4040401000000040), CONST64(0x4040400040000040), CONST64(0x4040401040000040), - CONST64(0x4040400000400040), CONST64(0x4040401000400040), CONST64(0x4040400040400040), CONST64(0x4040401040400040), - CONST64(0x4040400000004040), CONST64(0x4040401000004040), CONST64(0x4040400040004040), CONST64(0x4040401040004040), - CONST64(0x4040400000404040), CONST64(0x4040401000404040), CONST64(0x4040400040404040), CONST64(0x4040401040404040) - }}; - -#endif - - -static void cookey(const ulong32 *raw1, ulong32 *keyout); - -#ifdef LTC_CLEAN_STACK -static void _deskey(const unsigned char *key, short edf, ulong32 *keyout) -#else -static void deskey(const unsigned char *key, short edf, ulong32 *keyout) -#endif -{ - ulong32 i, j, l, m, n, kn[32]; - unsigned char pc1m[56], pcr[56]; - - for (j=0; j < 56; j++) { - l = (ulong32)pc1[j]; - m = l & 7; - pc1m[j] = (unsigned char)((key[l >> 3U] & bytebit[m]) == bytebit[m] ? 1 : 0); - } - - for (i=0; i < 16; i++) { - if (edf == DE1) { - m = (15 - i) << 1; - } else { - m = i << 1; - } - n = m + 1; - kn[m] = kn[n] = 0L; - for (j=0; j < 28; j++) { - l = j + (ulong32)totrot[i]; - if (l < 28) { - pcr[j] = pc1m[l]; - } else { - pcr[j] = pc1m[l - 28]; - } - } - for (/*j = 28*/; j < 56; j++) { - l = j + (ulong32)totrot[i]; - if (l < 56) { - pcr[j] = pc1m[l]; - } else { - pcr[j] = pc1m[l - 28]; - } - } - for (j=0; j < 24; j++) { - if ((int)pcr[(int)pc2[j]] != 0) { - kn[m] |= bigbyte[j]; - } - if ((int)pcr[(int)pc2[j+24]] != 0) { - kn[n] |= bigbyte[j]; - } - } - } - - cookey(kn, keyout); -} - -#ifdef LTC_CLEAN_STACK -static void deskey(const unsigned char *key, short edf, ulong32 *keyout) -{ - _deskey(key, edf, keyout); - burn_stack(sizeof(int)*5 + sizeof(ulong32)*32 + sizeof(unsigned char)*112); -} -#endif - -#ifdef LTC_CLEAN_STACK -static void _cookey(const ulong32 *raw1, ulong32 *keyout) -#else -static void cookey(const ulong32 *raw1, ulong32 *keyout) -#endif -{ - ulong32 *cook; - const ulong32 *raw0; - ulong32 dough[32]; - int i; - - cook = dough; - for(i=0; i < 16; i++, raw1++) - { - raw0 = raw1++; - *cook = (*raw0 & 0x00fc0000L) << 6; - *cook |= (*raw0 & 0x00000fc0L) << 10; - *cook |= (*raw1 & 0x00fc0000L) >> 10; - *cook++ |= (*raw1 & 0x00000fc0L) >> 6; - *cook = (*raw0 & 0x0003f000L) << 12; - *cook |= (*raw0 & 0x0000003fL) << 16; - *cook |= (*raw1 & 0x0003f000L) >> 4; - *cook++ |= (*raw1 & 0x0000003fL); - } - - XMEMCPY(keyout, dough, sizeof(dough)); -} - -#ifdef LTC_CLEAN_STACK -static void cookey(const ulong32 *raw1, ulong32 *keyout) -{ - _cookey(raw1, keyout); - burn_stack(sizeof(ulong32 *) * 2 + sizeof(ulong32)*32 + sizeof(int)); -} -#endif - -#ifndef LTC_CLEAN_STACK -static void desfunc(ulong32 *block, const ulong32 *keys) -#else -static void _desfunc(ulong32 *block, const ulong32 *keys) -#endif -{ - ulong32 work, right, leftt; - int cur_round; - - leftt = block[0]; - right = block[1]; - -#ifdef LTC_SMALL_CODE - work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; - right ^= work; - leftt ^= (work << 4); - - work = ((leftt >> 16) ^ right) & 0x0000ffffL; - right ^= work; - leftt ^= (work << 16); - - work = ((right >> 2) ^ leftt) & 0x33333333L; - leftt ^= work; - right ^= (work << 2); - - work = ((right >> 8) ^ leftt) & 0x00ff00ffL; - leftt ^= work; - right ^= (work << 8); - - right = ROLc(right, 1); - work = (leftt ^ right) & 0xaaaaaaaaL; - - leftt ^= work; - right ^= work; - leftt = ROLc(leftt, 1); -#else - { - ulong64 tmp; - tmp = des_ip[0][byte(leftt, 0)] ^ - des_ip[1][byte(leftt, 1)] ^ - des_ip[2][byte(leftt, 2)] ^ - des_ip[3][byte(leftt, 3)] ^ - des_ip[4][byte(right, 0)] ^ - des_ip[5][byte(right, 1)] ^ - des_ip[6][byte(right, 2)] ^ - des_ip[7][byte(right, 3)]; - leftt = (ulong32)(tmp >> 32); - right = (ulong32)(tmp & 0xFFFFFFFFUL); - } -#endif - - for (cur_round = 0; cur_round < 8; cur_round++) { - work = RORc(right, 4) ^ *keys++; - leftt ^= SP7[work & 0x3fL] - ^ SP5[(work >> 8) & 0x3fL] - ^ SP3[(work >> 16) & 0x3fL] - ^ SP1[(work >> 24) & 0x3fL]; - work = right ^ *keys++; - leftt ^= SP8[ work & 0x3fL] - ^ SP6[(work >> 8) & 0x3fL] - ^ SP4[(work >> 16) & 0x3fL] - ^ SP2[(work >> 24) & 0x3fL]; - - work = RORc(leftt, 4) ^ *keys++; - right ^= SP7[ work & 0x3fL] - ^ SP5[(work >> 8) & 0x3fL] - ^ SP3[(work >> 16) & 0x3fL] - ^ SP1[(work >> 24) & 0x3fL]; - work = leftt ^ *keys++; - right ^= SP8[ work & 0x3fL] - ^ SP6[(work >> 8) & 0x3fL] - ^ SP4[(work >> 16) & 0x3fL] - ^ SP2[(work >> 24) & 0x3fL]; - } - -#ifdef LTC_SMALL_CODE - right = RORc(right, 1); - work = (leftt ^ right) & 0xaaaaaaaaL; - leftt ^= work; - right ^= work; - leftt = RORc(leftt, 1); - work = ((leftt >> 8) ^ right) & 0x00ff00ffL; - right ^= work; - leftt ^= (work << 8); - /* -- */ - work = ((leftt >> 2) ^ right) & 0x33333333L; - right ^= work; - leftt ^= (work << 2); - work = ((right >> 16) ^ leftt) & 0x0000ffffL; - leftt ^= work; - right ^= (work << 16); - work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; - leftt ^= work; - right ^= (work << 4); -#else - { - ulong64 tmp; - tmp = des_fp[0][byte(leftt, 0)] ^ - des_fp[1][byte(leftt, 1)] ^ - des_fp[2][byte(leftt, 2)] ^ - des_fp[3][byte(leftt, 3)] ^ - des_fp[4][byte(right, 0)] ^ - des_fp[5][byte(right, 1)] ^ - des_fp[6][byte(right, 2)] ^ - des_fp[7][byte(right, 3)]; - leftt = (ulong32)(tmp >> 32); - right = (ulong32)(tmp & 0xFFFFFFFFUL); - } -#endif - - block[0] = right; - block[1] = leftt; -} - -#ifdef LTC_CLEAN_STACK -static void desfunc(ulong32 *block, const ulong32 *keys) -{ - _desfunc(block, keys); - burn_stack(sizeof(ulong32) * 4 + sizeof(int)); -} -#endif - - /** - Initialize the LTC_DES block cipher - @param key The symmetric key you wish to pass - @param keylen The key length in bytes - @param num_rounds The number of rounds desired (0 for default) - @param skey The key in as scheduled by this function. - @return CRYPT_OK if successful - */ -int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) -{ - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(skey != NULL); - - if (num_rounds != 0 && num_rounds != 16) { - return CRYPT_INVALID_ROUNDS; - } - - if (keylen != 8) { - return CRYPT_INVALID_KEYSIZE; - } - - deskey(key, EN0, skey->des.ek); - deskey(key, DE1, skey->des.dk); - - return CRYPT_OK; -} - - /** - Initialize the 3LTC_DES-EDE block cipher - @param key The symmetric key you wish to pass - @param keylen The key length in bytes - @param num_rounds The number of rounds desired (0 for default) - @param skey The key in as scheduled by this function. - @return CRYPT_OK if successful - */ -int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) -{ - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(skey != NULL); - - if(num_rounds != 0 && num_rounds != 16) { - return CRYPT_INVALID_ROUNDS; - } - - if (keylen != 24 && keylen != 16) { - return CRYPT_INVALID_KEYSIZE; - } - - deskey(key, EN0, skey->des3.ek[0]); - deskey(key+8, DE1, skey->des3.ek[1]); - if (keylen == 24) { - deskey(key+16, EN0, skey->des3.ek[2]); - } else { - /* two-key 3DES: K3=K1 */ - deskey(key, EN0, skey->des3.ek[2]); - } - - deskey(key, DE1, skey->des3.dk[2]); - deskey(key+8, EN0, skey->des3.dk[1]); - if (keylen == 24) { - deskey(key+16, DE1, skey->des3.dk[0]); - } else { - /* two-key 3DES: K3=K1 */ - deskey(key, DE1, skey->des3.dk[0]); - } - - return CRYPT_OK; -} - -/** - Encrypts a block of text with LTC_DES - @param pt The input plaintext (8 bytes) - @param ct The output ciphertext (8 bytes) - @param skey The key as scheduled - @return CRYPT_OK if successful -*/ -int des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) -{ - ulong32 work[2]; - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(skey != NULL); - LOAD32H(work[0], pt+0); - LOAD32H(work[1], pt+4); - desfunc(work, skey->des.ek); - STORE32H(work[0],ct+0); - STORE32H(work[1],ct+4); - return CRYPT_OK; -} - -/** - Decrypts a block of text with LTC_DES - @param ct The input ciphertext (8 bytes) - @param pt The output plaintext (8 bytes) - @param skey The key as scheduled - @return CRYPT_OK if successful -*/ -int des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) -{ - ulong32 work[2]; - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(skey != NULL); - LOAD32H(work[0], ct+0); - LOAD32H(work[1], ct+4); - desfunc(work, skey->des.dk); - STORE32H(work[0],pt+0); - STORE32H(work[1],pt+4); - return CRYPT_OK; -} - -/** - Encrypts a block of text with 3LTC_DES-EDE - @param pt The input plaintext (8 bytes) - @param ct The output ciphertext (8 bytes) - @param skey The key as scheduled - @return CRYPT_OK if successful -*/ -int des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey) -{ - ulong32 work[2]; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(skey != NULL); - LOAD32H(work[0], pt+0); - LOAD32H(work[1], pt+4); - desfunc(work, skey->des3.ek[0]); - desfunc(work, skey->des3.ek[1]); - desfunc(work, skey->des3.ek[2]); - STORE32H(work[0],ct+0); - STORE32H(work[1],ct+4); - return CRYPT_OK; -} - -/** - Decrypts a block of text with 3LTC_DES-EDE - @param ct The input ciphertext (8 bytes) - @param pt The output plaintext (8 bytes) - @param skey The key as scheduled - @return CRYPT_OK if successful -*/ -int des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey) -{ - ulong32 work[2]; - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(skey != NULL); - LOAD32H(work[0], ct+0); - LOAD32H(work[1], ct+4); - desfunc(work, skey->des3.dk[0]); - desfunc(work, skey->des3.dk[1]); - desfunc(work, skey->des3.dk[2]); - STORE32H(work[0],pt+0); - STORE32H(work[1],pt+4); - return CRYPT_OK; -} - -/** - Performs a self-test of the LTC_DES block cipher - @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled -*/ -int des_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - int err; - static const struct des_test_case { - int num, mode; /* mode 1 = encrypt */ - unsigned char key[8], txt[8], out[8]; - } cases[] = { - { 1, 1, { 0x10, 0x31, 0x6E, 0x02, 0x8C, 0x8F, 0x3B, 0x4A }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x82, 0xDC, 0xBA, 0xFB, 0xDE, 0xAB, 0x66, 0x02 } }, - { 2, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x95, 0xF8, 0xA5, 0xE5, 0xDD, 0x31, 0xD9, 0x00 }, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, - { 3, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0xDD, 0x7F, 0x12, 0x1C, 0xA5, 0x01, 0x56, 0x19 }, - { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, - { 4, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x2E, 0x86, 0x53, 0x10, 0x4F, 0x38, 0x34, 0xEA }, - { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, - { 5, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x4B, 0xD3, 0x88, 0xFF, 0x6C, 0xD8, 0x1D, 0x4F }, - { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, - { 6, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x20, 0xB9, 0xE7, 0x67, 0xB2, 0xFB, 0x14, 0x56 }, - { 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, - { 7, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x55, 0x57, 0x93, 0x80, 0xD7, 0x71, 0x38, 0xEF }, - { 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, - { 8, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x6C, 0xC5, 0xDE, 0xFA, 0xAF, 0x04, 0x51, 0x2F }, - { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, - { 9, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x0D, 0x9F, 0x27, 0x9B, 0xA5, 0xD8, 0x72, 0x60 }, - { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, - {10, 1, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0xD9, 0x03, 0x1B, 0x02, 0x71, 0xBD, 0x5A, 0x0A }, - { 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, - - { 1, 0, { 0x10, 0x31, 0x6E, 0x02, 0x8C, 0x8F, 0x3B, 0x4A }, - { 0x82, 0xDC, 0xBA, 0xFB, 0xDE, 0xAB, 0x66, 0x02 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } }, - { 2, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x95, 0xF8, 0xA5, 0xE5, 0xDD, 0x31, 0xD9, 0x00 } }, - { 3, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xDD, 0x7F, 0x12, 0x1C, 0xA5, 0x01, 0x56, 0x19 } }, - { 4, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x2E, 0x86, 0x53, 0x10, 0x4F, 0x38, 0x34, 0xEA } }, - { 5, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x4B, 0xD3, 0x88, 0xFF, 0x6C, 0xD8, 0x1D, 0x4F } }, - { 6, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x20, 0xB9, 0xE7, 0x67, 0xB2, 0xFB, 0x14, 0x56 } }, - { 7, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x55, 0x57, 0x93, 0x80, 0xD7, 0x71, 0x38, 0xEF } }, - { 8, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x6C, 0xC5, 0xDE, 0xFA, 0xAF, 0x04, 0x51, 0x2F } }, - { 9, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x0D, 0x9F, 0x27, 0x9B, 0xA5, 0xD8, 0x72, 0x60 } }, - {10, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xD9, 0x03, 0x1B, 0x02, 0x71, 0xBD, 0x5A, 0x0A } }, - -#ifdef LTC_TEST_EXT - { 0+11, 0, { 0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x95, 0xA8, 0xD7, 0x28, 0x13, 0xDA, 0xA9, 0x4D } }, - { 1+11, 0, { 0x40, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x0E, 0xEC, 0x14, 0x87, 0xDD, 0x8C, 0x26, 0xD5 } }, - { 2+11, 0, { 0x20, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x7A, 0xD1, 0x6F, 0xFB, 0x79, 0xC4, 0x59, 0x26 } }, - { 3+11, 0, { 0x10, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xD3, 0x74, 0x62, 0x94, 0xCA, 0x6A, 0x6C, 0xF3 } }, - { 4+11, 0, { 0x08, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x80, 0x9F, 0x5F, 0x87, 0x3C, 0x1F, 0xD7, 0x61 } }, - { 5+11, 0, { 0x04, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xC0, 0x2F, 0xAF, 0xFE, 0xC9, 0x89, 0xD1, 0xFC } }, - { 6+11, 0, { 0x02, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x46, 0x15, 0xAA, 0x1D, 0x33, 0xE7, 0x2F, 0x10 } }, - { 7+11, 0, { 0x01, 0x80, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x20, 0x55, 0x12, 0x33, 0x50, 0xC0, 0x08, 0x58 } }, - { 8+11, 0, { 0x01, 0x40, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xDF, 0x3B, 0x99, 0xD6, 0x57, 0x73, 0x97, 0xC8 } }, - { 9+11, 0, { 0x01, 0x20, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x31, 0xFE, 0x17, 0x36, 0x9B, 0x52, 0x88, 0xC9 } }, - {10+11, 0, { 0x01, 0x10, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xDF, 0xDD, 0x3C, 0xC6, 0x4D, 0xAE, 0x16, 0x42 } }, - {11+11, 0, { 0x01, 0x08, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x17, 0x8C, 0x83, 0xCE, 0x2B, 0x39, 0x9D, 0x94 } }, - {12+11, 0, { 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x50, 0xF6, 0x36, 0x32, 0x4A, 0x9B, 0x7F, 0x80 } }, - {13+11, 0, { 0x01, 0x02, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xA8, 0x46, 0x8E, 0xE3, 0xBC, 0x18, 0xF0, 0x6D } }, - {14+11, 0, { 0x01, 0x01, 0x80, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xA2, 0xDC, 0x9E, 0x92, 0xFD, 0x3C, 0xDE, 0x92 } }, - {15+11, 0, { 0x01, 0x01, 0x40, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xCA, 0xC0, 0x9F, 0x79, 0x7D, 0x03, 0x12, 0x87 } }, - {16+11, 0, { 0x01, 0x01, 0x20, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x90, 0xBA, 0x68, 0x0B, 0x22, 0xAE, 0xB5, 0x25 } }, - {17+11, 0, { 0x01, 0x01, 0x10, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xCE, 0x7A, 0x24, 0xF3, 0x50, 0xE2, 0x80, 0xB6 } }, - {18+11, 0, { 0x01, 0x01, 0x08, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x88, 0x2B, 0xFF, 0x0A, 0xA0, 0x1A, 0x0B, 0x87 } }, - {19+11, 0, { 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x25, 0x61, 0x02, 0x88, 0x92, 0x45, 0x11, 0xC2 } }, - {20+11, 0, { 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xC7, 0x15, 0x16, 0xC2, 0x9C, 0x75, 0xD1, 0x70 } }, - {21+11, 0, { 0x01, 0x01, 0x01, 0x80, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x51, 0x99, 0xC2, 0x9A, 0x52, 0xC9, 0xF0, 0x59 } }, - {22+11, 0, { 0x01, 0x01, 0x01, 0x40, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xC2, 0x2F, 0x0A, 0x29, 0x4A, 0x71, 0xF2, 0x9F } }, - {23+11, 0, { 0x01, 0x01, 0x01, 0x20, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xEE, 0x37, 0x14, 0x83, 0x71, 0x4C, 0x02, 0xEA } }, - {24+11, 0, { 0x01, 0x01, 0x01, 0x10, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xA8, 0x1F, 0xBD, 0x44, 0x8F, 0x9E, 0x52, 0x2F } }, - {25+11, 0, { 0x01, 0x01, 0x01, 0x08, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x4F, 0x64, 0x4C, 0x92, 0xE1, 0x92, 0xDF, 0xED } }, - {26+11, 0, { 0x01, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x1A, 0xFA, 0x9A, 0x66, 0xA6, 0xDF, 0x92, 0xAE } }, - {27+11, 0, { 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xB3, 0xC1, 0xCC, 0x71, 0x5C, 0xB8, 0x79, 0xD8 } }, - {28+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x80, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x19, 0xD0, 0x32, 0xE6, 0x4A, 0xB0, 0xBD, 0x8B } }, - {29+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x40, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x3C, 0xFA, 0xA7, 0xA7, 0xDC, 0x87, 0x20, 0xDC } }, - {30+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x20, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xB7, 0x26, 0x5F, 0x7F, 0x44, 0x7A, 0xC6, 0xF3 } }, - {31+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x10, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x9D, 0xB7, 0x3B, 0x3C, 0x0D, 0x16, 0x3F, 0x54 } }, - {32+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x08, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x81, 0x81, 0xB6, 0x5B, 0xAB, 0xF4, 0xA9, 0x75 } }, - {33+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x04, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x93, 0xC9, 0xB6, 0x40, 0x42, 0xEA, 0xA2, 0x40 } }, - {34+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x55, 0x70, 0x53, 0x08, 0x29, 0x70, 0x55, 0x92 } }, - {35+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x80, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x86, 0x38, 0x80, 0x9E, 0x87, 0x87, 0x87, 0xA0 } }, - {36+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x40, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x41, 0xB9, 0xA7, 0x9A, 0xF7, 0x9A, 0xC2, 0x08 } }, - {37+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x7A, 0x9B, 0xE4, 0x2F, 0x20, 0x09, 0xA8, 0x92 } }, - {38+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x10, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x29, 0x03, 0x8D, 0x56, 0xBA, 0x6D, 0x27, 0x45 } }, - {39+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x08, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x54, 0x95, 0xC6, 0xAB, 0xF1, 0xE5, 0xDF, 0x51 } }, - {40+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x04, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xAE, 0x13, 0xDB, 0xD5, 0x61, 0x48, 0x89, 0x33 } }, - {41+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x02, 0x4D, 0x1F, 0xFA, 0x89, 0x04, 0xE3, 0x89 } }, - {42+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xD1, 0x39, 0x97, 0x12, 0xF9, 0x9B, 0xF0, 0x2E } }, - {43+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x40, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x14, 0xC1, 0xD7, 0xC1, 0xCF, 0xFE, 0xC7, 0x9E } }, - {44+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x1D, 0xE5, 0x27, 0x9D, 0xAE, 0x3B, 0xED, 0x6F } }, - {45+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x10, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xE9, 0x41, 0xA3, 0x3F, 0x85, 0x50, 0x13, 0x03 } }, - {46+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x08, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xDA, 0x99, 0xDB, 0xBC, 0x9A, 0x03, 0xF3, 0x79 } }, - {47+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x04, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xB7, 0xFC, 0x92, 0xF9, 0x1D, 0x8E, 0x92, 0xE9 } }, - {48+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02, 0x01 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xAE, 0x8E, 0x5C, 0xAA, 0x3C, 0xA0, 0x4E, 0x85 } }, - {49+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x80 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x9C, 0xC6, 0x2D, 0xF4, 0x3B, 0x6E, 0xED, 0x74 } }, - {50+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x40 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xD8, 0x63, 0xDB, 0xB5, 0xC5, 0x9A, 0x91, 0xA0 } }, - {51+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x20 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xA1, 0xAB, 0x21, 0x90, 0x54, 0x5B, 0x91, 0xD7 } }, - {52+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x10 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x08, 0x75, 0x04, 0x1E, 0x64, 0xC5, 0x70, 0xF7 } }, - {53+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x08 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x5A, 0x59, 0x45, 0x28, 0xBE, 0xBE, 0xF1, 0xCC } }, - {54+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x04 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xFC, 0xDB, 0x32, 0x91, 0xDE, 0x21, 0xF0, 0xC0 } }, - {55+11, 0, { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x02 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x86, 0x9E, 0xFD, 0x7F, 0x9F, 0x26, 0x5A, 0x09 } }, -#endif /* LTC_TEST_EXT */ - - /*** more test cases you could add if you are not convinced (the above test cases aren't really too good): - - key plaintext ciphertext - 0000000000000000 0000000000000000 8CA64DE9C1B123A7 - FFFFFFFFFFFFFFFF FFFFFFFFFFFFFFFF 7359B2163E4EDC58 - 3000000000000000 1000000000000001 958E6E627A05557B - 1111111111111111 1111111111111111 F40379AB9E0EC533 - 0123456789ABCDEF 1111111111111111 17668DFC7292532D - 1111111111111111 0123456789ABCDEF 8A5AE1F81AB8F2DD - 0000000000000000 0000000000000000 8CA64DE9C1B123A7 - FEDCBA9876543210 0123456789ABCDEF ED39D950FA74BCC4 - 7CA110454A1A6E57 01A1D6D039776742 690F5B0D9A26939B - 0131D9619DC1376E 5CD54CA83DEF57DA 7A389D10354BD271 - 07A1133E4A0B2686 0248D43806F67172 868EBB51CAB4599A - 3849674C2602319E 51454B582DDF440A 7178876E01F19B2A - 04B915BA43FEB5B6 42FD443059577FA2 AF37FB421F8C4095 - 0113B970FD34F2CE 059B5E0851CF143A 86A560F10EC6D85B - 0170F175468FB5E6 0756D8E0774761D2 0CD3DA020021DC09 - 43297FAD38E373FE 762514B829BF486A EA676B2CB7DB2B7A - 07A7137045DA2A16 3BDD119049372802 DFD64A815CAF1A0F - 04689104C2FD3B2F 26955F6835AF609A 5C513C9C4886C088 - 37D06BB516CB7546 164D5E404F275232 0A2AEEAE3FF4AB77 - 1F08260D1AC2465E 6B056E18759F5CCA EF1BF03E5DFA575A - 584023641ABA6176 004BD6EF09176062 88BF0DB6D70DEE56 - 025816164629B007 480D39006EE762F2 A1F9915541020B56 - 49793EBC79B3258F 437540C8698F3CFA 6FBF1CAFCFFD0556 - 4FB05E1515AB73A7 072D43A077075292 2F22E49BAB7CA1AC - 49E95D6D4CA229BF 02FE55778117F12A 5A6B612CC26CCE4A - 018310DC409B26D6 1D9D5C5018F728C2 5F4C038ED12B2E41 - 1C587F1C13924FEF 305532286D6F295A 63FAC0D034D9F793 - 0101010101010101 0123456789ABCDEF 617B3A0CE8F07100 - 1F1F1F1F0E0E0E0E 0123456789ABCDEF DB958605F8C8C606 - E0FEE0FEF1FEF1FE 0123456789ABCDEF EDBFD1C66C29CCC7 - 0000000000000000 FFFFFFFFFFFFFFFF 355550B2150E2451 - FFFFFFFFFFFFFFFF 0000000000000000 CAAAAF4DEAF1DBAE - 0123456789ABCDEF 0000000000000000 D5D44FF720683D0D - FEDCBA9876543210 FFFFFFFFFFFFFFFF 2A2BB008DF97C2F2 - - http://www.ecs.soton.ac.uk/~prw99r/ez438/vectors.txt - ***/ - }; - int i, y; - unsigned char tmp[8]; - symmetric_key des; - - for(i=0; i < (int)(sizeof(cases)/sizeof(cases[0])); i++) - { - if ((err = des_setup(cases[i].key, 8, 0, &des)) != CRYPT_OK) { - return err; - } - if (cases[i].mode != 0) { - des_ecb_encrypt(cases[i].txt, tmp, &des); - } else { - des_ecb_decrypt(cases[i].txt, tmp, &des); - } - - if (compare_testvector(cases[i].out, sizeof(tmp), tmp, sizeof(tmp), "DES", i) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - - /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */ - for (y = 0; y < 8; y++) tmp[y] = 0; - for (y = 0; y < 1000; y++) des_ecb_encrypt(tmp, tmp, &des); - for (y = 0; y < 1000; y++) des_ecb_decrypt(tmp, tmp, &des); - for (y = 0; y < 8; y++) if (tmp[y] != 0) return CRYPT_FAIL_TESTVECTOR; - } - - return CRYPT_OK; - #endif -} - -int des3_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - unsigned char key[24], pt[8], ct[8], tmp[8]; - symmetric_key skey; - int x, err; - - if ((err = des_test()) != CRYPT_OK) { - return err; - } - - for (x = 0; x < 8; x++) { - pt[x] = x; - } - - for (x = 0; x < 24; x++) { - key[x] = x; - } - - if ((err = des3_setup(key, 24, 0, &skey)) != CRYPT_OK) { - return err; - } - - des3_ecb_encrypt(pt, ct, &skey); - des3_ecb_decrypt(ct, tmp, &skey); - - if (compare_testvector(pt, 8, tmp, 8, "3DES", 0) != 0) { - return CRYPT_FAIL_TESTVECTOR; - } - - return CRYPT_OK; - #endif -} - -/** Terminate the context - @param skey The scheduled key -*/ -void des_done(symmetric_key *skey) -{ - LTC_UNUSED_PARAM(skey); -} - -/** Terminate the context - @param skey The scheduled key -*/ -void des3_done(symmetric_key *skey) -{ - LTC_UNUSED_PARAM(skey); -} - - -/** - Gets suitable key size - @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. - @return CRYPT_OK if the input key size is acceptable. -*/ -int des_keysize(int *keysize) -{ - LTC_ARGCHK(keysize != NULL); - if(*keysize < 8) { - return CRYPT_INVALID_KEYSIZE; - } - *keysize = 8; - return CRYPT_OK; -} - -/** - Gets suitable key size - @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. - @return CRYPT_OK if the input key size is acceptable. -*/ -int des3_keysize(int *keysize) -{ - LTC_ARGCHK(keysize != NULL); - if (*keysize < 16) - return CRYPT_INVALID_KEYSIZE; - if (*keysize < 24) { - *keysize = 16; - return CRYPT_OK; - } - *keysize = 24; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/ciphers/rc2.c b/libs/tomcrypt/src/ciphers/rc2.c deleted file mode 100644 index 0c24c3237bc..00000000000 --- a/libs/tomcrypt/src/ciphers/rc2.c +++ /dev/null @@ -1,410 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -/**********************************************************************\ -* To commemorate the 1996 RSA Data Security Conference, the following * -* code is released into the public domain by its author. Prost! * -* * -* This cipher uses 16-bit words and little-endian byte ordering. * -* I wonder which processor it was optimized for? * -* * -* Thanks to CodeView, SoftIce, and D86 for helping bring this code to * -* the public. * -\**********************************************************************/ -#include "tomcrypt.h" - -/** - @file rc2.c - Implementation of RC2 with fixed effective key length of 64bits -*/ - -#ifdef LTC_RC2 - -const struct ltc_cipher_descriptor rc2_desc = { - "rc2", - 12, 8, 128, 8, 16, - &rc2_setup, - &rc2_ecb_encrypt, - &rc2_ecb_decrypt, - &rc2_test, - &rc2_done, - &rc2_keysize, - NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL -}; - -/* 256-entry permutation table, probably derived somehow from pi */ -static const unsigned char permute[256] = { - 217,120,249,196, 25,221,181,237, 40,233,253,121, 74,160,216,157, - 198,126, 55,131, 43,118, 83,142, 98, 76,100,136, 68,139,251,162, - 23,154, 89,245,135,179, 79, 19, 97, 69,109,141, 9,129,125, 50, - 189,143, 64,235,134,183,123, 11,240,149, 33, 34, 92,107, 78,130, - 84,214,101,147,206, 96,178, 28,115, 86,192, 20,167,140,241,220, - 18,117,202, 31, 59,190,228,209, 66, 61,212, 48,163, 60,182, 38, - 111,191, 14,218, 70,105, 7, 87, 39,242, 29,155,188,148, 67, 3, - 248, 17,199,246,144,239, 62,231, 6,195,213, 47,200,102, 30,215, - 8,232,234,222,128, 82,238,247,132,170,114,172, 53, 77,106, 42, - 150, 26,210,113, 90, 21, 73,116, 75,159,208, 94, 4, 24,164,236, - 194,224, 65,110, 15, 81,203,204, 36,145,175, 80,161,244,112, 57, - 153,124, 58,133, 35,184,180,122,252, 2, 54, 91, 37, 85,151, 49, - 45, 93,250,152,227,138,146,174, 5,223, 41, 16,103,108,186,201, - 211, 0,230,207,225,158,168, 44, 99, 22, 1, 63, 88,226,137,169, - 13, 56, 52, 27,171, 51,255,176,187, 72, 12, 95,185,177,205, 46, - 197,243,219, 71,229,165,156,119, 10,166, 32,104,254,127,193,173 -}; - - /** - Initialize the RC2 block cipher - @param key The symmetric key you wish to pass - @param keylen The key length in bytes - @param bits The effective key length in bits - @param num_rounds The number of rounds desired (0 for default) - @param skey The key in as scheduled by this function. - @return CRYPT_OK if successful - */ -int rc2_setup_ex(const unsigned char *key, int keylen, int bits, int num_rounds, symmetric_key *skey) -{ - unsigned *xkey = skey->rc2.xkey; - unsigned char tmp[128]; - unsigned T8, TM; - int i; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(skey != NULL); - - if (keylen == 0 || keylen > 128 || bits > 1024) { - return CRYPT_INVALID_KEYSIZE; - } - if (bits == 0) { - bits = 1024; - } - - if (num_rounds != 0 && num_rounds != 16) { - return CRYPT_INVALID_ROUNDS; - } - - for (i = 0; i < keylen; i++) { - tmp[i] = key[i] & 255; - } - - /* Phase 1: Expand input key to 128 bytes */ - if (keylen < 128) { - for (i = keylen; i < 128; i++) { - tmp[i] = permute[(tmp[i - 1] + tmp[i - keylen]) & 255]; - } - } - - /* Phase 2 - reduce effective key size to "bits" */ - T8 = (unsigned)(bits+7)>>3; - TM = (255 >> (unsigned)(7 & -bits)); - tmp[128 - T8] = permute[tmp[128 - T8] & TM]; - for (i = 127 - T8; i >= 0; i--) { - tmp[i] = permute[tmp[i + 1] ^ tmp[i + T8]]; - } - - /* Phase 3 - copy to xkey in little-endian order */ - for (i = 0; i < 64; i++) { - xkey[i] = (unsigned)tmp[2*i] + ((unsigned)tmp[2*i+1] << 8); - } - -#ifdef LTC_CLEAN_STACK - zeromem(tmp, sizeof(tmp)); -#endif - - return CRYPT_OK; -} - -/** - Initialize the RC2 block cipher - - The effective key length is here always keylen * 8 - - @param key The symmetric key you wish to pass - @param keylen The key length in bytes - @param num_rounds The number of rounds desired (0 for default) - @param skey The key in as scheduled by this function. - @return CRYPT_OK if successful -*/ -int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey) -{ - return rc2_setup_ex(key, keylen, keylen * 8, num_rounds, skey); -} - -/**********************************************************************\ -* Encrypt an 8-byte block of plaintext using the given key. * -\**********************************************************************/ -/** - Encrypts a block of text with RC2 - @param pt The input plaintext (8 bytes) - @param ct The output ciphertext (8 bytes) - @param skey The key as scheduled - @return CRYPT_OK if successful -*/ -#ifdef LTC_CLEAN_STACK -static int _rc2_ecb_encrypt( const unsigned char *pt, - unsigned char *ct, - symmetric_key *skey) -#else -int rc2_ecb_encrypt( const unsigned char *pt, - unsigned char *ct, - symmetric_key *skey) -#endif -{ - unsigned *xkey; - unsigned x76, x54, x32, x10, i; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(skey != NULL); - - xkey = skey->rc2.xkey; - - x76 = ((unsigned)pt[7] << 8) + (unsigned)pt[6]; - x54 = ((unsigned)pt[5] << 8) + (unsigned)pt[4]; - x32 = ((unsigned)pt[3] << 8) + (unsigned)pt[2]; - x10 = ((unsigned)pt[1] << 8) + (unsigned)pt[0]; - - for (i = 0; i < 16; i++) { - x10 = (x10 + (x32 & ~x76) + (x54 & x76) + xkey[4*i+0]) & 0xFFFF; - x10 = ((x10 << 1) | (x10 >> 15)); - - x32 = (x32 + (x54 & ~x10) + (x76 & x10) + xkey[4*i+1]) & 0xFFFF; - x32 = ((x32 << 2) | (x32 >> 14)); - - x54 = (x54 + (x76 & ~x32) + (x10 & x32) + xkey[4*i+2]) & 0xFFFF; - x54 = ((x54 << 3) | (x54 >> 13)); - - x76 = (x76 + (x10 & ~x54) + (x32 & x54) + xkey[4*i+3]) & 0xFFFF; - x76 = ((x76 << 5) | (x76 >> 11)); - - if (i == 4 || i == 10) { - x10 = (x10 + xkey[x76 & 63]) & 0xFFFF; - x32 = (x32 + xkey[x10 & 63]) & 0xFFFF; - x54 = (x54 + xkey[x32 & 63]) & 0xFFFF; - x76 = (x76 + xkey[x54 & 63]) & 0xFFFF; - } - } - - ct[0] = (unsigned char)x10; - ct[1] = (unsigned char)(x10 >> 8); - ct[2] = (unsigned char)x32; - ct[3] = (unsigned char)(x32 >> 8); - ct[4] = (unsigned char)x54; - ct[5] = (unsigned char)(x54 >> 8); - ct[6] = (unsigned char)x76; - ct[7] = (unsigned char)(x76 >> 8); - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -int rc2_ecb_encrypt( const unsigned char *pt, - unsigned char *ct, - symmetric_key *skey) -{ - int err = _rc2_ecb_encrypt(pt, ct, skey); - burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 5); - return err; -} -#endif - -/**********************************************************************\ -* Decrypt an 8-byte block of ciphertext using the given key. * -\**********************************************************************/ -/** - Decrypts a block of text with RC2 - @param ct The input ciphertext (8 bytes) - @param pt The output plaintext (8 bytes) - @param skey The key as scheduled - @return CRYPT_OK if successful -*/ -#ifdef LTC_CLEAN_STACK -static int _rc2_ecb_decrypt( const unsigned char *ct, - unsigned char *pt, - symmetric_key *skey) -#else -int rc2_ecb_decrypt( const unsigned char *ct, - unsigned char *pt, - symmetric_key *skey) -#endif -{ - unsigned x76, x54, x32, x10; - unsigned *xkey; - int i; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(skey != NULL); - - xkey = skey->rc2.xkey; - - x76 = ((unsigned)ct[7] << 8) + (unsigned)ct[6]; - x54 = ((unsigned)ct[5] << 8) + (unsigned)ct[4]; - x32 = ((unsigned)ct[3] << 8) + (unsigned)ct[2]; - x10 = ((unsigned)ct[1] << 8) + (unsigned)ct[0]; - - for (i = 15; i >= 0; i--) { - if (i == 4 || i == 10) { - x76 = (x76 - xkey[x54 & 63]) & 0xFFFF; - x54 = (x54 - xkey[x32 & 63]) & 0xFFFF; - x32 = (x32 - xkey[x10 & 63]) & 0xFFFF; - x10 = (x10 - xkey[x76 & 63]) & 0xFFFF; - } - - x76 = ((x76 << 11) | (x76 >> 5)); - x76 = (x76 - ((x10 & ~x54) + (x32 & x54) + xkey[4*i+3])) & 0xFFFF; - - x54 = ((x54 << 13) | (x54 >> 3)); - x54 = (x54 - ((x76 & ~x32) + (x10 & x32) + xkey[4*i+2])) & 0xFFFF; - - x32 = ((x32 << 14) | (x32 >> 2)); - x32 = (x32 - ((x54 & ~x10) + (x76 & x10) + xkey[4*i+1])) & 0xFFFF; - - x10 = ((x10 << 15) | (x10 >> 1)); - x10 = (x10 - ((x32 & ~x76) + (x54 & x76) + xkey[4*i+0])) & 0xFFFF; - } - - pt[0] = (unsigned char)x10; - pt[1] = (unsigned char)(x10 >> 8); - pt[2] = (unsigned char)x32; - pt[3] = (unsigned char)(x32 >> 8); - pt[4] = (unsigned char)x54; - pt[5] = (unsigned char)(x54 >> 8); - pt[6] = (unsigned char)x76; - pt[7] = (unsigned char)(x76 >> 8); - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -int rc2_ecb_decrypt( const unsigned char *ct, - unsigned char *pt, - symmetric_key *skey) -{ - int err = _rc2_ecb_decrypt(ct, pt, skey); - burn_stack(sizeof(unsigned *) + sizeof(unsigned) * 4 + sizeof(int)); - return err; -} -#endif - -/** - Performs a self-test of the RC2 block cipher - @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled -*/ -int rc2_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - int keylen, bits; - unsigned char key[16], pt[8], ct[8]; - } tests[] = { - - { 8, 63, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff } - }, - { 8, 64, - { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, - { 0x27, 0x8b, 0x27, 0xe4, 0x2e, 0x2f, 0x0d, 0x49 } - }, - { 8, 64, - { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }, - { 0x30, 0x64, 0x9e, 0xdf, 0x9b, 0xe7, 0xd2, 0xc2 } - }, - { 1, 64, - { 0x88, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x61, 0xa8, 0xa2, 0x44, 0xad, 0xac, 0xcc, 0xf0 } - }, - { 7, 64, - { 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x6c, 0xcf, 0x43, 0x08, 0x97, 0x4c, 0x26, 0x7f } - }, - { 16, 64, - { 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, 0x7f, - 0x0f, 0x79, 0xc3, 0x84, 0x62, 0x7b, 0xaf, 0xb2 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x1a, 0x80, 0x7d, 0x27, 0x2b, 0xbe, 0x5d, 0xb1 } - }, - { 16, 128, - { 0x88, 0xbc, 0xa9, 0x0e, 0x90, 0x87, 0x5a, 0x7f, - 0x0f, 0x79, 0xc3, 0x84, 0x62, 0x7b, 0xaf, 0xb2 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, - { 0x22, 0x69, 0x55, 0x2a, 0xb0, 0xf8, 0x5c, 0xa6 } - } - }; - int x, y, err; - symmetric_key skey; - unsigned char tmp[2][8]; - - for (x = 0; x < (int)(sizeof(tests) / sizeof(tests[0])); x++) { - zeromem(tmp, sizeof(tmp)); - if (tests[x].bits == (tests[x].keylen * 8)) { - if ((err = rc2_setup(tests[x].key, tests[x].keylen, 0, &skey)) != CRYPT_OK) { - return err; - } - } - else { - if ((err = rc2_setup_ex(tests[x].key, tests[x].keylen, tests[x].bits, 0, &skey)) != CRYPT_OK) { - return err; - } - } - - rc2_ecb_encrypt(tests[x].pt, tmp[0], &skey); - rc2_ecb_decrypt(tmp[0], tmp[1], &skey); - - if (compare_testvector(tmp[0], 8, tests[x].ct, 8, "RC2 CT", x) || - compare_testvector(tmp[1], 8, tests[x].pt, 8, "RC2 PT", x)) { - return CRYPT_FAIL_TESTVECTOR; - } - - /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */ - for (y = 0; y < 8; y++) tmp[0][y] = 0; - for (y = 0; y < 1000; y++) rc2_ecb_encrypt(tmp[0], tmp[0], &skey); - for (y = 0; y < 1000; y++) rc2_ecb_decrypt(tmp[0], tmp[0], &skey); - for (y = 0; y < 8; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR; - } - return CRYPT_OK; - #endif -} - -/** Terminate the context - @param skey The scheduled key -*/ -void rc2_done(symmetric_key *skey) -{ - LTC_UNUSED_PARAM(skey); -} - -/** - Gets suitable key size - @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable. - @return CRYPT_OK if the input key size is acceptable. -*/ -int rc2_keysize(int *keysize) -{ - LTC_ARGCHK(keysize != NULL); - if (*keysize < 1) { - return CRYPT_INVALID_KEYSIZE; - } else if (*keysize > 128) { - *keysize = 128; - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ccm/ccm_add_aad.c b/libs/tomcrypt/src/encauth/ccm/ccm_add_aad.c deleted file mode 100644 index a547c58bed3..00000000000 --- a/libs/tomcrypt/src/encauth/ccm/ccm_add_aad.c +++ /dev/null @@ -1,59 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_CCM_MODE - -/** - Add AAD to the CCM state - @param ccm The CCM state - @param adata The additional authentication data to add to the CCM state - @param adatalen The length of the AAD data. - @return CRYPT_OK on success - */ -int ccm_add_aad(ccm_state *ccm, - const unsigned char *adata, unsigned long adatalen) -{ - unsigned long y; - int err; - - LTC_ARGCHK(ccm != NULL); - LTC_ARGCHK(adata != NULL); - - if (ccm->aadlen < ccm->current_aadlen + adatalen) { - return CRYPT_INVALID_ARG; - } - ccm->current_aadlen += adatalen; - - /* now add the data */ - for (y = 0; y < adatalen; y++) { - if (ccm->x == 16) { - /* full block so let's encrypt it */ - if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) { - return err; - } - ccm->x = 0; - } - ccm->PAD[ccm->x++] ^= adata[y]; - } - - /* remainder? */ - if (ccm->aadlen == ccm->current_aadlen) { - if (ccm->x != 0) { - if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) { - return err; - } - } - ccm->x = 0; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ccm/ccm_add_nonce.c b/libs/tomcrypt/src/encauth/ccm/ccm_add_nonce.c deleted file mode 100644 index 5c11bbb9b99..00000000000 --- a/libs/tomcrypt/src/encauth/ccm/ccm_add_nonce.c +++ /dev/null @@ -1,109 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_CCM_MODE - -/** - Add nonce data to the CCM state - @param ccm The CCM state - @param nonce The nonce data to add - @param noncelen The length of the nonce - @return CRYPT_OK on success - */ -int ccm_add_nonce(ccm_state *ccm, - const unsigned char *nonce, unsigned long noncelen) -{ - unsigned long x, y, len; - int err; - - LTC_ARGCHK(ccm != NULL); - LTC_ARGCHK(nonce != NULL); - - /* increase L to match the nonce len */ - ccm->noncelen = (noncelen > 13) ? 13 : noncelen; - if ((15 - ccm->noncelen) > ccm->L) { - ccm->L = 15 - ccm->noncelen; - } - - /* decrease noncelen to match L */ - if ((ccm->noncelen + ccm->L) > 15) { - ccm->noncelen = 15 - ccm->L; - } - - /* form B_0 == flags | Nonce N | l(m) */ - x = 0; - ccm->PAD[x++] = (unsigned char)(((ccm->aadlen > 0) ? (1<<6) : 0) | - (((ccm->taglen - 2)>>1)<<3) | - (ccm->L-1)); - - /* nonce */ - for (y = 0; y < (16 - (ccm->L + 1)); y++) { - ccm->PAD[x++] = nonce[y]; - } - - /* store len */ - len = ccm->ptlen; - - /* shift len so the upper bytes of len are the contents of the length */ - for (y = ccm->L; y < 4; y++) { - len <<= 8; - } - - /* store l(m) (only store 32-bits) */ - for (y = 0; ccm->L > 4 && (ccm->L-y)>4; y++) { - ccm->PAD[x++] = 0; - } - for (; y < ccm->L; y++) { - ccm->PAD[x++] = (unsigned char)((len >> 24) & 255); - len <<= 8; - } - - /* encrypt PAD */ - if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) { - return err; - } - - /* handle header */ - ccm->x = 0; - if (ccm->aadlen > 0) { - /* store length */ - if (ccm->aadlen < ((1UL<<16) - (1UL<<8))) { - ccm->PAD[ccm->x++] ^= (ccm->aadlen>>8) & 255; - ccm->PAD[ccm->x++] ^= ccm->aadlen & 255; - } else { - ccm->PAD[ccm->x++] ^= 0xFF; - ccm->PAD[ccm->x++] ^= 0xFE; - ccm->PAD[ccm->x++] ^= (ccm->aadlen>>24) & 255; - ccm->PAD[ccm->x++] ^= (ccm->aadlen>>16) & 255; - ccm->PAD[ccm->x++] ^= (ccm->aadlen>>8) & 255; - ccm->PAD[ccm->x++] ^= ccm->aadlen & 255; - } - } - - /* setup the ctr counter */ - x = 0; - - /* flags */ - ccm->ctr[x++] = (unsigned char)ccm->L-1; - - /* nonce */ - for (y = 0; y < (16 - (ccm->L+1)); ++y) { - ccm->ctr[x++] = nonce[y]; - } - /* offset */ - while (x < 16) { - ccm->ctr[x++] = 0; - } - - ccm->CTRlen = 16; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ccm/ccm_done.c b/libs/tomcrypt/src/encauth/ccm/ccm_done.c deleted file mode 100644 index bd7fea31c51..00000000000 --- a/libs/tomcrypt/src/encauth/ccm/ccm_done.c +++ /dev/null @@ -1,61 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_CCM_MODE - -/** - Terminate a CCM stream - @param ccm The CCM state - @param tag [out] The destination for the MAC tag - @param taglen [in/out] The length of the MAC tag - @return CRYPT_OK on success - */ -int ccm_done(ccm_state *ccm, - unsigned char *tag, unsigned long *taglen) -{ - unsigned long x, y; - int err; - - LTC_ARGCHK(ccm != NULL); - - /* Check all data have been processed */ - if (ccm->ptlen != ccm->current_ptlen) { - return CRYPT_ERROR; - } - - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - - if (ccm->x != 0) { - if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) { - return err; - } - } - - /* setup CTR for the TAG (zero the count) */ - for (y = 15; y > 15 - ccm->L; y--) { - ccm->ctr[y] = 0x00; - } - if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->ctr, ccm->CTRPAD, &ccm->K)) != CRYPT_OK) { - return err; - } - - cipher_descriptor[ccm->cipher].done(&ccm->K); - - /* store the TAG */ - for (x = 0; x < 16 && x < *taglen; x++) { - tag[x] = ccm->PAD[x] ^ ccm->CTRPAD[x]; - } - *taglen = x; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ccm/ccm_init.c b/libs/tomcrypt/src/encauth/ccm/ccm_init.c deleted file mode 100644 index 4d4aaca3233..00000000000 --- a/libs/tomcrypt/src/encauth/ccm/ccm_init.c +++ /dev/null @@ -1,77 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_CCM_MODE - -/** - Initialize a CCM state - @param ccm The CCM state to initialize - @param cipher The index of the cipher to use - @param key The secret key - @param keylen The length of the secret key - @param ptlen The length of the plain/cipher text that will be processed - @param taglen The max length of the MAC tag - @param aadlen The length of the AAD - - @return CRYPT_OK on success - */ -int ccm_init(ccm_state *ccm, int cipher, - const unsigned char *key, int keylen, int ptlen, int taglen, int aadlen) -{ - int err; - - LTC_ARGCHK(ccm != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(taglen != 0); - - XMEMSET(ccm, 0, sizeof(ccm_state)); - - /* check cipher input */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - if (cipher_descriptor[cipher].block_length != 16) { - return CRYPT_INVALID_CIPHER; - } - - /* make sure the taglen is even and <= 16 */ - ccm->taglen = taglen; - ccm->taglen &= ~1; - if (ccm->taglen > 16) { - ccm->taglen = 16; - } - - /* can't use < 4 */ - if (ccm->taglen < 4) { - return CRYPT_INVALID_ARG; - } - - /* schedule key */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ccm->K)) != CRYPT_OK) { - return err; - } - ccm->cipher = cipher; - - /* let's get the L value */ - ccm->ptlen = ptlen; - ccm->L = 0; - while (ptlen) { - ++ccm->L; - ptlen >>= 8; - } - if (ccm->L <= 1) { - ccm->L = 2; - } - - ccm->aadlen = aadlen; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ccm/ccm_memory.c b/libs/tomcrypt/src/encauth/ccm/ccm_memory.c deleted file mode 100644 index 22de2b1f874..00000000000 --- a/libs/tomcrypt/src/encauth/ccm/ccm_memory.c +++ /dev/null @@ -1,403 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ccm_memory.c - CCM support, process a block of memory, Tom St Denis -*/ - -#ifdef LTC_CCM_MODE - -/** - CCM encrypt/decrypt and produce an authentication tag - - *1 'pt', 'ct' and 'tag' can both be 'in' or 'out', depending on 'direction' - - @param cipher The index of the cipher desired - @param key The secret key to use - @param keylen The length of the secret key (octets) - @param uskey A previously scheduled key [optional can be NULL] - @param nonce The session nonce [use once] - @param noncelen The length of the nonce - @param header The header for the session - @param headerlen The length of the header (octets) - @param pt [*1] The plaintext - @param ptlen The length of the plaintext (octets) - @param ct [*1] The ciphertext - @param tag [*1] The destination tag - @param taglen The max size and resulting size of the authentication tag - @param direction Encrypt or Decrypt direction (0 or 1) - @return CRYPT_OK if successful -*/ -int ccm_memory(int cipher, - const unsigned char *key, unsigned long keylen, - symmetric_key *uskey, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen, - int direction) -{ - unsigned char PAD[16], ctr[16], CTRPAD[16], ptTag[16], b, *pt_real; - unsigned char *pt_work = NULL; - symmetric_key *skey; - int err; - unsigned long len, L, x, y, z, CTRlen; -#ifdef LTC_FAST - LTC_FAST_TYPE fastMask = ~(LTC_FAST_TYPE)0; /* initialize fastMask at all zeroes */ -#endif - unsigned char mask = 0xff; /* initialize mask at all zeroes */ - - if (uskey == NULL) { - LTC_ARGCHK(key != NULL); - } - LTC_ARGCHK(nonce != NULL); - if (headerlen > 0) { - LTC_ARGCHK(header != NULL); - } - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - - pt_real = pt; - -#ifdef LTC_FAST - if (16 % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - /* check cipher input */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - if (cipher_descriptor[cipher].block_length != 16) { - return CRYPT_INVALID_CIPHER; - } - - /* make sure the taglen is even and <= 16 */ - *taglen &= ~1; - if (*taglen > 16) { - *taglen = 16; - } - - /* can't use < 4 */ - if (*taglen < 4) { - return CRYPT_INVALID_ARG; - } - - /* is there an accelerator? */ - if (cipher_descriptor[cipher].accel_ccm_memory != NULL) { - return cipher_descriptor[cipher].accel_ccm_memory( - key, keylen, - uskey, - nonce, noncelen, - header, headerlen, - pt, ptlen, - ct, - tag, taglen, - direction); - } - - /* let's get the L value */ - len = ptlen; - L = 0; - while (len) { - ++L; - len >>= 8; - } - if (L <= 1) { - L = 2; - } - - /* increase L to match the nonce len */ - noncelen = (noncelen > 13) ? 13 : noncelen; - if ((15 - noncelen) > L) { - L = 15 - noncelen; - } - - /* allocate mem for the symmetric key */ - if (uskey == NULL) { - skey = XMALLOC(sizeof(*skey)); - if (skey == NULL) { - return CRYPT_MEM; - } - - /* initialize the cipher */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) { - XFREE(skey); - return err; - } - } else { - skey = uskey; - } - - /* initialize buffer for pt */ - if (direction == CCM_DECRYPT && ptlen > 0) { - pt_work = XMALLOC(ptlen); - if (pt_work == NULL) { - goto error; - } - pt = pt_work; - } - - /* form B_0 == flags | Nonce N | l(m) */ - x = 0; - PAD[x++] = (unsigned char)(((headerlen > 0) ? (1<<6) : 0) | - (((*taglen - 2)>>1)<<3) | - (L-1)); - - /* nonce */ - for (y = 0; y < (16 - (L + 1)); y++) { - PAD[x++] = nonce[y]; - } - - /* store len */ - len = ptlen; - - /* shift len so the upper bytes of len are the contents of the length */ - for (y = L; y < 4; y++) { - len <<= 8; - } - - /* store l(m) (only store 32-bits) */ - for (y = 0; L > 4 && (L-y)>4; y++) { - PAD[x++] = 0; - } - for (; y < L; y++) { - PAD[x++] = (unsigned char)((len >> 24) & 255); - len <<= 8; - } - - /* encrypt PAD */ - if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { - goto error; - } - - /* handle header */ - if (headerlen > 0) { - x = 0; - - /* store length */ - if (headerlen < ((1UL<<16) - (1UL<<8))) { - PAD[x++] ^= (headerlen>>8) & 255; - PAD[x++] ^= headerlen & 255; - } else { - PAD[x++] ^= 0xFF; - PAD[x++] ^= 0xFE; - PAD[x++] ^= (headerlen>>24) & 255; - PAD[x++] ^= (headerlen>>16) & 255; - PAD[x++] ^= (headerlen>>8) & 255; - PAD[x++] ^= headerlen & 255; - } - - /* now add the data */ - for (y = 0; y < headerlen; y++) { - if (x == 16) { - /* full block so let's encrypt it */ - if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { - goto error; - } - x = 0; - } - PAD[x++] ^= header[y]; - } - - /* remainder */ - if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { - goto error; - } - } - - /* setup the ctr counter */ - x = 0; - - /* flags */ - ctr[x++] = (unsigned char)L-1; - - /* nonce */ - for (y = 0; y < (16 - (L+1)); ++y) { - ctr[x++] = nonce[y]; - } - /* offset */ - while (x < 16) { - ctr[x++] = 0; - } - - x = 0; - CTRlen = 16; - - /* now handle the PT */ - if (ptlen > 0) { - y = 0; -#ifdef LTC_FAST - if (ptlen & ~15) { - if (direction == CCM_ENCRYPT) { - for (; y < (ptlen & ~15); y += 16) { - /* increment the ctr? */ - for (z = 15; z > 15-L; z--) { - ctr[z] = (ctr[z] + 1) & 255; - if (ctr[z]) break; - } - if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) { - goto error; - } - - /* xor the PT against the pad first */ - for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&PAD[z])) ^= *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])); - *(LTC_FAST_TYPE_PTR_CAST(&ct[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) ^ *(LTC_FAST_TYPE_PTR_CAST(&CTRPAD[z])); - } - if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { - goto error; - } - } - } else { /* direction == CCM_DECRYPT */ - for (; y < (ptlen & ~15); y += 16) { - /* increment the ctr? */ - for (z = 15; z > 15-L; z--) { - ctr[z] = (ctr[z] + 1) & 255; - if (ctr[z]) break; - } - if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) { - goto error; - } - - /* xor the PT against the pad last */ - for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&ct[y+z])) ^ *(LTC_FAST_TYPE_PTR_CAST(&CTRPAD[z])); - *(LTC_FAST_TYPE_PTR_CAST(&PAD[z])) ^= *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])); - } - if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { - goto error; - } - } - } - } -#endif - - for (; y < ptlen; y++) { - /* increment the ctr? */ - if (CTRlen == 16) { - for (z = 15; z > 15-L; z--) { - ctr[z] = (ctr[z] + 1) & 255; - if (ctr[z]) break; - } - if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) { - goto error; - } - CTRlen = 0; - } - - /* if we encrypt we add the bytes to the MAC first */ - if (direction == CCM_ENCRYPT) { - b = pt[y]; - ct[y] = b ^ CTRPAD[CTRlen++]; - } else { - b = ct[y] ^ CTRPAD[CTRlen++]; - pt[y] = b; - } - - if (x == 16) { - if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { - goto error; - } - x = 0; - } - PAD[x++] ^= b; - } - - if (x != 0) { - if ((err = cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey)) != CRYPT_OK) { - goto error; - } - } - } - - /* setup CTR for the TAG (zero the count) */ - for (y = 15; y > 15 - L; y--) { - ctr[y] = 0x00; - } - if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) { - goto error; - } - - if (skey != uskey) { - cipher_descriptor[cipher].done(skey); -#ifdef LTC_CLEAN_STACK - zeromem(skey, sizeof(*skey)); -#endif - } - - if (direction == CCM_ENCRYPT) { - /* store the TAG */ - for (x = 0; x < 16 && x < *taglen; x++) { - tag[x] = PAD[x] ^ CTRPAD[x]; - } - *taglen = x; - } else { /* direction == CCM_DECRYPT */ - /* decrypt the tag */ - for (x = 0; x < 16 && x < *taglen; x++) { - ptTag[x] = tag[x] ^ CTRPAD[x]; - } - *taglen = x; - - /* check validity of the decrypted tag against the computed PAD (in constant time) */ - /* HACK: the boolean value of XMEM_NEQ becomes either 0 (CRYPT_OK) or 1 (CRYPT_ERR). - * there should be a better way of setting the correct error code in constant - * time. - */ - err = XMEM_NEQ(ptTag, PAD, *taglen); - - /* Zero the plaintext if the tag was invalid (in constant time) */ - if (ptlen > 0) { - y = 0; - mask *= 1 - err; /* mask = ( err ? 0 : 0xff ) */ -#ifdef LTC_FAST - fastMask *= 1 - err; - if (ptlen & ~15) { - for (; y < (ptlen & ~15); y += 16) { - for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&pt_real[y+z])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[y+z])) & fastMask; - } - } - } -#endif - for (; y < ptlen; y++) { - pt_real[y] = pt[y] & mask; - } - } - } - -#ifdef LTC_CLEAN_STACK -#ifdef LTC_FAST - fastMask = 0; -#endif - mask = 0; - zeromem(PAD, sizeof(PAD)); - zeromem(CTRPAD, sizeof(CTRPAD)); - if (pt_work != NULL) { - zeromem(pt_work, ptlen); - } -#endif -error: - if (pt_work) { - XFREE(pt_work); - } - if (skey != uskey) { - XFREE(skey); - } - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ccm/ccm_process.c b/libs/tomcrypt/src/encauth/ccm/ccm_process.c deleted file mode 100644 index 6fa4303cbf0..00000000000 --- a/libs/tomcrypt/src/encauth/ccm/ccm_process.c +++ /dev/null @@ -1,84 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_CCM_MODE - -/** - Process plaintext/ciphertext through CCM - @param ccm The CCM state - @param pt The plaintext - @param ptlen The plaintext length (ciphertext length is the same) - @param ct The ciphertext - @param direction Encrypt or Decrypt mode (CCM_ENCRYPT or CCM_DECRYPT) - @return CRYPT_OK on success - */ -int ccm_process(ccm_state *ccm, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - int direction) -{ - unsigned char z, b; - unsigned long y; - int err; - - LTC_ARGCHK(ccm != NULL); - - /* Check aad has been correctly added */ - if (ccm->aadlen != ccm->current_aadlen) { - return CRYPT_ERROR; - } - - /* Check we do not process too much data */ - if (ccm->ptlen < ccm->current_ptlen + ptlen) { - return CRYPT_ERROR; - } - ccm->current_ptlen += ptlen; - - /* now handle the PT */ - if (ptlen > 0) { - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - for (y = 0; y < ptlen; y++) { - /* increment the ctr? */ - if (ccm->CTRlen == 16) { - for (z = 15; z > 15-ccm->L; z--) { - ccm->ctr[z] = (ccm->ctr[z] + 1) & 255; - if (ccm->ctr[z]) break; - } - if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->ctr, ccm->CTRPAD, &ccm->K)) != CRYPT_OK) { - return err; - } - ccm->CTRlen = 0; - } - - /* if we encrypt we add the bytes to the MAC first */ - if (direction == CCM_ENCRYPT) { - b = pt[y]; - ct[y] = b ^ ccm->CTRPAD[ccm->CTRlen++]; - } else { - b = ct[y] ^ ccm->CTRPAD[ccm->CTRlen++]; - pt[y] = b; - } - - if (ccm->x == 16) { - if ((err = cipher_descriptor[ccm->cipher].ecb_encrypt(ccm->PAD, ccm->PAD, &ccm->K)) != CRYPT_OK) { - return err; - } - ccm->x = 0; - } - ccm->PAD[ccm->x++] ^= b; - } - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ccm/ccm_reset.c b/libs/tomcrypt/src/encauth/ccm/ccm_reset.c deleted file mode 100644 index 076abc518b4..00000000000 --- a/libs/tomcrypt/src/encauth/ccm/ccm_reset.c +++ /dev/null @@ -1,31 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_CCM_MODE - -/** - Reset a CCM state to as if you just called ccm_init(). This saves the initialization time. - @param ccm The CCM state to reset - @return CRYPT_OK on success -*/ -int ccm_reset(ccm_state *ccm) -{ - LTC_ARGCHK(ccm != NULL); - zeromem(ccm->PAD, sizeof(ccm->PAD)); - zeromem(ccm->ctr, sizeof(ccm->ctr)); - zeromem(ccm->CTRPAD, sizeof(ccm->CTRPAD)); - ccm->CTRlen = 0; - ccm->current_ptlen = 0; - ccm->current_aadlen = 0; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/eax/eax_addheader.c b/libs/tomcrypt/src/encauth/eax/eax_addheader.c deleted file mode 100644 index bb6e60a9981..00000000000 --- a/libs/tomcrypt/src/encauth/eax/eax_addheader.c +++ /dev/null @@ -1,32 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -/** - @file eax_addheader.c - EAX implementation, add meta-data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_EAX_MODE - -/** - add header (metadata) to the stream - @param eax The current EAX state - @param header The header (meta-data) data you wish to add to the state - @param length The length of the header data - @return CRYPT_OK if successful -*/ -int eax_addheader(eax_state *eax, const unsigned char *header, - unsigned long length) -{ - LTC_ARGCHK(eax != NULL); - LTC_ARGCHK(header != NULL); - return omac_process(&eax->headeromac, header, length); -} - -#endif diff --git a/libs/tomcrypt/src/encauth/eax/eax_decrypt.c b/libs/tomcrypt/src/encauth/eax/eax_decrypt.c deleted file mode 100644 index c5f27319ea5..00000000000 --- a/libs/tomcrypt/src/encauth/eax/eax_decrypt.c +++ /dev/null @@ -1,44 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file eax_decrypt.c - EAX implementation, decrypt block, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_EAX_MODE - -/** - Decrypt data with the EAX protocol - @param eax The EAX state - @param ct The ciphertext - @param pt [out] The plaintext - @param length The length (octets) of the ciphertext - @return CRYPT_OK if successful -*/ -int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, - unsigned long length) -{ - int err; - - LTC_ARGCHK(eax != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - /* omac ciphertext */ - if ((err = omac_process(&eax->ctomac, ct, length)) != CRYPT_OK) { - return err; - } - - /* decrypt */ - return ctr_decrypt(ct, pt, length, &eax->ctr); -} - -#endif diff --git a/libs/tomcrypt/src/encauth/eax/eax_decrypt_verify_memory.c b/libs/tomcrypt/src/encauth/eax/eax_decrypt_verify_memory.c deleted file mode 100644 index a3e29294783..00000000000 --- a/libs/tomcrypt/src/encauth/eax/eax_decrypt_verify_memory.c +++ /dev/null @@ -1,105 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file eax_decrypt_verify_memory.c - EAX implementation, decrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_EAX_MODE - -/** - Decrypt a block of memory and verify the provided MAC tag with EAX - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the key (octets) - @param nonce The nonce data (use once) for the session - @param noncelen The length of the nonce data. - @param header The session header data - @param headerlen The length of the header (octets) - @param ct The ciphertext - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The authentication tag provided by the encoder - @param taglen [in/out] The length of the tag (octets) - @param stat [out] The result of the decryption (1==valid tag, 0==invalid) - @return CRYPT_OK if successful regardless of the resulting tag comparison -*/ -int eax_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - unsigned char *tag, unsigned long taglen, - int *stat) -{ - int err; - eax_state *eax; - unsigned char *buf; - unsigned long buflen; - - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - - /* default to zero */ - *stat = 0; - - /* limit taglen */ - taglen = MIN(taglen, MAXBLOCKSIZE); - - /* allocate ram */ - buf = XMALLOC(taglen); - eax = XMALLOC(sizeof(*eax)); - if (eax == NULL || buf == NULL) { - if (eax != NULL) { - XFREE(eax); - } - if (buf != NULL) { - XFREE(buf); - } - return CRYPT_MEM; - } - - if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err = eax_decrypt(eax, ct, pt, ctlen)) != CRYPT_OK) { - goto LBL_ERR; - } - - buflen = taglen; - if ((err = eax_done(eax, buf, &buflen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* compare tags */ - if (buflen >= taglen && XMEM_NEQ(buf, tag, taglen) == 0) { - *stat = 1; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(buf, taglen); - zeromem(eax, sizeof(*eax)); -#endif - - XFREE(eax); - XFREE(buf); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/eax/eax_done.c b/libs/tomcrypt/src/encauth/eax/eax_done.c deleted file mode 100644 index d59d6f42cd8..00000000000 --- a/libs/tomcrypt/src/encauth/eax/eax_done.c +++ /dev/null @@ -1,88 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file eax_done.c - EAX implementation, terminate session, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_EAX_MODE - -/** - Terminate an EAX session and get the tag. - @param eax The EAX state - @param tag [out] The destination of the authentication tag - @param taglen [in/out] The max length and resulting length of the authentication tag - @return CRYPT_OK if successful -*/ -int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen) -{ - int err; - unsigned char *headermac, *ctmac; - unsigned long x, len; - - LTC_ARGCHK(eax != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - - /* allocate ram */ - headermac = XMALLOC(MAXBLOCKSIZE); - ctmac = XMALLOC(MAXBLOCKSIZE); - - if (headermac == NULL || ctmac == NULL) { - if (headermac != NULL) { - XFREE(headermac); - } - if (ctmac != NULL) { - XFREE(ctmac); - } - return CRYPT_MEM; - } - - /* finish ctomac */ - len = MAXBLOCKSIZE; - if ((err = omac_done(&eax->ctomac, ctmac, &len)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* finish headeromac */ - - /* note we specifically don't reset len so the two lens are minimal */ - - if ((err = omac_done(&eax->headeromac, headermac, &len)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* terminate the CTR chain */ - if ((err = ctr_done(&eax->ctr)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* compute N xor H xor C */ - for (x = 0; x < len && x < *taglen; x++) { - tag[x] = eax->N[x] ^ headermac[x] ^ ctmac[x]; - } - *taglen = x; - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ctmac, MAXBLOCKSIZE); - zeromem(headermac, MAXBLOCKSIZE); - zeromem(eax, sizeof(*eax)); -#endif - - XFREE(ctmac); - XFREE(headermac); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/eax/eax_encrypt.c b/libs/tomcrypt/src/encauth/eax/eax_encrypt.c deleted file mode 100644 index be65d032a66..00000000000 --- a/libs/tomcrypt/src/encauth/eax/eax_encrypt.c +++ /dev/null @@ -1,44 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file eax_encrypt.c - EAX implementation, encrypt block by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_EAX_MODE - -/** - Encrypt with EAX a block of data. - @param eax The EAX state - @param pt The plaintext to encrypt - @param ct [out] The ciphertext as encrypted - @param length The length of the plaintext (octets) - @return CRYPT_OK if successful -*/ -int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, - unsigned long length) -{ - int err; - - LTC_ARGCHK(eax != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - /* encrypt */ - if ((err = ctr_encrypt(pt, ct, length, &eax->ctr)) != CRYPT_OK) { - return err; - } - - /* omac ciphertext */ - return omac_process(&eax->ctomac, ct, length); -} - -#endif diff --git a/libs/tomcrypt/src/encauth/eax/eax_encrypt_authenticate_memory.c b/libs/tomcrypt/src/encauth/eax/eax_encrypt_authenticate_memory.c deleted file mode 100644 index ca9983c20a2..00000000000 --- a/libs/tomcrypt/src/encauth/eax/eax_encrypt_authenticate_memory.c +++ /dev/null @@ -1,76 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file eax_encrypt_authenticate_memory.c - EAX implementation, encrypt a block of memory, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_EAX_MODE - -/** - EAX encrypt and produce an authentication tag - @param cipher The index of the cipher desired - @param key The secret key to use - @param keylen The length of the secret key (octets) - @param nonce The session nonce [use once] - @param noncelen The length of the nonce - @param header The header for the session - @param headerlen The length of the header (octets) - @param pt The plaintext - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext - @param tag [out] The destination tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int eax_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen) -{ - int err; - eax_state *eax; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - - eax = XMALLOC(sizeof(*eax)); - - if ((err = eax_init(eax, cipher, key, keylen, nonce, noncelen, header, headerlen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err = eax_encrypt(eax, pt, ct, ptlen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err = eax_done(eax, tag, taglen)) != CRYPT_OK) { - goto LBL_ERR; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(eax, sizeof(*eax)); -#endif - - XFREE(eax); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/eax/eax_init.c b/libs/tomcrypt/src/encauth/eax/eax_init.c deleted file mode 100644 index ec4544314ec..00000000000 --- a/libs/tomcrypt/src/encauth/eax/eax_init.c +++ /dev/null @@ -1,138 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file eax_init.c - EAX implementation, initialized EAX state, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_EAX_MODE - -/** - Initialized an EAX state - @param eax [out] The EAX state to initialize - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The use-once nonce for the session - @param noncelen The length of the nonce (octets) - @param header The header for the EAX state - @param headerlen The header length (octets) - @return CRYPT_OK if successful -*/ -int eax_init(eax_state *eax, int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen) -{ - unsigned char *buf; - int err, blklen; - omac_state *omac; - unsigned long len; - - - LTC_ARGCHK(eax != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - if (headerlen > 0) { - LTC_ARGCHK(header != NULL); - } - - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - blklen = cipher_descriptor[cipher].block_length; - - /* allocate ram */ - buf = XMALLOC(MAXBLOCKSIZE); - omac = XMALLOC(sizeof(*omac)); - - if (buf == NULL || omac == NULL) { - if (buf != NULL) { - XFREE(buf); - } - if (omac != NULL) { - XFREE(omac); - } - return CRYPT_MEM; - } - - /* N = LTC_OMAC_0K(nonce) */ - zeromem(buf, MAXBLOCKSIZE); - if ((err = omac_init(omac, cipher, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* omac the [0]_n */ - if ((err = omac_process(omac, buf, blklen)) != CRYPT_OK) { - goto LBL_ERR; - } - /* omac the nonce */ - if ((err = omac_process(omac, nonce, noncelen)) != CRYPT_OK) { - goto LBL_ERR; - } - /* store result */ - len = sizeof(eax->N); - if ((err = omac_done(omac, eax->N, &len)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* H = LTC_OMAC_1K(header) */ - zeromem(buf, MAXBLOCKSIZE); - buf[blklen - 1] = 1; - - if ((err = omac_init(&eax->headeromac, cipher, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* omac the [1]_n */ - if ((err = omac_process(&eax->headeromac, buf, blklen)) != CRYPT_OK) { - goto LBL_ERR; - } - /* omac the header */ - if (headerlen != 0) { - if ((err = omac_process(&eax->headeromac, header, headerlen)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* note we don't finish the headeromac, this allows us to add more header later */ - - /* setup the CTR mode */ - if ((err = ctr_start(cipher, eax->N, key, keylen, 0, CTR_COUNTER_BIG_ENDIAN, &eax->ctr)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* setup the LTC_OMAC for the ciphertext */ - if ((err = omac_init(&eax->ctomac, cipher, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* omac [2]_n */ - zeromem(buf, MAXBLOCKSIZE); - buf[blklen-1] = 2; - if ((err = omac_process(&eax->ctomac, buf, blklen)) != CRYPT_OK) { - goto LBL_ERR; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(buf, MAXBLOCKSIZE); - zeromem(omac, sizeof(*omac)); -#endif - - XFREE(omac); - XFREE(buf); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/gcm/gcm_add_aad.c b/libs/tomcrypt/src/encauth/gcm/gcm_add_aad.c deleted file mode 100644 index a606b672c59..00000000000 --- a/libs/tomcrypt/src/encauth/gcm/gcm_add_aad.c +++ /dev/null @@ -1,119 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file gcm_add_aad.c - GCM implementation, Add AAD data to the stream, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_GCM_MODE - -/** - Add AAD to the GCM state - @param gcm The GCM state - @param adata The additional authentication data to add to the GCM state - @param adatalen The length of the AAD data. - @return CRYPT_OK on success - */ -int gcm_add_aad(gcm_state *gcm, - const unsigned char *adata, unsigned long adatalen) -{ - unsigned long x; - int err; -#ifdef LTC_FAST - unsigned long y; -#endif - - LTC_ARGCHK(gcm != NULL); - if (adatalen > 0) { - LTC_ARGCHK(adata != NULL); - } - - if (gcm->buflen > 16 || gcm->buflen < 0) { - return CRYPT_INVALID_ARG; - } - - if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { - return err; - } - - /* in IV mode? */ - if (gcm->mode == LTC_GCM_MODE_IV) { - /* IV length must be > 0 */ - if (gcm->buflen == 0 && gcm->totlen == 0) return CRYPT_ERROR; - /* let's process the IV */ - if (gcm->ivmode || gcm->buflen != 12) { - for (x = 0; x < (unsigned long)gcm->buflen; x++) { - gcm->X[x] ^= gcm->buf[x]; - } - if (gcm->buflen) { - gcm->totlen += gcm->buflen * CONST64(8); - gcm_mult_h(gcm, gcm->X); - } - - /* mix in the length */ - zeromem(gcm->buf, 8); - STORE64H(gcm->totlen, gcm->buf+8); - for (x = 0; x < 16; x++) { - gcm->X[x] ^= gcm->buf[x]; - } - gcm_mult_h(gcm, gcm->X); - - /* copy counter out */ - XMEMCPY(gcm->Y, gcm->X, 16); - zeromem(gcm->X, 16); - } else { - XMEMCPY(gcm->Y, gcm->buf, 12); - gcm->Y[12] = 0; - gcm->Y[13] = 0; - gcm->Y[14] = 0; - gcm->Y[15] = 1; - } - XMEMCPY(gcm->Y_0, gcm->Y, 16); - zeromem(gcm->buf, 16); - gcm->buflen = 0; - gcm->totlen = 0; - gcm->mode = LTC_GCM_MODE_AAD; - } - - if (gcm->mode != LTC_GCM_MODE_AAD || gcm->buflen >= 16) { - return CRYPT_INVALID_ARG; - } - - x = 0; -#ifdef LTC_FAST - if (gcm->buflen == 0) { - for (x = 0; x < (adatalen & ~15); x += 16) { - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&adata[x + y])); - } - gcm_mult_h(gcm, gcm->X); - gcm->totlen += 128; - } - adata += x; - } -#endif - - - /* start adding AAD data to the state */ - for (; x < adatalen; x++) { - gcm->X[gcm->buflen++] ^= *adata++; - - if (gcm->buflen == 16) { - /* GF mult it */ - gcm_mult_h(gcm, gcm->X); - gcm->buflen = 0; - gcm->totlen += 128; - } - } - - return CRYPT_OK; -} -#endif diff --git a/libs/tomcrypt/src/encauth/gcm/gcm_add_iv.c b/libs/tomcrypt/src/encauth/gcm/gcm_add_iv.c deleted file mode 100644 index 40d51610073..00000000000 --- a/libs/tomcrypt/src/encauth/gcm/gcm_add_iv.c +++ /dev/null @@ -1,87 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file gcm_add_iv.c - GCM implementation, add IV data to the state, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_GCM_MODE - -/** - Add IV data to the GCM state - @param gcm The GCM state - @param IV The initial value data to add - @param IVlen The length of the IV - @return CRYPT_OK on success - */ -int gcm_add_iv(gcm_state *gcm, - const unsigned char *IV, unsigned long IVlen) -{ - unsigned long x, y; - int err; - - LTC_ARGCHK(gcm != NULL); - if (IVlen > 0) { - LTC_ARGCHK(IV != NULL); - } - - /* must be in IV mode */ - if (gcm->mode != LTC_GCM_MODE_IV) { - return CRYPT_INVALID_ARG; - } - - if (gcm->buflen >= 16 || gcm->buflen < 0) { - return CRYPT_INVALID_ARG; - } - - if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { - return err; - } - - - /* trip the ivmode flag */ - if (IVlen + gcm->buflen > 12) { - gcm->ivmode |= 1; - } - - x = 0; -#ifdef LTC_FAST - if (gcm->buflen == 0) { - for (x = 0; x < (IVlen & ~15); x += 16) { - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&IV[x + y])); - } - gcm_mult_h(gcm, gcm->X); - gcm->totlen += 128; - } - IV += x; - } -#endif - - /* start adding IV data to the state */ - for (; x < IVlen; x++) { - gcm->buf[gcm->buflen++] = *IV++; - - if (gcm->buflen == 16) { - /* GF mult it */ - for (y = 0; y < 16; y++) { - gcm->X[y] ^= gcm->buf[y]; - } - gcm_mult_h(gcm, gcm->X); - gcm->buflen = 0; - gcm->totlen += 128; - } - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/gcm/gcm_done.c b/libs/tomcrypt/src/encauth/gcm/gcm_done.c deleted file mode 100644 index f38ef60d096..00000000000 --- a/libs/tomcrypt/src/encauth/gcm/gcm_done.c +++ /dev/null @@ -1,85 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file gcm_done.c - GCM implementation, Terminate the stream, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_GCM_MODE - -/** - Terminate a GCM stream - @param gcm The GCM state - @param tag [out] The destination for the MAC tag - @param taglen [in/out] The length of the MAC tag - @return CRYPT_OK on success - */ -int gcm_done(gcm_state *gcm, - unsigned char *tag, unsigned long *taglen) -{ - unsigned long x; - int err; - - LTC_ARGCHK(gcm != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - - if (gcm->buflen > 16 || gcm->buflen < 0) { - return CRYPT_INVALID_ARG; - } - - if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { - return err; - } - - if (gcm->mode == LTC_GCM_MODE_IV) { - /* let's process the IV */ - if ((err = gcm_add_aad(gcm, NULL, 0)) != CRYPT_OK) return err; - } - - if (gcm->mode == LTC_GCM_MODE_AAD) { - /* let's process the AAD */ - if ((err = gcm_process(gcm, NULL, 0, NULL, 0)) != CRYPT_OK) return err; - } - - if (gcm->mode != LTC_GCM_MODE_TEXT) { - return CRYPT_INVALID_ARG; - } - - /* handle remaining ciphertext */ - if (gcm->buflen) { - gcm->pttotlen += gcm->buflen * CONST64(8); - gcm_mult_h(gcm, gcm->X); - } - - /* length */ - STORE64H(gcm->totlen, gcm->buf); - STORE64H(gcm->pttotlen, gcm->buf+8); - for (x = 0; x < 16; x++) { - gcm->X[x] ^= gcm->buf[x]; - } - gcm_mult_h(gcm, gcm->X); - - /* encrypt original counter */ - if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y_0, gcm->buf, &gcm->K)) != CRYPT_OK) { - return err; - } - for (x = 0; x < 16 && x < *taglen; x++) { - tag[x] = gcm->buf[x] ^ gcm->X[x]; - } - *taglen = x; - - cipher_descriptor[gcm->cipher].done(&gcm->K); - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/gcm/gcm_gf_mult.c b/libs/tomcrypt/src/encauth/gcm/gcm_gf_mult.c deleted file mode 100644 index 36a52d4ba7d..00000000000 --- a/libs/tomcrypt/src/encauth/gcm/gcm_gf_mult.c +++ /dev/null @@ -1,214 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file gcm_gf_mult.c - GCM implementation, do the GF mult, by Tom St Denis -*/ -#include "tomcrypt.h" - -#if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST)) - -/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format. Since only the - * lower 16 bits are not zero'ed I removed the upper 14 bytes */ -const unsigned char gcm_shift_table[256*2] = { -0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e, -0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e, -0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e, -0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e, -0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e, -0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e, -0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e, -0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e, -0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce, -0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde, -0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee, -0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe, -0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e, -0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e, -0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae, -0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe, -0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e, -0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e, -0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e, -0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e, -0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e, -0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e, -0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e, -0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e, -0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce, -0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde, -0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee, -0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe, -0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e, -0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e, -0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae, -0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe }; - -#endif - - -#if defined(LTC_GCM_MODE) || defined(LRW_MODE) - -#ifndef LTC_FAST -/* right shift */ -static void _gcm_rightshift(unsigned char *a) -{ - int x; - for (x = 15; x > 0; x--) { - a[x] = (a[x]>>1) | ((a[x-1]<<7)&0x80); - } - a[0] >>= 1; -} - -/* c = b*a */ -static const unsigned char mask[] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; -static const unsigned char poly[] = { 0x00, 0xE1 }; - - -/** - GCM GF multiplier (internal use only) bitserial - @param a First value - @param b Second value - @param c Destination for a * b - */ -void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c) -{ - unsigned char Z[16], V[16]; - unsigned char x, y, z; - - zeromem(Z, 16); - XMEMCPY(V, a, 16); - for (x = 0; x < 128; x++) { - if (b[x>>3] & mask[x&7]) { - for (y = 0; y < 16; y++) { - Z[y] ^= V[y]; - } - } - z = V[15] & 0x01; - _gcm_rightshift(V); - V[0] ^= poly[z]; - } - XMEMCPY(c, Z, 16); -} - -#else - -/* map normal numbers to "ieee" way ... e.g. bit reversed */ -#define M(x) ( ((x&8)>>3) | ((x&4)>>1) | ((x&2)<<1) | ((x&1)<<3) ) - -#define BPD (sizeof(LTC_FAST_TYPE) * 8) -#define WPV (1 + (16 / sizeof(LTC_FAST_TYPE))) - -/** - GCM GF multiplier (internal use only) word oriented - @param a First value - @param b Second value - @param c Destination for a * b - */ -void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c) -{ - int i, j, k, u; - LTC_FAST_TYPE B[16][WPV], tmp[32 / sizeof(LTC_FAST_TYPE)], pB[16 / sizeof(LTC_FAST_TYPE)], zz, z; - unsigned char pTmp[32]; - - /* create simple tables */ - zeromem(B[0], sizeof(B[0])); - zeromem(B[M(1)], sizeof(B[M(1)])); - -#ifdef ENDIAN_32BITWORD - for (i = 0; i < 4; i++) { - LOAD32H(B[M(1)][i], a + (i<<2)); - LOAD32L(pB[i], b + (i<<2)); - } -#else - for (i = 0; i < 2; i++) { - LOAD64H(B[M(1)][i], a + (i<<3)); - LOAD64L(pB[i], b + (i<<3)); - } -#endif - - /* now create 2, 4 and 8 */ - B[M(2)][0] = B[M(1)][0] >> 1; - B[M(4)][0] = B[M(1)][0] >> 2; - B[M(8)][0] = B[M(1)][0] >> 3; - for (i = 1; i < (int)WPV; i++) { - B[M(2)][i] = (B[M(1)][i-1] << (BPD-1)) | (B[M(1)][i] >> 1); - B[M(4)][i] = (B[M(1)][i-1] << (BPD-2)) | (B[M(1)][i] >> 2); - B[M(8)][i] = (B[M(1)][i-1] << (BPD-3)) | (B[M(1)][i] >> 3); - } - - /* now all values with two bits which are 3, 5, 6, 9, 10, 12 */ - for (i = 0; i < (int)WPV; i++) { - B[M(3)][i] = B[M(1)][i] ^ B[M(2)][i]; - B[M(5)][i] = B[M(1)][i] ^ B[M(4)][i]; - B[M(6)][i] = B[M(2)][i] ^ B[M(4)][i]; - B[M(9)][i] = B[M(1)][i] ^ B[M(8)][i]; - B[M(10)][i] = B[M(2)][i] ^ B[M(8)][i]; - B[M(12)][i] = B[M(8)][i] ^ B[M(4)][i]; - - /* now all 3 bit values and the only 4 bit value: 7, 11, 13, 14, 15 */ - B[M(7)][i] = B[M(3)][i] ^ B[M(4)][i]; - B[M(11)][i] = B[M(3)][i] ^ B[M(8)][i]; - B[M(13)][i] = B[M(1)][i] ^ B[M(12)][i]; - B[M(14)][i] = B[M(6)][i] ^ B[M(8)][i]; - B[M(15)][i] = B[M(7)][i] ^ B[M(8)][i]; - } - - zeromem(tmp, sizeof(tmp)); - - /* compute product four bits of each word at a time */ - /* for each nibble */ - for (i = (BPD/4)-1; i >= 0; i--) { - /* for each word */ - for (j = 0; j < (int)(WPV-1); j++) { - /* grab the 4 bits recall the nibbles are backwards so it's a shift by (i^1)*4 */ - u = (pB[j] >> ((i^1)<<2)) & 15; - - /* add offset by the word count the table looked up value to the result */ - for (k = 0; k < (int)WPV; k++) { - tmp[k+j] ^= B[u][k]; - } - } - /* shift result up by 4 bits */ - if (i != 0) { - for (z = j = 0; j < (int)(32 / sizeof(LTC_FAST_TYPE)); j++) { - zz = tmp[j] << (BPD-4); - tmp[j] = (tmp[j] >> 4) | z; - z = zz; - } - } - } - - /* store product */ -#ifdef ENDIAN_32BITWORD - for (i = 0; i < 8; i++) { - STORE32H(tmp[i], pTmp + (i<<2)); - } -#else - for (i = 0; i < 4; i++) { - STORE64H(tmp[i], pTmp + (i<<3)); - } -#endif - - /* reduce by taking most significant byte and adding the appropriate two byte sequence 16 bytes down */ - for (i = 31; i >= 16; i--) { - pTmp[i-16] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)]; - pTmp[i-15] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)+1]; - } - - for (i = 0; i < 16; i++) { - c[i] = pTmp[i]; - } - -} - -#endif - -#endif diff --git a/libs/tomcrypt/src/encauth/gcm/gcm_init.c b/libs/tomcrypt/src/encauth/gcm/gcm_init.c deleted file mode 100644 index b294deb6270..00000000000 --- a/libs/tomcrypt/src/encauth/gcm/gcm_init.c +++ /dev/null @@ -1,101 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file gcm_init.c - GCM implementation, initialize state, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_GCM_MODE - -/** - Initialize a GCM state - @param gcm The GCM state to initialize - @param cipher The index of the cipher to use - @param key The secret key - @param keylen The length of the secret key - @return CRYPT_OK on success - */ -int gcm_init(gcm_state *gcm, int cipher, - const unsigned char *key, int keylen) -{ - int err; - unsigned char B[16]; -#ifdef LTC_GCM_TABLES - int x, y, z, t; -#endif - - LTC_ARGCHK(gcm != NULL); - LTC_ARGCHK(key != NULL); - -#ifdef LTC_FAST - if (16 % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - /* is cipher valid? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - if (cipher_descriptor[cipher].block_length != 16) { - return CRYPT_INVALID_CIPHER; - } - - /* schedule key */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &gcm->K)) != CRYPT_OK) { - return err; - } - - /* H = E(0) */ - zeromem(B, 16); - if ((err = cipher_descriptor[cipher].ecb_encrypt(B, gcm->H, &gcm->K)) != CRYPT_OK) { - return err; - } - - /* setup state */ - zeromem(gcm->buf, sizeof(gcm->buf)); - zeromem(gcm->X, sizeof(gcm->X)); - gcm->cipher = cipher; - gcm->mode = LTC_GCM_MODE_IV; - gcm->ivmode = 0; - gcm->buflen = 0; - gcm->totlen = 0; - gcm->pttotlen = 0; - -#ifdef LTC_GCM_TABLES - /* setup tables */ - - /* generate the first table as it has no shifting (from which we make the other tables) */ - zeromem(B, 16); - for (y = 0; y < 256; y++) { - B[0] = y; - gcm_gf_mult(gcm->H, B, &gcm->PC[0][y][0]); - } - - /* now generate the rest of the tables based the previous table */ - for (x = 1; x < 16; x++) { - for (y = 0; y < 256; y++) { - /* now shift it right by 8 bits */ - t = gcm->PC[x-1][y][15]; - for (z = 15; z > 0; z--) { - gcm->PC[x][y][z] = gcm->PC[x-1][y][z-1]; - } - gcm->PC[x][y][0] = gcm_shift_table[t<<1]; - gcm->PC[x][y][1] ^= gcm_shift_table[(t<<1)+1]; - } - } - -#endif - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/gcm/gcm_memory.c b/libs/tomcrypt/src/encauth/gcm/gcm_memory.c deleted file mode 100644 index f5fe3d57c50..00000000000 --- a/libs/tomcrypt/src/encauth/gcm/gcm_memory.c +++ /dev/null @@ -1,101 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file gcm_memory.c - GCM implementation, process a packet, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_GCM_MODE - -/** - Process an entire GCM packet in one call. - @param cipher Index of cipher to use - @param key The secret key - @param keylen The length of the secret key - @param IV The initialization vector - @param IVlen The length of the initialization vector - @param adata The additional authentication data (header) - @param adatalen The length of the adata - @param pt The plaintext - @param ptlen The length of the plaintext (ciphertext length is the same) - @param ct The ciphertext - @param tag [out] The MAC tag - @param taglen [in/out] The MAC tag length - @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT) - @return CRYPT_OK on success - */ -int gcm_memory( int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *IV, unsigned long IVlen, - const unsigned char *adata, unsigned long adatalen, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen, - int direction) -{ - void *orig; - gcm_state *gcm; - int err; - - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - if (cipher_descriptor[cipher].accel_gcm_memory != NULL) { - return cipher_descriptor[cipher].accel_gcm_memory - (key, keylen, - IV, IVlen, - adata, adatalen, - pt, ptlen, - ct, - tag, taglen, - direction); - } - - - -#ifndef LTC_GCM_TABLES_SSE2 - orig = gcm = XMALLOC(sizeof(*gcm)); -#else - orig = gcm = XMALLOC(sizeof(*gcm) + 16); -#endif - if (gcm == NULL) { - return CRYPT_MEM; - } - - /* Force GCM to be on a multiple of 16 so we can use 128-bit aligned operations - * note that we only modify gcm and keep orig intact. This code is not portable - * but again it's only for SSE2 anyways, so who cares? - */ -#ifdef LTC_GCM_TABLES_SSE2 - if ((unsigned long)gcm & 15) { - gcm = (gcm_state *)((unsigned long)gcm + (16 - ((unsigned long)gcm & 15))); - } -#endif - - if ((err = gcm_init(gcm, cipher, key, keylen)) != CRYPT_OK) { - goto LTC_ERR; - } - if ((err = gcm_add_iv(gcm, IV, IVlen)) != CRYPT_OK) { - goto LTC_ERR; - } - if ((err = gcm_add_aad(gcm, adata, adatalen)) != CRYPT_OK) { - goto LTC_ERR; - } - if ((err = gcm_process(gcm, pt, ptlen, ct, direction)) != CRYPT_OK) { - goto LTC_ERR; - } - err = gcm_done(gcm, tag, taglen); -LTC_ERR: - XFREE(orig); - return err; -} -#endif diff --git a/libs/tomcrypt/src/encauth/gcm/gcm_mult_h.c b/libs/tomcrypt/src/encauth/gcm/gcm_mult_h.c deleted file mode 100644 index 17e281b07b9..00000000000 --- a/libs/tomcrypt/src/encauth/gcm/gcm_mult_h.c +++ /dev/null @@ -1,53 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file gcm_mult_h.c - GCM implementation, do the GF mult, by Tom St Denis -*/ -#include "tomcrypt.h" - -#if defined(LTC_GCM_MODE) -/** - GCM multiply by H - @param gcm The GCM state which holds the H value - @param I The value to multiply H by - */ -void gcm_mult_h(gcm_state *gcm, unsigned char *I) -{ - unsigned char T[16]; -#ifdef LTC_GCM_TABLES - int x; -#ifdef LTC_GCM_TABLES_SSE2 - asm("movdqa (%0),%%xmm0"::"r"(&gcm->PC[0][I[0]][0])); - for (x = 1; x < 16; x++) { - asm("pxor (%0),%%xmm0"::"r"(&gcm->PC[x][I[x]][0])); - } - asm("movdqa %%xmm0,(%0)"::"r"(&T)); -#else - int y; - XMEMCPY(T, &gcm->PC[0][I[0]][0], 16); - for (x = 1; x < 16; x++) { -#ifdef LTC_FAST - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(T + y)) ^= *(LTC_FAST_TYPE_PTR_CAST(&gcm->PC[x][I[x]][y])); - } -#else - for (y = 0; y < 16; y++) { - T[y] ^= gcm->PC[x][I[x]][y]; - } -#endif /* LTC_FAST */ - } -#endif /* LTC_GCM_TABLES_SSE2 */ -#else - gcm_gf_mult(gcm->H, I, T); -#endif - XMEMCPY(I, T, 16); -} -#endif diff --git a/libs/tomcrypt/src/encauth/gcm/gcm_process.c b/libs/tomcrypt/src/encauth/gcm/gcm_process.c deleted file mode 100644 index 142bcbe809b..00000000000 --- a/libs/tomcrypt/src/encauth/gcm/gcm_process.c +++ /dev/null @@ -1,156 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file gcm_process.c - GCM implementation, process message data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_GCM_MODE - -/** - Process plaintext/ciphertext through GCM - @param gcm The GCM state - @param pt The plaintext - @param ptlen The plaintext length (ciphertext length is the same) - @param ct The ciphertext - @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT) - @return CRYPT_OK on success - */ -int gcm_process(gcm_state *gcm, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - int direction) -{ - unsigned long x; - int y, err; - unsigned char b; - - LTC_ARGCHK(gcm != NULL); - if (ptlen > 0) { - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - } - - if (gcm->buflen > 16 || gcm->buflen < 0) { - return CRYPT_INVALID_ARG; - } - - if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) { - return err; - } - - /* 0xFFFFFFFE0 = ((2^39)-256)/8 */ - if (gcm->pttotlen / 8 + (ulong64)gcm->buflen + (ulong64)ptlen >= CONST64(0xFFFFFFFE0)) { - return CRYPT_INVALID_ARG; - } - - if (gcm->mode == LTC_GCM_MODE_IV) { - /* let's process the IV */ - if ((err = gcm_add_aad(gcm, NULL, 0)) != CRYPT_OK) return err; - } - - /* in AAD mode? */ - if (gcm->mode == LTC_GCM_MODE_AAD) { - /* let's process the AAD */ - if (gcm->buflen) { - gcm->totlen += gcm->buflen * CONST64(8); - gcm_mult_h(gcm, gcm->X); - } - - /* increment counter */ - for (y = 15; y >= 12; y--) { - if (++gcm->Y[y] & 255) { break; } - } - /* encrypt the counter */ - if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { - return err; - } - - gcm->buflen = 0; - gcm->mode = LTC_GCM_MODE_TEXT; - } - - if (gcm->mode != LTC_GCM_MODE_TEXT) { - return CRYPT_INVALID_ARG; - } - - x = 0; -#ifdef LTC_FAST - if (gcm->buflen == 0) { - if (direction == GCM_ENCRYPT) { - for (x = 0; x < (ptlen & ~15); x += 16) { - /* ctr encrypt */ - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&ct[x + y])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y])); - *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])); - } - /* GMAC it */ - gcm->pttotlen += 128; - gcm_mult_h(gcm, gcm->X); - /* increment counter */ - for (y = 15; y >= 12; y--) { - if (++gcm->Y[y] & 255) { break; } - } - if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { - return err; - } - } - } else { - for (x = 0; x < (ptlen & ~15); x += 16) { - /* ctr encrypt */ - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&gcm->X[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])); - *(LTC_FAST_TYPE_PTR_CAST(&pt[x + y])) = *(LTC_FAST_TYPE_PTR_CAST(&ct[x+y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&gcm->buf[y])); - } - /* GMAC it */ - gcm->pttotlen += 128; - gcm_mult_h(gcm, gcm->X); - /* increment counter */ - for (y = 15; y >= 12; y--) { - if (++gcm->Y[y] & 255) { break; } - } - if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { - return err; - } - } - } - } -#endif - - /* process text */ - for (; x < ptlen; x++) { - if (gcm->buflen == 16) { - gcm->pttotlen += 128; - gcm_mult_h(gcm, gcm->X); - - /* increment counter */ - for (y = 15; y >= 12; y--) { - if (++gcm->Y[y] & 255) { break; } - } - if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) { - return err; - } - gcm->buflen = 0; - } - - if (direction == GCM_ENCRYPT) { - b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen]; - } else { - b = ct[x]; - pt[x] = ct[x] ^ gcm->buf[gcm->buflen]; - } - gcm->X[gcm->buflen++] ^= b; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/gcm/gcm_reset.c b/libs/tomcrypt/src/encauth/gcm/gcm_reset.c deleted file mode 100644 index a0b5433adc1..00000000000 --- a/libs/tomcrypt/src/encauth/gcm/gcm_reset.c +++ /dev/null @@ -1,38 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file gcm_reset.c - GCM implementation, reset a used state so it can accept IV data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_GCM_MODE - -/** - Reset a GCM state to as if you just called gcm_init(). This saves the initialization time. - @param gcm The GCM state to reset - @return CRYPT_OK on success -*/ -int gcm_reset(gcm_state *gcm) -{ - LTC_ARGCHK(gcm != NULL); - - zeromem(gcm->buf, sizeof(gcm->buf)); - zeromem(gcm->X, sizeof(gcm->X)); - gcm->mode = LTC_GCM_MODE_IV; - gcm->ivmode = 0; - gcm->buflen = 0; - gcm->totlen = 0; - gcm->pttotlen = 0; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb/ocb_decrypt.c b/libs/tomcrypt/src/encauth/ocb/ocb_decrypt.c deleted file mode 100644 index 1f7120374ee..00000000000 --- a/libs/tomcrypt/src/encauth/ocb/ocb_decrypt.c +++ /dev/null @@ -1,72 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_decrypt.c - OCB implementation, decrypt data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Decrypt a block with OCB. - @param ocb The OCB state - @param ct The ciphertext (length of the block size of the block cipher) - @param pt [out] The plaintext (length of ct) - @return CRYPT_OK if successful -*/ -int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt) -{ - unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE]; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - /* check if valid cipher */ - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - return err; - } - LTC_ARGCHK(cipher_descriptor[ocb->cipher].ecb_decrypt != NULL); - - /* check length */ - if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - /* Get Z[i] value */ - ocb_shift_xor(ocb, Z); - - /* xor ct in, encrypt, xor Z out */ - for (x = 0; x < ocb->block_len; x++) { - tmp[x] = ct[x] ^ Z[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, pt, &ocb->key)) != CRYPT_OK) { - return err; - } - for (x = 0; x < ocb->block_len; x++) { - pt[x] ^= Z[x]; - } - - /* compute checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= pt[x]; - } - - -#ifdef LTC_CLEAN_STACK - zeromem(Z, sizeof(Z)); - zeromem(tmp, sizeof(tmp)); -#endif - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c b/libs/tomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c deleted file mode 100644 index d2897352d34..00000000000 --- a/libs/tomcrypt/src/encauth/ocb/ocb_decrypt_verify_memory.c +++ /dev/null @@ -1,80 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_decrypt_verify_memory.c - OCB implementation, helper to decrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Decrypt and compare the tag with OCB. - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block size of the block cipher) - @param ct The ciphertext - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The tag to compare against - @param taglen The length of the tag (octets) - @param stat [out] The result of the tag comparison (1==valid, 0==invalid) - @return CRYPT_OK if successful regardless of the tag comparison -*/ -int ocb_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat) -{ - int err; - ocb_state *ocb; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(stat != NULL); - - /* allocate memory */ - ocb = XMALLOC(sizeof(ocb_state)); - if (ocb == NULL) { - return CRYPT_MEM; - } - - if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) { - goto LBL_ERR; - } - - while (ctlen > (unsigned long)ocb->block_len) { - if ((err = ocb_decrypt(ocb, ct, pt)) != CRYPT_OK) { - goto LBL_ERR; - } - ctlen -= ocb->block_len; - pt += ocb->block_len; - ct += ocb->block_len; - } - - err = ocb_done_decrypt(ocb, ct, ctlen, pt, tag, taglen, stat); -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb_state)); -#endif - - XFREE(ocb); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb/ocb_done_decrypt.c b/libs/tomcrypt/src/encauth/ocb/ocb_done_decrypt.c deleted file mode 100644 index 7b4428b185a..00000000000 --- a/libs/tomcrypt/src/encauth/ocb/ocb_done_decrypt.c +++ /dev/null @@ -1,73 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_done_decrypt.c - OCB implementation, terminate decryption, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Terminate a decrypting OCB state - @param ocb The OCB state - @param ct The ciphertext (if any) - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The authentication tag (to compare against) - @param taglen The length of the authentication tag provided - @param stat [out] The result of the tag comparison - @return CRYPT_OK if the process was successful regardless if the tag is valid -*/ -int ocb_done_decrypt(ocb_state *ocb, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, int *stat) -{ - int err; - unsigned char *tagbuf; - unsigned long tagbuflen; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(stat != NULL); - - /* default to failed */ - *stat = 0; - - /* allocate memory */ - tagbuf = XMALLOC(MAXBLOCKSIZE); - if (tagbuf == NULL) { - return CRYPT_MEM; - } - - tagbuflen = MAXBLOCKSIZE; - if ((err = s_ocb_done(ocb, ct, ctlen, pt, tagbuf, &tagbuflen, 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - if (taglen <= tagbuflen && XMEM_NEQ(tagbuf, tag, taglen) == 0) { - *stat = 1; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(tagbuf, MAXBLOCKSIZE); -#endif - - XFREE(tagbuf); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb/ocb_done_encrypt.c b/libs/tomcrypt/src/encauth/ocb/ocb_done_encrypt.c deleted file mode 100644 index b126100ec77..00000000000 --- a/libs/tomcrypt/src/encauth/ocb/ocb_done_encrypt.c +++ /dev/null @@ -1,39 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_done_encrypt.c - OCB implementation, terminate encryption, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Terminate an encryption OCB state - @param ocb The OCB state - @param pt Remaining plaintext (if any) - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext (if any) - @param tag [out] The tag for the OCB stream - @param taglen [in/out] The max size and resulting size of the tag - @return CRYPT_OK if successful -*/ -int ocb_done_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen) -{ - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - return s_ocb_done(ocb, pt, ptlen, ct, tag, taglen, 0); -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb/ocb_encrypt.c b/libs/tomcrypt/src/encauth/ocb/ocb_encrypt.c deleted file mode 100644 index fd94b17f8c3..00000000000 --- a/libs/tomcrypt/src/encauth/ocb/ocb_encrypt.c +++ /dev/null @@ -1,66 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_encrypt.c - OCB implementation, encrypt data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Encrypt a block of data with OCB. - @param ocb The OCB state - @param pt The plaintext (length of the block size of the block cipher) - @param ct [out] The ciphertext (same size as the pt) - @return CRYPT_OK if successful -*/ -int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct) -{ - unsigned char Z[MAXBLOCKSIZE], tmp[MAXBLOCKSIZE]; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - return err; - } - if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - /* compute checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= pt[x]; - } - - /* Get Z[i] value */ - ocb_shift_xor(ocb, Z); - - /* xor pt in, encrypt, xor Z out */ - for (x = 0; x < ocb->block_len; x++) { - tmp[x] = pt[x] ^ Z[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, ct, &ocb->key)) != CRYPT_OK) { - return err; - } - for (x = 0; x < ocb->block_len; x++) { - ct[x] ^= Z[x]; - } - -#ifdef LTC_CLEAN_STACK - zeromem(Z, sizeof(Z)); - zeromem(tmp, sizeof(tmp)); -#endif - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c b/libs/tomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c deleted file mode 100644 index 5acab3549f4..00000000000 --- a/libs/tomcrypt/src/encauth/ocb/ocb_encrypt_authenticate_memory.c +++ /dev/null @@ -1,78 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_encrypt_authenticate_memory.c - OCB implementation, encrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Encrypt and generate an authentication code for a buffer of memory - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block ciphers block size) - @param pt The plaintext - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext - @param tag [out] The authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int ocb_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen) -{ - int err; - ocb_state *ocb; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - - /* allocate ram */ - ocb = XMALLOC(sizeof(ocb_state)); - if (ocb == NULL) { - return CRYPT_MEM; - } - - if ((err = ocb_init(ocb, cipher, key, keylen, nonce)) != CRYPT_OK) { - goto LBL_ERR; - } - - while (ptlen > (unsigned long)ocb->block_len) { - if ((err = ocb_encrypt(ocb, pt, ct)) != CRYPT_OK) { - goto LBL_ERR; - } - ptlen -= ocb->block_len; - pt += ocb->block_len; - ct += ocb->block_len; - } - - err = ocb_done_encrypt(ocb, pt, ptlen, ct, tag, taglen); -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb_state)); -#endif - - XFREE(ocb); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb/ocb_init.c b/libs/tomcrypt/src/encauth/ocb/ocb_init.c deleted file mode 100644 index 3b12f331136..00000000000 --- a/libs/tomcrypt/src/encauth/ocb/ocb_init.c +++ /dev/null @@ -1,135 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_init.c - OCB implementation, initialize state, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -static const struct { - int len; - unsigned char poly_div[MAXBLOCKSIZE], - poly_mul[MAXBLOCKSIZE]; -} polys[] = { -{ - 8, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B } -}, { - 16, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 } -} -}; - -/** - Initialize an OCB context. - @param ocb [out] The destination of the OCB state - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block size of the cipher) - @return CRYPT_OK if successful -*/ -int ocb_init(ocb_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, const unsigned char *nonce) -{ - int poly, x, y, m, err; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - - /* valid cipher? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - /* determine which polys to use */ - ocb->block_len = cipher_descriptor[cipher].block_length; - x = (int)(sizeof(polys)/sizeof(polys[0])); - for (poly = 0; poly < x; poly++) { - if (polys[poly].len == ocb->block_len) { - break; - } - } - if (poly == x) { - return CRYPT_INVALID_ARG; /* block_len not found in polys */ - } - if (polys[poly].len != ocb->block_len) { - return CRYPT_INVALID_ARG; - } - - /* schedule the key */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find L = E[0] */ - zeromem(ocb->L, ocb->block_len); - if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->L, ocb->L, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find R = E[N xor L] */ - for (x = 0; x < ocb->block_len; x++) { - ocb->R[x] = ocb->L[x] ^ nonce[x]; - } - if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->R, ocb->R, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* find Ls[i] = L << i for i == 0..31 */ - XMEMCPY(ocb->Ls[0], ocb->L, ocb->block_len); - for (x = 1; x < 32; x++) { - m = ocb->Ls[x-1][0] >> 7; - for (y = 0; y < ocb->block_len-1; y++) { - ocb->Ls[x][y] = ((ocb->Ls[x-1][y] << 1) | (ocb->Ls[x-1][y+1] >> 7)) & 255; - } - ocb->Ls[x][ocb->block_len-1] = (ocb->Ls[x-1][ocb->block_len-1] << 1) & 255; - - if (m == 1) { - for (y = 0; y < ocb->block_len; y++) { - ocb->Ls[x][y] ^= polys[poly].poly_mul[y]; - } - } - } - - /* find Lr = L / x */ - m = ocb->L[ocb->block_len-1] & 1; - - /* shift right */ - for (x = ocb->block_len - 1; x > 0; x--) { - ocb->Lr[x] = ((ocb->L[x] >> 1) | (ocb->L[x-1] << 7)) & 255; - } - ocb->Lr[0] = ocb->L[0] >> 1; - - if (m == 1) { - for (x = 0; x < ocb->block_len; x++) { - ocb->Lr[x] ^= polys[poly].poly_div[x]; - } - } - - /* set Li, checksum */ - zeromem(ocb->Li, ocb->block_len); - zeromem(ocb->checksum, ocb->block_len); - - /* set other params */ - ocb->block_index = 1; - ocb->cipher = cipher; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb/ocb_ntz.c b/libs/tomcrypt/src/encauth/ocb/ocb_ntz.c deleted file mode 100644 index 6db1732575a..00000000000 --- a/libs/tomcrypt/src/encauth/ocb/ocb_ntz.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_ntz.c - OCB implementation, internal function, by Tom St Denis -*/ - -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Returns the number of leading zero bits [from lsb up] - @param x The 32-bit value to observe - @return The number of bits [from the lsb up] that are zero -*/ -int ocb_ntz(unsigned long x) -{ - int c; - x &= 0xFFFFFFFFUL; - c = 0; - while ((x & 1) == 0) { - ++c; - x >>= 1; - } - return c; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb/ocb_shift_xor.c b/libs/tomcrypt/src/encauth/ocb/ocb_shift_xor.c deleted file mode 100644 index 5dd42a9a1ae..00000000000 --- a/libs/tomcrypt/src/encauth/ocb/ocb_shift_xor.c +++ /dev/null @@ -1,33 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb_shift_xor.c - OCB implementation, internal function, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/** - Compute the shift/xor for OCB (internal function) - @param ocb The OCB state - @param Z The destination of the shift -*/ -void ocb_shift_xor(ocb_state *ocb, unsigned char *Z) -{ - int x, y; - y = ocb_ntz(ocb->block_index++); - for (x = 0; x < ocb->block_len; x++) { - ocb->Li[x] ^= ocb->Ls[y][x]; - Z[x] = ocb->Li[x] ^ ocb->R[x]; - } -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb/s_ocb_done.c b/libs/tomcrypt/src/encauth/ocb/s_ocb_done.c deleted file mode 100644 index a8aa8353b7b..00000000000 --- a/libs/tomcrypt/src/encauth/ocb/s_ocb_done.c +++ /dev/null @@ -1,141 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file s_ocb_done.c - OCB implementation, internal helper, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB_MODE - -/* Since the last block is encrypted in CTR mode the same code can - * be used to finish a decrypt or encrypt stream. The only difference - * is we XOR the final ciphertext into the checksum so we have to xor it - * before we CTR [decrypt] or after [encrypt] - * - * the names pt/ptlen/ct really just mean in/inlen/out but this is the way I wrote it... - */ - -/** - Shared code to finish an OCB stream - @param ocb The OCB state - @param pt The remaining plaintext [or input] - @param ptlen The length of the input (octets) - @param ct [out] The output buffer - @param tag [out] The destination for the authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @param mode The mode we are terminating, 0==encrypt, 1==decrypt - @return CRYPT_OK if successful -*/ -int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode) - -{ - unsigned char *Z, *Y, *X; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - return err; - } - if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length || - (int)ptlen > ocb->block_len || (int)ptlen < 0) { - return CRYPT_INVALID_ARG; - } - - /* allocate ram */ - Z = XMALLOC(MAXBLOCKSIZE); - Y = XMALLOC(MAXBLOCKSIZE); - X = XMALLOC(MAXBLOCKSIZE); - if (X == NULL || Y == NULL || Z == NULL) { - if (X != NULL) { - XFREE(X); - } - if (Y != NULL) { - XFREE(Y); - } - if (Z != NULL) { - XFREE(Z); - } - return CRYPT_MEM; - } - - /* compute X[m] = len(pt[m]) XOR Lr XOR Z[m] */ - ocb_shift_xor(ocb, X); - XMEMCPY(Z, X, ocb->block_len); - - X[ocb->block_len-1] ^= (ptlen*8)&255; - X[ocb->block_len-2] ^= ((ptlen*8)>>8)&255; - for (x = 0; x < ocb->block_len; x++) { - X[x] ^= ocb->Lr[x]; - } - - /* Y[m] = E(X[m])) */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(X, Y, &ocb->key)) != CRYPT_OK) { - goto error; - } - - if (mode == 1) { - /* decrypt mode, so let's xor it first */ - /* xor C[m] into checksum */ - for (x = 0; x < (int)ptlen; x++) { - ocb->checksum[x] ^= ct[x]; - } - } - - /* C[m] = P[m] xor Y[m] */ - for (x = 0; x < (int)ptlen; x++) { - ct[x] = pt[x] ^ Y[x]; - } - - if (mode == 0) { - /* encrypt mode */ - /* xor C[m] into checksum */ - for (x = 0; x < (int)ptlen; x++) { - ocb->checksum[x] ^= ct[x]; - } - } - - /* xor Y[m] and Z[m] into checksum */ - for (x = 0; x < ocb->block_len; x++) { - ocb->checksum[x] ^= Y[x] ^ Z[x]; - } - - /* encrypt checksum, er... tag!! */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key)) != CRYPT_OK) { - goto error; - } - cipher_descriptor[ocb->cipher].done(&ocb->key); - - /* now store it */ - for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) { - tag[x] = X[x]; - } - *taglen = x; - -#ifdef LTC_CLEAN_STACK - zeromem(X, MAXBLOCKSIZE); - zeromem(Y, MAXBLOCKSIZE); - zeromem(Z, MAXBLOCKSIZE); - zeromem(ocb, sizeof(*ocb)); -#endif -error: - XFREE(X); - XFREE(Y); - XFREE(Z); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_add_aad.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_add_aad.c deleted file mode 100644 index aaeb4c0ce14..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_add_aad.c +++ /dev/null @@ -1,102 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_add_aad.c - OCB implementation, add AAD data, by Karel Miko -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Add one block of AAD data (internal function) - @param ocb The OCB state - @param aad_block [in] AAD data (block_len size) - @return CRYPT_OK if successful -*/ -static int _ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block) -{ - unsigned char tmp[MAXBLOCKSIZE]; - int err; - - /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */ - ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_[ocb3_int_ntz(ocb->ablock_index)], ocb->block_len); - - /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */ - ocb3_int_xor_blocks(tmp, aad_block, ocb->aOffset_current, ocb->block_len); - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) { - return err; - } - ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len); - - ocb->ablock_index++; - - return CRYPT_OK; -} - -/** - Add AAD - additional associated data - @param ocb The OCB state - @param aad The AAD data - @param aadlen The size of AAD data (octets) - @return CRYPT_OK if successful -*/ -int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen) -{ - int err, x, full_blocks, full_blocks_len, last_block_len; - unsigned char *data; - unsigned long datalen, l; - - LTC_ARGCHK(ocb != NULL); - if (aadlen == 0) return CRYPT_OK; - LTC_ARGCHK(aad != NULL); - - if (ocb->adata_buffer_bytes > 0) { - l = ocb->block_len - ocb->adata_buffer_bytes; - if (l > aadlen) l = aadlen; - XMEMCPY(ocb->adata_buffer+ocb->adata_buffer_bytes, aad, l); - ocb->adata_buffer_bytes += l; - - if (ocb->adata_buffer_bytes == ocb->block_len) { - if ((err = _ocb3_int_aad_add_block(ocb, ocb->adata_buffer)) != CRYPT_OK) { - return err; - } - ocb->adata_buffer_bytes = 0; - } - - data = (unsigned char *)aad + l; - datalen = aadlen - l; - } - else { - data = (unsigned char *)aad; - datalen = aadlen; - } - - if (datalen == 0) return CRYPT_OK; - - full_blocks = datalen/ocb->block_len; - full_blocks_len = full_blocks * ocb->block_len; - last_block_len = datalen - full_blocks_len; - - for (x=0; x<full_blocks; x++) { - if ((err = _ocb3_int_aad_add_block(ocb, data+x*ocb->block_len)) != CRYPT_OK) { - return err; - } - } - - if (last_block_len>0) { - XMEMCPY(ocb->adata_buffer, data+full_blocks_len, last_block_len); - ocb->adata_buffer_bytes = last_block_len; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt.c deleted file mode 100644 index fe175db532e..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt.c +++ /dev/null @@ -1,82 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_decrypt.c - OCB implementation, decrypt data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Decrypt blocks of ciphertext with OCB - @param ocb The OCB state - @param ct The ciphertext (length multiple of the block size of the block cipher) - @param ctlen The length of the input (octets) - @param pt [out] The plaintext (length of ct) - @return CRYPT_OK if successful -*/ -int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt) -{ - unsigned char tmp[MAXBLOCKSIZE]; - int err, i, full_blocks; - unsigned char *pt_b, *ct_b; - - LTC_ARGCHK(ocb != NULL); - if (ctlen == 0) return CRYPT_OK; /* no data, nothing to do */ - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(pt != NULL); - - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - return err; - } - if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - if (ctlen % ocb->block_len) { /* ctlen has to bu multiple of block_len */ - return CRYPT_INVALID_ARG; - } - - full_blocks = ctlen/ocb->block_len; - for(i=0; i<full_blocks; i++) { - pt_b = (unsigned char *)pt+i*ocb->block_len; - ct_b = (unsigned char *)ct+i*ocb->block_len; - - /* ocb->Offset_current[] = ocb->Offset_current[] ^ Offset_{ntz(block_index)} */ - ocb3_int_xor_blocks(ocb->Offset_current, ocb->Offset_current, ocb->L_[ocb3_int_ntz(ocb->block_index)], ocb->block_len); - - /* tmp[] = ct[] XOR ocb->Offset_current[] */ - ocb3_int_xor_blocks(tmp, ct_b, ocb->Offset_current, ocb->block_len); - - /* decrypt */ - if ((err = cipher_descriptor[ocb->cipher].ecb_decrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* pt[] = tmp[] XOR ocb->Offset_current[] */ - ocb3_int_xor_blocks(pt_b, tmp, ocb->Offset_current, ocb->block_len); - - /* ocb->checksum[] = ocb->checksum[] XOR pt[] */ - ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt_b, ocb->block_len); - - ocb->block_index++; - } - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(tmp, sizeof(tmp)); -#endif - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt_last.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt_last.c deleted file mode 100644 index 00607f110fd..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt_last.c +++ /dev/null @@ -1,106 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_decrypt_last.c - OCB implementation, internal helper, by Karel Miko -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Finish an OCB (decryption) stream - @param ocb The OCB state - @param ct The remaining ciphertext - @param ctlen The length of the ciphertext (octets) - @param pt [out] The output buffer - @return CRYPT_OK if successful -*/ -int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt) -{ - unsigned char iOffset_star[MAXBLOCKSIZE]; - unsigned char iPad[MAXBLOCKSIZE]; - int err, x, full_blocks, full_blocks_len, last_block_len; - - LTC_ARGCHK(ocb != NULL); - if (ct == NULL) LTC_ARGCHK(ctlen == 0); - if (ctlen != 0) { - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(pt != NULL); - } - - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - goto LBL_ERR; - } - - full_blocks = ctlen/ocb->block_len; - full_blocks_len = full_blocks * ocb->block_len; - last_block_len = ctlen - full_blocks_len; - - /* process full blocks first */ - if (full_blocks>0) { - if ((err = ocb3_decrypt(ocb, ct, full_blocks_len, pt)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - if (last_block_len>0) { - /* Offset_* = Offset_m xor L_* */ - ocb3_int_xor_blocks(iOffset_star, ocb->Offset_current, ocb->L_star, ocb->block_len); - - /* Pad = ENCIPHER(K, Offset_*) */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(iOffset_star, iPad, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* P_* = C_* xor Pad[1..bitlen(C_*)] */ - ocb3_int_xor_blocks(pt+full_blocks_len, (unsigned char *)ct+full_blocks_len, iPad, last_block_len); - - /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt+full_blocks_len, last_block_len); - for(x=last_block_len; x<ocb->block_len; x++) { - if (x == last_block_len) - ocb->checksum[x] ^= 0x80; - else - ocb->checksum[x] ^= 0x00; - } - - /* Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */ - /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) */ - for(x=0; x<ocb->block_len; x++) { - ocb->tag_part[x] = (ocb->checksum[x] ^ iOffset_star[x]) ^ ocb->L_dollar[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - } - else { - /* Tag = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) xor HASH(K,A) */ - /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) */ - for(x=0; x<ocb->block_len; x++) { - ocb->tag_part[x] = (ocb->checksum[x] ^ ocb->Offset_current[x]) ^ ocb->L_dollar[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(iOffset_star, MAXBLOCKSIZE); - zeromem(iPad, MAXBLOCKSIZE); -#endif - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt_verify_memory.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt_verify_memory.c deleted file mode 100644 index 7b500818630..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_decrypt_verify_memory.c +++ /dev/null @@ -1,106 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_decrypt_verify_memory.c - OCB implementation, helper to decrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Decrypt and compare the tag with OCB - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block size of the block cipher) - @param noncelen The length of the nonce (octets) - @param adata The AAD - additional associated data - @param adatalen The length of AAD (octets) - @param ct The ciphertext - @param ctlen The length of the ciphertext (octets) - @param pt [out] The plaintext - @param tag The tag to compare against - @param taglen The length of the tag (octets) - @param stat [out] The result of the tag comparison (1==valid, 0==invalid) - @return CRYPT_OK if successful regardless of the tag comparison -*/ -int ocb3_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *adata, unsigned long adatalen, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat) -{ - int err; - ocb3_state *ocb; - unsigned char *buf; - unsigned long buflen; - - LTC_ARGCHK(stat != NULL); - - /* default to zero */ - *stat = 0; - - /* limit taglen */ - taglen = MIN(taglen, MAXBLOCKSIZE); - - /* allocate memory */ - buf = XMALLOC(taglen); - ocb = XMALLOC(sizeof(ocb3_state)); - if (ocb == NULL || buf == NULL) { - if (ocb != NULL) { - XFREE(ocb); - } - if (buf != NULL) { - XFREE(buf); - } - return CRYPT_MEM; - } - - if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, taglen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if (adata != NULL || adatalen != 0) { - if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - if ((err = ocb3_decrypt_last(ocb, ct, ctlen, pt)) != CRYPT_OK) { - goto LBL_ERR; - } - - buflen = taglen; - if ((err = ocb3_done(ocb, buf, &buflen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* compare tags */ - if (buflen >= taglen && XMEM_NEQ(buf, tag, taglen) == 0) { - *stat = 1; - } - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb3_state)); -#endif - - XFREE(ocb); - XFREE(buf); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_done.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_done.c deleted file mode 100644 index fd73d3089ca..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_done.c +++ /dev/null @@ -1,88 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_done.c - OCB implementation, INTERNAL ONLY helper, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Finish OCB processing and compute the tag - @param ocb The OCB state - @param tag [out] The destination for the authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen) -{ - unsigned char tmp[MAXBLOCKSIZE]; - int err, x; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(tag != NULL); - LTC_ARGCHK(taglen != NULL); - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* check taglen */ - if ((int)*taglen < ocb->tag_len) { - *taglen = (unsigned long)ocb->tag_len; - return CRYPT_BUFFER_OVERFLOW; - } - - /* finalize AAD processing */ - - if (ocb->adata_buffer_bytes>0) { - /* Offset_* = Offset_m xor L_* */ - ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_star, ocb->block_len); - - /* CipherInput = (A_* || 1 || zeros(127-bitlen(A_*))) xor Offset_* */ - ocb3_int_xor_blocks(tmp, ocb->adata_buffer, ocb->aOffset_current, ocb->adata_buffer_bytes); - for(x=ocb->adata_buffer_bytes; x<ocb->block_len; x++) { - if (x == ocb->adata_buffer_bytes) { - tmp[x] = 0x80 ^ ocb->aOffset_current[x]; - } - else { - tmp[x] = 0x00 ^ ocb->aOffset_current[x]; - } - } - - /* Sum = Sum_m xor ENCIPHER(K, CipherInput) */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len); - } - - /* finalize TAG computing */ - - /* at this point ocb->aSum_current = HASH(K, A) */ - /* tag = tag ^ HASH(K, A) */ - ocb3_int_xor_blocks(tmp, ocb->tag_part, ocb->aSum_current, ocb->block_len); - - /* copy tag bytes */ - for(x = 0; x < ocb->tag_len; x++) tag[x] = tmp[x]; - *taglen = (unsigned long)ocb->tag_len; - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(tmp, MAXBLOCKSIZE); - zeromem(ocb, sizeof(*ocb)); -#endif - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt.c deleted file mode 100644 index b7b523ed793..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt.c +++ /dev/null @@ -1,82 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_encrypt.c - OCB implementation, encrypt data, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Encrypt blocks of data with OCB - @param ocb The OCB state - @param pt The plaintext (length multiple of the block size of the block cipher) - @param ptlen The length of the input (octets) - @param ct [out] The ciphertext (same size as the pt) - @return CRYPT_OK if successful -*/ -int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct) -{ - unsigned char tmp[MAXBLOCKSIZE]; - int err, i, full_blocks; - unsigned char *pt_b, *ct_b; - - LTC_ARGCHK(ocb != NULL); - if (ptlen == 0) return CRYPT_OK; /* no data, nothing to do */ - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - return err; - } - if (ocb->block_len != cipher_descriptor[ocb->cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - if (ptlen % ocb->block_len) { /* ptlen has to bu multiple of block_len */ - return CRYPT_INVALID_ARG; - } - - full_blocks = ptlen/ocb->block_len; - for(i=0; i<full_blocks; i++) { - pt_b = (unsigned char *)pt+i*ocb->block_len; - ct_b = (unsigned char *)ct+i*ocb->block_len; - - /* ocb->Offset_current[] = ocb->Offset_current[] ^ Offset_{ntz(block_index)} */ - ocb3_int_xor_blocks(ocb->Offset_current, ocb->Offset_current, ocb->L_[ocb3_int_ntz(ocb->block_index)], ocb->block_len); - - /* tmp[] = pt[] XOR ocb->Offset_current[] */ - ocb3_int_xor_blocks(tmp, pt_b, ocb->Offset_current, ocb->block_len); - - /* encrypt */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* ct[] = tmp[] XOR ocb->Offset_current[] */ - ocb3_int_xor_blocks(ct_b, tmp, ocb->Offset_current, ocb->block_len); - - /* ocb->checksum[] = ocb->checksum[] XOR pt[] */ - ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt_b, ocb->block_len); - - ocb->block_index++; - } - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(tmp, sizeof(tmp)); -#endif - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c deleted file mode 100644 index 46eb9345bd1..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c +++ /dev/null @@ -1,78 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_encrypt_authenticate_memory.c - OCB implementation, encrypt block of memory, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Encrypt and generate an authentication code for a buffer of memory - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce (length of the block ciphers block size) - @param noncelen The length of the nonce (octets) - @param adata The AAD - additional associated data - @param adatalen The length of AAD (octets) - @param pt The plaintext - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext - @param tag [out] The authentication tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int ocb3_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *adata, unsigned long adatalen, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen) -{ - int err; - ocb3_state *ocb; - - LTC_ARGCHK(taglen != NULL); - - /* allocate memory */ - ocb = XMALLOC(sizeof(ocb3_state)); - if (ocb == NULL) { - return CRYPT_MEM; - } - - if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, *taglen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if (adata != NULL || adatalen != 0) { - if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - if ((err = ocb3_encrypt_last(ocb, pt, ptlen, ct)) != CRYPT_OK) { - goto LBL_ERR; - } - - err = ocb3_done(ocb, tag, taglen); - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(ocb, sizeof(ocb3_state)); -#endif - - XFREE(ocb); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt_last.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt_last.c deleted file mode 100644 index dd3be718a1c..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_encrypt_last.c +++ /dev/null @@ -1,108 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_encrypt_last.c - OCB implementation, internal helper, by Karel Miko -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Finish an OCB (encryption) stream - @param ocb The OCB state - @param pt The remaining plaintext - @param ptlen The length of the plaintext (octets) - @param ct [out] The output buffer - @return CRYPT_OK if successful -*/ -int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct) -{ - unsigned char iOffset_star[MAXBLOCKSIZE]; - unsigned char iPad[MAXBLOCKSIZE]; - int err, x, full_blocks, full_blocks_len, last_block_len; - - LTC_ARGCHK(ocb != NULL); - if (pt == NULL) LTC_ARGCHK(ptlen == 0); - if (ptlen != 0) { - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - } - - if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) { - goto LBL_ERR; - } - - full_blocks = ptlen/ocb->block_len; - full_blocks_len = full_blocks * ocb->block_len; - last_block_len = ptlen - full_blocks_len; - - /* process full blocks first */ - if (full_blocks>0) { - if ((err = ocb3_encrypt(ocb, pt, full_blocks_len, ct)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* at this point: m = ocb->block_index (last block index), Offset_m = ocb->Offset_current */ - - if (last_block_len>0) { - /* Offset_* = Offset_m xor L_* */ - ocb3_int_xor_blocks(iOffset_star, ocb->Offset_current, ocb->L_star, ocb->block_len); - - /* Pad = ENCIPHER(K, Offset_*) */ - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(iOffset_star, iPad, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* C_* = P_* xor Pad[1..bitlen(P_*)] */ - ocb3_int_xor_blocks(ct+full_blocks_len, pt+full_blocks_len, iPad, last_block_len); - - /* Checksum_* = Checksum_m xor (P_* || 1 || zeros(127-bitlen(P_*))) */ - ocb3_int_xor_blocks(ocb->checksum, ocb->checksum, pt+full_blocks_len, last_block_len); - for(x=last_block_len; x<ocb->block_len; x++) { - if (x == last_block_len) - ocb->checksum[x] ^= 0x80; - else - ocb->checksum[x] ^= 0x00; - } - - /* Tag = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) xor HASH(K,A) */ - /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_* xor Offset_* xor L_$) */ - for(x=0; x<ocb->block_len; x++) { - ocb->tag_part[x] = (ocb->checksum[x] ^ iOffset_star[x]) ^ ocb->L_dollar[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - } - else { - /* Tag = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) xor HASH(K,A) */ - /* at this point we calculate only: Tag_part = ENCIPHER(K, Checksum_m xor Offset_m xor L_$) */ - for(x=0; x<ocb->block_len; x++) { - ocb->tag_part[x] = (ocb->checksum[x] ^ ocb->Offset_current[x]) ^ ocb->L_dollar[x]; - } - if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->tag_part, ocb->tag_part, &ocb->key)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - err = CRYPT_OK; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(iOffset_star, MAXBLOCKSIZE); - zeromem(iPad, MAXBLOCKSIZE); -#endif - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_init.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_init.c deleted file mode 100644 index 7b8c097fb79..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_init.c +++ /dev/null @@ -1,192 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_init.c - OCB implementation, initialize state, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -static void _ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen, unsigned long taglen) -{ - int x, y, bottom; - int idx, shift; - unsigned char iNonce[MAXBLOCKSIZE]; - unsigned char iKtop[MAXBLOCKSIZE]; - unsigned char iStretch[MAXBLOCKSIZE+8]; - - /* Nonce = zeros(127-bitlen(N)) || 1 || N */ - zeromem(iNonce, sizeof(iNonce)); - for (x = ocb->block_len-1, y=0; y<(int)noncelen; x--, y++) { - iNonce[x] = nonce[noncelen-y-1]; - } - iNonce[x] = 0x01; - iNonce[0] |= ((taglen*8) % 128) << 1; - - /* bottom = str2num(Nonce[123..128]) */ - bottom = iNonce[ocb->block_len-1] & 0x3F; - - /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6)) */ - iNonce[ocb->block_len-1] = iNonce[ocb->block_len-1] & 0xC0; - if ((cipher_descriptor[ocb->cipher].ecb_encrypt(iNonce, iKtop, &ocb->key)) != CRYPT_OK) { - zeromem(ocb->Offset_current, ocb->block_len); - return; - } - - /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */ - for (x = 0; x < ocb->block_len; x++) { - iStretch[x] = iKtop[x]; - } - for (y = 0; y < 8; y++) { - iStretch[x+y] = iKtop[y] ^ iKtop[y+1]; - } - - /* Offset_0 = Stretch[1+bottom..128+bottom] */ - idx = bottom / 8; - shift = (bottom % 8); - for (x = 0; x < ocb->block_len; x++) { - ocb->Offset_current[x] = iStretch[idx+x] << shift; - if (shift > 0) { - ocb->Offset_current[x] |= iStretch[idx+x+1] >> (8-shift); - } - } -} - -static const struct { - int len; - unsigned char poly_mul[MAXBLOCKSIZE]; -} polys[] = { -{ - 8, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B } -}, { - 16, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 } -} -}; - -/** - Initialize an OCB context - @param ocb [out] The destination of the OCB state - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @param nonce The session nonce - @param noncelen The length of the session nonce (octets, up to 15) - @param taglen The length of the tag (octets, up to 16) - @return CRYPT_OK if successful -*/ -int ocb3_init(ocb3_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - unsigned long taglen) -{ - int poly, x, y, m, err; - unsigned char *previous, *current; - - LTC_ARGCHK(ocb != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(nonce != NULL); - - /* valid cipher? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - ocb->cipher = cipher; - - /* Valid Nonce? - * As of RFC7253: "string of no more than 120 bits" */ - if (noncelen > (120/8)) { - return CRYPT_INVALID_ARG; - } - - /* The blockcipher must have a 128-bit blocksize */ - if (cipher_descriptor[cipher].block_length != 16) { - return CRYPT_INVALID_ARG; - } - - /* The TAGLEN may be any value up to 128 (bits) */ - if (taglen > 16) { - return CRYPT_INVALID_ARG; - } - ocb->tag_len = taglen; - - /* determine which polys to use */ - ocb->block_len = cipher_descriptor[cipher].block_length; - x = (int)(sizeof(polys)/sizeof(polys[0])); - for (poly = 0; poly < x; poly++) { - if (polys[poly].len == ocb->block_len) { - break; - } - } - if (poly == x) { - return CRYPT_INVALID_ARG; /* block_len not found in polys */ - } - if (polys[poly].len != ocb->block_len) { - return CRYPT_INVALID_ARG; - } - - /* schedule the key */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* L_* = ENCIPHER(K, zeros(128)) */ - zeromem(ocb->L_star, ocb->block_len); - if ((err = cipher_descriptor[cipher].ecb_encrypt(ocb->L_star, ocb->L_star, &ocb->key)) != CRYPT_OK) { - return err; - } - - /* compute L_$, L_0, L_1, ... */ - for (x = -1; x < 32; x++) { - if (x == -1) { /* gonna compute: L_$ = double(L_*) */ - current = ocb->L_dollar; - previous = ocb->L_star; - } - else if (x == 0) { /* gonna compute: L_0 = double(L_$) */ - current = ocb->L_[0]; - previous = ocb->L_dollar; - } - else { /* gonna compute: L_i = double(L_{i-1}) for every integer i > 0 */ - current = ocb->L_[x]; - previous = ocb->L_[x-1]; - } - m = previous[0] >> 7; - for (y = 0; y < ocb->block_len-1; y++) { - current[y] = ((previous[y] << 1) | (previous[y+1] >> 7)) & 255; - } - current[ocb->block_len-1] = (previous[ocb->block_len-1] << 1) & 255; - if (m == 1) { - /* current[] = current[] XOR polys[poly].poly_mul[]*/ - ocb3_int_xor_blocks(current, current, polys[poly].poly_mul, ocb->block_len); - } - } - - /* initialize ocb->Offset_current = Offset_0 */ - _ocb3_int_calc_offset_zero(ocb, nonce, noncelen, taglen); - - /* initialize checksum to all zeros */ - zeromem(ocb->checksum, ocb->block_len); - - /* set block index */ - ocb->block_index = 1; - - /* initialize AAD related stuff */ - ocb->ablock_index = 1; - ocb->adata_buffer_bytes = 0; - zeromem(ocb->aOffset_current, ocb->block_len); - zeromem(ocb->aSum_current, ocb->block_len); - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_int_ntz.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_int_ntz.c deleted file mode 100644 index 1f0ed3126fc..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_int_ntz.c +++ /dev/null @@ -1,35 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_int_ntz.c - OCB implementation, INTERNAL ONLY helper, by Tom St Denis -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Returns the number of leading zero bits [from lsb up] (internal function) - @param x The 32-bit value to observe - @return The number of bits [from the lsb up] that are zero -*/ -int ocb3_int_ntz(unsigned long x) -{ - int c; - x &= 0xFFFFFFFFUL; - c = 0; - while ((x & 1) == 0) { - ++c; - x >>= 1; - } - return c; -} - -#endif diff --git a/libs/tomcrypt/src/encauth/ocb3/ocb3_int_xor_blocks.c b/libs/tomcrypt/src/encauth/ocb3/ocb3_int_xor_blocks.c deleted file mode 100644 index 0c4afd01156..00000000000 --- a/libs/tomcrypt/src/encauth/ocb3/ocb3_int_xor_blocks.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** - @file ocb3_int_xor_blocks.c - OCB implementation, INTERNAL ONLY helper, by Karel Miko -*/ -#include "tomcrypt.h" - -#ifdef LTC_OCB3_MODE - -/** - Compute xor for two blocks of bytes 'out = block_a XOR block_b' (internal function) - @param out The block of bytes (output) - @param block_a The block of bytes (input) - @param block_b The block of bytes (input) - @param block_len The size of block_a, block_b, out -*/ -void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len) -{ - int x; - if (out == block_a) { - for (x = 0; x < (int)block_len; x++) out[x] ^= block_b[x]; - } - else { - for (x = 0; x < (int)block_len; x++) out[x] = block_a[x] ^ block_b[x]; - } -} - -#endif diff --git a/libs/tomcrypt/src/hashes/md2.c b/libs/tomcrypt/src/hashes/md2.c deleted file mode 100644 index ef230813bb5..00000000000 --- a/libs/tomcrypt/src/hashes/md2.c +++ /dev/null @@ -1,245 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @param md2.c - LTC_MD2 (RFC 1319) hash function implementation by Tom St Denis -*/ - -#ifdef LTC_MD2 - -const struct ltc_hash_descriptor md2_desc = -{ - "md2", - 7, - 16, - 16, - - /* OID */ - { 1, 2, 840, 113549, 2, 2, }, - 6, - - &md2_init, - &md2_process, - &md2_done, - &md2_test, - NULL -}; - -static const unsigned char PI_SUBST[256] = { - 41, 46, 67, 201, 162, 216, 124, 1, 61, 54, 84, 161, 236, 240, 6, - 19, 98, 167, 5, 243, 192, 199, 115, 140, 152, 147, 43, 217, 188, - 76, 130, 202, 30, 155, 87, 60, 253, 212, 224, 22, 103, 66, 111, 24, - 138, 23, 229, 18, 190, 78, 196, 214, 218, 158, 222, 73, 160, 251, - 245, 142, 187, 47, 238, 122, 169, 104, 121, 145, 21, 178, 7, 63, - 148, 194, 16, 137, 11, 34, 95, 33, 128, 127, 93, 154, 90, 144, 50, - 39, 53, 62, 204, 231, 191, 247, 151, 3, 255, 25, 48, 179, 72, 165, - 181, 209, 215, 94, 146, 42, 172, 86, 170, 198, 79, 184, 56, 210, - 150, 164, 125, 182, 118, 252, 107, 226, 156, 116, 4, 241, 69, 157, - 112, 89, 100, 113, 135, 32, 134, 91, 207, 101, 230, 45, 168, 2, 27, - 96, 37, 173, 174, 176, 185, 246, 28, 70, 97, 105, 52, 64, 126, 15, - 85, 71, 163, 35, 221, 81, 175, 58, 195, 92, 249, 206, 186, 197, - 234, 38, 44, 83, 13, 110, 133, 40, 132, 9, 211, 223, 205, 244, 65, - 129, 77, 82, 106, 220, 55, 200, 108, 193, 171, 250, 36, 225, 123, - 8, 12, 189, 177, 74, 120, 136, 149, 139, 227, 99, 232, 109, 233, - 203, 213, 254, 59, 0, 29, 57, 242, 239, 183, 14, 102, 88, 208, 228, - 166, 119, 114, 248, 235, 117, 75, 10, 49, 68, 80, 180, 143, 237, - 31, 26, 219, 153, 141, 51, 159, 17, 131, 20 -}; - -/* adds 16 bytes to the checksum */ -static void md2_update_chksum(hash_state *md) -{ - int j; - unsigned char L; - L = md->md2.chksum[15]; - for (j = 0; j < 16; j++) { - -/* caution, the RFC says its "C[j] = S[M[i*16+j] xor L]" but the reference source code [and test vectors] say - otherwise. -*/ - L = (md->md2.chksum[j] ^= PI_SUBST[(int)(md->md2.buf[j] ^ L)] & 255); - } -} - -static void md2_compress(hash_state *md) -{ - int j, k; - unsigned char t; - - /* copy block */ - for (j = 0; j < 16; j++) { - md->md2.X[16+j] = md->md2.buf[j]; - md->md2.X[32+j] = md->md2.X[j] ^ md->md2.X[16+j]; - } - - t = (unsigned char)0; - - /* do 18 rounds */ - for (j = 0; j < 18; j++) { - for (k = 0; k < 48; k++) { - t = (md->md2.X[k] ^= PI_SUBST[(int)(t & 255)]); - } - t = (t + (unsigned char)j) & 255; - } -} - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int md2_init(hash_state *md) -{ - LTC_ARGCHK(md != NULL); - - /* LTC_MD2 uses a zero'ed state... */ - zeromem(md->md2.X, sizeof(md->md2.X)); - zeromem(md->md2.chksum, sizeof(md->md2.chksum)); - zeromem(md->md2.buf, sizeof(md->md2.buf)); - md->md2.curlen = 0; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -int md2_process(hash_state *md, const unsigned char *in, unsigned long inlen) -{ - unsigned long n; - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(in != NULL); - if (md-> md2 .curlen > sizeof(md-> md2 .buf)) { - return CRYPT_INVALID_ARG; - } - while (inlen > 0) { - n = MIN(inlen, (16 - md->md2.curlen)); - XMEMCPY(md->md2.buf + md->md2.curlen, in, (size_t)n); - md->md2.curlen += n; - in += n; - inlen -= n; - - /* is 16 bytes full? */ - if (md->md2.curlen == 16) { - md2_compress(md); - md2_update_chksum(md); - md->md2.curlen = 0; - } - } - return CRYPT_OK; -} - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (16 bytes) - @return CRYPT_OK if successful -*/ -int md2_done(hash_state * md, unsigned char *out) -{ - unsigned long i, k; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->md2.curlen >= sizeof(md->md2.buf)) { - return CRYPT_INVALID_ARG; - } - - - /* pad the message */ - k = 16 - md->md2.curlen; - for (i = md->md2.curlen; i < 16; i++) { - md->md2.buf[i] = (unsigned char)k; - } - - /* hash and update */ - md2_compress(md); - md2_update_chksum(md); - - /* hash checksum */ - XMEMCPY(md->md2.buf, md->md2.chksum, 16); - md2_compress(md); - - /* output is lower 16 bytes of X */ - XMEMCPY(out, md->md2.X, 16); - -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int md2_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[16]; - } tests[] = { - { "", - {0x83,0x50,0xe5,0xa3,0xe2,0x4c,0x15,0x3d, - 0xf2,0x27,0x5c,0x9f,0x80,0x69,0x27,0x73 - } - }, - { "a", - {0x32,0xec,0x01,0xec,0x4a,0x6d,0xac,0x72, - 0xc0,0xab,0x96,0xfb,0x34,0xc0,0xb5,0xd1 - } - }, - { "message digest", - {0xab,0x4f,0x49,0x6b,0xfb,0x2a,0x53,0x0b, - 0x21,0x9f,0xf3,0x30,0x31,0xfe,0x06,0xb0 - } - }, - { "abcdefghijklmnopqrstuvwxyz", - {0x4e,0x8d,0xdf,0xf3,0x65,0x02,0x92,0xab, - 0x5a,0x41,0x08,0xc3,0xaa,0x47,0x94,0x0b - } - }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - {0xda,0x33,0xde,0xf2,0xa4,0x2d,0xf1,0x39, - 0x75,0x35,0x28,0x46,0xc3,0x03,0x38,0xcd - } - }, - { "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - {0xd5,0x97,0x6f,0x79,0xd8,0x3d,0x3a,0x0d, - 0xc9,0x80,0x6c,0x3c,0x66,0xf3,0xef,0xd8 - } - } - }; - - int i; - unsigned char tmp[16]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - md2_init(&md); - md2_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - md2_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "MD2", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif diff --git a/libs/tomcrypt/src/hashes/md4.c b/libs/tomcrypt/src/hashes/md4.c deleted file mode 100644 index cf25e6bd303..00000000000 --- a/libs/tomcrypt/src/hashes/md4.c +++ /dev/null @@ -1,300 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @param md4.c - Submitted by Dobes Vandermeer (dobes@smartt.com) -*/ - -#ifdef LTC_MD4 - -const struct ltc_hash_descriptor md4_desc = -{ - "md4", - 6, - 16, - 64, - - /* OID */ - { 1, 2, 840, 113549, 2, 4, }, - 6, - - &md4_init, - &md4_process, - &md4_done, - &md4_test, - NULL -}; - -#define S11 3 -#define S12 7 -#define S13 11 -#define S14 19 -#define S21 3 -#define S22 5 -#define S23 9 -#define S24 13 -#define S31 3 -#define S32 9 -#define S33 11 -#define S34 15 - -/* F, G and H are basic LTC_MD4 functions. */ -#define F(x, y, z) (z ^ (x & (y ^ z))) -#define G(x, y, z) ((x & y) | (z & (x | y))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) - -/* ROTATE_LEFT rotates x left n bits. */ -#define ROTATE_LEFT(x, n) ROLc(x, n) - -/* FF, GG and HH are transformations for rounds 1, 2 and 3 */ -/* Rotation is separate from addition to prevent recomputation */ - -#define FF(a, b, c, d, x, s) { \ - (a) += F ((b), (c), (d)) + (x); \ - (a) = ROTATE_LEFT ((a), (s)); \ - } -#define GG(a, b, c, d, x, s) { \ - (a) += G ((b), (c), (d)) + (x) + 0x5a827999UL; \ - (a) = ROTATE_LEFT ((a), (s)); \ - } -#define HH(a, b, c, d, x, s) { \ - (a) += H ((b), (c), (d)) + (x) + 0x6ed9eba1UL; \ - (a) = ROTATE_LEFT ((a), (s)); \ - } - -#ifdef LTC_CLEAN_STACK -static int _md4_compress(hash_state *md, unsigned char *buf) -#else -static int md4_compress(hash_state *md, unsigned char *buf) -#endif -{ - ulong32 x[16], a, b, c, d; - int i; - - /* copy state */ - a = md->md4.state[0]; - b = md->md4.state[1]; - c = md->md4.state[2]; - d = md->md4.state[3]; - - /* copy the state into 512-bits into W[0..15] */ - for (i = 0; i < 16; i++) { - LOAD32L(x[i], buf + (4*i)); - } - - /* Round 1 */ - FF (a, b, c, d, x[ 0], S11); /* 1 */ - FF (d, a, b, c, x[ 1], S12); /* 2 */ - FF (c, d, a, b, x[ 2], S13); /* 3 */ - FF (b, c, d, a, x[ 3], S14); /* 4 */ - FF (a, b, c, d, x[ 4], S11); /* 5 */ - FF (d, a, b, c, x[ 5], S12); /* 6 */ - FF (c, d, a, b, x[ 6], S13); /* 7 */ - FF (b, c, d, a, x[ 7], S14); /* 8 */ - FF (a, b, c, d, x[ 8], S11); /* 9 */ - FF (d, a, b, c, x[ 9], S12); /* 10 */ - FF (c, d, a, b, x[10], S13); /* 11 */ - FF (b, c, d, a, x[11], S14); /* 12 */ - FF (a, b, c, d, x[12], S11); /* 13 */ - FF (d, a, b, c, x[13], S12); /* 14 */ - FF (c, d, a, b, x[14], S13); /* 15 */ - FF (b, c, d, a, x[15], S14); /* 16 */ - - /* Round 2 */ - GG (a, b, c, d, x[ 0], S21); /* 17 */ - GG (d, a, b, c, x[ 4], S22); /* 18 */ - GG (c, d, a, b, x[ 8], S23); /* 19 */ - GG (b, c, d, a, x[12], S24); /* 20 */ - GG (a, b, c, d, x[ 1], S21); /* 21 */ - GG (d, a, b, c, x[ 5], S22); /* 22 */ - GG (c, d, a, b, x[ 9], S23); /* 23 */ - GG (b, c, d, a, x[13], S24); /* 24 */ - GG (a, b, c, d, x[ 2], S21); /* 25 */ - GG (d, a, b, c, x[ 6], S22); /* 26 */ - GG (c, d, a, b, x[10], S23); /* 27 */ - GG (b, c, d, a, x[14], S24); /* 28 */ - GG (a, b, c, d, x[ 3], S21); /* 29 */ - GG (d, a, b, c, x[ 7], S22); /* 30 */ - GG (c, d, a, b, x[11], S23); /* 31 */ - GG (b, c, d, a, x[15], S24); /* 32 */ - - /* Round 3 */ - HH (a, b, c, d, x[ 0], S31); /* 33 */ - HH (d, a, b, c, x[ 8], S32); /* 34 */ - HH (c, d, a, b, x[ 4], S33); /* 35 */ - HH (b, c, d, a, x[12], S34); /* 36 */ - HH (a, b, c, d, x[ 2], S31); /* 37 */ - HH (d, a, b, c, x[10], S32); /* 38 */ - HH (c, d, a, b, x[ 6], S33); /* 39 */ - HH (b, c, d, a, x[14], S34); /* 40 */ - HH (a, b, c, d, x[ 1], S31); /* 41 */ - HH (d, a, b, c, x[ 9], S32); /* 42 */ - HH (c, d, a, b, x[ 5], S33); /* 43 */ - HH (b, c, d, a, x[13], S34); /* 44 */ - HH (a, b, c, d, x[ 3], S31); /* 45 */ - HH (d, a, b, c, x[11], S32); /* 46 */ - HH (c, d, a, b, x[ 7], S33); /* 47 */ - HH (b, c, d, a, x[15], S34); /* 48 */ - - - /* Update our state */ - md->md4.state[0] = md->md4.state[0] + a; - md->md4.state[1] = md->md4.state[1] + b; - md->md4.state[2] = md->md4.state[2] + c; - md->md4.state[3] = md->md4.state[3] + d; - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -static int md4_compress(hash_state *md, unsigned char *buf) -{ - int err; - err = _md4_compress(md, buf); - burn_stack(sizeof(ulong32) * 20 + sizeof(int)); - return err; -} -#endif - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int md4_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - md->md4.state[0] = 0x67452301UL; - md->md4.state[1] = 0xefcdab89UL; - md->md4.state[2] = 0x98badcfeUL; - md->md4.state[3] = 0x10325476UL; - md->md4.length = 0; - md->md4.curlen = 0; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS(md4_process, md4_compress, md4, 64) - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (16 bytes) - @return CRYPT_OK if successful -*/ -int md4_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->md4.curlen >= sizeof(md->md4.buf)) { - return CRYPT_INVALID_ARG; - } - - /* increase the length of the message */ - md->md4.length += md->md4.curlen * 8; - - /* append the '1' bit */ - md->md4.buf[md->md4.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->md4.curlen > 56) { - while (md->md4.curlen < 64) { - md->md4.buf[md->md4.curlen++] = (unsigned char)0; - } - md4_compress(md, md->md4.buf); - md->md4.curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - while (md->md4.curlen < 56) { - md->md4.buf[md->md4.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64L(md->md4.length, md->md4.buf+56); - md4_compress(md, md->md4.buf); - - /* copy output */ - for (i = 0; i < 4; i++) { - STORE32L(md->md4.state[i], out+(4*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int md4_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct md4_test_case { - const char *input; - unsigned char hash[16]; - } tests[] = { - { "", - {0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, - 0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0} }, - { "a", - {0xbd, 0xe5, 0x2c, 0xb3, 0x1d, 0xe3, 0x3e, 0x46, - 0x24, 0x5e, 0x05, 0xfb, 0xdb, 0xd6, 0xfb, 0x24} }, - { "abc", - {0xa4, 0x48, 0x01, 0x7a, 0xaf, 0x21, 0xd8, 0x52, - 0x5f, 0xc1, 0x0a, 0xe8, 0x7a, 0xa6, 0x72, 0x9d} }, - { "message digest", - {0xd9, 0x13, 0x0a, 0x81, 0x64, 0x54, 0x9f, 0xe8, - 0x18, 0x87, 0x48, 0x06, 0xe1, 0xc7, 0x01, 0x4b} }, - { "abcdefghijklmnopqrstuvwxyz", - {0xd7, 0x9e, 0x1c, 0x30, 0x8a, 0xa5, 0xbb, 0xcd, - 0xee, 0xa8, 0xed, 0x63, 0xdf, 0x41, 0x2d, 0xa9} }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - {0x04, 0x3f, 0x85, 0x82, 0xf2, 0x41, 0xdb, 0x35, - 0x1c, 0xe6, 0x27, 0xe1, 0x53, 0xe7, 0xf0, 0xe4} }, - { "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - {0xe3, 0x3b, 0x4d, 0xdc, 0x9c, 0x38, 0xf2, 0x19, - 0x9c, 0x3e, 0x7b, 0x16, 0x4f, 0xcc, 0x05, 0x36} }, - }; - - int i; - unsigned char tmp[16]; - hash_state md; - - for(i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - md4_init(&md); - md4_process(&md, (unsigned char *)tests[i].input, (unsigned long)strlen(tests[i].input)); - md4_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "MD4", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - - } - return CRYPT_OK; - #endif -} - -#endif diff --git a/libs/tomcrypt/src/hashes/md5.c b/libs/tomcrypt/src/hashes/md5.c deleted file mode 100644 index 7910f7e57f8..00000000000 --- a/libs/tomcrypt/src/hashes/md5.c +++ /dev/null @@ -1,360 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - - -/** - @file md5.c - LTC_MD5 hash function by Tom St Denis -*/ - -#ifdef LTC_MD5 - -const struct ltc_hash_descriptor md5_desc = -{ - "md5", - 3, - 16, - 64, - - /* OID */ - { 1, 2, 840, 113549, 2, 5, }, - 6, - - &md5_init, - &md5_process, - &md5_done, - &md5_test, - NULL -}; - -#define F(x,y,z) (z ^ (x & (y ^ z))) -#define G(x,y,z) (y ^ (z & (y ^ x))) -#define H(x,y,z) (x^y^z) -#define I(x,y,z) (y^(x|(~z))) - -#ifdef LTC_SMALL_CODE - -#define FF(a,b,c,d,M,s,t) \ - a = (a + F(b,c,d) + M + t); a = ROL(a, s) + b; - -#define GG(a,b,c,d,M,s,t) \ - a = (a + G(b,c,d) + M + t); a = ROL(a, s) + b; - -#define HH(a,b,c,d,M,s,t) \ - a = (a + H(b,c,d) + M + t); a = ROL(a, s) + b; - -#define II(a,b,c,d,M,s,t) \ - a = (a + I(b,c,d) + M + t); a = ROL(a, s) + b; - -static const unsigned char Worder[64] = { - 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15, - 1,6,11,0,5,10,15,4,9,14,3,8,13,2,7,12, - 5,8,11,14,1,4,7,10,13,0,3,6,9,12,15,2, - 0,7,14,5,12,3,10,1,8,15,6,13,4,11,2,9 -}; - -static const unsigned char Rorder[64] = { - 7,12,17,22,7,12,17,22,7,12,17,22,7,12,17,22, - 5,9,14,20,5,9,14,20,5,9,14,20,5,9,14,20, - 4,11,16,23,4,11,16,23,4,11,16,23,4,11,16,23, - 6,10,15,21,6,10,15,21,6,10,15,21,6,10,15,21 -}; - -static const ulong32 Korder[64] = { -0xd76aa478UL, 0xe8c7b756UL, 0x242070dbUL, 0xc1bdceeeUL, 0xf57c0fafUL, 0x4787c62aUL, 0xa8304613UL, 0xfd469501UL, -0x698098d8UL, 0x8b44f7afUL, 0xffff5bb1UL, 0x895cd7beUL, 0x6b901122UL, 0xfd987193UL, 0xa679438eUL, 0x49b40821UL, -0xf61e2562UL, 0xc040b340UL, 0x265e5a51UL, 0xe9b6c7aaUL, 0xd62f105dUL, 0x02441453UL, 0xd8a1e681UL, 0xe7d3fbc8UL, -0x21e1cde6UL, 0xc33707d6UL, 0xf4d50d87UL, 0x455a14edUL, 0xa9e3e905UL, 0xfcefa3f8UL, 0x676f02d9UL, 0x8d2a4c8aUL, -0xfffa3942UL, 0x8771f681UL, 0x6d9d6122UL, 0xfde5380cUL, 0xa4beea44UL, 0x4bdecfa9UL, 0xf6bb4b60UL, 0xbebfbc70UL, -0x289b7ec6UL, 0xeaa127faUL, 0xd4ef3085UL, 0x04881d05UL, 0xd9d4d039UL, 0xe6db99e5UL, 0x1fa27cf8UL, 0xc4ac5665UL, -0xf4292244UL, 0x432aff97UL, 0xab9423a7UL, 0xfc93a039UL, 0x655b59c3UL, 0x8f0ccc92UL, 0xffeff47dUL, 0x85845dd1UL, -0x6fa87e4fUL, 0xfe2ce6e0UL, 0xa3014314UL, 0x4e0811a1UL, 0xf7537e82UL, 0xbd3af235UL, 0x2ad7d2bbUL, 0xeb86d391UL -}; - -#else - -#define FF(a,b,c,d,M,s,t) \ - a = (a + F(b,c,d) + M + t); a = ROLc(a, s) + b; - -#define GG(a,b,c,d,M,s,t) \ - a = (a + G(b,c,d) + M + t); a = ROLc(a, s) + b; - -#define HH(a,b,c,d,M,s,t) \ - a = (a + H(b,c,d) + M + t); a = ROLc(a, s) + b; - -#define II(a,b,c,d,M,s,t) \ - a = (a + I(b,c,d) + M + t); a = ROLc(a, s) + b; - - -#endif - -#ifdef LTC_CLEAN_STACK -static int _md5_compress(hash_state *md, unsigned char *buf) -#else -static int md5_compress(hash_state *md, unsigned char *buf) -#endif -{ - ulong32 i, W[16], a, b, c, d; -#ifdef LTC_SMALL_CODE - ulong32 t; -#endif - - /* copy the state into 512-bits into W[0..15] */ - for (i = 0; i < 16; i++) { - LOAD32L(W[i], buf + (4*i)); - } - - /* copy state */ - a = md->md5.state[0]; - b = md->md5.state[1]; - c = md->md5.state[2]; - d = md->md5.state[3]; - -#ifdef LTC_SMALL_CODE - for (i = 0; i < 16; ++i) { - FF(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - - for (; i < 32; ++i) { - GG(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - - for (; i < 48; ++i) { - HH(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - - for (; i < 64; ++i) { - II(a,b,c,d,W[Worder[i]],Rorder[i],Korder[i]); - t = d; d = c; c = b; b = a; a = t; - } - -#else - FF(a,b,c,d,W[0],7,0xd76aa478UL) - FF(d,a,b,c,W[1],12,0xe8c7b756UL) - FF(c,d,a,b,W[2],17,0x242070dbUL) - FF(b,c,d,a,W[3],22,0xc1bdceeeUL) - FF(a,b,c,d,W[4],7,0xf57c0fafUL) - FF(d,a,b,c,W[5],12,0x4787c62aUL) - FF(c,d,a,b,W[6],17,0xa8304613UL) - FF(b,c,d,a,W[7],22,0xfd469501UL) - FF(a,b,c,d,W[8],7,0x698098d8UL) - FF(d,a,b,c,W[9],12,0x8b44f7afUL) - FF(c,d,a,b,W[10],17,0xffff5bb1UL) - FF(b,c,d,a,W[11],22,0x895cd7beUL) - FF(a,b,c,d,W[12],7,0x6b901122UL) - FF(d,a,b,c,W[13],12,0xfd987193UL) - FF(c,d,a,b,W[14],17,0xa679438eUL) - FF(b,c,d,a,W[15],22,0x49b40821UL) - GG(a,b,c,d,W[1],5,0xf61e2562UL) - GG(d,a,b,c,W[6],9,0xc040b340UL) - GG(c,d,a,b,W[11],14,0x265e5a51UL) - GG(b,c,d,a,W[0],20,0xe9b6c7aaUL) - GG(a,b,c,d,W[5],5,0xd62f105dUL) - GG(d,a,b,c,W[10],9,0x02441453UL) - GG(c,d,a,b,W[15],14,0xd8a1e681UL) - GG(b,c,d,a,W[4],20,0xe7d3fbc8UL) - GG(a,b,c,d,W[9],5,0x21e1cde6UL) - GG(d,a,b,c,W[14],9,0xc33707d6UL) - GG(c,d,a,b,W[3],14,0xf4d50d87UL) - GG(b,c,d,a,W[8],20,0x455a14edUL) - GG(a,b,c,d,W[13],5,0xa9e3e905UL) - GG(d,a,b,c,W[2],9,0xfcefa3f8UL) - GG(c,d,a,b,W[7],14,0x676f02d9UL) - GG(b,c,d,a,W[12],20,0x8d2a4c8aUL) - HH(a,b,c,d,W[5],4,0xfffa3942UL) - HH(d,a,b,c,W[8],11,0x8771f681UL) - HH(c,d,a,b,W[11],16,0x6d9d6122UL) - HH(b,c,d,a,W[14],23,0xfde5380cUL) - HH(a,b,c,d,W[1],4,0xa4beea44UL) - HH(d,a,b,c,W[4],11,0x4bdecfa9UL) - HH(c,d,a,b,W[7],16,0xf6bb4b60UL) - HH(b,c,d,a,W[10],23,0xbebfbc70UL) - HH(a,b,c,d,W[13],4,0x289b7ec6UL) - HH(d,a,b,c,W[0],11,0xeaa127faUL) - HH(c,d,a,b,W[3],16,0xd4ef3085UL) - HH(b,c,d,a,W[6],23,0x04881d05UL) - HH(a,b,c,d,W[9],4,0xd9d4d039UL) - HH(d,a,b,c,W[12],11,0xe6db99e5UL) - HH(c,d,a,b,W[15],16,0x1fa27cf8UL) - HH(b,c,d,a,W[2],23,0xc4ac5665UL) - II(a,b,c,d,W[0],6,0xf4292244UL) - II(d,a,b,c,W[7],10,0x432aff97UL) - II(c,d,a,b,W[14],15,0xab9423a7UL) - II(b,c,d,a,W[5],21,0xfc93a039UL) - II(a,b,c,d,W[12],6,0x655b59c3UL) - II(d,a,b,c,W[3],10,0x8f0ccc92UL) - II(c,d,a,b,W[10],15,0xffeff47dUL) - II(b,c,d,a,W[1],21,0x85845dd1UL) - II(a,b,c,d,W[8],6,0x6fa87e4fUL) - II(d,a,b,c,W[15],10,0xfe2ce6e0UL) - II(c,d,a,b,W[6],15,0xa3014314UL) - II(b,c,d,a,W[13],21,0x4e0811a1UL) - II(a,b,c,d,W[4],6,0xf7537e82UL) - II(d,a,b,c,W[11],10,0xbd3af235UL) - II(c,d,a,b,W[2],15,0x2ad7d2bbUL) - II(b,c,d,a,W[9],21,0xeb86d391UL) -#endif - - md->md5.state[0] = md->md5.state[0] + a; - md->md5.state[1] = md->md5.state[1] + b; - md->md5.state[2] = md->md5.state[2] + c; - md->md5.state[3] = md->md5.state[3] + d; - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -static int md5_compress(hash_state *md, unsigned char *buf) -{ - int err; - err = _md5_compress(md, buf); - burn_stack(sizeof(ulong32) * 21); - return err; -} -#endif - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int md5_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - md->md5.state[0] = 0x67452301UL; - md->md5.state[1] = 0xefcdab89UL; - md->md5.state[2] = 0x98badcfeUL; - md->md5.state[3] = 0x10325476UL; - md->md5.curlen = 0; - md->md5.length = 0; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS(md5_process, md5_compress, md5, 64) - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (16 bytes) - @return CRYPT_OK if successful -*/ -int md5_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->md5.curlen >= sizeof(md->md5.buf)) { - return CRYPT_INVALID_ARG; - } - - - /* increase the length of the message */ - md->md5.length += md->md5.curlen * 8; - - /* append the '1' bit */ - md->md5.buf[md->md5.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->md5.curlen > 56) { - while (md->md5.curlen < 64) { - md->md5.buf[md->md5.curlen++] = (unsigned char)0; - } - md5_compress(md, md->md5.buf); - md->md5.curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - while (md->md5.curlen < 56) { - md->md5.buf[md->md5.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64L(md->md5.length, md->md5.buf+56); - md5_compress(md, md->md5.buf); - - /* copy output */ - for (i = 0; i < 4; i++) { - STORE32L(md->md5.state[i], out+(4*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int md5_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[16]; - } tests[] = { - { "", - { 0xd4, 0x1d, 0x8c, 0xd9, 0x8f, 0x00, 0xb2, 0x04, - 0xe9, 0x80, 0x09, 0x98, 0xec, 0xf8, 0x42, 0x7e } }, - { "a", - {0x0c, 0xc1, 0x75, 0xb9, 0xc0, 0xf1, 0xb6, 0xa8, - 0x31, 0xc3, 0x99, 0xe2, 0x69, 0x77, 0x26, 0x61 } }, - { "abc", - { 0x90, 0x01, 0x50, 0x98, 0x3c, 0xd2, 0x4f, 0xb0, - 0xd6, 0x96, 0x3f, 0x7d, 0x28, 0xe1, 0x7f, 0x72 } }, - { "message digest", - { 0xf9, 0x6b, 0x69, 0x7d, 0x7c, 0xb7, 0x93, 0x8d, - 0x52, 0x5a, 0x2f, 0x31, 0xaa, 0xf1, 0x61, 0xd0 } }, - { "abcdefghijklmnopqrstuvwxyz", - { 0xc3, 0xfc, 0xd3, 0xd7, 0x61, 0x92, 0xe4, 0x00, - 0x7d, 0xfb, 0x49, 0x6c, 0xca, 0x67, 0xe1, 0x3b } }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - { 0xd1, 0x74, 0xab, 0x98, 0xd2, 0x77, 0xd9, 0xf5, - 0xa5, 0x61, 0x1c, 0x2c, 0x9f, 0x41, 0x9d, 0x9f } }, - { "12345678901234567890123456789012345678901234567890123456789012345678901234567890", - { 0x57, 0xed, 0xf4, 0xa2, 0x2b, 0xe3, 0xc9, 0x55, - 0xac, 0x49, 0xda, 0x2e, 0x21, 0x07, 0xb6, 0x7a } }, - { NULL, { 0 } } - }; - - int i; - unsigned char tmp[16]; - hash_state md; - - for (i = 0; tests[i].msg != NULL; i++) { - md5_init(&md); - md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - md5_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "MD5", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif diff --git a/libs/tomcrypt/src/hashes/rmd128.c b/libs/tomcrypt/src/hashes/rmd128.c deleted file mode 100644 index 3ec652dc9a7..00000000000 --- a/libs/tomcrypt/src/hashes/rmd128.c +++ /dev/null @@ -1,401 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @param rmd128.c - RMD128 Hash function -*/ - -/* Implementation of LTC_RIPEMD-128 based on the source by Antoon Bosselaers, ESAT-COSIC - * - * This source has been radically overhauled to be portable and work within - * the LibTomCrypt API by Tom St Denis - */ - -#ifdef LTC_RIPEMD128 - -const struct ltc_hash_descriptor rmd128_desc = -{ - "rmd128", - 8, - 16, - 64, - - /* OID */ - { 1, 0, 10118, 3, 0, 50 }, - 6, - - &rmd128_init, - &rmd128_process, - &rmd128_done, - &rmd128_test, - NULL -}; - -/* the four basic functions F(), G() and H() */ -#define F(x, y, z) ((x) ^ (y) ^ (z)) -#define G(x, y, z) (((x) & (y)) | (~(x) & (z))) -#define H(x, y, z) (((x) | ~(y)) ^ (z)) -#define I(x, y, z) (((x) & (z)) | ((y) & ~(z))) - -/* the eight basic operations FF() through III() */ -#define FF(a, b, c, d, x, s) \ - (a) += F((b), (c), (d)) + (x);\ - (a) = ROLc((a), (s)); - -#define GG(a, b, c, d, x, s) \ - (a) += G((b), (c), (d)) + (x) + 0x5a827999UL;\ - (a) = ROLc((a), (s)); - -#define HH(a, b, c, d, x, s) \ - (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1UL;\ - (a) = ROLc((a), (s)); - -#define II(a, b, c, d, x, s) \ - (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcUL;\ - (a) = ROLc((a), (s)); - -#define FFF(a, b, c, d, x, s) \ - (a) += F((b), (c), (d)) + (x);\ - (a) = ROLc((a), (s)); - -#define GGG(a, b, c, d, x, s) \ - (a) += G((b), (c), (d)) + (x) + 0x6d703ef3UL;\ - (a) = ROLc((a), (s)); - -#define HHH(a, b, c, d, x, s) \ - (a) += H((b), (c), (d)) + (x) + 0x5c4dd124UL;\ - (a) = ROLc((a), (s)); - -#define III(a, b, c, d, x, s) \ - (a) += I((b), (c), (d)) + (x) + 0x50a28be6UL;\ - (a) = ROLc((a), (s)); - -#ifdef LTC_CLEAN_STACK -static int _rmd128_compress(hash_state *md, unsigned char *buf) -#else -static int rmd128_compress(hash_state *md, unsigned char *buf) -#endif -{ - ulong32 aa,bb,cc,dd,aaa,bbb,ccc,ddd,X[16]; - int i; - - /* load words X */ - for (i = 0; i < 16; i++){ - LOAD32L(X[i], buf + (4 * i)); - } - - /* load state */ - aa = aaa = md->rmd128.state[0]; - bb = bbb = md->rmd128.state[1]; - cc = ccc = md->rmd128.state[2]; - dd = ddd = md->rmd128.state[3]; - - /* round 1 */ - FF(aa, bb, cc, dd, X[ 0], 11); - FF(dd, aa, bb, cc, X[ 1], 14); - FF(cc, dd, aa, bb, X[ 2], 15); - FF(bb, cc, dd, aa, X[ 3], 12); - FF(aa, bb, cc, dd, X[ 4], 5); - FF(dd, aa, bb, cc, X[ 5], 8); - FF(cc, dd, aa, bb, X[ 6], 7); - FF(bb, cc, dd, aa, X[ 7], 9); - FF(aa, bb, cc, dd, X[ 8], 11); - FF(dd, aa, bb, cc, X[ 9], 13); - FF(cc, dd, aa, bb, X[10], 14); - FF(bb, cc, dd, aa, X[11], 15); - FF(aa, bb, cc, dd, X[12], 6); - FF(dd, aa, bb, cc, X[13], 7); - FF(cc, dd, aa, bb, X[14], 9); - FF(bb, cc, dd, aa, X[15], 8); - - /* round 2 */ - GG(aa, bb, cc, dd, X[ 7], 7); - GG(dd, aa, bb, cc, X[ 4], 6); - GG(cc, dd, aa, bb, X[13], 8); - GG(bb, cc, dd, aa, X[ 1], 13); - GG(aa, bb, cc, dd, X[10], 11); - GG(dd, aa, bb, cc, X[ 6], 9); - GG(cc, dd, aa, bb, X[15], 7); - GG(bb, cc, dd, aa, X[ 3], 15); - GG(aa, bb, cc, dd, X[12], 7); - GG(dd, aa, bb, cc, X[ 0], 12); - GG(cc, dd, aa, bb, X[ 9], 15); - GG(bb, cc, dd, aa, X[ 5], 9); - GG(aa, bb, cc, dd, X[ 2], 11); - GG(dd, aa, bb, cc, X[14], 7); - GG(cc, dd, aa, bb, X[11], 13); - GG(bb, cc, dd, aa, X[ 8], 12); - - /* round 3 */ - HH(aa, bb, cc, dd, X[ 3], 11); - HH(dd, aa, bb, cc, X[10], 13); - HH(cc, dd, aa, bb, X[14], 6); - HH(bb, cc, dd, aa, X[ 4], 7); - HH(aa, bb, cc, dd, X[ 9], 14); - HH(dd, aa, bb, cc, X[15], 9); - HH(cc, dd, aa, bb, X[ 8], 13); - HH(bb, cc, dd, aa, X[ 1], 15); - HH(aa, bb, cc, dd, X[ 2], 14); - HH(dd, aa, bb, cc, X[ 7], 8); - HH(cc, dd, aa, bb, X[ 0], 13); - HH(bb, cc, dd, aa, X[ 6], 6); - HH(aa, bb, cc, dd, X[13], 5); - HH(dd, aa, bb, cc, X[11], 12); - HH(cc, dd, aa, bb, X[ 5], 7); - HH(bb, cc, dd, aa, X[12], 5); - - /* round 4 */ - II(aa, bb, cc, dd, X[ 1], 11); - II(dd, aa, bb, cc, X[ 9], 12); - II(cc, dd, aa, bb, X[11], 14); - II(bb, cc, dd, aa, X[10], 15); - II(aa, bb, cc, dd, X[ 0], 14); - II(dd, aa, bb, cc, X[ 8], 15); - II(cc, dd, aa, bb, X[12], 9); - II(bb, cc, dd, aa, X[ 4], 8); - II(aa, bb, cc, dd, X[13], 9); - II(dd, aa, bb, cc, X[ 3], 14); - II(cc, dd, aa, bb, X[ 7], 5); - II(bb, cc, dd, aa, X[15], 6); - II(aa, bb, cc, dd, X[14], 8); - II(dd, aa, bb, cc, X[ 5], 6); - II(cc, dd, aa, bb, X[ 6], 5); - II(bb, cc, dd, aa, X[ 2], 12); - - /* parallel round 1 */ - III(aaa, bbb, ccc, ddd, X[ 5], 8); - III(ddd, aaa, bbb, ccc, X[14], 9); - III(ccc, ddd, aaa, bbb, X[ 7], 9); - III(bbb, ccc, ddd, aaa, X[ 0], 11); - III(aaa, bbb, ccc, ddd, X[ 9], 13); - III(ddd, aaa, bbb, ccc, X[ 2], 15); - III(ccc, ddd, aaa, bbb, X[11], 15); - III(bbb, ccc, ddd, aaa, X[ 4], 5); - III(aaa, bbb, ccc, ddd, X[13], 7); - III(ddd, aaa, bbb, ccc, X[ 6], 7); - III(ccc, ddd, aaa, bbb, X[15], 8); - III(bbb, ccc, ddd, aaa, X[ 8], 11); - III(aaa, bbb, ccc, ddd, X[ 1], 14); - III(ddd, aaa, bbb, ccc, X[10], 14); - III(ccc, ddd, aaa, bbb, X[ 3], 12); - III(bbb, ccc, ddd, aaa, X[12], 6); - - /* parallel round 2 */ - HHH(aaa, bbb, ccc, ddd, X[ 6], 9); - HHH(ddd, aaa, bbb, ccc, X[11], 13); - HHH(ccc, ddd, aaa, bbb, X[ 3], 15); - HHH(bbb, ccc, ddd, aaa, X[ 7], 7); - HHH(aaa, bbb, ccc, ddd, X[ 0], 12); - HHH(ddd, aaa, bbb, ccc, X[13], 8); - HHH(ccc, ddd, aaa, bbb, X[ 5], 9); - HHH(bbb, ccc, ddd, aaa, X[10], 11); - HHH(aaa, bbb, ccc, ddd, X[14], 7); - HHH(ddd, aaa, bbb, ccc, X[15], 7); - HHH(ccc, ddd, aaa, bbb, X[ 8], 12); - HHH(bbb, ccc, ddd, aaa, X[12], 7); - HHH(aaa, bbb, ccc, ddd, X[ 4], 6); - HHH(ddd, aaa, bbb, ccc, X[ 9], 15); - HHH(ccc, ddd, aaa, bbb, X[ 1], 13); - HHH(bbb, ccc, ddd, aaa, X[ 2], 11); - - /* parallel round 3 */ - GGG(aaa, bbb, ccc, ddd, X[15], 9); - GGG(ddd, aaa, bbb, ccc, X[ 5], 7); - GGG(ccc, ddd, aaa, bbb, X[ 1], 15); - GGG(bbb, ccc, ddd, aaa, X[ 3], 11); - GGG(aaa, bbb, ccc, ddd, X[ 7], 8); - GGG(ddd, aaa, bbb, ccc, X[14], 6); - GGG(ccc, ddd, aaa, bbb, X[ 6], 6); - GGG(bbb, ccc, ddd, aaa, X[ 9], 14); - GGG(aaa, bbb, ccc, ddd, X[11], 12); - GGG(ddd, aaa, bbb, ccc, X[ 8], 13); - GGG(ccc, ddd, aaa, bbb, X[12], 5); - GGG(bbb, ccc, ddd, aaa, X[ 2], 14); - GGG(aaa, bbb, ccc, ddd, X[10], 13); - GGG(ddd, aaa, bbb, ccc, X[ 0], 13); - GGG(ccc, ddd, aaa, bbb, X[ 4], 7); - GGG(bbb, ccc, ddd, aaa, X[13], 5); - - /* parallel round 4 */ - FFF(aaa, bbb, ccc, ddd, X[ 8], 15); - FFF(ddd, aaa, bbb, ccc, X[ 6], 5); - FFF(ccc, ddd, aaa, bbb, X[ 4], 8); - FFF(bbb, ccc, ddd, aaa, X[ 1], 11); - FFF(aaa, bbb, ccc, ddd, X[ 3], 14); - FFF(ddd, aaa, bbb, ccc, X[11], 14); - FFF(ccc, ddd, aaa, bbb, X[15], 6); - FFF(bbb, ccc, ddd, aaa, X[ 0], 14); - FFF(aaa, bbb, ccc, ddd, X[ 5], 6); - FFF(ddd, aaa, bbb, ccc, X[12], 9); - FFF(ccc, ddd, aaa, bbb, X[ 2], 12); - FFF(bbb, ccc, ddd, aaa, X[13], 9); - FFF(aaa, bbb, ccc, ddd, X[ 9], 12); - FFF(ddd, aaa, bbb, ccc, X[ 7], 5); - FFF(ccc, ddd, aaa, bbb, X[10], 15); - FFF(bbb, ccc, ddd, aaa, X[14], 8); - - /* combine results */ - ddd += cc + md->rmd128.state[1]; /* final result for MDbuf[0] */ - md->rmd128.state[1] = md->rmd128.state[2] + dd + aaa; - md->rmd128.state[2] = md->rmd128.state[3] + aa + bbb; - md->rmd128.state[3] = md->rmd128.state[0] + bb + ccc; - md->rmd128.state[0] = ddd; - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -static int rmd128_compress(hash_state *md, unsigned char *buf) -{ - int err; - err = _rmd128_compress(md, buf); - burn_stack(sizeof(ulong32) * 24 + sizeof(int)); - return err; -} -#endif - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int rmd128_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - md->rmd128.state[0] = 0x67452301UL; - md->rmd128.state[1] = 0xefcdab89UL; - md->rmd128.state[2] = 0x98badcfeUL; - md->rmd128.state[3] = 0x10325476UL; - md->rmd128.curlen = 0; - md->rmd128.length = 0; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS(rmd128_process, rmd128_compress, rmd128, 64) - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (16 bytes) - @return CRYPT_OK if successful -*/ -int rmd128_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->rmd128.curlen >= sizeof(md->rmd128.buf)) { - return CRYPT_INVALID_ARG; - } - - - /* increase the length of the message */ - md->rmd128.length += md->rmd128.curlen * 8; - - /* append the '1' bit */ - md->rmd128.buf[md->rmd128.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->rmd128.curlen > 56) { - while (md->rmd128.curlen < 64) { - md->rmd128.buf[md->rmd128.curlen++] = (unsigned char)0; - } - rmd128_compress(md, md->rmd128.buf); - md->rmd128.curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - while (md->rmd128.curlen < 56) { - md->rmd128.buf[md->rmd128.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64L(md->rmd128.length, md->rmd128.buf+56); - rmd128_compress(md, md->rmd128.buf); - - /* copy output */ - for (i = 0; i < 4; i++) { - STORE32L(md->rmd128.state[i], out+(4*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int rmd128_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - static const struct { - const char *msg; - unsigned char hash[16]; - } tests[] = { - { "", - { 0xcd, 0xf2, 0x62, 0x13, 0xa1, 0x50, 0xdc, 0x3e, - 0xcb, 0x61, 0x0f, 0x18, 0xf6, 0xb3, 0x8b, 0x46 } - }, - { "a", - { 0x86, 0xbe, 0x7a, 0xfa, 0x33, 0x9d, 0x0f, 0xc7, - 0xcf, 0xc7, 0x85, 0xe7, 0x2f, 0x57, 0x8d, 0x33 } - }, - { "abc", - { 0xc1, 0x4a, 0x12, 0x19, 0x9c, 0x66, 0xe4, 0xba, - 0x84, 0x63, 0x6b, 0x0f, 0x69, 0x14, 0x4c, 0x77 } - }, - { "message digest", - { 0x9e, 0x32, 0x7b, 0x3d, 0x6e, 0x52, 0x30, 0x62, - 0xaf, 0xc1, 0x13, 0x2d, 0x7d, 0xf9, 0xd1, 0xb8 } - }, - { "abcdefghijklmnopqrstuvwxyz", - { 0xfd, 0x2a, 0xa6, 0x07, 0xf7, 0x1d, 0xc8, 0xf5, - 0x10, 0x71, 0x49, 0x22, 0xb3, 0x71, 0x83, 0x4e } - }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - { 0xd1, 0xe9, 0x59, 0xeb, 0x17, 0x9c, 0x91, 0x1f, - 0xae, 0xa4, 0x62, 0x4c, 0x60, 0xc5, 0xc7, 0x02 } - } - }; - - int i; - unsigned char tmp[16]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) { - rmd128_init(&md); - rmd128_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg)); - rmd128_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD128", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -#endif -} - -#endif diff --git a/libs/tomcrypt/src/hashes/rmd160.c b/libs/tomcrypt/src/hashes/rmd160.c deleted file mode 100644 index e89ec925677..00000000000 --- a/libs/tomcrypt/src/hashes/rmd160.c +++ /dev/null @@ -1,460 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rmd160.c - RMD160 hash function -*/ - -/* Implementation of LTC_RIPEMD-160 based on the source by Antoon Bosselaers, ESAT-COSIC - * - * This source has been radically overhauled to be portable and work within - * the LibTomCrypt API by Tom St Denis - */ - -#ifdef LTC_RIPEMD160 - -const struct ltc_hash_descriptor rmd160_desc = -{ - "rmd160", - 9, - 20, - 64, - - /* OID */ - { 1, 3, 36, 3, 2, 1, }, - 6, - - &rmd160_init, - &rmd160_process, - &rmd160_done, - &rmd160_test, - NULL -}; - -/* the five basic functions F(), G() and H() */ -#define F(x, y, z) ((x) ^ (y) ^ (z)) -#define G(x, y, z) (((x) & (y)) | (~(x) & (z))) -#define H(x, y, z) (((x) | ~(y)) ^ (z)) -#define I(x, y, z) (((x) & (z)) | ((y) & ~(z))) -#define J(x, y, z) ((x) ^ ((y) | ~(z))) - -/* the ten basic operations FF() through III() */ -#define FF(a, b, c, d, e, x, s) \ - (a) += F((b), (c), (d)) + (x);\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define GG(a, b, c, d, e, x, s) \ - (a) += G((b), (c), (d)) + (x) + 0x5a827999UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define HH(a, b, c, d, e, x, s) \ - (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define II(a, b, c, d, e, x, s) \ - (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcUL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define JJ(a, b, c, d, e, x, s) \ - (a) += J((b), (c), (d)) + (x) + 0xa953fd4eUL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define FFF(a, b, c, d, e, x, s) \ - (a) += F((b), (c), (d)) + (x);\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define GGG(a, b, c, d, e, x, s) \ - (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define HHH(a, b, c, d, e, x, s) \ - (a) += H((b), (c), (d)) + (x) + 0x6d703ef3UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define III(a, b, c, d, e, x, s) \ - (a) += I((b), (c), (d)) + (x) + 0x5c4dd124UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define JJJ(a, b, c, d, e, x, s) \ - (a) += J((b), (c), (d)) + (x) + 0x50a28be6UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - - -#ifdef LTC_CLEAN_STACK -static int _rmd160_compress(hash_state *md, unsigned char *buf) -#else -static int rmd160_compress(hash_state *md, unsigned char *buf) -#endif -{ - ulong32 aa,bb,cc,dd,ee,aaa,bbb,ccc,ddd,eee,X[16]; - int i; - - /* load words X */ - for (i = 0; i < 16; i++){ - LOAD32L(X[i], buf + (4 * i)); - } - - /* load state */ - aa = aaa = md->rmd160.state[0]; - bb = bbb = md->rmd160.state[1]; - cc = ccc = md->rmd160.state[2]; - dd = ddd = md->rmd160.state[3]; - ee = eee = md->rmd160.state[4]; - - /* round 1 */ - FF(aa, bb, cc, dd, ee, X[ 0], 11); - FF(ee, aa, bb, cc, dd, X[ 1], 14); - FF(dd, ee, aa, bb, cc, X[ 2], 15); - FF(cc, dd, ee, aa, bb, X[ 3], 12); - FF(bb, cc, dd, ee, aa, X[ 4], 5); - FF(aa, bb, cc, dd, ee, X[ 5], 8); - FF(ee, aa, bb, cc, dd, X[ 6], 7); - FF(dd, ee, aa, bb, cc, X[ 7], 9); - FF(cc, dd, ee, aa, bb, X[ 8], 11); - FF(bb, cc, dd, ee, aa, X[ 9], 13); - FF(aa, bb, cc, dd, ee, X[10], 14); - FF(ee, aa, bb, cc, dd, X[11], 15); - FF(dd, ee, aa, bb, cc, X[12], 6); - FF(cc, dd, ee, aa, bb, X[13], 7); - FF(bb, cc, dd, ee, aa, X[14], 9); - FF(aa, bb, cc, dd, ee, X[15], 8); - - /* round 2 */ - GG(ee, aa, bb, cc, dd, X[ 7], 7); - GG(dd, ee, aa, bb, cc, X[ 4], 6); - GG(cc, dd, ee, aa, bb, X[13], 8); - GG(bb, cc, dd, ee, aa, X[ 1], 13); - GG(aa, bb, cc, dd, ee, X[10], 11); - GG(ee, aa, bb, cc, dd, X[ 6], 9); - GG(dd, ee, aa, bb, cc, X[15], 7); - GG(cc, dd, ee, aa, bb, X[ 3], 15); - GG(bb, cc, dd, ee, aa, X[12], 7); - GG(aa, bb, cc, dd, ee, X[ 0], 12); - GG(ee, aa, bb, cc, dd, X[ 9], 15); - GG(dd, ee, aa, bb, cc, X[ 5], 9); - GG(cc, dd, ee, aa, bb, X[ 2], 11); - GG(bb, cc, dd, ee, aa, X[14], 7); - GG(aa, bb, cc, dd, ee, X[11], 13); - GG(ee, aa, bb, cc, dd, X[ 8], 12); - - /* round 3 */ - HH(dd, ee, aa, bb, cc, X[ 3], 11); - HH(cc, dd, ee, aa, bb, X[10], 13); - HH(bb, cc, dd, ee, aa, X[14], 6); - HH(aa, bb, cc, dd, ee, X[ 4], 7); - HH(ee, aa, bb, cc, dd, X[ 9], 14); - HH(dd, ee, aa, bb, cc, X[15], 9); - HH(cc, dd, ee, aa, bb, X[ 8], 13); - HH(bb, cc, dd, ee, aa, X[ 1], 15); - HH(aa, bb, cc, dd, ee, X[ 2], 14); - HH(ee, aa, bb, cc, dd, X[ 7], 8); - HH(dd, ee, aa, bb, cc, X[ 0], 13); - HH(cc, dd, ee, aa, bb, X[ 6], 6); - HH(bb, cc, dd, ee, aa, X[13], 5); - HH(aa, bb, cc, dd, ee, X[11], 12); - HH(ee, aa, bb, cc, dd, X[ 5], 7); - HH(dd, ee, aa, bb, cc, X[12], 5); - - /* round 4 */ - II(cc, dd, ee, aa, bb, X[ 1], 11); - II(bb, cc, dd, ee, aa, X[ 9], 12); - II(aa, bb, cc, dd, ee, X[11], 14); - II(ee, aa, bb, cc, dd, X[10], 15); - II(dd, ee, aa, bb, cc, X[ 0], 14); - II(cc, dd, ee, aa, bb, X[ 8], 15); - II(bb, cc, dd, ee, aa, X[12], 9); - II(aa, bb, cc, dd, ee, X[ 4], 8); - II(ee, aa, bb, cc, dd, X[13], 9); - II(dd, ee, aa, bb, cc, X[ 3], 14); - II(cc, dd, ee, aa, bb, X[ 7], 5); - II(bb, cc, dd, ee, aa, X[15], 6); - II(aa, bb, cc, dd, ee, X[14], 8); - II(ee, aa, bb, cc, dd, X[ 5], 6); - II(dd, ee, aa, bb, cc, X[ 6], 5); - II(cc, dd, ee, aa, bb, X[ 2], 12); - - /* round 5 */ - JJ(bb, cc, dd, ee, aa, X[ 4], 9); - JJ(aa, bb, cc, dd, ee, X[ 0], 15); - JJ(ee, aa, bb, cc, dd, X[ 5], 5); - JJ(dd, ee, aa, bb, cc, X[ 9], 11); - JJ(cc, dd, ee, aa, bb, X[ 7], 6); - JJ(bb, cc, dd, ee, aa, X[12], 8); - JJ(aa, bb, cc, dd, ee, X[ 2], 13); - JJ(ee, aa, bb, cc, dd, X[10], 12); - JJ(dd, ee, aa, bb, cc, X[14], 5); - JJ(cc, dd, ee, aa, bb, X[ 1], 12); - JJ(bb, cc, dd, ee, aa, X[ 3], 13); - JJ(aa, bb, cc, dd, ee, X[ 8], 14); - JJ(ee, aa, bb, cc, dd, X[11], 11); - JJ(dd, ee, aa, bb, cc, X[ 6], 8); - JJ(cc, dd, ee, aa, bb, X[15], 5); - JJ(bb, cc, dd, ee, aa, X[13], 6); - - /* parallel round 1 */ - JJJ(aaa, bbb, ccc, ddd, eee, X[ 5], 8); - JJJ(eee, aaa, bbb, ccc, ddd, X[14], 9); - JJJ(ddd, eee, aaa, bbb, ccc, X[ 7], 9); - JJJ(ccc, ddd, eee, aaa, bbb, X[ 0], 11); - JJJ(bbb, ccc, ddd, eee, aaa, X[ 9], 13); - JJJ(aaa, bbb, ccc, ddd, eee, X[ 2], 15); - JJJ(eee, aaa, bbb, ccc, ddd, X[11], 15); - JJJ(ddd, eee, aaa, bbb, ccc, X[ 4], 5); - JJJ(ccc, ddd, eee, aaa, bbb, X[13], 7); - JJJ(bbb, ccc, ddd, eee, aaa, X[ 6], 7); - JJJ(aaa, bbb, ccc, ddd, eee, X[15], 8); - JJJ(eee, aaa, bbb, ccc, ddd, X[ 8], 11); - JJJ(ddd, eee, aaa, bbb, ccc, X[ 1], 14); - JJJ(ccc, ddd, eee, aaa, bbb, X[10], 14); - JJJ(bbb, ccc, ddd, eee, aaa, X[ 3], 12); - JJJ(aaa, bbb, ccc, ddd, eee, X[12], 6); - - /* parallel round 2 */ - III(eee, aaa, bbb, ccc, ddd, X[ 6], 9); - III(ddd, eee, aaa, bbb, ccc, X[11], 13); - III(ccc, ddd, eee, aaa, bbb, X[ 3], 15); - III(bbb, ccc, ddd, eee, aaa, X[ 7], 7); - III(aaa, bbb, ccc, ddd, eee, X[ 0], 12); - III(eee, aaa, bbb, ccc, ddd, X[13], 8); - III(ddd, eee, aaa, bbb, ccc, X[ 5], 9); - III(ccc, ddd, eee, aaa, bbb, X[10], 11); - III(bbb, ccc, ddd, eee, aaa, X[14], 7); - III(aaa, bbb, ccc, ddd, eee, X[15], 7); - III(eee, aaa, bbb, ccc, ddd, X[ 8], 12); - III(ddd, eee, aaa, bbb, ccc, X[12], 7); - III(ccc, ddd, eee, aaa, bbb, X[ 4], 6); - III(bbb, ccc, ddd, eee, aaa, X[ 9], 15); - III(aaa, bbb, ccc, ddd, eee, X[ 1], 13); - III(eee, aaa, bbb, ccc, ddd, X[ 2], 11); - - /* parallel round 3 */ - HHH(ddd, eee, aaa, bbb, ccc, X[15], 9); - HHH(ccc, ddd, eee, aaa, bbb, X[ 5], 7); - HHH(bbb, ccc, ddd, eee, aaa, X[ 1], 15); - HHH(aaa, bbb, ccc, ddd, eee, X[ 3], 11); - HHH(eee, aaa, bbb, ccc, ddd, X[ 7], 8); - HHH(ddd, eee, aaa, bbb, ccc, X[14], 6); - HHH(ccc, ddd, eee, aaa, bbb, X[ 6], 6); - HHH(bbb, ccc, ddd, eee, aaa, X[ 9], 14); - HHH(aaa, bbb, ccc, ddd, eee, X[11], 12); - HHH(eee, aaa, bbb, ccc, ddd, X[ 8], 13); - HHH(ddd, eee, aaa, bbb, ccc, X[12], 5); - HHH(ccc, ddd, eee, aaa, bbb, X[ 2], 14); - HHH(bbb, ccc, ddd, eee, aaa, X[10], 13); - HHH(aaa, bbb, ccc, ddd, eee, X[ 0], 13); - HHH(eee, aaa, bbb, ccc, ddd, X[ 4], 7); - HHH(ddd, eee, aaa, bbb, ccc, X[13], 5); - - /* parallel round 4 */ - GGG(ccc, ddd, eee, aaa, bbb, X[ 8], 15); - GGG(bbb, ccc, ddd, eee, aaa, X[ 6], 5); - GGG(aaa, bbb, ccc, ddd, eee, X[ 4], 8); - GGG(eee, aaa, bbb, ccc, ddd, X[ 1], 11); - GGG(ddd, eee, aaa, bbb, ccc, X[ 3], 14); - GGG(ccc, ddd, eee, aaa, bbb, X[11], 14); - GGG(bbb, ccc, ddd, eee, aaa, X[15], 6); - GGG(aaa, bbb, ccc, ddd, eee, X[ 0], 14); - GGG(eee, aaa, bbb, ccc, ddd, X[ 5], 6); - GGG(ddd, eee, aaa, bbb, ccc, X[12], 9); - GGG(ccc, ddd, eee, aaa, bbb, X[ 2], 12); - GGG(bbb, ccc, ddd, eee, aaa, X[13], 9); - GGG(aaa, bbb, ccc, ddd, eee, X[ 9], 12); - GGG(eee, aaa, bbb, ccc, ddd, X[ 7], 5); - GGG(ddd, eee, aaa, bbb, ccc, X[10], 15); - GGG(ccc, ddd, eee, aaa, bbb, X[14], 8); - - /* parallel round 5 */ - FFF(bbb, ccc, ddd, eee, aaa, X[12] , 8); - FFF(aaa, bbb, ccc, ddd, eee, X[15] , 5); - FFF(eee, aaa, bbb, ccc, ddd, X[10] , 12); - FFF(ddd, eee, aaa, bbb, ccc, X[ 4] , 9); - FFF(ccc, ddd, eee, aaa, bbb, X[ 1] , 12); - FFF(bbb, ccc, ddd, eee, aaa, X[ 5] , 5); - FFF(aaa, bbb, ccc, ddd, eee, X[ 8] , 14); - FFF(eee, aaa, bbb, ccc, ddd, X[ 7] , 6); - FFF(ddd, eee, aaa, bbb, ccc, X[ 6] , 8); - FFF(ccc, ddd, eee, aaa, bbb, X[ 2] , 13); - FFF(bbb, ccc, ddd, eee, aaa, X[13] , 6); - FFF(aaa, bbb, ccc, ddd, eee, X[14] , 5); - FFF(eee, aaa, bbb, ccc, ddd, X[ 0] , 15); - FFF(ddd, eee, aaa, bbb, ccc, X[ 3] , 13); - FFF(ccc, ddd, eee, aaa, bbb, X[ 9] , 11); - FFF(bbb, ccc, ddd, eee, aaa, X[11] , 11); - - /* combine results */ - ddd += cc + md->rmd160.state[1]; /* final result for md->rmd160.state[0] */ - md->rmd160.state[1] = md->rmd160.state[2] + dd + eee; - md->rmd160.state[2] = md->rmd160.state[3] + ee + aaa; - md->rmd160.state[3] = md->rmd160.state[4] + aa + bbb; - md->rmd160.state[4] = md->rmd160.state[0] + bb + ccc; - md->rmd160.state[0] = ddd; - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -static int rmd160_compress(hash_state *md, unsigned char *buf) -{ - int err; - err = _rmd160_compress(md, buf); - burn_stack(sizeof(ulong32) * 26 + sizeof(int)); - return err; -} -#endif - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int rmd160_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - md->rmd160.state[0] = 0x67452301UL; - md->rmd160.state[1] = 0xefcdab89UL; - md->rmd160.state[2] = 0x98badcfeUL; - md->rmd160.state[3] = 0x10325476UL; - md->rmd160.state[4] = 0xc3d2e1f0UL; - md->rmd160.curlen = 0; - md->rmd160.length = 0; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS(rmd160_process, rmd160_compress, rmd160, 64) - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (20 bytes) - @return CRYPT_OK if successful -*/ -int rmd160_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->rmd160.curlen >= sizeof(md->rmd160.buf)) { - return CRYPT_INVALID_ARG; - } - - - /* increase the length of the message */ - md->rmd160.length += md->rmd160.curlen * 8; - - /* append the '1' bit */ - md->rmd160.buf[md->rmd160.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->rmd160.curlen > 56) { - while (md->rmd160.curlen < 64) { - md->rmd160.buf[md->rmd160.curlen++] = (unsigned char)0; - } - rmd160_compress(md, md->rmd160.buf); - md->rmd160.curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - while (md->rmd160.curlen < 56) { - md->rmd160.buf[md->rmd160.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64L(md->rmd160.length, md->rmd160.buf+56); - rmd160_compress(md, md->rmd160.buf); - - /* copy output */ - for (i = 0; i < 5; i++) { - STORE32L(md->rmd160.state[i], out+(4*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int rmd160_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - static const struct { - const char *msg; - unsigned char hash[20]; - } tests[] = { - { "", - { 0x9c, 0x11, 0x85, 0xa5, 0xc5, 0xe9, 0xfc, 0x54, 0x61, 0x28, - 0x08, 0x97, 0x7e, 0xe8, 0xf5, 0x48, 0xb2, 0x25, 0x8d, 0x31 } - }, - { "a", - { 0x0b, 0xdc, 0x9d, 0x2d, 0x25, 0x6b, 0x3e, 0xe9, 0xda, 0xae, - 0x34, 0x7b, 0xe6, 0xf4, 0xdc, 0x83, 0x5a, 0x46, 0x7f, 0xfe } - }, - { "abc", - { 0x8e, 0xb2, 0x08, 0xf7, 0xe0, 0x5d, 0x98, 0x7a, 0x9b, 0x04, - 0x4a, 0x8e, 0x98, 0xc6, 0xb0, 0x87, 0xf1, 0x5a, 0x0b, 0xfc } - }, - { "message digest", - { 0x5d, 0x06, 0x89, 0xef, 0x49, 0xd2, 0xfa, 0xe5, 0x72, 0xb8, - 0x81, 0xb1, 0x23, 0xa8, 0x5f, 0xfa, 0x21, 0x59, 0x5f, 0x36 } - }, - { "abcdefghijklmnopqrstuvwxyz", - { 0xf7, 0x1c, 0x27, 0x10, 0x9c, 0x69, 0x2c, 0x1b, 0x56, 0xbb, - 0xdc, 0xeb, 0x5b, 0x9d, 0x28, 0x65, 0xb3, 0x70, 0x8d, 0xbc } - }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - { 0x12, 0xa0, 0x53, 0x38, 0x4a, 0x9c, 0x0c, 0x88, 0xe4, 0x05, - 0xa0, 0x6c, 0x27, 0xdc, 0xf4, 0x9a, 0xda, 0x62, 0xeb, 0x2b } - } - }; - - int i; - unsigned char tmp[20]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) { - rmd160_init(&md); - rmd160_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg)); - rmd160_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD160", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -#endif -} - -#endif diff --git a/libs/tomcrypt/src/hashes/rmd256.c b/libs/tomcrypt/src/hashes/rmd256.c deleted file mode 100644 index 39f142ffabe..00000000000 --- a/libs/tomcrypt/src/hashes/rmd256.c +++ /dev/null @@ -1,426 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @param rmd256.c - RLTC_MD256 Hash function -*/ - -#ifdef LTC_RIPEMD256 - -const struct ltc_hash_descriptor rmd256_desc = -{ - "rmd256", - 13, - 32, - 64, - - /* OID */ - { 1, 3, 36, 3, 2, 3 }, - 6, - - &rmd256_init, - &rmd256_process, - &rmd256_done, - &rmd256_test, - NULL -}; - -/* the four basic functions F(), G() and H() */ -#define F(x, y, z) ((x) ^ (y) ^ (z)) -#define G(x, y, z) (((x) & (y)) | (~(x) & (z))) -#define H(x, y, z) (((x) | ~(y)) ^ (z)) -#define I(x, y, z) (((x) & (z)) | ((y) & ~(z))) - -/* the eight basic operations FF() through III() */ -#define FF(a, b, c, d, x, s) \ - (a) += F((b), (c), (d)) + (x);\ - (a) = ROLc((a), (s)); - -#define GG(a, b, c, d, x, s) \ - (a) += G((b), (c), (d)) + (x) + 0x5a827999UL;\ - (a) = ROLc((a), (s)); - -#define HH(a, b, c, d, x, s) \ - (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1UL;\ - (a) = ROLc((a), (s)); - -#define II(a, b, c, d, x, s) \ - (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcUL;\ - (a) = ROLc((a), (s)); - -#define FFF(a, b, c, d, x, s) \ - (a) += F((b), (c), (d)) + (x);\ - (a) = ROLc((a), (s)); - -#define GGG(a, b, c, d, x, s) \ - (a) += G((b), (c), (d)) + (x) + 0x6d703ef3UL;\ - (a) = ROLc((a), (s)); - -#define HHH(a, b, c, d, x, s) \ - (a) += H((b), (c), (d)) + (x) + 0x5c4dd124UL;\ - (a) = ROLc((a), (s)); - -#define III(a, b, c, d, x, s) \ - (a) += I((b), (c), (d)) + (x) + 0x50a28be6UL;\ - (a) = ROLc((a), (s)); - -#ifdef LTC_CLEAN_STACK -static int _rmd256_compress(hash_state *md, unsigned char *buf) -#else -static int rmd256_compress(hash_state *md, unsigned char *buf) -#endif -{ - ulong32 aa,bb,cc,dd,aaa,bbb,ccc,ddd,tmp,X[16]; - int i; - - /* load words X */ - for (i = 0; i < 16; i++){ - LOAD32L(X[i], buf + (4 * i)); - } - - /* load state */ - aa = md->rmd256.state[0]; - bb = md->rmd256.state[1]; - cc = md->rmd256.state[2]; - dd = md->rmd256.state[3]; - aaa = md->rmd256.state[4]; - bbb = md->rmd256.state[5]; - ccc = md->rmd256.state[6]; - ddd = md->rmd256.state[7]; - - /* round 1 */ - FF(aa, bb, cc, dd, X[ 0], 11); - FF(dd, aa, bb, cc, X[ 1], 14); - FF(cc, dd, aa, bb, X[ 2], 15); - FF(bb, cc, dd, aa, X[ 3], 12); - FF(aa, bb, cc, dd, X[ 4], 5); - FF(dd, aa, bb, cc, X[ 5], 8); - FF(cc, dd, aa, bb, X[ 6], 7); - FF(bb, cc, dd, aa, X[ 7], 9); - FF(aa, bb, cc, dd, X[ 8], 11); - FF(dd, aa, bb, cc, X[ 9], 13); - FF(cc, dd, aa, bb, X[10], 14); - FF(bb, cc, dd, aa, X[11], 15); - FF(aa, bb, cc, dd, X[12], 6); - FF(dd, aa, bb, cc, X[13], 7); - FF(cc, dd, aa, bb, X[14], 9); - FF(bb, cc, dd, aa, X[15], 8); - - /* parallel round 1 */ - III(aaa, bbb, ccc, ddd, X[ 5], 8); - III(ddd, aaa, bbb, ccc, X[14], 9); - III(ccc, ddd, aaa, bbb, X[ 7], 9); - III(bbb, ccc, ddd, aaa, X[ 0], 11); - III(aaa, bbb, ccc, ddd, X[ 9], 13); - III(ddd, aaa, bbb, ccc, X[ 2], 15); - III(ccc, ddd, aaa, bbb, X[11], 15); - III(bbb, ccc, ddd, aaa, X[ 4], 5); - III(aaa, bbb, ccc, ddd, X[13], 7); - III(ddd, aaa, bbb, ccc, X[ 6], 7); - III(ccc, ddd, aaa, bbb, X[15], 8); - III(bbb, ccc, ddd, aaa, X[ 8], 11); - III(aaa, bbb, ccc, ddd, X[ 1], 14); - III(ddd, aaa, bbb, ccc, X[10], 14); - III(ccc, ddd, aaa, bbb, X[ 3], 12); - III(bbb, ccc, ddd, aaa, X[12], 6); - - tmp = aa; aa = aaa; aaa = tmp; - - /* round 2 */ - GG(aa, bb, cc, dd, X[ 7], 7); - GG(dd, aa, bb, cc, X[ 4], 6); - GG(cc, dd, aa, bb, X[13], 8); - GG(bb, cc, dd, aa, X[ 1], 13); - GG(aa, bb, cc, dd, X[10], 11); - GG(dd, aa, bb, cc, X[ 6], 9); - GG(cc, dd, aa, bb, X[15], 7); - GG(bb, cc, dd, aa, X[ 3], 15); - GG(aa, bb, cc, dd, X[12], 7); - GG(dd, aa, bb, cc, X[ 0], 12); - GG(cc, dd, aa, bb, X[ 9], 15); - GG(bb, cc, dd, aa, X[ 5], 9); - GG(aa, bb, cc, dd, X[ 2], 11); - GG(dd, aa, bb, cc, X[14], 7); - GG(cc, dd, aa, bb, X[11], 13); - GG(bb, cc, dd, aa, X[ 8], 12); - - /* parallel round 2 */ - HHH(aaa, bbb, ccc, ddd, X[ 6], 9); - HHH(ddd, aaa, bbb, ccc, X[11], 13); - HHH(ccc, ddd, aaa, bbb, X[ 3], 15); - HHH(bbb, ccc, ddd, aaa, X[ 7], 7); - HHH(aaa, bbb, ccc, ddd, X[ 0], 12); - HHH(ddd, aaa, bbb, ccc, X[13], 8); - HHH(ccc, ddd, aaa, bbb, X[ 5], 9); - HHH(bbb, ccc, ddd, aaa, X[10], 11); - HHH(aaa, bbb, ccc, ddd, X[14], 7); - HHH(ddd, aaa, bbb, ccc, X[15], 7); - HHH(ccc, ddd, aaa, bbb, X[ 8], 12); - HHH(bbb, ccc, ddd, aaa, X[12], 7); - HHH(aaa, bbb, ccc, ddd, X[ 4], 6); - HHH(ddd, aaa, bbb, ccc, X[ 9], 15); - HHH(ccc, ddd, aaa, bbb, X[ 1], 13); - HHH(bbb, ccc, ddd, aaa, X[ 2], 11); - - tmp = bb; bb = bbb; bbb = tmp; - - /* round 3 */ - HH(aa, bb, cc, dd, X[ 3], 11); - HH(dd, aa, bb, cc, X[10], 13); - HH(cc, dd, aa, bb, X[14], 6); - HH(bb, cc, dd, aa, X[ 4], 7); - HH(aa, bb, cc, dd, X[ 9], 14); - HH(dd, aa, bb, cc, X[15], 9); - HH(cc, dd, aa, bb, X[ 8], 13); - HH(bb, cc, dd, aa, X[ 1], 15); - HH(aa, bb, cc, dd, X[ 2], 14); - HH(dd, aa, bb, cc, X[ 7], 8); - HH(cc, dd, aa, bb, X[ 0], 13); - HH(bb, cc, dd, aa, X[ 6], 6); - HH(aa, bb, cc, dd, X[13], 5); - HH(dd, aa, bb, cc, X[11], 12); - HH(cc, dd, aa, bb, X[ 5], 7); - HH(bb, cc, dd, aa, X[12], 5); - - /* parallel round 3 */ - GGG(aaa, bbb, ccc, ddd, X[15], 9); - GGG(ddd, aaa, bbb, ccc, X[ 5], 7); - GGG(ccc, ddd, aaa, bbb, X[ 1], 15); - GGG(bbb, ccc, ddd, aaa, X[ 3], 11); - GGG(aaa, bbb, ccc, ddd, X[ 7], 8); - GGG(ddd, aaa, bbb, ccc, X[14], 6); - GGG(ccc, ddd, aaa, bbb, X[ 6], 6); - GGG(bbb, ccc, ddd, aaa, X[ 9], 14); - GGG(aaa, bbb, ccc, ddd, X[11], 12); - GGG(ddd, aaa, bbb, ccc, X[ 8], 13); - GGG(ccc, ddd, aaa, bbb, X[12], 5); - GGG(bbb, ccc, ddd, aaa, X[ 2], 14); - GGG(aaa, bbb, ccc, ddd, X[10], 13); - GGG(ddd, aaa, bbb, ccc, X[ 0], 13); - GGG(ccc, ddd, aaa, bbb, X[ 4], 7); - GGG(bbb, ccc, ddd, aaa, X[13], 5); - - tmp = cc; cc = ccc; ccc = tmp; - - /* round 4 */ - II(aa, bb, cc, dd, X[ 1], 11); - II(dd, aa, bb, cc, X[ 9], 12); - II(cc, dd, aa, bb, X[11], 14); - II(bb, cc, dd, aa, X[10], 15); - II(aa, bb, cc, dd, X[ 0], 14); - II(dd, aa, bb, cc, X[ 8], 15); - II(cc, dd, aa, bb, X[12], 9); - II(bb, cc, dd, aa, X[ 4], 8); - II(aa, bb, cc, dd, X[13], 9); - II(dd, aa, bb, cc, X[ 3], 14); - II(cc, dd, aa, bb, X[ 7], 5); - II(bb, cc, dd, aa, X[15], 6); - II(aa, bb, cc, dd, X[14], 8); - II(dd, aa, bb, cc, X[ 5], 6); - II(cc, dd, aa, bb, X[ 6], 5); - II(bb, cc, dd, aa, X[ 2], 12); - - /* parallel round 4 */ - FFF(aaa, bbb, ccc, ddd, X[ 8], 15); - FFF(ddd, aaa, bbb, ccc, X[ 6], 5); - FFF(ccc, ddd, aaa, bbb, X[ 4], 8); - FFF(bbb, ccc, ddd, aaa, X[ 1], 11); - FFF(aaa, bbb, ccc, ddd, X[ 3], 14); - FFF(ddd, aaa, bbb, ccc, X[11], 14); - FFF(ccc, ddd, aaa, bbb, X[15], 6); - FFF(bbb, ccc, ddd, aaa, X[ 0], 14); - FFF(aaa, bbb, ccc, ddd, X[ 5], 6); - FFF(ddd, aaa, bbb, ccc, X[12], 9); - FFF(ccc, ddd, aaa, bbb, X[ 2], 12); - FFF(bbb, ccc, ddd, aaa, X[13], 9); - FFF(aaa, bbb, ccc, ddd, X[ 9], 12); - FFF(ddd, aaa, bbb, ccc, X[ 7], 5); - FFF(ccc, ddd, aaa, bbb, X[10], 15); - FFF(bbb, ccc, ddd, aaa, X[14], 8); - - tmp = dd; dd = ddd; ddd = tmp; - - /* combine results */ - md->rmd256.state[0] += aa; - md->rmd256.state[1] += bb; - md->rmd256.state[2] += cc; - md->rmd256.state[3] += dd; - md->rmd256.state[4] += aaa; - md->rmd256.state[5] += bbb; - md->rmd256.state[6] += ccc; - md->rmd256.state[7] += ddd; - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -static int rmd256_compress(hash_state *md, unsigned char *buf) -{ - int err; - err = _rmd256_compress(md, buf); - burn_stack(sizeof(ulong32) * 25 + sizeof(int)); - return err; -} -#endif - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int rmd256_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - md->rmd256.state[0] = 0x67452301UL; - md->rmd256.state[1] = 0xefcdab89UL; - md->rmd256.state[2] = 0x98badcfeUL; - md->rmd256.state[3] = 0x10325476UL; - md->rmd256.state[4] = 0x76543210UL; - md->rmd256.state[5] = 0xfedcba98UL; - md->rmd256.state[6] = 0x89abcdefUL; - md->rmd256.state[7] = 0x01234567UL; - md->rmd256.curlen = 0; - md->rmd256.length = 0; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS(rmd256_process, rmd256_compress, rmd256, 64) - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (16 bytes) - @return CRYPT_OK if successful -*/ -int rmd256_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->rmd256.curlen >= sizeof(md->rmd256.buf)) { - return CRYPT_INVALID_ARG; - } - - - /* increase the length of the message */ - md->rmd256.length += md->rmd256.curlen * 8; - - /* append the '1' bit */ - md->rmd256.buf[md->rmd256.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->rmd256.curlen > 56) { - while (md->rmd256.curlen < 64) { - md->rmd256.buf[md->rmd256.curlen++] = (unsigned char)0; - } - rmd256_compress(md, md->rmd256.buf); - md->rmd256.curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - while (md->rmd256.curlen < 56) { - md->rmd256.buf[md->rmd256.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64L(md->rmd256.length, md->rmd256.buf+56); - rmd256_compress(md, md->rmd256.buf); - - /* copy output */ - for (i = 0; i < 8; i++) { - STORE32L(md->rmd256.state[i], out+(4*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int rmd256_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - static const struct { - const char *msg; - unsigned char hash[32]; - } tests[] = { - { "", - { 0x02, 0xba, 0x4c, 0x4e, 0x5f, 0x8e, 0xcd, 0x18, - 0x77, 0xfc, 0x52, 0xd6, 0x4d, 0x30, 0xe3, 0x7a, - 0x2d, 0x97, 0x74, 0xfb, 0x1e, 0x5d, 0x02, 0x63, - 0x80, 0xae, 0x01, 0x68, 0xe3, 0xc5, 0x52, 0x2d } - }, - { "a", - { 0xf9, 0x33, 0x3e, 0x45, 0xd8, 0x57, 0xf5, 0xd9, - 0x0a, 0x91, 0xba, 0xb7, 0x0a, 0x1e, 0xba, 0x0c, - 0xfb, 0x1b, 0xe4, 0xb0, 0x78, 0x3c, 0x9a, 0xcf, - 0xcd, 0x88, 0x3a, 0x91, 0x34, 0x69, 0x29, 0x25 } - }, - { "abc", - { 0xaf, 0xbd, 0x6e, 0x22, 0x8b, 0x9d, 0x8c, 0xbb, - 0xce, 0xf5, 0xca, 0x2d, 0x03, 0xe6, 0xdb, 0xa1, - 0x0a, 0xc0, 0xbc, 0x7d, 0xcb, 0xe4, 0x68, 0x0e, - 0x1e, 0x42, 0xd2, 0xe9, 0x75, 0x45, 0x9b, 0x65 } - }, - { "message digest", - { 0x87, 0xe9, 0x71, 0x75, 0x9a, 0x1c, 0xe4, 0x7a, - 0x51, 0x4d, 0x5c, 0x91, 0x4c, 0x39, 0x2c, 0x90, - 0x18, 0xc7, 0xc4, 0x6b, 0xc1, 0x44, 0x65, 0x55, - 0x4a, 0xfc, 0xdf, 0x54, 0xa5, 0x07, 0x0c, 0x0e } - }, - { "abcdefghijklmnopqrstuvwxyz", - { 0x64, 0x9d, 0x30, 0x34, 0x75, 0x1e, 0xa2, 0x16, - 0x77, 0x6b, 0xf9, 0xa1, 0x8a, 0xcc, 0x81, 0xbc, - 0x78, 0x96, 0x11, 0x8a, 0x51, 0x97, 0x96, 0x87, - 0x82, 0xdd, 0x1f, 0xd9, 0x7d, 0x8d, 0x51, 0x33 } - }, - { "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - { 0x57, 0x40, 0xa4, 0x08, 0xac, 0x16, 0xb7, 0x20, - 0xb8, 0x44, 0x24, 0xae, 0x93, 0x1c, 0xbb, 0x1f, - 0xe3, 0x63, 0xd1, 0xd0, 0xbf, 0x40, 0x17, 0xf1, - 0xa8, 0x9f, 0x7e, 0xa6, 0xde, 0x77, 0xa0, 0xb8 } - } - }; - - int i; - unsigned char tmp[32]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) { - rmd256_init(&md); - rmd256_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg)); - rmd256_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD256", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -#endif -} - -#endif diff --git a/libs/tomcrypt/src/hashes/rmd320.c b/libs/tomcrypt/src/hashes/rmd320.c deleted file mode 100644 index e28a050826a..00000000000 --- a/libs/tomcrypt/src/hashes/rmd320.c +++ /dev/null @@ -1,491 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rmd320.c - RMD320 hash function -*/ - -#ifdef LTC_RIPEMD320 - -const struct ltc_hash_descriptor rmd320_desc = -{ - "rmd320", - 14, - 40, - 64, - - /* OID ... does not exist - * http://oid-info.com/get/1.3.36.3.2 */ - { 0 }, - 0, - - &rmd320_init, - &rmd320_process, - &rmd320_done, - &rmd320_test, - NULL -}; - -/* the five basic functions F(), G() and H() */ -#define F(x, y, z) ((x) ^ (y) ^ (z)) -#define G(x, y, z) (((x) & (y)) | (~(x) & (z))) -#define H(x, y, z) (((x) | ~(y)) ^ (z)) -#define I(x, y, z) (((x) & (z)) | ((y) & ~(z))) -#define J(x, y, z) ((x) ^ ((y) | ~(z))) - -/* the ten basic operations FF() through III() */ -#define FF(a, b, c, d, e, x, s) \ - (a) += F((b), (c), (d)) + (x);\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define GG(a, b, c, d, e, x, s) \ - (a) += G((b), (c), (d)) + (x) + 0x5a827999UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define HH(a, b, c, d, e, x, s) \ - (a) += H((b), (c), (d)) + (x) + 0x6ed9eba1UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define II(a, b, c, d, e, x, s) \ - (a) += I((b), (c), (d)) + (x) + 0x8f1bbcdcUL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define JJ(a, b, c, d, e, x, s) \ - (a) += J((b), (c), (d)) + (x) + 0xa953fd4eUL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define FFF(a, b, c, d, e, x, s) \ - (a) += F((b), (c), (d)) + (x);\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define GGG(a, b, c, d, e, x, s) \ - (a) += G((b), (c), (d)) + (x) + 0x7a6d76e9UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define HHH(a, b, c, d, e, x, s) \ - (a) += H((b), (c), (d)) + (x) + 0x6d703ef3UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define III(a, b, c, d, e, x, s) \ - (a) += I((b), (c), (d)) + (x) + 0x5c4dd124UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - -#define JJJ(a, b, c, d, e, x, s) \ - (a) += J((b), (c), (d)) + (x) + 0x50a28be6UL;\ - (a) = ROLc((a), (s)) + (e);\ - (c) = ROLc((c), 10); - - -#ifdef LTC_CLEAN_STACK -static int _rmd320_compress(hash_state *md, unsigned char *buf) -#else -static int rmd320_compress(hash_state *md, unsigned char *buf) -#endif -{ - ulong32 aa,bb,cc,dd,ee,aaa,bbb,ccc,ddd,eee,tmp,X[16]; - int i; - - /* load words X */ - for (i = 0; i < 16; i++){ - LOAD32L(X[i], buf + (4 * i)); - } - - /* load state */ - aa = md->rmd320.state[0]; - bb = md->rmd320.state[1]; - cc = md->rmd320.state[2]; - dd = md->rmd320.state[3]; - ee = md->rmd320.state[4]; - aaa = md->rmd320.state[5]; - bbb = md->rmd320.state[6]; - ccc = md->rmd320.state[7]; - ddd = md->rmd320.state[8]; - eee = md->rmd320.state[9]; - - /* round 1 */ - FF(aa, bb, cc, dd, ee, X[ 0], 11); - FF(ee, aa, bb, cc, dd, X[ 1], 14); - FF(dd, ee, aa, bb, cc, X[ 2], 15); - FF(cc, dd, ee, aa, bb, X[ 3], 12); - FF(bb, cc, dd, ee, aa, X[ 4], 5); - FF(aa, bb, cc, dd, ee, X[ 5], 8); - FF(ee, aa, bb, cc, dd, X[ 6], 7); - FF(dd, ee, aa, bb, cc, X[ 7], 9); - FF(cc, dd, ee, aa, bb, X[ 8], 11); - FF(bb, cc, dd, ee, aa, X[ 9], 13); - FF(aa, bb, cc, dd, ee, X[10], 14); - FF(ee, aa, bb, cc, dd, X[11], 15); - FF(dd, ee, aa, bb, cc, X[12], 6); - FF(cc, dd, ee, aa, bb, X[13], 7); - FF(bb, cc, dd, ee, aa, X[14], 9); - FF(aa, bb, cc, dd, ee, X[15], 8); - - /* parallel round 1 */ - JJJ(aaa, bbb, ccc, ddd, eee, X[ 5], 8); - JJJ(eee, aaa, bbb, ccc, ddd, X[14], 9); - JJJ(ddd, eee, aaa, bbb, ccc, X[ 7], 9); - JJJ(ccc, ddd, eee, aaa, bbb, X[ 0], 11); - JJJ(bbb, ccc, ddd, eee, aaa, X[ 9], 13); - JJJ(aaa, bbb, ccc, ddd, eee, X[ 2], 15); - JJJ(eee, aaa, bbb, ccc, ddd, X[11], 15); - JJJ(ddd, eee, aaa, bbb, ccc, X[ 4], 5); - JJJ(ccc, ddd, eee, aaa, bbb, X[13], 7); - JJJ(bbb, ccc, ddd, eee, aaa, X[ 6], 7); - JJJ(aaa, bbb, ccc, ddd, eee, X[15], 8); - JJJ(eee, aaa, bbb, ccc, ddd, X[ 8], 11); - JJJ(ddd, eee, aaa, bbb, ccc, X[ 1], 14); - JJJ(ccc, ddd, eee, aaa, bbb, X[10], 14); - JJJ(bbb, ccc, ddd, eee, aaa, X[ 3], 12); - JJJ(aaa, bbb, ccc, ddd, eee, X[12], 6); - - tmp = aa; aa = aaa; aaa = tmp; - - /* round 2 */ - GG(ee, aa, bb, cc, dd, X[ 7], 7); - GG(dd, ee, aa, bb, cc, X[ 4], 6); - GG(cc, dd, ee, aa, bb, X[13], 8); - GG(bb, cc, dd, ee, aa, X[ 1], 13); - GG(aa, bb, cc, dd, ee, X[10], 11); - GG(ee, aa, bb, cc, dd, X[ 6], 9); - GG(dd, ee, aa, bb, cc, X[15], 7); - GG(cc, dd, ee, aa, bb, X[ 3], 15); - GG(bb, cc, dd, ee, aa, X[12], 7); - GG(aa, bb, cc, dd, ee, X[ 0], 12); - GG(ee, aa, bb, cc, dd, X[ 9], 15); - GG(dd, ee, aa, bb, cc, X[ 5], 9); - GG(cc, dd, ee, aa, bb, X[ 2], 11); - GG(bb, cc, dd, ee, aa, X[14], 7); - GG(aa, bb, cc, dd, ee, X[11], 13); - GG(ee, aa, bb, cc, dd, X[ 8], 12); - - /* parallel round 2 */ - III(eee, aaa, bbb, ccc, ddd, X[ 6], 9); - III(ddd, eee, aaa, bbb, ccc, X[11], 13); - III(ccc, ddd, eee, aaa, bbb, X[ 3], 15); - III(bbb, ccc, ddd, eee, aaa, X[ 7], 7); - III(aaa, bbb, ccc, ddd, eee, X[ 0], 12); - III(eee, aaa, bbb, ccc, ddd, X[13], 8); - III(ddd, eee, aaa, bbb, ccc, X[ 5], 9); - III(ccc, ddd, eee, aaa, bbb, X[10], 11); - III(bbb, ccc, ddd, eee, aaa, X[14], 7); - III(aaa, bbb, ccc, ddd, eee, X[15], 7); - III(eee, aaa, bbb, ccc, ddd, X[ 8], 12); - III(ddd, eee, aaa, bbb, ccc, X[12], 7); - III(ccc, ddd, eee, aaa, bbb, X[ 4], 6); - III(bbb, ccc, ddd, eee, aaa, X[ 9], 15); - III(aaa, bbb, ccc, ddd, eee, X[ 1], 13); - III(eee, aaa, bbb, ccc, ddd, X[ 2], 11); - - tmp = bb; bb = bbb; bbb = tmp; - - /* round 3 */ - HH(dd, ee, aa, bb, cc, X[ 3], 11); - HH(cc, dd, ee, aa, bb, X[10], 13); - HH(bb, cc, dd, ee, aa, X[14], 6); - HH(aa, bb, cc, dd, ee, X[ 4], 7); - HH(ee, aa, bb, cc, dd, X[ 9], 14); - HH(dd, ee, aa, bb, cc, X[15], 9); - HH(cc, dd, ee, aa, bb, X[ 8], 13); - HH(bb, cc, dd, ee, aa, X[ 1], 15); - HH(aa, bb, cc, dd, ee, X[ 2], 14); - HH(ee, aa, bb, cc, dd, X[ 7], 8); - HH(dd, ee, aa, bb, cc, X[ 0], 13); - HH(cc, dd, ee, aa, bb, X[ 6], 6); - HH(bb, cc, dd, ee, aa, X[13], 5); - HH(aa, bb, cc, dd, ee, X[11], 12); - HH(ee, aa, bb, cc, dd, X[ 5], 7); - HH(dd, ee, aa, bb, cc, X[12], 5); - - /* parallel round 3 */ - HHH(ddd, eee, aaa, bbb, ccc, X[15], 9); - HHH(ccc, ddd, eee, aaa, bbb, X[ 5], 7); - HHH(bbb, ccc, ddd, eee, aaa, X[ 1], 15); - HHH(aaa, bbb, ccc, ddd, eee, X[ 3], 11); - HHH(eee, aaa, bbb, ccc, ddd, X[ 7], 8); - HHH(ddd, eee, aaa, bbb, ccc, X[14], 6); - HHH(ccc, ddd, eee, aaa, bbb, X[ 6], 6); - HHH(bbb, ccc, ddd, eee, aaa, X[ 9], 14); - HHH(aaa, bbb, ccc, ddd, eee, X[11], 12); - HHH(eee, aaa, bbb, ccc, ddd, X[ 8], 13); - HHH(ddd, eee, aaa, bbb, ccc, X[12], 5); - HHH(ccc, ddd, eee, aaa, bbb, X[ 2], 14); - HHH(bbb, ccc, ddd, eee, aaa, X[10], 13); - HHH(aaa, bbb, ccc, ddd, eee, X[ 0], 13); - HHH(eee, aaa, bbb, ccc, ddd, X[ 4], 7); - HHH(ddd, eee, aaa, bbb, ccc, X[13], 5); - - tmp = cc; cc = ccc; ccc = tmp; - - /* round 4 */ - II(cc, dd, ee, aa, bb, X[ 1], 11); - II(bb, cc, dd, ee, aa, X[ 9], 12); - II(aa, bb, cc, dd, ee, X[11], 14); - II(ee, aa, bb, cc, dd, X[10], 15); - II(dd, ee, aa, bb, cc, X[ 0], 14); - II(cc, dd, ee, aa, bb, X[ 8], 15); - II(bb, cc, dd, ee, aa, X[12], 9); - II(aa, bb, cc, dd, ee, X[ 4], 8); - II(ee, aa, bb, cc, dd, X[13], 9); - II(dd, ee, aa, bb, cc, X[ 3], 14); - II(cc, dd, ee, aa, bb, X[ 7], 5); - II(bb, cc, dd, ee, aa, X[15], 6); - II(aa, bb, cc, dd, ee, X[14], 8); - II(ee, aa, bb, cc, dd, X[ 5], 6); - II(dd, ee, aa, bb, cc, X[ 6], 5); - II(cc, dd, ee, aa, bb, X[ 2], 12); - - /* parallel round 4 */ - GGG(ccc, ddd, eee, aaa, bbb, X[ 8], 15); - GGG(bbb, ccc, ddd, eee, aaa, X[ 6], 5); - GGG(aaa, bbb, ccc, ddd, eee, X[ 4], 8); - GGG(eee, aaa, bbb, ccc, ddd, X[ 1], 11); - GGG(ddd, eee, aaa, bbb, ccc, X[ 3], 14); - GGG(ccc, ddd, eee, aaa, bbb, X[11], 14); - GGG(bbb, ccc, ddd, eee, aaa, X[15], 6); - GGG(aaa, bbb, ccc, ddd, eee, X[ 0], 14); - GGG(eee, aaa, bbb, ccc, ddd, X[ 5], 6); - GGG(ddd, eee, aaa, bbb, ccc, X[12], 9); - GGG(ccc, ddd, eee, aaa, bbb, X[ 2], 12); - GGG(bbb, ccc, ddd, eee, aaa, X[13], 9); - GGG(aaa, bbb, ccc, ddd, eee, X[ 9], 12); - GGG(eee, aaa, bbb, ccc, ddd, X[ 7], 5); - GGG(ddd, eee, aaa, bbb, ccc, X[10], 15); - GGG(ccc, ddd, eee, aaa, bbb, X[14], 8); - - tmp = dd; dd = ddd; ddd = tmp; - - /* round 5 */ - JJ(bb, cc, dd, ee, aa, X[ 4], 9); - JJ(aa, bb, cc, dd, ee, X[ 0], 15); - JJ(ee, aa, bb, cc, dd, X[ 5], 5); - JJ(dd, ee, aa, bb, cc, X[ 9], 11); - JJ(cc, dd, ee, aa, bb, X[ 7], 6); - JJ(bb, cc, dd, ee, aa, X[12], 8); - JJ(aa, bb, cc, dd, ee, X[ 2], 13); - JJ(ee, aa, bb, cc, dd, X[10], 12); - JJ(dd, ee, aa, bb, cc, X[14], 5); - JJ(cc, dd, ee, aa, bb, X[ 1], 12); - JJ(bb, cc, dd, ee, aa, X[ 3], 13); - JJ(aa, bb, cc, dd, ee, X[ 8], 14); - JJ(ee, aa, bb, cc, dd, X[11], 11); - JJ(dd, ee, aa, bb, cc, X[ 6], 8); - JJ(cc, dd, ee, aa, bb, X[15], 5); - JJ(bb, cc, dd, ee, aa, X[13], 6); - - /* parallel round 5 */ - FFF(bbb, ccc, ddd, eee, aaa, X[12] , 8); - FFF(aaa, bbb, ccc, ddd, eee, X[15] , 5); - FFF(eee, aaa, bbb, ccc, ddd, X[10] , 12); - FFF(ddd, eee, aaa, bbb, ccc, X[ 4] , 9); - FFF(ccc, ddd, eee, aaa, bbb, X[ 1] , 12); - FFF(bbb, ccc, ddd, eee, aaa, X[ 5] , 5); - FFF(aaa, bbb, ccc, ddd, eee, X[ 8] , 14); - FFF(eee, aaa, bbb, ccc, ddd, X[ 7] , 6); - FFF(ddd, eee, aaa, bbb, ccc, X[ 6] , 8); - FFF(ccc, ddd, eee, aaa, bbb, X[ 2] , 13); - FFF(bbb, ccc, ddd, eee, aaa, X[13] , 6); - FFF(aaa, bbb, ccc, ddd, eee, X[14] , 5); - FFF(eee, aaa, bbb, ccc, ddd, X[ 0] , 15); - FFF(ddd, eee, aaa, bbb, ccc, X[ 3] , 13); - FFF(ccc, ddd, eee, aaa, bbb, X[ 9] , 11); - FFF(bbb, ccc, ddd, eee, aaa, X[11] , 11); - - tmp = ee; ee = eee; eee = tmp; - - /* combine results */ - md->rmd320.state[0] += aa; - md->rmd320.state[1] += bb; - md->rmd320.state[2] += cc; - md->rmd320.state[3] += dd; - md->rmd320.state[4] += ee; - md->rmd320.state[5] += aaa; - md->rmd320.state[6] += bbb; - md->rmd320.state[7] += ccc; - md->rmd320.state[8] += ddd; - md->rmd320.state[9] += eee; - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -static int rmd320_compress(hash_state *md, unsigned char *buf) -{ - int err; - err = _rmd320_compress(md, buf); - burn_stack(sizeof(ulong32) * 27 + sizeof(int)); - return err; -} -#endif - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int rmd320_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - md->rmd320.state[0] = 0x67452301UL; - md->rmd320.state[1] = 0xefcdab89UL; - md->rmd320.state[2] = 0x98badcfeUL; - md->rmd320.state[3] = 0x10325476UL; - md->rmd320.state[4] = 0xc3d2e1f0UL; - md->rmd320.state[5] = 0x76543210UL; - md->rmd320.state[6] = 0xfedcba98UL; - md->rmd320.state[7] = 0x89abcdefUL; - md->rmd320.state[8] = 0x01234567UL; - md->rmd320.state[9] = 0x3c2d1e0fUL; - md->rmd320.curlen = 0; - md->rmd320.length = 0; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS(rmd320_process, rmd320_compress, rmd320, 64) - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (20 bytes) - @return CRYPT_OK if successful -*/ -int rmd320_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->rmd320.curlen >= sizeof(md->rmd320.buf)) { - return CRYPT_INVALID_ARG; - } - - - /* increase the length of the message */ - md->rmd320.length += md->rmd320.curlen * 8; - - /* append the '1' bit */ - md->rmd320.buf[md->rmd320.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->rmd320.curlen > 56) { - while (md->rmd320.curlen < 64) { - md->rmd320.buf[md->rmd320.curlen++] = (unsigned char)0; - } - rmd320_compress(md, md->rmd320.buf); - md->rmd320.curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - while (md->rmd320.curlen < 56) { - md->rmd320.buf[md->rmd320.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64L(md->rmd320.length, md->rmd320.buf+56); - rmd320_compress(md, md->rmd320.buf); - - /* copy output */ - for (i = 0; i < 10; i++) { - STORE32L(md->rmd320.state[i], out+(4*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int rmd320_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - static const struct { - const char *msg; - unsigned char hash[40]; - } tests[] = { - { "", - { 0x22, 0xd6, 0x5d, 0x56, 0x61, 0x53, 0x6c, 0xdc, 0x75, 0xc1, - 0xfd, 0xf5, 0xc6, 0xde, 0x7b, 0x41, 0xb9, 0xf2, 0x73, 0x25, - 0xeb, 0xc6, 0x1e, 0x85, 0x57, 0x17, 0x7d, 0x70, 0x5a, 0x0e, - 0xc8, 0x80, 0x15, 0x1c, 0x3a, 0x32, 0xa0, 0x08, 0x99, 0xb8 } - }, - { "a", - { 0xce, 0x78, 0x85, 0x06, 0x38, 0xf9, 0x26, 0x58, 0xa5, 0xa5, - 0x85, 0x09, 0x75, 0x79, 0x92, 0x6d, 0xda, 0x66, 0x7a, 0x57, - 0x16, 0x56, 0x2c, 0xfc, 0xf6, 0xfb, 0xe7, 0x7f, 0x63, 0x54, - 0x2f, 0x99, 0xb0, 0x47, 0x05, 0xd6, 0x97, 0x0d, 0xff, 0x5d } - }, - { "abc", - { 0xde, 0x4c, 0x01, 0xb3, 0x05, 0x4f, 0x89, 0x30, 0xa7, 0x9d, - 0x09, 0xae, 0x73, 0x8e, 0x92, 0x30, 0x1e, 0x5a, 0x17, 0x08, - 0x5b, 0xef, 0xfd, 0xc1, 0xb8, 0xd1, 0x16, 0x71, 0x3e, 0x74, - 0xf8, 0x2f, 0xa9, 0x42, 0xd6, 0x4c, 0xdb, 0xc4, 0x68, 0x2d } - }, - { "message digest", - { 0x3a, 0x8e, 0x28, 0x50, 0x2e, 0xd4, 0x5d, 0x42, 0x2f, 0x68, - 0x84, 0x4f, 0x9d, 0xd3, 0x16, 0xe7, 0xb9, 0x85, 0x33, 0xfa, - 0x3f, 0x2a, 0x91, 0xd2, 0x9f, 0x84, 0xd4, 0x25, 0xc8, 0x8d, - 0x6b, 0x4e, 0xff, 0x72, 0x7d, 0xf6, 0x6a, 0x7c, 0x01, 0x97 } - }, - { "abcdefghijklmnopqrstuvwxyz", - { 0xca, 0xbd, 0xb1, 0x81, 0x0b, 0x92, 0x47, 0x0a, 0x20, 0x93, - 0xaa, 0x6b, 0xce, 0x05, 0x95, 0x2c, 0x28, 0x34, 0x8c, 0xf4, - 0x3f, 0xf6, 0x08, 0x41, 0x97, 0x51, 0x66, 0xbb, 0x40, 0xed, - 0x23, 0x40, 0x04, 0xb8, 0x82, 0x44, 0x63, 0xe6, 0xb0, 0x09 } - }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - { 0xd0, 0x34, 0xa7, 0x95, 0x0c, 0xf7, 0x22, 0x02, 0x1b, 0xa4, - 0xb8, 0x4d, 0xf7, 0x69, 0xa5, 0xde, 0x20, 0x60, 0xe2, 0x59, - 0xdf, 0x4c, 0x9b, 0xb4, 0xa4, 0x26, 0x8c, 0x0e, 0x93, 0x5b, - 0xbc, 0x74, 0x70, 0xa9, 0x69, 0xc9, 0xd0, 0x72, 0xa1, 0xac } - } - }; - - int i; - unsigned char tmp[40]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) { - rmd320_init(&md); - rmd320_process(&md, (unsigned char *)tests[i].msg, strlen(tests[i].msg)); - rmd320_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "RIPEMD320", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; -#endif -} - -#endif diff --git a/libs/tomcrypt/src/hashes/sha1.c b/libs/tomcrypt/src/hashes/sha1.c deleted file mode 100644 index 41a830bac0d..00000000000 --- a/libs/tomcrypt/src/hashes/sha1.c +++ /dev/null @@ -1,280 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file sha1.c - LTC_SHA1 code by Tom St Denis -*/ - - -#ifdef LTC_SHA1 - -const struct ltc_hash_descriptor sha1_desc = -{ - "sha1", - 2, - 20, - 64, - - /* OID */ - { 1, 3, 14, 3, 2, 26, }, - 6, - - &sha1_init, - &sha1_process, - &sha1_done, - &sha1_test, - NULL -}; - -#define F0(x,y,z) (z ^ (x & (y ^ z))) -#define F1(x,y,z) (x ^ y ^ z) -#define F2(x,y,z) ((x & y) | (z & (x | y))) -#define F3(x,y,z) (x ^ y ^ z) - -#ifdef LTC_CLEAN_STACK -static int _sha1_compress(hash_state *md, unsigned char *buf) -#else -static int sha1_compress(hash_state *md, unsigned char *buf) -#endif -{ - ulong32 a,b,c,d,e,W[80],i; -#ifdef LTC_SMALL_CODE - ulong32 t; -#endif - - /* copy the state into 512-bits into W[0..15] */ - for (i = 0; i < 16; i++) { - LOAD32H(W[i], buf + (4*i)); - } - - /* copy state */ - a = md->sha1.state[0]; - b = md->sha1.state[1]; - c = md->sha1.state[2]; - d = md->sha1.state[3]; - e = md->sha1.state[4]; - - /* expand it */ - for (i = 16; i < 80; i++) { - W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1); - } - - /* compress */ - /* round one */ - #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30); - #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30); - #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30); - #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30); - -#ifdef LTC_SMALL_CODE - - for (i = 0; i < 20; ) { - FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 40; ) { - FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 60; ) { - FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - - for (; i < 80; ) { - FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t; - } - -#else - - for (i = 0; i < 20; ) { - FF0(a,b,c,d,e,i++); - FF0(e,a,b,c,d,i++); - FF0(d,e,a,b,c,i++); - FF0(c,d,e,a,b,i++); - FF0(b,c,d,e,a,i++); - } - - /* round two */ - for (; i < 40; ) { - FF1(a,b,c,d,e,i++); - FF1(e,a,b,c,d,i++); - FF1(d,e,a,b,c,i++); - FF1(c,d,e,a,b,i++); - FF1(b,c,d,e,a,i++); - } - - /* round three */ - for (; i < 60; ) { - FF2(a,b,c,d,e,i++); - FF2(e,a,b,c,d,i++); - FF2(d,e,a,b,c,i++); - FF2(c,d,e,a,b,i++); - FF2(b,c,d,e,a,i++); - } - - /* round four */ - for (; i < 80; ) { - FF3(a,b,c,d,e,i++); - FF3(e,a,b,c,d,i++); - FF3(d,e,a,b,c,i++); - FF3(c,d,e,a,b,i++); - FF3(b,c,d,e,a,i++); - } -#endif - - #undef FF0 - #undef FF1 - #undef FF2 - #undef FF3 - - /* store */ - md->sha1.state[0] = md->sha1.state[0] + a; - md->sha1.state[1] = md->sha1.state[1] + b; - md->sha1.state[2] = md->sha1.state[2] + c; - md->sha1.state[3] = md->sha1.state[3] + d; - md->sha1.state[4] = md->sha1.state[4] + e; - - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -static int sha1_compress(hash_state *md, unsigned char *buf) -{ - int err; - err = _sha1_compress(md, buf); - burn_stack(sizeof(ulong32) * 87); - return err; -} -#endif - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int sha1_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - md->sha1.state[0] = 0x67452301UL; - md->sha1.state[1] = 0xefcdab89UL; - md->sha1.state[2] = 0x98badcfeUL; - md->sha1.state[3] = 0x10325476UL; - md->sha1.state[4] = 0xc3d2e1f0UL; - md->sha1.curlen = 0; - md->sha1.length = 0; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS(sha1_process, sha1_compress, sha1, 64) - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (20 bytes) - @return CRYPT_OK if successful -*/ -int sha1_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->sha1.curlen >= sizeof(md->sha1.buf)) { - return CRYPT_INVALID_ARG; - } - - /* increase the length of the message */ - md->sha1.length += md->sha1.curlen * 8; - - /* append the '1' bit */ - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->sha1.curlen > 56) { - while (md->sha1.curlen < 64) { - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; - } - sha1_compress(md, md->sha1.buf); - md->sha1.curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - while (md->sha1.curlen < 56) { - md->sha1.buf[md->sha1.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64H(md->sha1.length, md->sha1.buf+56); - sha1_compress(md, md->sha1.buf); - - /* copy output */ - for (i = 0; i < 5; i++) { - STORE32H(md->sha1.state[i], out+(4*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int sha1_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[20]; - } tests[] = { - { "abc", - { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a, - 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c, - 0x9c, 0xd0, 0xd8, 0x9d } - }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E, - 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5, - 0xE5, 0x46, 0x70, 0xF1 } - } - }; - - int i; - unsigned char tmp[20]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - sha1_init(&md); - sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - sha1_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA1", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif diff --git a/libs/tomcrypt/src/hashes/sha2/sha224.c b/libs/tomcrypt/src/hashes/sha2/sha224.c deleted file mode 100644 index 4a063a74f74..00000000000 --- a/libs/tomcrypt/src/hashes/sha2/sha224.c +++ /dev/null @@ -1,124 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -/** - @param sha224.c - LTC_SHA-224 new NIST standard based off of LTC_SHA-256 truncated to 224 bits (Tom St Denis) -*/ - -#include "tomcrypt.h" - -#if defined(LTC_SHA224) && defined(LTC_SHA256) - -const struct ltc_hash_descriptor sha224_desc = -{ - "sha224", - 10, - 28, - 64, - - /* OID */ - { 2, 16, 840, 1, 101, 3, 4, 2, 4, }, - 9, - - &sha224_init, - &sha256_process, - &sha224_done, - &sha224_test, - NULL -}; - -/* init the sha256 er... sha224 state ;-) */ -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int sha224_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - - md->sha256.curlen = 0; - md->sha256.length = 0; - md->sha256.state[0] = 0xc1059ed8UL; - md->sha256.state[1] = 0x367cd507UL; - md->sha256.state[2] = 0x3070dd17UL; - md->sha256.state[3] = 0xf70e5939UL; - md->sha256.state[4] = 0xffc00b31UL; - md->sha256.state[5] = 0x68581511UL; - md->sha256.state[6] = 0x64f98fa7UL; - md->sha256.state[7] = 0xbefa4fa4UL; - return CRYPT_OK; -} - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (28 bytes) - @return CRYPT_OK if successful -*/ -int sha224_done(hash_state * md, unsigned char *out) -{ - unsigned char buf[32]; - int err; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - err = sha256_done(md, buf); - XMEMCPY(out, buf, 28); -#ifdef LTC_CLEAN_STACK - zeromem(buf, sizeof(buf)); -#endif - return err; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int sha224_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[28]; - } tests[] = { - { "abc", - { 0x23, 0x09, 0x7d, 0x22, 0x34, 0x05, 0xd8, - 0x22, 0x86, 0x42, 0xa4, 0x77, 0xbd, 0xa2, - 0x55, 0xb3, 0x2a, 0xad, 0xbc, 0xe4, 0xbd, - 0xa0, 0xb3, 0xf7, 0xe3, 0x6c, 0x9d, 0xa7 } - }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - { 0x75, 0x38, 0x8b, 0x16, 0x51, 0x27, 0x76, - 0xcc, 0x5d, 0xba, 0x5d, 0xa1, 0xfd, 0x89, - 0x01, 0x50, 0xb0, 0xc6, 0x45, 0x5c, 0xb4, - 0xf5, 0x8b, 0x19, 0x52, 0x52, 0x25, 0x25 } - }, - }; - - int i; - unsigned char tmp[28]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - sha224_init(&md); - sha224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - sha224_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA224", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif /* defined(LTC_SHA224) && defined(LTC_SHA256) */ diff --git a/libs/tomcrypt/src/hashes/sha2/sha256.c b/libs/tomcrypt/src/hashes/sha2/sha256.c deleted file mode 100644 index 693e74b104f..00000000000 --- a/libs/tomcrypt/src/hashes/sha2/sha256.c +++ /dev/null @@ -1,328 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file sha256.c - LTC_SHA256 by Tom St Denis -*/ - -#ifdef LTC_SHA256 - -const struct ltc_hash_descriptor sha256_desc = -{ - "sha256", - 0, - 32, - 64, - - /* OID */ - { 2, 16, 840, 1, 101, 3, 4, 2, 1, }, - 9, - - &sha256_init, - &sha256_process, - &sha256_done, - &sha256_test, - NULL -}; - -#ifdef LTC_SMALL_CODE -/* the K array */ -static const ulong32 K[64] = { - 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, - 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, - 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, - 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, - 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, - 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, - 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, - 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, - 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, - 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, - 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, - 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, - 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -}; -#endif - -/* Various logical functions */ -#define Ch(x,y,z) (z ^ (x & (y ^ z))) -#define Maj(x,y,z) (((x | y) & z) | (x & y)) -#define S(x, n) RORc((x),(n)) -#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) -#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) -#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) -#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) -#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) - -/* compress 512-bits */ -#ifdef LTC_CLEAN_STACK -static int _sha256_compress(hash_state * md, unsigned char *buf) -#else -static int sha256_compress(hash_state * md, unsigned char *buf) -#endif -{ - ulong32 S[8], W[64], t0, t1; -#ifdef LTC_SMALL_CODE - ulong32 t; -#endif - int i; - - /* copy state into S */ - for (i = 0; i < 8; i++) { - S[i] = md->sha256.state[i]; - } - - /* copy the state into 512-bits into W[0..15] */ - for (i = 0; i < 16; i++) { - LOAD32H(W[i], buf + (4*i)); - } - - /* fill W[16..63] */ - for (i = 16; i < 64; i++) { - W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; - } - - /* Compress */ -#ifdef LTC_SMALL_CODE -#define RND(a,b,c,d,e,f,g,h,i) \ - t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ - t1 = Sigma0(a) + Maj(a, b, c); \ - d += t0; \ - h = t0 + t1; - - for (i = 0; i < 64; ++i) { - RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i); - t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; - S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; - } -#else -#define RND(a,b,c,d,e,f,g,h,i,ki) \ - t0 = h + Sigma1(e) + Ch(e, f, g) + ki + W[i]; \ - t1 = Sigma0(a) + Maj(a, b, c); \ - d += t0; \ - h = t0 + t1; - - RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],0,0x428a2f98); - RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],1,0x71374491); - RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],2,0xb5c0fbcf); - RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],3,0xe9b5dba5); - RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],4,0x3956c25b); - RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],5,0x59f111f1); - RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],6,0x923f82a4); - RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],7,0xab1c5ed5); - RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],8,0xd807aa98); - RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],9,0x12835b01); - RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],10,0x243185be); - RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],11,0x550c7dc3); - RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],12,0x72be5d74); - RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],13,0x80deb1fe); - RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],14,0x9bdc06a7); - RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],15,0xc19bf174); - RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],16,0xe49b69c1); - RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],17,0xefbe4786); - RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],18,0x0fc19dc6); - RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],19,0x240ca1cc); - RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],20,0x2de92c6f); - RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],21,0x4a7484aa); - RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],22,0x5cb0a9dc); - RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],23,0x76f988da); - RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],24,0x983e5152); - RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],25,0xa831c66d); - RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],26,0xb00327c8); - RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],27,0xbf597fc7); - RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],28,0xc6e00bf3); - RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],29,0xd5a79147); - RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],30,0x06ca6351); - RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],31,0x14292967); - RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],32,0x27b70a85); - RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],33,0x2e1b2138); - RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],34,0x4d2c6dfc); - RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],35,0x53380d13); - RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],36,0x650a7354); - RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],37,0x766a0abb); - RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],38,0x81c2c92e); - RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],39,0x92722c85); - RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],40,0xa2bfe8a1); - RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],41,0xa81a664b); - RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],42,0xc24b8b70); - RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],43,0xc76c51a3); - RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],44,0xd192e819); - RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],45,0xd6990624); - RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],46,0xf40e3585); - RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],47,0x106aa070); - RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],48,0x19a4c116); - RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],49,0x1e376c08); - RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],50,0x2748774c); - RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],51,0x34b0bcb5); - RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],52,0x391c0cb3); - RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],53,0x4ed8aa4a); - RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],54,0x5b9cca4f); - RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],55,0x682e6ff3); - RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],56,0x748f82ee); - RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],57,0x78a5636f); - RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],58,0x84c87814); - RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],59,0x8cc70208); - RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],60,0x90befffa); - RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],61,0xa4506ceb); - RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],62,0xbef9a3f7); - RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],63,0xc67178f2); - -#undef RND - -#endif - - /* feedback */ - for (i = 0; i < 8; i++) { - md->sha256.state[i] = md->sha256.state[i] + S[i]; - } - return CRYPT_OK; -} - -#ifdef LTC_CLEAN_STACK -static int sha256_compress(hash_state * md, unsigned char *buf) -{ - int err; - err = _sha256_compress(md, buf); - burn_stack(sizeof(ulong32) * 74); - return err; -} -#endif - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int sha256_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - - md->sha256.curlen = 0; - md->sha256.length = 0; - md->sha256.state[0] = 0x6A09E667UL; - md->sha256.state[1] = 0xBB67AE85UL; - md->sha256.state[2] = 0x3C6EF372UL; - md->sha256.state[3] = 0xA54FF53AUL; - md->sha256.state[4] = 0x510E527FUL; - md->sha256.state[5] = 0x9B05688CUL; - md->sha256.state[6] = 0x1F83D9ABUL; - md->sha256.state[7] = 0x5BE0CD19UL; - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS(sha256_process, sha256_compress, sha256, 64) - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (32 bytes) - @return CRYPT_OK if successful -*/ -int sha256_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->sha256.curlen >= sizeof(md->sha256.buf)) { - return CRYPT_INVALID_ARG; - } - - - /* increase the length of the message */ - md->sha256.length += md->sha256.curlen * 8; - - /* append the '1' bit */ - md->sha256.buf[md->sha256.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 56 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->sha256.curlen > 56) { - while (md->sha256.curlen < 64) { - md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; - } - sha256_compress(md, md->sha256.buf); - md->sha256.curlen = 0; - } - - /* pad upto 56 bytes of zeroes */ - while (md->sha256.curlen < 56) { - md->sha256.buf[md->sha256.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64H(md->sha256.length, md->sha256.buf+56); - sha256_compress(md, md->sha256.buf); - - /* copy output */ - for (i = 0; i < 8; i++) { - STORE32H(md->sha256.state[i], out+(4*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int sha256_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[32]; - } tests[] = { - { "abc", - { 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, - 0x41, 0x41, 0x40, 0xde, 0x5d, 0xae, 0x22, 0x23, - 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c, - 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad } - }, - { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", - { 0x24, 0x8d, 0x6a, 0x61, 0xd2, 0x06, 0x38, 0xb8, - 0xe5, 0xc0, 0x26, 0x93, 0x0c, 0x3e, 0x60, 0x39, - 0xa3, 0x3c, 0xe4, 0x59, 0x64, 0xff, 0x21, 0x67, - 0xf6, 0xec, 0xed, 0xd4, 0x19, 0xdb, 0x06, 0xc1 } - }, - }; - - int i; - unsigned char tmp[32]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - sha256_init(&md); - sha256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - sha256_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA256", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif diff --git a/libs/tomcrypt/src/hashes/sha2/sha384.c b/libs/tomcrypt/src/hashes/sha2/sha384.c deleted file mode 100644 index f68d875094b..00000000000 --- a/libs/tomcrypt/src/hashes/sha2/sha384.c +++ /dev/null @@ -1,130 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -/** - @param sha384.c - LTC_SHA384 hash included in sha512.c, Tom St Denis -*/ - -#include "tomcrypt.h" - -#if defined(LTC_SHA384) && defined(LTC_SHA512) - -const struct ltc_hash_descriptor sha384_desc = -{ - "sha384", - 4, - 48, - 128, - - /* OID */ - { 2, 16, 840, 1, 101, 3, 4, 2, 2, }, - 9, - - &sha384_init, - &sha512_process, - &sha384_done, - &sha384_test, - NULL -}; - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int sha384_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - - md->sha512.curlen = 0; - md->sha512.length = 0; - md->sha512.state[0] = CONST64(0xcbbb9d5dc1059ed8); - md->sha512.state[1] = CONST64(0x629a292a367cd507); - md->sha512.state[2] = CONST64(0x9159015a3070dd17); - md->sha512.state[3] = CONST64(0x152fecd8f70e5939); - md->sha512.state[4] = CONST64(0x67332667ffc00b31); - md->sha512.state[5] = CONST64(0x8eb44a8768581511); - md->sha512.state[6] = CONST64(0xdb0c2e0d64f98fa7); - md->sha512.state[7] = CONST64(0x47b5481dbefa4fa4); - return CRYPT_OK; -} - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (48 bytes) - @return CRYPT_OK if successful -*/ -int sha384_done(hash_state * md, unsigned char *out) -{ - unsigned char buf[64]; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->sha512.curlen >= sizeof(md->sha512.buf)) { - return CRYPT_INVALID_ARG; - } - - sha512_done(md, buf); - XMEMCPY(out, buf, 48); -#ifdef LTC_CLEAN_STACK - zeromem(buf, sizeof(buf)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int sha384_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[48]; - } tests[] = { - { "abc", - { 0xcb, 0x00, 0x75, 0x3f, 0x45, 0xa3, 0x5e, 0x8b, - 0xb5, 0xa0, 0x3d, 0x69, 0x9a, 0xc6, 0x50, 0x07, - 0x27, 0x2c, 0x32, 0xab, 0x0e, 0xde, 0xd1, 0x63, - 0x1a, 0x8b, 0x60, 0x5a, 0x43, 0xff, 0x5b, 0xed, - 0x80, 0x86, 0x07, 0x2b, 0xa1, 0xe7, 0xcc, 0x23, - 0x58, 0xba, 0xec, 0xa1, 0x34, 0xc8, 0x25, 0xa7 } - }, - { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", - { 0x09, 0x33, 0x0c, 0x33, 0xf7, 0x11, 0x47, 0xe8, - 0x3d, 0x19, 0x2f, 0xc7, 0x82, 0xcd, 0x1b, 0x47, - 0x53, 0x11, 0x1b, 0x17, 0x3b, 0x3b, 0x05, 0xd2, - 0x2f, 0xa0, 0x80, 0x86, 0xe3, 0xb0, 0xf7, 0x12, - 0xfc, 0xc7, 0xc7, 0x1a, 0x55, 0x7e, 0x2d, 0xb9, - 0x66, 0xc3, 0xe9, 0xfa, 0x91, 0x74, 0x60, 0x39 } - }, - }; - - int i; - unsigned char tmp[48]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - sha384_init(&md); - sha384_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - sha384_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA384", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif /* defined(LTC_SHA384) && defined(LTC_SHA512) */ diff --git a/libs/tomcrypt/src/hashes/sha2/sha512.c b/libs/tomcrypt/src/hashes/sha2/sha512.c deleted file mode 100644 index 7c5e81bc1df..00000000000 --- a/libs/tomcrypt/src/hashes/sha2/sha512.c +++ /dev/null @@ -1,306 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @param sha512.c - LTC_SHA512 by Tom St Denis -*/ - -#ifdef LTC_SHA512 - -const struct ltc_hash_descriptor sha512_desc = -{ - "sha512", - 5, - 64, - 128, - - /* OID */ - { 2, 16, 840, 1, 101, 3, 4, 2, 3, }, - 9, - - &sha512_init, - &sha512_process, - &sha512_done, - &sha512_test, - NULL -}; - -/* the K array */ -static const ulong64 K[80] = { -CONST64(0x428a2f98d728ae22), CONST64(0x7137449123ef65cd), -CONST64(0xb5c0fbcfec4d3b2f), CONST64(0xe9b5dba58189dbbc), -CONST64(0x3956c25bf348b538), CONST64(0x59f111f1b605d019), -CONST64(0x923f82a4af194f9b), CONST64(0xab1c5ed5da6d8118), -CONST64(0xd807aa98a3030242), CONST64(0x12835b0145706fbe), -CONST64(0x243185be4ee4b28c), CONST64(0x550c7dc3d5ffb4e2), -CONST64(0x72be5d74f27b896f), CONST64(0x80deb1fe3b1696b1), -CONST64(0x9bdc06a725c71235), CONST64(0xc19bf174cf692694), -CONST64(0xe49b69c19ef14ad2), CONST64(0xefbe4786384f25e3), -CONST64(0x0fc19dc68b8cd5b5), CONST64(0x240ca1cc77ac9c65), -CONST64(0x2de92c6f592b0275), CONST64(0x4a7484aa6ea6e483), -CONST64(0x5cb0a9dcbd41fbd4), CONST64(0x76f988da831153b5), -CONST64(0x983e5152ee66dfab), CONST64(0xa831c66d2db43210), -CONST64(0xb00327c898fb213f), CONST64(0xbf597fc7beef0ee4), -CONST64(0xc6e00bf33da88fc2), CONST64(0xd5a79147930aa725), -CONST64(0x06ca6351e003826f), CONST64(0x142929670a0e6e70), -CONST64(0x27b70a8546d22ffc), CONST64(0x2e1b21385c26c926), -CONST64(0x4d2c6dfc5ac42aed), CONST64(0x53380d139d95b3df), -CONST64(0x650a73548baf63de), CONST64(0x766a0abb3c77b2a8), -CONST64(0x81c2c92e47edaee6), CONST64(0x92722c851482353b), -CONST64(0xa2bfe8a14cf10364), CONST64(0xa81a664bbc423001), -CONST64(0xc24b8b70d0f89791), CONST64(0xc76c51a30654be30), -CONST64(0xd192e819d6ef5218), CONST64(0xd69906245565a910), -CONST64(0xf40e35855771202a), CONST64(0x106aa07032bbd1b8), -CONST64(0x19a4c116b8d2d0c8), CONST64(0x1e376c085141ab53), -CONST64(0x2748774cdf8eeb99), CONST64(0x34b0bcb5e19b48a8), -CONST64(0x391c0cb3c5c95a63), CONST64(0x4ed8aa4ae3418acb), -CONST64(0x5b9cca4f7763e373), CONST64(0x682e6ff3d6b2b8a3), -CONST64(0x748f82ee5defb2fc), CONST64(0x78a5636f43172f60), -CONST64(0x84c87814a1f0ab72), CONST64(0x8cc702081a6439ec), -CONST64(0x90befffa23631e28), CONST64(0xa4506cebde82bde9), -CONST64(0xbef9a3f7b2c67915), CONST64(0xc67178f2e372532b), -CONST64(0xca273eceea26619c), CONST64(0xd186b8c721c0c207), -CONST64(0xeada7dd6cde0eb1e), CONST64(0xf57d4f7fee6ed178), -CONST64(0x06f067aa72176fba), CONST64(0x0a637dc5a2c898a6), -CONST64(0x113f9804bef90dae), CONST64(0x1b710b35131c471b), -CONST64(0x28db77f523047d84), CONST64(0x32caab7b40c72493), -CONST64(0x3c9ebe0a15c9bebc), CONST64(0x431d67c49c100d4c), -CONST64(0x4cc5d4becb3e42b6), CONST64(0x597f299cfc657e2a), -CONST64(0x5fcb6fab3ad6faec), CONST64(0x6c44198c4a475817) -}; - -/* Various logical functions */ -#define Ch(x,y,z) (z ^ (x & (y ^ z))) -#define Maj(x,y,z) (((x | y) & z) | (x & y)) -#define S(x, n) ROR64c(x, n) -#define R(x, n) (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)n)) -#define Sigma0(x) (S(x, 28) ^ S(x, 34) ^ S(x, 39)) -#define Sigma1(x) (S(x, 14) ^ S(x, 18) ^ S(x, 41)) -#define Gamma0(x) (S(x, 1) ^ S(x, 8) ^ R(x, 7)) -#define Gamma1(x) (S(x, 19) ^ S(x, 61) ^ R(x, 6)) - -/* compress 1024-bits */ -#ifdef LTC_CLEAN_STACK -static int _sha512_compress(hash_state * md, unsigned char *buf) -#else -static int sha512_compress(hash_state * md, unsigned char *buf) -#endif -{ - ulong64 S[8], W[80], t0, t1; - int i; - - /* copy state into S */ - for (i = 0; i < 8; i++) { - S[i] = md->sha512.state[i]; - } - - /* copy the state into 1024-bits into W[0..15] */ - for (i = 0; i < 16; i++) { - LOAD64H(W[i], buf + (8*i)); - } - - /* fill W[16..79] */ - for (i = 16; i < 80; i++) { - W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; - } - - /* Compress */ -#ifdef LTC_SMALL_CODE - for (i = 0; i < 80; i++) { - t0 = S[7] + Sigma1(S[4]) + Ch(S[4], S[5], S[6]) + K[i] + W[i]; - t1 = Sigma0(S[0]) + Maj(S[0], S[1], S[2]); - S[7] = S[6]; - S[6] = S[5]; - S[5] = S[4]; - S[4] = S[3] + t0; - S[3] = S[2]; - S[2] = S[1]; - S[1] = S[0]; - S[0] = t0 + t1; - } -#else -#define RND(a,b,c,d,e,f,g,h,i) \ - t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ - t1 = Sigma0(a) + Maj(a, b, c); \ - d += t0; \ - h = t0 + t1; - - for (i = 0; i < 80; i += 8) { - RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i+0); - RND(S[7],S[0],S[1],S[2],S[3],S[4],S[5],S[6],i+1); - RND(S[6],S[7],S[0],S[1],S[2],S[3],S[4],S[5],i+2); - RND(S[5],S[6],S[7],S[0],S[1],S[2],S[3],S[4],i+3); - RND(S[4],S[5],S[6],S[7],S[0],S[1],S[2],S[3],i+4); - RND(S[3],S[4],S[5],S[6],S[7],S[0],S[1],S[2],i+5); - RND(S[2],S[3],S[4],S[5],S[6],S[7],S[0],S[1],i+6); - RND(S[1],S[2],S[3],S[4],S[5],S[6],S[7],S[0],i+7); - } -#endif - - - /* feedback */ - for (i = 0; i < 8; i++) { - md->sha512.state[i] = md->sha512.state[i] + S[i]; - } - - return CRYPT_OK; -} - -/* compress 1024-bits */ -#ifdef LTC_CLEAN_STACK -static int sha512_compress(hash_state * md, unsigned char *buf) -{ - int err; - err = _sha512_compress(md, buf); - burn_stack(sizeof(ulong64) * 90 + sizeof(int)); - return err; -} -#endif - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int sha512_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - md->sha512.curlen = 0; - md->sha512.length = 0; - md->sha512.state[0] = CONST64(0x6a09e667f3bcc908); - md->sha512.state[1] = CONST64(0xbb67ae8584caa73b); - md->sha512.state[2] = CONST64(0x3c6ef372fe94f82b); - md->sha512.state[3] = CONST64(0xa54ff53a5f1d36f1); - md->sha512.state[4] = CONST64(0x510e527fade682d1); - md->sha512.state[5] = CONST64(0x9b05688c2b3e6c1f); - md->sha512.state[6] = CONST64(0x1f83d9abfb41bd6b); - md->sha512.state[7] = CONST64(0x5be0cd19137e2179); - return CRYPT_OK; -} - -/** - Process a block of memory though the hash - @param md The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful -*/ -HASH_PROCESS(sha512_process, sha512_compress, sha512, 128) - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (64 bytes) - @return CRYPT_OK if successful -*/ -int sha512_done(hash_state * md, unsigned char *out) -{ - int i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->sha512.curlen >= sizeof(md->sha512.buf)) { - return CRYPT_INVALID_ARG; - } - - /* increase the length of the message */ - md->sha512.length += md->sha512.curlen * CONST64(8); - - /* append the '1' bit */ - md->sha512.buf[md->sha512.curlen++] = (unsigned char)0x80; - - /* if the length is currently above 112 bytes we append zeros - * then compress. Then we can fall back to padding zeros and length - * encoding like normal. - */ - if (md->sha512.curlen > 112) { - while (md->sha512.curlen < 128) { - md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; - } - sha512_compress(md, md->sha512.buf); - md->sha512.curlen = 0; - } - - /* pad upto 120 bytes of zeroes - * note: that from 112 to 120 is the 64 MSB of the length. We assume that you won't hash - * > 2^64 bits of data... :-) - */ - while (md->sha512.curlen < 120) { - md->sha512.buf[md->sha512.curlen++] = (unsigned char)0; - } - - /* store length */ - STORE64H(md->sha512.length, md->sha512.buf+120); - sha512_compress(md, md->sha512.buf); - - /* copy output */ - for (i = 0; i < 8; i++) { - STORE64H(md->sha512.state[i], out+(8*i)); - } -#ifdef LTC_CLEAN_STACK - zeromem(md, sizeof(hash_state)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int sha512_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[64]; - } tests[] = { - { "abc", - { 0xdd, 0xaf, 0x35, 0xa1, 0x93, 0x61, 0x7a, 0xba, - 0xcc, 0x41, 0x73, 0x49, 0xae, 0x20, 0x41, 0x31, - 0x12, 0xe6, 0xfa, 0x4e, 0x89, 0xa9, 0x7e, 0xa2, - 0x0a, 0x9e, 0xee, 0xe6, 0x4b, 0x55, 0xd3, 0x9a, - 0x21, 0x92, 0x99, 0x2a, 0x27, 0x4f, 0xc1, 0xa8, - 0x36, 0xba, 0x3c, 0x23, 0xa3, 0xfe, 0xeb, 0xbd, - 0x45, 0x4d, 0x44, 0x23, 0x64, 0x3c, 0xe8, 0x0e, - 0x2a, 0x9a, 0xc9, 0x4f, 0xa5, 0x4c, 0xa4, 0x9f } - }, - { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", - { 0x8e, 0x95, 0x9b, 0x75, 0xda, 0xe3, 0x13, 0xda, - 0x8c, 0xf4, 0xf7, 0x28, 0x14, 0xfc, 0x14, 0x3f, - 0x8f, 0x77, 0x79, 0xc6, 0xeb, 0x9f, 0x7f, 0xa1, - 0x72, 0x99, 0xae, 0xad, 0xb6, 0x88, 0x90, 0x18, - 0x50, 0x1d, 0x28, 0x9e, 0x49, 0x00, 0xf7, 0xe4, - 0x33, 0x1b, 0x99, 0xde, 0xc4, 0xb5, 0x43, 0x3a, - 0xc7, 0xd3, 0x29, 0xee, 0xb6, 0xdd, 0x26, 0x54, - 0x5e, 0x96, 0xe5, 0x5b, 0x87, 0x4b, 0xe9, 0x09 } - }, - }; - - int i; - unsigned char tmp[64]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - sha512_init(&md); - sha512_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - sha512_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif diff --git a/libs/tomcrypt/src/hashes/sha2/sha512_224.c b/libs/tomcrypt/src/hashes/sha2/sha512_224.c deleted file mode 100644 index 7fbab4bb4e1..00000000000 --- a/libs/tomcrypt/src/hashes/sha2/sha512_224.c +++ /dev/null @@ -1,126 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -/** - @param sha512_224.c - SHA512/224 hash included in sha512.c -*/ - -#include "tomcrypt.h" - -#if defined(LTC_SHA512_224) && defined(LTC_SHA512) - -const struct ltc_hash_descriptor sha512_224_desc = -{ - "sha512-224", - 15, - 28, - 128, - - /* OID */ - { 2, 16, 840, 1, 101, 3, 4, 2, 5, }, - 9, - - &sha512_224_init, - &sha512_process, - &sha512_224_done, - &sha512_224_test, - NULL -}; - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int sha512_224_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - - md->sha512.curlen = 0; - md->sha512.length = 0; - md->sha512.state[0] = CONST64(0x8C3D37C819544DA2); - md->sha512.state[1] = CONST64(0x73E1996689DCD4D6); - md->sha512.state[2] = CONST64(0x1DFAB7AE32FF9C82); - md->sha512.state[3] = CONST64(0x679DD514582F9FCF); - md->sha512.state[4] = CONST64(0x0F6D2B697BD44DA8); - md->sha512.state[5] = CONST64(0x77E36F7304C48942); - md->sha512.state[6] = CONST64(0x3F9D85A86A1D36C8); - md->sha512.state[7] = CONST64(0x1112E6AD91D692A1); - return CRYPT_OK; -} - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (48 bytes) - @return CRYPT_OK if successful -*/ -int sha512_224_done(hash_state * md, unsigned char *out) -{ - unsigned char buf[64]; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->sha512.curlen >= sizeof(md->sha512.buf)) { - return CRYPT_INVALID_ARG; - } - - sha512_done(md, buf); - XMEMCPY(out, buf, 28); -#ifdef LTC_CLEAN_STACK - zeromem(buf, sizeof(buf)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int sha512_224_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[28]; - } tests[] = { - { "abc", - { 0x46, 0x34, 0x27, 0x0F, 0x70, 0x7B, 0x6A, 0x54, - 0xDA, 0xAE, 0x75, 0x30, 0x46, 0x08, 0x42, 0xE2, - 0x0E, 0x37, 0xED, 0x26, 0x5C, 0xEE, 0xE9, 0xA4, - 0x3E, 0x89, 0x24, 0xAA } - }, - { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", - { 0x23, 0xFE, 0xC5, 0xBB, 0x94, 0xD6, 0x0B, 0x23, - 0x30, 0x81, 0x92, 0x64, 0x0B, 0x0C, 0x45, 0x33, - 0x35, 0xD6, 0x64, 0x73, 0x4F, 0xE4, 0x0E, 0x72, - 0x68, 0x67, 0x4A, 0xF9 } - }, - }; - - int i; - unsigned char tmp[28]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - sha512_224_init(&md); - sha512_224_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - sha512_224_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512-224", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif /* defined(LTC_SHA384) && defined(LTC_SHA512) */ diff --git a/libs/tomcrypt/src/hashes/sha2/sha512_256.c b/libs/tomcrypt/src/hashes/sha2/sha512_256.c deleted file mode 100644 index 988213274dc..00000000000 --- a/libs/tomcrypt/src/hashes/sha2/sha512_256.c +++ /dev/null @@ -1,126 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -/** - @param sha512_256.c - SHA512/256 hash included in sha512.c -*/ - -#include "tomcrypt.h" - -#if defined(LTC_SHA512_256) && defined(LTC_SHA512) - -const struct ltc_hash_descriptor sha512_256_desc = -{ - "sha512-256", - 16, - 32, - 128, - - /* OID */ - { 2, 16, 840, 1, 101, 3, 4, 2, 6, }, - 9, - - &sha512_256_init, - &sha512_process, - &sha512_256_done, - &sha512_256_test, - NULL -}; - -/** - Initialize the hash state - @param md The hash state you wish to initialize - @return CRYPT_OK if successful -*/ -int sha512_256_init(hash_state * md) -{ - LTC_ARGCHK(md != NULL); - - md->sha512.curlen = 0; - md->sha512.length = 0; - md->sha512.state[0] = CONST64(0x22312194FC2BF72C); - md->sha512.state[1] = CONST64(0x9F555FA3C84C64C2); - md->sha512.state[2] = CONST64(0x2393B86B6F53B151); - md->sha512.state[3] = CONST64(0x963877195940EABD); - md->sha512.state[4] = CONST64(0x96283EE2A88EFFE3); - md->sha512.state[5] = CONST64(0xBE5E1E2553863992); - md->sha512.state[6] = CONST64(0x2B0199FC2C85B8AA); - md->sha512.state[7] = CONST64(0x0EB72DDC81C52CA2); - return CRYPT_OK; -} - -/** - Terminate the hash to get the digest - @param md The hash state - @param out [out] The destination of the hash (48 bytes) - @return CRYPT_OK if successful -*/ -int sha512_256_done(hash_state * md, unsigned char *out) -{ - unsigned char buf[64]; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (md->sha512.curlen >= sizeof(md->sha512.buf)) { - return CRYPT_INVALID_ARG; - } - - sha512_done(md, buf); - XMEMCPY(out, buf, 32); -#ifdef LTC_CLEAN_STACK - zeromem(buf, sizeof(buf)); -#endif - return CRYPT_OK; -} - -/** - Self-test the hash - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled -*/ -int sha512_256_test(void) -{ - #ifndef LTC_TEST - return CRYPT_NOP; - #else - static const struct { - const char *msg; - unsigned char hash[32]; - } tests[] = { - { "abc", - { 0x53, 0x04, 0x8E, 0x26, 0x81, 0x94, 0x1E, 0xF9, - 0x9B, 0x2E, 0x29, 0xB7, 0x6B, 0x4C, 0x7D, 0xAB, - 0xE4, 0xC2, 0xD0, 0xC6, 0x34, 0xFC, 0x6D, 0x46, - 0xE0, 0xE2, 0xF1, 0x31, 0x07, 0xE7, 0xAF, 0x23 } - }, - { "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu", - { 0x39, 0x28, 0xE1, 0x84, 0xFB, 0x86, 0x90, 0xF8, - 0x40, 0xDA, 0x39, 0x88, 0x12, 0x1D, 0x31, 0xBE, - 0x65, 0xCB, 0x9D, 0x3E, 0xF8, 0x3E, 0xE6, 0x14, - 0x6F, 0xEA, 0xC8, 0x61, 0xE1, 0x9B, 0x56, 0x3A } - }, - }; - - int i; - unsigned char tmp[32]; - hash_state md; - - for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) { - sha512_256_init(&md); - sha512_256_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); - sha512_256_done(&md, tmp); - if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA512-265", i)) { - return CRYPT_FAIL_TESTVECTOR; - } - } - return CRYPT_OK; - #endif -} - -#endif /* defined(LTC_SHA384) && defined(LTC_SHA512) */ diff --git a/libs/tomcrypt/src/hashes/sha3.c b/libs/tomcrypt/src/hashes/sha3.c deleted file mode 100644 index 3b80a8e8858..00000000000 --- a/libs/tomcrypt/src/hashes/sha3.c +++ /dev/null @@ -1,302 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* based on https://github.com/brainhub/SHA3IUF (public domain) */ - -#include "tomcrypt.h" - -#ifdef LTC_SHA3 - -const struct ltc_hash_descriptor sha3_224_desc = -{ - "sha3-224", /* name of hash */ - 17, /* internal ID */ - 28, /* Size of digest in octets */ - 144, /* Input block size in octets */ - { 2,16,840,1,101,3,4,2,7 }, /* ASN.1 OID */ - 9, /* Length OID */ - &sha3_224_init, - &sha3_process, - &sha3_done, - &sha3_224_test, - NULL -}; - -const struct ltc_hash_descriptor sha3_256_desc = -{ - "sha3-256", /* name of hash */ - 18, /* internal ID */ - 32, /* Size of digest in octets */ - 136, /* Input block size in octets */ - { 2,16,840,1,101,3,4,2,8 }, /* ASN.1 OID */ - 9, /* Length OID */ - &sha3_256_init, - &sha3_process, - &sha3_done, - &sha3_256_test, - NULL -}; - -const struct ltc_hash_descriptor sha3_384_desc = -{ - "sha3-384", /* name of hash */ - 19, /* internal ID */ - 48, /* Size of digest in octets */ - 104, /* Input block size in octets */ - { 2,16,840,1,101,3,4,2,9 }, /* ASN.1 OID */ - 9, /* Length OID */ - &sha3_384_init, - &sha3_process, - &sha3_done, - &sha3_384_test, - NULL -}; - -const struct ltc_hash_descriptor sha3_512_desc = -{ - "sha3-512", /* name of hash */ - 20, /* internal ID */ - 64, /* Size of digest in octets */ - 72, /* Input block size in octets */ - { 2,16,840,1,101,3,4,2,10 }, /* ASN.1 OID */ - 9, /* Length OID */ - &sha3_512_init, - &sha3_process, - &sha3_done, - &sha3_512_test, - NULL -}; - -#define SHA3_KECCAK_SPONGE_WORDS 25 /* 1600 bits > 200 bytes > 25 x ulong64 */ -#define SHA3_KECCAK_ROUNDS 24 - -static const ulong64 keccakf_rndc[24] = { - CONST64(0x0000000000000001), CONST64(0x0000000000008082), - CONST64(0x800000000000808a), CONST64(0x8000000080008000), - CONST64(0x000000000000808b), CONST64(0x0000000080000001), - CONST64(0x8000000080008081), CONST64(0x8000000000008009), - CONST64(0x000000000000008a), CONST64(0x0000000000000088), - CONST64(0x0000000080008009), CONST64(0x000000008000000a), - CONST64(0x000000008000808b), CONST64(0x800000000000008b), - CONST64(0x8000000000008089), CONST64(0x8000000000008003), - CONST64(0x8000000000008002), CONST64(0x8000000000000080), - CONST64(0x000000000000800a), CONST64(0x800000008000000a), - CONST64(0x8000000080008081), CONST64(0x8000000000008080), - CONST64(0x0000000080000001), CONST64(0x8000000080008008) -}; - -static const unsigned keccakf_rotc[24] = { - 1, 3, 6, 10, 15, 21, 28, 36, 45, 55, 2, 14, 27, 41, 56, 8, 25, 43, 62, 18, 39, 61, 20, 44 -}; - -static const unsigned keccakf_piln[24] = { - 10, 7, 11, 17, 18, 3, 5, 16, 8, 21, 24, 4, 15, 23, 19, 13, 12, 2, 20, 14, 22, 9, 6, 1 -}; - -static void keccakf(ulong64 s[25]) -{ - int i, j, round; - ulong64 t, bc[5]; - - for(round = 0; round < SHA3_KECCAK_ROUNDS; round++) { - /* Theta */ - for(i = 0; i < 5; i++) - bc[i] = s[i] ^ s[i + 5] ^ s[i + 10] ^ s[i + 15] ^ s[i + 20]; - - for(i = 0; i < 5; i++) { - t = bc[(i + 4) % 5] ^ ROL64(bc[(i + 1) % 5], 1); - for(j = 0; j < 25; j += 5) - s[j + i] ^= t; - } - /* Rho Pi */ - t = s[1]; - for(i = 0; i < 24; i++) { - j = keccakf_piln[i]; - bc[0] = s[j]; - s[j] = ROL64(t, keccakf_rotc[i]); - t = bc[0]; - } - /* Chi */ - for(j = 0; j < 25; j += 5) { - for(i = 0; i < 5; i++) - bc[i] = s[j + i]; - for(i = 0; i < 5; i++) - s[j + i] ^= (~bc[(i + 1) % 5]) & bc[(i + 2) % 5]; - } - /* Iota */ - s[0] ^= keccakf_rndc[round]; - } -} - -/* Public Inteface */ - -int sha3_224_init(hash_state *md) -{ - LTC_ARGCHK(md != NULL); - XMEMSET(&md->sha3, 0, sizeof(md->sha3)); - md->sha3.capacity_words = 2 * 224 / (8 * sizeof(ulong64)); - return CRYPT_OK; -} - -int sha3_256_init(hash_state *md) -{ - LTC_ARGCHK(md != NULL); - XMEMSET(&md->sha3, 0, sizeof(md->sha3)); - md->sha3.capacity_words = 2 * 256 / (8 * sizeof(ulong64)); - return CRYPT_OK; -} - -int sha3_384_init(hash_state *md) -{ - LTC_ARGCHK(md != NULL); - XMEMSET(&md->sha3, 0, sizeof(md->sha3)); - md->sha3.capacity_words = 2 * 384 / (8 * sizeof(ulong64)); - return CRYPT_OK; -} - -int sha3_512_init(hash_state *md) -{ - LTC_ARGCHK(md != NULL); - XMEMSET(&md->sha3, 0, sizeof(md->sha3)); - md->sha3.capacity_words = 2 * 512 / (8 * sizeof(ulong64)); - return CRYPT_OK; -} - -int sha3_shake_init(hash_state *md, int num) -{ - LTC_ARGCHK(md != NULL); - if (num != 128 && num != 256) return CRYPT_INVALID_ARG; - XMEMSET(&md->sha3, 0, sizeof(md->sha3)); - md->sha3.capacity_words = (unsigned short)(2 * num / (8 * sizeof(ulong64))); - return CRYPT_OK; -} - -int sha3_process(hash_state *md, const unsigned char *in, unsigned long inlen) -{ - /* 0...7 -- how much is needed to have a word */ - unsigned old_tail = (8 - md->sha3.byte_index) & 7; - - unsigned long words; - unsigned tail; - unsigned long i; - - if (inlen == 0) return CRYPT_OK; /* nothing to do */ - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(in != NULL); - - if(inlen < old_tail) { /* have no complete word or haven't started the word yet */ - while (inlen--) md->sha3.saved |= (ulong64) (*(in++)) << ((md->sha3.byte_index++) * 8); - return CRYPT_OK; - } - - if(old_tail) { /* will have one word to process */ - inlen -= old_tail; - while (old_tail--) md->sha3.saved |= (ulong64) (*(in++)) << ((md->sha3.byte_index++) * 8); - /* now ready to add saved to the sponge */ - md->sha3.s[md->sha3.word_index] ^= md->sha3.saved; - md->sha3.byte_index = 0; - md->sha3.saved = 0; - if(++md->sha3.word_index == (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words)) { - keccakf(md->sha3.s); - md->sha3.word_index = 0; - } - } - - /* now work in full words directly from input */ - words = inlen / sizeof(ulong64); - tail = inlen - words * sizeof(ulong64); - - for(i = 0; i < words; i++, in += sizeof(ulong64)) { - ulong64 t; - LOAD64L(t, in); - md->sha3.s[md->sha3.word_index] ^= t; - if(++md->sha3.word_index == (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words)) { - keccakf(md->sha3.s); - md->sha3.word_index = 0; - } - } - - /* finally, save the partial word */ - while (tail--) { - md->sha3.saved |= (ulong64) (*(in++)) << ((md->sha3.byte_index++) * 8); - } - return CRYPT_OK; -} - -int sha3_done(hash_state *md, unsigned char *hash) -{ - unsigned i; - - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(hash != NULL); - - md->sha3.s[md->sha3.word_index] ^= (md->sha3.saved ^ (CONST64(0x06) << (md->sha3.byte_index * 8))); - md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); - keccakf(md->sha3.s); - - /* store sha3.s[] as little-endian bytes into sha3.sb */ - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { - STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); - } - - XMEMCPY(hash, md->sha3.sb, md->sha3.capacity_words * 4); - return CRYPT_OK; -} - -int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen) -{ - /* IMPORTANT NOTE: sha3_shake_done can be called many times */ - unsigned long idx; - unsigned i; - - if (outlen == 0) return CRYPT_OK; /* nothing to do */ - LTC_ARGCHK(md != NULL); - LTC_ARGCHK(out != NULL); - - if (!md->sha3.xof_flag) { - /* shake_xof operation must be done only once */ - md->sha3.s[md->sha3.word_index] ^= (md->sha3.saved ^ (CONST64(0x1F) << (md->sha3.byte_index * 8))); - md->sha3.s[SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words - 1] ^= CONST64(0x8000000000000000); - keccakf(md->sha3.s); - /* store sha3.s[] as little-endian bytes into sha3.sb */ - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { - STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); - } - md->sha3.byte_index = 0; - md->sha3.xof_flag = 1; - } - - for (idx = 0; idx < outlen; idx++) { - if(md->sha3.byte_index >= (SHA3_KECCAK_SPONGE_WORDS - md->sha3.capacity_words) * 8) { - keccakf(md->sha3.s); - /* store sha3.s[] as little-endian bytes into sha3.sb */ - for(i = 0; i < SHA3_KECCAK_SPONGE_WORDS; i++) { - STORE64L(md->sha3.s[i], md->sha3.sb + i * 8); - } - md->sha3.byte_index = 0; - } - out[idx] = md->sha3.sb[md->sha3.byte_index++]; - } - return CRYPT_OK; -} - -int sha3_shake_memory(int num, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen) -{ - hash_state md; - int err; - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - if ((err = sha3_shake_init(&md, num)) != CRYPT_OK) return err; - if ((err = sha3_shake_process(&md, in, inlen)) != CRYPT_OK) return err; - if ((err = sha3_shake_done(&md, out, *outlen)) != CRYPT_OK) return err; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/headers/tomcrypt.h b/libs/tomcrypt/src/headers/tomcrypt.h deleted file mode 100644 index 4d348ca3e9a..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt.h +++ /dev/null @@ -1,100 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#ifndef TOMCRYPT_H_ -#define TOMCRYPT_H_ -#include <assert.h> -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include <stddef.h> -#include <time.h> -#include <ctype.h> -#include <limits.h> - -/* use configuration data */ -#include <tomcrypt_custom.h> - -#ifdef __cplusplus -extern "C" { -#endif - -/* version */ -#define CRYPT 0x0118 -#define SCRYPT "1.18.2" - -/* max size of either a cipher/hash block or symmetric key [largest of the two] */ -#define MAXBLOCKSIZE 128 - -#ifndef TAB_SIZE -/* descriptor table size */ -#define TAB_SIZE 32 -#endif - -/* error codes [will be expanded in future releases] */ -enum { - CRYPT_OK=0, /* Result OK */ - CRYPT_ERROR, /* Generic Error */ - CRYPT_NOP, /* Not a failure but no operation was performed */ - - CRYPT_INVALID_KEYSIZE, /* Invalid key size given */ - CRYPT_INVALID_ROUNDS, /* Invalid number of rounds */ - CRYPT_FAIL_TESTVECTOR, /* Algorithm failed test vectors */ - - CRYPT_BUFFER_OVERFLOW, /* Not enough space for output */ - CRYPT_INVALID_PACKET, /* Invalid input packet given */ - - CRYPT_INVALID_PRNGSIZE, /* Invalid number of bits for a PRNG */ - CRYPT_ERROR_READPRNG, /* Could not read enough from PRNG */ - - CRYPT_INVALID_CIPHER, /* Invalid cipher specified */ - CRYPT_INVALID_HASH, /* Invalid hash specified */ - CRYPT_INVALID_PRNG, /* Invalid PRNG specified */ - - CRYPT_MEM, /* Out of memory */ - - CRYPT_PK_TYPE_MISMATCH, /* Not equivalent types of PK keys */ - CRYPT_PK_NOT_PRIVATE, /* Requires a private PK key */ - - CRYPT_INVALID_ARG, /* Generic invalid argument */ - CRYPT_FILE_NOTFOUND, /* File Not Found */ - - CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */ - - CRYPT_OVERFLOW, /* An overflow of a value was detected/prevented */ - - CRYPT_UNUSED1, /* UNUSED1 */ - - CRYPT_INPUT_TOO_LONG, /* The input was longer than expected. */ - - CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */ - - CRYPT_INVALID_PRIME_SIZE,/* Invalid size of prime requested */ - CRYPT_PK_INVALID_PADDING, /* Invalid padding on input */ - - CRYPT_HASH_OVERFLOW /* Hash applied to too many bits */ -}; - -#include <tomcrypt_cfg.h> -#include <tomcrypt_macros.h> -#include <tomcrypt_cipher.h> -#include <tomcrypt_hash.h> -#include <tomcrypt_mac.h> -#include <tomcrypt_prng.h> -#include <tomcrypt_pk.h> -#include <tomcrypt_math.h> -#include <tomcrypt_misc.h> -#include <tomcrypt_argchk.h> -#include <tomcrypt_pkcs.h> - -#ifdef __cplusplus - } -#endif - -#endif /* TOMCRYPT_H_ */ diff --git a/libs/tomcrypt/src/headers/tomcrypt_argchk.h b/libs/tomcrypt/src/headers/tomcrypt_argchk.h deleted file mode 100644 index d321368486b..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_argchk.h +++ /dev/null @@ -1,48 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Defines the LTC_ARGCHK macro used within the library */ -/* ARGTYPE is defined in tomcrypt_cfg.h */ -#if ARGTYPE == 0 - -#include <signal.h> - -/* this is the default LibTomCrypt macro */ -#if defined(__clang__) || defined(__GNUC_MINOR__) -#define NORETURN __attribute__ ((noreturn)) -#else -#define NORETURN -#endif - -void crypt_argchk(const char *v, const char *s, int d) NORETURN; -#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) -#define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) - -#elif ARGTYPE == 1 - -/* fatal type of error */ -#define LTC_ARGCHK(x) assert((x)) -#define LTC_ARGCHKVD(x) LTC_ARGCHK(x) - -#elif ARGTYPE == 2 - -#define LTC_ARGCHK(x) if (!(x)) { fprintf(stderr, "\nwarning: ARGCHK failed at %s:%d\n", __FILE__, __LINE__); } -#define LTC_ARGCHKVD(x) LTC_ARGCHK(x) - -#elif ARGTYPE == 3 - -#define LTC_ARGCHK(x) -#define LTC_ARGCHKVD(x) LTC_ARGCHK(x) - -#elif ARGTYPE == 4 - -#define LTC_ARGCHK(x) if (!(x)) return CRYPT_INVALID_ARG; -#define LTC_ARGCHKVD(x) if (!(x)) return; - -#endif diff --git a/libs/tomcrypt/src/headers/tomcrypt_cfg.h b/libs/tomcrypt/src/headers/tomcrypt_cfg.h deleted file mode 100644 index ce9cc11542f..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_cfg.h +++ /dev/null @@ -1,278 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* This is the build config file. - * - * With this you can setup what to inlcude/exclude automatically during any build. Just comment - * out the line that #define's the word for the thing you want to remove. phew! - */ - -#ifndef TOMCRYPT_CFG_H -#define TOMCRYPT_CFG_H - -#if defined(_WIN32) || defined(_MSC_VER) - #define LTC_CALL __cdecl -#elif !defined(LTC_CALL) - #define LTC_CALL -#endif - -#ifndef LTC_EXPORT - #define LTC_EXPORT -#endif - -/* certain platforms use macros for these, making the prototypes broken */ -#ifndef LTC_NO_PROTOTYPES - -/* you can change how memory allocation works ... */ -LTC_EXPORT void * LTC_CALL XMALLOC(size_t n); -LTC_EXPORT void * LTC_CALL XREALLOC(void *p, size_t n); -LTC_EXPORT void * LTC_CALL XCALLOC(size_t n, size_t s); -LTC_EXPORT void LTC_CALL XFREE(void *p); - -LTC_EXPORT void LTC_CALL XQSORT(void *base, size_t nmemb, size_t size, int(*compar)(const void *, const void *)); - - -/* change the clock function too */ -LTC_EXPORT clock_t LTC_CALL XCLOCK(void); - -/* various other functions */ -LTC_EXPORT void * LTC_CALL XMEMCPY(void *dest, const void *src, size_t n); -LTC_EXPORT int LTC_CALL XMEMCMP(const void *s1, const void *s2, size_t n); -LTC_EXPORT void * LTC_CALL XMEMSET(void *s, int c, size_t n); - -LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); - -#endif - -/* some compilers do not like "inline" (or maybe "static inline"), namely: HP cc, IBM xlc */ -#if defined(__HP_cc) || defined(__xlc__) - #define LTC_INLINE -#elif defined(_MSC_VER) - #define LTC_INLINE __inline -#else - #define LTC_INLINE inline -#endif - -/* type of argument checking, 0=default, 1=fatal and 2=error+continue, 3=nothing */ -#ifndef ARGTYPE - #define ARGTYPE 4 -#endif - -#undef LTC_ENCRYPT -#define LTC_ENCRYPT 0 -#undef LTC_DECRYPT -#define LTC_DECRYPT 1 - -/* Controls endianess and size of registers. Leave uncommented to get platform neutral [slower] code - * - * Note: in order to use the optimized macros your platform must support unaligned 32 and 64 bit read/writes. - * The x86 platforms allow this but some others [ARM for instance] do not. On those platforms you **MUST** - * use the portable [slower] macros. - */ -/* detect x86/i386 32bit */ -#if defined(__i386__) || defined(__i386) || defined(_M_IX86) - #define ENDIAN_LITTLE - #define ENDIAN_32BITWORD - #define LTC_FAST -#endif - -/* detect amd64/x64 */ -#if defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) - #define ENDIAN_LITTLE - #define ENDIAN_64BITWORD - #define LTC_FAST -#endif - -/* detect PPC32 */ -#if defined(LTC_PPC32) - #define ENDIAN_BIG - #define ENDIAN_32BITWORD - #define LTC_FAST -#endif - -/* detects MIPS R5900 processors (PS2) */ -#if (defined(__R5900) || defined(R5900) || defined(__R5900__)) && (defined(_mips) || defined(__mips__) || defined(mips)) - #define ENDIAN_64BITWORD - #if defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__) - #define ENDIAN_BIG - #endif - #define ENDIAN_LITTLE - #endif -#endif - -/* detect AIX */ -#if defined(_AIX) && defined(_BIG_ENDIAN) - #define ENDIAN_BIG - #if defined(__LP64__) || defined(_ARCH_PPC64) - #define ENDIAN_64BITWORD - #else - #define ENDIAN_32BITWORD - #endif -#endif - -/* detect HP-UX */ -#if defined(__hpux) || defined(__hpux__) - #define ENDIAN_BIG - #if defined(__ia64) || defined(__ia64__) || defined(__LP64__) - #define ENDIAN_64BITWORD - #else - #define ENDIAN_32BITWORD - #endif -#endif - -/* detect Apple OS X */ -#if defined(__APPLE__) && defined(__MACH__) - #if defined(__LITTLE_ENDIAN__) || defined(__x86_64__) - #define ENDIAN_LITTLE - #else - #define ENDIAN_BIG - #endif - #if defined(__LP64__) || defined(__x86_64__) - #define ENDIAN_64BITWORD - #else - #define ENDIAN_32BITWORD - #endif -#endif - -/* detect SPARC and SPARC64 */ -#if defined(__sparc__) || defined(__sparc) - #define ENDIAN_BIG - #if defined(__arch64__) || defined(__sparcv9) || defined(__sparc_v9__) - #define ENDIAN_64BITWORD - #else - #define ENDIAN_32BITWORD - #endif -#endif - -/* detect IBM S390(x) */ -#if defined(__s390x__) || defined(__s390__) - #define ENDIAN_BIG - #if defined(__s390x__) - #define ENDIAN_64BITWORD - #else - #define ENDIAN_32BITWORD - #endif -#endif - -/* detect PPC64 */ -#if defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) - #define ENDIAN_64BITWORD - #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ - #define ENDIAN_BIG - #elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ - #define ENDIAN_LITTLE - #endif - #define LTC_FAST -#endif - -/* endianness fallback */ -#if !defined(ENDIAN_BIG) && !defined(ENDIAN_LITTLE) - #if defined(_BYTE_ORDER) && _BYTE_ORDER == _BIG_ENDIAN || \ - defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN || \ - defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ || \ - defined(__BIG_ENDIAN__) || \ - defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \ - defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__) - #define ENDIAN_BIG - #elif defined(_BYTE_ORDER) && _BYTE_ORDER == _LITTLE_ENDIAN || \ - defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN || \ - defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ || \ - defined(__LITTLE_ENDIAN__) || \ - defined(__ARMEL__) || defined(__THUMBEL__) || defined(__AARCH64EL__) || \ - defined(_MIPSEL) || defined(__MIPSEL) || defined(__MIPSEL__) - #define ENDIAN_LITTLE - #else - #error Cannot detect endianness - #endif -#endif - -/* ulong64: 64-bit data type */ -#ifdef _MSC_VER - #define CONST64(n) n ## ui64 - typedef unsigned __int64 ulong64; -#else - #define CONST64(n) n ## ULL - typedef unsigned long long ulong64; -#endif - -/* ulong32: "32-bit at least" data type */ -#if defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) || \ - defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) || \ - defined(__s390x__) || defined(__arch64__) || defined(__aarch64__) || \ - defined(__sparcv9) || defined(__sparc_v9__) || defined(__sparc64__) || \ - defined(__ia64) || defined(__ia64__) || defined(__itanium__) || defined(_M_IA64) || \ - defined(__LP64__) || defined(_LP64) || defined(__64BIT__) - typedef unsigned ulong32; - #if !defined(ENDIAN_64BITWORD) && !defined(ENDIAN_32BITWORD) - #define ENDIAN_64BITWORD - #endif -#else - typedef unsigned long ulong32; - #if !defined(ENDIAN_64BITWORD) && !defined(ENDIAN_32BITWORD) - #define ENDIAN_32BITWORD - #endif -#endif - -#if defined(ENDIAN_64BITWORD) && !defined(_MSC_VER) -typedef unsigned long long ltc_mp_digit; -#else -typedef unsigned long ltc_mp_digit; -#endif - -/* No asm is a quick way to disable anything "not portable" */ -#ifdef LTC_NO_ASM - #define ENDIAN_NEUTRAL - #undef ENDIAN_32BITWORD - #undef ENDIAN_64BITWORD - #undef LTC_FAST - #define LTC_NO_ROLC - #define LTC_NO_BSWAP -#endif - -/* No LTC_FAST if: explicitly disabled OR non-gcc/non-clang compiler OR old gcc OR using -ansi -std=c99 */ -#if defined(LTC_NO_FAST) || (__GNUC__ < 4) || defined(__STRICT_ANSI__) - #undef LTC_FAST -#endif - -#ifdef LTC_FAST - #define LTC_FAST_TYPE_PTR_CAST(x) ((LTC_FAST_TYPE*)(void*)(x)) - #ifdef ENDIAN_64BITWORD - typedef ulong64 __attribute__((__may_alias__)) LTC_FAST_TYPE; - #else - typedef ulong32 __attribute__((__may_alias__)) LTC_FAST_TYPE; - #endif -#endif - -#if !defined(ENDIAN_NEUTRAL) && (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD)) - #error You must specify a word size as well as endianess in tomcrypt_cfg.h -#endif - -#if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) - #define ENDIAN_NEUTRAL -#endif - -#if (defined(ENDIAN_32BITWORD) && defined(ENDIAN_64BITWORD)) - #error Cannot be 32 and 64 bit words... -#endif - -/* gcc 4.3 and up has a bswap builtin; detect it by gcc version. - * clang also supports the bswap builtin, and although clang pretends - * to be gcc (macro-wise, anyway), clang pretends to be a version - * prior to gcc 4.3, so we can't detect bswap that way. Instead, - * clang has a __has_builtin mechanism that can be used to check - * for builtins: - * http://clang.llvm.org/docs/LanguageExtensions.html#feature_check */ -#ifndef __has_builtin - #define __has_builtin(x) 0 -#endif -#if !defined(LTC_NO_BSWAP) && defined(__GNUC__) && \ - ((__GNUC__ * 100 + __GNUC_MINOR__ >= 403) || \ - (__has_builtin(__builtin_bswap32) && __has_builtin(__builtin_bswap64))) - #define LTC_HAVE_BSWAP_BUILTIN -#endif diff --git a/libs/tomcrypt/src/headers/tomcrypt_cipher.h b/libs/tomcrypt/src/headers/tomcrypt_cipher.h deleted file mode 100644 index c192093e486..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_cipher.h +++ /dev/null @@ -1,1004 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* ---- SYMMETRIC KEY STUFF ----- - * - * We put each of the ciphers scheduled keys in their own structs then we put all of - * the key formats in one union. This makes the function prototypes easier to use. - */ -#ifdef LTC_BLOWFISH -struct blowfish_key { - ulong32 S[4][256]; - ulong32 K[18]; -}; -#endif - -#ifdef LTC_RC5 -struct rc5_key { - int rounds; - ulong32 K[50]; -}; -#endif - -#ifdef LTC_RC6 -struct rc6_key { - ulong32 K[44]; -}; -#endif - -#ifdef LTC_SAFERP -struct saferp_key { - unsigned char K[33][16]; - long rounds; -}; -#endif - -#ifdef LTC_RIJNDAEL -struct rijndael_key { - ulong32 eK[60], dK[60]; - int Nr; -}; -#endif - -#ifdef LTC_KSEED -struct kseed_key { - ulong32 K[32], dK[32]; -}; -#endif - -#ifdef LTC_KASUMI -struct kasumi_key { - ulong32 KLi1[8], KLi2[8], - KOi1[8], KOi2[8], KOi3[8], - KIi1[8], KIi2[8], KIi3[8]; -}; -#endif - -#ifdef LTC_XTEA -struct xtea_key { - unsigned long A[32], B[32]; -}; -#endif - -#ifdef LTC_TWOFISH -#ifndef LTC_TWOFISH_SMALL - struct twofish_key { - ulong32 S[4][256], K[40]; - }; -#else - struct twofish_key { - ulong32 K[40]; - unsigned char S[32], start; - }; -#endif -#endif - -#ifdef LTC_SAFER -#define LTC_SAFER_K64_DEFAULT_NOF_ROUNDS 6 -#define LTC_SAFER_K128_DEFAULT_NOF_ROUNDS 10 -#define LTC_SAFER_SK64_DEFAULT_NOF_ROUNDS 8 -#define LTC_SAFER_SK128_DEFAULT_NOF_ROUNDS 10 -#define LTC_SAFER_MAX_NOF_ROUNDS 13 -#define LTC_SAFER_BLOCK_LEN 8 -#define LTC_SAFER_KEY_LEN (1 + LTC_SAFER_BLOCK_LEN * (1 + 2 * LTC_SAFER_MAX_NOF_ROUNDS)) -typedef unsigned char safer_block_t[LTC_SAFER_BLOCK_LEN]; -typedef unsigned char safer_key_t[LTC_SAFER_KEY_LEN]; -struct safer_key { safer_key_t key; }; -#endif - -#ifdef LTC_RC2 -struct rc2_key { unsigned xkey[64]; }; -#endif - -#ifdef LTC_DES -struct des_key { - ulong32 ek[32], dk[32]; -}; - -struct des3_key { - ulong32 ek[3][32], dk[3][32]; -}; -#endif - -#ifdef LTC_CAST5 -struct cast5_key { - ulong32 K[32], keylen; -}; -#endif - -#ifdef LTC_NOEKEON -struct noekeon_key { - ulong32 K[4], dK[4]; -}; -#endif - -#ifdef LTC_SKIPJACK -struct skipjack_key { - unsigned char key[10]; -}; -#endif - -#ifdef LTC_KHAZAD -struct khazad_key { - ulong64 roundKeyEnc[8 + 1]; - ulong64 roundKeyDec[8 + 1]; -}; -#endif - -#ifdef LTC_ANUBIS -struct anubis_key { - int keyBits; - int R; - ulong32 roundKeyEnc[18 + 1][4]; - ulong32 roundKeyDec[18 + 1][4]; -}; -#endif - -#ifdef LTC_MULTI2 -struct multi2_key { - int N; - ulong32 uk[8]; -}; -#endif - -#ifdef LTC_CAMELLIA -struct camellia_key { - int R; - ulong64 kw[4], k[24], kl[6]; -}; -#endif - -typedef union Symmetric_key { -#ifdef LTC_DES - struct des_key des; - struct des3_key des3; -#endif -#ifdef LTC_RC2 - struct rc2_key rc2; -#endif -#ifdef LTC_SAFER - struct safer_key safer; -#endif -#ifdef LTC_TWOFISH - struct twofish_key twofish; -#endif -#ifdef LTC_BLOWFISH - struct blowfish_key blowfish; -#endif -#ifdef LTC_RC5 - struct rc5_key rc5; -#endif -#ifdef LTC_RC6 - struct rc6_key rc6; -#endif -#ifdef LTC_SAFERP - struct saferp_key saferp; -#endif -#ifdef LTC_RIJNDAEL - struct rijndael_key rijndael; -#endif -#ifdef LTC_XTEA - struct xtea_key xtea; -#endif -#ifdef LTC_CAST5 - struct cast5_key cast5; -#endif -#ifdef LTC_NOEKEON - struct noekeon_key noekeon; -#endif -#ifdef LTC_SKIPJACK - struct skipjack_key skipjack; -#endif -#ifdef LTC_KHAZAD - struct khazad_key khazad; -#endif -#ifdef LTC_ANUBIS - struct anubis_key anubis; -#endif -#ifdef LTC_KSEED - struct kseed_key kseed; -#endif -#ifdef LTC_KASUMI - struct kasumi_key kasumi; -#endif -#ifdef LTC_MULTI2 - struct multi2_key multi2; -#endif -#ifdef LTC_CAMELLIA - struct camellia_key camellia; -#endif - void *data; -} symmetric_key; - -#ifdef LTC_ECB_MODE -/** A block cipher ECB structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen; - /** The scheduled key */ - symmetric_key key; -} symmetric_ECB; -#endif - -#ifdef LTC_CFB_MODE -/** A block cipher CFB structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, - /** The padding offset */ - padlen; - /** The current IV */ - unsigned char IV[MAXBLOCKSIZE], - /** The pad used to encrypt/decrypt */ - pad[MAXBLOCKSIZE]; - /** The scheduled key */ - symmetric_key key; -} symmetric_CFB; -#endif - -#ifdef LTC_OFB_MODE -/** A block cipher OFB structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, - /** The padding offset */ - padlen; - /** The current IV */ - unsigned char IV[MAXBLOCKSIZE]; - /** The scheduled key */ - symmetric_key key; -} symmetric_OFB; -#endif - -#ifdef LTC_CBC_MODE -/** A block cipher CBC structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen; - /** The current IV */ - unsigned char IV[MAXBLOCKSIZE]; - /** The scheduled key */ - symmetric_key key; -} symmetric_CBC; -#endif - - -#ifdef LTC_CTR_MODE -/** A block cipher CTR structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, - /** The padding offset */ - padlen, - /** The mode (endianess) of the CTR, 0==little, 1==big */ - mode, - /** counter width */ - ctrlen; - - /** The counter */ - unsigned char ctr[MAXBLOCKSIZE], - /** The pad used to encrypt/decrypt */ - pad[MAXBLOCKSIZE]; - /** The scheduled key */ - symmetric_key key; -} symmetric_CTR; -#endif - - -#ifdef LTC_LRW_MODE -/** A LRW structure */ -typedef struct { - /** The index of the cipher chosen (must be a 128-bit block cipher) */ - int cipher; - - /** The current IV */ - unsigned char IV[16], - - /** the tweak key */ - tweak[16], - - /** The current pad, it's the product of the first 15 bytes against the tweak key */ - pad[16]; - - /** The scheduled symmetric key */ - symmetric_key key; - -#ifdef LTC_LRW_TABLES - /** The pre-computed multiplication table */ - unsigned char PC[16][256][16]; -#endif -} symmetric_LRW; -#endif - -#ifdef LTC_F8_MODE -/** A block cipher F8 structure */ -typedef struct { - /** The index of the cipher chosen */ - int cipher, - /** The block size of the given cipher */ - blocklen, - /** The padding offset */ - padlen; - /** The current IV */ - unsigned char IV[MAXBLOCKSIZE], - MIV[MAXBLOCKSIZE]; - /** Current block count */ - ulong32 blockcnt; - /** The scheduled key */ - symmetric_key key; -} symmetric_F8; -#endif - - -/** cipher descriptor table, last entry has "name == NULL" to mark the end of table */ -extern struct ltc_cipher_descriptor { - /** name of cipher */ - const char *name; - /** internal ID */ - unsigned char ID; - /** min keysize (octets) */ - int min_key_length, - /** max keysize (octets) */ - max_key_length, - /** block size (octets) */ - block_length, - /** default number of rounds */ - default_rounds; - /** Setup the cipher - @param key The input symmetric key - @param keylen The length of the input key (octets) - @param num_rounds The requested number of rounds (0==default) - @param skey [out] The destination of the scheduled key - @return CRYPT_OK if successful - */ - int (*setup)(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); - /** Encrypt a block - @param pt The plaintext - @param ct [out] The ciphertext - @param skey The scheduled key - @return CRYPT_OK if successful - */ - int (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); - /** Decrypt a block - @param ct The ciphertext - @param pt [out] The plaintext - @param skey The scheduled key - @return CRYPT_OK if successful - */ - int (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); - /** Test the block cipher - @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled - */ - int (*test)(void); - - /** Terminate the context - @param skey The scheduled key - */ - void (*done)(symmetric_key *skey); - - /** Determine a key size - @param keysize [in/out] The size of the key desired and the suggested size - @return CRYPT_OK if successful - */ - int (*keysize)(int *keysize); - -/** Accelerators **/ - /** Accelerated ECB encryption - @param pt Plaintext - @param ct Ciphertext - @param blocks The number of complete blocks to process - @param skey The scheduled key context - @return CRYPT_OK if successful - */ - int (*accel_ecb_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, symmetric_key *skey); - - /** Accelerated ECB decryption - @param pt Plaintext - @param ct Ciphertext - @param blocks The number of complete blocks to process - @param skey The scheduled key context - @return CRYPT_OK if successful - */ - int (*accel_ecb_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, symmetric_key *skey); - - /** Accelerated CBC encryption - @param pt Plaintext - @param ct Ciphertext - @param blocks The number of complete blocks to process - @param IV The initial value (input/output) - @param skey The scheduled key context - @return CRYPT_OK if successful - */ - int (*accel_cbc_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, symmetric_key *skey); - - /** Accelerated CBC decryption - @param pt Plaintext - @param ct Ciphertext - @param blocks The number of complete blocks to process - @param IV The initial value (input/output) - @param skey The scheduled key context - @return CRYPT_OK if successful - */ - int (*accel_cbc_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, symmetric_key *skey); - - /** Accelerated CTR encryption - @param pt Plaintext - @param ct Ciphertext - @param blocks The number of complete blocks to process - @param IV The initial value (input/output) - @param mode little or big endian counter (mode=0 or mode=1) - @param skey The scheduled key context - @return CRYPT_OK if successful - */ - int (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey); - - /** Accelerated LRW - @param pt Plaintext - @param ct Ciphertext - @param blocks The number of complete blocks to process - @param IV The initial value (input/output) - @param tweak The LRW tweak - @param skey The scheduled key context - @return CRYPT_OK if successful - */ - int (*accel_lrw_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey); - - /** Accelerated LRW - @param ct Ciphertext - @param pt Plaintext - @param blocks The number of complete blocks to process - @param IV The initial value (input/output) - @param tweak The LRW tweak - @param skey The scheduled key context - @return CRYPT_OK if successful - */ - int (*accel_lrw_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey); - - /** Accelerated CCM packet (one-shot) - @param key The secret key to use - @param keylen The length of the secret key (octets) - @param uskey A previously scheduled key [optional can be NULL] - @param nonce The session nonce [use once] - @param noncelen The length of the nonce - @param header The header for the session - @param headerlen The length of the header (octets) - @param pt [out] The plaintext - @param ptlen The length of the plaintext (octets) - @param ct [out] The ciphertext - @param tag [out] The destination tag - @param taglen [in/out] The max size and resulting size of the authentication tag - @param direction Encrypt or Decrypt direction (0 or 1) - @return CRYPT_OK if successful - */ - int (*accel_ccm_memory)( - const unsigned char *key, unsigned long keylen, - symmetric_key *uskey, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen, - int direction); - - /** Accelerated GCM packet (one shot) - @param key The secret key - @param keylen The length of the secret key - @param IV The initialization vector - @param IVlen The length of the initialization vector - @param adata The additional authentication data (header) - @param adatalen The length of the adata - @param pt The plaintext - @param ptlen The length of the plaintext (ciphertext length is the same) - @param ct The ciphertext - @param tag [out] The MAC tag - @param taglen [in/out] The MAC tag length - @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT) - @return CRYPT_OK on success - */ - int (*accel_gcm_memory)( - const unsigned char *key, unsigned long keylen, - const unsigned char *IV, unsigned long IVlen, - const unsigned char *adata, unsigned long adatalen, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen, - int direction); - - /** Accelerated one shot LTC_OMAC - @param key The secret key - @param keylen The key length (octets) - @param in The message - @param inlen Length of message (octets) - @param out [out] Destination for tag - @param outlen [in/out] Initial and final size of out - @return CRYPT_OK on success - */ - int (*omac_memory)( - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - - /** Accelerated one shot XCBC - @param key The secret key - @param keylen The key length (octets) - @param in The message - @param inlen Length of message (octets) - @param out [out] Destination for tag - @param outlen [in/out] Initial and final size of out - @return CRYPT_OK on success - */ - int (*xcbc_memory)( - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - - /** Accelerated one shot F9 - @param key The secret key - @param keylen The key length (octets) - @param in The message - @param inlen Length of message (octets) - @param out [out] Destination for tag - @param outlen [in/out] Initial and final size of out - @return CRYPT_OK on success - @remark Requires manual padding - */ - int (*f9_memory)( - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - - /** Accelerated XTS encryption - @param pt Plaintext - @param ct Ciphertext - @param blocks The number of complete blocks to process - @param tweak The 128-bit encryption tweak (input/output). - The tweak should not be encrypted on input, but - next tweak will be copied encrypted on output. - @param skey1 The first scheduled key context - @param skey2 The second scheduled key context - @return CRYPT_OK if successful - */ - int (*accel_xts_encrypt)(const unsigned char *pt, unsigned char *ct, - unsigned long blocks, unsigned char *tweak, symmetric_key *skey1, - symmetric_key *skey2); - - /** Accelerated XTS decryption - @param ct Ciphertext - @param pt Plaintext - @param blocks The number of complete blocks to process - @param tweak The 128-bit encryption tweak (input/output). - The tweak should not be encrypted on input, but - next tweak will be copied encrypted on output. - @param skey1 The first scheduled key context - @param skey2 The second scheduled key context - @return CRYPT_OK if successful - */ - int (*accel_xts_decrypt)(const unsigned char *ct, unsigned char *pt, - unsigned long blocks, unsigned char *tweak, symmetric_key *skey1, - symmetric_key *skey2); -} cipher_descriptor[]; - -#ifdef LTC_BLOWFISH -int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int blowfish_test(void); -void blowfish_done(symmetric_key *skey); -int blowfish_keysize(int *keysize); -extern const struct ltc_cipher_descriptor blowfish_desc; -#endif - -#ifdef LTC_RC5 -int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int rc5_test(void); -void rc5_done(symmetric_key *skey); -int rc5_keysize(int *keysize); -extern const struct ltc_cipher_descriptor rc5_desc; -#endif - -#ifdef LTC_RC6 -int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int rc6_test(void); -void rc6_done(symmetric_key *skey); -int rc6_keysize(int *keysize); -extern const struct ltc_cipher_descriptor rc6_desc; -#endif - -#ifdef LTC_RC2 -int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int rc2_setup_ex(const unsigned char *key, int keylen, int bits, int num_rounds, symmetric_key *skey); -int rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int rc2_test(void); -void rc2_done(symmetric_key *skey); -int rc2_keysize(int *keysize); -extern const struct ltc_cipher_descriptor rc2_desc; -#endif - -#ifdef LTC_SAFERP -int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int saferp_test(void); -void saferp_done(symmetric_key *skey); -int saferp_keysize(int *keysize); -extern const struct ltc_cipher_descriptor saferp_desc; -#endif - -#ifdef LTC_SAFER -int safer_k64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int safer_sk64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int safer_k128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int safer_sk128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int safer_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key); -int safer_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key); -int safer_k64_test(void); -int safer_sk64_test(void); -int safer_sk128_test(void); -void safer_done(symmetric_key *skey); -int safer_64_keysize(int *keysize); -int safer_128_keysize(int *keysize); -extern const struct ltc_cipher_descriptor safer_k64_desc, safer_k128_desc, safer_sk64_desc, safer_sk128_desc; -#endif - -#ifdef LTC_RIJNDAEL - -/* make aes an alias */ -#define aes_setup rijndael_setup -#define aes_ecb_encrypt rijndael_ecb_encrypt -#define aes_ecb_decrypt rijndael_ecb_decrypt -#define aes_test rijndael_test -#define aes_done rijndael_done -#define aes_keysize rijndael_keysize - -#define aes_enc_setup rijndael_enc_setup -#define aes_enc_ecb_encrypt rijndael_enc_ecb_encrypt -#define aes_enc_keysize rijndael_enc_keysize - -int rijndael_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int rijndael_test(void); -void rijndael_done(symmetric_key *skey); -int rijndael_keysize(int *keysize); -int rijndael_enc_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int rijndael_enc_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -void rijndael_enc_done(symmetric_key *skey); -int rijndael_enc_keysize(int *keysize); -extern const struct ltc_cipher_descriptor rijndael_desc, aes_desc; -extern const struct ltc_cipher_descriptor rijndael_enc_desc, aes_enc_desc; -#endif - -#ifdef LTC_XTEA -int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int xtea_test(void); -void xtea_done(symmetric_key *skey); -int xtea_keysize(int *keysize); -extern const struct ltc_cipher_descriptor xtea_desc; -#endif - -#ifdef LTC_TWOFISH -int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int twofish_test(void); -void twofish_done(symmetric_key *skey); -int twofish_keysize(int *keysize); -extern const struct ltc_cipher_descriptor twofish_desc; -#endif - -#ifdef LTC_DES -int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int des_test(void); -void des_done(symmetric_key *skey); -int des_keysize(int *keysize); -int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int des3_test(void); -void des3_done(symmetric_key *skey); -int des3_keysize(int *keysize); -extern const struct ltc_cipher_descriptor des_desc, des3_desc; -#endif - -#ifdef LTC_CAST5 -int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int cast5_test(void); -void cast5_done(symmetric_key *skey); -int cast5_keysize(int *keysize); -extern const struct ltc_cipher_descriptor cast5_desc; -#endif - -#ifdef LTC_NOEKEON -int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int noekeon_test(void); -void noekeon_done(symmetric_key *skey); -int noekeon_keysize(int *keysize); -extern const struct ltc_cipher_descriptor noekeon_desc; -#endif - -#ifdef LTC_SKIPJACK -int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int skipjack_test(void); -void skipjack_done(symmetric_key *skey); -int skipjack_keysize(int *keysize); -extern const struct ltc_cipher_descriptor skipjack_desc; -#endif - -#ifdef LTC_KHAZAD -int khazad_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int khazad_test(void); -void khazad_done(symmetric_key *skey); -int khazad_keysize(int *keysize); -extern const struct ltc_cipher_descriptor khazad_desc; -#endif - -#ifdef LTC_ANUBIS -int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int anubis_test(void); -void anubis_done(symmetric_key *skey); -int anubis_keysize(int *keysize); -extern const struct ltc_cipher_descriptor anubis_desc; -#endif - -#ifdef LTC_KSEED -int kseed_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int kseed_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int kseed_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int kseed_test(void); -void kseed_done(symmetric_key *skey); -int kseed_keysize(int *keysize); -extern const struct ltc_cipher_descriptor kseed_desc; -#endif - -#ifdef LTC_KASUMI -int kasumi_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int kasumi_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int kasumi_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int kasumi_test(void); -void kasumi_done(symmetric_key *skey); -int kasumi_keysize(int *keysize); -extern const struct ltc_cipher_descriptor kasumi_desc; -#endif - - -#ifdef LTC_MULTI2 -int multi2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int multi2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int multi2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int multi2_test(void); -void multi2_done(symmetric_key *skey); -int multi2_keysize(int *keysize); -extern const struct ltc_cipher_descriptor multi2_desc; -#endif - -#ifdef LTC_CAMELLIA -int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey); -int camellia_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey); -int camellia_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey); -int camellia_test(void); -void camellia_done(symmetric_key *skey); -int camellia_keysize(int *keysize); -extern const struct ltc_cipher_descriptor camellia_desc; -#endif - -#ifdef LTC_ECB_MODE -int ecb_start(int cipher, const unsigned char *key, - int keylen, int num_rounds, symmetric_ECB *ecb); -int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb); -int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_ECB *ecb); -int ecb_done(symmetric_ECB *ecb); -#endif - -#ifdef LTC_CFB_MODE -int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, - int keylen, int num_rounds, symmetric_CFB *cfb); -int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb); -int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb); -int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb); -int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb); -int cfb_done(symmetric_CFB *cfb); -#endif - -#ifdef LTC_OFB_MODE -int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key, - int keylen, int num_rounds, symmetric_OFB *ofb); -int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb); -int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb); -int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb); -int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb); -int ofb_done(symmetric_OFB *ofb); -#endif - -#ifdef LTC_CBC_MODE -int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key, - int keylen, int num_rounds, symmetric_CBC *cbc); -int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc); -int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CBC *cbc); -int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc); -int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc); -int cbc_done(symmetric_CBC *cbc); -#endif - -#ifdef LTC_CTR_MODE - -#define CTR_COUNTER_LITTLE_ENDIAN 0x0000 -#define CTR_COUNTER_BIG_ENDIAN 0x1000 -#define LTC_CTR_RFC3686 0x2000 - -int ctr_start( int cipher, - const unsigned char *IV, - const unsigned char *key, int keylen, - int num_rounds, int ctr_mode, - symmetric_CTR *ctr); -int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr); -int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr); -int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr); -int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr); -int ctr_done(symmetric_CTR *ctr); -int ctr_test(void); -#endif - -#ifdef LTC_LRW_MODE - -#define LRW_ENCRYPT LTC_ENCRYPT -#define LRW_DECRYPT LTC_DECRYPT - -int lrw_start( int cipher, - const unsigned char *IV, - const unsigned char *key, int keylen, - const unsigned char *tweak, - int num_rounds, - symmetric_LRW *lrw); -int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw); -int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw); -int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw); -int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw); -int lrw_done(symmetric_LRW *lrw); -int lrw_test(void); - -/* don't call */ -int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw); -#endif - -#ifdef LTC_F8_MODE -int f8_start( int cipher, const unsigned char *IV, - const unsigned char *key, int keylen, - const unsigned char *salt_key, int skeylen, - int num_rounds, symmetric_F8 *f8); -int f8_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_F8 *f8); -int f8_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_F8 *f8); -int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8); -int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8); -int f8_done(symmetric_F8 *f8); -int f8_test_mode(void); -#endif - -#ifdef LTC_XTS_MODE -typedef struct { - symmetric_key key1, key2; - int cipher; -} symmetric_xts; - -int xts_start( int cipher, - const unsigned char *key1, - const unsigned char *key2, - unsigned long keylen, - int num_rounds, - symmetric_xts *xts); - -int xts_encrypt( - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tweak, - symmetric_xts *xts); -int xts_decrypt( - const unsigned char *ct, unsigned long ptlen, - unsigned char *pt, - unsigned char *tweak, - symmetric_xts *xts); - -void xts_done(symmetric_xts *xts); -int xts_test(void); -void xts_mult_x(unsigned char *I); -#endif - -int find_cipher(const char *name); -int find_cipher_any(const char *name, int blocklen, int keylen); -int find_cipher_id(unsigned char ID); -int register_cipher(const struct ltc_cipher_descriptor *cipher); -int unregister_cipher(const struct ltc_cipher_descriptor *cipher); -int register_all_ciphers(void); -int cipher_is_valid(int idx); - -LTC_MUTEX_PROTO(ltc_cipher_mutex) - -/* ---- stream ciphers ---- */ - -#ifdef LTC_CHACHA - -typedef struct { - ulong32 input[16]; - unsigned char kstream[64]; - unsigned long ksleft; - unsigned long ivlen; - int rounds; -} chacha_state; - -int chacha_setup(chacha_state *st, const unsigned char *key, unsigned long keylen, int rounds); -int chacha_ivctr32(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong32 counter); -int chacha_ivctr64(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 counter); -int chacha_crypt(chacha_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); -int chacha_keystream(chacha_state *st, unsigned char *out, unsigned long outlen); -int chacha_done(chacha_state *st); -int chacha_test(void); - -#endif /* LTC_CHACHA */ - -#ifdef LTC_RC4_STREAM - -typedef struct { - unsigned int x, y; - unsigned char buf[256]; -} rc4_state; - -int rc4_stream_setup(rc4_state *st, const unsigned char *key, unsigned long keylen); -int rc4_stream_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); -int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen); -int rc4_stream_done(rc4_state *st); -int rc4_stream_test(void); - -#endif /* LTC_RC4_STREAM */ - -#ifdef LTC_SOBER128_STREAM - -typedef struct { - ulong32 R[17], /* Working storage for the shift register */ - initR[17], /* saved register contents */ - konst, /* key dependent constant */ - sbuf; /* partial word encryption buffer */ - int nbuf; /* number of part-word stream bits buffered */ -} sober128_state; - -int sober128_stream_setup(sober128_state *st, const unsigned char *key, unsigned long keylen); -int sober128_stream_setiv(sober128_state *st, const unsigned char *iv, unsigned long ivlen); -int sober128_stream_crypt(sober128_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); -int sober128_stream_keystream(sober128_state *st, unsigned char *out, unsigned long outlen); -int sober128_stream_done(sober128_state *st); -int sober128_stream_test(void); - -#endif /* LTC_SOBER128_STREAM */ diff --git a/libs/tomcrypt/src/headers/tomcrypt_custom.h b/libs/tomcrypt/src/headers/tomcrypt_custom.h deleted file mode 100644 index 4b154f4d5dc..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_custom.h +++ /dev/null @@ -1,586 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#ifndef TOMCRYPT_CUSTOM_H_ -#define TOMCRYPT_CUSTOM_H_ - -/* macros for various libc functions you can change for embedded targets */ -#ifndef XMALLOC -#define XMALLOC malloc -#endif -#ifndef XREALLOC -#define XREALLOC realloc -#endif -#ifndef XCALLOC -#define XCALLOC calloc -#endif -#ifndef XFREE -#define XFREE free -#endif - -#ifndef XMEMSET -#define XMEMSET memset -#endif -#ifndef XMEMCPY -#define XMEMCPY memcpy -#endif -#ifndef XMEMMOVE -#define XMEMMOVE memmove -#endif -#ifndef XMEMCMP -#define XMEMCMP memcmp -#endif -/* A memory compare function that has to run in constant time, - * c.f. mem_neq() API summary. - */ -#ifndef XMEM_NEQ -#define XMEM_NEQ mem_neq -#endif -#ifndef XSTRCMP -#define XSTRCMP strcmp -#endif - -#ifndef XCLOCK -#define XCLOCK clock -#endif - -#ifndef XQSORT -#define XQSORT qsort -#endif - -#if ( defined(malloc) || defined(realloc) || defined(calloc) || defined(free) || \ - defined(memset) || defined(memcpy) || defined(memcmp) || defined(strcmp) || \ - defined(clock) || defined(qsort) ) && !defined(LTC_NO_PROTOTYPES) -#define LTC_NO_PROTOTYPES -#endif - -/* shortcut to disable automatic inclusion */ -#if defined LTC_NOTHING && !defined LTC_EASY - #define LTC_NO_CIPHERS - #define LTC_NO_MODES - #define LTC_NO_HASHES - #define LTC_NO_MACS - #define LTC_NO_PRNGS - #define LTC_NO_PK - #define LTC_NO_PKCS - #define LTC_NO_MISC -#endif /* LTC_NOTHING */ - -/* Easy button? */ -#ifdef LTC_EASY - #define LTC_NO_CIPHERS - #define LTC_RIJNDAEL - #define LTC_BLOWFISH - #define LTC_DES - #define LTC_CAST5 - - #define LTC_NO_MODES - #define LTC_ECB_MODE - #define LTC_CBC_MODE - #define LTC_CTR_MODE - - #define LTC_NO_HASHES - #define LTC_SHA1 - #define LTC_SHA3 - #define LTC_SHA512 - #define LTC_SHA384 - #define LTC_SHA256 - #define LTC_SHA224 - #define LTC_HASH_HELPERS - - #define LTC_NO_MACS - #define LTC_HMAC - #define LTC_OMAC - #define LTC_CCM_MODE - - #define LTC_NO_PRNGS - #define LTC_SPRNG - #define LTC_YARROW - #define LTC_DEVRANDOM - #define LTC_TRY_URANDOM_FIRST - #define LTC_RNG_GET_BYTES - #define LTC_RNG_MAKE_PRNG - - #define LTC_NO_PK - #define LTC_MRSA - #define LTC_MECC - - #define LTC_NO_MISC - #define LTC_BASE64 -#endif - -/* The minimal set of functionality to run the tests */ -#ifdef LTC_MINIMAL - #define LTC_RIJNDAEL - #define LTC_SHA256 - #define LTC_YARROW - #define LTC_CTR_MODE - - #define LTC_RNG_MAKE_PRNG - #define LTC_RNG_GET_BYTES - #define LTC_DEVRANDOM - #define LTC_TRY_URANDOM_FIRST - - #undef LTC_NO_FILE -#endif - -/* Enable self-test test vector checking */ -#ifndef LTC_NO_TEST - #define LTC_TEST -#endif -/* Enable extended self-tests */ -/* #define LTC_TEST_EXT */ - -/* Use small code where possible */ -/* #define LTC_SMALL_CODE */ - -/* clean the stack of functions which put private information on stack */ -/* #define LTC_CLEAN_STACK */ - -/* disable all file related functions */ -#define LTC_NO_FILE - -/* disable all forms of ASM */ -/* #define LTC_NO_ASM */ - -/* disable FAST mode */ -/* #define LTC_NO_FAST */ - -/* disable BSWAP on x86 */ -/* #define LTC_NO_BSWAP */ - -/* ---> math provider? <--- */ -#ifndef LTC_NO_MATH - -/* LibTomMath */ -#define LTM_DESC - -/* TomsFastMath */ -/* #define TFM_DESC */ - -/* GNU Multiple Precision Arithmetic Library */ -/* #define GMP_DESC */ - -#endif /* LTC_NO_MATH */ - -/* ---> Symmetric Block Ciphers <--- */ -#ifndef LTC_NO_CIPHERS - -#define LTC_BLOWFISH -#define LTC_RC2 -#define LTC_RC5 -#define LTC_RC6 -#define LTC_SAFERP -#define LTC_RIJNDAEL -#define LTC_XTEA -/* _TABLES tells it to use tables during setup, _SMALL means to use the smaller scheduled key format - * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */ -#define LTC_TWOFISH -#ifndef LTC_NO_TABLES - #define LTC_TWOFISH_TABLES - /* #define LTC_TWOFISH_ALL_TABLES */ -#else - #define LTC_TWOFISH_SMALL -#endif -/* #define LTC_TWOFISH_SMALL */ -/* LTC_DES includes EDE triple-DES */ -#define LTC_DES -#define LTC_CAST5 -#define LTC_NOEKEON -#define LTC_SKIPJACK -#define LTC_SAFER -#define LTC_KHAZAD -#define LTC_ANUBIS -#define LTC_ANUBIS_TWEAK -#define LTC_KSEED -#define LTC_KASUMI -#define LTC_MULTI2 -#define LTC_CAMELLIA - -/* stream ciphers */ -#define LTC_CHACHA -#define LTC_RC4_STREAM -#define LTC_SOBER128_STREAM - -#endif /* LTC_NO_CIPHERS */ - - -/* ---> Block Cipher Modes of Operation <--- */ -#ifndef LTC_NO_MODES - -#define LTC_CFB_MODE -#define LTC_OFB_MODE -#define LTC_ECB_MODE -#define LTC_CBC_MODE -#define LTC_CTR_MODE - -/* F8 chaining mode */ -#define LTC_F8_MODE - -/* LRW mode */ -#define LTC_LRW_MODE -#ifndef LTC_NO_TABLES - /* like GCM mode this will enable 16 8x128 tables [64KB] that make - * seeking very fast. - */ - #define LTC_LRW_TABLES -#endif - -/* XTS mode */ -#define LTC_XTS_MODE - -#endif /* LTC_NO_MODES */ - -/* ---> One-Way Hash Functions <--- */ -#ifndef LTC_NO_HASHES - -#define LTC_CHC_HASH -#define LTC_WHIRLPOOL -#define LTC_SHA3 -#define LTC_SHA512 -#define LTC_SHA512_256 -#define LTC_SHA512_224 -#define LTC_SHA384 -#define LTC_SHA256 -#define LTC_SHA224 -#define LTC_TIGER -#define LTC_SHA1 -#define LTC_MD5 -#define LTC_MD4 -#define LTC_MD2 -#define LTC_RIPEMD128 -#define LTC_RIPEMD160 -#define LTC_RIPEMD256 -#define LTC_RIPEMD320 -#define LTC_BLAKE2S -#define LTC_BLAKE2B - -#define LTC_HASH_HELPERS - -#endif /* LTC_NO_HASHES */ - - -/* ---> MAC functions <--- */ -#ifndef LTC_NO_MACS - -#define LTC_HMAC -#define LTC_OMAC -#define LTC_PMAC -#define LTC_XCBC -#define LTC_F9_MODE -#define LTC_PELICAN -#define LTC_POLY1305 -#define LTC_BLAKE2SMAC -#define LTC_BLAKE2BMAC - -/* ---> Encrypt + Authenticate Modes <--- */ - -#define LTC_EAX_MODE - -#define LTC_OCB_MODE -#define LTC_OCB3_MODE -#define LTC_CCM_MODE -#define LTC_GCM_MODE -#define LTC_CHACHA20POLY1305_MODE - -/* Use 64KiB tables */ -#ifndef LTC_NO_TABLES - #define LTC_GCM_TABLES -#endif - -/* USE SSE2? requires GCC works on x86_32 and x86_64*/ -#ifdef LTC_GCM_TABLES -/* #define LTC_GCM_TABLES_SSE2 */ -#endif - -#endif /* LTC_NO_MACS */ - - -/* --> Pseudo Random Number Generators <--- */ -#ifndef LTC_NO_PRNGS - -/* Yarrow */ -#define LTC_YARROW - -/* a PRNG that simply reads from an available system source */ -#define LTC_SPRNG - -/* The RC4 stream cipher based PRNG */ -#define LTC_RC4 - -/* The ChaCha20 stream cipher based PRNG */ -#define LTC_CHACHA20_PRNG - -/* Fortuna PRNG */ -#define LTC_FORTUNA - -/* Greg's SOBER128 stream cipher based PRNG */ -#define LTC_SOBER128 - -/* the *nix style /dev/random device */ -#define LTC_DEVRANDOM -/* try /dev/urandom before trying /dev/random - * are you sure you want to disable this? http://www.2uo.de/myths-about-urandom/ */ -#define LTC_TRY_URANDOM_FIRST -/* rng_get_bytes() */ -#define LTC_RNG_GET_BYTES -/* rng_make_prng() */ -#define LTC_RNG_MAKE_PRNG - -/* enable the ltc_rng hook to integrate e.g. embedded hardware RNG's easily */ -/* #define LTC_PRNG_ENABLE_LTC_RNG */ - -#endif /* LTC_NO_PRNGS */ - -#ifdef LTC_YARROW - -/* which descriptor of AES to use? */ -/* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */ -#ifdef ENCRYPT_ONLY - #define LTC_YARROW_AES 0 -#else - #define LTC_YARROW_AES 2 -#endif - -#endif - -#ifdef LTC_FORTUNA - -#ifndef LTC_FORTUNA_WD -/* reseed every N calls to the read function */ -#define LTC_FORTUNA_WD 10 -#endif - -#ifndef LTC_FORTUNA_POOLS -/* number of pools (4..32) can save a bit of ram by lowering the count */ -#define LTC_FORTUNA_POOLS 32 -#endif - -#endif /* LTC_FORTUNA */ - - -/* ---> Public Key Crypto <--- */ -#ifndef LTC_NO_PK - -/* Include RSA support */ -#define LTC_MRSA - -/* Include Diffie-Hellman support */ -/* is_prime fails for GMP */ -#define LTC_MDH -/* Supported Key Sizes */ -#define LTC_DH768 -#define LTC_DH1024 -#define LTC_DH1536 -#define LTC_DH2048 - -#ifndef TFM_DESC -/* tfm has a problem in fp_isprime for larger key sizes */ -#define LTC_DH3072 -#define LTC_DH4096 -#define LTC_DH6144 -#define LTC_DH8192 -#endif - -/* Include Katja (a Rabin variant like RSA) */ -/* #define LTC_MKAT */ - -/* Digital Signature Algorithm */ -#define LTC_MDSA - -/* ECC */ -#define LTC_MECC - -/* use Shamir's trick for point mul (speeds up signature verification) */ -#define LTC_ECC_SHAMIR - -#if defined(TFM_DESC) && defined(LTC_MECC) - #define LTC_MECC_ACCEL -#endif - -/* do we want fixed point ECC */ -/* #define LTC_MECC_FP */ - -#endif /* LTC_NO_PK */ - -#if defined(LTC_MRSA) && !defined(LTC_NO_RSA_BLINDING) -/* Enable RSA blinding when doing private key operations by default */ -#define LTC_RSA_BLINDING -#endif /* LTC_NO_RSA_BLINDING */ - -#if defined(LTC_MRSA) && !defined(LTC_NO_RSA_CRT_HARDENING) -/* Enable RSA CRT hardening when doing private key operations by default */ -#define LTC_RSA_CRT_HARDENING -#endif /* LTC_NO_RSA_CRT_HARDENING */ - -#if defined(LTC_MECC) && !defined(LTC_NO_ECC_TIMING_RESISTANT) -/* Enable ECC timing resistant version by default */ -#define LTC_ECC_TIMING_RESISTANT -#endif - -/* PKCS #1 (RSA) and #5 (Password Handling) stuff */ -#ifndef LTC_NO_PKCS - -#define LTC_PKCS_1 -#define LTC_PKCS_5 - -/* Include ASN.1 DER (required by DSA/RSA) */ -#define LTC_DER - -#endif /* LTC_NO_PKCS */ - -/* misc stuff */ -#ifndef LTC_NO_MISC - -/* Various tidbits of modern neatoness */ -#define LTC_BASE64 -/* ... and it's URL safe version */ -#define LTC_BASE64_URL - -/* Keep LTC_NO_HKDF for compatibility reasons - * superseeded by LTC_NO_MISC*/ -#ifndef LTC_NO_HKDF -/* HKDF Key Derivation/Expansion stuff */ -#define LTC_HKDF -#endif /* LTC_NO_HKDF */ - -#define LTC_ADLER32 - -#define LTC_CRC32 - -#endif /* LTC_NO_MISC */ - -/* cleanup */ - -#ifdef LTC_MECC -/* Supported ECC Key Sizes */ -#ifndef LTC_NO_CURVES - #define LTC_ECC112 - #define LTC_ECC128 - #define LTC_ECC160 - #define LTC_ECC192 - #define LTC_ECC224 - #define LTC_ECC256 - #define LTC_ECC384 - #define LTC_ECC521 -#endif -#endif - -#if defined(LTC_DER) - #ifndef LTC_DER_MAX_RECURSION - /* Maximum recursion limit when processing nested ASN.1 types. */ - #define LTC_DER_MAX_RECURSION 30 - #endif -#endif - -#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT) - /* Include the MPI functionality? (required by the PK algorithms) */ - #define LTC_MPI - - #ifndef LTC_PK_MAX_RETRIES - /* iterations limit for retry-loops */ - #define LTC_PK_MAX_RETRIES 20 - #endif -#endif - -#ifdef LTC_MRSA - #define LTC_PKCS_1 -#endif - -#if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL) - #error Pelican-MAC requires LTC_RIJNDAEL -#endif - -#if defined(LTC_EAX_MODE) && !(defined(LTC_CTR_MODE) && defined(LTC_OMAC)) - #error LTC_EAX_MODE requires CTR and LTC_OMAC mode -#endif - -#if defined(LTC_YARROW) && !defined(LTC_CTR_MODE) - #error LTC_YARROW requires LTC_CTR_MODE chaining mode to be defined! -#endif - -#if defined(LTC_DER) && !defined(LTC_MPI) - #error ASN.1 DER requires MPI functionality -#endif - -#if (defined(LTC_MDSA) || defined(LTC_MRSA) || defined(LTC_MECC) || defined(LTC_MKAT)) && !defined(LTC_DER) - #error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled -#endif - -#if defined(LTC_CHACHA20POLY1305_MODE) && (!defined(LTC_CHACHA) || !defined(LTC_POLY1305)) - #error LTC_CHACHA20POLY1305_MODE requires LTC_CHACHA + LTC_POLY1305 -#endif - -#if defined(LTC_CHACHA20_PRNG) && !defined(LTC_CHACHA) - #error LTC_CHACHA20_PRNG requires LTC_CHACHA -#endif - -#if defined(LTC_RC4) && !defined(LTC_RC4_STREAM) - #error LTC_RC4 requires LTC_RC4_STREAM -#endif - -#if defined(LTC_SOBER128) && !defined(LTC_SOBER128_STREAM) - #error LTC_SOBER128 requires LTC_SOBER128_STREAM -#endif - -#if defined(LTC_BLAKE2SMAC) && !defined(LTC_BLAKE2S) - #error LTC_BLAKE2SMAC requires LTC_BLAKE2S -#endif - -#if defined(LTC_BLAKE2BMAC) && !defined(LTC_BLAKE2B) - #error LTC_BLAKE2BMAC requires LTC_BLAKE2B -#endif - -#if defined(LTC_SPRNG) && !defined(LTC_RNG_GET_BYTES) - #error LTC_SPRNG requires LTC_RNG_GET_BYTES -#endif - -#if defined(LTC_NO_MATH) && (defined(LTM_DESC) || defined(TFM_DESC) || defined(GMP_DESC)) - #error LTC_NO_MATH defined, but also a math descriptor -#endif - -/* THREAD management */ -#ifdef LTC_PTHREAD - -#include <pthread.h> - -#define LTC_MUTEX_GLOBAL(x) pthread_mutex_t x = PTHREAD_MUTEX_INITIALIZER; -#define LTC_MUTEX_PROTO(x) extern pthread_mutex_t x; -#define LTC_MUTEX_TYPE(x) pthread_mutex_t x; -#define LTC_MUTEX_INIT(x) LTC_ARGCHK(pthread_mutex_init(x, NULL) == 0); -#define LTC_MUTEX_LOCK(x) LTC_ARGCHK(pthread_mutex_lock(x) == 0); -#define LTC_MUTEX_UNLOCK(x) LTC_ARGCHK(pthread_mutex_unlock(x) == 0); -#define LTC_MUTEX_DESTROY(x) LTC_ARGCHK(pthread_mutex_destroy(x) == 0); - -#else - -/* default no functions */ -#define LTC_MUTEX_GLOBAL(x) -#define LTC_MUTEX_PROTO(x) -#define LTC_MUTEX_TYPE(x) -#define LTC_MUTEX_INIT(x) -#define LTC_MUTEX_LOCK(x) -#define LTC_MUTEX_UNLOCK(x) -#define LTC_MUTEX_DESTROY(x) - -#endif - -/* Debuggers */ - -/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */ -/* #define LTC_VALGRIND */ - -#endif - -#ifndef LTC_NO_FILE - /* buffer size for reading from a file via fread(..) */ - #ifndef LTC_FILE_READ_BUFSIZE - #define LTC_FILE_READ_BUFSIZE 8192 - #endif -#endif diff --git a/libs/tomcrypt/src/headers/tomcrypt_hash.h b/libs/tomcrypt/src/headers/tomcrypt_hash.h deleted file mode 100644 index bb70c4aa7ef..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_hash.h +++ /dev/null @@ -1,527 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* ---- HASH FUNCTIONS ---- */ -#ifdef LTC_SHA3 -struct sha3_state { - ulong64 saved; /* the portion of the input message that we didn't consume yet */ - ulong64 s[25]; - unsigned char sb[25 * 8]; /* used for storing `ulong64 s[25]` as little-endian bytes */ - unsigned short byte_index; /* 0..7--the next byte after the set one (starts from 0; 0--none are buffered) */ - unsigned short word_index; /* 0..24--the next word to integrate input (starts from 0) */ - unsigned short capacity_words; /* the double size of the hash output in words (e.g. 16 for Keccak 512) */ - unsigned short xof_flag; -}; -#endif - -#ifdef LTC_SHA512 -struct sha512_state { - ulong64 length, state[8]; - unsigned long curlen; - unsigned char buf[128]; -}; -#endif - -#ifdef LTC_SHA256 -struct sha256_state { - ulong64 length; - ulong32 state[8], curlen; - unsigned char buf[64]; -}; -#endif - -#ifdef LTC_SHA1 -struct sha1_state { - ulong64 length; - ulong32 state[5], curlen; - unsigned char buf[64]; -}; -#endif - -#ifdef LTC_MD5 -struct md5_state { - ulong64 length; - ulong32 state[4], curlen; - unsigned char buf[64]; -}; -#endif - -#ifdef LTC_MD4 -struct md4_state { - ulong64 length; - ulong32 state[4], curlen; - unsigned char buf[64]; -}; -#endif - -#ifdef LTC_TIGER -struct tiger_state { - ulong64 state[3], length; - unsigned long curlen; - unsigned char buf[64]; -}; -#endif - -#ifdef LTC_MD2 -struct md2_state { - unsigned char chksum[16], X[48], buf[16]; - unsigned long curlen; -}; -#endif - -#ifdef LTC_RIPEMD128 -struct rmd128_state { - ulong64 length; - unsigned char buf[64]; - ulong32 curlen, state[4]; -}; -#endif - -#ifdef LTC_RIPEMD160 -struct rmd160_state { - ulong64 length; - unsigned char buf[64]; - ulong32 curlen, state[5]; -}; -#endif - -#ifdef LTC_RIPEMD256 -struct rmd256_state { - ulong64 length; - unsigned char buf[64]; - ulong32 curlen, state[8]; -}; -#endif - -#ifdef LTC_RIPEMD320 -struct rmd320_state { - ulong64 length; - unsigned char buf[64]; - ulong32 curlen, state[10]; -}; -#endif - -#ifdef LTC_WHIRLPOOL -struct whirlpool_state { - ulong64 length, state[8]; - unsigned char buf[64]; - ulong32 curlen; -}; -#endif - -#ifdef LTC_CHC_HASH -struct chc_state { - ulong64 length; - unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE]; - ulong32 curlen; -}; -#endif - -#ifdef LTC_BLAKE2S -struct blake2s_state { - ulong32 h[8]; - ulong32 t[2]; - ulong32 f[2]; - unsigned char buf[64]; - unsigned long curlen; - unsigned long outlen; - unsigned char last_node; -}; -#endif - -#ifdef LTC_BLAKE2B -struct blake2b_state { - ulong64 h[8]; - ulong64 t[2]; - ulong64 f[2]; - unsigned char buf[128]; - unsigned long curlen; - unsigned long outlen; - unsigned char last_node; -}; -#endif - -typedef union Hash_state { - char dummy[1]; -#ifdef LTC_CHC_HASH - struct chc_state chc; -#endif -#ifdef LTC_WHIRLPOOL - struct whirlpool_state whirlpool; -#endif -#ifdef LTC_SHA3 - struct sha3_state sha3; -#endif -#ifdef LTC_SHA512 - struct sha512_state sha512; -#endif -#ifdef LTC_SHA256 - struct sha256_state sha256; -#endif -#ifdef LTC_SHA1 - struct sha1_state sha1; -#endif -#ifdef LTC_MD5 - struct md5_state md5; -#endif -#ifdef LTC_MD4 - struct md4_state md4; -#endif -#ifdef LTC_MD2 - struct md2_state md2; -#endif -#ifdef LTC_TIGER - struct tiger_state tiger; -#endif -#ifdef LTC_RIPEMD128 - struct rmd128_state rmd128; -#endif -#ifdef LTC_RIPEMD160 - struct rmd160_state rmd160; -#endif -#ifdef LTC_RIPEMD256 - struct rmd256_state rmd256; -#endif -#ifdef LTC_RIPEMD320 - struct rmd320_state rmd320; -#endif -#ifdef LTC_BLAKE2S - struct blake2s_state blake2s; -#endif -#ifdef LTC_BLAKE2B - struct blake2b_state blake2b; -#endif - - void *data; -} hash_state; - -/** hash descriptor */ -extern struct ltc_hash_descriptor { - /** name of hash */ - const char *name; - /** internal ID */ - unsigned char ID; - /** Size of digest in octets */ - unsigned long hashsize; - /** Input block size in octets */ - unsigned long blocksize; - /** ASN.1 OID */ - unsigned long OID[16]; - /** Length of DER encoding */ - unsigned long OIDlen; - - /** Init a hash state - @param hash The hash to initialize - @return CRYPT_OK if successful - */ - int (*init)(hash_state *hash); - /** Process a block of data - @param hash The hash state - @param in The data to hash - @param inlen The length of the data (octets) - @return CRYPT_OK if successful - */ - int (*process)(hash_state *hash, const unsigned char *in, unsigned long inlen); - /** Produce the digest and store it - @param hash The hash state - @param out [out] The destination of the digest - @return CRYPT_OK if successful - */ - int (*done)(hash_state *hash, unsigned char *out); - /** Self-test - @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled - */ - int (*test)(void); - - /* accelerated hmac callback: if you need to-do multiple packets just use the generic hmac_memory and provide a hash callback */ - int (*hmac_block)(const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - -} hash_descriptor[]; - -#ifdef LTC_CHC_HASH -int chc_register(int cipher); -int chc_init(hash_state * md); -int chc_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int chc_done(hash_state * md, unsigned char *hash); -int chc_test(void); -extern const struct ltc_hash_descriptor chc_desc; -#endif - -#ifdef LTC_WHIRLPOOL -int whirlpool_init(hash_state * md); -int whirlpool_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int whirlpool_done(hash_state * md, unsigned char *hash); -int whirlpool_test(void); -extern const struct ltc_hash_descriptor whirlpool_desc; -#endif - -#ifdef LTC_SHA3 -int sha3_512_init(hash_state * md); -int sha3_512_test(void); -extern const struct ltc_hash_descriptor sha3_512_desc; -int sha3_384_init(hash_state * md); -int sha3_384_test(void); -extern const struct ltc_hash_descriptor sha3_384_desc; -int sha3_256_init(hash_state * md); -int sha3_256_test(void); -extern const struct ltc_hash_descriptor sha3_256_desc; -int sha3_224_init(hash_state * md); -int sha3_224_test(void); -extern const struct ltc_hash_descriptor sha3_224_desc; -/* process + done are the same for all variants */ -int sha3_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int sha3_done(hash_state *md, unsigned char *hash); -/* SHAKE128 + SHAKE256 */ -int sha3_shake_init(hash_state *md, int num); -#define sha3_shake_process(a,b,c) sha3_process(a,b,c) -int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen); -int sha3_shake_test(void); -int sha3_shake_memory(int num, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen); -#endif - -#ifdef LTC_SHA512 -int sha512_init(hash_state * md); -int sha512_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int sha512_done(hash_state * md, unsigned char *hash); -int sha512_test(void); -extern const struct ltc_hash_descriptor sha512_desc; -#endif - -#ifdef LTC_SHA384 -#ifndef LTC_SHA512 - #error LTC_SHA512 is required for LTC_SHA384 -#endif -int sha384_init(hash_state * md); -#define sha384_process sha512_process -int sha384_done(hash_state * md, unsigned char *hash); -int sha384_test(void); -extern const struct ltc_hash_descriptor sha384_desc; -#endif - -#ifdef LTC_SHA512_256 -#ifndef LTC_SHA512 - #error LTC_SHA512 is required for LTC_SHA512_256 -#endif -int sha512_256_init(hash_state * md); -#define sha512_256_process sha512_process -int sha512_256_done(hash_state * md, unsigned char *hash); -int sha512_256_test(void); -extern const struct ltc_hash_descriptor sha512_256_desc; -#endif - -#ifdef LTC_SHA512_224 -#ifndef LTC_SHA512 - #error LTC_SHA512 is required for LTC_SHA512_224 -#endif -int sha512_224_init(hash_state * md); -#define sha512_224_process sha512_process -int sha512_224_done(hash_state * md, unsigned char *hash); -int sha512_224_test(void); -extern const struct ltc_hash_descriptor sha512_224_desc; -#endif - -#ifdef LTC_SHA256 -int sha256_init(hash_state * md); -int sha256_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int sha256_done(hash_state * md, unsigned char *hash); -int sha256_test(void); -extern const struct ltc_hash_descriptor sha256_desc; - -#ifdef LTC_SHA224 -#ifndef LTC_SHA256 - #error LTC_SHA256 is required for LTC_SHA224 -#endif -int sha224_init(hash_state * md); -#define sha224_process sha256_process -int sha224_done(hash_state * md, unsigned char *hash); -int sha224_test(void); -extern const struct ltc_hash_descriptor sha224_desc; -#endif -#endif - -#ifdef LTC_SHA1 -int sha1_init(hash_state * md); -int sha1_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int sha1_done(hash_state * md, unsigned char *hash); -int sha1_test(void); -extern const struct ltc_hash_descriptor sha1_desc; -#endif - -#ifdef LTC_BLAKE2S -extern const struct ltc_hash_descriptor blake2s_256_desc; -int blake2s_256_init(hash_state * md); -int blake2s_256_test(void); - -extern const struct ltc_hash_descriptor blake2s_224_desc; -int blake2s_224_init(hash_state * md); -int blake2s_224_test(void); - -extern const struct ltc_hash_descriptor blake2s_160_desc; -int blake2s_160_init(hash_state * md); -int blake2s_160_test(void); - -extern const struct ltc_hash_descriptor blake2s_128_desc; -int blake2s_128_init(hash_state * md); -int blake2s_128_test(void); - -int blake2s_init(hash_state * md, unsigned long outlen, const unsigned char *key, unsigned long keylen); -int blake2s_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int blake2s_done(hash_state * md, unsigned char *hash); -#endif - -#ifdef LTC_BLAKE2B -extern const struct ltc_hash_descriptor blake2b_512_desc; -int blake2b_512_init(hash_state * md); -int blake2b_512_test(void); - -extern const struct ltc_hash_descriptor blake2b_384_desc; -int blake2b_384_init(hash_state * md); -int blake2b_384_test(void); - -extern const struct ltc_hash_descriptor blake2b_256_desc; -int blake2b_256_init(hash_state * md); -int blake2b_256_test(void); - -extern const struct ltc_hash_descriptor blake2b_160_desc; -int blake2b_160_init(hash_state * md); -int blake2b_160_test(void); - -int blake2b_init(hash_state * md, unsigned long outlen, const unsigned char *key, unsigned long keylen); -int blake2b_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int blake2b_done(hash_state * md, unsigned char *hash); -#endif - -#ifdef LTC_MD5 -int md5_init(hash_state * md); -int md5_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int md5_done(hash_state * md, unsigned char *hash); -int md5_test(void); -extern const struct ltc_hash_descriptor md5_desc; -#endif - -#ifdef LTC_MD4 -int md4_init(hash_state * md); -int md4_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int md4_done(hash_state * md, unsigned char *hash); -int md4_test(void); -extern const struct ltc_hash_descriptor md4_desc; -#endif - -#ifdef LTC_MD2 -int md2_init(hash_state * md); -int md2_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int md2_done(hash_state * md, unsigned char *hash); -int md2_test(void); -extern const struct ltc_hash_descriptor md2_desc; -#endif - -#ifdef LTC_TIGER -int tiger_init(hash_state * md); -int tiger_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int tiger_done(hash_state * md, unsigned char *hash); -int tiger_test(void); -extern const struct ltc_hash_descriptor tiger_desc; -#endif - -#ifdef LTC_RIPEMD128 -int rmd128_init(hash_state * md); -int rmd128_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int rmd128_done(hash_state * md, unsigned char *hash); -int rmd128_test(void); -extern const struct ltc_hash_descriptor rmd128_desc; -#endif - -#ifdef LTC_RIPEMD160 -int rmd160_init(hash_state * md); -int rmd160_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int rmd160_done(hash_state * md, unsigned char *hash); -int rmd160_test(void); -extern const struct ltc_hash_descriptor rmd160_desc; -#endif - -#ifdef LTC_RIPEMD256 -int rmd256_init(hash_state * md); -int rmd256_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int rmd256_done(hash_state * md, unsigned char *hash); -int rmd256_test(void); -extern const struct ltc_hash_descriptor rmd256_desc; -#endif - -#ifdef LTC_RIPEMD320 -int rmd320_init(hash_state * md); -int rmd320_process(hash_state * md, const unsigned char *in, unsigned long inlen); -int rmd320_done(hash_state * md, unsigned char *hash); -int rmd320_test(void); -extern const struct ltc_hash_descriptor rmd320_desc; -#endif - - -int find_hash(const char *name); -int find_hash_id(unsigned char ID); -int find_hash_oid(const unsigned long *ID, unsigned long IDlen); -int find_hash_any(const char *name, int digestlen); -int register_hash(const struct ltc_hash_descriptor *hash); -int unregister_hash(const struct ltc_hash_descriptor *hash); -int register_all_hashes(void); -int hash_is_valid(int idx); - -LTC_MUTEX_PROTO(ltc_hash_mutex) - -int hash_memory(int hash, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int hash_memory_multi(int hash, unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...); - -#ifndef LTC_NO_FILE -int hash_filehandle(int hash, FILE *in, unsigned char *out, unsigned long *outlen); -int hash_file(int hash, const char *fname, unsigned char *out, unsigned long *outlen); -#endif - -/* a simple macro for making hash "process" functions */ -#define HASH_PROCESS(func_name, compress_name, state_var, block_size) \ -int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \ -{ \ - unsigned long n; \ - int err; \ - LTC_ARGCHK(md != NULL); \ - LTC_ARGCHK(in != NULL); \ - if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \ - return CRYPT_INVALID_ARG; \ - } \ - if ((md-> state_var .length + inlen) < md-> state_var .length) { \ - return CRYPT_HASH_OVERFLOW; \ - } \ - while (inlen > 0) { \ - if (md-> state_var .curlen == 0 && inlen >= block_size) { \ - if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \ - return err; \ - } \ - md-> state_var .length += block_size * 8; \ - in += block_size; \ - inlen -= block_size; \ - } else { \ - n = MIN(inlen, (block_size - md-> state_var .curlen)); \ - XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ - md-> state_var .curlen += n; \ - in += n; \ - inlen -= n; \ - if (md-> state_var .curlen == block_size) { \ - if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \ - return err; \ - } \ - md-> state_var .length += 8*block_size; \ - md-> state_var .curlen = 0; \ - } \ - } \ - } \ - return CRYPT_OK; \ -} diff --git a/libs/tomcrypt/src/headers/tomcrypt_mac.h b/libs/tomcrypt/src/headers/tomcrypt_mac.h deleted file mode 100644 index 70378ff61de..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_mac.h +++ /dev/null @@ -1,561 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#ifdef LTC_HMAC -typedef struct Hmac_state { - hash_state md; - int hash; - hash_state hashstate; - unsigned char *key; -} hmac_state; - -int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen); -int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen); -int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen); -int hmac_test(void); -int hmac_memory(int hash, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int hmac_memory_multi(int hash, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...); -int hmac_file(int hash, const char *fname, const unsigned char *key, - unsigned long keylen, - unsigned char *dst, unsigned long *dstlen); -#endif - -#ifdef LTC_OMAC - -typedef struct { - int cipher_idx, - buflen, - blklen; - unsigned char block[MAXBLOCKSIZE], - prev[MAXBLOCKSIZE], - Lu[2][MAXBLOCKSIZE]; - symmetric_key key; -} omac_state; - -int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen); -int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen); -int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen); -int omac_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int omac_memory_multi(int cipher, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...); -int omac_file(int cipher, - const unsigned char *key, unsigned long keylen, - const char *filename, - unsigned char *out, unsigned long *outlen); -int omac_test(void); -#endif /* LTC_OMAC */ - -#ifdef LTC_PMAC - -typedef struct { - unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ - Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ - Lr[MAXBLOCKSIZE], /* L * x^-1 */ - block[MAXBLOCKSIZE], /* currently accumulated block */ - checksum[MAXBLOCKSIZE]; /* current checksum */ - - symmetric_key key; /* scheduled key for cipher */ - unsigned long block_index; /* index # for current block */ - int cipher_idx, /* cipher idx */ - block_len, /* length of block */ - buflen; /* number of bytes in the buffer */ -} pmac_state; - -int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen); -int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen); -int pmac_done(pmac_state *pmac, unsigned char *out, unsigned long *outlen); - -int pmac_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *msg, unsigned long msglen, - unsigned char *out, unsigned long *outlen); - -int pmac_memory_multi(int cipher, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...); - -int pmac_file(int cipher, - const unsigned char *key, unsigned long keylen, - const char *filename, - unsigned char *out, unsigned long *outlen); - -int pmac_test(void); - -/* internal functions */ -int pmac_ntz(unsigned long x); -void pmac_shift_xor(pmac_state *pmac); - -#endif /* PMAC */ - -#ifdef LTC_POLY1305 -typedef struct { - ulong32 r[5]; - ulong32 h[5]; - ulong32 pad[4]; - unsigned long leftover; - unsigned char buffer[16]; - int final; -} poly1305_state; - -int poly1305_init(poly1305_state *st, const unsigned char *key, unsigned long keylen); -int poly1305_process(poly1305_state *st, const unsigned char *in, unsigned long inlen); -int poly1305_done(poly1305_state *st, unsigned char *mac, unsigned long *maclen); -int poly1305_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen); -int poly1305_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...); -int poly1305_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen); -int poly1305_test(void); -#endif /* LTC_POLY1305 */ - -#ifdef LTC_BLAKE2SMAC -typedef hash_state blake2smac_state; -int blake2smac_init(blake2smac_state *st, unsigned long outlen, const unsigned char *key, unsigned long keylen); -int blake2smac_process(blake2smac_state *st, const unsigned char *in, unsigned long inlen); -int blake2smac_done(blake2smac_state *st, unsigned char *mac, unsigned long *maclen); -int blake2smac_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen); -int blake2smac_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...); -int blake2smac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen); -int blake2smac_test(void); -#endif /* LTC_BLAKE2SMAC */ - -#ifdef LTC_BLAKE2BMAC -typedef hash_state blake2bmac_state; -int blake2bmac_init(blake2bmac_state *st, unsigned long outlen, const unsigned char *key, unsigned long keylen); -int blake2bmac_process(blake2bmac_state *st, const unsigned char *in, unsigned long inlen); -int blake2bmac_done(blake2bmac_state *st, unsigned char *mac, unsigned long *maclen); -int blake2bmac_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen); -int blake2bmac_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...); -int blake2bmac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen); -int blake2bmac_test(void); -#endif /* LTC_BLAKE2BMAC */ - -#ifdef LTC_EAX_MODE - -#if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE)) - #error LTC_EAX_MODE requires LTC_OMAC and CTR -#endif - -typedef struct { - unsigned char N[MAXBLOCKSIZE]; - symmetric_CTR ctr; - omac_state headeromac, ctomac; -} eax_state; - -int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen); - -int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length); -int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length); -int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length); -int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen); - -int eax_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -int eax_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - unsigned char *tag, unsigned long taglen, - int *stat); - - int eax_test(void); -#endif /* EAX MODE */ - -#ifdef LTC_OCB_MODE -typedef struct { - unsigned char L[MAXBLOCKSIZE], /* L value */ - Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ - Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */ - Lr[MAXBLOCKSIZE], /* L * x^-1 */ - R[MAXBLOCKSIZE], /* R value */ - checksum[MAXBLOCKSIZE]; /* current checksum */ - - symmetric_key key; /* scheduled key for cipher */ - unsigned long block_index; /* index # for current block */ - int cipher, /* cipher idx */ - block_len; /* length of block */ -} ocb_state; - -int ocb_init(ocb_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, const unsigned char *nonce); - -int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct); -int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt); - -int ocb_done_encrypt(ocb_state *ocb, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -int ocb_done_decrypt(ocb_state *ocb, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, int *stat); - -int ocb_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -int ocb_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat); - -int ocb_test(void); - -/* internal functions */ -void ocb_shift_xor(ocb_state *ocb, unsigned char *Z); -int ocb_ntz(unsigned long x); -int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode); - -#endif /* LTC_OCB_MODE */ - -#ifdef LTC_OCB3_MODE -typedef struct { - unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */ - Offset_current[MAXBLOCKSIZE], /* Offset_{current_block_index} value */ - L_dollar[MAXBLOCKSIZE], /* L_$ value */ - L_star[MAXBLOCKSIZE], /* L_* value */ - L_[32][MAXBLOCKSIZE], /* L_{i} values */ - tag_part[MAXBLOCKSIZE], /* intermediate result of tag calculation */ - checksum[MAXBLOCKSIZE]; /* current checksum */ - - /* AAD related members */ - unsigned char aSum_current[MAXBLOCKSIZE], /* AAD related helper variable */ - aOffset_current[MAXBLOCKSIZE], /* AAD related helper variable */ - adata_buffer[MAXBLOCKSIZE]; /* AAD buffer */ - int adata_buffer_bytes; /* bytes in AAD buffer */ - unsigned long ablock_index; /* index # for current adata (AAD) block */ - - symmetric_key key; /* scheduled key for cipher */ - unsigned long block_index; /* index # for current data block */ - int cipher, /* cipher idx */ - tag_len, /* length of tag */ - block_len; /* length of block */ -} ocb3_state; - -int ocb3_init(ocb3_state *ocb, int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - unsigned long taglen); - -int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct); -int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt); -int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct); -int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt); -int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen); -int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen); - -int ocb3_encrypt_authenticate_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *adata, unsigned long adatalen, - const unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen); - -int ocb3_decrypt_verify_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *adata, unsigned long adatalen, - const unsigned char *ct, unsigned long ctlen, - unsigned char *pt, - const unsigned char *tag, unsigned long taglen, - int *stat); - -int ocb3_test(void); - -#ifdef LTC_SOURCE -/* internal helper functions */ -int ocb3_int_ntz(unsigned long x); -void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len); -#endif /* LTC_SOURCE */ - -#endif /* LTC_OCB3_MODE */ - -#ifdef LTC_CCM_MODE - -#define CCM_ENCRYPT LTC_ENCRYPT -#define CCM_DECRYPT LTC_DECRYPT - -typedef struct { - symmetric_key K; - int cipher, /* which cipher */ - taglen, /* length of the tag */ - x; /* index in PAD */ - - unsigned long L, /* L value */ - ptlen, /* length that will be enc / dec */ - current_ptlen, /* current processed length */ - aadlen, /* length of the aad */ - current_aadlen, /* length of the currently provided add */ - noncelen; /* length of the nonce */ - - unsigned char PAD[16], - ctr[16], - CTRPAD[16], - CTRlen; -} ccm_state; - -int ccm_init(ccm_state *ccm, int cipher, - const unsigned char *key, int keylen, int ptlen, int taglen, int aad_len); - -int ccm_reset(ccm_state *ccm); - -int ccm_add_nonce(ccm_state *ccm, - const unsigned char *nonce, unsigned long noncelen); - -int ccm_add_aad(ccm_state *ccm, - const unsigned char *adata, unsigned long adatalen); - -int ccm_process(ccm_state *ccm, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - int direction); - -int ccm_done(ccm_state *ccm, - unsigned char *tag, unsigned long *taglen); - -int ccm_memory(int cipher, - const unsigned char *key, unsigned long keylen, - symmetric_key *uskey, - const unsigned char *nonce, unsigned long noncelen, - const unsigned char *header, unsigned long headerlen, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen, - int direction); - -int ccm_test(void); - -#endif /* LTC_CCM_MODE */ - -#if defined(LRW_MODE) || defined(LTC_GCM_MODE) -void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c); -#endif - - -/* table shared between GCM and LRW */ -#if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST)) -extern const unsigned char gcm_shift_table[]; -#endif - -#ifdef LTC_GCM_MODE - -#define GCM_ENCRYPT LTC_ENCRYPT -#define GCM_DECRYPT LTC_DECRYPT - -#define LTC_GCM_MODE_IV 0 -#define LTC_GCM_MODE_AAD 1 -#define LTC_GCM_MODE_TEXT 2 - -typedef struct { - symmetric_key K; - unsigned char H[16], /* multiplier */ - X[16], /* accumulator */ - Y[16], /* counter */ - Y_0[16], /* initial counter */ - buf[16]; /* buffer for stuff */ - - int cipher, /* which cipher */ - ivmode, /* Which mode is the IV in? */ - mode, /* mode the GCM code is in */ - buflen; /* length of data in buf */ - - ulong64 totlen, /* 64-bit counter used for IV and AAD */ - pttotlen; /* 64-bit counter for the PT */ - -#ifdef LTC_GCM_TABLES - unsigned char PC[16][256][16] /* 16 tables of 8x128 */ -#ifdef LTC_GCM_TABLES_SSE2 -__attribute__ ((aligned (16))) -#endif -; -#endif -} gcm_state; - -void gcm_mult_h(gcm_state *gcm, unsigned char *I); - -int gcm_init(gcm_state *gcm, int cipher, - const unsigned char *key, int keylen); - -int gcm_reset(gcm_state *gcm); - -int gcm_add_iv(gcm_state *gcm, - const unsigned char *IV, unsigned long IVlen); - -int gcm_add_aad(gcm_state *gcm, - const unsigned char *adata, unsigned long adatalen); - -int gcm_process(gcm_state *gcm, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - int direction); - -int gcm_done(gcm_state *gcm, - unsigned char *tag, unsigned long *taglen); - -int gcm_memory( int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *IV, unsigned long IVlen, - const unsigned char *adata, unsigned long adatalen, - unsigned char *pt, unsigned long ptlen, - unsigned char *ct, - unsigned char *tag, unsigned long *taglen, - int direction); -int gcm_test(void); - -#endif /* LTC_GCM_MODE */ - -#ifdef LTC_PELICAN - -typedef struct pelican_state -{ - symmetric_key K; - unsigned char state[16]; - int buflen; -} pelican_state; - -int pelican_init(pelican_state *pelmac, const unsigned char *key, unsigned long keylen); -int pelican_process(pelican_state *pelmac, const unsigned char *in, unsigned long inlen); -int pelican_done(pelican_state *pelmac, unsigned char *out); -int pelican_test(void); - -int pelican_memory(const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out); - -#endif - -#ifdef LTC_XCBC - -/* add this to "keylen" to xcbc_init to use a pure three-key XCBC MAC */ -#define LTC_XCBC_PURE 0x8000UL - -typedef struct { - unsigned char K[3][MAXBLOCKSIZE], - IV[MAXBLOCKSIZE]; - - symmetric_key key; - - int cipher, - buflen, - blocksize; -} xcbc_state; - -int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen); -int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen); -int xcbc_done(xcbc_state *xcbc, unsigned char *out, unsigned long *outlen); -int xcbc_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int xcbc_memory_multi(int cipher, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...); -int xcbc_file(int cipher, - const unsigned char *key, unsigned long keylen, - const char *filename, - unsigned char *out, unsigned long *outlen); -int xcbc_test(void); - -#endif - -#ifdef LTC_F9_MODE - -typedef struct { - unsigned char akey[MAXBLOCKSIZE], - ACC[MAXBLOCKSIZE], - IV[MAXBLOCKSIZE]; - - symmetric_key key; - - int cipher, - buflen, - keylen, - blocksize; -} f9_state; - -int f9_init(f9_state *f9, int cipher, const unsigned char *key, unsigned long keylen); -int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen); -int f9_done(f9_state *f9, unsigned char *out, unsigned long *outlen); -int f9_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int f9_memory_multi(int cipher, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...); -int f9_file(int cipher, - const unsigned char *key, unsigned long keylen, - const char *filename, - unsigned char *out, unsigned long *outlen); -int f9_test(void); - -#endif - -#ifdef LTC_CHACHA20POLY1305_MODE - -typedef struct { - poly1305_state poly; - chacha_state chacha; - ulong64 aadlen; - ulong64 ctlen; - int aadflg; -} chacha20poly1305_state; - -#define CHACHA20POLY1305_ENCRYPT LTC_ENCRYPT -#define CHACHA20POLY1305_DECRYPT LTC_DECRYPT - -int chacha20poly1305_init(chacha20poly1305_state *st, const unsigned char *key, unsigned long keylen); -int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen); -int chacha20poly1305_setiv_rfc7905(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 sequence_number); -int chacha20poly1305_add_aad(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen); -int chacha20poly1305_encrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); -int chacha20poly1305_decrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out); -int chacha20poly1305_done(chacha20poly1305_state *st, unsigned char *tag, unsigned long *taglen); -int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen, - const unsigned char *iv, unsigned long ivlen, - const unsigned char *aad, unsigned long aadlen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, - unsigned char *tag, unsigned long *taglen, - int direction); -int chacha20poly1305_test(void); - -#endif /* LTC_CHACHA20POLY1305_MODE */ diff --git a/libs/tomcrypt/src/headers/tomcrypt_macros.h b/libs/tomcrypt/src/headers/tomcrypt_macros.h deleted file mode 100644 index 19ec63bdd1b..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_macros.h +++ /dev/null @@ -1,442 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* ---- HELPER MACROS ---- */ -#ifdef ENDIAN_NEUTRAL - -#define STORE32L(x, y) \ - do { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) - -#define LOAD32L(x, y) \ - do { x = ((ulong32)((y)[3] & 255)<<24) | \ - ((ulong32)((y)[2] & 255)<<16) | \ - ((ulong32)((y)[1] & 255)<<8) | \ - ((ulong32)((y)[0] & 255)); } while(0) - -#define STORE64L(x, y) \ - do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ - (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ - (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) - -#define LOAD64L(x, y) \ - do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ - (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ - (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) - -#define STORE32H(x, y) \ - do { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ - (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } while(0) - -#define LOAD32H(x, y) \ - do { x = ((ulong32)((y)[0] & 255)<<24) | \ - ((ulong32)((y)[1] & 255)<<16) | \ - ((ulong32)((y)[2] & 255)<<8) | \ - ((ulong32)((y)[3] & 255)); } while(0) - -#define STORE64H(x, y) \ -do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ - (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ - (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) - -#define LOAD64H(x, y) \ -do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ - (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ - (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ - (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } while(0) - - -#elif defined(ENDIAN_LITTLE) - -#ifdef LTC_HAVE_BSWAP_BUILTIN - -#define STORE32H(x, y) \ -do { ulong32 __t = __builtin_bswap32 ((x)); \ - XMEMCPY ((y), &__t, 4); } while(0) - -#define LOAD32H(x, y) \ -do { XMEMCPY (&(x), (y), 4); \ - (x) = __builtin_bswap32 ((x)); } while(0) - -#elif !defined(LTC_NO_BSWAP) && (defined(INTEL_CC) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__) || defined(__x86_64__)))) - -#define STORE32H(x, y) \ -asm __volatile__ ( \ - "bswapl %0 \n\t" \ - "movl %0,(%1)\n\t" \ - "bswapl %0 \n\t" \ - ::"r"(x), "r"(y)); - -#define LOAD32H(x, y) \ -asm __volatile__ ( \ - "movl (%1),%0\n\t" \ - "bswapl %0\n\t" \ - :"=r"(x): "r"(y)); - -#else - -#define STORE32H(x, y) \ - do { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \ - (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } while(0) - -#define LOAD32H(x, y) \ - do { x = ((ulong32)((y)[0] & 255)<<24) | \ - ((ulong32)((y)[1] & 255)<<16) | \ - ((ulong32)((y)[2] & 255)<<8) | \ - ((ulong32)((y)[3] & 255)); } while(0) - -#endif - -#ifdef LTC_HAVE_BSWAP_BUILTIN - -#define STORE64H(x, y) \ -do { ulong64 __t = __builtin_bswap64 ((x)); \ - XMEMCPY ((y), &__t, 8); } while(0) - -#define LOAD64H(x, y) \ -do { XMEMCPY (&(x), (y), 8); \ - (x) = __builtin_bswap64 ((x)); } while(0) - -/* x86_64 processor */ -#elif !defined(LTC_NO_BSWAP) && (defined(__GNUC__) && defined(__x86_64__)) - -#define STORE64H(x, y) \ -asm __volatile__ ( \ - "bswapq %0 \n\t" \ - "movq %0,(%1)\n\t" \ - "bswapq %0 \n\t" \ - ::"r"(x), "r"(y): "memory"); - -#define LOAD64H(x, y) \ -asm __volatile__ ( \ - "movq (%1),%0\n\t" \ - "bswapq %0\n\t" \ - :"=r"(x): "r"(y): "memory"); - -#else - -#define STORE64H(x, y) \ -do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ - (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ - (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) - -#define LOAD64H(x, y) \ -do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \ - (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \ - (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \ - (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } while(0) - -#endif - -#ifdef ENDIAN_32BITWORD - -#define STORE32L(x, y) \ - do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) - -#define LOAD32L(x, y) \ - do { XMEMCPY(&(x), y, 4); } while(0) - -#define STORE64L(x, y) \ - do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ - (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ - (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) - -#define LOAD64L(x, y) \ - do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \ - (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \ - (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) - -#else /* 64-bit words then */ - -#define STORE32L(x, y) \ - do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) - -#define LOAD32L(x, y) \ - do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0) - -#define STORE64L(x, y) \ - do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0) - -#define LOAD64L(x, y) \ - do { XMEMCPY(&(x), y, 8); } while(0) - -#endif /* ENDIAN_64BITWORD */ - -#elif defined(ENDIAN_BIG) - -#define STORE32L(x, y) \ - do { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) - -#define LOAD32L(x, y) \ - do { x = ((ulong32)((y)[3] & 255)<<24) | \ - ((ulong32)((y)[2] & 255)<<16) | \ - ((ulong32)((y)[1] & 255)<<8) | \ - ((ulong32)((y)[0] & 255)); } while(0) - -#define STORE64L(x, y) \ -do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \ - (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \ - (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \ - (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0) - -#define LOAD64L(x, y) \ -do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \ - (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32) | \ - (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16) | \ - (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0) - -#ifdef ENDIAN_32BITWORD - -#define STORE32H(x, y) \ - do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) - -#define LOAD32H(x, y) \ - do { XMEMCPY(&(x), y, 4); } while(0) - -#define STORE64H(x, y) \ - do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \ - (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \ - (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \ - (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0) - -#define LOAD64H(x, y) \ - do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \ - (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32)| \ - (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16)| \ - (((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); } while(0) - -#else /* 64-bit words then */ - -#define STORE32H(x, y) \ - do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0) - -#define LOAD32H(x, y) \ - do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0) - -#define STORE64H(x, y) \ - do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0) - -#define LOAD64H(x, y) \ - do { XMEMCPY(&(x), y, 8); } while(0) - -#endif /* ENDIAN_64BITWORD */ -#endif /* ENDIAN_BIG */ - -#define BSWAP(x) ( ((x>>24)&0x000000FFUL) | ((x<<24)&0xFF000000UL) | \ - ((x>>8)&0x0000FF00UL) | ((x<<8)&0x00FF0000UL) ) - - -/* 32-bit Rotates */ -#if defined(_MSC_VER) -#define LTC_ROx_ASM - -/* instrinsic rotate */ -#include <stdlib.h> -#pragma intrinsic(_lrotr,_lrotl) -#define ROR(x,n) _lrotr(x,n) -#define ROL(x,n) _lrotl(x,n) -#define RORc(x,n) _lrotr(x,n) -#define ROLc(x,n) _lrotl(x,n) - -#elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM) -#define LTC_ROx_ASM - -static inline ulong32 ROL(ulong32 word, int i) -{ - asm ("roll %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; -} - -static inline ulong32 ROR(ulong32 word, int i) -{ - asm ("rorl %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; -} - -#ifndef LTC_NO_ROLC - -#define ROLc(word,i) ({ \ - ulong32 __ROLc_tmp = (word); \ - __asm__ ("roll %2, %0" : \ - "=r" (__ROLc_tmp) : \ - "0" (__ROLc_tmp), \ - "I" (i)); \ - __ROLc_tmp; \ - }) -#define RORc(word,i) ({ \ - ulong32 __RORc_tmp = (word); \ - __asm__ ("rorl %2, %0" : \ - "=r" (__RORc_tmp) : \ - "0" (__RORc_tmp), \ - "I" (i)); \ - __RORc_tmp; \ - }) - -#else - -#define ROLc ROL -#define RORc ROR - -#endif - -#elif !defined(__STRICT_ANSI__) && defined(LTC_PPC32) -#define LTC_ROx_ASM - -static inline ulong32 ROL(ulong32 word, int i) -{ - asm ("rotlw %0,%0,%2" - :"=r" (word) - :"0" (word),"r" (i)); - return word; -} - -static inline ulong32 ROR(ulong32 word, int i) -{ - asm ("rotlw %0,%0,%2" - :"=r" (word) - :"0" (word),"r" (32-i)); - return word; -} - -#ifndef LTC_NO_ROLC - -static inline ulong32 ROLc(ulong32 word, const int i) -{ - asm ("rotlwi %0,%0,%2" - :"=r" (word) - :"0" (word),"I" (i)); - return word; -} - -static inline ulong32 RORc(ulong32 word, const int i) -{ - asm ("rotrwi %0,%0,%2" - :"=r" (word) - :"0" (word),"I" (i)); - return word; -} - -#else - -#define ROLc ROL -#define RORc ROR - -#endif - - -#else - -/* rotates the hard way */ -#define ROL(x, y) ( (((ulong32)(x)<<(ulong32)((y)&31)) | (((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) -#define ROR(x, y) ( ((((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((y)&31)) | ((ulong32)(x)<<(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) -#define ROLc(x, y) ( (((ulong32)(x)<<(ulong32)((y)&31)) | (((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) -#define RORc(x, y) ( ((((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((y)&31)) | ((ulong32)(x)<<(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL) - -#endif - - -/* 64-bit Rotates */ -#if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(_WIN64) && !defined(LTC_NO_ASM) - -static inline ulong64 ROL64(ulong64 word, int i) -{ - asm("rolq %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; -} - -static inline ulong64 ROR64(ulong64 word, int i) -{ - asm("rorq %%cl,%0" - :"=r" (word) - :"0" (word),"c" (i)); - return word; -} - -#ifndef LTC_NO_ROLC - -#define ROL64c(word,i) ({ \ - ulong64 __ROL64c_tmp = word; \ - __asm__ ("rolq %2, %0" : \ - "=r" (__ROL64c_tmp) : \ - "0" (__ROL64c_tmp), \ - "J" (i)); \ - __ROL64c_tmp; \ - }) -#define ROR64c(word,i) ({ \ - ulong64 __ROR64c_tmp = word; \ - __asm__ ("rorq %2, %0" : \ - "=r" (__ROR64c_tmp) : \ - "0" (__ROR64c_tmp), \ - "J" (i)); \ - __ROR64c_tmp; \ - }) - -#else /* LTC_NO_ROLC */ - -#define ROL64c ROL64 -#define ROR64c ROR64 - -#endif - -#else /* Not x86_64 */ - -#define ROL64(x, y) \ - ( (((x)<<((ulong64)(y)&63)) | \ - (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROR64(x, y) \ - ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ - ((x)<<(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROL64c(x, y) \ - ( (((x)<<((ulong64)(y)&63)) | \ - (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#define ROR64c(x, y) \ - ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \ - ((x)<<(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF)) - -#endif - -#ifndef MAX - #define MAX(x, y) ( ((x)>(y))?(x):(y) ) -#endif - -#ifndef MIN - #define MIN(x, y) ( ((x)<(y))?(x):(y) ) -#endif - -#ifndef LTC_UNUSED_PARAM - #define LTC_UNUSED_PARAM(x) (void)(x) -#endif - -/* extract a byte portably */ -#ifdef _MSC_VER - #define byte(x, n) ((unsigned char)((x) >> (8 * (n)))) -#else - #define byte(x, n) (((x) >> (8 * (n))) & 255) -#endif - -/* there is no snprintf before Visual C++ 2015 */ -#if defined(_MSC_VER) && _MSC_VER < 1900 -#define snprintf _snprintf -#endif diff --git a/libs/tomcrypt/src/headers/tomcrypt_math.h b/libs/tomcrypt/src/headers/tomcrypt_math.h deleted file mode 100644 index 986c026c2fb..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_math.h +++ /dev/null @@ -1,579 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/** math functions **/ - -#define LTC_MP_LT -1 -#define LTC_MP_EQ 0 -#define LTC_MP_GT 1 - -#define LTC_MP_NO 0 -#define LTC_MP_YES 1 - -#ifndef LTC_MECC - typedef void ecc_point; -#endif - -#ifndef LTC_MRSA - typedef void rsa_key; -#endif - -#ifndef LTC_MILLER_RABIN_REPS - /* Number of rounds of the Miller-Rabin test - * "Reasonable values of reps are between 15 and 50." c.f. gmp doc of mpz_probab_prime_p() - * As of https://security.stackexchange.com/a/4546 we should use 40 rounds */ - #define LTC_MILLER_RABIN_REPS 40 -#endif - -int radix_to_bin(const void *in, int radix, void *out, unsigned long *len); - -/** math descriptor */ -typedef struct { - /** Name of the math provider */ - const char *name; - - /** Bits per digit, amount of bits must fit in an unsigned long */ - int bits_per_digit; - -/* ---- init/deinit functions ---- */ - - /** initialize a bignum - @param a The number to initialize - @return CRYPT_OK on success - */ - int (*init)(void **a); - - /** init copy - @param dst The number to initialize and write to - @param src The number to copy from - @return CRYPT_OK on success - */ - int (*init_copy)(void **dst, void *src); - - /** deinit - @param a The number to free - @return CRYPT_OK on success - */ - void (*deinit)(void *a); - -/* ---- data movement ---- */ - - /** negate - @param src The number to negate - @param dst The destination - @return CRYPT_OK on success - */ - int (*neg)(void *src, void *dst); - - /** copy - @param src The number to copy from - @param dst The number to write to - @return CRYPT_OK on success - */ - int (*copy)(void *src, void *dst); - -/* ---- trivial low level functions ---- */ - - /** set small constant - @param a Number to write to - @param n Source upto bits_per_digit (actually meant for very small constants) - @return CRYPT_OK on success - */ - int (*set_int)(void *a, ltc_mp_digit n); - - /** get small constant - @param a Small number to read, - only fetches up to bits_per_digit from the number - @return The lower bits_per_digit of the integer (unsigned) - */ - unsigned long (*get_int)(void *a); - - /** get digit n - @param a The number to read from - @param n The number of the digit to fetch - @return The bits_per_digit sized n'th digit of a - */ - ltc_mp_digit (*get_digit)(void *a, int n); - - /** Get the number of digits that represent the number - @param a The number to count - @return The number of digits used to represent the number - */ - int (*get_digit_count)(void *a); - - /** compare two integers - @param a The left side integer - @param b The right side integer - @return LTC_MP_LT if a < b, - LTC_MP_GT if a > b and - LTC_MP_EQ otherwise. (signed comparison) - */ - int (*compare)(void *a, void *b); - - /** compare against int - @param a The left side integer - @param b The right side integer (upto bits_per_digit) - @return LTC_MP_LT if a < b, - LTC_MP_GT if a > b and - LTC_MP_EQ otherwise. (signed comparison) - */ - int (*compare_d)(void *a, ltc_mp_digit n); - - /** Count the number of bits used to represent the integer - @param a The integer to count - @return The number of bits required to represent the integer - */ - int (*count_bits)(void * a); - - /** Count the number of LSB bits which are zero - @param a The integer to count - @return The number of contiguous zero LSB bits - */ - int (*count_lsb_bits)(void *a); - - /** Compute a power of two - @param a The integer to store the power in - @param n The power of two you want to store (a = 2^n) - @return CRYPT_OK on success - */ - int (*twoexpt)(void *a , int n); - -/* ---- radix conversions ---- */ - - /** read ascii string - @param a The integer to store into - @param str The string to read - @param radix The radix the integer has been represented in (2-64) - @return CRYPT_OK on success - */ - int (*read_radix)(void *a, const char *str, int radix); - - /** write number to string - @param a The integer to store - @param str The destination for the string - @param radix The radix the integer is to be represented in (2-64) - @return CRYPT_OK on success - */ - int (*write_radix)(void *a, char *str, int radix); - - /** get size as unsigned char string - @param a The integer to get the size (when stored in array of octets) - @return The length of the integer in octets - */ - unsigned long (*unsigned_size)(void *a); - - /** store an integer as an array of octets - @param src The integer to store - @param dst The buffer to store the integer in - @return CRYPT_OK on success - */ - int (*unsigned_write)(void *src, unsigned char *dst); - - /** read an array of octets and store as integer - @param dst The integer to load - @param src The array of octets - @param len The number of octets - @return CRYPT_OK on success - */ - int (*unsigned_read)( void *dst, - unsigned char *src, - unsigned long len); - -/* ---- basic math ---- */ - - /** add two integers - @param a The first source integer - @param b The second source integer - @param c The destination of "a + b" - @return CRYPT_OK on success - */ - int (*add)(void *a, void *b, void *c); - - /** add two integers - @param a The first source integer - @param b The second source integer - (single digit of upto bits_per_digit in length) - @param c The destination of "a + b" - @return CRYPT_OK on success - */ - int (*addi)(void *a, ltc_mp_digit b, void *c); - - /** subtract two integers - @param a The first source integer - @param b The second source integer - @param c The destination of "a - b" - @return CRYPT_OK on success - */ - int (*sub)(void *a, void *b, void *c); - - /** subtract two integers - @param a The first source integer - @param b The second source integer - (single digit of upto bits_per_digit in length) - @param c The destination of "a - b" - @return CRYPT_OK on success - */ - int (*subi)(void *a, ltc_mp_digit b, void *c); - - /** multiply two integers - @param a The first source integer - @param b The second source integer - (single digit of upto bits_per_digit in length) - @param c The destination of "a * b" - @return CRYPT_OK on success - */ - int (*mul)(void *a, void *b, void *c); - - /** multiply two integers - @param a The first source integer - @param b The second source integer - (single digit of upto bits_per_digit in length) - @param c The destination of "a * b" - @return CRYPT_OK on success - */ - int (*muli)(void *a, ltc_mp_digit b, void *c); - - /** Square an integer - @param a The integer to square - @param b The destination - @return CRYPT_OK on success - */ - int (*sqr)(void *a, void *b); - - /** Divide an integer - @param a The dividend - @param b The divisor - @param c The quotient (can be NULL to signify don't care) - @param d The remainder (can be NULL to signify don't care) - @return CRYPT_OK on success - */ - int (*mpdiv)(void *a, void *b, void *c, void *d); - - /** divide by two - @param a The integer to divide (shift right) - @param b The destination - @return CRYPT_OK on success - */ - int (*div_2)(void *a, void *b); - - /** Get remainder (small value) - @param a The integer to reduce - @param b The modulus (upto bits_per_digit in length) - @param c The destination for the residue - @return CRYPT_OK on success - */ - int (*modi)(void *a, ltc_mp_digit b, ltc_mp_digit *c); - - /** gcd - @param a The first integer - @param b The second integer - @param c The destination for (a, b) - @return CRYPT_OK on success - */ - int (*gcd)(void *a, void *b, void *c); - - /** lcm - @param a The first integer - @param b The second integer - @param c The destination for [a, b] - @return CRYPT_OK on success - */ - int (*lcm)(void *a, void *b, void *c); - - /** Modular multiplication - @param a The first source - @param b The second source - @param c The modulus - @param d The destination (a*b mod c) - @return CRYPT_OK on success - */ - int (*mulmod)(void *a, void *b, void *c, void *d); - - /** Modular squaring - @param a The first source - @param b The modulus - @param c The destination (a*a mod b) - @return CRYPT_OK on success - */ - int (*sqrmod)(void *a, void *b, void *c); - - /** Modular inversion - @param a The value to invert - @param b The modulus - @param c The destination (1/a mod b) - @return CRYPT_OK on success - */ - int (*invmod)(void *, void *, void *); - -/* ---- reduction ---- */ - - /** setup Montgomery - @param a The modulus - @param b The destination for the reduction digit - @return CRYPT_OK on success - */ - int (*montgomery_setup)(void *a, void **b); - - /** get normalization value - @param a The destination for the normalization value - @param b The modulus - @return CRYPT_OK on success - */ - int (*montgomery_normalization)(void *a, void *b); - - /** reduce a number - @param a The number [and dest] to reduce - @param b The modulus - @param c The value "b" from montgomery_setup() - @return CRYPT_OK on success - */ - int (*montgomery_reduce)(void *a, void *b, void *c); - - /** clean up (frees memory) - @param a The value "b" from montgomery_setup() - @return CRYPT_OK on success - */ - void (*montgomery_deinit)(void *a); - -/* ---- exponentiation ---- */ - - /** Modular exponentiation - @param a The base integer - @param b The power (can be negative) integer - @param c The modulus integer - @param d The destination - @return CRYPT_OK on success - */ - int (*exptmod)(void *a, void *b, void *c, void *d); - - /** Primality testing - @param a The integer to test - @param b The number of Miller-Rabin tests that shall be executed - @param c The destination of the result (FP_YES if prime) - @return CRYPT_OK on success - */ - int (*isprime)(void *a, int b, int *c); - -/* ---- (optional) ecc point math ---- */ - - /** ECC GF(p) point multiplication (from the NIST curves) - @param k The integer to multiply the point by - @param G The point to multiply - @param R The destination for kG - @param modulus The modulus for the field - @param map Boolean indicated whether to map back to affine or not - (can be ignored if you work in affine only) - @return CRYPT_OK on success - */ - int (*ecc_ptmul)( void *k, - ecc_point *G, - ecc_point *R, - void *modulus, - int map); - - /** ECC GF(p) point addition - @param P The first point - @param Q The second point - @param R The destination of P + Q - @param modulus The modulus - @param mp The "b" value from montgomery_setup() - @return CRYPT_OK on success - */ - int (*ecc_ptadd)(ecc_point *P, - ecc_point *Q, - ecc_point *R, - void *modulus, - void *mp); - - /** ECC GF(p) point double - @param P The first point - @param R The destination of 2P - @param modulus The modulus - @param mp The "b" value from montgomery_setup() - @return CRYPT_OK on success - */ - int (*ecc_ptdbl)(ecc_point *P, - ecc_point *R, - void *modulus, - void *mp); - - /** ECC mapping from projective to affine, - currently uses (x,y,z) => (x/z^2, y/z^3, 1) - @param P The point to map - @param modulus The modulus - @param mp The "b" value from montgomery_setup() - @return CRYPT_OK on success - @remark The mapping can be different but keep in mind a - ecc_point only has three integers (x,y,z) so if - you use a different mapping you have to make it fit. - */ - int (*ecc_map)(ecc_point *P, void *modulus, void *mp); - - /** Computes kA*A + kB*B = C using Shamir's Trick - @param A First point to multiply - @param kA What to multiple A by - @param B Second point to multiply - @param kB What to multiple B by - @param C [out] Destination point (can overlap with A or B) - @param modulus Modulus for curve - @return CRYPT_OK on success - */ - int (*ecc_mul2add)(ecc_point *A, void *kA, - ecc_point *B, void *kB, - ecc_point *C, - void *modulus); - -/* ---- (optional) rsa optimized math (for internal CRT) ---- */ - - /** RSA Key Generation - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param size The size of the key in octets - @param e The "e" value (public key). - e==65537 is a good choice - @param key [out] Destination of a newly created private key pair - @return CRYPT_OK if successful, upon error all allocated ram is freed - */ - int (*rsa_keygen)(prng_state *prng, - int wprng, - int size, - long e, - rsa_key *key); - - /** RSA exponentiation - @param in The octet array representing the base - @param inlen The length of the input - @param out The destination (to be stored in an octet array format) - @param outlen The length of the output buffer and the resulting size - (zero padded to the size of the modulus) - @param which PK_PUBLIC for public RSA and PK_PRIVATE for private RSA - @param key The RSA key to use - @return CRYPT_OK on success - */ - int (*rsa_me)(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, int which, - rsa_key *key); - -/* ---- basic math continued ---- */ - - /** Modular addition - @param a The first source - @param b The second source - @param c The modulus - @param d The destination (a + b mod c) - @return CRYPT_OK on success - */ - int (*addmod)(void *a, void *b, void *c, void *d); - - /** Modular substraction - @param a The first source - @param b The second source - @param c The modulus - @param d The destination (a - b mod c) - @return CRYPT_OK on success - */ - int (*submod)(void *a, void *b, void *c, void *d); - -/* ---- misc stuff ---- */ - - /** Make a pseudo-random mpi - @param a The mpi to make random - @param size The desired length - @return CRYPT_OK on success - */ - int (*rand)(void *a, int size); -} ltc_math_descriptor; - -extern ltc_math_descriptor ltc_mp; - -int ltc_init_multi(void **a, ...); -void ltc_deinit_multi(void *a, ...); -void ltc_cleanup_multi(void **a, ...); - -#ifdef LTM_DESC -extern const ltc_math_descriptor ltm_desc; -#endif - -#ifdef TFM_DESC -extern const ltc_math_descriptor tfm_desc; -#endif - -#ifdef GMP_DESC -extern const ltc_math_descriptor gmp_desc; -#endif - -#if !defined(DESC_DEF_ONLY) && defined(LTC_SOURCE) - -#define MP_DIGIT_BIT ltc_mp.bits_per_digit - -/* some handy macros */ -#define mp_init(a) ltc_mp.init(a) -#define mp_init_multi ltc_init_multi -#define mp_clear(a) ltc_mp.deinit(a) -#define mp_clear_multi ltc_deinit_multi -#define mp_cleanup_multi ltc_cleanup_multi -#define mp_init_copy(a, b) ltc_mp.init_copy(a, b) - -#define mp_neg(a, b) ltc_mp.neg(a, b) -#define mp_copy(a, b) ltc_mp.copy(a, b) - -#define mp_set(a, b) ltc_mp.set_int(a, b) -#define mp_set_int(a, b) ltc_mp.set_int(a, b) -#define mp_get_int(a) ltc_mp.get_int(a) -#define mp_get_digit(a, n) ltc_mp.get_digit(a, n) -#define mp_get_digit_count(a) ltc_mp.get_digit_count(a) -#define mp_cmp(a, b) ltc_mp.compare(a, b) -#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b) -#define mp_count_bits(a) ltc_mp.count_bits(a) -#define mp_cnt_lsb(a) ltc_mp.count_lsb_bits(a) -#define mp_2expt(a, b) ltc_mp.twoexpt(a, b) - -#define mp_read_radix(a, b, c) ltc_mp.read_radix(a, b, c) -#define mp_toradix(a, b, c) ltc_mp.write_radix(a, b, c) -#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a) -#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b) -#define mp_read_unsigned_bin(a, b, c) ltc_mp.unsigned_read(a, b, c) - -#define mp_add(a, b, c) ltc_mp.add(a, b, c) -#define mp_add_d(a, b, c) ltc_mp.addi(a, b, c) -#define mp_sub(a, b, c) ltc_mp.sub(a, b, c) -#define mp_sub_d(a, b, c) ltc_mp.subi(a, b, c) -#define mp_mul(a, b, c) ltc_mp.mul(a, b, c) -#define mp_mul_d(a, b, c) ltc_mp.muli(a, b, c) -#define mp_sqr(a, b) ltc_mp.sqr(a, b) -#define mp_div(a, b, c, d) ltc_mp.mpdiv(a, b, c, d) -#define mp_div_2(a, b) ltc_mp.div_2(a, b) -#define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c) -#define mp_mod_d(a, b, c) ltc_mp.modi(a, b, c) -#define mp_gcd(a, b, c) ltc_mp.gcd(a, b, c) -#define mp_lcm(a, b, c) ltc_mp.lcm(a, b, c) - -#define mp_addmod(a, b, c, d) ltc_mp.addmod(a, b, c, d) -#define mp_submod(a, b, c, d) ltc_mp.submod(a, b, c, d) -#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d) -#define mp_sqrmod(a, b, c) ltc_mp.sqrmod(a, b, c) -#define mp_invmod(a, b, c) ltc_mp.invmod(a, b, c) - -#define mp_montgomery_setup(a, b) ltc_mp.montgomery_setup(a, b) -#define mp_montgomery_normalization(a, b) ltc_mp.montgomery_normalization(a, b) -#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c) -#define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a) - -#define mp_exptmod(a,b,c,d) ltc_mp.exptmod(a,b,c,d) -#define mp_prime_is_prime(a, b, c) ltc_mp.isprime(a, b, c) - -#define mp_iszero(a) (mp_cmp_d(a, 0) == LTC_MP_EQ ? LTC_MP_YES : LTC_MP_NO) -#define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO) -#define mp_exch(a, b) do { void *ABC__tmp = a; a = b; b = ABC__tmp; } while(0) - -#define mp_tohex(a, b) mp_toradix(a, b, 16) - -#define mp_rand(a, b) ltc_mp.rand(a, b) - -#endif diff --git a/libs/tomcrypt/src/headers/tomcrypt_misc.h b/libs/tomcrypt/src/headers/tomcrypt_misc.h deleted file mode 100644 index e33f67b3a5b..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_misc.h +++ /dev/null @@ -1,109 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* ---- LTC_BASE64 Routines ---- */ -#ifdef LTC_BASE64 -int base64_encode(const unsigned char *in, unsigned long len, - unsigned char *out, unsigned long *outlen); - -int base64_decode(const unsigned char *in, unsigned long len, - unsigned char *out, unsigned long *outlen); -int base64_strict_decode(const unsigned char *in, unsigned long len, - unsigned char *out, unsigned long *outlen); -#endif - -#ifdef LTC_BASE64_URL -int base64url_encode(const unsigned char *in, unsigned long len, - unsigned char *out, unsigned long *outlen); -int base64url_strict_encode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - -int base64url_decode(const unsigned char *in, unsigned long len, - unsigned char *out, unsigned long *outlen); -int base64url_strict_decode(const unsigned char *in, unsigned long len, - unsigned char *out, unsigned long *outlen); -#endif - -/* ===> LTC_HKDF -- RFC5869 HMAC-based Key Derivation Function <=== */ -#ifdef LTC_HKDF - -int hkdf_test(void); - -int hkdf_extract(int hash_idx, - const unsigned char *salt, unsigned long saltlen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - -int hkdf_expand(int hash_idx, - const unsigned char *info, unsigned long infolen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long outlen); - -int hkdf(int hash_idx, - const unsigned char *salt, unsigned long saltlen, - const unsigned char *info, unsigned long infolen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long outlen); - -#endif /* LTC_HKDF */ - -/* ---- MEM routines ---- */ -int mem_neq(const void *a, const void *b, size_t len); -void zeromem(volatile void *dst, size_t len); -void burn_stack(unsigned long len); - -const char *error_to_string(int err); - -extern const char *crypt_build_settings; - -/* ---- HMM ---- */ -int crypt_fsa(void *mp, ...); - -/* ---- Dynamic language support ---- */ -int crypt_get_constant(const char* namein, int *valueout); -int crypt_list_all_constants(char *names_list, unsigned int *names_list_size); - -int crypt_get_size(const char* namein, unsigned int *sizeout); -int crypt_list_all_sizes(char *names_list, unsigned int *names_list_size); - -#ifdef LTM_DESC -void init_LTM(void); -#endif -#ifdef TFM_DESC -void init_TFM(void); -#endif -#ifdef GMP_DESC -void init_GMP(void); -#endif - -#ifdef LTC_ADLER32 -typedef struct adler32_state_s -{ - unsigned short s[2]; -} adler32_state; - -void adler32_init(adler32_state *ctx); -void adler32_update(adler32_state *ctx, const unsigned char *input, unsigned long length); -void adler32_finish(adler32_state *ctx, void *hash, unsigned long size); -int adler32_test(void); -#endif - -#ifdef LTC_CRC32 -typedef struct crc32_state_s -{ - ulong32 crc; -} crc32_state; - -void crc32_init(crc32_state *ctx); -void crc32_update(crc32_state *ctx, const unsigned char *input, unsigned long length); -void crc32_finish(crc32_state *ctx, void *hash, unsigned long size); -int crc32_test(void); -#endif - -int compare_testvector(const void* is, const unsigned long is_len, const void* should, const unsigned long should_len, const char* what, int which); diff --git a/libs/tomcrypt/src/headers/tomcrypt_pk.h b/libs/tomcrypt/src/headers/tomcrypt_pk.h deleted file mode 100644 index 9375bd22a6e..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_pk.h +++ /dev/null @@ -1,743 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* ---- NUMBER THEORY ---- */ - -enum { - PK_PUBLIC=0, - PK_PRIVATE=1 -}; - -/* Indicates standard output formats that can be read e.g. by OpenSSL or GnuTLS */ -#define PK_STD 0x1000 - -int rand_prime(void *N, long len, prng_state *prng, int wprng); - -#ifdef LTC_SOURCE -/* internal helper functions */ -int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); -int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng); - -enum public_key_algorithms { - PKA_RSA, - PKA_DSA -}; - -typedef struct Oid { - unsigned long OID[16]; - /** Number of OID digits in use */ - unsigned long OIDlen; -} oid_st; - -int pk_get_oid(int pk, oid_st *st); -#endif /* LTC_SOURCE */ - -/* ---- RSA ---- */ -#ifdef LTC_MRSA - -/** RSA PKCS style key */ -typedef struct Rsa_key { - /** Type of key, PK_PRIVATE or PK_PUBLIC */ - int type; - /** The public exponent */ - void *e; - /** The private exponent */ - void *d; - /** The modulus */ - void *N; - /** The p factor of N */ - void *p; - /** The q factor of N */ - void *q; - /** The 1/q mod p CRT param */ - void *qP; - /** The d mod (p - 1) CRT param */ - void *dP; - /** The d mod (q - 1) CRT param */ - void *dQ; -} rsa_key; - -int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key); - -int rsa_get_size(rsa_key *key); - -int rsa_exptmod(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, int which, - rsa_key *key); - -void rsa_free(rsa_key *key); - -/* These use PKCS #1 v2.0 padding */ -#define rsa_encrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, _key) \ - rsa_encrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, LTC_PKCS_1_OAEP, _key) - -#define rsa_decrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, _stat, _key) \ - rsa_decrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, LTC_PKCS_1_OAEP, _stat, _key) - -#define rsa_sign_hash(_in, _inlen, _out, _outlen, _prng, _prng_idx, _hash_idx, _saltlen, _key) \ - rsa_sign_hash_ex(_in, _inlen, _out, _outlen, LTC_PKCS_1_PSS, _prng, _prng_idx, _hash_idx, _saltlen, _key) - -#define rsa_verify_hash(_sig, _siglen, _hash, _hashlen, _hash_idx, _saltlen, _stat, _key) \ - rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_PKCS_1_PSS, _hash_idx, _saltlen, _stat, _key) - -#define rsa_sign_saltlen_get_max(_hash_idx, _key) \ - rsa_sign_saltlen_get_max_ex(LTC_PKCS_1_PSS, _hash_idx, _key) - -/* These can be switched between PKCS #1 v2.x and PKCS #1 v1.5 paddings */ -int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - prng_state *prng, int prng_idx, int hash_idx, int padding, rsa_key *key); - -int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - int hash_idx, int padding, - int *stat, rsa_key *key); - -int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - int padding, - prng_state *prng, int prng_idx, - int hash_idx, unsigned long saltlen, - rsa_key *key); - -int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int padding, - int hash_idx, unsigned long saltlen, - int *stat, rsa_key *key); - -int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key); - -/* PKCS #1 import/export */ -int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key); -int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); - -int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key); -int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *passwd, unsigned long passwdlen, rsa_key *key); - -int rsa_set_key(const unsigned char *N, unsigned long Nlen, - const unsigned char *e, unsigned long elen, - const unsigned char *d, unsigned long dlen, - rsa_key *key); -int rsa_set_factors(const unsigned char *p, unsigned long plen, - const unsigned char *q, unsigned long qlen, - rsa_key *key); -int rsa_set_crt_params(const unsigned char *dP, unsigned long dPlen, - const unsigned char *dQ, unsigned long dQlen, - const unsigned char *qP, unsigned long qPlen, - rsa_key *key); -#endif - -/* ---- Katja ---- */ -#ifdef LTC_MKAT - -/* Min and Max KAT key sizes (in bits) */ -#define MIN_KAT_SIZE 1024 -#define MAX_KAT_SIZE 4096 - -/** Katja PKCS style key */ -typedef struct KAT_key { - /** Type of key, PK_PRIVATE or PK_PUBLIC */ - int type; - /** The private exponent */ - void *d; - /** The modulus */ - void *N; - /** The p factor of N */ - void *p; - /** The q factor of N */ - void *q; - /** The 1/q mod p CRT param */ - void *qP; - /** The d mod (p - 1) CRT param */ - void *dP; - /** The d mod (q - 1) CRT param */ - void *dQ; - /** The pq param */ - void *pq; -} katja_key; - -int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key); - -int katja_exptmod(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, int which, - katja_key *key); - -void katja_free(katja_key *key); - -/* These use PKCS #1 v2.0 padding */ -int katja_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - prng_state *prng, int prng_idx, int hash_idx, katja_key *key); - -int katja_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - int hash_idx, int *stat, - katja_key *key); - -/* PKCS #1 import/export */ -int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key); -int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key); - -#endif - -/* ---- DH Routines ---- */ -#ifdef LTC_MDH - -typedef struct { - int type; - void *x; - void *y; - void *base; - void *prime; -} dh_key; - -int dh_get_groupsize(dh_key *key); - -int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key); -int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key); - -int dh_set_pg(const unsigned char *p, unsigned long plen, - const unsigned char *g, unsigned long glen, - dh_key *key); -int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key); -int dh_set_pg_groupsize(int groupsize, dh_key *key); - -int dh_set_key(const unsigned char *in, unsigned long inlen, int type, dh_key *key); -int dh_generate_key(prng_state *prng, int wprng, dh_key *key); - -int dh_shared_secret(dh_key *private_key, dh_key *public_key, - unsigned char *out, unsigned long *outlen); - -void dh_free(dh_key *key); - -int dh_export_key(void *out, unsigned long *outlen, int type, dh_key *key); - -#ifdef LTC_SOURCE -typedef struct { - int size; - const char *name, *base, *prime; -} ltc_dh_set_type; - -extern const ltc_dh_set_type ltc_dh_sets[]; - -/* internal helper functions */ -int dh_check_pubkey(dh_key *key); -#endif - -#endif /* LTC_MDH */ - - -/* ---- ECC Routines ---- */ -#ifdef LTC_MECC - -/* size of our temp buffers for exported keys */ -#define ECC_BUF_SIZE 256 - -/* max private key size */ -#define ECC_MAXSIZE 66 - -/** Structure defines a NIST GF(p) curve */ -typedef struct { - /** The size of the curve in octets */ - int size; - - /** name of curve */ - const char *name; - - /** The prime that defines the field the curve is in (encoded in hex) */ - const char *prime; - - /** The fields B param (hex) */ - const char *B; - - /** The order of the curve (hex) */ - const char *order; - - /** The x co-ordinate of the base point on the curve (hex) */ - const char *Gx; - - /** The y co-ordinate of the base point on the curve (hex) */ - const char *Gy; -} ltc_ecc_set_type; - -/** A point on a ECC curve, stored in Jacbobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpretted as affine */ -typedef struct { - /** The x co-ordinate */ - void *x; - - /** The y co-ordinate */ - void *y; - - /** The z co-ordinate */ - void *z; -} ecc_point; - -/** An ECC key */ -typedef struct { - /** Type of key, PK_PRIVATE or PK_PUBLIC */ - int type; - - /** Index into the ltc_ecc_sets[] for the parameters of this curve; if -1, then this key is using user supplied curve in dp */ - int idx; - - /** pointer to domain parameters; either points to NIST curves (identified by idx >= 0) or user supplied curve */ - const ltc_ecc_set_type *dp; - - /** The public key */ - ecc_point pubkey; - - /** The private key */ - void *k; -} ecc_key; - -/** the ECC params provided */ -extern const ltc_ecc_set_type ltc_ecc_sets[]; - -int ecc_test(void); -void ecc_sizes(int *low, int *high); -int ecc_get_size(ecc_key *key); - -int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key); -int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp); -void ecc_free(ecc_key *key); - -int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key); -int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key); -int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp); - -int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen); -int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key); -int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp); - -int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, - unsigned char *out, unsigned long *outlen); - -int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, int hash, - ecc_key *key); - -int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - ecc_key *key); - -int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, ecc_key *key); - -int ecc_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, ecc_key *key); - -int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, ecc_key *key); - -int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, ecc_key *key); - -/* low level functions */ -ecc_point *ltc_ecc_new_point(void); -void ltc_ecc_del_point(ecc_point *p); -int ltc_ecc_is_valid_idx(int n); - -/* point ops (mp == montgomery digit) */ -#if !defined(LTC_MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC) -/* R = 2P */ -int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp); - -/* R = P + Q */ -int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp); -#endif - -#if defined(LTC_MECC_FP) -/* optimized point multiplication using fixed point cache (HAC algorithm 14.117) */ -int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map); - -/* functions for saving/loading/freeing/adding to fixed point cache */ -int ltc_ecc_fp_save_state(unsigned char **out, unsigned long *outlen); -int ltc_ecc_fp_restore_state(unsigned char *in, unsigned long inlen); -void ltc_ecc_fp_free(void); -int ltc_ecc_fp_add_point(ecc_point *g, void *modulus, int lock); - -/* lock/unlock all points currently in fixed point cache */ -void ltc_ecc_fp_tablelock(int lock); -#endif - -/* R = kG */ -int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map); - -#ifdef LTC_ECC_SHAMIR -/* kA*A + kB*B = C */ -int ltc_ecc_mul2add(ecc_point *A, void *kA, - ecc_point *B, void *kB, - ecc_point *C, - void *modulus); - -#ifdef LTC_MECC_FP -/* Shamir's trick with optimized point multiplication using fixed point cache */ -int ltc_ecc_fp_mul2add(ecc_point *A, void *kA, - ecc_point *B, void *kB, - ecc_point *C, void *modulus); -#endif - -#endif - - -/* map P to affine from projective */ -int ltc_ecc_map(ecc_point *P, void *modulus, void *mp); - -#endif - -#ifdef LTC_MDSA - -/* Max diff between group and modulus size in bytes */ -#define LTC_MDSA_DELTA 512 - -/* Max DSA group size in bytes (default allows 4k-bit groups) */ -#define LTC_MDSA_MAX_GROUP 512 - -/** DSA key structure */ -typedef struct { - /** The key type, PK_PRIVATE or PK_PUBLIC */ - int type; - - /** The order of the sub-group used in octets */ - int qord; - - /** The generator */ - void *g; - - /** The prime used to generate the sub-group */ - void *q; - - /** The large prime that generats the field the contains the sub-group */ - void *p; - - /** The private key */ - void *x; - - /** The public key */ - void *y; -} dsa_key; - -int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); - -int dsa_set_pqg(const unsigned char *p, unsigned long plen, - const unsigned char *q, unsigned long qlen, - const unsigned char *g, unsigned long glen, - dsa_key *key); -int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, dsa_key *key); -int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); - -int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key *key); -int dsa_generate_key(prng_state *prng, int wprng, dsa_key *key); - -void dsa_free(dsa_key *key); - -int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, - void *r, void *s, - prng_state *prng, int wprng, dsa_key *key); - -int dsa_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, dsa_key *key); - -int dsa_verify_hash_raw( void *r, void *s, - const unsigned char *hash, unsigned long hashlen, - int *stat, dsa_key *key); - -int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, dsa_key *key); - -int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, int hash, - dsa_key *key); - -int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - dsa_key *key); - -int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); -int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); -int dsa_verify_key(dsa_key *key, int *stat); -#ifdef LTC_SOURCE -/* internal helper functions */ -int dsa_int_validate_xy(dsa_key *key, int *stat); -int dsa_int_validate_pqg(dsa_key *key, int *stat); -int dsa_int_validate_primes(dsa_key *key, int *stat); -#endif -int dsa_shared_secret(void *private_key, void *base, - dsa_key *public_key, - unsigned char *out, unsigned long *outlen); -#endif - -#ifdef LTC_DER -/* DER handling */ - -typedef enum ltc_asn1_type_ { - /* 0 */ - LTC_ASN1_EOL, - LTC_ASN1_BOOLEAN, - LTC_ASN1_INTEGER, - LTC_ASN1_SHORT_INTEGER, - LTC_ASN1_BIT_STRING, - /* 5 */ - LTC_ASN1_OCTET_STRING, - LTC_ASN1_NULL, - LTC_ASN1_OBJECT_IDENTIFIER, - LTC_ASN1_IA5_STRING, - LTC_ASN1_PRINTABLE_STRING, - /* 10 */ - LTC_ASN1_UTF8_STRING, - LTC_ASN1_UTCTIME, - LTC_ASN1_CHOICE, - LTC_ASN1_SEQUENCE, - LTC_ASN1_SET, - /* 15 */ - LTC_ASN1_SETOF, - LTC_ASN1_RAW_BIT_STRING, - LTC_ASN1_TELETEX_STRING, - LTC_ASN1_CONSTRUCTED, - LTC_ASN1_CONTEXT_SPECIFIC, - /* 20 */ - LTC_ASN1_GENERALIZEDTIME, -} ltc_asn1_type; - -/** A LTC ASN.1 list type */ -typedef struct ltc_asn1_list_ { - /** The LTC ASN.1 enumerated type identifier */ - ltc_asn1_type type; - /** The data to encode or place for decoding */ - void *data; - /** The size of the input or resulting output */ - unsigned long size; - /** The used flag, this is used by the CHOICE ASN.1 type to indicate which choice was made */ - int used; - /** prev/next entry in the list */ - struct ltc_asn1_list_ *prev, *next, *child, *parent; -} ltc_asn1_list; - -#define LTC_SET_ASN1(list, index, Type, Data, Size) \ - do { \ - int LTC_MACRO_temp = (index); \ - ltc_asn1_list *LTC_MACRO_list = (list); \ - LTC_MACRO_list[LTC_MACRO_temp].type = (Type); \ - LTC_MACRO_list[LTC_MACRO_temp].data = (void*)(Data); \ - LTC_MACRO_list[LTC_MACRO_temp].size = (Size); \ - LTC_MACRO_list[LTC_MACRO_temp].used = 0; \ - } while (0) - -/* SEQUENCE */ -int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen, - unsigned char *out, unsigned long *outlen, int type_of); - -#define der_encode_sequence(list, inlen, out, outlen) der_encode_sequence_ex(list, inlen, out, outlen, LTC_ASN1_SEQUENCE) - -int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, - ltc_asn1_list *list, unsigned long outlen, int ordered); - -#define der_decode_sequence(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 1) - -int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, - unsigned long *outlen); - - -#ifdef LTC_SOURCE -/* internal helper functions */ -int der_length_sequence_ex(ltc_asn1_list *list, unsigned long inlen, - unsigned long *outlen, unsigned long *payloadlen); -/* SUBJECT PUBLIC KEY INFO */ -int der_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, - unsigned int algorithm, void* public_key, unsigned long public_key_len, - unsigned long parameters_type, void* parameters, unsigned long parameters_len); - -int der_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, - unsigned int algorithm, void* public_key, unsigned long* public_key_len, - unsigned long parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len); -#endif /* LTC_SOURCE */ - -/* SET */ -#define der_decode_set(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 0) -#define der_length_set der_length_sequence -int der_encode_set(ltc_asn1_list *list, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - -int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - -/* VA list handy helpers with triplets of <type, size, data> */ -int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...); -int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...); - -/* FLEXI DECODER handle unknown list decoder */ -int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out); -#define der_free_sequence_flexi der_sequence_free -void der_sequence_free(ltc_asn1_list *in); -void der_sequence_shrink(ltc_asn1_list *in); - -/* BOOLEAN */ -int der_length_boolean(unsigned long *outlen); -int der_encode_boolean(int in, - unsigned char *out, unsigned long *outlen); -int der_decode_boolean(const unsigned char *in, unsigned long inlen, - int *out); -/* INTEGER */ -int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen); -int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num); -int der_length_integer(void *num, unsigned long *len); - -/* INTEGER -- handy for 0..2^32-1 values */ -int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsigned long *num); -int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned long *outlen); -int der_length_short_integer(unsigned long num, unsigned long *outlen); - -/* BIT STRING */ -int der_encode_bit_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_decode_bit_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_encode_raw_bit_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_length_bit_string(unsigned long nbits, unsigned long *outlen); - -/* OCTET STRING */ -int der_encode_octet_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_decode_octet_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_length_octet_string(unsigned long noctets, unsigned long *outlen); - -/* OBJECT IDENTIFIER */ -int der_encode_object_identifier(unsigned long *words, unsigned long nwords, - unsigned char *out, unsigned long *outlen); -int der_decode_object_identifier(const unsigned char *in, unsigned long inlen, - unsigned long *words, unsigned long *outlen); -int der_length_object_identifier(unsigned long *words, unsigned long nwords, unsigned long *outlen); -unsigned long der_object_identifier_bits(unsigned long x); - -/* IA5 STRING */ -int der_encode_ia5_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_decode_ia5_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); - -int der_ia5_char_encode(int c); -int der_ia5_value_decode(int v); - -/* TELETEX STRING */ -int der_decode_teletex_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_length_teletex_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); - -#ifdef LTC_SOURCE -/* internal helper functions */ -int der_teletex_char_encode(int c); -int der_teletex_value_decode(int v); -#endif /* LTC_SOURCE */ - - -/* PRINTABLE STRING */ -int der_encode_printable_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_decode_printable_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); -int der_length_printable_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen); - -int der_printable_char_encode(int c); -int der_printable_value_decode(int v); - -/* UTF-8 */ -#if (defined(SIZE_MAX) || __STDC_VERSION__ >= 199901L || defined(WCHAR_MAX) || defined(__WCHAR_MAX__) || defined(_WCHAR_T) || defined(_WCHAR_T_DEFINED) || defined (__WCHAR_TYPE__)) && !defined(LTC_NO_WCHAR) - #if defined(__WCHAR_MAX__) - #define LTC_WCHAR_MAX __WCHAR_MAX__ - #else - #include <wchar.h> - #define LTC_WCHAR_MAX WCHAR_MAX - #endif -/* please note that it might happen that LTC_WCHAR_MAX is undefined */ -#else - typedef ulong32 wchar_t; - #define LTC_WCHAR_MAX 0xFFFFFFFF -#endif - -int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen); - -int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, - wchar_t *out, unsigned long *outlen); -unsigned long der_utf8_charsize(const wchar_t c); -#ifdef LTC_SOURCE -/* internal helper functions */ -int der_utf8_valid_char(const wchar_t c); -#endif /* LTC_SOURCE */ -int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen); - - -/* CHOICE */ -int der_decode_choice(const unsigned char *in, unsigned long *inlen, - ltc_asn1_list *list, unsigned long outlen); - -/* UTCTime */ -typedef struct { - unsigned YY, /* year */ - MM, /* month */ - DD, /* day */ - hh, /* hour */ - mm, /* minute */ - ss, /* second */ - off_dir, /* timezone offset direction 0 == +, 1 == - */ - off_hh, /* timezone offset hours */ - off_mm; /* timezone offset minutes */ -} ltc_utctime; - -int der_encode_utctime(ltc_utctime *utctime, - unsigned char *out, unsigned long *outlen); - -int der_decode_utctime(const unsigned char *in, unsigned long *inlen, - ltc_utctime *out); - -int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen); - -/* GeneralizedTime */ -typedef struct { - unsigned YYYY, /* year */ - MM, /* month */ - DD, /* day */ - hh, /* hour */ - mm, /* minute */ - ss, /* second */ - fs, /* fractional seconds */ - off_dir, /* timezone offset direction 0 == +, 1 == - */ - off_hh, /* timezone offset hours */ - off_mm; /* timezone offset minutes */ -} ltc_generalizedtime; - -int der_encode_generalizedtime(ltc_generalizedtime *gtime, - unsigned char *out, unsigned long *outlen); - -int der_decode_generalizedtime(const unsigned char *in, unsigned long *inlen, - ltc_generalizedtime *out); - -int der_length_generalizedtime(ltc_generalizedtime *gtime, unsigned long *outlen); - - -#endif diff --git a/libs/tomcrypt/src/headers/tomcrypt_pkcs.h b/libs/tomcrypt/src/headers/tomcrypt_pkcs.h deleted file mode 100644 index 6ac324bd09f..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_pkcs.h +++ /dev/null @@ -1,104 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* PKCS Header Info */ - -/* ===> PKCS #1 -- RSA Cryptography <=== */ -#ifdef LTC_PKCS_1 - -enum ltc_pkcs_1_v1_5_blocks -{ - LTC_PKCS_1_EMSA = 1, /* Block type 1 (PKCS #1 v1.5 signature padding) */ - LTC_PKCS_1_EME = 2 /* Block type 2 (PKCS #1 v1.5 encryption padding) */ -}; - -enum ltc_pkcs_1_paddings -{ - LTC_PKCS_1_V1_5 = 1, /* PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */ - LTC_PKCS_1_OAEP = 2, /* PKCS #1 v2.0 encryption padding */ - LTC_PKCS_1_PSS = 3, /* PKCS #1 v2.1 signature padding */ - LTC_PKCS_1_V1_5_NA1 = 4 /* PKCS #1 v1.5 padding - No ASN.1 (\sa ltc_pkcs_1_v1_5_blocks) */ -}; - -int pkcs_1_mgf1( int hash_idx, - const unsigned char *seed, unsigned long seedlen, - unsigned char *mask, unsigned long masklen); - -int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out); -int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen); - -/* *** v1.5 padding */ -int pkcs_1_v1_5_encode(const unsigned char *msg, - unsigned long msglen, - int block_type, - unsigned long modulus_bitlen, - prng_state *prng, - int prng_idx, - unsigned char *out, - unsigned long *outlen); - -int pkcs_1_v1_5_decode(const unsigned char *msg, - unsigned long msglen, - int block_type, - unsigned long modulus_bitlen, - unsigned char *out, - unsigned long *outlen, - int *is_valid); - -/* *** v2.1 padding */ -int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, - const unsigned char *lparam, unsigned long lparamlen, - unsigned long modulus_bitlen, prng_state *prng, - int prng_idx, int hash_idx, - unsigned char *out, unsigned long *outlen); - -int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, - const unsigned char *lparam, unsigned long lparamlen, - unsigned long modulus_bitlen, int hash_idx, - unsigned char *out, unsigned long *outlen, - int *res); - -int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, - unsigned long saltlen, prng_state *prng, - int prng_idx, int hash_idx, - unsigned long modulus_bitlen, - unsigned char *out, unsigned long *outlen); - -int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, - const unsigned char *sig, unsigned long siglen, - unsigned long saltlen, int hash_idx, - unsigned long modulus_bitlen, int *res); - -#endif /* LTC_PKCS_1 */ - -/* ===> PKCS #5 -- Password Based Cryptography <=== */ -#ifdef LTC_PKCS_5 - -/* Algorithm #1 (PBKDF1) */ -int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen); - -/* Algorithm #1 (PBKDF1) - OpenSSL-compatible variant for arbitrarily-long keys. - Compatible with EVP_BytesToKey() */ -int pkcs_5_alg1_openssl(const unsigned char *password, - unsigned long password_len, - const unsigned char *salt, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen); - -/* Algorithm #2 (PBKDF2) */ -int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, unsigned long salt_len, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen); - -int pkcs_5_test (void); -#endif /* LTC_PKCS_5 */ diff --git a/libs/tomcrypt/src/headers/tomcrypt_prng.h b/libs/tomcrypt/src/headers/tomcrypt_prng.h deleted file mode 100644 index 1a79d6d512f..00000000000 --- a/libs/tomcrypt/src/headers/tomcrypt_prng.h +++ /dev/null @@ -1,227 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* ---- PRNG Stuff ---- */ -#ifdef LTC_YARROW -struct yarrow_prng { - int cipher, hash; - unsigned char pool[MAXBLOCKSIZE]; - symmetric_CTR ctr; -}; -#endif - -#ifdef LTC_RC4 -struct rc4_prng { - rc4_state s; -}; -#endif - -#ifdef LTC_CHACHA20_PRNG -struct chacha20_prng { - chacha_state s; /* chacha state */ - unsigned char ent[40]; /* entropy buffer */ - unsigned long idx; /* entropy counter */ -}; -#endif - -#ifdef LTC_FORTUNA -struct fortuna_prng { - hash_state pool[LTC_FORTUNA_POOLS]; /* the pools */ - - symmetric_key skey; - - unsigned char K[32], /* the current key */ - IV[16]; /* IV for CTR mode */ - - unsigned long pool_idx, /* current pool we will add to */ - pool0_len, /* length of 0'th pool */ - wd; - - ulong64 reset_cnt; /* number of times we have reset */ -}; -#endif - -#ifdef LTC_SOBER128 -struct sober128_prng { - sober128_state s; /* sober128 state */ - unsigned char ent[40]; /* entropy buffer */ - unsigned long idx; /* entropy counter */ -}; -#endif - -typedef struct { - union { - char dummy[1]; -#ifdef LTC_YARROW - struct yarrow_prng yarrow; -#endif -#ifdef LTC_RC4 - struct rc4_prng rc4; -#endif -#ifdef LTC_CHACHA20_PRNG - struct chacha20_prng chacha; -#endif -#ifdef LTC_FORTUNA - struct fortuna_prng fortuna; -#endif -#ifdef LTC_SOBER128 - struct sober128_prng sober128; -#endif - }; - short ready; /* ready flag 0-1 */ - LTC_MUTEX_TYPE(lock) /* lock */ -} prng_state; - -/** PRNG descriptor */ -extern struct ltc_prng_descriptor { - /** Name of the PRNG */ - const char *name; - /** size in bytes of exported state */ - int export_size; - /** Start a PRNG state - @param prng [out] The state to initialize - @return CRYPT_OK if successful - */ - int (*start)(prng_state *prng); - /** Add entropy to the PRNG - @param in The entropy - @param inlen Length of the entropy (octets)\ - @param prng The PRNG state - @return CRYPT_OK if successful - */ - int (*add_entropy)(const unsigned char *in, unsigned long inlen, prng_state *prng); - /** Ready a PRNG state to read from - @param prng The PRNG state to ready - @return CRYPT_OK if successful - */ - int (*ready)(prng_state *prng); - /** Read from the PRNG - @param out [out] Where to store the data - @param outlen Length of data desired (octets) - @param prng The PRNG state to read from - @return Number of octets read - */ - unsigned long (*read)(unsigned char *out, unsigned long outlen, prng_state *prng); - /** Terminate a PRNG state - @param prng The PRNG state to terminate - @return CRYPT_OK if successful - */ - int (*done)(prng_state *prng); - /** Export a PRNG state - @param out [out] The destination for the state - @param outlen [in/out] The max size and resulting size of the PRNG state - @param prng The PRNG to export - @return CRYPT_OK if successful - */ - int (*pexport)(unsigned char *out, unsigned long *outlen, prng_state *prng); - /** Import a PRNG state - @param in The data to import - @param inlen The length of the data to import (octets) - @param prng The PRNG to initialize/import - @return CRYPT_OK if successful - */ - int (*pimport)(const unsigned char *in, unsigned long inlen, prng_state *prng); - /** Self-test the PRNG - @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled - */ - int (*test)(void); -} prng_descriptor[]; - -#ifdef LTC_YARROW -int yarrow_start(prng_state *prng); -int yarrow_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); -int yarrow_ready(prng_state *prng); -unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *prng); -int yarrow_done(prng_state *prng); -int yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng); -int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng); -int yarrow_test(void); -extern const struct ltc_prng_descriptor yarrow_desc; -#endif - -#ifdef LTC_FORTUNA -int fortuna_start(prng_state *prng); -int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); -int fortuna_ready(prng_state *prng); -unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state *prng); -int fortuna_done(prng_state *prng); -int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng); -int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prng); -int fortuna_test(void); -extern const struct ltc_prng_descriptor fortuna_desc; -#endif - -#ifdef LTC_RC4 -int rc4_start(prng_state *prng); -int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); -int rc4_ready(prng_state *prng); -unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prng); -int rc4_done(prng_state *prng); -int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng); -int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng); -int rc4_test(void); -extern const struct ltc_prng_descriptor rc4_desc; -#endif - -#ifdef LTC_CHACHA20_PRNG -int chacha20_prng_start(prng_state *prng); -int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); -int chacha20_prng_ready(prng_state *prng); -unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng); -int chacha20_prng_done(prng_state *prng); -int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *prng); -int chacha20_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng); -int chacha20_prng_test(void); -extern const struct ltc_prng_descriptor chacha20_prng_desc; -#endif - -#ifdef LTC_SPRNG -int sprng_start(prng_state *prng); -int sprng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); -int sprng_ready(prng_state *prng); -unsigned long sprng_read(unsigned char *out, unsigned long outlen, prng_state *prng); -int sprng_done(prng_state *prng); -int sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng); -int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng); -int sprng_test(void); -extern const struct ltc_prng_descriptor sprng_desc; -#endif - -#ifdef LTC_SOBER128 -int sober128_start(prng_state *prng); -int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng); -int sober128_ready(prng_state *prng); -unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state *prng); -int sober128_done(prng_state *prng); -int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng); -int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng); -int sober128_test(void); -extern const struct ltc_prng_descriptor sober128_desc; -#endif - -int find_prng(const char *name); -int register_prng(const struct ltc_prng_descriptor *prng); -int unregister_prng(const struct ltc_prng_descriptor *prng); -int register_all_prngs(void); -int prng_is_valid(int idx); -LTC_MUTEX_PROTO(ltc_prng_mutex) - -/* Slow RNG you **might** be able to use to seed a PRNG with. Be careful as this - * might not work on all platforms as planned - */ -unsigned long rng_get_bytes(unsigned char *out, - unsigned long outlen, - void (*callback)(void)); - -int rng_make_prng(int bits, int wprng, prng_state *prng, void (*callback)(void)); - -#ifdef LTC_PRNG_ENABLE_LTC_RNG -extern unsigned long (*ltc_rng)(unsigned char *out, unsigned long outlen, - void (*callback)(void)); -#endif diff --git a/libs/tomcrypt/src/headers/tommath.h b/libs/tomcrypt/src/headers/tommath.h deleted file mode 100644 index 1cd754558cd..00000000000 --- a/libs/tomcrypt/src/headers/tommath.h +++ /dev/null @@ -1,609 +0,0 @@ -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * SPDX-License-Identifier: Unlicense - */ -#ifndef BN_H_ -#define BN_H_ - -#include <stdlib.h> -#include <stdint.h> -#include <limits.h> - -#define LTM_NO_FILE - -#ifdef __cplusplus -extern "C" { -#endif - -/* MS Visual C++ doesn't have a 128bit type for words, so fall back to 32bit MPI's (where words are 64bit) */ -#if defined(_MSC_VER) || defined(__LLP64__) || defined(__e2k__) || defined(__LCC__) -# define MP_32BIT -#endif - -/* detect 64-bit mode if possible */ -#if defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) || \ - defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) || \ - defined(__s390x__) || defined(__arch64__) || defined(__aarch64__) || \ - defined(__sparcv9) || defined(__sparc_v9__) || defined(__sparc64__) || \ - defined(__ia64) || defined(__ia64__) || defined(__itanium__) || defined(_M_IA64) || \ - defined(__LP64__) || defined(_LP64) || defined(__64BIT__) -# if !(defined(MP_32BIT) || defined(MP_16BIT) || defined(MP_8BIT)) -# if defined(__GNUC__) -/* we support 128bit integers only via: __attribute__((mode(TI))) */ -# define MP_64BIT -# else -/* otherwise we fall back to MP_32BIT even on 64bit platforms */ -# define MP_32BIT -# endif -# endif -#endif - -/* some default configurations. - * - * A "mp_digit" must be able to hold DIGIT_BIT + 1 bits - * A "mp_word" must be able to hold 2*DIGIT_BIT + 1 bits - * - * At the very least a mp_digit must be able to hold 7 bits - * [any size beyond that is ok provided it doesn't overflow the data type] - */ -#ifdef MP_8BIT -typedef uint8_t mp_digit; -typedef uint16_t mp_word; -# define MP_SIZEOF_MP_DIGIT 1 -# ifdef DIGIT_BIT -# error You must not define DIGIT_BIT when using MP_8BIT -# endif -#elif defined(MP_16BIT) -typedef uint16_t mp_digit; -typedef uint32_t mp_word; -# define MP_SIZEOF_MP_DIGIT 2 -# ifdef DIGIT_BIT -# error You must not define DIGIT_BIT when using MP_16BIT -# endif -#elif defined(MP_64BIT) -/* for GCC only on supported platforms */ -typedef uint64_t mp_digit; -typedef unsigned long mp_word __attribute__((mode(TI))); -# define DIGIT_BIT 60 -#else -/* this is the default case, 28-bit digits */ - -/* this is to make porting into LibTomCrypt easier :-) */ -typedef uint32_t mp_digit; -typedef uint64_t mp_word; - -# ifdef MP_31BIT -/* this is an extension that uses 31-bit digits */ -# define DIGIT_BIT 31 -# else -/* default case is 28-bit digits, defines MP_28BIT as a handy macro to test */ -# define DIGIT_BIT 28 -# define MP_28BIT -# endif -#endif - -/* otherwise the bits per digit is calculated automatically from the size of a mp_digit */ -#ifndef DIGIT_BIT -# define DIGIT_BIT (((CHAR_BIT * MP_SIZEOF_MP_DIGIT) - 1)) /* bits per digit */ -typedef uint_least32_t mp_min_u32; -#else -typedef mp_digit mp_min_u32; -#endif - -#define MP_DIGIT_BIT DIGIT_BIT -#define MP_MASK ((((mp_digit)1)<<((mp_digit)DIGIT_BIT))-((mp_digit)1)) -#define MP_DIGIT_MAX MP_MASK - -/* equalities */ -#define MP_LT -1 /* less than */ -#define MP_EQ 0 /* equal to */ -#define MP_GT 1 /* greater than */ - -#define MP_ZPOS 0 /* positive integer */ -#define MP_NEG 1 /* negative */ - -#define MP_OKAY 0 /* ok result */ -#define MP_MEM -2 /* out of mem */ -#define MP_VAL -3 /* invalid input */ -#define MP_RANGE MP_VAL -#define MP_ITER -4 /* Max. iterations reached */ - -#define MP_YES 1 /* yes response */ -#define MP_NO 0 /* no response */ - -/* Primality generation flags */ -#define LTM_PRIME_BBS 0x0001 /* BBS style prime */ -#define LTM_PRIME_SAFE 0x0002 /* Safe prime (p-1)/2 == prime */ -#define LTM_PRIME_2MSB_ON 0x0008 /* force 2nd MSB to 1 */ - -typedef int mp_err; - -/* you'll have to tune these... */ -extern int KARATSUBA_MUL_CUTOFF, - KARATSUBA_SQR_CUTOFF, - TOOM_MUL_CUTOFF, - TOOM_SQR_CUTOFF; - -/* define this to use lower memory usage routines (exptmods mostly) */ -/* #define MP_LOW_MEM */ - -/* default precision */ -#ifndef MP_PREC -# ifndef MP_LOW_MEM -# define MP_PREC 32 /* default digits of precision */ -# else -# define MP_PREC 8 /* default digits of precision */ -# endif -#endif - -/* size of comba arrays, should be at least 2 * 2**(BITS_PER_WORD - BITS_PER_DIGIT*2) */ -#define MP_WARRAY (1u << (((sizeof(mp_word) * CHAR_BIT) - (2 * DIGIT_BIT)) + 1)) - -/* the infamous mp_int structure */ -typedef struct { - int used, alloc, sign; - mp_digit *dp; -} mp_int; - -/* callback for mp_prime_random, should fill dst with random bytes and return how many read [upto len] */ -typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat); - - -#define USED(m) ((m)->used) -#define DIGIT(m, k) ((m)->dp[(k)]) -#define SIGN(m) ((m)->sign) - -/* error code to char* string */ -const char *mp_error_to_string(int code); - -/* ---> init and deinit bignum functions <--- */ -/* init a bignum */ -int mp_init(mp_int *a); - -/* free a bignum */ -void mp_clear(mp_int *a); - -/* init a null terminated series of arguments */ -int mp_init_multi(mp_int *mp, ...); - -/* clear a null terminated series of arguments */ -void mp_clear_multi(mp_int *mp, ...); - -/* exchange two ints */ -void mp_exch(mp_int *a, mp_int *b); - -/* shrink ram required for a bignum */ -int mp_shrink(mp_int *a); - -/* grow an int to a given size */ -int mp_grow(mp_int *a, int size); - -/* init to a given number of digits */ -int mp_init_size(mp_int *a, int size); - -/* ---> Basic Manipulations <--- */ -#define mp_iszero(a) (((a)->used == 0) ? MP_YES : MP_NO) -#define mp_iseven(a) ((((a)->used == 0) || (((a)->dp[0] & 1u) == 0u)) ? MP_YES : MP_NO) -#define mp_isodd(a) ((((a)->used > 0) && (((a)->dp[0] & 1u) == 1u)) ? MP_YES : MP_NO) -#define mp_isneg(a) (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO) - -/* set to zero */ -void mp_zero(mp_int *a); - -/* set to a digit */ -void mp_set(mp_int *a, mp_digit b); - -/* set a double */ -int mp_set_double(mp_int *a, double b); - -/* set a 32-bit const */ -int mp_set_int(mp_int *a, unsigned long b); - -/* set a platform dependent unsigned long value */ -int mp_set_long(mp_int *a, unsigned long b); - -/* set a platform dependent unsigned long long value */ -int mp_set_long_long(mp_int *a, unsigned long long b); - -/* get a double */ -double mp_get_double(const mp_int *a); - -/* get a 32-bit value */ -unsigned long mp_get_int(const mp_int *a); - -/* get a platform dependent unsigned long value */ -unsigned long mp_get_long(const mp_int *a); - -/* get a platform dependent unsigned long long value */ -unsigned long long mp_get_long_long(const mp_int *a); - -/* initialize and set a digit */ -int mp_init_set(mp_int *a, mp_digit b); - -/* initialize and set 32-bit value */ -int mp_init_set_int(mp_int *a, unsigned long b); - -/* copy, b = a */ -int mp_copy(const mp_int *a, mp_int *b); - -/* inits and copies, a = b */ -int mp_init_copy(mp_int *a, const mp_int *b); - -/* trim unused digits */ -void mp_clamp(mp_int *a); - -/* import binary data */ -int mp_import(mp_int *rop, size_t count, int order, size_t size, int endian, size_t nails, const void *op); - -/* export binary data */ -int mp_export(void *rop, size_t *countp, int order, size_t size, int endian, size_t nails, const mp_int *op); - -/* ---> digit manipulation <--- */ - -/* right shift by "b" digits */ -void mp_rshd(mp_int *a, int b); - -/* left shift by "b" digits */ -int mp_lshd(mp_int *a, int b); - -/* c = a / 2**b, implemented as c = a >> b */ -int mp_div_2d(const mp_int *a, int b, mp_int *c, mp_int *d); - -/* b = a/2 */ -int mp_div_2(const mp_int *a, mp_int *b); - -/* c = a * 2**b, implemented as c = a << b */ -int mp_mul_2d(const mp_int *a, int b, mp_int *c); - -/* b = a*2 */ -int mp_mul_2(const mp_int *a, mp_int *b); - -/* c = a mod 2**b */ -int mp_mod_2d(const mp_int *a, int b, mp_int *c); - -/* computes a = 2**b */ -int mp_2expt(mp_int *a, int b); - -/* Counts the number of lsbs which are zero before the first zero bit */ -int mp_cnt_lsb(const mp_int *a); - -/* I Love Earth! */ - -/* makes a pseudo-random mp_int of a given size */ -int mp_rand(mp_int *a, int digits); -/* makes a pseudo-random small int of a given size */ -int mp_rand_digit(mp_digit *r); - -#ifdef MP_PRNG_ENABLE_LTM_RNG -/* A last resort to provide random data on systems without any of the other - * implemented ways to gather entropy. - * It is compatible with `rng_get_bytes()` from libtomcrypt so you could - * provide that one and then set `ltm_rng = rng_get_bytes;` */ -extern unsigned long (*ltm_rng)(unsigned char *out, unsigned long outlen, void (*callback)(void)); -extern void (*ltm_rng_callback)(void); -#endif - -/* ---> binary operations <--- */ -/* c = a XOR b */ -int mp_xor(const mp_int *a, const mp_int *b, mp_int *c); - -/* c = a OR b */ -int mp_or(const mp_int *a, const mp_int *b, mp_int *c); - -/* c = a AND b */ -int mp_and(const mp_int *a, const mp_int *b, mp_int *c); - -/* Checks the bit at position b and returns MP_YES - if the bit is 1, MP_NO if it is 0 and MP_VAL - in case of error */ -int mp_get_bit(const mp_int *a, int b); - -/* c = a XOR b (two complement) */ -int mp_tc_xor(const mp_int *a, const mp_int *b, mp_int *c); - -/* c = a OR b (two complement) */ -int mp_tc_or(const mp_int *a, const mp_int *b, mp_int *c); - -/* c = a AND b (two complement) */ -int mp_tc_and(const mp_int *a, const mp_int *b, mp_int *c); - -/* right shift (two complement) */ -int mp_tc_div_2d(const mp_int *a, int b, mp_int *c); - -/* ---> Basic arithmetic <--- */ - -/* b = ~a */ -int mp_complement(const mp_int *a, mp_int *b); - -/* b = -a */ -int mp_neg(const mp_int *a, mp_int *b); - -/* b = |a| */ -int mp_abs(const mp_int *a, mp_int *b); - -/* compare a to b */ -int mp_cmp(const mp_int *a, const mp_int *b); - -/* compare |a| to |b| */ -int mp_cmp_mag(const mp_int *a, const mp_int *b); - -/* c = a + b */ -int mp_add(const mp_int *a, const mp_int *b, mp_int *c); - -/* c = a - b */ -int mp_sub(const mp_int *a, const mp_int *b, mp_int *c); - -/* c = a * b */ -int mp_mul(const mp_int *a, const mp_int *b, mp_int *c); - -/* b = a*a */ -int mp_sqr(const mp_int *a, mp_int *b); - -/* a/b => cb + d == a */ -int mp_div(const mp_int *a, const mp_int *b, mp_int *c, mp_int *d); - -/* c = a mod b, 0 <= c < b */ -int mp_mod(const mp_int *a, const mp_int *b, mp_int *c); - -/* ---> single digit functions <--- */ - -/* compare against a single digit */ -int mp_cmp_d(const mp_int *a, mp_digit b); - -/* c = a + b */ -int mp_add_d(const mp_int *a, mp_digit b, mp_int *c); - -/* c = a - b */ -int mp_sub_d(const mp_int *a, mp_digit b, mp_int *c); - -/* c = a * b */ -int mp_mul_d(const mp_int *a, mp_digit b, mp_int *c); - -/* a/b => cb + d == a */ -int mp_div_d(const mp_int *a, mp_digit b, mp_int *c, mp_digit *d); - -/* a/3 => 3c + d == a */ -int mp_div_3(const mp_int *a, mp_int *c, mp_digit *d); - -/* c = a**b */ -int mp_expt_d(const mp_int *a, mp_digit b, mp_int *c); -int mp_expt_d_ex(const mp_int *a, mp_digit b, mp_int *c, int fast); - -/* c = a mod b, 0 <= c < b */ -int mp_mod_d(const mp_int *a, mp_digit b, mp_digit *c); - -/* ---> number theory <--- */ - -/* d = a + b (mod c) */ -int mp_addmod(const mp_int *a, const mp_int *b, const mp_int *c, mp_int *d); - -/* d = a - b (mod c) */ -int mp_submod(const mp_int *a, const mp_int *b, const mp_int *c, mp_int *d); - -/* d = a * b (mod c) */ -int mp_mulmod(const mp_int *a, const mp_int *b, const mp_int *c, mp_int *d); - -/* c = a * a (mod b) */ -int mp_sqrmod(const mp_int *a, const mp_int *b, mp_int *c); - -/* c = 1/a (mod b) */ -int mp_invmod(const mp_int *a, const mp_int *b, mp_int *c); - -/* c = (a, b) */ -int mp_gcd(const mp_int *a, const mp_int *b, mp_int *c); - -/* produces value such that U1*a + U2*b = U3 */ -int mp_exteuclid(const mp_int *a, const mp_int *b, mp_int *U1, mp_int *U2, mp_int *U3); - -/* c = [a, b] or (a*b)/(a, b) */ -int mp_lcm(const mp_int *a, const mp_int *b, mp_int *c); - -/* finds one of the b'th root of a, such that |c|**b <= |a| - * - * returns error if a < 0 and b is even - */ -int mp_n_root(const mp_int *a, mp_digit b, mp_int *c); -int mp_n_root_ex(const mp_int *a, mp_digit b, mp_int *c, int fast); - -/* special sqrt algo */ -int mp_sqrt(const mp_int *arg, mp_int *ret); - -/* special sqrt (mod prime) */ -int mp_sqrtmod_prime(const mp_int *n, const mp_int *prime, mp_int *ret); - -/* is number a square? */ -int mp_is_square(const mp_int *arg, int *ret); - -/* computes the jacobi c = (a | n) (or Legendre if b is prime) */ -int mp_jacobi(const mp_int *a, const mp_int *n, int *c); - -/* computes the Kronecker symbol c = (a | p) (like jacobi() but with {a,p} in Z */ -int mp_kronecker(const mp_int *a, const mp_int *p, int *c); - -/* used to setup the Barrett reduction for a given modulus b */ -int mp_reduce_setup(mp_int *a, const mp_int *b); - -/* Barrett Reduction, computes a (mod b) with a precomputed value c - * - * Assumes that 0 < x <= m*m, note if 0 > x > -(m*m) then you can merely - * compute the reduction as -1 * mp_reduce(mp_abs(x)) [pseudo code]. - */ -int mp_reduce(mp_int *x, const mp_int *m, const mp_int *mu); - -/* setups the montgomery reduction */ -int mp_montgomery_setup(const mp_int *n, mp_digit *rho); - -/* computes a = B**n mod b without division or multiplication useful for - * normalizing numbers in a Montgomery system. - */ -int mp_montgomery_calc_normalization(mp_int *a, const mp_int *b); - -/* computes x/R == x (mod N) via Montgomery Reduction */ -int mp_montgomery_reduce(mp_int *x, const mp_int *n, mp_digit rho); - -/* returns 1 if a is a valid DR modulus */ -int mp_dr_is_modulus(const mp_int *a); - -/* sets the value of "d" required for mp_dr_reduce */ -void mp_dr_setup(const mp_int *a, mp_digit *d); - -/* reduces a modulo n using the Diminished Radix method */ -int mp_dr_reduce(mp_int *x, const mp_int *n, mp_digit k); - -/* returns true if a can be reduced with mp_reduce_2k */ -int mp_reduce_is_2k(const mp_int *a); - -/* determines k value for 2k reduction */ -int mp_reduce_2k_setup(const mp_int *a, mp_digit *d); - -/* reduces a modulo b where b is of the form 2**p - k [0 <= a] */ -int mp_reduce_2k(mp_int *a, const mp_int *n, mp_digit d); - -/* returns true if a can be reduced with mp_reduce_2k_l */ -int mp_reduce_is_2k_l(const mp_int *a); - -/* determines k value for 2k reduction */ -int mp_reduce_2k_setup_l(const mp_int *a, mp_int *d); - -/* reduces a modulo b where b is of the form 2**p - k [0 <= a] */ -int mp_reduce_2k_l(mp_int *a, const mp_int *n, const mp_int *d); - -/* Y = G**X (mod P) */ -int mp_exptmod(const mp_int *G, const mp_int *X, const mp_int *P, mp_int *Y); - -/* ---> Primes <--- */ - -/* number of primes */ -#ifdef MP_8BIT -# define PRIME_SIZE 31 -#else -# define PRIME_SIZE 256 -#endif - -/* table of first PRIME_SIZE primes */ -extern const mp_digit ltm_prime_tab[PRIME_SIZE]; - -/* result=1 if a is divisible by one of the first PRIME_SIZE primes */ -int mp_prime_is_divisible(const mp_int *a, int *result); - -/* performs one Fermat test of "a" using base "b". - * Sets result to 0 if composite or 1 if probable prime - */ -int mp_prime_fermat(const mp_int *a, const mp_int *b, int *result); - -/* performs one Miller-Rabin test of "a" using base "b". - * Sets result to 0 if composite or 1 if probable prime - */ -int mp_prime_miller_rabin(const mp_int *a, const mp_int *b, int *result); - -/* This gives [for a given bit size] the number of trials required - * such that Miller-Rabin gives a prob of failure lower than 2^-96 - */ -int mp_prime_rabin_miller_trials(int size); - -/* performs one strong Lucas-Selfridge test of "a". - * Sets result to 0 if composite or 1 if probable prime - */ -int mp_prime_strong_lucas_selfridge(const mp_int *a, int *result); - -/* performs one Frobenius test of "a" as described by Paul Underwood. - * Sets result to 0 if composite or 1 if probable prime - */ -int mp_prime_frobenius_underwood(const mp_int *N, int *result); - -/* performs t random rounds of Miller-Rabin on "a" additional to - * bases 2 and 3. Also performs an initial sieve of trial - * division. Determines if "a" is prime with probability - * of error no more than (1/4)**t. - * Both a strong Lucas-Selfridge to complete the BPSW test - * and a separate Frobenius test are available at compile time. - * With t<0 a deterministic test is run for primes up to - * 318665857834031151167461. With t<13 (abs(t)-13) additional - * tests with sequential small primes are run starting at 43. - * Is Fips 186.4 compliant if called with t as computed by - * mp_prime_rabin_miller_trials(); - * - * Sets result to 1 if probably prime, 0 otherwise - */ -int mp_prime_is_prime(const mp_int *a, int t, int *result); - -/* finds the next prime after the number "a" using "t" trials - * of Miller-Rabin. - * - * bbs_style = 1 means the prime must be congruent to 3 mod 4 - */ -int mp_prime_next_prime(mp_int *a, int t, int bbs_style); - -/* makes a truly random prime of a given size (bytes), - * call with bbs = 1 if you want it to be congruent to 3 mod 4 - * - * You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can - * have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself - * so it can be NULL - * - * The prime generated will be larger than 2^(8*size). - */ -#define mp_prime_random(a, t, size, bbs, cb, dat) mp_prime_random_ex(a, t, ((size) * 8) + 1, (bbs==1)?LTM_PRIME_BBS:0, cb, dat) - -/* makes a truly random prime of a given size (bits), - * - * Flags are as follows: - * - * LTM_PRIME_BBS - make prime congruent to 3 mod 4 - * LTM_PRIME_SAFE - make sure (p-1)/2 is prime as well (implies LTM_PRIME_BBS) - * LTM_PRIME_2MSB_ON - make the 2nd highest bit one - * - * You have to supply a callback which fills in a buffer with random bytes. "dat" is a parameter you can - * have passed to the callback (e.g. a state or something). This function doesn't use "dat" itself - * so it can be NULL - * - */ -int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback cb, void *dat); - -/* ---> radix conversion <--- */ -int mp_count_bits(const mp_int *a); - -int mp_unsigned_bin_size(const mp_int *a); -int mp_read_unsigned_bin(mp_int *a, const unsigned char *b, int c); -int mp_to_unsigned_bin(const mp_int *a, unsigned char *b); -int mp_to_unsigned_bin_n(const mp_int *a, unsigned char *b, unsigned long *outlen); - -int mp_signed_bin_size(const mp_int *a); -int mp_read_signed_bin(mp_int *a, const unsigned char *b, int c); -int mp_to_signed_bin(const mp_int *a, unsigned char *b); -int mp_to_signed_bin_n(const mp_int *a, unsigned char *b, unsigned long *outlen); - -int mp_read_radix(mp_int *a, const char *str, int radix); -int mp_toradix(const mp_int *a, char *str, int radix); -int mp_toradix_n(const mp_int *a, char *str, int radix, int maxlen); -int mp_radix_size(const mp_int *a, int radix, int *size); - -#ifndef LTM_NO_FILE -int mp_fread(mp_int *a, int radix, FILE *stream); -int mp_fwrite(const mp_int *a, int radix, FILE *stream); -#endif - -#define mp_read_raw(mp, str, len) mp_read_signed_bin((mp), (str), (len)) -#define mp_raw_size(mp) mp_signed_bin_size(mp) -#define mp_toraw(mp, str) mp_to_signed_bin((mp), (str)) -#define mp_read_mag(mp, str, len) mp_read_unsigned_bin((mp), (str), (len)) -#define mp_mag_size(mp) mp_unsigned_bin_size(mp) -#define mp_tomag(mp, str) mp_to_unsigned_bin((mp), (str)) - -#define mp_tobinary(M, S) mp_toradix((M), (S), 2) -#define mp_tooctal(M, S) mp_toradix((M), (S), 8) -#define mp_todecimal(M, S) mp_toradix((M), (S), 10) -#define mp_tohex(M, S) mp_toradix((M), (S), 16) - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/libs/tomcrypt/src/headers/tommath_private.h b/libs/tomcrypt/src/headers/tommath_private.h deleted file mode 100644 index 7e4b90f9dbb..00000000000 --- a/libs/tomcrypt/src/headers/tommath_private.h +++ /dev/null @@ -1,117 +0,0 @@ -/* LibTomMath, multiple-precision integer library -- Tom St Denis - * - * LibTomMath is a library that provides multiple-precision - * integer arithmetic as well as number theoretic functionality. - * - * The library was designed directly after the MPI library by - * Michael Fromberger but has been written from scratch with - * additional optimizations in place. - * - * SPDX-License-Identifier: Unlicense - */ -#ifndef TOMMATH_PRIV_H_ -#define TOMMATH_PRIV_H_ - -#include "tommath.h" -#include <ctype.h> - -#ifndef MIN -#define MIN(x, y) (((x) < (y)) ? (x) : (y)) -#endif - -#ifndef MAX -#define MAX(x, y) (((x) > (y)) ? (x) : (y)) -#endif - -#ifdef __cplusplus -extern "C" { - -/* C++ compilers don't like assigning void * to mp_digit * */ -#define OPT_CAST(x) (x *) - -#else - -/* C on the other hand doesn't care */ -#define OPT_CAST(x) - -#endif - -/* define heap macros */ -#ifndef XMALLOC -/* default to libc stuff */ -# define XMALLOC malloc -# define XFREE free -# define XREALLOC realloc -# define XCALLOC calloc -#else -/* prototypes for our heap functions */ -extern void *XMALLOC(size_t n); -extern void *XREALLOC(void *p, size_t n); -extern void *XCALLOC(size_t n, size_t s); -extern void XFREE(void *p); -#endif - -/* lowlevel functions, do not call! */ -int s_mp_add(const mp_int *a, const mp_int *b, mp_int *c); -int s_mp_sub(const mp_int *a, const mp_int *b, mp_int *c); -#define s_mp_mul(a, b, c) s_mp_mul_digs(a, b, c, (a)->used + (b)->used + 1) -int fast_s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs); -int s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs); -int fast_s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs); -int s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs); -int fast_s_mp_sqr(const mp_int *a, mp_int *b); -int s_mp_sqr(const mp_int *a, mp_int *b); -int mp_karatsuba_mul(const mp_int *a, const mp_int *b, mp_int *c); -int mp_toom_mul(const mp_int *a, const mp_int *b, mp_int *c); -int mp_karatsuba_sqr(const mp_int *a, mp_int *b); -int mp_toom_sqr(const mp_int *a, mp_int *b); -int fast_mp_invmod(const mp_int *a, const mp_int *b, mp_int *c); -int mp_invmod_slow(const mp_int *a, const mp_int *b, mp_int *c); -int fast_mp_montgomery_reduce(mp_int *x, const mp_int *n, mp_digit rho); -int mp_exptmod_fast(const mp_int *G, const mp_int *X, const mp_int *P, mp_int *Y, int redmode); -int s_mp_exptmod(const mp_int *G, const mp_int *X, const mp_int *P, mp_int *Y, int redmode); -void bn_reverse(unsigned char *s, int len); - -extern const char *const mp_s_rmap; -extern const uint8_t mp_s_rmap_reverse[]; -extern const size_t mp_s_rmap_reverse_sz; - -/* Fancy macro to set an MPI from another type. - * There are several things assumed: - * x is the counter and unsigned - * a is the pointer to the MPI - * b is the original value that should be set in the MPI. - */ -#define MP_SET_XLONG(func_name, type) \ -int func_name (mp_int * a, type b) \ -{ \ - unsigned int x; \ - int res; \ - \ - mp_zero (a); \ - \ - /* set four bits at a time */ \ - for (x = 0; x < (sizeof(type) * 2u); x++) { \ - /* shift the number up four bits */ \ - if ((res = mp_mul_2d (a, 4, a)) != MP_OKAY) { \ - return res; \ - } \ - \ - /* OR in the top four bits of the source */ \ - a->dp[0] |= (mp_digit)(b >> ((sizeof(type) * 8u) - 4u)) & 15uL;\ - \ - /* shift the source up to the next four bits */ \ - b <<= 4; \ - \ - /* ensure that digits are not clamped off */ \ - a->used += 1; \ - } \ - mp_clamp (a); \ - return MP_OKAY; \ -} - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/libs/tomcrypt/src/mac/hmac/hmac_done.c b/libs/tomcrypt/src/mac/hmac/hmac_done.c deleted file mode 100644 index dfe86c29cc4..00000000000 --- a/libs/tomcrypt/src/mac/hmac/hmac_done.c +++ /dev/null @@ -1,103 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file hmac_done.c - HMAC support, terminate stream, Tom St Denis/Dobes Vandermeer -*/ - -#ifdef LTC_HMAC - -#define LTC_HMAC_BLOCKSIZE hash_descriptor[hash].blocksize - -/** - Terminate an HMAC session - @param hmac The HMAC state - @param out [out] The destination of the HMAC authentication tag - @param outlen [in/out] The max size and resulting size of the HMAC authentication tag - @return CRYPT_OK if successful -*/ -int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen) -{ - unsigned char *buf, *isha; - unsigned long hashsize, i; - int hash, err; - - LTC_ARGCHK(hmac != NULL); - LTC_ARGCHK(out != NULL); - - /* test hash */ - hash = hmac->hash; - if((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - /* get the hash message digest size */ - hashsize = hash_descriptor[hash].hashsize; - - /* allocate buffers */ - buf = XMALLOC(LTC_HMAC_BLOCKSIZE); - isha = XMALLOC(hashsize); - if (buf == NULL || isha == NULL) { - if (buf != NULL) { - XFREE(buf); - } - if (isha != NULL) { - XFREE(isha); - } - return CRYPT_MEM; - } - - /* Get the hash of the first HMAC vector plus the data */ - if ((err = hash_descriptor[hash].done(&hmac->md, isha)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* Create the second HMAC vector vector for step (3) */ - for(i=0; i < LTC_HMAC_BLOCKSIZE; i++) { - buf[i] = hmac->key[i] ^ 0x5C; - } - - /* Now calculate the "outer" hash for step (5), (6), and (7) */ - if ((err = hash_descriptor[hash].init(&hmac->md)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash].process(&hmac->md, buf, LTC_HMAC_BLOCKSIZE)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash].process(&hmac->md, isha, hashsize)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash].done(&hmac->md, buf)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* copy to output */ - for (i = 0; i < hashsize && i < *outlen; i++) { - out[i] = buf[i]; - } - *outlen = i; - - err = CRYPT_OK; -LBL_ERR: - XFREE(hmac->key); -#ifdef LTC_CLEAN_STACK - zeromem(isha, hashsize); - zeromem(buf, hashsize); - zeromem(hmac, sizeof(*hmac)); -#endif - - XFREE(isha); - XFREE(buf); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/hmac/hmac_init.c b/libs/tomcrypt/src/mac/hmac/hmac_init.c deleted file mode 100644 index 566ce04949d..00000000000 --- a/libs/tomcrypt/src/mac/hmac/hmac_init.c +++ /dev/null @@ -1,104 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file hmac_init.c - HMAC support, initialize state, Tom St Denis/Dobes Vandermeer -*/ - -#ifdef LTC_HMAC - -#define LTC_HMAC_BLOCKSIZE hash_descriptor[hash].blocksize - -/** - Initialize an HMAC context. - @param hmac The HMAC state - @param hash The index of the hash you want to use - @param key The secret key - @param keylen The length of the secret key (octets) - @return CRYPT_OK if successful -*/ -int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen) -{ - unsigned char *buf; - unsigned long hashsize; - unsigned long i, z; - int err; - - LTC_ARGCHK(hmac != NULL); - LTC_ARGCHK(key != NULL); - - /* valid hash? */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - hmac->hash = hash; - hashsize = hash_descriptor[hash].hashsize; - - /* valid key length? */ - if (keylen == 0) { - return CRYPT_INVALID_KEYSIZE; - } - - /* allocate ram for buf */ - buf = XMALLOC(LTC_HMAC_BLOCKSIZE); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* allocate memory for key */ - hmac->key = XMALLOC(LTC_HMAC_BLOCKSIZE); - if (hmac->key == NULL) { - XFREE(buf); - return CRYPT_MEM; - } - - /* (1) make sure we have a large enough key */ - if(keylen > LTC_HMAC_BLOCKSIZE) { - z = LTC_HMAC_BLOCKSIZE; - if ((err = hash_memory(hash, key, keylen, hmac->key, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - keylen = hashsize; - } else { - XMEMCPY(hmac->key, key, (size_t)keylen); - } - - if(keylen < LTC_HMAC_BLOCKSIZE) { - zeromem((hmac->key) + keylen, (size_t)(LTC_HMAC_BLOCKSIZE - keylen)); - } - - /* Create the initialization vector for step (3) */ - for(i=0; i < LTC_HMAC_BLOCKSIZE; i++) { - buf[i] = hmac->key[i] ^ 0x36; - } - - /* Pre-pend that to the hash data */ - if ((err = hash_descriptor[hash].init(&hmac->md)) != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err = hash_descriptor[hash].process(&hmac->md, buf, LTC_HMAC_BLOCKSIZE)) != CRYPT_OK) { - goto LBL_ERR; - } - goto done; -LBL_ERR: - /* free the key since we failed */ - XFREE(hmac->key); -done: -#ifdef LTC_CLEAN_STACK - zeromem(buf, LTC_HMAC_BLOCKSIZE); -#endif - - XFREE(buf); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/hmac/hmac_memory.c b/libs/tomcrypt/src/mac/hmac/hmac_memory.c deleted file mode 100644 index ac74a6f20b1..00000000000 --- a/libs/tomcrypt/src/mac/hmac/hmac_memory.c +++ /dev/null @@ -1,81 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file hmac_memory.c - HMAC support, process a block of memory, Tom St Denis/Dobes Vandermeer -*/ - -#ifdef LTC_HMAC - -/** - HMAC a block of memory to produce the authentication tag - @param hash The index of the hash to use - @param key The secret key - @param keylen The length of the secret key (octets) - @param in The data to HMAC - @param inlen The length of the data to HMAC (octets) - @param out [out] Destination of the authentication tag - @param outlen [in/out] Max size and resulting size of authentication tag - @return CRYPT_OK if successful -*/ -int hmac_memory(int hash, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - hmac_state *hmac; - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* make sure hash descriptor is valid */ - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - /* is there a descriptor? */ - if (hash_descriptor[hash].hmac_block != NULL) { - return hash_descriptor[hash].hmac_block(key, keylen, in, inlen, out, outlen); - } - - /* nope, so call the hmac functions */ - /* allocate ram for hmac state */ - hmac = XMALLOC(sizeof(hmac_state)); - if (hmac == NULL) { - return CRYPT_MEM; - } - - if ((err = hmac_init(hmac, hash, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err = hmac_process(hmac, in, inlen)) != CRYPT_OK) { - goto LBL_ERR; - } - - if ((err = hmac_done(hmac, out, outlen)) != CRYPT_OK) { - goto LBL_ERR; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(hmac, sizeof(hmac_state)); -#endif - - XFREE(hmac); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/hmac/hmac_memory_multi.c b/libs/tomcrypt/src/mac/hmac/hmac_memory_multi.c deleted file mode 100644 index 4bac0684c38..00000000000 --- a/libs/tomcrypt/src/mac/hmac/hmac_memory_multi.c +++ /dev/null @@ -1,85 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" -#include <stdarg.h> - -/** - @file hmac_memory_multi.c - HMAC support, process multiple blocks of memory, Tom St Denis/Dobes Vandermeer -*/ - -#ifdef LTC_HMAC - -/** - HMAC multiple blocks of memory to produce the authentication tag - @param hash The index of the hash to use - @param key The secret key - @param keylen The length of the secret key (octets) - @param out [out] Destination of the authentication tag - @param outlen [in/out] Max size and resulting size of authentication tag - @param in The data to HMAC - @param inlen The length of the data to HMAC (octets) - @param ... tuples of (data,len) pairs to HMAC, terminated with a (NULL,x) (x=don't care) - @return CRYPT_OK if successful -*/ -int hmac_memory_multi(int hash, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...) - -{ - hmac_state *hmac; - int err; - va_list args; - const unsigned char *curptr; - unsigned long curlen; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* allocate ram for hmac state */ - hmac = XMALLOC(sizeof(hmac_state)); - if (hmac == NULL) { - return CRYPT_MEM; - } - - if ((err = hmac_init(hmac, hash, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - - va_start(args, inlen); - curptr = in; - curlen = inlen; - for (;;) { - /* process buf */ - if ((err = hmac_process(hmac, curptr, curlen)) != CRYPT_OK) { - goto LBL_ERR; - } - /* step to next */ - curptr = va_arg(args, const unsigned char*); - if (curptr == NULL) { - break; - } - curlen = va_arg(args, unsigned long); - } - if ((err = hmac_done(hmac, out, outlen)) != CRYPT_OK) { - goto LBL_ERR; - } -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(hmac, sizeof(hmac_state)); -#endif - XFREE(hmac); - va_end(args); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/hmac/hmac_process.c b/libs/tomcrypt/src/mac/hmac/hmac_process.c deleted file mode 100644 index 70919d93376..00000000000 --- a/libs/tomcrypt/src/mac/hmac/hmac_process.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file hmac_process.c - HMAC support, process data, Tom St Denis/Dobes Vandermeer -*/ - -#ifdef LTC_HMAC - -/** - Process data through HMAC - @param hmac The hmac state - @param in The data to send through HMAC - @param inlen The length of the data to HMAC (octets) - @return CRYPT_OK if successful -*/ -int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen) -{ - int err; - LTC_ARGCHK(hmac != NULL); - LTC_ARGCHK(in != NULL); - if ((err = hash_is_valid(hmac->hash)) != CRYPT_OK) { - return err; - } - return hash_descriptor[hmac->hash].process(&hmac->md, in, inlen); -} - -#endif diff --git a/libs/tomcrypt/src/mac/omac/omac_done.c b/libs/tomcrypt/src/mac/omac/omac_done.c deleted file mode 100644 index 8a29833a646..00000000000 --- a/libs/tomcrypt/src/mac/omac/omac_done.c +++ /dev/null @@ -1,79 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file omac_done.c - OMAC1 support, terminate a stream, Tom St Denis -*/ - -#ifdef LTC_OMAC - -/** - Terminate an OMAC stream - @param omac The OMAC state - @param out [out] Destination for the authentication tag - @param outlen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen) -{ - int err, mode; - unsigned x; - - LTC_ARGCHK(omac != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - if ((err = cipher_is_valid(omac->cipher_idx)) != CRYPT_OK) { - return err; - } - - if ((omac->buflen > (int)sizeof(omac->block)) || (omac->buflen < 0) || - (omac->blklen > (int)sizeof(omac->block)) || (omac->buflen > omac->blklen)) { - return CRYPT_INVALID_ARG; - } - - /* figure out mode */ - if (omac->buflen != omac->blklen) { - /* add the 0x80 byte */ - omac->block[omac->buflen++] = 0x80; - - /* pad with 0x00 */ - while (omac->buflen < omac->blklen) { - omac->block[omac->buflen++] = 0x00; - } - mode = 1; - } else { - mode = 0; - } - - /* now xor prev + Lu[mode] */ - for (x = 0; x < (unsigned)omac->blklen; x++) { - omac->block[x] ^= omac->prev[x] ^ omac->Lu[mode][x]; - } - - /* encrypt it */ - if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->block, &omac->key)) != CRYPT_OK) { - return err; - } - cipher_descriptor[omac->cipher_idx].done(&omac->key); - - /* output it */ - for (x = 0; x < (unsigned)omac->blklen && x < *outlen; x++) { - out[x] = omac->block[x]; - } - *outlen = x; - -#ifdef LTC_CLEAN_STACK - zeromem(omac, sizeof(*omac)); -#endif - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/mac/omac/omac_init.c b/libs/tomcrypt/src/mac/omac/omac_init.c deleted file mode 100644 index 08a98b35434..00000000000 --- a/libs/tomcrypt/src/mac/omac/omac_init.c +++ /dev/null @@ -1,95 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file omac_init.c - OMAC1 support, initialize state, by Tom St Denis -*/ - - -#ifdef LTC_OMAC - -/** - Initialize an OMAC state - @param omac The OMAC state to initialize - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @return CRYPT_OK if successful -*/ -int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen) -{ - int err, x, y, mask, msb, len; - - LTC_ARGCHK(omac != NULL); - LTC_ARGCHK(key != NULL); - - /* schedule the key */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - -#ifdef LTC_FAST - if (cipher_descriptor[cipher].block_length % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - /* now setup the system */ - switch (cipher_descriptor[cipher].block_length) { - case 8: mask = 0x1B; - len = 8; - break; - case 16: mask = 0x87; - len = 16; - break; - default: return CRYPT_INVALID_ARG; - } - - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &omac->key)) != CRYPT_OK) { - return err; - } - - /* ok now we need Lu and Lu^2 [calc one from the other] */ - - /* first calc L which is Ek(0) */ - zeromem(omac->Lu[0], cipher_descriptor[cipher].block_length); - if ((err = cipher_descriptor[cipher].ecb_encrypt(omac->Lu[0], omac->Lu[0], &omac->key)) != CRYPT_OK) { - return err; - } - - /* now do the mults, whoopy! */ - for (x = 0; x < 2; x++) { - /* if msb(L * u^(x+1)) = 0 then just shift, otherwise shift and xor constant mask */ - msb = omac->Lu[x][0] >> 7; - - /* shift left */ - for (y = 0; y < (len - 1); y++) { - omac->Lu[x][y] = ((omac->Lu[x][y] << 1) | (omac->Lu[x][y+1] >> 7)) & 255; - } - omac->Lu[x][len - 1] = ((omac->Lu[x][len - 1] << 1) ^ (msb ? mask : 0)) & 255; - - /* copy up as require */ - if (x == 0) { - XMEMCPY(omac->Lu[1], omac->Lu[0], sizeof(omac->Lu[0])); - } - } - - /* setup state */ - omac->cipher_idx = cipher; - omac->buflen = 0; - omac->blklen = len; - zeromem(omac->prev, sizeof(omac->prev)); - zeromem(omac->block, sizeof(omac->block)); - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/mac/omac/omac_memory.c b/libs/tomcrypt/src/mac/omac/omac_memory.c deleted file mode 100644 index 85a11f4ba70..00000000000 --- a/libs/tomcrypt/src/mac/omac/omac_memory.c +++ /dev/null @@ -1,79 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file omac_memory.c - OMAC1 support, process a block of memory, Tom St Denis -*/ - -#ifdef LTC_OMAC - -/** - OMAC a block of memory - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @param in The data to send through OMAC - @param inlen The length of the data to send through OMAC (octets) - @param out [out] The destination of the authentication tag - @param outlen [in/out] The max size and resulting size of the authentication tag (octets) - @return CRYPT_OK if successful -*/ -int omac_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - int err; - omac_state *omac; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* is the cipher valid? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - /* Use accelerator if found */ - if (cipher_descriptor[cipher].omac_memory != NULL) { - return cipher_descriptor[cipher].omac_memory(key, keylen, in, inlen, out, outlen); - } - - /* allocate ram for omac state */ - omac = XMALLOC(sizeof(omac_state)); - if (omac == NULL) { - return CRYPT_MEM; - } - - /* omac process the message */ - if ((err = omac_init(omac, cipher, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = omac_process(omac, in, inlen)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = omac_done(omac, out, outlen)) != CRYPT_OK) { - goto LBL_ERR; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(omac, sizeof(omac_state)); -#endif - - XFREE(omac); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/omac/omac_memory_multi.c b/libs/tomcrypt/src/mac/omac/omac_memory_multi.c deleted file mode 100644 index a1dcbb24b68..00000000000 --- a/libs/tomcrypt/src/mac/omac/omac_memory_multi.c +++ /dev/null @@ -1,84 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" -#include <stdarg.h> - -/** - @file omac_memory_multi.c - OMAC1 support, process multiple blocks of memory, Tom St Denis -*/ - -#ifdef LTC_OMAC - -/** - OMAC multiple blocks of memory - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @param out [out] The destination of the authentication tag - @param outlen [in/out] The max size and resulting size of the authentication tag (octets) - @param in The data to send through OMAC - @param inlen The length of the data to send through OMAC (octets) - @param ... tuples of (data,len) pairs to OMAC, terminated with a (NULL,x) (x=don't care) - @return CRYPT_OK if successful -*/ -int omac_memory_multi(int cipher, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...) -{ - int err; - omac_state *omac; - va_list args; - const unsigned char *curptr; - unsigned long curlen; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* allocate ram for omac state */ - omac = XMALLOC(sizeof(omac_state)); - if (omac == NULL) { - return CRYPT_MEM; - } - - /* omac process the message */ - if ((err = omac_init(omac, cipher, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - va_start(args, inlen); - curptr = in; - curlen = inlen; - for (;;) { - /* process buf */ - if ((err = omac_process(omac, curptr, curlen)) != CRYPT_OK) { - goto LBL_ERR; - } - /* step to next */ - curptr = va_arg(args, const unsigned char*); - if (curptr == NULL) { - break; - } - curlen = va_arg(args, unsigned long); - } - if ((err = omac_done(omac, out, outlen)) != CRYPT_OK) { - goto LBL_ERR; - } -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(omac, sizeof(omac_state)); -#endif - XFREE(omac); - va_end(args); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/omac/omac_process.c b/libs/tomcrypt/src/mac/omac/omac_process.c deleted file mode 100644 index 978dd8a0254..00000000000 --- a/libs/tomcrypt/src/mac/omac/omac_process.c +++ /dev/null @@ -1,85 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file omac_process.c - OMAC1 support, process data, Tom St Denis -*/ - - -#ifdef LTC_OMAC - -/** - Process data through OMAC - @param omac The OMAC state - @param in The input data to send through OMAC - @param inlen The length of the input (octets) - @return CRYPT_OK if successful -*/ -int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen) -{ - unsigned long n, x; - int err; - - LTC_ARGCHK(omac != NULL); - LTC_ARGCHK(in != NULL); - if ((err = cipher_is_valid(omac->cipher_idx)) != CRYPT_OK) { - return err; - } - - if ((omac->buflen > (int)sizeof(omac->block)) || (omac->buflen < 0) || - (omac->blklen > (int)sizeof(omac->block)) || (omac->buflen > omac->blklen)) { - return CRYPT_INVALID_ARG; - } - -#ifdef LTC_FAST - { - unsigned long blklen = cipher_descriptor[omac->cipher_idx].block_length; - - if (omac->buflen == 0 && inlen > blklen) { - unsigned long y; - for (x = 0; x < (inlen - blklen); x += blklen) { - for (y = 0; y < blklen; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&omac->prev[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&in[y])); - } - in += blklen; - if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->prev, omac->prev, &omac->key)) != CRYPT_OK) { - return err; - } - } - inlen -= x; - } - } -#endif - - while (inlen != 0) { - /* ok if the block is full we xor in prev, encrypt and replace prev */ - if (omac->buflen == omac->blklen) { - for (x = 0; x < (unsigned long)omac->blklen; x++) { - omac->block[x] ^= omac->prev[x]; - } - if ((err = cipher_descriptor[omac->cipher_idx].ecb_encrypt(omac->block, omac->prev, &omac->key)) != CRYPT_OK) { - return err; - } - omac->buflen = 0; - } - - /* add bytes */ - n = MIN(inlen, (unsigned long)(omac->blklen - omac->buflen)); - XMEMCPY(omac->block + omac->buflen, in, n); - omac->buflen += n; - inlen -= n; - in += n; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/mac/pmac/pmac_done.c b/libs/tomcrypt/src/mac/pmac/pmac_done.c deleted file mode 100644 index 8b98f26afa1..00000000000 --- a/libs/tomcrypt/src/mac/pmac/pmac_done.c +++ /dev/null @@ -1,67 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pmac_done.c - PMAC implementation, terminate a session, by Tom St Denis -*/ - -#ifdef LTC_PMAC - -int pmac_done(pmac_state *state, unsigned char *out, unsigned long *outlen) -{ - int err, x; - - LTC_ARGCHK(state != NULL); - LTC_ARGCHK(out != NULL); - if ((err = cipher_is_valid(state->cipher_idx)) != CRYPT_OK) { - return err; - } - - if ((state->buflen > (int)sizeof(state->block)) || (state->buflen < 0) || - (state->block_len > (int)sizeof(state->block)) || (state->buflen > state->block_len)) { - return CRYPT_INVALID_ARG; - } - - - /* handle padding. If multiple xor in L/x */ - - if (state->buflen == state->block_len) { - /* xor Lr against the checksum */ - for (x = 0; x < state->block_len; x++) { - state->checksum[x] ^= state->block[x] ^ state->Lr[x]; - } - } else { - /* otherwise xor message bytes then the 0x80 byte */ - for (x = 0; x < state->buflen; x++) { - state->checksum[x] ^= state->block[x]; - } - state->checksum[x] ^= 0x80; - } - - /* encrypt it */ - if ((err = cipher_descriptor[state->cipher_idx].ecb_encrypt(state->checksum, state->checksum, &state->key)) != CRYPT_OK) { - return err; - } - cipher_descriptor[state->cipher_idx].done(&state->key); - - /* store it */ - for (x = 0; x < state->block_len && x < (int)*outlen; x++) { - out[x] = state->checksum[x]; - } - *outlen = x; - -#ifdef LTC_CLEAN_STACK - zeromem(state, sizeof(*state)); -#endif - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/mac/pmac/pmac_init.c b/libs/tomcrypt/src/mac/pmac/pmac_init.c deleted file mode 100644 index fe2de83f5d2..00000000000 --- a/libs/tomcrypt/src/mac/pmac/pmac_init.c +++ /dev/null @@ -1,144 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pmac_init.c - PMAC implementation, initialize state, by Tom St Denis -*/ - -#ifdef LTC_PMAC - -static const struct { - int len; - unsigned char poly_div[MAXBLOCKSIZE], - poly_mul[MAXBLOCKSIZE]; -} polys[] = { -{ - 8, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0D }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1B } -}, { - 16, - { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x43 }, - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87 } -} -}; - -/** - Initialize a PMAC state - @param pmac The PMAC state to initialize - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @return CRYPT_OK if successful -*/ -int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen) -{ - int poly, x, y, m, err; - unsigned char *L; - - LTC_ARGCHK(pmac != NULL); - LTC_ARGCHK(key != NULL); - - /* valid cipher? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - /* determine which polys to use */ - pmac->block_len = cipher_descriptor[cipher].block_length; - for (poly = 0; poly < (int)(sizeof(polys)/sizeof(polys[0])); poly++) { - if (polys[poly].len == pmac->block_len) { - break; - } - } - if (poly >= (int)(sizeof(polys)/sizeof(polys[0]))) { - return CRYPT_INVALID_ARG; - } - if (polys[poly].len != pmac->block_len) { - return CRYPT_INVALID_ARG; - } - -#ifdef LTC_FAST - if (pmac->block_len % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - - /* schedule the key */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &pmac->key)) != CRYPT_OK) { - return err; - } - - /* allocate L */ - L = XMALLOC(pmac->block_len); - if (L == NULL) { - return CRYPT_MEM; - } - - /* find L = E[0] */ - zeromem(L, pmac->block_len); - if ((err = cipher_descriptor[cipher].ecb_encrypt(L, L, &pmac->key)) != CRYPT_OK) { - goto error; - } - - /* find Ls[i] = L << i for i == 0..31 */ - XMEMCPY(pmac->Ls[0], L, pmac->block_len); - for (x = 1; x < 32; x++) { - m = pmac->Ls[x-1][0] >> 7; - for (y = 0; y < pmac->block_len-1; y++) { - pmac->Ls[x][y] = ((pmac->Ls[x-1][y] << 1) | (pmac->Ls[x-1][y+1] >> 7)) & 255; - } - pmac->Ls[x][pmac->block_len-1] = (pmac->Ls[x-1][pmac->block_len-1] << 1) & 255; - - if (m == 1) { - for (y = 0; y < pmac->block_len; y++) { - pmac->Ls[x][y] ^= polys[poly].poly_mul[y]; - } - } - } - - /* find Lr = L / x */ - m = L[pmac->block_len-1] & 1; - - /* shift right */ - for (x = pmac->block_len - 1; x > 0; x--) { - pmac->Lr[x] = ((L[x] >> 1) | (L[x-1] << 7)) & 255; - } - pmac->Lr[0] = L[0] >> 1; - - if (m == 1) { - for (x = 0; x < pmac->block_len; x++) { - pmac->Lr[x] ^= polys[poly].poly_div[x]; - } - } - - /* zero buffer, counters, etc... */ - pmac->block_index = 1; - pmac->cipher_idx = cipher; - pmac->buflen = 0; - zeromem(pmac->block, sizeof(pmac->block)); - zeromem(pmac->Li, sizeof(pmac->Li)); - zeromem(pmac->checksum, sizeof(pmac->checksum)); - err = CRYPT_OK; -error: -#ifdef LTC_CLEAN_STACK - zeromem(L, pmac->block_len); -#endif - - XFREE(L); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/pmac/pmac_memory.c b/libs/tomcrypt/src/mac/pmac/pmac_memory.c deleted file mode 100644 index 4b85015ceb8..00000000000 --- a/libs/tomcrypt/src/mac/pmac/pmac_memory.c +++ /dev/null @@ -1,68 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pmac_memory.c - PMAC implementation, process a block of memory, by Tom St Denis -*/ - -#ifdef LTC_PMAC - -/** - PMAC a block of memory - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param in The data you wish to send through PMAC - @param inlen The length of data you wish to send through PMAC (octets) - @param out [out] Destination for the authentication tag - @param outlen [in/out] The max size and resulting size of the authentication tag - @return CRYPT_OK if successful -*/ -int pmac_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - int err; - pmac_state *pmac; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* allocate ram for pmac state */ - pmac = XMALLOC(sizeof(pmac_state)); - if (pmac == NULL) { - return CRYPT_MEM; - } - - if ((err = pmac_init(pmac, cipher, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = pmac_process(pmac, in, inlen)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = pmac_done(pmac, out, outlen)) != CRYPT_OK) { - goto LBL_ERR; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(pmac, sizeof(pmac_state)); -#endif - - XFREE(pmac); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/pmac/pmac_memory_multi.c b/libs/tomcrypt/src/mac/pmac/pmac_memory_multi.c deleted file mode 100644 index 1d378296e1a..00000000000 --- a/libs/tomcrypt/src/mac/pmac/pmac_memory_multi.c +++ /dev/null @@ -1,83 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" -#include <stdarg.h> - -/** - @file pmac_memory_multi.c - PMAC implementation, process multiple blocks of memory, by Tom St Denis -*/ - -#ifdef LTC_PMAC - -/** - PMAC multiple blocks of memory - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param out [out] Destination for the authentication tag - @param outlen [in/out] The max size and resulting size of the authentication tag - @param in The data you wish to send through PMAC - @param inlen The length of data you wish to send through PMAC (octets) - @param ... tuples of (data,len) pairs to PMAC, terminated with a (NULL,x) (x=don't care) - @return CRYPT_OK if successful -*/ -int pmac_memory_multi(int cipher, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...) -{ - int err; - pmac_state *pmac; - va_list args; - const unsigned char *curptr; - unsigned long curlen; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* allocate ram for pmac state */ - pmac = XMALLOC(sizeof(pmac_state)); - if (pmac == NULL) { - return CRYPT_MEM; - } - - if ((err = pmac_init(pmac, cipher, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - va_start(args, inlen); - curptr = in; - curlen = inlen; - for (;;) { - /* process buf */ - if ((err = pmac_process(pmac, curptr, curlen)) != CRYPT_OK) { - goto LBL_ERR; - } - /* step to next */ - curptr = va_arg(args, const unsigned char*); - if (curptr == NULL) { - break; - } - curlen = va_arg(args, unsigned long); - } - if ((err = pmac_done(pmac, out, outlen)) != CRYPT_OK) { - goto LBL_ERR; - } -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(pmac, sizeof(pmac_state)); -#endif - XFREE(pmac); - va_end(args); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/pmac/pmac_ntz.c b/libs/tomcrypt/src/mac/pmac/pmac_ntz.c deleted file mode 100644 index b0851b3acf9..00000000000 --- a/libs/tomcrypt/src/mac/pmac/pmac_ntz.c +++ /dev/null @@ -1,33 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pmac_ntz.c - PMAC implementation, internal function, by Tom St Denis -*/ - -#ifdef LTC_PMAC - -/** - Internal PMAC function -*/ -int pmac_ntz(unsigned long x) -{ - int c; - x &= 0xFFFFFFFFUL; - c = 0; - while ((x & 1) == 0) { - ++c; - x >>= 1; - } - return c; -} - -#endif diff --git a/libs/tomcrypt/src/mac/pmac/pmac_process.c b/libs/tomcrypt/src/mac/pmac/pmac_process.c deleted file mode 100644 index 027b3b0b9fe..00000000000 --- a/libs/tomcrypt/src/mac/pmac/pmac_process.c +++ /dev/null @@ -1,94 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pmac_process.c - PMAC implementation, process data, by Tom St Denis -*/ - - -#ifdef LTC_PMAC - -/** - Process data in a PMAC stream - @param pmac The PMAC state - @param in The data to send through PMAC - @param inlen The length of the data to send through PMAC - @return CRYPT_OK if successful -*/ -int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen) -{ - int err, n; - unsigned long x; - unsigned char Z[MAXBLOCKSIZE]; - - LTC_ARGCHK(pmac != NULL); - LTC_ARGCHK(in != NULL); - if ((err = cipher_is_valid(pmac->cipher_idx)) != CRYPT_OK) { - return err; - } - - if ((pmac->buflen > (int)sizeof(pmac->block)) || (pmac->buflen < 0) || - (pmac->block_len > (int)sizeof(pmac->block)) || (pmac->buflen > pmac->block_len)) { - return CRYPT_INVALID_ARG; - } - -#ifdef LTC_FAST - if (pmac->buflen == 0 && inlen > 16) { - unsigned long y; - for (x = 0; x < (inlen - 16); x += 16) { - pmac_shift_xor(pmac); - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&Z[y])) = *(LTC_FAST_TYPE_PTR_CAST(&in[y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&pmac->Li[y])); - } - if ((err = cipher_descriptor[pmac->cipher_idx].ecb_encrypt(Z, Z, &pmac->key)) != CRYPT_OK) { - return err; - } - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&pmac->checksum[y])) ^= *(LTC_FAST_TYPE_PTR_CAST(&Z[y])); - } - in += 16; - } - inlen -= x; - } -#endif - - while (inlen != 0) { - /* ok if the block is full we xor in prev, encrypt and replace prev */ - if (pmac->buflen == pmac->block_len) { - pmac_shift_xor(pmac); - for (x = 0; x < (unsigned long)pmac->block_len; x++) { - Z[x] = pmac->Li[x] ^ pmac->block[x]; - } - if ((err = cipher_descriptor[pmac->cipher_idx].ecb_encrypt(Z, Z, &pmac->key)) != CRYPT_OK) { - return err; - } - for (x = 0; x < (unsigned long)pmac->block_len; x++) { - pmac->checksum[x] ^= Z[x]; - } - pmac->buflen = 0; - } - - /* add bytes */ - n = MIN(inlen, (unsigned long)(pmac->block_len - pmac->buflen)); - XMEMCPY(pmac->block + pmac->buflen, in, n); - pmac->buflen += n; - inlen -= n; - in += n; - } - -#ifdef LTC_CLEAN_STACK - zeromem(Z, sizeof(Z)); -#endif - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/mac/pmac/pmac_shift_xor.c b/libs/tomcrypt/src/mac/pmac/pmac_shift_xor.c deleted file mode 100644 index c983802ef30..00000000000 --- a/libs/tomcrypt/src/mac/pmac/pmac_shift_xor.c +++ /dev/null @@ -1,38 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pmac_shift_xor.c - PMAC implementation, internal function, by Tom St Denis -*/ - -#ifdef LTC_PMAC - -/** - Internal function. Performs the state update (adding correct multiple) - @param pmac The PMAC state. -*/ -void pmac_shift_xor(pmac_state *pmac) -{ - int x, y; - y = pmac_ntz(pmac->block_index++); -#ifdef LTC_FAST - for (x = 0; x < pmac->block_len; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pmac->Li + x)) ^= - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pmac->Ls[y] + x)); - } -#else - for (x = 0; x < pmac->block_len; x++) { - pmac->Li[x] ^= pmac->Ls[y][x]; - } -#endif -} - -#endif diff --git a/libs/tomcrypt/src/mac/xcbc/xcbc_done.c b/libs/tomcrypt/src/mac/xcbc/xcbc_done.c deleted file mode 100644 index d83836585ef..00000000000 --- a/libs/tomcrypt/src/mac/xcbc/xcbc_done.c +++ /dev/null @@ -1,70 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file xcbc_done.c - XCBC Support, terminate the state -*/ - -#ifdef LTC_XCBC - -/** Terminate the XCBC-MAC state - @param xcbc XCBC state to terminate - @param out [out] Destination for the MAC tag - @param outlen [in/out] Destination size and final tag size - Return CRYPT_OK on success -*/ -int xcbc_done(xcbc_state *xcbc, unsigned char *out, unsigned long *outlen) -{ - int err, x; - LTC_ARGCHK(xcbc != NULL); - LTC_ARGCHK(out != NULL); - - /* check structure */ - if ((err = cipher_is_valid(xcbc->cipher)) != CRYPT_OK) { - return err; - } - - if ((xcbc->blocksize > cipher_descriptor[xcbc->cipher].block_length) || (xcbc->blocksize < 0) || - (xcbc->buflen > xcbc->blocksize) || (xcbc->buflen < 0)) { - return CRYPT_INVALID_ARG; - } - - /* which key do we use? */ - if (xcbc->buflen == xcbc->blocksize) { - /* k2 */ - for (x = 0; x < xcbc->blocksize; x++) { - xcbc->IV[x] ^= xcbc->K[1][x]; - } - } else { - xcbc->IV[xcbc->buflen] ^= 0x80; - /* k3 */ - for (x = 0; x < xcbc->blocksize; x++) { - xcbc->IV[x] ^= xcbc->K[2][x]; - } - } - - /* encrypt */ - cipher_descriptor[xcbc->cipher].ecb_encrypt(xcbc->IV, xcbc->IV, &xcbc->key); - cipher_descriptor[xcbc->cipher].done(&xcbc->key); - - /* extract tag */ - for (x = 0; x < xcbc->blocksize && (unsigned long)x < *outlen; x++) { - out[x] = xcbc->IV[x]; - } - *outlen = x; - -#ifdef LTC_CLEAN_STACK - zeromem(xcbc, sizeof(*xcbc)); -#endif - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/mac/xcbc/xcbc_init.c b/libs/tomcrypt/src/mac/xcbc/xcbc_init.c deleted file mode 100644 index c8d40838cb2..00000000000 --- a/libs/tomcrypt/src/mac/xcbc/xcbc_init.c +++ /dev/null @@ -1,101 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file xcbc_init.c - XCBC Support, start an XCBC state -*/ - -#ifdef LTC_XCBC - -/** Initialize XCBC-MAC state - @param xcbc [out] XCBC state to initialize - @param cipher Index of cipher to use - @param key [in] Secret key - @param keylen Length of secret key in octets - Return CRYPT_OK on success -*/ -int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen) -{ - int x, y, err; - symmetric_key *skey; - unsigned long k1; - - LTC_ARGCHK(xcbc != NULL); - LTC_ARGCHK(key != NULL); - - /* schedule the key */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - -#ifdef LTC_FAST - if (cipher_descriptor[cipher].block_length % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - skey = NULL; - - /* are we in pure XCBC mode with three keys? */ - if (keylen & LTC_XCBC_PURE) { - keylen &= ~LTC_XCBC_PURE; - - if (keylen < 2UL*cipher_descriptor[cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - k1 = keylen - 2*cipher_descriptor[cipher].block_length; - XMEMCPY(xcbc->K[0], key, k1); - XMEMCPY(xcbc->K[1], key+k1, cipher_descriptor[cipher].block_length); - XMEMCPY(xcbc->K[2], key+k1 + cipher_descriptor[cipher].block_length, cipher_descriptor[cipher].block_length); - } else { - /* use the key expansion */ - k1 = cipher_descriptor[cipher].block_length; - - /* schedule the user key */ - skey = XCALLOC(1, sizeof(*skey)); - if (skey == NULL) { - return CRYPT_MEM; - } - - if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) { - goto done; - } - - /* make the three keys */ - for (y = 0; y < 3; y++) { - for (x = 0; x < cipher_descriptor[cipher].block_length; x++) { - xcbc->K[y][x] = y + 1; - } - cipher_descriptor[cipher].ecb_encrypt(xcbc->K[y], xcbc->K[y], skey); - } - } - - /* setup K1 */ - err = cipher_descriptor[cipher].setup(xcbc->K[0], k1, 0, &xcbc->key); - - /* setup struct */ - zeromem(xcbc->IV, cipher_descriptor[cipher].block_length); - xcbc->blocksize = cipher_descriptor[cipher].block_length; - xcbc->cipher = cipher; - xcbc->buflen = 0; -done: - cipher_descriptor[cipher].done(skey); - if (skey != NULL) { -#ifdef LTC_CLEAN_STACK - zeromem(skey, sizeof(*skey)); -#endif - XFREE(skey); - } - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/xcbc/xcbc_memory.c b/libs/tomcrypt/src/mac/xcbc/xcbc_memory.c deleted file mode 100644 index 21a0b315fa9..00000000000 --- a/libs/tomcrypt/src/mac/xcbc/xcbc_memory.c +++ /dev/null @@ -1,65 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file xcbc_process.c - XCBC Support, XCBC-MAC a block of memory -*/ - -#ifdef LTC_XCBC - -/** XCBC-MAC a block of memory - @param cipher Index of cipher to use - @param key [in] Secret key - @param keylen Length of key in octets - @param in [in] Message to MAC - @param inlen Length of input in octets - @param out [out] Destination for the MAC tag - @param outlen [in/out] Output size and final tag size - Return CRYPT_OK on success. -*/ -int xcbc_memory(int cipher, - const unsigned char *key, unsigned long keylen, - const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - xcbc_state *xcbc; - int err; - - /* is the cipher valid? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - /* Use accelerator if found */ - if (cipher_descriptor[cipher].xcbc_memory != NULL) { - return cipher_descriptor[cipher].xcbc_memory(key, keylen, in, inlen, out, outlen); - } - - xcbc = XCALLOC(1, sizeof(*xcbc)); - if (xcbc == NULL) { - return CRYPT_MEM; - } - - if ((err = xcbc_init(xcbc, cipher, key, keylen)) != CRYPT_OK) { - goto done; - } - - if ((err = xcbc_process(xcbc, in, inlen)) != CRYPT_OK) { - goto done; - } - - err = xcbc_done(xcbc, out, outlen); -done: - XFREE(xcbc); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/xcbc/xcbc_memory_multi.c b/libs/tomcrypt/src/mac/xcbc/xcbc_memory_multi.c deleted file mode 100644 index cf3f92ce4bc..00000000000 --- a/libs/tomcrypt/src/mac/xcbc/xcbc_memory_multi.c +++ /dev/null @@ -1,84 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" -#include <stdarg.h> - -/** - @file xcbc_memory_multi.c - XCBC support, process multiple blocks of memory, Tom St Denis -*/ - -#ifdef LTC_XCBC - -/** - XCBC multiple blocks of memory - @param cipher The index of the desired cipher - @param key The secret key - @param keylen The length of the secret key (octets) - @param out [out] The destination of the authentication tag - @param outlen [in/out] The max size and resulting size of the authentication tag (octets) - @param in The data to send through XCBC - @param inlen The length of the data to send through XCBC (octets) - @param ... tuples of (data,len) pairs to XCBC, terminated with a (NULL,x) (x=don't care) - @return CRYPT_OK if successful -*/ -int xcbc_memory_multi(int cipher, - const unsigned char *key, unsigned long keylen, - unsigned char *out, unsigned long *outlen, - const unsigned char *in, unsigned long inlen, ...) -{ - int err; - xcbc_state *xcbc; - va_list args; - const unsigned char *curptr; - unsigned long curlen; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* allocate ram for xcbc state */ - xcbc = XMALLOC(sizeof(xcbc_state)); - if (xcbc == NULL) { - return CRYPT_MEM; - } - - /* xcbc process the message */ - if ((err = xcbc_init(xcbc, cipher, key, keylen)) != CRYPT_OK) { - goto LBL_ERR; - } - va_start(args, inlen); - curptr = in; - curlen = inlen; - for (;;) { - /* process buf */ - if ((err = xcbc_process(xcbc, curptr, curlen)) != CRYPT_OK) { - goto LBL_ERR; - } - /* step to next */ - curptr = va_arg(args, const unsigned char*); - if (curptr == NULL) { - break; - } - curlen = va_arg(args, unsigned long); - } - if ((err = xcbc_done(xcbc, out, outlen)) != CRYPT_OK) { - goto LBL_ERR; - } -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(xcbc, sizeof(xcbc_state)); -#endif - XFREE(xcbc); - va_end(args); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/mac/xcbc/xcbc_process.c b/libs/tomcrypt/src/mac/xcbc/xcbc_process.c deleted file mode 100644 index a1dad164d7d..00000000000 --- a/libs/tomcrypt/src/mac/xcbc/xcbc_process.c +++ /dev/null @@ -1,68 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file xcbc_process.c - XCBC Support, process blocks with XCBC -*/ - -#ifdef LTC_XCBC - -/** Process data through XCBC-MAC - @param xcbc The XCBC-MAC state - @param in Input data to process - @param inlen Length of input in octets - Return CRYPT_OK on success -*/ -int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen) -{ - int err; -#ifdef LTC_FAST - int x; -#endif - - LTC_ARGCHK(xcbc != NULL); - LTC_ARGCHK(in != NULL); - - /* check structure */ - if ((err = cipher_is_valid(xcbc->cipher)) != CRYPT_OK) { - return err; - } - - if ((xcbc->blocksize > cipher_descriptor[xcbc->cipher].block_length) || (xcbc->blocksize < 0) || - (xcbc->buflen > xcbc->blocksize) || (xcbc->buflen < 0)) { - return CRYPT_INVALID_ARG; - } - -#ifdef LTC_FAST - if (xcbc->buflen == 0) { - while (inlen > (unsigned long)xcbc->blocksize) { - for (x = 0; x < xcbc->blocksize; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&(xcbc->IV[x]))) ^= *(LTC_FAST_TYPE_PTR_CAST(&(in[x]))); - } - cipher_descriptor[xcbc->cipher].ecb_encrypt(xcbc->IV, xcbc->IV, &xcbc->key); - in += xcbc->blocksize; - inlen -= xcbc->blocksize; - } - } -#endif - - while (inlen) { - if (xcbc->buflen == xcbc->blocksize) { - cipher_descriptor[xcbc->cipher].ecb_encrypt(xcbc->IV, xcbc->IV, &xcbc->key); - xcbc->buflen = 0; - } - xcbc->IV[xcbc->buflen++] ^= *in++; - --inlen; - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/math/fp/ltc_ecc_fp_mulmod.c b/libs/tomcrypt/src/math/fp/ltc_ecc_fp_mulmod.c deleted file mode 100644 index ec472ba2a53..00000000000 --- a/libs/tomcrypt/src/math/fp/ltc_ecc_fp_mulmod.c +++ /dev/null @@ -1,1579 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ltc_ecc_fp_mulmod.c - ECC Crypto, Tom St Denis -*/ - -#if defined(LTC_MECC) && defined(LTC_MECC_FP) -#include <limits.h> - -/* number of entries in the cache */ -#ifndef FP_ENTRIES -#define FP_ENTRIES 16 -#endif - -/* number of bits in LUT */ -#ifndef FP_LUT -#define FP_LUT 8U -#endif - -#if (FP_LUT > 12) || (FP_LUT < 2) - #error FP_LUT must be between 2 and 12 inclusively -#endif - -/** Our FP cache */ -static struct { - ecc_point *g, /* cached COPY of base point */ - *LUT[1U<<FP_LUT]; /* fixed point lookup */ - void *mu; /* copy of the montgomery constant */ - int lru_count; /* amount of times this entry has been used */ - int lock; /* flag to indicate cache eviction permitted (0) or not (1) */ -} fp_cache[FP_ENTRIES]; - -LTC_MUTEX_GLOBAL(ltc_ecc_fp_lock) - -/* simple table to help direct the generation of the LUT */ -static const struct { - int ham, terma, termb; -} lut_orders[] = { - { 0, 0, 0 }, { 1, 0, 0 }, { 1, 0, 0 }, { 2, 1, 2 }, { 1, 0, 0 }, { 2, 1, 4 }, { 2, 2, 4 }, { 3, 3, 4 }, - { 1, 0, 0 }, { 2, 1, 8 }, { 2, 2, 8 }, { 3, 3, 8 }, { 2, 4, 8 }, { 3, 5, 8 }, { 3, 6, 8 }, { 4, 7, 8 }, - { 1, 0, 0 }, { 2, 1, 16 }, { 2, 2, 16 }, { 3, 3, 16 }, { 2, 4, 16 }, { 3, 5, 16 }, { 3, 6, 16 }, { 4, 7, 16 }, - { 2, 8, 16 }, { 3, 9, 16 }, { 3, 10, 16 }, { 4, 11, 16 }, { 3, 12, 16 }, { 4, 13, 16 }, { 4, 14, 16 }, { 5, 15, 16 }, - { 1, 0, 0 }, { 2, 1, 32 }, { 2, 2, 32 }, { 3, 3, 32 }, { 2, 4, 32 }, { 3, 5, 32 }, { 3, 6, 32 }, { 4, 7, 32 }, - { 2, 8, 32 }, { 3, 9, 32 }, { 3, 10, 32 }, { 4, 11, 32 }, { 3, 12, 32 }, { 4, 13, 32 }, { 4, 14, 32 }, { 5, 15, 32 }, - { 2, 16, 32 }, { 3, 17, 32 }, { 3, 18, 32 }, { 4, 19, 32 }, { 3, 20, 32 }, { 4, 21, 32 }, { 4, 22, 32 }, { 5, 23, 32 }, - { 3, 24, 32 }, { 4, 25, 32 }, { 4, 26, 32 }, { 5, 27, 32 }, { 4, 28, 32 }, { 5, 29, 32 }, { 5, 30, 32 }, { 6, 31, 32 }, -#if FP_LUT > 6 - { 1, 0, 0 }, { 2, 1, 64 }, { 2, 2, 64 }, { 3, 3, 64 }, { 2, 4, 64 }, { 3, 5, 64 }, { 3, 6, 64 }, { 4, 7, 64 }, - { 2, 8, 64 }, { 3, 9, 64 }, { 3, 10, 64 }, { 4, 11, 64 }, { 3, 12, 64 }, { 4, 13, 64 }, { 4, 14, 64 }, { 5, 15, 64 }, - { 2, 16, 64 }, { 3, 17, 64 }, { 3, 18, 64 }, { 4, 19, 64 }, { 3, 20, 64 }, { 4, 21, 64 }, { 4, 22, 64 }, { 5, 23, 64 }, - { 3, 24, 64 }, { 4, 25, 64 }, { 4, 26, 64 }, { 5, 27, 64 }, { 4, 28, 64 }, { 5, 29, 64 }, { 5, 30, 64 }, { 6, 31, 64 }, - { 2, 32, 64 }, { 3, 33, 64 }, { 3, 34, 64 }, { 4, 35, 64 }, { 3, 36, 64 }, { 4, 37, 64 }, { 4, 38, 64 }, { 5, 39, 64 }, - { 3, 40, 64 }, { 4, 41, 64 }, { 4, 42, 64 }, { 5, 43, 64 }, { 4, 44, 64 }, { 5, 45, 64 }, { 5, 46, 64 }, { 6, 47, 64 }, - { 3, 48, 64 }, { 4, 49, 64 }, { 4, 50, 64 }, { 5, 51, 64 }, { 4, 52, 64 }, { 5, 53, 64 }, { 5, 54, 64 }, { 6, 55, 64 }, - { 4, 56, 64 }, { 5, 57, 64 }, { 5, 58, 64 }, { 6, 59, 64 }, { 5, 60, 64 }, { 6, 61, 64 }, { 6, 62, 64 }, { 7, 63, 64 }, -#if FP_LUT > 7 - { 1, 0, 0 }, { 2, 1, 128 }, { 2, 2, 128 }, { 3, 3, 128 }, { 2, 4, 128 }, { 3, 5, 128 }, { 3, 6, 128 }, { 4, 7, 128 }, - { 2, 8, 128 }, { 3, 9, 128 }, { 3, 10, 128 }, { 4, 11, 128 }, { 3, 12, 128 }, { 4, 13, 128 }, { 4, 14, 128 }, { 5, 15, 128 }, - { 2, 16, 128 }, { 3, 17, 128 }, { 3, 18, 128 }, { 4, 19, 128 }, { 3, 20, 128 }, { 4, 21, 128 }, { 4, 22, 128 }, { 5, 23, 128 }, - { 3, 24, 128 }, { 4, 25, 128 }, { 4, 26, 128 }, { 5, 27, 128 }, { 4, 28, 128 }, { 5, 29, 128 }, { 5, 30, 128 }, { 6, 31, 128 }, - { 2, 32, 128 }, { 3, 33, 128 }, { 3, 34, 128 }, { 4, 35, 128 }, { 3, 36, 128 }, { 4, 37, 128 }, { 4, 38, 128 }, { 5, 39, 128 }, - { 3, 40, 128 }, { 4, 41, 128 }, { 4, 42, 128 }, { 5, 43, 128 }, { 4, 44, 128 }, { 5, 45, 128 }, { 5, 46, 128 }, { 6, 47, 128 }, - { 3, 48, 128 }, { 4, 49, 128 }, { 4, 50, 128 }, { 5, 51, 128 }, { 4, 52, 128 }, { 5, 53, 128 }, { 5, 54, 128 }, { 6, 55, 128 }, - { 4, 56, 128 }, { 5, 57, 128 }, { 5, 58, 128 }, { 6, 59, 128 }, { 5, 60, 128 }, { 6, 61, 128 }, { 6, 62, 128 }, { 7, 63, 128 }, - { 2, 64, 128 }, { 3, 65, 128 }, { 3, 66, 128 }, { 4, 67, 128 }, { 3, 68, 128 }, { 4, 69, 128 }, { 4, 70, 128 }, { 5, 71, 128 }, - { 3, 72, 128 }, { 4, 73, 128 }, { 4, 74, 128 }, { 5, 75, 128 }, { 4, 76, 128 }, { 5, 77, 128 }, { 5, 78, 128 }, { 6, 79, 128 }, - { 3, 80, 128 }, { 4, 81, 128 }, { 4, 82, 128 }, { 5, 83, 128 }, { 4, 84, 128 }, { 5, 85, 128 }, { 5, 86, 128 }, { 6, 87, 128 }, - { 4, 88, 128 }, { 5, 89, 128 }, { 5, 90, 128 }, { 6, 91, 128 }, { 5, 92, 128 }, { 6, 93, 128 }, { 6, 94, 128 }, { 7, 95, 128 }, - { 3, 96, 128 }, { 4, 97, 128 }, { 4, 98, 128 }, { 5, 99, 128 }, { 4, 100, 128 }, { 5, 101, 128 }, { 5, 102, 128 }, { 6, 103, 128 }, - { 4, 104, 128 }, { 5, 105, 128 }, { 5, 106, 128 }, { 6, 107, 128 }, { 5, 108, 128 }, { 6, 109, 128 }, { 6, 110, 128 }, { 7, 111, 128 }, - { 4, 112, 128 }, { 5, 113, 128 }, { 5, 114, 128 }, { 6, 115, 128 }, { 5, 116, 128 }, { 6, 117, 128 }, { 6, 118, 128 }, { 7, 119, 128 }, - { 5, 120, 128 }, { 6, 121, 128 }, { 6, 122, 128 }, { 7, 123, 128 }, { 6, 124, 128 }, { 7, 125, 128 }, { 7, 126, 128 }, { 8, 127, 128 }, -#if FP_LUT > 8 - { 1, 0, 0 }, { 2, 1, 256 }, { 2, 2, 256 }, { 3, 3, 256 }, { 2, 4, 256 }, { 3, 5, 256 }, { 3, 6, 256 }, { 4, 7, 256 }, - { 2, 8, 256 }, { 3, 9, 256 }, { 3, 10, 256 }, { 4, 11, 256 }, { 3, 12, 256 }, { 4, 13, 256 }, { 4, 14, 256 }, { 5, 15, 256 }, - { 2, 16, 256 }, { 3, 17, 256 }, { 3, 18, 256 }, { 4, 19, 256 }, { 3, 20, 256 }, { 4, 21, 256 }, { 4, 22, 256 }, { 5, 23, 256 }, - { 3, 24, 256 }, { 4, 25, 256 }, { 4, 26, 256 }, { 5, 27, 256 }, { 4, 28, 256 }, { 5, 29, 256 }, { 5, 30, 256 }, { 6, 31, 256 }, - { 2, 32, 256 }, { 3, 33, 256 }, { 3, 34, 256 }, { 4, 35, 256 }, { 3, 36, 256 }, { 4, 37, 256 }, { 4, 38, 256 }, { 5, 39, 256 }, - { 3, 40, 256 }, { 4, 41, 256 }, { 4, 42, 256 }, { 5, 43, 256 }, { 4, 44, 256 }, { 5, 45, 256 }, { 5, 46, 256 }, { 6, 47, 256 }, - { 3, 48, 256 }, { 4, 49, 256 }, { 4, 50, 256 }, { 5, 51, 256 }, { 4, 52, 256 }, { 5, 53, 256 }, { 5, 54, 256 }, { 6, 55, 256 }, - { 4, 56, 256 }, { 5, 57, 256 }, { 5, 58, 256 }, { 6, 59, 256 }, { 5, 60, 256 }, { 6, 61, 256 }, { 6, 62, 256 }, { 7, 63, 256 }, - { 2, 64, 256 }, { 3, 65, 256 }, { 3, 66, 256 }, { 4, 67, 256 }, { 3, 68, 256 }, { 4, 69, 256 }, { 4, 70, 256 }, { 5, 71, 256 }, - { 3, 72, 256 }, { 4, 73, 256 }, { 4, 74, 256 }, { 5, 75, 256 }, { 4, 76, 256 }, { 5, 77, 256 }, { 5, 78, 256 }, { 6, 79, 256 }, - { 3, 80, 256 }, { 4, 81, 256 }, { 4, 82, 256 }, { 5, 83, 256 }, { 4, 84, 256 }, { 5, 85, 256 }, { 5, 86, 256 }, { 6, 87, 256 }, - { 4, 88, 256 }, { 5, 89, 256 }, { 5, 90, 256 }, { 6, 91, 256 }, { 5, 92, 256 }, { 6, 93, 256 }, { 6, 94, 256 }, { 7, 95, 256 }, - { 3, 96, 256 }, { 4, 97, 256 }, { 4, 98, 256 }, { 5, 99, 256 }, { 4, 100, 256 }, { 5, 101, 256 }, { 5, 102, 256 }, { 6, 103, 256 }, - { 4, 104, 256 }, { 5, 105, 256 }, { 5, 106, 256 }, { 6, 107, 256 }, { 5, 108, 256 }, { 6, 109, 256 }, { 6, 110, 256 }, { 7, 111, 256 }, - { 4, 112, 256 }, { 5, 113, 256 }, { 5, 114, 256 }, { 6, 115, 256 }, { 5, 116, 256 }, { 6, 117, 256 }, { 6, 118, 256 }, { 7, 119, 256 }, - { 5, 120, 256 }, { 6, 121, 256 }, { 6, 122, 256 }, { 7, 123, 256 }, { 6, 124, 256 }, { 7, 125, 256 }, { 7, 126, 256 }, { 8, 127, 256 }, - { 2, 128, 256 }, { 3, 129, 256 }, { 3, 130, 256 }, { 4, 131, 256 }, { 3, 132, 256 }, { 4, 133, 256 }, { 4, 134, 256 }, { 5, 135, 256 }, - { 3, 136, 256 }, { 4, 137, 256 }, { 4, 138, 256 }, { 5, 139, 256 }, { 4, 140, 256 }, { 5, 141, 256 }, { 5, 142, 256 }, { 6, 143, 256 }, - { 3, 144, 256 }, { 4, 145, 256 }, { 4, 146, 256 }, { 5, 147, 256 }, { 4, 148, 256 }, { 5, 149, 256 }, { 5, 150, 256 }, { 6, 151, 256 }, - { 4, 152, 256 }, { 5, 153, 256 }, { 5, 154, 256 }, { 6, 155, 256 }, { 5, 156, 256 }, { 6, 157, 256 }, { 6, 158, 256 }, { 7, 159, 256 }, - { 3, 160, 256 }, { 4, 161, 256 }, { 4, 162, 256 }, { 5, 163, 256 }, { 4, 164, 256 }, { 5, 165, 256 }, { 5, 166, 256 }, { 6, 167, 256 }, - { 4, 168, 256 }, { 5, 169, 256 }, { 5, 170, 256 }, { 6, 171, 256 }, { 5, 172, 256 }, { 6, 173, 256 }, { 6, 174, 256 }, { 7, 175, 256 }, - { 4, 176, 256 }, { 5, 177, 256 }, { 5, 178, 256 }, { 6, 179, 256 }, { 5, 180, 256 }, { 6, 181, 256 }, { 6, 182, 256 }, { 7, 183, 256 }, - { 5, 184, 256 }, { 6, 185, 256 }, { 6, 186, 256 }, { 7, 187, 256 }, { 6, 188, 256 }, { 7, 189, 256 }, { 7, 190, 256 }, { 8, 191, 256 }, - { 3, 192, 256 }, { 4, 193, 256 }, { 4, 194, 256 }, { 5, 195, 256 }, { 4, 196, 256 }, { 5, 197, 256 }, { 5, 198, 256 }, { 6, 199, 256 }, - { 4, 200, 256 }, { 5, 201, 256 }, { 5, 202, 256 }, { 6, 203, 256 }, { 5, 204, 256 }, { 6, 205, 256 }, { 6, 206, 256 }, { 7, 207, 256 }, - { 4, 208, 256 }, { 5, 209, 256 }, { 5, 210, 256 }, { 6, 211, 256 }, { 5, 212, 256 }, { 6, 213, 256 }, { 6, 214, 256 }, { 7, 215, 256 }, - { 5, 216, 256 }, { 6, 217, 256 }, { 6, 218, 256 }, { 7, 219, 256 }, { 6, 220, 256 }, { 7, 221, 256 }, { 7, 222, 256 }, { 8, 223, 256 }, - { 4, 224, 256 }, { 5, 225, 256 }, { 5, 226, 256 }, { 6, 227, 256 }, { 5, 228, 256 }, { 6, 229, 256 }, { 6, 230, 256 }, { 7, 231, 256 }, - { 5, 232, 256 }, { 6, 233, 256 }, { 6, 234, 256 }, { 7, 235, 256 }, { 6, 236, 256 }, { 7, 237, 256 }, { 7, 238, 256 }, { 8, 239, 256 }, - { 5, 240, 256 }, { 6, 241, 256 }, { 6, 242, 256 }, { 7, 243, 256 }, { 6, 244, 256 }, { 7, 245, 256 }, { 7, 246, 256 }, { 8, 247, 256 }, - { 6, 248, 256 }, { 7, 249, 256 }, { 7, 250, 256 }, { 8, 251, 256 }, { 7, 252, 256 }, { 8, 253, 256 }, { 8, 254, 256 }, { 9, 255, 256 }, -#if FP_LUT > 9 - { 1, 0, 0 }, { 2, 1, 512 }, { 2, 2, 512 }, { 3, 3, 512 }, { 2, 4, 512 }, { 3, 5, 512 }, { 3, 6, 512 }, { 4, 7, 512 }, - { 2, 8, 512 }, { 3, 9, 512 }, { 3, 10, 512 }, { 4, 11, 512 }, { 3, 12, 512 }, { 4, 13, 512 }, { 4, 14, 512 }, { 5, 15, 512 }, - { 2, 16, 512 }, { 3, 17, 512 }, { 3, 18, 512 }, { 4, 19, 512 }, { 3, 20, 512 }, { 4, 21, 512 }, { 4, 22, 512 }, { 5, 23, 512 }, - { 3, 24, 512 }, { 4, 25, 512 }, { 4, 26, 512 }, { 5, 27, 512 }, { 4, 28, 512 }, { 5, 29, 512 }, { 5, 30, 512 }, { 6, 31, 512 }, - { 2, 32, 512 }, { 3, 33, 512 }, { 3, 34, 512 }, { 4, 35, 512 }, { 3, 36, 512 }, { 4, 37, 512 }, { 4, 38, 512 }, { 5, 39, 512 }, - { 3, 40, 512 }, { 4, 41, 512 }, { 4, 42, 512 }, { 5, 43, 512 }, { 4, 44, 512 }, { 5, 45, 512 }, { 5, 46, 512 }, { 6, 47, 512 }, - { 3, 48, 512 }, { 4, 49, 512 }, { 4, 50, 512 }, { 5, 51, 512 }, { 4, 52, 512 }, { 5, 53, 512 }, { 5, 54, 512 }, { 6, 55, 512 }, - { 4, 56, 512 }, { 5, 57, 512 }, { 5, 58, 512 }, { 6, 59, 512 }, { 5, 60, 512 }, { 6, 61, 512 }, { 6, 62, 512 }, { 7, 63, 512 }, - { 2, 64, 512 }, { 3, 65, 512 }, { 3, 66, 512 }, { 4, 67, 512 }, { 3, 68, 512 }, { 4, 69, 512 }, { 4, 70, 512 }, { 5, 71, 512 }, - { 3, 72, 512 }, { 4, 73, 512 }, { 4, 74, 512 }, { 5, 75, 512 }, { 4, 76, 512 }, { 5, 77, 512 }, { 5, 78, 512 }, { 6, 79, 512 }, - { 3, 80, 512 }, { 4, 81, 512 }, { 4, 82, 512 }, { 5, 83, 512 }, { 4, 84, 512 }, { 5, 85, 512 }, { 5, 86, 512 }, { 6, 87, 512 }, - { 4, 88, 512 }, { 5, 89, 512 }, { 5, 90, 512 }, { 6, 91, 512 }, { 5, 92, 512 }, { 6, 93, 512 }, { 6, 94, 512 }, { 7, 95, 512 }, - { 3, 96, 512 }, { 4, 97, 512 }, { 4, 98, 512 }, { 5, 99, 512 }, { 4, 100, 512 }, { 5, 101, 512 }, { 5, 102, 512 }, { 6, 103, 512 }, - { 4, 104, 512 }, { 5, 105, 512 }, { 5, 106, 512 }, { 6, 107, 512 }, { 5, 108, 512 }, { 6, 109, 512 }, { 6, 110, 512 }, { 7, 111, 512 }, - { 4, 112, 512 }, { 5, 113, 512 }, { 5, 114, 512 }, { 6, 115, 512 }, { 5, 116, 512 }, { 6, 117, 512 }, { 6, 118, 512 }, { 7, 119, 512 }, - { 5, 120, 512 }, { 6, 121, 512 }, { 6, 122, 512 }, { 7, 123, 512 }, { 6, 124, 512 }, { 7, 125, 512 }, { 7, 126, 512 }, { 8, 127, 512 }, - { 2, 128, 512 }, { 3, 129, 512 }, { 3, 130, 512 }, { 4, 131, 512 }, { 3, 132, 512 }, { 4, 133, 512 }, { 4, 134, 512 }, { 5, 135, 512 }, - { 3, 136, 512 }, { 4, 137, 512 }, { 4, 138, 512 }, { 5, 139, 512 }, { 4, 140, 512 }, { 5, 141, 512 }, { 5, 142, 512 }, { 6, 143, 512 }, - { 3, 144, 512 }, { 4, 145, 512 }, { 4, 146, 512 }, { 5, 147, 512 }, { 4, 148, 512 }, { 5, 149, 512 }, { 5, 150, 512 }, { 6, 151, 512 }, - { 4, 152, 512 }, { 5, 153, 512 }, { 5, 154, 512 }, { 6, 155, 512 }, { 5, 156, 512 }, { 6, 157, 512 }, { 6, 158, 512 }, { 7, 159, 512 }, - { 3, 160, 512 }, { 4, 161, 512 }, { 4, 162, 512 }, { 5, 163, 512 }, { 4, 164, 512 }, { 5, 165, 512 }, { 5, 166, 512 }, { 6, 167, 512 }, - { 4, 168, 512 }, { 5, 169, 512 }, { 5, 170, 512 }, { 6, 171, 512 }, { 5, 172, 512 }, { 6, 173, 512 }, { 6, 174, 512 }, { 7, 175, 512 }, - { 4, 176, 512 }, { 5, 177, 512 }, { 5, 178, 512 }, { 6, 179, 512 }, { 5, 180, 512 }, { 6, 181, 512 }, { 6, 182, 512 }, { 7, 183, 512 }, - { 5, 184, 512 }, { 6, 185, 512 }, { 6, 186, 512 }, { 7, 187, 512 }, { 6, 188, 512 }, { 7, 189, 512 }, { 7, 190, 512 }, { 8, 191, 512 }, - { 3, 192, 512 }, { 4, 193, 512 }, { 4, 194, 512 }, { 5, 195, 512 }, { 4, 196, 512 }, { 5, 197, 512 }, { 5, 198, 512 }, { 6, 199, 512 }, - { 4, 200, 512 }, { 5, 201, 512 }, { 5, 202, 512 }, { 6, 203, 512 }, { 5, 204, 512 }, { 6, 205, 512 }, { 6, 206, 512 }, { 7, 207, 512 }, - { 4, 208, 512 }, { 5, 209, 512 }, { 5, 210, 512 }, { 6, 211, 512 }, { 5, 212, 512 }, { 6, 213, 512 }, { 6, 214, 512 }, { 7, 215, 512 }, - { 5, 216, 512 }, { 6, 217, 512 }, { 6, 218, 512 }, { 7, 219, 512 }, { 6, 220, 512 }, { 7, 221, 512 }, { 7, 222, 512 }, { 8, 223, 512 }, - { 4, 224, 512 }, { 5, 225, 512 }, { 5, 226, 512 }, { 6, 227, 512 }, { 5, 228, 512 }, { 6, 229, 512 }, { 6, 230, 512 }, { 7, 231, 512 }, - { 5, 232, 512 }, { 6, 233, 512 }, { 6, 234, 512 }, { 7, 235, 512 }, { 6, 236, 512 }, { 7, 237, 512 }, { 7, 238, 512 }, { 8, 239, 512 }, - { 5, 240, 512 }, { 6, 241, 512 }, { 6, 242, 512 }, { 7, 243, 512 }, { 6, 244, 512 }, { 7, 245, 512 }, { 7, 246, 512 }, { 8, 247, 512 }, - { 6, 248, 512 }, { 7, 249, 512 }, { 7, 250, 512 }, { 8, 251, 512 }, { 7, 252, 512 }, { 8, 253, 512 }, { 8, 254, 512 }, { 9, 255, 512 }, - { 2, 256, 512 }, { 3, 257, 512 }, { 3, 258, 512 }, { 4, 259, 512 }, { 3, 260, 512 }, { 4, 261, 512 }, { 4, 262, 512 }, { 5, 263, 512 }, - { 3, 264, 512 }, { 4, 265, 512 }, { 4, 266, 512 }, { 5, 267, 512 }, { 4, 268, 512 }, { 5, 269, 512 }, { 5, 270, 512 }, { 6, 271, 512 }, - { 3, 272, 512 }, { 4, 273, 512 }, { 4, 274, 512 }, { 5, 275, 512 }, { 4, 276, 512 }, { 5, 277, 512 }, { 5, 278, 512 }, { 6, 279, 512 }, - { 4, 280, 512 }, { 5, 281, 512 }, { 5, 282, 512 }, { 6, 283, 512 }, { 5, 284, 512 }, { 6, 285, 512 }, { 6, 286, 512 }, { 7, 287, 512 }, - { 3, 288, 512 }, { 4, 289, 512 }, { 4, 290, 512 }, { 5, 291, 512 }, { 4, 292, 512 }, { 5, 293, 512 }, { 5, 294, 512 }, { 6, 295, 512 }, - { 4, 296, 512 }, { 5, 297, 512 }, { 5, 298, 512 }, { 6, 299, 512 }, { 5, 300, 512 }, { 6, 301, 512 }, { 6, 302, 512 }, { 7, 303, 512 }, - { 4, 304, 512 }, { 5, 305, 512 }, { 5, 306, 512 }, { 6, 307, 512 }, { 5, 308, 512 }, { 6, 309, 512 }, { 6, 310, 512 }, { 7, 311, 512 }, - { 5, 312, 512 }, { 6, 313, 512 }, { 6, 314, 512 }, { 7, 315, 512 }, { 6, 316, 512 }, { 7, 317, 512 }, { 7, 318, 512 }, { 8, 319, 512 }, - { 3, 320, 512 }, { 4, 321, 512 }, { 4, 322, 512 }, { 5, 323, 512 }, { 4, 324, 512 }, { 5, 325, 512 }, { 5, 326, 512 }, { 6, 327, 512 }, - { 4, 328, 512 }, { 5, 329, 512 }, { 5, 330, 512 }, { 6, 331, 512 }, { 5, 332, 512 }, { 6, 333, 512 }, { 6, 334, 512 }, { 7, 335, 512 }, - { 4, 336, 512 }, { 5, 337, 512 }, { 5, 338, 512 }, { 6, 339, 512 }, { 5, 340, 512 }, { 6, 341, 512 }, { 6, 342, 512 }, { 7, 343, 512 }, - { 5, 344, 512 }, { 6, 345, 512 }, { 6, 346, 512 }, { 7, 347, 512 }, { 6, 348, 512 }, { 7, 349, 512 }, { 7, 350, 512 }, { 8, 351, 512 }, - { 4, 352, 512 }, { 5, 353, 512 }, { 5, 354, 512 }, { 6, 355, 512 }, { 5, 356, 512 }, { 6, 357, 512 }, { 6, 358, 512 }, { 7, 359, 512 }, - { 5, 360, 512 }, { 6, 361, 512 }, { 6, 362, 512 }, { 7, 363, 512 }, { 6, 364, 512 }, { 7, 365, 512 }, { 7, 366, 512 }, { 8, 367, 512 }, - { 5, 368, 512 }, { 6, 369, 512 }, { 6, 370, 512 }, { 7, 371, 512 }, { 6, 372, 512 }, { 7, 373, 512 }, { 7, 374, 512 }, { 8, 375, 512 }, - { 6, 376, 512 }, { 7, 377, 512 }, { 7, 378, 512 }, { 8, 379, 512 }, { 7, 380, 512 }, { 8, 381, 512 }, { 8, 382, 512 }, { 9, 383, 512 }, - { 3, 384, 512 }, { 4, 385, 512 }, { 4, 386, 512 }, { 5, 387, 512 }, { 4, 388, 512 }, { 5, 389, 512 }, { 5, 390, 512 }, { 6, 391, 512 }, - { 4, 392, 512 }, { 5, 393, 512 }, { 5, 394, 512 }, { 6, 395, 512 }, { 5, 396, 512 }, { 6, 397, 512 }, { 6, 398, 512 }, { 7, 399, 512 }, - { 4, 400, 512 }, { 5, 401, 512 }, { 5, 402, 512 }, { 6, 403, 512 }, { 5, 404, 512 }, { 6, 405, 512 }, { 6, 406, 512 }, { 7, 407, 512 }, - { 5, 408, 512 }, { 6, 409, 512 }, { 6, 410, 512 }, { 7, 411, 512 }, { 6, 412, 512 }, { 7, 413, 512 }, { 7, 414, 512 }, { 8, 415, 512 }, - { 4, 416, 512 }, { 5, 417, 512 }, { 5, 418, 512 }, { 6, 419, 512 }, { 5, 420, 512 }, { 6, 421, 512 }, { 6, 422, 512 }, { 7, 423, 512 }, - { 5, 424, 512 }, { 6, 425, 512 }, { 6, 426, 512 }, { 7, 427, 512 }, { 6, 428, 512 }, { 7, 429, 512 }, { 7, 430, 512 }, { 8, 431, 512 }, - { 5, 432, 512 }, { 6, 433, 512 }, { 6, 434, 512 }, { 7, 435, 512 }, { 6, 436, 512 }, { 7, 437, 512 }, { 7, 438, 512 }, { 8, 439, 512 }, - { 6, 440, 512 }, { 7, 441, 512 }, { 7, 442, 512 }, { 8, 443, 512 }, { 7, 444, 512 }, { 8, 445, 512 }, { 8, 446, 512 }, { 9, 447, 512 }, - { 4, 448, 512 }, { 5, 449, 512 }, { 5, 450, 512 }, { 6, 451, 512 }, { 5, 452, 512 }, { 6, 453, 512 }, { 6, 454, 512 }, { 7, 455, 512 }, - { 5, 456, 512 }, { 6, 457, 512 }, { 6, 458, 512 }, { 7, 459, 512 }, { 6, 460, 512 }, { 7, 461, 512 }, { 7, 462, 512 }, { 8, 463, 512 }, - { 5, 464, 512 }, { 6, 465, 512 }, { 6, 466, 512 }, { 7, 467, 512 }, { 6, 468, 512 }, { 7, 469, 512 }, { 7, 470, 512 }, { 8, 471, 512 }, - { 6, 472, 512 }, { 7, 473, 512 }, { 7, 474, 512 }, { 8, 475, 512 }, { 7, 476, 512 }, { 8, 477, 512 }, { 8, 478, 512 }, { 9, 479, 512 }, - { 5, 480, 512 }, { 6, 481, 512 }, { 6, 482, 512 }, { 7, 483, 512 }, { 6, 484, 512 }, { 7, 485, 512 }, { 7, 486, 512 }, { 8, 487, 512 }, - { 6, 488, 512 }, { 7, 489, 512 }, { 7, 490, 512 }, { 8, 491, 512 }, { 7, 492, 512 }, { 8, 493, 512 }, { 8, 494, 512 }, { 9, 495, 512 }, - { 6, 496, 512 }, { 7, 497, 512 }, { 7, 498, 512 }, { 8, 499, 512 }, { 7, 500, 512 }, { 8, 501, 512 }, { 8, 502, 512 }, { 9, 503, 512 }, - { 7, 504, 512 }, { 8, 505, 512 }, { 8, 506, 512 }, { 9, 507, 512 }, { 8, 508, 512 }, { 9, 509, 512 }, { 9, 510, 512 }, { 10, 511, 512 }, -#if FP_LUT > 10 - { 1, 0, 0 }, { 2, 1, 1024 }, { 2, 2, 1024 }, { 3, 3, 1024 }, { 2, 4, 1024 }, { 3, 5, 1024 }, { 3, 6, 1024 }, { 4, 7, 1024 }, - { 2, 8, 1024 }, { 3, 9, 1024 }, { 3, 10, 1024 }, { 4, 11, 1024 }, { 3, 12, 1024 }, { 4, 13, 1024 }, { 4, 14, 1024 }, { 5, 15, 1024 }, - { 2, 16, 1024 }, { 3, 17, 1024 }, { 3, 18, 1024 }, { 4, 19, 1024 }, { 3, 20, 1024 }, { 4, 21, 1024 }, { 4, 22, 1024 }, { 5, 23, 1024 }, - { 3, 24, 1024 }, { 4, 25, 1024 }, { 4, 26, 1024 }, { 5, 27, 1024 }, { 4, 28, 1024 }, { 5, 29, 1024 }, { 5, 30, 1024 }, { 6, 31, 1024 }, - { 2, 32, 1024 }, { 3, 33, 1024 }, { 3, 34, 1024 }, { 4, 35, 1024 }, { 3, 36, 1024 }, { 4, 37, 1024 }, { 4, 38, 1024 }, { 5, 39, 1024 }, - { 3, 40, 1024 }, { 4, 41, 1024 }, { 4, 42, 1024 }, { 5, 43, 1024 }, { 4, 44, 1024 }, { 5, 45, 1024 }, { 5, 46, 1024 }, { 6, 47, 1024 }, - { 3, 48, 1024 }, { 4, 49, 1024 }, { 4, 50, 1024 }, { 5, 51, 1024 }, { 4, 52, 1024 }, { 5, 53, 1024 }, { 5, 54, 1024 }, { 6, 55, 1024 }, - { 4, 56, 1024 }, { 5, 57, 1024 }, { 5, 58, 1024 }, { 6, 59, 1024 }, { 5, 60, 1024 }, { 6, 61, 1024 }, { 6, 62, 1024 }, { 7, 63, 1024 }, - { 2, 64, 1024 }, { 3, 65, 1024 }, { 3, 66, 1024 }, { 4, 67, 1024 }, { 3, 68, 1024 }, { 4, 69, 1024 }, { 4, 70, 1024 }, { 5, 71, 1024 }, - { 3, 72, 1024 }, { 4, 73, 1024 }, { 4, 74, 1024 }, { 5, 75, 1024 }, { 4, 76, 1024 }, { 5, 77, 1024 }, { 5, 78, 1024 }, { 6, 79, 1024 }, - { 3, 80, 1024 }, { 4, 81, 1024 }, { 4, 82, 1024 }, { 5, 83, 1024 }, { 4, 84, 1024 }, { 5, 85, 1024 }, { 5, 86, 1024 }, { 6, 87, 1024 }, - { 4, 88, 1024 }, { 5, 89, 1024 }, { 5, 90, 1024 }, { 6, 91, 1024 }, { 5, 92, 1024 }, { 6, 93, 1024 }, { 6, 94, 1024 }, { 7, 95, 1024 }, - { 3, 96, 1024 }, { 4, 97, 1024 }, { 4, 98, 1024 }, { 5, 99, 1024 }, { 4, 100, 1024 }, { 5, 101, 1024 }, { 5, 102, 1024 }, { 6, 103, 1024 }, - { 4, 104, 1024 }, { 5, 105, 1024 }, { 5, 106, 1024 }, { 6, 107, 1024 }, { 5, 108, 1024 }, { 6, 109, 1024 }, { 6, 110, 1024 }, { 7, 111, 1024 }, - { 4, 112, 1024 }, { 5, 113, 1024 }, { 5, 114, 1024 }, { 6, 115, 1024 }, { 5, 116, 1024 }, { 6, 117, 1024 }, { 6, 118, 1024 }, { 7, 119, 1024 }, - { 5, 120, 1024 }, { 6, 121, 1024 }, { 6, 122, 1024 }, { 7, 123, 1024 }, { 6, 124, 1024 }, { 7, 125, 1024 }, { 7, 126, 1024 }, { 8, 127, 1024 }, - { 2, 128, 1024 }, { 3, 129, 1024 }, { 3, 130, 1024 }, { 4, 131, 1024 }, { 3, 132, 1024 }, { 4, 133, 1024 }, { 4, 134, 1024 }, { 5, 135, 1024 }, - { 3, 136, 1024 }, { 4, 137, 1024 }, { 4, 138, 1024 }, { 5, 139, 1024 }, { 4, 140, 1024 }, { 5, 141, 1024 }, { 5, 142, 1024 }, { 6, 143, 1024 }, - { 3, 144, 1024 }, { 4, 145, 1024 }, { 4, 146, 1024 }, { 5, 147, 1024 }, { 4, 148, 1024 }, { 5, 149, 1024 }, { 5, 150, 1024 }, { 6, 151, 1024 }, - { 4, 152, 1024 }, { 5, 153, 1024 }, { 5, 154, 1024 }, { 6, 155, 1024 }, { 5, 156, 1024 }, { 6, 157, 1024 }, { 6, 158, 1024 }, { 7, 159, 1024 }, - { 3, 160, 1024 }, { 4, 161, 1024 }, { 4, 162, 1024 }, { 5, 163, 1024 }, { 4, 164, 1024 }, { 5, 165, 1024 }, { 5, 166, 1024 }, { 6, 167, 1024 }, - { 4, 168, 1024 }, { 5, 169, 1024 }, { 5, 170, 1024 }, { 6, 171, 1024 }, { 5, 172, 1024 }, { 6, 173, 1024 }, { 6, 174, 1024 }, { 7, 175, 1024 }, - { 4, 176, 1024 }, { 5, 177, 1024 }, { 5, 178, 1024 }, { 6, 179, 1024 }, { 5, 180, 1024 }, { 6, 181, 1024 }, { 6, 182, 1024 }, { 7, 183, 1024 }, - { 5, 184, 1024 }, { 6, 185, 1024 }, { 6, 186, 1024 }, { 7, 187, 1024 }, { 6, 188, 1024 }, { 7, 189, 1024 }, { 7, 190, 1024 }, { 8, 191, 1024 }, - { 3, 192, 1024 }, { 4, 193, 1024 }, { 4, 194, 1024 }, { 5, 195, 1024 }, { 4, 196, 1024 }, { 5, 197, 1024 }, { 5, 198, 1024 }, { 6, 199, 1024 }, - { 4, 200, 1024 }, { 5, 201, 1024 }, { 5, 202, 1024 }, { 6, 203, 1024 }, { 5, 204, 1024 }, { 6, 205, 1024 }, { 6, 206, 1024 }, { 7, 207, 1024 }, - { 4, 208, 1024 }, { 5, 209, 1024 }, { 5, 210, 1024 }, { 6, 211, 1024 }, { 5, 212, 1024 }, { 6, 213, 1024 }, { 6, 214, 1024 }, { 7, 215, 1024 }, - { 5, 216, 1024 }, { 6, 217, 1024 }, { 6, 218, 1024 }, { 7, 219, 1024 }, { 6, 220, 1024 }, { 7, 221, 1024 }, { 7, 222, 1024 }, { 8, 223, 1024 }, - { 4, 224, 1024 }, { 5, 225, 1024 }, { 5, 226, 1024 }, { 6, 227, 1024 }, { 5, 228, 1024 }, { 6, 229, 1024 }, { 6, 230, 1024 }, { 7, 231, 1024 }, - { 5, 232, 1024 }, { 6, 233, 1024 }, { 6, 234, 1024 }, { 7, 235, 1024 }, { 6, 236, 1024 }, { 7, 237, 1024 }, { 7, 238, 1024 }, { 8, 239, 1024 }, - { 5, 240, 1024 }, { 6, 241, 1024 }, { 6, 242, 1024 }, { 7, 243, 1024 }, { 6, 244, 1024 }, { 7, 245, 1024 }, { 7, 246, 1024 }, { 8, 247, 1024 }, - { 6, 248, 1024 }, { 7, 249, 1024 }, { 7, 250, 1024 }, { 8, 251, 1024 }, { 7, 252, 1024 }, { 8, 253, 1024 }, { 8, 254, 1024 }, { 9, 255, 1024 }, - { 2, 256, 1024 }, { 3, 257, 1024 }, { 3, 258, 1024 }, { 4, 259, 1024 }, { 3, 260, 1024 }, { 4, 261, 1024 }, { 4, 262, 1024 }, { 5, 263, 1024 }, - { 3, 264, 1024 }, { 4, 265, 1024 }, { 4, 266, 1024 }, { 5, 267, 1024 }, { 4, 268, 1024 }, { 5, 269, 1024 }, { 5, 270, 1024 }, { 6, 271, 1024 }, - { 3, 272, 1024 }, { 4, 273, 1024 }, { 4, 274, 1024 }, { 5, 275, 1024 }, { 4, 276, 1024 }, { 5, 277, 1024 }, { 5, 278, 1024 }, { 6, 279, 1024 }, - { 4, 280, 1024 }, { 5, 281, 1024 }, { 5, 282, 1024 }, { 6, 283, 1024 }, { 5, 284, 1024 }, { 6, 285, 1024 }, { 6, 286, 1024 }, { 7, 287, 1024 }, - { 3, 288, 1024 }, { 4, 289, 1024 }, { 4, 290, 1024 }, { 5, 291, 1024 }, { 4, 292, 1024 }, { 5, 293, 1024 }, { 5, 294, 1024 }, { 6, 295, 1024 }, - { 4, 296, 1024 }, { 5, 297, 1024 }, { 5, 298, 1024 }, { 6, 299, 1024 }, { 5, 300, 1024 }, { 6, 301, 1024 }, { 6, 302, 1024 }, { 7, 303, 1024 }, - { 4, 304, 1024 }, { 5, 305, 1024 }, { 5, 306, 1024 }, { 6, 307, 1024 }, { 5, 308, 1024 }, { 6, 309, 1024 }, { 6, 310, 1024 }, { 7, 311, 1024 }, - { 5, 312, 1024 }, { 6, 313, 1024 }, { 6, 314, 1024 }, { 7, 315, 1024 }, { 6, 316, 1024 }, { 7, 317, 1024 }, { 7, 318, 1024 }, { 8, 319, 1024 }, - { 3, 320, 1024 }, { 4, 321, 1024 }, { 4, 322, 1024 }, { 5, 323, 1024 }, { 4, 324, 1024 }, { 5, 325, 1024 }, { 5, 326, 1024 }, { 6, 327, 1024 }, - { 4, 328, 1024 }, { 5, 329, 1024 }, { 5, 330, 1024 }, { 6, 331, 1024 }, { 5, 332, 1024 }, { 6, 333, 1024 }, { 6, 334, 1024 }, { 7, 335, 1024 }, - { 4, 336, 1024 }, { 5, 337, 1024 }, { 5, 338, 1024 }, { 6, 339, 1024 }, { 5, 340, 1024 }, { 6, 341, 1024 }, { 6, 342, 1024 }, { 7, 343, 1024 }, - { 5, 344, 1024 }, { 6, 345, 1024 }, { 6, 346, 1024 }, { 7, 347, 1024 }, { 6, 348, 1024 }, { 7, 349, 1024 }, { 7, 350, 1024 }, { 8, 351, 1024 }, - { 4, 352, 1024 }, { 5, 353, 1024 }, { 5, 354, 1024 }, { 6, 355, 1024 }, { 5, 356, 1024 }, { 6, 357, 1024 }, { 6, 358, 1024 }, { 7, 359, 1024 }, - { 5, 360, 1024 }, { 6, 361, 1024 }, { 6, 362, 1024 }, { 7, 363, 1024 }, { 6, 364, 1024 }, { 7, 365, 1024 }, { 7, 366, 1024 }, { 8, 367, 1024 }, - { 5, 368, 1024 }, { 6, 369, 1024 }, { 6, 370, 1024 }, { 7, 371, 1024 }, { 6, 372, 1024 }, { 7, 373, 1024 }, { 7, 374, 1024 }, { 8, 375, 1024 }, - { 6, 376, 1024 }, { 7, 377, 1024 }, { 7, 378, 1024 }, { 8, 379, 1024 }, { 7, 380, 1024 }, { 8, 381, 1024 }, { 8, 382, 1024 }, { 9, 383, 1024 }, - { 3, 384, 1024 }, { 4, 385, 1024 }, { 4, 386, 1024 }, { 5, 387, 1024 }, { 4, 388, 1024 }, { 5, 389, 1024 }, { 5, 390, 1024 }, { 6, 391, 1024 }, - { 4, 392, 1024 }, { 5, 393, 1024 }, { 5, 394, 1024 }, { 6, 395, 1024 }, { 5, 396, 1024 }, { 6, 397, 1024 }, { 6, 398, 1024 }, { 7, 399, 1024 }, - { 4, 400, 1024 }, { 5, 401, 1024 }, { 5, 402, 1024 }, { 6, 403, 1024 }, { 5, 404, 1024 }, { 6, 405, 1024 }, { 6, 406, 1024 }, { 7, 407, 1024 }, - { 5, 408, 1024 }, { 6, 409, 1024 }, { 6, 410, 1024 }, { 7, 411, 1024 }, { 6, 412, 1024 }, { 7, 413, 1024 }, { 7, 414, 1024 }, { 8, 415, 1024 }, - { 4, 416, 1024 }, { 5, 417, 1024 }, { 5, 418, 1024 }, { 6, 419, 1024 }, { 5, 420, 1024 }, { 6, 421, 1024 }, { 6, 422, 1024 }, { 7, 423, 1024 }, - { 5, 424, 1024 }, { 6, 425, 1024 }, { 6, 426, 1024 }, { 7, 427, 1024 }, { 6, 428, 1024 }, { 7, 429, 1024 }, { 7, 430, 1024 }, { 8, 431, 1024 }, - { 5, 432, 1024 }, { 6, 433, 1024 }, { 6, 434, 1024 }, { 7, 435, 1024 }, { 6, 436, 1024 }, { 7, 437, 1024 }, { 7, 438, 1024 }, { 8, 439, 1024 }, - { 6, 440, 1024 }, { 7, 441, 1024 }, { 7, 442, 1024 }, { 8, 443, 1024 }, { 7, 444, 1024 }, { 8, 445, 1024 }, { 8, 446, 1024 }, { 9, 447, 1024 }, - { 4, 448, 1024 }, { 5, 449, 1024 }, { 5, 450, 1024 }, { 6, 451, 1024 }, { 5, 452, 1024 }, { 6, 453, 1024 }, { 6, 454, 1024 }, { 7, 455, 1024 }, - { 5, 456, 1024 }, { 6, 457, 1024 }, { 6, 458, 1024 }, { 7, 459, 1024 }, { 6, 460, 1024 }, { 7, 461, 1024 }, { 7, 462, 1024 }, { 8, 463, 1024 }, - { 5, 464, 1024 }, { 6, 465, 1024 }, { 6, 466, 1024 }, { 7, 467, 1024 }, { 6, 468, 1024 }, { 7, 469, 1024 }, { 7, 470, 1024 }, { 8, 471, 1024 }, - { 6, 472, 1024 }, { 7, 473, 1024 }, { 7, 474, 1024 }, { 8, 475, 1024 }, { 7, 476, 1024 }, { 8, 477, 1024 }, { 8, 478, 1024 }, { 9, 479, 1024 }, - { 5, 480, 1024 }, { 6, 481, 1024 }, { 6, 482, 1024 }, { 7, 483, 1024 }, { 6, 484, 1024 }, { 7, 485, 1024 }, { 7, 486, 1024 }, { 8, 487, 1024 }, - { 6, 488, 1024 }, { 7, 489, 1024 }, { 7, 490, 1024 }, { 8, 491, 1024 }, { 7, 492, 1024 }, { 8, 493, 1024 }, { 8, 494, 1024 }, { 9, 495, 1024 }, - { 6, 496, 1024 }, { 7, 497, 1024 }, { 7, 498, 1024 }, { 8, 499, 1024 }, { 7, 500, 1024 }, { 8, 501, 1024 }, { 8, 502, 1024 }, { 9, 503, 1024 }, - { 7, 504, 1024 }, { 8, 505, 1024 }, { 8, 506, 1024 }, { 9, 507, 1024 }, { 8, 508, 1024 }, { 9, 509, 1024 }, { 9, 510, 1024 }, { 10, 511, 1024 }, - { 2, 512, 1024 }, { 3, 513, 1024 }, { 3, 514, 1024 }, { 4, 515, 1024 }, { 3, 516, 1024 }, { 4, 517, 1024 }, { 4, 518, 1024 }, { 5, 519, 1024 }, - { 3, 520, 1024 }, { 4, 521, 1024 }, { 4, 522, 1024 }, { 5, 523, 1024 }, { 4, 524, 1024 }, { 5, 525, 1024 }, { 5, 526, 1024 }, { 6, 527, 1024 }, - { 3, 528, 1024 }, { 4, 529, 1024 }, { 4, 530, 1024 }, { 5, 531, 1024 }, { 4, 532, 1024 }, { 5, 533, 1024 }, { 5, 534, 1024 }, { 6, 535, 1024 }, - { 4, 536, 1024 }, { 5, 537, 1024 }, { 5, 538, 1024 }, { 6, 539, 1024 }, { 5, 540, 1024 }, { 6, 541, 1024 }, { 6, 542, 1024 }, { 7, 543, 1024 }, - { 3, 544, 1024 }, { 4, 545, 1024 }, { 4, 546, 1024 }, { 5, 547, 1024 }, { 4, 548, 1024 }, { 5, 549, 1024 }, { 5, 550, 1024 }, { 6, 551, 1024 }, - { 4, 552, 1024 }, { 5, 553, 1024 }, { 5, 554, 1024 }, { 6, 555, 1024 }, { 5, 556, 1024 }, { 6, 557, 1024 }, { 6, 558, 1024 }, { 7, 559, 1024 }, - { 4, 560, 1024 }, { 5, 561, 1024 }, { 5, 562, 1024 }, { 6, 563, 1024 }, { 5, 564, 1024 }, { 6, 565, 1024 }, { 6, 566, 1024 }, { 7, 567, 1024 }, - { 5, 568, 1024 }, { 6, 569, 1024 }, { 6, 570, 1024 }, { 7, 571, 1024 }, { 6, 572, 1024 }, { 7, 573, 1024 }, { 7, 574, 1024 }, { 8, 575, 1024 }, - { 3, 576, 1024 }, { 4, 577, 1024 }, { 4, 578, 1024 }, { 5, 579, 1024 }, { 4, 580, 1024 }, { 5, 581, 1024 }, { 5, 582, 1024 }, { 6, 583, 1024 }, - { 4, 584, 1024 }, { 5, 585, 1024 }, { 5, 586, 1024 }, { 6, 587, 1024 }, { 5, 588, 1024 }, { 6, 589, 1024 }, { 6, 590, 1024 }, { 7, 591, 1024 }, - { 4, 592, 1024 }, { 5, 593, 1024 }, { 5, 594, 1024 }, { 6, 595, 1024 }, { 5, 596, 1024 }, { 6, 597, 1024 }, { 6, 598, 1024 }, { 7, 599, 1024 }, - { 5, 600, 1024 }, { 6, 601, 1024 }, { 6, 602, 1024 }, { 7, 603, 1024 }, { 6, 604, 1024 }, { 7, 605, 1024 }, { 7, 606, 1024 }, { 8, 607, 1024 }, - { 4, 608, 1024 }, { 5, 609, 1024 }, { 5, 610, 1024 }, { 6, 611, 1024 }, { 5, 612, 1024 }, { 6, 613, 1024 }, { 6, 614, 1024 }, { 7, 615, 1024 }, - { 5, 616, 1024 }, { 6, 617, 1024 }, { 6, 618, 1024 }, { 7, 619, 1024 }, { 6, 620, 1024 }, { 7, 621, 1024 }, { 7, 622, 1024 }, { 8, 623, 1024 }, - { 5, 624, 1024 }, { 6, 625, 1024 }, { 6, 626, 1024 }, { 7, 627, 1024 }, { 6, 628, 1024 }, { 7, 629, 1024 }, { 7, 630, 1024 }, { 8, 631, 1024 }, - { 6, 632, 1024 }, { 7, 633, 1024 }, { 7, 634, 1024 }, { 8, 635, 1024 }, { 7, 636, 1024 }, { 8, 637, 1024 }, { 8, 638, 1024 }, { 9, 639, 1024 }, - { 3, 640, 1024 }, { 4, 641, 1024 }, { 4, 642, 1024 }, { 5, 643, 1024 }, { 4, 644, 1024 }, { 5, 645, 1024 }, { 5, 646, 1024 }, { 6, 647, 1024 }, - { 4, 648, 1024 }, { 5, 649, 1024 }, { 5, 650, 1024 }, { 6, 651, 1024 }, { 5, 652, 1024 }, { 6, 653, 1024 }, { 6, 654, 1024 }, { 7, 655, 1024 }, - { 4, 656, 1024 }, { 5, 657, 1024 }, { 5, 658, 1024 }, { 6, 659, 1024 }, { 5, 660, 1024 }, { 6, 661, 1024 }, { 6, 662, 1024 }, { 7, 663, 1024 }, - { 5, 664, 1024 }, { 6, 665, 1024 }, { 6, 666, 1024 }, { 7, 667, 1024 }, { 6, 668, 1024 }, { 7, 669, 1024 }, { 7, 670, 1024 }, { 8, 671, 1024 }, - { 4, 672, 1024 }, { 5, 673, 1024 }, { 5, 674, 1024 }, { 6, 675, 1024 }, { 5, 676, 1024 }, { 6, 677, 1024 }, { 6, 678, 1024 }, { 7, 679, 1024 }, - { 5, 680, 1024 }, { 6, 681, 1024 }, { 6, 682, 1024 }, { 7, 683, 1024 }, { 6, 684, 1024 }, { 7, 685, 1024 }, { 7, 686, 1024 }, { 8, 687, 1024 }, - { 5, 688, 1024 }, { 6, 689, 1024 }, { 6, 690, 1024 }, { 7, 691, 1024 }, { 6, 692, 1024 }, { 7, 693, 1024 }, { 7, 694, 1024 }, { 8, 695, 1024 }, - { 6, 696, 1024 }, { 7, 697, 1024 }, { 7, 698, 1024 }, { 8, 699, 1024 }, { 7, 700, 1024 }, { 8, 701, 1024 }, { 8, 702, 1024 }, { 9, 703, 1024 }, - { 4, 704, 1024 }, { 5, 705, 1024 }, { 5, 706, 1024 }, { 6, 707, 1024 }, { 5, 708, 1024 }, { 6, 709, 1024 }, { 6, 710, 1024 }, { 7, 711, 1024 }, - { 5, 712, 1024 }, { 6, 713, 1024 }, { 6, 714, 1024 }, { 7, 715, 1024 }, { 6, 716, 1024 }, { 7, 717, 1024 }, { 7, 718, 1024 }, { 8, 719, 1024 }, - { 5, 720, 1024 }, { 6, 721, 1024 }, { 6, 722, 1024 }, { 7, 723, 1024 }, { 6, 724, 1024 }, { 7, 725, 1024 }, { 7, 726, 1024 }, { 8, 727, 1024 }, - { 6, 728, 1024 }, { 7, 729, 1024 }, { 7, 730, 1024 }, { 8, 731, 1024 }, { 7, 732, 1024 }, { 8, 733, 1024 }, { 8, 734, 1024 }, { 9, 735, 1024 }, - { 5, 736, 1024 }, { 6, 737, 1024 }, { 6, 738, 1024 }, { 7, 739, 1024 }, { 6, 740, 1024 }, { 7, 741, 1024 }, { 7, 742, 1024 }, { 8, 743, 1024 }, - { 6, 744, 1024 }, { 7, 745, 1024 }, { 7, 746, 1024 }, { 8, 747, 1024 }, { 7, 748, 1024 }, { 8, 749, 1024 }, { 8, 750, 1024 }, { 9, 751, 1024 }, - { 6, 752, 1024 }, { 7, 753, 1024 }, { 7, 754, 1024 }, { 8, 755, 1024 }, { 7, 756, 1024 }, { 8, 757, 1024 }, { 8, 758, 1024 }, { 9, 759, 1024 }, - { 7, 760, 1024 }, { 8, 761, 1024 }, { 8, 762, 1024 }, { 9, 763, 1024 }, { 8, 764, 1024 }, { 9, 765, 1024 }, { 9, 766, 1024 }, { 10, 767, 1024 }, - { 3, 768, 1024 }, { 4, 769, 1024 }, { 4, 770, 1024 }, { 5, 771, 1024 }, { 4, 772, 1024 }, { 5, 773, 1024 }, { 5, 774, 1024 }, { 6, 775, 1024 }, - { 4, 776, 1024 }, { 5, 777, 1024 }, { 5, 778, 1024 }, { 6, 779, 1024 }, { 5, 780, 1024 }, { 6, 781, 1024 }, { 6, 782, 1024 }, { 7, 783, 1024 }, - { 4, 784, 1024 }, { 5, 785, 1024 }, { 5, 786, 1024 }, { 6, 787, 1024 }, { 5, 788, 1024 }, { 6, 789, 1024 }, { 6, 790, 1024 }, { 7, 791, 1024 }, - { 5, 792, 1024 }, { 6, 793, 1024 }, { 6, 794, 1024 }, { 7, 795, 1024 }, { 6, 796, 1024 }, { 7, 797, 1024 }, { 7, 798, 1024 }, { 8, 799, 1024 }, - { 4, 800, 1024 }, { 5, 801, 1024 }, { 5, 802, 1024 }, { 6, 803, 1024 }, { 5, 804, 1024 }, { 6, 805, 1024 }, { 6, 806, 1024 }, { 7, 807, 1024 }, - { 5, 808, 1024 }, { 6, 809, 1024 }, { 6, 810, 1024 }, { 7, 811, 1024 }, { 6, 812, 1024 }, { 7, 813, 1024 }, { 7, 814, 1024 }, { 8, 815, 1024 }, - { 5, 816, 1024 }, { 6, 817, 1024 }, { 6, 818, 1024 }, { 7, 819, 1024 }, { 6, 820, 1024 }, { 7, 821, 1024 }, { 7, 822, 1024 }, { 8, 823, 1024 }, - { 6, 824, 1024 }, { 7, 825, 1024 }, { 7, 826, 1024 }, { 8, 827, 1024 }, { 7, 828, 1024 }, { 8, 829, 1024 }, { 8, 830, 1024 }, { 9, 831, 1024 }, - { 4, 832, 1024 }, { 5, 833, 1024 }, { 5, 834, 1024 }, { 6, 835, 1024 }, { 5, 836, 1024 }, { 6, 837, 1024 }, { 6, 838, 1024 }, { 7, 839, 1024 }, - { 5, 840, 1024 }, { 6, 841, 1024 }, { 6, 842, 1024 }, { 7, 843, 1024 }, { 6, 844, 1024 }, { 7, 845, 1024 }, { 7, 846, 1024 }, { 8, 847, 1024 }, - { 5, 848, 1024 }, { 6, 849, 1024 }, { 6, 850, 1024 }, { 7, 851, 1024 }, { 6, 852, 1024 }, { 7, 853, 1024 }, { 7, 854, 1024 }, { 8, 855, 1024 }, - { 6, 856, 1024 }, { 7, 857, 1024 }, { 7, 858, 1024 }, { 8, 859, 1024 }, { 7, 860, 1024 }, { 8, 861, 1024 }, { 8, 862, 1024 }, { 9, 863, 1024 }, - { 5, 864, 1024 }, { 6, 865, 1024 }, { 6, 866, 1024 }, { 7, 867, 1024 }, { 6, 868, 1024 }, { 7, 869, 1024 }, { 7, 870, 1024 }, { 8, 871, 1024 }, - { 6, 872, 1024 }, { 7, 873, 1024 }, { 7, 874, 1024 }, { 8, 875, 1024 }, { 7, 876, 1024 }, { 8, 877, 1024 }, { 8, 878, 1024 }, { 9, 879, 1024 }, - { 6, 880, 1024 }, { 7, 881, 1024 }, { 7, 882, 1024 }, { 8, 883, 1024 }, { 7, 884, 1024 }, { 8, 885, 1024 }, { 8, 886, 1024 }, { 9, 887, 1024 }, - { 7, 888, 1024 }, { 8, 889, 1024 }, { 8, 890, 1024 }, { 9, 891, 1024 }, { 8, 892, 1024 }, { 9, 893, 1024 }, { 9, 894, 1024 }, { 10, 895, 1024 }, - { 4, 896, 1024 }, { 5, 897, 1024 }, { 5, 898, 1024 }, { 6, 899, 1024 }, { 5, 900, 1024 }, { 6, 901, 1024 }, { 6, 902, 1024 }, { 7, 903, 1024 }, - { 5, 904, 1024 }, { 6, 905, 1024 }, { 6, 906, 1024 }, { 7, 907, 1024 }, { 6, 908, 1024 }, { 7, 909, 1024 }, { 7, 910, 1024 }, { 8, 911, 1024 }, - { 5, 912, 1024 }, { 6, 913, 1024 }, { 6, 914, 1024 }, { 7, 915, 1024 }, { 6, 916, 1024 }, { 7, 917, 1024 }, { 7, 918, 1024 }, { 8, 919, 1024 }, - { 6, 920, 1024 }, { 7, 921, 1024 }, { 7, 922, 1024 }, { 8, 923, 1024 }, { 7, 924, 1024 }, { 8, 925, 1024 }, { 8, 926, 1024 }, { 9, 927, 1024 }, - { 5, 928, 1024 }, { 6, 929, 1024 }, { 6, 930, 1024 }, { 7, 931, 1024 }, { 6, 932, 1024 }, { 7, 933, 1024 }, { 7, 934, 1024 }, { 8, 935, 1024 }, - { 6, 936, 1024 }, { 7, 937, 1024 }, { 7, 938, 1024 }, { 8, 939, 1024 }, { 7, 940, 1024 }, { 8, 941, 1024 }, { 8, 942, 1024 }, { 9, 943, 1024 }, - { 6, 944, 1024 }, { 7, 945, 1024 }, { 7, 946, 1024 }, { 8, 947, 1024 }, { 7, 948, 1024 }, { 8, 949, 1024 }, { 8, 950, 1024 }, { 9, 951, 1024 }, - { 7, 952, 1024 }, { 8, 953, 1024 }, { 8, 954, 1024 }, { 9, 955, 1024 }, { 8, 956, 1024 }, { 9, 957, 1024 }, { 9, 958, 1024 }, { 10, 959, 1024 }, - { 5, 960, 1024 }, { 6, 961, 1024 }, { 6, 962, 1024 }, { 7, 963, 1024 }, { 6, 964, 1024 }, { 7, 965, 1024 }, { 7, 966, 1024 }, { 8, 967, 1024 }, - { 6, 968, 1024 }, { 7, 969, 1024 }, { 7, 970, 1024 }, { 8, 971, 1024 }, { 7, 972, 1024 }, { 8, 973, 1024 }, { 8, 974, 1024 }, { 9, 975, 1024 }, - { 6, 976, 1024 }, { 7, 977, 1024 }, { 7, 978, 1024 }, { 8, 979, 1024 }, { 7, 980, 1024 }, { 8, 981, 1024 }, { 8, 982, 1024 }, { 9, 983, 1024 }, - { 7, 984, 1024 }, { 8, 985, 1024 }, { 8, 986, 1024 }, { 9, 987, 1024 }, { 8, 988, 1024 }, { 9, 989, 1024 }, { 9, 990, 1024 }, { 10, 991, 1024 }, - { 6, 992, 1024 }, { 7, 993, 1024 }, { 7, 994, 1024 }, { 8, 995, 1024 }, { 7, 996, 1024 }, { 8, 997, 1024 }, { 8, 998, 1024 }, { 9, 999, 1024 }, - { 7, 1000, 1024 }, { 8, 1001, 1024 }, { 8, 1002, 1024 }, { 9, 1003, 1024 }, { 8, 1004, 1024 }, { 9, 1005, 1024 }, { 9, 1006, 1024 }, { 10, 1007, 1024 }, - { 7, 1008, 1024 }, { 8, 1009, 1024 }, { 8, 1010, 1024 }, { 9, 1011, 1024 }, { 8, 1012, 1024 }, { 9, 1013, 1024 }, { 9, 1014, 1024 }, { 10, 1015, 1024 }, - { 8, 1016, 1024 }, { 9, 1017, 1024 }, { 9, 1018, 1024 }, { 10, 1019, 1024 }, { 9, 1020, 1024 }, { 10, 1021, 1024 }, { 10, 1022, 1024 }, { 11, 1023, 1024 }, -#if FP_LUT > 11 - { 1, 0, 0 }, { 2, 1, 2048 }, { 2, 2, 2048 }, { 3, 3, 2048 }, { 2, 4, 2048 }, { 3, 5, 2048 }, { 3, 6, 2048 }, { 4, 7, 2048 }, - { 2, 8, 2048 }, { 3, 9, 2048 }, { 3, 10, 2048 }, { 4, 11, 2048 }, { 3, 12, 2048 }, { 4, 13, 2048 }, { 4, 14, 2048 }, { 5, 15, 2048 }, - { 2, 16, 2048 }, { 3, 17, 2048 }, { 3, 18, 2048 }, { 4, 19, 2048 }, { 3, 20, 2048 }, { 4, 21, 2048 }, { 4, 22, 2048 }, { 5, 23, 2048 }, - { 3, 24, 2048 }, { 4, 25, 2048 }, { 4, 26, 2048 }, { 5, 27, 2048 }, { 4, 28, 2048 }, { 5, 29, 2048 }, { 5, 30, 2048 }, { 6, 31, 2048 }, - { 2, 32, 2048 }, { 3, 33, 2048 }, { 3, 34, 2048 }, { 4, 35, 2048 }, { 3, 36, 2048 }, { 4, 37, 2048 }, { 4, 38, 2048 }, { 5, 39, 2048 }, - { 3, 40, 2048 }, { 4, 41, 2048 }, { 4, 42, 2048 }, { 5, 43, 2048 }, { 4, 44, 2048 }, { 5, 45, 2048 }, { 5, 46, 2048 }, { 6, 47, 2048 }, - { 3, 48, 2048 }, { 4, 49, 2048 }, { 4, 50, 2048 }, { 5, 51, 2048 }, { 4, 52, 2048 }, { 5, 53, 2048 }, { 5, 54, 2048 }, { 6, 55, 2048 }, - { 4, 56, 2048 }, { 5, 57, 2048 }, { 5, 58, 2048 }, { 6, 59, 2048 }, { 5, 60, 2048 }, { 6, 61, 2048 }, { 6, 62, 2048 }, { 7, 63, 2048 }, - { 2, 64, 2048 }, { 3, 65, 2048 }, { 3, 66, 2048 }, { 4, 67, 2048 }, { 3, 68, 2048 }, { 4, 69, 2048 }, { 4, 70, 2048 }, { 5, 71, 2048 }, - { 3, 72, 2048 }, { 4, 73, 2048 }, { 4, 74, 2048 }, { 5, 75, 2048 }, { 4, 76, 2048 }, { 5, 77, 2048 }, { 5, 78, 2048 }, { 6, 79, 2048 }, - { 3, 80, 2048 }, { 4, 81, 2048 }, { 4, 82, 2048 }, { 5, 83, 2048 }, { 4, 84, 2048 }, { 5, 85, 2048 }, { 5, 86, 2048 }, { 6, 87, 2048 }, - { 4, 88, 2048 }, { 5, 89, 2048 }, { 5, 90, 2048 }, { 6, 91, 2048 }, { 5, 92, 2048 }, { 6, 93, 2048 }, { 6, 94, 2048 }, { 7, 95, 2048 }, - { 3, 96, 2048 }, { 4, 97, 2048 }, { 4, 98, 2048 }, { 5, 99, 2048 }, { 4, 100, 2048 }, { 5, 101, 2048 }, { 5, 102, 2048 }, { 6, 103, 2048 }, - { 4, 104, 2048 }, { 5, 105, 2048 }, { 5, 106, 2048 }, { 6, 107, 2048 }, { 5, 108, 2048 }, { 6, 109, 2048 }, { 6, 110, 2048 }, { 7, 111, 2048 }, - { 4, 112, 2048 }, { 5, 113, 2048 }, { 5, 114, 2048 }, { 6, 115, 2048 }, { 5, 116, 2048 }, { 6, 117, 2048 }, { 6, 118, 2048 }, { 7, 119, 2048 }, - { 5, 120, 2048 }, { 6, 121, 2048 }, { 6, 122, 2048 }, { 7, 123, 2048 }, { 6, 124, 2048 }, { 7, 125, 2048 }, { 7, 126, 2048 }, { 8, 127, 2048 }, - { 2, 128, 2048 }, { 3, 129, 2048 }, { 3, 130, 2048 }, { 4, 131, 2048 }, { 3, 132, 2048 }, { 4, 133, 2048 }, { 4, 134, 2048 }, { 5, 135, 2048 }, - { 3, 136, 2048 }, { 4, 137, 2048 }, { 4, 138, 2048 }, { 5, 139, 2048 }, { 4, 140, 2048 }, { 5, 141, 2048 }, { 5, 142, 2048 }, { 6, 143, 2048 }, - { 3, 144, 2048 }, { 4, 145, 2048 }, { 4, 146, 2048 }, { 5, 147, 2048 }, { 4, 148, 2048 }, { 5, 149, 2048 }, { 5, 150, 2048 }, { 6, 151, 2048 }, - { 4, 152, 2048 }, { 5, 153, 2048 }, { 5, 154, 2048 }, { 6, 155, 2048 }, { 5, 156, 2048 }, { 6, 157, 2048 }, { 6, 158, 2048 }, { 7, 159, 2048 }, - { 3, 160, 2048 }, { 4, 161, 2048 }, { 4, 162, 2048 }, { 5, 163, 2048 }, { 4, 164, 2048 }, { 5, 165, 2048 }, { 5, 166, 2048 }, { 6, 167, 2048 }, - { 4, 168, 2048 }, { 5, 169, 2048 }, { 5, 170, 2048 }, { 6, 171, 2048 }, { 5, 172, 2048 }, { 6, 173, 2048 }, { 6, 174, 2048 }, { 7, 175, 2048 }, - { 4, 176, 2048 }, { 5, 177, 2048 }, { 5, 178, 2048 }, { 6, 179, 2048 }, { 5, 180, 2048 }, { 6, 181, 2048 }, { 6, 182, 2048 }, { 7, 183, 2048 }, - { 5, 184, 2048 }, { 6, 185, 2048 }, { 6, 186, 2048 }, { 7, 187, 2048 }, { 6, 188, 2048 }, { 7, 189, 2048 }, { 7, 190, 2048 }, { 8, 191, 2048 }, - { 3, 192, 2048 }, { 4, 193, 2048 }, { 4, 194, 2048 }, { 5, 195, 2048 }, { 4, 196, 2048 }, { 5, 197, 2048 }, { 5, 198, 2048 }, { 6, 199, 2048 }, - { 4, 200, 2048 }, { 5, 201, 2048 }, { 5, 202, 2048 }, { 6, 203, 2048 }, { 5, 204, 2048 }, { 6, 205, 2048 }, { 6, 206, 2048 }, { 7, 207, 2048 }, - { 4, 208, 2048 }, { 5, 209, 2048 }, { 5, 210, 2048 }, { 6, 211, 2048 }, { 5, 212, 2048 }, { 6, 213, 2048 }, { 6, 214, 2048 }, { 7, 215, 2048 }, - { 5, 216, 2048 }, { 6, 217, 2048 }, { 6, 218, 2048 }, { 7, 219, 2048 }, { 6, 220, 2048 }, { 7, 221, 2048 }, { 7, 222, 2048 }, { 8, 223, 2048 }, - { 4, 224, 2048 }, { 5, 225, 2048 }, { 5, 226, 2048 }, { 6, 227, 2048 }, { 5, 228, 2048 }, { 6, 229, 2048 }, { 6, 230, 2048 }, { 7, 231, 2048 }, - { 5, 232, 2048 }, { 6, 233, 2048 }, { 6, 234, 2048 }, { 7, 235, 2048 }, { 6, 236, 2048 }, { 7, 237, 2048 }, { 7, 238, 2048 }, { 8, 239, 2048 }, - { 5, 240, 2048 }, { 6, 241, 2048 }, { 6, 242, 2048 }, { 7, 243, 2048 }, { 6, 244, 2048 }, { 7, 245, 2048 }, { 7, 246, 2048 }, { 8, 247, 2048 }, - { 6, 248, 2048 }, { 7, 249, 2048 }, { 7, 250, 2048 }, { 8, 251, 2048 }, { 7, 252, 2048 }, { 8, 253, 2048 }, { 8, 254, 2048 }, { 9, 255, 2048 }, - { 2, 256, 2048 }, { 3, 257, 2048 }, { 3, 258, 2048 }, { 4, 259, 2048 }, { 3, 260, 2048 }, { 4, 261, 2048 }, { 4, 262, 2048 }, { 5, 263, 2048 }, - { 3, 264, 2048 }, { 4, 265, 2048 }, { 4, 266, 2048 }, { 5, 267, 2048 }, { 4, 268, 2048 }, { 5, 269, 2048 }, { 5, 270, 2048 }, { 6, 271, 2048 }, - { 3, 272, 2048 }, { 4, 273, 2048 }, { 4, 274, 2048 }, { 5, 275, 2048 }, { 4, 276, 2048 }, { 5, 277, 2048 }, { 5, 278, 2048 }, { 6, 279, 2048 }, - { 4, 280, 2048 }, { 5, 281, 2048 }, { 5, 282, 2048 }, { 6, 283, 2048 }, { 5, 284, 2048 }, { 6, 285, 2048 }, { 6, 286, 2048 }, { 7, 287, 2048 }, - { 3, 288, 2048 }, { 4, 289, 2048 }, { 4, 290, 2048 }, { 5, 291, 2048 }, { 4, 292, 2048 }, { 5, 293, 2048 }, { 5, 294, 2048 }, { 6, 295, 2048 }, - { 4, 296, 2048 }, { 5, 297, 2048 }, { 5, 298, 2048 }, { 6, 299, 2048 }, { 5, 300, 2048 }, { 6, 301, 2048 }, { 6, 302, 2048 }, { 7, 303, 2048 }, - { 4, 304, 2048 }, { 5, 305, 2048 }, { 5, 306, 2048 }, { 6, 307, 2048 }, { 5, 308, 2048 }, { 6, 309, 2048 }, { 6, 310, 2048 }, { 7, 311, 2048 }, - { 5, 312, 2048 }, { 6, 313, 2048 }, { 6, 314, 2048 }, { 7, 315, 2048 }, { 6, 316, 2048 }, { 7, 317, 2048 }, { 7, 318, 2048 }, { 8, 319, 2048 }, - { 3, 320, 2048 }, { 4, 321, 2048 }, { 4, 322, 2048 }, { 5, 323, 2048 }, { 4, 324, 2048 }, { 5, 325, 2048 }, { 5, 326, 2048 }, { 6, 327, 2048 }, - { 4, 328, 2048 }, { 5, 329, 2048 }, { 5, 330, 2048 }, { 6, 331, 2048 }, { 5, 332, 2048 }, { 6, 333, 2048 }, { 6, 334, 2048 }, { 7, 335, 2048 }, - { 4, 336, 2048 }, { 5, 337, 2048 }, { 5, 338, 2048 }, { 6, 339, 2048 }, { 5, 340, 2048 }, { 6, 341, 2048 }, { 6, 342, 2048 }, { 7, 343, 2048 }, - { 5, 344, 2048 }, { 6, 345, 2048 }, { 6, 346, 2048 }, { 7, 347, 2048 }, { 6, 348, 2048 }, { 7, 349, 2048 }, { 7, 350, 2048 }, { 8, 351, 2048 }, - { 4, 352, 2048 }, { 5, 353, 2048 }, { 5, 354, 2048 }, { 6, 355, 2048 }, { 5, 356, 2048 }, { 6, 357, 2048 }, { 6, 358, 2048 }, { 7, 359, 2048 }, - { 5, 360, 2048 }, { 6, 361, 2048 }, { 6, 362, 2048 }, { 7, 363, 2048 }, { 6, 364, 2048 }, { 7, 365, 2048 }, { 7, 366, 2048 }, { 8, 367, 2048 }, - { 5, 368, 2048 }, { 6, 369, 2048 }, { 6, 370, 2048 }, { 7, 371, 2048 }, { 6, 372, 2048 }, { 7, 373, 2048 }, { 7, 374, 2048 }, { 8, 375, 2048 }, - { 6, 376, 2048 }, { 7, 377, 2048 }, { 7, 378, 2048 }, { 8, 379, 2048 }, { 7, 380, 2048 }, { 8, 381, 2048 }, { 8, 382, 2048 }, { 9, 383, 2048 }, - { 3, 384, 2048 }, { 4, 385, 2048 }, { 4, 386, 2048 }, { 5, 387, 2048 }, { 4, 388, 2048 }, { 5, 389, 2048 }, { 5, 390, 2048 }, { 6, 391, 2048 }, - { 4, 392, 2048 }, { 5, 393, 2048 }, { 5, 394, 2048 }, { 6, 395, 2048 }, { 5, 396, 2048 }, { 6, 397, 2048 }, { 6, 398, 2048 }, { 7, 399, 2048 }, - { 4, 400, 2048 }, { 5, 401, 2048 }, { 5, 402, 2048 }, { 6, 403, 2048 }, { 5, 404, 2048 }, { 6, 405, 2048 }, { 6, 406, 2048 }, { 7, 407, 2048 }, - { 5, 408, 2048 }, { 6, 409, 2048 }, { 6, 410, 2048 }, { 7, 411, 2048 }, { 6, 412, 2048 }, { 7, 413, 2048 }, { 7, 414, 2048 }, { 8, 415, 2048 }, - { 4, 416, 2048 }, { 5, 417, 2048 }, { 5, 418, 2048 }, { 6, 419, 2048 }, { 5, 420, 2048 }, { 6, 421, 2048 }, { 6, 422, 2048 }, { 7, 423, 2048 }, - { 5, 424, 2048 }, { 6, 425, 2048 }, { 6, 426, 2048 }, { 7, 427, 2048 }, { 6, 428, 2048 }, { 7, 429, 2048 }, { 7, 430, 2048 }, { 8, 431, 2048 }, - { 5, 432, 2048 }, { 6, 433, 2048 }, { 6, 434, 2048 }, { 7, 435, 2048 }, { 6, 436, 2048 }, { 7, 437, 2048 }, { 7, 438, 2048 }, { 8, 439, 2048 }, - { 6, 440, 2048 }, { 7, 441, 2048 }, { 7, 442, 2048 }, { 8, 443, 2048 }, { 7, 444, 2048 }, { 8, 445, 2048 }, { 8, 446, 2048 }, { 9, 447, 2048 }, - { 4, 448, 2048 }, { 5, 449, 2048 }, { 5, 450, 2048 }, { 6, 451, 2048 }, { 5, 452, 2048 }, { 6, 453, 2048 }, { 6, 454, 2048 }, { 7, 455, 2048 }, - { 5, 456, 2048 }, { 6, 457, 2048 }, { 6, 458, 2048 }, { 7, 459, 2048 }, { 6, 460, 2048 }, { 7, 461, 2048 }, { 7, 462, 2048 }, { 8, 463, 2048 }, - { 5, 464, 2048 }, { 6, 465, 2048 }, { 6, 466, 2048 }, { 7, 467, 2048 }, { 6, 468, 2048 }, { 7, 469, 2048 }, { 7, 470, 2048 }, { 8, 471, 2048 }, - { 6, 472, 2048 }, { 7, 473, 2048 }, { 7, 474, 2048 }, { 8, 475, 2048 }, { 7, 476, 2048 }, { 8, 477, 2048 }, { 8, 478, 2048 }, { 9, 479, 2048 }, - { 5, 480, 2048 }, { 6, 481, 2048 }, { 6, 482, 2048 }, { 7, 483, 2048 }, { 6, 484, 2048 }, { 7, 485, 2048 }, { 7, 486, 2048 }, { 8, 487, 2048 }, - { 6, 488, 2048 }, { 7, 489, 2048 }, { 7, 490, 2048 }, { 8, 491, 2048 }, { 7, 492, 2048 }, { 8, 493, 2048 }, { 8, 494, 2048 }, { 9, 495, 2048 }, - { 6, 496, 2048 }, { 7, 497, 2048 }, { 7, 498, 2048 }, { 8, 499, 2048 }, { 7, 500, 2048 }, { 8, 501, 2048 }, { 8, 502, 2048 }, { 9, 503, 2048 }, - { 7, 504, 2048 }, { 8, 505, 2048 }, { 8, 506, 2048 }, { 9, 507, 2048 }, { 8, 508, 2048 }, { 9, 509, 2048 }, { 9, 510, 2048 }, { 10, 511, 2048 }, - { 2, 512, 2048 }, { 3, 513, 2048 }, { 3, 514, 2048 }, { 4, 515, 2048 }, { 3, 516, 2048 }, { 4, 517, 2048 }, { 4, 518, 2048 }, { 5, 519, 2048 }, - { 3, 520, 2048 }, { 4, 521, 2048 }, { 4, 522, 2048 }, { 5, 523, 2048 }, { 4, 524, 2048 }, { 5, 525, 2048 }, { 5, 526, 2048 }, { 6, 527, 2048 }, - { 3, 528, 2048 }, { 4, 529, 2048 }, { 4, 530, 2048 }, { 5, 531, 2048 }, { 4, 532, 2048 }, { 5, 533, 2048 }, { 5, 534, 2048 }, { 6, 535, 2048 }, - { 4, 536, 2048 }, { 5, 537, 2048 }, { 5, 538, 2048 }, { 6, 539, 2048 }, { 5, 540, 2048 }, { 6, 541, 2048 }, { 6, 542, 2048 }, { 7, 543, 2048 }, - { 3, 544, 2048 }, { 4, 545, 2048 }, { 4, 546, 2048 }, { 5, 547, 2048 }, { 4, 548, 2048 }, { 5, 549, 2048 }, { 5, 550, 2048 }, { 6, 551, 2048 }, - { 4, 552, 2048 }, { 5, 553, 2048 }, { 5, 554, 2048 }, { 6, 555, 2048 }, { 5, 556, 2048 }, { 6, 557, 2048 }, { 6, 558, 2048 }, { 7, 559, 2048 }, - { 4, 560, 2048 }, { 5, 561, 2048 }, { 5, 562, 2048 }, { 6, 563, 2048 }, { 5, 564, 2048 }, { 6, 565, 2048 }, { 6, 566, 2048 }, { 7, 567, 2048 }, - { 5, 568, 2048 }, { 6, 569, 2048 }, { 6, 570, 2048 }, { 7, 571, 2048 }, { 6, 572, 2048 }, { 7, 573, 2048 }, { 7, 574, 2048 }, { 8, 575, 2048 }, - { 3, 576, 2048 }, { 4, 577, 2048 }, { 4, 578, 2048 }, { 5, 579, 2048 }, { 4, 580, 2048 }, { 5, 581, 2048 }, { 5, 582, 2048 }, { 6, 583, 2048 }, - { 4, 584, 2048 }, { 5, 585, 2048 }, { 5, 586, 2048 }, { 6, 587, 2048 }, { 5, 588, 2048 }, { 6, 589, 2048 }, { 6, 590, 2048 }, { 7, 591, 2048 }, - { 4, 592, 2048 }, { 5, 593, 2048 }, { 5, 594, 2048 }, { 6, 595, 2048 }, { 5, 596, 2048 }, { 6, 597, 2048 }, { 6, 598, 2048 }, { 7, 599, 2048 }, - { 5, 600, 2048 }, { 6, 601, 2048 }, { 6, 602, 2048 }, { 7, 603, 2048 }, { 6, 604, 2048 }, { 7, 605, 2048 }, { 7, 606, 2048 }, { 8, 607, 2048 }, - { 4, 608, 2048 }, { 5, 609, 2048 }, { 5, 610, 2048 }, { 6, 611, 2048 }, { 5, 612, 2048 }, { 6, 613, 2048 }, { 6, 614, 2048 }, { 7, 615, 2048 }, - { 5, 616, 2048 }, { 6, 617, 2048 }, { 6, 618, 2048 }, { 7, 619, 2048 }, { 6, 620, 2048 }, { 7, 621, 2048 }, { 7, 622, 2048 }, { 8, 623, 2048 }, - { 5, 624, 2048 }, { 6, 625, 2048 }, { 6, 626, 2048 }, { 7, 627, 2048 }, { 6, 628, 2048 }, { 7, 629, 2048 }, { 7, 630, 2048 }, { 8, 631, 2048 }, - { 6, 632, 2048 }, { 7, 633, 2048 }, { 7, 634, 2048 }, { 8, 635, 2048 }, { 7, 636, 2048 }, { 8, 637, 2048 }, { 8, 638, 2048 }, { 9, 639, 2048 }, - { 3, 640, 2048 }, { 4, 641, 2048 }, { 4, 642, 2048 }, { 5, 643, 2048 }, { 4, 644, 2048 }, { 5, 645, 2048 }, { 5, 646, 2048 }, { 6, 647, 2048 }, - { 4, 648, 2048 }, { 5, 649, 2048 }, { 5, 650, 2048 }, { 6, 651, 2048 }, { 5, 652, 2048 }, { 6, 653, 2048 }, { 6, 654, 2048 }, { 7, 655, 2048 }, - { 4, 656, 2048 }, { 5, 657, 2048 }, { 5, 658, 2048 }, { 6, 659, 2048 }, { 5, 660, 2048 }, { 6, 661, 2048 }, { 6, 662, 2048 }, { 7, 663, 2048 }, - { 5, 664, 2048 }, { 6, 665, 2048 }, { 6, 666, 2048 }, { 7, 667, 2048 }, { 6, 668, 2048 }, { 7, 669, 2048 }, { 7, 670, 2048 }, { 8, 671, 2048 }, - { 4, 672, 2048 }, { 5, 673, 2048 }, { 5, 674, 2048 }, { 6, 675, 2048 }, { 5, 676, 2048 }, { 6, 677, 2048 }, { 6, 678, 2048 }, { 7, 679, 2048 }, - { 5, 680, 2048 }, { 6, 681, 2048 }, { 6, 682, 2048 }, { 7, 683, 2048 }, { 6, 684, 2048 }, { 7, 685, 2048 }, { 7, 686, 2048 }, { 8, 687, 2048 }, - { 5, 688, 2048 }, { 6, 689, 2048 }, { 6, 690, 2048 }, { 7, 691, 2048 }, { 6, 692, 2048 }, { 7, 693, 2048 }, { 7, 694, 2048 }, { 8, 695, 2048 }, - { 6, 696, 2048 }, { 7, 697, 2048 }, { 7, 698, 2048 }, { 8, 699, 2048 }, { 7, 700, 2048 }, { 8, 701, 2048 }, { 8, 702, 2048 }, { 9, 703, 2048 }, - { 4, 704, 2048 }, { 5, 705, 2048 }, { 5, 706, 2048 }, { 6, 707, 2048 }, { 5, 708, 2048 }, { 6, 709, 2048 }, { 6, 710, 2048 }, { 7, 711, 2048 }, - { 5, 712, 2048 }, { 6, 713, 2048 }, { 6, 714, 2048 }, { 7, 715, 2048 }, { 6, 716, 2048 }, { 7, 717, 2048 }, { 7, 718, 2048 }, { 8, 719, 2048 }, - { 5, 720, 2048 }, { 6, 721, 2048 }, { 6, 722, 2048 }, { 7, 723, 2048 }, { 6, 724, 2048 }, { 7, 725, 2048 }, { 7, 726, 2048 }, { 8, 727, 2048 }, - { 6, 728, 2048 }, { 7, 729, 2048 }, { 7, 730, 2048 }, { 8, 731, 2048 }, { 7, 732, 2048 }, { 8, 733, 2048 }, { 8, 734, 2048 }, { 9, 735, 2048 }, - { 5, 736, 2048 }, { 6, 737, 2048 }, { 6, 738, 2048 }, { 7, 739, 2048 }, { 6, 740, 2048 }, { 7, 741, 2048 }, { 7, 742, 2048 }, { 8, 743, 2048 }, - { 6, 744, 2048 }, { 7, 745, 2048 }, { 7, 746, 2048 }, { 8, 747, 2048 }, { 7, 748, 2048 }, { 8, 749, 2048 }, { 8, 750, 2048 }, { 9, 751, 2048 }, - { 6, 752, 2048 }, { 7, 753, 2048 }, { 7, 754, 2048 }, { 8, 755, 2048 }, { 7, 756, 2048 }, { 8, 757, 2048 }, { 8, 758, 2048 }, { 9, 759, 2048 }, - { 7, 760, 2048 }, { 8, 761, 2048 }, { 8, 762, 2048 }, { 9, 763, 2048 }, { 8, 764, 2048 }, { 9, 765, 2048 }, { 9, 766, 2048 }, { 10, 767, 2048 }, - { 3, 768, 2048 }, { 4, 769, 2048 }, { 4, 770, 2048 }, { 5, 771, 2048 }, { 4, 772, 2048 }, { 5, 773, 2048 }, { 5, 774, 2048 }, { 6, 775, 2048 }, - { 4, 776, 2048 }, { 5, 777, 2048 }, { 5, 778, 2048 }, { 6, 779, 2048 }, { 5, 780, 2048 }, { 6, 781, 2048 }, { 6, 782, 2048 }, { 7, 783, 2048 }, - { 4, 784, 2048 }, { 5, 785, 2048 }, { 5, 786, 2048 }, { 6, 787, 2048 }, { 5, 788, 2048 }, { 6, 789, 2048 }, { 6, 790, 2048 }, { 7, 791, 2048 }, - { 5, 792, 2048 }, { 6, 793, 2048 }, { 6, 794, 2048 }, { 7, 795, 2048 }, { 6, 796, 2048 }, { 7, 797, 2048 }, { 7, 798, 2048 }, { 8, 799, 2048 }, - { 4, 800, 2048 }, { 5, 801, 2048 }, { 5, 802, 2048 }, { 6, 803, 2048 }, { 5, 804, 2048 }, { 6, 805, 2048 }, { 6, 806, 2048 }, { 7, 807, 2048 }, - { 5, 808, 2048 }, { 6, 809, 2048 }, { 6, 810, 2048 }, { 7, 811, 2048 }, { 6, 812, 2048 }, { 7, 813, 2048 }, { 7, 814, 2048 }, { 8, 815, 2048 }, - { 5, 816, 2048 }, { 6, 817, 2048 }, { 6, 818, 2048 }, { 7, 819, 2048 }, { 6, 820, 2048 }, { 7, 821, 2048 }, { 7, 822, 2048 }, { 8, 823, 2048 }, - { 6, 824, 2048 }, { 7, 825, 2048 }, { 7, 826, 2048 }, { 8, 827, 2048 }, { 7, 828, 2048 }, { 8, 829, 2048 }, { 8, 830, 2048 }, { 9, 831, 2048 }, - { 4, 832, 2048 }, { 5, 833, 2048 }, { 5, 834, 2048 }, { 6, 835, 2048 }, { 5, 836, 2048 }, { 6, 837, 2048 }, { 6, 838, 2048 }, { 7, 839, 2048 }, - { 5, 840, 2048 }, { 6, 841, 2048 }, { 6, 842, 2048 }, { 7, 843, 2048 }, { 6, 844, 2048 }, { 7, 845, 2048 }, { 7, 846, 2048 }, { 8, 847, 2048 }, - { 5, 848, 2048 }, { 6, 849, 2048 }, { 6, 850, 2048 }, { 7, 851, 2048 }, { 6, 852, 2048 }, { 7, 853, 2048 }, { 7, 854, 2048 }, { 8, 855, 2048 }, - { 6, 856, 2048 }, { 7, 857, 2048 }, { 7, 858, 2048 }, { 8, 859, 2048 }, { 7, 860, 2048 }, { 8, 861, 2048 }, { 8, 862, 2048 }, { 9, 863, 2048 }, - { 5, 864, 2048 }, { 6, 865, 2048 }, { 6, 866, 2048 }, { 7, 867, 2048 }, { 6, 868, 2048 }, { 7, 869, 2048 }, { 7, 870, 2048 }, { 8, 871, 2048 }, - { 6, 872, 2048 }, { 7, 873, 2048 }, { 7, 874, 2048 }, { 8, 875, 2048 }, { 7, 876, 2048 }, { 8, 877, 2048 }, { 8, 878, 2048 }, { 9, 879, 2048 }, - { 6, 880, 2048 }, { 7, 881, 2048 }, { 7, 882, 2048 }, { 8, 883, 2048 }, { 7, 884, 2048 }, { 8, 885, 2048 }, { 8, 886, 2048 }, { 9, 887, 2048 }, - { 7, 888, 2048 }, { 8, 889, 2048 }, { 8, 890, 2048 }, { 9, 891, 2048 }, { 8, 892, 2048 }, { 9, 893, 2048 }, { 9, 894, 2048 }, { 10, 895, 2048 }, - { 4, 896, 2048 }, { 5, 897, 2048 }, { 5, 898, 2048 }, { 6, 899, 2048 }, { 5, 900, 2048 }, { 6, 901, 2048 }, { 6, 902, 2048 }, { 7, 903, 2048 }, - { 5, 904, 2048 }, { 6, 905, 2048 }, { 6, 906, 2048 }, { 7, 907, 2048 }, { 6, 908, 2048 }, { 7, 909, 2048 }, { 7, 910, 2048 }, { 8, 911, 2048 }, - { 5, 912, 2048 }, { 6, 913, 2048 }, { 6, 914, 2048 }, { 7, 915, 2048 }, { 6, 916, 2048 }, { 7, 917, 2048 }, { 7, 918, 2048 }, { 8, 919, 2048 }, - { 6, 920, 2048 }, { 7, 921, 2048 }, { 7, 922, 2048 }, { 8, 923, 2048 }, { 7, 924, 2048 }, { 8, 925, 2048 }, { 8, 926, 2048 }, { 9, 927, 2048 }, - { 5, 928, 2048 }, { 6, 929, 2048 }, { 6, 930, 2048 }, { 7, 931, 2048 }, { 6, 932, 2048 }, { 7, 933, 2048 }, { 7, 934, 2048 }, { 8, 935, 2048 }, - { 6, 936, 2048 }, { 7, 937, 2048 }, { 7, 938, 2048 }, { 8, 939, 2048 }, { 7, 940, 2048 }, { 8, 941, 2048 }, { 8, 942, 2048 }, { 9, 943, 2048 }, - { 6, 944, 2048 }, { 7, 945, 2048 }, { 7, 946, 2048 }, { 8, 947, 2048 }, { 7, 948, 2048 }, { 8, 949, 2048 }, { 8, 950, 2048 }, { 9, 951, 2048 }, - { 7, 952, 2048 }, { 8, 953, 2048 }, { 8, 954, 2048 }, { 9, 955, 2048 }, { 8, 956, 2048 }, { 9, 957, 2048 }, { 9, 958, 2048 }, { 10, 959, 2048 }, - { 5, 960, 2048 }, { 6, 961, 2048 }, { 6, 962, 2048 }, { 7, 963, 2048 }, { 6, 964, 2048 }, { 7, 965, 2048 }, { 7, 966, 2048 }, { 8, 967, 2048 }, - { 6, 968, 2048 }, { 7, 969, 2048 }, { 7, 970, 2048 }, { 8, 971, 2048 }, { 7, 972, 2048 }, { 8, 973, 2048 }, { 8, 974, 2048 }, { 9, 975, 2048 }, - { 6, 976, 2048 }, { 7, 977, 2048 }, { 7, 978, 2048 }, { 8, 979, 2048 }, { 7, 980, 2048 }, { 8, 981, 2048 }, { 8, 982, 2048 }, { 9, 983, 2048 }, - { 7, 984, 2048 }, { 8, 985, 2048 }, { 8, 986, 2048 }, { 9, 987, 2048 }, { 8, 988, 2048 }, { 9, 989, 2048 }, { 9, 990, 2048 }, { 10, 991, 2048 }, - { 6, 992, 2048 }, { 7, 993, 2048 }, { 7, 994, 2048 }, { 8, 995, 2048 }, { 7, 996, 2048 }, { 8, 997, 2048 }, { 8, 998, 2048 }, { 9, 999, 2048 }, - { 7, 1000, 2048 }, { 8, 1001, 2048 }, { 8, 1002, 2048 }, { 9, 1003, 2048 }, { 8, 1004, 2048 }, { 9, 1005, 2048 }, { 9, 1006, 2048 }, { 10, 1007, 2048 }, - { 7, 1008, 2048 }, { 8, 1009, 2048 }, { 8, 1010, 2048 }, { 9, 1011, 2048 }, { 8, 1012, 2048 }, { 9, 1013, 2048 }, { 9, 1014, 2048 }, { 10, 1015, 2048 }, - { 8, 1016, 2048 }, { 9, 1017, 2048 }, { 9, 1018, 2048 }, { 10, 1019, 2048 }, { 9, 1020, 2048 }, { 10, 1021, 2048 }, { 10, 1022, 2048 }, { 11, 1023, 2048 }, - { 2, 1024, 2048 }, { 3, 1025, 2048 }, { 3, 1026, 2048 }, { 4, 1027, 2048 }, { 3, 1028, 2048 }, { 4, 1029, 2048 }, { 4, 1030, 2048 }, { 5, 1031, 2048 }, - { 3, 1032, 2048 }, { 4, 1033, 2048 }, { 4, 1034, 2048 }, { 5, 1035, 2048 }, { 4, 1036, 2048 }, { 5, 1037, 2048 }, { 5, 1038, 2048 }, { 6, 1039, 2048 }, - { 3, 1040, 2048 }, { 4, 1041, 2048 }, { 4, 1042, 2048 }, { 5, 1043, 2048 }, { 4, 1044, 2048 }, { 5, 1045, 2048 }, { 5, 1046, 2048 }, { 6, 1047, 2048 }, - { 4, 1048, 2048 }, { 5, 1049, 2048 }, { 5, 1050, 2048 }, { 6, 1051, 2048 }, { 5, 1052, 2048 }, { 6, 1053, 2048 }, { 6, 1054, 2048 }, { 7, 1055, 2048 }, - { 3, 1056, 2048 }, { 4, 1057, 2048 }, { 4, 1058, 2048 }, { 5, 1059, 2048 }, { 4, 1060, 2048 }, { 5, 1061, 2048 }, { 5, 1062, 2048 }, { 6, 1063, 2048 }, - { 4, 1064, 2048 }, { 5, 1065, 2048 }, { 5, 1066, 2048 }, { 6, 1067, 2048 }, { 5, 1068, 2048 }, { 6, 1069, 2048 }, { 6, 1070, 2048 }, { 7, 1071, 2048 }, - { 4, 1072, 2048 }, { 5, 1073, 2048 }, { 5, 1074, 2048 }, { 6, 1075, 2048 }, { 5, 1076, 2048 }, { 6, 1077, 2048 }, { 6, 1078, 2048 }, { 7, 1079, 2048 }, - { 5, 1080, 2048 }, { 6, 1081, 2048 }, { 6, 1082, 2048 }, { 7, 1083, 2048 }, { 6, 1084, 2048 }, { 7, 1085, 2048 }, { 7, 1086, 2048 }, { 8, 1087, 2048 }, - { 3, 1088, 2048 }, { 4, 1089, 2048 }, { 4, 1090, 2048 }, { 5, 1091, 2048 }, { 4, 1092, 2048 }, { 5, 1093, 2048 }, { 5, 1094, 2048 }, { 6, 1095, 2048 }, - { 4, 1096, 2048 }, { 5, 1097, 2048 }, { 5, 1098, 2048 }, { 6, 1099, 2048 }, { 5, 1100, 2048 }, { 6, 1101, 2048 }, { 6, 1102, 2048 }, { 7, 1103, 2048 }, - { 4, 1104, 2048 }, { 5, 1105, 2048 }, { 5, 1106, 2048 }, { 6, 1107, 2048 }, { 5, 1108, 2048 }, { 6, 1109, 2048 }, { 6, 1110, 2048 }, { 7, 1111, 2048 }, - { 5, 1112, 2048 }, { 6, 1113, 2048 }, { 6, 1114, 2048 }, { 7, 1115, 2048 }, { 6, 1116, 2048 }, { 7, 1117, 2048 }, { 7, 1118, 2048 }, { 8, 1119, 2048 }, - { 4, 1120, 2048 }, { 5, 1121, 2048 }, { 5, 1122, 2048 }, { 6, 1123, 2048 }, { 5, 1124, 2048 }, { 6, 1125, 2048 }, { 6, 1126, 2048 }, { 7, 1127, 2048 }, - { 5, 1128, 2048 }, { 6, 1129, 2048 }, { 6, 1130, 2048 }, { 7, 1131, 2048 }, { 6, 1132, 2048 }, { 7, 1133, 2048 }, { 7, 1134, 2048 }, { 8, 1135, 2048 }, - { 5, 1136, 2048 }, { 6, 1137, 2048 }, { 6, 1138, 2048 }, { 7, 1139, 2048 }, { 6, 1140, 2048 }, { 7, 1141, 2048 }, { 7, 1142, 2048 }, { 8, 1143, 2048 }, - { 6, 1144, 2048 }, { 7, 1145, 2048 }, { 7, 1146, 2048 }, { 8, 1147, 2048 }, { 7, 1148, 2048 }, { 8, 1149, 2048 }, { 8, 1150, 2048 }, { 9, 1151, 2048 }, - { 3, 1152, 2048 }, { 4, 1153, 2048 }, { 4, 1154, 2048 }, { 5, 1155, 2048 }, { 4, 1156, 2048 }, { 5, 1157, 2048 }, { 5, 1158, 2048 }, { 6, 1159, 2048 }, - { 4, 1160, 2048 }, { 5, 1161, 2048 }, { 5, 1162, 2048 }, { 6, 1163, 2048 }, { 5, 1164, 2048 }, { 6, 1165, 2048 }, { 6, 1166, 2048 }, { 7, 1167, 2048 }, - { 4, 1168, 2048 }, { 5, 1169, 2048 }, { 5, 1170, 2048 }, { 6, 1171, 2048 }, { 5, 1172, 2048 }, { 6, 1173, 2048 }, { 6, 1174, 2048 }, { 7, 1175, 2048 }, - { 5, 1176, 2048 }, { 6, 1177, 2048 }, { 6, 1178, 2048 }, { 7, 1179, 2048 }, { 6, 1180, 2048 }, { 7, 1181, 2048 }, { 7, 1182, 2048 }, { 8, 1183, 2048 }, - { 4, 1184, 2048 }, { 5, 1185, 2048 }, { 5, 1186, 2048 }, { 6, 1187, 2048 }, { 5, 1188, 2048 }, { 6, 1189, 2048 }, { 6, 1190, 2048 }, { 7, 1191, 2048 }, - { 5, 1192, 2048 }, { 6, 1193, 2048 }, { 6, 1194, 2048 }, { 7, 1195, 2048 }, { 6, 1196, 2048 }, { 7, 1197, 2048 }, { 7, 1198, 2048 }, { 8, 1199, 2048 }, - { 5, 1200, 2048 }, { 6, 1201, 2048 }, { 6, 1202, 2048 }, { 7, 1203, 2048 }, { 6, 1204, 2048 }, { 7, 1205, 2048 }, { 7, 1206, 2048 }, { 8, 1207, 2048 }, - { 6, 1208, 2048 }, { 7, 1209, 2048 }, { 7, 1210, 2048 }, { 8, 1211, 2048 }, { 7, 1212, 2048 }, { 8, 1213, 2048 }, { 8, 1214, 2048 }, { 9, 1215, 2048 }, - { 4, 1216, 2048 }, { 5, 1217, 2048 }, { 5, 1218, 2048 }, { 6, 1219, 2048 }, { 5, 1220, 2048 }, { 6, 1221, 2048 }, { 6, 1222, 2048 }, { 7, 1223, 2048 }, - { 5, 1224, 2048 }, { 6, 1225, 2048 }, { 6, 1226, 2048 }, { 7, 1227, 2048 }, { 6, 1228, 2048 }, { 7, 1229, 2048 }, { 7, 1230, 2048 }, { 8, 1231, 2048 }, - { 5, 1232, 2048 }, { 6, 1233, 2048 }, { 6, 1234, 2048 }, { 7, 1235, 2048 }, { 6, 1236, 2048 }, { 7, 1237, 2048 }, { 7, 1238, 2048 }, { 8, 1239, 2048 }, - { 6, 1240, 2048 }, { 7, 1241, 2048 }, { 7, 1242, 2048 }, { 8, 1243, 2048 }, { 7, 1244, 2048 }, { 8, 1245, 2048 }, { 8, 1246, 2048 }, { 9, 1247, 2048 }, - { 5, 1248, 2048 }, { 6, 1249, 2048 }, { 6, 1250, 2048 }, { 7, 1251, 2048 }, { 6, 1252, 2048 }, { 7, 1253, 2048 }, { 7, 1254, 2048 }, { 8, 1255, 2048 }, - { 6, 1256, 2048 }, { 7, 1257, 2048 }, { 7, 1258, 2048 }, { 8, 1259, 2048 }, { 7, 1260, 2048 }, { 8, 1261, 2048 }, { 8, 1262, 2048 }, { 9, 1263, 2048 }, - { 6, 1264, 2048 }, { 7, 1265, 2048 }, { 7, 1266, 2048 }, { 8, 1267, 2048 }, { 7, 1268, 2048 }, { 8, 1269, 2048 }, { 8, 1270, 2048 }, { 9, 1271, 2048 }, - { 7, 1272, 2048 }, { 8, 1273, 2048 }, { 8, 1274, 2048 }, { 9, 1275, 2048 }, { 8, 1276, 2048 }, { 9, 1277, 2048 }, { 9, 1278, 2048 }, { 10, 1279, 2048 }, - { 3, 1280, 2048 }, { 4, 1281, 2048 }, { 4, 1282, 2048 }, { 5, 1283, 2048 }, { 4, 1284, 2048 }, { 5, 1285, 2048 }, { 5, 1286, 2048 }, { 6, 1287, 2048 }, - { 4, 1288, 2048 }, { 5, 1289, 2048 }, { 5, 1290, 2048 }, { 6, 1291, 2048 }, { 5, 1292, 2048 }, { 6, 1293, 2048 }, { 6, 1294, 2048 }, { 7, 1295, 2048 }, - { 4, 1296, 2048 }, { 5, 1297, 2048 }, { 5, 1298, 2048 }, { 6, 1299, 2048 }, { 5, 1300, 2048 }, { 6, 1301, 2048 }, { 6, 1302, 2048 }, { 7, 1303, 2048 }, - { 5, 1304, 2048 }, { 6, 1305, 2048 }, { 6, 1306, 2048 }, { 7, 1307, 2048 }, { 6, 1308, 2048 }, { 7, 1309, 2048 }, { 7, 1310, 2048 }, { 8, 1311, 2048 }, - { 4, 1312, 2048 }, { 5, 1313, 2048 }, { 5, 1314, 2048 }, { 6, 1315, 2048 }, { 5, 1316, 2048 }, { 6, 1317, 2048 }, { 6, 1318, 2048 }, { 7, 1319, 2048 }, - { 5, 1320, 2048 }, { 6, 1321, 2048 }, { 6, 1322, 2048 }, { 7, 1323, 2048 }, { 6, 1324, 2048 }, { 7, 1325, 2048 }, { 7, 1326, 2048 }, { 8, 1327, 2048 }, - { 5, 1328, 2048 }, { 6, 1329, 2048 }, { 6, 1330, 2048 }, { 7, 1331, 2048 }, { 6, 1332, 2048 }, { 7, 1333, 2048 }, { 7, 1334, 2048 }, { 8, 1335, 2048 }, - { 6, 1336, 2048 }, { 7, 1337, 2048 }, { 7, 1338, 2048 }, { 8, 1339, 2048 }, { 7, 1340, 2048 }, { 8, 1341, 2048 }, { 8, 1342, 2048 }, { 9, 1343, 2048 }, - { 4, 1344, 2048 }, { 5, 1345, 2048 }, { 5, 1346, 2048 }, { 6, 1347, 2048 }, { 5, 1348, 2048 }, { 6, 1349, 2048 }, { 6, 1350, 2048 }, { 7, 1351, 2048 }, - { 5, 1352, 2048 }, { 6, 1353, 2048 }, { 6, 1354, 2048 }, { 7, 1355, 2048 }, { 6, 1356, 2048 }, { 7, 1357, 2048 }, { 7, 1358, 2048 }, { 8, 1359, 2048 }, - { 5, 1360, 2048 }, { 6, 1361, 2048 }, { 6, 1362, 2048 }, { 7, 1363, 2048 }, { 6, 1364, 2048 }, { 7, 1365, 2048 }, { 7, 1366, 2048 }, { 8, 1367, 2048 }, - { 6, 1368, 2048 }, { 7, 1369, 2048 }, { 7, 1370, 2048 }, { 8, 1371, 2048 }, { 7, 1372, 2048 }, { 8, 1373, 2048 }, { 8, 1374, 2048 }, { 9, 1375, 2048 }, - { 5, 1376, 2048 }, { 6, 1377, 2048 }, { 6, 1378, 2048 }, { 7, 1379, 2048 }, { 6, 1380, 2048 }, { 7, 1381, 2048 }, { 7, 1382, 2048 }, { 8, 1383, 2048 }, - { 6, 1384, 2048 }, { 7, 1385, 2048 }, { 7, 1386, 2048 }, { 8, 1387, 2048 }, { 7, 1388, 2048 }, { 8, 1389, 2048 }, { 8, 1390, 2048 }, { 9, 1391, 2048 }, - { 6, 1392, 2048 }, { 7, 1393, 2048 }, { 7, 1394, 2048 }, { 8, 1395, 2048 }, { 7, 1396, 2048 }, { 8, 1397, 2048 }, { 8, 1398, 2048 }, { 9, 1399, 2048 }, - { 7, 1400, 2048 }, { 8, 1401, 2048 }, { 8, 1402, 2048 }, { 9, 1403, 2048 }, { 8, 1404, 2048 }, { 9, 1405, 2048 }, { 9, 1406, 2048 }, { 10, 1407, 2048 }, - { 4, 1408, 2048 }, { 5, 1409, 2048 }, { 5, 1410, 2048 }, { 6, 1411, 2048 }, { 5, 1412, 2048 }, { 6, 1413, 2048 }, { 6, 1414, 2048 }, { 7, 1415, 2048 }, - { 5, 1416, 2048 }, { 6, 1417, 2048 }, { 6, 1418, 2048 }, { 7, 1419, 2048 }, { 6, 1420, 2048 }, { 7, 1421, 2048 }, { 7, 1422, 2048 }, { 8, 1423, 2048 }, - { 5, 1424, 2048 }, { 6, 1425, 2048 }, { 6, 1426, 2048 }, { 7, 1427, 2048 }, { 6, 1428, 2048 }, { 7, 1429, 2048 }, { 7, 1430, 2048 }, { 8, 1431, 2048 }, - { 6, 1432, 2048 }, { 7, 1433, 2048 }, { 7, 1434, 2048 }, { 8, 1435, 2048 }, { 7, 1436, 2048 }, { 8, 1437, 2048 }, { 8, 1438, 2048 }, { 9, 1439, 2048 }, - { 5, 1440, 2048 }, { 6, 1441, 2048 }, { 6, 1442, 2048 }, { 7, 1443, 2048 }, { 6, 1444, 2048 }, { 7, 1445, 2048 }, { 7, 1446, 2048 }, { 8, 1447, 2048 }, - { 6, 1448, 2048 }, { 7, 1449, 2048 }, { 7, 1450, 2048 }, { 8, 1451, 2048 }, { 7, 1452, 2048 }, { 8, 1453, 2048 }, { 8, 1454, 2048 }, { 9, 1455, 2048 }, - { 6, 1456, 2048 }, { 7, 1457, 2048 }, { 7, 1458, 2048 }, { 8, 1459, 2048 }, { 7, 1460, 2048 }, { 8, 1461, 2048 }, { 8, 1462, 2048 }, { 9, 1463, 2048 }, - { 7, 1464, 2048 }, { 8, 1465, 2048 }, { 8, 1466, 2048 }, { 9, 1467, 2048 }, { 8, 1468, 2048 }, { 9, 1469, 2048 }, { 9, 1470, 2048 }, { 10, 1471, 2048 }, - { 5, 1472, 2048 }, { 6, 1473, 2048 }, { 6, 1474, 2048 }, { 7, 1475, 2048 }, { 6, 1476, 2048 }, { 7, 1477, 2048 }, { 7, 1478, 2048 }, { 8, 1479, 2048 }, - { 6, 1480, 2048 }, { 7, 1481, 2048 }, { 7, 1482, 2048 }, { 8, 1483, 2048 }, { 7, 1484, 2048 }, { 8, 1485, 2048 }, { 8, 1486, 2048 }, { 9, 1487, 2048 }, - { 6, 1488, 2048 }, { 7, 1489, 2048 }, { 7, 1490, 2048 }, { 8, 1491, 2048 }, { 7, 1492, 2048 }, { 8, 1493, 2048 }, { 8, 1494, 2048 }, { 9, 1495, 2048 }, - { 7, 1496, 2048 }, { 8, 1497, 2048 }, { 8, 1498, 2048 }, { 9, 1499, 2048 }, { 8, 1500, 2048 }, { 9, 1501, 2048 }, { 9, 1502, 2048 }, { 10, 1503, 2048 }, - { 6, 1504, 2048 }, { 7, 1505, 2048 }, { 7, 1506, 2048 }, { 8, 1507, 2048 }, { 7, 1508, 2048 }, { 8, 1509, 2048 }, { 8, 1510, 2048 }, { 9, 1511, 2048 }, - { 7, 1512, 2048 }, { 8, 1513, 2048 }, { 8, 1514, 2048 }, { 9, 1515, 2048 }, { 8, 1516, 2048 }, { 9, 1517, 2048 }, { 9, 1518, 2048 }, { 10, 1519, 2048 }, - { 7, 1520, 2048 }, { 8, 1521, 2048 }, { 8, 1522, 2048 }, { 9, 1523, 2048 }, { 8, 1524, 2048 }, { 9, 1525, 2048 }, { 9, 1526, 2048 }, { 10, 1527, 2048 }, - { 8, 1528, 2048 }, { 9, 1529, 2048 }, { 9, 1530, 2048 }, { 10, 1531, 2048 }, { 9, 1532, 2048 }, { 10, 1533, 2048 }, { 10, 1534, 2048 }, { 11, 1535, 2048 }, - { 3, 1536, 2048 }, { 4, 1537, 2048 }, { 4, 1538, 2048 }, { 5, 1539, 2048 }, { 4, 1540, 2048 }, { 5, 1541, 2048 }, { 5, 1542, 2048 }, { 6, 1543, 2048 }, - { 4, 1544, 2048 }, { 5, 1545, 2048 }, { 5, 1546, 2048 }, { 6, 1547, 2048 }, { 5, 1548, 2048 }, { 6, 1549, 2048 }, { 6, 1550, 2048 }, { 7, 1551, 2048 }, - { 4, 1552, 2048 }, { 5, 1553, 2048 }, { 5, 1554, 2048 }, { 6, 1555, 2048 }, { 5, 1556, 2048 }, { 6, 1557, 2048 }, { 6, 1558, 2048 }, { 7, 1559, 2048 }, - { 5, 1560, 2048 }, { 6, 1561, 2048 }, { 6, 1562, 2048 }, { 7, 1563, 2048 }, { 6, 1564, 2048 }, { 7, 1565, 2048 }, { 7, 1566, 2048 }, { 8, 1567, 2048 }, - { 4, 1568, 2048 }, { 5, 1569, 2048 }, { 5, 1570, 2048 }, { 6, 1571, 2048 }, { 5, 1572, 2048 }, { 6, 1573, 2048 }, { 6, 1574, 2048 }, { 7, 1575, 2048 }, - { 5, 1576, 2048 }, { 6, 1577, 2048 }, { 6, 1578, 2048 }, { 7, 1579, 2048 }, { 6, 1580, 2048 }, { 7, 1581, 2048 }, { 7, 1582, 2048 }, { 8, 1583, 2048 }, - { 5, 1584, 2048 }, { 6, 1585, 2048 }, { 6, 1586, 2048 }, { 7, 1587, 2048 }, { 6, 1588, 2048 }, { 7, 1589, 2048 }, { 7, 1590, 2048 }, { 8, 1591, 2048 }, - { 6, 1592, 2048 }, { 7, 1593, 2048 }, { 7, 1594, 2048 }, { 8, 1595, 2048 }, { 7, 1596, 2048 }, { 8, 1597, 2048 }, { 8, 1598, 2048 }, { 9, 1599, 2048 }, - { 4, 1600, 2048 }, { 5, 1601, 2048 }, { 5, 1602, 2048 }, { 6, 1603, 2048 }, { 5, 1604, 2048 }, { 6, 1605, 2048 }, { 6, 1606, 2048 }, { 7, 1607, 2048 }, - { 5, 1608, 2048 }, { 6, 1609, 2048 }, { 6, 1610, 2048 }, { 7, 1611, 2048 }, { 6, 1612, 2048 }, { 7, 1613, 2048 }, { 7, 1614, 2048 }, { 8, 1615, 2048 }, - { 5, 1616, 2048 }, { 6, 1617, 2048 }, { 6, 1618, 2048 }, { 7, 1619, 2048 }, { 6, 1620, 2048 }, { 7, 1621, 2048 }, { 7, 1622, 2048 }, { 8, 1623, 2048 }, - { 6, 1624, 2048 }, { 7, 1625, 2048 }, { 7, 1626, 2048 }, { 8, 1627, 2048 }, { 7, 1628, 2048 }, { 8, 1629, 2048 }, { 8, 1630, 2048 }, { 9, 1631, 2048 }, - { 5, 1632, 2048 }, { 6, 1633, 2048 }, { 6, 1634, 2048 }, { 7, 1635, 2048 }, { 6, 1636, 2048 }, { 7, 1637, 2048 }, { 7, 1638, 2048 }, { 8, 1639, 2048 }, - { 6, 1640, 2048 }, { 7, 1641, 2048 }, { 7, 1642, 2048 }, { 8, 1643, 2048 }, { 7, 1644, 2048 }, { 8, 1645, 2048 }, { 8, 1646, 2048 }, { 9, 1647, 2048 }, - { 6, 1648, 2048 }, { 7, 1649, 2048 }, { 7, 1650, 2048 }, { 8, 1651, 2048 }, { 7, 1652, 2048 }, { 8, 1653, 2048 }, { 8, 1654, 2048 }, { 9, 1655, 2048 }, - { 7, 1656, 2048 }, { 8, 1657, 2048 }, { 8, 1658, 2048 }, { 9, 1659, 2048 }, { 8, 1660, 2048 }, { 9, 1661, 2048 }, { 9, 1662, 2048 }, { 10, 1663, 2048 }, - { 4, 1664, 2048 }, { 5, 1665, 2048 }, { 5, 1666, 2048 }, { 6, 1667, 2048 }, { 5, 1668, 2048 }, { 6, 1669, 2048 }, { 6, 1670, 2048 }, { 7, 1671, 2048 }, - { 5, 1672, 2048 }, { 6, 1673, 2048 }, { 6, 1674, 2048 }, { 7, 1675, 2048 }, { 6, 1676, 2048 }, { 7, 1677, 2048 }, { 7, 1678, 2048 }, { 8, 1679, 2048 }, - { 5, 1680, 2048 }, { 6, 1681, 2048 }, { 6, 1682, 2048 }, { 7, 1683, 2048 }, { 6, 1684, 2048 }, { 7, 1685, 2048 }, { 7, 1686, 2048 }, { 8, 1687, 2048 }, - { 6, 1688, 2048 }, { 7, 1689, 2048 }, { 7, 1690, 2048 }, { 8, 1691, 2048 }, { 7, 1692, 2048 }, { 8, 1693, 2048 }, { 8, 1694, 2048 }, { 9, 1695, 2048 }, - { 5, 1696, 2048 }, { 6, 1697, 2048 }, { 6, 1698, 2048 }, { 7, 1699, 2048 }, { 6, 1700, 2048 }, { 7, 1701, 2048 }, { 7, 1702, 2048 }, { 8, 1703, 2048 }, - { 6, 1704, 2048 }, { 7, 1705, 2048 }, { 7, 1706, 2048 }, { 8, 1707, 2048 }, { 7, 1708, 2048 }, { 8, 1709, 2048 }, { 8, 1710, 2048 }, { 9, 1711, 2048 }, - { 6, 1712, 2048 }, { 7, 1713, 2048 }, { 7, 1714, 2048 }, { 8, 1715, 2048 }, { 7, 1716, 2048 }, { 8, 1717, 2048 }, { 8, 1718, 2048 }, { 9, 1719, 2048 }, - { 7, 1720, 2048 }, { 8, 1721, 2048 }, { 8, 1722, 2048 }, { 9, 1723, 2048 }, { 8, 1724, 2048 }, { 9, 1725, 2048 }, { 9, 1726, 2048 }, { 10, 1727, 2048 }, - { 5, 1728, 2048 }, { 6, 1729, 2048 }, { 6, 1730, 2048 }, { 7, 1731, 2048 }, { 6, 1732, 2048 }, { 7, 1733, 2048 }, { 7, 1734, 2048 }, { 8, 1735, 2048 }, - { 6, 1736, 2048 }, { 7, 1737, 2048 }, { 7, 1738, 2048 }, { 8, 1739, 2048 }, { 7, 1740, 2048 }, { 8, 1741, 2048 }, { 8, 1742, 2048 }, { 9, 1743, 2048 }, - { 6, 1744, 2048 }, { 7, 1745, 2048 }, { 7, 1746, 2048 }, { 8, 1747, 2048 }, { 7, 1748, 2048 }, { 8, 1749, 2048 }, { 8, 1750, 2048 }, { 9, 1751, 2048 }, - { 7, 1752, 2048 }, { 8, 1753, 2048 }, { 8, 1754, 2048 }, { 9, 1755, 2048 }, { 8, 1756, 2048 }, { 9, 1757, 2048 }, { 9, 1758, 2048 }, { 10, 1759, 2048 }, - { 6, 1760, 2048 }, { 7, 1761, 2048 }, { 7, 1762, 2048 }, { 8, 1763, 2048 }, { 7, 1764, 2048 }, { 8, 1765, 2048 }, { 8, 1766, 2048 }, { 9, 1767, 2048 }, - { 7, 1768, 2048 }, { 8, 1769, 2048 }, { 8, 1770, 2048 }, { 9, 1771, 2048 }, { 8, 1772, 2048 }, { 9, 1773, 2048 }, { 9, 1774, 2048 }, { 10, 1775, 2048 }, - { 7, 1776, 2048 }, { 8, 1777, 2048 }, { 8, 1778, 2048 }, { 9, 1779, 2048 }, { 8, 1780, 2048 }, { 9, 1781, 2048 }, { 9, 1782, 2048 }, { 10, 1783, 2048 }, - { 8, 1784, 2048 }, { 9, 1785, 2048 }, { 9, 1786, 2048 }, { 10, 1787, 2048 }, { 9, 1788, 2048 }, { 10, 1789, 2048 }, { 10, 1790, 2048 }, { 11, 1791, 2048 }, - { 4, 1792, 2048 }, { 5, 1793, 2048 }, { 5, 1794, 2048 }, { 6, 1795, 2048 }, { 5, 1796, 2048 }, { 6, 1797, 2048 }, { 6, 1798, 2048 }, { 7, 1799, 2048 }, - { 5, 1800, 2048 }, { 6, 1801, 2048 }, { 6, 1802, 2048 }, { 7, 1803, 2048 }, { 6, 1804, 2048 }, { 7, 1805, 2048 }, { 7, 1806, 2048 }, { 8, 1807, 2048 }, - { 5, 1808, 2048 }, { 6, 1809, 2048 }, { 6, 1810, 2048 }, { 7, 1811, 2048 }, { 6, 1812, 2048 }, { 7, 1813, 2048 }, { 7, 1814, 2048 }, { 8, 1815, 2048 }, - { 6, 1816, 2048 }, { 7, 1817, 2048 }, { 7, 1818, 2048 }, { 8, 1819, 2048 }, { 7, 1820, 2048 }, { 8, 1821, 2048 }, { 8, 1822, 2048 }, { 9, 1823, 2048 }, - { 5, 1824, 2048 }, { 6, 1825, 2048 }, { 6, 1826, 2048 }, { 7, 1827, 2048 }, { 6, 1828, 2048 }, { 7, 1829, 2048 }, { 7, 1830, 2048 }, { 8, 1831, 2048 }, - { 6, 1832, 2048 }, { 7, 1833, 2048 }, { 7, 1834, 2048 }, { 8, 1835, 2048 }, { 7, 1836, 2048 }, { 8, 1837, 2048 }, { 8, 1838, 2048 }, { 9, 1839, 2048 }, - { 6, 1840, 2048 }, { 7, 1841, 2048 }, { 7, 1842, 2048 }, { 8, 1843, 2048 }, { 7, 1844, 2048 }, { 8, 1845, 2048 }, { 8, 1846, 2048 }, { 9, 1847, 2048 }, - { 7, 1848, 2048 }, { 8, 1849, 2048 }, { 8, 1850, 2048 }, { 9, 1851, 2048 }, { 8, 1852, 2048 }, { 9, 1853, 2048 }, { 9, 1854, 2048 }, { 10, 1855, 2048 }, - { 5, 1856, 2048 }, { 6, 1857, 2048 }, { 6, 1858, 2048 }, { 7, 1859, 2048 }, { 6, 1860, 2048 }, { 7, 1861, 2048 }, { 7, 1862, 2048 }, { 8, 1863, 2048 }, - { 6, 1864, 2048 }, { 7, 1865, 2048 }, { 7, 1866, 2048 }, { 8, 1867, 2048 }, { 7, 1868, 2048 }, { 8, 1869, 2048 }, { 8, 1870, 2048 }, { 9, 1871, 2048 }, - { 6, 1872, 2048 }, { 7, 1873, 2048 }, { 7, 1874, 2048 }, { 8, 1875, 2048 }, { 7, 1876, 2048 }, { 8, 1877, 2048 }, { 8, 1878, 2048 }, { 9, 1879, 2048 }, - { 7, 1880, 2048 }, { 8, 1881, 2048 }, { 8, 1882, 2048 }, { 9, 1883, 2048 }, { 8, 1884, 2048 }, { 9, 1885, 2048 }, { 9, 1886, 2048 }, { 10, 1887, 2048 }, - { 6, 1888, 2048 }, { 7, 1889, 2048 }, { 7, 1890, 2048 }, { 8, 1891, 2048 }, { 7, 1892, 2048 }, { 8, 1893, 2048 }, { 8, 1894, 2048 }, { 9, 1895, 2048 }, - { 7, 1896, 2048 }, { 8, 1897, 2048 }, { 8, 1898, 2048 }, { 9, 1899, 2048 }, { 8, 1900, 2048 }, { 9, 1901, 2048 }, { 9, 1902, 2048 }, { 10, 1903, 2048 }, - { 7, 1904, 2048 }, { 8, 1905, 2048 }, { 8, 1906, 2048 }, { 9, 1907, 2048 }, { 8, 1908, 2048 }, { 9, 1909, 2048 }, { 9, 1910, 2048 }, { 10, 1911, 2048 }, - { 8, 1912, 2048 }, { 9, 1913, 2048 }, { 9, 1914, 2048 }, { 10, 1915, 2048 }, { 9, 1916, 2048 }, { 10, 1917, 2048 }, { 10, 1918, 2048 }, { 11, 1919, 2048 }, - { 5, 1920, 2048 }, { 6, 1921, 2048 }, { 6, 1922, 2048 }, { 7, 1923, 2048 }, { 6, 1924, 2048 }, { 7, 1925, 2048 }, { 7, 1926, 2048 }, { 8, 1927, 2048 }, - { 6, 1928, 2048 }, { 7, 1929, 2048 }, { 7, 1930, 2048 }, { 8, 1931, 2048 }, { 7, 1932, 2048 }, { 8, 1933, 2048 }, { 8, 1934, 2048 }, { 9, 1935, 2048 }, - { 6, 1936, 2048 }, { 7, 1937, 2048 }, { 7, 1938, 2048 }, { 8, 1939, 2048 }, { 7, 1940, 2048 }, { 8, 1941, 2048 }, { 8, 1942, 2048 }, { 9, 1943, 2048 }, - { 7, 1944, 2048 }, { 8, 1945, 2048 }, { 8, 1946, 2048 }, { 9, 1947, 2048 }, { 8, 1948, 2048 }, { 9, 1949, 2048 }, { 9, 1950, 2048 }, { 10, 1951, 2048 }, - { 6, 1952, 2048 }, { 7, 1953, 2048 }, { 7, 1954, 2048 }, { 8, 1955, 2048 }, { 7, 1956, 2048 }, { 8, 1957, 2048 }, { 8, 1958, 2048 }, { 9, 1959, 2048 }, - { 7, 1960, 2048 }, { 8, 1961, 2048 }, { 8, 1962, 2048 }, { 9, 1963, 2048 }, { 8, 1964, 2048 }, { 9, 1965, 2048 }, { 9, 1966, 2048 }, { 10, 1967, 2048 }, - { 7, 1968, 2048 }, { 8, 1969, 2048 }, { 8, 1970, 2048 }, { 9, 1971, 2048 }, { 8, 1972, 2048 }, { 9, 1973, 2048 }, { 9, 1974, 2048 }, { 10, 1975, 2048 }, - { 8, 1976, 2048 }, { 9, 1977, 2048 }, { 9, 1978, 2048 }, { 10, 1979, 2048 }, { 9, 1980, 2048 }, { 10, 1981, 2048 }, { 10, 1982, 2048 }, { 11, 1983, 2048 }, - { 6, 1984, 2048 }, { 7, 1985, 2048 }, { 7, 1986, 2048 }, { 8, 1987, 2048 }, { 7, 1988, 2048 }, { 8, 1989, 2048 }, { 8, 1990, 2048 }, { 9, 1991, 2048 }, - { 7, 1992, 2048 }, { 8, 1993, 2048 }, { 8, 1994, 2048 }, { 9, 1995, 2048 }, { 8, 1996, 2048 }, { 9, 1997, 2048 }, { 9, 1998, 2048 }, { 10, 1999, 2048 }, - { 7, 2000, 2048 }, { 8, 2001, 2048 }, { 8, 2002, 2048 }, { 9, 2003, 2048 }, { 8, 2004, 2048 }, { 9, 2005, 2048 }, { 9, 2006, 2048 }, { 10, 2007, 2048 }, - { 8, 2008, 2048 }, { 9, 2009, 2048 }, { 9, 2010, 2048 }, { 10, 2011, 2048 }, { 9, 2012, 2048 }, { 10, 2013, 2048 }, { 10, 2014, 2048 }, { 11, 2015, 2048 }, - { 7, 2016, 2048 }, { 8, 2017, 2048 }, { 8, 2018, 2048 }, { 9, 2019, 2048 }, { 8, 2020, 2048 }, { 9, 2021, 2048 }, { 9, 2022, 2048 }, { 10, 2023, 2048 }, - { 8, 2024, 2048 }, { 9, 2025, 2048 }, { 9, 2026, 2048 }, { 10, 2027, 2048 }, { 9, 2028, 2048 }, { 10, 2029, 2048 }, { 10, 2030, 2048 }, { 11, 2031, 2048 }, - { 8, 2032, 2048 }, { 9, 2033, 2048 }, { 9, 2034, 2048 }, { 10, 2035, 2048 }, { 9, 2036, 2048 }, { 10, 2037, 2048 }, { 10, 2038, 2048 }, { 11, 2039, 2048 }, - { 9, 2040, 2048 }, { 10, 2041, 2048 }, { 10, 2042, 2048 }, { 11, 2043, 2048 }, { 10, 2044, 2048 }, { 11, 2045, 2048 }, { 11, 2046, 2048 }, { 12, 2047, 2048 }, -#endif -#endif -#endif -#endif -#endif -#endif -}; - -/* find a hole and free as required, return -1 if no hole found */ -static int _find_hole(void) -{ - unsigned x; - int y, z; - for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) { - if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) { - z = x; - y = fp_cache[x].lru_count; - } - } - - /* decrease all */ - for (x = 0; x < FP_ENTRIES; x++) { - if (fp_cache[x].lru_count > 3) { - --(fp_cache[x].lru_count); - } - } - - /* free entry z */ - if (z >= 0 && fp_cache[z].g) { - if (fp_cache[z].mu != NULL) { - mp_clear(fp_cache[z].mu); - fp_cache[z].mu = NULL; - } - ltc_ecc_del_point(fp_cache[z].g); - fp_cache[z].g = NULL; - for (x = 0; x < (1U<<FP_LUT); x++) { - ltc_ecc_del_point(fp_cache[z].LUT[x]); - fp_cache[z].LUT[x] = NULL; - } - fp_cache[z].lru_count = 0; - } - return z; -} - -/* determine if a base is already in the cache and if so, where */ -static int _find_base(ecc_point *g) -{ - int x; - for (x = 0; x < FP_ENTRIES; x++) { - if (fp_cache[x].g != NULL && - mp_cmp(fp_cache[x].g->x, g->x) == LTC_MP_EQ && - mp_cmp(fp_cache[x].g->y, g->y) == LTC_MP_EQ && - mp_cmp(fp_cache[x].g->z, g->z) == LTC_MP_EQ) { - break; - } - } - if (x == FP_ENTRIES) { - x = -1; - } - return x; -} - -/* add a new base to the cache */ -static int _add_entry(int idx, ecc_point *g) -{ - unsigned x, y; - - /* allocate base and LUT */ - fp_cache[idx].g = ltc_ecc_new_point(); - if (fp_cache[idx].g == NULL) { - return CRYPT_MEM; - } - - /* copy x and y */ - if ((mp_copy(g->x, fp_cache[idx].g->x) != CRYPT_OK) || - (mp_copy(g->y, fp_cache[idx].g->y) != CRYPT_OK) || - (mp_copy(g->z, fp_cache[idx].g->z) != CRYPT_OK)) { - ltc_ecc_del_point(fp_cache[idx].g); - fp_cache[idx].g = NULL; - return CRYPT_MEM; - } - - for (x = 0; x < (1U<<FP_LUT); x++) { - fp_cache[idx].LUT[x] = ltc_ecc_new_point(); - if (fp_cache[idx].LUT[x] == NULL) { - for (y = 0; y < x; y++) { - ltc_ecc_del_point(fp_cache[idx].LUT[y]); - fp_cache[idx].LUT[y] = NULL; - } - ltc_ecc_del_point(fp_cache[idx].g); - fp_cache[idx].g = NULL; - fp_cache[idx].lru_count = 0; - return CRYPT_MEM; - } - } - - fp_cache[idx].lru_count = 0; - return CRYPT_OK; -} - -/* build the LUT by spacing the bits of the input by #modulus/FP_LUT bits apart - * - * The algorithm builds patterns in increasing bit order by first making all - * single bit input patterns, then all two bit input patterns and so on - */ -static int _build_lut(int idx, void *modulus, void *mp, void *mu) -{ - unsigned x, y, err, bitlen, lut_gap; - void *tmp; - - tmp = NULL; - - /* sanity check to make sure lut_order table is of correct size, should compile out to a NOP if true */ - if ((sizeof(lut_orders) / sizeof(lut_orders[0])) < (1U<<FP_LUT)) { - err = CRYPT_INVALID_ARG; - goto DONE; - } - - /* get bitlen and round up to next multiple of FP_LUT */ - bitlen = mp_unsigned_bin_size(modulus) << 3; - x = bitlen % FP_LUT; - if (x) { - bitlen += FP_LUT - x; - } - lut_gap = bitlen / FP_LUT; - - /* init the mu */ - if ((err = mp_init_copy(&fp_cache[idx].mu, mu)) != CRYPT_OK) { - goto ERR; - } - - /* copy base */ - if ((mp_mulmod(fp_cache[idx].g->x, mu, modulus, fp_cache[idx].LUT[1]->x) != CRYPT_OK) || - (mp_mulmod(fp_cache[idx].g->y, mu, modulus, fp_cache[idx].LUT[1]->y) != CRYPT_OK) || - (mp_mulmod(fp_cache[idx].g->z, mu, modulus, fp_cache[idx].LUT[1]->z) != CRYPT_OK)) { goto ERR; } - - /* make all single bit entries */ - for (x = 1; x < FP_LUT; x++) { - if ((mp_copy(fp_cache[idx].LUT[1<<(x-1)]->x, fp_cache[idx].LUT[1<<x]->x) != CRYPT_OK) || - (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->y, fp_cache[idx].LUT[1<<x]->y) != CRYPT_OK) || - (mp_copy(fp_cache[idx].LUT[1<<(x-1)]->z, fp_cache[idx].LUT[1<<x]->z) != CRYPT_OK)) { goto ERR; } - - /* now double it bitlen/FP_LUT times */ - for (y = 0; y < lut_gap; y++) { - if ((err = ltc_mp.ecc_ptdbl(fp_cache[idx].LUT[1<<x], fp_cache[idx].LUT[1<<x], modulus, mp)) != CRYPT_OK) { - goto ERR; - } - } - } - - /* now make all entries in increase order of hamming weight */ - for (x = 2; x <= FP_LUT; x++) { - for (y = 0; y < (1UL<<FP_LUT); y++) { - if (lut_orders[y].ham != (int)x) continue; - - /* perform the add */ - if ((err = ltc_mp.ecc_ptadd(fp_cache[idx].LUT[lut_orders[y].terma], fp_cache[idx].LUT[lut_orders[y].termb], - fp_cache[idx].LUT[y], modulus, mp)) != CRYPT_OK) { - goto ERR; - } - } - } - - /* now map all entries back to affine space to make point addition faster */ - if ((err = mp_init(&tmp)) != CRYPT_OK) { goto ERR; } - for (x = 1; x < (1UL<<FP_LUT); x++) { - /* convert z to normal from montgomery */ - if ((err = mp_montgomery_reduce(fp_cache[idx].LUT[x]->z, modulus, mp)) != CRYPT_OK) { goto ERR; } - - /* invert it */ - if ((err = mp_invmod(fp_cache[idx].LUT[x]->z, modulus, fp_cache[idx].LUT[x]->z)) != CRYPT_OK) { goto ERR; } - - /* now square it */ - if ((err = mp_sqrmod(fp_cache[idx].LUT[x]->z, modulus, tmp)) != CRYPT_OK) { goto ERR; } - - /* fix x */ - if ((err = mp_mulmod(fp_cache[idx].LUT[x]->x, tmp, modulus, fp_cache[idx].LUT[x]->x)) != CRYPT_OK) { goto ERR; } - - /* get 1/z^3 */ - if ((err = mp_mulmod(tmp, fp_cache[idx].LUT[x]->z, modulus, tmp)) != CRYPT_OK) { goto ERR; } - - /* fix y */ - if ((err = mp_mulmod(fp_cache[idx].LUT[x]->y, tmp, modulus, fp_cache[idx].LUT[x]->y)) != CRYPT_OK) { goto ERR; } - - /* free z */ - mp_clear(fp_cache[idx].LUT[x]->z); - fp_cache[idx].LUT[x]->z = NULL; - } - mp_clear(tmp); - - return CRYPT_OK; -ERR: - err = CRYPT_MEM; -DONE: - for (y = 0; y < (1U<<FP_LUT); y++) { - ltc_ecc_del_point(fp_cache[idx].LUT[y]); - fp_cache[idx].LUT[y] = NULL; - } - ltc_ecc_del_point(fp_cache[idx].g); - fp_cache[idx].g = NULL; - fp_cache[idx].lru_count = 0; - if (fp_cache[idx].mu != NULL) { - mp_clear(fp_cache[idx].mu); - fp_cache[idx].mu = NULL; - } - if (tmp != NULL) { - mp_clear(tmp); - } - return err; -} - -/* perform a fixed point ECC mulmod */ -static int _accel_fp_mul(int idx, void *k, ecc_point *R, void *modulus, void *mp, int map) -{ - unsigned char kb[128]; - int x; - unsigned y, z, err, bitlen, bitpos, lut_gap, first; - void *tk, *order; - - /* if it's smaller than modulus we fine */ - if (mp_unsigned_bin_size(k) > mp_unsigned_bin_size(modulus)) { - /* find order */ - y = mp_unsigned_bin_size(modulus); - for (x = 0; ltc_ecc_sets[x].size; x++) { - if (y <= (unsigned)ltc_ecc_sets[x].size) break; - } - - /* back off if we are on the 521 bit curve */ - if (y == 66) --x; - - if ((err = mp_init(&order)) != CRYPT_OK) { - return err; - } - if ((err = mp_read_radix(order, ltc_ecc_sets[x].order, 16)) != CRYPT_OK) { - mp_clear(&order); - return err; - } - - /* k must be less than modulus */ - if (mp_cmp(k, order) != LTC_MP_LT) { - if ((err = mp_init(&tk)) != CRYPT_OK) { - mp_clear(order); - return err; - } - if ((err = mp_mod(k, order, tk)) != CRYPT_OK) { - mp_clear(tk); - mp_clear(order); - return err; - } - } else { - tk = k; - } - mp_clear(order); - } else { - tk = k; - } - - /* get bitlen and round up to next multiple of FP_LUT */ - bitlen = mp_unsigned_bin_size(modulus) << 3; - x = bitlen % FP_LUT; - if (x) { - bitlen += FP_LUT - x; - } - lut_gap = bitlen / FP_LUT; - - /* get the k value */ - if (mp_unsigned_bin_size(tk) > (sizeof(kb) - 2)) { - if (tk != k) { - mp_clear(tk); - } - return CRYPT_BUFFER_OVERFLOW; - } - - /* store k */ - zeromem(kb, sizeof(kb)); - if ((err = mp_to_unsigned_bin(tk, kb)) != CRYPT_OK) { - if (tk != k) { - mp_clear(tk); - } - return err; - } - - /* let's reverse kb so it's little endian */ - x = 0; - y = mp_unsigned_bin_size(tk) - 1; - if (tk != k) { - mp_clear(tk); - } - while ((unsigned)x < y) { - z = kb[x]; kb[x] = kb[y]; kb[y] = z; - ++x; --y; - } - - /* at this point we can start, yipee */ - first = 1; - for (x = lut_gap-1; x >= 0; x--) { - /* extract FP_LUT bits from kb spread out by lut_gap bits and offset by x bits from the start */ - bitpos = x; - for (y = z = 0; y < FP_LUT; y++) { - z |= ((kb[bitpos>>3] >> (bitpos&7)) & 1) << y; - bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid the mult in each loop */ - } - - /* double if not first */ - if (!first) { - if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { - return err; - } - } - - /* add if not first, otherwise copy */ - if (!first && z) { - if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx].LUT[z], R, modulus, mp)) != CRYPT_OK) { - return err; - } - } else if (z) { - if ((mp_copy(fp_cache[idx].LUT[z]->x, R->x) != CRYPT_OK) || - (mp_copy(fp_cache[idx].LUT[z]->y, R->y) != CRYPT_OK) || - (mp_copy(fp_cache[idx].mu, R->z) != CRYPT_OK)) { return CRYPT_MEM; } - first = 0; - } - } - z = 0; - zeromem(kb, sizeof(kb)); - /* map R back from projective space */ - if (map) { - err = ltc_ecc_map(R, modulus, mp); - } else { - err = CRYPT_OK; - } - return err; -} - -#ifdef LTC_ECC_SHAMIR -/* perform a fixed point ECC mulmod */ -static int _accel_fp_mul2add(int idx1, int idx2, - void *kA, void *kB, - ecc_point *R, void *modulus, void *mp) -{ - unsigned char kb[2][128]; - int x; - unsigned y, z, err, bitlen, bitpos, lut_gap, first, zA, zB; - void *tka, *tkb, *order; - - /* if it's smaller than modulus we fine */ - if (mp_unsigned_bin_size(kA) > mp_unsigned_bin_size(modulus)) { - /* find order */ - y = mp_unsigned_bin_size(modulus); - for (x = 0; ltc_ecc_sets[x].size; x++) { - if (y <= (unsigned)ltc_ecc_sets[x].size) break; - } - - /* back off if we are on the 521 bit curve */ - if (y == 66) --x; - - if ((err = mp_init(&order)) != CRYPT_OK) { - return err; - } - if ((err = mp_read_radix(order, ltc_ecc_sets[x].order, 16)) != CRYPT_OK) { - mp_clear(&order); - return err; - } - - /* kA must be less than modulus */ - if (mp_cmp(kA, order) != LTC_MP_LT) { - if ((err = mp_init(&tka)) != CRYPT_OK) { - mp_clear(order); - return err; - } - if ((err = mp_mod(kA, order, tka)) != CRYPT_OK) { - mp_clear(tka); - mp_clear(order); - return err; - } - } else { - tka = kA; - } - mp_clear(order); - } else { - tka = kA; - } - - /* if it's smaller than modulus we fine */ - if (mp_unsigned_bin_size(kB) > mp_unsigned_bin_size(modulus)) { - /* find order */ - y = mp_unsigned_bin_size(modulus); - for (x = 0; ltc_ecc_sets[x].size; x++) { - if (y <= (unsigned)ltc_ecc_sets[x].size) break; - } - - /* back off if we are on the 521 bit curve */ - if (y == 66) --x; - - if ((err = mp_init(&order)) != CRYPT_OK) { - return err; - } - if ((err = mp_read_radix(order, ltc_ecc_sets[x].order, 16)) != CRYPT_OK) { - mp_clear(&order); - return err; - } - - /* kB must be less than modulus */ - if (mp_cmp(kB, order) != LTC_MP_LT) { - if ((err = mp_init(&tkb)) != CRYPT_OK) { - mp_clear(order); - return err; - } - if ((err = mp_mod(kB, order, tkb)) != CRYPT_OK) { - mp_clear(tkb); - mp_clear(order); - return err; - } - } else { - tkb = kB; - } - mp_clear(order); - } else { - tkb = kB; - } - - /* get bitlen and round up to next multiple of FP_LUT */ - bitlen = mp_unsigned_bin_size(modulus) << 3; - x = bitlen % FP_LUT; - if (x) { - bitlen += FP_LUT - x; - } - lut_gap = bitlen / FP_LUT; - - /* get the k value */ - if ((mp_unsigned_bin_size(tka) > (sizeof(kb[0]) - 2)) || (mp_unsigned_bin_size(tkb) > (sizeof(kb[0]) - 2)) ) { - if (tka != kA) { - mp_clear(tka); - } - if (tkb != kB) { - mp_clear(tkb); - } - return CRYPT_BUFFER_OVERFLOW; - } - - /* store k */ - zeromem(kb, sizeof(kb)); - if ((err = mp_to_unsigned_bin(tka, kb[0])) != CRYPT_OK) { - if (tka != kA) { - mp_clear(tka); - } - if (tkb != kB) { - mp_clear(tkb); - } - return err; - } - - /* let's reverse kb so it's little endian */ - x = 0; - y = mp_unsigned_bin_size(tka) - 1; - if (tka != kA) { - mp_clear(tka); - } - while ((unsigned)x < y) { - z = kb[0][x]; kb[0][x] = kb[0][y]; kb[0][y] = z; - ++x; --y; - } - - /* store b */ - if ((err = mp_to_unsigned_bin(tkb, kb[1])) != CRYPT_OK) { - if (tkb != kB) { - mp_clear(tkb); - } - return err; - } - - x = 0; - y = mp_unsigned_bin_size(tkb) - 1; - if (tkb != kB) { - mp_clear(tkb); - } - while ((unsigned)x < y) { - z = kb[1][x]; kb[1][x] = kb[1][y]; kb[1][y] = z; - ++x; --y; - } - - /* at this point we can start, yipee */ - first = 1; - for (x = lut_gap-1; x >= 0; x--) { - /* extract FP_LUT bits from kb spread out by lut_gap bits and offset by x bits from the start */ - bitpos = x; - for (y = zA = zB = 0; y < FP_LUT; y++) { - zA |= ((kb[0][bitpos>>3] >> (bitpos&7)) & 1) << y; - zB |= ((kb[1][bitpos>>3] >> (bitpos&7)) & 1) << y; - bitpos += lut_gap; /* it's y*lut_gap + x, but here we can avoid the mult in each loop */ - } - - /* double if not first */ - if (!first) { - if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { - return err; - } - } - - /* add if not first, otherwise copy */ - if (!first) { - if (zA) { - if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx1].LUT[zA], R, modulus, mp)) != CRYPT_OK) { - return err; - } - } - if (zB) { - if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx2].LUT[zB], R, modulus, mp)) != CRYPT_OK) { - return err; - } - } - } else { - if (zA) { - if ((mp_copy(fp_cache[idx1].LUT[zA]->x, R->x) != CRYPT_OK) || - (mp_copy(fp_cache[idx1].LUT[zA]->y, R->y) != CRYPT_OK) || - (mp_copy(fp_cache[idx1].mu, R->z) != CRYPT_OK)) { return CRYPT_MEM; } - first = 0; - } - if (zB && first == 0) { - if (zB) { - if ((err = ltc_mp.ecc_ptadd(R, fp_cache[idx2].LUT[zB], R, modulus, mp)) != CRYPT_OK) { - return err; - } - } - } else if (zB && first == 1) { - if ((mp_copy(fp_cache[idx2].LUT[zB]->x, R->x) != CRYPT_OK) || - (mp_copy(fp_cache[idx2].LUT[zB]->y, R->y) != CRYPT_OK) || - (mp_copy(fp_cache[idx2].mu, R->z) != CRYPT_OK)) { return CRYPT_MEM; } - first = 0; - } - } - } - zeromem(kb, sizeof(kb)); - return ltc_ecc_map(R, modulus, mp); -} - -/** ECC Fixed Point mulmod global - Computes kA*A + kB*B = C using Shamir's Trick - @param A First point to multiply - @param kA What to multiple A by - @param B Second point to multiply - @param kB What to multiple B by - @param C [out] Destination point (can overlap with A or B) - @param modulus Modulus for curve - @return CRYPT_OK on success -*/ -int ltc_ecc_fp_mul2add(ecc_point *A, void *kA, - ecc_point *B, void *kB, - ecc_point *C, void *modulus) -{ - int idx1, idx2, err; - void *mp, *mu; - - mp = NULL; - mu = NULL; - LTC_MUTEX_LOCK(<c_ecc_fp_lock); - /* find point */ - idx1 = _find_base(A); - - /* no entry? */ - if (idx1 == -1) { - /* find hole and add it */ - if ((idx1 = _find_hole()) >= 0) { - if ((err = _add_entry(idx1, A)) != CRYPT_OK) { - goto LBL_ERR; - } - } - } - if (idx1 != -1) { - /* increment LRU */ - ++(fp_cache[idx1].lru_count); - } - - /* find point */ - idx2 = _find_base(B); - - /* no entry? */ - if (idx2 == -1) { - /* find hole and add it */ - if ((idx2 = _find_hole()) >= 0) { - if ((err = _add_entry(idx2, B)) != CRYPT_OK) { - goto LBL_ERR; - } - } - } - if (idx2 != -1) { - /* increment LRU */ - ++(fp_cache[idx2].lru_count); - } - - /* if it's 2 build the LUT, if it's higher just use the LUT */ - if (idx1 >= 0 && fp_cache[idx1].lru_count == 2) { - /* compute mp */ - if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; } - - /* compute mu */ - if ((err = mp_init(&mu)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* build the LUT */ - if ((err = _build_lut(idx1, modulus, mp, mu)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* if it's 2 build the LUT, if it's higher just use the LUT */ - if (idx2 >= 0 && fp_cache[idx2].lru_count == 2) { - if (mp == NULL) { - /* compute mp */ - if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; } - - /* compute mu */ - if ((err = mp_init(&mu)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* build the LUT */ - if ((err = _build_lut(idx2, modulus, mp, mu)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - - if (idx1 >=0 && idx2 >= 0 && fp_cache[idx1].lru_count >= 2 && fp_cache[idx2].lru_count >= 2) { - if (mp == NULL) { - /* compute mp */ - if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; } - } - err = _accel_fp_mul2add(idx1, idx2, kA, kB, C, modulus, mp); - } else { - err = ltc_ecc_mul2add(A, kA, B, kB, C, modulus); - } -LBL_ERR: - LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); - if (mp != NULL) { - mp_montgomery_free(mp); - } - if (mu != NULL) { - mp_clear(mu); - } - return err; -} -#endif - -/** ECC Fixed Point mulmod global - @param k The multiplicand - @param G Base point to multiply - @param R [out] Destination of product - @param modulus The modulus for the curve - @param map [boolean] If non-zero maps the point back to affine co-ordinates, otherwise it's left in jacobian-montgomery form - @return CRYPT_OK if successful -*/ -int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) -{ - int idx, err; - void *mp, *mu; - - mp = NULL; - mu = NULL; - LTC_MUTEX_LOCK(<c_ecc_fp_lock); - /* find point */ - idx = _find_base(G); - - /* no entry? */ - if (idx == -1) { - /* find hole and add it */ - idx = _find_hole(); - - if (idx >= 0) { - if ((err = _add_entry(idx, G)) != CRYPT_OK) { - goto LBL_ERR; - } - } - } - if (idx != -1) { - /* increment LRU */ - ++(fp_cache[idx].lru_count); - } - - - /* if it's 2 build the LUT, if it's higher just use the LUT */ - if (idx >= 0 && fp_cache[idx].lru_count == 2) { - /* compute mp */ - if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; } - - /* compute mu */ - if ((err = mp_init(&mu)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* build the LUT */ - if ((err = _build_lut(idx, modulus, mp, mu)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - if (idx >= 0 && fp_cache[idx].lru_count >= 2) { - if (mp == NULL) { - /* compute mp */ - if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { goto LBL_ERR; } - } - err = _accel_fp_mul(idx, k, R, modulus, mp, map); - } else { - err = ltc_ecc_mulmod(k, G, R, modulus, map); - } -LBL_ERR: - LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); - if (mp != NULL) { - mp_montgomery_free(mp); - } - if (mu != NULL) { - mp_clear(mu); - } - return err; -} - -/* helper function for freeing the cache ... must be called with the cache mutex locked */ -static void _ltc_ecc_fp_free_cache(void) -{ - unsigned x, y; - for (x = 0; x < FP_ENTRIES; x++) { - if (fp_cache[x].g != NULL) { - for (y = 0; y < (1U<<FP_LUT); y++) { - ltc_ecc_del_point(fp_cache[x].LUT[y]); - fp_cache[x].LUT[y] = NULL; - } - ltc_ecc_del_point(fp_cache[x].g); - fp_cache[x].g = NULL; - if (fp_cache[x].mu != NULL) { - mp_clear(fp_cache[x].mu); - fp_cache[x].mu = NULL; - } - fp_cache[x].lru_count = 0; - fp_cache[x].lock = 0; - } - } -} - -/** Free the Fixed Point cache */ -void ltc_ecc_fp_free(void) -{ - LTC_MUTEX_LOCK(<c_ecc_fp_lock); - _ltc_ecc_fp_free_cache(); - LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); -} - -/** Add a point to the cache and initialize the LUT - @param g The point to add - @param modulus Modulus for curve - @param lock Flag to indicate if this entry should be locked into the cache or not - @return CRYPT_OK on success -*/ -int -ltc_ecc_fp_add_point(ecc_point *g, void *modulus, int lock) -{ - int idx; - int err; - void *mp = NULL; - void *mu = NULL; - - LTC_MUTEX_LOCK(<c_ecc_fp_lock); - if ((idx = _find_base(g)) >= 0) { - /* it is already in the cache ... just check that the LUT is initialized */ - if(fp_cache[idx].lru_count >= 2) { - LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); - return CRYPT_OK; - } - } - - if(idx == -1 && (idx = _find_hole()) == -1) { - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - if ((err = _add_entry(idx, g)) != CRYPT_OK) { - goto LBL_ERR; - } - /* compute mp */ - if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* compute mu */ - if ((err = mp_init(&mu)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* build the LUT */ - if ((err = _build_lut(idx, modulus, mp, mu)) != CRYPT_OK) { - goto LBL_ERR; - } - fp_cache[idx].lru_count = 2; - fp_cache[idx].lock = lock; -LBL_ERR: - LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); - if (mp != NULL) { - mp_montgomery_free(mp); - } - if (mu != NULL) { - mp_clear(mu); - } - return err; -} - -/** Prevent/permit the FP cache from being updated - @param flag If flag is 0, remove cache lock (unlock), otherwise lock it -*/ -void ltc_ecc_fp_tablelock(int lock) -{ - int i; - - LTC_MUTEX_LOCK(<c_ecc_fp_lock); - for (i = 0; i < FP_ENTRIES; i++) { - fp_cache[i].lock = lock; - } - LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); -} - -/** Export the current cache as a binary packet - @param out [out] pointer to malloc'ed space containing the packet - @param outlen [out] size of exported packet - @return CRYPT_OK if successful -*/ -int ltc_ecc_fp_save_state(unsigned char **out, unsigned long *outlen) -{ - ltc_asn1_list *cache_entry; - unsigned int i, j, k; - unsigned long fp_entries, fp_lut, num_entries; - int err; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - fp_entries = FP_ENTRIES; - fp_lut = FP_LUT; - num_entries = 0; - - LTC_MUTEX_LOCK(<c_ecc_fp_lock); - /* - * build the list; - Cache DEFINITIONS ::= - BEGIN - CacheDump ::= SEQUENCE { - numEntries SHORTINTEGER, - maxEntries SHORTINTEGER, - numLUT SHORTINTEGER, - cache SEQUENCE OF INTEGER - } - END - * - */ - /* - * The cache itself is a point (3 INTEGERS), - * the LUT as pairs of INTEGERS (2 * 1<<FP_LUT), - * and the mu INTEGER - */ - cache_entry = XCALLOC(FP_ENTRIES*(2*(1U<<FP_LUT)+4)+3, sizeof(ltc_asn1_list)); - if (cache_entry == NULL) - return CRYPT_MEM; - j = 1; /* handle the zero'th element later */ - - LTC_SET_ASN1(cache_entry, j++, LTC_ASN1_SHORT_INTEGER, &fp_entries, 1); - LTC_SET_ASN1(cache_entry, j++, LTC_ASN1_SHORT_INTEGER, &fp_lut, 1); - - for (i = 0; i < FP_ENTRIES; i++) { - /* - * do not save empty entries, or entries that have not yet had the lut built - */ - if (fp_cache[i].g == NULL || fp_cache[i].lru_count < 2) { - continue; - } - num_entries++; - LTC_SET_ASN1(cache_entry, j++, LTC_ASN1_INTEGER, fp_cache[i].g->x, 1); - LTC_SET_ASN1(cache_entry, j++, LTC_ASN1_INTEGER, fp_cache[i].g->y, 1); - LTC_SET_ASN1(cache_entry, j++, LTC_ASN1_INTEGER, fp_cache[i].g->z, 1); - for (k = 0; k < (1U<<FP_LUT); k++) { - LTC_SET_ASN1(cache_entry, j++, LTC_ASN1_INTEGER, fp_cache[i].LUT[k]->x, 1); - LTC_SET_ASN1(cache_entry, j++, LTC_ASN1_INTEGER, fp_cache[i].LUT[k]->y, 1); - } - LTC_SET_ASN1(cache_entry, j++, LTC_ASN1_INTEGER, fp_cache[i].mu, 1); - } - LTC_SET_ASN1(cache_entry, j++, LTC_ASN1_EOL, 0, 0); - - LTC_SET_ASN1(cache_entry, 0, LTC_ASN1_SHORT_INTEGER, &num_entries, 1); - - if ((err = der_length_sequence(cache_entry, j, outlen)) != CRYPT_OK) { - goto save_err; - } - if ((*out = XMALLOC(*outlen)) == NULL) { - err = CRYPT_MEM; - goto save_err; - } - err = der_encode_sequence(cache_entry, j, *out, outlen); -save_err: - XFREE(cache_entry); - LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); - return err; -} - -/** Import a binary packet into the current cache - @param in [in] pointer to packet - @param inlen [in] size of packet (bytes) - @return CRYPT_OK if successful -*/ -int ltc_ecc_fp_restore_state(unsigned char *in, unsigned long inlen) -{ - int err; - ltc_asn1_list *asn1_list; - unsigned long num_entries, fp_entries, fp_lut; - unsigned long i, j; - unsigned int x; - - LTC_ARGCHK(in != NULL); - if (inlen == 0) { - return CRYPT_INVALID_ARG; - } - - /* zero indecies */ - i = 0; - j = 0; - asn1_list = NULL; - - LTC_MUTEX_LOCK(<c_ecc_fp_lock); - /* - * start with an empty cache - */ - _ltc_ecc_fp_free_cache(); - - /* - * decode the input packet: It consists of a sequence with a few - * integers (including the FP_ENTRIES and FP_LUT sizes), followed by a - * SEQUENCE which is the cache itself. - * - * use standard decoding for the first part, then flexible for the second - */ - if((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_SHORT_INTEGER, 1, &num_entries, - LTC_ASN1_SHORT_INTEGER, 1, &fp_entries, - LTC_ASN1_SHORT_INTEGER, 1, &fp_lut, - LTC_ASN1_EOL, 0, 0)) != CRYPT_OK) { - goto ERR_OUT; - } - if (fp_entries != FP_ENTRIES || fp_lut != FP_LUT || num_entries > fp_entries) { - err = CRYPT_INVALID_PACKET; - goto ERR_OUT; - } - if ((asn1_list = XCALLOC(3+num_entries*(4+2*(1<<FP_LUT))+1, sizeof(ltc_asn1_list))) == NULL) { - err = CRYPT_MEM; - goto ERR_OUT; - } - j = 0; - LTC_SET_ASN1(asn1_list, j++, LTC_ASN1_SHORT_INTEGER, &num_entries, 1); - LTC_SET_ASN1(asn1_list, j++, LTC_ASN1_SHORT_INTEGER, &fp_entries, 1); - LTC_SET_ASN1(asn1_list, j++, LTC_ASN1_SHORT_INTEGER, &fp_lut, 1); - for (i = 0; i < num_entries; i++) { - if((fp_cache[i].g = ltc_ecc_new_point()) == NULL) { - err = CRYPT_MEM; - goto ERR_OUT; - } - LTC_SET_ASN1(asn1_list, j++, LTC_ASN1_INTEGER, fp_cache[i].g->x, 1); - LTC_SET_ASN1(asn1_list, j++, LTC_ASN1_INTEGER, fp_cache[i].g->y, 1); - LTC_SET_ASN1(asn1_list, j++, LTC_ASN1_INTEGER, fp_cache[i].g->z, 1); - for (x = 0; x < (1U<<FP_LUT); x++) { - /* since we don't store z in the cache, don't use ltc_ecc_new_point() - * (which allocates space for z, only to have to free it later) */ - ecc_point *p = XCALLOC(1, sizeof(*p)); - - if (p == NULL) { - err = CRYPT_MEM; - goto ERR_OUT; - } - fp_cache[i].LUT[x] = p; - if ((err = mp_init_multi(&p->x, &p->y, NULL)) != CRYPT_OK) { - goto ERR_OUT; - } - p->z = NULL; - LTC_SET_ASN1(asn1_list, j++, LTC_ASN1_INTEGER, p->x, 1); - LTC_SET_ASN1(asn1_list, j++, LTC_ASN1_INTEGER, p->y, 1); - } - if((err = mp_init(&fp_cache[i].mu)) != CRYPT_OK) { - goto ERR_OUT; - } - LTC_SET_ASN1(asn1_list, j++, LTC_ASN1_INTEGER, fp_cache[i].mu, 1); - fp_cache[i].lru_count = 3; - fp_cache[i].lock = 1; - } - - if ((err = der_decode_sequence(in, inlen, asn1_list, j)) != CRYPT_OK) { - goto ERR_OUT; - } - XFREE(asn1_list); - LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); - return CRYPT_OK; -ERR_OUT: - if(asn1_list) - XFREE(asn1_list); - _ltc_ecc_fp_free_cache(); - LTC_MUTEX_UNLOCK(<c_ecc_fp_lock); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/math/ltm_desc.c b/libs/tomcrypt/src/math/ltm_desc.c deleted file mode 100644 index 48ae1b209be..00000000000 --- a/libs/tomcrypt/src/math/ltm_desc.c +++ /dev/null @@ -1,509 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#define DESC_DEF_ONLY -#include "tomcrypt.h" - -#ifdef LTM_DESC - -#include <tommath.h> - -static const struct { - int mpi_code, ltc_code; -} mpi_to_ltc_codes[] = { - { MP_OKAY , CRYPT_OK}, - { MP_MEM , CRYPT_MEM}, - { MP_VAL , CRYPT_INVALID_ARG}, -}; - -/** - Convert a MPI error to a LTC error (Possibly the most powerful function ever! Oh wait... no) - @param err The error to convert - @return The equivalent LTC error code or CRYPT_ERROR if none found -*/ -static int mpi_to_ltc_error(int err) -{ - int x; - - for (x = 0; x < (int)(sizeof(mpi_to_ltc_codes)/sizeof(mpi_to_ltc_codes[0])); x++) { - if (err == mpi_to_ltc_codes[x].mpi_code) { - return mpi_to_ltc_codes[x].ltc_code; - } - } - return CRYPT_ERROR; -} - -static int init(void **a) -{ - int err; - - LTC_ARGCHK(a != NULL); - - *a = XCALLOC(1, sizeof(mp_int)); - if (*a == NULL) { - return CRYPT_MEM; - } - - if ((err = mpi_to_ltc_error(mp_init(*a))) != CRYPT_OK) { - XFREE(*a); - } - return err; -} - -static void deinit(void *a) -{ - LTC_ARGCHKVD(a != NULL); - mp_clear(a); - XFREE(a); -} - -static int neg(void *a, void *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return mpi_to_ltc_error(mp_neg(a, b)); -} - -static int copy(void *a, void *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return mpi_to_ltc_error(mp_copy(a, b)); -} - -static int init_copy(void **a, void *b) -{ - if (init(a) != CRYPT_OK) { - return CRYPT_MEM; - } - return copy(b, *a); -} - -/* ---- trivial ---- */ -static int set_int(void *a, ltc_mp_digit b) -{ - LTC_ARGCHK(a != NULL); - return mpi_to_ltc_error(mp_set_int(a, b)); -} - -static unsigned long get_int(void *a) -{ - LTC_ARGCHK(a != NULL); - return mp_get_int(a); -} - -static ltc_mp_digit get_digit(void *a, int n) -{ - mp_int *A; - LTC_ARGCHK(a != NULL); - A = a; - return (n >= A->used || n < 0) ? 0 : A->dp[n]; -} - -static int get_digit_count(void *a) -{ - mp_int *A; - LTC_ARGCHK(a != NULL); - A = a; - return A->used; -} - -static int compare(void *a, void *b) -{ - int ret; - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - ret = mp_cmp(a, b); - switch (ret) { - case MP_LT: return LTC_MP_LT; - case MP_EQ: return LTC_MP_EQ; - case MP_GT: return LTC_MP_GT; - default: return 0; - } -} - -static int compare_d(void *a, ltc_mp_digit b) -{ - int ret; - LTC_ARGCHK(a != NULL); - ret = mp_cmp_d(a, b); - switch (ret) { - case MP_LT: return LTC_MP_LT; - case MP_EQ: return LTC_MP_EQ; - case MP_GT: return LTC_MP_GT; - default: return 0; - } -} - -static int count_bits(void *a) -{ - LTC_ARGCHK(a != NULL); - return mp_count_bits(a); -} - -static int count_lsb_bits(void *a) -{ - LTC_ARGCHK(a != NULL); - return mp_cnt_lsb(a); -} - - -static int twoexpt(void *a, int n) -{ - LTC_ARGCHK(a != NULL); - return mpi_to_ltc_error(mp_2expt(a, n)); -} - -/* ---- conversions ---- */ - -/* read ascii string */ -static int read_radix(void *a, const char *b, int radix) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return mpi_to_ltc_error(mp_read_radix(a, b, radix)); -} - -/* write one */ -static int write_radix(void *a, char *b, int radix) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return mpi_to_ltc_error(mp_toradix(a, b, radix)); -} - -/* get size as unsigned char string */ -static unsigned long unsigned_size(void *a) -{ - LTC_ARGCHK(a != NULL); - return mp_unsigned_bin_size(a); -} - -/* store */ -static int unsigned_write(void *a, unsigned char *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return mpi_to_ltc_error(mp_to_unsigned_bin(a, b)); -} - -/* read */ -static int unsigned_read(void *a, unsigned char *b, unsigned long len) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return mpi_to_ltc_error(mp_read_unsigned_bin(a, b, len)); -} - -/* add */ -static int add(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_add(a, b, c)); -} - -static int addi(void *a, ltc_mp_digit b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_add_d(a, b, c)); -} - -/* sub */ -static int sub(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_sub(a, b, c)); -} - -static int subi(void *a, ltc_mp_digit b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_sub_d(a, b, c)); -} - -/* mul */ -static int mul(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_mul(a, b, c)); -} - -static int muli(void *a, ltc_mp_digit b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_mul_d(a, b, c)); -} - -/* sqr */ -static int sqr(void *a, void *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return mpi_to_ltc_error(mp_sqr(a, b)); -} - -/* div */ -static int divide(void *a, void *b, void *c, void *d) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return mpi_to_ltc_error(mp_div(a, b, c, d)); -} - -static int div_2(void *a, void *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return mpi_to_ltc_error(mp_div_2(a, b)); -} - -/* modi */ -static int modi(void *a, ltc_mp_digit b, ltc_mp_digit *c) -{ - mp_digit tmp; - int err; - - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(c != NULL); - - if ((err = mpi_to_ltc_error(mp_mod_d(a, b, &tmp))) != CRYPT_OK) { - return err; - } - *c = tmp; - return CRYPT_OK; -} - -/* gcd */ -static int gcd(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_gcd(a, b, c)); -} - -/* lcm */ -static int lcm(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_lcm(a, b, c)); -} - -static int addmod(void *a, void *b, void *c, void *d) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(d != NULL); - return mpi_to_ltc_error(mp_addmod(a,b,c,d)); -} - -static int submod(void *a, void *b, void *c, void *d) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(d != NULL); - return mpi_to_ltc_error(mp_submod(a,b,c,d)); -} - -static int mulmod(void *a, void *b, void *c, void *d) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(d != NULL); - return mpi_to_ltc_error(mp_mulmod(a,b,c,d)); -} - -static int sqrmod(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_sqrmod(a,b,c)); -} - -/* invmod */ -static int invmod(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_invmod(a, b, c)); -} - -/* setup */ -static int montgomery_setup(void *a, void **b) -{ - int err; - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - *b = XCALLOC(1, sizeof(mp_digit)); - if (*b == NULL) { - return CRYPT_MEM; - } - if ((err = mpi_to_ltc_error(mp_montgomery_setup(a, (mp_digit *)*b))) != CRYPT_OK) { - XFREE(*b); - } - return err; -} - -/* get normalization value */ -static int montgomery_normalization(void *a, void *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return mpi_to_ltc_error(mp_montgomery_calc_normalization(a, b)); -} - -/* reduce */ -static int montgomery_reduce(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - return mpi_to_ltc_error(mp_montgomery_reduce(a, b, *((mp_digit *)c))); -} - -/* clean up */ -static void montgomery_deinit(void *a) -{ - XFREE(a); -} - -static int exptmod(void *a, void *b, void *c, void *d) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(d != NULL); - return mpi_to_ltc_error(mp_exptmod(a,b,c,d)); -} - -static int isprime(void *a, int b, int *c) -{ - int err; - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(c != NULL); - if (b == 0) { - b = LTC_MILLER_RABIN_REPS; - } /* if */ - err = mpi_to_ltc_error(mp_prime_is_prime(a, b, c)); - *c = (*c == MP_YES) ? LTC_MP_YES : LTC_MP_NO; - return err; -} - -static int set_rand(void *a, int size) -{ - LTC_ARGCHK(a != NULL); - return mpi_to_ltc_error(mp_rand(a, size)); -} - -const ltc_math_descriptor ltm_desc = { - - "LibTomMath", - (int)DIGIT_BIT, - - &init, - &init_copy, - &deinit, - - &neg, - ©, - - &set_int, - &get_int, - &get_digit, - &get_digit_count, - &compare, - &compare_d, - &count_bits, - &count_lsb_bits, - &twoexpt, - - &read_radix, - &write_radix, - &unsigned_size, - &unsigned_write, - &unsigned_read, - - &add, - &addi, - &sub, - &subi, - &mul, - &muli, - &sqr, - ÷, - &div_2, - &modi, - &gcd, - &lcm, - - &mulmod, - &sqrmod, - &invmod, - - &montgomery_setup, - &montgomery_normalization, - &montgomery_reduce, - &montgomery_deinit, - - &exptmod, - &isprime, - -#ifdef LTC_MECC -#ifdef LTC_MECC_FP - <c_ecc_fp_mulmod, -#else - <c_ecc_mulmod, -#endif - <c_ecc_projective_add_point, - <c_ecc_projective_dbl_point, - <c_ecc_map, -#ifdef LTC_ECC_SHAMIR -#ifdef LTC_MECC_FP - <c_ecc_fp_mul2add, -#else - <c_ecc_mul2add, -#endif /* LTC_MECC_FP */ -#else - NULL, -#endif /* LTC_ECC_SHAMIR */ -#else - NULL, NULL, NULL, NULL, NULL, -#endif /* LTC_MECC */ - -#ifdef LTC_MRSA - &rsa_make_key, - &rsa_exptmod, -#else - NULL, NULL, -#endif - &addmod, - &submod, - - &set_rand, - -}; - - -#endif diff --git a/libs/tomcrypt/src/math/multi.c b/libs/tomcrypt/src/math/multi.c deleted file mode 100644 index 5d7721e5732..00000000000 --- a/libs/tomcrypt/src/math/multi.c +++ /dev/null @@ -1,72 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_MPI -#include <stdarg.h> - -int ltc_init_multi(void **a, ...) -{ - void **cur = a; - int np = 0; - va_list args; - - va_start(args, a); - while (cur != NULL) { - if (mp_init(cur) != CRYPT_OK) { - /* failed */ - va_list clean_list; - - va_start(clean_list, a); - cur = a; - while (np--) { - mp_clear(*cur); - cur = va_arg(clean_list, void**); - } - va_end(clean_list); - va_end(args); - return CRYPT_MEM; - } - ++np; - cur = va_arg(args, void**); - } - va_end(args); - return CRYPT_OK; -} - -void ltc_deinit_multi(void *a, ...) -{ - void *cur = a; - va_list args; - - va_start(args, a); - while (cur != NULL) { - mp_clear(cur); - cur = va_arg(args, void *); - } - va_end(args); -} - -void ltc_cleanup_multi(void **a, ...) -{ - void **cur = a; - va_list args; - - va_start(args, a); - while (cur != NULL) { - if (*cur != NULL) { - mp_clear(*cur); - *cur = NULL; - } - cur = va_arg(args, void**); - } - va_end(args); -} - -#endif diff --git a/libs/tomcrypt/src/math/radix_to_bin.c b/libs/tomcrypt/src/math/radix_to_bin.c deleted file mode 100644 index 345f0d099b1..00000000000 --- a/libs/tomcrypt/src/math/radix_to_bin.c +++ /dev/null @@ -1,58 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file radix_to_bin.c - Convert data from a specific radix to binary. - Steffen Jaeckel -*/ - -/** - Convert data from a specific radix to binary - - The default MPI descriptors #ltm_desc, #tfm_desc and #gmp_desc - have the following restrictions on parameters: - - \p in - NUL-terminated char buffer - - \p radix - 2..64 - - @param in The input - @param radix The radix of the input - @param out The output buffer - @param len [in/out] The length of the output buffer - - @return CRYPT_OK on success. -*/ -int radix_to_bin(const void *in, int radix, void *out, unsigned long *len) -{ - unsigned long l; - void* mpi; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(len != NULL); - - if ((err = mp_init(&mpi)) != CRYPT_OK) return err; - if ((err = mp_read_radix(mpi, in, radix)) != CRYPT_OK) goto LBL_ERR; - - if ((l = mp_unsigned_bin_size(mpi)) > *len) { - *len = l; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - *len = l; - - if ((err = mp_to_unsigned_bin(mpi, out)) != CRYPT_OK) goto LBL_ERR; - -LBL_ERR: - mp_clear(mpi); - return err; -} diff --git a/libs/tomcrypt/src/math/rand_bn.c b/libs/tomcrypt/src/math/rand_bn.c deleted file mode 100644 index 8fccd333264..00000000000 --- a/libs/tomcrypt/src/math/rand_bn.c +++ /dev/null @@ -1,71 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#if defined(LTC_MDSA) || defined(LTC_MECC) -/** - Generate a random number N with given bitlength (note: MSB can be 0) -*/ - -int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng) -{ - int res, bytes; - unsigned char *buf, mask; - - LTC_ARGCHK(N != NULL); - LTC_ARGCHK(bits > 1); - - /* check PRNG */ - if ((res = prng_is_valid(wprng)) != CRYPT_OK) return res; - - bytes = (bits+7) >> 3; - mask = 0xff << (8 - bits % 8); - - /* allocate buffer */ - if ((buf = XCALLOC(1, bytes)) == NULL) return CRYPT_MEM; - - /* generate random bytes */ - if (prng_descriptor[wprng].read(buf, bytes, prng) != (unsigned long)bytes) { - res = CRYPT_ERROR_READPRNG; - goto cleanup; - } - /* mask bits */ - buf[0] &= ~mask; - /* load value */ - if ((res = mp_read_unsigned_bin(N, buf, bytes)) != CRYPT_OK) goto cleanup; - - res = CRYPT_OK; - -cleanup: -#ifdef LTC_CLEAN_STACK - zeromem(buf, bytes); -#endif - XFREE(buf); - return res; -} - -/** - Generate a random number N in a range: 1 <= N < limit -*/ -int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng) -{ - int res, bits; - - LTC_ARGCHK(N != NULL); - LTC_ARGCHK(limit != NULL); - - bits = mp_count_bits(limit); - do { - res = rand_bn_bits(N, bits, prng, wprng); - if (res != CRYPT_OK) return res; - } while (mp_cmp_d(N, 0) != LTC_MP_GT || mp_cmp(N, limit) != LTC_MP_LT); - - return CRYPT_OK; -} -#endif diff --git a/libs/tomcrypt/src/math/rand_prime.c b/libs/tomcrypt/src/math/rand_prime.c deleted file mode 100644 index c016f3b5ce3..00000000000 --- a/libs/tomcrypt/src/math/rand_prime.c +++ /dev/null @@ -1,83 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#if defined(LTC_MRSA) || (!defined(LTC_NO_MATH) && !defined(LTC_NO_PRNGS)) - -/** - @file rand_prime.c - Generate a random prime, Tom St Denis -*/ - -#define USE_BBS 1 - -int rand_prime(void *N, long len, prng_state *prng, int wprng) -{ - int err, res, type; - unsigned char *buf; - - LTC_ARGCHK(N != NULL); - - /* get type */ - if (len < 0) { - type = USE_BBS; - len = -len; - } else { - type = 0; - } - - /* allow sizes between 2 and 512 bytes for a prime size */ - if (len < 2 || len > 512) { - return CRYPT_INVALID_PRIME_SIZE; - } - - /* valid PRNG? Better be! */ - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - /* allocate buffer to work with */ - buf = XCALLOC(1, len); - if (buf == NULL) { - return CRYPT_MEM; - } - - do { - /* generate value */ - if (prng_descriptor[wprng].read(buf, len, prng) != (unsigned long)len) { - XFREE(buf); - return CRYPT_ERROR_READPRNG; - } - - /* munge bits */ - buf[0] |= 0x80 | 0x40; - buf[len-1] |= 0x01 | ((type & USE_BBS) ? 0x02 : 0x00); - - /* load value */ - if ((err = mp_read_unsigned_bin(N, buf, len)) != CRYPT_OK) { - XFREE(buf); - return err; - } - - /* test */ - if ((err = mp_prime_is_prime(N, LTC_MILLER_RABIN_REPS, &res)) != CRYPT_OK) { - XFREE(buf); - return err; - } - } while (res == LTC_MP_NO); - -#ifdef LTC_CLEAN_STACK - zeromem(buf, len); -#endif - - XFREE(buf); - return CRYPT_OK; -} - -#endif /* LTC_NO_MATH */ diff --git a/libs/tomcrypt/src/math/tfm_desc.c b/libs/tomcrypt/src/math/tfm_desc.c deleted file mode 100644 index aa95ea6a712..00000000000 --- a/libs/tomcrypt/src/math/tfm_desc.c +++ /dev/null @@ -1,803 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#define DESC_DEF_ONLY -#include "tomcrypt.h" - -#ifdef TFM_DESC - -#include <tfm.h> - -static const struct { - int tfm_code, ltc_code; -} tfm_to_ltc_codes[] = { - { FP_OKAY , CRYPT_OK}, - { FP_MEM , CRYPT_MEM}, - { FP_VAL , CRYPT_INVALID_ARG}, -}; - -/** - Convert a tfm error to a LTC error (Possibly the most powerful function ever! Oh wait... no) - @param err The error to convert - @return The equivalent LTC error code or CRYPT_ERROR if none found -*/ -static int tfm_to_ltc_error(int err) -{ - int x; - - for (x = 0; x < (int)(sizeof(tfm_to_ltc_codes)/sizeof(tfm_to_ltc_codes[0])); x++) { - if (err == tfm_to_ltc_codes[x].tfm_code) { - return tfm_to_ltc_codes[x].ltc_code; - } - } - return CRYPT_ERROR; -} - -static int init(void **a) -{ - LTC_ARGCHK(a != NULL); - - *a = XCALLOC(1, sizeof(fp_int)); - if (*a == NULL) { - return CRYPT_MEM; - } - fp_init(*a); - return CRYPT_OK; -} - -static void deinit(void *a) -{ - LTC_ARGCHKVD(a != NULL); - XFREE(a); -} - -static int neg(void *a, void *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - fp_neg(((fp_int*)a), ((fp_int*)b)); - return CRYPT_OK; -} - -static int copy(void *a, void *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - fp_copy(a, b); - return CRYPT_OK; -} - -static int init_copy(void **a, void *b) -{ - if (init(a) != CRYPT_OK) { - return CRYPT_MEM; - } - return copy(b, *a); -} - -/* ---- trivial ---- */ -static int set_int(void *a, ltc_mp_digit b) -{ - LTC_ARGCHK(a != NULL); - fp_set(a, b); - return CRYPT_OK; -} - -static unsigned long get_int(void *a) -{ - fp_int *A; - LTC_ARGCHK(a != NULL); - A = a; - return A->used > 0 ? A->dp[0] : 0; -} - -static ltc_mp_digit get_digit(void *a, int n) -{ - fp_int *A; - LTC_ARGCHK(a != NULL); - A = a; - return (n >= A->used || n < 0) ? 0 : A->dp[n]; -} - -static int get_digit_count(void *a) -{ - fp_int *A; - LTC_ARGCHK(a != NULL); - A = a; - return A->used; -} - -static int compare(void *a, void *b) -{ - int ret; - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - ret = fp_cmp(a, b); - switch (ret) { - case FP_LT: return LTC_MP_LT; - case FP_EQ: return LTC_MP_EQ; - case FP_GT: return LTC_MP_GT; - } - return 0; -} - -static int compare_d(void *a, ltc_mp_digit b) -{ - int ret; - LTC_ARGCHK(a != NULL); - ret = fp_cmp_d(a, b); - switch (ret) { - case FP_LT: return LTC_MP_LT; - case FP_EQ: return LTC_MP_EQ; - case FP_GT: return LTC_MP_GT; - } - return 0; -} - -static int count_bits(void *a) -{ - LTC_ARGCHK(a != NULL); - return fp_count_bits(a); -} - -static int count_lsb_bits(void *a) -{ - LTC_ARGCHK(a != NULL); - return fp_cnt_lsb(a); -} - -static int twoexpt(void *a, int n) -{ - LTC_ARGCHK(a != NULL); - fp_2expt(a, n); - return CRYPT_OK; -} - -/* ---- conversions ---- */ - -/* read ascii string */ -static int read_radix(void *a, const char *b, int radix) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return tfm_to_ltc_error(fp_read_radix(a, (char *)b, radix)); -} - -/* write one */ -static int write_radix(void *a, char *b, int radix) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return tfm_to_ltc_error(fp_toradix(a, b, radix)); -} - -/* get size as unsigned char string */ -static unsigned long unsigned_size(void *a) -{ - LTC_ARGCHK(a != NULL); - return fp_unsigned_bin_size(a); -} - -/* store */ -static int unsigned_write(void *a, unsigned char *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - fp_to_unsigned_bin(a, b); - return CRYPT_OK; -} - -/* read */ -static int unsigned_read(void *a, unsigned char *b, unsigned long len) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - fp_read_unsigned_bin(a, b, len); - return CRYPT_OK; -} - -/* add */ -static int add(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - fp_add(a, b, c); - return CRYPT_OK; -} - -static int addi(void *a, ltc_mp_digit b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(c != NULL); - fp_add_d(a, b, c); - return CRYPT_OK; -} - -/* sub */ -static int sub(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - fp_sub(a, b, c); - return CRYPT_OK; -} - -static int subi(void *a, ltc_mp_digit b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(c != NULL); - fp_sub_d(a, b, c); - return CRYPT_OK; -} - -/* mul */ -static int mul(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - fp_mul(a, b, c); - return CRYPT_OK; -} - -static int muli(void *a, ltc_mp_digit b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(c != NULL); - fp_mul_d(a, b, c); - return CRYPT_OK; -} - -/* sqr */ -static int sqr(void *a, void *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - fp_sqr(a, b); - return CRYPT_OK; -} - -/* div */ -static int divide(void *a, void *b, void *c, void *d) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - return tfm_to_ltc_error(fp_div(a, b, c, d)); -} - -static int div_2(void *a, void *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - fp_div_2(a, b); - return CRYPT_OK; -} - -/* modi */ -static int modi(void *a, ltc_mp_digit b, ltc_mp_digit *c) -{ - fp_digit tmp; - int err; - - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(c != NULL); - - if ((err = tfm_to_ltc_error(fp_mod_d(a, b, &tmp))) != CRYPT_OK) { - return err; - } - *c = tmp; - return CRYPT_OK; -} - -/* gcd */ -static int gcd(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - fp_gcd(a, b, c); - return CRYPT_OK; -} - -/* lcm */ -static int lcm(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - fp_lcm(a, b, c); - return CRYPT_OK; -} - -static int addmod(void *a, void *b, void *c, void *d) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(d != NULL); - return tfm_to_ltc_error(fp_addmod(a,b,c,d)); -} - -static int submod(void *a, void *b, void *c, void *d) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(d != NULL); - return tfm_to_ltc_error(fp_submod(a,b,c,d)); -} - -static int mulmod(void *a, void *b, void *c, void *d) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(d != NULL); - return tfm_to_ltc_error(fp_mulmod(a,b,c,d)); -} - -static int sqrmod(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - return tfm_to_ltc_error(fp_sqrmod(a,b,c)); -} - -/* invmod */ -static int invmod(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - return tfm_to_ltc_error(fp_invmod(a, b, c)); -} - -/* setup */ -static int montgomery_setup(void *a, void **b) -{ - int err; - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - *b = XCALLOC(1, sizeof(fp_digit)); - if (*b == NULL) { - return CRYPT_MEM; - } - if ((err = tfm_to_ltc_error(fp_montgomery_setup(a, (fp_digit *)*b))) != CRYPT_OK) { - XFREE(*b); - } - return err; -} - -/* get normalization value */ -static int montgomery_normalization(void *a, void *b) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - fp_montgomery_calc_normalization(a, b); - return CRYPT_OK; -} - -/* reduce */ -static int montgomery_reduce(void *a, void *b, void *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - fp_montgomery_reduce(a, b, *((fp_digit *)c)); - return CRYPT_OK; -} - -/* clean up */ -static void montgomery_deinit(void *a) -{ - XFREE(a); -} - -static int exptmod(void *a, void *b, void *c, void *d) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - LTC_ARGCHK(c != NULL); - LTC_ARGCHK(d != NULL); - return tfm_to_ltc_error(fp_exptmod(a,b,c,d)); -} - -static int isprime(void *a, int b, int *c) -{ - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(c != NULL); - if (b == 0) { - b = LTC_MILLER_RABIN_REPS; - } /* if */ - *c = (fp_isprime_ex(a, b) == FP_YES) ? LTC_MP_YES : LTC_MP_NO; - return CRYPT_OK; -} - -#if defined(LTC_MECC) && defined(LTC_MECC_ACCEL) - -static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *Mp) -{ - fp_int t1, t2; - fp_digit mp; - - LTC_ARGCHK(P != NULL); - LTC_ARGCHK(R != NULL); - LTC_ARGCHK(modulus != NULL); - LTC_ARGCHK(Mp != NULL); - - mp = *((fp_digit*)Mp); - - fp_init(&t1); - fp_init(&t2); - - if (P != R) { - fp_copy(P->x, R->x); - fp_copy(P->y, R->y); - fp_copy(P->z, R->z); - } - - /* t1 = Z * Z */ - fp_sqr(R->z, &t1); - fp_montgomery_reduce(&t1, modulus, mp); - /* Z = Y * Z */ - fp_mul(R->z, R->y, R->z); - fp_montgomery_reduce(R->z, modulus, mp); - /* Z = 2Z */ - fp_add(R->z, R->z, R->z); - if (fp_cmp(R->z, modulus) != FP_LT) { - fp_sub(R->z, modulus, R->z); - } - - /* &t2 = X - T1 */ - fp_sub(R->x, &t1, &t2); - if (fp_cmp_d(&t2, 0) == FP_LT) { - fp_add(&t2, modulus, &t2); - } - /* T1 = X + T1 */ - fp_add(&t1, R->x, &t1); - if (fp_cmp(&t1, modulus) != FP_LT) { - fp_sub(&t1, modulus, &t1); - } - /* T2 = T1 * T2 */ - fp_mul(&t1, &t2, &t2); - fp_montgomery_reduce(&t2, modulus, mp); - /* T1 = 2T2 */ - fp_add(&t2, &t2, &t1); - if (fp_cmp(&t1, modulus) != FP_LT) { - fp_sub(&t1, modulus, &t1); - } - /* T1 = T1 + T2 */ - fp_add(&t1, &t2, &t1); - if (fp_cmp(&t1, modulus) != FP_LT) { - fp_sub(&t1, modulus, &t1); - } - - /* Y = 2Y */ - fp_add(R->y, R->y, R->y); - if (fp_cmp(R->y, modulus) != FP_LT) { - fp_sub(R->y, modulus, R->y); - } - /* Y = Y * Y */ - fp_sqr(R->y, R->y); - fp_montgomery_reduce(R->y, modulus, mp); - /* T2 = Y * Y */ - fp_sqr(R->y, &t2); - fp_montgomery_reduce(&t2, modulus, mp); - /* T2 = T2/2 */ - if (fp_isodd(&t2)) { - fp_add(&t2, modulus, &t2); - } - fp_div_2(&t2, &t2); - /* Y = Y * X */ - fp_mul(R->y, R->x, R->y); - fp_montgomery_reduce(R->y, modulus, mp); - - /* X = T1 * T1 */ - fp_sqr(&t1, R->x); - fp_montgomery_reduce(R->x, modulus, mp); - /* X = X - Y */ - fp_sub(R->x, R->y, R->x); - if (fp_cmp_d(R->x, 0) == FP_LT) { - fp_add(R->x, modulus, R->x); - } - /* X = X - Y */ - fp_sub(R->x, R->y, R->x); - if (fp_cmp_d(R->x, 0) == FP_LT) { - fp_add(R->x, modulus, R->x); - } - - /* Y = Y - X */ - fp_sub(R->y, R->x, R->y); - if (fp_cmp_d(R->y, 0) == FP_LT) { - fp_add(R->y, modulus, R->y); - } - /* Y = Y * T1 */ - fp_mul(R->y, &t1, R->y); - fp_montgomery_reduce(R->y, modulus, mp); - /* Y = Y - T2 */ - fp_sub(R->y, &t2, R->y); - if (fp_cmp_d(R->y, 0) == FP_LT) { - fp_add(R->y, modulus, R->y); - } - - return CRYPT_OK; -} - -/** - Add two ECC points - @param P The point to add - @param Q The point to add - @param R [out] The destination of the double - @param modulus The modulus of the field the ECC curve is in - @param Mp The "b" value from montgomery_setup() - @return CRYPT_OK on success -*/ -static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *Mp) -{ - fp_int t1, t2, x, y, z; - fp_digit mp; - - LTC_ARGCHK(P != NULL); - LTC_ARGCHK(Q != NULL); - LTC_ARGCHK(R != NULL); - LTC_ARGCHK(modulus != NULL); - LTC_ARGCHK(Mp != NULL); - - mp = *((fp_digit*)Mp); - - fp_init(&t1); - fp_init(&t2); - fp_init(&x); - fp_init(&y); - fp_init(&z); - - /* should we dbl instead? */ - fp_sub(modulus, Q->y, &t1); - if ( (fp_cmp(P->x, Q->x) == FP_EQ) && - (Q->z != NULL && fp_cmp(P->z, Q->z) == FP_EQ) && - (fp_cmp(P->y, Q->y) == FP_EQ || fp_cmp(P->y, &t1) == FP_EQ)) { - return tfm_ecc_projective_dbl_point(P, R, modulus, Mp); - } - - fp_copy(P->x, &x); - fp_copy(P->y, &y); - fp_copy(P->z, &z); - - /* if Z is one then these are no-operations */ - if (Q->z != NULL) { - /* T1 = Z' * Z' */ - fp_sqr(Q->z, &t1); - fp_montgomery_reduce(&t1, modulus, mp); - /* X = X * T1 */ - fp_mul(&t1, &x, &x); - fp_montgomery_reduce(&x, modulus, mp); - /* T1 = Z' * T1 */ - fp_mul(Q->z, &t1, &t1); - fp_montgomery_reduce(&t1, modulus, mp); - /* Y = Y * T1 */ - fp_mul(&t1, &y, &y); - fp_montgomery_reduce(&y, modulus, mp); - } - - /* T1 = Z*Z */ - fp_sqr(&z, &t1); - fp_montgomery_reduce(&t1, modulus, mp); - /* T2 = X' * T1 */ - fp_mul(Q->x, &t1, &t2); - fp_montgomery_reduce(&t2, modulus, mp); - /* T1 = Z * T1 */ - fp_mul(&z, &t1, &t1); - fp_montgomery_reduce(&t1, modulus, mp); - /* T1 = Y' * T1 */ - fp_mul(Q->y, &t1, &t1); - fp_montgomery_reduce(&t1, modulus, mp); - - /* Y = Y - T1 */ - fp_sub(&y, &t1, &y); - if (fp_cmp_d(&y, 0) == FP_LT) { - fp_add(&y, modulus, &y); - } - /* T1 = 2T1 */ - fp_add(&t1, &t1, &t1); - if (fp_cmp(&t1, modulus) != FP_LT) { - fp_sub(&t1, modulus, &t1); - } - /* T1 = Y + T1 */ - fp_add(&t1, &y, &t1); - if (fp_cmp(&t1, modulus) != FP_LT) { - fp_sub(&t1, modulus, &t1); - } - /* X = X - T2 */ - fp_sub(&x, &t2, &x); - if (fp_cmp_d(&x, 0) == FP_LT) { - fp_add(&x, modulus, &x); - } - /* T2 = 2T2 */ - fp_add(&t2, &t2, &t2); - if (fp_cmp(&t2, modulus) != FP_LT) { - fp_sub(&t2, modulus, &t2); - } - /* T2 = X + T2 */ - fp_add(&t2, &x, &t2); - if (fp_cmp(&t2, modulus) != FP_LT) { - fp_sub(&t2, modulus, &t2); - } - - /* if Z' != 1 */ - if (Q->z != NULL) { - /* Z = Z * Z' */ - fp_mul(&z, Q->z, &z); - fp_montgomery_reduce(&z, modulus, mp); - } - - /* Z = Z * X */ - fp_mul(&z, &x, &z); - fp_montgomery_reduce(&z, modulus, mp); - - /* T1 = T1 * X */ - fp_mul(&t1, &x, &t1); - fp_montgomery_reduce(&t1, modulus, mp); - /* X = X * X */ - fp_sqr(&x, &x); - fp_montgomery_reduce(&x, modulus, mp); - /* T2 = T2 * x */ - fp_mul(&t2, &x, &t2); - fp_montgomery_reduce(&t2, modulus, mp); - /* T1 = T1 * X */ - fp_mul(&t1, &x, &t1); - fp_montgomery_reduce(&t1, modulus, mp); - - /* X = Y*Y */ - fp_sqr(&y, &x); - fp_montgomery_reduce(&x, modulus, mp); - /* X = X - T2 */ - fp_sub(&x, &t2, &x); - if (fp_cmp_d(&x, 0) == FP_LT) { - fp_add(&x, modulus, &x); - } - - /* T2 = T2 - X */ - fp_sub(&t2, &x, &t2); - if (fp_cmp_d(&t2, 0) == FP_LT) { - fp_add(&t2, modulus, &t2); - } - /* T2 = T2 - X */ - fp_sub(&t2, &x, &t2); - if (fp_cmp_d(&t2, 0) == FP_LT) { - fp_add(&t2, modulus, &t2); - } - /* T2 = T2 * Y */ - fp_mul(&t2, &y, &t2); - fp_montgomery_reduce(&t2, modulus, mp); - /* Y = T2 - T1 */ - fp_sub(&t2, &t1, &y); - if (fp_cmp_d(&y, 0) == FP_LT) { - fp_add(&y, modulus, &y); - } - /* Y = Y/2 */ - if (fp_isodd(&y)) { - fp_add(&y, modulus, &y); - } - fp_div_2(&y, &y); - - fp_copy(&x, R->x); - fp_copy(&y, R->y); - fp_copy(&z, R->z); - - return CRYPT_OK; -} - - -#endif - -static int set_rand(void *a, int size) -{ - LTC_ARGCHK(a != NULL); - fp_rand(a, size); - return CRYPT_OK; -} - -const ltc_math_descriptor tfm_desc = { - - "TomsFastMath", - (int)DIGIT_BIT, - - &init, - &init_copy, - &deinit, - - &neg, - ©, - - &set_int, - &get_int, - &get_digit, - &get_digit_count, - &compare, - &compare_d, - &count_bits, - &count_lsb_bits, - &twoexpt, - - &read_radix, - &write_radix, - &unsigned_size, - &unsigned_write, - &unsigned_read, - - &add, - &addi, - &sub, - &subi, - &mul, - &muli, - &sqr, - ÷, - &div_2, - &modi, - &gcd, - &lcm, - - &mulmod, - &sqrmod, - &invmod, - - &montgomery_setup, - &montgomery_normalization, - &montgomery_reduce, - &montgomery_deinit, - - &exptmod, - &isprime, - -#ifdef LTC_MECC -#ifdef LTC_MECC_FP - <c_ecc_fp_mulmod, -#else - <c_ecc_mulmod, -#endif /* LTC_MECC_FP */ -#ifdef LTC_MECC_ACCEL - &tfm_ecc_projective_add_point, - &tfm_ecc_projective_dbl_point, -#else - <c_ecc_projective_add_point, - <c_ecc_projective_dbl_point, -#endif /* LTC_MECC_ACCEL */ - <c_ecc_map, -#ifdef LTC_ECC_SHAMIR -#ifdef LTC_MECC_FP - <c_ecc_fp_mul2add, -#else - <c_ecc_mul2add, -#endif /* LTC_MECC_FP */ -#else - NULL, -#endif /* LTC_ECC_SHAMIR */ -#else - NULL, NULL, NULL, NULL, NULL, -#endif /* LTC_MECC */ - -#ifdef LTC_MRSA - &rsa_make_key, - &rsa_exptmod, -#else - NULL, NULL, -#endif - &addmod, - &submod, - - set_rand, - -}; - - -#endif diff --git a/libs/tomcrypt/src/misc/adler32.c b/libs/tomcrypt/src/misc/adler32.c deleted file mode 100644 index 18a434771d1..00000000000 --- a/libs/tomcrypt/src/misc/adler32.c +++ /dev/null @@ -1,127 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file adler32.c - Adler-32 checksum algorithm - Written and placed in the public domain by Wei Dai - Adapted for libtomcrypt by Steffen Jaeckel -*/ -#ifdef LTC_ADLER32 - -static const unsigned long _adler32_base = 65521; - -void adler32_init(adler32_state *ctx) -{ - LTC_ARGCHKVD(ctx != NULL); - ctx->s[0] = 1; - ctx->s[1] = 0; -} - -void adler32_update(adler32_state *ctx, const unsigned char *input, unsigned long length) -{ - unsigned long s1, s2; - - LTC_ARGCHKVD(ctx != NULL); - LTC_ARGCHKVD(input != NULL); - s1 = ctx->s[0]; - s2 = ctx->s[1]; - - if (length % 8 != 0) { - do { - s1 += *input++; - s2 += s1; - length--; - } while (length % 8 != 0); - - if (s1 >= _adler32_base) - s1 -= _adler32_base; - s2 %= _adler32_base; - } - - while (length > 0) { - s1 += input[0]; - s2 += s1; - s1 += input[1]; - s2 += s1; - s1 += input[2]; - s2 += s1; - s1 += input[3]; - s2 += s1; - s1 += input[4]; - s2 += s1; - s1 += input[5]; - s2 += s1; - s1 += input[6]; - s2 += s1; - s1 += input[7]; - s2 += s1; - - length -= 8; - input += 8; - - if (s1 >= _adler32_base) - s1 -= _adler32_base; - s2 %= _adler32_base; - } - - LTC_ARGCHKVD(s1 < _adler32_base); - LTC_ARGCHKVD(s2 < _adler32_base); - - ctx->s[0] = (unsigned short)s1; - ctx->s[1] = (unsigned short)s2; -} - -void adler32_finish(adler32_state *ctx, void *hash, unsigned long size) -{ - unsigned char* h; - - LTC_ARGCHKVD(ctx != NULL); - LTC_ARGCHKVD(hash != NULL); - - h = hash; - - switch (size) { - default: - h[3] = ctx->s[0] & 0x0ff; - /* FALLTHROUGH */ - case 3: - h[2] = (ctx->s[0] >> 8) & 0x0ff; - /* FALLTHROUGH */ - case 2: - h[1] = ctx->s[1] & 0x0ff; - /* FALLTHROUGH */ - case 1: - h[0] = (ctx->s[1] >> 8) & 0x0ff; - /* FALLTHROUGH */ - case 0: - ; - } -} - -int adler32_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - const void* in = "libtomcrypt"; - const unsigned char adler32[] = { 0x1b, 0xe8, 0x04, 0xba }; - unsigned char out[4]; - adler32_state ctx; - adler32_init(&ctx); - adler32_update(&ctx, in, strlen(in)); - adler32_finish(&ctx, out, 4); - if (compare_testvector(adler32, 4, out, 4, "adler32", 0)) { - return CRYPT_FAIL_TESTVECTOR; - } - return CRYPT_OK; -#endif -} -#endif diff --git a/libs/tomcrypt/src/misc/base64/base64_decode.c b/libs/tomcrypt/src/misc/base64/base64_decode.c deleted file mode 100644 index 8b0458c95fe..00000000000 --- a/libs/tomcrypt/src/misc/base64/base64_decode.c +++ /dev/null @@ -1,191 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file base64_decode.c - Compliant base64 code donated by Wayne Scott (wscott@bitmover.com) - base64 URL Safe variant (RFC 4648 section 5) by Karel Miko -*/ - - -#if defined(LTC_BASE64) || defined (LTC_BASE64_URL) - -#if defined(LTC_BASE64) -static const unsigned char map_base64[256] = { -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 62, 255, 255, 255, 63, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 255, 255, -255, 254, 255, 255, 255, 0, 1, 2, 3, 4, 5, 6, - 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, - 19, 20, 21, 22, 23, 24, 25, 255, 255, 255, 255, 255, -255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, - 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, - 49, 50, 51, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255 }; -#endif /* LTC_BASE64 */ - -static const unsigned char map_base64url[] = { -#if defined(LTC_BASE64_URL) -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 62, 255, 255, - 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 255, 255, -255, 254, 255, 255, 255, 0, 1, 2, 3, 4, 5, 6, - 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, - 19, 20, 21, 22, 23, 24, 25, 255, 255, 255, 255, 63, -255, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, - 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, - 49, 50, 51, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, -255, 255, 255, 255 -#endif /* LTC_BASE64_URL */ -}; - -enum { - relaxed = 0, - strict = 1 -}; - -static int _base64_decode_internal(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *map, int is_strict) -{ - unsigned long t, x, y, z; - unsigned char c; - int g; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - g = 0; /* '=' counter */ - for (x = y = z = t = 0; x < inlen; x++) { - c = map[in[x]&0xFF]; - if (c == 254) { - g++; - continue; - } - else if (is_strict && g > 0) { - /* we only allow '=' to be at the end */ - return CRYPT_INVALID_PACKET; - } - if (c == 255) { - if (is_strict) - return CRYPT_INVALID_PACKET; - else - continue; - } - - t = (t<<6)|c; - - if (++y == 4) { - if (z + 3 > *outlen) return CRYPT_BUFFER_OVERFLOW; - out[z++] = (unsigned char)((t>>16)&255); - out[z++] = (unsigned char)((t>>8)&255); - out[z++] = (unsigned char)(t&255); - y = t = 0; - } - } - - if (y != 0) { - if (y == 1) return CRYPT_INVALID_PACKET; - if ((y + g) != 4 && is_strict && map != map_base64url) return CRYPT_INVALID_PACKET; - t = t << (6 * (4 - y)); - if (z + y - 1 > *outlen) return CRYPT_BUFFER_OVERFLOW; - if (y >= 2) out[z++] = (unsigned char) ((t >> 16) & 255); - if (y == 3) out[z++] = (unsigned char) ((t >> 8) & 255); - } - *outlen = z; - return CRYPT_OK; -} - -#if defined(LTC_BASE64) -/** - Relaxed base64 decode a block of memory - @param in The base64 data to decode - @param inlen The length of the base64 data - @param out [out] The destination of the binary decoded data - @param outlen [in/out] The max size and resulting size of the decoded data - @return CRYPT_OK if successful -*/ -int base64_decode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - return _base64_decode_internal(in, inlen, out, outlen, map_base64, relaxed); -} - -/** - Strict base64 decode a block of memory - @param in The base64 data to decode - @param inlen The length of the base64 data - @param out [out] The destination of the binary decoded data - @param outlen [in/out] The max size and resulting size of the decoded data - @return CRYPT_OK if successful -*/ -int base64_strict_decode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - return _base64_decode_internal(in, inlen, out, outlen, map_base64, strict); -} -#endif /* LTC_BASE64 */ - -#if defined(LTC_BASE64_URL) -/** - Relaxed base64 (URL Safe, RFC 4648 section 5) decode a block of memory - @param in The base64 data to decode - @param inlen The length of the base64 data - @param out [out] The destination of the binary decoded data - @param outlen [in/out] The max size and resulting size of the decoded data - @return CRYPT_OK if successful -*/ -int base64url_decode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - return _base64_decode_internal(in, inlen, out, outlen, map_base64url, relaxed); -} - -/** - Strict base64 (URL Safe, RFC 4648 section 5) decode a block of memory - @param in The base64 data to decode - @param inlen The length of the base64 data - @param out [out] The destination of the binary decoded data - @param outlen [in/out] The max size and resulting size of the decoded data - @return CRYPT_OK if successful -*/ -int base64url_strict_decode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - return _base64_decode_internal(in, inlen, out, outlen, map_base64url, strict); -} -#endif /* LTC_BASE64_URL */ - -#endif diff --git a/libs/tomcrypt/src/misc/base64/base64_encode.c b/libs/tomcrypt/src/misc/base64/base64_encode.c deleted file mode 100644 index 54ff5cf3145..00000000000 --- a/libs/tomcrypt/src/misc/base64/base64_encode.c +++ /dev/null @@ -1,119 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file base64_encode.c - Compliant base64 encoder donated by Wayne Scott (wscott@bitmover.com) - base64 URL Safe variant (RFC 4648 section 5) by Karel Miko -*/ - - -#if defined(LTC_BASE64) || defined (LTC_BASE64_URL) - -#if defined(LTC_BASE64) -static const char * const codes_base64 = -"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -#endif /* LTC_BASE64 */ - -#if defined(LTC_BASE64_URL) -static const char * const codes_base64url = -"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"; -#endif /* LTC_BASE64_URL */ - -static int _base64_encode_internal(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const char *codes, int pad) -{ - unsigned long i, len2, leven; - unsigned char *p; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* valid output size ? */ - len2 = 4 * ((inlen + 2) / 3); - if (*outlen < len2 + 1) { - *outlen = len2 + 1; - return CRYPT_BUFFER_OVERFLOW; - } - p = out; - leven = 3*(inlen / 3); - for (i = 0; i < leven; i += 3) { - *p++ = codes[(in[0] >> 2) & 0x3F]; - *p++ = codes[(((in[0] & 3) << 4) + (in[1] >> 4)) & 0x3F]; - *p++ = codes[(((in[1] & 0xf) << 2) + (in[2] >> 6)) & 0x3F]; - *p++ = codes[in[2] & 0x3F]; - in += 3; - } - /* Pad it if necessary... */ - if (i < inlen) { - unsigned a = in[0]; - unsigned b = (i+1 < inlen) ? in[1] : 0; - - *p++ = codes[(a >> 2) & 0x3F]; - *p++ = codes[(((a & 3) << 4) + (b >> 4)) & 0x3F]; - if (pad) { - *p++ = (i+1 < inlen) ? codes[(((b & 0xf) << 2)) & 0x3F] : '='; - *p++ = '='; - } - else { - if (i+1 < inlen) *p++ = codes[(((b & 0xf) << 2)) & 0x3F]; - } - } - - /* append a NULL byte */ - *p = '\0'; - - /* return ok */ - *outlen = (unsigned long)(p - out); - return CRYPT_OK; -} - -#if defined(LTC_BASE64) -/** - base64 Encode a buffer (NUL terminated) - @param in The input buffer to encode - @param inlen The length of the input buffer - @param out [out] The destination of the base64 encoded data - @param outlen [in/out] The max size and resulting size - @return CRYPT_OK if successful -*/ -int base64_encode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - return _base64_encode_internal(in, inlen, out, outlen, codes_base64, 1); -} -#endif /* LTC_BASE64 */ - - -#if defined(LTC_BASE64_URL) -/** - base64 (URL Safe, RFC 4648 section 5) Encode a buffer (NUL terminated) - @param in The input buffer to encode - @param inlen The length of the input buffer - @param out [out] The destination of the base64 encoded data - @param outlen [in/out] The max size and resulting size - @return CRYPT_OK if successful -*/ -int base64url_encode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - return _base64_encode_internal(in, inlen, out, outlen, codes_base64url, 0); -} - -int base64url_strict_encode(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - return _base64_encode_internal(in, inlen, out, outlen, codes_base64url, 1); -} -#endif /* LTC_BASE64_URL */ - -#endif diff --git a/libs/tomcrypt/src/misc/burn_stack.c b/libs/tomcrypt/src/misc/burn_stack.c deleted file mode 100644 index a94589da8ca..00000000000 --- a/libs/tomcrypt/src/misc/burn_stack.c +++ /dev/null @@ -1,26 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file burn_stack.c - Burn stack, Tom St Denis -*/ - -/** - Burn some stack memory - @param len amount of stack to burn in bytes -*/ -void burn_stack(unsigned long len) -{ - unsigned char buf[32]; - zeromem(buf, sizeof(buf)); - if (len > (unsigned long)sizeof(buf)) - burn_stack(len - sizeof(buf)); -} diff --git a/libs/tomcrypt/src/misc/crc32.c b/libs/tomcrypt/src/misc/crc32.c deleted file mode 100644 index 937014add90..00000000000 --- a/libs/tomcrypt/src/misc/crc32.c +++ /dev/null @@ -1,198 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crc32.c - CRC-32 checksum algorithm - Written and placed in the public domain by Wei Dai - Adapted for libtomcrypt by Steffen Jaeckel -*/ -#ifdef LTC_CRC32 - -static const ulong32 _CRC32_NEGL = 0xffffffffUL; - -#if defined(ENDIAN_LITTLE) -#define CRC32_INDEX(c) (c & 0xff) -#define CRC32_SHIFTED(c) (c >> 8) -#elif defined(ENDIAN_BIG) -#define CRC32_INDEX(c) (c >> 24) -#define CRC32_SHIFTED(c) (c << 8) -#else -#error The existing CRC32 implementation only works properly when the endianness of the target platform is known. -#endif - -/* Table of CRC-32's of all single byte values (made by makecrc.c) */ -static const ulong32 crc32_m_tab[] = -{ -#if defined(ENDIAN_LITTLE) - 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, - 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, - 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, - 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL, - 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L, - 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L, - 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L, - 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL, - 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L, - 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL, - 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L, - 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L, - 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L, - 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL, - 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL, - 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L, - 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL, - 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L, - 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L, - 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L, - 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL, - 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L, - 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L, - 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL, - 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L, - 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L, - 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L, - 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L, - 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L, - 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL, - 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL, - 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L, - 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L, - 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL, - 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL, - 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L, - 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL, - 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L, - 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL, - 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L, - 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL, - 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L, - 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L, - 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL, - 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L, - 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L, - 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L, - 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L, - 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L, - 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L, - 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL, - 0x2d02ef8dL -#else - 0x00000000L, 0x96300777L, 0x2c610eeeL, 0xba510999L, 0x19c46d07L, - 0x8ff46a70L, 0x35a563e9L, 0xa395649eL, 0x3288db0eL, 0xa4b8dc79L, - 0x1ee9d5e0L, 0x88d9d297L, 0x2b4cb609L, 0xbd7cb17eL, 0x072db8e7L, - 0x911dbf90L, 0x6410b71dL, 0xf220b06aL, 0x4871b9f3L, 0xde41be84L, - 0x7dd4da1aL, 0xebe4dd6dL, 0x51b5d4f4L, 0xc785d383L, 0x56986c13L, - 0xc0a86b64L, 0x7af962fdL, 0xecc9658aL, 0x4f5c0114L, 0xd96c0663L, - 0x633d0ffaL, 0xf50d088dL, 0xc8206e3bL, 0x5e10694cL, 0xe44160d5L, - 0x727167a2L, 0xd1e4033cL, 0x47d4044bL, 0xfd850dd2L, 0x6bb50aa5L, - 0xfaa8b535L, 0x6c98b242L, 0xd6c9bbdbL, 0x40f9bcacL, 0xe36cd832L, - 0x755cdf45L, 0xcf0dd6dcL, 0x593dd1abL, 0xac30d926L, 0x3a00de51L, - 0x8051d7c8L, 0x1661d0bfL, 0xb5f4b421L, 0x23c4b356L, 0x9995bacfL, - 0x0fa5bdb8L, 0x9eb80228L, 0x0888055fL, 0xb2d90cc6L, 0x24e90bb1L, - 0x877c6f2fL, 0x114c6858L, 0xab1d61c1L, 0x3d2d66b6L, 0x9041dc76L, - 0x0671db01L, 0xbc20d298L, 0x2a10d5efL, 0x8985b171L, 0x1fb5b606L, - 0xa5e4bf9fL, 0x33d4b8e8L, 0xa2c90778L, 0x34f9000fL, 0x8ea80996L, - 0x18980ee1L, 0xbb0d6a7fL, 0x2d3d6d08L, 0x976c6491L, 0x015c63e6L, - 0xf4516b6bL, 0x62616c1cL, 0xd8306585L, 0x4e0062f2L, 0xed95066cL, - 0x7ba5011bL, 0xc1f40882L, 0x57c40ff5L, 0xc6d9b065L, 0x50e9b712L, - 0xeab8be8bL, 0x7c88b9fcL, 0xdf1ddd62L, 0x492dda15L, 0xf37cd38cL, - 0x654cd4fbL, 0x5861b24dL, 0xce51b53aL, 0x7400bca3L, 0xe230bbd4L, - 0x41a5df4aL, 0xd795d83dL, 0x6dc4d1a4L, 0xfbf4d6d3L, 0x6ae96943L, - 0xfcd96e34L, 0x468867adL, 0xd0b860daL, 0x732d0444L, 0xe51d0333L, - 0x5f4c0aaaL, 0xc97c0dddL, 0x3c710550L, 0xaa410227L, 0x10100bbeL, - 0x86200cc9L, 0x25b56857L, 0xb3856f20L, 0x09d466b9L, 0x9fe461ceL, - 0x0ef9de5eL, 0x98c9d929L, 0x2298d0b0L, 0xb4a8d7c7L, 0x173db359L, - 0x810db42eL, 0x3b5cbdb7L, 0xad6cbac0L, 0x2083b8edL, 0xb6b3bf9aL, - 0x0ce2b603L, 0x9ad2b174L, 0x3947d5eaL, 0xaf77d29dL, 0x1526db04L, - 0x8316dc73L, 0x120b63e3L, 0x843b6494L, 0x3e6a6d0dL, 0xa85a6a7aL, - 0x0bcf0ee4L, 0x9dff0993L, 0x27ae000aL, 0xb19e077dL, 0x44930ff0L, - 0xd2a30887L, 0x68f2011eL, 0xfec20669L, 0x5d5762f7L, 0xcb676580L, - 0x71366c19L, 0xe7066b6eL, 0x761bd4feL, 0xe02bd389L, 0x5a7ada10L, - 0xcc4add67L, 0x6fdfb9f9L, 0xf9efbe8eL, 0x43beb717L, 0xd58eb060L, - 0xe8a3d6d6L, 0x7e93d1a1L, 0xc4c2d838L, 0x52f2df4fL, 0xf167bbd1L, - 0x6757bca6L, 0xdd06b53fL, 0x4b36b248L, 0xda2b0dd8L, 0x4c1b0aafL, - 0xf64a0336L, 0x607a0441L, 0xc3ef60dfL, 0x55df67a8L, 0xef8e6e31L, - 0x79be6946L, 0x8cb361cbL, 0x1a8366bcL, 0xa0d26f25L, 0x36e26852L, - 0x95770cccL, 0x03470bbbL, 0xb9160222L, 0x2f260555L, 0xbe3bbac5L, - 0x280bbdb2L, 0x925ab42bL, 0x046ab35cL, 0xa7ffd7c2L, 0x31cfd0b5L, - 0x8b9ed92cL, 0x1daede5bL, 0xb0c2649bL, 0x26f263ecL, 0x9ca36a75L, - 0x0a936d02L, 0xa906099cL, 0x3f360eebL, 0x85670772L, 0x13570005L, - 0x824abf95L, 0x147ab8e2L, 0xae2bb17bL, 0x381bb60cL, 0x9b8ed292L, - 0x0dbed5e5L, 0xb7efdc7cL, 0x21dfdb0bL, 0xd4d2d386L, 0x42e2d4f1L, - 0xf8b3dd68L, 0x6e83da1fL, 0xcd16be81L, 0x5b26b9f6L, 0xe177b06fL, - 0x7747b718L, 0xe65a0888L, 0x706a0fffL, 0xca3b0666L, 0x5c0b0111L, - 0xff9e658fL, 0x69ae62f8L, 0xd3ff6b61L, 0x45cf6c16L, 0x78e20aa0L, - 0xeed20dd7L, 0x5483044eL, 0xc2b30339L, 0x612667a7L, 0xf71660d0L, - 0x4d476949L, 0xdb776e3eL, 0x4a6ad1aeL, 0xdc5ad6d9L, 0x660bdf40L, - 0xf03bd837L, 0x53aebca9L, 0xc59ebbdeL, 0x7fcfb247L, 0xe9ffb530L, - 0x1cf2bdbdL, 0x8ac2bacaL, 0x3093b353L, 0xa6a3b424L, 0x0536d0baL, - 0x9306d7cdL, 0x2957de54L, 0xbf67d923L, 0x2e7a66b3L, 0xb84a61c4L, - 0x021b685dL, 0x942b6f2aL, 0x37be0bb4L, 0xa18e0cc3L, 0x1bdf055aL, - 0x8def022dL -#endif -}; - -void crc32_init(crc32_state *ctx) -{ - LTC_ARGCHKVD(ctx != NULL); - ctx->crc = _CRC32_NEGL; -} - -void crc32_update(crc32_state *ctx, const unsigned char *input, unsigned long length) -{ - ulong32 crc; - LTC_ARGCHKVD(ctx != NULL); - LTC_ARGCHKVD(input != NULL); - crc = ctx->crc; - - while (length--) - crc = crc32_m_tab[CRC32_INDEX(crc) ^ *input++] ^ CRC32_SHIFTED(crc); - - ctx->crc = crc; -} - -void crc32_finish(crc32_state *ctx, void *hash, unsigned long size) -{ - unsigned long i; - unsigned char* h; - ulong32 crc; - LTC_ARGCHKVD(ctx != NULL); - LTC_ARGCHKVD(hash != NULL); - - h = hash; - crc = ctx->crc; - crc ^= _CRC32_NEGL; - - if (size > 4) size = 4; - for (i = 0; i < size; i++) { - h[i] = ((unsigned char*)&(crc))[size-i-1]; - } -} - -int crc32_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - const void* in = "libtomcrypt"; - const unsigned char crc32[] = { 0xb3, 0x73, 0x76, 0xef }; - unsigned char out[4]; - crc32_state ctx; - crc32_init(&ctx); - crc32_update(&ctx, in, strlen(in)); - crc32_finish(&ctx, out, 4); - if (compare_testvector(crc32, 4, out, 4, "CRC32", 0)) { - return CRYPT_FAIL_TESTVECTOR; - } - return CRYPT_OK; -#endif -} -#endif diff --git a/libs/tomcrypt/src/misc/crypt/crypt_cipher_descriptor.c b/libs/tomcrypt/src/misc/crypt/crypt_cipher_descriptor.c deleted file mode 100644 index ea4e55a57ff..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_cipher_descriptor.c +++ /dev/null @@ -1,20 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_cipher_descriptor.c - Stores the cipher descriptor table, Tom St Denis -*/ - -struct ltc_cipher_descriptor cipher_descriptor[TAB_SIZE] = { -{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } - }; - -LTC_MUTEX_GLOBAL(ltc_cipher_mutex) diff --git a/libs/tomcrypt/src/misc/crypt/crypt_cipher_is_valid.c b/libs/tomcrypt/src/misc/crypt/crypt_cipher_is_valid.c deleted file mode 100644 index 5da325034da..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_cipher_is_valid.c +++ /dev/null @@ -1,30 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_cipher_is_valid.c - Determine if cipher is valid, Tom St Denis -*/ - -/* - Test if a cipher index is valid - @param idx The index of the cipher to search for - @return CRYPT_OK if valid -*/ -int cipher_is_valid(int idx) -{ - LTC_MUTEX_LOCK(<c_cipher_mutex); - if (idx < 0 || idx >= TAB_SIZE || cipher_descriptor[idx].name == NULL) { - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return CRYPT_INVALID_CIPHER; - } - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return CRYPT_OK; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_find_cipher.c b/libs/tomcrypt/src/misc/crypt/crypt_find_cipher.c deleted file mode 100644 index 659882188c6..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_find_cipher.c +++ /dev/null @@ -1,34 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_find_cipher.c - Find a cipher in the descriptor tables, Tom St Denis -*/ - -/** - Find a registered cipher by name - @param name The name of the cipher to look for - @return >= 0 if found, -1 if not present -*/ -int find_cipher(const char *name) -{ - int x; - LTC_ARGCHK(name != NULL); - LTC_MUTEX_LOCK(<c_cipher_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (cipher_descriptor[x].name != NULL && !XSTRCMP(cipher_descriptor[x].name, name)) { - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return x; - } - } - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return -1; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_find_cipher_any.c b/libs/tomcrypt/src/misc/crypt/crypt_find_cipher_any.c deleted file mode 100644 index 6ec31caedae..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_find_cipher_any.c +++ /dev/null @@ -1,44 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_find_cipher_any.c - Find a cipher in the descriptor tables, Tom St Denis -*/ - -/** - Find a cipher flexibly. First by name then if not present by block and key size - @param name The name of the cipher desired - @param blocklen The minimum length of the block cipher desired (octets) - @param keylen The minimum length of the key size desired (octets) - @return >= 0 if found, -1 if not present -*/ -int find_cipher_any(const char *name, int blocklen, int keylen) -{ - int x; - - if(name != NULL) { - x = find_cipher(name); - if (x != -1) return x; - } - - LTC_MUTEX_LOCK(<c_cipher_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (cipher_descriptor[x].name == NULL) { - continue; - } - if (blocklen <= (int)cipher_descriptor[x].block_length && keylen <= (int)cipher_descriptor[x].max_key_length) { - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return x; - } - } - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return -1; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_find_cipher_id.c b/libs/tomcrypt/src/misc/crypt/crypt_find_cipher_id.c deleted file mode 100644 index f586d727082..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_find_cipher_id.c +++ /dev/null @@ -1,34 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_find_cipher_id.c - Find cipher by ID, Tom St Denis -*/ - -/** - Find a cipher by ID number - @param ID The ID (not same as index) of the cipher to find - @return >= 0 if found, -1 if not present -*/ -int find_cipher_id(unsigned char ID) -{ - int x; - LTC_MUTEX_LOCK(<c_cipher_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (cipher_descriptor[x].ID == ID) { - x = (cipher_descriptor[x].name == NULL) ? -1 : x; - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return x; - } - } - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return -1; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_find_hash.c b/libs/tomcrypt/src/misc/crypt/crypt_find_hash.c deleted file mode 100644 index b93ce52f686..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_find_hash.c +++ /dev/null @@ -1,34 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_find_hash.c - Find a hash, Tom St Denis -*/ - -/** - Find a registered hash by name - @param name The name of the hash to look for - @return >= 0 if found, -1 if not present -*/ -int find_hash(const char *name) -{ - int x; - LTC_ARGCHK(name != NULL); - LTC_MUTEX_LOCK(<c_hash_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (hash_descriptor[x].name != NULL && XSTRCMP(hash_descriptor[x].name, name) == 0) { - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return x; - } - } - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return -1; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_find_hash_any.c b/libs/tomcrypt/src/misc/crypt/crypt_find_hash_any.c deleted file mode 100644 index be22ddff672..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_find_hash_any.c +++ /dev/null @@ -1,43 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_find_hash_any.c - Find a hash, Tom St Denis -*/ - -/** - Find a hash flexibly. First by name then if not present by digest size - @param name The name of the hash desired - @param digestlen The minimum length of the digest size (octets) - @return >= 0 if found, -1 if not present -*/int find_hash_any(const char *name, int digestlen) -{ - int x, y, z; - LTC_ARGCHK(name != NULL); - - x = find_hash(name); - if (x != -1) return x; - - LTC_MUTEX_LOCK(<c_hash_mutex); - y = MAXBLOCKSIZE+1; - z = -1; - for (x = 0; x < TAB_SIZE; x++) { - if (hash_descriptor[x].name == NULL) { - continue; - } - if ((int)hash_descriptor[x].hashsize >= digestlen && (int)hash_descriptor[x].hashsize < y) { - z = x; - y = hash_descriptor[x].hashsize; - } - } - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return z; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_find_hash_id.c b/libs/tomcrypt/src/misc/crypt/crypt_find_hash_id.c deleted file mode 100644 index 6b82e7884a2..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_find_hash_id.c +++ /dev/null @@ -1,34 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_find_hash_id.c - Find hash by ID, Tom St Denis -*/ - -/** - Find a hash by ID number - @param ID The ID (not same as index) of the hash to find - @return >= 0 if found, -1 if not present -*/ -int find_hash_id(unsigned char ID) -{ - int x; - LTC_MUTEX_LOCK(<c_hash_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (hash_descriptor[x].ID == ID) { - x = (hash_descriptor[x].name == NULL) ? -1 : x; - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return x; - } - } - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return -1; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_find_hash_oid.c b/libs/tomcrypt/src/misc/crypt/crypt_find_hash_oid.c deleted file mode 100644 index e600fff7303..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_find_hash_oid.c +++ /dev/null @@ -1,29 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_find_hash_oid.c - Find a hash, Tom St Denis -*/ - -int find_hash_oid(const unsigned long *ID, unsigned long IDlen) -{ - int x; - LTC_ARGCHK(ID != NULL); - LTC_MUTEX_LOCK(<c_hash_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (hash_descriptor[x].name != NULL && hash_descriptor[x].OIDlen == IDlen && !XMEMCMP(hash_descriptor[x].OID, ID, sizeof(unsigned long) * IDlen)) { - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return x; - } - } - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return -1; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_find_prng.c b/libs/tomcrypt/src/misc/crypt/crypt_find_prng.c deleted file mode 100644 index fe8ec97aa2a..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_find_prng.c +++ /dev/null @@ -1,34 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_find_prng.c - Find a PRNG, Tom St Denis -*/ - -/** - Find a registered PRNG by name - @param name The name of the PRNG to look for - @return >= 0 if found, -1 if not present -*/ -int find_prng(const char *name) -{ - int x; - LTC_ARGCHK(name != NULL); - LTC_MUTEX_LOCK(<c_prng_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if ((prng_descriptor[x].name != NULL) && XSTRCMP(prng_descriptor[x].name, name) == 0) { - LTC_MUTEX_UNLOCK(<c_prng_mutex); - return x; - } - } - LTC_MUTEX_UNLOCK(<c_prng_mutex); - return -1; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_hash_descriptor.c b/libs/tomcrypt/src/misc/crypt/crypt_hash_descriptor.c deleted file mode 100644 index 5f9c4f49b24..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_hash_descriptor.c +++ /dev/null @@ -1,20 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_hash_descriptor.c - Stores the hash descriptor table, Tom St Denis -*/ - -struct ltc_hash_descriptor hash_descriptor[TAB_SIZE] = { -{ NULL, 0, 0, 0, { 0 }, 0, NULL, NULL, NULL, NULL, NULL } -}; - -LTC_MUTEX_GLOBAL(ltc_hash_mutex) diff --git a/libs/tomcrypt/src/misc/crypt/crypt_hash_is_valid.c b/libs/tomcrypt/src/misc/crypt/crypt_hash_is_valid.c deleted file mode 100644 index 52fc8559fe5..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_hash_is_valid.c +++ /dev/null @@ -1,30 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_hash_is_valid.c - Determine if hash is valid, Tom St Denis -*/ - -/* - Test if a hash index is valid - @param idx The index of the hash to search for - @return CRYPT_OK if valid -*/ -int hash_is_valid(int idx) -{ - LTC_MUTEX_LOCK(<c_hash_mutex); - if (idx < 0 || idx >= TAB_SIZE || hash_descriptor[idx].name == NULL) { - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return CRYPT_INVALID_HASH; - } - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return CRYPT_OK; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_inits.c b/libs/tomcrypt/src/misc/crypt/crypt_inits.c deleted file mode 100644 index 81b2002c9c7..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_inits.c +++ /dev/null @@ -1,38 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_inits.c - - Provide math library functions for dynamic languages - like Python - Larry Bugbee, February 2013 -*/ - - -#ifdef LTM_DESC -void init_LTM(void) -{ - ltc_mp = ltm_desc; -} -#endif - -#ifdef TFM_DESC -void init_TFM(void) -{ - ltc_mp = tfm_desc; -} -#endif - -#ifdef GMP_DESC -void init_GMP(void) -{ - ltc_mp = gmp_desc; -} -#endif diff --git a/libs/tomcrypt/src/misc/crypt/crypt_ltc_mp_descriptor.c b/libs/tomcrypt/src/misc/crypt/crypt_ltc_mp_descriptor.c deleted file mode 100644 index fe5ae2e271d..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_ltc_mp_descriptor.c +++ /dev/null @@ -1,12 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/* Initialize ltc_mp to nulls, to force allocation on all platforms, including macOS. */ -ltc_math_descriptor ltc_mp = { 0 }; diff --git a/libs/tomcrypt/src/misc/crypt/crypt_prng_descriptor.c b/libs/tomcrypt/src/misc/crypt/crypt_prng_descriptor.c deleted file mode 100644 index 5e6307e542d..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_prng_descriptor.c +++ /dev/null @@ -1,19 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_prng_descriptor.c - Stores the PRNG descriptors, Tom St Denis -*/ -struct ltc_prng_descriptor prng_descriptor[TAB_SIZE] = { -{ NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL } -}; - -LTC_MUTEX_GLOBAL(ltc_prng_mutex) diff --git a/libs/tomcrypt/src/misc/crypt/crypt_prng_is_valid.c b/libs/tomcrypt/src/misc/crypt/crypt_prng_is_valid.c deleted file mode 100644 index 8db951796dd..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_prng_is_valid.c +++ /dev/null @@ -1,30 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_prng_is_valid.c - Determine if PRNG is valid, Tom St Denis -*/ - -/* - Test if a PRNG index is valid - @param idx The index of the PRNG to search for - @return CRYPT_OK if valid -*/ -int prng_is_valid(int idx) -{ - LTC_MUTEX_LOCK(<c_prng_mutex); - if (idx < 0 || idx >= TAB_SIZE || prng_descriptor[idx].name == NULL) { - LTC_MUTEX_UNLOCK(<c_prng_mutex); - return CRYPT_INVALID_PRNG; - } - LTC_MUTEX_UNLOCK(<c_prng_mutex); - return CRYPT_OK; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_prng_rng_descriptor.c b/libs/tomcrypt/src/misc/crypt/crypt_prng_rng_descriptor.c deleted file mode 100644 index ccb6852c78b..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_prng_rng_descriptor.c +++ /dev/null @@ -1,13 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_PRNG_ENABLE_LTC_RNG -unsigned long (*ltc_rng)(unsigned char *out, unsigned long outlen, void (*callback)(void)); -#endif diff --git a/libs/tomcrypt/src/misc/crypt/crypt_register_cipher.c b/libs/tomcrypt/src/misc/crypt/crypt_register_cipher.c deleted file mode 100644 index 256cd8e05c8..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_register_cipher.c +++ /dev/null @@ -1,48 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_register_cipher.c - Register a cipher, Tom St Denis -*/ - -/** - Register a cipher with the descriptor table - @param cipher The cipher you wish to register - @return value >= 0 if successfully added (or already present), -1 if unsuccessful -*/ -int register_cipher(const struct ltc_cipher_descriptor *cipher) -{ - int x; - - LTC_ARGCHK(cipher != NULL); - - /* is it already registered? */ - LTC_MUTEX_LOCK(<c_cipher_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (cipher_descriptor[x].name != NULL && cipher_descriptor[x].ID == cipher->ID) { - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return x; - } - } - - /* find a blank spot */ - for (x = 0; x < TAB_SIZE; x++) { - if (cipher_descriptor[x].name == NULL) { - XMEMCPY(&cipher_descriptor[x], cipher, sizeof(struct ltc_cipher_descriptor)); - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return x; - } - } - - /* no spot */ - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return -1; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_register_hash.c b/libs/tomcrypt/src/misc/crypt/crypt_register_hash.c deleted file mode 100644 index c23858b41a1..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_register_hash.c +++ /dev/null @@ -1,48 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_register_hash.c - Register a HASH, Tom St Denis -*/ - -/** - Register a hash with the descriptor table - @param hash The hash you wish to register - @return value >= 0 if successfully added (or already present), -1 if unsuccessful -*/ -int register_hash(const struct ltc_hash_descriptor *hash) -{ - int x; - - LTC_ARGCHK(hash != NULL); - - /* is it already registered? */ - LTC_MUTEX_LOCK(<c_hash_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (XMEMCMP(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)) == 0) { - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return x; - } - } - - /* find a blank spot */ - for (x = 0; x < TAB_SIZE; x++) { - if (hash_descriptor[x].name == NULL) { - XMEMCPY(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)); - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return x; - } - } - - /* no spot */ - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return -1; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_register_prng.c b/libs/tomcrypt/src/misc/crypt/crypt_register_prng.c deleted file mode 100644 index 920197ea06e..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_register_prng.c +++ /dev/null @@ -1,48 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_register_prng.c - Register a PRNG, Tom St Denis -*/ - -/** - Register a PRNG with the descriptor table - @param prng The PRNG you wish to register - @return value >= 0 if successfully added (or already present), -1 if unsuccessful -*/ -int register_prng(const struct ltc_prng_descriptor *prng) -{ - int x; - - LTC_ARGCHK(prng != NULL); - - /* is it already registered? */ - LTC_MUTEX_LOCK(<c_prng_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (XMEMCMP(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)) == 0) { - LTC_MUTEX_UNLOCK(<c_prng_mutex); - return x; - } - } - - /* find a blank spot */ - for (x = 0; x < TAB_SIZE; x++) { - if (prng_descriptor[x].name == NULL) { - XMEMCPY(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)); - LTC_MUTEX_UNLOCK(<c_prng_mutex); - return x; - } - } - - /* no spot */ - LTC_MUTEX_UNLOCK(<c_prng_mutex); - return -1; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_unregister_cipher.c b/libs/tomcrypt/src/misc/crypt/crypt_unregister_cipher.c deleted file mode 100644 index 8b9cbb7d845..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_unregister_cipher.c +++ /dev/null @@ -1,39 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_unregister_cipher.c - Unregister a cipher, Tom St Denis -*/ - -/** - Unregister a cipher from the descriptor table - @param cipher The cipher descriptor to remove - @return CRYPT_OK on success -*/ -int unregister_cipher(const struct ltc_cipher_descriptor *cipher) -{ - int x; - - LTC_ARGCHK(cipher != NULL); - - /* is it already registered? */ - LTC_MUTEX_LOCK(<c_cipher_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (XMEMCMP(&cipher_descriptor[x], cipher, sizeof(struct ltc_cipher_descriptor)) == 0) { - cipher_descriptor[x].name = NULL; - cipher_descriptor[x].ID = 255; - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return CRYPT_OK; - } - } - LTC_MUTEX_UNLOCK(<c_cipher_mutex); - return CRYPT_ERROR; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_unregister_hash.c b/libs/tomcrypt/src/misc/crypt/crypt_unregister_hash.c deleted file mode 100644 index 7c4a7f9f6ea..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_unregister_hash.c +++ /dev/null @@ -1,38 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_unregister_hash.c - Unregister a hash, Tom St Denis -*/ - -/** - Unregister a hash from the descriptor table - @param hash The hash descriptor to remove - @return CRYPT_OK on success -*/ -int unregister_hash(const struct ltc_hash_descriptor *hash) -{ - int x; - - LTC_ARGCHK(hash != NULL); - - /* is it already registered? */ - LTC_MUTEX_LOCK(<c_hash_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (XMEMCMP(&hash_descriptor[x], hash, sizeof(struct ltc_hash_descriptor)) == 0) { - hash_descriptor[x].name = NULL; - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return CRYPT_OK; - } - } - LTC_MUTEX_UNLOCK(<c_hash_mutex); - return CRYPT_ERROR; -} diff --git a/libs/tomcrypt/src/misc/crypt/crypt_unregister_prng.c b/libs/tomcrypt/src/misc/crypt/crypt_unregister_prng.c deleted file mode 100644 index 0022e3708ab..00000000000 --- a/libs/tomcrypt/src/misc/crypt/crypt_unregister_prng.c +++ /dev/null @@ -1,38 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file crypt_unregister_prng.c - Unregister a PRNG, Tom St Denis -*/ - -/** - Unregister a PRNG from the descriptor table - @param prng The PRNG descriptor to remove - @return CRYPT_OK on success -*/ -int unregister_prng(const struct ltc_prng_descriptor *prng) -{ - int x; - - LTC_ARGCHK(prng != NULL); - - /* is it already registered? */ - LTC_MUTEX_LOCK(<c_prng_mutex); - for (x = 0; x < TAB_SIZE; x++) { - if (XMEMCMP(&prng_descriptor[x], prng, sizeof(struct ltc_prng_descriptor)) == 0) { - prng_descriptor[x].name = NULL; - LTC_MUTEX_UNLOCK(<c_prng_mutex); - return CRYPT_OK; - } - } - LTC_MUTEX_UNLOCK(<c_prng_mutex); - return CRYPT_ERROR; -} diff --git a/libs/tomcrypt/src/misc/mem_neq.c b/libs/tomcrypt/src/misc/mem_neq.c deleted file mode 100644 index d66566ba310..00000000000 --- a/libs/tomcrypt/src/misc/mem_neq.c +++ /dev/null @@ -1,59 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file mem_neq.c - Compare two blocks of memory for inequality in constant time. - Steffen Jaeckel -*/ - -/** - Compare two blocks of memory for inequality in constant time. - - The usage is similar to that of standard memcmp, but you can only test - if the memory is equal or not - you can not determine by how much the - first different byte differs. - - This function shall be used to compare results of cryptographic - operations where inequality means most likely usage of a wrong key. - The execution time has therefore to be constant as otherwise - timing attacks could be possible. - - @param a The first memory region - @param b The second memory region - @param len The length of the area to compare (octets) - - @return 0 when a and b are equal for len bytes, 1 they are not equal. -*/ -int mem_neq(const void *a, const void *b, size_t len) -{ - unsigned char ret = 0; - const unsigned char* pa; - const unsigned char* pb; - - LTC_ARGCHK(a != NULL); - LTC_ARGCHK(b != NULL); - - pa = a; - pb = b; - - while (len-- > 0) { - ret |= *pa ^ *pb; - ++pa; - ++pb; - } - - ret |= ret >> 4; - ret |= ret >> 2; - ret |= ret >> 1; - ret &= 1; - - return ret; -} diff --git a/libs/tomcrypt/src/misc/pk_get_oid.c b/libs/tomcrypt/src/misc/pk_get_oid.c deleted file mode 100644 index e25bccbd5ba..00000000000 --- a/libs/tomcrypt/src/misc/pk_get_oid.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_DER -static const oid_st rsa_oid = { - { 1, 2, 840, 113549, 1, 1, 1 }, - 7, -}; - -static const oid_st dsa_oid = { - { 1, 2, 840, 10040, 4, 1 }, - 6, -}; - -/* - Returns the OID of the public key algorithm. - @return CRYPT_OK if valid -*/ -int pk_get_oid(int pk, oid_st *st) -{ - switch (pk) { - case PKA_RSA: - XMEMCPY(st, &rsa_oid, sizeof(*st)); - break; - case PKA_DSA: - XMEMCPY(st, &dsa_oid, sizeof(*st)); - break; - default: - return CRYPT_INVALID_ARG; - } - return CRYPT_OK; -} -#endif diff --git a/libs/tomcrypt/src/misc/pkcs5/pkcs_5_1.c b/libs/tomcrypt/src/misc/pkcs5/pkcs_5_1.c deleted file mode 100644 index a1caa78eac6..00000000000 --- a/libs/tomcrypt/src/misc/pkcs5/pkcs_5_1.c +++ /dev/null @@ -1,183 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pkcs_5_1.c - PKCS #5, Algorithm #1, Tom St Denis -*/ -#ifdef LTC_PKCS_5 -/** - Execute PKCS #5 v1 in strict or OpenSSL EVP_BytesToKey()-compat mode. - - PKCS#5 v1 specifies that the output key length can be no larger than - the hash output length. OpenSSL unilaterally extended that by repeating - the hash process on a block-by-block basis for as long as needed to make - bigger keys. If you want to be compatible with KDF for e.g. "openssl enc", - you'll want that. - - If you want strict PKCS behavior, turn openssl_compat off. Or (more - likely), use one of the convenience functions below. - - @param password The password (or key) - @param password_len The length of the password (octet) - @param salt The salt (or nonce) which is 8 octets long - @param iteration_count The PKCS #5 v1 iteration count - @param hash_idx The index of the hash desired - @param out [out] The destination for this algorithm - @param outlen [in/out] The max size and resulting size of the algorithm output - @param openssl_compat [in] Whether or not to grow the key to the buffer size ala OpenSSL - @return CRYPT_OK if successful -*/ -static int _pkcs_5_alg1_common(const unsigned char *password, - unsigned long password_len, - const unsigned char *salt, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen, - int openssl_compat) -{ - int err; - unsigned long x; - hash_state *md; - unsigned char *buf; - /* Storage vars in case we need to support > hashsize (OpenSSL compat) */ - unsigned long block = 0, iter; - /* How many bytes to put in the outbut buffer (convenience calc) */ - unsigned long outidx = 0, nb = 0; - - LTC_ARGCHK(password != NULL); - LTC_ARGCHK(salt != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* test hash IDX */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - - /* allocate memory */ - md = XMALLOC(sizeof(hash_state)); - buf = XMALLOC(MAXBLOCKSIZE); - if (md == NULL || buf == NULL) { - if (md != NULL) { - XFREE(md); - } - if (buf != NULL) { - XFREE(buf); - } - return CRYPT_MEM; - } - - while(block * hash_descriptor[hash_idx].hashsize < *outlen) { - - /* hash initial (maybe previous hash) + password + salt */ - if ((err = hash_descriptor[hash_idx].init(md)) != CRYPT_OK) { - goto LBL_ERR; - } - /* in OpenSSL mode, we first hash the previous result for blocks 2-n */ - if (openssl_compat && block) { - if ((err = hash_descriptor[hash_idx].process(md, buf, hash_descriptor[hash_idx].hashsize)) != CRYPT_OK) { - goto LBL_ERR; - } - } - if ((err = hash_descriptor[hash_idx].process(md, password, password_len)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].process(md, salt, 8)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].done(md, buf)) != CRYPT_OK) { - goto LBL_ERR; - } - - iter = iteration_count; - while (--iter) { - /* code goes here. */ - x = MAXBLOCKSIZE; - if ((err = hash_memory(hash_idx, buf, hash_descriptor[hash_idx].hashsize, buf, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* limit the size of the copy to however many bytes we have left in - the output buffer (and how many bytes we have to copy) */ - outidx = block*hash_descriptor[hash_idx].hashsize; - nb = hash_descriptor[hash_idx].hashsize; - if(outidx+nb > *outlen) - nb = *outlen - outidx; - if(nb > 0) - XMEMCPY(out+outidx, buf, nb); - - block++; - if (!openssl_compat) - break; - } - /* In strict mode, we always return the hashsize, in compat we filled it - as much as was requested, so we leave it alone. */ - if(!openssl_compat) - *outlen = hash_descriptor[hash_idx].hashsize; - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(buf, MAXBLOCKSIZE); - zeromem(md, sizeof(hash_state)); -#endif - - XFREE(buf); - XFREE(md); - - return err; -} - -/** - Execute PKCS #5 v1 - Strict mode (no OpenSSL-compatible extension) - @param password The password (or key) - @param password_len The length of the password (octet) - @param salt The salt (or nonce) which is 8 octets long - @param iteration_count The PKCS #5 v1 iteration count - @param hash_idx The index of the hash desired - @param out [out] The destination for this algorithm - @param outlen [in/out] The max size and resulting size of the algorithm output - @return CRYPT_OK if successful -*/ -int pkcs_5_alg1(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen) -{ - return _pkcs_5_alg1_common(password, password_len, salt, iteration_count, - hash_idx, out, outlen, 0); -} - -/** - Execute PKCS #5 v1 - OpenSSL-extension-compatible mode - - Use this one if you need to derive keys as "openssl enc" does by default. - OpenSSL (for better or worse), uses MD5 as the hash and iteration_count=1. - @param password The password (or key) - @param password_len The length of the password (octet) - @param salt The salt (or nonce) which is 8 octets long - @param iteration_count The PKCS #5 v1 iteration count - @param hash_idx The index of the hash desired - @param out [out] The destination for this algorithm - @param outlen [in/out] The max size and resulting size of the algorithm output - @return CRYPT_OK if successful -*/ -int pkcs_5_alg1_openssl(const unsigned char *password, - unsigned long password_len, - const unsigned char *salt, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen) -{ - return _pkcs_5_alg1_common(password, password_len, salt, iteration_count, - hash_idx, out, outlen, 1); -} - -#endif diff --git a/libs/tomcrypt/src/misc/pkcs5/pkcs_5_2.c b/libs/tomcrypt/src/misc/pkcs5/pkcs_5_2.c deleted file mode 100644 index 15db38e9b83..00000000000 --- a/libs/tomcrypt/src/misc/pkcs5/pkcs_5_2.c +++ /dev/null @@ -1,122 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pkcs_5_2.c - PKCS #5, Algorithm #2, Tom St Denis -*/ -#ifdef LTC_PKCS_5 - -/** - Execute PKCS #5 v2 - @param password The input password (or key) - @param password_len The length of the password (octets) - @param salt The salt (or nonce) - @param salt_len The length of the salt (octets) - @param iteration_count # of iterations desired for PKCS #5 v2 [read specs for more] - @param hash_idx The index of the hash desired - @param out [out] The destination for this algorithm - @param outlen [in/out] The max size and resulting size of the algorithm output - @return CRYPT_OK if successful -*/ -int pkcs_5_alg2(const unsigned char *password, unsigned long password_len, - const unsigned char *salt, unsigned long salt_len, - int iteration_count, int hash_idx, - unsigned char *out, unsigned long *outlen) -{ - int err, itts; - ulong32 blkno; - unsigned long stored, left, x, y; - unsigned char *buf[2]; - hmac_state *hmac; - - LTC_ARGCHK(password != NULL); - LTC_ARGCHK(salt != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* test hash IDX */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - - buf[0] = XMALLOC(MAXBLOCKSIZE * 2); - hmac = XMALLOC(sizeof(hmac_state)); - if (hmac == NULL || buf[0] == NULL) { - if (hmac != NULL) { - XFREE(hmac); - } - if (buf[0] != NULL) { - XFREE(buf[0]); - } - return CRYPT_MEM; - } - /* buf[1] points to the second block of MAXBLOCKSIZE bytes */ - buf[1] = buf[0] + MAXBLOCKSIZE; - - left = *outlen; - blkno = 1; - stored = 0; - while (left != 0) { - /* process block number blkno */ - zeromem(buf[0], MAXBLOCKSIZE*2); - - /* store current block number and increment for next pass */ - STORE32H(blkno, buf[1]); - ++blkno; - - /* get PRF(P, S||int(blkno)) */ - if ((err = hmac_init(hmac, hash_idx, password, password_len)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hmac_process(hmac, salt, salt_len)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hmac_process(hmac, buf[1], 4)) != CRYPT_OK) { - goto LBL_ERR; - } - x = MAXBLOCKSIZE; - if ((err = hmac_done(hmac, buf[0], &x)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* now compute repeated and XOR it in buf[1] */ - XMEMCPY(buf[1], buf[0], x); - for (itts = 1; itts < iteration_count; ++itts) { - if ((err = hmac_memory(hash_idx, password, password_len, buf[0], x, buf[0], &x)) != CRYPT_OK) { - goto LBL_ERR; - } - for (y = 0; y < x; y++) { - buf[1][y] ^= buf[0][y]; - } - } - - /* now emit upto x bytes of buf[1] to output */ - for (y = 0; y < x && left != 0; ++y) { - out[stored++] = buf[1][y]; - --left; - } - } - *outlen = stored; - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(buf[0], MAXBLOCKSIZE*2); - zeromem(hmac, sizeof(hmac_state)); -#endif - - XFREE(hmac); - XFREE(buf[0]); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/misc/zeromem.c b/libs/tomcrypt/src/misc/zeromem.c deleted file mode 100644 index 9776b1d03e3..00000000000 --- a/libs/tomcrypt/src/misc/zeromem.c +++ /dev/null @@ -1,28 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file zeromem.c - Zero a block of memory, Tom St Denis -*/ - -/** - Zero a block of memory - @param out The destination of the area to zero - @param outlen The length of the area to zero (octets) -*/ -void zeromem(volatile void *out, size_t outlen) -{ - volatile char *mem = out; - LTC_ARGCHKVD(out != NULL); - while (outlen-- > 0) { - *mem++ = '\0'; - } -} diff --git a/libs/tomcrypt/src/modes/cbc/cbc_decrypt.c b/libs/tomcrypt/src/modes/cbc/cbc_decrypt.c deleted file mode 100644 index 7396df53063..00000000000 --- a/libs/tomcrypt/src/modes/cbc/cbc_decrypt.c +++ /dev/null @@ -1,91 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cbc_decrypt.c - CBC implementation, encrypt block, Tom St Denis -*/ - - -#ifdef LTC_CBC_MODE - -/** - CBC decrypt - @param ct Ciphertext - @param pt [out] Plaintext - @param len The number of bytes to process (must be multiple of block length) - @param cbc CBC state - @return CRYPT_OK if successful -*/ -int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CBC *cbc) -{ - int x, err; - unsigned char tmp[16]; -#ifdef LTC_FAST - LTC_FAST_TYPE tmpy; -#else - unsigned char tmpy; -#endif - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(cbc != NULL); - - if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { - return err; - } - - /* is blocklen valid? */ - if (cbc->blocklen < 1 || cbc->blocklen > (int)sizeof(cbc->IV) || cbc->blocklen > (int)sizeof(tmp)) { - return CRYPT_INVALID_ARG; - } - - if (len % cbc->blocklen) { - return CRYPT_INVALID_ARG; - } -#ifdef LTC_FAST - if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - if (cipher_descriptor[cbc->cipher].accel_cbc_decrypt != NULL) { - return cipher_descriptor[cbc->cipher].accel_cbc_decrypt(ct, pt, len / cbc->blocklen, cbc->IV, &cbc->key); - } else { - while (len) { - /* decrypt */ - if ((err = cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key)) != CRYPT_OK) { - return err; - } - - /* xor IV against plaintext */ - #if defined(LTC_FAST) - for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { - tmpy = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) ^ *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)tmp + x)); - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)); - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)) = tmpy; - } - #else - for (x = 0; x < cbc->blocklen; x++) { - tmpy = tmp[x] ^ cbc->IV[x]; - cbc->IV[x] = ct[x]; - pt[x] = tmpy; - } - #endif - - ct += cbc->blocklen; - pt += cbc->blocklen; - len -= cbc->blocklen; - } - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/cbc/cbc_done.c b/libs/tomcrypt/src/modes/cbc/cbc_done.c deleted file mode 100644 index 3a2f1572858..00000000000 --- a/libs/tomcrypt/src/modes/cbc/cbc_done.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cbc_done.c - CBC implementation, finish chain, Tom St Denis -*/ - -#ifdef LTC_CBC_MODE - -/** Terminate the chain - @param cbc The CBC chain to terminate - @return CRYPT_OK on success -*/ -int cbc_done(symmetric_CBC *cbc) -{ - int err; - LTC_ARGCHK(cbc != NULL); - - if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { - return err; - } - cipher_descriptor[cbc->cipher].done(&cbc->key); - return CRYPT_OK; -} - - - -#endif diff --git a/libs/tomcrypt/src/modes/cbc/cbc_encrypt.c b/libs/tomcrypt/src/modes/cbc/cbc_encrypt.c deleted file mode 100644 index 3ad488658bb..00000000000 --- a/libs/tomcrypt/src/modes/cbc/cbc_encrypt.c +++ /dev/null @@ -1,92 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cbc_encrypt.c - CBC implementation, encrypt block, Tom St Denis -*/ - - -#ifdef LTC_CBC_MODE - -/** - CBC encrypt - @param pt Plaintext - @param ct [out] Ciphertext - @param len The number of bytes to process (must be multiple of block length) - @param cbc CBC state - @return CRYPT_OK if successful -*/ -int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc) -{ - int x, err; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(cbc != NULL); - - if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) { - return err; - } - - /* is blocklen valid? */ - if (cbc->blocklen < 1 || cbc->blocklen > (int)sizeof(cbc->IV)) { - return CRYPT_INVALID_ARG; - } - - if (len % cbc->blocklen) { - return CRYPT_INVALID_ARG; - } -#ifdef LTC_FAST - if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - if (cipher_descriptor[cbc->cipher].accel_cbc_encrypt != NULL) { - return cipher_descriptor[cbc->cipher].accel_cbc_encrypt(pt, ct, len / cbc->blocklen, cbc->IV, &cbc->key); - } else { - while (len) { - /* xor IV against plaintext */ - #if defined(LTC_FAST) - for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) ^= *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)); - } - #else - for (x = 0; x < cbc->blocklen; x++) { - cbc->IV[x] ^= pt[x]; - } - #endif - - /* encrypt */ - if ((err = cipher_descriptor[cbc->cipher].ecb_encrypt(cbc->IV, ct, &cbc->key)) != CRYPT_OK) { - return err; - } - - /* store IV [ciphertext] for a future block */ - #if defined(LTC_FAST) - for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)); - } - #else - for (x = 0; x < cbc->blocklen; x++) { - cbc->IV[x] = ct[x]; - } - #endif - - ct += cbc->blocklen; - pt += cbc->blocklen; - len -= cbc->blocklen; - } - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/cbc/cbc_getiv.c b/libs/tomcrypt/src/modes/cbc/cbc_getiv.c deleted file mode 100644 index 74220759904..00000000000 --- a/libs/tomcrypt/src/modes/cbc/cbc_getiv.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cbc_getiv.c - CBC implementation, get IV, Tom St Denis -*/ - -#ifdef LTC_CBC_MODE - -/** - Get the current initialization vector - @param IV [out] The destination of the initialization vector - @param len [in/out] The max size and resulting size of the initialization vector - @param cbc The CBC state - @return CRYPT_OK if successful -*/ -int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc) -{ - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(len != NULL); - LTC_ARGCHK(cbc != NULL); - if ((unsigned long)cbc->blocklen > *len) { - *len = cbc->blocklen; - return CRYPT_BUFFER_OVERFLOW; - } - XMEMCPY(IV, cbc->IV, cbc->blocklen); - *len = cbc->blocklen; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/cbc/cbc_setiv.c b/libs/tomcrypt/src/modes/cbc/cbc_setiv.c deleted file mode 100644 index 76fc05d5c7b..00000000000 --- a/libs/tomcrypt/src/modes/cbc/cbc_setiv.c +++ /dev/null @@ -1,37 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cbc_setiv.c - CBC implementation, set IV, Tom St Denis -*/ - - -#ifdef LTC_CBC_MODE - -/** - Set an initialization vector - @param IV The initialization vector - @param len The length of the vector (in octets) - @param cbc The CBC state - @return CRYPT_OK if successful -*/ -int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc) -{ - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(cbc != NULL); - if (len != (unsigned long)cbc->blocklen) { - return CRYPT_INVALID_ARG; - } - XMEMCPY(cbc->IV, IV, len); - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/cbc/cbc_start.c b/libs/tomcrypt/src/modes/cbc/cbc_start.c deleted file mode 100644 index 38ec33a1c49..00000000000 --- a/libs/tomcrypt/src/modes/cbc/cbc_start.c +++ /dev/null @@ -1,56 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cbc_start.c - CBC implementation, start chain, Tom St Denis -*/ - -#ifdef LTC_CBC_MODE - -/** - Initialize a CBC context - @param cipher The index of the cipher desired - @param IV The initialization vector - @param key The secret key - @param keylen The length of the secret key (octets) - @param num_rounds Number of rounds in the cipher desired (0 for default) - @param cbc The CBC state to initialize - @return CRYPT_OK if successful -*/ -int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key, - int keylen, int num_rounds, symmetric_CBC *cbc) -{ - int x, err; - - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(cbc != NULL); - - /* bad param? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - /* setup cipher */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cbc->key)) != CRYPT_OK) { - return err; - } - - /* copy IV */ - cbc->blocklen = cipher_descriptor[cipher].block_length; - cbc->cipher = cipher; - for (x = 0; x < cbc->blocklen; x++) { - cbc->IV[x] = IV[x]; - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/cfb/cfb_decrypt.c b/libs/tomcrypt/src/modes/cfb/cfb_decrypt.c deleted file mode 100644 index 026cd7cf45c..00000000000 --- a/libs/tomcrypt/src/modes/cfb/cfb_decrypt.c +++ /dev/null @@ -1,60 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cfb_decrypt.c - CFB implementation, decrypt data, Tom St Denis -*/ - -#ifdef LTC_CFB_MODE - -/** - CFB decrypt - @param ct Ciphertext - @param pt [out] Plaintext - @param len Length of ciphertext (octets) - @param cfb CFB state - @return CRYPT_OK if successful -*/ -int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb) -{ - int err; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(cfb != NULL); - - if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { - return err; - } - - /* is blocklen/padlen valid? */ - if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) || - cfb->padlen < 0 || cfb->padlen > (int)sizeof(cfb->pad)) { - return CRYPT_INVALID_ARG; - } - - while (len-- > 0) { - if (cfb->padlen == cfb->blocklen) { - if ((err = cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key)) != CRYPT_OK) { - return err; - } - cfb->padlen = 0; - } - cfb->pad[cfb->padlen] = *ct; - *pt = *ct ^ cfb->IV[cfb->padlen]; - ++pt; - ++ct; - ++(cfb->padlen); - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/cfb/cfb_done.c b/libs/tomcrypt/src/modes/cfb/cfb_done.c deleted file mode 100644 index 1de444ab202..00000000000 --- a/libs/tomcrypt/src/modes/cfb/cfb_done.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cfb_done.c - CFB implementation, finish chain, Tom St Denis -*/ - -#ifdef LTC_CFB_MODE - -/** Terminate the chain - @param cfb The CFB chain to terminate - @return CRYPT_OK on success -*/ -int cfb_done(symmetric_CFB *cfb) -{ - int err; - LTC_ARGCHK(cfb != NULL); - - if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { - return err; - } - cipher_descriptor[cfb->cipher].done(&cfb->key); - return CRYPT_OK; -} - - - -#endif diff --git a/libs/tomcrypt/src/modes/cfb/cfb_encrypt.c b/libs/tomcrypt/src/modes/cfb/cfb_encrypt.c deleted file mode 100644 index 8dcec22bf7c..00000000000 --- a/libs/tomcrypt/src/modes/cfb/cfb_encrypt.c +++ /dev/null @@ -1,59 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cfb_encrypt.c - CFB implementation, encrypt data, Tom St Denis -*/ - -#ifdef LTC_CFB_MODE - -/** - CFB encrypt - @param pt Plaintext - @param ct [out] Ciphertext - @param len Length of plaintext (octets) - @param cfb CFB state - @return CRYPT_OK if successful -*/ -int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb) -{ - int err; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(cfb != NULL); - - if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { - return err; - } - - /* is blocklen/padlen valid? */ - if (cfb->blocklen < 0 || cfb->blocklen > (int)sizeof(cfb->IV) || - cfb->padlen < 0 || cfb->padlen > (int)sizeof(cfb->pad)) { - return CRYPT_INVALID_ARG; - } - - while (len-- > 0) { - if (cfb->padlen == cfb->blocklen) { - if ((err = cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->pad, cfb->IV, &cfb->key)) != CRYPT_OK) { - return err; - } - cfb->padlen = 0; - } - cfb->pad[cfb->padlen] = (*ct = *pt ^ cfb->IV[cfb->padlen]); - ++pt; - ++ct; - ++(cfb->padlen); - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/cfb/cfb_getiv.c b/libs/tomcrypt/src/modes/cfb/cfb_getiv.c deleted file mode 100644 index 0a615e71e8e..00000000000 --- a/libs/tomcrypt/src/modes/cfb/cfb_getiv.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cfb_getiv.c - CFB implementation, get IV, Tom St Denis -*/ - -#ifdef LTC_CFB_MODE - -/** - Get the current initialization vector - @param IV [out] The destination of the initialization vector - @param len [in/out] The max size and resulting size of the initialization vector - @param cfb The CFB state - @return CRYPT_OK if successful -*/ -int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb) -{ - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(len != NULL); - LTC_ARGCHK(cfb != NULL); - if ((unsigned long)cfb->blocklen > *len) { - *len = cfb->blocklen; - return CRYPT_BUFFER_OVERFLOW; - } - XMEMCPY(IV, cfb->IV, cfb->blocklen); - *len = cfb->blocklen; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/cfb/cfb_setiv.c b/libs/tomcrypt/src/modes/cfb/cfb_setiv.c deleted file mode 100644 index 76063758b04..00000000000 --- a/libs/tomcrypt/src/modes/cfb/cfb_setiv.c +++ /dev/null @@ -1,45 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cfb_setiv.c - CFB implementation, set IV, Tom St Denis -*/ - -#ifdef LTC_CFB_MODE - -/** - Set an initialization vector - @param IV The initialization vector - @param len The length of the vector (in octets) - @param cfb The CFB state - @return CRYPT_OK if successful -*/ -int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb) -{ - int err; - - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(cfb != NULL); - - if ((err = cipher_is_valid(cfb->cipher)) != CRYPT_OK) { - return err; - } - - if (len != (unsigned long)cfb->blocklen) { - return CRYPT_INVALID_ARG; - } - - /* force next block */ - cfb->padlen = 0; - return cipher_descriptor[cfb->cipher].ecb_encrypt(IV, cfb->IV, &cfb->key); -} - -#endif diff --git a/libs/tomcrypt/src/modes/cfb/cfb_start.c b/libs/tomcrypt/src/modes/cfb/cfb_start.c deleted file mode 100644 index b767160a233..00000000000 --- a/libs/tomcrypt/src/modes/cfb/cfb_start.c +++ /dev/null @@ -1,59 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file cfb_start.c - CFB implementation, start chain, Tom St Denis -*/ - - -#ifdef LTC_CFB_MODE - -/** - Initialize a CFB context - @param cipher The index of the cipher desired - @param IV The initialization vector - @param key The secret key - @param keylen The length of the secret key (octets) - @param num_rounds Number of rounds in the cipher desired (0 for default) - @param cfb The CFB state to initialize - @return CRYPT_OK if successful -*/ -int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, - int keylen, int num_rounds, symmetric_CFB *cfb) -{ - int x, err; - - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(cfb != NULL); - - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - - /* copy data */ - cfb->cipher = cipher; - cfb->blocklen = cipher_descriptor[cipher].block_length; - for (x = 0; x < cfb->blocklen; x++) - cfb->IV[x] = IV[x]; - - /* init the cipher */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cfb->key)) != CRYPT_OK) { - return err; - } - - /* encrypt the IV */ - cfb->padlen = 0; - return cipher_descriptor[cfb->cipher].ecb_encrypt(cfb->IV, cfb->IV, &cfb->key); -} - -#endif diff --git a/libs/tomcrypt/src/modes/ctr/ctr_decrypt.c b/libs/tomcrypt/src/modes/ctr/ctr_decrypt.c deleted file mode 100644 index a597346c725..00000000000 --- a/libs/tomcrypt/src/modes/ctr/ctr_decrypt.c +++ /dev/null @@ -1,35 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ctr_decrypt.c - CTR implementation, decrypt data, Tom St Denis -*/ - -#ifdef LTC_CTR_MODE - -/** - CTR decrypt - @param ct Ciphertext - @param pt [out] Plaintext - @param len Length of ciphertext (octets) - @param ctr CTR state - @return CRYPT_OK if successful -*/ -int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr) -{ - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(ctr != NULL); - - return ctr_encrypt(ct, pt, len, ctr); -} - -#endif diff --git a/libs/tomcrypt/src/modes/ctr/ctr_done.c b/libs/tomcrypt/src/modes/ctr/ctr_done.c deleted file mode 100644 index d6af2718026..00000000000 --- a/libs/tomcrypt/src/modes/ctr/ctr_done.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ctr_done.c - CTR implementation, finish chain, Tom St Denis -*/ - -#ifdef LTC_CTR_MODE - -/** Terminate the chain - @param ctr The CTR chain to terminate - @return CRYPT_OK on success -*/ -int ctr_done(symmetric_CTR *ctr) -{ - int err; - LTC_ARGCHK(ctr != NULL); - - if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { - return err; - } - cipher_descriptor[ctr->cipher].done(&ctr->key); - return CRYPT_OK; -} - - - -#endif diff --git a/libs/tomcrypt/src/modes/ctr/ctr_encrypt.c b/libs/tomcrypt/src/modes/ctr/ctr_encrypt.c deleted file mode 100644 index e94c5ba4ff5..00000000000 --- a/libs/tomcrypt/src/modes/ctr/ctr_encrypt.c +++ /dev/null @@ -1,135 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ctr_encrypt.c - CTR implementation, encrypt data, Tom St Denis -*/ - - -#ifdef LTC_CTR_MODE - -/** - CTR encrypt software implementation - @param pt Plaintext - @param ct [out] Ciphertext - @param len Length of plaintext (octets) - @param ctr CTR state - @return CRYPT_OK if successful -*/ -static int _ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) -{ - int x, err; - - while (len) { - /* is the pad empty? */ - if (ctr->padlen == ctr->blocklen) { - /* increment counter */ - if (ctr->mode == CTR_COUNTER_LITTLE_ENDIAN) { - /* little-endian */ - for (x = 0; x < ctr->ctrlen; x++) { - ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255; - if (ctr->ctr[x] != (unsigned char)0) { - break; - } - } - } else { - /* big-endian */ - for (x = ctr->blocklen-1; x >= ctr->ctrlen; x--) { - ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255; - if (ctr->ctr[x] != (unsigned char)0) { - break; - } - } - } - - /* encrypt it */ - if ((err = cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key)) != CRYPT_OK) { - return err; - } - ctr->padlen = 0; - } -#ifdef LTC_FAST - if ((ctr->padlen == 0) && (len >= (unsigned long)ctr->blocklen)) { - for (x = 0; x < ctr->blocklen; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)) ^ - *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ctr->pad + x)); - } - pt += ctr->blocklen; - ct += ctr->blocklen; - len -= ctr->blocklen; - ctr->padlen = ctr->blocklen; - continue; - } -#endif - *ct++ = *pt++ ^ ctr->pad[ctr->padlen++]; - --len; - } - return CRYPT_OK; -} - -/** - CTR encrypt - @param pt Plaintext - @param ct [out] Ciphertext - @param len Length of plaintext (octets) - @param ctr CTR state - @return CRYPT_OK if successful -*/ -int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr) -{ - int err, fr; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(ctr != NULL); - - if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { - return err; - } - - /* is blocklen/padlen valid? */ - if ((ctr->blocklen < 1) || (ctr->blocklen > (int)sizeof(ctr->ctr)) || - (ctr->padlen < 0) || (ctr->padlen > (int)sizeof(ctr->pad))) { - return CRYPT_INVALID_ARG; - } - -#ifdef LTC_FAST - if (ctr->blocklen % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - /* handle acceleration only if pad is empty, accelerator is present and length is >= a block size */ - if ((cipher_descriptor[ctr->cipher].accel_ctr_encrypt != NULL) && (len >= (unsigned long)ctr->blocklen)) { - if (ctr->padlen < ctr->blocklen) { - fr = ctr->blocklen - ctr->padlen; - if ((err = _ctr_encrypt(pt, ct, fr, ctr)) != CRYPT_OK) { - return err; - } - pt += fr; - ct += fr; - len -= fr; - } - - if (len >= (unsigned long)ctr->blocklen) { - if ((err = cipher_descriptor[ctr->cipher].accel_ctr_encrypt(pt, ct, len/ctr->blocklen, ctr->ctr, ctr->mode, &ctr->key)) != CRYPT_OK) { - return err; - } - pt += (len / ctr->blocklen) * ctr->blocklen; - ct += (len / ctr->blocklen) * ctr->blocklen; - len %= ctr->blocklen; - } - } - - return _ctr_encrypt(pt, ct, len, ctr); -} - -#endif diff --git a/libs/tomcrypt/src/modes/ctr/ctr_getiv.c b/libs/tomcrypt/src/modes/ctr/ctr_getiv.c deleted file mode 100644 index 61d9a3271c3..00000000000 --- a/libs/tomcrypt/src/modes/ctr/ctr_getiv.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ctr_getiv.c - CTR implementation, get IV, Tom St Denis -*/ - -#ifdef LTC_CTR_MODE - -/** - Get the current initialization vector - @param IV [out] The destination of the initialization vector - @param len [in/out] The max size and resulting size of the initialization vector - @param ctr The CTR state - @return CRYPT_OK if successful -*/ -int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr) -{ - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(len != NULL); - LTC_ARGCHK(ctr != NULL); - if ((unsigned long)ctr->blocklen > *len) { - *len = ctr->blocklen; - return CRYPT_BUFFER_OVERFLOW; - } - XMEMCPY(IV, ctr->ctr, ctr->blocklen); - *len = ctr->blocklen; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/ctr/ctr_setiv.c b/libs/tomcrypt/src/modes/ctr/ctr_setiv.c deleted file mode 100644 index 20397b90d54..00000000000 --- a/libs/tomcrypt/src/modes/ctr/ctr_setiv.c +++ /dev/null @@ -1,49 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ctr_setiv.c - CTR implementation, set IV, Tom St Denis -*/ - -#ifdef LTC_CTR_MODE - -/** - Set an initialization vector - @param IV The initialization vector - @param len The length of the vector (in octets) - @param ctr The CTR state - @return CRYPT_OK if successful -*/ -int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr) -{ - int err; - - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(ctr != NULL); - - /* bad param? */ - if ((err = cipher_is_valid(ctr->cipher)) != CRYPT_OK) { - return err; - } - - if (len != (unsigned long)ctr->blocklen) { - return CRYPT_INVALID_ARG; - } - - /* set IV */ - XMEMCPY(ctr->ctr, IV, len); - - /* force next block */ - ctr->padlen = 0; - return cipher_descriptor[ctr->cipher].ecb_encrypt(IV, ctr->pad, &ctr->key); -} - -#endif diff --git a/libs/tomcrypt/src/modes/ctr/ctr_start.c b/libs/tomcrypt/src/modes/ctr/ctr_start.c deleted file mode 100644 index 20f08dfa156..00000000000 --- a/libs/tomcrypt/src/modes/ctr/ctr_start.c +++ /dev/null @@ -1,95 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ctr_start.c - CTR implementation, start chain, Tom St Denis -*/ - - -#ifdef LTC_CTR_MODE - -/** - Initialize a CTR context - @param cipher The index of the cipher desired - @param IV The initialization vector - @param key The secret key - @param keylen The length of the secret key (octets) - @param num_rounds Number of rounds in the cipher desired (0 for default) - @param ctr_mode The counter mode (CTR_COUNTER_LITTLE_ENDIAN or CTR_COUNTER_BIG_ENDIAN) - @param ctr The CTR state to initialize - @return CRYPT_OK if successful -*/ -int ctr_start( int cipher, - const unsigned char *IV, - const unsigned char *key, int keylen, - int num_rounds, int ctr_mode, - symmetric_CTR *ctr) -{ - int x, err; - - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ctr != NULL); - - /* bad param? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - /* ctrlen == counter width */ - ctr->ctrlen = (ctr_mode & 255) ? (ctr_mode & 255) : cipher_descriptor[cipher].block_length; - if (ctr->ctrlen > cipher_descriptor[cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - if ((ctr_mode & 0x1000) == CTR_COUNTER_BIG_ENDIAN) { - ctr->ctrlen = cipher_descriptor[cipher].block_length - ctr->ctrlen; - } - - /* setup cipher */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ctr->key)) != CRYPT_OK) { - return err; - } - - /* copy ctr */ - ctr->blocklen = cipher_descriptor[cipher].block_length; - ctr->cipher = cipher; - ctr->padlen = 0; - ctr->mode = ctr_mode & 0x1000; - for (x = 0; x < ctr->blocklen; x++) { - ctr->ctr[x] = IV[x]; - } - - if (ctr_mode & LTC_CTR_RFC3686) { - /* increment the IV as per RFC 3686 */ - if (ctr->mode == CTR_COUNTER_LITTLE_ENDIAN) { - /* little-endian */ - for (x = 0; x < ctr->ctrlen; x++) { - ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255; - if (ctr->ctr[x] != (unsigned char)0) { - break; - } - } - } else { - /* big-endian */ - for (x = ctr->blocklen-1; x >= ctr->ctrlen; x--) { - ctr->ctr[x] = (ctr->ctr[x] + (unsigned char)1) & (unsigned char)255; - if (ctr->ctr[x] != (unsigned char)0) { - break; - } - } - } - } - - return cipher_descriptor[ctr->cipher].ecb_encrypt(ctr->ctr, ctr->pad, &ctr->key); -} - -#endif diff --git a/libs/tomcrypt/src/modes/ecb/ecb_decrypt.c b/libs/tomcrypt/src/modes/ecb/ecb_decrypt.c deleted file mode 100644 index 2a80c74fcfd..00000000000 --- a/libs/tomcrypt/src/modes/ecb/ecb_decrypt.c +++ /dev/null @@ -1,55 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ecb_decrypt.c - ECB implementation, decrypt a block, Tom St Denis -*/ - -#ifdef LTC_ECB_MODE - -/** - ECB decrypt - @param ct Ciphertext - @param pt [out] Plaintext - @param len The number of octets to process (must be multiple of the cipher block size) - @param ecb ECB state - @return CRYPT_OK if successful -*/ -int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_ECB *ecb) -{ - int err; - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(ecb != NULL); - if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { - return err; - } - if (len % cipher_descriptor[ecb->cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - /* check for accel */ - if (cipher_descriptor[ecb->cipher].accel_ecb_decrypt != NULL) { - return cipher_descriptor[ecb->cipher].accel_ecb_decrypt(ct, pt, len / cipher_descriptor[ecb->cipher].block_length, &ecb->key); - } else { - while (len) { - if ((err = cipher_descriptor[ecb->cipher].ecb_decrypt(ct, pt, &ecb->key)) != CRYPT_OK) { - return err; - } - pt += cipher_descriptor[ecb->cipher].block_length; - ct += cipher_descriptor[ecb->cipher].block_length; - len -= cipher_descriptor[ecb->cipher].block_length; - } - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/ecb/ecb_done.c b/libs/tomcrypt/src/modes/ecb/ecb_done.c deleted file mode 100644 index 1f01dfa5899..00000000000 --- a/libs/tomcrypt/src/modes/ecb/ecb_done.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ecb_done.c - ECB implementation, finish chain, Tom St Denis -*/ - -#ifdef LTC_ECB_MODE - -/** Terminate the chain - @param ecb The ECB chain to terminate - @return CRYPT_OK on success -*/ -int ecb_done(symmetric_ECB *ecb) -{ - int err; - LTC_ARGCHK(ecb != NULL); - - if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { - return err; - } - cipher_descriptor[ecb->cipher].done(&ecb->key); - return CRYPT_OK; -} - - - -#endif diff --git a/libs/tomcrypt/src/modes/ecb/ecb_encrypt.c b/libs/tomcrypt/src/modes/ecb/ecb_encrypt.c deleted file mode 100644 index 7a645985880..00000000000 --- a/libs/tomcrypt/src/modes/ecb/ecb_encrypt.c +++ /dev/null @@ -1,55 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ecb_encrypt.c - ECB implementation, encrypt a block, Tom St Denis -*/ - -#ifdef LTC_ECB_MODE - -/** - ECB encrypt - @param pt Plaintext - @param ct [out] Ciphertext - @param len The number of octets to process (must be multiple of the cipher block size) - @param ecb ECB state - @return CRYPT_OK if successful -*/ -int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb) -{ - int err; - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(ecb != NULL); - if ((err = cipher_is_valid(ecb->cipher)) != CRYPT_OK) { - return err; - } - if (len % cipher_descriptor[ecb->cipher].block_length) { - return CRYPT_INVALID_ARG; - } - - /* check for accel */ - if (cipher_descriptor[ecb->cipher].accel_ecb_encrypt != NULL) { - return cipher_descriptor[ecb->cipher].accel_ecb_encrypt(pt, ct, len / cipher_descriptor[ecb->cipher].block_length, &ecb->key); - } else { - while (len) { - if ((err = cipher_descriptor[ecb->cipher].ecb_encrypt(pt, ct, &ecb->key)) != CRYPT_OK) { - return err; - } - pt += cipher_descriptor[ecb->cipher].block_length; - ct += cipher_descriptor[ecb->cipher].block_length; - len -= cipher_descriptor[ecb->cipher].block_length; - } - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/ecb/ecb_start.c b/libs/tomcrypt/src/modes/ecb/ecb_start.c deleted file mode 100644 index add5fbddf2c..00000000000 --- a/libs/tomcrypt/src/modes/ecb/ecb_start.c +++ /dev/null @@ -1,42 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ecb_start.c - ECB implementation, start chain, Tom St Denis -*/ - - -#ifdef LTC_ECB_MODE - -/** - Initialize a ECB context - @param cipher The index of the cipher desired - @param key The secret key - @param keylen The length of the secret key (octets) - @param num_rounds Number of rounds in the cipher desired (0 for default) - @param ecb The ECB state to initialize - @return CRYPT_OK if successful -*/ -int ecb_start(int cipher, const unsigned char *key, int keylen, int num_rounds, symmetric_ECB *ecb) -{ - int err; - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ecb != NULL); - - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - ecb->cipher = cipher; - ecb->blocklen = cipher_descriptor[cipher].block_length; - return cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ecb->key); -} - -#endif diff --git a/libs/tomcrypt/src/modes/f8/f8_decrypt.c b/libs/tomcrypt/src/modes/f8/f8_decrypt.c deleted file mode 100644 index c740786ff76..00000000000 --- a/libs/tomcrypt/src/modes/f8/f8_decrypt.c +++ /dev/null @@ -1,35 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file f8_decrypt.c - F8 implementation, decrypt data, Tom St Denis -*/ - -#ifdef LTC_F8_MODE - -/** - F8 decrypt - @param ct Ciphertext - @param pt [out] Plaintext - @param len Length of ciphertext (octets) - @param f8 F8 state - @return CRYPT_OK if successful -*/ -int f8_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_F8 *f8) -{ - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(f8 != NULL); - return f8_encrypt(ct, pt, len, f8); -} - - -#endif diff --git a/libs/tomcrypt/src/modes/f8/f8_done.c b/libs/tomcrypt/src/modes/f8/f8_done.c deleted file mode 100644 index 09afa80a1cb..00000000000 --- a/libs/tomcrypt/src/modes/f8/f8_done.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file f8_done.c - F8 implementation, finish chain, Tom St Denis -*/ - -#ifdef LTC_F8_MODE - -/** Terminate the chain - @param f8 The F8 chain to terminate - @return CRYPT_OK on success -*/ -int f8_done(symmetric_F8 *f8) -{ - int err; - LTC_ARGCHK(f8 != NULL); - - if ((err = cipher_is_valid(f8->cipher)) != CRYPT_OK) { - return err; - } - cipher_descriptor[f8->cipher].done(&f8->key); - return CRYPT_OK; -} - - - -#endif diff --git a/libs/tomcrypt/src/modes/f8/f8_encrypt.c b/libs/tomcrypt/src/modes/f8/f8_encrypt.c deleted file mode 100644 index ff995f440b9..00000000000 --- a/libs/tomcrypt/src/modes/f8/f8_encrypt.c +++ /dev/null @@ -1,97 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file f8_encrypt.c - F8 implementation, encrypt data, Tom St Denis -*/ - -#ifdef LTC_F8_MODE - -/** - F8 encrypt - @param pt Plaintext - @param ct [out] Ciphertext - @param len Length of plaintext (octets) - @param f8 F8 state - @return CRYPT_OK if successful -*/ -int f8_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_F8 *f8) -{ - int err, x; - unsigned char buf[MAXBLOCKSIZE]; - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(f8 != NULL); - if ((err = cipher_is_valid(f8->cipher)) != CRYPT_OK) { - return err; - } - - /* is blocklen/padlen valid? */ - if (f8->blocklen < 0 || f8->blocklen > (int)sizeof(f8->IV) || - f8->padlen < 0 || f8->padlen > (int)sizeof(f8->IV)) { - return CRYPT_INVALID_ARG; - } - - zeromem(buf, sizeof(buf)); - - /* make sure the pad is empty */ - if (f8->padlen == f8->blocklen) { - /* xor of IV, MIV and blockcnt == what goes into cipher */ - STORE32H(f8->blockcnt, (buf+(f8->blocklen-4))); - ++(f8->blockcnt); - for (x = 0; x < f8->blocklen; x++) { - f8->IV[x] ^= f8->MIV[x] ^ buf[x]; - } - if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(f8->IV, f8->IV, &f8->key)) != CRYPT_OK) { - return err; - } - f8->padlen = 0; - } - -#ifdef LTC_FAST - if (f8->padlen == 0) { - while (len >= (unsigned long)f8->blocklen) { - STORE32H(f8->blockcnt, (buf+(f8->blocklen-4))); - ++(f8->blockcnt); - for (x = 0; x < f8->blocklen; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&ct[x])) = *(LTC_FAST_TYPE_PTR_CAST(&pt[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&f8->IV[x])); - *(LTC_FAST_TYPE_PTR_CAST(&f8->IV[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&f8->MIV[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&buf[x])); - } - if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(f8->IV, f8->IV, &f8->key)) != CRYPT_OK) { - return err; - } - len -= x; - pt += x; - ct += x; - } - } -#endif - - while (len > 0) { - if (f8->padlen == f8->blocklen) { - /* xor of IV, MIV and blockcnt == what goes into cipher */ - STORE32H(f8->blockcnt, (buf+(f8->blocklen-4))); - ++(f8->blockcnt); - for (x = 0; x < f8->blocklen; x++) { - f8->IV[x] ^= f8->MIV[x] ^ buf[x]; - } - if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(f8->IV, f8->IV, &f8->key)) != CRYPT_OK) { - return err; - } - f8->padlen = 0; - } - *ct++ = *pt++ ^ f8->IV[f8->padlen++]; - --len; - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/f8/f8_getiv.c b/libs/tomcrypt/src/modes/f8/f8_getiv.c deleted file mode 100644 index 93e7c42829d..00000000000 --- a/libs/tomcrypt/src/modes/f8/f8_getiv.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ofb_getiv.c - F8 implementation, get IV, Tom St Denis -*/ - -#ifdef LTC_F8_MODE - -/** - Get the current initialization vector - @param IV [out] The destination of the initialization vector - @param len [in/out] The max size and resulting size of the initialization vector - @param f8 The F8 state - @return CRYPT_OK if successful -*/ -int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8) -{ - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(len != NULL); - LTC_ARGCHK(f8 != NULL); - if ((unsigned long)f8->blocklen > *len) { - *len = f8->blocklen; - return CRYPT_BUFFER_OVERFLOW; - } - XMEMCPY(IV, f8->IV, f8->blocklen); - *len = f8->blocklen; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/f8/f8_setiv.c b/libs/tomcrypt/src/modes/f8/f8_setiv.c deleted file mode 100644 index 0aaa7dccf86..00000000000 --- a/libs/tomcrypt/src/modes/f8/f8_setiv.c +++ /dev/null @@ -1,45 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file f8_setiv.c - F8 implementation, set IV, Tom St Denis -*/ - -#ifdef LTC_F8_MODE - -/** - Set an initialization vector - @param IV The initialization vector - @param len The length of the vector (in octets) - @param f8 The F8 state - @return CRYPT_OK if successful -*/ -int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8) -{ - int err; - - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(f8 != NULL); - - if ((err = cipher_is_valid(f8->cipher)) != CRYPT_OK) { - return err; - } - - if (len != (unsigned long)f8->blocklen) { - return CRYPT_INVALID_ARG; - } - - /* force next block */ - f8->padlen = 0; - return cipher_descriptor[f8->cipher].ecb_encrypt(IV, f8->IV, &f8->key); -} - -#endif diff --git a/libs/tomcrypt/src/modes/f8/f8_start.c b/libs/tomcrypt/src/modes/f8/f8_start.c deleted file mode 100644 index a5102b0d777..00000000000 --- a/libs/tomcrypt/src/modes/f8/f8_start.c +++ /dev/null @@ -1,92 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file f8_start.c - F8 implementation, start chain, Tom St Denis -*/ - - -#ifdef LTC_F8_MODE - -/** - Initialize an F8 context - @param cipher The index of the cipher desired - @param IV The initialization vector - @param key The secret key - @param keylen The length of the secret key (octets) - @param salt_key The salting key for the IV - @param skeylen The length of the salting key (octets) - @param num_rounds Number of rounds in the cipher desired (0 for default) - @param f8 The F8 state to initialize - @return CRYPT_OK if successful -*/ -int f8_start( int cipher, const unsigned char *IV, - const unsigned char *key, int keylen, - const unsigned char *salt_key, int skeylen, - int num_rounds, symmetric_F8 *f8) -{ - int x, err; - unsigned char tkey[MAXBLOCKSIZE]; - - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(salt_key != NULL); - LTC_ARGCHK(f8 != NULL); - - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - -#ifdef LTC_FAST - if (cipher_descriptor[cipher].block_length % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - /* copy details */ - f8->blockcnt = 0; - f8->cipher = cipher; - f8->blocklen = cipher_descriptor[cipher].block_length; - f8->padlen = f8->blocklen; - - /* now get key ^ salt_key [extend salt_ket with 0x55 as required to match length] */ - zeromem(tkey, sizeof(tkey)); - for (x = 0; x < keylen && x < (int)sizeof(tkey); x++) { - tkey[x] = key[x]; - } - for (x = 0; x < skeylen && x < (int)sizeof(tkey); x++) { - tkey[x] ^= salt_key[x]; - } - for (; x < keylen && x < (int)sizeof(tkey); x++) { - tkey[x] ^= 0x55; - } - - /* now encrypt with tkey[0..keylen-1] the IV and use that as the IV */ - if ((err = cipher_descriptor[cipher].setup(tkey, keylen, num_rounds, &f8->key)) != CRYPT_OK) { - return err; - } - - /* encrypt IV */ - if ((err = cipher_descriptor[f8->cipher].ecb_encrypt(IV, f8->MIV, &f8->key)) != CRYPT_OK) { - cipher_descriptor[f8->cipher].done(&f8->key); - return err; - } - zeromem(tkey, sizeof(tkey)); - zeromem(f8->IV, sizeof(f8->IV)); - - /* terminate this cipher */ - cipher_descriptor[f8->cipher].done(&f8->key); - - /* init the cipher */ - return cipher_descriptor[cipher].setup(key, keylen, num_rounds, &f8->key); -} - -#endif diff --git a/libs/tomcrypt/src/modes/f8/f8_test_mode.c b/libs/tomcrypt/src/modes/f8/f8_test_mode.c deleted file mode 100644 index 0643135745c..00000000000 --- a/libs/tomcrypt/src/modes/f8/f8_test_mode.c +++ /dev/null @@ -1,70 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file f8_test_mode.c - F8 implementation, test, Tom St Denis -*/ - - -#ifdef LTC_F8_MODE - -int f8_test_mode(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - static const unsigned char key[16] = { 0x23, 0x48, 0x29, 0x00, 0x84, 0x67, 0xbe, 0x18, - 0x6c, 0x3d, 0xe1, 0x4a, 0xae, 0x72, 0xd6, 0x2c }; - static const unsigned char salt[4] = { 0x32, 0xf2, 0x87, 0x0d }; - static const unsigned char IV[16] = { 0x00, 0x6e, 0x5c, 0xba, 0x50, 0x68, 0x1d, 0xe5, - 0x5c, 0x62, 0x15, 0x99, 0xd4, 0x62, 0x56, 0x4a }; - static const unsigned char pt[39] = { 0x70, 0x73, 0x65, 0x75, 0x64, 0x6f, 0x72, 0x61, - 0x6e, 0x64, 0x6f, 0x6d, 0x6e, 0x65, 0x73, 0x73, - 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, - 0x6e, 0x65, 0x78, 0x74, 0x20, 0x62, 0x65, 0x73, - 0x74, 0x20, 0x74, 0x68, 0x69, 0x6e, 0x67 }; - static const unsigned char ct[39] = { 0x01, 0x9c, 0xe7, 0xa2, 0x6e, 0x78, 0x54, 0x01, - 0x4a, 0x63, 0x66, 0xaa, 0x95, 0xd4, 0xee, 0xfd, - 0x1a, 0xd4, 0x17, 0x2a, 0x14, 0xf9, 0xfa, 0xf4, - 0x55, 0xb7, 0xf1, 0xd4, 0xb6, 0x2b, 0xd0, 0x8f, - 0x56, 0x2c, 0x0e, 0xef, 0x7c, 0x48, 0x02 }; - unsigned char buf[39]; - symmetric_F8 f8; - int err, idx; - - idx = find_cipher("aes"); - if (idx == -1) { - idx = find_cipher("rijndael"); - if (idx == -1) return CRYPT_NOP; - } - - /* initialize the context */ - if ((err = f8_start(idx, IV, key, sizeof(key), salt, sizeof(salt), 0, &f8)) != CRYPT_OK) { - return err; - } - - /* encrypt block */ - if ((err = f8_encrypt(pt, buf, sizeof(pt), &f8)) != CRYPT_OK) { - f8_done(&f8); - return err; - } - f8_done(&f8); - - /* compare */ - if (compare_testvector(buf, sizeof(ct), ct, sizeof(ct), "f8", 0)) { - return CRYPT_FAIL_TESTVECTOR; - } - - return CRYPT_OK; -#endif -} - -#endif diff --git a/libs/tomcrypt/src/modes/lrw/lrw_decrypt.c b/libs/tomcrypt/src/modes/lrw/lrw_decrypt.c deleted file mode 100644 index eff45e9de94..00000000000 --- a/libs/tomcrypt/src/modes/lrw/lrw_decrypt.c +++ /dev/null @@ -1,45 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file lrw_decrypt.c - LRW_MODE implementation, Decrypt blocks, Tom St Denis -*/ - -#ifdef LTC_LRW_MODE - -/** - LRW decrypt blocks - @param ct The ciphertext - @param pt [out] The plaintext - @param len The length in octets, must be a multiple of 16 - @param lrw The LRW state -*/ -int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw) -{ - int err; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(lrw != NULL); - - if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { - return err; - } - - if (cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) { - return cipher_descriptor[lrw->cipher].accel_lrw_decrypt(ct, pt, len, lrw->IV, lrw->tweak, &lrw->key); - } - - return lrw_process(ct, pt, len, LRW_DECRYPT, lrw); -} - - -#endif diff --git a/libs/tomcrypt/src/modes/lrw/lrw_done.c b/libs/tomcrypt/src/modes/lrw/lrw_done.c deleted file mode 100644 index 5e294f0d695..00000000000 --- a/libs/tomcrypt/src/modes/lrw/lrw_done.c +++ /dev/null @@ -1,37 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file lrw_done.c - LRW_MODE implementation, Free resources, Tom St Denis -*/ - -#ifdef LTC_LRW_MODE - -/** - Terminate a LRW state - @param lrw The state to terminate - @return CRYPT_OK if successful -*/ -int lrw_done(symmetric_LRW *lrw) -{ - int err; - - LTC_ARGCHK(lrw != NULL); - - if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { - return err; - } - cipher_descriptor[lrw->cipher].done(&lrw->key); - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/lrw/lrw_encrypt.c b/libs/tomcrypt/src/modes/lrw/lrw_encrypt.c deleted file mode 100644 index 0961afffc19..00000000000 --- a/libs/tomcrypt/src/modes/lrw/lrw_encrypt.c +++ /dev/null @@ -1,45 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file lrw_encrypt.c - LRW_MODE implementation, Encrypt blocks, Tom St Denis -*/ - -#ifdef LTC_LRW_MODE - -/** - LRW encrypt blocks - @param pt The plaintext - @param ct [out] The ciphertext - @param len The length in octets, must be a multiple of 16 - @param lrw The LRW state -*/ -int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw) -{ - int err; - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(lrw != NULL); - - if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { - return err; - } - - if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL) { - return cipher_descriptor[lrw->cipher].accel_lrw_encrypt(pt, ct, len, lrw->IV, lrw->tweak, &lrw->key); - } - - return lrw_process(pt, ct, len, LRW_ENCRYPT, lrw); -} - - -#endif diff --git a/libs/tomcrypt/src/modes/lrw/lrw_getiv.c b/libs/tomcrypt/src/modes/lrw/lrw_getiv.c deleted file mode 100644 index bae69ee9355..00000000000 --- a/libs/tomcrypt/src/modes/lrw/lrw_getiv.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file lrw_getiv.c - LRW_MODE implementation, Retrieve the current IV, Tom St Denis -*/ - -#ifdef LTC_LRW_MODE - -/** - Get the IV for LRW - @param IV [out] The IV, must be 16 octets - @param len Length ... must be at least 16 :-) - @param lrw The LRW state to read - @return CRYPT_OK if successful -*/ -int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw) -{ - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(len != NULL); - LTC_ARGCHK(lrw != NULL); - if (*len < 16) { - *len = 16; - return CRYPT_BUFFER_OVERFLOW; - } - - XMEMCPY(IV, lrw->IV, 16); - *len = 16; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/lrw/lrw_process.c b/libs/tomcrypt/src/modes/lrw/lrw_process.c deleted file mode 100644 index 38563810a11..00000000000 --- a/libs/tomcrypt/src/modes/lrw/lrw_process.c +++ /dev/null @@ -1,115 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file lrw_process.c - LRW_MODE implementation, Encrypt/decrypt blocks, Tom St Denis -*/ - -#ifdef LTC_LRW_MODE - -/** - Process blocks with LRW, since decrypt/encrypt are largely the same they share this code. - @param pt The "input" data - @param ct [out] The "output" data - @param len The length of the input, must be a multiple of 128-bits (16 octets) - @param mode LRW_ENCRYPT or LRW_DECRYPT - @param lrw The LRW state - @return CRYPT_OK if successful -*/ -int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw) -{ - unsigned char prod[16]; - int x, err; -#ifdef LTC_LRW_TABLES - int y; -#endif - - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(lrw != NULL); - - if (len & 15) { - return CRYPT_INVALID_ARG; - } - - while (len) { - /* copy pad */ - XMEMCPY(prod, lrw->pad, 16); - - /* increment IV */ - for (x = 15; x >= 0; x--) { - lrw->IV[x] = (lrw->IV[x] + 1) & 255; - if (lrw->IV[x]) { - break; - } - } - - /* update pad */ -#ifdef LTC_LRW_TABLES - /* for each byte changed we undo it's affect on the pad then add the new product */ - for (; x < 16; x++) { -#ifdef LTC_FAST - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(lrw->pad + y)) ^= *(LTC_FAST_TYPE_PTR_CAST(&lrw->PC[x][lrw->IV[x]][y])) ^ *(LTC_FAST_TYPE_PTR_CAST(&lrw->PC[x][(lrw->IV[x]-1)&255][y])); - } -#else - for (y = 0; y < 16; y++) { - lrw->pad[y] ^= lrw->PC[x][lrw->IV[x]][y] ^ lrw->PC[x][(lrw->IV[x]-1)&255][y]; - } -#endif - } -#else - gcm_gf_mult(lrw->tweak, lrw->IV, lrw->pad); -#endif - - /* xor prod */ -#ifdef LTC_FAST - for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(ct + x)) = *(LTC_FAST_TYPE_PTR_CAST(pt + x)) ^ *(LTC_FAST_TYPE_PTR_CAST(prod + x)); - } -#else - for (x = 0; x < 16; x++) { - ct[x] = pt[x] ^ prod[x]; - } -#endif - - /* send through cipher */ - if (mode == LRW_ENCRYPT) { - if ((err = cipher_descriptor[lrw->cipher].ecb_encrypt(ct, ct, &lrw->key)) != CRYPT_OK) { - return err; - } - } else { - if ((err = cipher_descriptor[lrw->cipher].ecb_decrypt(ct, ct, &lrw->key)) != CRYPT_OK) { - return err; - } - } - - /* xor prod */ -#ifdef LTC_FAST - for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(ct + x)) = *(LTC_FAST_TYPE_PTR_CAST(ct + x)) ^ *(LTC_FAST_TYPE_PTR_CAST(prod + x)); - } -#else - for (x = 0; x < 16; x++) { - ct[x] = ct[x] ^ prod[x]; - } -#endif - - /* move to next */ - pt += 16; - ct += 16; - len -= 16; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/lrw/lrw_setiv.c b/libs/tomcrypt/src/modes/lrw/lrw_setiv.c deleted file mode 100644 index f1c6f3d71ce..00000000000 --- a/libs/tomcrypt/src/modes/lrw/lrw_setiv.c +++ /dev/null @@ -1,74 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file lrw_setiv.c - LRW_MODE implementation, Set the current IV, Tom St Denis -*/ - -#ifdef LTC_LRW_MODE - -/** - Set the IV for LRW - @param IV The IV, must be 16 octets - @param len Length ... must be 16 :-) - @param lrw The LRW state to update - @return CRYPT_OK if successful -*/ -int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw) -{ - int err; -#ifdef LTC_LRW_TABLES - unsigned char T[16]; - int x, y; -#endif - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(lrw != NULL); - - if (len != 16) { - return CRYPT_INVALID_ARG; - } - - if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) { - return err; - } - - /* copy the IV */ - XMEMCPY(lrw->IV, IV, 16); - - /* check if we have to actually do work */ - if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL && cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) { - /* we have accelerators, let's bail since they don't use lrw->pad anyways */ - return CRYPT_OK; - } - -#ifdef LTC_LRW_TABLES - XMEMCPY(T, &lrw->PC[0][IV[0]][0], 16); - for (x = 1; x < 16; x++) { -#ifdef LTC_FAST - for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(T + y)) ^= *(LTC_FAST_TYPE_PTR_CAST(&lrw->PC[x][IV[x]][y])); - } -#else - for (y = 0; y < 16; y++) { - T[y] ^= lrw->PC[x][IV[x]][y]; - } -#endif - } - XMEMCPY(lrw->pad, T, 16); -#else - gcm_gf_mult(lrw->tweak, IV, lrw->pad); -#endif - - return CRYPT_OK; -} - - -#endif diff --git a/libs/tomcrypt/src/modes/lrw/lrw_start.c b/libs/tomcrypt/src/modes/lrw/lrw_start.c deleted file mode 100644 index ca6eb7c852e..00000000000 --- a/libs/tomcrypt/src/modes/lrw/lrw_start.c +++ /dev/null @@ -1,98 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file lrw_start.c - LRW_MODE implementation, start mode, Tom St Denis -*/ - -#ifdef LTC_LRW_MODE - -/** - Initialize the LRW context - @param cipher The cipher desired, must be a 128-bit block cipher - @param IV The index value, must be 128-bits - @param key The cipher key - @param keylen The length of the cipher key in octets - @param tweak The tweak value (second key), must be 128-bits - @param num_rounds The number of rounds for the cipher (0 == default) - @param lrw [out] The LRW state - @return CRYPT_OK on success. -*/ -int lrw_start( int cipher, - const unsigned char *IV, - const unsigned char *key, int keylen, - const unsigned char *tweak, - int num_rounds, - symmetric_LRW *lrw) -{ - int err; -#ifdef LTC_LRW_TABLES - unsigned char B[16]; - int x, y, z, t; -#endif - - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(tweak != NULL); - LTC_ARGCHK(lrw != NULL); - -#ifdef LTC_FAST - if (16 % sizeof(LTC_FAST_TYPE)) { - return CRYPT_INVALID_ARG; - } -#endif - - /* is cipher valid? */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - if (cipher_descriptor[cipher].block_length != 16) { - return CRYPT_INVALID_CIPHER; - } - - /* schedule key */ - if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &lrw->key)) != CRYPT_OK) { - return err; - } - lrw->cipher = cipher; - - /* copy the IV and tweak */ - XMEMCPY(lrw->tweak, tweak, 16); - -#ifdef LTC_LRW_TABLES - /* setup tables */ - /* generate the first table as it has no shifting (from which we make the other tables) */ - zeromem(B, 16); - for (y = 0; y < 256; y++) { - B[0] = y; - gcm_gf_mult(tweak, B, &lrw->PC[0][y][0]); - } - - /* now generate the rest of the tables based the previous table */ - for (x = 1; x < 16; x++) { - for (y = 0; y < 256; y++) { - /* now shift it right by 8 bits */ - t = lrw->PC[x-1][y][15]; - for (z = 15; z > 0; z--) { - lrw->PC[x][y][z] = lrw->PC[x-1][y][z-1]; - } - lrw->PC[x][y][0] = gcm_shift_table[t<<1]; - lrw->PC[x][y][1] ^= gcm_shift_table[(t<<1)+1]; - } - } -#endif - - /* generate first pad */ - return lrw_setiv(IV, 16, lrw); -} - - -#endif diff --git a/libs/tomcrypt/src/modes/ofb/ofb_decrypt.c b/libs/tomcrypt/src/modes/ofb/ofb_decrypt.c deleted file mode 100644 index 7ec42ad34bb..00000000000 --- a/libs/tomcrypt/src/modes/ofb/ofb_decrypt.c +++ /dev/null @@ -1,35 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ofb_decrypt.c - OFB implementation, decrypt data, Tom St Denis -*/ - -#ifdef LTC_OFB_MODE - -/** - OFB decrypt - @param ct Ciphertext - @param pt [out] Plaintext - @param len Length of ciphertext (octets) - @param ofb OFB state - @return CRYPT_OK if successful -*/ -int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb) -{ - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(ofb != NULL); - return ofb_encrypt(ct, pt, len, ofb); -} - - -#endif diff --git a/libs/tomcrypt/src/modes/ofb/ofb_done.c b/libs/tomcrypt/src/modes/ofb/ofb_done.c deleted file mode 100644 index d1a9e2b5f86..00000000000 --- a/libs/tomcrypt/src/modes/ofb/ofb_done.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ofb_done.c - OFB implementation, finish chain, Tom St Denis -*/ - -#ifdef LTC_OFB_MODE - -/** Terminate the chain - @param ofb The OFB chain to terminate - @return CRYPT_OK on success -*/ -int ofb_done(symmetric_OFB *ofb) -{ - int err; - LTC_ARGCHK(ofb != NULL); - - if ((err = cipher_is_valid(ofb->cipher)) != CRYPT_OK) { - return err; - } - cipher_descriptor[ofb->cipher].done(&ofb->key); - return CRYPT_OK; -} - - - -#endif diff --git a/libs/tomcrypt/src/modes/ofb/ofb_encrypt.c b/libs/tomcrypt/src/modes/ofb/ofb_encrypt.c deleted file mode 100644 index 723bc122b40..00000000000 --- a/libs/tomcrypt/src/modes/ofb/ofb_encrypt.c +++ /dev/null @@ -1,54 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ofb_encrypt.c - OFB implementation, encrypt data, Tom St Denis -*/ - -#ifdef LTC_OFB_MODE - -/** - OFB encrypt - @param pt Plaintext - @param ct [out] Ciphertext - @param len Length of plaintext (octets) - @param ofb OFB state - @return CRYPT_OK if successful -*/ -int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb) -{ - int err; - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(ofb != NULL); - if ((err = cipher_is_valid(ofb->cipher)) != CRYPT_OK) { - return err; - } - - /* is blocklen/padlen valid? */ - if (ofb->blocklen < 0 || ofb->blocklen > (int)sizeof(ofb->IV) || - ofb->padlen < 0 || ofb->padlen > (int)sizeof(ofb->IV)) { - return CRYPT_INVALID_ARG; - } - - while (len-- > 0) { - if (ofb->padlen == ofb->blocklen) { - if ((err = cipher_descriptor[ofb->cipher].ecb_encrypt(ofb->IV, ofb->IV, &ofb->key)) != CRYPT_OK) { - return err; - } - ofb->padlen = 0; - } - *ct++ = *pt++ ^ ofb->IV[(ofb->padlen)++]; - } - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/ofb/ofb_getiv.c b/libs/tomcrypt/src/modes/ofb/ofb_getiv.c deleted file mode 100644 index 37bf357aacd..00000000000 --- a/libs/tomcrypt/src/modes/ofb/ofb_getiv.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ofb_getiv.c - OFB implementation, get IV, Tom St Denis -*/ - -#ifdef LTC_OFB_MODE - -/** - Get the current initialization vector - @param IV [out] The destination of the initialization vector - @param len [in/out] The max size and resulting size of the initialization vector - @param ofb The OFB state - @return CRYPT_OK if successful -*/ -int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb) -{ - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(len != NULL); - LTC_ARGCHK(ofb != NULL); - if ((unsigned long)ofb->blocklen > *len) { - *len = ofb->blocklen; - return CRYPT_BUFFER_OVERFLOW; - } - XMEMCPY(IV, ofb->IV, ofb->blocklen); - *len = ofb->blocklen; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/ofb/ofb_setiv.c b/libs/tomcrypt/src/modes/ofb/ofb_setiv.c deleted file mode 100644 index ee577e52d15..00000000000 --- a/libs/tomcrypt/src/modes/ofb/ofb_setiv.c +++ /dev/null @@ -1,45 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ofb_setiv.c - OFB implementation, set IV, Tom St Denis -*/ - -#ifdef LTC_OFB_MODE - -/** - Set an initialization vector - @param IV The initialization vector - @param len The length of the vector (in octets) - @param ofb The OFB state - @return CRYPT_OK if successful -*/ -int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb) -{ - int err; - - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(ofb != NULL); - - if ((err = cipher_is_valid(ofb->cipher)) != CRYPT_OK) { - return err; - } - - if (len != (unsigned long)ofb->blocklen) { - return CRYPT_INVALID_ARG; - } - - /* force next block */ - ofb->padlen = 0; - return cipher_descriptor[ofb->cipher].ecb_encrypt(IV, ofb->IV, &ofb->key); -} - -#endif diff --git a/libs/tomcrypt/src/modes/ofb/ofb_start.c b/libs/tomcrypt/src/modes/ofb/ofb_start.c deleted file mode 100644 index 280606359a3..00000000000 --- a/libs/tomcrypt/src/modes/ofb/ofb_start.c +++ /dev/null @@ -1,54 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file ofb_start.c - OFB implementation, start chain, Tom St Denis -*/ - - -#ifdef LTC_OFB_MODE - -/** - Initialize a OFB context - @param cipher The index of the cipher desired - @param IV The initialization vector - @param key The secret key - @param keylen The length of the secret key (octets) - @param num_rounds Number of rounds in the cipher desired (0 for default) - @param ofb The OFB state to initialize - @return CRYPT_OK if successful -*/ -int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key, - int keylen, int num_rounds, symmetric_OFB *ofb) -{ - int x, err; - - LTC_ARGCHK(IV != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ofb != NULL); - - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - /* copy details */ - ofb->cipher = cipher; - ofb->blocklen = cipher_descriptor[cipher].block_length; - for (x = 0; x < ofb->blocklen; x++) { - ofb->IV[x] = IV[x]; - } - - /* init the cipher */ - ofb->padlen = ofb->blocklen; - return cipher_descriptor[cipher].setup(key, keylen, num_rounds, &ofb->key); -} - -#endif diff --git a/libs/tomcrypt/src/modes/xts/xts_decrypt.c b/libs/tomcrypt/src/modes/xts/xts_decrypt.c deleted file mode 100644 index e87a92e8103..00000000000 --- a/libs/tomcrypt/src/modes/xts/xts_decrypt.c +++ /dev/null @@ -1,152 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects - */ - -#ifdef LTC_XTS_MODE - -static int _tweak_uncrypt(const unsigned char *C, unsigned char *P, unsigned char *T, symmetric_xts *xts) -{ - unsigned long x; - int err; - - /* tweak encrypt block i */ -#ifdef LTC_FAST - for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&P[x])) = *(LTC_FAST_TYPE_PTR_CAST(&C[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&T[x])); - } -#else - for (x = 0; x < 16; x++) { - P[x] = C[x] ^ T[x]; - } -#endif - - err = cipher_descriptor[xts->cipher].ecb_decrypt(P, P, &xts->key1); - -#ifdef LTC_FAST - for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&P[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&T[x])); - } -#else - for (x = 0; x < 16; x++) { - P[x] = P[x] ^ T[x]; - } -#endif - - /* LFSR the tweak */ - xts_mult_x(T); - - return err; -} - -/** XTS Decryption - @param ct [in] Ciphertext - @param ptlen Length of plaintext (and ciphertext) - @param pt [out] Plaintext - @param tweak [in] The 128--bit encryption tweak (e.g. sector number) - @param xts The XTS structure - Returns CRYPT_OK upon success - */ -int xts_decrypt(const unsigned char *ct, unsigned long ptlen, unsigned char *pt, unsigned char *tweak, - symmetric_xts *xts) -{ - unsigned char PP[16], CC[16], T[16]; - unsigned long i, m, mo, lim; - int err; - - /* check inputs */ - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tweak != NULL); - LTC_ARGCHK(xts != NULL); - - /* check if valid */ - if ((err = cipher_is_valid(xts->cipher)) != CRYPT_OK) { - return err; - } - - /* get number of blocks */ - m = ptlen >> 4; - mo = ptlen & 15; - - /* must have at least one full block */ - if (m == 0) { - return CRYPT_INVALID_ARG; - } - - if (mo == 0) { - lim = m; - } else { - lim = m - 1; - } - - if (cipher_descriptor[xts->cipher].accel_xts_decrypt && lim > 0) { - - /* use accelerated decryption for whole blocks */ - if ((err = cipher_descriptor[xts->cipher].accel_xts_decrypt(ct, pt, lim, tweak, &xts->key1, &xts->key2)) != - CRYPT_OK) { - return err; - } - ct += lim * 16; - pt += lim * 16; - - /* tweak is encrypted on output */ - XMEMCPY(T, tweak, sizeof(T)); - } else { - /* encrypt the tweak */ - if ((err = cipher_descriptor[xts->cipher].ecb_encrypt(tweak, T, &xts->key2)) != CRYPT_OK) { - return err; - } - - for (i = 0; i < lim; i++) { - if ((err = _tweak_uncrypt(ct, pt, T, xts)) != CRYPT_OK) { - return err; - } - ct += 16; - pt += 16; - } - } - - /* if ptlen not divide 16 then */ - if (mo > 0) { - XMEMCPY(CC, T, 16); - xts_mult_x(CC); - - /* PP = tweak decrypt block m-1 */ - if ((err = _tweak_uncrypt(ct, PP, CC, xts)) != CRYPT_OK) { - return err; - } - - /* Pm = first ptlen % 16 bytes of PP */ - for (i = 0; i < mo; i++) { - CC[i] = ct[16 + i]; - pt[16 + i] = PP[i]; - } - for (; i < 16; i++) { - CC[i] = PP[i]; - } - - /* Pm-1 = Tweak uncrypt CC */ - if ((err = _tweak_uncrypt(CC, pt, T, xts)) != CRYPT_OK) { - return err; - } - } - - /* Decrypt the tweak back */ - if ((err = cipher_descriptor[xts->cipher].ecb_decrypt(T, tweak, &xts->key2)) != CRYPT_OK) { - return err; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/modes/xts/xts_done.c b/libs/tomcrypt/src/modes/xts/xts_done.c deleted file mode 100644 index 3d1977e4477..00000000000 --- a/libs/tomcrypt/src/modes/xts/xts_done.c +++ /dev/null @@ -1,27 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects -*/ - -#ifdef LTC_XTS_MODE - -/** Terminate XTS state - @param xts The state to terminate -*/ -void xts_done(symmetric_xts *xts) -{ - LTC_ARGCHKVD(xts != NULL); - cipher_descriptor[xts->cipher].done(&xts->key1); - cipher_descriptor[xts->cipher].done(&xts->key2); -} - -#endif diff --git a/libs/tomcrypt/src/modes/xts/xts_encrypt.c b/libs/tomcrypt/src/modes/xts/xts_encrypt.c deleted file mode 100644 index c96aeec954a..00000000000 --- a/libs/tomcrypt/src/modes/xts/xts_encrypt.c +++ /dev/null @@ -1,153 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects - */ - -#ifdef LTC_XTS_MODE - -static int _tweak_crypt(const unsigned char *P, unsigned char *C, unsigned char *T, symmetric_xts *xts) -{ - unsigned long x; - int err; - - /* tweak encrypt block i */ -#ifdef LTC_FAST - for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&C[x])) = *(LTC_FAST_TYPE_PTR_CAST(&P[x])) ^ *(LTC_FAST_TYPE_PTR_CAST(&T[x])); - } -#else - for (x = 0; x < 16; x++) { - C[x] = P[x] ^ T[x]; - } -#endif - - if ((err = cipher_descriptor[xts->cipher].ecb_encrypt(C, C, &xts->key1)) != CRYPT_OK) { - return err; - } - -#ifdef LTC_FAST - for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) { - *(LTC_FAST_TYPE_PTR_CAST(&C[x])) ^= *(LTC_FAST_TYPE_PTR_CAST(&T[x])); - } -#else - for (x = 0; x < 16; x++) { - C[x] = C[x] ^ T[x]; - } -#endif - - /* LFSR the tweak */ - xts_mult_x(T); - - return CRYPT_OK; -} - -/** XTS Encryption - @param pt [in] Plaintext - @param ptlen Length of plaintext (and ciphertext) - @param ct [out] Ciphertext - @param tweak [in] The 128--bit encryption tweak (e.g. sector number) - @param xts The XTS structure - Returns CRYPT_OK upon success - */ -int xts_encrypt(const unsigned char *pt, unsigned long ptlen, unsigned char *ct, unsigned char *tweak, - symmetric_xts *xts) -{ - unsigned char PP[16], CC[16], T[16]; - unsigned long i, m, mo, lim; - int err; - - /* check inputs */ - LTC_ARGCHK(pt != NULL); - LTC_ARGCHK(ct != NULL); - LTC_ARGCHK(tweak != NULL); - LTC_ARGCHK(xts != NULL); - - /* check if valid */ - if ((err = cipher_is_valid(xts->cipher)) != CRYPT_OK) { - return err; - } - - /* get number of blocks */ - m = ptlen >> 4; - mo = ptlen & 15; - - /* must have at least one full block */ - if (m == 0) { - return CRYPT_INVALID_ARG; - } - - if (mo == 0) { - lim = m; - } else { - lim = m - 1; - } - - if (cipher_descriptor[xts->cipher].accel_xts_encrypt && lim > 0) { - - /* use accelerated encryption for whole blocks */ - if ((err = cipher_descriptor[xts->cipher].accel_xts_encrypt(pt, ct, lim, tweak, &xts->key1, &xts->key2)) != - CRYPT_OK) { - return err; - } - ct += lim * 16; - pt += lim * 16; - - /* tweak is encrypted on output */ - XMEMCPY(T, tweak, sizeof(T)); - } else { - - /* encrypt the tweak */ - if ((err = cipher_descriptor[xts->cipher].ecb_encrypt(tweak, T, &xts->key2)) != CRYPT_OK) { - return err; - } - - for (i = 0; i < lim; i++) { - if ((err = _tweak_crypt(pt, ct, T, xts)) != CRYPT_OK) { - return err; - } - ct += 16; - pt += 16; - } - } - - /* if ptlen not divide 16 then */ - if (mo > 0) { - /* CC = tweak encrypt block m-1 */ - if ((err = _tweak_crypt(pt, CC, T, xts)) != CRYPT_OK) { - return err; - } - - /* Cm = first ptlen % 16 bytes of CC */ - for (i = 0; i < mo; i++) { - PP[i] = pt[16 + i]; - ct[16 + i] = CC[i]; - } - - for (; i < 16; i++) { - PP[i] = CC[i]; - } - - /* Cm-1 = Tweak encrypt PP */ - if ((err = _tweak_crypt(PP, ct, T, xts)) != CRYPT_OK) { - return err; - } - } - - /* Decrypt the tweak back */ - if ((err = cipher_descriptor[xts->cipher].ecb_decrypt(T, tweak, &xts->key2)) != CRYPT_OK) { - return err; - } - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/modes/xts/xts_init.c b/libs/tomcrypt/src/modes/xts/xts_init.c deleted file mode 100644 index e237139656a..00000000000 --- a/libs/tomcrypt/src/modes/xts/xts_init.c +++ /dev/null @@ -1,57 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects -*/ - -#ifdef LTC_XTS_MODE - -/** Start XTS mode - @param cipher The index of the cipher to use - @param key1 The encrypt key - @param key2 The tweak encrypt key - @param keylen The length of the keys (each) in octets - @param num_rounds The number of rounds for the cipher (0 == default) - @param xts [out] XTS structure - Returns CRYPT_OK upon success. -*/ -int xts_start(int cipher, const unsigned char *key1, const unsigned char *key2, unsigned long keylen, int num_rounds, - symmetric_xts *xts) -{ - int err; - - /* check inputs */ - LTC_ARGCHK(key1 != NULL); - LTC_ARGCHK(key2 != NULL); - LTC_ARGCHK(xts != NULL); - - /* check if valid */ - if ((err = cipher_is_valid(cipher)) != CRYPT_OK) { - return err; - } - - if (cipher_descriptor[cipher].block_length != 16) { - return CRYPT_INVALID_ARG; - } - - /* schedule the two ciphers */ - if ((err = cipher_descriptor[cipher].setup(key1, keylen, num_rounds, &xts->key1)) != CRYPT_OK) { - return err; - } - if ((err = cipher_descriptor[cipher].setup(key2, keylen, num_rounds, &xts->key2)) != CRYPT_OK) { - return err; - } - xts->cipher = cipher; - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/modes/xts/xts_mult_x.c b/libs/tomcrypt/src/modes/xts/xts_mult_x.c deleted file mode 100644 index bb63dfe8087..00000000000 --- a/libs/tomcrypt/src/modes/xts/xts_mult_x.c +++ /dev/null @@ -1,35 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - Source donated by Elliptic Semiconductor Inc (www.ellipticsemi.com) to the LibTom Projects -*/ - -#ifdef LTC_XTS_MODE - -/** multiply by x - @param I The value to multiply by x (LFSR shift) -*/ -void xts_mult_x(unsigned char *I) -{ - int x; - unsigned char t, tt; - - for (x = t = 0; x < 16; x++) { - tt = I[x] >> 7; - I[x] = ((I[x] << 1) | t) & 0xFF; - t = tt; - } - if (tt) { - I[0] ^= 0x87; - } -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c b/libs/tomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c deleted file mode 100644 index f0a490724fc..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/bit/der_decode_bit_string.c +++ /dev/null @@ -1,96 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_bit_string.c - ASN.1 DER, encode a BIT STRING, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Store a BIT STRING - @param in The DER encoded BIT STRING - @param inlen The size of the DER BIT STRING - @param out [out] The array of bits stored (one per char) - @param outlen [in/out] The number of bits stored - @return CRYPT_OK if successful -*/ -int der_decode_bit_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long dlen, blen, x, y; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* packet must be at least 4 bytes */ - if (inlen < 4) { - return CRYPT_INVALID_ARG; - } - - /* check for 0x03 */ - if ((in[0]&0x1F) != 0x03) { - return CRYPT_INVALID_PACKET; - } - - /* offset in the data */ - x = 1; - - /* get the length of the data */ - if (in[x] & 0x80) { - /* long format get number of length bytes */ - y = in[x++] & 0x7F; - - /* invalid if 0 or > 2 */ - if (y == 0 || y > 2) { - return CRYPT_INVALID_PACKET; - } - - /* read the data len */ - dlen = 0; - while (y--) { - dlen = (dlen << 8) | (unsigned long)in[x++]; - } - } else { - /* short format */ - dlen = in[x++] & 0x7F; - } - - /* is the data len too long or too short? */ - if ((dlen == 0) || (dlen + x > inlen)) { - return CRYPT_INVALID_PACKET; - } - - /* get padding count */ - blen = ((dlen - 1) << 3) - (in[x++] & 7); - - /* too many bits? */ - if (blen > *outlen) { - *outlen = blen; - return CRYPT_BUFFER_OVERFLOW; - } - - /* decode/store the bits */ - for (y = 0; y < blen; y++) { - out[y] = (in[x] & (1 << (7 - (y & 7)))) ? 1 : 0; - if ((y & 7) == 7) { - ++x; - } - } - - /* we done */ - *outlen = blen; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/bit/der_decode_raw_bit_string.c b/libs/tomcrypt/src/pk/asn1/der/bit/der_decode_raw_bit_string.c deleted file mode 100644 index 740a5a6e691..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/bit/der_decode_raw_bit_string.c +++ /dev/null @@ -1,103 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_bit_string.c - ASN.1 DER, encode a BIT STRING, Tom St Denis -*/ - - -#ifdef LTC_DER - -#define SETBIT(v, n) (v=((unsigned char)(v) | (1U << (unsigned char)(n)))) -#define CLRBIT(v, n) (v=((unsigned char)(v) & ~(1U << (unsigned char)(n)))) - -/** - Store a BIT STRING - @param in The DER encoded BIT STRING - @param inlen The size of the DER BIT STRING - @param out [out] The array of bits stored (8 per char) - @param outlen [in/out] The number of bits stored - @return CRYPT_OK if successful -*/ -int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long dlen, blen, x, y; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* packet must be at least 4 bytes */ - if (inlen < 4) { - return CRYPT_INVALID_ARG; - } - - /* check for 0x03 */ - if ((in[0]&0x1F) != 0x03) { - return CRYPT_INVALID_PACKET; - } - - /* offset in the data */ - x = 1; - - /* get the length of the data */ - if (in[x] & 0x80) { - /* long format get number of length bytes */ - y = in[x++] & 0x7F; - - /* invalid if 0 or > 2 */ - if (y == 0 || y > 2) { - return CRYPT_INVALID_PACKET; - } - - /* read the data len */ - dlen = 0; - while (y--) { - dlen = (dlen << 8) | (unsigned long)in[x++]; - } - } else { - /* short format */ - dlen = in[x++] & 0x7F; - } - - /* is the data len too long or too short? */ - if ((dlen == 0) || (dlen + x > inlen)) { - return CRYPT_INVALID_PACKET; - } - - /* get padding count */ - blen = ((dlen - 1) << 3) - (in[x++] & 7); - - /* too many bits? */ - if (blen > *outlen) { - *outlen = blen; - return CRYPT_BUFFER_OVERFLOW; - } - - /* decode/store the bits */ - for (y = 0; y < blen; y++) { - if (in[x] & (1 << (7 - (y & 7)))) { - SETBIT(out[y/8], 7-(y%8)); - } else { - CLRBIT(out[y/8], 7-(y%8)); - } - if ((y & 7) == 7) { - ++x; - } - } - - /* we done */ - *outlen = blen; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c b/libs/tomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c deleted file mode 100644 index 29999ab3c03..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/bit/der_encode_bit_string.c +++ /dev/null @@ -1,83 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_bit_string.c - ASN.1 DER, encode a BIT STRING, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Store a BIT STRING - @param in The array of bits to store (one per char) - @param inlen The number of bits tostore - @param out [out] The destination for the DER encoded BIT STRING - @param outlen [in/out] The max size and resulting size of the DER BIT STRING - @return CRYPT_OK if successful -*/ -int der_encode_bit_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long len, x, y; - unsigned char buf; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* avoid overflows */ - if ((err = der_length_bit_string(inlen, &len)) != CRYPT_OK) { - return err; - } - - if (len > *outlen) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - /* store header (include bit padding count in length) */ - x = 0; - y = (inlen >> 3) + ((inlen&7) ? 1 : 0) + 1; - - out[x++] = 0x03; - if (y < 128) { - out[x++] = (unsigned char)y; - } else if (y < 256) { - out[x++] = 0x81; - out[x++] = (unsigned char)y; - } else if (y < 65536) { - out[x++] = 0x82; - out[x++] = (unsigned char)((y>>8)&255); - out[x++] = (unsigned char)(y&255); - } - - /* store number of zero padding bits */ - out[x++] = (unsigned char)((8 - inlen) & 7); - - /* store the bits in big endian format */ - for (y = buf = 0; y < inlen; y++) { - buf |= (in[y] ? 1 : 0) << (7 - (y & 7)); - if ((y & 7) == 7) { - out[x++] = buf; - buf = 0; - } - } - /* store last byte */ - if (inlen & 7) { - out[x++] = buf; - } - *outlen = x; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/bit/der_encode_raw_bit_string.c b/libs/tomcrypt/src/pk/asn1/der/bit/der_encode_raw_bit_string.c deleted file mode 100644 index 36076fdb1eb..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/bit/der_encode_raw_bit_string.c +++ /dev/null @@ -1,86 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_bit_string.c - ASN.1 DER, encode a BIT STRING, Tom St Denis -*/ - - -#ifdef LTC_DER - -#define getbit(n, k) (((n) & ( 1 << (k) )) >> (k)) - -/** - Store a BIT STRING - @param in The array of bits to store (8 per char) - @param inlen The number of bits to store - @param out [out] The destination for the DER encoded BIT STRING - @param outlen [in/out] The max size and resulting size of the DER BIT STRING - @return CRYPT_OK if successful -*/ -int der_encode_raw_bit_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long len, x, y; - unsigned char buf; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* avoid overflows */ - if ((err = der_length_bit_string(inlen, &len)) != CRYPT_OK) { - return err; - } - - if (len > *outlen) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - /* store header (include bit padding count in length) */ - x = 0; - y = (inlen >> 3) + ((inlen&7) ? 1 : 0) + 1; - - out[x++] = 0x03; - if (y < 128) { - out[x++] = (unsigned char)y; - } else if (y < 256) { - out[x++] = 0x81; - out[x++] = (unsigned char)y; - } else if (y < 65536) { - out[x++] = 0x82; - out[x++] = (unsigned char)((y>>8)&255); - out[x++] = (unsigned char)(y&255); - } - - /* store number of zero padding bits */ - out[x++] = (unsigned char)((8 - inlen) & 7); - - /* store the bits in big endian format */ - for (y = buf = 0; y < inlen; y++) { - buf |= (getbit(in[y/8],7-y%8)?1:0) << (7 - (y & 7)); - if ((y & 7) == 7) { - out[x++] = buf; - buf = 0; - } - } - /* store last byte */ - if (inlen & 7) { - out[x++] = buf; - } - - *outlen = x; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c b/libs/tomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c deleted file mode 100644 index 05de007a6fc..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/bit/der_length_bit_string.c +++ /dev/null @@ -1,47 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_bit_string.c - ASN.1 DER, get length of BIT STRING, Tom St Denis -*/ - -#ifdef LTC_DER -/** - Gets length of DER encoding of BIT STRING - @param nbits The number of bits in the string to encode - @param outlen [out] The length of the DER encoding for the given string - @return CRYPT_OK if successful -*/ -int der_length_bit_string(unsigned long nbits, unsigned long *outlen) -{ - unsigned long nbytes; - LTC_ARGCHK(outlen != NULL); - - /* get the number of the bytes */ - nbytes = (nbits >> 3) + ((nbits & 7) ? 1 : 0) + 1; - - if (nbytes < 128) { - /* 03 LL PP DD DD DD ... */ - *outlen = 2 + nbytes; - } else if (nbytes < 256) { - /* 03 81 LL PP DD DD DD ... */ - *outlen = 3 + nbytes; - } else if (nbytes < 65536) { - /* 03 82 LL LL PP DD DD DD ... */ - *outlen = 4 + nbytes; - } else { - return CRYPT_INVALID_ARG; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c b/libs/tomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c deleted file mode 100644 index 7cd624f25b3..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/boolean/der_decode_boolean.c +++ /dev/null @@ -1,41 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_boolean.c - ASN.1 DER, decode a BOOLEAN, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Read a BOOLEAN - @param in The destination for the DER encoded BOOLEAN - @param inlen The size of the DER BOOLEAN - @param out [out] The boolean to decode - @return CRYPT_OK if successful -*/ -int der_decode_boolean(const unsigned char *in, unsigned long inlen, - int *out) -{ - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - - if (inlen < 3 || in[0] != 0x01 || in[1] != 0x01 || (in[2] != 0x00 && in[2] != 0xFF)) { - return CRYPT_INVALID_ARG; - } - - *out = (in[2]==0xFF) ? 1 : 0; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c b/libs/tomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c deleted file mode 100644 index 5d6835a0e1d..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/boolean/der_encode_boolean.c +++ /dev/null @@ -1,45 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_boolean.c - ASN.1 DER, encode a BOOLEAN, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Store a BOOLEAN - @param in The boolean to encode - @param out [out] The destination for the DER encoded BOOLEAN - @param outlen [in/out] The max size and resulting size of the DER BOOLEAN - @return CRYPT_OK if successful -*/ -int der_encode_boolean(int in, - unsigned char *out, unsigned long *outlen) -{ - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(out != NULL); - - if (*outlen < 3) { - *outlen = 3; - return CRYPT_BUFFER_OVERFLOW; - } - - *outlen = 3; - out[0] = 0x01; - out[1] = 0x01; - out[2] = in ? 0xFF : 0x00; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c b/libs/tomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c deleted file mode 100644 index f31f05eaa63..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/boolean/der_length_boolean.c +++ /dev/null @@ -1,29 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_boolean.c - ASN.1 DER, get length of a BOOLEAN, Tom St Denis -*/ - -#ifdef LTC_DER -/** - Gets length of DER encoding of a BOOLEAN - @param outlen [out] The length of the DER encoding - @return CRYPT_OK if successful -*/ -int der_length_boolean(unsigned long *outlen) -{ - LTC_ARGCHK(outlen != NULL); - *outlen = 3; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/choice/der_decode_choice.c b/libs/tomcrypt/src/pk/asn1/der/choice/der_decode_choice.c deleted file mode 100644 index 41b2e5d4985..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/choice/der_decode_choice.c +++ /dev/null @@ -1,219 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_choice.c - ASN.1 DER, decode a CHOICE, Tom St Denis -*/ - -#ifdef LTC_DER - -/** - Decode a CHOICE - @param in The DER encoded input - @param inlen [in/out] The size of the input and resulting size of read type - @param list The list of items to decode - @param outlen The number of items in the list - @return CRYPT_OK on success -*/ -int der_decode_choice(const unsigned char *in, unsigned long *inlen, - ltc_asn1_list *list, unsigned long outlen) -{ - unsigned long size, x, z; - void *data; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen != NULL); - LTC_ARGCHK(list != NULL); - - /* get blk size */ - if (*inlen < 2) { - return CRYPT_INVALID_PACKET; - } - - /* set all of the "used" flags to zero */ - for (x = 0; x < outlen; x++) { - list[x].used = 0; - } - - /* now scan until we have a winner */ - for (x = 0; x < outlen; x++) { - size = list[x].size; - data = list[x].data; - - switch (list[x].type) { - case LTC_ASN1_BOOLEAN: - if (der_decode_boolean(in, *inlen, data) == CRYPT_OK) { - if (der_length_boolean(&z) == CRYPT_OK) { - list[x].used = 1; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_INTEGER: - if (der_decode_integer(in, *inlen, data) == CRYPT_OK) { - if (der_length_integer(data, &z) == CRYPT_OK) { - list[x].used = 1; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_SHORT_INTEGER: - if (der_decode_short_integer(in, *inlen, data) == CRYPT_OK) { - if (der_length_short_integer(size, &z) == CRYPT_OK) { - list[x].used = 1; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_BIT_STRING: - if (der_decode_bit_string(in, *inlen, data, &size) == CRYPT_OK) { - if (der_length_bit_string(size, &z) == CRYPT_OK) { - list[x].used = 1; - list[x].size = size; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_RAW_BIT_STRING: - if (der_decode_raw_bit_string(in, *inlen, data, &size) == CRYPT_OK) { - if (der_length_bit_string(size, &z) == CRYPT_OK) { - list[x].used = 1; - list[x].size = size; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_OCTET_STRING: - if (der_decode_octet_string(in, *inlen, data, &size) == CRYPT_OK) { - if (der_length_octet_string(size, &z) == CRYPT_OK) { - list[x].used = 1; - list[x].size = size; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_NULL: - if (*inlen == 2 && in[x] == 0x05 && in[x+1] == 0x00) { - *inlen = 2; - list[x].used = 1; - return CRYPT_OK; - } - break; - - case LTC_ASN1_OBJECT_IDENTIFIER: - if (der_decode_object_identifier(in, *inlen, data, &size) == CRYPT_OK) { - if (der_length_object_identifier(data, size, &z) == CRYPT_OK) { - list[x].used = 1; - list[x].size = size; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_TELETEX_STRING: - if (der_decode_teletex_string(in, *inlen, data, &size) == CRYPT_OK) { - if (der_length_teletex_string(data, size, &z) == CRYPT_OK) { - list[x].used = 1; - list[x].size = size; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_IA5_STRING: - if (der_decode_ia5_string(in, *inlen, data, &size) == CRYPT_OK) { - if (der_length_ia5_string(data, size, &z) == CRYPT_OK) { - list[x].used = 1; - list[x].size = size; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_PRINTABLE_STRING: - if (der_decode_printable_string(in, *inlen, data, &size) == CRYPT_OK) { - if (der_length_printable_string(data, size, &z) == CRYPT_OK) { - list[x].used = 1; - list[x].size = size; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_UTF8_STRING: - if (der_decode_utf8_string(in, *inlen, data, &size) == CRYPT_OK) { - if (der_length_utf8_string(data, size, &z) == CRYPT_OK) { - list[x].used = 1; - list[x].size = size; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_UTCTIME: - z = *inlen; - if (der_decode_utctime(in, &z, data) == CRYPT_OK) { - list[x].used = 1; - *inlen = z; - return CRYPT_OK; - } - break; - - case LTC_ASN1_GENERALIZEDTIME: - z = *inlen; - if (der_decode_generalizedtime(in, &z, data) == CRYPT_OK) { - list[x].used = 1; - *inlen = z; - return CRYPT_OK; - } - break; - - case LTC_ASN1_SET: - case LTC_ASN1_SETOF: - case LTC_ASN1_SEQUENCE: - if (der_decode_sequence(in, *inlen, data, size) == CRYPT_OK) { - if (der_length_sequence(data, size, &z) == CRYPT_OK) { - list[x].used = 1; - *inlen = z; - return CRYPT_OK; - } - } - break; - - case LTC_ASN1_CHOICE: - case LTC_ASN1_CONSTRUCTED: - case LTC_ASN1_CONTEXT_SPECIFIC: - case LTC_ASN1_EOL: - return CRYPT_INVALID_ARG; - } - } - - return CRYPT_INVALID_PACKET; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.c b/libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.c deleted file mode 100644 index b9b7db97ead..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_decode_generalizedtime.c +++ /dev/null @@ -1,140 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_generalizedtime.c - ASN.1 DER, decode a GeneralizedTime, Steffen Jaeckel - Based on der_decode_utctime.c -*/ - -#ifdef LTC_DER - -static int _char_to_int(unsigned char x) -{ - switch (x) { - case '0': return 0; - case '1': return 1; - case '2': return 2; - case '3': return 3; - case '4': return 4; - case '5': return 5; - case '6': return 6; - case '7': return 7; - case '8': return 8; - case '9': return 9; - default: return 100; - } -} - -#define DECODE_V(y, max) do {\ - y = _char_to_int(buf[x])*10 + _char_to_int(buf[x+1]); \ - if (y >= max) return CRYPT_INVALID_PACKET; \ - x += 2; \ -} while(0) - -#define DECODE_V4(y, max) do {\ - y = _char_to_int(buf[x])*1000 + _char_to_int(buf[x+1])*100 + _char_to_int(buf[x+2])*10 + _char_to_int(buf[x+3]); \ - if (y >= max) return CRYPT_INVALID_PACKET; \ - x += 4; \ -} while(0) - -/** - Decodes a Generalized time structure in DER format (reads all 6 valid encoding formats) - @param in Input buffer - @param inlen Length of input buffer in octets - @param out [out] Destination of Generalized time structure - @return CRYPT_OK if successful -*/ -int der_decode_generalizedtime(const unsigned char *in, unsigned long *inlen, - ltc_generalizedtime *out) -{ - unsigned char buf[32]; - unsigned long x; - int y; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen != NULL); - LTC_ARGCHK(out != NULL); - - /* check header */ - if (*inlen < 2UL || (in[1] >= sizeof(buf)) || ((in[1] + 2UL) > *inlen)) { - return CRYPT_INVALID_PACKET; - } - - /* decode the string */ - for (x = 0; x < in[1]; x++) { - y = der_ia5_value_decode(in[x+2]); - if (y == -1) { - return CRYPT_INVALID_PACKET; - } - if (!((y >= '0' && y <= '9') - || y == 'Z' || y == '.' - || y == '+' || y == '-')) { - return CRYPT_INVALID_PACKET; - } - buf[x] = y; - } - *inlen = 2 + x; - - if (x < 15) { - return CRYPT_INVALID_PACKET; - } - - /* possible encodings are -YYYYMMDDhhmmssZ -YYYYMMDDhhmmss+hh'mm' -YYYYMMDDhhmmss-hh'mm' -YYYYMMDDhhmmss.fsZ -YYYYMMDDhhmmss.fs+hh'mm' -YYYYMMDDhhmmss.fs-hh'mm' - - So let's do a trivial decode upto [including] ss - */ - - x = 0; - DECODE_V4(out->YYYY, 10000); - DECODE_V(out->MM, 13); - DECODE_V(out->DD, 32); - DECODE_V(out->hh, 24); - DECODE_V(out->mm, 60); - DECODE_V(out->ss, 60); - - /* clear fractional seconds info */ - out->fs = 0; - - /* now is it Z or . */ - if (buf[x] == 'Z') { - return CRYPT_OK; - } else if (buf[x] == '.') { - x++; - while (buf[x] >= '0' && buf[x] <= '9') { - unsigned fs = out->fs; - if (x >= sizeof(buf)) return CRYPT_INVALID_PACKET; - out->fs *= 10; - out->fs += _char_to_int(buf[x]); - if (fs > out->fs) return CRYPT_OVERFLOW; - x++; - } - } - - /* now is it Z, +, - */ - if (buf[x] == 'Z') { - return CRYPT_OK; - } else if (buf[x] == '+' || buf[x] == '-') { - out->off_dir = (buf[x++] == '+') ? 0 : 1; - DECODE_V(out->off_hh, 24); - DECODE_V(out->off_mm, 60); - return CRYPT_OK; - } else { - return CRYPT_INVALID_PACKET; - } -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.c b/libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.c deleted file mode 100644 index 888f1758b67..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_encode_generalizedtime.c +++ /dev/null @@ -1,104 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_utctime.c - ASN.1 DER, encode a GeneralizedTime, Steffen Jaeckel - Based on der_encode_utctime.c -*/ - -#ifdef LTC_DER - -static const char * const baseten = "0123456789"; - -#define STORE_V(y) do {\ - out[x++] = der_ia5_char_encode(baseten[(y/10) % 10]); \ - out[x++] = der_ia5_char_encode(baseten[y % 10]); \ -} while(0) - -#define STORE_V4(y) do {\ - out[x++] = der_ia5_char_encode(baseten[(y/1000) % 10]); \ - out[x++] = der_ia5_char_encode(baseten[(y/100) % 10]); \ - out[x++] = der_ia5_char_encode(baseten[(y/10) % 10]); \ - out[x++] = der_ia5_char_encode(baseten[y % 10]); \ -} while(0) - -/** - Encodes a Generalized time structure in DER format - @param gtime The GeneralizedTime structure to encode - @param out The destination of the DER encoding of the GeneralizedTime structure - @param outlen [in/out] The length of the DER encoding - @return CRYPT_OK if successful -*/ -int der_encode_generalizedtime(ltc_generalizedtime *gtime, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, tmplen; - int err; - - LTC_ARGCHK(gtime != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - if ((err = der_length_generalizedtime(gtime, &tmplen)) != CRYPT_OK) { - return err; - } - if (tmplen > *outlen) { - *outlen = tmplen; - return CRYPT_BUFFER_OVERFLOW; - } - - /* store header */ - out[0] = 0x18; - - /* store values */ - x = 2; - STORE_V4(gtime->YYYY); - STORE_V(gtime->MM); - STORE_V(gtime->DD); - STORE_V(gtime->hh); - STORE_V(gtime->mm); - STORE_V(gtime->ss); - - if (gtime->fs) { - unsigned long divisor; - unsigned fs = gtime->fs; - unsigned len = 0; - out[x++] = der_ia5_char_encode('.'); - divisor = 1; - do { - fs /= 10; - divisor *= 10; - len++; - } while(fs != 0); - while (len-- > 1) { - divisor /= 10; - out[x++] = der_ia5_char_encode(baseten[(gtime->fs/divisor) % 10]); - } - out[x++] = der_ia5_char_encode(baseten[gtime->fs % 10]); - } - - if (gtime->off_mm || gtime->off_hh) { - out[x++] = der_ia5_char_encode(gtime->off_dir ? '-' : '+'); - STORE_V(gtime->off_hh); - STORE_V(gtime->off_mm); - } else { - out[x++] = der_ia5_char_encode('Z'); - } - - /* store length */ - out[1] = (unsigned char)(x - 2); - - /* all good let's return */ - *outlen = x; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_length_generalizedtime.c b/libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_length_generalizedtime.c deleted file mode 100644 index a58e11ef1ed..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/generalizedtime/der_length_generalizedtime.c +++ /dev/null @@ -1,54 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_utctime.c - ASN.1 DER, get length of GeneralizedTime, Steffen Jaeckel - Based on der_length_utctime.c -*/ - -#ifdef LTC_DER - -/** - Gets length of DER encoding of GeneralizedTime - @param gtime The GeneralizedTime structure to get the size of - @param outlen [out] The length of the DER encoding - @return CRYPT_OK if successful -*/ -int der_length_generalizedtime(ltc_generalizedtime *gtime, unsigned long *outlen) -{ - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(gtime != NULL); - - if (gtime->fs == 0) { - /* we encode as YYYYMMDDhhmmssZ */ - *outlen = 2 + 14 + 1; - } else { - unsigned long len = 2 + 14 + 1; - unsigned fs = gtime->fs; - do { - fs /= 10; - len++; - } while(fs != 0); - if (gtime->off_hh == 0 && gtime->off_mm == 0) { - /* we encode as YYYYMMDDhhmmss.fsZ */ - len += 1; - } - else { - /* we encode as YYYYMMDDhhmmss.fs{+|-}hh'mm' */ - len += 5; - } - *outlen = len; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c b/libs/tomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c deleted file mode 100644 index 401e208ef4e..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/ia5/der_decode_ia5_string.c +++ /dev/null @@ -1,90 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_ia5_string.c - ASN.1 DER, encode a IA5 STRING, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Store a IA5 STRING - @param in The DER encoded IA5 STRING - @param inlen The size of the DER IA5 STRING - @param out [out] The array of octets stored (one per char) - @param outlen [in/out] The number of octets stored - @return CRYPT_OK if successful -*/ -int der_decode_ia5_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, y, len; - int t; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* must have header at least */ - if (inlen < 2) { - return CRYPT_INVALID_PACKET; - } - - /* check for 0x16 */ - if ((in[0] & 0x1F) != 0x16) { - return CRYPT_INVALID_PACKET; - } - x = 1; - - /* decode the length */ - if (in[x] & 0x80) { - /* valid # of bytes in length are 1,2,3 */ - y = in[x] & 0x7F; - if ((y == 0) || (y > 3) || ((x + y) > inlen)) { - return CRYPT_INVALID_PACKET; - } - - /* read the length in */ - len = 0; - ++x; - while (y--) { - len = (len << 8) | in[x++]; - } - } else { - len = in[x++] & 0x7F; - } - - /* is it too long? */ - if (len > *outlen) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - if (len + x > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* read the data */ - for (y = 0; y < len; y++) { - t = der_ia5_value_decode(in[x++]); - if (t == -1) { - return CRYPT_INVALID_ARG; - } - out[y] = t; - } - - *outlen = y; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c b/libs/tomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c deleted file mode 100644 index 6f183fac685..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/ia5/der_encode_ia5_string.c +++ /dev/null @@ -1,79 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_ia5_string.c - ASN.1 DER, encode a IA5 STRING, Tom St Denis -*/ - -#ifdef LTC_DER - -/** - Store an IA5 STRING - @param in The array of IA5 to store (one per char) - @param inlen The number of IA5 to store - @param out [out] The destination for the DER encoded IA5 STRING - @param outlen [in/out] The max size and resulting size of the DER IA5 STRING - @return CRYPT_OK if successful -*/ -int der_encode_ia5_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, y, len; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* get the size */ - if ((err = der_length_ia5_string(in, inlen, &len)) != CRYPT_OK) { - return err; - } - - /* too big? */ - if (len > *outlen) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - /* encode the header+len */ - x = 0; - out[x++] = 0x16; - if (inlen < 128) { - out[x++] = (unsigned char)inlen; - } else if (inlen < 256) { - out[x++] = 0x81; - out[x++] = (unsigned char)inlen; - } else if (inlen < 65536UL) { - out[x++] = 0x82; - out[x++] = (unsigned char)((inlen>>8)&255); - out[x++] = (unsigned char)(inlen&255); - } else if (inlen < 16777216UL) { - out[x++] = 0x83; - out[x++] = (unsigned char)((inlen>>16)&255); - out[x++] = (unsigned char)((inlen>>8)&255); - out[x++] = (unsigned char)(inlen&255); - } else { - return CRYPT_INVALID_ARG; - } - - /* store octets */ - for (y = 0; y < inlen; y++) { - out[x++] = der_ia5_char_encode(in[y]); - } - - /* retun length */ - *outlen = x; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c b/libs/tomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c deleted file mode 100644 index fa40af1c128..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/ia5/der_length_ia5_string.c +++ /dev/null @@ -1,187 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_ia5_string.c - ASN.1 DER, get length of IA5 STRING, Tom St Denis -*/ - -#ifdef LTC_DER - -static const struct { - int code, value; -} ia5_table[] = { -{ '\0', 0 }, -{ '\a', 7 }, -{ '\b', 8 }, -{ '\t', 9 }, -{ '\n', 10 }, -{ '\f', 12 }, -{ '\r', 13 }, -{ ' ', 32 }, -{ '!', 33 }, -{ '"', 34 }, -{ '#', 35 }, -{ '$', 36 }, -{ '%', 37 }, -{ '&', 38 }, -{ '\'', 39 }, -{ '(', 40 }, -{ ')', 41 }, -{ '*', 42 }, -{ '+', 43 }, -{ ',', 44 }, -{ '-', 45 }, -{ '.', 46 }, -{ '/', 47 }, -{ '0', 48 }, -{ '1', 49 }, -{ '2', 50 }, -{ '3', 51 }, -{ '4', 52 }, -{ '5', 53 }, -{ '6', 54 }, -{ '7', 55 }, -{ '8', 56 }, -{ '9', 57 }, -{ ':', 58 }, -{ ';', 59 }, -{ '<', 60 }, -{ '=', 61 }, -{ '>', 62 }, -{ '?', 63 }, -{ '@', 64 }, -{ 'A', 65 }, -{ 'B', 66 }, -{ 'C', 67 }, -{ 'D', 68 }, -{ 'E', 69 }, -{ 'F', 70 }, -{ 'G', 71 }, -{ 'H', 72 }, -{ 'I', 73 }, -{ 'J', 74 }, -{ 'K', 75 }, -{ 'L', 76 }, -{ 'M', 77 }, -{ 'N', 78 }, -{ 'O', 79 }, -{ 'P', 80 }, -{ 'Q', 81 }, -{ 'R', 82 }, -{ 'S', 83 }, -{ 'T', 84 }, -{ 'U', 85 }, -{ 'V', 86 }, -{ 'W', 87 }, -{ 'X', 88 }, -{ 'Y', 89 }, -{ 'Z', 90 }, -{ '[', 91 }, -{ '\\', 92 }, -{ ']', 93 }, -{ '^', 94 }, -{ '_', 95 }, -{ '`', 96 }, -{ 'a', 97 }, -{ 'b', 98 }, -{ 'c', 99 }, -{ 'd', 100 }, -{ 'e', 101 }, -{ 'f', 102 }, -{ 'g', 103 }, -{ 'h', 104 }, -{ 'i', 105 }, -{ 'j', 106 }, -{ 'k', 107 }, -{ 'l', 108 }, -{ 'm', 109 }, -{ 'n', 110 }, -{ 'o', 111 }, -{ 'p', 112 }, -{ 'q', 113 }, -{ 'r', 114 }, -{ 's', 115 }, -{ 't', 116 }, -{ 'u', 117 }, -{ 'v', 118 }, -{ 'w', 119 }, -{ 'x', 120 }, -{ 'y', 121 }, -{ 'z', 122 }, -{ '{', 123 }, -{ '|', 124 }, -{ '}', 125 }, -{ '~', 126 } -}; - -int der_ia5_char_encode(int c) -{ - int x; - for (x = 0; x < (int)(sizeof(ia5_table)/sizeof(ia5_table[0])); x++) { - if (ia5_table[x].code == c) { - return ia5_table[x].value; - } - } - return -1; -} - -int der_ia5_value_decode(int v) -{ - int x; - for (x = 0; x < (int)(sizeof(ia5_table)/sizeof(ia5_table[0])); x++) { - if (ia5_table[x].value == v) { - return ia5_table[x].code; - } - } - return -1; -} - -/** - Gets length of DER encoding of IA5 STRING - @param octets The values you want to encode - @param noctets The number of octets in the string to encode - @param outlen [out] The length of the DER encoding for the given string - @return CRYPT_OK if successful -*/ -int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen) -{ - unsigned long x; - - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(octets != NULL); - - /* scan string for validity */ - for (x = 0; x < noctets; x++) { - if (der_ia5_char_encode(octets[x]) == -1) { - return CRYPT_INVALID_ARG; - } - } - - if (noctets < 128) { - /* 16 LL DD DD DD ... */ - *outlen = 2 + noctets; - } else if (noctets < 256) { - /* 16 81 LL DD DD DD ... */ - *outlen = 3 + noctets; - } else if (noctets < 65536UL) { - /* 16 82 LL LL DD DD DD ... */ - *outlen = 4 + noctets; - } else if (noctets < 16777216UL) { - /* 16 83 LL LL LL DD DD DD ... */ - *outlen = 5 + noctets; - } else { - return CRYPT_INVALID_ARG; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/integer/der_decode_integer.c b/libs/tomcrypt/src/pk/asn1/der/integer/der_decode_integer.c deleted file mode 100644 index 0ba76fcc639..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/integer/der_decode_integer.c +++ /dev/null @@ -1,104 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_integer.c - ASN.1 DER, decode an integer, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Read a mp_int integer - @param in The DER encoded data - @param inlen Size of DER encoded data - @param num The first mp_int to decode - @return CRYPT_OK if successful -*/ -int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num) -{ - unsigned long x, y, z; - int err; - - LTC_ARGCHK(num != NULL); - LTC_ARGCHK(in != NULL); - - /* min DER INTEGER is 0x02 01 00 == 0 */ - if (inlen < (1 + 1 + 1)) { - return CRYPT_INVALID_PACKET; - } - - /* ok expect 0x02 when we AND with 0001 1111 [1F] */ - x = 0; - if ((in[x++] & 0x1F) != 0x02) { - return CRYPT_INVALID_PACKET; - } - - /* now decode the len stuff */ - z = in[x++]; - - if ((z & 0x80) == 0x00) { - /* short form */ - - /* will it overflow? */ - if (x + z > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* no so read it */ - if ((err = mp_read_unsigned_bin(num, (unsigned char *)in + x, z)) != CRYPT_OK) { - return err; - } - } else { - /* long form */ - z &= 0x7F; - - /* will number of length bytes overflow? (or > 4) */ - if (((x + z) > inlen) || (z > 4) || (z == 0)) { - return CRYPT_INVALID_PACKET; - } - - /* now read it in */ - y = 0; - while (z--) { - y = ((unsigned long)(in[x++])) | (y << 8); - } - - /* now will reading y bytes overrun? */ - if ((x + y) > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* no so read it */ - if ((err = mp_read_unsigned_bin(num, (unsigned char *)in + x, y)) != CRYPT_OK) { - return err; - } - } - - /* see if it's negative */ - if (in[x] & 0x80) { - void *tmp; - if (mp_init(&tmp) != CRYPT_OK) { - return CRYPT_MEM; - } - - if (mp_2expt(tmp, mp_count_bits(num)) != CRYPT_OK || mp_sub(num, tmp, num) != CRYPT_OK) { - mp_clear(tmp); - return CRYPT_MEM; - } - mp_clear(tmp); - } - - return CRYPT_OK; - -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/integer/der_encode_integer.c b/libs/tomcrypt/src/pk/asn1/der/integer/der_encode_integer.c deleted file mode 100644 index bd55883b96c..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/integer/der_encode_integer.c +++ /dev/null @@ -1,124 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_integer.c - ASN.1 DER, encode an integer, Tom St Denis -*/ - - -#ifdef LTC_DER - -/* Exports a positive bignum as DER format (upto 2^32 bytes in size) */ -/** - Store a mp_int integer - @param num The first mp_int to encode - @param out [out] The destination for the DER encoded integers - @param outlen [in/out] The max size and resulting size of the DER encoded integers - @return CRYPT_OK if successful -*/ -int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen) -{ - unsigned long tmplen, y; - int err, leading_zero; - - LTC_ARGCHK(num != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* find out how big this will be */ - if ((err = der_length_integer(num, &tmplen)) != CRYPT_OK) { - return err; - } - - if (*outlen < tmplen) { - *outlen = tmplen; - return CRYPT_BUFFER_OVERFLOW; - } - - if (mp_cmp_d(num, 0) != LTC_MP_LT) { - /* we only need a leading zero if the msb of the first byte is one */ - if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == LTC_MP_YES) { - leading_zero = 1; - } else { - leading_zero = 0; - } - - /* get length of num in bytes (plus 1 since we force the msbyte to zero) */ - y = mp_unsigned_bin_size(num) + leading_zero; - } else { - leading_zero = 0; - y = mp_count_bits(num); - y = y + (8 - (y & 7)); - y = y >> 3; - if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) --y; - } - - /* now store initial data */ - *out++ = 0x02; - if (y < 128) { - /* short form */ - *out++ = (unsigned char)y; - } else if (y < 256) { - *out++ = 0x81; - *out++ = (unsigned char)y; - } else if (y < 65536UL) { - *out++ = 0x82; - *out++ = (unsigned char)((y>>8)&255); - *out++ = (unsigned char)y; - } else if (y < 16777216UL) { - *out++ = 0x83; - *out++ = (unsigned char)((y>>16)&255); - *out++ = (unsigned char)((y>>8)&255); - *out++ = (unsigned char)y; - } else { - return CRYPT_INVALID_ARG; - } - - /* now store msbyte of zero if num is non-zero */ - if (leading_zero) { - *out++ = 0x00; - } - - /* if it's not zero store it as big endian */ - if (mp_cmp_d(num, 0) == LTC_MP_GT) { - /* now store the mpint */ - if ((err = mp_to_unsigned_bin(num, out)) != CRYPT_OK) { - return err; - } - } else if (mp_iszero(num) != LTC_MP_YES) { - void *tmp; - - /* negative */ - if (mp_init(&tmp) != CRYPT_OK) { - return CRYPT_MEM; - } - - /* 2^roundup and subtract */ - y = mp_count_bits(num); - y = y + (8 - (y & 7)); - if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) y -= 8; - if (mp_2expt(tmp, y) != CRYPT_OK || mp_add(tmp, num, tmp) != CRYPT_OK) { - mp_clear(tmp); - return CRYPT_MEM; - } - if ((err = mp_to_unsigned_bin(tmp, out)) != CRYPT_OK) { - mp_clear(tmp); - return err; - } - mp_clear(tmp); - } - - /* we good */ - *outlen = tmplen; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/integer/der_length_integer.c b/libs/tomcrypt/src/pk/asn1/der/integer/der_length_integer.c deleted file mode 100644 index 0ef46b59e5d..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/integer/der_length_integer.c +++ /dev/null @@ -1,75 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_integer.c - ASN.1 DER, get length of encoding, Tom St Denis -*/ - - -#ifdef LTC_DER -/** - Gets length of DER encoding of num - @param num The int to get the size of - @param outlen [out] The length of the DER encoding for the given integer - @return CRYPT_OK if successful -*/ -int der_length_integer(void *num, unsigned long *outlen) -{ - unsigned long z, len; - int leading_zero; - - LTC_ARGCHK(num != NULL); - LTC_ARGCHK(outlen != NULL); - - if (mp_cmp_d(num, 0) != LTC_MP_LT) { - /* positive */ - - /* we only need a leading zero if the msb of the first byte is one */ - if ((mp_count_bits(num) & 7) == 0 || mp_iszero(num) == LTC_MP_YES) { - leading_zero = 1; - } else { - leading_zero = 0; - } - - /* size for bignum */ - z = len = leading_zero + mp_unsigned_bin_size(num); - } else { - /* it's negative */ - /* find power of 2 that is a multiple of eight and greater than count bits */ - z = mp_count_bits(num); - z = z + (8 - (z & 7)); - if (((mp_cnt_lsb(num)+1)==mp_count_bits(num)) && ((mp_count_bits(num)&7)==0)) --z; - len = z = z >> 3; - } - - /* now we need a length */ - if (z < 128) { - /* short form */ - ++len; - } else { - /* long form (relies on z != 0), assumes length bytes < 128 */ - ++len; - - while (z) { - ++len; - z >>= 8; - } - } - - /* we need a 0x02 to indicate it's INTEGER */ - ++len; - - /* return length */ - *outlen = len; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c b/libs/tomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c deleted file mode 100644 index 90a9ff175d2..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/object_identifier/der_decode_object_identifier.c +++ /dev/null @@ -1,102 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_object_identifier.c - ASN.1 DER, Decode Object Identifier, Tom St Denis -*/ - -#ifdef LTC_DER -/** - Decode OID data and store the array of integers in words - @param in The OID DER encoded data - @param inlen The length of the OID data - @param words [out] The destination of the OID words - @param outlen [in/out] The number of OID words - @return CRYPT_OK if successful -*/ -int der_decode_object_identifier(const unsigned char *in, unsigned long inlen, - unsigned long *words, unsigned long *outlen) -{ - unsigned long x, y, t, len; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(words != NULL); - LTC_ARGCHK(outlen != NULL); - - /* header is at least 3 bytes */ - if (inlen < 3) { - return CRYPT_INVALID_PACKET; - } - - /* must be room for at least two words */ - if (*outlen < 2) { - *outlen = 2; - return CRYPT_BUFFER_OVERFLOW; - } - - /* decode the packet header */ - x = 0; - if ((in[x++] & 0x1F) != 0x06) { - return CRYPT_INVALID_PACKET; - } - - /* get the length */ - if (in[x] < 128) { - len = in[x++]; - } else { - if (in[x] < 0x81 || in[x] > 0x82) { - return CRYPT_INVALID_PACKET; - } - y = in[x++] & 0x7F; - len = 0; - while (y--) { - len = (len << 8) | (unsigned long)in[x++]; - } - } - - if (len < 1 || (len + x) > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* decode words */ - y = 0; - t = 0; - while (len--) { - t = (t << 7) | (in[x] & 0x7F); - if (!(in[x++] & 0x80)) { - /* store t */ - if (y >= *outlen) { - y++; - } else { - if (y == 0) { - words[0] = t / 40; - words[1] = t % 40; - y = 2; - } else { - words[y++] = t; - } - } - t = 0; - } - } - - if (y > *outlen) { - err = CRYPT_BUFFER_OVERFLOW; - } else { - err = CRYPT_OK; - } - - *outlen = y; - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c b/libs/tomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c deleted file mode 100644 index 6fac1d80598..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/object_identifier/der_encode_object_identifier.c +++ /dev/null @@ -1,105 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_object_identifier.c - ASN.1 DER, Encode Object Identifier, Tom St Denis -*/ - -#ifdef LTC_DER -/** - Encode an OID - @param words The words to encode (upto 32-bits each) - @param nwords The number of words in the OID - @param out [out] Destination of OID data - @param outlen [in/out] The max and resulting size of the OID - @return CRYPT_OK if successful -*/ -int der_encode_object_identifier(unsigned long *words, unsigned long nwords, - unsigned char *out, unsigned long *outlen) -{ - unsigned long i, x, y, z, t, mask, wordbuf; - int err; - - LTC_ARGCHK(words != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* check length */ - if ((err = der_length_object_identifier(words, nwords, &x)) != CRYPT_OK) { - return err; - } - if (x > *outlen) { - *outlen = x; - return CRYPT_BUFFER_OVERFLOW; - } - - /* compute length to store OID data */ - z = 0; - wordbuf = words[0] * 40 + words[1]; - for (y = 1; y < nwords; y++) { - t = der_object_identifier_bits(wordbuf); - z += t/7 + ((t%7) ? 1 : 0) + (wordbuf == 0 ? 1 : 0); - if (y < nwords - 1) { - wordbuf = words[y + 1]; - } - } - - /* store header + length */ - x = 0; - out[x++] = 0x06; - if (z < 128) { - out[x++] = (unsigned char)z; - } else if (z < 256) { - out[x++] = 0x81; - out[x++] = (unsigned char)z; - } else if (z < 65536UL) { - out[x++] = 0x82; - out[x++] = (unsigned char)((z>>8)&255); - out[x++] = (unsigned char)(z&255); - } else { - return CRYPT_INVALID_ARG; - } - - /* store first byte */ - wordbuf = words[0] * 40 + words[1]; - for (i = 1; i < nwords; i++) { - /* store 7 bit words in little endian */ - t = wordbuf & 0xFFFFFFFF; - if (t) { - y = x; - mask = 0; - while (t) { - out[x++] = (unsigned char)((t & 0x7F) | mask); - t >>= 7; - mask |= 0x80; /* upper bit is set on all but the last byte */ - } - /* now swap bytes y...x-1 */ - z = x - 1; - while (y < z) { - t = out[y]; out[y] = out[z]; out[z] = (unsigned char)t; - ++y; - --z; - } - } else { - /* zero word */ - out[x++] = 0x00; - } - - if (i < nwords - 1) { - wordbuf = words[i + 1]; - } - } - - *outlen = x; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c b/libs/tomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c deleted file mode 100644 index d490f51285d..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/object_identifier/der_length_object_identifier.c +++ /dev/null @@ -1,83 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_object_identifier.c - ASN.1 DER, get length of Object Identifier, Tom St Denis -*/ - -#ifdef LTC_DER - -unsigned long der_object_identifier_bits(unsigned long x) -{ - unsigned long c; - x &= 0xFFFFFFFF; - c = 0; - while (x) { - ++c; - x >>= 1; - } - return c; -} - - -/** - Gets length of DER encoding of Object Identifier - @param nwords The number of OID words - @param words The actual OID words to get the size of - @param outlen [out] The length of the DER encoding for the given string - @return CRYPT_OK if successful -*/ -int der_length_object_identifier(unsigned long *words, unsigned long nwords, unsigned long *outlen) -{ - unsigned long y, z, t, wordbuf; - - LTC_ARGCHK(words != NULL); - LTC_ARGCHK(outlen != NULL); - - - /* must be >= 2 words */ - if (nwords < 2) { - return CRYPT_INVALID_ARG; - } - - /* word1 = 0,1,2,3 and word2 0..39 */ - if (words[0] > 3 || (words[0] < 2 && words[1] > 39)) { - return CRYPT_INVALID_ARG; - } - - /* leading word is the first two */ - z = 0; - wordbuf = words[0] * 40 + words[1]; - for (y = 1; y < nwords; y++) { - t = der_object_identifier_bits(wordbuf); - z += t/7 + ((t%7) ? 1 : 0) + (wordbuf == 0 ? 1 : 0); - if (y < nwords - 1) { - /* grab next word */ - wordbuf = words[y+1]; - } - } - - /* now depending on the length our length encoding changes */ - if (z < 128) { - z += 2; - } else if (z < 256) { - z += 3; - } else if (z < 65536UL) { - z += 4; - } else { - return CRYPT_INVALID_ARG; - } - - *outlen = z; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c b/libs/tomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c deleted file mode 100644 index eba13b0364c..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/octet/der_decode_octet_string.c +++ /dev/null @@ -1,85 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_octet_string.c - ASN.1 DER, encode a OCTET STRING, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Store a OCTET STRING - @param in The DER encoded OCTET STRING - @param inlen The size of the DER OCTET STRING - @param out [out] The array of octets stored (one per char) - @param outlen [in/out] The number of octets stored - @return CRYPT_OK if successful -*/ -int der_decode_octet_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, y, len; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* must have header at least */ - if (inlen < 2) { - return CRYPT_INVALID_PACKET; - } - - /* check for 0x04 */ - if ((in[0] & 0x1F) != 0x04) { - return CRYPT_INVALID_PACKET; - } - x = 1; - - /* decode the length */ - if (in[x] & 0x80) { - /* valid # of bytes in length are 1,2,3 */ - y = in[x] & 0x7F; - if ((y == 0) || (y > 3) || ((x + y) > inlen)) { - return CRYPT_INVALID_PACKET; - } - - /* read the length in */ - len = 0; - ++x; - while (y--) { - len = (len << 8) | in[x++]; - } - } else { - len = in[x++] & 0x7F; - } - - /* is it too long? */ - if (len > *outlen) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - if (len + x > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* read the data */ - for (y = 0; y < len; y++) { - out[y] = in[x++]; - } - - *outlen = y; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c b/libs/tomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c deleted file mode 100644 index 60c0e0e5848..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/octet/der_encode_octet_string.c +++ /dev/null @@ -1,80 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_octet_string.c - ASN.1 DER, encode a OCTET STRING, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Store an OCTET STRING - @param in The array of OCTETS to store (one per char) - @param inlen The number of OCTETS to store - @param out [out] The destination for the DER encoded OCTET STRING - @param outlen [in/out] The max size and resulting size of the DER OCTET STRING - @return CRYPT_OK if successful -*/ -int der_encode_octet_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, y, len; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* get the size */ - if ((err = der_length_octet_string(inlen, &len)) != CRYPT_OK) { - return err; - } - - /* too big? */ - if (len > *outlen) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - /* encode the header+len */ - x = 0; - out[x++] = 0x04; - if (inlen < 128) { - out[x++] = (unsigned char)inlen; - } else if (inlen < 256) { - out[x++] = 0x81; - out[x++] = (unsigned char)inlen; - } else if (inlen < 65536UL) { - out[x++] = 0x82; - out[x++] = (unsigned char)((inlen>>8)&255); - out[x++] = (unsigned char)(inlen&255); - } else if (inlen < 16777216UL) { - out[x++] = 0x83; - out[x++] = (unsigned char)((inlen>>16)&255); - out[x++] = (unsigned char)((inlen>>8)&255); - out[x++] = (unsigned char)(inlen&255); - } else { - return CRYPT_INVALID_ARG; - } - - /* store octets */ - for (y = 0; y < inlen; y++) { - out[x++] = in[y]; - } - - /* retun length */ - *outlen = x; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c b/libs/tomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c deleted file mode 100644 index 06957441a3a..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/octet/der_length_octet_string.c +++ /dev/null @@ -1,46 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_octet_string.c - ASN.1 DER, get length of OCTET STRING, Tom St Denis -*/ - -#ifdef LTC_DER -/** - Gets length of DER encoding of OCTET STRING - @param noctets The number of octets in the string to encode - @param outlen [out] The length of the DER encoding for the given string - @return CRYPT_OK if successful -*/ -int der_length_octet_string(unsigned long noctets, unsigned long *outlen) -{ - LTC_ARGCHK(outlen != NULL); - - if (noctets < 128) { - /* 04 LL DD DD DD ... */ - *outlen = 2 + noctets; - } else if (noctets < 256) { - /* 04 81 LL DD DD DD ... */ - *outlen = 3 + noctets; - } else if (noctets < 65536UL) { - /* 04 82 LL LL DD DD DD ... */ - *outlen = 4 + noctets; - } else if (noctets < 16777216UL) { - /* 04 83 LL LL LL DD DD DD ... */ - *outlen = 5 + noctets; - } else { - return CRYPT_INVALID_ARG; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c b/libs/tomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c deleted file mode 100644 index 9e6c8ebebff..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/printable_string/der_decode_printable_string.c +++ /dev/null @@ -1,90 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_printable_string.c - ASN.1 DER, encode a printable STRING, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Store a printable STRING - @param in The DER encoded printable STRING - @param inlen The size of the DER printable STRING - @param out [out] The array of octets stored (one per char) - @param outlen [in/out] The number of octets stored - @return CRYPT_OK if successful -*/ -int der_decode_printable_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, y, len; - int t; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* must have header at least */ - if (inlen < 2) { - return CRYPT_INVALID_PACKET; - } - - /* check for 0x13 */ - if ((in[0] & 0x1F) != 0x13) { - return CRYPT_INVALID_PACKET; - } - x = 1; - - /* decode the length */ - if (in[x] & 0x80) { - /* valid # of bytes in length are 1,2,3 */ - y = in[x] & 0x7F; - if ((y == 0) || (y > 3) || ((x + y) > inlen)) { - return CRYPT_INVALID_PACKET; - } - - /* read the length in */ - len = 0; - ++x; - while (y--) { - len = (len << 8) | in[x++]; - } - } else { - len = in[x++] & 0x7F; - } - - /* is it too long? */ - if (len > *outlen) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - if (len + x > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* read the data */ - for (y = 0; y < len; y++) { - t = der_printable_value_decode(in[x++]); - if (t == -1) { - return CRYPT_INVALID_ARG; - } - out[y] = t; - } - - *outlen = y; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c b/libs/tomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c deleted file mode 100644 index 9fd5ee786b0..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/printable_string/der_encode_printable_string.c +++ /dev/null @@ -1,79 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_printable_string.c - ASN.1 DER, encode a printable STRING, Tom St Denis -*/ - -#ifdef LTC_DER - -/** - Store an printable STRING - @param in The array of printable to store (one per char) - @param inlen The number of printable to store - @param out [out] The destination for the DER encoded printable STRING - @param outlen [in/out] The max size and resulting size of the DER printable STRING - @return CRYPT_OK if successful -*/ -int der_encode_printable_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, y, len; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* get the size */ - if ((err = der_length_printable_string(in, inlen, &len)) != CRYPT_OK) { - return err; - } - - /* too big? */ - if (len > *outlen) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - /* encode the header+len */ - x = 0; - out[x++] = 0x13; - if (inlen < 128) { - out[x++] = (unsigned char)inlen; - } else if (inlen < 256) { - out[x++] = 0x81; - out[x++] = (unsigned char)inlen; - } else if (inlen < 65536UL) { - out[x++] = 0x82; - out[x++] = (unsigned char)((inlen>>8)&255); - out[x++] = (unsigned char)(inlen&255); - } else if (inlen < 16777216UL) { - out[x++] = 0x83; - out[x++] = (unsigned char)((inlen>>16)&255); - out[x++] = (unsigned char)((inlen>>8)&255); - out[x++] = (unsigned char)(inlen&255); - } else { - return CRYPT_INVALID_ARG; - } - - /* store octets */ - for (y = 0; y < inlen; y++) { - out[x++] = der_printable_char_encode(in[y]); - } - - /* retun length */ - *outlen = x; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c b/libs/tomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c deleted file mode 100644 index 5d589b7928b..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/printable_string/der_length_printable_string.c +++ /dev/null @@ -1,159 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_printable_string.c - ASN.1 DER, get length of Printable STRING, Tom St Denis -*/ - -#ifdef LTC_DER - -static const struct { - int code, value; -} printable_table[] = { -{ ' ', 32 }, -{ '\'', 39 }, -{ '(', 40 }, -{ ')', 41 }, -{ '+', 43 }, -{ ',', 44 }, -{ '-', 45 }, -{ '.', 46 }, -{ '/', 47 }, -{ '0', 48 }, -{ '1', 49 }, -{ '2', 50 }, -{ '3', 51 }, -{ '4', 52 }, -{ '5', 53 }, -{ '6', 54 }, -{ '7', 55 }, -{ '8', 56 }, -{ '9', 57 }, -{ ':', 58 }, -{ '=', 61 }, -{ '?', 63 }, -{ 'A', 65 }, -{ 'B', 66 }, -{ 'C', 67 }, -{ 'D', 68 }, -{ 'E', 69 }, -{ 'F', 70 }, -{ 'G', 71 }, -{ 'H', 72 }, -{ 'I', 73 }, -{ 'J', 74 }, -{ 'K', 75 }, -{ 'L', 76 }, -{ 'M', 77 }, -{ 'N', 78 }, -{ 'O', 79 }, -{ 'P', 80 }, -{ 'Q', 81 }, -{ 'R', 82 }, -{ 'S', 83 }, -{ 'T', 84 }, -{ 'U', 85 }, -{ 'V', 86 }, -{ 'W', 87 }, -{ 'X', 88 }, -{ 'Y', 89 }, -{ 'Z', 90 }, -{ 'a', 97 }, -{ 'b', 98 }, -{ 'c', 99 }, -{ 'd', 100 }, -{ 'e', 101 }, -{ 'f', 102 }, -{ 'g', 103 }, -{ 'h', 104 }, -{ 'i', 105 }, -{ 'j', 106 }, -{ 'k', 107 }, -{ 'l', 108 }, -{ 'm', 109 }, -{ 'n', 110 }, -{ 'o', 111 }, -{ 'p', 112 }, -{ 'q', 113 }, -{ 'r', 114 }, -{ 's', 115 }, -{ 't', 116 }, -{ 'u', 117 }, -{ 'v', 118 }, -{ 'w', 119 }, -{ 'x', 120 }, -{ 'y', 121 }, -{ 'z', 122 }, -}; - -int der_printable_char_encode(int c) -{ - int x; - for (x = 0; x < (int)(sizeof(printable_table)/sizeof(printable_table[0])); x++) { - if (printable_table[x].code == c) { - return printable_table[x].value; - } - } - return -1; -} - -int der_printable_value_decode(int v) -{ - int x; - for (x = 0; x < (int)(sizeof(printable_table)/sizeof(printable_table[0])); x++) { - if (printable_table[x].value == v) { - return printable_table[x].code; - } - } - return -1; -} - -/** - Gets length of DER encoding of Printable STRING - @param octets The values you want to encode - @param noctets The number of octets in the string to encode - @param outlen [out] The length of the DER encoding for the given string - @return CRYPT_OK if successful -*/ -int der_length_printable_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen) -{ - unsigned long x; - - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(octets != NULL); - - /* scan string for validity */ - for (x = 0; x < noctets; x++) { - if (der_printable_char_encode(octets[x]) == -1) { - return CRYPT_INVALID_ARG; - } - } - - if (noctets < 128) { - /* 16 LL DD DD DD ... */ - *outlen = 2 + noctets; - } else if (noctets < 256) { - /* 16 81 LL DD DD DD ... */ - *outlen = 3 + noctets; - } else if (noctets < 65536UL) { - /* 16 82 LL LL DD DD DD ... */ - *outlen = 4 + noctets; - } else if (noctets < 16777216UL) { - /* 16 83 LL LL LL DD DD DD ... */ - *outlen = 5 + noctets; - } else { - return CRYPT_INVALID_ARG; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c b/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c deleted file mode 100644 index e467ea91adb..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_ex.c +++ /dev/null @@ -1,324 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - - -/** - @file der_decode_sequence_ex.c - ASN.1 DER, decode a SEQUENCE, Tom St Denis -*/ - -#ifdef LTC_DER - -/** - Decode a SEQUENCE - @param in The DER encoded input - @param inlen The size of the input - @param list The list of items to decode - @param outlen The number of items in the list - @param ordered Search an unordeded or ordered list - @return CRYPT_OK on success -*/ -int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, - ltc_asn1_list *list, unsigned long outlen, int ordered) -{ - int err, i; - ltc_asn1_type type; - unsigned long size, x, y, z, blksize; - void *data; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(list != NULL); - - /* get blk size */ - if (inlen < 2) { - return CRYPT_INVALID_PACKET; - } - - /* sequence type? We allow 0x30 SEQUENCE and 0x31 SET since fundamentally they're the same structure */ - x = 0; - if (in[x] != 0x30 && in[x] != 0x31) { - return CRYPT_INVALID_PACKET; - } - ++x; - - /* check if the msb is set, which signals that the - * 7 lsb bits represent the number of bytes of the length - */ - if (in[x] < 128) { - blksize = in[x++]; - } else { - if (in[x] < 0x81 || in[x] > 0x83) { - return CRYPT_INVALID_PACKET; - } - y = in[x++] & 0x7F; - - /* would reading the len bytes overrun? */ - if (x + y > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* read len */ - blksize = 0; - while (y--) { - blksize = (blksize << 8) | (unsigned long)in[x++]; - } - } - - /* would this blksize overflow? */ - if (x + blksize > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* mark all as unused */ - for (i = 0; i < (int)outlen; i++) { - list[i].used = 0; - } - - /* ok read data */ - inlen = blksize; - for (i = 0; i < (int)outlen; i++) { - z = 0; - type = list[i].type; - size = list[i].size; - data = list[i].data; - if (!ordered && list[i].used == 1) { continue; } - - if (type == LTC_ASN1_EOL) { - break; - } - - switch (type) { - case LTC_ASN1_BOOLEAN: - z = inlen; - if ((err = der_decode_boolean(in + x, z, ((int *)data))) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - if ((err = der_length_boolean(&z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_INTEGER: - z = inlen; - if ((err = der_decode_integer(in + x, z, data)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - if ((err = der_length_integer(data, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_SHORT_INTEGER: - z = inlen; - if ((err = der_decode_short_integer(in + x, z, data)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - if ((err = der_length_short_integer(((unsigned long*)data)[0], &z)) != CRYPT_OK) { - goto LBL_ERR; - } - - break; - - case LTC_ASN1_BIT_STRING: - z = inlen; - if ((err = der_decode_bit_string(in + x, z, data, &size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - list[i].size = size; - if ((err = der_length_bit_string(size, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_RAW_BIT_STRING: - z = inlen; - if ((err = der_decode_raw_bit_string(in + x, z, data, &size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - list[i].size = size; - if ((err = der_length_bit_string(size, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_OCTET_STRING: - z = inlen; - if ((err = der_decode_octet_string(in + x, z, data, &size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - list[i].size = size; - if ((err = der_length_octet_string(size, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_NULL: - if (inlen < 2 || in[x] != 0x05 || in[x+1] != 0x00) { - if (!ordered) { continue; } - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - z = 2; - break; - - case LTC_ASN1_OBJECT_IDENTIFIER: - z = inlen; - if ((err = der_decode_object_identifier(in + x, z, data, &size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - list[i].size = size; - if ((err = der_length_object_identifier(data, size, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_TELETEX_STRING: - z = inlen; - if ((err = der_decode_teletex_string(in + x, z, data, &size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - list[i].size = size; - if ((err = der_length_teletex_string(data, size, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_IA5_STRING: - z = inlen; - if ((err = der_decode_ia5_string(in + x, z, data, &size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - list[i].size = size; - if ((err = der_length_ia5_string(data, size, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - - case LTC_ASN1_PRINTABLE_STRING: - z = inlen; - if ((err = der_decode_printable_string(in + x, z, data, &size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - list[i].size = size; - if ((err = der_length_printable_string(data, size, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_UTF8_STRING: - z = inlen; - if ((err = der_decode_utf8_string(in + x, z, data, &size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - list[i].size = size; - if ((err = der_length_utf8_string(data, size, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_UTCTIME: - z = inlen; - if ((err = der_decode_utctime(in + x, &z, data)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - break; - - case LTC_ASN1_GENERALIZEDTIME: - z = inlen; - if ((err = der_decode_generalizedtime(in + x, &z, data)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - break; - - case LTC_ASN1_SET: - z = inlen; - if ((err = der_decode_set(in + x, z, data, size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_SETOF: - case LTC_ASN1_SEQUENCE: - /* detect if we have the right type */ - if ((type == LTC_ASN1_SETOF && (in[x] & 0x3F) != 0x31) || (type == LTC_ASN1_SEQUENCE && (in[x] & 0x3F) != 0x30)) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - z = inlen; - if ((err = der_decode_sequence(in + x, z, data, size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - - case LTC_ASN1_CHOICE: - z = inlen; - if ((err = der_decode_choice(in + x, &z, data, size)) != CRYPT_OK) { - if (!ordered) { continue; } - goto LBL_ERR; - } - break; - - case LTC_ASN1_CONSTRUCTED: - case LTC_ASN1_CONTEXT_SPECIFIC: - case LTC_ASN1_EOL: - err = CRYPT_INVALID_ARG; - goto LBL_ERR; - } - x += z; - inlen -= z; - list[i].used = 1; - if (!ordered) { - /* restart the decoder */ - i = -1; - } - } - - for (i = 0; i < (int)outlen; i++) { - if (list[i].used == 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - } - - if (inlen == 0) { - err = CRYPT_OK; - } else { - err = CRYPT_INPUT_TOO_LONG; - } - -LBL_ERR: - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c b/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c deleted file mode 100644 index 425fe8de9b2..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_flexi.c +++ /dev/null @@ -1,479 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_sequence_flexi.c - ASN.1 DER, decode an array of ASN.1 types with a flexi parser, Tom St Denis -*/ - -#ifdef LTC_DER - -static unsigned long _fetch_length(const unsigned char *in, unsigned long inlen, unsigned long *data_offset) -{ - unsigned long x, z; - - *data_offset = 0; - - /* skip type and read len */ - if (inlen < 2) { - return 0xFFFFFFFF; - } - ++in; ++(*data_offset); - - /* read len */ - x = *in++; ++(*data_offset); - - /* <128 means literal */ - if (x < 128) { - return x+*data_offset; - } - x &= 0x7F; /* the lower 7 bits are the length of the length */ - inlen -= 2; - - /* len means len of len! */ - if (x == 0 || x > 4 || x > inlen) { - return 0xFFFFFFFF; - } - - *data_offset += x; - z = 0; - while (x--) { - z = (z<<8) | ((unsigned long)*in); - ++in; - } - return z+*data_offset; -} - -static int _new_element(ltc_asn1_list **l) -{ - /* alloc new link */ - if (*l == NULL) { - *l = XCALLOC(1, sizeof(ltc_asn1_list)); - if (*l == NULL) { - return CRYPT_MEM; - } - } else { - (*l)->next = XCALLOC(1, sizeof(ltc_asn1_list)); - if ((*l)->next == NULL) { - return CRYPT_MEM; - } - (*l)->next->prev = *l; - *l = (*l)->next; - } - return CRYPT_OK; -} - -/** - ASN.1 DER Flexi(ble) decoder will decode arbitrary DER packets and create a linked list of the decoded elements. - @param in The input buffer - @param inlen [in/out] The length of the input buffer and on output the amount of decoded data - @param out [out] A pointer to the linked list - @return CRYPT_OK on success. -*/ -int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out) -{ - ltc_asn1_list *l, *t; - unsigned long err, type, len, totlen, data_offset, len_len; - void *realloc_tmp; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen != NULL); - LTC_ARGCHK(out != NULL); - - l = NULL; - totlen = 0; - - if (*inlen == 0) { - /* alloc new link */ - if ((err = _new_element(&l)) != CRYPT_OK) { - goto error; - } - } - - /* scan the input and and get lengths and what not */ - while (*inlen) { - /* read the type byte */ - type = *in; - - /* fetch length */ - len = _fetch_length(in, *inlen, &data_offset); - if (len > *inlen) { - err = CRYPT_INVALID_PACKET; - goto error; - } - - /* alloc new link */ - if ((err = _new_element(&l)) != CRYPT_OK) { - goto error; - } - - if ((type & 0x20) && (type != 0x30) && (type != 0x31)) { - /* constructed, use the 'used' field to store the original identifier */ - l->used = type; - /* treat constructed elements like SETs */ - type = 0x20; - } - else if ((type & 0xC0) == 0x80) { - /* context-specific, use the 'used' field to store the original identifier */ - l->used = type; - /* context-specific elements are treated as opaque data */ - type = 0x80; - } - - /* now switch on type */ - switch (type) { - case 0x01: /* BOOLEAN */ - l->type = LTC_ASN1_BOOLEAN; - l->size = 1; - l->data = XCALLOC(1, sizeof(int)); - - if ((err = der_decode_boolean(in, *inlen, l->data)) != CRYPT_OK) { - goto error; - } - - if ((err = der_length_boolean(&len)) != CRYPT_OK) { - goto error; - } - break; - - case 0x02: /* INTEGER */ - /* init field */ - l->type = LTC_ASN1_INTEGER; - l->size = 1; - if ((err = mp_init(&l->data)) != CRYPT_OK) { - goto error; - } - - /* decode field */ - if ((err = der_decode_integer(in, *inlen, l->data)) != CRYPT_OK) { - goto error; - } - - /* calc length of object */ - if ((err = der_length_integer(l->data, &len)) != CRYPT_OK) { - goto error; - } - break; - - case 0x03: /* BIT */ - /* init field */ - l->type = LTC_ASN1_BIT_STRING; - l->size = len * 8; /* *8 because we store decoded bits one per char and they are encoded 8 per char. */ - - if ((l->data = XCALLOC(1, l->size)) == NULL) { - err = CRYPT_MEM; - goto error; - } - - if ((err = der_decode_bit_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { - goto error; - } - - if ((err = der_length_bit_string(l->size, &len)) != CRYPT_OK) { - goto error; - } - break; - - case 0x04: /* OCTET */ - - /* init field */ - l->type = LTC_ASN1_OCTET_STRING; - l->size = len; - - if ((l->data = XCALLOC(1, l->size)) == NULL) { - err = CRYPT_MEM; - goto error; - } - - if ((err = der_decode_octet_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { - goto error; - } - - if ((err = der_length_octet_string(l->size, &len)) != CRYPT_OK) { - goto error; - } - break; - - case 0x05: /* NULL */ - - /* valid NULL is 0x05 0x00 */ - if (in[0] != 0x05 || in[1] != 0x00) { - err = CRYPT_INVALID_PACKET; - goto error; - } - - /* simple to store ;-) */ - l->type = LTC_ASN1_NULL; - l->data = NULL; - l->size = 0; - len = 2; - - break; - - case 0x06: /* OID */ - - /* init field */ - l->type = LTC_ASN1_OBJECT_IDENTIFIER; - l->size = len; - - if ((l->data = XCALLOC(len, sizeof(unsigned long))) == NULL) { - err = CRYPT_MEM; - goto error; - } - - if ((err = der_decode_object_identifier(in, *inlen, l->data, &l->size)) != CRYPT_OK) { - goto error; - } - - if ((err = der_length_object_identifier(l->data, l->size, &len)) != CRYPT_OK) { - goto error; - } - - /* resize it to save a bunch of mem */ - if ((realloc_tmp = XREALLOC(l->data, l->size * sizeof(unsigned long))) == NULL) { - /* out of heap but this is not an error */ - break; - } - l->data = realloc_tmp; - break; - - case 0x0C: /* UTF8 */ - - /* init field */ - l->type = LTC_ASN1_UTF8_STRING; - l->size = len; - - if ((l->data = XCALLOC(sizeof(wchar_t), l->size)) == NULL) { - err = CRYPT_MEM; - goto error; - } - - if ((err = der_decode_utf8_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { - goto error; - } - - if ((err = der_length_utf8_string(l->data, l->size, &len)) != CRYPT_OK) { - goto error; - } - break; - - case 0x13: /* PRINTABLE */ - - /* init field */ - l->type = LTC_ASN1_PRINTABLE_STRING; - l->size = len; - - if ((l->data = XCALLOC(1, l->size)) == NULL) { - err = CRYPT_MEM; - goto error; - } - - if ((err = der_decode_printable_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { - goto error; - } - - if ((err = der_length_printable_string(l->data, l->size, &len)) != CRYPT_OK) { - goto error; - } - break; - - case 0x14: /* TELETEXT */ - - /* init field */ - l->type = LTC_ASN1_TELETEX_STRING; - l->size = len; - - if ((l->data = XCALLOC(1, l->size)) == NULL) { - err = CRYPT_MEM; - goto error; - } - - if ((err = der_decode_teletex_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { - goto error; - } - - if ((err = der_length_teletex_string(l->data, l->size, &len)) != CRYPT_OK) { - goto error; - } - break; - - case 0x16: /* IA5 */ - - /* init field */ - l->type = LTC_ASN1_IA5_STRING; - l->size = len; - - if ((l->data = XCALLOC(1, l->size)) == NULL) { - err = CRYPT_MEM; - goto error; - } - - if ((err = der_decode_ia5_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { - goto error; - } - - if ((err = der_length_ia5_string(l->data, l->size, &len)) != CRYPT_OK) { - goto error; - } - break; - - case 0x17: /* UTC TIME */ - - /* init field */ - l->type = LTC_ASN1_UTCTIME; - l->size = 1; - - if ((l->data = XCALLOC(1, sizeof(ltc_utctime))) == NULL) { - err = CRYPT_MEM; - goto error; - } - - len = *inlen; - if ((err = der_decode_utctime(in, &len, l->data)) != CRYPT_OK) { - goto error; - } - - if ((err = der_length_utctime(l->data, &len)) != CRYPT_OK) { - goto error; - } - break; - - case 0x18: - l->type = LTC_ASN1_GENERALIZEDTIME; - l->size = len; - - if ((l->data = XCALLOC(1, sizeof(ltc_generalizedtime))) == NULL) { - err = CRYPT_MEM; - goto error; - } - - if ((err = der_decode_generalizedtime(in, &len, l->data)) != CRYPT_OK) { - goto error; - } - - if ((err = der_length_generalizedtime(l->data, &len)) != CRYPT_OK) { - goto error; - } - - break; - - case 0x20: /* Any CONSTRUCTED element that is neither SEQUENCE nor SET */ - case 0x30: /* SEQUENCE */ - case 0x31: /* SET */ - - /* init field */ - if (type == 0x20) { - l->type = LTC_ASN1_CONSTRUCTED; - } - else if (type == 0x30) { - l->type = LTC_ASN1_SEQUENCE; - } - else { - l->type = LTC_ASN1_SET; - } - - if ((l->data = XMALLOC(len)) == NULL) { - err = CRYPT_MEM; - goto error; - } - - XMEMCPY(l->data, in, len); - l->size = len; - - - /* jump to the start of the data */ - in += data_offset; - *inlen -= data_offset; - len = len - data_offset; - - /* Sequence elements go as child */ - if ((err = der_decode_sequence_flexi(in, &len, &(l->child))) != CRYPT_OK) { - goto error; - } - - /* len update */ - totlen += data_offset; - - /* the flexi decoder can also do nothing, so make sure a child has been allocated */ - if (l->child) { - /* link them up y0 */ - l->child->parent = l; - } - - t = l; - len_len = 0; - while((t != NULL) && (t->child != NULL)) { - len_len++; - t = t->child; - } - if (len_len > LTC_DER_MAX_RECURSION) { - err = CRYPT_ERROR; - goto error; - } - - break; - - case 0x80: /* Context-specific */ - l->type = LTC_ASN1_CONTEXT_SPECIFIC; - - if ((l->data = XCALLOC(1, len - data_offset)) == NULL) { - err = CRYPT_MEM; - goto error; - } - - XMEMCPY(l->data, in + data_offset, len - data_offset); - l->size = len - data_offset; - - break; - - default: - /* invalid byte ... this is a soft error */ - /* remove link */ - if (l->prev) { - l = l->prev; - XFREE(l->next); - l->next = NULL; - } - goto outside; - } - - /* advance pointers */ - totlen += len; - in += len; - *inlen -= len; - } - -outside: - - /* in case we processed anything */ - if (totlen) { - /* rewind l please */ - while (l->prev != NULL || l->parent != NULL) { - if (l->parent != NULL) { - l = l->parent; - } else { - l = l->prev; - } - } - } - - /* return */ - *out = l; - *inlen = totlen; - return CRYPT_OK; - -error: - /* free list */ - der_sequence_free(l); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c b/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c deleted file mode 100644 index 87b239cb57b..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_sequence_multi.c +++ /dev/null @@ -1,140 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" -#include <stdarg.h> - - -/** - @file der_decode_sequence_multi.c - ASN.1 DER, decode a SEQUENCE, Tom St Denis -*/ - -#ifdef LTC_DER - -/** - Decode a SEQUENCE type using a VA list - @param in Input buffer - @param inlen Length of input in octets - @remark <...> is of the form <type, size, data> (int, unsigned long, void*) - @return CRYPT_OK on success -*/ -int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...) -{ - int err; - ltc_asn1_type type; - unsigned long size, x; - void *data; - va_list args; - ltc_asn1_list *list; - - LTC_ARGCHK(in != NULL); - - /* get size of output that will be required */ - va_start(args, inlen); - x = 0; - for (;;) { - type = (ltc_asn1_type)va_arg(args, int); - size = va_arg(args, unsigned long); - data = va_arg(args, void*); - LTC_UNUSED_PARAM(size); - LTC_UNUSED_PARAM(data); - - if (type == LTC_ASN1_EOL) { - break; - } - - switch (type) { - case LTC_ASN1_BOOLEAN: - case LTC_ASN1_INTEGER: - case LTC_ASN1_SHORT_INTEGER: - case LTC_ASN1_BIT_STRING: - case LTC_ASN1_OCTET_STRING: - case LTC_ASN1_NULL: - case LTC_ASN1_OBJECT_IDENTIFIER: - case LTC_ASN1_IA5_STRING: - case LTC_ASN1_PRINTABLE_STRING: - case LTC_ASN1_UTF8_STRING: - case LTC_ASN1_UTCTIME: - case LTC_ASN1_SET: - case LTC_ASN1_SETOF: - case LTC_ASN1_SEQUENCE: - case LTC_ASN1_CHOICE: - case LTC_ASN1_RAW_BIT_STRING: - case LTC_ASN1_TELETEX_STRING: - case LTC_ASN1_GENERALIZEDTIME: - ++x; - break; - - case LTC_ASN1_EOL: - case LTC_ASN1_CONSTRUCTED: - case LTC_ASN1_CONTEXT_SPECIFIC: - va_end(args); - return CRYPT_INVALID_ARG; - } - } - va_end(args); - - /* allocate structure for x elements */ - if (x == 0) { - return CRYPT_NOP; - } - - list = XCALLOC(sizeof(*list), x); - if (list == NULL) { - return CRYPT_MEM; - } - - /* fill in the structure */ - va_start(args, inlen); - x = 0; - for (;;) { - type = (ltc_asn1_type)va_arg(args, int); - size = va_arg(args, unsigned long); - data = va_arg(args, void*); - - if (type == LTC_ASN1_EOL) { - break; - } - - switch (type) { - case LTC_ASN1_BOOLEAN: - case LTC_ASN1_INTEGER: - case LTC_ASN1_SHORT_INTEGER: - case LTC_ASN1_BIT_STRING: - case LTC_ASN1_OCTET_STRING: - case LTC_ASN1_NULL: - case LTC_ASN1_OBJECT_IDENTIFIER: - case LTC_ASN1_IA5_STRING: - case LTC_ASN1_PRINTABLE_STRING: - case LTC_ASN1_UTF8_STRING: - case LTC_ASN1_UTCTIME: - case LTC_ASN1_SEQUENCE: - case LTC_ASN1_SET: - case LTC_ASN1_SETOF: - case LTC_ASN1_CHOICE: - case LTC_ASN1_RAW_BIT_STRING: - case LTC_ASN1_TELETEX_STRING: - case LTC_ASN1_GENERALIZEDTIME: - LTC_SET_ASN1(list, x++, type, data, size); - break; - /* coverity[dead_error_line] */ - case LTC_ASN1_EOL: - case LTC_ASN1_CONSTRUCTED: - case LTC_ASN1_CONTEXT_SPECIFIC: - break; - } - } - va_end(args); - - err = der_decode_sequence(in, inlen, list, x); - XFREE(list); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c b/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c deleted file mode 100644 index b6a7990894c..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c +++ /dev/null @@ -1,108 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" -/** - @file der_decode_subject_public_key_info.c - ASN.1 DER, encode a Subject Public Key structure --nmav -*/ - -#ifdef LTC_DER - -/* AlgorithmIdentifier := SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm - * } - * - * SubjectPublicKeyInfo := SEQUENCE { - * algorithm AlgorithmIdentifier, - * subjectPublicKey BIT STRING - * } - */ -/** - Decode a subject public key info - @param in The input buffer - @param inlen The length of the input buffer - @param algorithm One out of the enum #public_key_algorithms - @param public_key The buffer for the public key - @param public_key_len [in/out] The length of the public key buffer and the written length - @param parameters_type The parameters' type out of the enum ltc_asn1_type - @param parameters The parameters to include - @param parameters_len The number of parameters to include - @return CRYPT_OK on success -*/ -int der_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, - unsigned int algorithm, void* public_key, unsigned long* public_key_len, - unsigned long parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len) -{ - int err; - unsigned long len; - oid_st oid; - unsigned char *tmpbuf; - unsigned long tmpoid[16]; - ltc_asn1_list alg_id[2]; - ltc_asn1_list subject_pubkey[2]; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen != 0); - LTC_ARGCHK(public_key_len != NULL); - - err = pk_get_oid(algorithm, &oid); - if (err != CRYPT_OK) { - return err; - } - - /* see if the OpenSSL DER format RSA public key will work */ - tmpbuf = XCALLOC(1, inlen); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; - } - - /* this includes the internal hash ID and optional params (NULL in this case) */ - LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); - LTC_SET_ASN1(alg_id, 1, (ltc_asn1_type)parameters_type, parameters, parameters_len); - - /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey - * in a **BIT** string ... so we have to extract it then proceed to convert bit to octet - */ - LTC_SET_ASN1(subject_pubkey, 0, LTC_ASN1_SEQUENCE, alg_id, 2); - LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, inlen*8U); - - err=der_decode_sequence(in, inlen, subject_pubkey, 2UL); - if (err != CRYPT_OK) { - goto LBL_ERR; - } - - if ((alg_id[0].size != oid.OIDlen) || - XMEMCMP(oid.OID, alg_id[0].data, oid.OIDlen * sizeof(oid.OID[0])) != 0) { - /* OID mismatch */ - err = CRYPT_PK_INVALID_TYPE; - goto LBL_ERR; - } - - len = subject_pubkey[1].size/8; - if (*public_key_len > len) { - XMEMCPY(public_key, subject_pubkey[1].data, len); - *public_key_len = len; - } else { - *public_key_len = len; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - err = CRYPT_OK; - -LBL_ERR: - - XFREE(tmpbuf); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_ex.c b/libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_ex.c deleted file mode 100644 index 6e5ba0d52ca..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_ex.c +++ /dev/null @@ -1,213 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - - -/** - @file der_encode_sequence_ex.c - ASN.1 DER, encode a SEQUENCE, Tom St Denis -*/ - -#ifdef LTC_DER - -/** - Encode a SEQUENCE - @param list The list of items to encode - @param inlen The number of items in the list - @param out [out] The destination - @param outlen [in/out] The size of the output - @param type_of LTC_ASN1_SEQUENCE or LTC_ASN1_SET/LTC_ASN1_SETOF - @return CRYPT_OK on success -*/ -int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen, - unsigned char *out, unsigned long *outlen, int type_of) -{ - int err; - ltc_asn1_type type; - unsigned long size, x, y, z, i; - void *data; - - LTC_ARGCHK(list != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* get size of output that will be required */ - y = 0; z = 0; - if ((err = der_length_sequence_ex(list, inlen, &y, &z)) != CRYPT_OK) return CRYPT_INVALID_ARG; - - /* too big ? */ - if (*outlen < y) { - *outlen = y; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* store header */ - x = 0; - out[x++] = (type_of == LTC_ASN1_SEQUENCE) ? 0x30 : 0x31; - - if (z < 128) { - out[x++] = (unsigned char)z; - } else if (z < 256) { - out[x++] = 0x81; - out[x++] = (unsigned char)z; - } else if (z < 65536UL) { - out[x++] = 0x82; - out[x++] = (unsigned char)((z>>8UL)&255); - out[x++] = (unsigned char)(z&255); - } else if (z < 16777216UL) { - out[x++] = 0x83; - out[x++] = (unsigned char)((z>>16UL)&255); - out[x++] = (unsigned char)((z>>8UL)&255); - out[x++] = (unsigned char)(z&255); - } - - /* store data */ - *outlen -= x; - for (i = 0; i < inlen; i++) { - type = list[i].type; - size = list[i].size; - data = list[i].data; - - if (type == LTC_ASN1_EOL) { - break; - } - - switch (type) { - case LTC_ASN1_BOOLEAN: - z = *outlen; - if ((err = der_encode_boolean(*((int *)data), out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_INTEGER: - z = *outlen; - if ((err = der_encode_integer(data, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_SHORT_INTEGER: - z = *outlen; - if ((err = der_encode_short_integer(*((unsigned long*)data), out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_BIT_STRING: - z = *outlen; - if ((err = der_encode_bit_string(data, size, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_RAW_BIT_STRING: - z = *outlen; - if ((err = der_encode_raw_bit_string(data, size, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_OCTET_STRING: - z = *outlen; - if ((err = der_encode_octet_string(data, size, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_NULL: - out[x] = 0x05; - out[x+1] = 0x00; - z = 2; - break; - - case LTC_ASN1_OBJECT_IDENTIFIER: - z = *outlen; - if ((err = der_encode_object_identifier(data, size, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_IA5_STRING: - z = *outlen; - if ((err = der_encode_ia5_string(data, size, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_PRINTABLE_STRING: - z = *outlen; - if ((err = der_encode_printable_string(data, size, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_UTF8_STRING: - z = *outlen; - if ((err = der_encode_utf8_string(data, size, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_UTCTIME: - z = *outlen; - if ((err = der_encode_utctime(data, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_GENERALIZEDTIME: - z = *outlen; - if ((err = der_encode_generalizedtime(data, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_SET: - z = *outlen; - if ((err = der_encode_set(data, size, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_SETOF: - z = *outlen; - if ((err = der_encode_setof(data, size, out + x, &z)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_SEQUENCE: - z = *outlen; - if ((err = der_encode_sequence_ex(data, size, out + x, &z, type)) != CRYPT_OK) { - goto LBL_ERR; - } - break; - - case LTC_ASN1_CHOICE: - case LTC_ASN1_CONSTRUCTED: - case LTC_ASN1_CONTEXT_SPECIFIC: - case LTC_ASN1_EOL: - case LTC_ASN1_TELETEX_STRING: - err = CRYPT_INVALID_ARG; - goto LBL_ERR; - } - - x += z; - *outlen -= z; - } - *outlen = x; - err = CRYPT_OK; - -LBL_ERR: - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c b/libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c deleted file mode 100644 index 492fc024f68..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_sequence_multi.c +++ /dev/null @@ -1,144 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" -#include <stdarg.h> - - -/** - @file der_encode_sequence_multi.c - ASN.1 DER, encode a SEQUENCE, Tom St Denis -*/ - -#ifdef LTC_DER - -/** - Encode a SEQUENCE type using a VA list - @param out [out] Destination for data - @param outlen [in/out] Length of buffer and resulting length of output - @remark <...> is of the form <type, size, data> (int, unsigned long, void*) - @return CRYPT_OK on success -*/ -int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...) -{ - int err; - ltc_asn1_type type; - unsigned long size, x; - void *data; - va_list args; - ltc_asn1_list *list; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* get size of output that will be required */ - va_start(args, outlen); - x = 0; - for (;;) { - type = (ltc_asn1_type)va_arg(args, int); - size = va_arg(args, unsigned long); - data = va_arg(args, void*); - LTC_UNUSED_PARAM(size); - LTC_UNUSED_PARAM(data); - - if (type == LTC_ASN1_EOL) { - break; - } - - switch (type) { - case LTC_ASN1_BOOLEAN: - case LTC_ASN1_INTEGER: - case LTC_ASN1_SHORT_INTEGER: - case LTC_ASN1_BIT_STRING: - case LTC_ASN1_OCTET_STRING: - case LTC_ASN1_NULL: - case LTC_ASN1_OBJECT_IDENTIFIER: - case LTC_ASN1_IA5_STRING: - case LTC_ASN1_PRINTABLE_STRING: - case LTC_ASN1_UTF8_STRING: - case LTC_ASN1_UTCTIME: - case LTC_ASN1_SEQUENCE: - case LTC_ASN1_SET: - case LTC_ASN1_SETOF: - case LTC_ASN1_RAW_BIT_STRING: - case LTC_ASN1_GENERALIZEDTIME: - ++x; - break; - - case LTC_ASN1_CHOICE: - case LTC_ASN1_CONSTRUCTED: - case LTC_ASN1_CONTEXT_SPECIFIC: - case LTC_ASN1_EOL: - case LTC_ASN1_TELETEX_STRING: - va_end(args); - return CRYPT_INVALID_ARG; - } - } - va_end(args); - - /* allocate structure for x elements */ - if (x == 0) { - return CRYPT_NOP; - } - - list = XCALLOC(sizeof(*list), x); - if (list == NULL) { - return CRYPT_MEM; - } - - /* fill in the structure */ - va_start(args, outlen); - x = 0; - for (;;) { - type = (ltc_asn1_type)va_arg(args, int); - size = va_arg(args, unsigned long); - data = va_arg(args, void*); - - if (type == LTC_ASN1_EOL) { - break; - } - - switch (type) { - case LTC_ASN1_BOOLEAN: - case LTC_ASN1_INTEGER: - case LTC_ASN1_SHORT_INTEGER: - case LTC_ASN1_BIT_STRING: - case LTC_ASN1_OCTET_STRING: - case LTC_ASN1_NULL: - case LTC_ASN1_OBJECT_IDENTIFIER: - case LTC_ASN1_IA5_STRING: - case LTC_ASN1_PRINTABLE_STRING: - case LTC_ASN1_UTF8_STRING: - case LTC_ASN1_UTCTIME: - case LTC_ASN1_SEQUENCE: - case LTC_ASN1_SET: - case LTC_ASN1_SETOF: - case LTC_ASN1_RAW_BIT_STRING: - case LTC_ASN1_GENERALIZEDTIME: - LTC_SET_ASN1(list, x++, type, data, size); - break; - - case LTC_ASN1_CHOICE: - case LTC_ASN1_CONSTRUCTED: - case LTC_ASN1_CONTEXT_SPECIFIC: - case LTC_ASN1_EOL: - case LTC_ASN1_TELETEX_STRING: - va_end(args); - err = CRYPT_INVALID_ARG; - goto LBL_ERR; - } - } - va_end(args); - - err = der_encode_sequence(list, x, out, outlen); -LBL_ERR: - XFREE(list); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_subject_public_key_info.c b/libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_subject_public_key_info.c deleted file mode 100644 index 4cd8759a923..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/sequence/der_encode_subject_public_key_info.c +++ /dev/null @@ -1,66 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_subject_public_key_info.c - ASN.1 DER, encode a Subject Public Key structure --nmav -*/ - -#ifdef LTC_DER - -/* AlgorithmIdentifier := SEQUENCE { - * algorithm OBJECT IDENTIFIER, - * parameters ANY DEFINED BY algorithm - * } - * - * SubjectPublicKeyInfo := SEQUENCE { - * algorithm AlgorithmIdentifier, - * subjectPublicKey BIT STRING - * } - */ -/** - Encode a subject public key info - @param out The output buffer - @param outlen [in/out] Length of buffer and resulting length of output - @param algorithm One out of the enum #public_key_algorithms - @param public_key The buffer for the public key - @param public_key_len The length of the public key buffer - @param parameters_type The parameters' type out of the enum ltc_asn1_type - @param parameters The parameters to include - @param parameters_len The number of parameters to include - @return CRYPT_OK on success -*/ -int der_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, - unsigned int algorithm, void* public_key, unsigned long public_key_len, - unsigned long parameters_type, void* parameters, unsigned long parameters_len) -{ - int err; - ltc_asn1_list alg_id[2]; - oid_st oid; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - err = pk_get_oid(algorithm, &oid); - if (err != CRYPT_OK) { - return err; - } - - LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid.OID, oid.OIDlen); - LTC_SET_ASN1(alg_id, 1, (ltc_asn1_type)parameters_type, parameters, parameters_len); - - return der_encode_sequence_multi(out, outlen, - LTC_ASN1_SEQUENCE, (unsigned long)sizeof(alg_id)/sizeof(alg_id[0]), alg_id, - LTC_ASN1_RAW_BIT_STRING, public_key_len*8U, public_key, - LTC_ASN1_EOL, 0UL, NULL); - -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c b/libs/tomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c deleted file mode 100644 index 64a25399352..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/sequence/der_length_sequence.c +++ /dev/null @@ -1,189 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_sequence.c - ASN.1 DER, length a SEQUENCE, Tom St Denis -*/ - -#ifdef LTC_DER - -/** - Get the length of a DER sequence - @param list The sequences of items in the SEQUENCE - @param inlen The number of items - @param outlen [out] The length required in octets to store it - @return CRYPT_OK on success -*/ -int der_length_sequence(ltc_asn1_list *list, unsigned long inlen, - unsigned long *outlen) -{ - return der_length_sequence_ex(list, inlen, outlen, NULL); -} - -int der_length_sequence_ex(ltc_asn1_list *list, unsigned long inlen, - unsigned long *outlen, unsigned long *payloadlen) -{ - int err; - ltc_asn1_type type; - unsigned long size, x, y, i, z; - void *data; - - LTC_ARGCHK(list != NULL); - LTC_ARGCHK(outlen != NULL); - - /* get size of output that will be required */ - y = 0; - for (i = 0; i < inlen; i++) { - type = list[i].type; - size = list[i].size; - data = list[i].data; - - if (type == LTC_ASN1_EOL) { - break; - } - - switch (type) { - case LTC_ASN1_BOOLEAN: - if ((err = der_length_boolean(&x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_INTEGER: - if ((err = der_length_integer(data, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_SHORT_INTEGER: - if ((err = der_length_short_integer(*((unsigned long *)data), &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_BIT_STRING: - case LTC_ASN1_RAW_BIT_STRING: - if ((err = der_length_bit_string(size, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_OCTET_STRING: - if ((err = der_length_octet_string(size, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_NULL: - y += 2; - break; - - case LTC_ASN1_OBJECT_IDENTIFIER: - if ((err = der_length_object_identifier(data, size, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_IA5_STRING: - if ((err = der_length_ia5_string(data, size, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_TELETEX_STRING: - if ((err = der_length_teletex_string(data, size, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_PRINTABLE_STRING: - if ((err = der_length_printable_string(data, size, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_UTCTIME: - if ((err = der_length_utctime(data, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_GENERALIZEDTIME: - if ((err = der_length_generalizedtime(data, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_UTF8_STRING: - if ((err = der_length_utf8_string(data, size, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - case LTC_ASN1_SET: - case LTC_ASN1_SETOF: - case LTC_ASN1_SEQUENCE: - if ((err = der_length_sequence(data, size, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - y += x; - break; - - - case LTC_ASN1_CHOICE: - case LTC_ASN1_CONSTRUCTED: - case LTC_ASN1_CONTEXT_SPECIFIC: - case LTC_ASN1_EOL: - err = CRYPT_INVALID_ARG; - goto LBL_ERR; - } - } - - /* calc header size */ - z = y; - if (y < 128) { - y += 2; - } else if (y < 256) { - /* 0x30 0x81 LL */ - y += 3; - } else if (y < 65536UL) { - /* 0x30 0x82 LL LL */ - y += 4; - } else if (y < 16777216UL) { - /* 0x30 0x83 LL LL LL */ - y += 5; - } else { - err = CRYPT_INVALID_ARG; - goto LBL_ERR; - } - - /* store size */ - if (payloadlen) *payloadlen = z; - *outlen = y; - err = CRYPT_OK; - -LBL_ERR: - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c b/libs/tomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c deleted file mode 100644 index 55b75b1984d..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/sequence/der_sequence_free.c +++ /dev/null @@ -1,59 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_sequence_free.c - ASN.1 DER, free's a structure allocated by der_decode_sequence_flexi(), Tom St Denis -*/ - -#ifdef LTC_DER - -/** - Free memory allocated by der_decode_sequence_flexi() - @param in The list to free -*/ -void der_sequence_free(ltc_asn1_list *in) -{ - ltc_asn1_list *l; - - if (!in) return; - - /* walk to the start of the chain */ - while (in->prev != NULL || in->parent != NULL) { - if (in->parent != NULL) { - in = in->parent; - } else { - in = in->prev; - } - } - - /* now walk the list and free stuff */ - while (in != NULL) { - /* is there a child? */ - if (in->child) { - /* disconnect */ - in->child->parent = NULL; - der_sequence_free(in->child); - } - - switch (in->type) { - case LTC_ASN1_SETOF: break; - case LTC_ASN1_INTEGER : if (in->data != NULL) { mp_clear(in->data); } break; - default : if (in->data != NULL) { XFREE(in->data); } - } - - /* move to next and free current */ - l = in->next; - XFREE(in); - in = l; - } -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/sequence/der_sequence_shrink.c b/libs/tomcrypt/src/pk/asn1/der/sequence/der_sequence_shrink.c deleted file mode 100644 index d4a89158c9b..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/sequence/der_sequence_shrink.c +++ /dev/null @@ -1,46 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_sequence_shrink.c - Free memory allocated for CONSTRUCTED, SET or SEQUENCE elements by der_decode_sequence_flexi(), Steffen Jaeckel -*/ - -#ifdef LTC_DER - -/** - Free memory allocated for CONSTRUCTED, - SET or SEQUENCE elements by der_decode_sequence_flexi() - @param in The list to shrink -*/ -void der_sequence_shrink(ltc_asn1_list *in) -{ - if (!in) return; - - /* now walk the list and free stuff */ - while (in != NULL) { - /* is there a child? */ - if (in->child) { - der_sequence_shrink(in->child); - } - - switch (in->type) { - case LTC_ASN1_CONSTRUCTED: - case LTC_ASN1_SET: - case LTC_ASN1_SEQUENCE : if (in->data != NULL) { XFREE(in->data); in->data = NULL; } break; - default: break; - } - - /* move to next and free current */ - in = in->next; - } -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/set/der_encode_set.c b/libs/tomcrypt/src/pk/asn1/der/set/der_encode_set.c deleted file mode 100644 index 3cfb783b980..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/set/der_encode_set.c +++ /dev/null @@ -1,104 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_set.c - ASN.1 DER, Encode a SET, Tom St Denis -*/ - -#ifdef LTC_DER - -/* LTC define to ASN.1 TAG */ -static int _ltc_to_asn1(ltc_asn1_type v) -{ - switch (v) { - case LTC_ASN1_BOOLEAN: return 0x01; - case LTC_ASN1_INTEGER: - case LTC_ASN1_SHORT_INTEGER: return 0x02; - case LTC_ASN1_RAW_BIT_STRING: - case LTC_ASN1_BIT_STRING: return 0x03; - case LTC_ASN1_OCTET_STRING: return 0x04; - case LTC_ASN1_NULL: return 0x05; - case LTC_ASN1_OBJECT_IDENTIFIER: return 0x06; - case LTC_ASN1_UTF8_STRING: return 0x0C; - case LTC_ASN1_PRINTABLE_STRING: return 0x13; - case LTC_ASN1_TELETEX_STRING: return 0x14; - case LTC_ASN1_IA5_STRING: return 0x16; - case LTC_ASN1_UTCTIME: return 0x17; - case LTC_ASN1_GENERALIZEDTIME: return 0x18; - case LTC_ASN1_SEQUENCE: return 0x30; - case LTC_ASN1_SET: - case LTC_ASN1_SETOF: return 0x31; - case LTC_ASN1_CHOICE: - case LTC_ASN1_CONSTRUCTED: - case LTC_ASN1_CONTEXT_SPECIFIC: - case LTC_ASN1_EOL: return -1; - } - return -1; -} - - -static int _qsort_helper(const void *a, const void *b) -{ - ltc_asn1_list *A = (ltc_asn1_list *)a, *B = (ltc_asn1_list *)b; - int r; - - r = _ltc_to_asn1(A->type) - _ltc_to_asn1(B->type); - - /* for QSORT the order is UNDEFINED if they are "equal" which means it is NOT DETERMINISTIC. So we force it to be :-) */ - if (r == 0) { - /* their order in the original list now determines the position */ - return A->used - B->used; - } else { - return r; - } -} - -/* - Encode a SET type - @param list The list of items to encode - @param inlen The number of items in the list - @param out [out] The destination - @param outlen [in/out] The size of the output - @return CRYPT_OK on success -*/ -int der_encode_set(ltc_asn1_list *list, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - ltc_asn1_list *copy; - unsigned long x; - int err; - - /* make copy of list */ - copy = XCALLOC(inlen, sizeof(*copy)); - if (copy == NULL) { - return CRYPT_MEM; - } - - /* fill in used member with index so we can fully sort it */ - for (x = 0; x < inlen; x++) { - copy[x] = list[x]; - copy[x].used = x; - } - - /* sort it by the "type" field */ - XQSORT(copy, inlen, sizeof(*copy), &_qsort_helper); - - /* call der_encode_sequence_ex() */ - err = der_encode_sequence_ex(copy, inlen, out, outlen, LTC_ASN1_SET); - - /* free list */ - XFREE(copy); - - return err; -} - - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/set/der_encode_setof.c b/libs/tomcrypt/src/pk/asn1/der/set/der_encode_setof.c deleted file mode 100644 index 07b8627e2ca..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/set/der_encode_setof.c +++ /dev/null @@ -1,157 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_setof.c - ASN.1 DER, Encode SET OF, Tom St Denis -*/ - -#ifdef LTC_DER - -struct edge { - unsigned char *start; - unsigned long size; -}; - -static int _qsort_helper(const void *a, const void *b) -{ - struct edge *A = (struct edge *)a, *B = (struct edge *)b; - int r; - unsigned long x; - - /* compare min length */ - r = XMEMCMP(A->start, B->start, MIN(A->size, B->size)); - - if (r == 0 && A->size != B->size) { - if (A->size > B->size) { - for (x = B->size; x < A->size; x++) { - if (A->start[x]) { - return 1; - } - } - } else { - for (x = A->size; x < B->size; x++) { - if (B->start[x]) { - return -1; - } - } - } - } - - return r; -} - -/** - Encode a SETOF stucture - @param list The list of items to encode - @param inlen The number of items in the list - @param out [out] The destination - @param outlen [in/out] The size of the output - @return CRYPT_OK on success -*/ -int der_encode_setof(ltc_asn1_list *list, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, y, z; - ptrdiff_t hdrlen; - int err; - struct edge *edges; - unsigned char *ptr, *buf; - - /* check that they're all the same type */ - for (x = 1; x < inlen; x++) { - if (list[x].type != list[x-1].type) { - return CRYPT_INVALID_ARG; - } - } - - /* alloc buffer to store copy of output */ - buf = XCALLOC(1, *outlen); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* encode list */ - if ((err = der_encode_sequence_ex(list, inlen, buf, outlen, LTC_ASN1_SETOF)) != CRYPT_OK) { - XFREE(buf); - return err; - } - - /* allocate edges */ - edges = XCALLOC(inlen, sizeof(*edges)); - if (edges == NULL) { - XFREE(buf); - return CRYPT_MEM; - } - - /* skip header */ - ptr = buf + 1; - - /* now skip length data */ - x = *ptr++; - if (x >= 0x80) { - ptr += (x & 0x7F); - } - - /* get the size of the static header */ - hdrlen = ptr - buf; - - - /* scan for edges */ - x = 0; - while (ptr < (buf + *outlen)) { - /* store start */ - edges[x].start = ptr; - - /* skip type */ - z = 1; - - /* parse length */ - y = ptr[z++]; - if (y < 128) { - edges[x].size = y; - } else { - y &= 0x7F; - edges[x].size = 0; - while (y--) { - edges[x].size = (edges[x].size << 8) | ((unsigned long)ptr[z++]); - } - } - - /* skip content */ - edges[x].size += z; - ptr += edges[x].size; - ++x; - } - - /* sort based on contents (using edges) */ - XQSORT(edges, inlen, sizeof(*edges), &_qsort_helper); - - /* copy static header */ - XMEMCPY(out, buf, hdrlen); - - /* copy+sort using edges+indecies to output from buffer */ - for (y = (unsigned long)hdrlen, x = 0; x < inlen; x++) { - XMEMCPY(out+y, edges[x].start, edges[x].size); - y += edges[x].size; - } - -#ifdef LTC_CLEAN_STACK - zeromem(buf, *outlen); -#endif - - /* free buffers */ - XFREE(edges); - XFREE(buf); - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c b/libs/tomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c deleted file mode 100644 index ac57017b34d..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/short_integer/der_decode_short_integer.c +++ /dev/null @@ -1,62 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_short_integer.c - ASN.1 DER, decode an integer, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Read a short integer - @param in The DER encoded data - @param inlen Size of data - @param num [out] The integer to decode - @return CRYPT_OK if successful -*/ -int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsigned long *num) -{ - unsigned long len, x, y; - - LTC_ARGCHK(num != NULL); - LTC_ARGCHK(in != NULL); - - /* check length */ - if (inlen < 2) { - return CRYPT_INVALID_PACKET; - } - - /* check header */ - x = 0; - if ((in[x++] & 0x1F) != 0x02) { - return CRYPT_INVALID_PACKET; - } - - /* get the packet len */ - len = in[x++]; - - if (x + len > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* read number */ - y = 0; - while (len--) { - y = (y<<8) | (unsigned long)in[x++]; - } - *num = y; - - return CRYPT_OK; - -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c b/libs/tomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c deleted file mode 100644 index c36a83343a2..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/short_integer/der_encode_short_integer.c +++ /dev/null @@ -1,91 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_short_integer.c - ASN.1 DER, encode an integer, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Store a short integer in the range (0,2^32-1) - @param num The integer to encode - @param out [out] The destination for the DER encoded integers - @param outlen [in/out] The max size and resulting size of the DER encoded integers - @return CRYPT_OK if successful -*/ -int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned long *outlen) -{ - unsigned long len, x, y, z; - int err; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* force to 32 bits */ - num &= 0xFFFFFFFFUL; - - /* find out how big this will be */ - if ((err = der_length_short_integer(num, &len)) != CRYPT_OK) { - return err; - } - - if (*outlen < len) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - /* get len of output */ - z = 0; - y = num; - while (y) { - ++z; - y >>= 8; - } - - /* handle zero */ - if (z == 0) { - z = 1; - } - - /* see if msb is set */ - z += (num&(1UL<<((z<<3) - 1))) ? 1 : 0; - - /* adjust the number so the msB is non-zero */ - for (x = 0; (z <= 4) && (x < (4 - z)); x++) { - num <<= 8; - } - - /* store header */ - x = 0; - out[x++] = 0x02; - out[x++] = (unsigned char)z; - - /* if 31st bit is set output a leading zero and decrement count */ - if (z == 5) { - out[x++] = 0; - --z; - } - - /* store values */ - for (y = 0; y < z; y++) { - out[x++] = (unsigned char)((num >> 24) & 0xFF); - num <<= 8; - } - - /* we good */ - *outlen = x; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c b/libs/tomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c deleted file mode 100644 index a8ca93be723..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/short_integer/der_length_short_integer.c +++ /dev/null @@ -1,64 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_short_integer.c - ASN.1 DER, get length of encoding, Tom St Denis -*/ - - -#ifdef LTC_DER -/** - Gets length of DER encoding of num - @param num The integer to get the size of - @param outlen [out] The length of the DER encoding for the given integer - @return CRYPT_OK if successful -*/ -int der_length_short_integer(unsigned long num, unsigned long *outlen) -{ - unsigned long z, y, len; - - LTC_ARGCHK(outlen != NULL); - - /* force to 32 bits */ - num &= 0xFFFFFFFFUL; - - /* get the number of bytes */ - z = 0; - y = num; - while (y) { - ++z; - y >>= 8; - } - - /* handle zero */ - if (z == 0) { - z = 1; - } - - /* we need a 0x02 to indicate it's INTEGER */ - len = 1; - - /* length byte */ - ++len; - - /* bytes in value */ - len += z; - - /* see if msb is set */ - len += (num&(1UL<<((z<<3) - 1))) ? 1 : 0; - - /* return length */ - *outlen = len; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/teletex_string/der_decode_teletex_string.c b/libs/tomcrypt/src/pk/asn1/der/teletex_string/der_decode_teletex_string.c deleted file mode 100644 index 820ea3ad8e4..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/teletex_string/der_decode_teletex_string.c +++ /dev/null @@ -1,89 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_teletex_string.c - ASN.1 DER, encode a teletex STRING -*/ - -#ifdef LTC_DER - -/** - Store a teletex STRING - @param in The DER encoded teletex STRING - @param inlen The size of the DER teletex STRING - @param out [out] The array of octets stored (one per char) - @param outlen [in/out] The number of octets stored - @return CRYPT_OK if successful -*/ -int der_decode_teletex_string(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, y, len; - int t; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* must have header at least */ - if (inlen < 2) { - return CRYPT_INVALID_PACKET; - } - - /* check for 0x14 */ - if ((in[0] & 0x1F) != 0x14) { - return CRYPT_INVALID_PACKET; - } - x = 1; - - /* decode the length */ - if (in[x] & 0x80) { - /* valid # of bytes in length are 1,2,3 */ - y = in[x] & 0x7F; - if ((y == 0) || (y > 3) || ((x + y) > inlen)) { - return CRYPT_INVALID_PACKET; - } - - /* read the length in */ - len = 0; - ++x; - while (y--) { - len = (len << 8) | in[x++]; - } - } else { - len = in[x++] & 0x7F; - } - - /* is it too long? */ - if (len > *outlen) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - if (len + x > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* read the data */ - for (y = 0; y < len; y++) { - t = der_teletex_value_decode(in[x++]); - if (t == -1) { - return CRYPT_INVALID_ARG; - } - out[y] = t; - } - - *outlen = y; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/teletex_string/der_length_teletex_string.c b/libs/tomcrypt/src/pk/asn1/der/teletex_string/der_length_teletex_string.c deleted file mode 100644 index dd4092000eb..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/teletex_string/der_length_teletex_string.c +++ /dev/null @@ -1,203 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_teletex_string.c - ASN.1 DER, get length of teletex STRING -*/ - -#ifdef LTC_DER - -static const struct { - int code, value; -} teletex_table[] = { -{ '\0', 0 }, -{ '\a', 7 }, -{ '\b', 8 }, -{ '\t', 9 }, -{ '\n', 10 }, -{ '\v', 11 }, -{ '\f', 12 }, -{ '\r', 13 }, -{ ' ', 32 }, -{ '!', 33 }, -{ '"', 34 }, -{ '%', 37 }, -{ '&', 38 }, -{ '\'', 39 }, -{ '(', 40 }, -{ ')', 41 }, -{ '+', 43 }, -{ ',', 44 }, -{ '-', 45 }, -{ '.', 46 }, -{ '/', 47 }, -{ '0', 48 }, -{ '1', 49 }, -{ '2', 50 }, -{ '3', 51 }, -{ '4', 52 }, -{ '5', 53 }, -{ '6', 54 }, -{ '7', 55 }, -{ '8', 56 }, -{ '9', 57 }, -{ ':', 58 }, -{ ';', 59 }, -{ '<', 60 }, -{ '=', 61 }, -{ '>', 62 }, -{ '?', 63 }, -{ '@', 64 }, -{ 'A', 65 }, -{ 'B', 66 }, -{ 'C', 67 }, -{ 'D', 68 }, -{ 'E', 69 }, -{ 'F', 70 }, -{ 'G', 71 }, -{ 'H', 72 }, -{ 'I', 73 }, -{ 'J', 74 }, -{ 'K', 75 }, -{ 'L', 76 }, -{ 'M', 77 }, -{ 'N', 78 }, -{ 'O', 79 }, -{ 'P', 80 }, -{ 'Q', 81 }, -{ 'R', 82 }, -{ 'S', 83 }, -{ 'T', 84 }, -{ 'U', 85 }, -{ 'V', 86 }, -{ 'W', 87 }, -{ 'X', 88 }, -{ 'Y', 89 }, -{ 'Z', 90 }, -{ '[', 91 }, -{ ']', 93 }, -{ '_', 95 }, -{ 'a', 97 }, -{ 'b', 98 }, -{ 'c', 99 }, -{ 'd', 100 }, -{ 'e', 101 }, -{ 'f', 102 }, -{ 'g', 103 }, -{ 'h', 104 }, -{ 'i', 105 }, -{ 'j', 106 }, -{ 'k', 107 }, -{ 'l', 108 }, -{ 'm', 109 }, -{ 'n', 110 }, -{ 'o', 111 }, -{ 'p', 112 }, -{ 'q', 113 }, -{ 'r', 114 }, -{ 's', 115 }, -{ 't', 116 }, -{ 'u', 117 }, -{ 'v', 118 }, -{ 'w', 119 }, -{ 'x', 120 }, -{ 'y', 121 }, -{ 'z', 122 }, -{ '|', 124 }, -{ ' ', 160 }, -{ 0xa1, 161 }, -{ 0xa2, 162 }, -{ 0xa3, 163 }, -{ '$', 164 }, -{ 0xa5, 165 }, -{ '#', 166 }, -{ 0xa7, 167 }, -{ 0xa4, 168 }, -{ 0xab, 171 }, -{ 0xb0, 176 }, -{ 0xb1, 177 }, -{ 0xb2, 178 }, -{ 0xb3, 179 }, -{ 0xd7, 180 }, -{ 0xb5, 181 }, -{ 0xb6, 182 }, -{ 0xb7, 183 }, -{ 0xf7, 184 }, -{ 0xbb, 187 }, -{ 0xbc, 188 }, -{ 0xbd, 189 }, -{ 0xbe, 190 }, -{ 0xbf, 191 }, -}; - -int der_teletex_char_encode(int c) -{ - int x; - for (x = 0; x < (int)(sizeof(teletex_table)/sizeof(teletex_table[0])); x++) { - if (teletex_table[x].code == c) { - return teletex_table[x].value; - } - } - return -1; -} - -int der_teletex_value_decode(int v) -{ - int x; - for (x = 0; x < (int)(sizeof(teletex_table)/sizeof(teletex_table[0])); x++) { - if (teletex_table[x].value == v) { - return teletex_table[x].code; - } - } - return -1; -} - -/** - Gets length of DER encoding of teletex STRING - @param octets The values you want to encode - @param noctets The number of octets in the string to encode - @param outlen [out] The length of the DER encoding for the given string - @return CRYPT_OK if successful -*/ -int der_length_teletex_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen) -{ - unsigned long x; - - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(octets != NULL); - - /* scan string for validity */ - for (x = 0; x < noctets; x++) { - if (der_teletex_char_encode(octets[x]) == -1) { - return CRYPT_INVALID_ARG; - } - } - - if (noctets < 128) { - /* 16 LL DD DD DD ... */ - *outlen = 2 + noctets; - } else if (noctets < 256) { - /* 16 81 LL DD DD DD ... */ - *outlen = 3 + noctets; - } else if (noctets < 65536UL) { - /* 16 82 LL LL DD DD DD ... */ - *outlen = 4 + noctets; - } else if (noctets < 16777216UL) { - /* 16 83 LL LL LL DD DD DD ... */ - *outlen = 5 + noctets; - } else { - return CRYPT_INVALID_ARG; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c b/libs/tomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c deleted file mode 100644 index aea0a2d28ff..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/utctime/der_decode_utctime.c +++ /dev/null @@ -1,121 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_utctime.c - ASN.1 DER, decode a UTCTIME, Tom St Denis -*/ - -#ifdef LTC_DER - -static int _char_to_int(unsigned char x) -{ - switch (x) { - case '0': return 0; - case '1': return 1; - case '2': return 2; - case '3': return 3; - case '4': return 4; - case '5': return 5; - case '6': return 6; - case '7': return 7; - case '8': return 8; - case '9': return 9; - default: return 100; - } -} - -#define DECODE_V(y, max) \ - y = _char_to_int(buf[x])*10 + _char_to_int(buf[x+1]); \ - if (y >= max) return CRYPT_INVALID_PACKET; \ - x += 2; - -/** - Decodes a UTC time structure in DER format (reads all 6 valid encoding formats) - @param in Input buffer - @param inlen Length of input buffer in octets - @param out [out] Destination of UTC time structure - @return CRYPT_OK if successful -*/ -int der_decode_utctime(const unsigned char *in, unsigned long *inlen, - ltc_utctime *out) -{ - unsigned char buf[32] = { 0 }; /* initialize as all zeroes */ - unsigned long x; - int y; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen != NULL); - LTC_ARGCHK(out != NULL); - - /* check header */ - if (*inlen < 2UL || (in[1] >= sizeof(buf)) || ((in[1] + 2UL) > *inlen)) { - return CRYPT_INVALID_PACKET; - } - - /* decode the string */ - for (x = 0; x < in[1]; x++) { - y = der_ia5_value_decode(in[x+2]); - if (y == -1) { - return CRYPT_INVALID_PACKET; - } - buf[x] = y; - } - *inlen = 2 + x; - - - /* possible encodings are -YYMMDDhhmmZ -YYMMDDhhmm+hh'mm' -YYMMDDhhmm-hh'mm' -YYMMDDhhmmssZ -YYMMDDhhmmss+hh'mm' -YYMMDDhhmmss-hh'mm' - - So let's do a trivial decode upto [including] mm - */ - - x = 0; - DECODE_V(out->YY, 100); - DECODE_V(out->MM, 13); - DECODE_V(out->DD, 32); - DECODE_V(out->hh, 24); - DECODE_V(out->mm, 60); - - /* clear timezone and seconds info */ - out->off_dir = out->off_hh = out->off_mm = out->ss = 0; - - /* now is it Z, +, - or 0-9 */ - if (buf[x] == 'Z') { - return CRYPT_OK; - } else if (buf[x] == '+' || buf[x] == '-') { - out->off_dir = (buf[x++] == '+') ? 0 : 1; - DECODE_V(out->off_hh, 24); - DECODE_V(out->off_mm, 60); - return CRYPT_OK; - } - - /* decode seconds */ - DECODE_V(out->ss, 60); - - /* now is it Z, +, - */ - if (buf[x] == 'Z') { - return CRYPT_OK; - } else if (buf[x] == '+' || buf[x] == '-') { - out->off_dir = (buf[x++] == '+') ? 0 : 1; - DECODE_V(out->off_hh, 24); - DECODE_V(out->off_mm, 60); - return CRYPT_OK; - } else { - return CRYPT_INVALID_PACKET; - } -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c b/libs/tomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c deleted file mode 100644 index 8dcc12a8544..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/utctime/der_encode_utctime.c +++ /dev/null @@ -1,77 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_utctime.c - ASN.1 DER, encode a UTCTIME, Tom St Denis -*/ - -#ifdef LTC_DER - -static const char * const baseten = "0123456789"; - -#define STORE_V(y) \ - out[x++] = der_ia5_char_encode(baseten[(y/10) % 10]); \ - out[x++] = der_ia5_char_encode(baseten[y % 10]); - -/** - Encodes a UTC time structure in DER format - @param utctime The UTC time structure to encode - @param out The destination of the DER encoding of the UTC time structure - @param outlen [in/out] The length of the DER encoding - @return CRYPT_OK if successful -*/ -int der_encode_utctime(ltc_utctime *utctime, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, tmplen; - int err; - - LTC_ARGCHK(utctime != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - if ((err = der_length_utctime(utctime, &tmplen)) != CRYPT_OK) { - return err; - } - if (tmplen > *outlen) { - *outlen = tmplen; - return CRYPT_BUFFER_OVERFLOW; - } - - /* store header */ - out[0] = 0x17; - - /* store values */ - x = 2; - STORE_V(utctime->YY); - STORE_V(utctime->MM); - STORE_V(utctime->DD); - STORE_V(utctime->hh); - STORE_V(utctime->mm); - STORE_V(utctime->ss); - - if (utctime->off_mm || utctime->off_hh) { - out[x++] = der_ia5_char_encode(utctime->off_dir ? '-' : '+'); - STORE_V(utctime->off_hh); - STORE_V(utctime->off_mm); - } else { - out[x++] = der_ia5_char_encode('Z'); - } - - /* store length */ - out[1] = (unsigned char)(x - 2); - - /* all good let's return */ - *outlen = x; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c b/libs/tomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c deleted file mode 100644 index a182e494f1a..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/utctime/der_length_utctime.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_utctime.c - ASN.1 DER, get length of UTCTIME, Tom St Denis -*/ - -#ifdef LTC_DER - -/** - Gets length of DER encoding of UTCTIME - @param utctime The UTC time structure to get the size of - @param outlen [out] The length of the DER encoding - @return CRYPT_OK if successful -*/ -int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen) -{ - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(utctime != NULL); - - if (utctime->off_hh == 0 && utctime->off_mm == 0) { - /* we encode as YYMMDDhhmmssZ */ - *outlen = 2 + 13; - } else { - /* we encode as YYMMDDhhmmss{+|-}hh'mm' */ - *outlen = 2 + 17; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c b/libs/tomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c deleted file mode 100644 index 3fe0396de94..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/utf8/der_decode_utf8_string.c +++ /dev/null @@ -1,110 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_decode_utf8_string.c - ASN.1 DER, encode a UTF8 STRING, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Store a UTF8 STRING - @param in The DER encoded UTF8 STRING - @param inlen The size of the DER UTF8 STRING - @param out [out] The array of utf8s stored (one per char) - @param outlen [in/out] The number of utf8s stored - @return CRYPT_OK if successful -*/ -int der_decode_utf8_string(const unsigned char *in, unsigned long inlen, - wchar_t *out, unsigned long *outlen) -{ - wchar_t tmp; - unsigned long x, y, z, len; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* must have header at least */ - if (inlen < 2) { - return CRYPT_INVALID_PACKET; - } - - /* check for 0x0C */ - if ((in[0] & 0x1F) != 0x0C) { - return CRYPT_INVALID_PACKET; - } - x = 1; - - /* decode the length */ - if (in[x] & 0x80) { - /* valid # of bytes in length are 1,2,3 */ - y = in[x] & 0x7F; - if ((y == 0) || (y > 3) || ((x + y) > inlen)) { - return CRYPT_INVALID_PACKET; - } - - /* read the length in */ - len = 0; - ++x; - while (y--) { - len = (len << 8) | in[x++]; - } - } else { - len = in[x++] & 0x7F; - } - - if (len + x > inlen) { - return CRYPT_INVALID_PACKET; - } - - /* proceed to decode */ - for (y = 0; x < inlen; ) { - /* get first byte */ - tmp = in[x++]; - - /* count number of bytes */ - for (z = 0; (tmp & 0x80) && (z <= 4); z++, tmp = (tmp << 1) & 0xFF); - - if (z > 4 || (x + (z - 1) > inlen)) { - return CRYPT_INVALID_PACKET; - } - - /* decode, grab upper bits */ - tmp >>= z; - - /* grab remaining bytes */ - if (z > 1) { --z; } - while (z-- != 0) { - if ((in[x] & 0xC0) != 0x80) { - return CRYPT_INVALID_PACKET; - } - tmp = (tmp << 6) | ((wchar_t)in[x++] & 0x3F); - } - - if (y < *outlen) { - out[y] = tmp; - } - y++; - } - if (y > *outlen) { - err = CRYPT_BUFFER_OVERFLOW; - } else { - err = CRYPT_OK; - } - *outlen = y; - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c b/libs/tomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c deleted file mode 100644 index 9e2ca7d5a20..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/utf8/der_encode_utf8_string.c +++ /dev/null @@ -1,100 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_encode_utf8_string.c - ASN.1 DER, encode a UTF8 STRING, Tom St Denis -*/ - - -#ifdef LTC_DER - -/** - Store an UTF8 STRING - @param in The array of UTF8 to store (one per wchar_t) - @param inlen The number of UTF8 to store - @param out [out] The destination for the DER encoded UTF8 STRING - @param outlen [in/out] The max size and resulting size of the DER UTF8 STRING - @return CRYPT_OK if successful -*/ -int der_encode_utf8_string(const wchar_t *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x, y, len; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* get the size */ - for (x = len = 0; x < inlen; x++) { - if (!der_utf8_valid_char(in[x])) return CRYPT_INVALID_ARG; - len += der_utf8_charsize(in[x]); - } - - if (len < 128) { - y = 2 + len; - } else if (len < 256) { - y = 3 + len; - } else if (len < 65536UL) { - y = 4 + len; - } else if (len < 16777216UL) { - y = 5 + len; - } else { - return CRYPT_INVALID_ARG; - } - - /* too big? */ - if (y > *outlen) { - *outlen = y; - return CRYPT_BUFFER_OVERFLOW; - } - - /* encode the header+len */ - x = 0; - out[x++] = 0x0C; - if (len < 128) { - out[x++] = (unsigned char)len; - } else if (len < 256) { - out[x++] = 0x81; - out[x++] = (unsigned char)len; - } else if (len < 65536UL) { - out[x++] = 0x82; - out[x++] = (unsigned char)((len>>8)&255); - out[x++] = (unsigned char)(len&255); - } else if (len < 16777216UL) { - out[x++] = 0x83; - out[x++] = (unsigned char)((len>>16)&255); - out[x++] = (unsigned char)((len>>8)&255); - out[x++] = (unsigned char)(len&255); - } else { - /* coverity[dead_error_line] */ - return CRYPT_INVALID_ARG; - } - - /* store UTF8 */ - for (y = 0; y < inlen; y++) { - switch (der_utf8_charsize(in[y])) { - case 1: out[x++] = (unsigned char)in[y]; break; - case 2: out[x++] = 0xC0 | ((in[y] >> 6) & 0x1F); out[x++] = 0x80 | (in[y] & 0x3F); break; - case 3: out[x++] = 0xE0 | ((in[y] >> 12) & 0x0F); out[x++] = 0x80 | ((in[y] >> 6) & 0x3F); out[x++] = 0x80 | (in[y] & 0x3F); break; -#if !defined(LTC_WCHAR_MAX) || LTC_WCHAR_MAX > 0xFFFF - case 4: out[x++] = 0xF0 | ((in[y] >> 18) & 0x07); out[x++] = 0x80 | ((in[y] >> 12) & 0x3F); out[x++] = 0x80 | ((in[y] >> 6) & 0x3F); out[x++] = 0x80 | (in[y] & 0x3F); break; -#endif - } - } - - /* retun length */ - *outlen = x; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c b/libs/tomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c deleted file mode 100644 index b7bb082397d..00000000000 --- a/libs/tomcrypt/src/pk/asn1/der/utf8/der_length_utf8_string.c +++ /dev/null @@ -1,97 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file der_length_utf8_string.c - ASN.1 DER, get length of UTF8 STRING, Tom St Denis -*/ - -#ifdef LTC_DER - -/** Return the size in bytes of a UTF-8 character - @param c The UTF-8 character to measure - @return The size in bytes -*/ -unsigned long der_utf8_charsize(const wchar_t c) -{ - if (c <= 0x7F) { - return 1; - } else if (c <= 0x7FF) { - return 2; -#if LTC_WCHAR_MAX == 0xFFFF - } else { - return 3; - } -#else - } else if (c <= 0xFFFF) { - return 3; - } else { - return 4; - } -#endif -} - -/** - Test whether the given code point is valid character - @param c The UTF-8 character to test - @return 1 - valid, 0 - invalid -*/ -int der_utf8_valid_char(const wchar_t c) -{ - LTC_UNUSED_PARAM(c); -#if !defined(LTC_WCHAR_MAX) || LTC_WCHAR_MAX > 0xFFFF - if (c > 0x10FFFF) return 0; -#endif -#if LTC_WCHAR_MAX != 0xFFFF && LTC_WCHAR_MAX != 0xFFFFFFFF - if (c < 0) return 0; -#endif - return 1; -} - -/** - Gets length of DER encoding of UTF8 STRING - @param in The characters to measure the length of - @param noctets The number of octets in the string to encode - @param outlen [out] The length of the DER encoding for the given string - @return CRYPT_OK if successful -*/ -int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen) -{ - unsigned long x, len; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(outlen != NULL); - - len = 0; - for (x = 0; x < noctets; x++) { - if (!der_utf8_valid_char(in[x])) return CRYPT_INVALID_ARG; - len += der_utf8_charsize(in[x]); - } - - if (len < 128) { - /* 0C LL DD DD DD ... */ - *outlen = 2 + len; - } else if (len < 256) { - /* 0C 81 LL DD DD DD ... */ - *outlen = 3 + len; - } else if (len < 65536UL) { - /* 0C 82 LL LL DD DD DD ... */ - *outlen = 4 + len; - } else if (len < 16777216UL) { - /* 0C 83 LL LL LL DD DD DD ... */ - *outlen = 5 + len; - } else { - return CRYPT_INVALID_ARG; - } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dh/dh.c b/libs/tomcrypt/src/pk/dh/dh.c deleted file mode 100644 index b30e01e04d7..00000000000 --- a/libs/tomcrypt/src/pk/dh/dh.c +++ /dev/null @@ -1,233 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ -const ltc_dh_set_type ltc_dh_sets[] = { -#ifdef LTC_DH768 -{ /* 768-bit MODP Group 1 - https://tools.ietf.org/html/rfc7296#appendix-B.1 */ - 96, - "DH-768", - "2", - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A63A3620FFFFFFFFFFFFFFFF" -}, -#endif -#ifdef LTC_DH1024 -{ /* 1024-bit MODP Group 2 - https://tools.ietf.org/html/rfc7296#appendix-B.2 */ - 128, - "DH-1024", - "2", - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" - "FFFFFFFFFFFFFFFF" -}, -#endif -#ifdef LTC_DH1536 -{ /* 1536-bit MODP Group 5 - https://tools.ietf.org/html/rfc3526#section-2 */ - 192, - "DH-1536", - "2", - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" - "670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF" -}, -#endif -#ifdef LTC_DH2048 -{ /* 2048-bit MODP Group 14 - https://tools.ietf.org/html/rfc3526#section-3 */ - 256, - "DH-2048", - "2", - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" - "15728E5A8AACAA68FFFFFFFFFFFFFFFF" -}, -#endif -#ifdef LTC_DH3072 -{ /* 3072-bit MODP Group 15 - https://tools.ietf.org/html/rfc3526#section-4 */ - 384, - "DH-3072", - "2", - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" - "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" - "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" - "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" - "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" - "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" - "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF" -}, -#endif -#ifdef LTC_DH4096 -{ /* 4096-bit MODP Group 16 - https://tools.ietf.org/html/rfc3526#section-5 */ - 512, - "DH-4096", - "2", - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" - "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" - "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" - "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" - "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" - "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" - "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" - "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" - "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" - "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" - "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" - "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934063199" - "FFFFFFFFFFFFFFFF" -}, -#endif -#ifdef LTC_DH6144 -{ /* 6144-bit MODP Group 17 - https://tools.ietf.org/html/rfc3526#section-6 */ - 768, - "DH-6144", - "2", - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" - "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" - "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" - "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" - "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" - "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" - "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" - "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" - "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" - "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" - "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" - "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" - "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD" - "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831" - "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B" - "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF" - "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6" - "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3" - "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" - "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328" - "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" - "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE" - "12BF2D5B0B7474D6E694F91E6DCC4024FFFFFFFFFFFFFFFF" -}, -#endif -#ifdef LTC_DH8192 -{ /* 8192-bit MODP Group 18 - https://tools.ietf.org/html/rfc3526#section-7 */ - 1024, - "DH-8192", - "2", - "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" - "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" - "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" - "E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED" - "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F" - "83655D23DCA3AD961C62F356208552BB9ED529077096966D" - "670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B" - "E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9" - "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" - "15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64" - "ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7" - "ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B" - "F12FFA06D98A0864D87602733EC86A64521F2B18177B200C" - "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" - "43DB5BFCE0FD108E4B82D120A92108011A723C12A787E6D7" - "88719A10BDBA5B2699C327186AF4E23C1A946834B6150BDA" - "2583E9CA2AD44CE8DBBBC2DB04DE8EF92E8EFC141FBECAA6" - "287C59474E6BC05D99B2964FA090C3A2233BA186515BE7ED" - "1F612970CEE2D7AFB81BDD762170481CD0069127D5B05AA9" - "93B4EA988D8FDDC186FFB7DC90A6C08F4DF435C934028492" - "36C3FAB4D27C7026C1D4DCB2602646DEC9751E763DBA37BD" - "F8FF9406AD9E530EE5DB382F413001AEB06A53ED9027D831" - "179727B0865A8918DA3EDBEBCF9B14ED44CE6CBACED4BB1B" - "DB7F1447E6CC254B332051512BD7AF426FB8F401378CD2BF" - "5983CA01C64B92ECF032EA15D1721D03F482D7CE6E74FEF6" - "D55E702F46980C82B5A84031900B1C9E59E7C97FBEC7E8F3" - "23A97A7E36CC88BE0F1D45B7FF585AC54BD407B22B4154AA" - "CC8F6D7EBF48E1D814CC5ED20F8037E0A79715EEF29BE328" - "06A1D58BB7C5DA76F550AA3D8A1FBFF0EB19CCB1A313D55C" - "DA56C9EC2EF29632387FE8D76E3C0468043E8F663F4860EE" - "12BF2D5B0B7474D6E694F91E6DBE115974A3926F12FEE5E4" - "38777CB6A932DF8CD8BEC4D073B931BA3BC832B68D9DD300" - "741FA7BF8AFC47ED2576F6936BA424663AAB639C5AE4F568" - "3423B4742BF1C978238F16CBE39D652DE3FDB8BEFC848AD9" - "22222E04A4037C0713EB57A81A23F0C73473FC646CEA306B" - "4BCBC8862F8385DDFA9D4B7FA2C087E879683303ED5BDD3A" - "062B3CF5B3A278A66D2A13F83F44F82DDF310EE074AB6A36" - "4597E899A0255DC164F31CC50846851DF9AB48195DED7EA1" - "B1D510BD7EE74D73FAF36BC31ECFA268359046F4EB879F92" - "4009438B481C6CD7889A002ED5EE382BC9190DA6FC026E47" - "9558E4475677E9AA9E3050E2765694DFC81F56E880B96E71" - "60C980DD98EDD3DFFFFFFFFFFFFFFFFF" -}, -#endif -{ - 0, - NULL, - NULL, - NULL -} -}; - -/** - Returns the DH group size (octets) for given key - @param key The DH key to get the size of - @return The group size in octets (0 on error) - */ -int dh_get_groupsize(dh_key *key) -{ - if (key == NULL) return 0; - return mp_unsigned_bin_size(key->prime); -} - -#endif /* LTC_MDH */ diff --git a/libs/tomcrypt/src/pk/dh/dh_check_pubkey.c b/libs/tomcrypt/src/pk/dh/dh_check_pubkey.c deleted file mode 100644 index 9a8c7f6c98a..00000000000 --- a/libs/tomcrypt/src/pk/dh/dh_check_pubkey.c +++ /dev/null @@ -1,61 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -/** - Check DH public key (INTERNAL ONLY, not part of public API) - @param key The key you wish to test - @return CRYPT_OK if successful -*/ -int dh_check_pubkey(dh_key *key) -{ - void *p_minus1; - ltc_mp_digit digit; - int i, digit_count, bits_set = 0, err; - - LTC_ARGCHK(key != NULL); - - if ((err = mp_init(&p_minus1)) != CRYPT_OK) { - return err; - } - - /* avoid: y <= 1 OR y >= p-1 */ - if ((err = mp_sub_d(key->prime, 1, p_minus1)) != CRYPT_OK) { - goto error; - } - if (mp_cmp(key->y, p_minus1) != LTC_MP_LT || mp_cmp_d(key->y, 1) != LTC_MP_GT) { - err = CRYPT_INVALID_ARG; - goto error; - } - - /* public key must have more than one bit set */ - digit_count = mp_get_digit_count(key->y); - for (i = 0; i < digit_count && bits_set < 2; i++) { - digit = mp_get_digit(key->y, i); - while (digit > 0) { - if (digit & 1) bits_set++; - digit >>= 1; - } - } - if (bits_set > 1) { - err = CRYPT_OK; - } - else { - err = CRYPT_INVALID_ARG; - } - -error: - mp_clear(p_minus1); - return err; -} - -#endif /* LTC_MDH */ diff --git a/libs/tomcrypt/src/pk/dh/dh_export.c b/libs/tomcrypt/src/pk/dh/dh_export.c deleted file mode 100644 index 5a260b6d55f..00000000000 --- a/libs/tomcrypt/src/pk/dh/dh_export.c +++ /dev/null @@ -1,58 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -/** - Export a DH key to a binary packet - @param out [out] The destination for the key - @param outlen [in/out] The max size and resulting size of the DH key - @param type Which type of key (PK_PRIVATE or PK_PUBLIC) - @param key The key you wish to export - @return CRYPT_OK if successful -*/ -int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key) -{ - unsigned char flags[1]; - int err; - unsigned long version = 0; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - if (type == PK_PRIVATE) { - /* export x - private key */ - flags[0] = 1; - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &version, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, key->prime, - LTC_ASN1_INTEGER, 1UL, key->base, - LTC_ASN1_INTEGER, 1UL, key->x, - LTC_ASN1_EOL, 0UL, NULL); - } - else { - /* export y - public key */ - flags[0] = 0; - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &version, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, key->prime, - LTC_ASN1_INTEGER, 1UL, key->base, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_EOL, 0UL, NULL); - } - - return err; -} - -#endif /* LTC_MDH */ diff --git a/libs/tomcrypt/src/pk/dh/dh_export_key.c b/libs/tomcrypt/src/pk/dh/dh_export_key.c deleted file mode 100644 index ebaadd6832b..00000000000 --- a/libs/tomcrypt/src/pk/dh/dh_export_key.c +++ /dev/null @@ -1,43 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -/** - Binary export a DH key to a buffer - @param out [out] The destination for the key - @param outlen [in/out] The max size and resulting size of the DH key - @param type Which type of key (PK_PRIVATE or PK_PUBLIC) - @param key The key you wish to export - @return CRYPT_OK if successful -*/ -int dh_export_key(void *out, unsigned long *outlen, int type, dh_key *key) -{ - unsigned long len; - void *k; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - k = (type == PK_PRIVATE) ? key->x : key->y; - len = mp_unsigned_bin_size(k); - - if (*outlen < len) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - *outlen = len; - - return mp_to_unsigned_bin(k, out); -} - -#endif /* LTC_MDH */ diff --git a/libs/tomcrypt/src/pk/dh/dh_free.c b/libs/tomcrypt/src/pk/dh/dh_free.c deleted file mode 100644 index 4fb96ca5830..00000000000 --- a/libs/tomcrypt/src/pk/dh/dh_free.c +++ /dev/null @@ -1,24 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -/** - Free the allocated ram for a DH key - @param key The key which you wish to free -*/ -void dh_free(dh_key *key) -{ - LTC_ARGCHKVD(key != NULL); - mp_cleanup_multi(&key->prime, &key->base, &key->y, &key->x, NULL); -} - -#endif /* LTC_MDH */ diff --git a/libs/tomcrypt/src/pk/dh/dh_generate_key.c b/libs/tomcrypt/src/pk/dh/dh_generate_key.c deleted file mode 100644 index af9d274b88c..00000000000 --- a/libs/tomcrypt/src/pk/dh/dh_generate_key.c +++ /dev/null @@ -1,98 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -static int _dh_groupsize_to_keysize(int groupsize) -{ - /* The strength estimates from https://tools.ietf.org/html/rfc3526#section-8 - * We use "Estimate 2" to get an appropriate private key (exponent) size. - */ - if (groupsize <= 0) { - return 0; - } - else if (groupsize <= 192) { - return 30; /* 1536-bit => key size 240-bit */ - } - else if (groupsize <= 256) { - return 40; /* 2048-bit => key size 320-bit */ - } - else if (groupsize <= 384) { - return 52; /* 3072-bit => key size 416-bit */ - } - else if (groupsize <= 512) { - return 60; /* 4096-bit => key size 480-bit */ - } - else if (groupsize <= 768) { - return 67; /* 6144-bit => key size 536-bit */ - } - else if (groupsize <= 1024) { - return 77; /* 8192-bit => key size 616-bit */ - } - else { - return 0; - } -} - -int dh_generate_key(prng_state *prng, int wprng, dh_key *key) -{ - unsigned char *buf; - unsigned long keysize; - int err, max_iterations = LTC_PK_MAX_RETRIES; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* good prng? */ - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - keysize = _dh_groupsize_to_keysize(mp_unsigned_bin_size(key->prime)); - if (keysize == 0) { - err = CRYPT_INVALID_KEYSIZE; - goto freemp; - } - - /* allocate buffer */ - buf = XMALLOC(keysize); - if (buf == NULL) { - err = CRYPT_MEM; - goto freemp; - } - - key->type = PK_PRIVATE; - do { - /* make up random buf */ - if (prng_descriptor[wprng].read(buf, keysize, prng) != keysize) { - err = CRYPT_ERROR_READPRNG; - goto freebuf; - } - /* load the x value - private key */ - if ((err = mp_read_unsigned_bin(key->x, buf, keysize)) != CRYPT_OK) { - goto freebuf; - } - /* compute the y value - public key */ - if ((err = mp_exptmod(key->base, key->x, key->prime, key->y)) != CRYPT_OK) { - goto freebuf; - } - err = dh_check_pubkey(key); - } while (err != CRYPT_OK && max_iterations-- > 0); - -freebuf: - zeromem(buf, keysize); - XFREE(buf); -freemp: - if (err != CRYPT_OK) dh_free(key); - return err; -} - -#endif /* LTC_MDH */ diff --git a/libs/tomcrypt/src/pk/dh/dh_import.c b/libs/tomcrypt/src/pk/dh/dh_import.c deleted file mode 100644 index 22aa63129c7..00000000000 --- a/libs/tomcrypt/src/pk/dh/dh_import.c +++ /dev/null @@ -1,95 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -/** - Import a DH key from a binary packet - @param in The packet to read - @param inlen The length of the input packet - @param key [out] Where to import the key to - @return CRYPT_OK if successful, on error all allocated memory is freed automatically -*/ -int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key) -{ - unsigned char flags[1]; - int err; - unsigned long version; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - - /* init */ - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { - return err; - } - - /* find out what type of key it is */ - err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &version, - LTC_ASN1_BIT_STRING, 1UL, &flags, - LTC_ASN1_EOL, 0UL, NULL); - if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { - goto error; - } - - if (version == 0) { - if (flags[0] == 1) { - key->type = PK_PRIVATE; - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &version, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, key->prime, - LTC_ASN1_INTEGER, 1UL, key->base, - LTC_ASN1_INTEGER, 1UL, key->x, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto error; - } - /* compute public key: y = (base ^ x) mod prime */ - if ((err = mp_exptmod(key->base, key->x, key->prime, key->y)) != CRYPT_OK) { - goto error; - } - } - else if (flags[0] == 0) { - key->type = PK_PUBLIC; - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &version, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, key->prime, - LTC_ASN1_INTEGER, 1UL, key->base, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto error; - } - } - else { - err = CRYPT_INVALID_PACKET; - goto error; - } - } - else { - err = CRYPT_INVALID_PACKET; - goto error; - } - - /* check public key */ - if ((err = dh_check_pubkey(key)) != CRYPT_OK) { - goto error; - } - - return CRYPT_OK; - -error: - dh_free(key); - return err; -} - -#endif /* LTC_MDH */ diff --git a/libs/tomcrypt/src/pk/dh/dh_set.c b/libs/tomcrypt/src/pk/dh/dh_set.c deleted file mode 100644 index 9feb90b34d3..00000000000 --- a/libs/tomcrypt/src/pk/dh/dh_set.c +++ /dev/null @@ -1,120 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -/** - Import DH key parts p and g from raw numbers - - @param p DH's p (prime) - @param plen DH's p's length - @param g DH's g (group) - @param glen DH's g's length - @param key [out] the destination for the imported key - @return CRYPT_OK if successful -*/ -int dh_set_pg(const unsigned char *p, unsigned long plen, - const unsigned char *g, unsigned long glen, - dh_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(p != NULL); - LTC_ARGCHK(g != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { - return err; - } - - if ((err = mp_read_unsigned_bin(key->base, (unsigned char*)g, glen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_unsigned_bin(key->prime, (unsigned char*)p, plen)) != CRYPT_OK) { goto LBL_ERR; } - - return CRYPT_OK; - -LBL_ERR: - dh_free(key); - return err; -} - -/** - Import DH key parts p and g from built-in DH groups - - @param groupsize The size of the DH group to use - @param key [out] Where the newly created DH key will be stored - @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. -*/ -int dh_set_pg_groupsize(int groupsize, dh_key *key) -{ - int err, i; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - LTC_ARGCHK(groupsize > 0); - - for (i = 0; (groupsize > ltc_dh_sets[i].size) && (ltc_dh_sets[i].size != 0); i++); - if (ltc_dh_sets[i].size == 0) return CRYPT_INVALID_KEYSIZE; - - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { - return err; - } - if ((err = mp_read_radix(key->base, ltc_dh_sets[i].base, 16)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->prime, ltc_dh_sets[i].prime, 16)) != CRYPT_OK) { goto LBL_ERR; } - - return CRYPT_OK; - -LBL_ERR: - dh_free(key); - return err; -} - -/** - Import DH public or private key part from raw numbers - - NB: The p & g parts must be set beforehand - - @param in The key-part to import, either public or private. - @param inlen The key-part's length - @param type Which type of key (PK_PRIVATE or PK_PUBLIC) - @param key [out] the destination for the imported key - @return CRYPT_OK if successful -*/ -int dh_set_key(const unsigned char *in, unsigned long inlen, int type, dh_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - if (type == PK_PRIVATE) { - key->type = PK_PRIVATE; - if ((err = mp_read_unsigned_bin(key->x, (unsigned char*)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_exptmod(key->base, key->x, key->prime, key->y)) != CRYPT_OK) { goto LBL_ERR; } - } - else { - key->type = PK_PUBLIC; - if ((err = mp_read_unsigned_bin(key->y, (unsigned char*)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } - } - - /* check public key */ - if ((err = dh_check_pubkey(key)) != CRYPT_OK) { - goto LBL_ERR; - } - - return CRYPT_OK; - -LBL_ERR: - dh_free(key); - return err; -} - -#endif /* LTC_MDH */ diff --git a/libs/tomcrypt/src/pk/dh/dh_set_pg_dhparam.c b/libs/tomcrypt/src/pk/dh/dh_set_pg_dhparam.c deleted file mode 100644 index 289ed41da26..00000000000 --- a/libs/tomcrypt/src/pk/dh/dh_set_pg_dhparam.c +++ /dev/null @@ -1,50 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -/** - Import DH key parts p and g from dhparam - - dhparam data: openssl dhparam -outform DER -out dhparam.der 2048 - - @param dhparam The DH param DER encoded data - @param dhparamlen The length of dhparam data - @param key [out] Where the newly created DH key will be stored - @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. -*/ -int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - LTC_ARGCHK(dhparam != NULL); - LTC_ARGCHK(dhparamlen > 0); - - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { - return err; - } - if ((err = der_decode_sequence_multi(dhparam, dhparamlen, - LTC_ASN1_INTEGER, 1UL, key->prime, - LTC_ASN1_INTEGER, 1UL, key->base, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - - return CRYPT_OK; - -LBL_ERR: - dh_free(key); - return err; -} - -#endif /* LTC_MDH */ diff --git a/libs/tomcrypt/src/pk/dh/dh_shared_secret.c b/libs/tomcrypt/src/pk/dh/dh_shared_secret.c deleted file mode 100644 index 44344222de3..00000000000 --- a/libs/tomcrypt/src/pk/dh/dh_shared_secret.c +++ /dev/null @@ -1,76 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -/** - Create a DH shared secret. - @param private_key The private DH key in the pair - @param public_key The public DH key in the pair - @param out [out] The destination of the shared data - @param outlen [in/out] The max size and resulting size of the shared data. - @return CRYPT_OK if successful -*/ -int dh_shared_secret(dh_key *private_key, dh_key *public_key, - unsigned char *out, unsigned long *outlen) -{ - void *tmp; - unsigned long x; - int err; - - LTC_ARGCHK(private_key != NULL); - LTC_ARGCHK(public_key != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* types valid? */ - if (private_key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* same DH group? */ - if (mp_cmp(private_key->prime, public_key->prime) != LTC_MP_EQ) { return CRYPT_PK_TYPE_MISMATCH; } - if (mp_cmp(private_key->base, public_key->base) != LTC_MP_EQ) { return CRYPT_PK_TYPE_MISMATCH; } - - /* init big numbers */ - if ((err = mp_init(&tmp)) != CRYPT_OK) { - return err; - } - - /* check public key */ - if ((err = dh_check_pubkey(public_key)) != CRYPT_OK) { - goto error; - } - - /* compute tmp = y^x mod p */ - if ((err = mp_exptmod(public_key->y, private_key->x, private_key->prime, tmp)) != CRYPT_OK) { - goto error; - } - - /* enough space for output? */ - x = (unsigned long)mp_unsigned_bin_size(tmp); - if (*outlen < x) { - *outlen = x; - err = CRYPT_BUFFER_OVERFLOW; - goto error; - } - if ((err = mp_to_unsigned_bin(tmp, out)) != CRYPT_OK) { - goto error; - } - *outlen = x; - err = CRYPT_OK; - -error: - mp_clear(tmp); - return err; -} - -#endif /* LTC_MDH */ diff --git a/libs/tomcrypt/src/pk/dsa/dsa_decrypt_key.c b/libs/tomcrypt/src/pk/dsa/dsa_decrypt_key.c deleted file mode 100644 index 00a5472e784..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_decrypt_key.c +++ /dev/null @@ -1,134 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_decrypt_key.c - DSA Crypto, Tom St Denis -*/ - -#ifdef LTC_MDSA - -/** - Decrypt an DSA encrypted key - @param in The ciphertext - @param inlen The length of the ciphertext (octets) - @param out [out] The plaintext - @param outlen [in/out] The max size and resulting size of the plaintext - @param key The corresponding private DSA key - @return CRYPT_OK if successful -*/ -int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - dsa_key *key) -{ - unsigned char *skey, *expt; - void *g_pub; - unsigned long x, y; - unsigned long hashOID[32] = { 0 }; - int hash, err; - ltc_asn1_list decode[3]; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* right key type? */ - if (key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* decode to find out hash */ - LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); - err = der_decode_sequence(in, inlen, decode, 1); - if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { - return err; - } - - hash = find_hash_oid(hashOID, decode[0].size); - if (hash_is_valid(hash) != CRYPT_OK) { - return CRYPT_INVALID_PACKET; - } - - /* we now have the hash! */ - - if ((err = mp_init(&g_pub)) != CRYPT_OK) { - return err; - } - - /* allocate memory */ - expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1); - skey = XMALLOC(MAXBLOCKSIZE); - if (expt == NULL || skey == NULL) { - if (expt != NULL) { - XFREE(expt); - } - if (skey != NULL) { - XFREE(skey); - } - mp_clear(g_pub); - return CRYPT_MEM; - } - - LTC_SET_ASN1(decode, 1, LTC_ASN1_INTEGER, g_pub, 1UL); - LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE); - - /* read the structure in now */ - if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* make shared key */ - x = mp_unsigned_bin_size(key->p) + 1; - if ((err = dsa_shared_secret(key->x, g_pub, key, expt, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - - y = mp_unsigned_bin_size(key->p) + 1; - y = MIN(y, MAXBLOCKSIZE); - if ((err = hash_memory(hash, expt, x, expt, &y)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* ensure the hash of the shared secret is at least as big as the encrypt itself */ - if (decode[2].size > y) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* avoid buffer overflow */ - if (*outlen < decode[2].size) { - *outlen = decode[2].size; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* Decrypt the key */ - for (x = 0; x < decode[2].size; x++) { - out[x] = expt[x] ^ skey[x]; - } - *outlen = x; - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(expt, mp_unsigned_bin_size(key->p) + 1); - zeromem(skey, MAXBLOCKSIZE); -#endif - - XFREE(expt); - XFREE(skey); - - mp_clear(g_pub); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_encrypt_key.c b/libs/tomcrypt/src/pk/dsa/dsa_encrypt_key.c deleted file mode 100644 index 392c4ed121c..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_encrypt_key.c +++ /dev/null @@ -1,124 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_encrypt_key.c - DSA Crypto, Tom St Denis -*/ - -#ifdef LTC_MDSA - -/** - Encrypt a symmetric key with DSA - @param in The symmetric key you want to encrypt - @param inlen The length of the key to encrypt (octets) - @param out [out] The destination for the ciphertext - @param outlen [in/out] The max size and resulting size of the ciphertext - @param prng An active PRNG state - @param wprng The index of the PRNG you wish to use - @param hash The index of the hash you want to use - @param key The DSA key you want to encrypt to - @return CRYPT_OK if successful -*/ -int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, int hash, - dsa_key *key) -{ - unsigned char *expt, *skey; - void *g_pub, *g_priv; - unsigned long x, y; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* check that wprng/cipher/hash are not invalid */ - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - if (inlen > hash_descriptor[hash].hashsize) { - return CRYPT_INVALID_HASH; - } - - /* make a random key and export the public copy */ - if ((err = mp_init_multi(&g_pub, &g_priv, NULL)) != CRYPT_OK) { - return err; - } - - expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1); - skey = XMALLOC(MAXBLOCKSIZE); - if (expt == NULL || skey == NULL) { - if (expt != NULL) { - XFREE(expt); - } - if (skey != NULL) { - XFREE(skey); - } - mp_clear_multi(g_pub, g_priv, NULL); - return CRYPT_MEM; - } - - /* make a random g_priv, g_pub = g^x pair - private key x should be in range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) - */ - if ((err = rand_bn_upto(g_priv, key->q, prng, wprng)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* compute y */ - if ((err = mp_exptmod(key->g, g_priv, key->p, g_pub)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* make random key */ - x = mp_unsigned_bin_size(key->p) + 1; - if ((err = dsa_shared_secret(g_priv, key->y, key, expt, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - - y = MAXBLOCKSIZE; - if ((err = hash_memory(hash, expt, x, skey, &y)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* Encrypt key */ - for (x = 0; x < inlen; x++) { - skey[x] ^= in[x]; - } - - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID, - LTC_ASN1_INTEGER, 1UL, g_pub, - LTC_ASN1_OCTET_STRING, inlen, skey, - LTC_ASN1_EOL, 0UL, NULL); - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - /* clean up */ - zeromem(expt, mp_unsigned_bin_size(key->p) + 1); - zeromem(skey, MAXBLOCKSIZE); -#endif - - XFREE(skey); - XFREE(expt); - - mp_clear_multi(g_pub, g_priv, NULL); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_export.c b/libs/tomcrypt/src/pk/dsa/dsa_export.c deleted file mode 100644 index 5abc3448b07..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_export.c +++ /dev/null @@ -1,111 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_export.c - DSA implementation, export key, Tom St Denis -*/ - -#ifdef LTC_MDSA - -/** - Export a DSA key to a binary packet - @param out [out] Where to store the packet - @param outlen [in/out] The max size and resulting size of the packet - @param type The type of key to export (PK_PRIVATE or PK_PUBLIC) - @param key The key to export - @return CRYPT_OK if successful -*/ -int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key) -{ - unsigned long zero=0; - int err, std; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - std = type & PK_STD; - type &= ~PK_STD; - - /* can we store the static header? */ - if (type == PK_PRIVATE && key->type != PK_PRIVATE) { - return CRYPT_PK_TYPE_MISMATCH; - } - - if (type != PK_PUBLIC && type != PK_PRIVATE) { - return CRYPT_INVALID_ARG; - } - - if (type == PK_PRIVATE) { - if (std) { - return der_encode_sequence_multi(out, outlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_INTEGER, 1UL, key->x, - LTC_ASN1_EOL, 0UL, NULL); - } - else { - unsigned char flags[1]; - flags[0] = 1; - return der_encode_sequence_multi(out, outlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_INTEGER, 1UL, key->x, - LTC_ASN1_EOL, 0UL, NULL); - } - } else { - if (std) { - unsigned long tmplen = (unsigned long)(mp_count_bits(key->y) / 8) + 8; - unsigned char* tmp = XMALLOC(tmplen); - ltc_asn1_list int_list[3]; - - if (tmp == NULL) { - return CRYPT_MEM; - } - - err = der_encode_integer(key->y, tmp, &tmplen); - if (err != CRYPT_OK) { - goto error; - } - - LTC_SET_ASN1(int_list, 0, LTC_ASN1_INTEGER, key->p, 1UL); - LTC_SET_ASN1(int_list, 1, LTC_ASN1_INTEGER, key->q, 1UL); - LTC_SET_ASN1(int_list, 2, LTC_ASN1_INTEGER, key->g, 1UL); - - err = der_encode_subject_public_key_info(out, outlen, PKA_DSA, tmp, - tmplen, LTC_ASN1_SEQUENCE, int_list, - sizeof(int_list) / sizeof(int_list[0])); - -error: - XFREE(tmp); - return err; - } - else { - unsigned char flags[1]; - flags[0] = 0; - return der_encode_sequence_multi(out, outlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_EOL, 0UL, NULL); - } - } -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_free.c b/libs/tomcrypt/src/pk/dsa/dsa_free.c deleted file mode 100644 index 4a3c11908a1..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_free.c +++ /dev/null @@ -1,29 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_free.c - DSA implementation, free a DSA key, Tom St Denis -*/ - -#ifdef LTC_MDSA - -/** - Free a DSA key - @param key The key to free from memory -*/ -void dsa_free(dsa_key *key) -{ - LTC_ARGCHKVD(key != NULL); - mp_cleanup_multi(&key->y, &key->x, &key->q, &key->g, &key->p, NULL); - key->type = key->qord = 0; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_generate_key.c b/libs/tomcrypt/src/pk/dsa/dsa_generate_key.c deleted file mode 100644 index 7c3b1eb3e6f..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_generate_key.c +++ /dev/null @@ -1,43 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_make_key.c - DSA implementation, generate a DSA key -*/ - -#ifdef LTC_MDSA - -/** - Create a DSA key - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param key [in/out] Where to store the created key - @return CRYPT_OK if successful. -*/ -int dsa_generate_key(prng_state *prng, int wprng, dsa_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* so now we have our DH structure, generator g, order q, modulus p - Now we need a random exponent [mod q] and it's power g^x mod p - */ - /* private key x should be from range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */ - if ((err = rand_bn_upto(key->x, key->q, prng, wprng)) != CRYPT_OK) { return err; } - if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { return err; } - key->type = PK_PRIVATE; - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_generate_pqg.c b/libs/tomcrypt/src/pk/dsa/dsa_generate_pqg.c deleted file mode 100644 index 9862a88482b..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_generate_pqg.c +++ /dev/null @@ -1,240 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_generate_pqg.c - DSA implementation - generate DSA parameters p, q & g -*/ - -#ifdef LTC_MDSA - -/** - Create DSA parameters (INTERNAL ONLY, not part of public API) - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param group_size Size of the multiplicative group (octets) - @param modulus_size Size of the modulus (octets) - @param p [out] bignum where generated 'p' is stored (must be initialized by caller) - @param q [out] bignum where generated 'q' is stored (must be initialized by caller) - @param g [out] bignum where generated 'g' is stored (must be initialized by caller) - @return CRYPT_OK if successful, upon error this function will free all allocated memory -*/ -static int _dsa_make_params(prng_state *prng, int wprng, int group_size, int modulus_size, void *p, void *q, void *g) -{ - unsigned long L, N, n, outbytes, seedbytes, counter, j, i; - int err, res, mr_tests_q, mr_tests_p, found_p, found_q, hash; - unsigned char *wbuf, *sbuf, digest[MAXBLOCKSIZE]; - void *t2L1, *t2N1, *t2q, *t2seedlen, *U, *W, *X, *c, *h, *e, *seedinc; - - /* check size */ - if (group_size >= LTC_MDSA_MAX_GROUP || group_size < 1 || group_size >= modulus_size) { - return CRYPT_INVALID_ARG; - } - - /* FIPS-186-4 A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function - * - * L = The desired length of the prime p (in bits e.g. L = 1024) - * N = The desired length of the prime q (in bits e.g. N = 160) - * seedlen = The desired bit length of the domain parameter seed; seedlen shallbe equal to or greater than N - * outlen = The bit length of Hash function - * - * 1. Check that the (L, N) - * 2. If (seedlen <N), then return INVALID. - * 3. n = ceil(L / outlen) - 1 - * 4. b = L- 1 - (n * outlen) - * 5. domain_parameter_seed = an arbitrary sequence of seedlen bits - * 6. U = Hash (domain_parameter_seed) mod 2^(N-1) - * 7. q = 2^(N-1) + U + 1 - (U mod 2) - * 8. Test whether or not q is prime as specified in Appendix C.3 - * 9. If qis not a prime, then go to step 5. - * 10. offset = 1 - * 11. For counter = 0 to (4L- 1) do { - * For j=0 to n do { - * Vj = Hash ((domain_parameter_seed+ offset + j) mod 2^seedlen - * } - * W = V0 + (V1 *2^outlen) + ... + (Vn-1 * 2^((n-1) * outlen)) + ((Vn mod 2^b) * 2^(n * outlen)) - * X = W + 2^(L-1) Comment: 0 <= W < 2^(L-1); hence 2^(L-1) <= X < 2^L - * c = X mod 2*q - * p = X - (c - 1) Comment: p ~ 1 (mod 2*q) - * If (p >= 2^(L-1)) { - * Test whether or not p is prime as specified in Appendix C.3. - * If p is determined to be prime, then return VALID and the values of p, qand (optionally) the values of domain_parameter_seed and counter - * } - * offset = offset + n + 1 Comment: Increment offset - * } - */ - - seedbytes = group_size; - L = (unsigned long)modulus_size * 8; - N = (unsigned long)group_size * 8; - - /* XXX-TODO no Lucas test */ -#ifdef LTC_MPI_HAS_LUCAS_TEST - /* M-R tests (when followed by one Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */ - mr_tests_p = (L <= 2048) ? 3 : 2; - if (N <= 160) { mr_tests_q = 19; } - else if (N <= 224) { mr_tests_q = 24; } - else { mr_tests_q = 27; } -#else - /* M-R tests (without Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */ - if (L <= 1024) { mr_tests_p = 40; } - else if (L <= 2048) { mr_tests_p = 56; } - else { mr_tests_p = 64; } - - if (N <= 160) { mr_tests_q = 40; } - else if (N <= 224) { mr_tests_q = 56; } - else { mr_tests_q = 64; } -#endif - - if (N <= 256) { - hash = register_hash(&sha256_desc); - } - else if (N <= 384) { - hash = register_hash(&sha384_desc); - } - else if (N <= 512) { - hash = register_hash(&sha512_desc); - } - else { - return CRYPT_INVALID_ARG; /* group_size too big */ - } - - if ((err = hash_is_valid(hash)) != CRYPT_OK) { return err; } - outbytes = hash_descriptor[hash].hashsize; - - n = ((L + outbytes*8 - 1) / (outbytes*8)) - 1; - - if ((wbuf = XMALLOC((n+1)*outbytes)) == NULL) { err = CRYPT_MEM; goto cleanup3; } - if ((sbuf = XMALLOC(seedbytes)) == NULL) { err = CRYPT_MEM; goto cleanup2; } - - err = mp_init_multi(&t2L1, &t2N1, &t2q, &t2seedlen, &U, &W, &X, &c, &h, &e, &seedinc, NULL); - if (err != CRYPT_OK) { goto cleanup1; } - - if ((err = mp_2expt(t2L1, L-1)) != CRYPT_OK) { goto cleanup; } - /* t2L1 = 2^(L-1) */ - if ((err = mp_2expt(t2N1, N-1)) != CRYPT_OK) { goto cleanup; } - /* t2N1 = 2^(N-1) */ - if ((err = mp_2expt(t2seedlen, seedbytes*8)) != CRYPT_OK) { goto cleanup; } - /* t2seedlen = 2^seedlen */ - - for(found_p=0; !found_p;) { - /* q */ - for(found_q=0; !found_q;) { - if (prng_descriptor[wprng].read(sbuf, seedbytes, prng) != seedbytes) { err = CRYPT_ERROR_READPRNG; goto cleanup; } - i = outbytes; - if ((err = hash_memory(hash, sbuf, seedbytes, digest, &i)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_read_unsigned_bin(U, digest, outbytes)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_mod(U, t2N1, U)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_add(t2N1, U, q)) != CRYPT_OK) { goto cleanup; } - if (!mp_isodd(q)) mp_add_d(q, 1, q); - if ((err = mp_prime_is_prime(q, mr_tests_q, &res)) != CRYPT_OK) { goto cleanup; } - if (res == LTC_MP_YES) found_q = 1; - } - - /* p */ - if ((err = mp_read_unsigned_bin(seedinc, sbuf, seedbytes)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_add(q, q, t2q)) != CRYPT_OK) { goto cleanup; } - for(counter=0; counter < 4*L && !found_p; counter++) { - for(j=0; j<=n; j++) { - if ((err = mp_add_d(seedinc, 1, seedinc)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_mod(seedinc, t2seedlen, seedinc)) != CRYPT_OK) { goto cleanup; } - /* seedinc = (seedinc+1) % 2^seed_bitlen */ - if ((i = mp_unsigned_bin_size(seedinc)) > seedbytes) { err = CRYPT_INVALID_ARG; goto cleanup; } - zeromem(sbuf, seedbytes); - if ((err = mp_to_unsigned_bin(seedinc, sbuf + seedbytes-i)) != CRYPT_OK) { goto cleanup; } - i = outbytes; - err = hash_memory(hash, sbuf, seedbytes, wbuf+(n-j)*outbytes, &i); - if (err != CRYPT_OK) { goto cleanup; } - } - if ((err = mp_read_unsigned_bin(W, wbuf, (n+1)*outbytes)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_mod(W, t2L1, W)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_add(W, t2L1, X)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_mod(X, t2q, c)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_sub_d(c, 1, p)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_sub(X, p, p)) != CRYPT_OK) { goto cleanup; } - if (mp_cmp(p, t2L1) != LTC_MP_LT) { - /* p >= 2^(L-1) */ - if ((err = mp_prime_is_prime(p, mr_tests_p, &res)) != CRYPT_OK) { goto cleanup; } - if (res == LTC_MP_YES) { - found_p = 1; - } - } - } - } - - /* FIPS-186-4 A.2.1 Unverifiable Generation of the Generator g - * 1. e = (p - 1)/q - * 2. h = any integer satisfying: 1 < h < (p - 1) - * h could be obtained from a random number generator or from a counter that changes after each use - * 3. g = h^e mod p - * 4. if (g == 1), then go to step 2. - * - */ - - if ((err = mp_sub_d(p, 1, e)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_div(e, q, e, c)) != CRYPT_OK) { goto cleanup; } - /* e = (p - 1)/q */ - i = mp_count_bits(p); - do { - do { - if ((err = rand_bn_bits(h, i, prng, wprng)) != CRYPT_OK) { goto cleanup; } - } while (mp_cmp(h, p) != LTC_MP_LT || mp_cmp_d(h, 2) != LTC_MP_GT); - if ((err = mp_sub_d(h, 1, h)) != CRYPT_OK) { goto cleanup; } - /* h is randon and 1 < h < (p-1) */ - if ((err = mp_exptmod(h, e, p, g)) != CRYPT_OK) { goto cleanup; } - } while (mp_cmp_d(g, 1) == LTC_MP_EQ); - - err = CRYPT_OK; -cleanup: - mp_clear_multi(t2L1, t2N1, t2q, t2seedlen, U, W, X, c, h, e, seedinc, NULL); -cleanup1: - XFREE(sbuf); -cleanup2: - XFREE(wbuf); -cleanup3: - return err; -} - -/** - Generate DSA parameters p, q & g - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param group_size Size of the multiplicative group (octets) - @param modulus_size Size of the modulus (octets) - @param key [out] Where to store the created key - @return CRYPT_OK if successful. -*/ -int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init mp_ints */ - if ((err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL)) != CRYPT_OK) { - return err; - } - /* generate params */ - err = _dsa_make_params(prng, wprng, group_size, modulus_size, key->p, key->q, key->g); - if (err != CRYPT_OK) { - goto cleanup; - } - - key->qord = group_size; - - return CRYPT_OK; - -cleanup: - dsa_free(key); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_import.c b/libs/tomcrypt/src/pk/dsa/dsa_import.c deleted file mode 100644 index 74a90470306..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_import.c +++ /dev/null @@ -1,148 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_import.c - DSA implementation, import a DSA key, Tom St Denis -*/ - -#ifdef LTC_MDSA - -/** - Import a DSA key - @param in The binary packet to import from - @param inlen The length of the binary packet - @param key [out] Where to store the imported key - @return CRYPT_OK if successful, upon error this function will free all allocated memory -*/ -int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key) -{ - int err, stat; - unsigned long zero = 0; - unsigned char* tmpbuf = NULL; - unsigned char flags[1]; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init key */ - if (mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL) != CRYPT_OK) { - return CRYPT_MEM; - } - - /* try to match the old libtomcrypt format */ - err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_EOL, 0UL, NULL); - - if (err == CRYPT_OK || err == CRYPT_INPUT_TOO_LONG) { - /* private key */ - if (flags[0] == 1) { - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_INTEGER, 1UL, key->x, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - key->type = PK_PRIVATE; - goto LBL_OK; - } - /* public key */ - else if (flags[0] == 0) { - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - key->type = PK_PUBLIC; - goto LBL_OK; - } - else { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - } - /* get key type */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_INTEGER, 1UL, key->y, - LTC_ASN1_INTEGER, 1UL, key->x, - LTC_ASN1_EOL, 0UL, NULL)) == CRYPT_OK) { - - key->type = PK_PRIVATE; - } else { /* public */ - ltc_asn1_list params[3]; - unsigned long tmpbuf_len = inlen; - - LTC_SET_ASN1(params, 0, LTC_ASN1_INTEGER, key->p, 1UL); - LTC_SET_ASN1(params, 1, LTC_ASN1_INTEGER, key->q, 1UL); - LTC_SET_ASN1(params, 2, LTC_ASN1_INTEGER, key->g, 1UL); - - tmpbuf = XCALLOC(1, tmpbuf_len); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; - } - - err = der_decode_subject_public_key_info(in, inlen, PKA_DSA, - tmpbuf, &tmpbuf_len, - LTC_ASN1_SEQUENCE, params, 3); - if (err != CRYPT_OK) { - XFREE(tmpbuf); - goto LBL_ERR; - } - - if ((err=der_decode_integer(tmpbuf, tmpbuf_len, key->y)) != CRYPT_OK) { - XFREE(tmpbuf); - goto LBL_ERR; - } - - XFREE(tmpbuf); - key->type = PK_PUBLIC; - } - -LBL_OK: - key->qord = mp_unsigned_bin_size(key->q); - - /* quick p, q, g validation, without primality testing */ - if ((err = dsa_int_validate_pqg(key, &stat)) != CRYPT_OK) { - goto LBL_ERR; - } - if (stat == 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - /* validate x, y */ - if ((err = dsa_int_validate_xy(key, &stat)) != CRYPT_OK) { - goto LBL_ERR; - } - if (stat == 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - return CRYPT_OK; -LBL_ERR: - dsa_free(key); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_make_key.c b/libs/tomcrypt/src/pk/dsa/dsa_make_key.c deleted file mode 100644 index f7fba2f0223..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_make_key.c +++ /dev/null @@ -1,37 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_make_key.c - DSA implementation, generate a DSA key -*/ - -#ifdef LTC_MDSA - -/** - Old-style creation of a DSA key - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param group_size Size of the multiplicative group (octets) - @param modulus_size Size of the modulus (octets) - @param key [out] Where to store the created key - @return CRYPT_OK if successful. -*/ -int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key) -{ - int err; - - if ((err = dsa_generate_pqg(prng, wprng, group_size, modulus_size, key)) != CRYPT_OK) { return err; } - if ((err = dsa_generate_key(prng, wprng, key)) != CRYPT_OK) { return err; } - - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_set.c b/libs/tomcrypt/src/pk/dsa/dsa_set.c deleted file mode 100644 index e6695d8f394..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_set.c +++ /dev/null @@ -1,108 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - - -#ifdef LTC_MDSA - -/** - Import DSA's p, q & g from raw numbers - @param p DSA's p in binary representation - @param plen The length of p - @param q DSA's q in binary representation - @param qlen The length of q - @param g DSA's g in binary representation - @param glen The length of g - @param key [out] the destination for the imported key - @return CRYPT_OK if successful. -*/ -int dsa_set_pqg(const unsigned char *p, unsigned long plen, - const unsigned char *q, unsigned long qlen, - const unsigned char *g, unsigned long glen, - dsa_key *key) -{ - int err, stat; - - LTC_ARGCHK(p != NULL); - LTC_ARGCHK(q != NULL); - LTC_ARGCHK(g != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init key */ - err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); - if (err != CRYPT_OK) return err; - - if ((err = mp_read_unsigned_bin(key->p, (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_unsigned_bin(key->g, (unsigned char *)g , glen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_unsigned_bin(key->q, (unsigned char *)q , qlen)) != CRYPT_OK) { goto LBL_ERR; } - - key->qord = mp_unsigned_bin_size(key->q); - - /* do only a quick validation, without primality testing */ - if ((err = dsa_int_validate_pqg(key, &stat)) != CRYPT_OK) { goto LBL_ERR; } - if (stat == 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - return CRYPT_OK; - -LBL_ERR: - dsa_free(key); - return err; -} - -/** - Import DSA public or private key-part from raw numbers - - NB: The p, q & g parts must be set beforehand - - @param in The key-part to import, either public or private. - @param inlen The key-part's length - @param type Which type of key (PK_PRIVATE or PK_PUBLIC) - @param key [out] the destination for the imported key - @return CRYPT_OK if successful. -*/ -int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key *key) -{ - int err, stat = 0; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x != NULL); - LTC_ARGCHK(key->y != NULL); - LTC_ARGCHK(key->p != NULL); - LTC_ARGCHK(key->g != NULL); - LTC_ARGCHK(key->q != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - if (type == PK_PRIVATE) { - key->type = PK_PRIVATE; - if ((err = mp_read_unsigned_bin(key->x, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto LBL_ERR; } - } - else { - key->type = PK_PUBLIC; - if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)in, inlen)) != CRYPT_OK) { goto LBL_ERR; } - } - - if ((err = dsa_int_validate_xy(key, &stat)) != CRYPT_OK) { goto LBL_ERR; } - if (stat == 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - return CRYPT_OK; - -LBL_ERR: - dsa_free(key); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_set_pqg_dsaparam.c b/libs/tomcrypt/src/pk/dsa/dsa_set_pqg_dsaparam.c deleted file mode 100644 index f8c6843bd45..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_set_pqg_dsaparam.c +++ /dev/null @@ -1,63 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - - -#ifdef LTC_MDSA - -/** - Import DSA's p, q & g from dsaparam - - dsaparam data: openssl dsaparam -outform DER -out dsaparam.der 2048 - - @param dsaparam The DSA param DER encoded data - @param dsaparamlen The length of dhparam data - @param key [out] the destination for the imported key - @return CRYPT_OK if successful. -*/ -int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, - dsa_key *key) -{ - int err, stat; - - LTC_ARGCHK(dsaparam != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init key */ - err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); - if (err != CRYPT_OK) return err; - - if ((err = der_decode_sequence_multi(dsaparam, dsaparamlen, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - - key->qord = mp_unsigned_bin_size(key->q); - - /* quick p, q, g validation, without primality testing */ - if ((err = dsa_int_validate_pqg(key, &stat)) != CRYPT_OK) { - goto LBL_ERR; - } - if (stat == 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - return CRYPT_OK; - -LBL_ERR: - dsa_free(key); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_shared_secret.c b/libs/tomcrypt/src/pk/dsa/dsa_shared_secret.c deleted file mode 100644 index 54513689fa1..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_shared_secret.c +++ /dev/null @@ -1,66 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_shared_secret.c - DSA Crypto, Tom St Denis -*/ - -#ifdef LTC_MDSA - -/** - Create a DSA shared secret between two keys - @param private_key The private DSA key (the exponent) - @param base The base of the exponentiation (allows this to be used for both encrypt and decrypt) - @param public_key The public key - @param out [out] Destination of the shared secret - @param outlen [in/out] The max size and resulting size of the shared secret - @return CRYPT_OK if successful -*/ -int dsa_shared_secret(void *private_key, void *base, - dsa_key *public_key, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x; - void *res; - int err; - - LTC_ARGCHK(private_key != NULL); - LTC_ARGCHK(public_key != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* make new point */ - if ((err = mp_init(&res)) != CRYPT_OK) { - return err; - } - - if ((err = mp_exptmod(base, private_key, public_key->p, res)) != CRYPT_OK) { - mp_clear(res); - return err; - } - - x = (unsigned long)mp_unsigned_bin_size(res); - if (*outlen < x) { - *outlen = x; - err = CRYPT_BUFFER_OVERFLOW; - goto done; - } - zeromem(out, x); - if ((err = mp_to_unsigned_bin(res, out + (x - mp_unsigned_bin_size(res)))) != CRYPT_OK) { goto done; } - - err = CRYPT_OK; - *outlen = x; -done: - mp_clear(res); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_sign_hash.c b/libs/tomcrypt/src/pk/dsa/dsa_sign_hash.c deleted file mode 100644 index fdb630702f3..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_sign_hash.c +++ /dev/null @@ -1,148 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_sign_hash.c - DSA implementation, sign a hash, Tom St Denis -*/ - -#ifdef LTC_MDSA - -/** - Sign a hash with DSA - @param in The hash to sign - @param inlen The length of the hash to sign - @param r The "r" integer of the signature (caller must initialize with mp_init() first) - @param s The "s" integer of the signature (caller must initialize with mp_init() first) - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param key A private DSA key - @return CRYPT_OK if successful -*/ -int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, - void *r, void *s, - prng_state *prng, int wprng, dsa_key *key) -{ - void *k, *kinv, *tmp; - unsigned char *buf; - int err, qbits; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(r != NULL); - LTC_ARGCHK(s != NULL); - LTC_ARGCHK(key != NULL); - - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - if (key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* check group order size */ - if (key->qord >= LTC_MDSA_MAX_GROUP) { - return CRYPT_INVALID_ARG; - } - - buf = XMALLOC(LTC_MDSA_MAX_GROUP); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* Init our temps */ - if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != CRYPT_OK) { goto ERRBUF; } - - qbits = mp_count_bits(key->q); -retry: - - do { - /* gen random k */ - if ((err = rand_bn_bits(k, qbits, prng, wprng)) != CRYPT_OK) { goto error; } - - /* k should be from range: 1 <= k <= q-1 (see FIPS 186-4 B.2.2) */ - if (mp_cmp_d(k, 0) != LTC_MP_GT || mp_cmp(k, key->q) != LTC_MP_LT) { goto retry; } - - /* test gcd */ - if ((err = mp_gcd(k, key->q, tmp)) != CRYPT_OK) { goto error; } - } while (mp_cmp_d(tmp, 1) != LTC_MP_EQ); - - /* now find 1/k mod q */ - if ((err = mp_invmod(k, key->q, kinv)) != CRYPT_OK) { goto error; } - - /* now find r = g^k mod p mod q */ - if ((err = mp_exptmod(key->g, k, key->p, r)) != CRYPT_OK) { goto error; } - if ((err = mp_mod(r, key->q, r)) != CRYPT_OK) { goto error; } - - if (mp_iszero(r) == LTC_MP_YES) { goto retry; } - - /* FIPS 186-4 4.6: use leftmost min(bitlen(q), bitlen(hash)) bits of 'hash'*/ - inlen = MIN(inlen, (unsigned long)(key->qord)); - - /* now find s = (in + xr)/k mod q */ - if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, inlen)) != CRYPT_OK) { goto error; } - if ((err = mp_mul(key->x, r, s)) != CRYPT_OK) { goto error; } - if ((err = mp_add(s, tmp, s)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(s, kinv, key->q, s)) != CRYPT_OK) { goto error; } - - if (mp_iszero(s) == LTC_MP_YES) { goto retry; } - - err = CRYPT_OK; -error: - mp_clear_multi(k, kinv, tmp, NULL); -ERRBUF: -#ifdef LTC_CLEAN_STACK - zeromem(buf, LTC_MDSA_MAX_GROUP); -#endif - XFREE(buf); - return err; -} - -/** - Sign a hash with DSA - @param in The hash to sign - @param inlen The length of the hash to sign - @param out [out] Where to store the signature - @param outlen [in/out] The max size and resulting size of the signature - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param key A private DSA key - @return CRYPT_OK if successful -*/ -int dsa_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, dsa_key *key) -{ - void *r, *s; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - if (mp_init_multi(&r, &s, NULL) != CRYPT_OK) { - return CRYPT_MEM; - } - - if ((err = dsa_sign_hash_raw(in, inlen, r, s, prng, wprng, key)) != CRYPT_OK) { - goto error; - } - - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_INTEGER, 1UL, r, - LTC_ASN1_INTEGER, 1UL, s, - LTC_ASN1_EOL, 0UL, NULL); - -error: - mp_clear_multi(r, s, NULL); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_verify_hash.c b/libs/tomcrypt/src/pk/dsa/dsa_verify_hash.c deleted file mode 100644 index abb39dfc8e7..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_verify_hash.c +++ /dev/null @@ -1,132 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_verify_hash.c - DSA implementation, verify a signature, Tom St Denis -*/ - - -#ifdef LTC_MDSA - -/** - Verify a DSA signature - @param r DSA "r" parameter - @param s DSA "s" parameter - @param hash The hash that was signed - @param hashlen The length of the hash that was signed - @param stat [out] The result of the signature verification, 1==valid, 0==invalid - @param key The corresponding public DSA key - @return CRYPT_OK if successful (even if the signature is invalid) -*/ -int dsa_verify_hash_raw( void *r, void *s, - const unsigned char *hash, unsigned long hashlen, - int *stat, dsa_key *key) -{ - void *w, *v, *u1, *u2; - int err; - - LTC_ARGCHK(r != NULL); - LTC_ARGCHK(s != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - - /* default to invalid signature */ - *stat = 0; - - /* init our variables */ - if ((err = mp_init_multi(&w, &v, &u1, &u2, NULL)) != CRYPT_OK) { - return err; - } - - /* neither r or s can be null or >q*/ - if (mp_cmp_d(r, 0) != LTC_MP_GT || mp_cmp_d(s, 0) != LTC_MP_GT || mp_cmp(r, key->q) != LTC_MP_LT || mp_cmp(s, key->q) != LTC_MP_LT) { - err = CRYPT_INVALID_PACKET; - goto error; - } - - /* FIPS 186-4 4.7: use leftmost min(bitlen(q), bitlen(hash)) bits of 'hash' */ - hashlen = MIN(hashlen, (unsigned long)(key->qord)); - - /* w = 1/s mod q */ - if ((err = mp_invmod(s, key->q, w)) != CRYPT_OK) { goto error; } - - /* u1 = m * w mod q */ - if ((err = mp_read_unsigned_bin(u1, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(u1, w, key->q, u1)) != CRYPT_OK) { goto error; } - - /* u2 = r*w mod q */ - if ((err = mp_mulmod(r, w, key->q, u2)) != CRYPT_OK) { goto error; } - - /* v = g^u1 * y^u2 mod p mod q */ - if ((err = mp_exptmod(key->g, u1, key->p, u1)) != CRYPT_OK) { goto error; } - if ((err = mp_exptmod(key->y, u2, key->p, u2)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(u1, u2, key->p, v)) != CRYPT_OK) { goto error; } - if ((err = mp_mod(v, key->q, v)) != CRYPT_OK) { goto error; } - - /* if r = v then we're set */ - if (mp_cmp(r, v) == LTC_MP_EQ) { - *stat = 1; - } - - err = CRYPT_OK; -error: - mp_clear_multi(w, v, u1, u2, NULL); - return err; -} - -/** - Verify a DSA signature - @param sig The signature - @param siglen The length of the signature (octets) - @param hash The hash that was signed - @param hashlen The length of the hash that was signed - @param stat [out] The result of the signature verification, 1==valid, 0==invalid - @param key The corresponding public DSA key - @return CRYPT_OK if successful (even if the signature is invalid) -*/ -int dsa_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, dsa_key *key) -{ - int err; - void *r, *s; - ltc_asn1_list sig_seq[2]; - unsigned long reallen = 0; - - LTC_ARGCHK(stat != NULL); - *stat = 0; /* must be set before the first return */ - - if ((err = mp_init_multi(&r, &s, NULL)) != CRYPT_OK) { - return err; - } - - LTC_SET_ASN1(sig_seq, 0, LTC_ASN1_INTEGER, r, 1UL); - LTC_SET_ASN1(sig_seq, 1, LTC_ASN1_INTEGER, s, 1UL); - - err = der_decode_sequence(sig, siglen, sig_seq, 2); - if (err != CRYPT_OK) { - goto LBL_ERR; - } - - err = der_length_sequence(sig_seq, 2, &reallen); - if (err != CRYPT_OK || reallen != siglen) { - goto LBL_ERR; - } - - /* do the op */ - err = dsa_verify_hash_raw(r, s, hash, hashlen, stat, key); - -LBL_ERR: - mp_clear_multi(r, s, NULL); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/dsa/dsa_verify_key.c b/libs/tomcrypt/src/pk/dsa/dsa_verify_key.c deleted file mode 100644 index e2119aab57d..00000000000 --- a/libs/tomcrypt/src/pk/dsa/dsa_verify_key.c +++ /dev/null @@ -1,195 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file dsa_verify_key.c - DSA implementation, verify a key, Tom St Denis -*/ - -#ifdef LTC_MDSA - -/** - Validate a DSA key - - Yeah, this function should've been called dsa_validate_key() - in the first place and for compat-reasons we keep it - as it was (for now). - - @param key The key to validate - @param stat [out] Result of test, 1==valid, 0==invalid - @return CRYPT_OK if successful -*/ -int dsa_verify_key(dsa_key *key, int *stat) -{ - int err; - - err = dsa_int_validate_primes(key, stat); - if (err != CRYPT_OK || *stat == 0) return err; - - err = dsa_int_validate_pqg(key, stat); - if (err != CRYPT_OK || *stat == 0) return err; - - return dsa_int_validate_xy(key, stat); -} - -/** - Non-complex part (no primality testing) of the validation - of DSA params (p, q, g) - - @param key The key to validate - @param stat [out] Result of test, 1==valid, 0==invalid - @return CRYPT_OK if successful -*/ -int dsa_int_validate_pqg(dsa_key *key, int *stat) -{ - void *tmp1, *tmp2; - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(stat != NULL); - *stat = 0; - - /* check q-order */ - if ( key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || - (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || - (mp_unsigned_bin_size(key->p) - key->qord) >= LTC_MDSA_DELTA ) { - return CRYPT_OK; - } - - /* FIPS 186-4 chapter 4.1: 1 < g < p */ - if (mp_cmp_d(key->g, 1) != LTC_MP_GT || mp_cmp(key->g, key->p) != LTC_MP_LT) { - return CRYPT_OK; - } - - if ((err = mp_init_multi(&tmp1, &tmp2, NULL)) != CRYPT_OK) { return err; } - - /* FIPS 186-4 chapter 4.1: q is a divisor of (p - 1) */ - if ((err = mp_sub_d(key->p, 1, tmp1)) != CRYPT_OK) { goto error; } - if ((err = mp_div(tmp1, key->q, tmp1, tmp2)) != CRYPT_OK) { goto error; } - if (mp_iszero(tmp2) != LTC_MP_YES) { - err = CRYPT_OK; - goto error; - } - - /* FIPS 186-4 chapter 4.1: g is a generator of a subgroup of order q in - * the multiplicative group of GF(p) - so we make sure that g^q mod p = 1 - */ - if ((err = mp_exptmod(key->g, key->q, key->p, tmp1)) != CRYPT_OK) { goto error; } - if (mp_cmp_d(tmp1, 1) != LTC_MP_EQ) { - err = CRYPT_OK; - goto error; - } - - err = CRYPT_OK; - *stat = 1; -error: - mp_clear_multi(tmp2, tmp1, NULL); - return err; -} - -/** - Primality testing of DSA params p and q - - @param key The key to validate - @param stat [out] Result of test, 1==valid, 0==invalid - @return CRYPT_OK if successful -*/ -int dsa_int_validate_primes(dsa_key *key, int *stat) -{ - int err, res; - - *stat = 0; - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(stat != NULL); - - /* key->q prime? */ - if ((err = mp_prime_is_prime(key->q, LTC_MILLER_RABIN_REPS, &res)) != CRYPT_OK) { - return err; - } - if (res == LTC_MP_NO) { - return CRYPT_OK; - } - - /* key->p prime? */ - if ((err = mp_prime_is_prime(key->p, LTC_MILLER_RABIN_REPS, &res)) != CRYPT_OK) { - return err; - } - if (res == LTC_MP_NO) { - return CRYPT_OK; - } - - *stat = 1; - return CRYPT_OK; -} - -/** - Validation of a DSA key (x and y values) - - @param key The key to validate - @param stat [out] Result of test, 1==valid, 0==invalid - @return CRYPT_OK if successful -*/ -int dsa_int_validate_xy(dsa_key *key, int *stat) -{ - void *tmp; - int err; - - *stat = 0; - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(stat != NULL); - - /* 1 < y < p-1 */ - if ((err = mp_init(&tmp)) != CRYPT_OK) { - return err; - } - if ((err = mp_sub_d(key->p, 1, tmp)) != CRYPT_OK) { - goto error; - } - if (mp_cmp_d(key->y, 1) != LTC_MP_GT || mp_cmp(key->y, tmp) != LTC_MP_LT) { - err = CRYPT_OK; - goto error; - } - - if (key->type == PK_PRIVATE) { - /* FIPS 186-4 chapter 4.1: 0 < x < q */ - if (mp_cmp_d(key->x, 0) != LTC_MP_GT || mp_cmp(key->x, key->q) != LTC_MP_LT) { - err = CRYPT_OK; - goto error; - } - /* FIPS 186-4 chapter 4.1: y = g^x mod p */ - if ((err = mp_exptmod(key->g, key->x, key->p, tmp)) != CRYPT_OK) { - goto error; - } - if (mp_cmp(tmp, key->y) != LTC_MP_EQ) { - err = CRYPT_OK; - goto error; - } - } - else { - /* with just a public key we cannot test y = g^x mod p therefore we - * only test that y^q mod p = 1, which makes sure y is in g^x mod p - */ - if ((err = mp_exptmod(key->y, key->q, key->p, tmp)) != CRYPT_OK) { - goto error; - } - if (mp_cmp_d(tmp, 1) != LTC_MP_EQ) { - err = CRYPT_OK; - goto error; - } - } - - err = CRYPT_OK; - *stat = 1; -error: - mp_clear(tmp); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc.c b/libs/tomcrypt/src/pk/ecc/ecc.c deleted file mode 100644 index f055b327b13..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc.c +++ /dev/null @@ -1,120 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ -const ltc_ecc_set_type ltc_ecc_sets[] = { -#ifdef LTC_ECC112 -{ - 14, - "SECP112R1", - "DB7C2ABF62E35E668076BEAD208B", - "659EF8BA043916EEDE8911702B22", - "DB7C2ABF62E35E7628DFAC6561C5", - "09487239995A5EE76B55F9C2F098", - "A89CE5AF8724C0A23E0E0FF77500" -}, -#endif -#ifdef LTC_ECC128 -{ - 16, - "SECP128R1", - "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", - "E87579C11079F43DD824993C2CEE5ED3", - "FFFFFFFE0000000075A30D1B9038A115", - "161FF7528B899B2D0C28607CA52C5B86", - "CF5AC8395BAFEB13C02DA292DDED7A83", -}, -#endif -#ifdef LTC_ECC160 -{ - 20, - "SECP160R1", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", - "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45", - "0100000000000000000001F4C8F927AED3CA752257", - "4A96B5688EF573284664698968C38BB913CBFC82", - "23A628553168947D59DCC912042351377AC5FB32", -}, -#endif -#ifdef LTC_ECC192 -{ - 24, - "ECC-192", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", - "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1", - "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", - "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012", - "7192B95FFC8DA78631011ED6B24CDD573F977A11E794811", -}, -#endif -#ifdef LTC_ECC224 -{ - 28, - "ECC-224", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", - "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", - "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21", - "BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34", -}, -#endif -#ifdef LTC_ECC256 -{ - 32, - "ECC-256", - "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", - "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B", - "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", - "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296", - "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5", -}, -#endif -#ifdef LTC_ECC384 -{ - 48, - "ECC-384", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", - "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF", - "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973", - "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7", - "3617DE4A96262C6F5D9E98BF9292DC29F8F41DBD289A147CE9DA3113B5F0B8C00A60B1CE1D7E819D7A431D7C90EA0E5F", -}, -#endif -#ifdef LTC_ECC521 -{ - 66, - "ECC-521", - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", - "51953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00", - "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", - "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66", - "11839296A789A3BC0045C8A5FB42C7D1BD998F54449579B446817AFBD17273E662C97EE72995EF42640C550B9013FAD0761353C7086A272C24088BE94769FD16650", -}, -#endif -{ - 0, - NULL, NULL, NULL, NULL, NULL, NULL -} -}; - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_ansi_x963_export.c b/libs/tomcrypt/src/pk/ecc/ecc_ansi_x963_export.c deleted file mode 100644 index fb31727ac74..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_ansi_x963_export.c +++ /dev/null @@ -1,73 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_ansi_x963_export.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** ECC X9.63 (Sec. 4.3.6) uncompressed export - @param key Key to export - @param out [out] destination of export - @param outlen [in/out] Length of destination and final output size - Return CRYPT_OK on success -*/ -int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen) -{ - unsigned char buf[ECC_BUF_SIZE]; - unsigned long numlen, xlen, ylen; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(outlen != NULL); - - if (ltc_ecc_is_valid_idx(key->idx) == 0) { - return CRYPT_INVALID_ARG; - } - numlen = key->dp->size; - xlen = mp_unsigned_bin_size(key->pubkey.x); - ylen = mp_unsigned_bin_size(key->pubkey.y); - - if (xlen > numlen || ylen > numlen || sizeof(buf) < numlen) { - return CRYPT_BUFFER_OVERFLOW; - } - - if (*outlen < (1 + 2*numlen)) { - *outlen = 1 + 2*numlen; - return CRYPT_BUFFER_OVERFLOW; - } - - LTC_ARGCHK(out != NULL); - - /* store byte 0x04 */ - out[0] = 0x04; - - /* pad and store x */ - zeromem(buf, sizeof(buf)); - mp_to_unsigned_bin(key->pubkey.x, buf + (numlen - xlen)); - XMEMCPY(out+1, buf, numlen); - - /* pad and store y */ - zeromem(buf, sizeof(buf)); - mp_to_unsigned_bin(key->pubkey.y, buf + (numlen - ylen)); - XMEMCPY(out+1+numlen, buf, numlen); - - *outlen = 1 + 2*numlen; - return CRYPT_OK; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_ansi_x963_import.c b/libs/tomcrypt/src/pk/ecc/ecc_ansi_x963_import.c deleted file mode 100644 index 697da106029..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_ansi_x963_import.c +++ /dev/null @@ -1,98 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_ansi_x963_import.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** Import an ANSI X9.63 format public key - @param in The input data to read - @param inlen The length of the input data - @param key [out] destination to store imported key \ -*/ -int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key) -{ - return ecc_ansi_x963_import_ex(in, inlen, key, NULL); -} - -int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp) -{ - int x, err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - - /* must be odd */ - if ((inlen & 1) == 0) { - return CRYPT_INVALID_ARG; - } - - /* init key */ - if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != CRYPT_OK) { - return CRYPT_MEM; - } - - /* check for 4, 6 or 7 */ - if (in[0] != 4 && in[0] != 6 && in[0] != 7) { - err = CRYPT_INVALID_PACKET; - goto error; - } - - /* read data */ - if ((err = mp_read_unsigned_bin(key->pubkey.x, (unsigned char *)in+1, (inlen-1)>>1)) != CRYPT_OK) { - goto error; - } - - if ((err = mp_read_unsigned_bin(key->pubkey.y, (unsigned char *)in+1+((inlen-1)>>1), (inlen-1)>>1)) != CRYPT_OK) { - goto error; - } - if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto error; } - - if (dp == NULL) { - /* determine the idx */ - for (x = 0; ltc_ecc_sets[x].size != 0; x++) { - if ((unsigned)ltc_ecc_sets[x].size >= ((inlen-1)>>1)) { - break; - } - } - if (ltc_ecc_sets[x].size == 0) { - err = CRYPT_INVALID_PACKET; - goto error; - } - /* set the idx */ - key->idx = x; - key->dp = <c_ecc_sets[x]; - } else { - if (((inlen-1)>>1) != (unsigned long) dp->size) { - err = CRYPT_INVALID_PACKET; - goto error; - } - key->idx = -1; - key->dp = dp; - } - key->type = PK_PUBLIC; - - /* we're done */ - return CRYPT_OK; -error: - mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_decrypt_key.c b/libs/tomcrypt/src/pk/ecc/ecc_decrypt_key.c deleted file mode 100644 index 4694fbbed69..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_decrypt_key.c +++ /dev/null @@ -1,144 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_decrypt_key.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** - Decrypt an ECC encrypted key - @param in The ciphertext - @param inlen The length of the ciphertext (octets) - @param out [out] The plaintext - @param outlen [in/out] The max size and resulting size of the plaintext - @param key The corresponding private ECC key - @return CRYPT_OK if successful -*/ -int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - ecc_key *key) -{ - unsigned char *ecc_shared, *skey, *pub_expt; - unsigned long x, y; - unsigned long hashOID[32] = { 0 }; - int hash, err; - ecc_key pubkey; - ltc_asn1_list decode[3]; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* right key type? */ - if (key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* decode to find out hash */ - LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); - err = der_decode_sequence(in, inlen, decode, 1); - if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { - return err; - } - - hash = find_hash_oid(hashOID, decode[0].size); - if (hash_is_valid(hash) != CRYPT_OK) { - return CRYPT_INVALID_PACKET; - } - - /* we now have the hash! */ - - /* allocate memory */ - pub_expt = XMALLOC(ECC_BUF_SIZE); - ecc_shared = XMALLOC(ECC_BUF_SIZE); - skey = XMALLOC(MAXBLOCKSIZE); - if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) { - if (pub_expt != NULL) { - XFREE(pub_expt); - } - if (ecc_shared != NULL) { - XFREE(ecc_shared); - } - if (skey != NULL) { - XFREE(skey); - } - return CRYPT_MEM; - } - LTC_SET_ASN1(decode, 1, LTC_ASN1_OCTET_STRING, pub_expt, ECC_BUF_SIZE); - LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE); - - /* read the structure in now */ - if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* import ECC key from packet */ - if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* make shared key */ - x = ECC_BUF_SIZE; - if ((err = ecc_shared_secret(key, &pubkey, ecc_shared, &x)) != CRYPT_OK) { - ecc_free(&pubkey); - goto LBL_ERR; - } - ecc_free(&pubkey); - - y = MIN(ECC_BUF_SIZE, MAXBLOCKSIZE); - if ((err = hash_memory(hash, ecc_shared, x, ecc_shared, &y)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* ensure the hash of the shared secret is at least as big as the encrypt itself */ - if (decode[2].size > y) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* avoid buffer overflow */ - if (*outlen < decode[2].size) { - *outlen = decode[2].size; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* Decrypt the key */ - for (x = 0; x < decode[2].size; x++) { - out[x] = skey[x] ^ ecc_shared[x]; - } - *outlen = x; - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(pub_expt, ECC_BUF_SIZE); - zeromem(ecc_shared, ECC_BUF_SIZE); - zeromem(skey, MAXBLOCKSIZE); -#endif - - XFREE(pub_expt); - XFREE(ecc_shared); - XFREE(skey); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_encrypt_key.c b/libs/tomcrypt/src/pk/ecc/ecc_encrypt_key.c deleted file mode 100644 index 833f5c53003..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_encrypt_key.c +++ /dev/null @@ -1,130 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_encrypt_key.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** - Encrypt a symmetric key with ECC - @param in The symmetric key you want to encrypt - @param inlen The length of the key to encrypt (octets) - @param out [out] The destination for the ciphertext - @param outlen [in/out] The max size and resulting size of the ciphertext - @param prng An active PRNG state - @param wprng The index of the PRNG you wish to use - @param hash The index of the hash you want to use - @param key The ECC key you want to encrypt to - @return CRYPT_OK if successful -*/ -int ecc_encrypt_key(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, int hash, - ecc_key *key) -{ - unsigned char *pub_expt, *ecc_shared, *skey; - ecc_key pubkey; - unsigned long x, y, pubkeysize; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* check that wprng/cipher/hash are not invalid */ - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - if ((err = hash_is_valid(hash)) != CRYPT_OK) { - return err; - } - - if (inlen > hash_descriptor[hash].hashsize) { - return CRYPT_INVALID_HASH; - } - - /* make a random key and export the public copy */ - if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) { - return err; - } - - pub_expt = XMALLOC(ECC_BUF_SIZE); - ecc_shared = XMALLOC(ECC_BUF_SIZE); - skey = XMALLOC(MAXBLOCKSIZE); - if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) { - if (pub_expt != NULL) { - XFREE(pub_expt); - } - if (ecc_shared != NULL) { - XFREE(ecc_shared); - } - if (skey != NULL) { - XFREE(skey); - } - ecc_free(&pubkey); - return CRYPT_MEM; - } - - pubkeysize = ECC_BUF_SIZE; - if ((err = ecc_export(pub_expt, &pubkeysize, PK_PUBLIC, &pubkey)) != CRYPT_OK) { - ecc_free(&pubkey); - goto LBL_ERR; - } - - /* make random key */ - x = ECC_BUF_SIZE; - if ((err = ecc_shared_secret(&pubkey, key, ecc_shared, &x)) != CRYPT_OK) { - ecc_free(&pubkey); - goto LBL_ERR; - } - ecc_free(&pubkey); - y = MAXBLOCKSIZE; - if ((err = hash_memory(hash, ecc_shared, x, skey, &y)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* Encrypt key */ - for (x = 0; x < inlen; x++) { - skey[x] ^= in[x]; - } - - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash].OIDlen, hash_descriptor[hash].OID, - LTC_ASN1_OCTET_STRING, pubkeysize, pub_expt, - LTC_ASN1_OCTET_STRING, inlen, skey, - LTC_ASN1_EOL, 0UL, NULL); - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - /* clean up */ - zeromem(pub_expt, ECC_BUF_SIZE); - zeromem(ecc_shared, ECC_BUF_SIZE); - zeromem(skey, MAXBLOCKSIZE); -#endif - - XFREE(skey); - XFREE(ecc_shared); - XFREE(pub_expt); - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_export.c b/libs/tomcrypt/src/pk/ecc/ecc_export.c deleted file mode 100644 index 5f61ab9c60a..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_export.c +++ /dev/null @@ -1,76 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_export.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** - Export an ECC key as a binary packet - @param out [out] Destination for the key - @param outlen [in/out] Max size and resulting size of the exported key - @param type The type of key you want to export (PK_PRIVATE or PK_PUBLIC) - @param key The key to export - @return CRYPT_OK if successful -*/ -int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key) -{ - int err; - unsigned char flags[1]; - unsigned long key_size; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* type valid? */ - if (key->type != PK_PRIVATE && type == PK_PRIVATE) { - return CRYPT_PK_TYPE_MISMATCH; - } - - if (ltc_ecc_is_valid_idx(key->idx) == 0) { - return CRYPT_INVALID_ARG; - } - - /* we store the NIST byte size */ - key_size = key->dp->size; - - if (type == PK_PRIVATE) { - flags[0] = 1; - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, - LTC_ASN1_INTEGER, 1UL, key->pubkey.x, - LTC_ASN1_INTEGER, 1UL, key->pubkey.y, - LTC_ASN1_INTEGER, 1UL, key->k, - LTC_ASN1_EOL, 0UL, NULL); - } else { - flags[0] = 0; - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, - LTC_ASN1_INTEGER, 1UL, key->pubkey.x, - LTC_ASN1_INTEGER, 1UL, key->pubkey.y, - LTC_ASN1_EOL, 0UL, NULL); - } - - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_free.c b/libs/tomcrypt/src/pk/ecc/ecc_free.c deleted file mode 100644 index 98e146be469..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_free.c +++ /dev/null @@ -1,34 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_free.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** - Free an ECC key from memory - @param key The key you wish to free -*/ -void ecc_free(ecc_key *key) -{ - LTC_ARGCHKVD(key != NULL); - mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_get_size.c b/libs/tomcrypt/src/pk/ecc/ecc_get_size.c deleted file mode 100644 index 5f67153be4e..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_get_size.c +++ /dev/null @@ -1,38 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_get_size.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** - Get the size of an ECC key - @param key The key to get the size of - @return The size (octets) of the key or INT_MAX on error -*/ -int ecc_get_size(ecc_key *key) -{ - LTC_ARGCHK(key != NULL); - if (ltc_ecc_is_valid_idx(key->idx)) - return key->dp->size; - else - return INT_MAX; /* large value known to cause it to fail when passed to ecc_make_key() */ -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_import.c b/libs/tomcrypt/src/pk/ecc/ecc_import.c deleted file mode 100644 index 47b392c16d3..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_import.c +++ /dev/null @@ -1,170 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_import.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -static int _is_point(ecc_key *key) -{ - void *prime, *b, *t1, *t2; - int err; - - if ((err = mp_init_multi(&prime, &b, &t1, &t2, NULL)) != CRYPT_OK) { - return err; - } - - /* load prime and b */ - if ((err = mp_read_radix(prime, key->dp->prime, 16)) != CRYPT_OK) { goto error; } - if ((err = mp_read_radix(b, key->dp->B, 16)) != CRYPT_OK) { goto error; } - - /* compute y^2 */ - if ((err = mp_sqr(key->pubkey.y, t1)) != CRYPT_OK) { goto error; } - - /* compute x^3 */ - if ((err = mp_sqr(key->pubkey.x, t2)) != CRYPT_OK) { goto error; } - if ((err = mp_mod(t2, prime, t2)) != CRYPT_OK) { goto error; } - if ((err = mp_mul(key->pubkey.x, t2, t2)) != CRYPT_OK) { goto error; } - - /* compute y^2 - x^3 */ - if ((err = mp_sub(t1, t2, t1)) != CRYPT_OK) { goto error; } - - /* compute y^2 - x^3 + 3x */ - if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } - if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } - if ((err = mp_add(t1, key->pubkey.x, t1)) != CRYPT_OK) { goto error; } - if ((err = mp_mod(t1, prime, t1)) != CRYPT_OK) { goto error; } - while (mp_cmp_d(t1, 0) == LTC_MP_LT) { - if ((err = mp_add(t1, prime, t1)) != CRYPT_OK) { goto error; } - } - while (mp_cmp(t1, prime) != LTC_MP_LT) { - if ((err = mp_sub(t1, prime, t1)) != CRYPT_OK) { goto error; } - } - - /* compare to b */ - if (mp_cmp(t1, b) != LTC_MP_EQ) { - err = CRYPT_INVALID_PACKET; - } else { - err = CRYPT_OK; - } - -error: - mp_clear_multi(prime, b, t1, t2, NULL); - return err; -} - -/** - Import an ECC key from a binary packet - @param in The packet to import - @param inlen The length of the packet - @param key [out] The destination of the import - @return CRYPT_OK if successful, upon error all allocated memory will be freed -*/ -int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key) -{ - return ecc_import_ex(in, inlen, key, NULL); -} - -/** - Import an ECC key from a binary packet, using user supplied domain params rather than one of the NIST ones - @param in The packet to import - @param inlen The length of the packet - @param key [out] The destination of the import - @param dp pointer to user supplied params; must be the same as the params used when exporting - @return CRYPT_OK if successful, upon error all allocated memory will be freed -*/ -int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp) -{ - unsigned long key_size; - unsigned char flags[1]; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init key */ - if (mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, NULL) != CRYPT_OK) { - return CRYPT_MEM; - } - - /* find out what type of key it is */ - err = der_decode_sequence_multi(in, inlen, LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_EOL, 0UL, NULL); - if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { - goto done; - } - - - if (flags[0] == 1) { - /* private key */ - key->type = PK_PRIVATE; - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, - LTC_ASN1_INTEGER, 1UL, key->pubkey.x, - LTC_ASN1_INTEGER, 1UL, key->pubkey.y, - LTC_ASN1_INTEGER, 1UL, key->k, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto done; - } - } else if (flags[0] == 0) { - /* public key */ - key->type = PK_PUBLIC; - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_BIT_STRING, 1UL, flags, - LTC_ASN1_SHORT_INTEGER, 1UL, &key_size, - LTC_ASN1_INTEGER, 1UL, key->pubkey.x, - LTC_ASN1_INTEGER, 1UL, key->pubkey.y, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto done; - } - } - else { - err = CRYPT_INVALID_PACKET; - goto done; - } - - if (dp == NULL) { - /* find the idx */ - for (key->idx = 0; ltc_ecc_sets[key->idx].size && (unsigned long)ltc_ecc_sets[key->idx].size != key_size; ++key->idx); - if (ltc_ecc_sets[key->idx].size == 0) { - err = CRYPT_INVALID_PACKET; - goto done; - } - key->dp = <c_ecc_sets[key->idx]; - } else { - key->idx = -1; - key->dp = dp; - } - /* set z */ - if ((err = mp_set(key->pubkey.z, 1)) != CRYPT_OK) { goto done; } - - /* is it a point on the curve? */ - if ((err = _is_point(key)) != CRYPT_OK) { - goto done; - } - - /* we're good */ - return CRYPT_OK; -done: - mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); - return err; -} -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_make_key.c b/libs/tomcrypt/src/pk/ecc/ecc_make_key.c deleted file mode 100644 index 71fe3f30c3b..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_make_key.c +++ /dev/null @@ -1,124 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_make_key.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** - Make a new ECC key - @param prng An active PRNG state - @param wprng The index of the PRNG you wish to use - @param keysize The keysize for the new key (in octets from 20 to 65 bytes) - @param key [out] Destination of the newly created key - @return CRYPT_OK if successful, upon error all allocated memory will be freed -*/ -int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key) -{ - int x, err; - - /* find key size */ - for (x = 0; (keysize > ltc_ecc_sets[x].size) && (ltc_ecc_sets[x].size != 0); x++); - keysize = ltc_ecc_sets[x].size; - - if (keysize > ECC_MAXSIZE || ltc_ecc_sets[x].size == 0) { - return CRYPT_INVALID_KEYSIZE; - } - err = ecc_make_key_ex(prng, wprng, key, <c_ecc_sets[x]); - key->idx = x; - return err; -} - -int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp) -{ - int err; - ecc_point *base; - void *prime, *order; - unsigned char *buf; - int keysize; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - LTC_ARGCHK(dp != NULL); - - /* good prng? */ - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - key->idx = -1; - key->dp = dp; - keysize = dp->size; - - /* allocate ram */ - base = NULL; - buf = XMALLOC(ECC_MAXSIZE); - if (buf == NULL) { - return CRYPT_MEM; - } - - /* make up random string */ - if (prng_descriptor[wprng].read(buf, (unsigned long)keysize, prng) != (unsigned long)keysize) { - err = CRYPT_ERROR_READPRNG; - goto ERR_BUF; - } - - /* setup the key variables */ - if ((err = mp_init_multi(&key->pubkey.x, &key->pubkey.y, &key->pubkey.z, &key->k, &prime, &order, NULL)) != CRYPT_OK) { - goto ERR_BUF; - } - base = ltc_ecc_new_point(); - if (base == NULL) { - err = CRYPT_MEM; - goto errkey; - } - - /* read in the specs for this key */ - if ((err = mp_read_radix(prime, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto errkey; } - if ((err = mp_read_radix(order, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errkey; } - if ((err = mp_read_radix(base->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto errkey; } - if ((err = mp_read_radix(base->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto errkey; } - if ((err = mp_set(base->z, 1)) != CRYPT_OK) { goto errkey; } - if ((err = mp_read_unsigned_bin(key->k, (unsigned char *)buf, keysize)) != CRYPT_OK) { goto errkey; } - - /* the key should be smaller than the order of base point */ - if (mp_cmp(key->k, order) != LTC_MP_LT) { - if((err = mp_mod(key->k, order, key->k)) != CRYPT_OK) { goto errkey; } - } - /* make the public key */ - if ((err = ltc_mp.ecc_ptmul(key->k, base, &key->pubkey, prime, 1)) != CRYPT_OK) { goto errkey; } - key->type = PK_PRIVATE; - - /* free up ram */ - err = CRYPT_OK; - goto cleanup; -errkey: - mp_clear_multi(key->pubkey.x, key->pubkey.y, key->pubkey.z, key->k, NULL); -cleanup: - ltc_ecc_del_point(base); - mp_clear_multi(prime, order, NULL); -ERR_BUF: -#ifdef LTC_CLEAN_STACK - zeromem(buf, ECC_MAXSIZE); -#endif - XFREE(buf); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_shared_secret.c b/libs/tomcrypt/src/pk/ecc/ecc_shared_secret.c deleted file mode 100644 index bb5d14ec2c6..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_shared_secret.c +++ /dev/null @@ -1,89 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_shared_secret.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** - Create an ECC shared secret between two keys - @param private_key The private ECC key - @param public_key The public key - @param out [out] Destination of the shared secret (Conforms to EC-DH from ANSI X9.63) - @param outlen [in/out] The max size and resulting size of the shared secret - @return CRYPT_OK if successful -*/ -int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key, - unsigned char *out, unsigned long *outlen) -{ - unsigned long x; - ecc_point *result; - void *prime; - int err; - - LTC_ARGCHK(private_key != NULL); - LTC_ARGCHK(public_key != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* type valid? */ - if (private_key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - if (ltc_ecc_is_valid_idx(private_key->idx) == 0 || ltc_ecc_is_valid_idx(public_key->idx) == 0) { - return CRYPT_INVALID_ARG; - } - - if (XSTRCMP(private_key->dp->name, public_key->dp->name) != 0) { - return CRYPT_PK_TYPE_MISMATCH; - } - - /* make new point */ - result = ltc_ecc_new_point(); - if (result == NULL) { - return CRYPT_MEM; - } - - if ((err = mp_init(&prime)) != CRYPT_OK) { - ltc_ecc_del_point(result); - return err; - } - - if ((err = mp_read_radix(prime, (char *)private_key->dp->prime, 16)) != CRYPT_OK) { goto done; } - if ((err = ltc_mp.ecc_ptmul(private_key->k, &public_key->pubkey, result, prime, 1)) != CRYPT_OK) { goto done; } - - x = (unsigned long)mp_unsigned_bin_size(prime); - if (*outlen < x) { - *outlen = x; - err = CRYPT_BUFFER_OVERFLOW; - goto done; - } - zeromem(out, x); - if ((err = mp_to_unsigned_bin(result->x, out + (x - mp_unsigned_bin_size(result->x)))) != CRYPT_OK) { goto done; } - - err = CRYPT_OK; - *outlen = x; -done: - mp_clear(prime); - ltc_ecc_del_point(result); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_sign_hash.c b/libs/tomcrypt/src/pk/ecc/ecc_sign_hash.c deleted file mode 100644 index 6314952aaf5..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_sign_hash.c +++ /dev/null @@ -1,167 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MECC - -/** - @file ecc_sign_hash.c - ECC Crypto, Tom St Denis -*/ - -static int _ecc_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, ecc_key *key, int sigformat) -{ - ecc_key pubkey; - void *r, *s, *e, *p, *b; - int err, max_iterations = LTC_PK_MAX_RETRIES; - unsigned long pbits, pbytes, i, shift_right; - unsigned char ch, buf[MAXBLOCKSIZE]; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* is this a private key? */ - if (key->type != PK_PRIVATE) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* is the IDX valid ? */ - if (ltc_ecc_is_valid_idx(key->idx) != 1) { - return CRYPT_PK_INVALID_TYPE; - } - - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - /* init the bignums */ - if ((err = mp_init_multi(&r, &s, &p, &e, &b, NULL)) != CRYPT_OK) { - return err; - } - if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto errnokey; } - - /* get the hash and load it as a bignum into 'e' */ - pbits = mp_count_bits(p); - pbytes = (pbits+7) >> 3; - if (pbits > inlen*8) { - if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, inlen)) != CRYPT_OK) { goto errnokey; } - } - else if (pbits % 8 == 0) { - if ((err = mp_read_unsigned_bin(e, (unsigned char *)in, pbytes)) != CRYPT_OK) { goto errnokey; } - } - else { - shift_right = 8 - pbits % 8; - for (i=0, ch=0; i<pbytes; i++) { - buf[i] = ch; - ch = (in[i] << (8-shift_right)); - buf[i] = buf[i] ^ (in[i] >> shift_right); - } - if ((err = mp_read_unsigned_bin(e, (unsigned char *)buf, pbytes)) != CRYPT_OK) { goto errnokey; } - } - - /* make up a key and export the public copy */ - do { - if ((err = ecc_make_key_ex(prng, wprng, &pubkey, key->dp)) != CRYPT_OK) { - goto errnokey; - } - - /* find r = x1 mod n */ - if ((err = mp_mod(pubkey.pubkey.x, p, r)) != CRYPT_OK) { goto error; } - - if (mp_iszero(r) == LTC_MP_YES) { - ecc_free(&pubkey); - } else { - if ((err = rand_bn_upto(b, p, prng, wprng)) != CRYPT_OK) { goto error; } /* b = blinding value */ - /* find s = (e + xr)/k */ - if ((err = mp_mulmod(pubkey.k, b, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = kb */ - if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/kb */ - if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */ - if ((err = mp_mulmod(pubkey.k, s, p, s)) != CRYPT_OK) { goto error; } /* s = xr/kb */ - if ((err = mp_mulmod(pubkey.k, e, p, e)) != CRYPT_OK) { goto error; } /* e = e/kb */ - if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e/kb + xr/kb */ - if ((err = mp_mulmod(s, b, p, s)) != CRYPT_OK) { goto error; } /* s = b(e/kb + xr/kb) = (e + xr)/k */ - ecc_free(&pubkey); - if (mp_iszero(s) == LTC_MP_NO) { - break; - } - } - } while (--max_iterations > 0); - - if (max_iterations == 0) { - goto errnokey; - } - - if (sigformat == 1) { - /* RFC7518 format */ - if (*outlen < 2*pbytes) { err = CRYPT_MEM; goto errnokey; } - zeromem(out, 2*pbytes); - i = mp_unsigned_bin_size(r); - if ((err = mp_to_unsigned_bin(r, out + (pbytes - i))) != CRYPT_OK) { goto errnokey; } - i = mp_unsigned_bin_size(s); - if ((err = mp_to_unsigned_bin(s, out + (2*pbytes - i))) != CRYPT_OK) { goto errnokey; } - *outlen = 2*pbytes; - err = CRYPT_OK; - } - else { - /* store as ASN.1 SEQUENCE { r, s -- integer } */ - err = der_encode_sequence_multi(out, outlen, - LTC_ASN1_INTEGER, 1UL, r, - LTC_ASN1_INTEGER, 1UL, s, - LTC_ASN1_EOL, 0UL, NULL); - } - goto errnokey; -error: - ecc_free(&pubkey); -errnokey: - mp_clear_multi(r, s, p, e, b, NULL); - return err; -} - -/** - Sign a message digest - @param in The message digest to sign - @param inlen The length of the digest - @param out [out] The destination for the signature - @param outlen [in/out] The max size and resulting size of the signature - @param prng An active PRNG state - @param wprng The index of the PRNG you wish to use - @param key A private ECC key - @return CRYPT_OK if successful -*/ -int ecc_sign_hash(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, ecc_key *key) -{ - return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 0); -} - -/** - Sign a message digest in RFC7518 format - @param in The message digest to sign - @param inlen The length of the digest - @param out [out] The destination for the signature - @param outlen [in/out] The max size and resulting size of the signature - @param prng An active PRNG state - @param wprng The index of the PRNG you wish to use - @param key A private ECC key - @return CRYPT_OK if successful -*/ -int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - prng_state *prng, int wprng, ecc_key *key) -{ - return _ecc_sign_hash(in, inlen, out, outlen, prng, wprng, key, 1); -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_sizes.c b/libs/tomcrypt/src/pk/ecc/ecc_sizes.c deleted file mode 100644 index 217292fb69f..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_sizes.c +++ /dev/null @@ -1,42 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ecc_sizes.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -void ecc_sizes(int *low, int *high) -{ - int i; - LTC_ARGCHKVD(low != NULL); - LTC_ARGCHKVD(high != NULL); - - *low = INT_MAX; - *high = 0; - for (i = 0; ltc_ecc_sets[i].size != 0; i++) { - if (ltc_ecc_sets[i].size < *low) { - *low = ltc_ecc_sets[i].size; - } - if (ltc_ecc_sets[i].size > *high) { - *high = ltc_ecc_sets[i].size; - } - } -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ecc_verify_hash.c b/libs/tomcrypt/src/pk/ecc/ecc_verify_hash.c deleted file mode 100644 index d3779c07137..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ecc_verify_hash.c +++ /dev/null @@ -1,196 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MECC - -/** - @file ecc_verify_hash.c - ECC Crypto, Tom St Denis -*/ - -static int _ecc_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, ecc_key *key, int sigformat) -{ - ecc_point *mG, *mQ; - void *r, *s, *v, *w, *u1, *u2, *e, *p, *m; - void *mp; - int err; - unsigned long pbits, pbytes, i, shift_right; - unsigned char ch, buf[MAXBLOCKSIZE]; - - LTC_ARGCHK(sig != NULL); - LTC_ARGCHK(hash != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - - /* default to invalid signature */ - *stat = 0; - mp = NULL; - - /* is the IDX valid ? */ - if (ltc_ecc_is_valid_idx(key->idx) != 1) { - return CRYPT_PK_INVALID_TYPE; - } - - /* allocate ints */ - if ((err = mp_init_multi(&r, &s, &v, &w, &u1, &u2, &p, &e, &m, NULL)) != CRYPT_OK) { - return CRYPT_MEM; - } - - /* allocate points */ - mG = ltc_ecc_new_point(); - mQ = ltc_ecc_new_point(); - if (mQ == NULL || mG == NULL) { - err = CRYPT_MEM; - goto error; - } - - if (sigformat == 1) { - /* RFC7518 format */ - if ((siglen % 2) == 1) { - err = CRYPT_INVALID_PACKET; - goto error; - } - i = siglen / 2; - if ((err = mp_read_unsigned_bin(r, (unsigned char *)sig, i)) != CRYPT_OK) { goto error; } - if ((err = mp_read_unsigned_bin(s, (unsigned char *)sig+i, i)) != CRYPT_OK) { goto error; } - } - else { - /* ASN.1 format */ - if ((err = der_decode_sequence_multi(sig, siglen, - LTC_ASN1_INTEGER, 1UL, r, - LTC_ASN1_INTEGER, 1UL, s, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto error; } - } - - /* get the order */ - if ((err = mp_read_radix(p, (char *)key->dp->order, 16)) != CRYPT_OK) { goto error; } - - /* get the modulus */ - if ((err = mp_read_radix(m, (char *)key->dp->prime, 16)) != CRYPT_OK) { goto error; } - - /* check for zero */ - if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, p) != LTC_MP_LT || mp_cmp(s, p) != LTC_MP_LT) { - err = CRYPT_INVALID_PACKET; - goto error; - } - - /* read hash - truncate if needed */ - pbits = mp_count_bits(p); - pbytes = (pbits+7) >> 3; - if (pbits > hashlen*8) { - if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, hashlen)) != CRYPT_OK) { goto error; } - } - else if (pbits % 8 == 0) { - if ((err = mp_read_unsigned_bin(e, (unsigned char *)hash, pbytes)) != CRYPT_OK) { goto error; } - } - else { - shift_right = 8 - pbits % 8; - for (i=0, ch=0; i<pbytes; i++) { - buf[i] = ch; - ch = (hash[i] << (8-shift_right)); - buf[i] = buf[i] ^ (hash[i] >> shift_right); - } - if ((err = mp_read_unsigned_bin(e, (unsigned char *)buf, pbytes)) != CRYPT_OK) { goto error; } - } - - /* w = s^-1 mod n */ - if ((err = mp_invmod(s, p, w)) != CRYPT_OK) { goto error; } - - /* u1 = ew */ - if ((err = mp_mulmod(e, w, p, u1)) != CRYPT_OK) { goto error; } - - /* u2 = rw */ - if ((err = mp_mulmod(r, w, p, u2)) != CRYPT_OK) { goto error; } - - /* find mG and mQ */ - if ((err = mp_read_radix(mG->x, (char *)key->dp->Gx, 16)) != CRYPT_OK) { goto error; } - if ((err = mp_read_radix(mG->y, (char *)key->dp->Gy, 16)) != CRYPT_OK) { goto error; } - if ((err = mp_set(mG->z, 1)) != CRYPT_OK) { goto error; } - - if ((err = mp_copy(key->pubkey.x, mQ->x)) != CRYPT_OK) { goto error; } - if ((err = mp_copy(key->pubkey.y, mQ->y)) != CRYPT_OK) { goto error; } - if ((err = mp_copy(key->pubkey.z, mQ->z)) != CRYPT_OK) { goto error; } - - /* compute u1*mG + u2*mQ = mG */ - if (ltc_mp.ecc_mul2add == NULL) { - if ((err = ltc_mp.ecc_ptmul(u1, mG, mG, m, 0)) != CRYPT_OK) { goto error; } - if ((err = ltc_mp.ecc_ptmul(u2, mQ, mQ, m, 0)) != CRYPT_OK) { goto error; } - - /* find the montgomery mp */ - if ((err = mp_montgomery_setup(m, &mp)) != CRYPT_OK) { goto error; } - - /* add them */ - if ((err = ltc_mp.ecc_ptadd(mQ, mG, mG, m, mp)) != CRYPT_OK) { goto error; } - - /* reduce */ - if ((err = ltc_mp.ecc_map(mG, m, mp)) != CRYPT_OK) { goto error; } - } else { - /* use Shamir's trick to compute u1*mG + u2*mQ using half of the doubles */ - if ((err = ltc_mp.ecc_mul2add(mG, u1, mQ, u2, mG, m)) != CRYPT_OK) { goto error; } - } - - /* v = X_x1 mod n */ - if ((err = mp_mod(mG->x, p, v)) != CRYPT_OK) { goto error; } - - /* does v == r */ - if (mp_cmp(v, r) == LTC_MP_EQ) { - *stat = 1; - } - - /* clear up and return */ - err = CRYPT_OK; -error: - ltc_ecc_del_point(mG); - ltc_ecc_del_point(mQ); - mp_clear_multi(r, s, v, w, u1, u2, p, e, m, NULL); - if (mp != NULL) { - mp_montgomery_free(mp); - } - return err; -} - -/** - Verify an ECC signature - @param sig The signature to verify - @param siglen The length of the signature (octets) - @param hash The hash (message digest) that was signed - @param hashlen The length of the hash (octets) - @param stat Result of signature, 1==valid, 0==invalid - @param key The corresponding public ECC key - @return CRYPT_OK if successful (even if the signature is not valid) -*/ -int ecc_verify_hash(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, ecc_key *key) -{ - return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 0); -} - -/** - Verify an ECC signature in RFC7518 format - @param sig The signature to verify - @param siglen The length of the signature (octets) - @param hash The hash (message digest) that was signed - @param hashlen The length of the hash (octets) - @param stat Result of signature, 1==valid, 0==invalid - @param key The corresponding public ECC key - @return CRYPT_OK if successful (even if the signature is not valid) -*/ -int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int *stat, ecc_key *key) -{ - return _ecc_verify_hash(sig, siglen, hash, hashlen, stat, key, 1); -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c b/libs/tomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c deleted file mode 100644 index 0bc7142bad8..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ltc_ecc_is_valid_idx.c +++ /dev/null @@ -1,40 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ltc_ecc_is_valid_idx.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** Returns whether an ECC idx is valid or not - @param n The idx number to check - @return 1 if valid, 0 if not -*/ -int ltc_ecc_is_valid_idx(int n) -{ - int x; - - for (x = 0; ltc_ecc_sets[x].size != 0; x++); - /* -1 is a valid index --- indicating that the domain params were supplied by the user */ - if ((n >= -1) && (n < x)) { - return 1; - } - return 0; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ltc_ecc_map.c b/libs/tomcrypt/src/pk/ecc/ltc_ecc_map.c deleted file mode 100644 index 7f953964cb7..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ltc_ecc_map.c +++ /dev/null @@ -1,69 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ltc_ecc_map.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** - Map a projective jacbobian point back to affine space - @param P [in/out] The point to map - @param modulus The modulus of the field the ECC curve is in - @param mp The "b" value from montgomery_setup() - @return CRYPT_OK on success -*/ -int ltc_ecc_map(ecc_point *P, void *modulus, void *mp) -{ - void *t1, *t2; - int err; - - LTC_ARGCHK(P != NULL); - LTC_ARGCHK(modulus != NULL); - LTC_ARGCHK(mp != NULL); - - if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { - return err; - } - - /* first map z back to normal */ - if ((err = mp_montgomery_reduce(P->z, modulus, mp)) != CRYPT_OK) { goto done; } - - /* get 1/z */ - if ((err = mp_invmod(P->z, modulus, t1)) != CRYPT_OK) { goto done; } - - /* get 1/z^2 and 1/z^3 */ - if ((err = mp_sqr(t1, t2)) != CRYPT_OK) { goto done; } - if ((err = mp_mod(t2, modulus, t2)) != CRYPT_OK) { goto done; } - if ((err = mp_mul(t1, t2, t1)) != CRYPT_OK) { goto done; } - if ((err = mp_mod(t1, modulus, t1)) != CRYPT_OK) { goto done; } - - /* multiply against x/y */ - if ((err = mp_mul(P->x, t2, P->x)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(P->x, modulus, mp)) != CRYPT_OK) { goto done; } - if ((err = mp_mul(P->y, t1, P->y)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(P->y, modulus, mp)) != CRYPT_OK) { goto done; } - if ((err = mp_set(P->z, 1)) != CRYPT_OK) { goto done; } - - err = CRYPT_OK; -done: - mp_clear_multi(t1, t2, NULL); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ltc_ecc_mul2add.c b/libs/tomcrypt/src/pk/ecc/ltc_ecc_mul2add.c deleted file mode 100644 index bbbca8133d7..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ltc_ecc_mul2add.c +++ /dev/null @@ -1,202 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ltc_ecc_mul2add.c - ECC Crypto, Shamir's Trick, Tom St Denis -*/ - -#ifdef LTC_MECC - -#ifdef LTC_ECC_SHAMIR - -/** Computes kA*A + kB*B = C using Shamir's Trick - @param A First point to multiply - @param kA What to multiple A by - @param B Second point to multiply - @param kB What to multiple B by - @param C [out] Destination point (can overlap with A or B - @param modulus Modulus for curve - @return CRYPT_OK on success -*/ -int ltc_ecc_mul2add(ecc_point *A, void *kA, - ecc_point *B, void *kB, - ecc_point *C, - void *modulus) -{ - ecc_point *precomp[16]; - unsigned bitbufA, bitbufB, lenA, lenB, len, x, y, nA, nB, nibble; - unsigned char *tA, *tB; - int err, first; - void *mp, *mu; - - /* argchks */ - LTC_ARGCHK(A != NULL); - LTC_ARGCHK(B != NULL); - LTC_ARGCHK(C != NULL); - LTC_ARGCHK(kA != NULL); - LTC_ARGCHK(kB != NULL); - LTC_ARGCHK(modulus != NULL); - - /* allocate memory */ - tA = XCALLOC(1, ECC_BUF_SIZE); - if (tA == NULL) { - return CRYPT_MEM; - } - tB = XCALLOC(1, ECC_BUF_SIZE); - if (tB == NULL) { - XFREE(tA); - return CRYPT_MEM; - } - - /* get sizes */ - lenA = mp_unsigned_bin_size(kA); - lenB = mp_unsigned_bin_size(kB); - len = MAX(lenA, lenB); - - /* sanity check */ - if ((lenA > ECC_BUF_SIZE) || (lenB > ECC_BUF_SIZE)) { - err = CRYPT_INVALID_ARG; - goto ERR_T; - } - - /* extract and justify kA */ - mp_to_unsigned_bin(kA, (len - lenA) + tA); - - /* extract and justify kB */ - mp_to_unsigned_bin(kB, (len - lenB) + tB); - - /* allocate the table */ - for (x = 0; x < 16; x++) { - precomp[x] = ltc_ecc_new_point(); - if (precomp[x] == NULL) { - for (y = 0; y < x; ++y) { - ltc_ecc_del_point(precomp[y]); - } - err = CRYPT_MEM; - goto ERR_T; - } - } - - /* init montgomery reduction */ - if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { - goto ERR_P; - } - if ((err = mp_init(&mu)) != CRYPT_OK) { - goto ERR_MP; - } - if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { - goto ERR_MU; - } - - /* copy ones ... */ - if ((err = mp_mulmod(A->x, mu, modulus, precomp[1]->x)) != CRYPT_OK) { goto ERR_MU; } - if ((err = mp_mulmod(A->y, mu, modulus, precomp[1]->y)) != CRYPT_OK) { goto ERR_MU; } - if ((err = mp_mulmod(A->z, mu, modulus, precomp[1]->z)) != CRYPT_OK) { goto ERR_MU; } - - if ((err = mp_mulmod(B->x, mu, modulus, precomp[1<<2]->x)) != CRYPT_OK) { goto ERR_MU; } - if ((err = mp_mulmod(B->y, mu, modulus, precomp[1<<2]->y)) != CRYPT_OK) { goto ERR_MU; } - if ((err = mp_mulmod(B->z, mu, modulus, precomp[1<<2]->z)) != CRYPT_OK) { goto ERR_MU; } - - /* precomp [i,0](A + B) table */ - if ((err = ltc_mp.ecc_ptdbl(precomp[1], precomp[2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } - if ((err = ltc_mp.ecc_ptadd(precomp[1], precomp[2], precomp[3], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } - - /* precomp [0,i](A + B) table */ - if ((err = ltc_mp.ecc_ptdbl(precomp[1<<2], precomp[2<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } - if ((err = ltc_mp.ecc_ptadd(precomp[1<<2], precomp[2<<2], precomp[3<<2], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } - - /* precomp [i,j](A + B) table (i != 0, j != 0) */ - for (x = 1; x < 4; x++) { - for (y = 1; y < 4; y++) { - if ((err = ltc_mp.ecc_ptadd(precomp[x], precomp[(y<<2)], precomp[x+(y<<2)], modulus, mp)) != CRYPT_OK) { goto ERR_MU; } - } - } - - nibble = 3; - first = 1; - bitbufA = tA[0]; - bitbufB = tB[0]; - - /* for every byte of the multiplicands */ - for (x = 0;; ) { - /* grab a nibble */ - if (++nibble == 4) { - if (x == len) break; - bitbufA = tA[x]; - bitbufB = tB[x]; - nibble = 0; - ++x; - } - - /* extract two bits from both, shift/update */ - nA = (bitbufA >> 6) & 0x03; - nB = (bitbufB >> 6) & 0x03; - bitbufA = (bitbufA << 2) & 0xFF; - bitbufB = (bitbufB << 2) & 0xFF; - - /* if both zero, if first, continue */ - if ((nA == 0) && (nB == 0) && (first == 1)) { - continue; - } - - /* double twice, only if this isn't the first */ - if (first == 0) { - /* double twice */ - if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } - if ((err = ltc_mp.ecc_ptdbl(C, C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } - } - - /* if not both zero */ - if ((nA != 0) || (nB != 0)) { - if (first == 1) { - /* if first, copy from table */ - first = 0; - if ((err = mp_copy(precomp[nA + (nB<<2)]->x, C->x)) != CRYPT_OK) { goto ERR_MU; } - if ((err = mp_copy(precomp[nA + (nB<<2)]->y, C->y)) != CRYPT_OK) { goto ERR_MU; } - if ((err = mp_copy(precomp[nA + (nB<<2)]->z, C->z)) != CRYPT_OK) { goto ERR_MU; } - } else { - /* if not first, add from table */ - if ((err = ltc_mp.ecc_ptadd(C, precomp[nA + (nB<<2)], C, modulus, mp)) != CRYPT_OK) { goto ERR_MU; } - } - } - } - - /* reduce to affine */ - err = ltc_ecc_map(C, modulus, mp); - - /* clean up */ -ERR_MU: - mp_clear(mu); -ERR_MP: - mp_montgomery_free(mp); -ERR_P: - for (x = 0; x < 16; x++) { - ltc_ecc_del_point(precomp[x]); - } -ERR_T: -#ifdef LTC_CLEAN_STACK - zeromem(tA, ECC_BUF_SIZE); - zeromem(tB, ECC_BUF_SIZE); -#endif - XFREE(tA); - XFREE(tB); - - return err; -} - -#endif -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ltc_ecc_mulmod.c b/libs/tomcrypt/src/pk/ecc/ltc_ecc_mulmod.c deleted file mode 100644 index 8a64d788c10..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ltc_ecc_mulmod.c +++ /dev/null @@ -1,216 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ltc_ecc_mulmod.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC -#ifndef LTC_ECC_TIMING_RESISTANT - -/* size of sliding window, don't change this! */ -#define WINSIZE 4 - -/** - Perform a point multiplication - @param k The scalar to multiply by - @param G The base point - @param R [out] Destination for kG - @param modulus The modulus of the field the ECC curve is in - @param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective) - @return CRYPT_OK on success -*/ -int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) -{ - ecc_point *tG, *M[8]; - int i, j, err; - void *mu, *mp; - ltc_mp_digit buf; - int first, bitbuf, bitcpy, bitcnt, mode, digidx; - - LTC_ARGCHK(k != NULL); - LTC_ARGCHK(G != NULL); - LTC_ARGCHK(R != NULL); - LTC_ARGCHK(modulus != NULL); - - /* init montgomery reduction */ - if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { - return err; - } - if ((err = mp_init(&mu)) != CRYPT_OK) { - mp_montgomery_free(mp); - return err; - } - if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { - mp_montgomery_free(mp); - mp_clear(mu); - return err; - } - - /* alloc ram for window temps */ - for (i = 0; i < 8; i++) { - M[i] = ltc_ecc_new_point(); - if (M[i] == NULL) { - for (j = 0; j < i; j++) { - ltc_ecc_del_point(M[j]); - } - mp_montgomery_free(mp); - mp_clear(mu); - return CRYPT_MEM; - } - } - - /* make a copy of G incase R==G */ - tG = ltc_ecc_new_point(); - if (tG == NULL) { err = CRYPT_MEM; goto done; } - - /* tG = G and convert to montgomery */ - if (mp_cmp_d(mu, 1) == LTC_MP_EQ) { - if ((err = mp_copy(G->x, tG->x)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(G->y, tG->y)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(G->z, tG->z)) != CRYPT_OK) { goto done; } - } else { - if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; } - if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; } - if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; } - } - mp_clear(mu); - mu = NULL; - - /* calc the M tab, which holds kG for k==8..15 */ - /* M[0] == 8G */ - if ((err = ltc_mp.ecc_ptdbl(tG, M[0], modulus, mp)) != CRYPT_OK) { goto done; } - if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; } - if ((err = ltc_mp.ecc_ptdbl(M[0], M[0], modulus, mp)) != CRYPT_OK) { goto done; } - - /* now find (8+k)G for k=1..7 */ - for (j = 9; j < 16; j++) { - if ((err = ltc_mp.ecc_ptadd(M[j-9], tG, M[j-8], modulus, mp)) != CRYPT_OK) { goto done; } - } - - /* setup sliding window */ - mode = 0; - bitcnt = 1; - buf = 0; - digidx = mp_get_digit_count(k) - 1; - bitcpy = bitbuf = 0; - first = 1; - - /* perform ops */ - for (;;) { - /* grab next digit as required */ - if (--bitcnt == 0) { - if (digidx == -1) { - break; - } - buf = mp_get_digit(k, digidx); - bitcnt = (int) ltc_mp.bits_per_digit; - --digidx; - } - - /* grab the next msb from the ltiplicand */ - i = (buf >> (ltc_mp.bits_per_digit - 1)) & 1; - buf <<= 1; - - /* skip leading zero bits */ - if (mode == 0 && i == 0) { - continue; - } - - /* if the bit is zero and mode == 1 then we double */ - if (mode == 1 && i == 0) { - if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; } - continue; - } - - /* else we add it to the window */ - bitbuf |= (i << (WINSIZE - ++bitcpy)); - mode = 2; - - if (bitcpy == WINSIZE) { - /* if this is the first window we do a simple copy */ - if (first == 1) { - /* R = kG [k = first window] */ - if ((err = mp_copy(M[bitbuf-8]->x, R->x)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(M[bitbuf-8]->y, R->y)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(M[bitbuf-8]->z, R->z)) != CRYPT_OK) { goto done; } - first = 0; - } else { - /* normal window */ - /* ok window is filled so double as required and add */ - /* double first */ - for (j = 0; j < WINSIZE; j++) { - if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; } - } - - /* then add, bitbuf will be 8..15 [8..2^WINSIZE] guaranteed */ - if ((err = ltc_mp.ecc_ptadd(R, M[bitbuf-8], R, modulus, mp)) != CRYPT_OK) { goto done; } - } - /* empty window and reset */ - bitcpy = bitbuf = 0; - mode = 1; - } - } - - /* if bits remain then double/add */ - if (mode == 2 && bitcpy > 0) { - /* double then add */ - for (j = 0; j < bitcpy; j++) { - /* only double if we have had at least one add first */ - if (first == 0) { - if ((err = ltc_mp.ecc_ptdbl(R, R, modulus, mp)) != CRYPT_OK) { goto done; } - } - - bitbuf <<= 1; - if ((bitbuf & (1 << WINSIZE)) != 0) { - if (first == 1){ - /* first add, so copy */ - if ((err = mp_copy(tG->x, R->x)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(tG->y, R->y)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(tG->z, R->z)) != CRYPT_OK) { goto done; } - first = 0; - } else { - /* then add */ - if ((err = ltc_mp.ecc_ptadd(R, tG, R, modulus, mp)) != CRYPT_OK) { goto done; } - } - } - } - } - - /* map R back from projective space */ - if (map) { - err = ltc_ecc_map(R, modulus, mp); - } else { - err = CRYPT_OK; - } -done: - if (mu != NULL) { - mp_clear(mu); - } - mp_montgomery_free(mp); - ltc_ecc_del_point(tG); - for (i = 0; i < 8; i++) { - ltc_ecc_del_point(M[i]); - } - return err; -} - -#endif - -#undef WINSIZE - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c b/libs/tomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c deleted file mode 100644 index 299ef2087f2..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ltc_ecc_mulmod_timing.c +++ /dev/null @@ -1,159 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ltc_ecc_mulmod_timing.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -#ifdef LTC_ECC_TIMING_RESISTANT - -/** - Perform a point multiplication (timing resistant) - @param k The scalar to multiply by - @param G The base point - @param R [out] Destination for kG - @param modulus The modulus of the field the ECC curve is in - @param map Boolean whether to map back to affine or not (1==map, 0 == leave in projective) - @return CRYPT_OK on success -*/ -int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map) -{ - ecc_point *tG, *M[3]; - int i, j, err; - void *mu, *mp; - ltc_mp_digit buf; - int bitcnt, mode, digidx; - - LTC_ARGCHK(k != NULL); - LTC_ARGCHK(G != NULL); - LTC_ARGCHK(R != NULL); - LTC_ARGCHK(modulus != NULL); - - /* init montgomery reduction */ - if ((err = mp_montgomery_setup(modulus, &mp)) != CRYPT_OK) { - return err; - } - if ((err = mp_init(&mu)) != CRYPT_OK) { - mp_montgomery_free(mp); - return err; - } - if ((err = mp_montgomery_normalization(mu, modulus)) != CRYPT_OK) { - mp_clear(mu); - mp_montgomery_free(mp); - return err; - } - - /* alloc ram for window temps */ - for (i = 0; i < 3; i++) { - M[i] = ltc_ecc_new_point(); - if (M[i] == NULL) { - for (j = 0; j < i; j++) { - ltc_ecc_del_point(M[j]); - } - mp_clear(mu); - mp_montgomery_free(mp); - return CRYPT_MEM; - } - } - - /* make a copy of G incase R==G */ - tG = ltc_ecc_new_point(); - if (tG == NULL) { err = CRYPT_MEM; goto done; } - - /* tG = G and convert to montgomery */ - if ((err = mp_mulmod(G->x, mu, modulus, tG->x)) != CRYPT_OK) { goto done; } - if ((err = mp_mulmod(G->y, mu, modulus, tG->y)) != CRYPT_OK) { goto done; } - if ((err = mp_mulmod(G->z, mu, modulus, tG->z)) != CRYPT_OK) { goto done; } - mp_clear(mu); - mu = NULL; - - /* calc the M tab */ - /* M[0] == G */ - if ((err = mp_copy(tG->x, M[0]->x)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(tG->y, M[0]->y)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(tG->z, M[0]->z)) != CRYPT_OK) { goto done; } - /* M[1] == 2G */ - if ((err = ltc_mp.ecc_ptdbl(tG, M[1], modulus, mp)) != CRYPT_OK) { goto done; } - - /* setup sliding window */ - mode = 0; - bitcnt = 1; - buf = 0; - digidx = mp_get_digit_count(k) - 1; - - /* perform ops */ - for (;;) { - /* grab next digit as required */ - if (--bitcnt == 0) { - if (digidx == -1) { - break; - } - buf = mp_get_digit(k, digidx); - bitcnt = (int) MP_DIGIT_BIT; - --digidx; - } - - /* grab the next msb from the ltiplicand */ - i = (buf >> (MP_DIGIT_BIT - 1)) & 1; - buf <<= 1; - - if (mode == 0 && i == 0) { - /* dummy operations */ - if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } - if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } - continue; - } - - if (mode == 0 && i == 1) { - mode = 1; - /* dummy operations */ - if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } - if ((err = ltc_mp.ecc_ptdbl(M[1], M[2], modulus, mp)) != CRYPT_OK) { goto done; } - continue; - } - - if ((err = ltc_mp.ecc_ptadd(M[0], M[1], M[i^1], modulus, mp)) != CRYPT_OK) { goto done; } - if ((err = ltc_mp.ecc_ptdbl(M[i], M[i], modulus, mp)) != CRYPT_OK) { goto done; } - } - - /* copy result out */ - if ((err = mp_copy(M[0]->x, R->x)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(M[0]->y, R->y)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(M[0]->z, R->z)) != CRYPT_OK) { goto done; } - - /* map R back from projective space */ - if (map) { - err = ltc_ecc_map(R, modulus, mp); - } else { - err = CRYPT_OK; - } -done: - if (mu != NULL) { - mp_clear(mu); - } - mp_montgomery_free(mp); - ltc_ecc_del_point(tG); - for (i = 0; i < 3; i++) { - ltc_ecc_del_point(M[i]); - } - return err; -} - -#endif -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ltc_ecc_points.c b/libs/tomcrypt/src/pk/ecc/ltc_ecc_points.c deleted file mode 100644 index eadc9e8668c..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ltc_ecc_points.c +++ /dev/null @@ -1,54 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ltc_ecc_points.c - ECC Crypto, Tom St Denis -*/ - -#ifdef LTC_MECC - -/** - Allocate a new ECC point - @return A newly allocated point or NULL on error -*/ -ecc_point *ltc_ecc_new_point(void) -{ - ecc_point *p; - p = XCALLOC(1, sizeof(*p)); - if (p == NULL) { - return NULL; - } - if (mp_init_multi(&p->x, &p->y, &p->z, NULL) != CRYPT_OK) { - XFREE(p); - return NULL; - } - return p; -} - -/** Free an ECC point from memory - @param p The point to free -*/ -void ltc_ecc_del_point(ecc_point *p) -{ - /* prevents free'ing null arguments */ - if (p != NULL) { - mp_clear_multi(p->x, p->y, p->z, NULL); /* note: p->z may be NULL but that's ok with this function anyways */ - XFREE(p); - } -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c b/libs/tomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c deleted file mode 100644 index d2813194f57..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c +++ /dev/null @@ -1,189 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ltc_ecc_projective_add_point.c - ECC Crypto, Tom St Denis -*/ - -#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_DESC)) - -/** - Add two ECC points - @param P The point to add - @param Q The point to add - @param R [out] The destination of the double - @param modulus The modulus of the field the ECC curve is in - @param mp The "b" value from montgomery_setup() - @return CRYPT_OK on success -*/ -int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp) -{ - void *t1, *t2, *x, *y, *z; - int err; - - LTC_ARGCHK(P != NULL); - LTC_ARGCHK(Q != NULL); - LTC_ARGCHK(R != NULL); - LTC_ARGCHK(modulus != NULL); - LTC_ARGCHK(mp != NULL); - - if ((err = mp_init_multi(&t1, &t2, &x, &y, &z, NULL)) != CRYPT_OK) { - return err; - } - - /* should we dbl instead? */ - if ((err = mp_sub(modulus, Q->y, t1)) != CRYPT_OK) { goto done; } - - if ( (mp_cmp(P->x, Q->x) == LTC_MP_EQ) && - (Q->z != NULL && mp_cmp(P->z, Q->z) == LTC_MP_EQ) && - (mp_cmp(P->y, Q->y) == LTC_MP_EQ || mp_cmp(P->y, t1) == LTC_MP_EQ)) { - mp_clear_multi(t1, t2, x, y, z, NULL); - return ltc_ecc_projective_dbl_point(P, R, modulus, mp); - } - - if ((err = mp_copy(P->x, x)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(P->y, y)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(P->z, z)) != CRYPT_OK) { goto done; } - - /* if Z is one then these are no-operations */ - if (Q->z != NULL) { - /* T1 = Z' * Z' */ - if ((err = mp_sqr(Q->z, t1)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } - /* X = X * T1 */ - if ((err = mp_mul(t1, x, x)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } - /* T1 = Z' * T1 */ - if ((err = mp_mul(Q->z, t1, t1)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } - /* Y = Y * T1 */ - if ((err = mp_mul(t1, y, y)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(y, modulus, mp)) != CRYPT_OK) { goto done; } - } - - /* T1 = Z*Z */ - if ((err = mp_sqr(z, t1)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } - /* T2 = X' * T1 */ - if ((err = mp_mul(Q->x, t1, t2)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } - /* T1 = Z * T1 */ - if ((err = mp_mul(z, t1, t1)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } - /* T1 = Y' * T1 */ - if ((err = mp_mul(Q->y, t1, t1)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } - - /* Y = Y - T1 */ - if ((err = mp_sub(y, t1, y)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(y, 0) == LTC_MP_LT) { - if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } - } - /* T1 = 2T1 */ - if ((err = mp_add(t1, t1, t1)) != CRYPT_OK) { goto done; } - if (mp_cmp(t1, modulus) != LTC_MP_LT) { - if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } - } - /* T1 = Y + T1 */ - if ((err = mp_add(t1, y, t1)) != CRYPT_OK) { goto done; } - if (mp_cmp(t1, modulus) != LTC_MP_LT) { - if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } - } - /* X = X - T2 */ - if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(x, 0) == LTC_MP_LT) { - if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; } - } - /* T2 = 2T2 */ - if ((err = mp_add(t2, t2, t2)) != CRYPT_OK) { goto done; } - if (mp_cmp(t2, modulus) != LTC_MP_LT) { - if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; } - } - /* T2 = X + T2 */ - if ((err = mp_add(t2, x, t2)) != CRYPT_OK) { goto done; } - if (mp_cmp(t2, modulus) != LTC_MP_LT) { - if ((err = mp_sub(t2, modulus, t2)) != CRYPT_OK) { goto done; } - } - - /* if Z' != 1 */ - if (Q->z != NULL) { - /* Z = Z * Z' */ - if ((err = mp_mul(z, Q->z, z)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; } - } - - /* Z = Z * X */ - if ((err = mp_mul(z, x, z)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(z, modulus, mp)) != CRYPT_OK) { goto done; } - - /* T1 = T1 * X */ - if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } - /* X = X * X */ - if ((err = mp_sqr(x, x)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } - /* T2 = T2 * x */ - if ((err = mp_mul(t2, x, t2)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } - /* T1 = T1 * X */ - if ((err = mp_mul(t1, x, t1)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } - - /* X = Y*Y */ - if ((err = mp_sqr(y, x)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(x, modulus, mp)) != CRYPT_OK) { goto done; } - /* X = X - T2 */ - if ((err = mp_sub(x, t2, x)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(x, 0) == LTC_MP_LT) { - if ((err = mp_add(x, modulus, x)) != CRYPT_OK) { goto done; } - } - - /* T2 = T2 - X */ - if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(t2, 0) == LTC_MP_LT) { - if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } - } - /* T2 = T2 - X */ - if ((err = mp_sub(t2, x, t2)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(t2, 0) == LTC_MP_LT) { - if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } - } - /* T2 = T2 * Y */ - if ((err = mp_mul(t2, y, t2)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } - /* Y = T2 - T1 */ - if ((err = mp_sub(t2, t1, y)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(y, 0) == LTC_MP_LT) { - if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } - } - /* Y = Y/2 */ - if (mp_isodd(y)) { - if ((err = mp_add(y, modulus, y)) != CRYPT_OK) { goto done; } - } - if ((err = mp_div_2(y, y)) != CRYPT_OK) { goto done; } - - if ((err = mp_copy(x, R->x)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(y, R->y)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(z, R->z)) != CRYPT_OK) { goto done; } - - err = CRYPT_OK; -done: - mp_clear_multi(t1, t2, x, y, z, NULL); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c b/libs/tomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c deleted file mode 100644 index fd7f98142c1..00000000000 --- a/libs/tomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c +++ /dev/null @@ -1,141 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -/* Implements ECC over Z/pZ for curve y^2 = x^3 - 3x + b - * - * All curves taken from NIST recommendation paper of July 1999 - * Available at http://csrc.nist.gov/cryptval/dss.htm - */ -#include "tomcrypt.h" - -/** - @file ltc_ecc_projective_dbl_point.c - ECC Crypto, Tom St Denis -*/ - -#if defined(LTC_MECC) && (!defined(LTC_MECC_ACCEL) || defined(LTM_DESC)) - -/** - Double an ECC point - @param P The point to double - @param R [out] The destination of the double - @param modulus The modulus of the field the ECC curve is in - @param mp The "b" value from montgomery_setup() - @return CRYPT_OK on success -*/ -int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp) -{ - void *t1, *t2; - int err; - - LTC_ARGCHK(P != NULL); - LTC_ARGCHK(R != NULL); - LTC_ARGCHK(modulus != NULL); - LTC_ARGCHK(mp != NULL); - - if ((err = mp_init_multi(&t1, &t2, NULL)) != CRYPT_OK) { - return err; - } - - if (P != R) { - if ((err = mp_copy(P->x, R->x)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(P->y, R->y)) != CRYPT_OK) { goto done; } - if ((err = mp_copy(P->z, R->z)) != CRYPT_OK) { goto done; } - } - - /* t1 = Z * Z */ - if ((err = mp_sqr(R->z, t1)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t1, modulus, mp)) != CRYPT_OK) { goto done; } - /* Z = Y * Z */ - if ((err = mp_mul(R->z, R->y, R->z)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(R->z, modulus, mp)) != CRYPT_OK) { goto done; } - /* Z = 2Z */ - if ((err = mp_add(R->z, R->z, R->z)) != CRYPT_OK) { goto done; } - if (mp_cmp(R->z, modulus) != LTC_MP_LT) { - if ((err = mp_sub(R->z, modulus, R->z)) != CRYPT_OK) { goto done; } - } - - /* T2 = X - T1 */ - if ((err = mp_sub(R->x, t1, t2)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(t2, 0) == LTC_MP_LT) { - if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } - } - /* T1 = X + T1 */ - if ((err = mp_add(t1, R->x, t1)) != CRYPT_OK) { goto done; } - if (mp_cmp(t1, modulus) != LTC_MP_LT) { - if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } - } - /* T2 = T1 * T2 */ - if ((err = mp_mul(t1, t2, t2)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } - /* T1 = 2T2 */ - if ((err = mp_add(t2, t2, t1)) != CRYPT_OK) { goto done; } - if (mp_cmp(t1, modulus) != LTC_MP_LT) { - if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } - } - /* T1 = T1 + T2 */ - if ((err = mp_add(t1, t2, t1)) != CRYPT_OK) { goto done; } - if (mp_cmp(t1, modulus) != LTC_MP_LT) { - if ((err = mp_sub(t1, modulus, t1)) != CRYPT_OK) { goto done; } - } - - /* Y = 2Y */ - if ((err = mp_add(R->y, R->y, R->y)) != CRYPT_OK) { goto done; } - if (mp_cmp(R->y, modulus) != LTC_MP_LT) { - if ((err = mp_sub(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } - } - /* Y = Y * Y */ - if ((err = mp_sqr(R->y, R->y)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } - /* T2 = Y * Y */ - if ((err = mp_sqr(R->y, t2)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(t2, modulus, mp)) != CRYPT_OK) { goto done; } - /* T2 = T2/2 */ - if (mp_isodd(t2)) { - if ((err = mp_add(t2, modulus, t2)) != CRYPT_OK) { goto done; } - } - if ((err = mp_div_2(t2, t2)) != CRYPT_OK) { goto done; } - /* Y = Y * X */ - if ((err = mp_mul(R->y, R->x, R->y)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } - - /* X = T1 * T1 */ - if ((err = mp_sqr(t1, R->x)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(R->x, modulus, mp)) != CRYPT_OK) { goto done; } - /* X = X - Y */ - if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { - if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; } - } - /* X = X - Y */ - if ((err = mp_sub(R->x, R->y, R->x)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(R->x, 0) == LTC_MP_LT) { - if ((err = mp_add(R->x, modulus, R->x)) != CRYPT_OK) { goto done; } - } - - /* Y = Y - X */ - if ((err = mp_sub(R->y, R->x, R->y)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { - if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } - } - /* Y = Y * T1 */ - if ((err = mp_mul(R->y, t1, R->y)) != CRYPT_OK) { goto done; } - if ((err = mp_montgomery_reduce(R->y, modulus, mp)) != CRYPT_OK) { goto done; } - /* Y = Y - T2 */ - if ((err = mp_sub(R->y, t2, R->y)) != CRYPT_OK) { goto done; } - if (mp_cmp_d(R->y, 0) == LTC_MP_LT) { - if ((err = mp_add(R->y, modulus, R->y)) != CRYPT_OK) { goto done; } - } - - err = CRYPT_OK; -done: - mp_clear_multi(t1, t2, NULL); - return err; -} -#endif diff --git a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c b/libs/tomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c deleted file mode 100644 index 1864fbc7642..00000000000 --- a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_i2osp.c +++ /dev/null @@ -1,44 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pkcs_1_i2osp.c - Integer to Octet I2OSP, Tom St Denis -*/ - -#ifdef LTC_PKCS_1 - -/* always stores the same # of bytes, pads with leading zero bytes - as required - */ - -/** - PKCS #1 Integer to binary - @param n The integer to store - @param modulus_len The length of the RSA modulus - @param out [out] The destination for the integer - @return CRYPT_OK if successful -*/ -int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out) -{ - unsigned long size; - - size = mp_unsigned_bin_size(n); - - if (size > modulus_len) { - return CRYPT_BUFFER_OVERFLOW; - } - - /* store it */ - zeromem(out, modulus_len); - return mp_to_unsigned_bin(n, out+(modulus_len-size)); -} - -#endif /* LTC_PKCS_1 */ diff --git a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c b/libs/tomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c deleted file mode 100644 index 9990511b7d7..00000000000 --- a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c +++ /dev/null @@ -1,102 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pkcs_1_mgf1.c - The Mask Generation Function (MGF1) for PKCS #1, Tom St Denis -*/ - -#ifdef LTC_PKCS_1 - -/** - Perform PKCS #1 MGF1 (internal) - @param hash_idx The index of the hash desired - @param seed The seed for MGF1 - @param seedlen The length of the seed - @param mask [out] The destination - @param masklen The length of the mask desired - @return CRYPT_OK if successful -*/ -int pkcs_1_mgf1(int hash_idx, - const unsigned char *seed, unsigned long seedlen, - unsigned char *mask, unsigned long masklen) -{ - unsigned long hLen, x; - ulong32 counter; - int err; - hash_state *md; - unsigned char *buf; - - LTC_ARGCHK(seed != NULL); - LTC_ARGCHK(mask != NULL); - - /* ensure valid hash */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - - /* get hash output size */ - hLen = hash_descriptor[hash_idx].hashsize; - - /* allocate memory */ - md = XMALLOC(sizeof(hash_state)); - buf = XMALLOC(hLen); - if (md == NULL || buf == NULL) { - if (md != NULL) { - XFREE(md); - } - if (buf != NULL) { - XFREE(buf); - } - return CRYPT_MEM; - } - - /* start counter */ - counter = 0; - - while (masklen > 0) { - /* handle counter */ - STORE32H(counter, buf); - ++counter; - - /* get hash of seed || counter */ - if ((err = hash_descriptor[hash_idx].init(md)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].process(md, seed, seedlen)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].process(md, buf, 4)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].done(md, buf)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* store it */ - for (x = 0; x < hLen && masklen > 0; x++, masklen--) { - *mask++ = buf[x]; - } - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(buf, hLen); - zeromem(md, sizeof(hash_state)); -#endif - - XFREE(buf); - XFREE(md); - - return err; -} - -#endif /* LTC_PKCS_1 */ diff --git a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c b/libs/tomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c deleted file mode 100644 index 2ade070d67c..00000000000 --- a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c +++ /dev/null @@ -1,181 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pkcs_1_oaep_decode.c - OAEP Padding for PKCS #1, Tom St Denis -*/ - -#ifdef LTC_PKCS_1 - -/** - PKCS #1 v2.00 OAEP decode - @param msg The encoded data to decode - @param msglen The length of the encoded data (octets) - @param lparam The session or system data (can be NULL) - @param lparamlen The length of the lparam - @param modulus_bitlen The bit length of the RSA modulus - @param hash_idx The index of the hash desired - @param out [out] Destination of decoding - @param outlen [in/out] The max size and resulting size of the decoding - @param res [out] Result of decoding, 1==valid, 0==invalid - @return CRYPT_OK if successful -*/ -int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen, - const unsigned char *lparam, unsigned long lparamlen, - unsigned long modulus_bitlen, int hash_idx, - unsigned char *out, unsigned long *outlen, - int *res) -{ - unsigned char *DB, *seed, *mask; - unsigned long hLen, x, y, modulus_len; - int err, ret; - - LTC_ARGCHK(msg != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(res != NULL); - - /* default to invalid packet */ - *res = 0; - - /* test valid hash */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - hLen = hash_descriptor[hash_idx].hashsize; - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - - /* test hash/message size */ - if ((2*hLen >= (modulus_len - 2)) || (msglen != modulus_len)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - seed = XMALLOC(hLen); - if (DB == NULL || mask == NULL || seed == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (seed != NULL) { - XFREE(seed); - } - return CRYPT_MEM; - } - - /* ok so it's now in the form - - 0x00 || maskedseed || maskedDB - - 1 || hLen || modulus_len - hLen - 1 - - */ - - ret = CRYPT_OK; - - /* must have leading 0x00 byte */ - if (msg[0] != 0x00) { - ret = CRYPT_INVALID_PACKET; - } - - /* now read the masked seed */ - x = 1; - XMEMCPY(seed, msg + x, hLen); - x += hLen; - - /* now read the masked DB */ - XMEMCPY(DB, msg + x, modulus_len - hLen - 1); - x += modulus_len - hLen - 1; - - /* compute MGF1 of maskedDB (hLen) */ - if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* XOR against seed */ - for (y = 0; y < hLen; y++) { - seed[y] ^= mask[y]; - } - - /* compute MGF1 of seed (k - hlen - 1) */ - if ((err = pkcs_1_mgf1(hash_idx, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* now DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ - - /* compute lhash and store it in seed [reuse temps!] */ - x = modulus_len; - if (lparam != NULL) { - if ((err = hash_memory(hash_idx, lparam, lparamlen, seed, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } else { - /* can't pass hash_memory a NULL so use DB with zero length */ - if ((err = hash_memory(hash_idx, DB, 0, seed, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* compare the lhash'es */ - if (XMEM_NEQ(seed, DB, hLen) != 0) { - ret = CRYPT_INVALID_PACKET; - } - - /* now zeroes before a 0x01 */ - for (x = hLen; x < (modulus_len - hLen - 1) && DB[x] == 0x00; x++) { - /* step... */ - } - - /* error if wasn't 0x01 */ - if (x == (modulus_len - hLen - 1) || DB[x] != 0x01) { - ret = CRYPT_INVALID_PACKET; - } - - /* rest is the message (and skip 0x01) */ - if ((modulus_len - hLen - 1 - ++x) > *outlen) { - ret = CRYPT_INVALID_PACKET; - } - - if (ret == CRYPT_OK) { - /* copy message */ - *outlen = modulus_len - hLen - 1 - x; - XMEMCPY(out, DB + x, modulus_len - hLen - 1 - x); - - /* valid packet */ - *res = 1; - } - err = ret; - -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(seed, hLen); - zeromem(mask, modulus_len); -#endif - - XFREE(seed); - XFREE(mask); - XFREE(DB); - - return err; -} - -#endif /* LTC_PKCS_1 */ diff --git a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c b/libs/tomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c deleted file mode 100644 index e9185a99e09..00000000000 --- a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_oaep_encode.c +++ /dev/null @@ -1,166 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pkcs_1_oaep_encode.c - OAEP Padding for PKCS #1, Tom St Denis -*/ - -#ifdef LTC_PKCS_1 - -/** - PKCS #1 v2.00 OAEP encode - @param msg The data to encode - @param msglen The length of the data to encode (octets) - @param lparam A session or system parameter (can be NULL) - @param lparamlen The length of the lparam data - @param modulus_bitlen The bit length of the RSA modulus - @param prng An active PRNG state - @param prng_idx The index of the PRNG desired - @param hash_idx The index of the hash desired - @param out [out] The destination for the encoded data - @param outlen [in/out] The max size and resulting size of the encoded data - @return CRYPT_OK if successful -*/ -int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen, - const unsigned char *lparam, unsigned long lparamlen, - unsigned long modulus_bitlen, prng_state *prng, - int prng_idx, int hash_idx, - unsigned char *out, unsigned long *outlen) -{ - unsigned char *DB, *seed, *mask; - unsigned long hLen, x, y, modulus_len; - int err; - - LTC_ARGCHK(msg != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* test valid hash */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - - /* valid prng */ - if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { - return err; - } - - hLen = hash_descriptor[hash_idx].hashsize; - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - - /* test message size */ - if ((2*hLen >= (modulus_len - 2)) || (msglen > (modulus_len - 2*hLen - 2))) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - seed = XMALLOC(hLen); - if (DB == NULL || mask == NULL || seed == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (seed != NULL) { - XFREE(seed); - } - return CRYPT_MEM; - } - - /* get lhash */ - /* DB == lhash || PS || 0x01 || M, PS == k - mlen - 2hlen - 2 zeroes */ - x = modulus_len; - if (lparam != NULL) { - if ((err = hash_memory(hash_idx, lparam, lparamlen, DB, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } else { - /* can't pass hash_memory a NULL so use DB with zero length */ - if ((err = hash_memory(hash_idx, DB, 0, DB, &x)) != CRYPT_OK) { - goto LBL_ERR; - } - } - - /* append PS then 0x01 (to lhash) */ - x = hLen; - y = modulus_len - msglen - 2*hLen - 2; - XMEMSET(DB+x, 0, y); - x += y; - - /* 0x01 byte */ - DB[x++] = 0x01; - - /* message (length = msglen) */ - XMEMCPY(DB+x, msg, msglen); - x += msglen; - - /* now choose a random seed */ - if (prng_descriptor[prng_idx].read(seed, hLen, prng) != hLen) { - err = CRYPT_ERROR_READPRNG; - goto LBL_ERR; - } - - /* compute MGF1 of seed (k - hlen - 1) */ - if ((err = pkcs_1_mgf1(hash_idx, seed, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* compute MGF1 of maskedDB (hLen) */ - if ((err = pkcs_1_mgf1(hash_idx, DB, modulus_len - hLen - 1, mask, hLen)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* XOR against seed */ - for (y = 0; y < hLen; y++) { - seed[y] ^= mask[y]; - } - - /* create string of length modulus_len */ - if (*outlen < modulus_len) { - *outlen = modulus_len; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* start output which is 0x00 || maskedSeed || maskedDB */ - x = 0; - out[x++] = 0x00; - XMEMCPY(out+x, seed, hLen); - x += hLen; - XMEMCPY(out+x, DB, modulus_len - hLen - 1); - x += modulus_len - hLen - 1; - - *outlen = x; - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(seed, hLen); - zeromem(mask, modulus_len); -#endif - - XFREE(seed); - XFREE(mask); - XFREE(DB); - - return err; -} - -#endif /* LTC_PKCS_1 */ diff --git a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c b/libs/tomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c deleted file mode 100644 index 1460a17a3f3..00000000000 --- a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_os2ip.c +++ /dev/null @@ -1,29 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pkcs_1_os2ip.c - Octet to Integer OS2IP, Tom St Denis -*/ -#ifdef LTC_PKCS_1 - -/** - Read a binary string into an mp_int - @param n [out] The mp_int destination - @param in The binary string to read - @param inlen The length of the binary string - @return CRYPT_OK if successful -*/ -int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen) -{ - return mp_read_unsigned_bin(n, in, inlen); -} - -#endif /* LTC_PKCS_1 */ diff --git a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c b/libs/tomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c deleted file mode 100644 index 86d2af1d53f..00000000000 --- a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c +++ /dev/null @@ -1,172 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pkcs_1_pss_decode.c - PKCS #1 PSS Signature Padding, Tom St Denis -*/ - -#ifdef LTC_PKCS_1 - -/** - PKCS #1 v2.00 PSS decode - @param msghash The hash to verify - @param msghashlen The length of the hash (octets) - @param sig The signature data (encoded data) - @param siglen The length of the signature data (octets) - @param saltlen The length of the salt used (octets) - @param hash_idx The index of the hash desired - @param modulus_bitlen The bit length of the RSA modulus - @param res [out] The result of the comparison, 1==valid, 0==invalid - @return CRYPT_OK if successful (even if the comparison failed) -*/ -int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen, - const unsigned char *sig, unsigned long siglen, - unsigned long saltlen, int hash_idx, - unsigned long modulus_bitlen, int *res) -{ - unsigned char *DB, *mask, *salt, *hash; - unsigned long x, y, hLen, modulus_len; - int err; - hash_state md; - - LTC_ARGCHK(msghash != NULL); - LTC_ARGCHK(res != NULL); - - /* default to invalid */ - *res = 0; - - /* ensure hash is valid */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - - hLen = hash_descriptor[hash_idx].hashsize; - modulus_bitlen--; - modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); - - /* check sizes */ - if ((saltlen > modulus_len) || - (modulus_len < hLen + saltlen + 2)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt/hash of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - salt = XMALLOC(modulus_len); - hash = XMALLOC(modulus_len); - if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (salt != NULL) { - XFREE(salt); - } - if (hash != NULL) { - XFREE(hash); - } - return CRYPT_MEM; - } - - /* ensure the 0xBC byte */ - if (sig[siglen-1] != 0xBC) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* copy out the DB */ - x = 0; - XMEMCPY(DB, sig + x, modulus_len - hLen - 1); - x += modulus_len - hLen - 1; - - /* copy out the hash */ - XMEMCPY(hash, sig + x, hLen); - /* x += hLen; */ - - /* check the MSB */ - if ((sig[0] & ~(0xFF >> ((modulus_len<<3) - (modulus_bitlen)))) != 0) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* generate mask of length modulus_len - hLen - 1 from hash */ - if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* now clear the first byte [make sure smaller than modulus] */ - DB[0] &= 0xFF >> ((modulus_len<<3) - (modulus_bitlen)); - - /* DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ - - /* check for zeroes and 0x01 */ - for (x = 0; x < modulus_len - saltlen - hLen - 2; x++) { - if (DB[x] != 0x00) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - } - - /* check for the 0x01 */ - if (DB[x++] != 0x01) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - - /* M = (eight) 0x00 || msghash || salt, mask = H(M) */ - if ((err = hash_descriptor[hash_idx].init(&md)) != CRYPT_OK) { - goto LBL_ERR; - } - zeromem(mask, 8); - if ((err = hash_descriptor[hash_idx].process(&md, mask, 8)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].process(&md, msghash, msghashlen)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].process(&md, DB+x, saltlen)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].done(&md, mask)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* mask == hash means valid signature */ - if (XMEM_NEQ(mask, hash, hLen) == 0) { - *res = 1; - } - - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(mask, modulus_len); - zeromem(salt, modulus_len); - zeromem(hash, modulus_len); -#endif - - XFREE(hash); - XFREE(salt); - XFREE(mask); - XFREE(DB); - - return err; -} - -#endif /* LTC_PKCS_1 */ diff --git a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c b/libs/tomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c deleted file mode 100644 index a19e727d520..00000000000 --- a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c +++ /dev/null @@ -1,170 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file pkcs_1_pss_encode.c - PKCS #1 PSS Signature Padding, Tom St Denis -*/ - -#ifdef LTC_PKCS_1 - -/** - PKCS #1 v2.00 Signature Encoding - @param msghash The hash to encode - @param msghashlen The length of the hash (octets) - @param saltlen The length of the salt desired (octets) - @param prng An active PRNG context - @param prng_idx The index of the PRNG desired - @param hash_idx The index of the hash desired - @param modulus_bitlen The bit length of the RSA modulus - @param out [out] The destination of the encoding - @param outlen [in/out] The max size and resulting size of the encoded data - @return CRYPT_OK if successful -*/ -int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen, - unsigned long saltlen, prng_state *prng, - int prng_idx, int hash_idx, - unsigned long modulus_bitlen, - unsigned char *out, unsigned long *outlen) -{ - unsigned char *DB, *mask, *salt, *hash; - unsigned long x, y, hLen, modulus_len; - int err; - hash_state md; - - LTC_ARGCHK(msghash != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - /* ensure hash and PRNG are valid */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { - return err; - } - - hLen = hash_descriptor[hash_idx].hashsize; - modulus_bitlen--; - modulus_len = (modulus_bitlen>>3) + (modulus_bitlen & 7 ? 1 : 0); - - /* check sizes */ - if ((saltlen > modulus_len) || (modulus_len < hLen + saltlen + 2)) { - return CRYPT_PK_INVALID_SIZE; - } - - /* allocate ram for DB/mask/salt/hash of size modulus_len */ - DB = XMALLOC(modulus_len); - mask = XMALLOC(modulus_len); - salt = XMALLOC(modulus_len); - hash = XMALLOC(modulus_len); - if (DB == NULL || mask == NULL || salt == NULL || hash == NULL) { - if (DB != NULL) { - XFREE(DB); - } - if (mask != NULL) { - XFREE(mask); - } - if (salt != NULL) { - XFREE(salt); - } - if (hash != NULL) { - XFREE(hash); - } - return CRYPT_MEM; - } - - - /* generate random salt */ - if (saltlen > 0) { - if (prng_descriptor[prng_idx].read(salt, saltlen, prng) != saltlen) { - err = CRYPT_ERROR_READPRNG; - goto LBL_ERR; - } - } - - /* M = (eight) 0x00 || msghash || salt, hash = H(M) */ - if ((err = hash_descriptor[hash_idx].init(&md)) != CRYPT_OK) { - goto LBL_ERR; - } - zeromem(DB, 8); - if ((err = hash_descriptor[hash_idx].process(&md, DB, 8)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].process(&md, msghash, msghashlen)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].process(&md, salt, saltlen)) != CRYPT_OK) { - goto LBL_ERR; - } - if ((err = hash_descriptor[hash_idx].done(&md, hash)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* generate DB = PS || 0x01 || salt, PS == modulus_len - saltlen - hLen - 2 zero bytes */ - x = 0; - XMEMSET(DB + x, 0, modulus_len - saltlen - hLen - 2); - x += modulus_len - saltlen - hLen - 2; - DB[x++] = 0x01; - XMEMCPY(DB + x, salt, saltlen); - /* x += saltlen; */ - - /* generate mask of length modulus_len - hLen - 1 from hash */ - if ((err = pkcs_1_mgf1(hash_idx, hash, hLen, mask, modulus_len - hLen - 1)) != CRYPT_OK) { - goto LBL_ERR; - } - - /* xor against DB */ - for (y = 0; y < (modulus_len - hLen - 1); y++) { - DB[y] ^= mask[y]; - } - - /* output is DB || hash || 0xBC */ - if (*outlen < modulus_len) { - *outlen = modulus_len; - err = CRYPT_BUFFER_OVERFLOW; - goto LBL_ERR; - } - - /* DB len = modulus_len - hLen - 1 */ - y = 0; - XMEMCPY(out + y, DB, modulus_len - hLen - 1); - y += modulus_len - hLen - 1; - - /* hash */ - XMEMCPY(out + y, hash, hLen); - y += hLen; - - /* 0xBC */ - out[y] = 0xBC; - - /* now clear the 8*modulus_len - modulus_bitlen most significant bits */ - out[0] &= 0xFF >> ((modulus_len<<3) - modulus_bitlen); - - /* store output size */ - *outlen = modulus_len; - err = CRYPT_OK; -LBL_ERR: -#ifdef LTC_CLEAN_STACK - zeromem(DB, modulus_len); - zeromem(mask, modulus_len); - zeromem(salt, modulus_len); - zeromem(hash, modulus_len); -#endif - - XFREE(hash); - XFREE(salt); - XFREE(mask); - XFREE(DB); - - return err; -} - -#endif /* LTC_PKCS_1 */ diff --git a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c b/libs/tomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c deleted file mode 100644 index 75ba945876f..00000000000 --- a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c +++ /dev/null @@ -1,108 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** @file pkcs_1_v1_5_decode.c - * - * PKCS #1 v1.5 Padding. (Andreas Lange) - */ - -#ifdef LTC_PKCS_1 - -/** @brief PKCS #1 v1.5 decode. - * - * @param msg The encoded data to decode - * @param msglen The length of the encoded data (octets) - * @param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks) - * @param modulus_bitlen The bit length of the RSA modulus - * @param out [out] Destination of decoding - * @param outlen [in/out] The max size and resulting size of the decoding - * @param is_valid [out] Boolean whether the padding was valid - * - * @return CRYPT_OK if successful - */ -int pkcs_1_v1_5_decode(const unsigned char *msg, - unsigned long msglen, - int block_type, - unsigned long modulus_bitlen, - unsigned char *out, - unsigned long *outlen, - int *is_valid) -{ - unsigned long modulus_len, ps_len, i; - int result; - - /* default to invalid packet */ - *is_valid = 0; - - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - - /* test message size */ - - if ((msglen > modulus_len) || (modulus_len < 11)) { - return CRYPT_PK_INVALID_SIZE; - } - - result = CRYPT_OK; - - /* separate encoded message */ - - if ((msg[0] != 0x00) || (msg[1] != (unsigned char)block_type)) { - result = CRYPT_INVALID_PACKET; - } - - if (block_type == LTC_PKCS_1_EME) { - for (i = 2; i < modulus_len; i++) { - /* separator */ - if (msg[i] == 0x00) { break; } - } - ps_len = i++ - 2; - - if (i >= modulus_len) { - /* There was no octet with hexadecimal value 0x00 to separate ps from m. - */ - result = CRYPT_INVALID_PACKET; - } - } else { - for (i = 2; i < modulus_len - 1; i++) { - if (msg[i] != 0xFF) { break; } - } - - /* separator check */ - if (msg[i] != 0) { - /* There was no octet with hexadecimal value 0x00 to separate ps from m. */ - result = CRYPT_INVALID_PACKET; - } - - ps_len = i - 2; - } - - if (ps_len < 8) - { - /* The length of ps is less than 8 octets. - */ - result = CRYPT_INVALID_PACKET; - } - - if (*outlen < (msglen - (2 + ps_len + 1))) { - result = CRYPT_INVALID_PACKET; - } - - if (result == CRYPT_OK) { - *outlen = (msglen - (2 + ps_len + 1)); - XMEMCPY(out, &msg[2 + ps_len + 1], *outlen); - - /* valid packet */ - *is_valid = 1; - } - - return result; -} /* pkcs_1_v1_5_decode */ - -#endif /* #ifdef LTC_PKCS_1 */ diff --git a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c b/libs/tomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c deleted file mode 100644 index 9311b5761a0..00000000000 --- a/libs/tomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c +++ /dev/null @@ -1,105 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/*! \file pkcs_1_v1_5_encode.c - * - * PKCS #1 v1.5 Padding (Andreas Lange) - */ - -#ifdef LTC_PKCS_1 - -/*! \brief PKCS #1 v1.5 encode. - * - * \param msg The data to encode - * \param msglen The length of the data to encode (octets) - * \param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks) - * \param modulus_bitlen The bit length of the RSA modulus - * \param prng An active PRNG state (only for LTC_PKCS_1_EME) - * \param prng_idx The index of the PRNG desired (only for LTC_PKCS_1_EME) - * \param out [out] The destination for the encoded data - * \param outlen [in/out] The max size and resulting size of the encoded data - * - * \return CRYPT_OK if successful - */ -int pkcs_1_v1_5_encode(const unsigned char *msg, - unsigned long msglen, - int block_type, - unsigned long modulus_bitlen, - prng_state *prng, - int prng_idx, - unsigned char *out, - unsigned long *outlen) -{ - unsigned long modulus_len, ps_len, i; - unsigned char *ps; - int result; - - /* valid block_type? */ - if ((block_type != LTC_PKCS_1_EMSA) && - (block_type != LTC_PKCS_1_EME)) { - return CRYPT_PK_INVALID_PADDING; - } - - if (block_type == LTC_PKCS_1_EME) { /* encryption padding, we need a valid PRNG */ - if ((result = prng_is_valid(prng_idx)) != CRYPT_OK) { - return result; - } - } - - modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0); - - /* test message size */ - if ((msglen + 11) > modulus_len) { - return CRYPT_PK_INVALID_SIZE; - } - - if (*outlen < modulus_len) { - *outlen = modulus_len; - result = CRYPT_BUFFER_OVERFLOW; - goto bail; - } - - /* generate an octets string PS */ - ps = &out[2]; - ps_len = modulus_len - msglen - 3; - - if (block_type == LTC_PKCS_1_EME) { - /* now choose a random ps */ - if (prng_descriptor[prng_idx].read(ps, ps_len, prng) != ps_len) { - result = CRYPT_ERROR_READPRNG; - goto bail; - } - - /* transform zero bytes (if any) to non-zero random bytes */ - for (i = 0; i < ps_len; i++) { - while (ps[i] == 0) { - if (prng_descriptor[prng_idx].read(&ps[i], 1, prng) != 1) { - result = CRYPT_ERROR_READPRNG; - goto bail; - } - } - } - } else { - XMEMSET(ps, 0xFF, ps_len); - } - - /* create string of length modulus_len */ - out[0] = 0x00; - out[1] = (unsigned char)block_type; /* block_type 1 or 2 */ - out[2 + ps_len] = 0x00; - XMEMCPY(&out[2 + ps_len + 1], msg, msglen); - *outlen = modulus_len; - - result = CRYPT_OK; -bail: - return result; -} /* pkcs_1_v1_5_encode */ - -#endif /* #ifdef LTC_PKCS_1 */ diff --git a/libs/tomcrypt/src/pk/rsa/rsa_decrypt_key.c b/libs/tomcrypt/src/pk/rsa/rsa_decrypt_key.c deleted file mode 100644 index 3489ef8c2a6..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_decrypt_key.c +++ /dev/null @@ -1,99 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_decrypt_key.c - RSA PKCS #1 Decryption, Tom St Denis and Andreas Lange -*/ - -#ifdef LTC_MRSA - -/** - PKCS #1 decrypt then v1.5 or OAEP depad - @param in The ciphertext - @param inlen The length of the ciphertext (octets) - @param out [out] The plaintext - @param outlen [in/out] The max size and resulting size of the plaintext (octets) - @param lparam The system "lparam" value - @param lparamlen The length of the lparam value (octets) - @param hash_idx The index of the hash desired - @param padding Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5) - @param stat [out] Result of the decryption, 1==valid, 0==invalid - @param key The corresponding private RSA key - @return CRYPT_OK if succcessul (even if invalid) -*/ -int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - int hash_idx, int padding, - int *stat, rsa_key *key) -{ - unsigned long modulus_bitlen, modulus_bytelen, x; - int err; - unsigned char *tmp; - - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(stat != NULL); - - /* default to invalid */ - *stat = 0; - - /* valid padding? */ - - if ((padding != LTC_PKCS_1_V1_5) && - (padding != LTC_PKCS_1_OAEP)) { - return CRYPT_PK_INVALID_PADDING; - } - - if (padding == LTC_PKCS_1_OAEP) { - /* valid hash ? */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits( (key->N)); - - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size( (key->N)); - if (modulus_bytelen != inlen) { - return CRYPT_INVALID_PACKET; - } - - /* allocate ram */ - tmp = XMALLOC(inlen); - if (tmp == NULL) { - return CRYPT_MEM; - } - - /* rsa decode the packet */ - x = inlen; - if ((err = ltc_mp.rsa_me(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) { - XFREE(tmp); - return err; - } - - if (padding == LTC_PKCS_1_OAEP) { - /* now OAEP decode the packet */ - err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx, - out, outlen, stat); - } else { - /* now PKCS #1 v1.5 depad the packet */ - err = pkcs_1_v1_5_decode(tmp, x, LTC_PKCS_1_EME, modulus_bitlen, out, outlen, stat); - } - - XFREE(tmp); - return err; -} - -#endif /* LTC_MRSA */ diff --git a/libs/tomcrypt/src/pk/rsa/rsa_encrypt_key.c b/libs/tomcrypt/src/pk/rsa/rsa_encrypt_key.c deleted file mode 100644 index 029d77a8176..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_encrypt_key.c +++ /dev/null @@ -1,96 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_encrypt_key.c - RSA PKCS #1 encryption, Tom St Denis and Andreas Lange -*/ - -#ifdef LTC_MRSA - -/** - (PKCS #1 v2.0) OAEP pad then encrypt - @param in The plaintext - @param inlen The length of the plaintext (octets) - @param out [out] The ciphertext - @param outlen [in/out] The max size and resulting size of the ciphertext - @param lparam The system "lparam" for the encryption - @param lparamlen The length of lparam (octets) - @param prng An active PRNG - @param prng_idx The index of the desired prng - @param hash_idx The index of the desired hash - @param padding Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5) - @param key The RSA key to encrypt to - @return CRYPT_OK if successful -*/ -int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - const unsigned char *lparam, unsigned long lparamlen, - prng_state *prng, int prng_idx, int hash_idx, int padding, rsa_key *key) -{ - unsigned long modulus_bitlen, modulus_bytelen, x; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* valid padding? */ - if ((padding != LTC_PKCS_1_V1_5) && - (padding != LTC_PKCS_1_OAEP)) { - return CRYPT_PK_INVALID_PADDING; - } - - /* valid prng? */ - if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { - return err; - } - - if (padding == LTC_PKCS_1_OAEP) { - /* valid hash? */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits( (key->N)); - - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size( (key->N)); - if (modulus_bytelen > *outlen) { - *outlen = modulus_bytelen; - return CRYPT_BUFFER_OVERFLOW; - } - - if (padding == LTC_PKCS_1_OAEP) { - /* OAEP pad the key */ - x = *outlen; - if ((err = pkcs_1_oaep_encode(in, inlen, lparam, - lparamlen, modulus_bitlen, prng, prng_idx, hash_idx, - out, &x)) != CRYPT_OK) { - return err; - } - } else { - /* PKCS #1 v1.5 pad the key */ - x = *outlen; - if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_PKCS_1_EME, - modulus_bitlen, prng, prng_idx, - out, &x)) != CRYPT_OK) { - return err; - } - } - - /* rsa exptmod the OAEP or PKCS #1 v1.5 pad */ - return ltc_mp.rsa_me(out, x, out, outlen, PK_PUBLIC, key); -} - -#endif /* LTC_MRSA */ diff --git a/libs/tomcrypt/src/pk/rsa/rsa_export.c b/libs/tomcrypt/src/pk/rsa/rsa_export.c deleted file mode 100644 index 218beee18b8..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_export.c +++ /dev/null @@ -1,93 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_export.c - Export RSA PKCS keys, Tom St Denis -*/ - -#ifdef LTC_MRSA - -/** - This will export either an RSAPublicKey or RSAPrivateKey [defined in PKCS #1 v2.1] - @param out [out] Destination of the packet - @param outlen [in/out] The max size and resulting size of the packet - @param type The type of exported key (PK_PRIVATE or PK_PUBLIC) - @param key The RSA key to export - @return CRYPT_OK if successful -*/ -int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key) -{ - unsigned long zero=0; - int err; - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* type valid? */ - if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) { - return CRYPT_PK_INVALID_TYPE; - } - - if (type == PK_PRIVATE) { - /* private key */ - /* output is - Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p - */ - return der_encode_sequence_multi(out, outlen, - LTC_ASN1_SHORT_INTEGER, 1UL, &zero, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_INTEGER, 1UL, key->d, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->dP, - LTC_ASN1_INTEGER, 1UL, key->dQ, - LTC_ASN1_INTEGER, 1UL, key->qP, - LTC_ASN1_EOL, 0UL, NULL); - } else { - /* public key */ - unsigned long tmplen, *ptmplen; - unsigned char* tmp = NULL; - - if (type & PK_STD) { - tmplen = (unsigned long)(mp_count_bits(key->N) / 8) * 2 + 8; - tmp = XMALLOC(tmplen); - ptmplen = &tmplen; - if (tmp == NULL) { - return CRYPT_MEM; - } - } - else { - tmp = out; - ptmplen = outlen; - } - - err = der_encode_sequence_multi(tmp, ptmplen, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_EOL, 0UL, NULL); - - if ((err != CRYPT_OK) || !(type & PK_STD)) { - goto finish; - } - - err = der_encode_subject_public_key_info(out, outlen, - PKA_RSA, tmp, tmplen, LTC_ASN1_NULL, NULL, 0); - -finish: - if (tmp != out) - XFREE(tmp); - return err; - - } -} - -#endif /* LTC_MRSA */ diff --git a/libs/tomcrypt/src/pk/rsa/rsa_exptmod.c b/libs/tomcrypt/src/pk/rsa/rsa_exptmod.c deleted file mode 100644 index 510b14cb899..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_exptmod.c +++ /dev/null @@ -1,178 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_exptmod.c - RSA PKCS exptmod, Tom St Denis - Added RSA blinding --nmav -*/ - -#ifdef LTC_MRSA - -/** - Compute an RSA modular exponentiation - @param in The input data to send into RSA - @param inlen The length of the input (octets) - @param out [out] The destination - @param outlen [in/out] The max size and resulting size of the output - @param which Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC - @param key The RSA key to use - @return CRYPT_OK if successful -*/ -int rsa_exptmod(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, int which, - rsa_key *key) -{ - void *tmp, *tmpa, *tmpb; - #ifdef LTC_RSA_BLINDING - void *rnd, *rndi /* inverse of rnd */; - #endif - unsigned long x; - int err, has_crt_parameters; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* is the key of the right type for the operation? */ - if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) { - return CRYPT_PK_NOT_PRIVATE; - } - - /* must be a private or public operation */ - if (which != PK_PRIVATE && which != PK_PUBLIC) { - return CRYPT_PK_INVALID_TYPE; - } - - /* init and copy into tmp */ - if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, -#ifdef LTC_RSA_BLINDING - &rnd, &rndi, -#endif /* LTC_RSA_BLINDING */ - NULL)) != CRYPT_OK) - { return err; } - if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) - { goto error; } - - - /* sanity check on the input */ - if (mp_cmp(key->N, tmp) == LTC_MP_LT) { - err = CRYPT_PK_INVALID_SIZE; - goto error; - } - - /* are we using the private exponent and is the key optimized? */ - if (which == PK_PRIVATE) { - #ifdef LTC_RSA_BLINDING - /* do blinding */ - err = mp_rand(rnd, mp_get_digit_count(key->N)); - if (err != CRYPT_OK) { - goto error; - } - - /* rndi = 1/rnd mod N */ - err = mp_invmod(rnd, key->N, rndi); - if (err != CRYPT_OK) { - goto error; - } - - /* rnd = rnd^e */ - err = mp_exptmod( rnd, key->e, key->N, rnd); - if (err != CRYPT_OK) { - goto error; - } - - /* tmp = tmp*rnd mod N */ - err = mp_mulmod( tmp, rnd, key->N, tmp); - if (err != CRYPT_OK) { - goto error; - } - #endif /* LTC_RSA_BLINDING */ - - has_crt_parameters = (key->p != NULL) && (mp_get_digit_count(key->p) != 0) && - (key->q != NULL) && (mp_get_digit_count(key->q) != 0) && - (key->dP != NULL) && (mp_get_digit_count(key->dP) != 0) && - (key->dQ != NULL) && (mp_get_digit_count(key->dQ) != 0) && - (key->qP != NULL) && (mp_get_digit_count(key->qP) != 0); - - if (!has_crt_parameters) { - /* - * In case CRT optimization parameters are not provided, - * the private key is directly used to exptmod it - */ - if ((err = mp_exptmod(tmp, key->d, key->N, tmp)) != CRYPT_OK) { goto error; } - } else { - /* tmpa = tmp^dP mod p */ - if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; } - - /* tmpb = tmp^dQ mod q */ - if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; } - - /* tmp = (tmpa - tmpb) * qInv (mod p) */ - if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; } - if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; } - - /* tmp = tmpb + q * tmp */ - if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; } - if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; } - } - - #ifdef LTC_RSA_BLINDING - /* unblind */ - err = mp_mulmod( tmp, rndi, key->N, tmp); - if (err != CRYPT_OK) { - goto error; - } - #endif - - #ifdef LTC_RSA_CRT_HARDENING - if (has_crt_parameters) { - if ((err = mp_exptmod(tmp, key->e, key->N, tmpa)) != CRYPT_OK) { goto error; } - if ((err = mp_read_unsigned_bin(tmpb, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; } - if (mp_cmp(tmpa, tmpb) != LTC_MP_EQ) { err = CRYPT_ERROR; goto error; } - } - #endif - } else { - /* exptmod it */ - if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; } - } - - /* read it back */ - x = (unsigned long)mp_unsigned_bin_size(key->N); - if (x > *outlen) { - *outlen = x; - err = CRYPT_BUFFER_OVERFLOW; - goto error; - } - - /* this should never happen ... */ - if (mp_unsigned_bin_size(tmp) > mp_unsigned_bin_size(key->N)) { - err = CRYPT_ERROR; - goto error; - } - *outlen = x; - - /* convert it */ - zeromem(out, x); - if ((err = mp_to_unsigned_bin(tmp, out+(x-mp_unsigned_bin_size(tmp)))) != CRYPT_OK) { goto error; } - - /* clean up and return */ - err = CRYPT_OK; -error: - mp_clear_multi( -#ifdef LTC_RSA_BLINDING - rndi, rnd, -#endif /* LTC_RSA_BLINDING */ - tmpb, tmpa, tmp, NULL); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/rsa/rsa_free.c b/libs/tomcrypt/src/pk/rsa/rsa_free.c deleted file mode 100644 index 5f6b099dc82..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_free.c +++ /dev/null @@ -1,28 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_free.c - Free an RSA key, Tom St Denis -*/ - -#ifdef LTC_MRSA - -/** - Free an RSA key from memory - @param key The RSA key to free -*/ -void rsa_free(rsa_key *key) -{ - LTC_ARGCHKVD(key != NULL); - mp_cleanup_multi(&key->q, &key->p, &key->qP, &key->dP, &key->dQ, &key->N, &key->d, &key->e, NULL); -} - -#endif diff --git a/libs/tomcrypt/src/pk/rsa/rsa_get_size.c b/libs/tomcrypt/src/pk/rsa/rsa_get_size.c deleted file mode 100644 index 65df3ce0199..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_get_size.c +++ /dev/null @@ -1,36 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_get_size.c - Retrieve the size of an RSA key, Steffen Jaeckel. -*/ - -#ifdef LTC_MRSA - -/** - Retrieve the size in bytes of an RSA key. - @param key The RSA key - @return The size in bytes of the RSA key or INT_MAX on error. -*/ -int rsa_get_size(rsa_key *key) -{ - int ret = INT_MAX; - LTC_ARGCHK(key != NULL); - - if (key) - { - ret = mp_unsigned_bin_size(key->N); - } /* if */ - - return ret; -} - -#endif diff --git a/libs/tomcrypt/src/pk/rsa/rsa_import.c b/libs/tomcrypt/src/pk/rsa/rsa_import.c deleted file mode 100644 index 8ec117ae5f4..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_import.c +++ /dev/null @@ -1,124 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_import.c - Import a PKCS RSA key, Tom St Denis -*/ - -#ifdef LTC_MRSA - -/** - Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in PKCS #1 v2.1] - @param in The packet to import from - @param inlen It's length (octets) - @param key [out] Destination for newly imported key - @return CRYPT_OK if successful, upon error allocated memory is freed -*/ -int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) -{ - int err; - void *zero; - unsigned char *tmpbuf=NULL; - unsigned long tmpbuf_len; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init key */ - if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, - &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { - return err; - } - - /* see if the OpenSSL DER format RSA public key will work */ - tmpbuf_len = inlen; - tmpbuf = XCALLOC(1, tmpbuf_len); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; - } - - err = der_decode_subject_public_key_info(in, inlen, - PKA_RSA, tmpbuf, &tmpbuf_len, - LTC_ASN1_NULL, NULL, 0); - - if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */ - - /* now it should be SEQUENCE { INTEGER, INTEGER } */ - if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - key->type = PK_PUBLIC; - err = CRYPT_OK; - goto LBL_FREE; - } - - /* not SSL public key, try to match against PKCS #1 standards */ - err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_EOL, 0UL, NULL); - - if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { - goto LBL_ERR; - } - - if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { - if ((err = mp_init(&zero)) != CRYPT_OK) { - goto LBL_ERR; - } - /* it's a private key */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, zero, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_INTEGER, 1UL, key->d, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->dP, - LTC_ASN1_INTEGER, 1UL, key->dQ, - LTC_ASN1_INTEGER, 1UL, key->qP, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - mp_clear(zero); - goto LBL_ERR; - } - mp_clear(zero); - key->type = PK_PRIVATE; - } else if (mp_cmp_d(key->N, 1) == LTC_MP_EQ) { - /* we don't support multi-prime RSA */ - err = CRYPT_PK_INVALID_TYPE; - goto LBL_ERR; - } else { - /* it's a public key and we lack e */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - key->type = PK_PUBLIC; - } - err = CRYPT_OK; - goto LBL_FREE; - -LBL_ERR: - mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); - -LBL_FREE: - if (tmpbuf != NULL) - XFREE(tmpbuf); - - return err; -} - -#endif /* LTC_MRSA */ diff --git a/libs/tomcrypt/src/pk/rsa/rsa_import_pkcs8.c b/libs/tomcrypt/src/pk/rsa/rsa_import_pkcs8.c deleted file mode 100644 index 3c012ec98e8..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_import_pkcs8.c +++ /dev/null @@ -1,149 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_import_pkcs8.c - Import a PKCS RSA key -*/ - -#ifdef LTC_MRSA - -/* Public-Key Cryptography Standards (PKCS) #8: - * Private-Key Information Syntax Specification Version 1.2 - * https://tools.ietf.org/html/rfc5208 - * - * PrivateKeyInfo ::= SEQUENCE { - * version Version, - * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, - * privateKey PrivateKey, - * attributes [0] IMPLICIT Attributes OPTIONAL } - * where: - * - Version ::= INTEGER - * - PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier - * - PrivateKey ::= OCTET STRING - * - Attributes ::= SET OF Attribute - * - * EncryptedPrivateKeyInfo ::= SEQUENCE { - * encryptionAlgorithm EncryptionAlgorithmIdentifier, - * encryptedData EncryptedData } - * where: - * - EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier - * - EncryptedData ::= OCTET STRING - */ - -/** - Import an RSAPublicKey or RSAPrivateKey in PKCS#8 format - @param in The packet to import from - @param inlen It's length (octets) - @param passwd The password for decrypting privkey (NOT SUPPORTED YET) - @param passwdlen Password's length (octets) - @param key [out] Destination for newly imported key - @return CRYPT_OK if successful, upon error allocated memory is freed -*/ -int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, - const void *passwd, unsigned long passwdlen, - rsa_key *key) -{ - int err; - void *zero, *iter; - unsigned char *buf1 = NULL, *buf2 = NULL; - unsigned long buf1len, buf2len; - unsigned long oid[16]; - oid_st rsaoid; - ltc_asn1_list alg_seq[2], top_seq[3]; - ltc_asn1_list alg_seq_e[2], key_seq_e[2], top_seq_e[2]; - unsigned char *decrypted = NULL; - unsigned long decryptedlen; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* get RSA alg oid */ - err = pk_get_oid(PKA_RSA, &rsaoid); - if (err != CRYPT_OK) { goto LBL_NOFREE; } - - /* alloc buffers */ - buf1len = inlen; /* approx. */ - buf1 = XMALLOC(buf1len); - if (buf1 == NULL) { err = CRYPT_MEM; goto LBL_NOFREE; } - buf2len = inlen; /* approx. */ - buf2 = XMALLOC(buf2len); - if (buf2 == NULL) { err = CRYPT_MEM; goto LBL_FREE1; } - - /* init key */ - err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, &zero, &iter, NULL); - if (err != CRYPT_OK) { goto LBL_FREE2; } - - /* try to decode encrypted priv key */ - LTC_SET_ASN1(key_seq_e, 0, LTC_ASN1_OCTET_STRING, buf1, buf1len); - LTC_SET_ASN1(key_seq_e, 1, LTC_ASN1_INTEGER, iter, 1UL); - LTC_SET_ASN1(alg_seq_e, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL); - LTC_SET_ASN1(alg_seq_e, 1, LTC_ASN1_SEQUENCE, key_seq_e, 2UL); - LTC_SET_ASN1(top_seq_e, 0, LTC_ASN1_SEQUENCE, alg_seq_e, 2UL); - LTC_SET_ASN1(top_seq_e, 1, LTC_ASN1_OCTET_STRING, buf2, buf2len); - err=der_decode_sequence(in, inlen, top_seq_e, 2UL); - if (err == CRYPT_OK) { - LTC_UNUSED_PARAM(passwd); - LTC_UNUSED_PARAM(passwdlen); - /* XXX: TODO encrypted pkcs8 not implemented yet */ - /* fprintf(stderr, "decrypt: iter=%ld salt.len=%ld encdata.len=%ld\n", mp_get_int(iter), key_seq_e[0].size, top_seq_e[1].size); */ - err = CRYPT_PK_INVALID_TYPE; - goto LBL_ERR; - } - else { - decrypted = (unsigned char *)in; - decryptedlen = inlen; - } - - /* try to decode unencrypted priv key */ - LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL); - LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL); - LTC_SET_ASN1(top_seq, 0, LTC_ASN1_INTEGER, zero, 1UL); - LTC_SET_ASN1(top_seq, 1, LTC_ASN1_SEQUENCE, alg_seq, 2UL); - LTC_SET_ASN1(top_seq, 2, LTC_ASN1_OCTET_STRING, buf1, buf1len); - err=der_decode_sequence(decrypted, decryptedlen, top_seq, 3UL); - if (err != CRYPT_OK) { goto LBL_ERR; } - - /* check alg oid */ - if ((alg_seq[0].size != rsaoid.OIDlen) || - XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0])) != 0) { - err = CRYPT_PK_INVALID_TYPE; - goto LBL_ERR; - } - - err = der_decode_sequence_multi(buf1, top_seq[2].size, - LTC_ASN1_INTEGER, 1UL, zero, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_INTEGER, 1UL, key->d, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->dP, - LTC_ASN1_INTEGER, 1UL, key->dQ, - LTC_ASN1_INTEGER, 1UL, key->qP, - LTC_ASN1_EOL, 0UL, NULL); - if (err != CRYPT_OK) { goto LBL_ERR; } - key->type = PK_PRIVATE; - err = CRYPT_OK; - goto LBL_FREE2; - -LBL_ERR: - rsa_free(key); -LBL_FREE2: - mp_clear_multi(iter, zero, NULL); - XFREE(buf2); -LBL_FREE1: - XFREE(buf1); -LBL_NOFREE: - return err; -} - -#endif /* LTC_MRSA */ diff --git a/libs/tomcrypt/src/pk/rsa/rsa_import_x509.c b/libs/tomcrypt/src/pk/rsa/rsa_import_x509.c deleted file mode 100644 index 457cbabcee3..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_import_x509.c +++ /dev/null @@ -1,113 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_import.c - Import an RSA key from a X.509 certificate, Steffen Jaeckel -*/ - -#ifdef LTC_MRSA - -/** - Import an RSA key from a X.509 certificate - @param in The packet to import from - @param inlen It's length (octets) - @param key [out] Destination for newly imported key - @return CRYPT_OK if successful, upon error allocated memory is freed -*/ -int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key) -{ - int err; - unsigned char *tmpbuf; - unsigned long tmpbuf_len, tmp_inlen; - ltc_asn1_list *decoded_list = NULL, *l; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init key */ - if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, - &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { - return err; - } - - tmpbuf_len = inlen; - tmpbuf = XCALLOC(1, tmpbuf_len); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; - } - - tmp_inlen = inlen; - if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { - l = decoded_list; - /* Move 2 levels up in the tree - SEQUENCE - SEQUENCE - ... - */ - if (l->type == LTC_ASN1_SEQUENCE && l->child) { - l = l->child; - if (l->type == LTC_ASN1_SEQUENCE && l->child) { - l = l->child; - - err = CRYPT_ERROR; - - /* Move forward in the tree until we find this combination - ... - SEQUENCE - SEQUENCE - OBJECT IDENTIFIER 1.2.840.113549.1.1.1 - NULL - BIT STRING - */ - do { - /* The additional check for l->data is there to make sure - * we won't try to decode a list that has been 'shrunk' - */ - if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child && - l->child->type == LTC_ASN1_SEQUENCE && l->child->child && - l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next && - l->child->next->type == LTC_ASN1_BIT_STRING) { - err = der_decode_subject_public_key_info(l->data, l->size, - PKA_RSA, tmpbuf, &tmpbuf_len, - LTC_ASN1_NULL, NULL, 0); - if (err == CRYPT_OK) { - /* now it should be SEQUENCE { INTEGER, INTEGER } */ - if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - key->type = PK_PUBLIC; - err = CRYPT_OK; - goto LBL_FREE; - } - } - l = l->next; - } while(l); - } - } - } - - -LBL_ERR: - rsa_free(key); - -LBL_FREE: - if (decoded_list) der_free_sequence_flexi(decoded_list); - if (tmpbuf != NULL) XFREE(tmpbuf); - - return err; -} - -#endif /* LTC_MRSA */ diff --git a/libs/tomcrypt/src/pk/rsa/rsa_make_key.c b/libs/tomcrypt/src/pk/rsa/rsa_make_key.c deleted file mode 100644 index 51c6d05c422..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_make_key.c +++ /dev/null @@ -1,103 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_make_key.c - RSA key generation, Tom St Denis -*/ - -#ifdef LTC_MRSA - -/** - Create an RSA key - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param size The size of the modulus (key size) desired (octets) - @param e The "e" value (public key). e==65537 is a good choice - @param key [out] Destination of a newly created private key pair - @return CRYPT_OK if successful, upon error all allocated ram is freed -*/ -int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key) -{ - void *p, *q, *tmp1, *tmp2, *tmp3; - int err; - - LTC_ARGCHK(ltc_mp.name != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(size > 0); - - if ((e < 3) || ((e & 1) == 0)) { - return CRYPT_INVALID_ARG; - } - - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, &tmp3, NULL)) != CRYPT_OK) { - return err; - } - - /* make primes p and q (optimization provided by Wayne Scott) */ - if ((err = mp_set_int(tmp3, e)) != CRYPT_OK) { goto cleanup; } /* tmp3 = e */ - - /* make prime "p" */ - do { - if ((err = rand_prime( p, size/2, prng, wprng)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = p-1 */ - if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = gcd(p-1, e) */ - } while (mp_cmp_d( tmp2, 1) != 0); /* while e divides p-1 */ - - /* make prime "q" */ - do { - if ((err = rand_prime( q, size/2, prng, wprng)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_sub_d( q, 1, tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = q-1 */ - if ((err = mp_gcd( tmp1, tmp3, tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = gcd(q-1, e) */ - } while (mp_cmp_d( tmp2, 1) != 0); /* while e divides q-1 */ - - /* tmp1 = lcm(p-1, q-1) */ - if ((err = mp_sub_d( p, 1, tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = p-1 */ - /* tmp1 = q-1 (previous do/while loop) */ - if ((err = mp_lcm( tmp1, tmp2, tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = lcm(p-1, q-1) */ - - /* make key */ - if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { - goto errkey; - } - - if ((err = mp_set_int( key->e, e)) != CRYPT_OK) { goto errkey; } /* key->e = e */ - if ((err = mp_invmod( key->e, tmp1, key->d)) != CRYPT_OK) { goto errkey; } /* key->d = 1/e mod lcm(p-1,q-1) */ - if ((err = mp_mul( p, q, key->N)) != CRYPT_OK) { goto errkey; } /* key->N = pq */ - - /* optimize for CRT now */ - /* find d mod q-1 and d mod p-1 */ - if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = q-1 */ - if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = p-1 */ - if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { goto errkey; } /* dP = d mod p-1 */ - if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { goto errkey; } /* dQ = d mod q-1 */ - if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { goto errkey; } /* qP = 1/q mod p */ - - if ((err = mp_copy( p, key->p)) != CRYPT_OK) { goto errkey; } - if ((err = mp_copy( q, key->q)) != CRYPT_OK) { goto errkey; } - - /* set key type (in this case it's CRT optimized) */ - key->type = PK_PRIVATE; - - /* return ok and free temps */ - err = CRYPT_OK; - goto cleanup; -errkey: - rsa_free(key); -cleanup: - mp_clear_multi(tmp3, tmp2, tmp1, q, p, NULL); - return err; -} - -#endif diff --git a/libs/tomcrypt/src/pk/rsa/rsa_set.c b/libs/tomcrypt/src/pk/rsa/rsa_set.c deleted file mode 100644 index 88aa37df6aa..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_set.c +++ /dev/null @@ -1,130 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - - -#ifdef LTC_MRSA - -/** - Import RSA key from raw numbers - - @param N RSA's N - @param Nlen RSA's N's length - @param e RSA's e - @param elen RSA's e's length - @param d RSA's d (only private key, NULL for public key) - @param dlen RSA's d's length - @param key [out] the destination for the imported key - @return CRYPT_OK if successful -*/ -int rsa_set_key(const unsigned char *N, unsigned long Nlen, - const unsigned char *e, unsigned long elen, - const unsigned char *d, unsigned long dlen, - rsa_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(N != NULL); - LTC_ARGCHK(e != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); - if (err != CRYPT_OK) return err; - - if ((err = mp_read_unsigned_bin(key->N , (unsigned char *)N , Nlen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_unsigned_bin(key->e , (unsigned char *)e , elen)) != CRYPT_OK) { goto LBL_ERR; } - if (d && dlen) { - if ((err = mp_read_unsigned_bin(key->d , (unsigned char *)d , dlen)) != CRYPT_OK) { goto LBL_ERR; } - key->type = PK_PRIVATE; - } - else { - key->type = PK_PUBLIC; - } - return CRYPT_OK; - -LBL_ERR: - rsa_free(key); - return err; -} - -/** - Import factors of an RSA key from raw numbers - - Only for private keys. - - @param p RSA's p - @param plen RSA's p's length - @param q RSA's q - @param qlen RSA's q's length - @param key [out] the destination for the imported key - @return CRYPT_OK if successful -*/ -int rsa_set_factors(const unsigned char *p, unsigned long plen, - const unsigned char *q, unsigned long qlen, - rsa_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(p != NULL); - LTC_ARGCHK(q != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - if (key->type != PK_PRIVATE) return CRYPT_PK_TYPE_MISMATCH; - - if ((err = mp_read_unsigned_bin(key->p , (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_unsigned_bin(key->q , (unsigned char *)q , qlen)) != CRYPT_OK) { goto LBL_ERR; } - return CRYPT_OK; - -LBL_ERR: - rsa_free(key); - return err; -} - -/** - Import CRT parameters of an RSA key from raw numbers - - Only for private keys. - - @param dP RSA's dP - @param dPlen RSA's dP's length - @param dQ RSA's dQ - @param dQlen RSA's dQ's length - @param qP RSA's qP - @param qPlen RSA's qP's length - @param key [out] the destination for the imported key - @return CRYPT_OK if successful -*/ -int rsa_set_crt_params(const unsigned char *dP, unsigned long dPlen, - const unsigned char *dQ, unsigned long dQlen, - const unsigned char *qP, unsigned long qPlen, - rsa_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(dP != NULL); - LTC_ARGCHK(dQ != NULL); - LTC_ARGCHK(qP != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - if (key->type != PK_PRIVATE) return CRYPT_PK_TYPE_MISMATCH; - - if ((err = mp_read_unsigned_bin(key->dP, (unsigned char *)dP, dPlen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_unsigned_bin(key->dQ, (unsigned char *)dQ, dQlen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_unsigned_bin(key->qP, (unsigned char *)qP, qPlen)) != CRYPT_OK) { goto LBL_ERR; } - return CRYPT_OK; - -LBL_ERR: - rsa_free(key); - return err; -} - -#endif /* LTC_MRSA */ diff --git a/libs/tomcrypt/src/pk/rsa/rsa_sign_hash.c b/libs/tomcrypt/src/pk/rsa/rsa_sign_hash.c deleted file mode 100644 index f2859301369..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_sign_hash.c +++ /dev/null @@ -1,142 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_sign_hash.c - RSA PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange -*/ - -#ifdef LTC_MRSA - -/** - PKCS #1 pad then sign - @param in The hash to sign - @param inlen The length of the hash to sign (octets) - @param out [out] The signature - @param outlen [in/out] The max size and resulting size of the signature - @param padding Type of padding (LTC_PKCS_1_PSS, LTC_PKCS_1_V1_5 or LTC_PKCS_1_V1_5_NA1) - @param prng An active PRNG state - @param prng_idx The index of the PRNG desired - @param hash_idx The index of the hash desired - @param saltlen The length of the salt desired (octets) - @param key The private RSA key to use - @return CRYPT_OK if successful -*/ -int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen, - unsigned char *out, unsigned long *outlen, - int padding, - prng_state *prng, int prng_idx, - int hash_idx, unsigned long saltlen, - rsa_key *key) -{ - unsigned long modulus_bitlen, modulus_bytelen, x, y; - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - LTC_ARGCHK(key != NULL); - - /* valid padding? */ - if ((padding != LTC_PKCS_1_V1_5) && - (padding != LTC_PKCS_1_PSS) && - (padding != LTC_PKCS_1_V1_5_NA1)) { - return CRYPT_PK_INVALID_PADDING; - } - - if (padding == LTC_PKCS_1_PSS) { - /* valid prng ? */ - if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) { - return err; - } - } - - if (padding != LTC_PKCS_1_V1_5_NA1) { - /* valid hash ? */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits((key->N)); - - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size((key->N)); - if (modulus_bytelen > *outlen) { - *outlen = modulus_bytelen; - return CRYPT_BUFFER_OVERFLOW; - } - - if (padding == LTC_PKCS_1_PSS) { - /* PSS pad the key */ - x = *outlen; - if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx, - hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) { - return err; - } - } else { - /* PKCS #1 v1.5 pad the hash */ - unsigned char *tmpin; - - if (padding == LTC_PKCS_1_V1_5) { - ltc_asn1_list digestinfo[2], siginfo[2]; - /* not all hashes have OIDs... so sad */ - if (hash_descriptor[hash_idx].OIDlen == 0) { - return CRYPT_INVALID_ARG; - } - - /* construct the SEQUENCE - SEQUENCE { - SEQUENCE {hashoid OID - blah NULL - } - hash OCTET STRING - } - */ - LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash_idx].OID, hash_descriptor[hash_idx].OIDlen); - LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); - LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); - LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen); - - /* allocate memory for the encoding */ - y = mp_unsigned_bin_size(key->N); - tmpin = XMALLOC(y); - if (tmpin == NULL) { - return CRYPT_MEM; - } - - if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) { - XFREE(tmpin); - return err; - } - } else { - /* set the pointer and data-length to the input values */ - tmpin = (unsigned char *)in; - y = inlen; - } - - x = *outlen; - err = pkcs_1_v1_5_encode(tmpin, y, LTC_PKCS_1_EMSA, modulus_bitlen, NULL, 0, out, &x); - - if (padding == LTC_PKCS_1_V1_5) { - XFREE(tmpin); - } - - if (err != CRYPT_OK) { - return err; - } - } - - /* RSA encode it */ - return ltc_mp.rsa_me(out, x, out, outlen, PK_PRIVATE, key); -} - -#endif /* LTC_MRSA */ diff --git a/libs/tomcrypt/src/pk/rsa/rsa_sign_saltlen_get.c b/libs/tomcrypt/src/pk/rsa/rsa_sign_saltlen_get.c deleted file mode 100644 index a622bbdeb7c..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_sign_saltlen_get.c +++ /dev/null @@ -1,43 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_sign_saltlen_get.c - Retrieve the maximum size of the salt, Steffen Jaeckel. -*/ - -#ifdef LTC_MRSA - -/** - Retrieve the maximum possible size of the salt when creating a PKCS#1 PSS signature. - @param padding Type of padding (LTC_PKCS_1_PSS only) - @param hash_idx The index of the desired hash - @param key The RSA key - @return The maximum salt length in bytes or INT_MAX on error. -*/ -int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key) -{ - int ret = INT_MAX; - LTC_ARGCHK(key != NULL); - - if ((hash_is_valid(hash_idx) == CRYPT_OK) && - (padding == LTC_PKCS_1_PSS)) - { - ret = rsa_get_size(key); - if (ret < INT_MAX) - { - ret -= (hash_descriptor[hash_idx].hashsize + 2); - } /* if */ - } /* if */ - - return ret; -} - -#endif diff --git a/libs/tomcrypt/src/pk/rsa/rsa_verify_hash.c b/libs/tomcrypt/src/pk/rsa/rsa_verify_hash.c deleted file mode 100644 index 353ffdc7319..00000000000 --- a/libs/tomcrypt/src/pk/rsa/rsa_verify_hash.c +++ /dev/null @@ -1,189 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file rsa_verify_hash.c - RSA PKCS #1 v1.5 or v2 PSS signature verification, Tom St Denis and Andreas Lange -*/ - -#ifdef LTC_MRSA - -/** - PKCS #1 de-sign then v1.5 or PSS depad - @param sig The signature data - @param siglen The length of the signature data (octets) - @param hash The hash of the message that was signed - @param hashlen The length of the hash of the message that was signed (octets) - @param padding Type of padding (LTC_PKCS_1_PSS, LTC_PKCS_1_V1_5 or LTC_PKCS_1_V1_5_NA1) - @param hash_idx The index of the desired hash - @param saltlen The length of the salt used during signature - @param stat [out] The result of the signature comparison, 1==valid, 0==invalid - @param key The public RSA key corresponding to the key that performed the signature - @return CRYPT_OK on success (even if the signature is invalid) -*/ -int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen, - const unsigned char *hash, unsigned long hashlen, - int padding, - int hash_idx, unsigned long saltlen, - int *stat, rsa_key *key) -{ - unsigned long modulus_bitlen, modulus_bytelen, x; - int err; - unsigned char *tmpbuf; - - LTC_ARGCHK(hash != NULL); - LTC_ARGCHK(sig != NULL); - LTC_ARGCHK(stat != NULL); - LTC_ARGCHK(key != NULL); - - /* default to invalid */ - *stat = 0; - - /* valid padding? */ - - if ((padding != LTC_PKCS_1_V1_5) && - (padding != LTC_PKCS_1_PSS) && - (padding != LTC_PKCS_1_V1_5_NA1)) { - return CRYPT_PK_INVALID_PADDING; - } - - if (padding != LTC_PKCS_1_V1_5_NA1) { - /* valid hash ? */ - if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { - return err; - } - } - - /* get modulus len in bits */ - modulus_bitlen = mp_count_bits( (key->N)); - - /* outlen must be at least the size of the modulus */ - modulus_bytelen = mp_unsigned_bin_size( (key->N)); - if (modulus_bytelen != siglen) { - return CRYPT_INVALID_PACKET; - } - - /* allocate temp buffer for decoded sig */ - tmpbuf = XMALLOC(siglen); - if (tmpbuf == NULL) { - return CRYPT_MEM; - } - - /* RSA decode it */ - x = siglen; - if ((err = ltc_mp.rsa_me(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) { - XFREE(tmpbuf); - return err; - } - - /* make sure the output is the right size */ - if (x != siglen) { - XFREE(tmpbuf); - return CRYPT_INVALID_PACKET; - } - - if (padding == LTC_PKCS_1_PSS) { - /* PSS decode and verify it */ - - if(modulus_bitlen%8 == 1){ - err = pkcs_1_pss_decode(hash, hashlen, tmpbuf+1, x-1, saltlen, hash_idx, modulus_bitlen, stat); - } - else{ - err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat); - } - - } else { - /* PKCS #1 v1.5 decode it */ - unsigned char *out; - unsigned long outlen; - int decoded; - - /* allocate temp buffer for decoded hash */ - outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3; - out = XMALLOC(outlen); - if (out == NULL) { - err = CRYPT_MEM; - goto bail_2; - } - - if ((err = pkcs_1_v1_5_decode(tmpbuf, x, LTC_PKCS_1_EMSA, modulus_bitlen, out, &outlen, &decoded)) != CRYPT_OK) { - XFREE(out); - goto bail_2; - } - - if (padding == LTC_PKCS_1_V1_5) { - unsigned long loid[16], reallen; - ltc_asn1_list digestinfo[2], siginfo[2]; - - /* not all hashes have OIDs... so sad */ - if (hash_descriptor[hash_idx].OIDlen == 0) { - err = CRYPT_INVALID_ARG; - goto bail_2; - } - - /* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */ - /* construct the SEQUENCE - SEQUENCE { - SEQUENCE {hashoid OID - blah NULL - } - hash OCTET STRING - } - */ - LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0])); - LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0); - LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2); - LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen); - - if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) { - /* fallback to Legacy:missing NULL */ - LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 1); - if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) { - XFREE(out); - goto bail_2; - } - } - - if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) { - XFREE(out); - goto bail_2; - } - - /* test OID */ - if ((reallen == outlen) && - (digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) && - (XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) && - (siginfo[1].size == hashlen) && - (XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) { - *stat = 1; - } - } else { - /* only check if the hash is equal */ - if ((hashlen == outlen) && - (XMEMCMP(out, hash, hashlen) == 0)) { - *stat = 1; - } - } - -#ifdef LTC_CLEAN_STACK - zeromem(out, outlen); -#endif - XFREE(out); - } - -bail_2: -#ifdef LTC_CLEAN_STACK - zeromem(tmpbuf, siglen); -#endif - XFREE(tmpbuf); - return err; -} - -#endif /* LTC_MRSA */ diff --git a/libs/tomcrypt/src/prngs/rc4.c b/libs/tomcrypt/src/prngs/rc4.c deleted file mode 100644 index 05f4dd1c44e..00000000000 --- a/libs/tomcrypt/src/prngs/rc4.c +++ /dev/null @@ -1,246 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file prngs/rc4.c - RC4 PRNG, Tom St Denis -*/ - -#ifdef LTC_RC4 - -const struct ltc_prng_descriptor rc4_desc = -{ - "rc4", - 32, - &rc4_start, - &rc4_add_entropy, - &rc4_ready, - &rc4_read, - &rc4_done, - &rc4_export, - &rc4_import, - &rc4_test -}; - -/** - Start the PRNG - @param prng [out] The PRNG state to initialize - @return CRYPT_OK if successful -*/ -int rc4_start(prng_state *prng) -{ - LTC_ARGCHK(prng != NULL); - prng->ready = 0; - /* set entropy (key) size to zero */ - prng->rc4.s.x = 0; - /* clear entropy (key) buffer */ - XMEMSET(&prng->rc4.s.buf, 0, sizeof(prng->rc4.s.buf)); - LTC_MUTEX_INIT(&prng->lock) - return CRYPT_OK; -} - -/** - Add entropy to the PRNG state - @param in The data to add - @param inlen Length of the data to add - @param prng PRNG state to update - @return CRYPT_OK if successful -*/ -int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng) -{ - unsigned char buf[256]; - unsigned long i; - int err; - - LTC_ARGCHK(prng != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(inlen > 0); - - LTC_MUTEX_LOCK(&prng->lock); - if (prng->ready) { - /* rc4_ready() was already called, do "rekey" operation */ - if ((err = rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK; - for(i = 0; i < inlen; i++) buf[i % sizeof(buf)] ^= in[i]; - /* initialize RC4 */ - if ((err = rc4_stream_setup(&prng->rc4.s, buf, sizeof(buf))) != CRYPT_OK) goto LBL_UNLOCK; - /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */ - for (i = 0; i < 12; i++) rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf)); - zeromem(buf, sizeof(buf)); - } - else { - /* rc4_ready() was not called yet, add entropy to the buffer */ - while (inlen--) prng->rc4.s.buf[prng->rc4.s.x++ % sizeof(prng->rc4.s.buf)] ^= *in++; - } - err = CRYPT_OK; -LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); - return err; -} - -/** - Make the PRNG ready to read from - @param prng The PRNG to make active - @return CRYPT_OK if successful -*/ -int rc4_ready(prng_state *prng) -{ - unsigned char buf[256] = { 0 }; - unsigned long len; - int err, i; - - LTC_ARGCHK(prng != NULL); - - LTC_MUTEX_LOCK(&prng->lock); - if (prng->ready) { err = CRYPT_OK; goto LBL_UNLOCK; } - XMEMCPY(buf, prng->rc4.s.buf, sizeof(buf)); - /* initialize RC4 */ - len = MIN(prng->rc4.s.x, 256); /* TODO: we can perhaps always use all 256 bytes */ - if ((err = rc4_stream_setup(&prng->rc4.s, buf, len)) != CRYPT_OK) goto LBL_UNLOCK; - /* drop first 3072 bytes - https://en.wikipedia.org/wiki/RC4#Fluhrer.2C_Mantin_and_Shamir_attack */ - for (i = 0; i < 12; i++) rc4_stream_keystream(&prng->rc4.s, buf, sizeof(buf)); - prng->ready = 1; -LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); - return err; -} - -/** - Read from the PRNG - @param out Destination - @param outlen Length of output - @param prng The active PRNG to read from - @return Number of octets read -*/ -unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prng) -{ - if (outlen == 0 || prng == NULL || out == NULL) return 0; - LTC_MUTEX_LOCK(&prng->lock); - if (!prng->ready) { outlen = 0; goto LBL_UNLOCK; } - if (rc4_stream_keystream(&prng->rc4.s, out, outlen) != CRYPT_OK) outlen = 0; -LBL_UNLOCK: - LTC_MUTEX_UNLOCK(&prng->lock); - return outlen; -} - -/** - Terminate the PRNG - @param prng The PRNG to terminate - @return CRYPT_OK if successful -*/ -int rc4_done(prng_state *prng) -{ - int err; - LTC_ARGCHK(prng != NULL); - LTC_MUTEX_LOCK(&prng->lock); - prng->ready = 0; - err = rc4_stream_done(&prng->rc4.s); - LTC_MUTEX_UNLOCK(&prng->lock); - LTC_MUTEX_DESTROY(&prng->lock); - return err; -} - -/** - Export the PRNG state - @param out [out] Destination - @param outlen [in/out] Max size and resulting size of the state - @param prng The PRNG to export - @return CRYPT_OK if successful -*/ -int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng) -{ - unsigned long len = rc4_desc.export_size; - - LTC_ARGCHK(prng != NULL); - LTC_ARGCHK(out != NULL); - LTC_ARGCHK(outlen != NULL); - - if (*outlen < len) { - *outlen = len; - return CRYPT_BUFFER_OVERFLOW; - } - - if (rc4_read(out, len, prng) != len) { - return CRYPT_ERROR_READPRNG; - } - - *outlen = len; - return CRYPT_OK; -} - -/** - Import a PRNG state - @param in The PRNG state - @param inlen Size of the state - @param prng The PRNG to import - @return CRYPT_OK if successful -*/ -int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng) -{ - int err; - - LTC_ARGCHK(prng != NULL); - LTC_ARGCHK(in != NULL); - if (inlen < (unsigned long)rc4_desc.export_size) return CRYPT_INVALID_ARG; - - if ((err = rc4_start(prng)) != CRYPT_OK) return err; - if ((err = rc4_add_entropy(in, inlen, prng)) != CRYPT_OK) return err; - return CRYPT_OK; -} - -/** - PRNG self-test - @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled -*/ -int rc4_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - prng_state st; - unsigned char en[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, - 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, - 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, - 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, - 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30, 0x31, 0x32 }; - unsigned char dmp[500]; - unsigned long dmplen = sizeof(dmp); - unsigned char out[1000]; - unsigned char t1[] = { 0xE0, 0x4D, 0x9A, 0xF6, 0xA8, 0x9D, 0x77, 0x53, 0xAE, 0x09 }; - unsigned char t2[] = { 0xEF, 0x80, 0xA2, 0xE6, 0x50, 0x91, 0xF3, 0x17, 0x4A, 0x8A }; - unsigned char t3[] = { 0x4B, 0xD6, 0x5C, 0x67, 0x99, 0x03, 0x56, 0x12, 0x80, 0x48 }; - int err; - - if ((err = rc4_start(&st)) != CRYPT_OK) return err; - /* add entropy to uninitialized prng */ - if ((err = rc4_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err; - if ((err = rc4_ready(&st)) != CRYPT_OK) return err; - if (rc4_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */ - if (compare_testvector(out, 10, t1, sizeof(t1), "RC4-PRNG", 1)) return CRYPT_FAIL_TESTVECTOR; - if (rc4_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */ - /* add entropy to already initialized prng */ - if ((err = rc4_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err; - if (rc4_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */ - if ((err = rc4_export(dmp, &dmplen, &st)) != CRYPT_OK) return err; - if (rc4_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */ - if (rc4_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */ - if (compare_testvector(out, 10, t2, sizeof(t2), "RC4-PRNG", 2)) return CRYPT_FAIL_TESTVECTOR; - if ((err = rc4_done(&st)) != CRYPT_OK) return err; - if ((err = rc4_import(dmp, dmplen, &st)) != CRYPT_OK) return err; - if ((err = rc4_ready(&st)) != CRYPT_OK) return err; - if (rc4_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */ - if (rc4_read(out, 10, &st) != 10) return CRYPT_ERROR_READPRNG; /* 10 bytes for testing */ - if (compare_testvector(out, 10, t3, sizeof(t3), "RC4-PRNG", 3)) return CRYPT_FAIL_TESTVECTOR; - if ((err = rc4_done(&st)) != CRYPT_OK) return err; - - return CRYPT_OK; -#endif -} - -#endif diff --git a/libs/tomcrypt/src/prngs/rng_get_bytes.c b/libs/tomcrypt/src/prngs/rng_get_bytes.c deleted file mode 100644 index 6a0cfade43b..00000000000 --- a/libs/tomcrypt/src/prngs/rng_get_bytes.c +++ /dev/null @@ -1,143 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_RNG_GET_BYTES -/** - @file rng_get_bytes.c - portable way to get secure random bits to feed a PRNG (Tom St Denis) -*/ - -#if defined(LTC_DEVRANDOM) && !defined(_WIN32) -/* on *NIX read /dev/random */ -static unsigned long _rng_nix(unsigned char *buf, unsigned long len, - void (*callback)(void)) -{ -#ifdef LTC_NO_FILE - LTC_UNUSED_PARAM(callback); - LTC_UNUSED_PARAM(buf); - LTC_UNUSED_PARAM(len); - return 0; -#else - FILE *f; - unsigned long x; - LTC_UNUSED_PARAM(callback); -#ifdef LTC_TRY_URANDOM_FIRST - f = fopen("/dev/urandom", "rb"); - if (f == NULL) -#endif /* LTC_TRY_URANDOM_FIRST */ - f = fopen("/dev/random", "rb"); - - if (f == NULL) { - return 0; - } - - /* disable buffering */ - if (setvbuf(f, NULL, _IONBF, 0) != 0) { - fclose(f); - return 0; - } - - x = (unsigned long)fread(buf, 1, (size_t)len, f); - fclose(f); - return x; -#endif /* LTC_NO_FILE */ -} - -#endif /* LTC_DEVRANDOM */ - -#if !defined(_WIN32_WCE) - -#define ANSI_RNG - -static unsigned long _rng_ansic(unsigned char *buf, unsigned long len, - void (*callback)(void)) -{ - clock_t t1; - int l, acc, bits, a, b; - - l = len; - bits = 8; - acc = a = b = 0; - while (len--) { - if (callback != NULL) callback(); - while (bits--) { - do { - t1 = XCLOCK(); while (t1 == XCLOCK()) a ^= 1; - t1 = XCLOCK(); while (t1 == XCLOCK()) b ^= 1; - } while (a == b); - acc = (acc << 1) | a; - } - *buf++ = acc; - acc = 0; - bits = 8; - } - return l; -} - -#endif - -/* Try the Microsoft CSP */ -#if defined(_WIN32) || defined(_WIN32_WCE) -#ifndef _WIN32_WINNT - #define _WIN32_WINNT 0x0400 -#endif -#ifdef _WIN32_WCE - #define UNDER_CE - #define ARM -#endif - -#define WIN32_LEAN_AND_MEAN -#include <windows.h> -#include <ntsecapi.h> - -static unsigned long _rng_win32(unsigned char *buf, unsigned long len, - void (*callback)(void)) -{ - LTC_UNUSED_PARAM(callback); - RtlGenRandom(buf, len); - return len; -} - -#endif /* WIN32 */ - -/** - Read the system RNG - @param out Destination - @param outlen Length desired (octets) - @param callback Pointer to void function to act as "callback" when RNG is slow. This can be NULL - @return Number of octets read -*/ -unsigned long rng_get_bytes(unsigned char *out, unsigned long outlen, - void (*callback)(void)) -{ - unsigned long x; - - LTC_ARGCHK(out != NULL); - -#ifdef LTC_PRNG_ENABLE_LTC_RNG - if (ltc_rng) { - x = ltc_rng(out, outlen, callback); - if (x != 0) { - return x; - } - } -#endif - -#if defined(_WIN32) || defined(_WIN32_WCE) - x = _rng_win32(out, outlen, callback); if (x != 0) { return x; } -#elif defined(LTC_DEVRANDOM) - x = _rng_nix(out, outlen, callback); if (x != 0) { return x; } -#endif -#ifdef ANSI_RNG - x = _rng_ansic(out, outlen, callback); if (x != 0) { return x; } -#endif - return 0; -} -#endif /* #ifdef LTC_RNG_GET_BYTES */ diff --git a/libs/tomcrypt/src/prngs/rng_make_prng.c b/libs/tomcrypt/src/prngs/rng_make_prng.c deleted file mode 100644 index b42a047fb19..00000000000 --- a/libs/tomcrypt/src/prngs/rng_make_prng.c +++ /dev/null @@ -1,64 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -#ifdef LTC_RNG_MAKE_PRNG -/** - @file rng_make_prng.c - portable way to get secure random bits to feed a PRNG (Tom St Denis) -*/ - -/** - Create a PRNG from a RNG - @param bits Number of bits of entropy desired (64 ... 1024) - @param wprng Index of which PRNG to setup - @param prng [out] PRNG state to initialize - @param callback A pointer to a void function for when the RNG is slow, this can be NULL - @return CRYPT_OK if successful -*/ -int rng_make_prng(int bits, int wprng, prng_state *prng, - void (*callback)(void)) -{ - unsigned char buf[256]; - int err; - - LTC_ARGCHK(prng != NULL); - - /* check parameter */ - if ((err = prng_is_valid(wprng)) != CRYPT_OK) { - return err; - } - - if (bits < 64 || bits > 1024) { - return CRYPT_INVALID_PRNGSIZE; - } - - if ((err = prng_descriptor[wprng].start(prng)) != CRYPT_OK) { - return err; - } - - bits = ((bits/8)+((bits&7)!=0?1:0)) * 2; - if (rng_get_bytes(buf, (unsigned long)bits, callback) != (unsigned long)bits) { - return CRYPT_ERROR_READPRNG; - } - - if ((err = prng_descriptor[wprng].add_entropy(buf, (unsigned long)bits, prng)) != CRYPT_OK) { - return err; - } - - if ((err = prng_descriptor[wprng].ready(prng)) != CRYPT_OK) { - return err; - } - - #ifdef LTC_CLEAN_STACK - zeromem(buf, sizeof(buf)); - #endif - return CRYPT_OK; -} -#endif /* #ifdef LTC_RNG_MAKE_PRNG */ diff --git a/libs/tomcrypt/src/prngs/sprng.c b/libs/tomcrypt/src/prngs/sprng.c deleted file mode 100644 index a30cc3ed424..00000000000 --- a/libs/tomcrypt/src/prngs/sprng.c +++ /dev/null @@ -1,154 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - @file sprng.c - Secure PRNG, Tom St Denis -*/ - -/* A secure PRNG using the RNG functions. Basically this is a - * wrapper that allows you to use a secure RNG as a PRNG - * in the various other functions. - */ - -#ifdef LTC_SPRNG - -const struct ltc_prng_descriptor sprng_desc = -{ - "sprng", 0, - &sprng_start, - &sprng_add_entropy, - &sprng_ready, - &sprng_read, - &sprng_done, - &sprng_export, - &sprng_import, - &sprng_test -}; - -/** - Start the PRNG - @param prng [out] The PRNG state to initialize - @return CRYPT_OK if successful -*/ -int sprng_start(prng_state *prng) -{ - LTC_UNUSED_PARAM(prng); - return CRYPT_OK; -} - -/** - Add entropy to the PRNG state - @param in The data to add - @param inlen Length of the data to add - @param prng PRNG state to update - @return CRYPT_OK if successful -*/ -int sprng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng) -{ - LTC_UNUSED_PARAM(in); - LTC_UNUSED_PARAM(inlen); - LTC_UNUSED_PARAM(prng); - return CRYPT_OK; -} - -/** - Make the PRNG ready to read from - @param prng The PRNG to make active - @return CRYPT_OK if successful -*/ -int sprng_ready(prng_state *prng) -{ - LTC_UNUSED_PARAM(prng); - return CRYPT_OK; -} - -/** - Read from the PRNG - @param out Destination - @param outlen Length of output - @param prng The active PRNG to read from - @return Number of octets read -*/ -unsigned long sprng_read(unsigned char *out, unsigned long outlen, prng_state *prng) -{ - LTC_ARGCHK(out != NULL); - LTC_UNUSED_PARAM(prng); - return rng_get_bytes(out, outlen, NULL); -} - -/** - Terminate the PRNG - @param prng The PRNG to terminate - @return CRYPT_OK if successful -*/ -int sprng_done(prng_state *prng) -{ - LTC_UNUSED_PARAM(prng); - return CRYPT_OK; -} - -/** - Export the PRNG state - @param out [out] Destination - @param outlen [in/out] Max size and resulting size of the state - @param prng The PRNG to export - @return CRYPT_OK if successful -*/ -int sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng) -{ - LTC_ARGCHK(outlen != NULL); - LTC_UNUSED_PARAM(out); - LTC_UNUSED_PARAM(prng); - - *outlen = 0; - return CRYPT_OK; -} - -/** - Import a PRNG state - @param in The PRNG state - @param inlen Size of the state - @param prng The PRNG to import - @return CRYPT_OK if successful -*/ -int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng) -{ - LTC_UNUSED_PARAM(in); - LTC_UNUSED_PARAM(inlen); - LTC_UNUSED_PARAM(prng); - return CRYPT_OK; -} - -/** - PRNG self-test - @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled -*/ -int sprng_test(void) -{ -#ifndef LTC_TEST - return CRYPT_NOP; -#else - prng_state st; - unsigned char en[] = { 0x01, 0x02, 0x03, 0x04 }; - unsigned char out[1000]; - int err; - - if ((err = sprng_start(&st)) != CRYPT_OK) return err; - if ((err = sprng_add_entropy(en, sizeof(en), &st)) != CRYPT_OK) return err; - if ((err = sprng_ready(&st)) != CRYPT_OK) return err; - if (sprng_read(out, 500, &st) != 500) return CRYPT_ERROR_READPRNG; /* skip 500 bytes */ - if ((err = sprng_done(&st)) != CRYPT_OK) return err; - - return CRYPT_OK; -#endif -} - -#endif diff --git a/libs/tomcrypt/src/stream/rc4/rc4_stream.c b/libs/tomcrypt/src/stream/rc4/rc4_stream.c deleted file mode 100644 index ec174a0c2b9..00000000000 --- a/libs/tomcrypt/src/stream/rc4/rc4_stream.c +++ /dev/null @@ -1,107 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_RC4_STREAM - -/** - Initialize an RC4 context (only the key) - @param st [out] The destination of the RC4 state - @param key The secret key - @param keylen The length of the secret key (8 - 256 bytes) - @return CRYPT_OK if successful -*/ -int rc4_stream_setup(rc4_state *st, const unsigned char *key, unsigned long keylen) -{ - unsigned char tmp, *s; - int x, y; - unsigned long j; - - LTC_ARGCHK(st != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(keylen >= 5); /* 40-2048 bits */ - - s = st->buf; - for (x = 0; x < 256; x++) { - s[x] = x; - } - - for (j = x = y = 0; x < 256; x++) { - y = (y + s[x] + key[j++]) & 255; - if (j == keylen) { - j = 0; - } - tmp = s[x]; s[x] = s[y]; s[y] = tmp; - } - st->x = 0; - st->y = 0; - - return CRYPT_OK; -} - -/** - Encrypt (or decrypt) bytes of ciphertext (or plaintext) with RC4 - @param st The RC4 state - @param in The plaintext (or ciphertext) - @param inlen The length of the input (octets) - @param out [out] The ciphertext (or plaintext), length inlen - @return CRYPT_OK if successful -*/ -int rc4_stream_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out) -{ - unsigned char x, y, *s, tmp; - - LTC_ARGCHK(st != NULL); - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(out != NULL); - - x = st->x; - y = st->y; - s = st->buf; - while (inlen--) { - x = (x + 1) & 255; - y = (y + s[x]) & 255; - tmp = s[x]; s[x] = s[y]; s[y] = tmp; - tmp = (s[x] + s[y]) & 255; - *out++ = *in++ ^ s[tmp]; - } - st->x = x; - st->y = y; - return CRYPT_OK; -} - -/** - Generate a stream of random bytes via RC4 - @param st The RC420 state - @param out [out] The output buffer - @param outlen The output length - @return CRYPT_OK on success - */ -int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen) -{ - if (outlen == 0) return CRYPT_OK; /* nothing to do */ - LTC_ARGCHK(out != NULL); - XMEMSET(out, 0, outlen); - return rc4_stream_crypt(st, out, outlen, out); -} - -/** - Terminate and clear RC4 state - @param st The RC4 state - @return CRYPT_OK on success -*/ -int rc4_stream_done(rc4_state *st) -{ - LTC_ARGCHK(st != NULL); - XMEMSET(st, 0, sizeof(rc4_state)); - return CRYPT_OK; -} - -#endif -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/11086