summaryrefslogtreecommitdiff
path: root/utils
diff options
context:
space:
mode:
authorDominik Riebeling <Dominik.Riebeling@gmail.com>2020-08-08 18:45:07 +0200
committerDominik Riebeling <Dominik.Riebeling@gmail.com>2020-10-18 19:08:32 +0200
commitcaa9d9c1c5cc4347edca0c9a9868fdd105b5e779 (patch)
tree403787a018da9eced31d1f84b6493e59466dddc7 /utils
parent7603533f7fc9f7aec7c04a1258cf772247170e90 (diff)
downloadrockbox-caa9d9c1c5cc4347edca0c9a9868fdd105b5e779.tar.gz
rockbox-caa9d9c1c5cc4347edca0c9a9868fdd105b5e779.zip
utils: Add (partial) libtomcrypt.
Add the parts of libtomcrypt that we're about to use. Change-Id: I0adc1d7d1f4833e7bb3ed53b9a4d9a85977cfb8b
Diffstat (limited to 'utils')
-rw-r--r--utils/tomcrypt/LICENSE29
-rw-r--r--utils/tomcrypt/README.ROCKBOX7
-rw-r--r--utils/tomcrypt/src/ciphers/aes/aes.c743
-rw-r--r--utils/tomcrypt/src/ciphers/aes/aes_tab.c1032
-rw-r--r--utils/tomcrypt/src/hashes/sha1.c286
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt.h105
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_argchk.h53
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_cfg.h283
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_cipher.h1008
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_custom.h590
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_hash.h531
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_mac.h565
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_macros.h446
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_math.h583
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_misc.h113
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_pk.h747
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_pkcs.h108
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_private.h447
-rw-r--r--utils/tomcrypt/src/headers/tomcrypt_prng.h232
-rw-r--r--utils/tomcrypt/src/misc/compare_testvector.c87
-rw-r--r--utils/tomcrypt/src/misc/crypt/crypt_argchk.c27
-rw-r--r--utils/tomcrypt/src/misc/crypt/crypt_cipher_descriptor.c25
-rw-r--r--utils/tomcrypt/src/misc/crypt/crypt_cipher_is_valid.c34
-rw-r--r--utils/tomcrypt/src/misc/crypt/crypt_register_cipher.c52
-rw-r--r--utils/tomcrypt/src/misc/zeromem.c32
-rw-r--r--utils/tomcrypt/src/modes/cbc/cbc_decrypt.c95
-rw-r--r--utils/tomcrypt/src/modes/cbc/cbc_encrypt.c96
-rw-r--r--utils/tomcrypt/src/modes/cbc/cbc_start.c60
28 files changed, 8416 insertions, 0 deletions
diff --git a/utils/tomcrypt/LICENSE b/utils/tomcrypt/LICENSE
new file mode 100644
index 0000000000..c4afbc6b5b
--- /dev/null
+++ b/utils/tomcrypt/LICENSE
@@ -0,0 +1,29 @@
1LibTomCrypt is licensed under DUAL licensing terms.
2
3Choose and use the license of your needs.
4
5[LICENSE #1]
6
7LibTomCrypt is public domain. As should all quality software be.
8
9Tom St Denis
10
11[/LICENSE #1]
12
13[LICENSE #2]
14
15 DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
16 Version 2, December 2004
17
18 Copyright (C) 2004 Sam Hocevar <sam@hocevar.net>
19
20 Everyone is permitted to copy and distribute verbatim or modified
21 copies of this license document, and changing it is allowed as long
22 as the name is changed.
23
24 DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
25 TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
26
27 0. You just DO WHAT THE FUCK YOU WANT TO.
28
29[/LICENSE #2]
diff --git a/utils/tomcrypt/README.ROCKBOX b/utils/tomcrypt/README.ROCKBOX
new file mode 100644
index 0000000000..53ebe19fdc
--- /dev/null
+++ b/utils/tomcrypt/README.ROCKBOX
@@ -0,0 +1,7 @@
1This folder contains the source from libtomcrypt.
2
3Only the source files that are actually used have been added. If more
4functionality is needed add the missing files.
5
6The source tree has last been synced with libtomcrypt 1.18.2 on 2020-08-08.
7
diff --git a/utils/tomcrypt/src/ciphers/aes/aes.c b/utils/tomcrypt/src/ciphers/aes/aes.c
new file mode 100644
index 0000000000..19c732fe65
--- /dev/null
+++ b/utils/tomcrypt/src/ciphers/aes/aes.c
@@ -0,0 +1,743 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/* AES implementation by Tom St Denis
11 *
12 * Derived from the Public Domain source code by
13
14---
15 * rijndael-alg-fst.c
16 *
17 * @version 3.0 (December 2000)
18 *
19 * Optimised ANSI C code for the Rijndael cipher (now AES)
20 *
21 * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
22 * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
23 * @author Paulo Barreto <paulo.barreto@terra.com.br>
24---
25 */
26/**
27 @file aes.c
28 Implementation of AES
29*/
30
31#include "tomcrypt.h"
32
33#ifdef LTC_RIJNDAEL
34
35#ifndef ENCRYPT_ONLY
36
37#define SETUP rijndael_setup
38#define ECB_ENC rijndael_ecb_encrypt
39#define ECB_DEC rijndael_ecb_decrypt
40#define ECB_DONE rijndael_done
41#define ECB_TEST rijndael_test
42#define ECB_KS rijndael_keysize
43
44const struct ltc_cipher_descriptor rijndael_desc =
45{
46 "rijndael",
47 6,
48 16, 32, 16, 10,
49 SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
50 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
51};
52
53const struct ltc_cipher_descriptor aes_desc =
54{
55 "aes",
56 6,
57 16, 32, 16, 10,
58 SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
59 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
60};
61
62#else
63
64#define SETUP rijndael_enc_setup
65#define ECB_ENC rijndael_enc_ecb_encrypt
66#define ECB_KS rijndael_enc_keysize
67#define ECB_DONE rijndael_enc_done
68
69const struct ltc_cipher_descriptor rijndael_enc_desc =
70{
71 "rijndael",
72 6,
73 16, 32, 16, 10,
74 SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
75 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
76};
77
78const struct ltc_cipher_descriptor aes_enc_desc =
79{
80 "aes",
81 6,
82 16, 32, 16, 10,
83 SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
84 NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
85};
86
87#endif
88
89#define __LTC_AES_TAB_C__
90#include "aes_tab.c"
91
92static ulong32 setup_mix(ulong32 temp)
93{
94 return (Te4_3[byte(temp, 2)]) ^
95 (Te4_2[byte(temp, 1)]) ^
96 (Te4_1[byte(temp, 0)]) ^
97 (Te4_0[byte(temp, 3)]);
98}
99
100#ifndef ENCRYPT_ONLY
101#ifdef LTC_SMALL_CODE
102static ulong32 setup_mix2(ulong32 temp)
103{
104 return Td0(255 & Te4[byte(temp, 3)]) ^
105 Td1(255 & Te4[byte(temp, 2)]) ^
106 Td2(255 & Te4[byte(temp, 1)]) ^
107 Td3(255 & Te4[byte(temp, 0)]);
108}
109#endif
110#endif
111
112 /**
113 Initialize the AES (Rijndael) block cipher
114 @param key The symmetric key you wish to pass
115 @param keylen The key length in bytes
116 @param num_rounds The number of rounds desired (0 for default)
117 @param skey The key in as scheduled by this function.
118 @return CRYPT_OK if successful
119 */
120int SETUP(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
121{
122 int i;
123 ulong32 temp, *rk;
124#ifndef ENCRYPT_ONLY
125 ulong32 *rrk;
126#endif
127 LTC_ARGCHK(key != NULL);
128 LTC_ARGCHK(skey != NULL);
129
130 if (keylen != 16 && keylen != 24 && keylen != 32) {
131 return CRYPT_INVALID_KEYSIZE;
132 }
133
134 if (num_rounds != 0 && num_rounds != (10 + ((keylen/8)-2)*2)) {
135 return CRYPT_INVALID_ROUNDS;
136 }
137
138 skey->rijndael.Nr = 10 + ((keylen/8)-2)*2;
139
140 /* setup the forward key */
141 i = 0;
142 rk = skey->rijndael.eK;
143 LOAD32H(rk[0], key );
144 LOAD32H(rk[1], key + 4);
145 LOAD32H(rk[2], key + 8);
146 LOAD32H(rk[3], key + 12);
147 if (keylen == 16) {
148 for (;;) {
149 temp = rk[3];
150 rk[4] = rk[0] ^ setup_mix(temp) ^ rcon[i];
151 rk[5] = rk[1] ^ rk[4];
152 rk[6] = rk[2] ^ rk[5];
153 rk[7] = rk[3] ^ rk[6];
154 if (++i == 10) {
155 break;
156 }
157 rk += 4;
158 }
159 } else if (keylen == 24) {
160 LOAD32H(rk[4], key + 16);
161 LOAD32H(rk[5], key + 20);
162 for (;;) {
163 #ifdef _MSC_VER
164 temp = skey->rijndael.eK[rk - skey->rijndael.eK + 5];
165 #else
166 temp = rk[5];
167 #endif
168 rk[ 6] = rk[ 0] ^ setup_mix(temp) ^ rcon[i];
169 rk[ 7] = rk[ 1] ^ rk[ 6];
170 rk[ 8] = rk[ 2] ^ rk[ 7];
171 rk[ 9] = rk[ 3] ^ rk[ 8];
172 if (++i == 8) {
173 break;
174 }
175 rk[10] = rk[ 4] ^ rk[ 9];
176 rk[11] = rk[ 5] ^ rk[10];
177 rk += 6;
178 }
179 } else if (keylen == 32) {
180 LOAD32H(rk[4], key + 16);
181 LOAD32H(rk[5], key + 20);
182 LOAD32H(rk[6], key + 24);
183 LOAD32H(rk[7], key + 28);
184 for (;;) {
185 #ifdef _MSC_VER
186 temp = skey->rijndael.eK[rk - skey->rijndael.eK + 7];
187 #else
188 temp = rk[7];
189 #endif
190 rk[ 8] = rk[ 0] ^ setup_mix(temp) ^ rcon[i];
191 rk[ 9] = rk[ 1] ^ rk[ 8];
192 rk[10] = rk[ 2] ^ rk[ 9];
193 rk[11] = rk[ 3] ^ rk[10];
194 if (++i == 7) {
195 break;
196 }
197 temp = rk[11];
198 rk[12] = rk[ 4] ^ setup_mix(RORc(temp, 8));
199 rk[13] = rk[ 5] ^ rk[12];
200 rk[14] = rk[ 6] ^ rk[13];
201 rk[15] = rk[ 7] ^ rk[14];
202 rk += 8;
203 }
204 } else {
205 /* this can't happen */
206 /* coverity[dead_error_line] */
207 return CRYPT_ERROR;
208 }
209
210#ifndef ENCRYPT_ONLY
211 /* setup the inverse key now */
212 rk = skey->rijndael.dK;
213 rrk = skey->rijndael.eK + (28 + keylen) - 4;
214
215 /* apply the inverse MixColumn transform to all round keys but the first and the last: */
216 /* copy first */
217 *rk++ = *rrk++;
218 *rk++ = *rrk++;
219 *rk++ = *rrk++;
220 *rk = *rrk;
221 rk -= 3; rrk -= 3;
222
223 for (i = 1; i < skey->rijndael.Nr; i++) {
224 rrk -= 4;
225 rk += 4;
226 #ifdef LTC_SMALL_CODE
227 temp = rrk[0];
228 rk[0] = setup_mix2(temp);
229 temp = rrk[1];
230 rk[1] = setup_mix2(temp);
231 temp = rrk[2];
232 rk[2] = setup_mix2(temp);
233 temp = rrk[3];
234 rk[3] = setup_mix2(temp);
235 #else
236 temp = rrk[0];
237 rk[0] =
238 Tks0[byte(temp, 3)] ^
239 Tks1[byte(temp, 2)] ^
240 Tks2[byte(temp, 1)] ^
241 Tks3[byte(temp, 0)];
242 temp = rrk[1];
243 rk[1] =
244 Tks0[byte(temp, 3)] ^
245 Tks1[byte(temp, 2)] ^
246 Tks2[byte(temp, 1)] ^
247 Tks3[byte(temp, 0)];
248 temp = rrk[2];
249 rk[2] =
250 Tks0[byte(temp, 3)] ^
251 Tks1[byte(temp, 2)] ^
252 Tks2[byte(temp, 1)] ^
253 Tks3[byte(temp, 0)];
254 temp = rrk[3];
255 rk[3] =
256 Tks0[byte(temp, 3)] ^
257 Tks1[byte(temp, 2)] ^
258 Tks2[byte(temp, 1)] ^
259 Tks3[byte(temp, 0)];
260 #endif
261
262 }
263
264 /* copy last */
265 rrk -= 4;
266 rk += 4;
267 *rk++ = *rrk++;
268 *rk++ = *rrk++;
269 *rk++ = *rrk++;
270 *rk = *rrk;
271#endif /* ENCRYPT_ONLY */
272
273 return CRYPT_OK;
274}
275
276/**
277 Encrypts a block of text with AES
278 @param pt The input plaintext (16 bytes)
279 @param ct The output ciphertext (16 bytes)
280 @param skey The key as scheduled
281 @return CRYPT_OK if successful
282*/
283#ifdef LTC_CLEAN_STACK
284static int _rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
285#else
286int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
287#endif
288{
289 ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
290 int Nr, r;
291
292 LTC_ARGCHK(pt != NULL);
293 LTC_ARGCHK(ct != NULL);
294 LTC_ARGCHK(skey != NULL);
295
296 Nr = skey->rijndael.Nr;
297 rk = skey->rijndael.eK;
298
299 /*
300 * map byte array block to cipher state
301 * and add initial round key:
302 */
303 LOAD32H(s0, pt ); s0 ^= rk[0];
304 LOAD32H(s1, pt + 4); s1 ^= rk[1];
305 LOAD32H(s2, pt + 8); s2 ^= rk[2];
306 LOAD32H(s3, pt + 12); s3 ^= rk[3];
307
308#ifdef LTC_SMALL_CODE
309
310 for (r = 0; ; r++) {
311 rk += 4;
312 t0 =
313 Te0(byte(s0, 3)) ^
314 Te1(byte(s1, 2)) ^
315 Te2(byte(s2, 1)) ^
316 Te3(byte(s3, 0)) ^
317 rk[0];
318 t1 =
319 Te0(byte(s1, 3)) ^
320 Te1(byte(s2, 2)) ^
321 Te2(byte(s3, 1)) ^
322 Te3(byte(s0, 0)) ^
323 rk[1];
324 t2 =
325 Te0(byte(s2, 3)) ^
326 Te1(byte(s3, 2)) ^
327 Te2(byte(s0, 1)) ^
328 Te3(byte(s1, 0)) ^
329 rk[2];
330 t3 =
331 Te0(byte(s3, 3)) ^
332 Te1(byte(s0, 2)) ^
333 Te2(byte(s1, 1)) ^
334 Te3(byte(s2, 0)) ^
335 rk[3];
336 if (r == Nr-2) {
337 break;
338 }
339 s0 = t0; s1 = t1; s2 = t2; s3 = t3;
340 }
341 rk += 4;
342
343#else
344
345 /*
346 * Nr - 1 full rounds:
347 */
348 r = Nr >> 1;
349 for (;;) {
350 t0 =
351 Te0(byte(s0, 3)) ^
352 Te1(byte(s1, 2)) ^
353 Te2(byte(s2, 1)) ^
354 Te3(byte(s3, 0)) ^
355 rk[4];
356 t1 =
357 Te0(byte(s1, 3)) ^
358 Te1(byte(s2, 2)) ^
359 Te2(byte(s3, 1)) ^
360 Te3(byte(s0, 0)) ^
361 rk[5];
362 t2 =
363 Te0(byte(s2, 3)) ^
364 Te1(byte(s3, 2)) ^
365 Te2(byte(s0, 1)) ^
366 Te3(byte(s1, 0)) ^
367 rk[6];
368 t3 =
369 Te0(byte(s3, 3)) ^
370 Te1(byte(s0, 2)) ^
371 Te2(byte(s1, 1)) ^
372 Te3(byte(s2, 0)) ^
373 rk[7];
374
375 rk += 8;
376 if (--r == 0) {
377 break;
378 }
379
380 s0 =
381 Te0(byte(t0, 3)) ^
382 Te1(byte(t1, 2)) ^
383 Te2(byte(t2, 1)) ^
384 Te3(byte(t3, 0)) ^
385 rk[0];
386 s1 =
387 Te0(byte(t1, 3)) ^
388 Te1(byte(t2, 2)) ^
389 Te2(byte(t3, 1)) ^
390 Te3(byte(t0, 0)) ^
391 rk[1];
392 s2 =
393 Te0(byte(t2, 3)) ^
394 Te1(byte(t3, 2)) ^
395 Te2(byte(t0, 1)) ^
396 Te3(byte(t1, 0)) ^
397 rk[2];
398 s3 =
399 Te0(byte(t3, 3)) ^
400 Te1(byte(t0, 2)) ^
401 Te2(byte(t1, 1)) ^
402 Te3(byte(t2, 0)) ^
403 rk[3];
404 }
405
406#endif
407
408 /*
409 * apply last round and
410 * map cipher state to byte array block:
411 */
412 s0 =
413 (Te4_3[byte(t0, 3)]) ^
414 (Te4_2[byte(t1, 2)]) ^
415 (Te4_1[byte(t2, 1)]) ^
416 (Te4_0[byte(t3, 0)]) ^
417 rk[0];
418 STORE32H(s0, ct);
419 s1 =
420 (Te4_3[byte(t1, 3)]) ^
421 (Te4_2[byte(t2, 2)]) ^
422 (Te4_1[byte(t3, 1)]) ^
423 (Te4_0[byte(t0, 0)]) ^
424 rk[1];
425 STORE32H(s1, ct+4);
426 s2 =
427 (Te4_3[byte(t2, 3)]) ^
428 (Te4_2[byte(t3, 2)]) ^
429 (Te4_1[byte(t0, 1)]) ^
430 (Te4_0[byte(t1, 0)]) ^
431 rk[2];
432 STORE32H(s2, ct+8);
433 s3 =
434 (Te4_3[byte(t3, 3)]) ^
435 (Te4_2[byte(t0, 2)]) ^
436 (Te4_1[byte(t1, 1)]) ^
437 (Te4_0[byte(t2, 0)]) ^
438 rk[3];
439 STORE32H(s3, ct+12);
440
441 return CRYPT_OK;
442}
443
444#ifdef LTC_CLEAN_STACK
445int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
446{
447 int err = _rijndael_ecb_encrypt(pt, ct, skey);
448 burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2);
449 return err;
450}
451#endif
452
453#ifndef ENCRYPT_ONLY
454
455/**
456 Decrypts a block of text with AES
457 @param ct The input ciphertext (16 bytes)
458 @param pt The output plaintext (16 bytes)
459 @param skey The key as scheduled
460 @return CRYPT_OK if successful
461*/
462#ifdef LTC_CLEAN_STACK
463static int _rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
464#else
465int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
466#endif
467{
468 ulong32 s0, s1, s2, s3, t0, t1, t2, t3, *rk;
469 int Nr, r;
470
471 LTC_ARGCHK(pt != NULL);
472 LTC_ARGCHK(ct != NULL);
473 LTC_ARGCHK(skey != NULL);
474
475 Nr = skey->rijndael.Nr;
476 rk = skey->rijndael.dK;
477
478 /*
479 * map byte array block to cipher state
480 * and add initial round key:
481 */
482 LOAD32H(s0, ct ); s0 ^= rk[0];
483 LOAD32H(s1, ct + 4); s1 ^= rk[1];
484 LOAD32H(s2, ct + 8); s2 ^= rk[2];
485 LOAD32H(s3, ct + 12); s3 ^= rk[3];
486
487#ifdef LTC_SMALL_CODE
488 for (r = 0; ; r++) {
489 rk += 4;
490 t0 =
491 Td0(byte(s0, 3)) ^
492 Td1(byte(s3, 2)) ^
493 Td2(byte(s2, 1)) ^
494 Td3(byte(s1, 0)) ^
495 rk[0];
496 t1 =
497 Td0(byte(s1, 3)) ^
498 Td1(byte(s0, 2)) ^
499 Td2(byte(s3, 1)) ^
500 Td3(byte(s2, 0)) ^
501 rk[1];
502 t2 =
503 Td0(byte(s2, 3)) ^
504 Td1(byte(s1, 2)) ^
505 Td2(byte(s0, 1)) ^
506 Td3(byte(s3, 0)) ^
507 rk[2];
508 t3 =
509 Td0(byte(s3, 3)) ^
510 Td1(byte(s2, 2)) ^
511 Td2(byte(s1, 1)) ^
512 Td3(byte(s0, 0)) ^
513 rk[3];
514 if (r == Nr-2) {
515 break;
516 }
517 s0 = t0; s1 = t1; s2 = t2; s3 = t3;
518 }
519 rk += 4;
520
521#else
522
523 /*
524 * Nr - 1 full rounds:
525 */
526 r = Nr >> 1;
527 for (;;) {
528
529 t0 =
530 Td0(byte(s0, 3)) ^
531 Td1(byte(s3, 2)) ^
532 Td2(byte(s2, 1)) ^
533 Td3(byte(s1, 0)) ^
534 rk[4];
535 t1 =
536 Td0(byte(s1, 3)) ^
537 Td1(byte(s0, 2)) ^
538 Td2(byte(s3, 1)) ^
539 Td3(byte(s2, 0)) ^
540 rk[5];
541 t2 =
542 Td0(byte(s2, 3)) ^
543 Td1(byte(s1, 2)) ^
544 Td2(byte(s0, 1)) ^
545 Td3(byte(s3, 0)) ^
546 rk[6];
547 t3 =
548 Td0(byte(s3, 3)) ^
549 Td1(byte(s2, 2)) ^
550 Td2(byte(s1, 1)) ^
551 Td3(byte(s0, 0)) ^
552 rk[7];
553
554 rk += 8;
555 if (--r == 0) {
556 break;
557 }
558
559
560 s0 =
561 Td0(byte(t0, 3)) ^
562 Td1(byte(t3, 2)) ^
563 Td2(byte(t2, 1)) ^
564 Td3(byte(t1, 0)) ^
565 rk[0];
566 s1 =
567 Td0(byte(t1, 3)) ^
568 Td1(byte(t0, 2)) ^
569 Td2(byte(t3, 1)) ^
570 Td3(byte(t2, 0)) ^
571 rk[1];
572 s2 =
573 Td0(byte(t2, 3)) ^
574 Td1(byte(t1, 2)) ^
575 Td2(byte(t0, 1)) ^
576 Td3(byte(t3, 0)) ^
577 rk[2];
578 s3 =
579 Td0(byte(t3, 3)) ^
580 Td1(byte(t2, 2)) ^
581 Td2(byte(t1, 1)) ^
582 Td3(byte(t0, 0)) ^
583 rk[3];
584 }
585#endif
586
587 /*
588 * apply last round and
589 * map cipher state to byte array block:
590 */
591 s0 =
592 (Td4[byte(t0, 3)] & 0xff000000) ^
593 (Td4[byte(t3, 2)] & 0x00ff0000) ^
594 (Td4[byte(t2, 1)] & 0x0000ff00) ^
595 (Td4[byte(t1, 0)] & 0x000000ff) ^
596 rk[0];
597 STORE32H(s0, pt);
598 s1 =
599 (Td4[byte(t1, 3)] & 0xff000000) ^
600 (Td4[byte(t0, 2)] & 0x00ff0000) ^
601 (Td4[byte(t3, 1)] & 0x0000ff00) ^
602 (Td4[byte(t2, 0)] & 0x000000ff) ^
603 rk[1];
604 STORE32H(s1, pt+4);
605 s2 =
606 (Td4[byte(t2, 3)] & 0xff000000) ^
607 (Td4[byte(t1, 2)] & 0x00ff0000) ^
608 (Td4[byte(t0, 1)] & 0x0000ff00) ^
609 (Td4[byte(t3, 0)] & 0x000000ff) ^
610 rk[2];
611 STORE32H(s2, pt+8);
612 s3 =
613 (Td4[byte(t3, 3)] & 0xff000000) ^
614 (Td4[byte(t2, 2)] & 0x00ff0000) ^
615 (Td4[byte(t1, 1)] & 0x0000ff00) ^
616 (Td4[byte(t0, 0)] & 0x000000ff) ^
617 rk[3];
618 STORE32H(s3, pt+12);
619
620 return CRYPT_OK;
621}
622
623
624#ifdef LTC_CLEAN_STACK
625int ECB_DEC(const unsigned char *ct, unsigned char *pt, symmetric_key *skey)
626{
627 int err = _rijndael_ecb_decrypt(ct, pt, skey);
628 burn_stack(sizeof(unsigned long)*8 + sizeof(unsigned long*) + sizeof(int)*2);
629 return err;
630}
631#endif
632
633/**
634 Performs a self-test of the AES block cipher
635 @return CRYPT_OK if functional, CRYPT_NOP if self-test has been disabled
636*/
637int ECB_TEST(void)
638{
639 #ifndef LTC_TEST
640 return CRYPT_NOP;
641 #else
642 int err;
643 static const struct {
644 int keylen;
645 unsigned char key[32], pt[16], ct[16];
646 } tests[] = {
647 { 16,
648 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
649 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f },
650 { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
651 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
652 { 0x69, 0xc4, 0xe0, 0xd8, 0x6a, 0x7b, 0x04, 0x30,
653 0xd8, 0xcd, 0xb7, 0x80, 0x70, 0xb4, 0xc5, 0x5a }
654 }, {
655 24,
656 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
657 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
658 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 },
659 { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
660 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
661 { 0xdd, 0xa9, 0x7c, 0xa4, 0x86, 0x4c, 0xdf, 0xe0,
662 0x6e, 0xaf, 0x70, 0xa0, 0xec, 0x0d, 0x71, 0x91 }
663 }, {
664 32,
665 { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
666 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
667 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
668 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f },
669 { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
670 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff },
671 { 0x8e, 0xa2, 0xb7, 0xca, 0x51, 0x67, 0x45, 0xbf,
672 0xea, 0xfc, 0x49, 0x90, 0x4b, 0x49, 0x60, 0x89 }
673 }
674 };
675
676 symmetric_key key;
677 unsigned char tmp[2][16];
678 int i, y;
679
680 for (i = 0; i < (int)(sizeof(tests)/sizeof(tests[0])); i++) {
681 zeromem(&key, sizeof(key));
682 if ((err = rijndael_setup(tests[i].key, tests[i].keylen, 0, &key)) != CRYPT_OK) {
683 return err;
684 }
685
686 rijndael_ecb_encrypt(tests[i].pt, tmp[0], &key);
687 rijndael_ecb_decrypt(tmp[0], tmp[1], &key);
688 if (compare_testvector(tmp[0], 16, tests[i].ct, 16, "AES Encrypt", i) ||
689 compare_testvector(tmp[1], 16, tests[i].pt, 16, "AES Decrypt", i)) {
690 return CRYPT_FAIL_TESTVECTOR;
691 }
692
693 /* now see if we can encrypt all zero bytes 1000 times, decrypt and come back where we started */
694 for (y = 0; y < 16; y++) tmp[0][y] = 0;
695 for (y = 0; y < 1000; y++) rijndael_ecb_encrypt(tmp[0], tmp[0], &key);
696 for (y = 0; y < 1000; y++) rijndael_ecb_decrypt(tmp[0], tmp[0], &key);
697 for (y = 0; y < 16; y++) if (tmp[0][y] != 0) return CRYPT_FAIL_TESTVECTOR;
698 }
699 return CRYPT_OK;
700 #endif
701}
702
703#endif /* ENCRYPT_ONLY */
704
705
706/** Terminate the context
707 @param skey The scheduled key
708*/
709void ECB_DONE(symmetric_key *skey)
710{
711 LTC_UNUSED_PARAM(skey);
712}
713
714
715/**
716 Gets suitable key size
717 @param keysize [in/out] The length of the recommended key (in bytes). This function will store the suitable size back in this variable.
718 @return CRYPT_OK if the input key size is acceptable.
719*/
720int ECB_KS(int *keysize)
721{
722 LTC_ARGCHK(keysize != NULL);
723
724 if (*keysize < 16)
725 return CRYPT_INVALID_KEYSIZE;
726 if (*keysize < 24) {
727 *keysize = 16;
728 return CRYPT_OK;
729 } else if (*keysize < 32) {
730 *keysize = 24;
731 return CRYPT_OK;
732 } else {
733 *keysize = 32;
734 return CRYPT_OK;
735 }
736}
737
738#endif
739
740
741/* ref: HEAD -> master, tag: v1.18.2 */
742/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
743/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/ciphers/aes/aes_tab.c b/utils/tomcrypt/src/ciphers/aes/aes_tab.c
new file mode 100644
index 0000000000..dc556e1cd8
--- /dev/null
+++ b/utils/tomcrypt/src/ciphers/aes/aes_tab.c
@@ -0,0 +1,1032 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9/* The precomputed tables for AES */
10/*
11Te0[x] = S [x].[02, 01, 01, 03];
12Te1[x] = S [x].[03, 02, 01, 01];
13Te2[x] = S [x].[01, 03, 02, 01];
14Te3[x] = S [x].[01, 01, 03, 02];
15Te4[x] = S [x].[01, 01, 01, 01];
16
17Td0[x] = Si[x].[0e, 09, 0d, 0b];
18Td1[x] = Si[x].[0b, 0e, 09, 0d];
19Td2[x] = Si[x].[0d, 0b, 0e, 09];
20Td3[x] = Si[x].[09, 0d, 0b, 0e];
21Td4[x] = Si[x].[01, 01, 01, 01];
22*/
23
24#ifdef __LTC_AES_TAB_C__
25
26/**
27 @file aes_tab.c
28 AES tables
29*/
30static const ulong32 TE0[256] = {
31 0xc66363a5UL, 0xf87c7c84UL, 0xee777799UL, 0xf67b7b8dUL,
32 0xfff2f20dUL, 0xd66b6bbdUL, 0xde6f6fb1UL, 0x91c5c554UL,
33 0x60303050UL, 0x02010103UL, 0xce6767a9UL, 0x562b2b7dUL,
34 0xe7fefe19UL, 0xb5d7d762UL, 0x4dababe6UL, 0xec76769aUL,
35 0x8fcaca45UL, 0x1f82829dUL, 0x89c9c940UL, 0xfa7d7d87UL,
36 0xeffafa15UL, 0xb25959ebUL, 0x8e4747c9UL, 0xfbf0f00bUL,
37 0x41adadecUL, 0xb3d4d467UL, 0x5fa2a2fdUL, 0x45afafeaUL,
38 0x239c9cbfUL, 0x53a4a4f7UL, 0xe4727296UL, 0x9bc0c05bUL,
39 0x75b7b7c2UL, 0xe1fdfd1cUL, 0x3d9393aeUL, 0x4c26266aUL,
40 0x6c36365aUL, 0x7e3f3f41UL, 0xf5f7f702UL, 0x83cccc4fUL,
41 0x6834345cUL, 0x51a5a5f4UL, 0xd1e5e534UL, 0xf9f1f108UL,
42 0xe2717193UL, 0xabd8d873UL, 0x62313153UL, 0x2a15153fUL,
43 0x0804040cUL, 0x95c7c752UL, 0x46232365UL, 0x9dc3c35eUL,
44 0x30181828UL, 0x379696a1UL, 0x0a05050fUL, 0x2f9a9ab5UL,
45 0x0e070709UL, 0x24121236UL, 0x1b80809bUL, 0xdfe2e23dUL,
46 0xcdebeb26UL, 0x4e272769UL, 0x7fb2b2cdUL, 0xea75759fUL,
47 0x1209091bUL, 0x1d83839eUL, 0x582c2c74UL, 0x341a1a2eUL,
48 0x361b1b2dUL, 0xdc6e6eb2UL, 0xb45a5aeeUL, 0x5ba0a0fbUL,
49 0xa45252f6UL, 0x763b3b4dUL, 0xb7d6d661UL, 0x7db3b3ceUL,
50 0x5229297bUL, 0xdde3e33eUL, 0x5e2f2f71UL, 0x13848497UL,
51 0xa65353f5UL, 0xb9d1d168UL, 0x00000000UL, 0xc1eded2cUL,
52 0x40202060UL, 0xe3fcfc1fUL, 0x79b1b1c8UL, 0xb65b5bedUL,
53 0xd46a6abeUL, 0x8dcbcb46UL, 0x67bebed9UL, 0x7239394bUL,
54 0x944a4adeUL, 0x984c4cd4UL, 0xb05858e8UL, 0x85cfcf4aUL,
55 0xbbd0d06bUL, 0xc5efef2aUL, 0x4faaaae5UL, 0xedfbfb16UL,
56 0x864343c5UL, 0x9a4d4dd7UL, 0x66333355UL, 0x11858594UL,
57 0x8a4545cfUL, 0xe9f9f910UL, 0x04020206UL, 0xfe7f7f81UL,
58 0xa05050f0UL, 0x783c3c44UL, 0x259f9fbaUL, 0x4ba8a8e3UL,
59 0xa25151f3UL, 0x5da3a3feUL, 0x804040c0UL, 0x058f8f8aUL,
60 0x3f9292adUL, 0x219d9dbcUL, 0x70383848UL, 0xf1f5f504UL,
61 0x63bcbcdfUL, 0x77b6b6c1UL, 0xafdada75UL, 0x42212163UL,
62 0x20101030UL, 0xe5ffff1aUL, 0xfdf3f30eUL, 0xbfd2d26dUL,
63 0x81cdcd4cUL, 0x180c0c14UL, 0x26131335UL, 0xc3ecec2fUL,
64 0xbe5f5fe1UL, 0x359797a2UL, 0x884444ccUL, 0x2e171739UL,
65 0x93c4c457UL, 0x55a7a7f2UL, 0xfc7e7e82UL, 0x7a3d3d47UL,
66 0xc86464acUL, 0xba5d5de7UL, 0x3219192bUL, 0xe6737395UL,
67 0xc06060a0UL, 0x19818198UL, 0x9e4f4fd1UL, 0xa3dcdc7fUL,
68 0x44222266UL, 0x542a2a7eUL, 0x3b9090abUL, 0x0b888883UL,
69 0x8c4646caUL, 0xc7eeee29UL, 0x6bb8b8d3UL, 0x2814143cUL,
70 0xa7dede79UL, 0xbc5e5ee2UL, 0x160b0b1dUL, 0xaddbdb76UL,
71 0xdbe0e03bUL, 0x64323256UL, 0x743a3a4eUL, 0x140a0a1eUL,
72 0x924949dbUL, 0x0c06060aUL, 0x4824246cUL, 0xb85c5ce4UL,
73 0x9fc2c25dUL, 0xbdd3d36eUL, 0x43acacefUL, 0xc46262a6UL,
74 0x399191a8UL, 0x319595a4UL, 0xd3e4e437UL, 0xf279798bUL,
75 0xd5e7e732UL, 0x8bc8c843UL, 0x6e373759UL, 0xda6d6db7UL,
76 0x018d8d8cUL, 0xb1d5d564UL, 0x9c4e4ed2UL, 0x49a9a9e0UL,
77 0xd86c6cb4UL, 0xac5656faUL, 0xf3f4f407UL, 0xcfeaea25UL,
78 0xca6565afUL, 0xf47a7a8eUL, 0x47aeaee9UL, 0x10080818UL,
79 0x6fbabad5UL, 0xf0787888UL, 0x4a25256fUL, 0x5c2e2e72UL,
80 0x381c1c24UL, 0x57a6a6f1UL, 0x73b4b4c7UL, 0x97c6c651UL,
81 0xcbe8e823UL, 0xa1dddd7cUL, 0xe874749cUL, 0x3e1f1f21UL,
82 0x964b4bddUL, 0x61bdbddcUL, 0x0d8b8b86UL, 0x0f8a8a85UL,
83 0xe0707090UL, 0x7c3e3e42UL, 0x71b5b5c4UL, 0xcc6666aaUL,
84 0x904848d8UL, 0x06030305UL, 0xf7f6f601UL, 0x1c0e0e12UL,
85 0xc26161a3UL, 0x6a35355fUL, 0xae5757f9UL, 0x69b9b9d0UL,
86 0x17868691UL, 0x99c1c158UL, 0x3a1d1d27UL, 0x279e9eb9UL,
87 0xd9e1e138UL, 0xebf8f813UL, 0x2b9898b3UL, 0x22111133UL,
88 0xd26969bbUL, 0xa9d9d970UL, 0x078e8e89UL, 0x339494a7UL,
89 0x2d9b9bb6UL, 0x3c1e1e22UL, 0x15878792UL, 0xc9e9e920UL,
90 0x87cece49UL, 0xaa5555ffUL, 0x50282878UL, 0xa5dfdf7aUL,
91 0x038c8c8fUL, 0x59a1a1f8UL, 0x09898980UL, 0x1a0d0d17UL,
92 0x65bfbfdaUL, 0xd7e6e631UL, 0x844242c6UL, 0xd06868b8UL,
93 0x824141c3UL, 0x299999b0UL, 0x5a2d2d77UL, 0x1e0f0f11UL,
94 0x7bb0b0cbUL, 0xa85454fcUL, 0x6dbbbbd6UL, 0x2c16163aUL,
95};
96
97#if !defined(PELI_TAB) && defined(LTC_SMALL_CODE)
98static const ulong32 Te4[256] = {
99 0x63636363UL, 0x7c7c7c7cUL, 0x77777777UL, 0x7b7b7b7bUL,
100 0xf2f2f2f2UL, 0x6b6b6b6bUL, 0x6f6f6f6fUL, 0xc5c5c5c5UL,
101 0x30303030UL, 0x01010101UL, 0x67676767UL, 0x2b2b2b2bUL,
102 0xfefefefeUL, 0xd7d7d7d7UL, 0xababababUL, 0x76767676UL,
103 0xcacacacaUL, 0x82828282UL, 0xc9c9c9c9UL, 0x7d7d7d7dUL,
104 0xfafafafaUL, 0x59595959UL, 0x47474747UL, 0xf0f0f0f0UL,
105 0xadadadadUL, 0xd4d4d4d4UL, 0xa2a2a2a2UL, 0xafafafafUL,
106 0x9c9c9c9cUL, 0xa4a4a4a4UL, 0x72727272UL, 0xc0c0c0c0UL,
107 0xb7b7b7b7UL, 0xfdfdfdfdUL, 0x93939393UL, 0x26262626UL,
108 0x36363636UL, 0x3f3f3f3fUL, 0xf7f7f7f7UL, 0xccccccccUL,
109 0x34343434UL, 0xa5a5a5a5UL, 0xe5e5e5e5UL, 0xf1f1f1f1UL,
110 0x71717171UL, 0xd8d8d8d8UL, 0x31313131UL, 0x15151515UL,
111 0x04040404UL, 0xc7c7c7c7UL, 0x23232323UL, 0xc3c3c3c3UL,
112 0x18181818UL, 0x96969696UL, 0x05050505UL, 0x9a9a9a9aUL,
113 0x07070707UL, 0x12121212UL, 0x80808080UL, 0xe2e2e2e2UL,
114 0xebebebebUL, 0x27272727UL, 0xb2b2b2b2UL, 0x75757575UL,
115 0x09090909UL, 0x83838383UL, 0x2c2c2c2cUL, 0x1a1a1a1aUL,
116 0x1b1b1b1bUL, 0x6e6e6e6eUL, 0x5a5a5a5aUL, 0xa0a0a0a0UL,
117 0x52525252UL, 0x3b3b3b3bUL, 0xd6d6d6d6UL, 0xb3b3b3b3UL,
118 0x29292929UL, 0xe3e3e3e3UL, 0x2f2f2f2fUL, 0x84848484UL,
119 0x53535353UL, 0xd1d1d1d1UL, 0x00000000UL, 0xededededUL,
120 0x20202020UL, 0xfcfcfcfcUL, 0xb1b1b1b1UL, 0x5b5b5b5bUL,
121 0x6a6a6a6aUL, 0xcbcbcbcbUL, 0xbebebebeUL, 0x39393939UL,
122 0x4a4a4a4aUL, 0x4c4c4c4cUL, 0x58585858UL, 0xcfcfcfcfUL,
123 0xd0d0d0d0UL, 0xefefefefUL, 0xaaaaaaaaUL, 0xfbfbfbfbUL,
124 0x43434343UL, 0x4d4d4d4dUL, 0x33333333UL, 0x85858585UL,
125 0x45454545UL, 0xf9f9f9f9UL, 0x02020202UL, 0x7f7f7f7fUL,
126 0x50505050UL, 0x3c3c3c3cUL, 0x9f9f9f9fUL, 0xa8a8a8a8UL,
127 0x51515151UL, 0xa3a3a3a3UL, 0x40404040UL, 0x8f8f8f8fUL,
128 0x92929292UL, 0x9d9d9d9dUL, 0x38383838UL, 0xf5f5f5f5UL,
129 0xbcbcbcbcUL, 0xb6b6b6b6UL, 0xdadadadaUL, 0x21212121UL,
130 0x10101010UL, 0xffffffffUL, 0xf3f3f3f3UL, 0xd2d2d2d2UL,
131 0xcdcdcdcdUL, 0x0c0c0c0cUL, 0x13131313UL, 0xececececUL,
132 0x5f5f5f5fUL, 0x97979797UL, 0x44444444UL, 0x17171717UL,
133 0xc4c4c4c4UL, 0xa7a7a7a7UL, 0x7e7e7e7eUL, 0x3d3d3d3dUL,
134 0x64646464UL, 0x5d5d5d5dUL, 0x19191919UL, 0x73737373UL,
135 0x60606060UL, 0x81818181UL, 0x4f4f4f4fUL, 0xdcdcdcdcUL,
136 0x22222222UL, 0x2a2a2a2aUL, 0x90909090UL, 0x88888888UL,
137 0x46464646UL, 0xeeeeeeeeUL, 0xb8b8b8b8UL, 0x14141414UL,
138 0xdedededeUL, 0x5e5e5e5eUL, 0x0b0b0b0bUL, 0xdbdbdbdbUL,
139 0xe0e0e0e0UL, 0x32323232UL, 0x3a3a3a3aUL, 0x0a0a0a0aUL,
140 0x49494949UL, 0x06060606UL, 0x24242424UL, 0x5c5c5c5cUL,
141 0xc2c2c2c2UL, 0xd3d3d3d3UL, 0xacacacacUL, 0x62626262UL,
142 0x91919191UL, 0x95959595UL, 0xe4e4e4e4UL, 0x79797979UL,
143 0xe7e7e7e7UL, 0xc8c8c8c8UL, 0x37373737UL, 0x6d6d6d6dUL,
144 0x8d8d8d8dUL, 0xd5d5d5d5UL, 0x4e4e4e4eUL, 0xa9a9a9a9UL,
145 0x6c6c6c6cUL, 0x56565656UL, 0xf4f4f4f4UL, 0xeaeaeaeaUL,
146 0x65656565UL, 0x7a7a7a7aUL, 0xaeaeaeaeUL, 0x08080808UL,
147 0xbabababaUL, 0x78787878UL, 0x25252525UL, 0x2e2e2e2eUL,
148 0x1c1c1c1cUL, 0xa6a6a6a6UL, 0xb4b4b4b4UL, 0xc6c6c6c6UL,
149 0xe8e8e8e8UL, 0xddddddddUL, 0x74747474UL, 0x1f1f1f1fUL,
150 0x4b4b4b4bUL, 0xbdbdbdbdUL, 0x8b8b8b8bUL, 0x8a8a8a8aUL,
151 0x70707070UL, 0x3e3e3e3eUL, 0xb5b5b5b5UL, 0x66666666UL,
152 0x48484848UL, 0x03030303UL, 0xf6f6f6f6UL, 0x0e0e0e0eUL,
153 0x61616161UL, 0x35353535UL, 0x57575757UL, 0xb9b9b9b9UL,
154 0x86868686UL, 0xc1c1c1c1UL, 0x1d1d1d1dUL, 0x9e9e9e9eUL,
155 0xe1e1e1e1UL, 0xf8f8f8f8UL, 0x98989898UL, 0x11111111UL,
156 0x69696969UL, 0xd9d9d9d9UL, 0x8e8e8e8eUL, 0x94949494UL,
157 0x9b9b9b9bUL, 0x1e1e1e1eUL, 0x87878787UL, 0xe9e9e9e9UL,
158 0xcecececeUL, 0x55555555UL, 0x28282828UL, 0xdfdfdfdfUL,
159 0x8c8c8c8cUL, 0xa1a1a1a1UL, 0x89898989UL, 0x0d0d0d0dUL,
160 0xbfbfbfbfUL, 0xe6e6e6e6UL, 0x42424242UL, 0x68686868UL,
161 0x41414141UL, 0x99999999UL, 0x2d2d2d2dUL, 0x0f0f0f0fUL,
162 0xb0b0b0b0UL, 0x54545454UL, 0xbbbbbbbbUL, 0x16161616UL,
163};
164#endif
165
166#ifndef ENCRYPT_ONLY
167
168static const ulong32 TD0[256] = {
169 0x51f4a750UL, 0x7e416553UL, 0x1a17a4c3UL, 0x3a275e96UL,
170 0x3bab6bcbUL, 0x1f9d45f1UL, 0xacfa58abUL, 0x4be30393UL,
171 0x2030fa55UL, 0xad766df6UL, 0x88cc7691UL, 0xf5024c25UL,
172 0x4fe5d7fcUL, 0xc52acbd7UL, 0x26354480UL, 0xb562a38fUL,
173 0xdeb15a49UL, 0x25ba1b67UL, 0x45ea0e98UL, 0x5dfec0e1UL,
174 0xc32f7502UL, 0x814cf012UL, 0x8d4697a3UL, 0x6bd3f9c6UL,
175 0x038f5fe7UL, 0x15929c95UL, 0xbf6d7aebUL, 0x955259daUL,
176 0xd4be832dUL, 0x587421d3UL, 0x49e06929UL, 0x8ec9c844UL,
177 0x75c2896aUL, 0xf48e7978UL, 0x99583e6bUL, 0x27b971ddUL,
178 0xbee14fb6UL, 0xf088ad17UL, 0xc920ac66UL, 0x7dce3ab4UL,
179 0x63df4a18UL, 0xe51a3182UL, 0x97513360UL, 0x62537f45UL,
180 0xb16477e0UL, 0xbb6bae84UL, 0xfe81a01cUL, 0xf9082b94UL,
181 0x70486858UL, 0x8f45fd19UL, 0x94de6c87UL, 0x527bf8b7UL,
182 0xab73d323UL, 0x724b02e2UL, 0xe31f8f57UL, 0x6655ab2aUL,
183 0xb2eb2807UL, 0x2fb5c203UL, 0x86c57b9aUL, 0xd33708a5UL,
184 0x302887f2UL, 0x23bfa5b2UL, 0x02036abaUL, 0xed16825cUL,
185 0x8acf1c2bUL, 0xa779b492UL, 0xf307f2f0UL, 0x4e69e2a1UL,
186 0x65daf4cdUL, 0x0605bed5UL, 0xd134621fUL, 0xc4a6fe8aUL,
187 0x342e539dUL, 0xa2f355a0UL, 0x058ae132UL, 0xa4f6eb75UL,
188 0x0b83ec39UL, 0x4060efaaUL, 0x5e719f06UL, 0xbd6e1051UL,
189 0x3e218af9UL, 0x96dd063dUL, 0xdd3e05aeUL, 0x4de6bd46UL,
190 0x91548db5UL, 0x71c45d05UL, 0x0406d46fUL, 0x605015ffUL,
191 0x1998fb24UL, 0xd6bde997UL, 0x894043ccUL, 0x67d99e77UL,
192 0xb0e842bdUL, 0x07898b88UL, 0xe7195b38UL, 0x79c8eedbUL,
193 0xa17c0a47UL, 0x7c420fe9UL, 0xf8841ec9UL, 0x00000000UL,
194 0x09808683UL, 0x322bed48UL, 0x1e1170acUL, 0x6c5a724eUL,
195 0xfd0efffbUL, 0x0f853856UL, 0x3daed51eUL, 0x362d3927UL,
196 0x0a0fd964UL, 0x685ca621UL, 0x9b5b54d1UL, 0x24362e3aUL,
197 0x0c0a67b1UL, 0x9357e70fUL, 0xb4ee96d2UL, 0x1b9b919eUL,
198 0x80c0c54fUL, 0x61dc20a2UL, 0x5a774b69UL, 0x1c121a16UL,
199 0xe293ba0aUL, 0xc0a02ae5UL, 0x3c22e043UL, 0x121b171dUL,
200 0x0e090d0bUL, 0xf28bc7adUL, 0x2db6a8b9UL, 0x141ea9c8UL,
201 0x57f11985UL, 0xaf75074cUL, 0xee99ddbbUL, 0xa37f60fdUL,
202 0xf701269fUL, 0x5c72f5bcUL, 0x44663bc5UL, 0x5bfb7e34UL,
203 0x8b432976UL, 0xcb23c6dcUL, 0xb6edfc68UL, 0xb8e4f163UL,
204 0xd731dccaUL, 0x42638510UL, 0x13972240UL, 0x84c61120UL,
205 0x854a247dUL, 0xd2bb3df8UL, 0xaef93211UL, 0xc729a16dUL,
206 0x1d9e2f4bUL, 0xdcb230f3UL, 0x0d8652ecUL, 0x77c1e3d0UL,
207 0x2bb3166cUL, 0xa970b999UL, 0x119448faUL, 0x47e96422UL,
208 0xa8fc8cc4UL, 0xa0f03f1aUL, 0x567d2cd8UL, 0x223390efUL,
209 0x87494ec7UL, 0xd938d1c1UL, 0x8ccaa2feUL, 0x98d40b36UL,
210 0xa6f581cfUL, 0xa57ade28UL, 0xdab78e26UL, 0x3fadbfa4UL,
211 0x2c3a9de4UL, 0x5078920dUL, 0x6a5fcc9bUL, 0x547e4662UL,
212 0xf68d13c2UL, 0x90d8b8e8UL, 0x2e39f75eUL, 0x82c3aff5UL,
213 0x9f5d80beUL, 0x69d0937cUL, 0x6fd52da9UL, 0xcf2512b3UL,
214 0xc8ac993bUL, 0x10187da7UL, 0xe89c636eUL, 0xdb3bbb7bUL,
215 0xcd267809UL, 0x6e5918f4UL, 0xec9ab701UL, 0x834f9aa8UL,
216 0xe6956e65UL, 0xaaffe67eUL, 0x21bccf08UL, 0xef15e8e6UL,
217 0xbae79bd9UL, 0x4a6f36ceUL, 0xea9f09d4UL, 0x29b07cd6UL,
218 0x31a4b2afUL, 0x2a3f2331UL, 0xc6a59430UL, 0x35a266c0UL,
219 0x744ebc37UL, 0xfc82caa6UL, 0xe090d0b0UL, 0x33a7d815UL,
220 0xf104984aUL, 0x41ecdaf7UL, 0x7fcd500eUL, 0x1791f62fUL,
221 0x764dd68dUL, 0x43efb04dUL, 0xccaa4d54UL, 0xe49604dfUL,
222 0x9ed1b5e3UL, 0x4c6a881bUL, 0xc12c1fb8UL, 0x4665517fUL,
223 0x9d5eea04UL, 0x018c355dUL, 0xfa877473UL, 0xfb0b412eUL,
224 0xb3671d5aUL, 0x92dbd252UL, 0xe9105633UL, 0x6dd64713UL,
225 0x9ad7618cUL, 0x37a10c7aUL, 0x59f8148eUL, 0xeb133c89UL,
226 0xcea927eeUL, 0xb761c935UL, 0xe11ce5edUL, 0x7a47b13cUL,
227 0x9cd2df59UL, 0x55f2733fUL, 0x1814ce79UL, 0x73c737bfUL,
228 0x53f7cdeaUL, 0x5ffdaa5bUL, 0xdf3d6f14UL, 0x7844db86UL,
229 0xcaaff381UL, 0xb968c43eUL, 0x3824342cUL, 0xc2a3405fUL,
230 0x161dc372UL, 0xbce2250cUL, 0x283c498bUL, 0xff0d9541UL,
231 0x39a80171UL, 0x080cb3deUL, 0xd8b4e49cUL, 0x6456c190UL,
232 0x7bcb8461UL, 0xd532b670UL, 0x486c5c74UL, 0xd0b85742UL,
233};
234
235static const ulong32 Td4[256] = {
236 0x52525252UL, 0x09090909UL, 0x6a6a6a6aUL, 0xd5d5d5d5UL,
237 0x30303030UL, 0x36363636UL, 0xa5a5a5a5UL, 0x38383838UL,
238 0xbfbfbfbfUL, 0x40404040UL, 0xa3a3a3a3UL, 0x9e9e9e9eUL,
239 0x81818181UL, 0xf3f3f3f3UL, 0xd7d7d7d7UL, 0xfbfbfbfbUL,
240 0x7c7c7c7cUL, 0xe3e3e3e3UL, 0x39393939UL, 0x82828282UL,
241 0x9b9b9b9bUL, 0x2f2f2f2fUL, 0xffffffffUL, 0x87878787UL,
242 0x34343434UL, 0x8e8e8e8eUL, 0x43434343UL, 0x44444444UL,
243 0xc4c4c4c4UL, 0xdedededeUL, 0xe9e9e9e9UL, 0xcbcbcbcbUL,
244 0x54545454UL, 0x7b7b7b7bUL, 0x94949494UL, 0x32323232UL,
245 0xa6a6a6a6UL, 0xc2c2c2c2UL, 0x23232323UL, 0x3d3d3d3dUL,
246 0xeeeeeeeeUL, 0x4c4c4c4cUL, 0x95959595UL, 0x0b0b0b0bUL,
247 0x42424242UL, 0xfafafafaUL, 0xc3c3c3c3UL, 0x4e4e4e4eUL,
248 0x08080808UL, 0x2e2e2e2eUL, 0xa1a1a1a1UL, 0x66666666UL,
249 0x28282828UL, 0xd9d9d9d9UL, 0x24242424UL, 0xb2b2b2b2UL,
250 0x76767676UL, 0x5b5b5b5bUL, 0xa2a2a2a2UL, 0x49494949UL,
251 0x6d6d6d6dUL, 0x8b8b8b8bUL, 0xd1d1d1d1UL, 0x25252525UL,
252 0x72727272UL, 0xf8f8f8f8UL, 0xf6f6f6f6UL, 0x64646464UL,
253 0x86868686UL, 0x68686868UL, 0x98989898UL, 0x16161616UL,
254 0xd4d4d4d4UL, 0xa4a4a4a4UL, 0x5c5c5c5cUL, 0xccccccccUL,
255 0x5d5d5d5dUL, 0x65656565UL, 0xb6b6b6b6UL, 0x92929292UL,
256 0x6c6c6c6cUL, 0x70707070UL, 0x48484848UL, 0x50505050UL,
257 0xfdfdfdfdUL, 0xededededUL, 0xb9b9b9b9UL, 0xdadadadaUL,
258 0x5e5e5e5eUL, 0x15151515UL, 0x46464646UL, 0x57575757UL,
259 0xa7a7a7a7UL, 0x8d8d8d8dUL, 0x9d9d9d9dUL, 0x84848484UL,
260 0x90909090UL, 0xd8d8d8d8UL, 0xababababUL, 0x00000000UL,
261 0x8c8c8c8cUL, 0xbcbcbcbcUL, 0xd3d3d3d3UL, 0x0a0a0a0aUL,
262 0xf7f7f7f7UL, 0xe4e4e4e4UL, 0x58585858UL, 0x05050505UL,
263 0xb8b8b8b8UL, 0xb3b3b3b3UL, 0x45454545UL, 0x06060606UL,
264 0xd0d0d0d0UL, 0x2c2c2c2cUL, 0x1e1e1e1eUL, 0x8f8f8f8fUL,
265 0xcacacacaUL, 0x3f3f3f3fUL, 0x0f0f0f0fUL, 0x02020202UL,
266 0xc1c1c1c1UL, 0xafafafafUL, 0xbdbdbdbdUL, 0x03030303UL,
267 0x01010101UL, 0x13131313UL, 0x8a8a8a8aUL, 0x6b6b6b6bUL,
268 0x3a3a3a3aUL, 0x91919191UL, 0x11111111UL, 0x41414141UL,
269 0x4f4f4f4fUL, 0x67676767UL, 0xdcdcdcdcUL, 0xeaeaeaeaUL,
270 0x97979797UL, 0xf2f2f2f2UL, 0xcfcfcfcfUL, 0xcecececeUL,
271 0xf0f0f0f0UL, 0xb4b4b4b4UL, 0xe6e6e6e6UL, 0x73737373UL,
272 0x96969696UL, 0xacacacacUL, 0x74747474UL, 0x22222222UL,
273 0xe7e7e7e7UL, 0xadadadadUL, 0x35353535UL, 0x85858585UL,
274 0xe2e2e2e2UL, 0xf9f9f9f9UL, 0x37373737UL, 0xe8e8e8e8UL,
275 0x1c1c1c1cUL, 0x75757575UL, 0xdfdfdfdfUL, 0x6e6e6e6eUL,
276 0x47474747UL, 0xf1f1f1f1UL, 0x1a1a1a1aUL, 0x71717171UL,
277 0x1d1d1d1dUL, 0x29292929UL, 0xc5c5c5c5UL, 0x89898989UL,
278 0x6f6f6f6fUL, 0xb7b7b7b7UL, 0x62626262UL, 0x0e0e0e0eUL,
279 0xaaaaaaaaUL, 0x18181818UL, 0xbebebebeUL, 0x1b1b1b1bUL,
280 0xfcfcfcfcUL, 0x56565656UL, 0x3e3e3e3eUL, 0x4b4b4b4bUL,
281 0xc6c6c6c6UL, 0xd2d2d2d2UL, 0x79797979UL, 0x20202020UL,
282 0x9a9a9a9aUL, 0xdbdbdbdbUL, 0xc0c0c0c0UL, 0xfefefefeUL,
283 0x78787878UL, 0xcdcdcdcdUL, 0x5a5a5a5aUL, 0xf4f4f4f4UL,
284 0x1f1f1f1fUL, 0xddddddddUL, 0xa8a8a8a8UL, 0x33333333UL,
285 0x88888888UL, 0x07070707UL, 0xc7c7c7c7UL, 0x31313131UL,
286 0xb1b1b1b1UL, 0x12121212UL, 0x10101010UL, 0x59595959UL,
287 0x27272727UL, 0x80808080UL, 0xececececUL, 0x5f5f5f5fUL,
288 0x60606060UL, 0x51515151UL, 0x7f7f7f7fUL, 0xa9a9a9a9UL,
289 0x19191919UL, 0xb5b5b5b5UL, 0x4a4a4a4aUL, 0x0d0d0d0dUL,
290 0x2d2d2d2dUL, 0xe5e5e5e5UL, 0x7a7a7a7aUL, 0x9f9f9f9fUL,
291 0x93939393UL, 0xc9c9c9c9UL, 0x9c9c9c9cUL, 0xefefefefUL,
292 0xa0a0a0a0UL, 0xe0e0e0e0UL, 0x3b3b3b3bUL, 0x4d4d4d4dUL,
293 0xaeaeaeaeUL, 0x2a2a2a2aUL, 0xf5f5f5f5UL, 0xb0b0b0b0UL,
294 0xc8c8c8c8UL, 0xebebebebUL, 0xbbbbbbbbUL, 0x3c3c3c3cUL,
295 0x83838383UL, 0x53535353UL, 0x99999999UL, 0x61616161UL,
296 0x17171717UL, 0x2b2b2b2bUL, 0x04040404UL, 0x7e7e7e7eUL,
297 0xbabababaUL, 0x77777777UL, 0xd6d6d6d6UL, 0x26262626UL,
298 0xe1e1e1e1UL, 0x69696969UL, 0x14141414UL, 0x63636363UL,
299 0x55555555UL, 0x21212121UL, 0x0c0c0c0cUL, 0x7d7d7d7dUL,
300};
301
302#endif /* ENCRYPT_ONLY */
303
304#ifdef LTC_SMALL_CODE
305
306#define Te0(x) TE0[x]
307#define Te1(x) RORc(TE0[x], 8)
308#define Te2(x) RORc(TE0[x], 16)
309#define Te3(x) RORc(TE0[x], 24)
310
311#define Td0(x) TD0[x]
312#define Td1(x) RORc(TD0[x], 8)
313#define Td2(x) RORc(TD0[x], 16)
314#define Td3(x) RORc(TD0[x], 24)
315
316#define Te4_0 0x000000FF & Te4
317#define Te4_1 0x0000FF00 & Te4
318#define Te4_2 0x00FF0000 & Te4
319#define Te4_3 0xFF000000 & Te4
320
321#else
322
323#define Te0(x) TE0[x]
324#define Te1(x) TE1[x]
325#define Te2(x) TE2[x]
326#define Te3(x) TE3[x]
327
328#define Td0(x) TD0[x]
329#define Td1(x) TD1[x]
330#define Td2(x) TD2[x]
331#define Td3(x) TD3[x]
332
333static const ulong32 TE1[256] = {
334 0xa5c66363UL, 0x84f87c7cUL, 0x99ee7777UL, 0x8df67b7bUL,
335 0x0dfff2f2UL, 0xbdd66b6bUL, 0xb1de6f6fUL, 0x5491c5c5UL,
336 0x50603030UL, 0x03020101UL, 0xa9ce6767UL, 0x7d562b2bUL,
337 0x19e7fefeUL, 0x62b5d7d7UL, 0xe64dababUL, 0x9aec7676UL,
338 0x458fcacaUL, 0x9d1f8282UL, 0x4089c9c9UL, 0x87fa7d7dUL,
339 0x15effafaUL, 0xebb25959UL, 0xc98e4747UL, 0x0bfbf0f0UL,
340 0xec41adadUL, 0x67b3d4d4UL, 0xfd5fa2a2UL, 0xea45afafUL,
341 0xbf239c9cUL, 0xf753a4a4UL, 0x96e47272UL, 0x5b9bc0c0UL,
342 0xc275b7b7UL, 0x1ce1fdfdUL, 0xae3d9393UL, 0x6a4c2626UL,
343 0x5a6c3636UL, 0x417e3f3fUL, 0x02f5f7f7UL, 0x4f83ccccUL,
344 0x5c683434UL, 0xf451a5a5UL, 0x34d1e5e5UL, 0x08f9f1f1UL,
345 0x93e27171UL, 0x73abd8d8UL, 0x53623131UL, 0x3f2a1515UL,
346 0x0c080404UL, 0x5295c7c7UL, 0x65462323UL, 0x5e9dc3c3UL,
347 0x28301818UL, 0xa1379696UL, 0x0f0a0505UL, 0xb52f9a9aUL,
348 0x090e0707UL, 0x36241212UL, 0x9b1b8080UL, 0x3ddfe2e2UL,
349 0x26cdebebUL, 0x694e2727UL, 0xcd7fb2b2UL, 0x9fea7575UL,
350 0x1b120909UL, 0x9e1d8383UL, 0x74582c2cUL, 0x2e341a1aUL,
351 0x2d361b1bUL, 0xb2dc6e6eUL, 0xeeb45a5aUL, 0xfb5ba0a0UL,
352 0xf6a45252UL, 0x4d763b3bUL, 0x61b7d6d6UL, 0xce7db3b3UL,
353 0x7b522929UL, 0x3edde3e3UL, 0x715e2f2fUL, 0x97138484UL,
354 0xf5a65353UL, 0x68b9d1d1UL, 0x00000000UL, 0x2cc1ededUL,
355 0x60402020UL, 0x1fe3fcfcUL, 0xc879b1b1UL, 0xedb65b5bUL,
356 0xbed46a6aUL, 0x468dcbcbUL, 0xd967bebeUL, 0x4b723939UL,
357 0xde944a4aUL, 0xd4984c4cUL, 0xe8b05858UL, 0x4a85cfcfUL,
358 0x6bbbd0d0UL, 0x2ac5efefUL, 0xe54faaaaUL, 0x16edfbfbUL,
359 0xc5864343UL, 0xd79a4d4dUL, 0x55663333UL, 0x94118585UL,
360 0xcf8a4545UL, 0x10e9f9f9UL, 0x06040202UL, 0x81fe7f7fUL,
361 0xf0a05050UL, 0x44783c3cUL, 0xba259f9fUL, 0xe34ba8a8UL,
362 0xf3a25151UL, 0xfe5da3a3UL, 0xc0804040UL, 0x8a058f8fUL,
363 0xad3f9292UL, 0xbc219d9dUL, 0x48703838UL, 0x04f1f5f5UL,
364 0xdf63bcbcUL, 0xc177b6b6UL, 0x75afdadaUL, 0x63422121UL,
365 0x30201010UL, 0x1ae5ffffUL, 0x0efdf3f3UL, 0x6dbfd2d2UL,
366 0x4c81cdcdUL, 0x14180c0cUL, 0x35261313UL, 0x2fc3ececUL,
367 0xe1be5f5fUL, 0xa2359797UL, 0xcc884444UL, 0x392e1717UL,
368 0x5793c4c4UL, 0xf255a7a7UL, 0x82fc7e7eUL, 0x477a3d3dUL,
369 0xacc86464UL, 0xe7ba5d5dUL, 0x2b321919UL, 0x95e67373UL,
370 0xa0c06060UL, 0x98198181UL, 0xd19e4f4fUL, 0x7fa3dcdcUL,
371 0x66442222UL, 0x7e542a2aUL, 0xab3b9090UL, 0x830b8888UL,
372 0xca8c4646UL, 0x29c7eeeeUL, 0xd36bb8b8UL, 0x3c281414UL,
373 0x79a7dedeUL, 0xe2bc5e5eUL, 0x1d160b0bUL, 0x76addbdbUL,
374 0x3bdbe0e0UL, 0x56643232UL, 0x4e743a3aUL, 0x1e140a0aUL,
375 0xdb924949UL, 0x0a0c0606UL, 0x6c482424UL, 0xe4b85c5cUL,
376 0x5d9fc2c2UL, 0x6ebdd3d3UL, 0xef43acacUL, 0xa6c46262UL,
377 0xa8399191UL, 0xa4319595UL, 0x37d3e4e4UL, 0x8bf27979UL,
378 0x32d5e7e7UL, 0x438bc8c8UL, 0x596e3737UL, 0xb7da6d6dUL,
379 0x8c018d8dUL, 0x64b1d5d5UL, 0xd29c4e4eUL, 0xe049a9a9UL,
380 0xb4d86c6cUL, 0xfaac5656UL, 0x07f3f4f4UL, 0x25cfeaeaUL,
381 0xafca6565UL, 0x8ef47a7aUL, 0xe947aeaeUL, 0x18100808UL,
382 0xd56fbabaUL, 0x88f07878UL, 0x6f4a2525UL, 0x725c2e2eUL,
383 0x24381c1cUL, 0xf157a6a6UL, 0xc773b4b4UL, 0x5197c6c6UL,
384 0x23cbe8e8UL, 0x7ca1ddddUL, 0x9ce87474UL, 0x213e1f1fUL,
385 0xdd964b4bUL, 0xdc61bdbdUL, 0x860d8b8bUL, 0x850f8a8aUL,
386 0x90e07070UL, 0x427c3e3eUL, 0xc471b5b5UL, 0xaacc6666UL,
387 0xd8904848UL, 0x05060303UL, 0x01f7f6f6UL, 0x121c0e0eUL,
388 0xa3c26161UL, 0x5f6a3535UL, 0xf9ae5757UL, 0xd069b9b9UL,
389 0x91178686UL, 0x5899c1c1UL, 0x273a1d1dUL, 0xb9279e9eUL,
390 0x38d9e1e1UL, 0x13ebf8f8UL, 0xb32b9898UL, 0x33221111UL,
391 0xbbd26969UL, 0x70a9d9d9UL, 0x89078e8eUL, 0xa7339494UL,
392 0xb62d9b9bUL, 0x223c1e1eUL, 0x92158787UL, 0x20c9e9e9UL,
393 0x4987ceceUL, 0xffaa5555UL, 0x78502828UL, 0x7aa5dfdfUL,
394 0x8f038c8cUL, 0xf859a1a1UL, 0x80098989UL, 0x171a0d0dUL,
395 0xda65bfbfUL, 0x31d7e6e6UL, 0xc6844242UL, 0xb8d06868UL,
396 0xc3824141UL, 0xb0299999UL, 0x775a2d2dUL, 0x111e0f0fUL,
397 0xcb7bb0b0UL, 0xfca85454UL, 0xd66dbbbbUL, 0x3a2c1616UL,
398};
399static const ulong32 TE2[256] = {
400 0x63a5c663UL, 0x7c84f87cUL, 0x7799ee77UL, 0x7b8df67bUL,
401 0xf20dfff2UL, 0x6bbdd66bUL, 0x6fb1de6fUL, 0xc55491c5UL,
402 0x30506030UL, 0x01030201UL, 0x67a9ce67UL, 0x2b7d562bUL,
403 0xfe19e7feUL, 0xd762b5d7UL, 0xabe64dabUL, 0x769aec76UL,
404 0xca458fcaUL, 0x829d1f82UL, 0xc94089c9UL, 0x7d87fa7dUL,
405 0xfa15effaUL, 0x59ebb259UL, 0x47c98e47UL, 0xf00bfbf0UL,
406 0xadec41adUL, 0xd467b3d4UL, 0xa2fd5fa2UL, 0xafea45afUL,
407 0x9cbf239cUL, 0xa4f753a4UL, 0x7296e472UL, 0xc05b9bc0UL,
408 0xb7c275b7UL, 0xfd1ce1fdUL, 0x93ae3d93UL, 0x266a4c26UL,
409 0x365a6c36UL, 0x3f417e3fUL, 0xf702f5f7UL, 0xcc4f83ccUL,
410 0x345c6834UL, 0xa5f451a5UL, 0xe534d1e5UL, 0xf108f9f1UL,
411 0x7193e271UL, 0xd873abd8UL, 0x31536231UL, 0x153f2a15UL,
412 0x040c0804UL, 0xc75295c7UL, 0x23654623UL, 0xc35e9dc3UL,
413 0x18283018UL, 0x96a13796UL, 0x050f0a05UL, 0x9ab52f9aUL,
414 0x07090e07UL, 0x12362412UL, 0x809b1b80UL, 0xe23ddfe2UL,
415 0xeb26cdebUL, 0x27694e27UL, 0xb2cd7fb2UL, 0x759fea75UL,
416 0x091b1209UL, 0x839e1d83UL, 0x2c74582cUL, 0x1a2e341aUL,
417 0x1b2d361bUL, 0x6eb2dc6eUL, 0x5aeeb45aUL, 0xa0fb5ba0UL,
418 0x52f6a452UL, 0x3b4d763bUL, 0xd661b7d6UL, 0xb3ce7db3UL,
419 0x297b5229UL, 0xe33edde3UL, 0x2f715e2fUL, 0x84971384UL,
420 0x53f5a653UL, 0xd168b9d1UL, 0x00000000UL, 0xed2cc1edUL,
421 0x20604020UL, 0xfc1fe3fcUL, 0xb1c879b1UL, 0x5bedb65bUL,
422 0x6abed46aUL, 0xcb468dcbUL, 0xbed967beUL, 0x394b7239UL,
423 0x4ade944aUL, 0x4cd4984cUL, 0x58e8b058UL, 0xcf4a85cfUL,
424 0xd06bbbd0UL, 0xef2ac5efUL, 0xaae54faaUL, 0xfb16edfbUL,
425 0x43c58643UL, 0x4dd79a4dUL, 0x33556633UL, 0x85941185UL,
426 0x45cf8a45UL, 0xf910e9f9UL, 0x02060402UL, 0x7f81fe7fUL,
427 0x50f0a050UL, 0x3c44783cUL, 0x9fba259fUL, 0xa8e34ba8UL,
428 0x51f3a251UL, 0xa3fe5da3UL, 0x40c08040UL, 0x8f8a058fUL,
429 0x92ad3f92UL, 0x9dbc219dUL, 0x38487038UL, 0xf504f1f5UL,
430 0xbcdf63bcUL, 0xb6c177b6UL, 0xda75afdaUL, 0x21634221UL,
431 0x10302010UL, 0xff1ae5ffUL, 0xf30efdf3UL, 0xd26dbfd2UL,
432 0xcd4c81cdUL, 0x0c14180cUL, 0x13352613UL, 0xec2fc3ecUL,
433 0x5fe1be5fUL, 0x97a23597UL, 0x44cc8844UL, 0x17392e17UL,
434 0xc45793c4UL, 0xa7f255a7UL, 0x7e82fc7eUL, 0x3d477a3dUL,
435 0x64acc864UL, 0x5de7ba5dUL, 0x192b3219UL, 0x7395e673UL,
436 0x60a0c060UL, 0x81981981UL, 0x4fd19e4fUL, 0xdc7fa3dcUL,
437 0x22664422UL, 0x2a7e542aUL, 0x90ab3b90UL, 0x88830b88UL,
438 0x46ca8c46UL, 0xee29c7eeUL, 0xb8d36bb8UL, 0x143c2814UL,
439 0xde79a7deUL, 0x5ee2bc5eUL, 0x0b1d160bUL, 0xdb76addbUL,
440 0xe03bdbe0UL, 0x32566432UL, 0x3a4e743aUL, 0x0a1e140aUL,
441 0x49db9249UL, 0x060a0c06UL, 0x246c4824UL, 0x5ce4b85cUL,
442 0xc25d9fc2UL, 0xd36ebdd3UL, 0xacef43acUL, 0x62a6c462UL,
443 0x91a83991UL, 0x95a43195UL, 0xe437d3e4UL, 0x798bf279UL,
444 0xe732d5e7UL, 0xc8438bc8UL, 0x37596e37UL, 0x6db7da6dUL,
445 0x8d8c018dUL, 0xd564b1d5UL, 0x4ed29c4eUL, 0xa9e049a9UL,
446 0x6cb4d86cUL, 0x56faac56UL, 0xf407f3f4UL, 0xea25cfeaUL,
447 0x65afca65UL, 0x7a8ef47aUL, 0xaee947aeUL, 0x08181008UL,
448 0xbad56fbaUL, 0x7888f078UL, 0x256f4a25UL, 0x2e725c2eUL,
449 0x1c24381cUL, 0xa6f157a6UL, 0xb4c773b4UL, 0xc65197c6UL,
450 0xe823cbe8UL, 0xdd7ca1ddUL, 0x749ce874UL, 0x1f213e1fUL,
451 0x4bdd964bUL, 0xbddc61bdUL, 0x8b860d8bUL, 0x8a850f8aUL,
452 0x7090e070UL, 0x3e427c3eUL, 0xb5c471b5UL, 0x66aacc66UL,
453 0x48d89048UL, 0x03050603UL, 0xf601f7f6UL, 0x0e121c0eUL,
454 0x61a3c261UL, 0x355f6a35UL, 0x57f9ae57UL, 0xb9d069b9UL,
455 0x86911786UL, 0xc15899c1UL, 0x1d273a1dUL, 0x9eb9279eUL,
456 0xe138d9e1UL, 0xf813ebf8UL, 0x98b32b98UL, 0x11332211UL,
457 0x69bbd269UL, 0xd970a9d9UL, 0x8e89078eUL, 0x94a73394UL,
458 0x9bb62d9bUL, 0x1e223c1eUL, 0x87921587UL, 0xe920c9e9UL,
459 0xce4987ceUL, 0x55ffaa55UL, 0x28785028UL, 0xdf7aa5dfUL,
460 0x8c8f038cUL, 0xa1f859a1UL, 0x89800989UL, 0x0d171a0dUL,
461 0xbfda65bfUL, 0xe631d7e6UL, 0x42c68442UL, 0x68b8d068UL,
462 0x41c38241UL, 0x99b02999UL, 0x2d775a2dUL, 0x0f111e0fUL,
463 0xb0cb7bb0UL, 0x54fca854UL, 0xbbd66dbbUL, 0x163a2c16UL,
464};
465static const ulong32 TE3[256] = {
466
467 0x6363a5c6UL, 0x7c7c84f8UL, 0x777799eeUL, 0x7b7b8df6UL,
468 0xf2f20dffUL, 0x6b6bbdd6UL, 0x6f6fb1deUL, 0xc5c55491UL,
469 0x30305060UL, 0x01010302UL, 0x6767a9ceUL, 0x2b2b7d56UL,
470 0xfefe19e7UL, 0xd7d762b5UL, 0xababe64dUL, 0x76769aecUL,
471 0xcaca458fUL, 0x82829d1fUL, 0xc9c94089UL, 0x7d7d87faUL,
472 0xfafa15efUL, 0x5959ebb2UL, 0x4747c98eUL, 0xf0f00bfbUL,
473 0xadadec41UL, 0xd4d467b3UL, 0xa2a2fd5fUL, 0xafafea45UL,
474 0x9c9cbf23UL, 0xa4a4f753UL, 0x727296e4UL, 0xc0c05b9bUL,
475 0xb7b7c275UL, 0xfdfd1ce1UL, 0x9393ae3dUL, 0x26266a4cUL,
476 0x36365a6cUL, 0x3f3f417eUL, 0xf7f702f5UL, 0xcccc4f83UL,
477 0x34345c68UL, 0xa5a5f451UL, 0xe5e534d1UL, 0xf1f108f9UL,
478 0x717193e2UL, 0xd8d873abUL, 0x31315362UL, 0x15153f2aUL,
479 0x04040c08UL, 0xc7c75295UL, 0x23236546UL, 0xc3c35e9dUL,
480 0x18182830UL, 0x9696a137UL, 0x05050f0aUL, 0x9a9ab52fUL,
481 0x0707090eUL, 0x12123624UL, 0x80809b1bUL, 0xe2e23ddfUL,
482 0xebeb26cdUL, 0x2727694eUL, 0xb2b2cd7fUL, 0x75759feaUL,
483 0x09091b12UL, 0x83839e1dUL, 0x2c2c7458UL, 0x1a1a2e34UL,
484 0x1b1b2d36UL, 0x6e6eb2dcUL, 0x5a5aeeb4UL, 0xa0a0fb5bUL,
485 0x5252f6a4UL, 0x3b3b4d76UL, 0xd6d661b7UL, 0xb3b3ce7dUL,
486 0x29297b52UL, 0xe3e33eddUL, 0x2f2f715eUL, 0x84849713UL,
487 0x5353f5a6UL, 0xd1d168b9UL, 0x00000000UL, 0xeded2cc1UL,
488 0x20206040UL, 0xfcfc1fe3UL, 0xb1b1c879UL, 0x5b5bedb6UL,
489 0x6a6abed4UL, 0xcbcb468dUL, 0xbebed967UL, 0x39394b72UL,
490 0x4a4ade94UL, 0x4c4cd498UL, 0x5858e8b0UL, 0xcfcf4a85UL,
491 0xd0d06bbbUL, 0xefef2ac5UL, 0xaaaae54fUL, 0xfbfb16edUL,
492 0x4343c586UL, 0x4d4dd79aUL, 0x33335566UL, 0x85859411UL,
493 0x4545cf8aUL, 0xf9f910e9UL, 0x02020604UL, 0x7f7f81feUL,
494 0x5050f0a0UL, 0x3c3c4478UL, 0x9f9fba25UL, 0xa8a8e34bUL,
495 0x5151f3a2UL, 0xa3a3fe5dUL, 0x4040c080UL, 0x8f8f8a05UL,
496 0x9292ad3fUL, 0x9d9dbc21UL, 0x38384870UL, 0xf5f504f1UL,
497 0xbcbcdf63UL, 0xb6b6c177UL, 0xdada75afUL, 0x21216342UL,
498 0x10103020UL, 0xffff1ae5UL, 0xf3f30efdUL, 0xd2d26dbfUL,
499 0xcdcd4c81UL, 0x0c0c1418UL, 0x13133526UL, 0xecec2fc3UL,
500 0x5f5fe1beUL, 0x9797a235UL, 0x4444cc88UL, 0x1717392eUL,
501 0xc4c45793UL, 0xa7a7f255UL, 0x7e7e82fcUL, 0x3d3d477aUL,
502 0x6464acc8UL, 0x5d5de7baUL, 0x19192b32UL, 0x737395e6UL,
503 0x6060a0c0UL, 0x81819819UL, 0x4f4fd19eUL, 0xdcdc7fa3UL,
504 0x22226644UL, 0x2a2a7e54UL, 0x9090ab3bUL, 0x8888830bUL,
505 0x4646ca8cUL, 0xeeee29c7UL, 0xb8b8d36bUL, 0x14143c28UL,
506 0xdede79a7UL, 0x5e5ee2bcUL, 0x0b0b1d16UL, 0xdbdb76adUL,
507 0xe0e03bdbUL, 0x32325664UL, 0x3a3a4e74UL, 0x0a0a1e14UL,
508 0x4949db92UL, 0x06060a0cUL, 0x24246c48UL, 0x5c5ce4b8UL,
509 0xc2c25d9fUL, 0xd3d36ebdUL, 0xacacef43UL, 0x6262a6c4UL,
510 0x9191a839UL, 0x9595a431UL, 0xe4e437d3UL, 0x79798bf2UL,
511 0xe7e732d5UL, 0xc8c8438bUL, 0x3737596eUL, 0x6d6db7daUL,
512 0x8d8d8c01UL, 0xd5d564b1UL, 0x4e4ed29cUL, 0xa9a9e049UL,
513 0x6c6cb4d8UL, 0x5656faacUL, 0xf4f407f3UL, 0xeaea25cfUL,
514 0x6565afcaUL, 0x7a7a8ef4UL, 0xaeaee947UL, 0x08081810UL,
515 0xbabad56fUL, 0x787888f0UL, 0x25256f4aUL, 0x2e2e725cUL,
516 0x1c1c2438UL, 0xa6a6f157UL, 0xb4b4c773UL, 0xc6c65197UL,
517 0xe8e823cbUL, 0xdddd7ca1UL, 0x74749ce8UL, 0x1f1f213eUL,
518 0x4b4bdd96UL, 0xbdbddc61UL, 0x8b8b860dUL, 0x8a8a850fUL,
519 0x707090e0UL, 0x3e3e427cUL, 0xb5b5c471UL, 0x6666aaccUL,
520 0x4848d890UL, 0x03030506UL, 0xf6f601f7UL, 0x0e0e121cUL,
521 0x6161a3c2UL, 0x35355f6aUL, 0x5757f9aeUL, 0xb9b9d069UL,
522 0x86869117UL, 0xc1c15899UL, 0x1d1d273aUL, 0x9e9eb927UL,
523 0xe1e138d9UL, 0xf8f813ebUL, 0x9898b32bUL, 0x11113322UL,
524 0x6969bbd2UL, 0xd9d970a9UL, 0x8e8e8907UL, 0x9494a733UL,
525 0x9b9bb62dUL, 0x1e1e223cUL, 0x87879215UL, 0xe9e920c9UL,
526 0xcece4987UL, 0x5555ffaaUL, 0x28287850UL, 0xdfdf7aa5UL,
527 0x8c8c8f03UL, 0xa1a1f859UL, 0x89898009UL, 0x0d0d171aUL,
528 0xbfbfda65UL, 0xe6e631d7UL, 0x4242c684UL, 0x6868b8d0UL,
529 0x4141c382UL, 0x9999b029UL, 0x2d2d775aUL, 0x0f0f111eUL,
530 0xb0b0cb7bUL, 0x5454fca8UL, 0xbbbbd66dUL, 0x16163a2cUL,
531};
532
533#ifndef PELI_TAB
534static const ulong32 Te4_0[] = {
5350x00000063UL, 0x0000007cUL, 0x00000077UL, 0x0000007bUL, 0x000000f2UL, 0x0000006bUL, 0x0000006fUL, 0x000000c5UL,
5360x00000030UL, 0x00000001UL, 0x00000067UL, 0x0000002bUL, 0x000000feUL, 0x000000d7UL, 0x000000abUL, 0x00000076UL,
5370x000000caUL, 0x00000082UL, 0x000000c9UL, 0x0000007dUL, 0x000000faUL, 0x00000059UL, 0x00000047UL, 0x000000f0UL,
5380x000000adUL, 0x000000d4UL, 0x000000a2UL, 0x000000afUL, 0x0000009cUL, 0x000000a4UL, 0x00000072UL, 0x000000c0UL,
5390x000000b7UL, 0x000000fdUL, 0x00000093UL, 0x00000026UL, 0x00000036UL, 0x0000003fUL, 0x000000f7UL, 0x000000ccUL,
5400x00000034UL, 0x000000a5UL, 0x000000e5UL, 0x000000f1UL, 0x00000071UL, 0x000000d8UL, 0x00000031UL, 0x00000015UL,
5410x00000004UL, 0x000000c7UL, 0x00000023UL, 0x000000c3UL, 0x00000018UL, 0x00000096UL, 0x00000005UL, 0x0000009aUL,
5420x00000007UL, 0x00000012UL, 0x00000080UL, 0x000000e2UL, 0x000000ebUL, 0x00000027UL, 0x000000b2UL, 0x00000075UL,
5430x00000009UL, 0x00000083UL, 0x0000002cUL, 0x0000001aUL, 0x0000001bUL, 0x0000006eUL, 0x0000005aUL, 0x000000a0UL,
5440x00000052UL, 0x0000003bUL, 0x000000d6UL, 0x000000b3UL, 0x00000029UL, 0x000000e3UL, 0x0000002fUL, 0x00000084UL,
5450x00000053UL, 0x000000d1UL, 0x00000000UL, 0x000000edUL, 0x00000020UL, 0x000000fcUL, 0x000000b1UL, 0x0000005bUL,
5460x0000006aUL, 0x000000cbUL, 0x000000beUL, 0x00000039UL, 0x0000004aUL, 0x0000004cUL, 0x00000058UL, 0x000000cfUL,
5470x000000d0UL, 0x000000efUL, 0x000000aaUL, 0x000000fbUL, 0x00000043UL, 0x0000004dUL, 0x00000033UL, 0x00000085UL,
5480x00000045UL, 0x000000f9UL, 0x00000002UL, 0x0000007fUL, 0x00000050UL, 0x0000003cUL, 0x0000009fUL, 0x000000a8UL,
5490x00000051UL, 0x000000a3UL, 0x00000040UL, 0x0000008fUL, 0x00000092UL, 0x0000009dUL, 0x00000038UL, 0x000000f5UL,
5500x000000bcUL, 0x000000b6UL, 0x000000daUL, 0x00000021UL, 0x00000010UL, 0x000000ffUL, 0x000000f3UL, 0x000000d2UL,
5510x000000cdUL, 0x0000000cUL, 0x00000013UL, 0x000000ecUL, 0x0000005fUL, 0x00000097UL, 0x00000044UL, 0x00000017UL,
5520x000000c4UL, 0x000000a7UL, 0x0000007eUL, 0x0000003dUL, 0x00000064UL, 0x0000005dUL, 0x00000019UL, 0x00000073UL,
5530x00000060UL, 0x00000081UL, 0x0000004fUL, 0x000000dcUL, 0x00000022UL, 0x0000002aUL, 0x00000090UL, 0x00000088UL,
5540x00000046UL, 0x000000eeUL, 0x000000b8UL, 0x00000014UL, 0x000000deUL, 0x0000005eUL, 0x0000000bUL, 0x000000dbUL,
5550x000000e0UL, 0x00000032UL, 0x0000003aUL, 0x0000000aUL, 0x00000049UL, 0x00000006UL, 0x00000024UL, 0x0000005cUL,
5560x000000c2UL, 0x000000d3UL, 0x000000acUL, 0x00000062UL, 0x00000091UL, 0x00000095UL, 0x000000e4UL, 0x00000079UL,
5570x000000e7UL, 0x000000c8UL, 0x00000037UL, 0x0000006dUL, 0x0000008dUL, 0x000000d5UL, 0x0000004eUL, 0x000000a9UL,
5580x0000006cUL, 0x00000056UL, 0x000000f4UL, 0x000000eaUL, 0x00000065UL, 0x0000007aUL, 0x000000aeUL, 0x00000008UL,
5590x000000baUL, 0x00000078UL, 0x00000025UL, 0x0000002eUL, 0x0000001cUL, 0x000000a6UL, 0x000000b4UL, 0x000000c6UL,
5600x000000e8UL, 0x000000ddUL, 0x00000074UL, 0x0000001fUL, 0x0000004bUL, 0x000000bdUL, 0x0000008bUL, 0x0000008aUL,
5610x00000070UL, 0x0000003eUL, 0x000000b5UL, 0x00000066UL, 0x00000048UL, 0x00000003UL, 0x000000f6UL, 0x0000000eUL,
5620x00000061UL, 0x00000035UL, 0x00000057UL, 0x000000b9UL, 0x00000086UL, 0x000000c1UL, 0x0000001dUL, 0x0000009eUL,
5630x000000e1UL, 0x000000f8UL, 0x00000098UL, 0x00000011UL, 0x00000069UL, 0x000000d9UL, 0x0000008eUL, 0x00000094UL,
5640x0000009bUL, 0x0000001eUL, 0x00000087UL, 0x000000e9UL, 0x000000ceUL, 0x00000055UL, 0x00000028UL, 0x000000dfUL,
5650x0000008cUL, 0x000000a1UL, 0x00000089UL, 0x0000000dUL, 0x000000bfUL, 0x000000e6UL, 0x00000042UL, 0x00000068UL,
5660x00000041UL, 0x00000099UL, 0x0000002dUL, 0x0000000fUL, 0x000000b0UL, 0x00000054UL, 0x000000bbUL, 0x00000016UL
567};
568
569static const ulong32 Te4_1[] = {
5700x00006300UL, 0x00007c00UL, 0x00007700UL, 0x00007b00UL, 0x0000f200UL, 0x00006b00UL, 0x00006f00UL, 0x0000c500UL,
5710x00003000UL, 0x00000100UL, 0x00006700UL, 0x00002b00UL, 0x0000fe00UL, 0x0000d700UL, 0x0000ab00UL, 0x00007600UL,
5720x0000ca00UL, 0x00008200UL, 0x0000c900UL, 0x00007d00UL, 0x0000fa00UL, 0x00005900UL, 0x00004700UL, 0x0000f000UL,
5730x0000ad00UL, 0x0000d400UL, 0x0000a200UL, 0x0000af00UL, 0x00009c00UL, 0x0000a400UL, 0x00007200UL, 0x0000c000UL,
5740x0000b700UL, 0x0000fd00UL, 0x00009300UL, 0x00002600UL, 0x00003600UL, 0x00003f00UL, 0x0000f700UL, 0x0000cc00UL,
5750x00003400UL, 0x0000a500UL, 0x0000e500UL, 0x0000f100UL, 0x00007100UL, 0x0000d800UL, 0x00003100UL, 0x00001500UL,
5760x00000400UL, 0x0000c700UL, 0x00002300UL, 0x0000c300UL, 0x00001800UL, 0x00009600UL, 0x00000500UL, 0x00009a00UL,
5770x00000700UL, 0x00001200UL, 0x00008000UL, 0x0000e200UL, 0x0000eb00UL, 0x00002700UL, 0x0000b200UL, 0x00007500UL,
5780x00000900UL, 0x00008300UL, 0x00002c00UL, 0x00001a00UL, 0x00001b00UL, 0x00006e00UL, 0x00005a00UL, 0x0000a000UL,
5790x00005200UL, 0x00003b00UL, 0x0000d600UL, 0x0000b300UL, 0x00002900UL, 0x0000e300UL, 0x00002f00UL, 0x00008400UL,
5800x00005300UL, 0x0000d100UL, 0x00000000UL, 0x0000ed00UL, 0x00002000UL, 0x0000fc00UL, 0x0000b100UL, 0x00005b00UL,
5810x00006a00UL, 0x0000cb00UL, 0x0000be00UL, 0x00003900UL, 0x00004a00UL, 0x00004c00UL, 0x00005800UL, 0x0000cf00UL,
5820x0000d000UL, 0x0000ef00UL, 0x0000aa00UL, 0x0000fb00UL, 0x00004300UL, 0x00004d00UL, 0x00003300UL, 0x00008500UL,
5830x00004500UL, 0x0000f900UL, 0x00000200UL, 0x00007f00UL, 0x00005000UL, 0x00003c00UL, 0x00009f00UL, 0x0000a800UL,
5840x00005100UL, 0x0000a300UL, 0x00004000UL, 0x00008f00UL, 0x00009200UL, 0x00009d00UL, 0x00003800UL, 0x0000f500UL,
5850x0000bc00UL, 0x0000b600UL, 0x0000da00UL, 0x00002100UL, 0x00001000UL, 0x0000ff00UL, 0x0000f300UL, 0x0000d200UL,
5860x0000cd00UL, 0x00000c00UL, 0x00001300UL, 0x0000ec00UL, 0x00005f00UL, 0x00009700UL, 0x00004400UL, 0x00001700UL,
5870x0000c400UL, 0x0000a700UL, 0x00007e00UL, 0x00003d00UL, 0x00006400UL, 0x00005d00UL, 0x00001900UL, 0x00007300UL,
5880x00006000UL, 0x00008100UL, 0x00004f00UL, 0x0000dc00UL, 0x00002200UL, 0x00002a00UL, 0x00009000UL, 0x00008800UL,
5890x00004600UL, 0x0000ee00UL, 0x0000b800UL, 0x00001400UL, 0x0000de00UL, 0x00005e00UL, 0x00000b00UL, 0x0000db00UL,
5900x0000e000UL, 0x00003200UL, 0x00003a00UL, 0x00000a00UL, 0x00004900UL, 0x00000600UL, 0x00002400UL, 0x00005c00UL,
5910x0000c200UL, 0x0000d300UL, 0x0000ac00UL, 0x00006200UL, 0x00009100UL, 0x00009500UL, 0x0000e400UL, 0x00007900UL,
5920x0000e700UL, 0x0000c800UL, 0x00003700UL, 0x00006d00UL, 0x00008d00UL, 0x0000d500UL, 0x00004e00UL, 0x0000a900UL,
5930x00006c00UL, 0x00005600UL, 0x0000f400UL, 0x0000ea00UL, 0x00006500UL, 0x00007a00UL, 0x0000ae00UL, 0x00000800UL,
5940x0000ba00UL, 0x00007800UL, 0x00002500UL, 0x00002e00UL, 0x00001c00UL, 0x0000a600UL, 0x0000b400UL, 0x0000c600UL,
5950x0000e800UL, 0x0000dd00UL, 0x00007400UL, 0x00001f00UL, 0x00004b00UL, 0x0000bd00UL, 0x00008b00UL, 0x00008a00UL,
5960x00007000UL, 0x00003e00UL, 0x0000b500UL, 0x00006600UL, 0x00004800UL, 0x00000300UL, 0x0000f600UL, 0x00000e00UL,
5970x00006100UL, 0x00003500UL, 0x00005700UL, 0x0000b900UL, 0x00008600UL, 0x0000c100UL, 0x00001d00UL, 0x00009e00UL,
5980x0000e100UL, 0x0000f800UL, 0x00009800UL, 0x00001100UL, 0x00006900UL, 0x0000d900UL, 0x00008e00UL, 0x00009400UL,
5990x00009b00UL, 0x00001e00UL, 0x00008700UL, 0x0000e900UL, 0x0000ce00UL, 0x00005500UL, 0x00002800UL, 0x0000df00UL,
6000x00008c00UL, 0x0000a100UL, 0x00008900UL, 0x00000d00UL, 0x0000bf00UL, 0x0000e600UL, 0x00004200UL, 0x00006800UL,
6010x00004100UL, 0x00009900UL, 0x00002d00UL, 0x00000f00UL, 0x0000b000UL, 0x00005400UL, 0x0000bb00UL, 0x00001600UL
602};
603
604static const ulong32 Te4_2[] = {
6050x00630000UL, 0x007c0000UL, 0x00770000UL, 0x007b0000UL, 0x00f20000UL, 0x006b0000UL, 0x006f0000UL, 0x00c50000UL,
6060x00300000UL, 0x00010000UL, 0x00670000UL, 0x002b0000UL, 0x00fe0000UL, 0x00d70000UL, 0x00ab0000UL, 0x00760000UL,
6070x00ca0000UL, 0x00820000UL, 0x00c90000UL, 0x007d0000UL, 0x00fa0000UL, 0x00590000UL, 0x00470000UL, 0x00f00000UL,
6080x00ad0000UL, 0x00d40000UL, 0x00a20000UL, 0x00af0000UL, 0x009c0000UL, 0x00a40000UL, 0x00720000UL, 0x00c00000UL,
6090x00b70000UL, 0x00fd0000UL, 0x00930000UL, 0x00260000UL, 0x00360000UL, 0x003f0000UL, 0x00f70000UL, 0x00cc0000UL,
6100x00340000UL, 0x00a50000UL, 0x00e50000UL, 0x00f10000UL, 0x00710000UL, 0x00d80000UL, 0x00310000UL, 0x00150000UL,
6110x00040000UL, 0x00c70000UL, 0x00230000UL, 0x00c30000UL, 0x00180000UL, 0x00960000UL, 0x00050000UL, 0x009a0000UL,
6120x00070000UL, 0x00120000UL, 0x00800000UL, 0x00e20000UL, 0x00eb0000UL, 0x00270000UL, 0x00b20000UL, 0x00750000UL,
6130x00090000UL, 0x00830000UL, 0x002c0000UL, 0x001a0000UL, 0x001b0000UL, 0x006e0000UL, 0x005a0000UL, 0x00a00000UL,
6140x00520000UL, 0x003b0000UL, 0x00d60000UL, 0x00b30000UL, 0x00290000UL, 0x00e30000UL, 0x002f0000UL, 0x00840000UL,
6150x00530000UL, 0x00d10000UL, 0x00000000UL, 0x00ed0000UL, 0x00200000UL, 0x00fc0000UL, 0x00b10000UL, 0x005b0000UL,
6160x006a0000UL, 0x00cb0000UL, 0x00be0000UL, 0x00390000UL, 0x004a0000UL, 0x004c0000UL, 0x00580000UL, 0x00cf0000UL,
6170x00d00000UL, 0x00ef0000UL, 0x00aa0000UL, 0x00fb0000UL, 0x00430000UL, 0x004d0000UL, 0x00330000UL, 0x00850000UL,
6180x00450000UL, 0x00f90000UL, 0x00020000UL, 0x007f0000UL, 0x00500000UL, 0x003c0000UL, 0x009f0000UL, 0x00a80000UL,
6190x00510000UL, 0x00a30000UL, 0x00400000UL, 0x008f0000UL, 0x00920000UL, 0x009d0000UL, 0x00380000UL, 0x00f50000UL,
6200x00bc0000UL, 0x00b60000UL, 0x00da0000UL, 0x00210000UL, 0x00100000UL, 0x00ff0000UL, 0x00f30000UL, 0x00d20000UL,
6210x00cd0000UL, 0x000c0000UL, 0x00130000UL, 0x00ec0000UL, 0x005f0000UL, 0x00970000UL, 0x00440000UL, 0x00170000UL,
6220x00c40000UL, 0x00a70000UL, 0x007e0000UL, 0x003d0000UL, 0x00640000UL, 0x005d0000UL, 0x00190000UL, 0x00730000UL,
6230x00600000UL, 0x00810000UL, 0x004f0000UL, 0x00dc0000UL, 0x00220000UL, 0x002a0000UL, 0x00900000UL, 0x00880000UL,
6240x00460000UL, 0x00ee0000UL, 0x00b80000UL, 0x00140000UL, 0x00de0000UL, 0x005e0000UL, 0x000b0000UL, 0x00db0000UL,
6250x00e00000UL, 0x00320000UL, 0x003a0000UL, 0x000a0000UL, 0x00490000UL, 0x00060000UL, 0x00240000UL, 0x005c0000UL,
6260x00c20000UL, 0x00d30000UL, 0x00ac0000UL, 0x00620000UL, 0x00910000UL, 0x00950000UL, 0x00e40000UL, 0x00790000UL,
6270x00e70000UL, 0x00c80000UL, 0x00370000UL, 0x006d0000UL, 0x008d0000UL, 0x00d50000UL, 0x004e0000UL, 0x00a90000UL,
6280x006c0000UL, 0x00560000UL, 0x00f40000UL, 0x00ea0000UL, 0x00650000UL, 0x007a0000UL, 0x00ae0000UL, 0x00080000UL,
6290x00ba0000UL, 0x00780000UL, 0x00250000UL, 0x002e0000UL, 0x001c0000UL, 0x00a60000UL, 0x00b40000UL, 0x00c60000UL,
6300x00e80000UL, 0x00dd0000UL, 0x00740000UL, 0x001f0000UL, 0x004b0000UL, 0x00bd0000UL, 0x008b0000UL, 0x008a0000UL,
6310x00700000UL, 0x003e0000UL, 0x00b50000UL, 0x00660000UL, 0x00480000UL, 0x00030000UL, 0x00f60000UL, 0x000e0000UL,
6320x00610000UL, 0x00350000UL, 0x00570000UL, 0x00b90000UL, 0x00860000UL, 0x00c10000UL, 0x001d0000UL, 0x009e0000UL,
6330x00e10000UL, 0x00f80000UL, 0x00980000UL, 0x00110000UL, 0x00690000UL, 0x00d90000UL, 0x008e0000UL, 0x00940000UL,
6340x009b0000UL, 0x001e0000UL, 0x00870000UL, 0x00e90000UL, 0x00ce0000UL, 0x00550000UL, 0x00280000UL, 0x00df0000UL,
6350x008c0000UL, 0x00a10000UL, 0x00890000UL, 0x000d0000UL, 0x00bf0000UL, 0x00e60000UL, 0x00420000UL, 0x00680000UL,
6360x00410000UL, 0x00990000UL, 0x002d0000UL, 0x000f0000UL, 0x00b00000UL, 0x00540000UL, 0x00bb0000UL, 0x00160000UL
637};
638
639static const ulong32 Te4_3[] = {
6400x63000000UL, 0x7c000000UL, 0x77000000UL, 0x7b000000UL, 0xf2000000UL, 0x6b000000UL, 0x6f000000UL, 0xc5000000UL,
6410x30000000UL, 0x01000000UL, 0x67000000UL, 0x2b000000UL, 0xfe000000UL, 0xd7000000UL, 0xab000000UL, 0x76000000UL,
6420xca000000UL, 0x82000000UL, 0xc9000000UL, 0x7d000000UL, 0xfa000000UL, 0x59000000UL, 0x47000000UL, 0xf0000000UL,
6430xad000000UL, 0xd4000000UL, 0xa2000000UL, 0xaf000000UL, 0x9c000000UL, 0xa4000000UL, 0x72000000UL, 0xc0000000UL,
6440xb7000000UL, 0xfd000000UL, 0x93000000UL, 0x26000000UL, 0x36000000UL, 0x3f000000UL, 0xf7000000UL, 0xcc000000UL,
6450x34000000UL, 0xa5000000UL, 0xe5000000UL, 0xf1000000UL, 0x71000000UL, 0xd8000000UL, 0x31000000UL, 0x15000000UL,
6460x04000000UL, 0xc7000000UL, 0x23000000UL, 0xc3000000UL, 0x18000000UL, 0x96000000UL, 0x05000000UL, 0x9a000000UL,
6470x07000000UL, 0x12000000UL, 0x80000000UL, 0xe2000000UL, 0xeb000000UL, 0x27000000UL, 0xb2000000UL, 0x75000000UL,
6480x09000000UL, 0x83000000UL, 0x2c000000UL, 0x1a000000UL, 0x1b000000UL, 0x6e000000UL, 0x5a000000UL, 0xa0000000UL,
6490x52000000UL, 0x3b000000UL, 0xd6000000UL, 0xb3000000UL, 0x29000000UL, 0xe3000000UL, 0x2f000000UL, 0x84000000UL,
6500x53000000UL, 0xd1000000UL, 0x00000000UL, 0xed000000UL, 0x20000000UL, 0xfc000000UL, 0xb1000000UL, 0x5b000000UL,
6510x6a000000UL, 0xcb000000UL, 0xbe000000UL, 0x39000000UL, 0x4a000000UL, 0x4c000000UL, 0x58000000UL, 0xcf000000UL,
6520xd0000000UL, 0xef000000UL, 0xaa000000UL, 0xfb000000UL, 0x43000000UL, 0x4d000000UL, 0x33000000UL, 0x85000000UL,
6530x45000000UL, 0xf9000000UL, 0x02000000UL, 0x7f000000UL, 0x50000000UL, 0x3c000000UL, 0x9f000000UL, 0xa8000000UL,
6540x51000000UL, 0xa3000000UL, 0x40000000UL, 0x8f000000UL, 0x92000000UL, 0x9d000000UL, 0x38000000UL, 0xf5000000UL,
6550xbc000000UL, 0xb6000000UL, 0xda000000UL, 0x21000000UL, 0x10000000UL, 0xff000000UL, 0xf3000000UL, 0xd2000000UL,
6560xcd000000UL, 0x0c000000UL, 0x13000000UL, 0xec000000UL, 0x5f000000UL, 0x97000000UL, 0x44000000UL, 0x17000000UL,
6570xc4000000UL, 0xa7000000UL, 0x7e000000UL, 0x3d000000UL, 0x64000000UL, 0x5d000000UL, 0x19000000UL, 0x73000000UL,
6580x60000000UL, 0x81000000UL, 0x4f000000UL, 0xdc000000UL, 0x22000000UL, 0x2a000000UL, 0x90000000UL, 0x88000000UL,
6590x46000000UL, 0xee000000UL, 0xb8000000UL, 0x14000000UL, 0xde000000UL, 0x5e000000UL, 0x0b000000UL, 0xdb000000UL,
6600xe0000000UL, 0x32000000UL, 0x3a000000UL, 0x0a000000UL, 0x49000000UL, 0x06000000UL, 0x24000000UL, 0x5c000000UL,
6610xc2000000UL, 0xd3000000UL, 0xac000000UL, 0x62000000UL, 0x91000000UL, 0x95000000UL, 0xe4000000UL, 0x79000000UL,
6620xe7000000UL, 0xc8000000UL, 0x37000000UL, 0x6d000000UL, 0x8d000000UL, 0xd5000000UL, 0x4e000000UL, 0xa9000000UL,
6630x6c000000UL, 0x56000000UL, 0xf4000000UL, 0xea000000UL, 0x65000000UL, 0x7a000000UL, 0xae000000UL, 0x08000000UL,
6640xba000000UL, 0x78000000UL, 0x25000000UL, 0x2e000000UL, 0x1c000000UL, 0xa6000000UL, 0xb4000000UL, 0xc6000000UL,
6650xe8000000UL, 0xdd000000UL, 0x74000000UL, 0x1f000000UL, 0x4b000000UL, 0xbd000000UL, 0x8b000000UL, 0x8a000000UL,
6660x70000000UL, 0x3e000000UL, 0xb5000000UL, 0x66000000UL, 0x48000000UL, 0x03000000UL, 0xf6000000UL, 0x0e000000UL,
6670x61000000UL, 0x35000000UL, 0x57000000UL, 0xb9000000UL, 0x86000000UL, 0xc1000000UL, 0x1d000000UL, 0x9e000000UL,
6680xe1000000UL, 0xf8000000UL, 0x98000000UL, 0x11000000UL, 0x69000000UL, 0xd9000000UL, 0x8e000000UL, 0x94000000UL,
6690x9b000000UL, 0x1e000000UL, 0x87000000UL, 0xe9000000UL, 0xce000000UL, 0x55000000UL, 0x28000000UL, 0xdf000000UL,
6700x8c000000UL, 0xa1000000UL, 0x89000000UL, 0x0d000000UL, 0xbf000000UL, 0xe6000000UL, 0x42000000UL, 0x68000000UL,
6710x41000000UL, 0x99000000UL, 0x2d000000UL, 0x0f000000UL, 0xb0000000UL, 0x54000000UL, 0xbb000000UL, 0x16000000UL
672};
673#endif /* pelimac */
674
675#ifndef ENCRYPT_ONLY
676
677static const ulong32 TD1[256] = {
678 0x5051f4a7UL, 0x537e4165UL, 0xc31a17a4UL, 0x963a275eUL,
679 0xcb3bab6bUL, 0xf11f9d45UL, 0xabacfa58UL, 0x934be303UL,
680 0x552030faUL, 0xf6ad766dUL, 0x9188cc76UL, 0x25f5024cUL,
681 0xfc4fe5d7UL, 0xd7c52acbUL, 0x80263544UL, 0x8fb562a3UL,
682 0x49deb15aUL, 0x6725ba1bUL, 0x9845ea0eUL, 0xe15dfec0UL,
683 0x02c32f75UL, 0x12814cf0UL, 0xa38d4697UL, 0xc66bd3f9UL,
684 0xe7038f5fUL, 0x9515929cUL, 0xebbf6d7aUL, 0xda955259UL,
685 0x2dd4be83UL, 0xd3587421UL, 0x2949e069UL, 0x448ec9c8UL,
686 0x6a75c289UL, 0x78f48e79UL, 0x6b99583eUL, 0xdd27b971UL,
687 0xb6bee14fUL, 0x17f088adUL, 0x66c920acUL, 0xb47dce3aUL,
688 0x1863df4aUL, 0x82e51a31UL, 0x60975133UL, 0x4562537fUL,
689 0xe0b16477UL, 0x84bb6baeUL, 0x1cfe81a0UL, 0x94f9082bUL,
690 0x58704868UL, 0x198f45fdUL, 0x8794de6cUL, 0xb7527bf8UL,
691 0x23ab73d3UL, 0xe2724b02UL, 0x57e31f8fUL, 0x2a6655abUL,
692 0x07b2eb28UL, 0x032fb5c2UL, 0x9a86c57bUL, 0xa5d33708UL,
693 0xf2302887UL, 0xb223bfa5UL, 0xba02036aUL, 0x5ced1682UL,
694 0x2b8acf1cUL, 0x92a779b4UL, 0xf0f307f2UL, 0xa14e69e2UL,
695 0xcd65daf4UL, 0xd50605beUL, 0x1fd13462UL, 0x8ac4a6feUL,
696 0x9d342e53UL, 0xa0a2f355UL, 0x32058ae1UL, 0x75a4f6ebUL,
697 0x390b83ecUL, 0xaa4060efUL, 0x065e719fUL, 0x51bd6e10UL,
698 0xf93e218aUL, 0x3d96dd06UL, 0xaedd3e05UL, 0x464de6bdUL,
699 0xb591548dUL, 0x0571c45dUL, 0x6f0406d4UL, 0xff605015UL,
700 0x241998fbUL, 0x97d6bde9UL, 0xcc894043UL, 0x7767d99eUL,
701 0xbdb0e842UL, 0x8807898bUL, 0x38e7195bUL, 0xdb79c8eeUL,
702 0x47a17c0aUL, 0xe97c420fUL, 0xc9f8841eUL, 0x00000000UL,
703 0x83098086UL, 0x48322bedUL, 0xac1e1170UL, 0x4e6c5a72UL,
704 0xfbfd0effUL, 0x560f8538UL, 0x1e3daed5UL, 0x27362d39UL,
705 0x640a0fd9UL, 0x21685ca6UL, 0xd19b5b54UL, 0x3a24362eUL,
706 0xb10c0a67UL, 0x0f9357e7UL, 0xd2b4ee96UL, 0x9e1b9b91UL,
707 0x4f80c0c5UL, 0xa261dc20UL, 0x695a774bUL, 0x161c121aUL,
708 0x0ae293baUL, 0xe5c0a02aUL, 0x433c22e0UL, 0x1d121b17UL,
709 0x0b0e090dUL, 0xadf28bc7UL, 0xb92db6a8UL, 0xc8141ea9UL,
710 0x8557f119UL, 0x4caf7507UL, 0xbbee99ddUL, 0xfda37f60UL,
711 0x9ff70126UL, 0xbc5c72f5UL, 0xc544663bUL, 0x345bfb7eUL,
712 0x768b4329UL, 0xdccb23c6UL, 0x68b6edfcUL, 0x63b8e4f1UL,
713 0xcad731dcUL, 0x10426385UL, 0x40139722UL, 0x2084c611UL,
714 0x7d854a24UL, 0xf8d2bb3dUL, 0x11aef932UL, 0x6dc729a1UL,
715 0x4b1d9e2fUL, 0xf3dcb230UL, 0xec0d8652UL, 0xd077c1e3UL,
716 0x6c2bb316UL, 0x99a970b9UL, 0xfa119448UL, 0x2247e964UL,
717 0xc4a8fc8cUL, 0x1aa0f03fUL, 0xd8567d2cUL, 0xef223390UL,
718 0xc787494eUL, 0xc1d938d1UL, 0xfe8ccaa2UL, 0x3698d40bUL,
719 0xcfa6f581UL, 0x28a57adeUL, 0x26dab78eUL, 0xa43fadbfUL,
720 0xe42c3a9dUL, 0x0d507892UL, 0x9b6a5fccUL, 0x62547e46UL,
721 0xc2f68d13UL, 0xe890d8b8UL, 0x5e2e39f7UL, 0xf582c3afUL,
722 0xbe9f5d80UL, 0x7c69d093UL, 0xa96fd52dUL, 0xb3cf2512UL,
723 0x3bc8ac99UL, 0xa710187dUL, 0x6ee89c63UL, 0x7bdb3bbbUL,
724 0x09cd2678UL, 0xf46e5918UL, 0x01ec9ab7UL, 0xa8834f9aUL,
725 0x65e6956eUL, 0x7eaaffe6UL, 0x0821bccfUL, 0xe6ef15e8UL,
726 0xd9bae79bUL, 0xce4a6f36UL, 0xd4ea9f09UL, 0xd629b07cUL,
727 0xaf31a4b2UL, 0x312a3f23UL, 0x30c6a594UL, 0xc035a266UL,
728 0x37744ebcUL, 0xa6fc82caUL, 0xb0e090d0UL, 0x1533a7d8UL,
729 0x4af10498UL, 0xf741ecdaUL, 0x0e7fcd50UL, 0x2f1791f6UL,
730 0x8d764dd6UL, 0x4d43efb0UL, 0x54ccaa4dUL, 0xdfe49604UL,
731 0xe39ed1b5UL, 0x1b4c6a88UL, 0xb8c12c1fUL, 0x7f466551UL,
732 0x049d5eeaUL, 0x5d018c35UL, 0x73fa8774UL, 0x2efb0b41UL,
733 0x5ab3671dUL, 0x5292dbd2UL, 0x33e91056UL, 0x136dd647UL,
734 0x8c9ad761UL, 0x7a37a10cUL, 0x8e59f814UL, 0x89eb133cUL,
735 0xeecea927UL, 0x35b761c9UL, 0xede11ce5UL, 0x3c7a47b1UL,
736 0x599cd2dfUL, 0x3f55f273UL, 0x791814ceUL, 0xbf73c737UL,
737 0xea53f7cdUL, 0x5b5ffdaaUL, 0x14df3d6fUL, 0x867844dbUL,
738 0x81caaff3UL, 0x3eb968c4UL, 0x2c382434UL, 0x5fc2a340UL,
739 0x72161dc3UL, 0x0cbce225UL, 0x8b283c49UL, 0x41ff0d95UL,
740 0x7139a801UL, 0xde080cb3UL, 0x9cd8b4e4UL, 0x906456c1UL,
741 0x617bcb84UL, 0x70d532b6UL, 0x74486c5cUL, 0x42d0b857UL,
742};
743static const ulong32 TD2[256] = {
744 0xa75051f4UL, 0x65537e41UL, 0xa4c31a17UL, 0x5e963a27UL,
745 0x6bcb3babUL, 0x45f11f9dUL, 0x58abacfaUL, 0x03934be3UL,
746 0xfa552030UL, 0x6df6ad76UL, 0x769188ccUL, 0x4c25f502UL,
747 0xd7fc4fe5UL, 0xcbd7c52aUL, 0x44802635UL, 0xa38fb562UL,
748 0x5a49deb1UL, 0x1b6725baUL, 0x0e9845eaUL, 0xc0e15dfeUL,
749 0x7502c32fUL, 0xf012814cUL, 0x97a38d46UL, 0xf9c66bd3UL,
750 0x5fe7038fUL, 0x9c951592UL, 0x7aebbf6dUL, 0x59da9552UL,
751 0x832dd4beUL, 0x21d35874UL, 0x692949e0UL, 0xc8448ec9UL,
752 0x896a75c2UL, 0x7978f48eUL, 0x3e6b9958UL, 0x71dd27b9UL,
753 0x4fb6bee1UL, 0xad17f088UL, 0xac66c920UL, 0x3ab47dceUL,
754 0x4a1863dfUL, 0x3182e51aUL, 0x33609751UL, 0x7f456253UL,
755 0x77e0b164UL, 0xae84bb6bUL, 0xa01cfe81UL, 0x2b94f908UL,
756 0x68587048UL, 0xfd198f45UL, 0x6c8794deUL, 0xf8b7527bUL,
757 0xd323ab73UL, 0x02e2724bUL, 0x8f57e31fUL, 0xab2a6655UL,
758 0x2807b2ebUL, 0xc2032fb5UL, 0x7b9a86c5UL, 0x08a5d337UL,
759 0x87f23028UL, 0xa5b223bfUL, 0x6aba0203UL, 0x825ced16UL,
760 0x1c2b8acfUL, 0xb492a779UL, 0xf2f0f307UL, 0xe2a14e69UL,
761 0xf4cd65daUL, 0xbed50605UL, 0x621fd134UL, 0xfe8ac4a6UL,
762 0x539d342eUL, 0x55a0a2f3UL, 0xe132058aUL, 0xeb75a4f6UL,
763 0xec390b83UL, 0xefaa4060UL, 0x9f065e71UL, 0x1051bd6eUL,
764 0x8af93e21UL, 0x063d96ddUL, 0x05aedd3eUL, 0xbd464de6UL,
765 0x8db59154UL, 0x5d0571c4UL, 0xd46f0406UL, 0x15ff6050UL,
766 0xfb241998UL, 0xe997d6bdUL, 0x43cc8940UL, 0x9e7767d9UL,
767 0x42bdb0e8UL, 0x8b880789UL, 0x5b38e719UL, 0xeedb79c8UL,
768 0x0a47a17cUL, 0x0fe97c42UL, 0x1ec9f884UL, 0x00000000UL,
769 0x86830980UL, 0xed48322bUL, 0x70ac1e11UL, 0x724e6c5aUL,
770 0xfffbfd0eUL, 0x38560f85UL, 0xd51e3daeUL, 0x3927362dUL,
771 0xd9640a0fUL, 0xa621685cUL, 0x54d19b5bUL, 0x2e3a2436UL,
772 0x67b10c0aUL, 0xe70f9357UL, 0x96d2b4eeUL, 0x919e1b9bUL,
773 0xc54f80c0UL, 0x20a261dcUL, 0x4b695a77UL, 0x1a161c12UL,
774 0xba0ae293UL, 0x2ae5c0a0UL, 0xe0433c22UL, 0x171d121bUL,
775 0x0d0b0e09UL, 0xc7adf28bUL, 0xa8b92db6UL, 0xa9c8141eUL,
776 0x198557f1UL, 0x074caf75UL, 0xddbbee99UL, 0x60fda37fUL,
777 0x269ff701UL, 0xf5bc5c72UL, 0x3bc54466UL, 0x7e345bfbUL,
778 0x29768b43UL, 0xc6dccb23UL, 0xfc68b6edUL, 0xf163b8e4UL,
779 0xdccad731UL, 0x85104263UL, 0x22401397UL, 0x112084c6UL,
780 0x247d854aUL, 0x3df8d2bbUL, 0x3211aef9UL, 0xa16dc729UL,
781 0x2f4b1d9eUL, 0x30f3dcb2UL, 0x52ec0d86UL, 0xe3d077c1UL,
782 0x166c2bb3UL, 0xb999a970UL, 0x48fa1194UL, 0x642247e9UL,
783 0x8cc4a8fcUL, 0x3f1aa0f0UL, 0x2cd8567dUL, 0x90ef2233UL,
784 0x4ec78749UL, 0xd1c1d938UL, 0xa2fe8ccaUL, 0x0b3698d4UL,
785 0x81cfa6f5UL, 0xde28a57aUL, 0x8e26dab7UL, 0xbfa43fadUL,
786 0x9de42c3aUL, 0x920d5078UL, 0xcc9b6a5fUL, 0x4662547eUL,
787 0x13c2f68dUL, 0xb8e890d8UL, 0xf75e2e39UL, 0xaff582c3UL,
788 0x80be9f5dUL, 0x937c69d0UL, 0x2da96fd5UL, 0x12b3cf25UL,
789 0x993bc8acUL, 0x7da71018UL, 0x636ee89cUL, 0xbb7bdb3bUL,
790 0x7809cd26UL, 0x18f46e59UL, 0xb701ec9aUL, 0x9aa8834fUL,
791 0x6e65e695UL, 0xe67eaaffUL, 0xcf0821bcUL, 0xe8e6ef15UL,
792 0x9bd9bae7UL, 0x36ce4a6fUL, 0x09d4ea9fUL, 0x7cd629b0UL,
793 0xb2af31a4UL, 0x23312a3fUL, 0x9430c6a5UL, 0x66c035a2UL,
794 0xbc37744eUL, 0xcaa6fc82UL, 0xd0b0e090UL, 0xd81533a7UL,
795 0x984af104UL, 0xdaf741ecUL, 0x500e7fcdUL, 0xf62f1791UL,
796 0xd68d764dUL, 0xb04d43efUL, 0x4d54ccaaUL, 0x04dfe496UL,
797 0xb5e39ed1UL, 0x881b4c6aUL, 0x1fb8c12cUL, 0x517f4665UL,
798 0xea049d5eUL, 0x355d018cUL, 0x7473fa87UL, 0x412efb0bUL,
799 0x1d5ab367UL, 0xd25292dbUL, 0x5633e910UL, 0x47136dd6UL,
800 0x618c9ad7UL, 0x0c7a37a1UL, 0x148e59f8UL, 0x3c89eb13UL,
801 0x27eecea9UL, 0xc935b761UL, 0xe5ede11cUL, 0xb13c7a47UL,
802 0xdf599cd2UL, 0x733f55f2UL, 0xce791814UL, 0x37bf73c7UL,
803 0xcdea53f7UL, 0xaa5b5ffdUL, 0x6f14df3dUL, 0xdb867844UL,
804 0xf381caafUL, 0xc43eb968UL, 0x342c3824UL, 0x405fc2a3UL,
805 0xc372161dUL, 0x250cbce2UL, 0x498b283cUL, 0x9541ff0dUL,
806 0x017139a8UL, 0xb3de080cUL, 0xe49cd8b4UL, 0xc1906456UL,
807 0x84617bcbUL, 0xb670d532UL, 0x5c74486cUL, 0x5742d0b8UL,
808};
809static const ulong32 TD3[256] = {
810 0xf4a75051UL, 0x4165537eUL, 0x17a4c31aUL, 0x275e963aUL,
811 0xab6bcb3bUL, 0x9d45f11fUL, 0xfa58abacUL, 0xe303934bUL,
812 0x30fa5520UL, 0x766df6adUL, 0xcc769188UL, 0x024c25f5UL,
813 0xe5d7fc4fUL, 0x2acbd7c5UL, 0x35448026UL, 0x62a38fb5UL,
814 0xb15a49deUL, 0xba1b6725UL, 0xea0e9845UL, 0xfec0e15dUL,
815 0x2f7502c3UL, 0x4cf01281UL, 0x4697a38dUL, 0xd3f9c66bUL,
816 0x8f5fe703UL, 0x929c9515UL, 0x6d7aebbfUL, 0x5259da95UL,
817 0xbe832dd4UL, 0x7421d358UL, 0xe0692949UL, 0xc9c8448eUL,
818 0xc2896a75UL, 0x8e7978f4UL, 0x583e6b99UL, 0xb971dd27UL,
819 0xe14fb6beUL, 0x88ad17f0UL, 0x20ac66c9UL, 0xce3ab47dUL,
820 0xdf4a1863UL, 0x1a3182e5UL, 0x51336097UL, 0x537f4562UL,
821 0x6477e0b1UL, 0x6bae84bbUL, 0x81a01cfeUL, 0x082b94f9UL,
822 0x48685870UL, 0x45fd198fUL, 0xde6c8794UL, 0x7bf8b752UL,
823 0x73d323abUL, 0x4b02e272UL, 0x1f8f57e3UL, 0x55ab2a66UL,
824 0xeb2807b2UL, 0xb5c2032fUL, 0xc57b9a86UL, 0x3708a5d3UL,
825 0x2887f230UL, 0xbfa5b223UL, 0x036aba02UL, 0x16825cedUL,
826 0xcf1c2b8aUL, 0x79b492a7UL, 0x07f2f0f3UL, 0x69e2a14eUL,
827 0xdaf4cd65UL, 0x05bed506UL, 0x34621fd1UL, 0xa6fe8ac4UL,
828 0x2e539d34UL, 0xf355a0a2UL, 0x8ae13205UL, 0xf6eb75a4UL,
829 0x83ec390bUL, 0x60efaa40UL, 0x719f065eUL, 0x6e1051bdUL,
830 0x218af93eUL, 0xdd063d96UL, 0x3e05aeddUL, 0xe6bd464dUL,
831 0x548db591UL, 0xc45d0571UL, 0x06d46f04UL, 0x5015ff60UL,
832 0x98fb2419UL, 0xbde997d6UL, 0x4043cc89UL, 0xd99e7767UL,
833 0xe842bdb0UL, 0x898b8807UL, 0x195b38e7UL, 0xc8eedb79UL,
834 0x7c0a47a1UL, 0x420fe97cUL, 0x841ec9f8UL, 0x00000000UL,
835 0x80868309UL, 0x2bed4832UL, 0x1170ac1eUL, 0x5a724e6cUL,
836 0x0efffbfdUL, 0x8538560fUL, 0xaed51e3dUL, 0x2d392736UL,
837 0x0fd9640aUL, 0x5ca62168UL, 0x5b54d19bUL, 0x362e3a24UL,
838 0x0a67b10cUL, 0x57e70f93UL, 0xee96d2b4UL, 0x9b919e1bUL,
839 0xc0c54f80UL, 0xdc20a261UL, 0x774b695aUL, 0x121a161cUL,
840 0x93ba0ae2UL, 0xa02ae5c0UL, 0x22e0433cUL, 0x1b171d12UL,
841 0x090d0b0eUL, 0x8bc7adf2UL, 0xb6a8b92dUL, 0x1ea9c814UL,
842 0xf1198557UL, 0x75074cafUL, 0x99ddbbeeUL, 0x7f60fda3UL,
843 0x01269ff7UL, 0x72f5bc5cUL, 0x663bc544UL, 0xfb7e345bUL,
844 0x4329768bUL, 0x23c6dccbUL, 0xedfc68b6UL, 0xe4f163b8UL,
845 0x31dccad7UL, 0x63851042UL, 0x97224013UL, 0xc6112084UL,
846 0x4a247d85UL, 0xbb3df8d2UL, 0xf93211aeUL, 0x29a16dc7UL,
847 0x9e2f4b1dUL, 0xb230f3dcUL, 0x8652ec0dUL, 0xc1e3d077UL,
848 0xb3166c2bUL, 0x70b999a9UL, 0x9448fa11UL, 0xe9642247UL,
849 0xfc8cc4a8UL, 0xf03f1aa0UL, 0x7d2cd856UL, 0x3390ef22UL,
850 0x494ec787UL, 0x38d1c1d9UL, 0xcaa2fe8cUL, 0xd40b3698UL,
851 0xf581cfa6UL, 0x7ade28a5UL, 0xb78e26daUL, 0xadbfa43fUL,
852 0x3a9de42cUL, 0x78920d50UL, 0x5fcc9b6aUL, 0x7e466254UL,
853 0x8d13c2f6UL, 0xd8b8e890UL, 0x39f75e2eUL, 0xc3aff582UL,
854 0x5d80be9fUL, 0xd0937c69UL, 0xd52da96fUL, 0x2512b3cfUL,
855 0xac993bc8UL, 0x187da710UL, 0x9c636ee8UL, 0x3bbb7bdbUL,
856 0x267809cdUL, 0x5918f46eUL, 0x9ab701ecUL, 0x4f9aa883UL,
857 0x956e65e6UL, 0xffe67eaaUL, 0xbccf0821UL, 0x15e8e6efUL,
858 0xe79bd9baUL, 0x6f36ce4aUL, 0x9f09d4eaUL, 0xb07cd629UL,
859 0xa4b2af31UL, 0x3f23312aUL, 0xa59430c6UL, 0xa266c035UL,
860 0x4ebc3774UL, 0x82caa6fcUL, 0x90d0b0e0UL, 0xa7d81533UL,
861 0x04984af1UL, 0xecdaf741UL, 0xcd500e7fUL, 0x91f62f17UL,
862 0x4dd68d76UL, 0xefb04d43UL, 0xaa4d54ccUL, 0x9604dfe4UL,
863 0xd1b5e39eUL, 0x6a881b4cUL, 0x2c1fb8c1UL, 0x65517f46UL,
864 0x5eea049dUL, 0x8c355d01UL, 0x877473faUL, 0x0b412efbUL,
865 0x671d5ab3UL, 0xdbd25292UL, 0x105633e9UL, 0xd647136dUL,
866 0xd7618c9aUL, 0xa10c7a37UL, 0xf8148e59UL, 0x133c89ebUL,
867 0xa927eeceUL, 0x61c935b7UL, 0x1ce5ede1UL, 0x47b13c7aUL,
868 0xd2df599cUL, 0xf2733f55UL, 0x14ce7918UL, 0xc737bf73UL,
869 0xf7cdea53UL, 0xfdaa5b5fUL, 0x3d6f14dfUL, 0x44db8678UL,
870 0xaff381caUL, 0x68c43eb9UL, 0x24342c38UL, 0xa3405fc2UL,
871 0x1dc37216UL, 0xe2250cbcUL, 0x3c498b28UL, 0x0d9541ffUL,
872 0xa8017139UL, 0x0cb3de08UL, 0xb4e49cd8UL, 0x56c19064UL,
873 0xcb84617bUL, 0x32b670d5UL, 0x6c5c7448UL, 0xb85742d0UL,
874};
875
876static const ulong32 Tks0[] = {
8770x00000000UL, 0x0e090d0bUL, 0x1c121a16UL, 0x121b171dUL, 0x3824342cUL, 0x362d3927UL, 0x24362e3aUL, 0x2a3f2331UL,
8780x70486858UL, 0x7e416553UL, 0x6c5a724eUL, 0x62537f45UL, 0x486c5c74UL, 0x4665517fUL, 0x547e4662UL, 0x5a774b69UL,
8790xe090d0b0UL, 0xee99ddbbUL, 0xfc82caa6UL, 0xf28bc7adUL, 0xd8b4e49cUL, 0xd6bde997UL, 0xc4a6fe8aUL, 0xcaaff381UL,
8800x90d8b8e8UL, 0x9ed1b5e3UL, 0x8ccaa2feUL, 0x82c3aff5UL, 0xa8fc8cc4UL, 0xa6f581cfUL, 0xb4ee96d2UL, 0xbae79bd9UL,
8810xdb3bbb7bUL, 0xd532b670UL, 0xc729a16dUL, 0xc920ac66UL, 0xe31f8f57UL, 0xed16825cUL, 0xff0d9541UL, 0xf104984aUL,
8820xab73d323UL, 0xa57ade28UL, 0xb761c935UL, 0xb968c43eUL, 0x9357e70fUL, 0x9d5eea04UL, 0x8f45fd19UL, 0x814cf012UL,
8830x3bab6bcbUL, 0x35a266c0UL, 0x27b971ddUL, 0x29b07cd6UL, 0x038f5fe7UL, 0x0d8652ecUL, 0x1f9d45f1UL, 0x119448faUL,
8840x4be30393UL, 0x45ea0e98UL, 0x57f11985UL, 0x59f8148eUL, 0x73c737bfUL, 0x7dce3ab4UL, 0x6fd52da9UL, 0x61dc20a2UL,
8850xad766df6UL, 0xa37f60fdUL, 0xb16477e0UL, 0xbf6d7aebUL, 0x955259daUL, 0x9b5b54d1UL, 0x894043ccUL, 0x87494ec7UL,
8860xdd3e05aeUL, 0xd33708a5UL, 0xc12c1fb8UL, 0xcf2512b3UL, 0xe51a3182UL, 0xeb133c89UL, 0xf9082b94UL, 0xf701269fUL,
8870x4de6bd46UL, 0x43efb04dUL, 0x51f4a750UL, 0x5ffdaa5bUL, 0x75c2896aUL, 0x7bcb8461UL, 0x69d0937cUL, 0x67d99e77UL,
8880x3daed51eUL, 0x33a7d815UL, 0x21bccf08UL, 0x2fb5c203UL, 0x058ae132UL, 0x0b83ec39UL, 0x1998fb24UL, 0x1791f62fUL,
8890x764dd68dUL, 0x7844db86UL, 0x6a5fcc9bUL, 0x6456c190UL, 0x4e69e2a1UL, 0x4060efaaUL, 0x527bf8b7UL, 0x5c72f5bcUL,
8900x0605bed5UL, 0x080cb3deUL, 0x1a17a4c3UL, 0x141ea9c8UL, 0x3e218af9UL, 0x302887f2UL, 0x223390efUL, 0x2c3a9de4UL,
8910x96dd063dUL, 0x98d40b36UL, 0x8acf1c2bUL, 0x84c61120UL, 0xaef93211UL, 0xa0f03f1aUL, 0xb2eb2807UL, 0xbce2250cUL,
8920xe6956e65UL, 0xe89c636eUL, 0xfa877473UL, 0xf48e7978UL, 0xdeb15a49UL, 0xd0b85742UL, 0xc2a3405fUL, 0xccaa4d54UL,
8930x41ecdaf7UL, 0x4fe5d7fcUL, 0x5dfec0e1UL, 0x53f7cdeaUL, 0x79c8eedbUL, 0x77c1e3d0UL, 0x65daf4cdUL, 0x6bd3f9c6UL,
8940x31a4b2afUL, 0x3fadbfa4UL, 0x2db6a8b9UL, 0x23bfa5b2UL, 0x09808683UL, 0x07898b88UL, 0x15929c95UL, 0x1b9b919eUL,
8950xa17c0a47UL, 0xaf75074cUL, 0xbd6e1051UL, 0xb3671d5aUL, 0x99583e6bUL, 0x97513360UL, 0x854a247dUL, 0x8b432976UL,
8960xd134621fUL, 0xdf3d6f14UL, 0xcd267809UL, 0xc32f7502UL, 0xe9105633UL, 0xe7195b38UL, 0xf5024c25UL, 0xfb0b412eUL,
8970x9ad7618cUL, 0x94de6c87UL, 0x86c57b9aUL, 0x88cc7691UL, 0xa2f355a0UL, 0xacfa58abUL, 0xbee14fb6UL, 0xb0e842bdUL,
8980xea9f09d4UL, 0xe49604dfUL, 0xf68d13c2UL, 0xf8841ec9UL, 0xd2bb3df8UL, 0xdcb230f3UL, 0xcea927eeUL, 0xc0a02ae5UL,
8990x7a47b13cUL, 0x744ebc37UL, 0x6655ab2aUL, 0x685ca621UL, 0x42638510UL, 0x4c6a881bUL, 0x5e719f06UL, 0x5078920dUL,
9000x0a0fd964UL, 0x0406d46fUL, 0x161dc372UL, 0x1814ce79UL, 0x322bed48UL, 0x3c22e043UL, 0x2e39f75eUL, 0x2030fa55UL,
9010xec9ab701UL, 0xe293ba0aUL, 0xf088ad17UL, 0xfe81a01cUL, 0xd4be832dUL, 0xdab78e26UL, 0xc8ac993bUL, 0xc6a59430UL,
9020x9cd2df59UL, 0x92dbd252UL, 0x80c0c54fUL, 0x8ec9c844UL, 0xa4f6eb75UL, 0xaaffe67eUL, 0xb8e4f163UL, 0xb6edfc68UL,
9030x0c0a67b1UL, 0x02036abaUL, 0x10187da7UL, 0x1e1170acUL, 0x342e539dUL, 0x3a275e96UL, 0x283c498bUL, 0x26354480UL,
9040x7c420fe9UL, 0x724b02e2UL, 0x605015ffUL, 0x6e5918f4UL, 0x44663bc5UL, 0x4a6f36ceUL, 0x587421d3UL, 0x567d2cd8UL,
9050x37a10c7aUL, 0x39a80171UL, 0x2bb3166cUL, 0x25ba1b67UL, 0x0f853856UL, 0x018c355dUL, 0x13972240UL, 0x1d9e2f4bUL,
9060x47e96422UL, 0x49e06929UL, 0x5bfb7e34UL, 0x55f2733fUL, 0x7fcd500eUL, 0x71c45d05UL, 0x63df4a18UL, 0x6dd64713UL,
9070xd731dccaUL, 0xd938d1c1UL, 0xcb23c6dcUL, 0xc52acbd7UL, 0xef15e8e6UL, 0xe11ce5edUL, 0xf307f2f0UL, 0xfd0efffbUL,
9080xa779b492UL, 0xa970b999UL, 0xbb6bae84UL, 0xb562a38fUL, 0x9f5d80beUL, 0x91548db5UL, 0x834f9aa8UL, 0x8d4697a3UL
909};
910
911static const ulong32 Tks1[] = {
9120x00000000UL, 0x0b0e090dUL, 0x161c121aUL, 0x1d121b17UL, 0x2c382434UL, 0x27362d39UL, 0x3a24362eUL, 0x312a3f23UL,
9130x58704868UL, 0x537e4165UL, 0x4e6c5a72UL, 0x4562537fUL, 0x74486c5cUL, 0x7f466551UL, 0x62547e46UL, 0x695a774bUL,
9140xb0e090d0UL, 0xbbee99ddUL, 0xa6fc82caUL, 0xadf28bc7UL, 0x9cd8b4e4UL, 0x97d6bde9UL, 0x8ac4a6feUL, 0x81caaff3UL,
9150xe890d8b8UL, 0xe39ed1b5UL, 0xfe8ccaa2UL, 0xf582c3afUL, 0xc4a8fc8cUL, 0xcfa6f581UL, 0xd2b4ee96UL, 0xd9bae79bUL,
9160x7bdb3bbbUL, 0x70d532b6UL, 0x6dc729a1UL, 0x66c920acUL, 0x57e31f8fUL, 0x5ced1682UL, 0x41ff0d95UL, 0x4af10498UL,
9170x23ab73d3UL, 0x28a57adeUL, 0x35b761c9UL, 0x3eb968c4UL, 0x0f9357e7UL, 0x049d5eeaUL, 0x198f45fdUL, 0x12814cf0UL,
9180xcb3bab6bUL, 0xc035a266UL, 0xdd27b971UL, 0xd629b07cUL, 0xe7038f5fUL, 0xec0d8652UL, 0xf11f9d45UL, 0xfa119448UL,
9190x934be303UL, 0x9845ea0eUL, 0x8557f119UL, 0x8e59f814UL, 0xbf73c737UL, 0xb47dce3aUL, 0xa96fd52dUL, 0xa261dc20UL,
9200xf6ad766dUL, 0xfda37f60UL, 0xe0b16477UL, 0xebbf6d7aUL, 0xda955259UL, 0xd19b5b54UL, 0xcc894043UL, 0xc787494eUL,
9210xaedd3e05UL, 0xa5d33708UL, 0xb8c12c1fUL, 0xb3cf2512UL, 0x82e51a31UL, 0x89eb133cUL, 0x94f9082bUL, 0x9ff70126UL,
9220x464de6bdUL, 0x4d43efb0UL, 0x5051f4a7UL, 0x5b5ffdaaUL, 0x6a75c289UL, 0x617bcb84UL, 0x7c69d093UL, 0x7767d99eUL,
9230x1e3daed5UL, 0x1533a7d8UL, 0x0821bccfUL, 0x032fb5c2UL, 0x32058ae1UL, 0x390b83ecUL, 0x241998fbUL, 0x2f1791f6UL,
9240x8d764dd6UL, 0x867844dbUL, 0x9b6a5fccUL, 0x906456c1UL, 0xa14e69e2UL, 0xaa4060efUL, 0xb7527bf8UL, 0xbc5c72f5UL,
9250xd50605beUL, 0xde080cb3UL, 0xc31a17a4UL, 0xc8141ea9UL, 0xf93e218aUL, 0xf2302887UL, 0xef223390UL, 0xe42c3a9dUL,
9260x3d96dd06UL, 0x3698d40bUL, 0x2b8acf1cUL, 0x2084c611UL, 0x11aef932UL, 0x1aa0f03fUL, 0x07b2eb28UL, 0x0cbce225UL,
9270x65e6956eUL, 0x6ee89c63UL, 0x73fa8774UL, 0x78f48e79UL, 0x49deb15aUL, 0x42d0b857UL, 0x5fc2a340UL, 0x54ccaa4dUL,
9280xf741ecdaUL, 0xfc4fe5d7UL, 0xe15dfec0UL, 0xea53f7cdUL, 0xdb79c8eeUL, 0xd077c1e3UL, 0xcd65daf4UL, 0xc66bd3f9UL,
9290xaf31a4b2UL, 0xa43fadbfUL, 0xb92db6a8UL, 0xb223bfa5UL, 0x83098086UL, 0x8807898bUL, 0x9515929cUL, 0x9e1b9b91UL,
9300x47a17c0aUL, 0x4caf7507UL, 0x51bd6e10UL, 0x5ab3671dUL, 0x6b99583eUL, 0x60975133UL, 0x7d854a24UL, 0x768b4329UL,
9310x1fd13462UL, 0x14df3d6fUL, 0x09cd2678UL, 0x02c32f75UL, 0x33e91056UL, 0x38e7195bUL, 0x25f5024cUL, 0x2efb0b41UL,
9320x8c9ad761UL, 0x8794de6cUL, 0x9a86c57bUL, 0x9188cc76UL, 0xa0a2f355UL, 0xabacfa58UL, 0xb6bee14fUL, 0xbdb0e842UL,
9330xd4ea9f09UL, 0xdfe49604UL, 0xc2f68d13UL, 0xc9f8841eUL, 0xf8d2bb3dUL, 0xf3dcb230UL, 0xeecea927UL, 0xe5c0a02aUL,
9340x3c7a47b1UL, 0x37744ebcUL, 0x2a6655abUL, 0x21685ca6UL, 0x10426385UL, 0x1b4c6a88UL, 0x065e719fUL, 0x0d507892UL,
9350x640a0fd9UL, 0x6f0406d4UL, 0x72161dc3UL, 0x791814ceUL, 0x48322bedUL, 0x433c22e0UL, 0x5e2e39f7UL, 0x552030faUL,
9360x01ec9ab7UL, 0x0ae293baUL, 0x17f088adUL, 0x1cfe81a0UL, 0x2dd4be83UL, 0x26dab78eUL, 0x3bc8ac99UL, 0x30c6a594UL,
9370x599cd2dfUL, 0x5292dbd2UL, 0x4f80c0c5UL, 0x448ec9c8UL, 0x75a4f6ebUL, 0x7eaaffe6UL, 0x63b8e4f1UL, 0x68b6edfcUL,
9380xb10c0a67UL, 0xba02036aUL, 0xa710187dUL, 0xac1e1170UL, 0x9d342e53UL, 0x963a275eUL, 0x8b283c49UL, 0x80263544UL,
9390xe97c420fUL, 0xe2724b02UL, 0xff605015UL, 0xf46e5918UL, 0xc544663bUL, 0xce4a6f36UL, 0xd3587421UL, 0xd8567d2cUL,
9400x7a37a10cUL, 0x7139a801UL, 0x6c2bb316UL, 0x6725ba1bUL, 0x560f8538UL, 0x5d018c35UL, 0x40139722UL, 0x4b1d9e2fUL,
9410x2247e964UL, 0x2949e069UL, 0x345bfb7eUL, 0x3f55f273UL, 0x0e7fcd50UL, 0x0571c45dUL, 0x1863df4aUL, 0x136dd647UL,
9420xcad731dcUL, 0xc1d938d1UL, 0xdccb23c6UL, 0xd7c52acbUL, 0xe6ef15e8UL, 0xede11ce5UL, 0xf0f307f2UL, 0xfbfd0effUL,
9430x92a779b4UL, 0x99a970b9UL, 0x84bb6baeUL, 0x8fb562a3UL, 0xbe9f5d80UL, 0xb591548dUL, 0xa8834f9aUL, 0xa38d4697UL
944};
945
946static const ulong32 Tks2[] = {
9470x00000000UL, 0x0d0b0e09UL, 0x1a161c12UL, 0x171d121bUL, 0x342c3824UL, 0x3927362dUL, 0x2e3a2436UL, 0x23312a3fUL,
9480x68587048UL, 0x65537e41UL, 0x724e6c5aUL, 0x7f456253UL, 0x5c74486cUL, 0x517f4665UL, 0x4662547eUL, 0x4b695a77UL,
9490xd0b0e090UL, 0xddbbee99UL, 0xcaa6fc82UL, 0xc7adf28bUL, 0xe49cd8b4UL, 0xe997d6bdUL, 0xfe8ac4a6UL, 0xf381caafUL,
9500xb8e890d8UL, 0xb5e39ed1UL, 0xa2fe8ccaUL, 0xaff582c3UL, 0x8cc4a8fcUL, 0x81cfa6f5UL, 0x96d2b4eeUL, 0x9bd9bae7UL,
9510xbb7bdb3bUL, 0xb670d532UL, 0xa16dc729UL, 0xac66c920UL, 0x8f57e31fUL, 0x825ced16UL, 0x9541ff0dUL, 0x984af104UL,
9520xd323ab73UL, 0xde28a57aUL, 0xc935b761UL, 0xc43eb968UL, 0xe70f9357UL, 0xea049d5eUL, 0xfd198f45UL, 0xf012814cUL,
9530x6bcb3babUL, 0x66c035a2UL, 0x71dd27b9UL, 0x7cd629b0UL, 0x5fe7038fUL, 0x52ec0d86UL, 0x45f11f9dUL, 0x48fa1194UL,
9540x03934be3UL, 0x0e9845eaUL, 0x198557f1UL, 0x148e59f8UL, 0x37bf73c7UL, 0x3ab47dceUL, 0x2da96fd5UL, 0x20a261dcUL,
9550x6df6ad76UL, 0x60fda37fUL, 0x77e0b164UL, 0x7aebbf6dUL, 0x59da9552UL, 0x54d19b5bUL, 0x43cc8940UL, 0x4ec78749UL,
9560x05aedd3eUL, 0x08a5d337UL, 0x1fb8c12cUL, 0x12b3cf25UL, 0x3182e51aUL, 0x3c89eb13UL, 0x2b94f908UL, 0x269ff701UL,
9570xbd464de6UL, 0xb04d43efUL, 0xa75051f4UL, 0xaa5b5ffdUL, 0x896a75c2UL, 0x84617bcbUL, 0x937c69d0UL, 0x9e7767d9UL,
9580xd51e3daeUL, 0xd81533a7UL, 0xcf0821bcUL, 0xc2032fb5UL, 0xe132058aUL, 0xec390b83UL, 0xfb241998UL, 0xf62f1791UL,
9590xd68d764dUL, 0xdb867844UL, 0xcc9b6a5fUL, 0xc1906456UL, 0xe2a14e69UL, 0xefaa4060UL, 0xf8b7527bUL, 0xf5bc5c72UL,
9600xbed50605UL, 0xb3de080cUL, 0xa4c31a17UL, 0xa9c8141eUL, 0x8af93e21UL, 0x87f23028UL, 0x90ef2233UL, 0x9de42c3aUL,
9610x063d96ddUL, 0x0b3698d4UL, 0x1c2b8acfUL, 0x112084c6UL, 0x3211aef9UL, 0x3f1aa0f0UL, 0x2807b2ebUL, 0x250cbce2UL,
9620x6e65e695UL, 0x636ee89cUL, 0x7473fa87UL, 0x7978f48eUL, 0x5a49deb1UL, 0x5742d0b8UL, 0x405fc2a3UL, 0x4d54ccaaUL,
9630xdaf741ecUL, 0xd7fc4fe5UL, 0xc0e15dfeUL, 0xcdea53f7UL, 0xeedb79c8UL, 0xe3d077c1UL, 0xf4cd65daUL, 0xf9c66bd3UL,
9640xb2af31a4UL, 0xbfa43fadUL, 0xa8b92db6UL, 0xa5b223bfUL, 0x86830980UL, 0x8b880789UL, 0x9c951592UL, 0x919e1b9bUL,
9650x0a47a17cUL, 0x074caf75UL, 0x1051bd6eUL, 0x1d5ab367UL, 0x3e6b9958UL, 0x33609751UL, 0x247d854aUL, 0x29768b43UL,
9660x621fd134UL, 0x6f14df3dUL, 0x7809cd26UL, 0x7502c32fUL, 0x5633e910UL, 0x5b38e719UL, 0x4c25f502UL, 0x412efb0bUL,
9670x618c9ad7UL, 0x6c8794deUL, 0x7b9a86c5UL, 0x769188ccUL, 0x55a0a2f3UL, 0x58abacfaUL, 0x4fb6bee1UL, 0x42bdb0e8UL,
9680x09d4ea9fUL, 0x04dfe496UL, 0x13c2f68dUL, 0x1ec9f884UL, 0x3df8d2bbUL, 0x30f3dcb2UL, 0x27eecea9UL, 0x2ae5c0a0UL,
9690xb13c7a47UL, 0xbc37744eUL, 0xab2a6655UL, 0xa621685cUL, 0x85104263UL, 0x881b4c6aUL, 0x9f065e71UL, 0x920d5078UL,
9700xd9640a0fUL, 0xd46f0406UL, 0xc372161dUL, 0xce791814UL, 0xed48322bUL, 0xe0433c22UL, 0xf75e2e39UL, 0xfa552030UL,
9710xb701ec9aUL, 0xba0ae293UL, 0xad17f088UL, 0xa01cfe81UL, 0x832dd4beUL, 0x8e26dab7UL, 0x993bc8acUL, 0x9430c6a5UL,
9720xdf599cd2UL, 0xd25292dbUL, 0xc54f80c0UL, 0xc8448ec9UL, 0xeb75a4f6UL, 0xe67eaaffUL, 0xf163b8e4UL, 0xfc68b6edUL,
9730x67b10c0aUL, 0x6aba0203UL, 0x7da71018UL, 0x70ac1e11UL, 0x539d342eUL, 0x5e963a27UL, 0x498b283cUL, 0x44802635UL,
9740x0fe97c42UL, 0x02e2724bUL, 0x15ff6050UL, 0x18f46e59UL, 0x3bc54466UL, 0x36ce4a6fUL, 0x21d35874UL, 0x2cd8567dUL,
9750x0c7a37a1UL, 0x017139a8UL, 0x166c2bb3UL, 0x1b6725baUL, 0x38560f85UL, 0x355d018cUL, 0x22401397UL, 0x2f4b1d9eUL,
9760x642247e9UL, 0x692949e0UL, 0x7e345bfbUL, 0x733f55f2UL, 0x500e7fcdUL, 0x5d0571c4UL, 0x4a1863dfUL, 0x47136dd6UL,
9770xdccad731UL, 0xd1c1d938UL, 0xc6dccb23UL, 0xcbd7c52aUL, 0xe8e6ef15UL, 0xe5ede11cUL, 0xf2f0f307UL, 0xfffbfd0eUL,
9780xb492a779UL, 0xb999a970UL, 0xae84bb6bUL, 0xa38fb562UL, 0x80be9f5dUL, 0x8db59154UL, 0x9aa8834fUL, 0x97a38d46UL
979};
980
981static const ulong32 Tks3[] = {
9820x00000000UL, 0x090d0b0eUL, 0x121a161cUL, 0x1b171d12UL, 0x24342c38UL, 0x2d392736UL, 0x362e3a24UL, 0x3f23312aUL,
9830x48685870UL, 0x4165537eUL, 0x5a724e6cUL, 0x537f4562UL, 0x6c5c7448UL, 0x65517f46UL, 0x7e466254UL, 0x774b695aUL,
9840x90d0b0e0UL, 0x99ddbbeeUL, 0x82caa6fcUL, 0x8bc7adf2UL, 0xb4e49cd8UL, 0xbde997d6UL, 0xa6fe8ac4UL, 0xaff381caUL,
9850xd8b8e890UL, 0xd1b5e39eUL, 0xcaa2fe8cUL, 0xc3aff582UL, 0xfc8cc4a8UL, 0xf581cfa6UL, 0xee96d2b4UL, 0xe79bd9baUL,
9860x3bbb7bdbUL, 0x32b670d5UL, 0x29a16dc7UL, 0x20ac66c9UL, 0x1f8f57e3UL, 0x16825cedUL, 0x0d9541ffUL, 0x04984af1UL,
9870x73d323abUL, 0x7ade28a5UL, 0x61c935b7UL, 0x68c43eb9UL, 0x57e70f93UL, 0x5eea049dUL, 0x45fd198fUL, 0x4cf01281UL,
9880xab6bcb3bUL, 0xa266c035UL, 0xb971dd27UL, 0xb07cd629UL, 0x8f5fe703UL, 0x8652ec0dUL, 0x9d45f11fUL, 0x9448fa11UL,
9890xe303934bUL, 0xea0e9845UL, 0xf1198557UL, 0xf8148e59UL, 0xc737bf73UL, 0xce3ab47dUL, 0xd52da96fUL, 0xdc20a261UL,
9900x766df6adUL, 0x7f60fda3UL, 0x6477e0b1UL, 0x6d7aebbfUL, 0x5259da95UL, 0x5b54d19bUL, 0x4043cc89UL, 0x494ec787UL,
9910x3e05aeddUL, 0x3708a5d3UL, 0x2c1fb8c1UL, 0x2512b3cfUL, 0x1a3182e5UL, 0x133c89ebUL, 0x082b94f9UL, 0x01269ff7UL,
9920xe6bd464dUL, 0xefb04d43UL, 0xf4a75051UL, 0xfdaa5b5fUL, 0xc2896a75UL, 0xcb84617bUL, 0xd0937c69UL, 0xd99e7767UL,
9930xaed51e3dUL, 0xa7d81533UL, 0xbccf0821UL, 0xb5c2032fUL, 0x8ae13205UL, 0x83ec390bUL, 0x98fb2419UL, 0x91f62f17UL,
9940x4dd68d76UL, 0x44db8678UL, 0x5fcc9b6aUL, 0x56c19064UL, 0x69e2a14eUL, 0x60efaa40UL, 0x7bf8b752UL, 0x72f5bc5cUL,
9950x05bed506UL, 0x0cb3de08UL, 0x17a4c31aUL, 0x1ea9c814UL, 0x218af93eUL, 0x2887f230UL, 0x3390ef22UL, 0x3a9de42cUL,
9960xdd063d96UL, 0xd40b3698UL, 0xcf1c2b8aUL, 0xc6112084UL, 0xf93211aeUL, 0xf03f1aa0UL, 0xeb2807b2UL, 0xe2250cbcUL,
9970x956e65e6UL, 0x9c636ee8UL, 0x877473faUL, 0x8e7978f4UL, 0xb15a49deUL, 0xb85742d0UL, 0xa3405fc2UL, 0xaa4d54ccUL,
9980xecdaf741UL, 0xe5d7fc4fUL, 0xfec0e15dUL, 0xf7cdea53UL, 0xc8eedb79UL, 0xc1e3d077UL, 0xdaf4cd65UL, 0xd3f9c66bUL,
9990xa4b2af31UL, 0xadbfa43fUL, 0xb6a8b92dUL, 0xbfa5b223UL, 0x80868309UL, 0x898b8807UL, 0x929c9515UL, 0x9b919e1bUL,
10000x7c0a47a1UL, 0x75074cafUL, 0x6e1051bdUL, 0x671d5ab3UL, 0x583e6b99UL, 0x51336097UL, 0x4a247d85UL, 0x4329768bUL,
10010x34621fd1UL, 0x3d6f14dfUL, 0x267809cdUL, 0x2f7502c3UL, 0x105633e9UL, 0x195b38e7UL, 0x024c25f5UL, 0x0b412efbUL,
10020xd7618c9aUL, 0xde6c8794UL, 0xc57b9a86UL, 0xcc769188UL, 0xf355a0a2UL, 0xfa58abacUL, 0xe14fb6beUL, 0xe842bdb0UL,
10030x9f09d4eaUL, 0x9604dfe4UL, 0x8d13c2f6UL, 0x841ec9f8UL, 0xbb3df8d2UL, 0xb230f3dcUL, 0xa927eeceUL, 0xa02ae5c0UL,
10040x47b13c7aUL, 0x4ebc3774UL, 0x55ab2a66UL, 0x5ca62168UL, 0x63851042UL, 0x6a881b4cUL, 0x719f065eUL, 0x78920d50UL,
10050x0fd9640aUL, 0x06d46f04UL, 0x1dc37216UL, 0x14ce7918UL, 0x2bed4832UL, 0x22e0433cUL, 0x39f75e2eUL, 0x30fa5520UL,
10060x9ab701ecUL, 0x93ba0ae2UL, 0x88ad17f0UL, 0x81a01cfeUL, 0xbe832dd4UL, 0xb78e26daUL, 0xac993bc8UL, 0xa59430c6UL,
10070xd2df599cUL, 0xdbd25292UL, 0xc0c54f80UL, 0xc9c8448eUL, 0xf6eb75a4UL, 0xffe67eaaUL, 0xe4f163b8UL, 0xedfc68b6UL,
10080x0a67b10cUL, 0x036aba02UL, 0x187da710UL, 0x1170ac1eUL, 0x2e539d34UL, 0x275e963aUL, 0x3c498b28UL, 0x35448026UL,
10090x420fe97cUL, 0x4b02e272UL, 0x5015ff60UL, 0x5918f46eUL, 0x663bc544UL, 0x6f36ce4aUL, 0x7421d358UL, 0x7d2cd856UL,
10100xa10c7a37UL, 0xa8017139UL, 0xb3166c2bUL, 0xba1b6725UL, 0x8538560fUL, 0x8c355d01UL, 0x97224013UL, 0x9e2f4b1dUL,
10110xe9642247UL, 0xe0692949UL, 0xfb7e345bUL, 0xf2733f55UL, 0xcd500e7fUL, 0xc45d0571UL, 0xdf4a1863UL, 0xd647136dUL,
10120x31dccad7UL, 0x38d1c1d9UL, 0x23c6dccbUL, 0x2acbd7c5UL, 0x15e8e6efUL, 0x1ce5ede1UL, 0x07f2f0f3UL, 0x0efffbfdUL,
10130x79b492a7UL, 0x70b999a9UL, 0x6bae84bbUL, 0x62a38fb5UL, 0x5d80be9fUL, 0x548db591UL, 0x4f9aa883UL, 0x4697a38dUL
1014};
1015
1016#endif /* ENCRYPT_ONLY */
1017
1018#endif /* SMALL CODE */
1019
1020#ifndef PELI_TAB
1021static const ulong32 rcon[] = {
1022 0x01000000UL, 0x02000000UL, 0x04000000UL, 0x08000000UL,
1023 0x10000000UL, 0x20000000UL, 0x40000000UL, 0x80000000UL,
1024 0x1B000000UL, 0x36000000UL, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
1025};
1026#endif
1027
1028#endif /* __LTC_AES_TAB_C__ */
1029
1030/* ref: HEAD -> master, tag: v1.18.2 */
1031/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
1032/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/hashes/sha1.c b/utils/tomcrypt/src/hashes/sha1.c
new file mode 100644
index 0000000000..0e7cc215ba
--- /dev/null
+++ b/utils/tomcrypt/src/hashes/sha1.c
@@ -0,0 +1,286 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9#include "tomcrypt.h"
10
11/**
12 @file sha1.c
13 LTC_SHA1 code by Tom St Denis
14*/
15
16
17#ifdef LTC_SHA1
18
19const struct ltc_hash_descriptor sha1_desc =
20{
21 "sha1",
22 2,
23 20,
24 64,
25
26 /* OID */
27 { 1, 3, 14, 3, 2, 26, },
28 6,
29
30 &sha1_init,
31 &sha1_process,
32 &sha1_done,
33 &sha1_test,
34 NULL
35};
36
37#define F0(x,y,z) (z ^ (x & (y ^ z)))
38#define F1(x,y,z) (x ^ y ^ z)
39#define F2(x,y,z) ((x & y) | (z & (x | y)))
40#define F3(x,y,z) (x ^ y ^ z)
41
42#ifdef LTC_CLEAN_STACK
43static int _sha1_compress(hash_state *md, unsigned char *buf)
44#else
45static int sha1_compress(hash_state *md, unsigned char *buf)
46#endif
47{
48 ulong32 a,b,c,d,e,W[80],i;
49#ifdef LTC_SMALL_CODE
50 ulong32 t;
51#endif
52
53 /* copy the state into 512-bits into W[0..15] */
54 for (i = 0; i < 16; i++) {
55 LOAD32H(W[i], buf + (4*i));
56 }
57
58 /* copy state */
59 a = md->sha1.state[0];
60 b = md->sha1.state[1];
61 c = md->sha1.state[2];
62 d = md->sha1.state[3];
63 e = md->sha1.state[4];
64
65 /* expand it */
66 for (i = 16; i < 80; i++) {
67 W[i] = ROL(W[i-3] ^ W[i-8] ^ W[i-14] ^ W[i-16], 1);
68 }
69
70 /* compress */
71 /* round one */
72 #define FF0(a,b,c,d,e,i) e = (ROLc(a, 5) + F0(b,c,d) + e + W[i] + 0x5a827999UL); b = ROLc(b, 30);
73 #define FF1(a,b,c,d,e,i) e = (ROLc(a, 5) + F1(b,c,d) + e + W[i] + 0x6ed9eba1UL); b = ROLc(b, 30);
74 #define FF2(a,b,c,d,e,i) e = (ROLc(a, 5) + F2(b,c,d) + e + W[i] + 0x8f1bbcdcUL); b = ROLc(b, 30);
75 #define FF3(a,b,c,d,e,i) e = (ROLc(a, 5) + F3(b,c,d) + e + W[i] + 0xca62c1d6UL); b = ROLc(b, 30);
76
77#ifdef LTC_SMALL_CODE
78
79 for (i = 0; i < 20; ) {
80 FF0(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
81 }
82
83 for (; i < 40; ) {
84 FF1(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
85 }
86
87 for (; i < 60; ) {
88 FF2(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
89 }
90
91 for (; i < 80; ) {
92 FF3(a,b,c,d,e,i++); t = e; e = d; d = c; c = b; b = a; a = t;
93 }
94
95#else
96
97 for (i = 0; i < 20; ) {
98 FF0(a,b,c,d,e,i++);
99 FF0(e,a,b,c,d,i++);
100 FF0(d,e,a,b,c,i++);
101 FF0(c,d,e,a,b,i++);
102 FF0(b,c,d,e,a,i++);
103 }
104
105 /* round two */
106 for (; i < 40; ) {
107 FF1(a,b,c,d,e,i++);
108 FF1(e,a,b,c,d,i++);
109 FF1(d,e,a,b,c,i++);
110 FF1(c,d,e,a,b,i++);
111 FF1(b,c,d,e,a,i++);
112 }
113
114 /* round three */
115 for (; i < 60; ) {
116 FF2(a,b,c,d,e,i++);
117 FF2(e,a,b,c,d,i++);
118 FF2(d,e,a,b,c,i++);
119 FF2(c,d,e,a,b,i++);
120 FF2(b,c,d,e,a,i++);
121 }
122
123 /* round four */
124 for (; i < 80; ) {
125 FF3(a,b,c,d,e,i++);
126 FF3(e,a,b,c,d,i++);
127 FF3(d,e,a,b,c,i++);
128 FF3(c,d,e,a,b,i++);
129 FF3(b,c,d,e,a,i++);
130 }
131#endif
132
133 #undef FF0
134 #undef FF1
135 #undef FF2
136 #undef FF3
137
138 /* store */
139 md->sha1.state[0] = md->sha1.state[0] + a;
140 md->sha1.state[1] = md->sha1.state[1] + b;
141 md->sha1.state[2] = md->sha1.state[2] + c;
142 md->sha1.state[3] = md->sha1.state[3] + d;
143 md->sha1.state[4] = md->sha1.state[4] + e;
144
145 return CRYPT_OK;
146}
147
148#ifdef LTC_CLEAN_STACK
149static int sha1_compress(hash_state *md, unsigned char *buf)
150{
151 int err;
152 err = _sha1_compress(md, buf);
153 burn_stack(sizeof(ulong32) * 87);
154 return err;
155}
156#endif
157
158/**
159 Initialize the hash state
160 @param md The hash state you wish to initialize
161 @return CRYPT_OK if successful
162*/
163int sha1_init(hash_state * md)
164{
165 LTC_ARGCHK(md != NULL);
166 md->sha1.state[0] = 0x67452301UL;
167 md->sha1.state[1] = 0xefcdab89UL;
168 md->sha1.state[2] = 0x98badcfeUL;
169 md->sha1.state[3] = 0x10325476UL;
170 md->sha1.state[4] = 0xc3d2e1f0UL;
171 md->sha1.curlen = 0;
172 md->sha1.length = 0;
173 return CRYPT_OK;
174}
175
176/**
177 Process a block of memory though the hash
178 @param md The hash state
179 @param in The data to hash
180 @param inlen The length of the data (octets)
181 @return CRYPT_OK if successful
182*/
183HASH_PROCESS(sha1_process, sha1_compress, sha1, 64)
184
185/**
186 Terminate the hash to get the digest
187 @param md The hash state
188 @param out [out] The destination of the hash (20 bytes)
189 @return CRYPT_OK if successful
190*/
191int sha1_done(hash_state * md, unsigned char *out)
192{
193 int i;
194
195 LTC_ARGCHK(md != NULL);
196 LTC_ARGCHK(out != NULL);
197
198 if (md->sha1.curlen >= sizeof(md->sha1.buf)) {
199 return CRYPT_INVALID_ARG;
200 }
201
202 /* increase the length of the message */
203 md->sha1.length += md->sha1.curlen * 8;
204
205 /* append the '1' bit */
206 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0x80;
207
208 /* if the length is currently above 56 bytes we append zeros
209 * then compress. Then we can fall back to padding zeros and length
210 * encoding like normal.
211 */
212 if (md->sha1.curlen > 56) {
213 while (md->sha1.curlen < 64) {
214 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
215 }
216 sha1_compress(md, md->sha1.buf);
217 md->sha1.curlen = 0;
218 }
219
220 /* pad upto 56 bytes of zeroes */
221 while (md->sha1.curlen < 56) {
222 md->sha1.buf[md->sha1.curlen++] = (unsigned char)0;
223 }
224
225 /* store length */
226 STORE64H(md->sha1.length, md->sha1.buf+56);
227 sha1_compress(md, md->sha1.buf);
228
229 /* copy output */
230 for (i = 0; i < 5; i++) {
231 STORE32H(md->sha1.state[i], out+(4*i));
232 }
233#ifdef LTC_CLEAN_STACK
234 zeromem(md, sizeof(hash_state));
235#endif
236 return CRYPT_OK;
237}
238
239/**
240 Self-test the hash
241 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
242*/
243int sha1_test(void)
244{
245 #ifndef LTC_TEST
246 return CRYPT_NOP;
247 #else
248 static const struct {
249 const char *msg;
250 unsigned char hash[20];
251 } tests[] = {
252 { "abc",
253 { 0xa9, 0x99, 0x3e, 0x36, 0x47, 0x06, 0x81, 0x6a,
254 0xba, 0x3e, 0x25, 0x71, 0x78, 0x50, 0xc2, 0x6c,
255 0x9c, 0xd0, 0xd8, 0x9d }
256 },
257 { "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
258 { 0x84, 0x98, 0x3E, 0x44, 0x1C, 0x3B, 0xD2, 0x6E,
259 0xBA, 0xAE, 0x4A, 0xA1, 0xF9, 0x51, 0x29, 0xE5,
260 0xE5, 0x46, 0x70, 0xF1 }
261 }
262 };
263
264 int i;
265 unsigned char tmp[20];
266 hash_state md;
267
268 for (i = 0; i < (int)(sizeof(tests) / sizeof(tests[0])); i++) {
269 sha1_init(&md);
270 sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
271 sha1_done(&md, tmp);
272 if (compare_testvector(tmp, sizeof(tmp), tests[i].hash, sizeof(tests[i].hash), "SHA1", i)) {
273 return CRYPT_FAIL_TESTVECTOR;
274 }
275 }
276 return CRYPT_OK;
277 #endif
278}
279
280#endif
281
282
283
284/* ref: HEAD -> master, tag: v1.18.2 */
285/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
286/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt.h b/utils/tomcrypt/src/headers/tomcrypt.h
new file mode 100644
index 0000000000..1192ab5c84
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt.h
@@ -0,0 +1,105 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10#ifndef TOMCRYPT_H_
11#define TOMCRYPT_H_
12#include <assert.h>
13#include <stdio.h>
14#include <string.h>
15#include <stdlib.h>
16#include <stddef.h>
17#include <time.h>
18#include <ctype.h>
19#include <limits.h>
20
21/* use configuration data */
22#include <tomcrypt_custom.h>
23
24#ifdef __cplusplus
25extern "C" {
26#endif
27
28/* version */
29#define CRYPT 0x0118
30#define SCRYPT "1.18.2"
31
32/* max size of either a cipher/hash block or symmetric key [largest of the two] */
33#define MAXBLOCKSIZE 128
34
35#ifndef TAB_SIZE
36/* descriptor table size */
37#define TAB_SIZE 32
38#endif
39
40/* error codes [will be expanded in future releases] */
41enum {
42 CRYPT_OK=0, /* Result OK */
43 CRYPT_ERROR, /* Generic Error */
44 CRYPT_NOP, /* Not a failure but no operation was performed */
45
46 CRYPT_INVALID_KEYSIZE, /* Invalid key size given */
47 CRYPT_INVALID_ROUNDS, /* Invalid number of rounds */
48 CRYPT_FAIL_TESTVECTOR, /* Algorithm failed test vectors */
49
50 CRYPT_BUFFER_OVERFLOW, /* Not enough space for output */
51 CRYPT_INVALID_PACKET, /* Invalid input packet given */
52
53 CRYPT_INVALID_PRNGSIZE, /* Invalid number of bits for a PRNG */
54 CRYPT_ERROR_READPRNG, /* Could not read enough from PRNG */
55
56 CRYPT_INVALID_CIPHER, /* Invalid cipher specified */
57 CRYPT_INVALID_HASH, /* Invalid hash specified */
58 CRYPT_INVALID_PRNG, /* Invalid PRNG specified */
59
60 CRYPT_MEM, /* Out of memory */
61
62 CRYPT_PK_TYPE_MISMATCH, /* Not equivalent types of PK keys */
63 CRYPT_PK_NOT_PRIVATE, /* Requires a private PK key */
64
65 CRYPT_INVALID_ARG, /* Generic invalid argument */
66 CRYPT_FILE_NOTFOUND, /* File Not Found */
67
68 CRYPT_PK_INVALID_TYPE, /* Invalid type of PK key */
69
70 CRYPT_OVERFLOW, /* An overflow of a value was detected/prevented */
71
72 CRYPT_UNUSED1, /* UNUSED1 */
73
74 CRYPT_INPUT_TOO_LONG, /* The input was longer than expected. */
75
76 CRYPT_PK_INVALID_SIZE, /* Invalid size input for PK parameters */
77
78 CRYPT_INVALID_PRIME_SIZE,/* Invalid size of prime requested */
79 CRYPT_PK_INVALID_PADDING, /* Invalid padding on input */
80
81 CRYPT_HASH_OVERFLOW /* Hash applied to too many bits */
82};
83
84#include <tomcrypt_cfg.h>
85#include <tomcrypt_macros.h>
86#include <tomcrypt_cipher.h>
87#include <tomcrypt_hash.h>
88#include <tomcrypt_mac.h>
89#include <tomcrypt_prng.h>
90#include <tomcrypt_pk.h>
91#include <tomcrypt_math.h>
92#include <tomcrypt_misc.h>
93#include <tomcrypt_argchk.h>
94#include <tomcrypt_pkcs.h>
95
96#ifdef __cplusplus
97 }
98#endif
99
100#endif /* TOMCRYPT_H_ */
101
102
103/* ref: HEAD -> master, tag: v1.18.2 */
104/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
105/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_argchk.h b/utils/tomcrypt/src/headers/tomcrypt_argchk.h
new file mode 100644
index 0000000000..c946712f8c
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_argchk.h
@@ -0,0 +1,53 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/* Defines the LTC_ARGCHK macro used within the library */
11/* ARGTYPE is defined in tomcrypt_cfg.h */
12#if ARGTYPE == 0
13
14#include <signal.h>
15
16/* this is the default LibTomCrypt macro */
17#if defined(__clang__) || defined(__GNUC_MINOR__)
18#define NORETURN __attribute__ ((noreturn))
19#else
20#define NORETURN
21#endif
22
23void crypt_argchk(const char *v, const char *s, int d) NORETURN;
24#define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0)
25#define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0)
26
27#elif ARGTYPE == 1
28
29/* fatal type of error */
30#define LTC_ARGCHK(x) assert((x))
31#define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
32
33#elif ARGTYPE == 2
34
35#define LTC_ARGCHK(x) if (!(x)) { fprintf(stderr, "\nwarning: ARGCHK failed at %s:%d\n", __FILE__, __LINE__); }
36#define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
37
38#elif ARGTYPE == 3
39
40#define LTC_ARGCHK(x)
41#define LTC_ARGCHKVD(x) LTC_ARGCHK(x)
42
43#elif ARGTYPE == 4
44
45#define LTC_ARGCHK(x) if (!(x)) return CRYPT_INVALID_ARG;
46#define LTC_ARGCHKVD(x) if (!(x)) return;
47
48#endif
49
50
51/* ref: HEAD -> master, tag: v1.18.2 */
52/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
53/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_cfg.h b/utils/tomcrypt/src/headers/tomcrypt_cfg.h
new file mode 100644
index 0000000000..ce0dd5f7fa
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_cfg.h
@@ -0,0 +1,283 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/* This is the build config file.
11 *
12 * With this you can setup what to inlcude/exclude automatically during any build. Just comment
13 * out the line that #define's the word for the thing you want to remove. phew!
14 */
15
16#ifndef TOMCRYPT_CFG_H
17#define TOMCRYPT_CFG_H
18
19#if defined(_WIN32) || defined(_MSC_VER)
20 #define LTC_CALL __cdecl
21#elif !defined(LTC_CALL)
22 #define LTC_CALL
23#endif
24
25#ifndef LTC_EXPORT
26 #define LTC_EXPORT
27#endif
28
29/* certain platforms use macros for these, making the prototypes broken */
30#ifndef LTC_NO_PROTOTYPES
31
32/* you can change how memory allocation works ... */
33LTC_EXPORT void * LTC_CALL XMALLOC(size_t n);
34LTC_EXPORT void * LTC_CALL XREALLOC(void *p, size_t n);
35LTC_EXPORT void * LTC_CALL XCALLOC(size_t n, size_t s);
36LTC_EXPORT void LTC_CALL XFREE(void *p);
37
38LTC_EXPORT void LTC_CALL XQSORT(void *base, size_t nmemb, size_t size, int(*compar)(const void *, const void *));
39
40
41/* change the clock function too */
42LTC_EXPORT clock_t LTC_CALL XCLOCK(void);
43
44/* various other functions */
45LTC_EXPORT void * LTC_CALL XMEMCPY(void *dest, const void *src, size_t n);
46LTC_EXPORT int LTC_CALL XMEMCMP(const void *s1, const void *s2, size_t n);
47LTC_EXPORT void * LTC_CALL XMEMSET(void *s, int c, size_t n);
48
49LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2);
50
51#endif
52
53/* some compilers do not like "inline" (or maybe "static inline"), namely: HP cc, IBM xlc */
54#if defined(__HP_cc) || defined(__xlc__)
55 #define LTC_INLINE
56#elif defined(_MSC_VER)
57 #define LTC_INLINE __inline
58#else
59 #define LTC_INLINE inline
60#endif
61
62/* type of argument checking, 0=default, 1=fatal and 2=error+continue, 3=nothing */
63#ifndef ARGTYPE
64 #define ARGTYPE 0
65#endif
66
67#undef LTC_ENCRYPT
68#define LTC_ENCRYPT 0
69#undef LTC_DECRYPT
70#define LTC_DECRYPT 1
71
72/* Controls endianess and size of registers. Leave uncommented to get platform neutral [slower] code
73 *
74 * Note: in order to use the optimized macros your platform must support unaligned 32 and 64 bit read/writes.
75 * The x86 platforms allow this but some others [ARM for instance] do not. On those platforms you **MUST**
76 * use the portable [slower] macros.
77 */
78/* detect x86/i386 32bit */
79#if defined(__i386__) || defined(__i386) || defined(_M_IX86)
80 #define ENDIAN_LITTLE
81 #define ENDIAN_32BITWORD
82 #define LTC_FAST
83#endif
84
85/* detect amd64/x64 */
86#if defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64)
87 #define ENDIAN_LITTLE
88 #define ENDIAN_64BITWORD
89 #define LTC_FAST
90#endif
91
92/* detect PPC32 */
93#if defined(LTC_PPC32)
94 #define ENDIAN_BIG
95 #define ENDIAN_32BITWORD
96 #define LTC_FAST
97#endif
98
99/* detects MIPS R5900 processors (PS2) */
100#if (defined(__R5900) || defined(R5900) || defined(__R5900__)) && (defined(_mips) || defined(__mips__) || defined(mips))
101 #define ENDIAN_64BITWORD
102 #if defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__)
103 #define ENDIAN_BIG
104 #endif
105 #define ENDIAN_LITTLE
106 #endif
107#endif
108
109/* detect AIX */
110#if defined(_AIX) && defined(_BIG_ENDIAN)
111 #define ENDIAN_BIG
112 #if defined(__LP64__) || defined(_ARCH_PPC64)
113 #define ENDIAN_64BITWORD
114 #else
115 #define ENDIAN_32BITWORD
116 #endif
117#endif
118
119/* detect HP-UX */
120#if defined(__hpux) || defined(__hpux__)
121 #define ENDIAN_BIG
122 #if defined(__ia64) || defined(__ia64__) || defined(__LP64__)
123 #define ENDIAN_64BITWORD
124 #else
125 #define ENDIAN_32BITWORD
126 #endif
127#endif
128
129/* detect Apple OS X */
130#if defined(__APPLE__) && defined(__MACH__)
131 #if defined(__LITTLE_ENDIAN__) || defined(__x86_64__)
132 #define ENDIAN_LITTLE
133 #else
134 #define ENDIAN_BIG
135 #endif
136 #if defined(__LP64__) || defined(__x86_64__)
137 #define ENDIAN_64BITWORD
138 #else
139 #define ENDIAN_32BITWORD
140 #endif
141#endif
142
143/* detect SPARC and SPARC64 */
144#if defined(__sparc__) || defined(__sparc)
145 #define ENDIAN_BIG
146 #if defined(__arch64__) || defined(__sparcv9) || defined(__sparc_v9__)
147 #define ENDIAN_64BITWORD
148 #else
149 #define ENDIAN_32BITWORD
150 #endif
151#endif
152
153/* detect IBM S390(x) */
154#if defined(__s390x__) || defined(__s390__)
155 #define ENDIAN_BIG
156 #if defined(__s390x__)
157 #define ENDIAN_64BITWORD
158 #else
159 #define ENDIAN_32BITWORD
160 #endif
161#endif
162
163/* detect PPC64 */
164#if defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__)
165 #define ENDIAN_64BITWORD
166 #if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
167 #define ENDIAN_BIG
168 #elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
169 #define ENDIAN_LITTLE
170 #endif
171 #define LTC_FAST
172#endif
173
174/* endianness fallback */
175#if !defined(ENDIAN_BIG) && !defined(ENDIAN_LITTLE)
176 #if defined(_BYTE_ORDER) && _BYTE_ORDER == _BIG_ENDIAN || \
177 defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN || \
178 defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ || \
179 defined(__BIG_ENDIAN__) || \
180 defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
181 defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__)
182 #define ENDIAN_BIG
183 #elif defined(_BYTE_ORDER) && _BYTE_ORDER == _LITTLE_ENDIAN || \
184 defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN || \
185 defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ || \
186 defined(__LITTLE_ENDIAN__) || \
187 defined(__ARMEL__) || defined(__THUMBEL__) || defined(__AARCH64EL__) || \
188 defined(_MIPSEL) || defined(__MIPSEL) || defined(__MIPSEL__)
189 #define ENDIAN_LITTLE
190 #else
191 #error Cannot detect endianness
192 #endif
193#endif
194
195/* ulong64: 64-bit data type */
196#ifdef _MSC_VER
197 #define CONST64(n) n ## ui64
198 typedef unsigned __int64 ulong64;
199#else
200 #define CONST64(n) n ## ULL
201 typedef unsigned long long ulong64;
202#endif
203
204/* ulong32: "32-bit at least" data type */
205#if defined(__x86_64__) || defined(_M_X64) || defined(_M_AMD64) || \
206 defined(__powerpc64__) || defined(__ppc64__) || defined(__PPC64__) || \
207 defined(__s390x__) || defined(__arch64__) || defined(__aarch64__) || \
208 defined(__sparcv9) || defined(__sparc_v9__) || defined(__sparc64__) || \
209 defined(__ia64) || defined(__ia64__) || defined(__itanium__) || defined(_M_IA64) || \
210 defined(__LP64__) || defined(_LP64) || defined(__64BIT__)
211 typedef unsigned ulong32;
212 #if !defined(ENDIAN_64BITWORD) && !defined(ENDIAN_32BITWORD)
213 #define ENDIAN_64BITWORD
214 #endif
215#else
216 typedef unsigned long ulong32;
217 #if !defined(ENDIAN_64BITWORD) && !defined(ENDIAN_32BITWORD)
218 #define ENDIAN_32BITWORD
219 #endif
220#endif
221
222#if defined(ENDIAN_64BITWORD) && !defined(_MSC_VER)
223typedef unsigned long long ltc_mp_digit;
224#else
225typedef unsigned long ltc_mp_digit;
226#endif
227
228/* No asm is a quick way to disable anything "not portable" */
229#ifdef LTC_NO_ASM
230 #define ENDIAN_NEUTRAL
231 #undef ENDIAN_32BITWORD
232 #undef ENDIAN_64BITWORD
233 #undef LTC_FAST
234 #define LTC_NO_ROLC
235 #define LTC_NO_BSWAP
236#endif
237
238/* No LTC_FAST if: explicitly disabled OR non-gcc/non-clang compiler OR old gcc OR using -ansi -std=c99 */
239#if defined(LTC_NO_FAST) || (__GNUC__ < 4) || defined(__STRICT_ANSI__)
240 #undef LTC_FAST
241#endif
242
243#ifdef LTC_FAST
244 #define LTC_FAST_TYPE_PTR_CAST(x) ((LTC_FAST_TYPE*)(void*)(x))
245 #ifdef ENDIAN_64BITWORD
246 typedef ulong64 __attribute__((__may_alias__)) LTC_FAST_TYPE;
247 #else
248 typedef ulong32 __attribute__((__may_alias__)) LTC_FAST_TYPE;
249 #endif
250#endif
251
252#if !defined(ENDIAN_NEUTRAL) && (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD))
253 #error You must specify a word size as well as endianess in tomcrypt_cfg.h
254#endif
255
256#if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE))
257 #define ENDIAN_NEUTRAL
258#endif
259
260#if (defined(ENDIAN_32BITWORD) && defined(ENDIAN_64BITWORD))
261 #error Cannot be 32 and 64 bit words...
262#endif
263
264/* gcc 4.3 and up has a bswap builtin; detect it by gcc version.
265 * clang also supports the bswap builtin, and although clang pretends
266 * to be gcc (macro-wise, anyway), clang pretends to be a version
267 * prior to gcc 4.3, so we can't detect bswap that way. Instead,
268 * clang has a __has_builtin mechanism that can be used to check
269 * for builtins:
270 * http://clang.llvm.org/docs/LanguageExtensions.html#feature_check */
271#ifndef __has_builtin
272 #define __has_builtin(x) 0
273#endif
274#if !defined(LTC_NO_BSWAP) && defined(__GNUC__) && \
275 ((__GNUC__ * 100 + __GNUC_MINOR__ >= 403) || \
276 (__has_builtin(__builtin_bswap32) && __has_builtin(__builtin_bswap64)))
277 #define LTC_HAVE_BSWAP_BUILTIN
278#endif
279
280
281/* ref: HEAD -> master, tag: v1.18.2 */
282/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
283/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_cipher.h b/utils/tomcrypt/src/headers/tomcrypt_cipher.h
new file mode 100644
index 0000000000..6f0c30b63b
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_cipher.h
@@ -0,0 +1,1008 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/* ---- SYMMETRIC KEY STUFF -----
11 *
12 * We put each of the ciphers scheduled keys in their own structs then we put all of
13 * the key formats in one union. This makes the function prototypes easier to use.
14 */
15#ifdef LTC_BLOWFISH
16struct blowfish_key {
17 ulong32 S[4][256];
18 ulong32 K[18];
19};
20#endif
21
22#ifdef LTC_RC5
23struct rc5_key {
24 int rounds;
25 ulong32 K[50];
26};
27#endif
28
29#ifdef LTC_RC6
30struct rc6_key {
31 ulong32 K[44];
32};
33#endif
34
35#ifdef LTC_SAFERP
36struct saferp_key {
37 unsigned char K[33][16];
38 long rounds;
39};
40#endif
41
42#ifdef LTC_RIJNDAEL
43struct rijndael_key {
44 ulong32 eK[60], dK[60];
45 int Nr;
46};
47#endif
48
49#ifdef LTC_KSEED
50struct kseed_key {
51 ulong32 K[32], dK[32];
52};
53#endif
54
55#ifdef LTC_KASUMI
56struct kasumi_key {
57 ulong32 KLi1[8], KLi2[8],
58 KOi1[8], KOi2[8], KOi3[8],
59 KIi1[8], KIi2[8], KIi3[8];
60};
61#endif
62
63#ifdef LTC_XTEA
64struct xtea_key {
65 unsigned long A[32], B[32];
66};
67#endif
68
69#ifdef LTC_TWOFISH
70#ifndef LTC_TWOFISH_SMALL
71 struct twofish_key {
72 ulong32 S[4][256], K[40];
73 };
74#else
75 struct twofish_key {
76 ulong32 K[40];
77 unsigned char S[32], start;
78 };
79#endif
80#endif
81
82#ifdef LTC_SAFER
83#define LTC_SAFER_K64_DEFAULT_NOF_ROUNDS 6
84#define LTC_SAFER_K128_DEFAULT_NOF_ROUNDS 10
85#define LTC_SAFER_SK64_DEFAULT_NOF_ROUNDS 8
86#define LTC_SAFER_SK128_DEFAULT_NOF_ROUNDS 10
87#define LTC_SAFER_MAX_NOF_ROUNDS 13
88#define LTC_SAFER_BLOCK_LEN 8
89#define LTC_SAFER_KEY_LEN (1 + LTC_SAFER_BLOCK_LEN * (1 + 2 * LTC_SAFER_MAX_NOF_ROUNDS))
90typedef unsigned char safer_block_t[LTC_SAFER_BLOCK_LEN];
91typedef unsigned char safer_key_t[LTC_SAFER_KEY_LEN];
92struct safer_key { safer_key_t key; };
93#endif
94
95#ifdef LTC_RC2
96struct rc2_key { unsigned xkey[64]; };
97#endif
98
99#ifdef LTC_DES
100struct des_key {
101 ulong32 ek[32], dk[32];
102};
103
104struct des3_key {
105 ulong32 ek[3][32], dk[3][32];
106};
107#endif
108
109#ifdef LTC_CAST5
110struct cast5_key {
111 ulong32 K[32], keylen;
112};
113#endif
114
115#ifdef LTC_NOEKEON
116struct noekeon_key {
117 ulong32 K[4], dK[4];
118};
119#endif
120
121#ifdef LTC_SKIPJACK
122struct skipjack_key {
123 unsigned char key[10];
124};
125#endif
126
127#ifdef LTC_KHAZAD
128struct khazad_key {
129 ulong64 roundKeyEnc[8 + 1];
130 ulong64 roundKeyDec[8 + 1];
131};
132#endif
133
134#ifdef LTC_ANUBIS
135struct anubis_key {
136 int keyBits;
137 int R;
138 ulong32 roundKeyEnc[18 + 1][4];
139 ulong32 roundKeyDec[18 + 1][4];
140};
141#endif
142
143#ifdef LTC_MULTI2
144struct multi2_key {
145 int N;
146 ulong32 uk[8];
147};
148#endif
149
150#ifdef LTC_CAMELLIA
151struct camellia_key {
152 int R;
153 ulong64 kw[4], k[24], kl[6];
154};
155#endif
156
157typedef union Symmetric_key {
158#ifdef LTC_DES
159 struct des_key des;
160 struct des3_key des3;
161#endif
162#ifdef LTC_RC2
163 struct rc2_key rc2;
164#endif
165#ifdef LTC_SAFER
166 struct safer_key safer;
167#endif
168#ifdef LTC_TWOFISH
169 struct twofish_key twofish;
170#endif
171#ifdef LTC_BLOWFISH
172 struct blowfish_key blowfish;
173#endif
174#ifdef LTC_RC5
175 struct rc5_key rc5;
176#endif
177#ifdef LTC_RC6
178 struct rc6_key rc6;
179#endif
180#ifdef LTC_SAFERP
181 struct saferp_key saferp;
182#endif
183#ifdef LTC_RIJNDAEL
184 struct rijndael_key rijndael;
185#endif
186#ifdef LTC_XTEA
187 struct xtea_key xtea;
188#endif
189#ifdef LTC_CAST5
190 struct cast5_key cast5;
191#endif
192#ifdef LTC_NOEKEON
193 struct noekeon_key noekeon;
194#endif
195#ifdef LTC_SKIPJACK
196 struct skipjack_key skipjack;
197#endif
198#ifdef LTC_KHAZAD
199 struct khazad_key khazad;
200#endif
201#ifdef LTC_ANUBIS
202 struct anubis_key anubis;
203#endif
204#ifdef LTC_KSEED
205 struct kseed_key kseed;
206#endif
207#ifdef LTC_KASUMI
208 struct kasumi_key kasumi;
209#endif
210#ifdef LTC_MULTI2
211 struct multi2_key multi2;
212#endif
213#ifdef LTC_CAMELLIA
214 struct camellia_key camellia;
215#endif
216 void *data;
217} symmetric_key;
218
219#ifdef LTC_ECB_MODE
220/** A block cipher ECB structure */
221typedef struct {
222 /** The index of the cipher chosen */
223 int cipher,
224 /** The block size of the given cipher */
225 blocklen;
226 /** The scheduled key */
227 symmetric_key key;
228} symmetric_ECB;
229#endif
230
231#ifdef LTC_CFB_MODE
232/** A block cipher CFB structure */
233typedef struct {
234 /** The index of the cipher chosen */
235 int cipher,
236 /** The block size of the given cipher */
237 blocklen,
238 /** The padding offset */
239 padlen;
240 /** The current IV */
241 unsigned char IV[MAXBLOCKSIZE],
242 /** The pad used to encrypt/decrypt */
243 pad[MAXBLOCKSIZE];
244 /** The scheduled key */
245 symmetric_key key;
246} symmetric_CFB;
247#endif
248
249#ifdef LTC_OFB_MODE
250/** A block cipher OFB structure */
251typedef struct {
252 /** The index of the cipher chosen */
253 int cipher,
254 /** The block size of the given cipher */
255 blocklen,
256 /** The padding offset */
257 padlen;
258 /** The current IV */
259 unsigned char IV[MAXBLOCKSIZE];
260 /** The scheduled key */
261 symmetric_key key;
262} symmetric_OFB;
263#endif
264
265#ifdef LTC_CBC_MODE
266/** A block cipher CBC structure */
267typedef struct {
268 /** The index of the cipher chosen */
269 int cipher,
270 /** The block size of the given cipher */
271 blocklen;
272 /** The current IV */
273 unsigned char IV[MAXBLOCKSIZE];
274 /** The scheduled key */
275 symmetric_key key;
276} symmetric_CBC;
277#endif
278
279
280#ifdef LTC_CTR_MODE
281/** A block cipher CTR structure */
282typedef struct {
283 /** The index of the cipher chosen */
284 int cipher,
285 /** The block size of the given cipher */
286 blocklen,
287 /** The padding offset */
288 padlen,
289 /** The mode (endianess) of the CTR, 0==little, 1==big */
290 mode,
291 /** counter width */
292 ctrlen;
293
294 /** The counter */
295 unsigned char ctr[MAXBLOCKSIZE],
296 /** The pad used to encrypt/decrypt */
297 pad[MAXBLOCKSIZE];
298 /** The scheduled key */
299 symmetric_key key;
300} symmetric_CTR;
301#endif
302
303
304#ifdef LTC_LRW_MODE
305/** A LRW structure */
306typedef struct {
307 /** The index of the cipher chosen (must be a 128-bit block cipher) */
308 int cipher;
309
310 /** The current IV */
311 unsigned char IV[16],
312
313 /** the tweak key */
314 tweak[16],
315
316 /** The current pad, it's the product of the first 15 bytes against the tweak key */
317 pad[16];
318
319 /** The scheduled symmetric key */
320 symmetric_key key;
321
322#ifdef LTC_LRW_TABLES
323 /** The pre-computed multiplication table */
324 unsigned char PC[16][256][16];
325#endif
326} symmetric_LRW;
327#endif
328
329#ifdef LTC_F8_MODE
330/** A block cipher F8 structure */
331typedef struct {
332 /** The index of the cipher chosen */
333 int cipher,
334 /** The block size of the given cipher */
335 blocklen,
336 /** The padding offset */
337 padlen;
338 /** The current IV */
339 unsigned char IV[MAXBLOCKSIZE],
340 MIV[MAXBLOCKSIZE];
341 /** Current block count */
342 ulong32 blockcnt;
343 /** The scheduled key */
344 symmetric_key key;
345} symmetric_F8;
346#endif
347
348
349/** cipher descriptor table, last entry has "name == NULL" to mark the end of table */
350extern struct ltc_cipher_descriptor {
351 /** name of cipher */
352 const char *name;
353 /** internal ID */
354 unsigned char ID;
355 /** min keysize (octets) */
356 int min_key_length,
357 /** max keysize (octets) */
358 max_key_length,
359 /** block size (octets) */
360 block_length,
361 /** default number of rounds */
362 default_rounds;
363 /** Setup the cipher
364 @param key The input symmetric key
365 @param keylen The length of the input key (octets)
366 @param num_rounds The requested number of rounds (0==default)
367 @param skey [out] The destination of the scheduled key
368 @return CRYPT_OK if successful
369 */
370 int (*setup)(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
371 /** Encrypt a block
372 @param pt The plaintext
373 @param ct [out] The ciphertext
374 @param skey The scheduled key
375 @return CRYPT_OK if successful
376 */
377 int (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
378 /** Decrypt a block
379 @param ct The ciphertext
380 @param pt [out] The plaintext
381 @param skey The scheduled key
382 @return CRYPT_OK if successful
383 */
384 int (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
385 /** Test the block cipher
386 @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
387 */
388 int (*test)(void);
389
390 /** Terminate the context
391 @param skey The scheduled key
392 */
393 void (*done)(symmetric_key *skey);
394
395 /** Determine a key size
396 @param keysize [in/out] The size of the key desired and the suggested size
397 @return CRYPT_OK if successful
398 */
399 int (*keysize)(int *keysize);
400
401/** Accelerators **/
402 /** Accelerated ECB encryption
403 @param pt Plaintext
404 @param ct Ciphertext
405 @param blocks The number of complete blocks to process
406 @param skey The scheduled key context
407 @return CRYPT_OK if successful
408 */
409 int (*accel_ecb_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, symmetric_key *skey);
410
411 /** Accelerated ECB decryption
412 @param pt Plaintext
413 @param ct Ciphertext
414 @param blocks The number of complete blocks to process
415 @param skey The scheduled key context
416 @return CRYPT_OK if successful
417 */
418 int (*accel_ecb_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, symmetric_key *skey);
419
420 /** Accelerated CBC encryption
421 @param pt Plaintext
422 @param ct Ciphertext
423 @param blocks The number of complete blocks to process
424 @param IV The initial value (input/output)
425 @param skey The scheduled key context
426 @return CRYPT_OK if successful
427 */
428 int (*accel_cbc_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, symmetric_key *skey);
429
430 /** Accelerated CBC decryption
431 @param pt Plaintext
432 @param ct Ciphertext
433 @param blocks The number of complete blocks to process
434 @param IV The initial value (input/output)
435 @param skey The scheduled key context
436 @return CRYPT_OK if successful
437 */
438 int (*accel_cbc_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, symmetric_key *skey);
439
440 /** Accelerated CTR encryption
441 @param pt Plaintext
442 @param ct Ciphertext
443 @param blocks The number of complete blocks to process
444 @param IV The initial value (input/output)
445 @param mode little or big endian counter (mode=0 or mode=1)
446 @param skey The scheduled key context
447 @return CRYPT_OK if successful
448 */
449 int (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey);
450
451 /** Accelerated LRW
452 @param pt Plaintext
453 @param ct Ciphertext
454 @param blocks The number of complete blocks to process
455 @param IV The initial value (input/output)
456 @param tweak The LRW tweak
457 @param skey The scheduled key context
458 @return CRYPT_OK if successful
459 */
460 int (*accel_lrw_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey);
461
462 /** Accelerated LRW
463 @param ct Ciphertext
464 @param pt Plaintext
465 @param blocks The number of complete blocks to process
466 @param IV The initial value (input/output)
467 @param tweak The LRW tweak
468 @param skey The scheduled key context
469 @return CRYPT_OK if successful
470 */
471 int (*accel_lrw_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey);
472
473 /** Accelerated CCM packet (one-shot)
474 @param key The secret key to use
475 @param keylen The length of the secret key (octets)
476 @param uskey A previously scheduled key [optional can be NULL]
477 @param nonce The session nonce [use once]
478 @param noncelen The length of the nonce
479 @param header The header for the session
480 @param headerlen The length of the header (octets)
481 @param pt [out] The plaintext
482 @param ptlen The length of the plaintext (octets)
483 @param ct [out] The ciphertext
484 @param tag [out] The destination tag
485 @param taglen [in/out] The max size and resulting size of the authentication tag
486 @param direction Encrypt or Decrypt direction (0 or 1)
487 @return CRYPT_OK if successful
488 */
489 int (*accel_ccm_memory)(
490 const unsigned char *key, unsigned long keylen,
491 symmetric_key *uskey,
492 const unsigned char *nonce, unsigned long noncelen,
493 const unsigned char *header, unsigned long headerlen,
494 unsigned char *pt, unsigned long ptlen,
495 unsigned char *ct,
496 unsigned char *tag, unsigned long *taglen,
497 int direction);
498
499 /** Accelerated GCM packet (one shot)
500 @param key The secret key
501 @param keylen The length of the secret key
502 @param IV The initialization vector
503 @param IVlen The length of the initialization vector
504 @param adata The additional authentication data (header)
505 @param adatalen The length of the adata
506 @param pt The plaintext
507 @param ptlen The length of the plaintext (ciphertext length is the same)
508 @param ct The ciphertext
509 @param tag [out] The MAC tag
510 @param taglen [in/out] The MAC tag length
511 @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
512 @return CRYPT_OK on success
513 */
514 int (*accel_gcm_memory)(
515 const unsigned char *key, unsigned long keylen,
516 const unsigned char *IV, unsigned long IVlen,
517 const unsigned char *adata, unsigned long adatalen,
518 unsigned char *pt, unsigned long ptlen,
519 unsigned char *ct,
520 unsigned char *tag, unsigned long *taglen,
521 int direction);
522
523 /** Accelerated one shot LTC_OMAC
524 @param key The secret key
525 @param keylen The key length (octets)
526 @param in The message
527 @param inlen Length of message (octets)
528 @param out [out] Destination for tag
529 @param outlen [in/out] Initial and final size of out
530 @return CRYPT_OK on success
531 */
532 int (*omac_memory)(
533 const unsigned char *key, unsigned long keylen,
534 const unsigned char *in, unsigned long inlen,
535 unsigned char *out, unsigned long *outlen);
536
537 /** Accelerated one shot XCBC
538 @param key The secret key
539 @param keylen The key length (octets)
540 @param in The message
541 @param inlen Length of message (octets)
542 @param out [out] Destination for tag
543 @param outlen [in/out] Initial and final size of out
544 @return CRYPT_OK on success
545 */
546 int (*xcbc_memory)(
547 const unsigned char *key, unsigned long keylen,
548 const unsigned char *in, unsigned long inlen,
549 unsigned char *out, unsigned long *outlen);
550
551 /** Accelerated one shot F9
552 @param key The secret key
553 @param keylen The key length (octets)
554 @param in The message
555 @param inlen Length of message (octets)
556 @param out [out] Destination for tag
557 @param outlen [in/out] Initial and final size of out
558 @return CRYPT_OK on success
559 @remark Requires manual padding
560 */
561 int (*f9_memory)(
562 const unsigned char *key, unsigned long keylen,
563 const unsigned char *in, unsigned long inlen,
564 unsigned char *out, unsigned long *outlen);
565
566 /** Accelerated XTS encryption
567 @param pt Plaintext
568 @param ct Ciphertext
569 @param blocks The number of complete blocks to process
570 @param tweak The 128-bit encryption tweak (input/output).
571 The tweak should not be encrypted on input, but
572 next tweak will be copied encrypted on output.
573 @param skey1 The first scheduled key context
574 @param skey2 The second scheduled key context
575 @return CRYPT_OK if successful
576 */
577 int (*accel_xts_encrypt)(const unsigned char *pt, unsigned char *ct,
578 unsigned long blocks, unsigned char *tweak, symmetric_key *skey1,
579 symmetric_key *skey2);
580
581 /** Accelerated XTS decryption
582 @param ct Ciphertext
583 @param pt Plaintext
584 @param blocks The number of complete blocks to process
585 @param tweak The 128-bit encryption tweak (input/output).
586 The tweak should not be encrypted on input, but
587 next tweak will be copied encrypted on output.
588 @param skey1 The first scheduled key context
589 @param skey2 The second scheduled key context
590 @return CRYPT_OK if successful
591 */
592 int (*accel_xts_decrypt)(const unsigned char *ct, unsigned char *pt,
593 unsigned long blocks, unsigned char *tweak, symmetric_key *skey1,
594 symmetric_key *skey2);
595} cipher_descriptor[];
596
597#ifdef LTC_BLOWFISH
598int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
599int blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
600int blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
601int blowfish_test(void);
602void blowfish_done(symmetric_key *skey);
603int blowfish_keysize(int *keysize);
604extern const struct ltc_cipher_descriptor blowfish_desc;
605#endif
606
607#ifdef LTC_RC5
608int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
609int rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
610int rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
611int rc5_test(void);
612void rc5_done(symmetric_key *skey);
613int rc5_keysize(int *keysize);
614extern const struct ltc_cipher_descriptor rc5_desc;
615#endif
616
617#ifdef LTC_RC6
618int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
619int rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
620int rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
621int rc6_test(void);
622void rc6_done(symmetric_key *skey);
623int rc6_keysize(int *keysize);
624extern const struct ltc_cipher_descriptor rc6_desc;
625#endif
626
627#ifdef LTC_RC2
628int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
629int rc2_setup_ex(const unsigned char *key, int keylen, int bits, int num_rounds, symmetric_key *skey);
630int rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
631int rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
632int rc2_test(void);
633void rc2_done(symmetric_key *skey);
634int rc2_keysize(int *keysize);
635extern const struct ltc_cipher_descriptor rc2_desc;
636#endif
637
638#ifdef LTC_SAFERP
639int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
640int saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
641int saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
642int saferp_test(void);
643void saferp_done(symmetric_key *skey);
644int saferp_keysize(int *keysize);
645extern const struct ltc_cipher_descriptor saferp_desc;
646#endif
647
648#ifdef LTC_SAFER
649int safer_k64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
650int safer_sk64_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
651int safer_k128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
652int safer_sk128_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
653int safer_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *key);
654int safer_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *key);
655int safer_k64_test(void);
656int safer_sk64_test(void);
657int safer_sk128_test(void);
658void safer_done(symmetric_key *skey);
659int safer_64_keysize(int *keysize);
660int safer_128_keysize(int *keysize);
661extern const struct ltc_cipher_descriptor safer_k64_desc, safer_k128_desc, safer_sk64_desc, safer_sk128_desc;
662#endif
663
664#ifdef LTC_RIJNDAEL
665
666/* make aes an alias */
667#define aes_setup rijndael_setup
668#define aes_ecb_encrypt rijndael_ecb_encrypt
669#define aes_ecb_decrypt rijndael_ecb_decrypt
670#define aes_test rijndael_test
671#define aes_done rijndael_done
672#define aes_keysize rijndael_keysize
673
674#define aes_enc_setup rijndael_enc_setup
675#define aes_enc_ecb_encrypt rijndael_enc_ecb_encrypt
676#define aes_enc_keysize rijndael_enc_keysize
677
678int rijndael_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
679int rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
680int rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
681int rijndael_test(void);
682void rijndael_done(symmetric_key *skey);
683int rijndael_keysize(int *keysize);
684int rijndael_enc_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
685int rijndael_enc_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
686void rijndael_enc_done(symmetric_key *skey);
687int rijndael_enc_keysize(int *keysize);
688extern const struct ltc_cipher_descriptor rijndael_desc, aes_desc;
689extern const struct ltc_cipher_descriptor rijndael_enc_desc, aes_enc_desc;
690#endif
691
692#ifdef LTC_XTEA
693int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
694int xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
695int xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
696int xtea_test(void);
697void xtea_done(symmetric_key *skey);
698int xtea_keysize(int *keysize);
699extern const struct ltc_cipher_descriptor xtea_desc;
700#endif
701
702#ifdef LTC_TWOFISH
703int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
704int twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
705int twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
706int twofish_test(void);
707void twofish_done(symmetric_key *skey);
708int twofish_keysize(int *keysize);
709extern const struct ltc_cipher_descriptor twofish_desc;
710#endif
711
712#ifdef LTC_DES
713int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
714int des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
715int des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
716int des_test(void);
717void des_done(symmetric_key *skey);
718int des_keysize(int *keysize);
719int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
720int des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
721int des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
722int des3_test(void);
723void des3_done(symmetric_key *skey);
724int des3_keysize(int *keysize);
725extern const struct ltc_cipher_descriptor des_desc, des3_desc;
726#endif
727
728#ifdef LTC_CAST5
729int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
730int cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
731int cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
732int cast5_test(void);
733void cast5_done(symmetric_key *skey);
734int cast5_keysize(int *keysize);
735extern const struct ltc_cipher_descriptor cast5_desc;
736#endif
737
738#ifdef LTC_NOEKEON
739int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
740int noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
741int noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
742int noekeon_test(void);
743void noekeon_done(symmetric_key *skey);
744int noekeon_keysize(int *keysize);
745extern const struct ltc_cipher_descriptor noekeon_desc;
746#endif
747
748#ifdef LTC_SKIPJACK
749int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
750int skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
751int skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
752int skipjack_test(void);
753void skipjack_done(symmetric_key *skey);
754int skipjack_keysize(int *keysize);
755extern const struct ltc_cipher_descriptor skipjack_desc;
756#endif
757
758#ifdef LTC_KHAZAD
759int khazad_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
760int khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
761int khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
762int khazad_test(void);
763void khazad_done(symmetric_key *skey);
764int khazad_keysize(int *keysize);
765extern const struct ltc_cipher_descriptor khazad_desc;
766#endif
767
768#ifdef LTC_ANUBIS
769int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
770int anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
771int anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
772int anubis_test(void);
773void anubis_done(symmetric_key *skey);
774int anubis_keysize(int *keysize);
775extern const struct ltc_cipher_descriptor anubis_desc;
776#endif
777
778#ifdef LTC_KSEED
779int kseed_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
780int kseed_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
781int kseed_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
782int kseed_test(void);
783void kseed_done(symmetric_key *skey);
784int kseed_keysize(int *keysize);
785extern const struct ltc_cipher_descriptor kseed_desc;
786#endif
787
788#ifdef LTC_KASUMI
789int kasumi_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
790int kasumi_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
791int kasumi_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
792int kasumi_test(void);
793void kasumi_done(symmetric_key *skey);
794int kasumi_keysize(int *keysize);
795extern const struct ltc_cipher_descriptor kasumi_desc;
796#endif
797
798
799#ifdef LTC_MULTI2
800int multi2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
801int multi2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
802int multi2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
803int multi2_test(void);
804void multi2_done(symmetric_key *skey);
805int multi2_keysize(int *keysize);
806extern const struct ltc_cipher_descriptor multi2_desc;
807#endif
808
809#ifdef LTC_CAMELLIA
810int camellia_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
811int camellia_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
812int camellia_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
813int camellia_test(void);
814void camellia_done(symmetric_key *skey);
815int camellia_keysize(int *keysize);
816extern const struct ltc_cipher_descriptor camellia_desc;
817#endif
818
819#ifdef LTC_ECB_MODE
820int ecb_start(int cipher, const unsigned char *key,
821 int keylen, int num_rounds, symmetric_ECB *ecb);
822int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb);
823int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_ECB *ecb);
824int ecb_done(symmetric_ECB *ecb);
825#endif
826
827#ifdef LTC_CFB_MODE
828int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key,
829 int keylen, int num_rounds, symmetric_CFB *cfb);
830int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb);
831int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb);
832int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb);
833int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb);
834int cfb_done(symmetric_CFB *cfb);
835#endif
836
837#ifdef LTC_OFB_MODE
838int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key,
839 int keylen, int num_rounds, symmetric_OFB *ofb);
840int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb);
841int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb);
842int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb);
843int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb);
844int ofb_done(symmetric_OFB *ofb);
845#endif
846
847#ifdef LTC_CBC_MODE
848int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
849 int keylen, int num_rounds, symmetric_CBC *cbc);
850int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc);
851int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CBC *cbc);
852int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc);
853int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc);
854int cbc_done(symmetric_CBC *cbc);
855#endif
856
857#ifdef LTC_CTR_MODE
858
859#define CTR_COUNTER_LITTLE_ENDIAN 0x0000
860#define CTR_COUNTER_BIG_ENDIAN 0x1000
861#define LTC_CTR_RFC3686 0x2000
862
863int ctr_start( int cipher,
864 const unsigned char *IV,
865 const unsigned char *key, int keylen,
866 int num_rounds, int ctr_mode,
867 symmetric_CTR *ctr);
868int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CTR *ctr);
869int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr);
870int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr);
871int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr);
872int ctr_done(symmetric_CTR *ctr);
873int ctr_test(void);
874#endif
875
876#ifdef LTC_LRW_MODE
877
878#define LRW_ENCRYPT LTC_ENCRYPT
879#define LRW_DECRYPT LTC_DECRYPT
880
881int lrw_start( int cipher,
882 const unsigned char *IV,
883 const unsigned char *key, int keylen,
884 const unsigned char *tweak,
885 int num_rounds,
886 symmetric_LRW *lrw);
887int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw);
888int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw);
889int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw);
890int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw);
891int lrw_done(symmetric_LRW *lrw);
892int lrw_test(void);
893
894/* don't call */
895int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw);
896#endif
897
898#ifdef LTC_F8_MODE
899int f8_start( int cipher, const unsigned char *IV,
900 const unsigned char *key, int keylen,
901 const unsigned char *salt_key, int skeylen,
902 int num_rounds, symmetric_F8 *f8);
903int f8_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_F8 *f8);
904int f8_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_F8 *f8);
905int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8);
906int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8);
907int f8_done(symmetric_F8 *f8);
908int f8_test_mode(void);
909#endif
910
911#ifdef LTC_XTS_MODE
912typedef struct {
913 symmetric_key key1, key2;
914 int cipher;
915} symmetric_xts;
916
917int xts_start( int cipher,
918 const unsigned char *key1,
919 const unsigned char *key2,
920 unsigned long keylen,
921 int num_rounds,
922 symmetric_xts *xts);
923
924int xts_encrypt(
925 const unsigned char *pt, unsigned long ptlen,
926 unsigned char *ct,
927 unsigned char *tweak,
928 symmetric_xts *xts);
929int xts_decrypt(
930 const unsigned char *ct, unsigned long ptlen,
931 unsigned char *pt,
932 unsigned char *tweak,
933 symmetric_xts *xts);
934
935void xts_done(symmetric_xts *xts);
936int xts_test(void);
937void xts_mult_x(unsigned char *I);
938#endif
939
940int find_cipher(const char *name);
941int find_cipher_any(const char *name, int blocklen, int keylen);
942int find_cipher_id(unsigned char ID);
943int register_cipher(const struct ltc_cipher_descriptor *cipher);
944int unregister_cipher(const struct ltc_cipher_descriptor *cipher);
945int register_all_ciphers(void);
946int cipher_is_valid(int idx);
947
948LTC_MUTEX_PROTO(ltc_cipher_mutex)
949
950/* ---- stream ciphers ---- */
951
952#ifdef LTC_CHACHA
953
954typedef struct {
955 ulong32 input[16];
956 unsigned char kstream[64];
957 unsigned long ksleft;
958 unsigned long ivlen;
959 int rounds;
960} chacha_state;
961
962int chacha_setup(chacha_state *st, const unsigned char *key, unsigned long keylen, int rounds);
963int chacha_ivctr32(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong32 counter);
964int chacha_ivctr64(chacha_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 counter);
965int chacha_crypt(chacha_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
966int chacha_keystream(chacha_state *st, unsigned char *out, unsigned long outlen);
967int chacha_done(chacha_state *st);
968int chacha_test(void);
969
970#endif /* LTC_CHACHA */
971
972#ifdef LTC_RC4_STREAM
973
974typedef struct {
975 unsigned int x, y;
976 unsigned char buf[256];
977} rc4_state;
978
979int rc4_stream_setup(rc4_state *st, const unsigned char *key, unsigned long keylen);
980int rc4_stream_crypt(rc4_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
981int rc4_stream_keystream(rc4_state *st, unsigned char *out, unsigned long outlen);
982int rc4_stream_done(rc4_state *st);
983int rc4_stream_test(void);
984
985#endif /* LTC_RC4_STREAM */
986
987#ifdef LTC_SOBER128_STREAM
988
989typedef struct {
990 ulong32 R[17], /* Working storage for the shift register */
991 initR[17], /* saved register contents */
992 konst, /* key dependent constant */
993 sbuf; /* partial word encryption buffer */
994 int nbuf; /* number of part-word stream bits buffered */
995} sober128_state;
996
997int sober128_stream_setup(sober128_state *st, const unsigned char *key, unsigned long keylen);
998int sober128_stream_setiv(sober128_state *st, const unsigned char *iv, unsigned long ivlen);
999int sober128_stream_crypt(sober128_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
1000int sober128_stream_keystream(sober128_state *st, unsigned char *out, unsigned long outlen);
1001int sober128_stream_done(sober128_state *st);
1002int sober128_stream_test(void);
1003
1004#endif /* LTC_SOBER128_STREAM */
1005
1006/* ref: HEAD -> master, tag: v1.18.2 */
1007/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
1008/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_custom.h b/utils/tomcrypt/src/headers/tomcrypt_custom.h
new file mode 100644
index 0000000000..e44a63a74b
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_custom.h
@@ -0,0 +1,590 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10#ifndef TOMCRYPT_CUSTOM_H_
11#define TOMCRYPT_CUSTOM_H_
12
13/* macros for various libc functions you can change for embedded targets */
14#ifndef XMALLOC
15#define XMALLOC malloc
16#endif
17#ifndef XREALLOC
18#define XREALLOC realloc
19#endif
20#ifndef XCALLOC
21#define XCALLOC calloc
22#endif
23#ifndef XFREE
24#define XFREE free
25#endif
26
27#ifndef XMEMSET
28#define XMEMSET memset
29#endif
30#ifndef XMEMCPY
31#define XMEMCPY memcpy
32#endif
33#ifndef XMEMMOVE
34#define XMEMMOVE memmove
35#endif
36#ifndef XMEMCMP
37#define XMEMCMP memcmp
38#endif
39/* A memory compare function that has to run in constant time,
40 * c.f. mem_neq() API summary.
41 */
42#ifndef XMEM_NEQ
43#define XMEM_NEQ mem_neq
44#endif
45#ifndef XSTRCMP
46#define XSTRCMP strcmp
47#endif
48
49#ifndef XCLOCK
50#define XCLOCK clock
51#endif
52
53#ifndef XQSORT
54#define XQSORT qsort
55#endif
56
57#if ( defined(malloc) || defined(realloc) || defined(calloc) || defined(free) || \
58 defined(memset) || defined(memcpy) || defined(memcmp) || defined(strcmp) || \
59 defined(clock) || defined(qsort) ) && !defined(LTC_NO_PROTOTYPES)
60#define LTC_NO_PROTOTYPES
61#endif
62
63/* shortcut to disable automatic inclusion */
64#if defined LTC_NOTHING && !defined LTC_EASY
65 #define LTC_NO_CIPHERS
66 #define LTC_NO_MODES
67 #define LTC_NO_HASHES
68 #define LTC_NO_MACS
69 #define LTC_NO_PRNGS
70 #define LTC_NO_PK
71 #define LTC_NO_PKCS
72 #define LTC_NO_MISC
73#endif /* LTC_NOTHING */
74
75/* Easy button? */
76#ifdef LTC_EASY
77 #define LTC_NO_CIPHERS
78 #define LTC_RIJNDAEL
79 #define LTC_BLOWFISH
80 #define LTC_DES
81 #define LTC_CAST5
82
83 #define LTC_NO_MODES
84 #define LTC_ECB_MODE
85 #define LTC_CBC_MODE
86 #define LTC_CTR_MODE
87
88 #define LTC_NO_HASHES
89 #define LTC_SHA1
90 #define LTC_SHA3
91 #define LTC_SHA512
92 #define LTC_SHA384
93 #define LTC_SHA256
94 #define LTC_SHA224
95 #define LTC_HASH_HELPERS
96
97 #define LTC_NO_MACS
98 #define LTC_HMAC
99 #define LTC_OMAC
100 #define LTC_CCM_MODE
101
102 #define LTC_NO_PRNGS
103 #define LTC_SPRNG
104 #define LTC_YARROW
105 #define LTC_DEVRANDOM
106 #define LTC_TRY_URANDOM_FIRST
107 #define LTC_RNG_GET_BYTES
108 #define LTC_RNG_MAKE_PRNG
109
110 #define LTC_NO_PK
111 #define LTC_MRSA
112 #define LTC_MECC
113
114 #define LTC_NO_MISC
115 #define LTC_BASE64
116#endif
117
118/* The minimal set of functionality to run the tests */
119#ifdef LTC_MINIMAL
120 #define LTC_RIJNDAEL
121 #define LTC_SHA256
122 #define LTC_YARROW
123 #define LTC_CTR_MODE
124
125 #define LTC_RNG_MAKE_PRNG
126 #define LTC_RNG_GET_BYTES
127 #define LTC_DEVRANDOM
128 #define LTC_TRY_URANDOM_FIRST
129
130 #undef LTC_NO_FILE
131#endif
132
133/* Enable self-test test vector checking */
134#ifndef LTC_NO_TEST
135 #define LTC_TEST
136#endif
137/* Enable extended self-tests */
138/* #define LTC_TEST_EXT */
139
140/* Use small code where possible */
141/* #define LTC_SMALL_CODE */
142
143/* clean the stack of functions which put private information on stack */
144/* #define LTC_CLEAN_STACK */
145
146/* disable all file related functions */
147/* #define LTC_NO_FILE */
148
149/* disable all forms of ASM */
150/* #define LTC_NO_ASM */
151
152/* disable FAST mode */
153/* #define LTC_NO_FAST */
154
155/* disable BSWAP on x86 */
156/* #define LTC_NO_BSWAP */
157
158/* ---> math provider? <--- */
159#ifndef LTC_NO_MATH
160
161/* LibTomMath */
162/* #define LTM_DESC */
163
164/* TomsFastMath */
165/* #define TFM_DESC */
166
167/* GNU Multiple Precision Arithmetic Library */
168/* #define GMP_DESC */
169
170#endif /* LTC_NO_MATH */
171
172/* ---> Symmetric Block Ciphers <--- */
173#ifndef LTC_NO_CIPHERS
174
175#define LTC_BLOWFISH
176#define LTC_RC2
177#define LTC_RC5
178#define LTC_RC6
179#define LTC_SAFERP
180#define LTC_RIJNDAEL
181#define LTC_XTEA
182/* _TABLES tells it to use tables during setup, _SMALL means to use the smaller scheduled key format
183 * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */
184#define LTC_TWOFISH
185#ifndef LTC_NO_TABLES
186 #define LTC_TWOFISH_TABLES
187 /* #define LTC_TWOFISH_ALL_TABLES */
188#else
189 #define LTC_TWOFISH_SMALL
190#endif
191/* #define LTC_TWOFISH_SMALL */
192/* LTC_DES includes EDE triple-DES */
193#define LTC_DES
194#define LTC_CAST5
195#define LTC_NOEKEON
196#define LTC_SKIPJACK
197#define LTC_SAFER
198#define LTC_KHAZAD
199#define LTC_ANUBIS
200#define LTC_ANUBIS_TWEAK
201#define LTC_KSEED
202#define LTC_KASUMI
203#define LTC_MULTI2
204#define LTC_CAMELLIA
205
206/* stream ciphers */
207#define LTC_CHACHA
208#define LTC_RC4_STREAM
209#define LTC_SOBER128_STREAM
210
211#endif /* LTC_NO_CIPHERS */
212
213
214/* ---> Block Cipher Modes of Operation <--- */
215#ifndef LTC_NO_MODES
216
217#define LTC_CFB_MODE
218#define LTC_OFB_MODE
219#define LTC_ECB_MODE
220#define LTC_CBC_MODE
221#define LTC_CTR_MODE
222
223/* F8 chaining mode */
224#define LTC_F8_MODE
225
226/* LRW mode */
227#define LTC_LRW_MODE
228#ifndef LTC_NO_TABLES
229 /* like GCM mode this will enable 16 8x128 tables [64KB] that make
230 * seeking very fast.
231 */
232 #define LTC_LRW_TABLES
233#endif
234
235/* XTS mode */
236#define LTC_XTS_MODE
237
238#endif /* LTC_NO_MODES */
239
240/* ---> One-Way Hash Functions <--- */
241#ifndef LTC_NO_HASHES
242
243#define LTC_CHC_HASH
244#define LTC_WHIRLPOOL
245#define LTC_SHA3
246#define LTC_SHA512
247#define LTC_SHA512_256
248#define LTC_SHA512_224
249#define LTC_SHA384
250#define LTC_SHA256
251#define LTC_SHA224
252#define LTC_TIGER
253#define LTC_SHA1
254#define LTC_MD5
255#define LTC_MD4
256#define LTC_MD2
257#define LTC_RIPEMD128
258#define LTC_RIPEMD160
259#define LTC_RIPEMD256
260#define LTC_RIPEMD320
261#define LTC_BLAKE2S
262#define LTC_BLAKE2B
263
264#define LTC_HASH_HELPERS
265
266#endif /* LTC_NO_HASHES */
267
268
269/* ---> MAC functions <--- */
270#ifndef LTC_NO_MACS
271
272#define LTC_HMAC
273#define LTC_OMAC
274#define LTC_PMAC
275#define LTC_XCBC
276#define LTC_F9_MODE
277#define LTC_PELICAN
278#define LTC_POLY1305
279#define LTC_BLAKE2SMAC
280#define LTC_BLAKE2BMAC
281
282/* ---> Encrypt + Authenticate Modes <--- */
283
284#define LTC_EAX_MODE
285
286#define LTC_OCB_MODE
287#define LTC_OCB3_MODE
288#define LTC_CCM_MODE
289#define LTC_GCM_MODE
290#define LTC_CHACHA20POLY1305_MODE
291
292/* Use 64KiB tables */
293#ifndef LTC_NO_TABLES
294 #define LTC_GCM_TABLES
295#endif
296
297/* USE SSE2? requires GCC works on x86_32 and x86_64*/
298#ifdef LTC_GCM_TABLES
299/* #define LTC_GCM_TABLES_SSE2 */
300#endif
301
302#endif /* LTC_NO_MACS */
303
304
305/* --> Pseudo Random Number Generators <--- */
306#ifndef LTC_NO_PRNGS
307
308/* Yarrow */
309#define LTC_YARROW
310
311/* a PRNG that simply reads from an available system source */
312#define LTC_SPRNG
313
314/* The RC4 stream cipher based PRNG */
315#define LTC_RC4
316
317/* The ChaCha20 stream cipher based PRNG */
318#define LTC_CHACHA20_PRNG
319
320/* Fortuna PRNG */
321#define LTC_FORTUNA
322
323/* Greg's SOBER128 stream cipher based PRNG */
324#define LTC_SOBER128
325
326/* the *nix style /dev/random device */
327#define LTC_DEVRANDOM
328/* try /dev/urandom before trying /dev/random
329 * are you sure you want to disable this? http://www.2uo.de/myths-about-urandom/ */
330#define LTC_TRY_URANDOM_FIRST
331/* rng_get_bytes() */
332#define LTC_RNG_GET_BYTES
333/* rng_make_prng() */
334#define LTC_RNG_MAKE_PRNG
335
336/* enable the ltc_rng hook to integrate e.g. embedded hardware RNG's easily */
337/* #define LTC_PRNG_ENABLE_LTC_RNG */
338
339#endif /* LTC_NO_PRNGS */
340
341#ifdef LTC_YARROW
342
343/* which descriptor of AES to use? */
344/* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */
345#ifdef ENCRYPT_ONLY
346 #define LTC_YARROW_AES 0
347#else
348 #define LTC_YARROW_AES 2
349#endif
350
351#endif
352
353#ifdef LTC_FORTUNA
354
355#ifndef LTC_FORTUNA_WD
356/* reseed every N calls to the read function */
357#define LTC_FORTUNA_WD 10
358#endif
359
360#ifndef LTC_FORTUNA_POOLS
361/* number of pools (4..32) can save a bit of ram by lowering the count */
362#define LTC_FORTUNA_POOLS 32
363#endif
364
365#endif /* LTC_FORTUNA */
366
367
368/* ---> Public Key Crypto <--- */
369#ifndef LTC_NO_PK
370
371/* Include RSA support */
372#define LTC_MRSA
373
374/* Include Diffie-Hellman support */
375/* is_prime fails for GMP */
376#define LTC_MDH
377/* Supported Key Sizes */
378#define LTC_DH768
379#define LTC_DH1024
380#define LTC_DH1536
381#define LTC_DH2048
382
383#ifndef TFM_DESC
384/* tfm has a problem in fp_isprime for larger key sizes */
385#define LTC_DH3072
386#define LTC_DH4096
387#define LTC_DH6144
388#define LTC_DH8192
389#endif
390
391/* Include Katja (a Rabin variant like RSA) */
392/* #define LTC_MKAT */
393
394/* Digital Signature Algorithm */
395#define LTC_MDSA
396
397/* ECC */
398#define LTC_MECC
399
400/* use Shamir's trick for point mul (speeds up signature verification) */
401#define LTC_ECC_SHAMIR
402
403#if defined(TFM_DESC) && defined(LTC_MECC)
404 #define LTC_MECC_ACCEL
405#endif
406
407/* do we want fixed point ECC */
408/* #define LTC_MECC_FP */
409
410#endif /* LTC_NO_PK */
411
412#if defined(LTC_MRSA) && !defined(LTC_NO_RSA_BLINDING)
413/* Enable RSA blinding when doing private key operations by default */
414#define LTC_RSA_BLINDING
415#endif /* LTC_NO_RSA_BLINDING */
416
417#if defined(LTC_MRSA) && !defined(LTC_NO_RSA_CRT_HARDENING)
418/* Enable RSA CRT hardening when doing private key operations by default */
419#define LTC_RSA_CRT_HARDENING
420#endif /* LTC_NO_RSA_CRT_HARDENING */
421
422#if defined(LTC_MECC) && !defined(LTC_NO_ECC_TIMING_RESISTANT)
423/* Enable ECC timing resistant version by default */
424#define LTC_ECC_TIMING_RESISTANT
425#endif
426
427/* PKCS #1 (RSA) and #5 (Password Handling) stuff */
428#ifndef LTC_NO_PKCS
429
430#define LTC_PKCS_1
431#define LTC_PKCS_5
432
433/* Include ASN.1 DER (required by DSA/RSA) */
434#define LTC_DER
435
436#endif /* LTC_NO_PKCS */
437
438/* misc stuff */
439#ifndef LTC_NO_MISC
440
441/* Various tidbits of modern neatoness */
442#define LTC_BASE64
443/* ... and it's URL safe version */
444#define LTC_BASE64_URL
445
446/* Keep LTC_NO_HKDF for compatibility reasons
447 * superseeded by LTC_NO_MISC*/
448#ifndef LTC_NO_HKDF
449/* HKDF Key Derivation/Expansion stuff */
450#define LTC_HKDF
451#endif /* LTC_NO_HKDF */
452
453#define LTC_ADLER32
454
455#define LTC_CRC32
456
457#endif /* LTC_NO_MISC */
458
459/* cleanup */
460
461#ifdef LTC_MECC
462/* Supported ECC Key Sizes */
463#ifndef LTC_NO_CURVES
464 #define LTC_ECC112
465 #define LTC_ECC128
466 #define LTC_ECC160
467 #define LTC_ECC192
468 #define LTC_ECC224
469 #define LTC_ECC256
470 #define LTC_ECC384
471 #define LTC_ECC521
472#endif
473#endif
474
475#if defined(LTC_DER)
476 #ifndef LTC_DER_MAX_RECURSION
477 /* Maximum recursion limit when processing nested ASN.1 types. */
478 #define LTC_DER_MAX_RECURSION 30
479 #endif
480#endif
481
482#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT)
483 /* Include the MPI functionality? (required by the PK algorithms) */
484 #define LTC_MPI
485
486 #ifndef LTC_PK_MAX_RETRIES
487 /* iterations limit for retry-loops */
488 #define LTC_PK_MAX_RETRIES 20
489 #endif
490#endif
491
492#ifdef LTC_MRSA
493 #define LTC_PKCS_1
494#endif
495
496#if defined(LTC_PELICAN) && !defined(LTC_RIJNDAEL)
497 #error Pelican-MAC requires LTC_RIJNDAEL
498#endif
499
500#if defined(LTC_EAX_MODE) && !(defined(LTC_CTR_MODE) && defined(LTC_OMAC))
501 #error LTC_EAX_MODE requires CTR and LTC_OMAC mode
502#endif
503
504#if defined(LTC_YARROW) && !defined(LTC_CTR_MODE)
505 #error LTC_YARROW requires LTC_CTR_MODE chaining mode to be defined!
506#endif
507
508#if defined(LTC_DER) && !defined(LTC_MPI)
509 #error ASN.1 DER requires MPI functionality
510#endif
511
512#if (defined(LTC_MDSA) || defined(LTC_MRSA) || defined(LTC_MECC) || defined(LTC_MKAT)) && !defined(LTC_DER)
513 #error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled
514#endif
515
516#if defined(LTC_CHACHA20POLY1305_MODE) && (!defined(LTC_CHACHA) || !defined(LTC_POLY1305))
517 #error LTC_CHACHA20POLY1305_MODE requires LTC_CHACHA + LTC_POLY1305
518#endif
519
520#if defined(LTC_CHACHA20_PRNG) && !defined(LTC_CHACHA)
521 #error LTC_CHACHA20_PRNG requires LTC_CHACHA
522#endif
523
524#if defined(LTC_RC4) && !defined(LTC_RC4_STREAM)
525 #error LTC_RC4 requires LTC_RC4_STREAM
526#endif
527
528#if defined(LTC_SOBER128) && !defined(LTC_SOBER128_STREAM)
529 #error LTC_SOBER128 requires LTC_SOBER128_STREAM
530#endif
531
532#if defined(LTC_BLAKE2SMAC) && !defined(LTC_BLAKE2S)
533 #error LTC_BLAKE2SMAC requires LTC_BLAKE2S
534#endif
535
536#if defined(LTC_BLAKE2BMAC) && !defined(LTC_BLAKE2B)
537 #error LTC_BLAKE2BMAC requires LTC_BLAKE2B
538#endif
539
540#if defined(LTC_SPRNG) && !defined(LTC_RNG_GET_BYTES)
541 #error LTC_SPRNG requires LTC_RNG_GET_BYTES
542#endif
543
544#if defined(LTC_NO_MATH) && (defined(LTM_DESC) || defined(TFM_DESC) || defined(GMP_DESC))
545 #error LTC_NO_MATH defined, but also a math descriptor
546#endif
547
548/* THREAD management */
549#ifdef LTC_PTHREAD
550
551#include <pthread.h>
552
553#define LTC_MUTEX_GLOBAL(x) pthread_mutex_t x = PTHREAD_MUTEX_INITIALIZER;
554#define LTC_MUTEX_PROTO(x) extern pthread_mutex_t x;
555#define LTC_MUTEX_TYPE(x) pthread_mutex_t x;
556#define LTC_MUTEX_INIT(x) LTC_ARGCHK(pthread_mutex_init(x, NULL) == 0);
557#define LTC_MUTEX_LOCK(x) LTC_ARGCHK(pthread_mutex_lock(x) == 0);
558#define LTC_MUTEX_UNLOCK(x) LTC_ARGCHK(pthread_mutex_unlock(x) == 0);
559#define LTC_MUTEX_DESTROY(x) LTC_ARGCHK(pthread_mutex_destroy(x) == 0);
560
561#else
562
563/* default no functions */
564#define LTC_MUTEX_GLOBAL(x)
565#define LTC_MUTEX_PROTO(x)
566#define LTC_MUTEX_TYPE(x)
567#define LTC_MUTEX_INIT(x)
568#define LTC_MUTEX_LOCK(x)
569#define LTC_MUTEX_UNLOCK(x)
570#define LTC_MUTEX_DESTROY(x)
571
572#endif
573
574/* Debuggers */
575
576/* define this if you use Valgrind, note: it CHANGES the way SOBER-128 and RC4 work (see the code) */
577/* #define LTC_VALGRIND */
578
579#endif
580
581#ifndef LTC_NO_FILE
582 /* buffer size for reading from a file via fread(..) */
583 #ifndef LTC_FILE_READ_BUFSIZE
584 #define LTC_FILE_READ_BUFSIZE 8192
585 #endif
586#endif
587
588/* ref: HEAD -> master, tag: v1.18.2 */
589/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
590/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_hash.h b/utils/tomcrypt/src/headers/tomcrypt_hash.h
new file mode 100644
index 0000000000..4bb02631d8
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_hash.h
@@ -0,0 +1,531 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/* ---- HASH FUNCTIONS ---- */
11#ifdef LTC_SHA3
12struct sha3_state {
13 ulong64 saved; /* the portion of the input message that we didn't consume yet */
14 ulong64 s[25];
15 unsigned char sb[25 * 8]; /* used for storing `ulong64 s[25]` as little-endian bytes */
16 unsigned short byte_index; /* 0..7--the next byte after the set one (starts from 0; 0--none are buffered) */
17 unsigned short word_index; /* 0..24--the next word to integrate input (starts from 0) */
18 unsigned short capacity_words; /* the double size of the hash output in words (e.g. 16 for Keccak 512) */
19 unsigned short xof_flag;
20};
21#endif
22
23#ifdef LTC_SHA512
24struct sha512_state {
25 ulong64 length, state[8];
26 unsigned long curlen;
27 unsigned char buf[128];
28};
29#endif
30
31#ifdef LTC_SHA256
32struct sha256_state {
33 ulong64 length;
34 ulong32 state[8], curlen;
35 unsigned char buf[64];
36};
37#endif
38
39#ifdef LTC_SHA1
40struct sha1_state {
41 ulong64 length;
42 ulong32 state[5], curlen;
43 unsigned char buf[64];
44};
45#endif
46
47#ifdef LTC_MD5
48struct md5_state {
49 ulong64 length;
50 ulong32 state[4], curlen;
51 unsigned char buf[64];
52};
53#endif
54
55#ifdef LTC_MD4
56struct md4_state {
57 ulong64 length;
58 ulong32 state[4], curlen;
59 unsigned char buf[64];
60};
61#endif
62
63#ifdef LTC_TIGER
64struct tiger_state {
65 ulong64 state[3], length;
66 unsigned long curlen;
67 unsigned char buf[64];
68};
69#endif
70
71#ifdef LTC_MD2
72struct md2_state {
73 unsigned char chksum[16], X[48], buf[16];
74 unsigned long curlen;
75};
76#endif
77
78#ifdef LTC_RIPEMD128
79struct rmd128_state {
80 ulong64 length;
81 unsigned char buf[64];
82 ulong32 curlen, state[4];
83};
84#endif
85
86#ifdef LTC_RIPEMD160
87struct rmd160_state {
88 ulong64 length;
89 unsigned char buf[64];
90 ulong32 curlen, state[5];
91};
92#endif
93
94#ifdef LTC_RIPEMD256
95struct rmd256_state {
96 ulong64 length;
97 unsigned char buf[64];
98 ulong32 curlen, state[8];
99};
100#endif
101
102#ifdef LTC_RIPEMD320
103struct rmd320_state {
104 ulong64 length;
105 unsigned char buf[64];
106 ulong32 curlen, state[10];
107};
108#endif
109
110#ifdef LTC_WHIRLPOOL
111struct whirlpool_state {
112 ulong64 length, state[8];
113 unsigned char buf[64];
114 ulong32 curlen;
115};
116#endif
117
118#ifdef LTC_CHC_HASH
119struct chc_state {
120 ulong64 length;
121 unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE];
122 ulong32 curlen;
123};
124#endif
125
126#ifdef LTC_BLAKE2S
127struct blake2s_state {
128 ulong32 h[8];
129 ulong32 t[2];
130 ulong32 f[2];
131 unsigned char buf[64];
132 unsigned long curlen;
133 unsigned long outlen;
134 unsigned char last_node;
135};
136#endif
137
138#ifdef LTC_BLAKE2B
139struct blake2b_state {
140 ulong64 h[8];
141 ulong64 t[2];
142 ulong64 f[2];
143 unsigned char buf[128];
144 unsigned long curlen;
145 unsigned long outlen;
146 unsigned char last_node;
147};
148#endif
149
150typedef union Hash_state {
151 char dummy[1];
152#ifdef LTC_CHC_HASH
153 struct chc_state chc;
154#endif
155#ifdef LTC_WHIRLPOOL
156 struct whirlpool_state whirlpool;
157#endif
158#ifdef LTC_SHA3
159 struct sha3_state sha3;
160#endif
161#ifdef LTC_SHA512
162 struct sha512_state sha512;
163#endif
164#ifdef LTC_SHA256
165 struct sha256_state sha256;
166#endif
167#ifdef LTC_SHA1
168 struct sha1_state sha1;
169#endif
170#ifdef LTC_MD5
171 struct md5_state md5;
172#endif
173#ifdef LTC_MD4
174 struct md4_state md4;
175#endif
176#ifdef LTC_MD2
177 struct md2_state md2;
178#endif
179#ifdef LTC_TIGER
180 struct tiger_state tiger;
181#endif
182#ifdef LTC_RIPEMD128
183 struct rmd128_state rmd128;
184#endif
185#ifdef LTC_RIPEMD160
186 struct rmd160_state rmd160;
187#endif
188#ifdef LTC_RIPEMD256
189 struct rmd256_state rmd256;
190#endif
191#ifdef LTC_RIPEMD320
192 struct rmd320_state rmd320;
193#endif
194#ifdef LTC_BLAKE2S
195 struct blake2s_state blake2s;
196#endif
197#ifdef LTC_BLAKE2B
198 struct blake2b_state blake2b;
199#endif
200
201 void *data;
202} hash_state;
203
204/** hash descriptor */
205extern struct ltc_hash_descriptor {
206 /** name of hash */
207 const char *name;
208 /** internal ID */
209 unsigned char ID;
210 /** Size of digest in octets */
211 unsigned long hashsize;
212 /** Input block size in octets */
213 unsigned long blocksize;
214 /** ASN.1 OID */
215 unsigned long OID[16];
216 /** Length of DER encoding */
217 unsigned long OIDlen;
218
219 /** Init a hash state
220 @param hash The hash to initialize
221 @return CRYPT_OK if successful
222 */
223 int (*init)(hash_state *hash);
224 /** Process a block of data
225 @param hash The hash state
226 @param in The data to hash
227 @param inlen The length of the data (octets)
228 @return CRYPT_OK if successful
229 */
230 int (*process)(hash_state *hash, const unsigned char *in, unsigned long inlen);
231 /** Produce the digest and store it
232 @param hash The hash state
233 @param out [out] The destination of the digest
234 @return CRYPT_OK if successful
235 */
236 int (*done)(hash_state *hash, unsigned char *out);
237 /** Self-test
238 @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
239 */
240 int (*test)(void);
241
242 /* accelerated hmac callback: if you need to-do multiple packets just use the generic hmac_memory and provide a hash callback */
243 int (*hmac_block)(const unsigned char *key, unsigned long keylen,
244 const unsigned char *in, unsigned long inlen,
245 unsigned char *out, unsigned long *outlen);
246
247} hash_descriptor[];
248
249#ifdef LTC_CHC_HASH
250int chc_register(int cipher);
251int chc_init(hash_state * md);
252int chc_process(hash_state * md, const unsigned char *in, unsigned long inlen);
253int chc_done(hash_state * md, unsigned char *hash);
254int chc_test(void);
255extern const struct ltc_hash_descriptor chc_desc;
256#endif
257
258#ifdef LTC_WHIRLPOOL
259int whirlpool_init(hash_state * md);
260int whirlpool_process(hash_state * md, const unsigned char *in, unsigned long inlen);
261int whirlpool_done(hash_state * md, unsigned char *hash);
262int whirlpool_test(void);
263extern const struct ltc_hash_descriptor whirlpool_desc;
264#endif
265
266#ifdef LTC_SHA3
267int sha3_512_init(hash_state * md);
268int sha3_512_test(void);
269extern const struct ltc_hash_descriptor sha3_512_desc;
270int sha3_384_init(hash_state * md);
271int sha3_384_test(void);
272extern const struct ltc_hash_descriptor sha3_384_desc;
273int sha3_256_init(hash_state * md);
274int sha3_256_test(void);
275extern const struct ltc_hash_descriptor sha3_256_desc;
276int sha3_224_init(hash_state * md);
277int sha3_224_test(void);
278extern const struct ltc_hash_descriptor sha3_224_desc;
279/* process + done are the same for all variants */
280int sha3_process(hash_state * md, const unsigned char *in, unsigned long inlen);
281int sha3_done(hash_state *md, unsigned char *hash);
282/* SHAKE128 + SHAKE256 */
283int sha3_shake_init(hash_state *md, int num);
284#define sha3_shake_process(a,b,c) sha3_process(a,b,c)
285int sha3_shake_done(hash_state *md, unsigned char *out, unsigned long outlen);
286int sha3_shake_test(void);
287int sha3_shake_memory(int num, const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen);
288#endif
289
290#ifdef LTC_SHA512
291int sha512_init(hash_state * md);
292int sha512_process(hash_state * md, const unsigned char *in, unsigned long inlen);
293int sha512_done(hash_state * md, unsigned char *hash);
294int sha512_test(void);
295extern const struct ltc_hash_descriptor sha512_desc;
296#endif
297
298#ifdef LTC_SHA384
299#ifndef LTC_SHA512
300 #error LTC_SHA512 is required for LTC_SHA384
301#endif
302int sha384_init(hash_state * md);
303#define sha384_process sha512_process
304int sha384_done(hash_state * md, unsigned char *hash);
305int sha384_test(void);
306extern const struct ltc_hash_descriptor sha384_desc;
307#endif
308
309#ifdef LTC_SHA512_256
310#ifndef LTC_SHA512
311 #error LTC_SHA512 is required for LTC_SHA512_256
312#endif
313int sha512_256_init(hash_state * md);
314#define sha512_256_process sha512_process
315int sha512_256_done(hash_state * md, unsigned char *hash);
316int sha512_256_test(void);
317extern const struct ltc_hash_descriptor sha512_256_desc;
318#endif
319
320#ifdef LTC_SHA512_224
321#ifndef LTC_SHA512
322 #error LTC_SHA512 is required for LTC_SHA512_224
323#endif
324int sha512_224_init(hash_state * md);
325#define sha512_224_process sha512_process
326int sha512_224_done(hash_state * md, unsigned char *hash);
327int sha512_224_test(void);
328extern const struct ltc_hash_descriptor sha512_224_desc;
329#endif
330
331#ifdef LTC_SHA256
332int sha256_init(hash_state * md);
333int sha256_process(hash_state * md, const unsigned char *in, unsigned long inlen);
334int sha256_done(hash_state * md, unsigned char *hash);
335int sha256_test(void);
336extern const struct ltc_hash_descriptor sha256_desc;
337
338#ifdef LTC_SHA224
339#ifndef LTC_SHA256
340 #error LTC_SHA256 is required for LTC_SHA224
341#endif
342int sha224_init(hash_state * md);
343#define sha224_process sha256_process
344int sha224_done(hash_state * md, unsigned char *hash);
345int sha224_test(void);
346extern const struct ltc_hash_descriptor sha224_desc;
347#endif
348#endif
349
350#ifdef LTC_SHA1
351int sha1_init(hash_state * md);
352int sha1_process(hash_state * md, const unsigned char *in, unsigned long inlen);
353int sha1_done(hash_state * md, unsigned char *hash);
354int sha1_test(void);
355extern const struct ltc_hash_descriptor sha1_desc;
356#endif
357
358#ifdef LTC_BLAKE2S
359extern const struct ltc_hash_descriptor blake2s_256_desc;
360int blake2s_256_init(hash_state * md);
361int blake2s_256_test(void);
362
363extern const struct ltc_hash_descriptor blake2s_224_desc;
364int blake2s_224_init(hash_state * md);
365int blake2s_224_test(void);
366
367extern const struct ltc_hash_descriptor blake2s_160_desc;
368int blake2s_160_init(hash_state * md);
369int blake2s_160_test(void);
370
371extern const struct ltc_hash_descriptor blake2s_128_desc;
372int blake2s_128_init(hash_state * md);
373int blake2s_128_test(void);
374
375int blake2s_init(hash_state * md, unsigned long outlen, const unsigned char *key, unsigned long keylen);
376int blake2s_process(hash_state * md, const unsigned char *in, unsigned long inlen);
377int blake2s_done(hash_state * md, unsigned char *hash);
378#endif
379
380#ifdef LTC_BLAKE2B
381extern const struct ltc_hash_descriptor blake2b_512_desc;
382int blake2b_512_init(hash_state * md);
383int blake2b_512_test(void);
384
385extern const struct ltc_hash_descriptor blake2b_384_desc;
386int blake2b_384_init(hash_state * md);
387int blake2b_384_test(void);
388
389extern const struct ltc_hash_descriptor blake2b_256_desc;
390int blake2b_256_init(hash_state * md);
391int blake2b_256_test(void);
392
393extern const struct ltc_hash_descriptor blake2b_160_desc;
394int blake2b_160_init(hash_state * md);
395int blake2b_160_test(void);
396
397int blake2b_init(hash_state * md, unsigned long outlen, const unsigned char *key, unsigned long keylen);
398int blake2b_process(hash_state * md, const unsigned char *in, unsigned long inlen);
399int blake2b_done(hash_state * md, unsigned char *hash);
400#endif
401
402#ifdef LTC_MD5
403int md5_init(hash_state * md);
404int md5_process(hash_state * md, const unsigned char *in, unsigned long inlen);
405int md5_done(hash_state * md, unsigned char *hash);
406int md5_test(void);
407extern const struct ltc_hash_descriptor md5_desc;
408#endif
409
410#ifdef LTC_MD4
411int md4_init(hash_state * md);
412int md4_process(hash_state * md, const unsigned char *in, unsigned long inlen);
413int md4_done(hash_state * md, unsigned char *hash);
414int md4_test(void);
415extern const struct ltc_hash_descriptor md4_desc;
416#endif
417
418#ifdef LTC_MD2
419int md2_init(hash_state * md);
420int md2_process(hash_state * md, const unsigned char *in, unsigned long inlen);
421int md2_done(hash_state * md, unsigned char *hash);
422int md2_test(void);
423extern const struct ltc_hash_descriptor md2_desc;
424#endif
425
426#ifdef LTC_TIGER
427int tiger_init(hash_state * md);
428int tiger_process(hash_state * md, const unsigned char *in, unsigned long inlen);
429int tiger_done(hash_state * md, unsigned char *hash);
430int tiger_test(void);
431extern const struct ltc_hash_descriptor tiger_desc;
432#endif
433
434#ifdef LTC_RIPEMD128
435int rmd128_init(hash_state * md);
436int rmd128_process(hash_state * md, const unsigned char *in, unsigned long inlen);
437int rmd128_done(hash_state * md, unsigned char *hash);
438int rmd128_test(void);
439extern const struct ltc_hash_descriptor rmd128_desc;
440#endif
441
442#ifdef LTC_RIPEMD160
443int rmd160_init(hash_state * md);
444int rmd160_process(hash_state * md, const unsigned char *in, unsigned long inlen);
445int rmd160_done(hash_state * md, unsigned char *hash);
446int rmd160_test(void);
447extern const struct ltc_hash_descriptor rmd160_desc;
448#endif
449
450#ifdef LTC_RIPEMD256
451int rmd256_init(hash_state * md);
452int rmd256_process(hash_state * md, const unsigned char *in, unsigned long inlen);
453int rmd256_done(hash_state * md, unsigned char *hash);
454int rmd256_test(void);
455extern const struct ltc_hash_descriptor rmd256_desc;
456#endif
457
458#ifdef LTC_RIPEMD320
459int rmd320_init(hash_state * md);
460int rmd320_process(hash_state * md, const unsigned char *in, unsigned long inlen);
461int rmd320_done(hash_state * md, unsigned char *hash);
462int rmd320_test(void);
463extern const struct ltc_hash_descriptor rmd320_desc;
464#endif
465
466
467int find_hash(const char *name);
468int find_hash_id(unsigned char ID);
469int find_hash_oid(const unsigned long *ID, unsigned long IDlen);
470int find_hash_any(const char *name, int digestlen);
471int register_hash(const struct ltc_hash_descriptor *hash);
472int unregister_hash(const struct ltc_hash_descriptor *hash);
473int register_all_hashes(void);
474int hash_is_valid(int idx);
475
476LTC_MUTEX_PROTO(ltc_hash_mutex)
477
478int hash_memory(int hash,
479 const unsigned char *in, unsigned long inlen,
480 unsigned char *out, unsigned long *outlen);
481int hash_memory_multi(int hash, unsigned char *out, unsigned long *outlen,
482 const unsigned char *in, unsigned long inlen, ...);
483
484#ifndef LTC_NO_FILE
485int hash_filehandle(int hash, FILE *in, unsigned char *out, unsigned long *outlen);
486int hash_file(int hash, const char *fname, unsigned char *out, unsigned long *outlen);
487#endif
488
489/* a simple macro for making hash "process" functions */
490#define HASH_PROCESS(func_name, compress_name, state_var, block_size) \
491int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \
492{ \
493 unsigned long n; \
494 int err; \
495 LTC_ARGCHK(md != NULL); \
496 LTC_ARGCHK(in != NULL); \
497 if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \
498 return CRYPT_INVALID_ARG; \
499 } \
500 if ((md-> state_var .length + inlen) < md-> state_var .length) { \
501 return CRYPT_HASH_OVERFLOW; \
502 } \
503 while (inlen > 0) { \
504 if (md-> state_var .curlen == 0 && inlen >= block_size) { \
505 if ((err = compress_name (md, (unsigned char *)in)) != CRYPT_OK) { \
506 return err; \
507 } \
508 md-> state_var .length += block_size * 8; \
509 in += block_size; \
510 inlen -= block_size; \
511 } else { \
512 n = MIN(inlen, (block_size - md-> state_var .curlen)); \
513 XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \
514 md-> state_var .curlen += n; \
515 in += n; \
516 inlen -= n; \
517 if (md-> state_var .curlen == block_size) { \
518 if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \
519 return err; \
520 } \
521 md-> state_var .length += 8*block_size; \
522 md-> state_var .curlen = 0; \
523 } \
524 } \
525 } \
526 return CRYPT_OK; \
527}
528
529/* ref: HEAD -> master, tag: v1.18.2 */
530/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
531/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_mac.h b/utils/tomcrypt/src/headers/tomcrypt_mac.h
new file mode 100644
index 0000000000..80b922e751
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_mac.h
@@ -0,0 +1,565 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10#ifdef LTC_HMAC
11typedef struct Hmac_state {
12 hash_state md;
13 int hash;
14 hash_state hashstate;
15 unsigned char *key;
16} hmac_state;
17
18int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned long keylen);
19int hmac_process(hmac_state *hmac, const unsigned char *in, unsigned long inlen);
20int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen);
21int hmac_test(void);
22int hmac_memory(int hash,
23 const unsigned char *key, unsigned long keylen,
24 const unsigned char *in, unsigned long inlen,
25 unsigned char *out, unsigned long *outlen);
26int hmac_memory_multi(int hash,
27 const unsigned char *key, unsigned long keylen,
28 unsigned char *out, unsigned long *outlen,
29 const unsigned char *in, unsigned long inlen, ...);
30int hmac_file(int hash, const char *fname, const unsigned char *key,
31 unsigned long keylen,
32 unsigned char *dst, unsigned long *dstlen);
33#endif
34
35#ifdef LTC_OMAC
36
37typedef struct {
38 int cipher_idx,
39 buflen,
40 blklen;
41 unsigned char block[MAXBLOCKSIZE],
42 prev[MAXBLOCKSIZE],
43 Lu[2][MAXBLOCKSIZE];
44 symmetric_key key;
45} omac_state;
46
47int omac_init(omac_state *omac, int cipher, const unsigned char *key, unsigned long keylen);
48int omac_process(omac_state *omac, const unsigned char *in, unsigned long inlen);
49int omac_done(omac_state *omac, unsigned char *out, unsigned long *outlen);
50int omac_memory(int cipher,
51 const unsigned char *key, unsigned long keylen,
52 const unsigned char *in, unsigned long inlen,
53 unsigned char *out, unsigned long *outlen);
54int omac_memory_multi(int cipher,
55 const unsigned char *key, unsigned long keylen,
56 unsigned char *out, unsigned long *outlen,
57 const unsigned char *in, unsigned long inlen, ...);
58int omac_file(int cipher,
59 const unsigned char *key, unsigned long keylen,
60 const char *filename,
61 unsigned char *out, unsigned long *outlen);
62int omac_test(void);
63#endif /* LTC_OMAC */
64
65#ifdef LTC_PMAC
66
67typedef struct {
68 unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
69 Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
70 Lr[MAXBLOCKSIZE], /* L * x^-1 */
71 block[MAXBLOCKSIZE], /* currently accumulated block */
72 checksum[MAXBLOCKSIZE]; /* current checksum */
73
74 symmetric_key key; /* scheduled key for cipher */
75 unsigned long block_index; /* index # for current block */
76 int cipher_idx, /* cipher idx */
77 block_len, /* length of block */
78 buflen; /* number of bytes in the buffer */
79} pmac_state;
80
81int pmac_init(pmac_state *pmac, int cipher, const unsigned char *key, unsigned long keylen);
82int pmac_process(pmac_state *pmac, const unsigned char *in, unsigned long inlen);
83int pmac_done(pmac_state *pmac, unsigned char *out, unsigned long *outlen);
84
85int pmac_memory(int cipher,
86 const unsigned char *key, unsigned long keylen,
87 const unsigned char *msg, unsigned long msglen,
88 unsigned char *out, unsigned long *outlen);
89
90int pmac_memory_multi(int cipher,
91 const unsigned char *key, unsigned long keylen,
92 unsigned char *out, unsigned long *outlen,
93 const unsigned char *in, unsigned long inlen, ...);
94
95int pmac_file(int cipher,
96 const unsigned char *key, unsigned long keylen,
97 const char *filename,
98 unsigned char *out, unsigned long *outlen);
99
100int pmac_test(void);
101
102/* internal functions */
103int pmac_ntz(unsigned long x);
104void pmac_shift_xor(pmac_state *pmac);
105
106#endif /* PMAC */
107
108#ifdef LTC_POLY1305
109typedef struct {
110 ulong32 r[5];
111 ulong32 h[5];
112 ulong32 pad[4];
113 unsigned long leftover;
114 unsigned char buffer[16];
115 int final;
116} poly1305_state;
117
118int poly1305_init(poly1305_state *st, const unsigned char *key, unsigned long keylen);
119int poly1305_process(poly1305_state *st, const unsigned char *in, unsigned long inlen);
120int poly1305_done(poly1305_state *st, unsigned char *mac, unsigned long *maclen);
121int poly1305_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen);
122int poly1305_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...);
123int poly1305_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen);
124int poly1305_test(void);
125#endif /* LTC_POLY1305 */
126
127#ifdef LTC_BLAKE2SMAC
128typedef hash_state blake2smac_state;
129int blake2smac_init(blake2smac_state *st, unsigned long outlen, const unsigned char *key, unsigned long keylen);
130int blake2smac_process(blake2smac_state *st, const unsigned char *in, unsigned long inlen);
131int blake2smac_done(blake2smac_state *st, unsigned char *mac, unsigned long *maclen);
132int blake2smac_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen);
133int blake2smac_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...);
134int blake2smac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen);
135int blake2smac_test(void);
136#endif /* LTC_BLAKE2SMAC */
137
138#ifdef LTC_BLAKE2BMAC
139typedef hash_state blake2bmac_state;
140int blake2bmac_init(blake2bmac_state *st, unsigned long outlen, const unsigned char *key, unsigned long keylen);
141int blake2bmac_process(blake2bmac_state *st, const unsigned char *in, unsigned long inlen);
142int blake2bmac_done(blake2bmac_state *st, unsigned char *mac, unsigned long *maclen);
143int blake2bmac_memory(const unsigned char *key, unsigned long keylen, const unsigned char *in, unsigned long inlen, unsigned char *mac, unsigned long *maclen);
144int blake2bmac_memory_multi(const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen, const unsigned char *in, unsigned long inlen, ...);
145int blake2bmac_file(const char *fname, const unsigned char *key, unsigned long keylen, unsigned char *mac, unsigned long *maclen);
146int blake2bmac_test(void);
147#endif /* LTC_BLAKE2BMAC */
148
149#ifdef LTC_EAX_MODE
150
151#if !(defined(LTC_OMAC) && defined(LTC_CTR_MODE))
152 #error LTC_EAX_MODE requires LTC_OMAC and CTR
153#endif
154
155typedef struct {
156 unsigned char N[MAXBLOCKSIZE];
157 symmetric_CTR ctr;
158 omac_state headeromac, ctomac;
159} eax_state;
160
161int eax_init(eax_state *eax, int cipher, const unsigned char *key, unsigned long keylen,
162 const unsigned char *nonce, unsigned long noncelen,
163 const unsigned char *header, unsigned long headerlen);
164
165int eax_encrypt(eax_state *eax, const unsigned char *pt, unsigned char *ct, unsigned long length);
166int eax_decrypt(eax_state *eax, const unsigned char *ct, unsigned char *pt, unsigned long length);
167int eax_addheader(eax_state *eax, const unsigned char *header, unsigned long length);
168int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen);
169
170int eax_encrypt_authenticate_memory(int cipher,
171 const unsigned char *key, unsigned long keylen,
172 const unsigned char *nonce, unsigned long noncelen,
173 const unsigned char *header, unsigned long headerlen,
174 const unsigned char *pt, unsigned long ptlen,
175 unsigned char *ct,
176 unsigned char *tag, unsigned long *taglen);
177
178int eax_decrypt_verify_memory(int cipher,
179 const unsigned char *key, unsigned long keylen,
180 const unsigned char *nonce, unsigned long noncelen,
181 const unsigned char *header, unsigned long headerlen,
182 const unsigned char *ct, unsigned long ctlen,
183 unsigned char *pt,
184 unsigned char *tag, unsigned long taglen,
185 int *stat);
186
187 int eax_test(void);
188#endif /* EAX MODE */
189
190#ifdef LTC_OCB_MODE
191typedef struct {
192 unsigned char L[MAXBLOCKSIZE], /* L value */
193 Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
194 Li[MAXBLOCKSIZE], /* value of Li [current value, we calc from previous recall] */
195 Lr[MAXBLOCKSIZE], /* L * x^-1 */
196 R[MAXBLOCKSIZE], /* R value */
197 checksum[MAXBLOCKSIZE]; /* current checksum */
198
199 symmetric_key key; /* scheduled key for cipher */
200 unsigned long block_index; /* index # for current block */
201 int cipher, /* cipher idx */
202 block_len; /* length of block */
203} ocb_state;
204
205int ocb_init(ocb_state *ocb, int cipher,
206 const unsigned char *key, unsigned long keylen, const unsigned char *nonce);
207
208int ocb_encrypt(ocb_state *ocb, const unsigned char *pt, unsigned char *ct);
209int ocb_decrypt(ocb_state *ocb, const unsigned char *ct, unsigned char *pt);
210
211int ocb_done_encrypt(ocb_state *ocb,
212 const unsigned char *pt, unsigned long ptlen,
213 unsigned char *ct,
214 unsigned char *tag, unsigned long *taglen);
215
216int ocb_done_decrypt(ocb_state *ocb,
217 const unsigned char *ct, unsigned long ctlen,
218 unsigned char *pt,
219 const unsigned char *tag, unsigned long taglen, int *stat);
220
221int ocb_encrypt_authenticate_memory(int cipher,
222 const unsigned char *key, unsigned long keylen,
223 const unsigned char *nonce,
224 const unsigned char *pt, unsigned long ptlen,
225 unsigned char *ct,
226 unsigned char *tag, unsigned long *taglen);
227
228int ocb_decrypt_verify_memory(int cipher,
229 const unsigned char *key, unsigned long keylen,
230 const unsigned char *nonce,
231 const unsigned char *ct, unsigned long ctlen,
232 unsigned char *pt,
233 const unsigned char *tag, unsigned long taglen,
234 int *stat);
235
236int ocb_test(void);
237
238/* internal functions */
239void ocb_shift_xor(ocb_state *ocb, unsigned char *Z);
240int ocb_ntz(unsigned long x);
241int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
242 unsigned char *ct, unsigned char *tag, unsigned long *taglen, int mode);
243
244#endif /* LTC_OCB_MODE */
245
246#ifdef LTC_OCB3_MODE
247typedef struct {
248 unsigned char Offset_0[MAXBLOCKSIZE], /* Offset_0 value */
249 Offset_current[MAXBLOCKSIZE], /* Offset_{current_block_index} value */
250 L_dollar[MAXBLOCKSIZE], /* L_$ value */
251 L_star[MAXBLOCKSIZE], /* L_* value */
252 L_[32][MAXBLOCKSIZE], /* L_{i} values */
253 tag_part[MAXBLOCKSIZE], /* intermediate result of tag calculation */
254 checksum[MAXBLOCKSIZE]; /* current checksum */
255
256 /* AAD related members */
257 unsigned char aSum_current[MAXBLOCKSIZE], /* AAD related helper variable */
258 aOffset_current[MAXBLOCKSIZE], /* AAD related helper variable */
259 adata_buffer[MAXBLOCKSIZE]; /* AAD buffer */
260 int adata_buffer_bytes; /* bytes in AAD buffer */
261 unsigned long ablock_index; /* index # for current adata (AAD) block */
262
263 symmetric_key key; /* scheduled key for cipher */
264 unsigned long block_index; /* index # for current data block */
265 int cipher, /* cipher idx */
266 tag_len, /* length of tag */
267 block_len; /* length of block */
268} ocb3_state;
269
270int ocb3_init(ocb3_state *ocb, int cipher,
271 const unsigned char *key, unsigned long keylen,
272 const unsigned char *nonce, unsigned long noncelen,
273 unsigned long taglen);
274
275int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
276int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
277int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
278int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
279int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen);
280int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen);
281
282int ocb3_encrypt_authenticate_memory(int cipher,
283 const unsigned char *key, unsigned long keylen,
284 const unsigned char *nonce, unsigned long noncelen,
285 const unsigned char *adata, unsigned long adatalen,
286 const unsigned char *pt, unsigned long ptlen,
287 unsigned char *ct,
288 unsigned char *tag, unsigned long *taglen);
289
290int ocb3_decrypt_verify_memory(int cipher,
291 const unsigned char *key, unsigned long keylen,
292 const unsigned char *nonce, unsigned long noncelen,
293 const unsigned char *adata, unsigned long adatalen,
294 const unsigned char *ct, unsigned long ctlen,
295 unsigned char *pt,
296 const unsigned char *tag, unsigned long taglen,
297 int *stat);
298
299int ocb3_test(void);
300
301#ifdef LTC_SOURCE
302/* internal helper functions */
303int ocb3_int_ntz(unsigned long x);
304void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len);
305#endif /* LTC_SOURCE */
306
307#endif /* LTC_OCB3_MODE */
308
309#ifdef LTC_CCM_MODE
310
311#define CCM_ENCRYPT LTC_ENCRYPT
312#define CCM_DECRYPT LTC_DECRYPT
313
314typedef struct {
315 symmetric_key K;
316 int cipher, /* which cipher */
317 taglen, /* length of the tag */
318 x; /* index in PAD */
319
320 unsigned long L, /* L value */
321 ptlen, /* length that will be enc / dec */
322 current_ptlen, /* current processed length */
323 aadlen, /* length of the aad */
324 current_aadlen, /* length of the currently provided add */
325 noncelen; /* length of the nonce */
326
327 unsigned char PAD[16],
328 ctr[16],
329 CTRPAD[16],
330 CTRlen;
331} ccm_state;
332
333int ccm_init(ccm_state *ccm, int cipher,
334 const unsigned char *key, int keylen, int ptlen, int taglen, int aad_len);
335
336int ccm_reset(ccm_state *ccm);
337
338int ccm_add_nonce(ccm_state *ccm,
339 const unsigned char *nonce, unsigned long noncelen);
340
341int ccm_add_aad(ccm_state *ccm,
342 const unsigned char *adata, unsigned long adatalen);
343
344int ccm_process(ccm_state *ccm,
345 unsigned char *pt, unsigned long ptlen,
346 unsigned char *ct,
347 int direction);
348
349int ccm_done(ccm_state *ccm,
350 unsigned char *tag, unsigned long *taglen);
351
352int ccm_memory(int cipher,
353 const unsigned char *key, unsigned long keylen,
354 symmetric_key *uskey,
355 const unsigned char *nonce, unsigned long noncelen,
356 const unsigned char *header, unsigned long headerlen,
357 unsigned char *pt, unsigned long ptlen,
358 unsigned char *ct,
359 unsigned char *tag, unsigned long *taglen,
360 int direction);
361
362int ccm_test(void);
363
364#endif /* LTC_CCM_MODE */
365
366#if defined(LRW_MODE) || defined(LTC_GCM_MODE)
367void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
368#endif
369
370
371/* table shared between GCM and LRW */
372#if defined(LTC_GCM_TABLES) || defined(LTC_LRW_TABLES) || ((defined(LTC_GCM_MODE) || defined(LTC_GCM_MODE)) && defined(LTC_FAST))
373extern const unsigned char gcm_shift_table[];
374#endif
375
376#ifdef LTC_GCM_MODE
377
378#define GCM_ENCRYPT LTC_ENCRYPT
379#define GCM_DECRYPT LTC_DECRYPT
380
381#define LTC_GCM_MODE_IV 0
382#define LTC_GCM_MODE_AAD 1
383#define LTC_GCM_MODE_TEXT 2
384
385typedef struct {
386 symmetric_key K;
387 unsigned char H[16], /* multiplier */
388 X[16], /* accumulator */
389 Y[16], /* counter */
390 Y_0[16], /* initial counter */
391 buf[16]; /* buffer for stuff */
392
393 int cipher, /* which cipher */
394 ivmode, /* Which mode is the IV in? */
395 mode, /* mode the GCM code is in */
396 buflen; /* length of data in buf */
397
398 ulong64 totlen, /* 64-bit counter used for IV and AAD */
399 pttotlen; /* 64-bit counter for the PT */
400
401#ifdef LTC_GCM_TABLES
402 unsigned char PC[16][256][16] /* 16 tables of 8x128 */
403#ifdef LTC_GCM_TABLES_SSE2
404__attribute__ ((aligned (16)))
405#endif
406;
407#endif
408} gcm_state;
409
410void gcm_mult_h(gcm_state *gcm, unsigned char *I);
411
412int gcm_init(gcm_state *gcm, int cipher,
413 const unsigned char *key, int keylen);
414
415int gcm_reset(gcm_state *gcm);
416
417int gcm_add_iv(gcm_state *gcm,
418 const unsigned char *IV, unsigned long IVlen);
419
420int gcm_add_aad(gcm_state *gcm,
421 const unsigned char *adata, unsigned long adatalen);
422
423int gcm_process(gcm_state *gcm,
424 unsigned char *pt, unsigned long ptlen,
425 unsigned char *ct,
426 int direction);
427
428int gcm_done(gcm_state *gcm,
429 unsigned char *tag, unsigned long *taglen);
430
431int gcm_memory( int cipher,
432 const unsigned char *key, unsigned long keylen,
433 const unsigned char *IV, unsigned long IVlen,
434 const unsigned char *adata, unsigned long adatalen,
435 unsigned char *pt, unsigned long ptlen,
436 unsigned char *ct,
437 unsigned char *tag, unsigned long *taglen,
438 int direction);
439int gcm_test(void);
440
441#endif /* LTC_GCM_MODE */
442
443#ifdef LTC_PELICAN
444
445typedef struct pelican_state
446{
447 symmetric_key K;
448 unsigned char state[16];
449 int buflen;
450} pelican_state;
451
452int pelican_init(pelican_state *pelmac, const unsigned char *key, unsigned long keylen);
453int pelican_process(pelican_state *pelmac, const unsigned char *in, unsigned long inlen);
454int pelican_done(pelican_state *pelmac, unsigned char *out);
455int pelican_test(void);
456
457int pelican_memory(const unsigned char *key, unsigned long keylen,
458 const unsigned char *in, unsigned long inlen,
459 unsigned char *out);
460
461#endif
462
463#ifdef LTC_XCBC
464
465/* add this to "keylen" to xcbc_init to use a pure three-key XCBC MAC */
466#define LTC_XCBC_PURE 0x8000UL
467
468typedef struct {
469 unsigned char K[3][MAXBLOCKSIZE],
470 IV[MAXBLOCKSIZE];
471
472 symmetric_key key;
473
474 int cipher,
475 buflen,
476 blocksize;
477} xcbc_state;
478
479int xcbc_init(xcbc_state *xcbc, int cipher, const unsigned char *key, unsigned long keylen);
480int xcbc_process(xcbc_state *xcbc, const unsigned char *in, unsigned long inlen);
481int xcbc_done(xcbc_state *xcbc, unsigned char *out, unsigned long *outlen);
482int xcbc_memory(int cipher,
483 const unsigned char *key, unsigned long keylen,
484 const unsigned char *in, unsigned long inlen,
485 unsigned char *out, unsigned long *outlen);
486int xcbc_memory_multi(int cipher,
487 const unsigned char *key, unsigned long keylen,
488 unsigned char *out, unsigned long *outlen,
489 const unsigned char *in, unsigned long inlen, ...);
490int xcbc_file(int cipher,
491 const unsigned char *key, unsigned long keylen,
492 const char *filename,
493 unsigned char *out, unsigned long *outlen);
494int xcbc_test(void);
495
496#endif
497
498#ifdef LTC_F9_MODE
499
500typedef struct {
501 unsigned char akey[MAXBLOCKSIZE],
502 ACC[MAXBLOCKSIZE],
503 IV[MAXBLOCKSIZE];
504
505 symmetric_key key;
506
507 int cipher,
508 buflen,
509 keylen,
510 blocksize;
511} f9_state;
512
513int f9_init(f9_state *f9, int cipher, const unsigned char *key, unsigned long keylen);
514int f9_process(f9_state *f9, const unsigned char *in, unsigned long inlen);
515int f9_done(f9_state *f9, unsigned char *out, unsigned long *outlen);
516int f9_memory(int cipher,
517 const unsigned char *key, unsigned long keylen,
518 const unsigned char *in, unsigned long inlen,
519 unsigned char *out, unsigned long *outlen);
520int f9_memory_multi(int cipher,
521 const unsigned char *key, unsigned long keylen,
522 unsigned char *out, unsigned long *outlen,
523 const unsigned char *in, unsigned long inlen, ...);
524int f9_file(int cipher,
525 const unsigned char *key, unsigned long keylen,
526 const char *filename,
527 unsigned char *out, unsigned long *outlen);
528int f9_test(void);
529
530#endif
531
532#ifdef LTC_CHACHA20POLY1305_MODE
533
534typedef struct {
535 poly1305_state poly;
536 chacha_state chacha;
537 ulong64 aadlen;
538 ulong64 ctlen;
539 int aadflg;
540} chacha20poly1305_state;
541
542#define CHACHA20POLY1305_ENCRYPT LTC_ENCRYPT
543#define CHACHA20POLY1305_DECRYPT LTC_DECRYPT
544
545int chacha20poly1305_init(chacha20poly1305_state *st, const unsigned char *key, unsigned long keylen);
546int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen);
547int chacha20poly1305_setiv_rfc7905(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen, ulong64 sequence_number);
548int chacha20poly1305_add_aad(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen);
549int chacha20poly1305_encrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
550int chacha20poly1305_decrypt(chacha20poly1305_state *st, const unsigned char *in, unsigned long inlen, unsigned char *out);
551int chacha20poly1305_done(chacha20poly1305_state *st, unsigned char *tag, unsigned long *taglen);
552int chacha20poly1305_memory(const unsigned char *key, unsigned long keylen,
553 const unsigned char *iv, unsigned long ivlen,
554 const unsigned char *aad, unsigned long aadlen,
555 const unsigned char *in, unsigned long inlen,
556 unsigned char *out,
557 unsigned char *tag, unsigned long *taglen,
558 int direction);
559int chacha20poly1305_test(void);
560
561#endif /* LTC_CHACHA20POLY1305_MODE */
562
563/* ref: HEAD -> master, tag: v1.18.2 */
564/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
565/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_macros.h b/utils/tomcrypt/src/headers/tomcrypt_macros.h
new file mode 100644
index 0000000000..a3a335e455
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_macros.h
@@ -0,0 +1,446 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/* ---- HELPER MACROS ---- */
11#ifdef ENDIAN_NEUTRAL
12
13#define STORE32L(x, y) \
14 do { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
15 (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0)
16
17#define LOAD32L(x, y) \
18 do { x = ((ulong32)((y)[3] & 255)<<24) | \
19 ((ulong32)((y)[2] & 255)<<16) | \
20 ((ulong32)((y)[1] & 255)<<8) | \
21 ((ulong32)((y)[0] & 255)); } while(0)
22
23#define STORE64L(x, y) \
24 do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \
25 (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \
26 (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
27 (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0)
28
29#define LOAD64L(x, y) \
30 do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \
31 (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \
32 (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \
33 (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0)
34
35#define STORE32H(x, y) \
36 do { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \
37 (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } while(0)
38
39#define LOAD32H(x, y) \
40 do { x = ((ulong32)((y)[0] & 255)<<24) | \
41 ((ulong32)((y)[1] & 255)<<16) | \
42 ((ulong32)((y)[2] & 255)<<8) | \
43 ((ulong32)((y)[3] & 255)); } while(0)
44
45#define STORE64H(x, y) \
46do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \
47 (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \
48 (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \
49 (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0)
50
51#define LOAD64H(x, y) \
52do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \
53 (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \
54 (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \
55 (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } while(0)
56
57
58#elif defined(ENDIAN_LITTLE)
59
60#ifdef LTC_HAVE_BSWAP_BUILTIN
61
62#define STORE32H(x, y) \
63do { ulong32 __t = __builtin_bswap32 ((x)); \
64 XMEMCPY ((y), &__t, 4); } while(0)
65
66#define LOAD32H(x, y) \
67do { XMEMCPY (&(x), (y), 4); \
68 (x) = __builtin_bswap32 ((x)); } while(0)
69
70#elif !defined(LTC_NO_BSWAP) && (defined(INTEL_CC) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__) || defined(__x86_64__))))
71
72#define STORE32H(x, y) \
73asm __volatile__ ( \
74 "bswapl %0 \n\t" \
75 "movl %0,(%1)\n\t" \
76 "bswapl %0 \n\t" \
77 ::"r"(x), "r"(y));
78
79#define LOAD32H(x, y) \
80asm __volatile__ ( \
81 "movl (%1),%0\n\t" \
82 "bswapl %0\n\t" \
83 :"=r"(x): "r"(y));
84
85#else
86
87#define STORE32H(x, y) \
88 do { (y)[0] = (unsigned char)(((x)>>24)&255); (y)[1] = (unsigned char)(((x)>>16)&255); \
89 (y)[2] = (unsigned char)(((x)>>8)&255); (y)[3] = (unsigned char)((x)&255); } while(0)
90
91#define LOAD32H(x, y) \
92 do { x = ((ulong32)((y)[0] & 255)<<24) | \
93 ((ulong32)((y)[1] & 255)<<16) | \
94 ((ulong32)((y)[2] & 255)<<8) | \
95 ((ulong32)((y)[3] & 255)); } while(0)
96
97#endif
98
99#ifdef LTC_HAVE_BSWAP_BUILTIN
100
101#define STORE64H(x, y) \
102do { ulong64 __t = __builtin_bswap64 ((x)); \
103 XMEMCPY ((y), &__t, 8); } while(0)
104
105#define LOAD64H(x, y) \
106do { XMEMCPY (&(x), (y), 8); \
107 (x) = __builtin_bswap64 ((x)); } while(0)
108
109/* x86_64 processor */
110#elif !defined(LTC_NO_BSWAP) && (defined(__GNUC__) && defined(__x86_64__))
111
112#define STORE64H(x, y) \
113asm __volatile__ ( \
114 "bswapq %0 \n\t" \
115 "movq %0,(%1)\n\t" \
116 "bswapq %0 \n\t" \
117 ::"r"(x), "r"(y): "memory");
118
119#define LOAD64H(x, y) \
120asm __volatile__ ( \
121 "movq (%1),%0\n\t" \
122 "bswapq %0\n\t" \
123 :"=r"(x): "r"(y): "memory");
124
125#else
126
127#define STORE64H(x, y) \
128do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \
129 (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \
130 (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \
131 (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0)
132
133#define LOAD64H(x, y) \
134do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48) | \
135 (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32) | \
136 (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16) | \
137 (((ulong64)((y)[6] & 255))<<8)|(((ulong64)((y)[7] & 255))); } while(0)
138
139#endif
140
141#ifdef ENDIAN_32BITWORD
142
143#define STORE32L(x, y) \
144 do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0)
145
146#define LOAD32L(x, y) \
147 do { XMEMCPY(&(x), y, 4); } while(0)
148
149#define STORE64L(x, y) \
150 do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \
151 (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \
152 (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
153 (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0)
154
155#define LOAD64L(x, y) \
156 do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48)| \
157 (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32)| \
158 (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16)| \
159 (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0)
160
161#else /* 64-bit words then */
162
163#define STORE32L(x, y) \
164 do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0)
165
166#define LOAD32L(x, y) \
167 do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0)
168
169#define STORE64L(x, y) \
170 do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0)
171
172#define LOAD64L(x, y) \
173 do { XMEMCPY(&(x), y, 8); } while(0)
174
175#endif /* ENDIAN_64BITWORD */
176
177#elif defined(ENDIAN_BIG)
178
179#define STORE32L(x, y) \
180 do { (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
181 (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0)
182
183#define LOAD32L(x, y) \
184 do { x = ((ulong32)((y)[3] & 255)<<24) | \
185 ((ulong32)((y)[2] & 255)<<16) | \
186 ((ulong32)((y)[1] & 255)<<8) | \
187 ((ulong32)((y)[0] & 255)); } while(0)
188
189#define STORE64L(x, y) \
190do { (y)[7] = (unsigned char)(((x)>>56)&255); (y)[6] = (unsigned char)(((x)>>48)&255); \
191 (y)[5] = (unsigned char)(((x)>>40)&255); (y)[4] = (unsigned char)(((x)>>32)&255); \
192 (y)[3] = (unsigned char)(((x)>>24)&255); (y)[2] = (unsigned char)(((x)>>16)&255); \
193 (y)[1] = (unsigned char)(((x)>>8)&255); (y)[0] = (unsigned char)((x)&255); } while(0)
194
195#define LOAD64L(x, y) \
196do { x = (((ulong64)((y)[7] & 255))<<56)|(((ulong64)((y)[6] & 255))<<48) | \
197 (((ulong64)((y)[5] & 255))<<40)|(((ulong64)((y)[4] & 255))<<32) | \
198 (((ulong64)((y)[3] & 255))<<24)|(((ulong64)((y)[2] & 255))<<16) | \
199 (((ulong64)((y)[1] & 255))<<8)|(((ulong64)((y)[0] & 255))); } while(0)
200
201#ifdef ENDIAN_32BITWORD
202
203#define STORE32H(x, y) \
204 do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0)
205
206#define LOAD32H(x, y) \
207 do { XMEMCPY(&(x), y, 4); } while(0)
208
209#define STORE64H(x, y) \
210 do { (y)[0] = (unsigned char)(((x)>>56)&255); (y)[1] = (unsigned char)(((x)>>48)&255); \
211 (y)[2] = (unsigned char)(((x)>>40)&255); (y)[3] = (unsigned char)(((x)>>32)&255); \
212 (y)[4] = (unsigned char)(((x)>>24)&255); (y)[5] = (unsigned char)(((x)>>16)&255); \
213 (y)[6] = (unsigned char)(((x)>>8)&255); (y)[7] = (unsigned char)((x)&255); } while(0)
214
215#define LOAD64H(x, y) \
216 do { x = (((ulong64)((y)[0] & 255))<<56)|(((ulong64)((y)[1] & 255))<<48)| \
217 (((ulong64)((y)[2] & 255))<<40)|(((ulong64)((y)[3] & 255))<<32)| \
218 (((ulong64)((y)[4] & 255))<<24)|(((ulong64)((y)[5] & 255))<<16)| \
219 (((ulong64)((y)[6] & 255))<<8)| (((ulong64)((y)[7] & 255))); } while(0)
220
221#else /* 64-bit words then */
222
223#define STORE32H(x, y) \
224 do { ulong32 __t = (x); XMEMCPY(y, &__t, 4); } while(0)
225
226#define LOAD32H(x, y) \
227 do { XMEMCPY(&(x), y, 4); x &= 0xFFFFFFFF; } while(0)
228
229#define STORE64H(x, y) \
230 do { ulong64 __t = (x); XMEMCPY(y, &__t, 8); } while(0)
231
232#define LOAD64H(x, y) \
233 do { XMEMCPY(&(x), y, 8); } while(0)
234
235#endif /* ENDIAN_64BITWORD */
236#endif /* ENDIAN_BIG */
237
238#define BSWAP(x) ( ((x>>24)&0x000000FFUL) | ((x<<24)&0xFF000000UL) | \
239 ((x>>8)&0x0000FF00UL) | ((x<<8)&0x00FF0000UL) )
240
241
242/* 32-bit Rotates */
243#if defined(_MSC_VER)
244#define LTC_ROx_ASM
245
246/* instrinsic rotate */
247#include <stdlib.h>
248#pragma intrinsic(_lrotr,_lrotl)
249#define ROR(x,n) _lrotr(x,n)
250#define ROL(x,n) _lrotl(x,n)
251#define RORc(x,n) _lrotr(x,n)
252#define ROLc(x,n) _lrotl(x,n)
253
254#elif !defined(__STRICT_ANSI__) && defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)) && !defined(INTEL_CC) && !defined(LTC_NO_ASM)
255#define LTC_ROx_ASM
256
257static inline ulong32 ROL(ulong32 word, int i)
258{
259 asm ("roll %%cl,%0"
260 :"=r" (word)
261 :"0" (word),"c" (i));
262 return word;
263}
264
265static inline ulong32 ROR(ulong32 word, int i)
266{
267 asm ("rorl %%cl,%0"
268 :"=r" (word)
269 :"0" (word),"c" (i));
270 return word;
271}
272
273#ifndef LTC_NO_ROLC
274
275#define ROLc(word,i) ({ \
276 ulong32 __ROLc_tmp = (word); \
277 __asm__ ("roll %2, %0" : \
278 "=r" (__ROLc_tmp) : \
279 "0" (__ROLc_tmp), \
280 "I" (i)); \
281 __ROLc_tmp; \
282 })
283#define RORc(word,i) ({ \
284 ulong32 __RORc_tmp = (word); \
285 __asm__ ("rorl %2, %0" : \
286 "=r" (__RORc_tmp) : \
287 "0" (__RORc_tmp), \
288 "I" (i)); \
289 __RORc_tmp; \
290 })
291
292#else
293
294#define ROLc ROL
295#define RORc ROR
296
297#endif
298
299#elif !defined(__STRICT_ANSI__) && defined(LTC_PPC32)
300#define LTC_ROx_ASM
301
302static inline ulong32 ROL(ulong32 word, int i)
303{
304 asm ("rotlw %0,%0,%2"
305 :"=r" (word)
306 :"0" (word),"r" (i));
307 return word;
308}
309
310static inline ulong32 ROR(ulong32 word, int i)
311{
312 asm ("rotlw %0,%0,%2"
313 :"=r" (word)
314 :"0" (word),"r" (32-i));
315 return word;
316}
317
318#ifndef LTC_NO_ROLC
319
320static inline ulong32 ROLc(ulong32 word, const int i)
321{
322 asm ("rotlwi %0,%0,%2"
323 :"=r" (word)
324 :"0" (word),"I" (i));
325 return word;
326}
327
328static inline ulong32 RORc(ulong32 word, const int i)
329{
330 asm ("rotrwi %0,%0,%2"
331 :"=r" (word)
332 :"0" (word),"I" (i));
333 return word;
334}
335
336#else
337
338#define ROLc ROL
339#define RORc ROR
340
341#endif
342
343
344#else
345
346/* rotates the hard way */
347#define ROL(x, y) ( (((ulong32)(x)<<(ulong32)((y)&31)) | (((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL)
348#define ROR(x, y) ( ((((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((y)&31)) | ((ulong32)(x)<<(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL)
349#define ROLc(x, y) ( (((ulong32)(x)<<(ulong32)((y)&31)) | (((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL)
350#define RORc(x, y) ( ((((ulong32)(x)&0xFFFFFFFFUL)>>(ulong32)((y)&31)) | ((ulong32)(x)<<(ulong32)((32-((y)&31))&31))) & 0xFFFFFFFFUL)
351
352#endif
353
354
355/* 64-bit Rotates */
356#if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(_WIN64) && !defined(LTC_NO_ASM)
357
358static inline ulong64 ROL64(ulong64 word, int i)
359{
360 asm("rolq %%cl,%0"
361 :"=r" (word)
362 :"0" (word),"c" (i));
363 return word;
364}
365
366static inline ulong64 ROR64(ulong64 word, int i)
367{
368 asm("rorq %%cl,%0"
369 :"=r" (word)
370 :"0" (word),"c" (i));
371 return word;
372}
373
374#ifndef LTC_NO_ROLC
375
376#define ROL64c(word,i) ({ \
377 ulong64 __ROL64c_tmp = word; \
378 __asm__ ("rolq %2, %0" : \
379 "=r" (__ROL64c_tmp) : \
380 "0" (__ROL64c_tmp), \
381 "J" (i)); \
382 __ROL64c_tmp; \
383 })
384#define ROR64c(word,i) ({ \
385 ulong64 __ROR64c_tmp = word; \
386 __asm__ ("rorq %2, %0" : \
387 "=r" (__ROR64c_tmp) : \
388 "0" (__ROR64c_tmp), \
389 "J" (i)); \
390 __ROR64c_tmp; \
391 })
392
393#else /* LTC_NO_ROLC */
394
395#define ROL64c ROL64
396#define ROR64c ROR64
397
398#endif
399
400#else /* Not x86_64 */
401
402#define ROL64(x, y) \
403 ( (((x)<<((ulong64)(y)&63)) | \
404 (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF))
405
406#define ROR64(x, y) \
407 ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \
408 ((x)<<(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF))
409
410#define ROL64c(x, y) \
411 ( (((x)<<((ulong64)(y)&63)) | \
412 (((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF))
413
414#define ROR64c(x, y) \
415 ( ((((x)&CONST64(0xFFFFFFFFFFFFFFFF))>>((ulong64)(y)&CONST64(63))) | \
416 ((x)<<(((ulong64)64-((y)&63))&63))) & CONST64(0xFFFFFFFFFFFFFFFF))
417
418#endif
419
420#ifndef MAX
421 #define MAX(x, y) ( ((x)>(y))?(x):(y) )
422#endif
423
424#ifndef MIN
425 #define MIN(x, y) ( ((x)<(y))?(x):(y) )
426#endif
427
428#ifndef LTC_UNUSED_PARAM
429 #define LTC_UNUSED_PARAM(x) (void)(x)
430#endif
431
432/* extract a byte portably */
433#ifdef _MSC_VER
434 #define byte(x, n) ((unsigned char)((x) >> (8 * (n))))
435#else
436 #define byte(x, n) (((x) >> (8 * (n))) & 255)
437#endif
438
439/* there is no snprintf before Visual C++ 2015 */
440#if defined(_MSC_VER) && _MSC_VER < 1900
441#define snprintf _snprintf
442#endif
443
444/* ref: HEAD -> master, tag: v1.18.2 */
445/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
446/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_math.h b/utils/tomcrypt/src/headers/tomcrypt_math.h
new file mode 100644
index 0000000000..137e451ef1
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_math.h
@@ -0,0 +1,583 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/** math functions **/
11
12#define LTC_MP_LT -1
13#define LTC_MP_EQ 0
14#define LTC_MP_GT 1
15
16#define LTC_MP_NO 0
17#define LTC_MP_YES 1
18
19#ifndef LTC_MECC
20 typedef void ecc_point;
21#endif
22
23#ifndef LTC_MRSA
24 typedef void rsa_key;
25#endif
26
27#ifndef LTC_MILLER_RABIN_REPS
28 /* Number of rounds of the Miller-Rabin test
29 * "Reasonable values of reps are between 15 and 50." c.f. gmp doc of mpz_probab_prime_p()
30 * As of https://security.stackexchange.com/a/4546 we should use 40 rounds */
31 #define LTC_MILLER_RABIN_REPS 40
32#endif
33
34int radix_to_bin(const void *in, int radix, void *out, unsigned long *len);
35
36/** math descriptor */
37typedef struct {
38 /** Name of the math provider */
39 const char *name;
40
41 /** Bits per digit, amount of bits must fit in an unsigned long */
42 int bits_per_digit;
43
44/* ---- init/deinit functions ---- */
45
46 /** initialize a bignum
47 @param a The number to initialize
48 @return CRYPT_OK on success
49 */
50 int (*init)(void **a);
51
52 /** init copy
53 @param dst The number to initialize and write to
54 @param src The number to copy from
55 @return CRYPT_OK on success
56 */
57 int (*init_copy)(void **dst, void *src);
58
59 /** deinit
60 @param a The number to free
61 @return CRYPT_OK on success
62 */
63 void (*deinit)(void *a);
64
65/* ---- data movement ---- */
66
67 /** negate
68 @param src The number to negate
69 @param dst The destination
70 @return CRYPT_OK on success
71 */
72 int (*neg)(void *src, void *dst);
73
74 /** copy
75 @param src The number to copy from
76 @param dst The number to write to
77 @return CRYPT_OK on success
78 */
79 int (*copy)(void *src, void *dst);
80
81/* ---- trivial low level functions ---- */
82
83 /** set small constant
84 @param a Number to write to
85 @param n Source upto bits_per_digit (actually meant for very small constants)
86 @return CRYPT_OK on success
87 */
88 int (*set_int)(void *a, ltc_mp_digit n);
89
90 /** get small constant
91 @param a Small number to read,
92 only fetches up to bits_per_digit from the number
93 @return The lower bits_per_digit of the integer (unsigned)
94 */
95 unsigned long (*get_int)(void *a);
96
97 /** get digit n
98 @param a The number to read from
99 @param n The number of the digit to fetch
100 @return The bits_per_digit sized n'th digit of a
101 */
102 ltc_mp_digit (*get_digit)(void *a, int n);
103
104 /** Get the number of digits that represent the number
105 @param a The number to count
106 @return The number of digits used to represent the number
107 */
108 int (*get_digit_count)(void *a);
109
110 /** compare two integers
111 @param a The left side integer
112 @param b The right side integer
113 @return LTC_MP_LT if a < b,
114 LTC_MP_GT if a > b and
115 LTC_MP_EQ otherwise. (signed comparison)
116 */
117 int (*compare)(void *a, void *b);
118
119 /** compare against int
120 @param a The left side integer
121 @param b The right side integer (upto bits_per_digit)
122 @return LTC_MP_LT if a < b,
123 LTC_MP_GT if a > b and
124 LTC_MP_EQ otherwise. (signed comparison)
125 */
126 int (*compare_d)(void *a, ltc_mp_digit n);
127
128 /** Count the number of bits used to represent the integer
129 @param a The integer to count
130 @return The number of bits required to represent the integer
131 */
132 int (*count_bits)(void * a);
133
134 /** Count the number of LSB bits which are zero
135 @param a The integer to count
136 @return The number of contiguous zero LSB bits
137 */
138 int (*count_lsb_bits)(void *a);
139
140 /** Compute a power of two
141 @param a The integer to store the power in
142 @param n The power of two you want to store (a = 2^n)
143 @return CRYPT_OK on success
144 */
145 int (*twoexpt)(void *a , int n);
146
147/* ---- radix conversions ---- */
148
149 /** read ascii string
150 @param a The integer to store into
151 @param str The string to read
152 @param radix The radix the integer has been represented in (2-64)
153 @return CRYPT_OK on success
154 */
155 int (*read_radix)(void *a, const char *str, int radix);
156
157 /** write number to string
158 @param a The integer to store
159 @param str The destination for the string
160 @param radix The radix the integer is to be represented in (2-64)
161 @return CRYPT_OK on success
162 */
163 int (*write_radix)(void *a, char *str, int radix);
164
165 /** get size as unsigned char string
166 @param a The integer to get the size (when stored in array of octets)
167 @return The length of the integer in octets
168 */
169 unsigned long (*unsigned_size)(void *a);
170
171 /** store an integer as an array of octets
172 @param src The integer to store
173 @param dst The buffer to store the integer in
174 @return CRYPT_OK on success
175 */
176 int (*unsigned_write)(void *src, unsigned char *dst);
177
178 /** read an array of octets and store as integer
179 @param dst The integer to load
180 @param src The array of octets
181 @param len The number of octets
182 @return CRYPT_OK on success
183 */
184 int (*unsigned_read)( void *dst,
185 unsigned char *src,
186 unsigned long len);
187
188/* ---- basic math ---- */
189
190 /** add two integers
191 @param a The first source integer
192 @param b The second source integer
193 @param c The destination of "a + b"
194 @return CRYPT_OK on success
195 */
196 int (*add)(void *a, void *b, void *c);
197
198 /** add two integers
199 @param a The first source integer
200 @param b The second source integer
201 (single digit of upto bits_per_digit in length)
202 @param c The destination of "a + b"
203 @return CRYPT_OK on success
204 */
205 int (*addi)(void *a, ltc_mp_digit b, void *c);
206
207 /** subtract two integers
208 @param a The first source integer
209 @param b The second source integer
210 @param c The destination of "a - b"
211 @return CRYPT_OK on success
212 */
213 int (*sub)(void *a, void *b, void *c);
214
215 /** subtract two integers
216 @param a The first source integer
217 @param b The second source integer
218 (single digit of upto bits_per_digit in length)
219 @param c The destination of "a - b"
220 @return CRYPT_OK on success
221 */
222 int (*subi)(void *a, ltc_mp_digit b, void *c);
223
224 /** multiply two integers
225 @param a The first source integer
226 @param b The second source integer
227 (single digit of upto bits_per_digit in length)
228 @param c The destination of "a * b"
229 @return CRYPT_OK on success
230 */
231 int (*mul)(void *a, void *b, void *c);
232
233 /** multiply two integers
234 @param a The first source integer
235 @param b The second source integer
236 (single digit of upto bits_per_digit in length)
237 @param c The destination of "a * b"
238 @return CRYPT_OK on success
239 */
240 int (*muli)(void *a, ltc_mp_digit b, void *c);
241
242 /** Square an integer
243 @param a The integer to square
244 @param b The destination
245 @return CRYPT_OK on success
246 */
247 int (*sqr)(void *a, void *b);
248
249 /** Divide an integer
250 @param a The dividend
251 @param b The divisor
252 @param c The quotient (can be NULL to signify don't care)
253 @param d The remainder (can be NULL to signify don't care)
254 @return CRYPT_OK on success
255 */
256 int (*mpdiv)(void *a, void *b, void *c, void *d);
257
258 /** divide by two
259 @param a The integer to divide (shift right)
260 @param b The destination
261 @return CRYPT_OK on success
262 */
263 int (*div_2)(void *a, void *b);
264
265 /** Get remainder (small value)
266 @param a The integer to reduce
267 @param b The modulus (upto bits_per_digit in length)
268 @param c The destination for the residue
269 @return CRYPT_OK on success
270 */
271 int (*modi)(void *a, ltc_mp_digit b, ltc_mp_digit *c);
272
273 /** gcd
274 @param a The first integer
275 @param b The second integer
276 @param c The destination for (a, b)
277 @return CRYPT_OK on success
278 */
279 int (*gcd)(void *a, void *b, void *c);
280
281 /** lcm
282 @param a The first integer
283 @param b The second integer
284 @param c The destination for [a, b]
285 @return CRYPT_OK on success
286 */
287 int (*lcm)(void *a, void *b, void *c);
288
289 /** Modular multiplication
290 @param a The first source
291 @param b The second source
292 @param c The modulus
293 @param d The destination (a*b mod c)
294 @return CRYPT_OK on success
295 */
296 int (*mulmod)(void *a, void *b, void *c, void *d);
297
298 /** Modular squaring
299 @param a The first source
300 @param b The modulus
301 @param c The destination (a*a mod b)
302 @return CRYPT_OK on success
303 */
304 int (*sqrmod)(void *a, void *b, void *c);
305
306 /** Modular inversion
307 @param a The value to invert
308 @param b The modulus
309 @param c The destination (1/a mod b)
310 @return CRYPT_OK on success
311 */
312 int (*invmod)(void *, void *, void *);
313
314/* ---- reduction ---- */
315
316 /** setup Montgomery
317 @param a The modulus
318 @param b The destination for the reduction digit
319 @return CRYPT_OK on success
320 */
321 int (*montgomery_setup)(void *a, void **b);
322
323 /** get normalization value
324 @param a The destination for the normalization value
325 @param b The modulus
326 @return CRYPT_OK on success
327 */
328 int (*montgomery_normalization)(void *a, void *b);
329
330 /** reduce a number
331 @param a The number [and dest] to reduce
332 @param b The modulus
333 @param c The value "b" from montgomery_setup()
334 @return CRYPT_OK on success
335 */
336 int (*montgomery_reduce)(void *a, void *b, void *c);
337
338 /** clean up (frees memory)
339 @param a The value "b" from montgomery_setup()
340 @return CRYPT_OK on success
341 */
342 void (*montgomery_deinit)(void *a);
343
344/* ---- exponentiation ---- */
345
346 /** Modular exponentiation
347 @param a The base integer
348 @param b The power (can be negative) integer
349 @param c The modulus integer
350 @param d The destination
351 @return CRYPT_OK on success
352 */
353 int (*exptmod)(void *a, void *b, void *c, void *d);
354
355 /** Primality testing
356 @param a The integer to test
357 @param b The number of Miller-Rabin tests that shall be executed
358 @param c The destination of the result (FP_YES if prime)
359 @return CRYPT_OK on success
360 */
361 int (*isprime)(void *a, int b, int *c);
362
363/* ---- (optional) ecc point math ---- */
364
365 /** ECC GF(p) point multiplication (from the NIST curves)
366 @param k The integer to multiply the point by
367 @param G The point to multiply
368 @param R The destination for kG
369 @param modulus The modulus for the field
370 @param map Boolean indicated whether to map back to affine or not
371 (can be ignored if you work in affine only)
372 @return CRYPT_OK on success
373 */
374 int (*ecc_ptmul)( void *k,
375 ecc_point *G,
376 ecc_point *R,
377 void *modulus,
378 int map);
379
380 /** ECC GF(p) point addition
381 @param P The first point
382 @param Q The second point
383 @param R The destination of P + Q
384 @param modulus The modulus
385 @param mp The "b" value from montgomery_setup()
386 @return CRYPT_OK on success
387 */
388 int (*ecc_ptadd)(ecc_point *P,
389 ecc_point *Q,
390 ecc_point *R,
391 void *modulus,
392 void *mp);
393
394 /** ECC GF(p) point double
395 @param P The first point
396 @param R The destination of 2P
397 @param modulus The modulus
398 @param mp The "b" value from montgomery_setup()
399 @return CRYPT_OK on success
400 */
401 int (*ecc_ptdbl)(ecc_point *P,
402 ecc_point *R,
403 void *modulus,
404 void *mp);
405
406 /** ECC mapping from projective to affine,
407 currently uses (x,y,z) => (x/z^2, y/z^3, 1)
408 @param P The point to map
409 @param modulus The modulus
410 @param mp The "b" value from montgomery_setup()
411 @return CRYPT_OK on success
412 @remark The mapping can be different but keep in mind a
413 ecc_point only has three integers (x,y,z) so if
414 you use a different mapping you have to make it fit.
415 */
416 int (*ecc_map)(ecc_point *P, void *modulus, void *mp);
417
418 /** Computes kA*A + kB*B = C using Shamir's Trick
419 @param A First point to multiply
420 @param kA What to multiple A by
421 @param B Second point to multiply
422 @param kB What to multiple B by
423 @param C [out] Destination point (can overlap with A or B)
424 @param modulus Modulus for curve
425 @return CRYPT_OK on success
426 */
427 int (*ecc_mul2add)(ecc_point *A, void *kA,
428 ecc_point *B, void *kB,
429 ecc_point *C,
430 void *modulus);
431
432/* ---- (optional) rsa optimized math (for internal CRT) ---- */
433
434 /** RSA Key Generation
435 @param prng An active PRNG state
436 @param wprng The index of the PRNG desired
437 @param size The size of the key in octets
438 @param e The "e" value (public key).
439 e==65537 is a good choice
440 @param key [out] Destination of a newly created private key pair
441 @return CRYPT_OK if successful, upon error all allocated ram is freed
442 */
443 int (*rsa_keygen)(prng_state *prng,
444 int wprng,
445 int size,
446 long e,
447 rsa_key *key);
448
449 /** RSA exponentiation
450 @param in The octet array representing the base
451 @param inlen The length of the input
452 @param out The destination (to be stored in an octet array format)
453 @param outlen The length of the output buffer and the resulting size
454 (zero padded to the size of the modulus)
455 @param which PK_PUBLIC for public RSA and PK_PRIVATE for private RSA
456 @param key The RSA key to use
457 @return CRYPT_OK on success
458 */
459 int (*rsa_me)(const unsigned char *in, unsigned long inlen,
460 unsigned char *out, unsigned long *outlen, int which,
461 rsa_key *key);
462
463/* ---- basic math continued ---- */
464
465 /** Modular addition
466 @param a The first source
467 @param b The second source
468 @param c The modulus
469 @param d The destination (a + b mod c)
470 @return CRYPT_OK on success
471 */
472 int (*addmod)(void *a, void *b, void *c, void *d);
473
474 /** Modular substraction
475 @param a The first source
476 @param b The second source
477 @param c The modulus
478 @param d The destination (a - b mod c)
479 @return CRYPT_OK on success
480 */
481 int (*submod)(void *a, void *b, void *c, void *d);
482
483/* ---- misc stuff ---- */
484
485 /** Make a pseudo-random mpi
486 @param a The mpi to make random
487 @param size The desired length
488 @return CRYPT_OK on success
489 */
490 int (*rand)(void *a, int size);
491} ltc_math_descriptor;
492
493extern ltc_math_descriptor ltc_mp;
494
495int ltc_init_multi(void **a, ...);
496void ltc_deinit_multi(void *a, ...);
497void ltc_cleanup_multi(void **a, ...);
498
499#ifdef LTM_DESC
500extern const ltc_math_descriptor ltm_desc;
501#endif
502
503#ifdef TFM_DESC
504extern const ltc_math_descriptor tfm_desc;
505#endif
506
507#ifdef GMP_DESC
508extern const ltc_math_descriptor gmp_desc;
509#endif
510
511#if !defined(DESC_DEF_ONLY) && defined(LTC_SOURCE)
512
513#define MP_DIGIT_BIT ltc_mp.bits_per_digit
514
515/* some handy macros */
516#define mp_init(a) ltc_mp.init(a)
517#define mp_init_multi ltc_init_multi
518#define mp_clear(a) ltc_mp.deinit(a)
519#define mp_clear_multi ltc_deinit_multi
520#define mp_cleanup_multi ltc_cleanup_multi
521#define mp_init_copy(a, b) ltc_mp.init_copy(a, b)
522
523#define mp_neg(a, b) ltc_mp.neg(a, b)
524#define mp_copy(a, b) ltc_mp.copy(a, b)
525
526#define mp_set(a, b) ltc_mp.set_int(a, b)
527#define mp_set_int(a, b) ltc_mp.set_int(a, b)
528#define mp_get_int(a) ltc_mp.get_int(a)
529#define mp_get_digit(a, n) ltc_mp.get_digit(a, n)
530#define mp_get_digit_count(a) ltc_mp.get_digit_count(a)
531#define mp_cmp(a, b) ltc_mp.compare(a, b)
532#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b)
533#define mp_count_bits(a) ltc_mp.count_bits(a)
534#define mp_cnt_lsb(a) ltc_mp.count_lsb_bits(a)
535#define mp_2expt(a, b) ltc_mp.twoexpt(a, b)
536
537#define mp_read_radix(a, b, c) ltc_mp.read_radix(a, b, c)
538#define mp_toradix(a, b, c) ltc_mp.write_radix(a, b, c)
539#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a)
540#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b)
541#define mp_read_unsigned_bin(a, b, c) ltc_mp.unsigned_read(a, b, c)
542
543#define mp_add(a, b, c) ltc_mp.add(a, b, c)
544#define mp_add_d(a, b, c) ltc_mp.addi(a, b, c)
545#define mp_sub(a, b, c) ltc_mp.sub(a, b, c)
546#define mp_sub_d(a, b, c) ltc_mp.subi(a, b, c)
547#define mp_mul(a, b, c) ltc_mp.mul(a, b, c)
548#define mp_mul_d(a, b, c) ltc_mp.muli(a, b, c)
549#define mp_sqr(a, b) ltc_mp.sqr(a, b)
550#define mp_div(a, b, c, d) ltc_mp.mpdiv(a, b, c, d)
551#define mp_div_2(a, b) ltc_mp.div_2(a, b)
552#define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c)
553#define mp_mod_d(a, b, c) ltc_mp.modi(a, b, c)
554#define mp_gcd(a, b, c) ltc_mp.gcd(a, b, c)
555#define mp_lcm(a, b, c) ltc_mp.lcm(a, b, c)
556
557#define mp_addmod(a, b, c, d) ltc_mp.addmod(a, b, c, d)
558#define mp_submod(a, b, c, d) ltc_mp.submod(a, b, c, d)
559#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d)
560#define mp_sqrmod(a, b, c) ltc_mp.sqrmod(a, b, c)
561#define mp_invmod(a, b, c) ltc_mp.invmod(a, b, c)
562
563#define mp_montgomery_setup(a, b) ltc_mp.montgomery_setup(a, b)
564#define mp_montgomery_normalization(a, b) ltc_mp.montgomery_normalization(a, b)
565#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c)
566#define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a)
567
568#define mp_exptmod(a,b,c,d) ltc_mp.exptmod(a,b,c,d)
569#define mp_prime_is_prime(a, b, c) ltc_mp.isprime(a, b, c)
570
571#define mp_iszero(a) (mp_cmp_d(a, 0) == LTC_MP_EQ ? LTC_MP_YES : LTC_MP_NO)
572#define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO)
573#define mp_exch(a, b) do { void *ABC__tmp = a; a = b; b = ABC__tmp; } while(0)
574
575#define mp_tohex(a, b) mp_toradix(a, b, 16)
576
577#define mp_rand(a, b) ltc_mp.rand(a, b)
578
579#endif
580
581/* ref: HEAD -> master, tag: v1.18.2 */
582/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
583/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_misc.h b/utils/tomcrypt/src/headers/tomcrypt_misc.h
new file mode 100644
index 0000000000..2460d66539
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_misc.h
@@ -0,0 +1,113 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/* ---- LTC_BASE64 Routines ---- */
11#ifdef LTC_BASE64
12int base64_encode(const unsigned char *in, unsigned long len,
13 unsigned char *out, unsigned long *outlen);
14
15int base64_decode(const unsigned char *in, unsigned long len,
16 unsigned char *out, unsigned long *outlen);
17int base64_strict_decode(const unsigned char *in, unsigned long len,
18 unsigned char *out, unsigned long *outlen);
19#endif
20
21#ifdef LTC_BASE64_URL
22int base64url_encode(const unsigned char *in, unsigned long len,
23 unsigned char *out, unsigned long *outlen);
24int base64url_strict_encode(const unsigned char *in, unsigned long inlen,
25 unsigned char *out, unsigned long *outlen);
26
27int base64url_decode(const unsigned char *in, unsigned long len,
28 unsigned char *out, unsigned long *outlen);
29int base64url_strict_decode(const unsigned char *in, unsigned long len,
30 unsigned char *out, unsigned long *outlen);
31#endif
32
33/* ===> LTC_HKDF -- RFC5869 HMAC-based Key Derivation Function <=== */
34#ifdef LTC_HKDF
35
36int hkdf_test(void);
37
38int hkdf_extract(int hash_idx,
39 const unsigned char *salt, unsigned long saltlen,
40 const unsigned char *in, unsigned long inlen,
41 unsigned char *out, unsigned long *outlen);
42
43int hkdf_expand(int hash_idx,
44 const unsigned char *info, unsigned long infolen,
45 const unsigned char *in, unsigned long inlen,
46 unsigned char *out, unsigned long outlen);
47
48int hkdf(int hash_idx,
49 const unsigned char *salt, unsigned long saltlen,
50 const unsigned char *info, unsigned long infolen,
51 const unsigned char *in, unsigned long inlen,
52 unsigned char *out, unsigned long outlen);
53
54#endif /* LTC_HKDF */
55
56/* ---- MEM routines ---- */
57int mem_neq(const void *a, const void *b, size_t len);
58void zeromem(volatile void *dst, size_t len);
59void burn_stack(unsigned long len);
60
61const char *error_to_string(int err);
62
63extern const char *crypt_build_settings;
64
65/* ---- HMM ---- */
66int crypt_fsa(void *mp, ...);
67
68/* ---- Dynamic language support ---- */
69int crypt_get_constant(const char* namein, int *valueout);
70int crypt_list_all_constants(char *names_list, unsigned int *names_list_size);
71
72int crypt_get_size(const char* namein, unsigned int *sizeout);
73int crypt_list_all_sizes(char *names_list, unsigned int *names_list_size);
74
75#ifdef LTM_DESC
76void init_LTM(void);
77#endif
78#ifdef TFM_DESC
79void init_TFM(void);
80#endif
81#ifdef GMP_DESC
82void init_GMP(void);
83#endif
84
85#ifdef LTC_ADLER32
86typedef struct adler32_state_s
87{
88 unsigned short s[2];
89} adler32_state;
90
91void adler32_init(adler32_state *ctx);
92void adler32_update(adler32_state *ctx, const unsigned char *input, unsigned long length);
93void adler32_finish(adler32_state *ctx, void *hash, unsigned long size);
94int adler32_test(void);
95#endif
96
97#ifdef LTC_CRC32
98typedef struct crc32_state_s
99{
100 ulong32 crc;
101} crc32_state;
102
103void crc32_init(crc32_state *ctx);
104void crc32_update(crc32_state *ctx, const unsigned char *input, unsigned long length);
105void crc32_finish(crc32_state *ctx, void *hash, unsigned long size);
106int crc32_test(void);
107#endif
108
109int compare_testvector(const void* is, const unsigned long is_len, const void* should, const unsigned long should_len, const char* what, int which);
110
111/* ref: HEAD -> master, tag: v1.18.2 */
112/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
113/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_pk.h b/utils/tomcrypt/src/headers/tomcrypt_pk.h
new file mode 100644
index 0000000000..4306bc3777
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_pk.h
@@ -0,0 +1,747 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/* ---- NUMBER THEORY ---- */
11
12enum {
13 PK_PUBLIC=0,
14 PK_PRIVATE=1
15};
16
17/* Indicates standard output formats that can be read e.g. by OpenSSL or GnuTLS */
18#define PK_STD 0x1000
19
20int rand_prime(void *N, long len, prng_state *prng, int wprng);
21
22#ifdef LTC_SOURCE
23/* internal helper functions */
24int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng);
25int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng);
26
27enum public_key_algorithms {
28 PKA_RSA,
29 PKA_DSA
30};
31
32typedef struct Oid {
33 unsigned long OID[16];
34 /** Number of OID digits in use */
35 unsigned long OIDlen;
36} oid_st;
37
38int pk_get_oid(int pk, oid_st *st);
39#endif /* LTC_SOURCE */
40
41/* ---- RSA ---- */
42#ifdef LTC_MRSA
43
44/** RSA PKCS style key */
45typedef struct Rsa_key {
46 /** Type of key, PK_PRIVATE or PK_PUBLIC */
47 int type;
48 /** The public exponent */
49 void *e;
50 /** The private exponent */
51 void *d;
52 /** The modulus */
53 void *N;
54 /** The p factor of N */
55 void *p;
56 /** The q factor of N */
57 void *q;
58 /** The 1/q mod p CRT param */
59 void *qP;
60 /** The d mod (p - 1) CRT param */
61 void *dP;
62 /** The d mod (q - 1) CRT param */
63 void *dQ;
64} rsa_key;
65
66int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key);
67
68int rsa_get_size(rsa_key *key);
69
70int rsa_exptmod(const unsigned char *in, unsigned long inlen,
71 unsigned char *out, unsigned long *outlen, int which,
72 rsa_key *key);
73
74void rsa_free(rsa_key *key);
75
76/* These use PKCS #1 v2.0 padding */
77#define rsa_encrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, _key) \
78 rsa_encrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _prng, _prng_idx, _hash_idx, LTC_PKCS_1_OAEP, _key)
79
80#define rsa_decrypt_key(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, _stat, _key) \
81 rsa_decrypt_key_ex(_in, _inlen, _out, _outlen, _lparam, _lparamlen, _hash_idx, LTC_PKCS_1_OAEP, _stat, _key)
82
83#define rsa_sign_hash(_in, _inlen, _out, _outlen, _prng, _prng_idx, _hash_idx, _saltlen, _key) \
84 rsa_sign_hash_ex(_in, _inlen, _out, _outlen, LTC_PKCS_1_PSS, _prng, _prng_idx, _hash_idx, _saltlen, _key)
85
86#define rsa_verify_hash(_sig, _siglen, _hash, _hashlen, _hash_idx, _saltlen, _stat, _key) \
87 rsa_verify_hash_ex(_sig, _siglen, _hash, _hashlen, LTC_PKCS_1_PSS, _hash_idx, _saltlen, _stat, _key)
88
89#define rsa_sign_saltlen_get_max(_hash_idx, _key) \
90 rsa_sign_saltlen_get_max_ex(LTC_PKCS_1_PSS, _hash_idx, _key)
91
92/* These can be switched between PKCS #1 v2.x and PKCS #1 v1.5 paddings */
93int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen,
94 unsigned char *out, unsigned long *outlen,
95 const unsigned char *lparam, unsigned long lparamlen,
96 prng_state *prng, int prng_idx, int hash_idx, int padding, rsa_key *key);
97
98int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen,
99 unsigned char *out, unsigned long *outlen,
100 const unsigned char *lparam, unsigned long lparamlen,
101 int hash_idx, int padding,
102 int *stat, rsa_key *key);
103
104int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen,
105 unsigned char *out, unsigned long *outlen,
106 int padding,
107 prng_state *prng, int prng_idx,
108 int hash_idx, unsigned long saltlen,
109 rsa_key *key);
110
111int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
112 const unsigned char *hash, unsigned long hashlen,
113 int padding,
114 int hash_idx, unsigned long saltlen,
115 int *stat, rsa_key *key);
116
117int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key);
118
119/* PKCS #1 import/export */
120int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key);
121int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key);
122
123int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key);
124int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen,
125 const void *passwd, unsigned long passwdlen, rsa_key *key);
126
127int rsa_set_key(const unsigned char *N, unsigned long Nlen,
128 const unsigned char *e, unsigned long elen,
129 const unsigned char *d, unsigned long dlen,
130 rsa_key *key);
131int rsa_set_factors(const unsigned char *p, unsigned long plen,
132 const unsigned char *q, unsigned long qlen,
133 rsa_key *key);
134int rsa_set_crt_params(const unsigned char *dP, unsigned long dPlen,
135 const unsigned char *dQ, unsigned long dQlen,
136 const unsigned char *qP, unsigned long qPlen,
137 rsa_key *key);
138#endif
139
140/* ---- Katja ---- */
141#ifdef LTC_MKAT
142
143/* Min and Max KAT key sizes (in bits) */
144#define MIN_KAT_SIZE 1024
145#define MAX_KAT_SIZE 4096
146
147/** Katja PKCS style key */
148typedef struct KAT_key {
149 /** Type of key, PK_PRIVATE or PK_PUBLIC */
150 int type;
151 /** The private exponent */
152 void *d;
153 /** The modulus */
154 void *N;
155 /** The p factor of N */
156 void *p;
157 /** The q factor of N */
158 void *q;
159 /** The 1/q mod p CRT param */
160 void *qP;
161 /** The d mod (p - 1) CRT param */
162 void *dP;
163 /** The d mod (q - 1) CRT param */
164 void *dQ;
165 /** The pq param */
166 void *pq;
167} katja_key;
168
169int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key);
170
171int katja_exptmod(const unsigned char *in, unsigned long inlen,
172 unsigned char *out, unsigned long *outlen, int which,
173 katja_key *key);
174
175void katja_free(katja_key *key);
176
177/* These use PKCS #1 v2.0 padding */
178int katja_encrypt_key(const unsigned char *in, unsigned long inlen,
179 unsigned char *out, unsigned long *outlen,
180 const unsigned char *lparam, unsigned long lparamlen,
181 prng_state *prng, int prng_idx, int hash_idx, katja_key *key);
182
183int katja_decrypt_key(const unsigned char *in, unsigned long inlen,
184 unsigned char *out, unsigned long *outlen,
185 const unsigned char *lparam, unsigned long lparamlen,
186 int hash_idx, int *stat,
187 katja_key *key);
188
189/* PKCS #1 import/export */
190int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key);
191int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key);
192
193#endif
194
195/* ---- DH Routines ---- */
196#ifdef LTC_MDH
197
198typedef struct {
199 int type;
200 void *x;
201 void *y;
202 void *base;
203 void *prime;
204} dh_key;
205
206int dh_get_groupsize(dh_key *key);
207
208int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key);
209int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key);
210
211int dh_set_pg(const unsigned char *p, unsigned long plen,
212 const unsigned char *g, unsigned long glen,
213 dh_key *key);
214int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key);
215int dh_set_pg_groupsize(int groupsize, dh_key *key);
216
217int dh_set_key(const unsigned char *in, unsigned long inlen, int type, dh_key *key);
218int dh_generate_key(prng_state *prng, int wprng, dh_key *key);
219
220int dh_shared_secret(dh_key *private_key, dh_key *public_key,
221 unsigned char *out, unsigned long *outlen);
222
223void dh_free(dh_key *key);
224
225int dh_export_key(void *out, unsigned long *outlen, int type, dh_key *key);
226
227#ifdef LTC_SOURCE
228typedef struct {
229 int size;
230 const char *name, *base, *prime;
231} ltc_dh_set_type;
232
233extern const ltc_dh_set_type ltc_dh_sets[];
234
235/* internal helper functions */
236int dh_check_pubkey(dh_key *key);
237#endif
238
239#endif /* LTC_MDH */
240
241
242/* ---- ECC Routines ---- */
243#ifdef LTC_MECC
244
245/* size of our temp buffers for exported keys */
246#define ECC_BUF_SIZE 256
247
248/* max private key size */
249#define ECC_MAXSIZE 66
250
251/** Structure defines a NIST GF(p) curve */
252typedef struct {
253 /** The size of the curve in octets */
254 int size;
255
256 /** name of curve */
257 const char *name;
258
259 /** The prime that defines the field the curve is in (encoded in hex) */
260 const char *prime;
261
262 /** The fields B param (hex) */
263 const char *B;
264
265 /** The order of the curve (hex) */
266 const char *order;
267
268 /** The x co-ordinate of the base point on the curve (hex) */
269 const char *Gx;
270
271 /** The y co-ordinate of the base point on the curve (hex) */
272 const char *Gy;
273} ltc_ecc_set_type;
274
275/** A point on a ECC curve, stored in Jacbobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpretted as affine */
276typedef struct {
277 /** The x co-ordinate */
278 void *x;
279
280 /** The y co-ordinate */
281 void *y;
282
283 /** The z co-ordinate */
284 void *z;
285} ecc_point;
286
287/** An ECC key */
288typedef struct {
289 /** Type of key, PK_PRIVATE or PK_PUBLIC */
290 int type;
291
292 /** Index into the ltc_ecc_sets[] for the parameters of this curve; if -1, then this key is using user supplied curve in dp */
293 int idx;
294
295 /** pointer to domain parameters; either points to NIST curves (identified by idx >= 0) or user supplied curve */
296 const ltc_ecc_set_type *dp;
297
298 /** The public key */
299 ecc_point pubkey;
300
301 /** The private key */
302 void *k;
303} ecc_key;
304
305/** the ECC params provided */
306extern const ltc_ecc_set_type ltc_ecc_sets[];
307
308int ecc_test(void);
309void ecc_sizes(int *low, int *high);
310int ecc_get_size(ecc_key *key);
311
312int ecc_make_key(prng_state *prng, int wprng, int keysize, ecc_key *key);
313int ecc_make_key_ex(prng_state *prng, int wprng, ecc_key *key, const ltc_ecc_set_type *dp);
314void ecc_free(ecc_key *key);
315
316int ecc_export(unsigned char *out, unsigned long *outlen, int type, ecc_key *key);
317int ecc_import(const unsigned char *in, unsigned long inlen, ecc_key *key);
318int ecc_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, const ltc_ecc_set_type *dp);
319
320int ecc_ansi_x963_export(ecc_key *key, unsigned char *out, unsigned long *outlen);
321int ecc_ansi_x963_import(const unsigned char *in, unsigned long inlen, ecc_key *key);
322int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_key *key, ltc_ecc_set_type *dp);
323
324int ecc_shared_secret(ecc_key *private_key, ecc_key *public_key,
325 unsigned char *out, unsigned long *outlen);
326
327int ecc_encrypt_key(const unsigned char *in, unsigned long inlen,
328 unsigned char *out, unsigned long *outlen,
329 prng_state *prng, int wprng, int hash,
330 ecc_key *key);
331
332int ecc_decrypt_key(const unsigned char *in, unsigned long inlen,
333 unsigned char *out, unsigned long *outlen,
334 ecc_key *key);
335
336int ecc_sign_hash_rfc7518(const unsigned char *in, unsigned long inlen,
337 unsigned char *out, unsigned long *outlen,
338 prng_state *prng, int wprng, ecc_key *key);
339
340int ecc_sign_hash(const unsigned char *in, unsigned long inlen,
341 unsigned char *out, unsigned long *outlen,
342 prng_state *prng, int wprng, ecc_key *key);
343
344int ecc_verify_hash_rfc7518(const unsigned char *sig, unsigned long siglen,
345 const unsigned char *hash, unsigned long hashlen,
346 int *stat, ecc_key *key);
347
348int ecc_verify_hash(const unsigned char *sig, unsigned long siglen,
349 const unsigned char *hash, unsigned long hashlen,
350 int *stat, ecc_key *key);
351
352/* low level functions */
353ecc_point *ltc_ecc_new_point(void);
354void ltc_ecc_del_point(ecc_point *p);
355int ltc_ecc_is_valid_idx(int n);
356
357/* point ops (mp == montgomery digit) */
358#if !defined(LTC_MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC)
359/* R = 2P */
360int ltc_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulus, void *mp);
361
362/* R = P + Q */
363int ltc_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *mp);
364#endif
365
366#if defined(LTC_MECC_FP)
367/* optimized point multiplication using fixed point cache (HAC algorithm 14.117) */
368int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map);
369
370/* functions for saving/loading/freeing/adding to fixed point cache */
371int ltc_ecc_fp_save_state(unsigned char **out, unsigned long *outlen);
372int ltc_ecc_fp_restore_state(unsigned char *in, unsigned long inlen);
373void ltc_ecc_fp_free(void);
374int ltc_ecc_fp_add_point(ecc_point *g, void *modulus, int lock);
375
376/* lock/unlock all points currently in fixed point cache */
377void ltc_ecc_fp_tablelock(int lock);
378#endif
379
380/* R = kG */
381int ltc_ecc_mulmod(void *k, ecc_point *G, ecc_point *R, void *modulus, int map);
382
383#ifdef LTC_ECC_SHAMIR
384/* kA*A + kB*B = C */
385int ltc_ecc_mul2add(ecc_point *A, void *kA,
386 ecc_point *B, void *kB,
387 ecc_point *C,
388 void *modulus);
389
390#ifdef LTC_MECC_FP
391/* Shamir's trick with optimized point multiplication using fixed point cache */
392int ltc_ecc_fp_mul2add(ecc_point *A, void *kA,
393 ecc_point *B, void *kB,
394 ecc_point *C, void *modulus);
395#endif
396
397#endif
398
399
400/* map P to affine from projective */
401int ltc_ecc_map(ecc_point *P, void *modulus, void *mp);
402
403#endif
404
405#ifdef LTC_MDSA
406
407/* Max diff between group and modulus size in bytes */
408#define LTC_MDSA_DELTA 512
409
410/* Max DSA group size in bytes (default allows 4k-bit groups) */
411#define LTC_MDSA_MAX_GROUP 512
412
413/** DSA key structure */
414typedef struct {
415 /** The key type, PK_PRIVATE or PK_PUBLIC */
416 int type;
417
418 /** The order of the sub-group used in octets */
419 int qord;
420
421 /** The generator */
422 void *g;
423
424 /** The prime used to generate the sub-group */
425 void *q;
426
427 /** The large prime that generats the field the contains the sub-group */
428 void *p;
429
430 /** The private key */
431 void *x;
432
433 /** The public key */
434 void *y;
435} dsa_key;
436
437int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key);
438
439int dsa_set_pqg(const unsigned char *p, unsigned long plen,
440 const unsigned char *q, unsigned long qlen,
441 const unsigned char *g, unsigned long glen,
442 dsa_key *key);
443int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, dsa_key *key);
444int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key);
445
446int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key *key);
447int dsa_generate_key(prng_state *prng, int wprng, dsa_key *key);
448
449void dsa_free(dsa_key *key);
450
451int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen,
452 void *r, void *s,
453 prng_state *prng, int wprng, dsa_key *key);
454
455int dsa_sign_hash(const unsigned char *in, unsigned long inlen,
456 unsigned char *out, unsigned long *outlen,
457 prng_state *prng, int wprng, dsa_key *key);
458
459int dsa_verify_hash_raw( void *r, void *s,
460 const unsigned char *hash, unsigned long hashlen,
461 int *stat, dsa_key *key);
462
463int dsa_verify_hash(const unsigned char *sig, unsigned long siglen,
464 const unsigned char *hash, unsigned long hashlen,
465 int *stat, dsa_key *key);
466
467int dsa_encrypt_key(const unsigned char *in, unsigned long inlen,
468 unsigned char *out, unsigned long *outlen,
469 prng_state *prng, int wprng, int hash,
470 dsa_key *key);
471
472int dsa_decrypt_key(const unsigned char *in, unsigned long inlen,
473 unsigned char *out, unsigned long *outlen,
474 dsa_key *key);
475
476int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key);
477int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key);
478int dsa_verify_key(dsa_key *key, int *stat);
479#ifdef LTC_SOURCE
480/* internal helper functions */
481int dsa_int_validate_xy(dsa_key *key, int *stat);
482int dsa_int_validate_pqg(dsa_key *key, int *stat);
483int dsa_int_validate_primes(dsa_key *key, int *stat);
484#endif
485int dsa_shared_secret(void *private_key, void *base,
486 dsa_key *public_key,
487 unsigned char *out, unsigned long *outlen);
488#endif
489
490#ifdef LTC_DER
491/* DER handling */
492
493typedef enum ltc_asn1_type_ {
494 /* 0 */
495 LTC_ASN1_EOL,
496 LTC_ASN1_BOOLEAN,
497 LTC_ASN1_INTEGER,
498 LTC_ASN1_SHORT_INTEGER,
499 LTC_ASN1_BIT_STRING,
500 /* 5 */
501 LTC_ASN1_OCTET_STRING,
502 LTC_ASN1_NULL,
503 LTC_ASN1_OBJECT_IDENTIFIER,
504 LTC_ASN1_IA5_STRING,
505 LTC_ASN1_PRINTABLE_STRING,
506 /* 10 */
507 LTC_ASN1_UTF8_STRING,
508 LTC_ASN1_UTCTIME,
509 LTC_ASN1_CHOICE,
510 LTC_ASN1_SEQUENCE,
511 LTC_ASN1_SET,
512 /* 15 */
513 LTC_ASN1_SETOF,
514 LTC_ASN1_RAW_BIT_STRING,
515 LTC_ASN1_TELETEX_STRING,
516 LTC_ASN1_CONSTRUCTED,
517 LTC_ASN1_CONTEXT_SPECIFIC,
518 /* 20 */
519 LTC_ASN1_GENERALIZEDTIME,
520} ltc_asn1_type;
521
522/** A LTC ASN.1 list type */
523typedef struct ltc_asn1_list_ {
524 /** The LTC ASN.1 enumerated type identifier */
525 ltc_asn1_type type;
526 /** The data to encode or place for decoding */
527 void *data;
528 /** The size of the input or resulting output */
529 unsigned long size;
530 /** The used flag, this is used by the CHOICE ASN.1 type to indicate which choice was made */
531 int used;
532 /** prev/next entry in the list */
533 struct ltc_asn1_list_ *prev, *next, *child, *parent;
534} ltc_asn1_list;
535
536#define LTC_SET_ASN1(list, index, Type, Data, Size) \
537 do { \
538 int LTC_MACRO_temp = (index); \
539 ltc_asn1_list *LTC_MACRO_list = (list); \
540 LTC_MACRO_list[LTC_MACRO_temp].type = (Type); \
541 LTC_MACRO_list[LTC_MACRO_temp].data = (void*)(Data); \
542 LTC_MACRO_list[LTC_MACRO_temp].size = (Size); \
543 LTC_MACRO_list[LTC_MACRO_temp].used = 0; \
544 } while (0)
545
546/* SEQUENCE */
547int der_encode_sequence_ex(ltc_asn1_list *list, unsigned long inlen,
548 unsigned char *out, unsigned long *outlen, int type_of);
549
550#define der_encode_sequence(list, inlen, out, outlen) der_encode_sequence_ex(list, inlen, out, outlen, LTC_ASN1_SEQUENCE)
551
552int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen,
553 ltc_asn1_list *list, unsigned long outlen, int ordered);
554
555#define der_decode_sequence(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 1)
556
557int der_length_sequence(ltc_asn1_list *list, unsigned long inlen,
558 unsigned long *outlen);
559
560
561#ifdef LTC_SOURCE
562/* internal helper functions */
563int der_length_sequence_ex(ltc_asn1_list *list, unsigned long inlen,
564 unsigned long *outlen, unsigned long *payloadlen);
565/* SUBJECT PUBLIC KEY INFO */
566int der_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen,
567 unsigned int algorithm, void* public_key, unsigned long public_key_len,
568 unsigned long parameters_type, void* parameters, unsigned long parameters_len);
569
570int der_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen,
571 unsigned int algorithm, void* public_key, unsigned long* public_key_len,
572 unsigned long parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len);
573#endif /* LTC_SOURCE */
574
575/* SET */
576#define der_decode_set(in, inlen, list, outlen) der_decode_sequence_ex(in, inlen, list, outlen, 0)
577#define der_length_set der_length_sequence
578int der_encode_set(ltc_asn1_list *list, unsigned long inlen,
579 unsigned char *out, unsigned long *outlen);
580
581int der_encode_setof(ltc_asn1_list *list, unsigned long inlen,
582 unsigned char *out, unsigned long *outlen);
583
584/* VA list handy helpers with triplets of <type, size, data> */
585int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...);
586int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...);
587
588/* FLEXI DECODER handle unknown list decoder */
589int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out);
590#define der_free_sequence_flexi der_sequence_free
591void der_sequence_free(ltc_asn1_list *in);
592void der_sequence_shrink(ltc_asn1_list *in);
593
594/* BOOLEAN */
595int der_length_boolean(unsigned long *outlen);
596int der_encode_boolean(int in,
597 unsigned char *out, unsigned long *outlen);
598int der_decode_boolean(const unsigned char *in, unsigned long inlen,
599 int *out);
600/* INTEGER */
601int der_encode_integer(void *num, unsigned char *out, unsigned long *outlen);
602int der_decode_integer(const unsigned char *in, unsigned long inlen, void *num);
603int der_length_integer(void *num, unsigned long *len);
604
605/* INTEGER -- handy for 0..2^32-1 values */
606int der_decode_short_integer(const unsigned char *in, unsigned long inlen, unsigned long *num);
607int der_encode_short_integer(unsigned long num, unsigned char *out, unsigned long *outlen);
608int der_length_short_integer(unsigned long num, unsigned long *outlen);
609
610/* BIT STRING */
611int der_encode_bit_string(const unsigned char *in, unsigned long inlen,
612 unsigned char *out, unsigned long *outlen);
613int der_decode_bit_string(const unsigned char *in, unsigned long inlen,
614 unsigned char *out, unsigned long *outlen);
615int der_encode_raw_bit_string(const unsigned char *in, unsigned long inlen,
616 unsigned char *out, unsigned long *outlen);
617int der_decode_raw_bit_string(const unsigned char *in, unsigned long inlen,
618 unsigned char *out, unsigned long *outlen);
619int der_length_bit_string(unsigned long nbits, unsigned long *outlen);
620
621/* OCTET STRING */
622int der_encode_octet_string(const unsigned char *in, unsigned long inlen,
623 unsigned char *out, unsigned long *outlen);
624int der_decode_octet_string(const unsigned char *in, unsigned long inlen,
625 unsigned char *out, unsigned long *outlen);
626int der_length_octet_string(unsigned long noctets, unsigned long *outlen);
627
628/* OBJECT IDENTIFIER */
629int der_encode_object_identifier(unsigned long *words, unsigned long nwords,
630 unsigned char *out, unsigned long *outlen);
631int der_decode_object_identifier(const unsigned char *in, unsigned long inlen,
632 unsigned long *words, unsigned long *outlen);
633int der_length_object_identifier(unsigned long *words, unsigned long nwords, unsigned long *outlen);
634unsigned long der_object_identifier_bits(unsigned long x);
635
636/* IA5 STRING */
637int der_encode_ia5_string(const unsigned char *in, unsigned long inlen,
638 unsigned char *out, unsigned long *outlen);
639int der_decode_ia5_string(const unsigned char *in, unsigned long inlen,
640 unsigned char *out, unsigned long *outlen);
641int der_length_ia5_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen);
642
643int der_ia5_char_encode(int c);
644int der_ia5_value_decode(int v);
645
646/* TELETEX STRING */
647int der_decode_teletex_string(const unsigned char *in, unsigned long inlen,
648 unsigned char *out, unsigned long *outlen);
649int der_length_teletex_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen);
650
651#ifdef LTC_SOURCE
652/* internal helper functions */
653int der_teletex_char_encode(int c);
654int der_teletex_value_decode(int v);
655#endif /* LTC_SOURCE */
656
657
658/* PRINTABLE STRING */
659int der_encode_printable_string(const unsigned char *in, unsigned long inlen,
660 unsigned char *out, unsigned long *outlen);
661int der_decode_printable_string(const unsigned char *in, unsigned long inlen,
662 unsigned char *out, unsigned long *outlen);
663int der_length_printable_string(const unsigned char *octets, unsigned long noctets, unsigned long *outlen);
664
665int der_printable_char_encode(int c);
666int der_printable_value_decode(int v);
667
668/* UTF-8 */
669#if (defined(SIZE_MAX) || __STDC_VERSION__ >= 199901L || defined(WCHAR_MAX) || defined(__WCHAR_MAX__) || defined(_WCHAR_T) || defined(_WCHAR_T_DEFINED) || defined (__WCHAR_TYPE__)) && !defined(LTC_NO_WCHAR)
670 #if defined(__WCHAR_MAX__)
671 #define LTC_WCHAR_MAX __WCHAR_MAX__
672 #else
673 #include <wchar.h>
674 #define LTC_WCHAR_MAX WCHAR_MAX
675 #endif
676/* please note that it might happen that LTC_WCHAR_MAX is undefined */
677#else
678 typedef ulong32 wchar_t;
679 #define LTC_WCHAR_MAX 0xFFFFFFFF
680#endif
681
682int der_encode_utf8_string(const wchar_t *in, unsigned long inlen,
683 unsigned char *out, unsigned long *outlen);
684
685int der_decode_utf8_string(const unsigned char *in, unsigned long inlen,
686 wchar_t *out, unsigned long *outlen);
687unsigned long der_utf8_charsize(const wchar_t c);
688#ifdef LTC_SOURCE
689/* internal helper functions */
690int der_utf8_valid_char(const wchar_t c);
691#endif /* LTC_SOURCE */
692int der_length_utf8_string(const wchar_t *in, unsigned long noctets, unsigned long *outlen);
693
694
695/* CHOICE */
696int der_decode_choice(const unsigned char *in, unsigned long *inlen,
697 ltc_asn1_list *list, unsigned long outlen);
698
699/* UTCTime */
700typedef struct {
701 unsigned YY, /* year */
702 MM, /* month */
703 DD, /* day */
704 hh, /* hour */
705 mm, /* minute */
706 ss, /* second */
707 off_dir, /* timezone offset direction 0 == +, 1 == - */
708 off_hh, /* timezone offset hours */
709 off_mm; /* timezone offset minutes */
710} ltc_utctime;
711
712int der_encode_utctime(ltc_utctime *utctime,
713 unsigned char *out, unsigned long *outlen);
714
715int der_decode_utctime(const unsigned char *in, unsigned long *inlen,
716 ltc_utctime *out);
717
718int der_length_utctime(ltc_utctime *utctime, unsigned long *outlen);
719
720/* GeneralizedTime */
721typedef struct {
722 unsigned YYYY, /* year */
723 MM, /* month */
724 DD, /* day */
725 hh, /* hour */
726 mm, /* minute */
727 ss, /* second */
728 fs, /* fractional seconds */
729 off_dir, /* timezone offset direction 0 == +, 1 == - */
730 off_hh, /* timezone offset hours */
731 off_mm; /* timezone offset minutes */
732} ltc_generalizedtime;
733
734int der_encode_generalizedtime(ltc_generalizedtime *gtime,
735 unsigned char *out, unsigned long *outlen);
736
737int der_decode_generalizedtime(const unsigned char *in, unsigned long *inlen,
738 ltc_generalizedtime *out);
739
740int der_length_generalizedtime(ltc_generalizedtime *gtime, unsigned long *outlen);
741
742
743#endif
744
745/* ref: HEAD -> master, tag: v1.18.2 */
746/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
747/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_pkcs.h b/utils/tomcrypt/src/headers/tomcrypt_pkcs.h
new file mode 100644
index 0000000000..b84028f122
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_pkcs.h
@@ -0,0 +1,108 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/* PKCS Header Info */
11
12/* ===> PKCS #1 -- RSA Cryptography <=== */
13#ifdef LTC_PKCS_1
14
15enum ltc_pkcs_1_v1_5_blocks
16{
17 LTC_PKCS_1_EMSA = 1, /* Block type 1 (PKCS #1 v1.5 signature padding) */
18 LTC_PKCS_1_EME = 2 /* Block type 2 (PKCS #1 v1.5 encryption padding) */
19};
20
21enum ltc_pkcs_1_paddings
22{
23 LTC_PKCS_1_V1_5 = 1, /* PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */
24 LTC_PKCS_1_OAEP = 2, /* PKCS #1 v2.0 encryption padding */
25 LTC_PKCS_1_PSS = 3, /* PKCS #1 v2.1 signature padding */
26 LTC_PKCS_1_V1_5_NA1 = 4 /* PKCS #1 v1.5 padding - No ASN.1 (\sa ltc_pkcs_1_v1_5_blocks) */
27};
28
29int pkcs_1_mgf1( int hash_idx,
30 const unsigned char *seed, unsigned long seedlen,
31 unsigned char *mask, unsigned long masklen);
32
33int pkcs_1_i2osp(void *n, unsigned long modulus_len, unsigned char *out);
34int pkcs_1_os2ip(void *n, unsigned char *in, unsigned long inlen);
35
36/* *** v1.5 padding */
37int pkcs_1_v1_5_encode(const unsigned char *msg,
38 unsigned long msglen,
39 int block_type,
40 unsigned long modulus_bitlen,
41 prng_state *prng,
42 int prng_idx,
43 unsigned char *out,
44 unsigned long *outlen);
45
46int pkcs_1_v1_5_decode(const unsigned char *msg,
47 unsigned long msglen,
48 int block_type,
49 unsigned long modulus_bitlen,
50 unsigned char *out,
51 unsigned long *outlen,
52 int *is_valid);
53
54/* *** v2.1 padding */
55int pkcs_1_oaep_encode(const unsigned char *msg, unsigned long msglen,
56 const unsigned char *lparam, unsigned long lparamlen,
57 unsigned long modulus_bitlen, prng_state *prng,
58 int prng_idx, int hash_idx,
59 unsigned char *out, unsigned long *outlen);
60
61int pkcs_1_oaep_decode(const unsigned char *msg, unsigned long msglen,
62 const unsigned char *lparam, unsigned long lparamlen,
63 unsigned long modulus_bitlen, int hash_idx,
64 unsigned char *out, unsigned long *outlen,
65 int *res);
66
67int pkcs_1_pss_encode(const unsigned char *msghash, unsigned long msghashlen,
68 unsigned long saltlen, prng_state *prng,
69 int prng_idx, int hash_idx,
70 unsigned long modulus_bitlen,
71 unsigned char *out, unsigned long *outlen);
72
73int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
74 const unsigned char *sig, unsigned long siglen,
75 unsigned long saltlen, int hash_idx,
76 unsigned long modulus_bitlen, int *res);
77
78#endif /* LTC_PKCS_1 */
79
80/* ===> PKCS #5 -- Password Based Cryptography <=== */
81#ifdef LTC_PKCS_5
82
83/* Algorithm #1 (PBKDF1) */
84int pkcs_5_alg1(const unsigned char *password, unsigned long password_len,
85 const unsigned char *salt,
86 int iteration_count, int hash_idx,
87 unsigned char *out, unsigned long *outlen);
88
89/* Algorithm #1 (PBKDF1) - OpenSSL-compatible variant for arbitrarily-long keys.
90 Compatible with EVP_BytesToKey() */
91int pkcs_5_alg1_openssl(const unsigned char *password,
92 unsigned long password_len,
93 const unsigned char *salt,
94 int iteration_count, int hash_idx,
95 unsigned char *out, unsigned long *outlen);
96
97/* Algorithm #2 (PBKDF2) */
98int pkcs_5_alg2(const unsigned char *password, unsigned long password_len,
99 const unsigned char *salt, unsigned long salt_len,
100 int iteration_count, int hash_idx,
101 unsigned char *out, unsigned long *outlen);
102
103int pkcs_5_test (void);
104#endif /* LTC_PKCS_5 */
105
106/* ref: HEAD -> master, tag: v1.18.2 */
107/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
108/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/headers/tomcrypt_private.h b/utils/tomcrypt/src/headers/tomcrypt_private.h
new file mode 100644
index 0000000000..e5e716584c
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_private.h
@@ -0,0 +1,447 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2/* SPDX-License-Identifier: Unlicense */
3
4#include "tomcrypt.h"
5
6/*
7 * Internal Macros
8 */
9
10#define LTC_PAD_MASK (0xF000U)
11
12/*
13 * Internal Enums
14 */
15
16enum ltc_oid_id {
17 PKA_RSA,
18 PKA_DSA,
19 PKA_EC,
20 PKA_EC_PRIMEF,
21 PKA_X25519,
22 PKA_ED25519,
23};
24
25/*
26 * Internal Types
27 */
28
29typedef struct {
30 int size;
31 const char *name, *base, *prime;
32} ltc_dh_set_type;
33
34
35typedef int (*fn_kdf_t)(const unsigned char *password, unsigned long password_len,
36 const unsigned char *salt, unsigned long salt_len,
37 int iteration_count, int hash_idx,
38 unsigned char *out, unsigned long *outlen);
39
40typedef struct {
41 /* KDF */
42 fn_kdf_t kdf;
43 /* Hash or HMAC */
44 const char* h;
45 /* cipher */
46 const char* c;
47 unsigned long keylen;
48 /* not used for pbkdf2 */
49 unsigned long blocklen;
50} pbes_properties;
51
52typedef struct
53{
54 pbes_properties type;
55 const void *pwd;
56 unsigned long pwdlen;
57 ltc_asn1_list *enc_data;
58 ltc_asn1_list *salt;
59 ltc_asn1_list *iv;
60 unsigned long iterations;
61 /* only used for RC2 */
62 unsigned long key_bits;
63} pbes_arg;
64
65/*
66 * Internal functions
67 */
68
69
70/* tomcrypt_cipher.h */
71
72void blowfish_enc(ulong32 *data, unsigned long blocks, const symmetric_key *skey);
73int blowfish_expand(const unsigned char *key, int keylen,
74 const unsigned char *data, int datalen,
75 symmetric_key *skey);
76int blowfish_setup_with_data(const unsigned char *key, int keylen,
77 const unsigned char *data, int datalen,
78 symmetric_key *skey);
79
80/* tomcrypt_hash.h */
81
82/* a simple macro for making hash "process" functions */
83#define HASH_PROCESS(func_name, compress_name, state_var, block_size) \
84int func_name (hash_state * md, const unsigned char *in, unsigned long inlen) \
85{ \
86 unsigned long n; \
87 int err; \
88 LTC_ARGCHK(md != NULL); \
89 LTC_ARGCHK(in != NULL); \
90 if (md-> state_var .curlen > sizeof(md-> state_var .buf)) { \
91 return CRYPT_INVALID_ARG; \
92 } \
93 if ((md-> state_var .length + inlen) < md-> state_var .length) { \
94 return CRYPT_HASH_OVERFLOW; \
95 } \
96 while (inlen > 0) { \
97 if (md-> state_var .curlen == 0 && inlen >= block_size) { \
98 if ((err = compress_name (md, in)) != CRYPT_OK) { \
99 return err; \
100 } \
101 md-> state_var .length += block_size * 8; \
102 in += block_size; \
103 inlen -= block_size; \
104 } else { \
105 n = MIN(inlen, (block_size - md-> state_var .curlen)); \
106 XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \
107 md-> state_var .curlen += n; \
108 in += n; \
109 inlen -= n; \
110 if (md-> state_var .curlen == block_size) { \
111 if ((err = compress_name (md, md-> state_var .buf)) != CRYPT_OK) { \
112 return err; \
113 } \
114 md-> state_var .length += 8*block_size; \
115 md-> state_var .curlen = 0; \
116 } \
117 } \
118 } \
119 return CRYPT_OK; \
120}
121
122
123/* tomcrypt_mac.h */
124
125int ocb3_int_ntz(unsigned long x);
126void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len);
127
128
129/* tomcrypt_math.h */
130
131#if !defined(DESC_DEF_ONLY)
132
133#define MP_DIGIT_BIT ltc_mp.bits_per_digit
134
135/* some handy macros */
136#define mp_init(a) ltc_mp.init(a)
137#define mp_init_multi ltc_init_multi
138#define mp_clear(a) ltc_mp.deinit(a)
139#define mp_clear_multi ltc_deinit_multi
140#define mp_cleanup_multi ltc_cleanup_multi
141#define mp_init_copy(a, b) ltc_mp.init_copy(a, b)
142
143#define mp_neg(a, b) ltc_mp.neg(a, b)
144#define mp_copy(a, b) ltc_mp.copy(a, b)
145
146#define mp_set(a, b) ltc_mp.set_int(a, b)
147#define mp_set_int(a, b) ltc_mp.set_int(a, b)
148#define mp_get_int(a) ltc_mp.get_int(a)
149#define mp_get_digit(a, n) ltc_mp.get_digit(a, n)
150#define mp_get_digit_count(a) ltc_mp.get_digit_count(a)
151#define mp_cmp(a, b) ltc_mp.compare(a, b)
152#define mp_cmp_d(a, b) ltc_mp.compare_d(a, b)
153#define mp_count_bits(a) ltc_mp.count_bits(a)
154#define mp_cnt_lsb(a) ltc_mp.count_lsb_bits(a)
155#define mp_2expt(a, b) ltc_mp.twoexpt(a, b)
156
157#define mp_read_radix(a, b, c) ltc_mp.read_radix(a, b, c)
158#define mp_toradix(a, b, c) ltc_mp.write_radix(a, b, c)
159#define mp_unsigned_bin_size(a) ltc_mp.unsigned_size(a)
160#define mp_to_unsigned_bin(a, b) ltc_mp.unsigned_write(a, b)
161#define mp_read_unsigned_bin(a, b, c) ltc_mp.unsigned_read(a, b, c)
162
163#define mp_add(a, b, c) ltc_mp.add(a, b, c)
164#define mp_add_d(a, b, c) ltc_mp.addi(a, b, c)
165#define mp_sub(a, b, c) ltc_mp.sub(a, b, c)
166#define mp_sub_d(a, b, c) ltc_mp.subi(a, b, c)
167#define mp_mul(a, b, c) ltc_mp.mul(a, b, c)
168#define mp_mul_d(a, b, c) ltc_mp.muli(a, b, c)
169#define mp_sqr(a, b) ltc_mp.sqr(a, b)
170#define mp_sqrtmod_prime(a, b, c) ltc_mp.sqrtmod_prime(a, b, c)
171#define mp_div(a, b, c, d) ltc_mp.mpdiv(a, b, c, d)
172#define mp_div_2(a, b) ltc_mp.div_2(a, b)
173#define mp_mod(a, b, c) ltc_mp.mpdiv(a, b, NULL, c)
174#define mp_mod_d(a, b, c) ltc_mp.modi(a, b, c)
175#define mp_gcd(a, b, c) ltc_mp.gcd(a, b, c)
176#define mp_lcm(a, b, c) ltc_mp.lcm(a, b, c)
177
178#define mp_addmod(a, b, c, d) ltc_mp.addmod(a, b, c, d)
179#define mp_submod(a, b, c, d) ltc_mp.submod(a, b, c, d)
180#define mp_mulmod(a, b, c, d) ltc_mp.mulmod(a, b, c, d)
181#define mp_sqrmod(a, b, c) ltc_mp.sqrmod(a, b, c)
182#define mp_invmod(a, b, c) ltc_mp.invmod(a, b, c)
183
184#define mp_montgomery_setup(a, b) ltc_mp.montgomery_setup(a, b)
185#define mp_montgomery_normalization(a, b) ltc_mp.montgomery_normalization(a, b)
186#define mp_montgomery_reduce(a, b, c) ltc_mp.montgomery_reduce(a, b, c)
187#define mp_montgomery_free(a) ltc_mp.montgomery_deinit(a)
188
189#define mp_exptmod(a,b,c,d) ltc_mp.exptmod(a,b,c,d)
190#define mp_prime_is_prime(a, b, c) ltc_mp.isprime(a, b, c)
191
192#define mp_iszero(a) (mp_cmp_d(a, 0) == LTC_MP_EQ ? LTC_MP_YES : LTC_MP_NO)
193#define mp_isodd(a) (mp_get_digit_count(a) > 0 ? (mp_get_digit(a, 0) & 1 ? LTC_MP_YES : LTC_MP_NO) : LTC_MP_NO)
194#define mp_exch(a, b) do { void *ABC__tmp = a; a = b; b = ABC__tmp; } while(0)
195
196#define mp_tohex(a, b) mp_toradix(a, b, 16)
197
198#define mp_rand(a, b) ltc_mp.rand(a, b)
199
200#endif
201
202
203/* tomcrypt_misc.h */
204
205void copy_or_zeromem(const unsigned char* src, unsigned char* dest, unsigned long len, int coz);
206
207int pbes_decrypt(const pbes_arg *arg, unsigned char *dec_data, unsigned long *dec_size);
208
209int pbes1_extract(const ltc_asn1_list *s, pbes_arg *res);
210int pbes2_extract(const ltc_asn1_list *s, pbes_arg *res);
211
212
213/* tomcrypt_pk.h */
214
215int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng);
216int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng);
217
218int pk_get_oid(enum ltc_oid_id id, const char **st);
219int pk_oid_str_to_num(const char *OID, unsigned long *oid, unsigned long *oidlen);
220int pk_oid_num_to_str(const unsigned long *oid, unsigned long oidlen, char *OID, unsigned long *outlen);
221
222/* ---- DH Routines ---- */
223#ifdef LTC_MRSA
224int rsa_init(rsa_key *key);
225void rsa_shrink_key(rsa_key *key);
226#endif /* LTC_MRSA */
227
228/* ---- DH Routines ---- */
229#ifdef LTC_MDH
230extern const ltc_dh_set_type ltc_dh_sets[];
231
232int dh_check_pubkey(const dh_key *key);
233#endif /* LTC_MDH */
234
235/* ---- ECC Routines ---- */
236#ifdef LTC_MECC
237int ecc_set_curve_from_mpis(void *a, void *b, void *prime, void *order, void *gx, void *gy, unsigned long cofactor, ecc_key *key);
238int ecc_copy_curve(const ecc_key *srckey, ecc_key *key);
239int ecc_set_curve_by_size(int size, ecc_key *key);
240int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long inlen, ecc_key *key);
241
242#ifdef LTC_SSH
243int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long *buflen, const ecc_key *key);
244#endif
245
246/* low level functions */
247ecc_point *ltc_ecc_new_point(void);
248void ltc_ecc_del_point(ecc_point *p);
249int ltc_ecc_set_point_xyz(ltc_mp_digit x, ltc_mp_digit y, ltc_mp_digit z, ecc_point *p);
250int ltc_ecc_copy_point(const ecc_point *src, ecc_point *dst);
251int ltc_ecc_is_point(const ltc_ecc_dp *dp, void *x, void *y);
252int ltc_ecc_is_point_at_infinity(const ecc_point *P, void *modulus, int *retval);
253int ltc_ecc_import_point(const unsigned char *in, unsigned long inlen, void *prime, void *a, void *b, void *x, void *y);
254int ltc_ecc_export_point(unsigned char *out, unsigned long *outlen, void *x, void *y, unsigned long size, int compressed);
255int ltc_ecc_verify_key(const ecc_key *key);
256
257/* point ops (mp == montgomery digit) */
258#if !defined(LTC_MECC_ACCEL) || defined(LTM_DESC) || defined(GMP_DESC)
259/* R = 2P */
260int ltc_ecc_projective_dbl_point(const ecc_point *P, ecc_point *R, void *ma, void *modulus, void *mp);
261
262/* R = P + Q */
263int ltc_ecc_projective_add_point(const ecc_point *P, const ecc_point *Q, ecc_point *R, void *ma, void *modulus, void *mp);
264#endif
265
266#if defined(LTC_MECC_FP)
267/* optimized point multiplication using fixed point cache (HAC algorithm 14.117) */
268int ltc_ecc_fp_mulmod(void *k, ecc_point *G, ecc_point *R, void *a, void *modulus, int map);
269
270/* functions for saving/loading/freeing/adding to fixed point cache */
271int ltc_ecc_fp_save_state(unsigned char **out, unsigned long *outlen);
272int ltc_ecc_fp_restore_state(unsigned char *in, unsigned long inlen);
273void ltc_ecc_fp_free(void);
274int ltc_ecc_fp_add_point(ecc_point *g, void *modulus, int lock);
275
276/* lock/unlock all points currently in fixed point cache */
277void ltc_ecc_fp_tablelock(int lock);
278#endif
279
280/* R = kG */
281int ltc_ecc_mulmod(void *k, const ecc_point *G, ecc_point *R, void *a, void *modulus, int map);
282
283#ifdef LTC_ECC_SHAMIR
284/* kA*A + kB*B = C */
285int ltc_ecc_mul2add(const ecc_point *A, void *kA,
286 const ecc_point *B, void *kB,
287 ecc_point *C,
288 void *ma,
289 void *modulus);
290
291#ifdef LTC_MECC_FP
292/* Shamir's trick with optimized point multiplication using fixed point cache */
293int ltc_ecc_fp_mul2add(const ecc_point *A, void *kA,
294 const ecc_point *B, void *kB,
295 ecc_point *C,
296 void *ma,
297 void *modulus);
298#endif
299
300#endif
301
302
303/* map P to affine from projective */
304int ltc_ecc_map(ecc_point *P, void *modulus, void *mp);
305#endif /* LTC_MECC */
306
307#ifdef LTC_MDSA
308int dsa_int_validate_xy(const dsa_key *key, int *stat);
309int dsa_int_validate_pqg(const dsa_key *key, int *stat);
310int dsa_int_validate_primes(const dsa_key *key, int *stat);
311#endif /* LTC_MDSA */
312
313
314#ifdef LTC_CURVE25519
315
316int tweetnacl_crypto_sign(
317 unsigned char *sm,unsigned long long *smlen,
318 const unsigned char *m,unsigned long long mlen,
319 const unsigned char *sk, const unsigned char *pk);
320int tweetnacl_crypto_sign_open(
321 int *stat,
322 unsigned char *m,unsigned long long *mlen,
323 const unsigned char *sm,unsigned long long smlen,
324 const unsigned char *pk);
325int tweetnacl_crypto_sign_keypair(prng_state *prng, int wprng, unsigned char *pk,unsigned char *sk);
326int tweetnacl_crypto_sk_to_pk(unsigned char *pk, const unsigned char *sk);
327int tweetnacl_crypto_scalarmult(unsigned char *q, const unsigned char *n, const unsigned char *p);
328int tweetnacl_crypto_scalarmult_base(unsigned char *q,const unsigned char *n);
329
330typedef int (*sk_to_pk)(unsigned char *pk ,const unsigned char *sk);
331int ec25519_import_pkcs8(const unsigned char *in, unsigned long inlen,
332 const void *pwd, unsigned long pwdlen,
333 enum ltc_oid_id id, sk_to_pk fp,
334 curve25519_key *key);
335int ec25519_export( unsigned char *out, unsigned long *outlen,
336 int which,
337 const curve25519_key *key);
338#endif /* LTC_CURVE25519 */
339
340#ifdef LTC_DER
341
342#define LTC_ASN1_IS_TYPE(e, t) (((e) != NULL) && ((e)->type == (t)))
343
344/* DER handling */
345int der_decode_custom_type_ex(const unsigned char *in, unsigned long inlen,
346 ltc_asn1_list *root,
347 ltc_asn1_list *list, unsigned long outlen, unsigned int flags);
348
349int der_encode_asn1_identifier(const ltc_asn1_list *id, unsigned char *out, unsigned long *outlen);
350int der_decode_asn1_identifier(const unsigned char *in, unsigned long *inlen, ltc_asn1_list *id);
351int der_length_asn1_identifier(const ltc_asn1_list *id, unsigned long *idlen);
352
353int der_encode_asn1_length(unsigned long len, unsigned char* out, unsigned long* outlen);
354int der_decode_asn1_length(const unsigned char *in, unsigned long *inlen, unsigned long *outlen);
355int der_length_asn1_length(unsigned long len, unsigned long *outlen);
356
357int der_length_sequence_ex(const ltc_asn1_list *list, unsigned long inlen,
358 unsigned long *outlen, unsigned long *payloadlen);
359
360extern const ltc_asn1_type der_asn1_tag_to_type_map[];
361extern const unsigned long der_asn1_tag_to_type_map_sz;
362
363extern const int der_asn1_type_to_identifier_map[];
364extern const unsigned long der_asn1_type_to_identifier_map_sz;
365
366int der_decode_sequence_multi_ex(const unsigned char *in, unsigned long inlen, unsigned int flags, ...);
367
368int der_teletex_char_encode(int c);
369int der_teletex_value_decode(int v);
370
371int der_utf8_valid_char(const wchar_t c);
372
373typedef int (*public_key_decode_cb)(const unsigned char *in, unsigned long inlen, void *ctx);
374
375int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen,
376 enum ltc_oid_id algorithm, ltc_asn1_type param_type,
377 ltc_asn1_list* parameters, unsigned long *parameters_len,
378 public_key_decode_cb callback, void *ctx);
379
380/* SUBJECT PUBLIC KEY INFO */
381int x509_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen,
382 unsigned int algorithm, const void* public_key, unsigned long public_key_len,
383 ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len);
384
385int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen,
386 unsigned int algorithm, void* public_key, unsigned long* public_key_len,
387 ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len);
388
389int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long o2size);
390int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2);
391
392#endif /* LTC_DER */
393
394/* tomcrypt_pkcs.h */
395
396#ifdef LTC_PKCS_8
397
398int pkcs8_decode_flexi(const unsigned char *in, unsigned long inlen,
399 const void *pwd, unsigned long pwdlen,
400 ltc_asn1_list **decoded_list);
401
402#endif /* LTC_PKCS_8 */
403
404
405#ifdef LTC_PKCS_12
406
407int pkcs12_utf8_to_utf16(const unsigned char *in, unsigned long inlen,
408 unsigned char *out, unsigned long *outlen);
409
410int pkcs12_kdf( int hash_id,
411 const unsigned char *pw, unsigned long pwlen,
412 const unsigned char *salt, unsigned long saltlen,
413 unsigned int iterations, unsigned char purpose,
414 unsigned char *out, unsigned long outlen);
415
416#endif /* LTC_PKCS_12 */
417
418/* tomcrypt_prng.h */
419
420#define LTC_PRNG_EXPORT(which) \
421int which ## _export(unsigned char *out, unsigned long *outlen, prng_state *prng) \
422{ \
423 unsigned long len = which ## _desc.export_size; \
424 \
425 LTC_ARGCHK(prng != NULL); \
426 LTC_ARGCHK(out != NULL); \
427 LTC_ARGCHK(outlen != NULL); \
428 \
429 if (*outlen < len) { \
430 *outlen = len; \
431 return CRYPT_BUFFER_OVERFLOW; \
432 } \
433 \
434 if (which ## _read(out, len, prng) != len) { \
435 return CRYPT_ERROR_READPRNG; \
436 } \
437 \
438 *outlen = len; \
439 return CRYPT_OK; \
440}
441
442/* extract a byte portably */
443#ifdef _MSC_VER
444 #define LTC_BYTE(x, n) ((unsigned char)((x) >> (8 * (n))))
445#else
446 #define LTC_BYTE(x, n) (((x) >> (8 * (n))) & 255)
447#endif
diff --git a/utils/tomcrypt/src/headers/tomcrypt_prng.h b/utils/tomcrypt/src/headers/tomcrypt_prng.h
new file mode 100644
index 0000000000..1fa164382f
--- /dev/null
+++ b/utils/tomcrypt/src/headers/tomcrypt_prng.h
@@ -0,0 +1,232 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10/* ---- PRNG Stuff ---- */
11#ifdef LTC_YARROW
12struct yarrow_prng {
13 int cipher, hash;
14 unsigned char pool[MAXBLOCKSIZE];
15 symmetric_CTR ctr;
16};
17#endif
18
19#ifdef LTC_RC4
20struct rc4_prng {
21 rc4_state s;
22};
23#endif
24
25#ifdef LTC_CHACHA20_PRNG
26struct chacha20_prng {
27 chacha_state s; /* chacha state */
28 unsigned char ent[40]; /* entropy buffer */
29 unsigned long idx; /* entropy counter */
30};
31#endif
32
33#ifdef LTC_FORTUNA
34struct fortuna_prng {
35 hash_state pool[LTC_FORTUNA_POOLS]; /* the pools */
36
37 symmetric_key skey;
38
39 unsigned char K[32], /* the current key */
40 IV[16]; /* IV for CTR mode */
41
42 unsigned long pool_idx, /* current pool we will add to */
43 pool0_len, /* length of 0'th pool */
44 wd;
45
46 ulong64 reset_cnt; /* number of times we have reset */
47};
48#endif
49
50#ifdef LTC_SOBER128
51struct sober128_prng {
52 sober128_state s; /* sober128 state */
53 unsigned char ent[40]; /* entropy buffer */
54 unsigned long idx; /* entropy counter */
55};
56#endif
57
58typedef struct {
59 union {
60 char dummy[1];
61#ifdef LTC_YARROW
62 struct yarrow_prng yarrow;
63#endif
64#ifdef LTC_RC4
65 struct rc4_prng rc4;
66#endif
67#ifdef LTC_CHACHA20_PRNG
68 struct chacha20_prng chacha;
69#endif
70#ifdef LTC_FORTUNA
71 struct fortuna_prng fortuna;
72#endif
73#ifdef LTC_SOBER128
74 struct sober128_prng sober128;
75#endif
76 };
77 short ready; /* ready flag 0-1 */
78 LTC_MUTEX_TYPE(lock) /* lock */
79} prng_state;
80
81/** PRNG descriptor */
82extern struct ltc_prng_descriptor {
83 /** Name of the PRNG */
84 const char *name;
85 /** size in bytes of exported state */
86 int export_size;
87 /** Start a PRNG state
88 @param prng [out] The state to initialize
89 @return CRYPT_OK if successful
90 */
91 int (*start)(prng_state *prng);
92 /** Add entropy to the PRNG
93 @param in The entropy
94 @param inlen Length of the entropy (octets)\
95 @param prng The PRNG state
96 @return CRYPT_OK if successful
97 */
98 int (*add_entropy)(const unsigned char *in, unsigned long inlen, prng_state *prng);
99 /** Ready a PRNG state to read from
100 @param prng The PRNG state to ready
101 @return CRYPT_OK if successful
102 */
103 int (*ready)(prng_state *prng);
104 /** Read from the PRNG
105 @param out [out] Where to store the data
106 @param outlen Length of data desired (octets)
107 @param prng The PRNG state to read from
108 @return Number of octets read
109 */
110 unsigned long (*read)(unsigned char *out, unsigned long outlen, prng_state *prng);
111 /** Terminate a PRNG state
112 @param prng The PRNG state to terminate
113 @return CRYPT_OK if successful
114 */
115 int (*done)(prng_state *prng);
116 /** Export a PRNG state
117 @param out [out] The destination for the state
118 @param outlen [in/out] The max size and resulting size of the PRNG state
119 @param prng The PRNG to export
120 @return CRYPT_OK if successful
121 */
122 int (*pexport)(unsigned char *out, unsigned long *outlen, prng_state *prng);
123 /** Import a PRNG state
124 @param in The data to import
125 @param inlen The length of the data to import (octets)
126 @param prng The PRNG to initialize/import
127 @return CRYPT_OK if successful
128 */
129 int (*pimport)(const unsigned char *in, unsigned long inlen, prng_state *prng);
130 /** Self-test the PRNG
131 @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
132 */
133 int (*test)(void);
134} prng_descriptor[];
135
136#ifdef LTC_YARROW
137int yarrow_start(prng_state *prng);
138int yarrow_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng);
139int yarrow_ready(prng_state *prng);
140unsigned long yarrow_read(unsigned char *out, unsigned long outlen, prng_state *prng);
141int yarrow_done(prng_state *prng);
142int yarrow_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
143int yarrow_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
144int yarrow_test(void);
145extern const struct ltc_prng_descriptor yarrow_desc;
146#endif
147
148#ifdef LTC_FORTUNA
149int fortuna_start(prng_state *prng);
150int fortuna_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng);
151int fortuna_ready(prng_state *prng);
152unsigned long fortuna_read(unsigned char *out, unsigned long outlen, prng_state *prng);
153int fortuna_done(prng_state *prng);
154int fortuna_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
155int fortuna_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
156int fortuna_test(void);
157extern const struct ltc_prng_descriptor fortuna_desc;
158#endif
159
160#ifdef LTC_RC4
161int rc4_start(prng_state *prng);
162int rc4_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng);
163int rc4_ready(prng_state *prng);
164unsigned long rc4_read(unsigned char *out, unsigned long outlen, prng_state *prng);
165int rc4_done(prng_state *prng);
166int rc4_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
167int rc4_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
168int rc4_test(void);
169extern const struct ltc_prng_descriptor rc4_desc;
170#endif
171
172#ifdef LTC_CHACHA20_PRNG
173int chacha20_prng_start(prng_state *prng);
174int chacha20_prng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng);
175int chacha20_prng_ready(prng_state *prng);
176unsigned long chacha20_prng_read(unsigned char *out, unsigned long outlen, prng_state *prng);
177int chacha20_prng_done(prng_state *prng);
178int chacha20_prng_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
179int chacha20_prng_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
180int chacha20_prng_test(void);
181extern const struct ltc_prng_descriptor chacha20_prng_desc;
182#endif
183
184#ifdef LTC_SPRNG
185int sprng_start(prng_state *prng);
186int sprng_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng);
187int sprng_ready(prng_state *prng);
188unsigned long sprng_read(unsigned char *out, unsigned long outlen, prng_state *prng);
189int sprng_done(prng_state *prng);
190int sprng_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
191int sprng_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
192int sprng_test(void);
193extern const struct ltc_prng_descriptor sprng_desc;
194#endif
195
196#ifdef LTC_SOBER128
197int sober128_start(prng_state *prng);
198int sober128_add_entropy(const unsigned char *in, unsigned long inlen, prng_state *prng);
199int sober128_ready(prng_state *prng);
200unsigned long sober128_read(unsigned char *out, unsigned long outlen, prng_state *prng);
201int sober128_done(prng_state *prng);
202int sober128_export(unsigned char *out, unsigned long *outlen, prng_state *prng);
203int sober128_import(const unsigned char *in, unsigned long inlen, prng_state *prng);
204int sober128_test(void);
205extern const struct ltc_prng_descriptor sober128_desc;
206#endif
207
208int find_prng(const char *name);
209int register_prng(const struct ltc_prng_descriptor *prng);
210int unregister_prng(const struct ltc_prng_descriptor *prng);
211int register_all_prngs(void);
212int prng_is_valid(int idx);
213LTC_MUTEX_PROTO(ltc_prng_mutex)
214
215/* Slow RNG you **might** be able to use to seed a PRNG with. Be careful as this
216 * might not work on all platforms as planned
217 */
218unsigned long rng_get_bytes(unsigned char *out,
219 unsigned long outlen,
220 void (*callback)(void));
221
222int rng_make_prng(int bits, int wprng, prng_state *prng, void (*callback)(void));
223
224#ifdef LTC_PRNG_ENABLE_LTC_RNG
225extern unsigned long (*ltc_rng)(unsigned char *out, unsigned long outlen,
226 void (*callback)(void));
227#endif
228
229
230/* ref: HEAD -> master, tag: v1.18.2 */
231/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
232/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/misc/compare_testvector.c b/utils/tomcrypt/src/misc/compare_testvector.c
new file mode 100644
index 0000000000..67fe1c1f9a
--- /dev/null
+++ b/utils/tomcrypt/src/misc/compare_testvector.c
@@ -0,0 +1,87 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9
10#include "tomcrypt.h"
11
12/**
13 @file compare_testvector.c
14 Function to compare two testvectors and print a (detailed) error-message if required, Steffen Jaeckel
15*/
16
17#if defined(LTC_TEST) && defined(LTC_TEST_DBG)
18static void _print_hex(const char* what, const void* v, const unsigned long l)
19{
20 const unsigned char* p = v;
21 unsigned long x, y = 0, z;
22 fprintf(stderr, "%s contents: \n", what);
23 for (x = 0; x < l; ) {
24 fprintf(stderr, "%02X ", p[x]);
25 if (!(++x % 16) || x == l) {
26 if((x % 16) != 0) {
27 z = 16 - (x % 16);
28 if(z >= 8)
29 fprintf(stderr, " ");
30 for (; z != 0; --z) {
31 fprintf(stderr, " ");
32 }
33 }
34 fprintf(stderr, " | ");
35 for(; y < x; y++) {
36 if((y % 8) == 0)
37 fprintf(stderr, " ");
38 if(isgraph(p[y]))
39 fprintf(stderr, "%c", p[y]);
40 else
41 fprintf(stderr, ".");
42 }
43 fprintf(stderr, "\n");
44 }
45 else if((x % 8) == 0) {
46 fprintf(stderr, " ");
47 }
48 }
49}
50#endif
51
52/**
53 Compare two test-vectors
54
55 @param is The data as it is
56 @param is_len The length of is
57 @param should The data as it should
58 @param should_len The length of should
59 @param what The type of the data
60 @param which The iteration count
61 @return 0 on equality, -1 or 1 on difference
62*/
63int compare_testvector(const void* is, const unsigned long is_len, const void* should, const unsigned long should_len, const char* what, int which)
64{
65 int res = 0;
66 if(is_len != should_len)
67 res = is_len > should_len ? -1 : 1;
68 else
69 res = XMEMCMP(is, should, is_len);
70
71#if defined(LTC_TEST) && defined(LTC_TEST_DBG)
72 if (res != 0) {
73 fprintf(stderr, "Testvector #%i of %s failed:\n", which, what);
74 _print_hex("SHOULD", should, should_len);
75 _print_hex("IS ", is, is_len);
76 }
77#else
78 LTC_UNUSED_PARAM(which);
79 LTC_UNUSED_PARAM(what);
80#endif
81
82 return res;
83}
84
85/* ref: HEAD -> master, tag: v1.18.2 */
86/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
87/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/misc/crypt/crypt_argchk.c b/utils/tomcrypt/src/misc/crypt/crypt_argchk.c
new file mode 100644
index 0000000000..a93962420e
--- /dev/null
+++ b/utils/tomcrypt/src/misc/crypt/crypt_argchk.c
@@ -0,0 +1,27 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9#include "tomcrypt.h"
10
11/**
12 @file crypt_argchk.c
13 Perform argument checking, Tom St Denis
14*/
15
16#if (ARGTYPE == 0)
17void crypt_argchk(const char *v, const char *s, int d)
18{
19 fprintf(stderr, "LTC_ARGCHK '%s' failure on line %d of file %s\n",
20 v, d, s);
21 abort();
22}
23#endif
24
25/* ref: HEAD -> master, tag: v1.18.2 */
26/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
27/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/misc/crypt/crypt_cipher_descriptor.c b/utils/tomcrypt/src/misc/crypt/crypt_cipher_descriptor.c
new file mode 100644
index 0000000000..a9de9d6785
--- /dev/null
+++ b/utils/tomcrypt/src/misc/crypt/crypt_cipher_descriptor.c
@@ -0,0 +1,25 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9#include "tomcrypt.h"
10
11/**
12 @file crypt_cipher_descriptor.c
13 Stores the cipher descriptor table, Tom St Denis
14*/
15
16struct ltc_cipher_descriptor cipher_descriptor[TAB_SIZE] = {
17{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
18 };
19
20LTC_MUTEX_GLOBAL(ltc_cipher_mutex)
21
22
23/* ref: HEAD -> master, tag: v1.18.2 */
24/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
25/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/misc/crypt/crypt_cipher_is_valid.c b/utils/tomcrypt/src/misc/crypt/crypt_cipher_is_valid.c
new file mode 100644
index 0000000000..2ba32bf5e8
--- /dev/null
+++ b/utils/tomcrypt/src/misc/crypt/crypt_cipher_is_valid.c
@@ -0,0 +1,34 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9#include "tomcrypt.h"
10
11/**
12 @file crypt_cipher_is_valid.c
13 Determine if cipher is valid, Tom St Denis
14*/
15
16/*
17 Test if a cipher index is valid
18 @param idx The index of the cipher to search for
19 @return CRYPT_OK if valid
20*/
21int cipher_is_valid(int idx)
22{
23 LTC_MUTEX_LOCK(&ltc_cipher_mutex);
24 if (idx < 0 || idx >= TAB_SIZE || cipher_descriptor[idx].name == NULL) {
25 LTC_MUTEX_UNLOCK(&ltc_cipher_mutex);
26 return CRYPT_INVALID_CIPHER;
27 }
28 LTC_MUTEX_UNLOCK(&ltc_cipher_mutex);
29 return CRYPT_OK;
30}
31
32/* ref: HEAD -> master, tag: v1.18.2 */
33/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
34/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/misc/crypt/crypt_register_cipher.c b/utils/tomcrypt/src/misc/crypt/crypt_register_cipher.c
new file mode 100644
index 0000000000..59fc042d89
--- /dev/null
+++ b/utils/tomcrypt/src/misc/crypt/crypt_register_cipher.c
@@ -0,0 +1,52 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9#include "tomcrypt.h"
10
11/**
12 @file crypt_register_cipher.c
13 Register a cipher, Tom St Denis
14*/
15
16/**
17 Register a cipher with the descriptor table
18 @param cipher The cipher you wish to register
19 @return value >= 0 if successfully added (or already present), -1 if unsuccessful
20*/
21int register_cipher(const struct ltc_cipher_descriptor *cipher)
22{
23 int x;
24
25 LTC_ARGCHK(cipher != NULL);
26
27 /* is it already registered? */
28 LTC_MUTEX_LOCK(&ltc_cipher_mutex);
29 for (x = 0; x < TAB_SIZE; x++) {
30 if (cipher_descriptor[x].name != NULL && cipher_descriptor[x].ID == cipher->ID) {
31 LTC_MUTEX_UNLOCK(&ltc_cipher_mutex);
32 return x;
33 }
34 }
35
36 /* find a blank spot */
37 for (x = 0; x < TAB_SIZE; x++) {
38 if (cipher_descriptor[x].name == NULL) {
39 XMEMCPY(&cipher_descriptor[x], cipher, sizeof(struct ltc_cipher_descriptor));
40 LTC_MUTEX_UNLOCK(&ltc_cipher_mutex);
41 return x;
42 }
43 }
44
45 /* no spot */
46 LTC_MUTEX_UNLOCK(&ltc_cipher_mutex);
47 return -1;
48}
49
50/* ref: HEAD -> master, tag: v1.18.2 */
51/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
52/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/misc/zeromem.c b/utils/tomcrypt/src/misc/zeromem.c
new file mode 100644
index 0000000000..dc81d9b1e2
--- /dev/null
+++ b/utils/tomcrypt/src/misc/zeromem.c
@@ -0,0 +1,32 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9#include "tomcrypt.h"
10
11/**
12 @file zeromem.c
13 Zero a block of memory, Tom St Denis
14*/
15
16/**
17 Zero a block of memory
18 @param out The destination of the area to zero
19 @param outlen The length of the area to zero (octets)
20*/
21void zeromem(volatile void *out, size_t outlen)
22{
23 volatile char *mem = out;
24 LTC_ARGCHKVD(out != NULL);
25 while (outlen-- > 0) {
26 *mem++ = '\0';
27 }
28}
29
30/* ref: HEAD -> master, tag: v1.18.2 */
31/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
32/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/modes/cbc/cbc_decrypt.c b/utils/tomcrypt/src/modes/cbc/cbc_decrypt.c
new file mode 100644
index 0000000000..685aff80b0
--- /dev/null
+++ b/utils/tomcrypt/src/modes/cbc/cbc_decrypt.c
@@ -0,0 +1,95 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9#include "tomcrypt.h"
10
11/**
12 @file cbc_decrypt.c
13 CBC implementation, encrypt block, Tom St Denis
14*/
15
16
17#ifdef LTC_CBC_MODE
18
19/**
20 CBC decrypt
21 @param ct Ciphertext
22 @param pt [out] Plaintext
23 @param len The number of bytes to process (must be multiple of block length)
24 @param cbc CBC state
25 @return CRYPT_OK if successful
26*/
27int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CBC *cbc)
28{
29 int x, err;
30 unsigned char tmp[16];
31#ifdef LTC_FAST
32 LTC_FAST_TYPE tmpy;
33#else
34 unsigned char tmpy;
35#endif
36
37 LTC_ARGCHK(pt != NULL);
38 LTC_ARGCHK(ct != NULL);
39 LTC_ARGCHK(cbc != NULL);
40
41 if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) {
42 return err;
43 }
44
45 /* is blocklen valid? */
46 if (cbc->blocklen < 1 || cbc->blocklen > (int)sizeof(cbc->IV) || cbc->blocklen > (int)sizeof(tmp)) {
47 return CRYPT_INVALID_ARG;
48 }
49
50 if (len % cbc->blocklen) {
51 return CRYPT_INVALID_ARG;
52 }
53#ifdef LTC_FAST
54 if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) {
55 return CRYPT_INVALID_ARG;
56 }
57#endif
58
59 if (cipher_descriptor[cbc->cipher].accel_cbc_decrypt != NULL) {
60 return cipher_descriptor[cbc->cipher].accel_cbc_decrypt(ct, pt, len / cbc->blocklen, cbc->IV, &cbc->key);
61 } else {
62 while (len) {
63 /* decrypt */
64 if ((err = cipher_descriptor[cbc->cipher].ecb_decrypt(ct, tmp, &cbc->key)) != CRYPT_OK) {
65 return err;
66 }
67
68 /* xor IV against plaintext */
69 #if defined(LTC_FAST)
70 for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) {
71 tmpy = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) ^ *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)tmp + x));
72 *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x));
73 *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x)) = tmpy;
74 }
75 #else
76 for (x = 0; x < cbc->blocklen; x++) {
77 tmpy = tmp[x] ^ cbc->IV[x];
78 cbc->IV[x] = ct[x];
79 pt[x] = tmpy;
80 }
81 #endif
82
83 ct += cbc->blocklen;
84 pt += cbc->blocklen;
85 len -= cbc->blocklen;
86 }
87 }
88 return CRYPT_OK;
89}
90
91#endif
92
93/* ref: HEAD -> master, tag: v1.18.2 */
94/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
95/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/modes/cbc/cbc_encrypt.c b/utils/tomcrypt/src/modes/cbc/cbc_encrypt.c
new file mode 100644
index 0000000000..52f339de14
--- /dev/null
+++ b/utils/tomcrypt/src/modes/cbc/cbc_encrypt.c
@@ -0,0 +1,96 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9#include "tomcrypt.h"
10
11/**
12 @file cbc_encrypt.c
13 CBC implementation, encrypt block, Tom St Denis
14*/
15
16
17#ifdef LTC_CBC_MODE
18
19/**
20 CBC encrypt
21 @param pt Plaintext
22 @param ct [out] Ciphertext
23 @param len The number of bytes to process (must be multiple of block length)
24 @param cbc CBC state
25 @return CRYPT_OK if successful
26*/
27int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc)
28{
29 int x, err;
30
31 LTC_ARGCHK(pt != NULL);
32 LTC_ARGCHK(ct != NULL);
33 LTC_ARGCHK(cbc != NULL);
34
35 if ((err = cipher_is_valid(cbc->cipher)) != CRYPT_OK) {
36 return err;
37 }
38
39 /* is blocklen valid? */
40 if (cbc->blocklen < 1 || cbc->blocklen > (int)sizeof(cbc->IV)) {
41 return CRYPT_INVALID_ARG;
42 }
43
44 if (len % cbc->blocklen) {
45 return CRYPT_INVALID_ARG;
46 }
47#ifdef LTC_FAST
48 if (cbc->blocklen % sizeof(LTC_FAST_TYPE)) {
49 return CRYPT_INVALID_ARG;
50 }
51#endif
52
53 if (cipher_descriptor[cbc->cipher].accel_cbc_encrypt != NULL) {
54 return cipher_descriptor[cbc->cipher].accel_cbc_encrypt(pt, ct, len / cbc->blocklen, cbc->IV, &cbc->key);
55 } else {
56 while (len) {
57 /* xor IV against plaintext */
58 #if defined(LTC_FAST)
59 for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) {
60 *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) ^= *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)pt + x));
61 }
62 #else
63 for (x = 0; x < cbc->blocklen; x++) {
64 cbc->IV[x] ^= pt[x];
65 }
66 #endif
67
68 /* encrypt */
69 if ((err = cipher_descriptor[cbc->cipher].ecb_encrypt(cbc->IV, ct, &cbc->key)) != CRYPT_OK) {
70 return err;
71 }
72
73 /* store IV [ciphertext] for a future block */
74 #if defined(LTC_FAST)
75 for (x = 0; x < cbc->blocklen; x += sizeof(LTC_FAST_TYPE)) {
76 *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)cbc->IV + x)) = *(LTC_FAST_TYPE_PTR_CAST((unsigned char *)ct + x));
77 }
78 #else
79 for (x = 0; x < cbc->blocklen; x++) {
80 cbc->IV[x] = ct[x];
81 }
82 #endif
83
84 ct += cbc->blocklen;
85 pt += cbc->blocklen;
86 len -= cbc->blocklen;
87 }
88 }
89 return CRYPT_OK;
90}
91
92#endif
93
94/* ref: HEAD -> master, tag: v1.18.2 */
95/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
96/* commit time: 2018-07-01 22:49:01 +0200 */
diff --git a/utils/tomcrypt/src/modes/cbc/cbc_start.c b/utils/tomcrypt/src/modes/cbc/cbc_start.c
new file mode 100644
index 0000000000..08483e2b8f
--- /dev/null
+++ b/utils/tomcrypt/src/modes/cbc/cbc_start.c
@@ -0,0 +1,60 @@
1/* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9#include "tomcrypt.h"
10
11/**
12 @file cbc_start.c
13 CBC implementation, start chain, Tom St Denis
14*/
15
16#ifdef LTC_CBC_MODE
17
18/**
19 Initialize a CBC context
20 @param cipher The index of the cipher desired
21 @param IV The initialization vector
22 @param key The secret key
23 @param keylen The length of the secret key (octets)
24 @param num_rounds Number of rounds in the cipher desired (0 for default)
25 @param cbc The CBC state to initialize
26 @return CRYPT_OK if successful
27*/
28int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
29 int keylen, int num_rounds, symmetric_CBC *cbc)
30{
31 int x, err;
32
33 LTC_ARGCHK(IV != NULL);
34 LTC_ARGCHK(key != NULL);
35 LTC_ARGCHK(cbc != NULL);
36
37 /* bad param? */
38 if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
39 return err;
40 }
41
42 /* setup cipher */
43 if ((err = cipher_descriptor[cipher].setup(key, keylen, num_rounds, &cbc->key)) != CRYPT_OK) {
44 return err;
45 }
46
47 /* copy IV */
48 cbc->blocklen = cipher_descriptor[cipher].block_length;
49 cbc->cipher = cipher;
50 for (x = 0; x < cbc->blocklen; x++) {
51 cbc->IV[x] = IV[x];
52 }
53 return CRYPT_OK;
54}
55
56#endif
57
58/* ref: HEAD -> master, tag: v1.18.2 */
59/* git commit: 7e7eb695d581782f04b24dc444cbfde86af59853 */
60/* commit time: 2018-07-01 22:49:01 +0200 */
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 22:54:06 +0000