added libtomcrypt-1.14

Doxyfile

@@ -23,7 +23,7 @@ PROJECT_NAME           = LibTomCrypt
 # This could be handy for archiving the generated documentation or 
 # if some version control system is used.
 
-PROJECT_NUMBER         = 1.13
+PROJECT_NUMBER         = 1.14
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
 # base path where the generated documentation will be put. 

TODO

@@ -1,2 +1,4 @@
 - long term, start moving macros like CTR over to LTC_CTR to make LTC a bit more "drop-in-able".
+- F8 mode could use some LTC_FAST love
+
 

changes

@@ -1,3 +1,23 @@
+August 0x1E, 0x07D6
+v1.14 -- Renamed the chaining mode macros from XXX to LTC_XXX_MODE.  Should help avoid polluting the macro name space.
+      -- clean up of SHA-256
+      -- Chris Colman pointed out that der_decode_sequence_* allows LTC_ASN1_SETOF to accept SEQUENCEs and vice versa.
+         Decoder [non-flexi decoder that is] is more strict now and requires a match.
+      -- Steffen Jaeckel pointed out a typo in the user manual (re: rsa_exptmod).  Fixed.  This disproves the notion that
+         nobody reads it.  :-)
+      -- Made GCM a bit more portable w.r.t. handling the CTR IV (e.g. & with 255)
+      -- Add LTC_VERBOSE if you really want to see what test is doing :-)
+      -- Added SSE2 support to GCM [use GCM_TABLES_SSE2 to enable], shaves 2 cycles per byte on Opteron processors
+         Shaved 4 cycles on a Prescott (Intel P4)
+         Requires you align your gcm_state on a 16 byte boundary, see gcm_memory() for more info
+      -- Added missing prototype for f8_test_mode()
+      -- two fixes to CCM for corner cases [L+noncelen > 15] and fixing the CTR pad to encrypt the CBC-MAC tag
+      -- Franz Glasner pointed out the ARGTYPE=4 is not actually valid.  Fixed.
+      -- Fixed bug in f8_start() if your key < saltkey unspecified behaviour occurs.  :-(
+      -- Documented F8 mode.  Yeah, because you read the manual.  
+      -- Minor updates to the technotes.
+
+
 June 17th, 2005
 v1.13 -- Fixed to fortuna_start() to clean up state if an error occurs.  Not really useful at this stage (sha256 can't fail) but useful
          if I ever make fortuna pluggable
@@ -1464,6 +1484,6 @@ v0.02  -- Changed RC5 to only allow 12 to 24 rounds
 v0.01  -- We will call this the first version.
 
 /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */
-/* $Revision: 1.213 $ */
-/* $Date: 2006/06/18 01:42:59 $ */
+/* $Revision: 1.224 $ */
+/* $Date: 2006/08/30 23:23:20 $ */
 

crypt.tex

@@ -47,7 +47,7 @@
 \def\gap{\vspace{0.5ex}}
 \makeindex
 \begin{document}
-\title{LibTomCrypt \\ Version 1.13}
+\title{LibTomCrypt \\ Version 1.14}
 \author{Tom St Denis \\
 \\
 [email protected] \\
@@ -1007,6 +1007,55 @@ To terminate the LRW state use the following:
 int lrw_done(symmetric_LRW *lrw);
 \end{verbatim}
 
+\subsection{F8 Mode}
+\index{F8 Mode}
+The F8 Chaining mode (see RFC 3711 for instance) is yet another chaining mode for block ciphers.  It behaves much like CTR mode in that it XORs a keystream
+against the plaintext to encrypt.  F8 mode comes with the additional twist that the counter value is secret, encrypted by a \textit{salt key}.  We
+initialize F8 mode with the fuollowing function call:
+
+\index{f8\_start()}
+\begin{verbatim}
+int f8_start(                int  cipher, const unsigned char *IV, 
+             const unsigned char *key,                    int  keylen, 
+             const unsigned char *salt_key,               int  skeylen,
+                             int  num_rounds,   symmetric_F8  *f8);
+\end{verbatim}
+This will start the F8 mode state using ``key'' as the secret key, ``IV'' as the counter.  It uses the ``salt\_key`` as IV encryption key (``m'' in the RFC 3711).
+The salt\_key can be shorter than the secret key but it should not be longer.  
+
+To encrypt or decrypt data we use the following two functions:
+
+\index{f8\_encrypt()} \index{f8\_decrypt()}
+\begin{verbatim}
+int f8_encrypt(const unsigned char *pt, unsigned char *ct, 
+                     unsigned long  len, symmetric_F8 *f8);
+
+int f8_decrypt(const unsigned char *ct, unsigned char *pt, 
+                     unsigned long  len, symmetric_F8 *f8);
+\end{verbatim}
+These will encrypt or decrypt a variable length array of bytes using the F8 mode state specified.  The length is specified in bytes and does not have to be a multiple 
+of the ciphers block size.
+
+To change or retrieve the current counter IV value use the following functions:
+
+\index{f8\_getiv()}
+\index{f8\_setiv()}
+\begin{verbatim}
+int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8);
+int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8);
+\end{verbatim}
+These work with the current IV value only and not the encrypted IV value specifed during the call to f8\_start().  The purpose of these two functions is to be
+able to seek within a current session only.  If you want to change the session IV you will have to call f8\_done() and then start a new state with
+f8\_start().
+
+To terminate an F8 state call the following function:
+
+\index{f8\_done()}
+\begin{verbatim}
+int f8_done(symmetric_F8 *f8);
+\end{verbatim}
+
+\vbox{}
 \section{Encrypt and Authenticate Modes}
 
 \subsection{EAX Mode}
@@ -2719,8 +2768,7 @@ To do raw work with the RSA function call:
 \begin{verbatim}
 int rsa_exptmod(const unsigned char *in,   unsigned long inlen,
                       unsigned char *out,  unsigned long *outlen, 
-                      int which, prng_state *prng, int prng_idx,
-                      rsa_key *key);
+                      int which, rsa_key *key);
 \end{verbatim}
 This loads the bignum from ``in'' as a big endian word in the format PKCS specifies, raises it to either ``e'' or ``d'' and stores the result
 in ``out'' and the size of the result in ``outlen''. ``which'' is set to {\bf PK\_PUBLIC} to use ``e'' 
@@ -5241,5 +5289,5 @@ Since the function is given the entire RSA key (for private keys only) CRT is po
 \end{document}
 
 % $Source: /cvs/libtom/libtomcrypt/crypt.tex,v $   
-% $Revision: 1.74 $   
-% $Date: 2006/06/18 01:35:41 $ 
+% $Revision: 1.77 $   
+% $Date: 2006/08/30 23:23:20 $ 

demos/timing.c

@@ -16,13 +16,6 @@ reg_algs();
    extern ltc_math_descriptor EXT_MATH_LIB;
    ltc_mp = EXT_MATH_LIB;
 #endif
-time_cipher();
-time_hash();
-time_encmacs();
-time_rsa();
-time_ecc();
-time_ecc();
-return 0;
 time_keysched();
 time_cipher();
 time_cipher2();

makefile

@@ -4,7 +4,7 @@
 # Modified by Clay Culver
 
 # The version
-VERSION=1.13
+VERSION=1.14
 
 # Compiler and Linker Names
 #CC=gcc
@@ -367,5 +367,5 @@ zipup: no_oops docs
 
 
 # $Source: /cvs/libtom/libtomcrypt/makefile,v $ 
-# $Revision: 1.126 $ 
-# $Date: 2006/06/16 23:52:08 $ 
+# $Revision: 1.127 $ 
+# $Date: 2006/06/29 01:59:34 $ 

makefile.shared

@@ -6,7 +6,7 @@
 # Tom St Denis
 
 # The version
-VERSION=0:113
+VERSION=0:114
 
 # Compiler and Linker Names
 CC=libtool --mode=compile --tag=CC gcc 
@@ -265,5 +265,5 @@ timing: library testprof/$(LIBTEST) $(TIMINGS)
 	gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS)
 
 # $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $   
-# $Revision: 1.58 $   
-# $Date: 2006/06/16 23:52:08 $ 
+# $Revision: 1.59 $   
+# $Date: 2006/06/29 01:59:34 $ 

notes/tech0005.txt

@@ -12,7 +12,7 @@ You can disable whole classes of algorithms on the command line with the LTC_NO_
 The following build with GCC 3.4.4 on an AMD64 box gets you AES, CTR mode, SHA-256, HMAC, Yarrow, full RSA PKCS #1, PKCS #5 and ASN.1 DER in 
 roughly 40KB of code (49KB on the ARMv4) (both excluding the math library).
 
-CFLAGS="-DLTC_NO_CIPHERS -DLTC_NO_HASHES -DLTC_NO_PRNGS -DLTC_NO_MACS -DLTC_NO_MODES -DLTC_NO_PK -DRIJNDAEL -DCTR -DSHA256 \
+CFLAGS="-DLTC_NO_CIPHERS -DLTC_NO_HASHES -DLTC_NO_PRNGS -DLTC_NO_MACS -DLTC_NO_MODES -DLTC_NO_PK -DRIJNDAEL -DLTC_CTR_MODE -DSHA256 \
 -DHMAC -DYARROW -DMRSA -DMPI -DTFM_DESC -DARGTYPE=3 -Os -DLTC_SMALL_CODE -fomit-frame-pointer" make IGNORE_SPEED=1
 
 Obviously this won't get you performance but if you need to pack a crypto lib in a device with limited means it's more than enough...

notes/tech0007.txt

@@ -1,5 +1,5 @@
 Tech Note #7
 Quick building for testing with LTM
 
-EXTRALIBS=-ltommath CFLAGS="-g3 -DLTC_NO_ASM" make -j3 IGNORE_SPEED=1 test
+EXTRALIBS=-ltommath CFLAGS="-g3 -DLTC_NO_ASM -DUSE_LTM -DLTM_DESC" make -j3 IGNORE_SPEED=1 test
 

src/ciphers/aes/aes.c

@@ -308,7 +308,6 @@ int ECB_ENC(const unsigned char *pt, unsigned char *ct, symmetric_key *skey)
     LOAD32H(s2, pt  +  8); s2 ^= rk[2];
     LOAD32H(s3, pt  + 12); s3 ^= rk[3];
 
-
 #ifdef LTC_SMALL_CODE
 
     for (r = 0; ; r++) {

src/encauth/ccm/ccm_memory.c

@@ -117,6 +117,11 @@ int ccm_memory(int cipher,
       L = 15 - noncelen;
    }
 
+   /* decrease noncelen to match L */
+   if ((noncelen + L) > 15) {
+      noncelen = 15 - L;
+   }
+
    /* allocate mem for the symmetric key */
    if (uskey == NULL) {
       skey = XMALLOC(sizeof(*skey));
@@ -308,8 +313,10 @@ int ccm_memory(int cipher,
       }
    }
 
-   /* setup CTR for the TAG */
-   ctr[14] = ctr[15] = 0x00;
+   /* setup CTR for the TAG (zero the count) */
+   for (y = 15; y > 15 - L; y--) {
+      ctr[y] = 0x00;
+   }
    if ((err = cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey)) != CRYPT_OK) {
       goto error;
    }

src/encauth/gcm/gcm_memory.c

@@ -43,6 +43,7 @@ int gcm_memory(      int           cipher,
                      unsigned char *tag,    unsigned long *taglen,
                                int direction)
 {
+    void      *orig;
     gcm_state *gcm;
     int        err;
 
@@ -63,11 +64,26 @@ int gcm_memory(      int           cipher,
     }
 
 
-    gcm = XMALLOC(sizeof(*gcm));
+
+#ifndef GCM_TABLES_SSE2
+    orig = gcm = XMALLOC(sizeof(*gcm));
+#else
+    orig = gcm = XMALLOC(sizeof(*gcm) + 16);
+#endif
     if (gcm == NULL) {
         return CRYPT_MEM;
     }
 
+   /* Force GCM to be on a multiple of 16 so we can use 128-bit aligned operations
+    * note that we only modify gcm and keep orig intact.  This code is not portable
+    * but again it's only for SSE2 anyways, so who cares?
+    */
+#ifdef GCM_TABLES_SSE2
+   if ((unsigned long)gcm & 15) {
+      gcm = (gcm_state *)((unsigned long)gcm + (16 - ((unsigned long)gcm & 15)));
+   }
+#endif
+
     if ((err = gcm_init(gcm, cipher, key, keylen)) != CRYPT_OK) {
        goto LTC_ERR;
     }
@@ -82,7 +98,7 @@ int gcm_memory(      int           cipher,
     }
     err = gcm_done(gcm, tag, taglen);
 LTC_ERR:
-    XFREE(gcm);
+    XFREE(orig);
     return err;
 }
 #endif

src/encauth/gcm/gcm_mult_h.c

@@ -26,6 +26,13 @@ void gcm_mult_h(gcm_state *gcm, unsigned char *I)
    unsigned char T[16];
 #ifdef GCM_TABLES
    int x, y;
+#ifdef GCM_TABLES_SSE2
+   asm("movdqa (%0),%%xmm0"::"r"(&gcm->PC[0][I[0]][0]));
+   for (x = 1; x < 16; x++) {
+      asm("pxor (%0),%%xmm0"::"r"(&gcm->PC[x][I[x]][0]));
+   }
+   asm("movdqa %%xmm0,(%0)"::"r"(&T));
+#else
    XMEMCPY(T, &gcm->PC[0][I[0]][0], 16);
    for (x = 1; x < 16; x++) {
 #ifdef LTC_FAST
@@ -36,8 +43,9 @@ void gcm_mult_h(gcm_state *gcm, unsigned char *I)
        for (y = 0; y < 16; y++) {
            T[y] ^= gcm->PC[x][I[x]][y];
        }
-#endif
+#endif /* LTC_FAST */
    }
+#endif /* GCM_TABLES_SSE2 */
 #else     
    gcm_gf_mult(gcm->H, I, T); 
 #endif

src/encauth/gcm/gcm_process.c

@@ -59,7 +59,7 @@ int gcm_process(gcm_state *gcm,
 
       /* increment counter */
       for (y = 15; y >= 12; y--) {
-          if (++gcm->Y[y]) { break; }
+          if (++gcm->Y[y] & 255) { break; }
       }
       /* encrypt the counter */
       if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
@@ -89,7 +89,7 @@ int gcm_process(gcm_state *gcm,
              gcm_mult_h(gcm, gcm->X);
              /* increment counter */
              for (y = 15; y >= 12; y--) {
-                 if (++gcm->Y[y]) { break; }
+                 if (++gcm->Y[y] & 255) { break; }
              }
              if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
                 return err;
@@ -107,7 +107,7 @@ int gcm_process(gcm_state *gcm,
              gcm_mult_h(gcm, gcm->X);
              /* increment counter */
              for (y = 15; y >= 12; y--) {
-                 if (++gcm->Y[y]) { break; }
+                 if (++gcm->Y[y] & 255) { break; }
              }
              if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
                 return err;
@@ -125,7 +125,7 @@ int gcm_process(gcm_state *gcm,
           
           /* increment counter */
           for (y = 15; y >= 12; y--) {
-              if (++gcm->Y[y]) { break; }
+              if (++gcm->Y[y] & 255) { break; }
           }
           if ((err = cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K)) != CRYPT_OK) {
              return err;

src/hashes/sha2/sha256.c

@@ -37,7 +37,7 @@ const struct ltc_hash_descriptor sha256_desc =
 
 #ifdef LTC_SMALL_CODE
 /* the K array */
-static const unsigned long K[64] = {
+static const ulong32 K[64] = {
     0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
     0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
     0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,

src/headers/tomcrypt.h

@@ -16,8 +16,8 @@ extern "C" {
 #endif
 
 /* version */
-#define CRYPT   0x0113
-#define SCRYPT  "1.13"
+#define CRYPT   0x0114
+#define SCRYPT  "1.14"
 
 /* max size of either a cipher/hash block or symmetric key [largest of the two] */
 #define MAXBLOCKSIZE  128

src/headers/tomcrypt_argchk.h

@@ -27,8 +27,8 @@ void crypt_argchk(char *v, char *s, int d);
 
 #elif ARGTYPE == 4
 
-#define LTC_ARGCHK(x)   return CRYPT_INVALID_ARG;
-#define LTC_ARGCHKVD(x) return;
+#define LTC_ARGCHK(x)   if (!(x)) return CRYPT_INVALID_ARG;
+#define LTC_ARGCHKVD(x) if (!(x)) return;
 
 #endif
 

src/headers/tomcrypt_cipher.h

@@ -167,7 +167,7 @@ typedef union Symmetric_key {
    void   *data;
 } symmetric_key;
 
-#ifdef ECB
+#ifdef LTC_ECB_MODE
 /** A block cipher ECB structure */
 typedef struct {
    /** The index of the cipher chosen */
@@ -179,7 +179,7 @@ typedef struct {
 } symmetric_ECB;
 #endif
 
-#ifdef CFB
+#ifdef LTC_CFB_MODE
 /** A block cipher CFB structure */
 typedef struct {
    /** The index of the cipher chosen */
@@ -197,7 +197,7 @@ typedef struct {
 } symmetric_CFB;
 #endif
 
-#ifdef OFB
+#ifdef LTC_OFB_MODE
 /** A block cipher OFB structure */
 typedef struct {
    /** The index of the cipher chosen */
@@ -213,7 +213,7 @@ typedef struct {
 } symmetric_OFB;
 #endif
 
-#ifdef CBC
+#ifdef LTC_CBC_MODE
 /** A block cipher CBC structure */
 typedef struct {
    /** The index of the cipher chosen */
@@ -228,7 +228,7 @@ typedef struct {
 #endif
 
 
-#ifdef CTR
+#ifdef LTC_CTR_MODE
 /** A block cipher CTR structure */
 typedef struct {
    /** The index of the cipher chosen */
@@ -249,7 +249,7 @@ typedef struct {
 #endif
 
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
 /** A LRW structure */
 typedef struct {
     /** The index of the cipher chosen (must be a 128-bit block cipher) */
@@ -649,7 +649,7 @@ int anubis_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor anubis_desc;
 #endif
 
-#ifdef ECB
+#ifdef LTC_ECB_MODE
 int ecb_start(int cipher, const unsigned char *key, 
               int keylen, int num_rounds, symmetric_ECB *ecb);
 int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb);
@@ -657,7 +657,7 @@ int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, s
 int ecb_done(symmetric_ECB *ecb);
 #endif
 
-#ifdef CFB
+#ifdef LTC_CFB_MODE
 int cfb_start(int cipher, const unsigned char *IV, const unsigned char *key, 
               int keylen, int num_rounds, symmetric_CFB *cfb);
 int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CFB *cfb);
@@ -667,7 +667,7 @@ int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb);
 int cfb_done(symmetric_CFB *cfb);
 #endif
 
-#ifdef OFB
+#ifdef LTC_OFB_MODE
 int ofb_start(int cipher, const unsigned char *IV, const unsigned char *key, 
               int keylen, int num_rounds, symmetric_OFB *ofb);
 int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_OFB *ofb);
@@ -677,7 +677,7 @@ int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb);
 int ofb_done(symmetric_OFB *ofb);
 #endif
 
-#ifdef CBC
+#ifdef LTC_CBC_MODE
 int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
                int keylen, int num_rounds, symmetric_CBC *cbc);
 int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc);
@@ -687,7 +687,7 @@ int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc);
 int cbc_done(symmetric_CBC *cbc);
 #endif
 
-#ifdef CTR
+#ifdef LTC_CTR_MODE
 
 #define CTR_COUNTER_LITTLE_ENDIAN    0
 #define CTR_COUNTER_BIG_ENDIAN       1
@@ -704,7 +704,7 @@ int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr);
 int ctr_done(symmetric_CTR *ctr);
 #endif
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
 
 #define LRW_ENCRYPT 0
 #define LRW_DECRYPT 1
@@ -736,6 +736,7 @@ int f8_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, sy
 int f8_getiv(unsigned char *IV, unsigned long *len, symmetric_F8 *f8);
 int f8_setiv(const unsigned char *IV, unsigned long len, symmetric_F8 *f8);
 int f8_done(symmetric_F8 *f8);
+int f8_test_mode(void);
 #endif
 
 

src/headers/tomcrypt_custom.h

@@ -45,9 +45,9 @@
    #define CAST5
    
    #define LTC_NO_MODES
-   #define ECB
-   #define CBC
-   #define CTR
+   #define LTC_ECB_MODE
+   #define LTC_CBC_MODE
+   #define LTC_CTR_MODE
    
    #define LTC_NO_HASHES
    #define SHA1
@@ -55,7 +55,6 @@
    #define SHA384
    #define SHA256
    #define SHA224
-   #define WHIRLPOOL
    
    #define LTC_NO_MACS
    #define HMAC
@@ -72,8 +71,6 @@
    #define MRSA
    #define MECC
 #endif   
-   
-
 
 /* Use small code where possible */
 /* #define LTC_SMALL_CODE */
@@ -134,17 +131,17 @@
 /* ---> Block Cipher Modes of Operation <--- */
 #ifndef LTC_NO_MODES
 
-#define CFB
-#define OFB
-#define ECB
-#define CBC
-#define CTR
+#define LTC_CFB_MODE
+#define LTC_OFB_MODE
+#define LTC_ECB_MODE
+#define LTC_CBC_MODE
+#define LTC_CTR_MODE
 
 /* F8 chaining mode */
 #define LTC_F8_MODE
 
 /* LRW mode */
-#define LRW_MODE
+#define LTC_LRW_MODE
 #ifndef LTC_NO_TABLES
    /* like GCM mode this will enable 16 8x128 tables [64KB] that make
     * seeking very fast.  
@@ -188,7 +185,7 @@
 /* ---> Encrypt + Authenticate Modes <--- */
 
 #define EAX_MODE
-#if defined(EAX_MODE) && !(defined(CTR) && defined(OMAC))
+#if defined(EAX_MODE) && !(defined(LTC_CTR_MODE) && defined(OMAC))
    #error EAX_MODE requires CTR and OMAC mode
 #endif
 
@@ -201,6 +198,11 @@
    #define GCM_TABLES 
 #endif
 
+/* USE SSE2? requires GCC works on x86_32 and x86_64*/
+#ifdef GCM_TABLES
+/* #define GCM_TABLES_SSE2 */
+#endif
+
 #endif /* LTC_NO_MACS */
 
 /* Various tidbits of modern neatoness */
@@ -215,8 +217,8 @@
 /* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */
 #define YARROW_AES 0
 
-#if defined(YARROW) && !defined(CTR)
-   #error YARROW requires CTR chaining mode to be defined!
+#if defined(YARROW) && !defined(LTC_CTR_MODE)
+   #error YARROW requires LTC_CTR_MODE chaining mode to be defined!
 #endif
 
 /* a PRNG that simply reads from an available system source */

src/headers/tomcrypt_mac.h

@@ -98,7 +98,7 @@ void pmac_shift_xor(pmac_state *pmac);
 
 #ifdef EAX_MODE
 
-#if !(defined(OMAC) && defined(CTR))
+#if !(defined(OMAC) && defined(LTC_CTR_MODE))
    #error EAX_MODE requires OMAC and CTR
 #endif
 
@@ -248,9 +248,12 @@ typedef struct {
                        pttotlen;     /* 64-bit counter for the PT */
 
 #ifdef GCM_TABLES
-   unsigned char       PC[16][256][16];  /* 16 tables of 8x128 */
+   unsigned char       PC[16][256][16]  /* 16 tables of 8x128 */
+#ifdef GCM_TABLES_SSE2
+__attribute__ ((aligned (16)))
+#endif
+;
 #endif  
-
 } gcm_state;
 
 void gcm_mult_h(gcm_state *gcm, unsigned char *I);

src/mac/hmac/hmac_test.c

@@ -55,7 +55,7 @@ int hmac_test(void)
         3. Test Cases for HMAC-SHA-1
 
         test_case =     1
-        key =           0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
+        key =           0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
         key_len =       20
         data =          "Hi Ther     20
         digest =        0x4c1a03424b55e07fe7f27be1d58bb9324a9a5a04

src/misc/crypt/crypt.c

@@ -153,19 +153,19 @@ const char *crypt_build_settings =
 #endif
 
     "\nBlock Chaining Modes:\n"
-#if defined(CFB)
+#if defined(LTC_CFB_MODE)
     "   CFB\n"
 #endif
-#if defined(OFB)
+#if defined(LTC_OFB_MODE)
     "   OFB\n"
 #endif
-#if defined(ECB)
+#if defined(LTC_ECB_MODE)
     "   ECB\n"
 #endif
-#if defined(CBC)
+#if defined(LTC_CBC_MODE)
     "   CBC\n"
 #endif
-#if defined(CTR)
+#if defined(LTC_CTR_MODE)
     "   CTR\n"
 #endif
 #if defined(LRW_MODE)

src/modes/cbc/cbc_decrypt.c

@@ -16,7 +16,7 @@
 */
 
 
-#ifdef CBC
+#ifdef LTC_CBC_MODE
 
 /**
   CBC decrypt

src/modes/cbc/cbc_done.c

@@ -15,7 +15,7 @@
    CBC implementation, finish chain, Tom St Denis
 */
 
-#ifdef CBC
+#ifdef LTC_CBC_MODE
 
 /** Terminate the chain
   @param cbc    The CBC chain to terminate

src/modes/cbc/cbc_encrypt.c

@@ -16,7 +16,7 @@
 */
 
 
-#ifdef CBC
+#ifdef LTC_CBC_MODE
 
 /**
   CBC encrypt

src/modes/cbc/cbc_getiv.c

@@ -15,7 +15,7 @@
    CBC implementation, get IV, Tom St Denis
 */
 
-#ifdef CBC
+#ifdef LTC_CBC_MODE
 
 /**
    Get the current initial vector

src/modes/cbc/cbc_setiv.c

@@ -16,7 +16,7 @@
 */
 
 
-#ifdef CBC
+#ifdef LTC_CBC_MODE
 
 /**
    Set an initial vector

src/modes/cbc/cbc_start.c

@@ -15,7 +15,7 @@
    CBC implementation, start chain, Tom St Denis
 */
 
-#ifdef CBC
+#ifdef LTC_CBC_MODE
 
 /**
    Initialize a CBC context

src/modes/cfb/cfb_decrypt.c

@@ -15,7 +15,7 @@
   CFB implementation, decrypt data, Tom St Denis
 */
 
-#ifdef CFB
+#ifdef LTC_CFB_MODE
 
 /**
    CFB decrypt

src/modes/cfb/cfb_done.c

@@ -15,7 +15,7 @@
    CFB implementation, finish chain, Tom St Denis
 */
 
-#ifdef CFB
+#ifdef LTC_CFB_MODE
 
 /** Terminate the chain
   @param cfb    The CFB chain to terminate

src/modes/cfb/cfb_encrypt.c

@@ -15,7 +15,7 @@
   CFB implementation, encrypt data, Tom St Denis
 */
 
-#ifdef CFB
+#ifdef LTC_CFB_MODE
 
 /**
   CFB encrypt

src/modes/cfb/cfb_getiv.c

@@ -15,7 +15,7 @@
    CFB implementation, get IV, Tom St Denis
 */
 
-#ifdef CFB
+#ifdef LTC_CFB_MODE
 
 /**
    Get the current initial vector

src/modes/cfb/cfb_setiv.c

@@ -14,7 +14,8 @@
   @file cfb_setiv.c
   CFB implementation, set IV, Tom St Denis
 */  
-#ifdef CFB
+
+#ifdef LTC_CFB_MODE
 
 /**
    Set an initial vector

src/modes/cfb/cfb_start.c

@@ -16,7 +16,7 @@
 */
 
 
-#ifdef CFB
+#ifdef LTC_CFB_MODE
 
 /**
    Initialize a CFB context

src/modes/ctr/ctr_decrypt.c

@@ -15,7 +15,7 @@
   CTR implementation, decrypt data, Tom St Denis
 */
 
-#ifdef CTR
+#ifdef LTC_CTR_MODE
 
 /**
    CTR decrypt

src/modes/ctr/ctr_done.c

@@ -15,7 +15,7 @@
    CTR implementation, finish chain, Tom St Denis
 */
 
-#ifdef CTR
+#ifdef LTC_CTR_MODE
 
 /** Terminate the chain
   @param ctr    The CTR chain to terminate

src/modes/ctr/ctr_encrypt.c

@@ -16,7 +16,7 @@
 */
 
 
-#ifdef CTR
+#ifdef LTC_CTR_MODE
 
 /**
   CTR encrypt

src/modes/ctr/ctr_getiv.c

@@ -15,7 +15,7 @@
    CTR implementation, get IV, Tom St Denis
 */
 
-#ifdef CTR
+#ifdef LTC_CTR_MODE
 
 /**
    Get the current initial vector

src/modes/ctr/ctr_setiv.c

@@ -15,7 +15,7 @@
   CTR implementation, set IV, Tom St Denis
 */
   
-#ifdef CTR
+#ifdef LTC_CTR_MODE
 
 /**
    Set an initial vector

src/modes/ctr/ctr_start.c

@@ -16,7 +16,7 @@
 */
 
 
-#ifdef CTR
+#ifdef LTC_CTR_MODE
 
 /**
    Initialize a CTR context

src/modes/ecb/ecb_decrypt.c

@@ -15,7 +15,7 @@
   ECB implementation, decrypt a block, Tom St Denis
 */
 
-#ifdef ECB
+#ifdef LTC_ECB_MODE
 
 /**
   ECB decrypt

src/modes/ecb/ecb_done.c

@@ -15,7 +15,7 @@
    ECB implementation, finish chain, Tom St Denis
 */
 
-#ifdef ECB
+#ifdef LTC_ECB_MODE
 
 /** Terminate the chain
   @param ecb    The ECB chain to terminate

src/modes/ecb/ecb_encrypt.c

@@ -15,7 +15,7 @@
   ECB implementation, encrypt a block, Tom St Denis
 */
 
-#ifdef ECB
+#ifdef LTC_ECB_MODE
 
 /**
   ECB encrypt

src/modes/ecb/ecb_start.c

@@ -16,7 +16,7 @@
 */
 
 
-#ifdef ECB
+#ifdef LTC_ECB_MODE
 
 /**
    Initialize a ECB context

src/modes/f8/f8_start.c

@@ -54,6 +54,7 @@ int f8_start(                int  cipher, const unsigned char *IV,
    f8->padlen   = f8->blocklen;
    
    /* now get key ^ salt_key [extend salt_ket with 0x55 as required to match length] */
+   zeromem(tkey, sizeof(tkey));
    for (x = 0; x < keylen && x < (int)sizeof(tkey); x++) {
        tkey[x] = key[x];
    }

src/modes/lrw/lrw_decrypt.c

@@ -15,7 +15,7 @@
    LRW_MODE implementation, Decrypt blocks, Tom St Denis
 */
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
 
 /**
   LRW decrypt blocks

src/modes/lrw/lrw_done.c

@@ -15,7 +15,7 @@
    LRW_MODE implementation, Free resources, Tom St Denis
 */
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
 
 /**
   Terminate a LRW state

src/modes/lrw/lrw_encrypt.c

@@ -15,7 +15,7 @@
    LRW_MODE implementation, Encrypt blocks, Tom St Denis
 */
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
  
 /**
   LRW encrypt blocks

src/modes/lrw/lrw_getiv.c

@@ -15,7 +15,7 @@
    LRW_MODE implementation, Retrieve the current IV, Tom St Denis
 */
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
 
 /**
   Get the IV for LRW

src/modes/lrw/lrw_process.c

@@ -15,7 +15,7 @@
    LRW_MODE implementation, Encrypt/decrypt blocks, Tom St Denis
 */
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
 
 /**
   Process blocks with LRW, since decrypt/encrypt are largely the same they share this code.

src/modes/lrw/lrw_setiv.c

@@ -15,7 +15,7 @@
    LRW_MODE implementation, Set the current IV, Tom St Denis
 */
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
 
 /**
   Set the IV for LRW

src/modes/lrw/lrw_start.c

@@ -15,7 +15,7 @@
    LRW_MODE implementation, start mode, Tom St Denis
 */
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
 
 /**
   Initialize the LRW context

src/modes/lrw/lrw_test.c

@@ -15,7 +15,7 @@
    LRW_MODE implementation, test LRW, Tom St Denis
 */
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
 
 /**
   Test LRW against specs

src/modes/ofb/ofb_decrypt.c

@@ -15,7 +15,7 @@
   OFB implementation, decrypt data, Tom St Denis
 */
 
-#ifdef OFB
+#ifdef LTC_OFB_MODE
 
 /**
    OFB decrypt

src/modes/ofb/ofb_done.c

@@ -15,7 +15,7 @@
    OFB implementation, finish chain, Tom St Denis
 */
 
-#ifdef OFB
+#ifdef LTC_OFB_MODE
 
 /** Terminate the chain
   @param ofb    The OFB chain to terminate

src/modes/ofb/ofb_encrypt.c

@@ -15,7 +15,7 @@
   OFB implementation, encrypt data, Tom St Denis
 */
 
-#ifdef OFB
+#ifdef LTC_OFB_MODE
 
 /**
   OFB encrypt

src/modes/ofb/ofb_getiv.c

@@ -15,7 +15,7 @@
    OFB implementation, get IV, Tom St Denis
 */
 
-#ifdef OFB
+#ifdef LTC_OFB_MODE
 
 /**
    Get the current initial vector

src/modes/ofb/ofb_setiv.c

@@ -15,7 +15,7 @@
    OFB implementation, set IV, Tom St Denis
 */
 
-#ifdef OFB
+#ifdef LTC_OFB_MODE
 
 /**
    Set an initial vector

src/modes/ofb/ofb_start.c

@@ -16,7 +16,7 @@
 */
 
 
-#ifdef OFB
+#ifdef LTC_OFB_MODE
 
 /**
    Initialize a OFB context

src/pk/asn1/der/sequence/der_decode_sequence_ex.c

@@ -218,6 +218,12 @@ int der_decode_sequence_ex(const unsigned char *in, unsigned long  inlen,
            
            case LTC_ASN1_SETOF:
            case LTC_ASN1_SEQUENCE:
+               /* detect if we have the right type */
+               if ((type == LTC_ASN1_SETOF && (in[x] & 0x3F) != 0x31) || (type == LTC_ASN1_SEQUENCE && (in[x] & 0x3F) != 0x30)) {
+                  err = CRYPT_INVALID_PACKET;
+                  goto LBL_ERR;
+               }
+
                z = inlen;
                if ((err = der_decode_sequence(in + x, z, data, size)) != CRYPT_OK) {
                   if (!ordered) { continue; }

testprof/modes_test.c

@@ -5,16 +5,16 @@ int modes_test(void)
 {
    unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16];
    int cipher_idx;
-#ifdef CBC
+#ifdef LTC_CBC_MODE
    symmetric_CBC cbc;
 #endif
-#ifdef CFB
+#ifdef LTC_CFB_MODE
    symmetric_CFB cfb;
 #endif
-#ifdef OFB
+#ifdef LTC_OFB_MODE
    symmetric_OFB ofb;
 #endif
-#ifdef CTR
+#ifdef LTC_CTR_MODE
    symmetric_CTR ctr;
 #endif
    unsigned long l;
@@ -35,11 +35,11 @@ int modes_test(void)
    DO(f8_test_mode());
 #endif   
    
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
    DO(lrw_test());
 #endif
 
-#ifdef CBC
+#ifdef LTC_CBC_MODE
    /* test CBC mode */
    /* encode the block */
    DO(cbc_start(cipher_idx, iv, key, 16, 0, &cbc));
@@ -61,7 +61,7 @@ int modes_test(void)
    }
 #endif
 
-#ifdef CFB   
+#ifdef LTC_CFB_MODE
    /* test CFB mode */
    /* encode the block */
    DO(cfb_start(cipher_idx, iv, key, 16, 0, &cfb));
@@ -84,7 +84,7 @@ int modes_test(void)
    }
 #endif
    
-#ifdef OFB
+#ifdef LTC_OFB_MODE
    /* test OFB mode */
    /* encode the block */
    DO(ofb_start(cipher_idx, iv, key, 16, 0, &ofb));
@@ -106,7 +106,7 @@ int modes_test(void)
    }
 #endif
 
-#ifdef CTR   
+#ifdef LTC_CTR_MODE   
    /* test CTR mode */
    /* encode the block */
    DO(ctr_start(cipher_idx, iv, key, 16, 0, CTR_COUNTER_LITTLE_ENDIAN, &ctr));

testprof/tomcrypt_test.h

@@ -18,7 +18,12 @@ typedef struct {
 extern prng_state yarrow_prng;
 
 void run_cmd(int res, int line, char *file, char *cmd);
-#define DO(x) { run_cmd((x), __LINE__, __FILE__, #x); }
+
+#ifdef LTC_VERBOSE
+#define DO(x) do { fprintf(stderr, "%s:\n", #x); run_cmd((x), __LINE__, __FILE__, #x); } while (0);
+#else
+#define DO(x) do { run_cmd((x), __LINE__, __FILE__, #x); } while (0);
+#endif
 
 /* TESTS */
 int cipher_hash_test(void);

testprof/x86_prof.c

@@ -347,7 +347,7 @@ int time_cipher(void)
    return 0;
 }
 
-#ifdef CBC 
+#ifdef LTC_CBC_MODE 
 int time_cipher2(void)
 {
   unsigned long x, y1;
@@ -422,7 +422,7 @@ int time_cipher2(void)
 int time_cipher2(void) { fprintf(stderr, "NO CBC\n"); return 0; }
 #endif
 
-#ifdef CTR
+#ifdef LTC_CTR_MODE
 int time_cipher3(void)
 {
   unsigned long x, y1;
@@ -497,7 +497,7 @@ int time_cipher3(void)
 int time_cipher3(void) { fprintf(stderr, "NO CTR\n"); return 0; }
 #endif
 
-#ifdef LRW_MODE
+#ifdef LTC_LRW_MODE
 int time_cipher4(void)
 {
   unsigned long x, y1;
@@ -1157,7 +1157,11 @@ void time_encmacs_(unsigned long MAC_SIZE)
    fprintf(stderr, "GCM (no-precomp)\t%9llu\n", t2/(ulong64)(MAC_SIZE*1024));
 
    {
-   gcm_state gcm;
+   gcm_state gcm
+#ifdef GCM_TABLES_SSE2
+__attribute__ ((aligned (16)))
+#endif
+;
 
    if ((err = gcm_init(&gcm, cipher_idx, key, 16)) != CRYPT_OK) { fprintf(stderr, "gcm_init: %s\n", error_to_string(err)); exit(EXIT_FAILURE); }
    t2 = -1;