added libtomcrypt-1.01

LICENSE

@@ -1,9 +1,5 @@
 LibTomCrypt is public domain.  As should all quality software be.
 
-All of the software was either written by or donated to Tom St Denis for the purposes
-of this project.  The only exception is the SAFER.C source which has no known
-license status (assumed copyrighted) which is why SAFER.C is shipped as disabled.
-
 Tom St Denis
 
 

TODO

@@ -0,0 +1 @@
+

changes

@@ -1,3 +1,72 @@
+April 17th, 2005
+v1.01
+       ** Secure Science Corporation has supported this release cycle by sponsoring the development time taken.  Their 
+          continuing support of this project has helped me maintain a steady pace in order to keep LibTomCrypt up to date,
+          stable and more efficient.
+       -----------------------------------------------------------------------------------------------------
+       -- Updated base64_decode.c so if there are more than 3 '=' signs it would stop parsing
+       -- Merged in latest mpi that fixed a few bugs here and there
+       -- Updated OAEP encoder/decoder to catch when the hash output is too large
+          Cleaned up PSS code too
+       -- Andy Bontoft fixed a bug in my demos/tests/makefile.msvc ... seems "dsa_test.c" isn't an object
+          afterall.  Thanks.
+       -- Made invalid ECC key sizes (configuration) not hard fault the program (it returns an error code now)
+       -- SAFER has been re-enabled after I was pointed to http://www.ciphersbyritter.com/NEWS2/95032301.HTM
+          [Mark Kotiaho]
+       -- Added CCM mode to the encauth list (now has EAX, OCB and CCM, c'est un treo magnifique!)
+       -- Added missing ASN.1 header to the RSA keys ... oops... now the rsa_export/import are FULLY compatible
+          with other libs like OpenSSL (comment:  Test vectors would go a long way RSA...)
+       -- Manually merged in fix to the prime_random_ex() LTM function that ensures the 2nd MSB is set properly.  Now
+          When you say "I want a 1024/8 byte RSA key" the MSB bit of the modulus is set as expected.  Note I generally 
+          don't view this as a "huge issue" but it's just one less nit to worry about. [Bryan Klisch]
+       -- A new CVS has been setup on my Athlon64 box... if you want developer access send me an email (and at this point the email would have to be awesome).
+       -- Updated API for ECB and CBC shell code.  Now can process N whole blocks in one call (like $DEITY intended)
+       -- Introduced a new "hardware accel" framework that can be used to speed up cipher ECB, CBC and CTR mode
+          calls.  Later on dependent code (e.g. OMAC, CCM) will be re-written to use the generic cbc/ctr functions.  But now
+          if you [say] call ctr_encrypt() with a cipher descriptor that has hardware CTR it will automatically
+          be used (e.g. no code rewrites)
+       -- Now ships with 20% more love.
+       -- x86_prof now uses ECB shell code (hint: accelerators) and outputs cycles per BLOCK not byte.  This will make it a bit 
+          easier to compare hardware vs. software cipher implementations.  It also emits timings for CBC and CTR modes
+       -- [Peter LaDow] fixed a typo w.r.t. XREALLOC macro (spelling counts kids!)
+       -- Fixed bug with __x86_64__ where ROL64/ROR64 with LTC_NO_ROLC would be the 32-bit versions instead...
+       -- Shipping with preliminary GCM code (disabled).  It's buggy (stack overflow hidden somewhere).  If anyone can spot it let me know.
+       -- Added Pelican MAC [it's an AES based fast MAC] to the list of supported MACs
+       -- Added LTC_FAST [and you can disable by defining LTC_NO_FAST] so that CBC and CTR mode XOR whole words [e.g. 32 or 64 bits] at a time
+          instead of one byte.  On my AMD64 this reduced the overhead for AES-128-CBC from 4.56 cycles/byte to around 1 cycle/byte.  This requires
+          that you either allow unaligned read/writes [e.g. x86_32/x86_64] or align all your data.  It won't go out of it's way to ensure 
+          aligned access.  Only enabled for x86_* platforms by default since they allow unaligned read/writes.
+       -- Added LTC_FAST support to PMAC (drops the cycle/byte by about 9 cycles on my AMD64) [note: I later rewrote this prior to release]
+       -- Updated "profiled" target to work with the new directory layout
+       -- Added [demo only] optimized RC5-CTR code to x86_prof demo to show off how to make an accelerator
+          [This has been removed prior to release... It may re-appear later]
+       -- Added CCM acelerator callbacks to the list [now supports ECB, CTR, CBC and now CCM].
+       -- Added chapter to manual about accelerators (you know you want it)
+       -- Added "bswap" optimizations to x86 LOAD/STORE with big endian.  Can be disabled by defining LTC_NO_BSWAP
+       -- LTC_NO_ASM is now the official "disable all non-portable stuff" macro.  When defined it will make the code endian-neutral,
+          disable any form of ASM and disable LTC_FAST load/stores.  Essentially build the library with this defined if you're having
+          trouble building the library (old GCCs for instance dislike the ROLc macro)
+       -- Added tomcrypt_mac.h and moved MAC/encMAC functions from tomcrypt_hash.h into it
+       -- Added "done" function to ciphers and the five chaining modes [and things like omac/pmac/etc]
+       -- Changed install group to "wheel" from "root".
+       -- Replaced // comments with /**/ so it will build on older UNIX-like platforms
+       -- x86_prof builds and runs with IntelCC fine now 
+       -- Added "stest" build to intel CC to test static linked from within the dir (so you don't have to install to test)
+       -- Moved testing/benchmark into testprof directory and build it as part of the build.  Now you can link against libtomcrypt_prof.a to get 
+          testing info (hint: hardware developers ;-) )
+		 -- Added CCM to tv_gen 
+       -- Added demos to MSVC makefile
+       -- Removed -funroll-all-loops from GCC makefile and replaced with -funroll-loops which is a bit more sane (P4 ain't got much cache for the IDATA)
+       -- Fixed GCM prior to release and re-enabled it.  It has not been optimized but it does conform when compiled with optimizations.
+       -- I've since optimized GCM and CCM.  They're close in speed but GCM is more flexible imho (though EAX is more flexible than both)
+       -- For kicks I optimized the ECC code to use projective points.  Gets between 3.21x (Prescott P4) to 4.53x (AMD64) times faster than before at 160-bit keys and the
+          speedup grows as the keysize grows.  Basically removing most practical reasons to "not use the ECC code".  Enjoy.
+       -- Added LTC_FAST support to OMAC/PMAC and doubled it's speed on my amd64 [faster on the P4 too I guess]
+       -- Added GCM to tv_gen
+       -- Removed "makefile.cygwin_dll" as it's not really used by anyone and not worth the effort (hell I hardly maintain the MSVC makefiles ...)
+       -- Updated a few files in the "misc" directory to have correct @file comments for doxygen
+       -- Removed "profile" target since it was slower anyways (go figure...)
+
 December 31st, 2004
 v1.00  
        -- Added "r,s == 0" check to dsa_verify_hash()

crypt.tex

@@ -47,10 +47,10 @@
 \def\gap{\vspace{0.5ex}}
 \makeindex
 \begin{document}
-\title{LibTomCrypt \\ Version 1.00}
+\title{LibTomCrypt \\ Version 1.01}
 \author{Tom St Denis \\
 \\
-tomstdenis@iahu.ca \\
+tomstdenis@gmail.com \\
 http://libtomcrypt.org
 }
 \maketitle
@@ -154,14 +154,12 @@ under a public domain license:
 
 \begin{enumerate}
    \item rc2.c
-   \item safer.c
 \end{enumerate}
 
 `mpi.c'' was originally written by Michael Fromberger ([email protected]) but has since been replaced with 
 my LibTomMath library which is public domain.
 
-``rc2.c'' is based on publicly available code that is not attributed to a person from the given source.  ``safer.c''
-was written by Richard De Moliner ([email protected]) and seems to be free for use.
+``rc2.c'' is based on publicly available code that is not attributed to a person from the given source.  
 
 The project is hereby released as public domain.
 
@@ -246,8 +244,7 @@ The header file ``tomcrypt.h'' also includes ``stdio.h'', ``string.h'', ``stdlib
 There are a few helper macros to make the coding process a bit easier.  The first set are related to loading and storing
 32/64-bit words in little/big endian format.  The macros are:
 
-\index{STORE32L} \index{STORE64L} \index{LOAD32L} \index{LOAD64L}
-\index{STORE32H} \index{STORE64H} \index{LOAD32H} \index{LOAD64H} \index{BSWAP}
+\index{STORE32L} \index{STORE64L} \index{LOAD32L} \index{LOAD64L} \index{STORE32H} \index{STORE64H} \index{LOAD32H} \index{LOAD64H} \index{BSWAP}
 \begin{small}
 \begin{center}
 \begin{tabular}{|c|c|c|}
@@ -259,14 +256,14 @@ There are a few helper macros to make the coding process a bit easier.  The firs
      \hline STORE64H(x, y) & {\bf unsigned long long} x, {\bf unsigned char} *y & $x \to y[7 \ldots 0]$ \\
      \hline LOAD32H(x, y) & {\bf unsigned long} x, {\bf unsigned char} *y & $y[3 \ldots 0] \to x$ \\
      \hline LOAD64H(x, y) & {\bf unsigned long long} x, {\bf unsigned char} *y & $y[7 \ldots 0] \to x$ \\
-     \hline BSWAP(x) & {\bf unsigned long} x & Swaps the byte order of x. \\
+     \hline BSWAP(x) & {\bf unsigned long} x & Swaps byte order (32--bits only) \\
      \hline
 \end{tabular}
 \end{center}
 \end{small}
 
 There are 32 and 64-bit cyclic rotations as well:
-\index{ROL} \index{ROR}
+\index{ROL} \index{ROR} \index{ROL64} \index{ROR64} \index{ROLc} \index{RORc} \index{ROL64c} \index{ROR64c} 
 \begin{center}
 \begin{tabular}{|c|c|c|}
      \hline ROL(x, y) & {\bf unsigned long} x, {\bf unsigned long} y & $x << y, 0 \le y \le 31$ \\
@@ -295,7 +292,7 @@ int main(void) {
     unsigned long x;
     int err;
 
-    /* ... Make up the RSA key somehow */
+    /* ... Make up the RSA key somehow ... */
 
     /* lets export the key, set x to the size of the output buffer */
     x = sizeof(buffer);
@@ -343,6 +340,7 @@ should never use the ECB modes directly to encrypt data.  Instead you should use
 or use one of the provided chaining modes.  All of the ciphers are written as ECB interfaces since it allows the rest of
 the API to grow in a modular fashion.
 
+\subsection{Key Scheduling}
 All ciphers store their scheduled keys in a single data type called ``symmetric\_key''.  This allows all ciphers to 
 have the same prototype and store their keys as naturally as possible.  This also removes the need for dynamic memory
 allocation and allows you to allocate a fixed sized buffer for storing scheduled keys.  All ciphers provide five visible 
@@ -361,6 +359,7 @@ that you should only used this scheduled key with the intended cipher.  For exam
 pass the scheduled key onto ``rc5\_ecb\_encrypt()''.  All setup functions do not allocate memory off the heap so when you are 
 done with a key you can simply discard it (e.g. they can be on the stack).
 
+\subsection{ECB Encryption and Decryption}
 To encrypt or decrypt a block in ECB mode there are these two function classes
 \index{Cipher Encrypt} \index{Cipher Decrypt}
 \begin{verbatim}
@@ -376,12 +375,16 @@ the same buffer.  For the encrypt function ``pt''\footnote{pt stands for plainte
 ``ct''\footnote{ct stands for ciphertext.} is the output.  For the decryption function it's the opposite.  To test a particular 
 cipher against test vectors\footnote{As published in their design papers.} call the self-test function
  
+\subsection{Self--Testing}
 \index{Cipher Testing}
 \begin{verbatim}
 int XXX_test(void);
 \end{verbatim}
 This function will return {\bf CRYPT\_OK} if the cipher matches the test vectors from the design publication it is 
-based upon.  Finally for each cipher there is a function which will help find a desired key size:
+based upon.  
+
+\subsection{Key Sizing}
+For each cipher there is a function which will help find a desired key size:
 \begin{verbatim}
 int XXX_keysize(int *keysize);
 \end{verbatim}
@@ -407,6 +410,15 @@ int main(void)
 \end{small}
 This should indicate a keysize of sixteen bytes is suggested.  
 
+\subsection{Cipher Termination}
+When you are finished with a cipher you can de--initialize it with the done function.
+\begin{verbatim}
+void XXX_done(symmetric_key *skey);
+\end{verbatim}
+For the software based ciphers within LibTomCrypt this function will not do anything.  However, user supplied
+cipher descriptors may require calls to it for resource management.  To be compliant all functions which call a cipher
+setup function must also call the respective cipher done function when finished.
+
 \subsection{Simple Encryption Demonstration}
 An example snippet that encodes a block with Blowfish in ECB mode is below.
 
@@ -445,6 +457,10 @@ int main(void)
                         &skey);         /* our previously scheduled key */
 
    /* now we have decrypted ct to the original plaintext in pt */                        
+
+   /* Terminate the cipher context */
+   blowfish_done(&skey);
+
    return 0;
 }
 \end{verbatim}
@@ -470,6 +486,7 @@ size.
 To facilitate automatic routines an array of cipher descriptors is provided in the array ``cipher\_descriptor''.  An element
 of this array has the following format:
 
+\begin{small}
 \begin{verbatim}
 struct _cipher_descriptor {
    char *name;
@@ -478,16 +495,43 @@ struct _cipher_descriptor {
         max_key_length, 
         block_length, 
         default_rounds;
-   int  (*setup)(const unsigned char *key, int keylen, int num_rounds, 
-                 symmetric_key *skey);
-   void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, 
-                 symmetric_key *skey);
-   void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, 
-                 symmetric_key *skey);
+   int  (*setup)(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
+   void (*ecb_encrypt)(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+   void (*ecb_decrypt)(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
    int (*test)(void);
+   void (*done)(symmetric_key *skey);      
    int  (*keysize)(int *keysize);
+
+   void (*accel_ecb_encrypt)(const unsigned char *pt, 
+                                   unsigned char *ct, 
+                                   unsigned long blocks, symmetric_key *skey);
+   void (*accel_ecb_decrypt)(const unsigned char *ct, 
+                                   unsigned char *pt, 
+                                   unsigned long blocks, symmetric_key *skey);
+   void (*accel_cbc_encrypt)(const unsigned char *pt, 
+                                   unsigned char *ct, 
+                                   unsigned long blocks, unsigned char *IV, 
+                                   symmetric_key *skey);
+   void (*accel_cbc_decrypt)(const unsigned char *ct, 
+                                   unsigned char *pt, 
+                                   unsigned long blocks, unsigned char *IV, 
+                                   symmetric_key *skey);
+   void (*accel_ctr_encrypt)(const unsigned char *pt, 
+                                   unsigned char *ct, 
+                                   unsigned long blocks, unsigned char *IV, 
+                                   int mode, symmetric_key *skey);
+   void (*accel_ccm_memory)(
+       const unsigned char *key,    unsigned long keylen,
+       const unsigned char *nonce,  unsigned long noncelen,
+       const unsigned char *header, unsigned long headerlen,
+             unsigned char *pt,     unsigned long ptlen,
+             unsigned char *ct,
+             unsigned char *tag,    unsigned long *taglen,
+                       int  direction);
+
 };
 \end{verbatim}
+\end{small}
 
 Where ``name'' is the lower case ASCII version of the name.  The fields ``min\_key\_length'' and ``max\_key\_length'' 
 are the minimum and maximum key sizes in bytes.  The ``block\_length'' member is the block size of the cipher
@@ -722,7 +766,7 @@ block of memory with either of the three modes.
 The ECB and CBC modes process blocks of the same size as the cipher at a time.  Therefore they are less flexible than the
 other modes.
 
-\subsection{Implementation}
+\subsection{Initialization}
 \index{CBC Mode} \index{CTR Mode}
 \index{OFB Mode} \index{CFB Mode}
 The library provides simple support routines for handling CBC, CTR, CFB, OFB and ECB encoded messages.  Assuming the mode 
@@ -745,30 +789,32 @@ of the cipher you choose.  It is important that the IV  be random for each uniqu
 parameters ``key'', ``keylen'' and ``num\_rounds'' are the same as in the XXX\_setup() function call.  The final parameter 
 is a pointer to the structure you want to hold the information for the mode of operation.
 
-Both routines return {\bf CRYPT\_OK} if the cipher initialized correctly, otherwise they return an error code.  To 
-actually encrypt or decrypt the following routines are provided:
+Both routines return {\bf CRYPT\_OK} if the cipher initialized correctly, otherwise they return an error code.  
+
+\subsection{Encryption and Decryption}
+To actually encrypt or decrypt the following routines are provided:
 \index{ecb\_encrypt()} \index{ecb\_decrypt()} \index{cfb\_encrypt()} \index{cfb\_decrypt()} 
 \index{cbc\_encrypt()} \index{cbc\_decrypt()} \index{ofb\_encrypt()} \index{ofb\_decrypt()} \index{ctr\_encrypt()} \index{ctr\_decrypt()}
 \begin{verbatim}
 int XXX_encrypt(const unsigned char *pt, unsigned char *ct, 
-                symmetric_XXX *XXX);
-int XXX_decrypt(const unsigned char *ct, unsigned char *pt,
-                symmetric_XXX *XXX);
-
-int YYY_encrypt(const unsigned char *pt, unsigned char *ct, 
                 unsigned long len, symmetric_YYY *YYY);
-int YYY_decrypt(const unsigned char *ct, unsigned char *pt, 
+int XXX_decrypt(const unsigned char *ct, unsigned char *pt, 
                 unsigned long len, symmetric_YYY *YYY);
 \end{verbatim}
-Where ``XXX'' is one of (ecb, cbc) and ``YYY'' is one of (ctr, ofb, cfb).  In the CTR, OFB and CFB cases ``len'' is the
-size of the buffer (as number of chars) to encrypt or decrypt.  The CTR, OFB and CFB modes are order sensitive but not
+Where ``XXX'' is one of $\lbrace ecb, cbc, ctr, cfb, ofb \rbrace$.  
+
+In all cases ``len'' is the size of the buffer (as number of octets) to encrypt or decrypt.  The CTR, OFB and CFB modes are order sensitive but not
 chunk sensitive.  That is you can encrypt ``ABCDEF'' in three calls like ``AB'', ``CD'', ``EF'' or two like ``ABCDE'' and ``F''
 and end up with the same ciphertext.  However, encrypting ``ABC'' and ``DABC'' will result in different ciphertexts.  All
 five of the modes will return {\bf CRYPT\_OK} on success from the encrypt or decrypt functions.
 
+In the ECB and CBC cases ``len'' must be a multiple of the ciphers block size.  In the CBC case you must manually pad the end of your message (either with
+zeroes or with whatever your protocol requires).
+
 To decrypt in either mode you simply perform the setup like before (recall you have to fetch the IV value you used)
 and use the decrypt routine on all of the blocks.
 
+\subsection{IV Manipulation}
 To change or read the IV of a previously initialized chaining mode use the following two functions.
 
 \index{cbc\_setiv()} \index{cbc\_getiv()} \index{ofb\_setiv()} \index{ofb\_getiv()} \index{cfb\_setiv()} \index{cfb\_getiv()}
@@ -778,11 +824,23 @@ int XXX_getiv(unsigned char *IV, unsigned long *len, symmetric_XXX *XXX);
 int XXX_setiv(const unsigned char *IV, unsigned long len, symmetric_XXX *XXX);
 \end{verbatim}
 
-The XXX\_getiv function will read the IV out of the chaining mode and store it into ``IV'' along with the length of the IV 
+The XXX\_getiv() functions will read the IV out of the chaining mode and store it into ``IV'' along with the length of the IV 
 stored in ``len''.  The XXX\_setiv will initialize the chaining mode state as if the original IV were the new IV specified.  The length
 of the IV passed in must be the size of the ciphers block size.
 
-The XXX\_setiv functions are handy if you wish to change the IV without re--keying the cipher.  
+The XXX\_setiv() functions are handy if you wish to change the IV without re--keying the cipher.  
+
+\subsection{Stream Termination}
+To terminate an open stream call the done function.
+
+\index{ecb\_done()} \index{cbc\_done()}\index{cfb\_done()}\index{ofb\_done()} \index{ctr\_done()}
+\begin{verbatim}
+int XXX_done(symmetric_XXX *XXX);
+\end{verbatim}
+
+This will terminate the stream (by terminating the cipher) and return \textbf{CRYPT\_OK} if successful.
+
+\subsection{Examples}
 
 \newpage
 \begin{small}
@@ -845,6 +903,12 @@ int main(void)
       return -1;
    }
 
+   /* terminate the stream */
+   if ((err = ctr_done(&ctr)) != CRYPT_OK) {
+      printf("ctr_done error: %s\n", error_to_string(err));
+      return -1;
+   }
+
    /* clear up and return */
    zeromem(key, sizeof(key));
    zeromem(&ctr, sizeof(ctr));
@@ -1050,6 +1114,8 @@ They assume that ``pt'' and ``ct'' are the same size as the block cipher's block
 both functions given a single ``ocb'' state.  For bi-directional communication you will have to initialize two ``ocb''
 states (with different nonces).  Also ``pt'' and ``ct'' may point to the same location in memory.
 
+\subsubsection{State Termination}
+
 When you are finished encrypting the message you call the following function to compute the tag.
 
 \index{ocb\_done\_encrypt()}
@@ -1083,6 +1149,7 @@ tag of the message (internally) and then compare it against the ``taglen'' bytes
 ``res'' is set to zero.  If all ``taglen'' bytes of ``tag'' can be verified then ``res'' is set to one (authenticated
 message).
 
+\subsubsection{Packet Functions}
 To make life simpler the following two functions are provided for memory bound OCB.
 
 \index{ocb\_encrypt\_authenticate\_memory()}
@@ -1112,6 +1179,238 @@ int ocb_decrypt_verify_memory(int cipher,
 Similarly this will OCB decrypt and compare the internally computed tag against the tag provided. ``res'' is set 
 appropriately.
 
+\subsection{CCM Mode}
+CCM is a NIST proposal for Encrypt+Authenticate that is centered around using AES (or any 16--byte cipher) as a primitive.  Unlike EAX and OCB mode
+it is only meant for ``packet'' mode where the length of the input is known in advance.  Since it is a packet mode function CCM only has one 
+function that performs the protocol.
+
+\index{ccm\_memory()}
+\begin{verbatim}
+int ccm_memory(int cipher,
+    const unsigned char *key,    unsigned long keylen,
+    const unsigned char *nonce,  unsigned long noncelen,
+    const unsigned char *header, unsigned long headerlen,
+          unsigned char *pt,     unsigned long ptlen,
+          unsigned char *ct,
+          unsigned char *tag,    unsigned long *taglen,
+                    int  direction);
+\end{verbatim}
+
+This performs the ``CCM'' operation on the data.  The ``cipher'' variable indicates which cipher in the descriptor table to use.  It must have a 
+16--byte block size for CCM.  The key is ``key'' with a length of ``keylen'' octets.  The nonce or salt is ``nonce'' of
+length ``noncelen'' octets.  The header is meta--data you want to send with the message but not have encrypted, it is stored in ``header''
+of length ``headerlen'' octets.  The header can be zero octets long (if $headerlen = 0$ then you can pass ``header'' as \textbf{NULL}).  
+
+The plaintext is stored in ``pt'' and the ciphertext in ``ct''.  The length of both are expected to be equal and is passed in as ``ptlen''.  It is
+allowable that $pt = ct$.  The ``direction'' variable indicates whether encryption (direction $=$ \textbf{CCM\_ENCRYPT}) or 
+decryption (direction $=$ \textbf{CCM\_DECRYPT}) is to be performed.
+
+As implemented this copy of CCM cannot handle a header or plaintext longer than $2^{32} - 1$ octets long.  
+
+You can test the implementation of CCM with the following function.
+
+\index{ccm\_test()}
+\begin{verbatim}
+int ccm_test(void);
+\end{verbatim}
+
+This will return \textbf{CRYPT\_OK} if the CCM routine passes known test vectors.
+
+\subsection{GCM Mode}
+Galois counter mode is an IEEE proposal for authenticated encryption.  Like EAX and OCB it can be used in a streaming capacity however, unlike EAX it cannot
+accept ``additional authentication data'' (meta--data) after plaintext has been processed.  This mode also only works with block ciphers with a sixteen
+byte block.
+
+A GCM stream is meant to be processed in three modes each one sequential serial.  First the initial vector (per session) data is processed.  This should be 
+unique to every session.  Next the the optional additional authentication data is processed and finally the plaintext.  
+
+\subsubsection{Initialization}
+To initialize the GCM context with a secret key call the following function.
+
+\index{gcm\_init()}
+\begin{verbatim}
+int gcm_init(gcm_state *gcm, int cipher,
+             const unsigned char *key, int keylen);
+\end{verbatim}
+This initializes the GCM state ``gcm'' for the given cipher indexed by ``cipher'' with a secret key ``key'' of length ``keylen'' octets.  The cipher chosen
+must have a 16--byte block size (e.g. AES).  
+
+\subsubsection{Initial Vector}
+After the state has been initialized (or reset) the next step is to add the session (or packet) initial vector.  It should be unique per packet encrypted.
+
+\index{gcm\_add\_iv()}
+\begin{verbatim}
+int gcm_add_iv(gcm_state *gcm, 
+               const unsigned char *IV,     unsigned long IVlen);
+\end{verbatim}
+
+This adds the initial vector octets from ``IV'' of length ``IVlen'' to the GCM state ``gcm''.  You can call this function as many times as required
+to process the entire IV.  
+
+Note that the GCM protocols provides a ``shortcut'' for 12--byte IVs where no preprocessing is to be done.  If you want to minimize per packet latency it's ideal
+to only use 12--byte IVs.  You can just increment it like a counter for each packet and the CTR [privacy] will be ensured.
+
+\subsubsection{Additional Authentication Data}
+After the entire IV has been processed the additional authentication data can be processed.  Unlike the IV a packet/session does not require additional
+authentication data (AAD) for security.  The AAD is meant to be used as side--channel data you want to be authenticated with the packet.  Note that once
+you begin adding AAD to the GCM state you cannot return to adding IV data until the state is reset.
+
+\index{gcm\_add\_aad()}
+\begin{verbatim}
+int gcm_add_aad(gcm_state *gcm, 
+               const unsigned char *adata,     unsigned long adatalen);
+\end{verbatim}
+This adds the additional authentication data ``adata'' of length ``adatalen'' to the GCM state ``gcm''.
+
+\subsubsection{Plaintext Processing}
+After the AAD has been processed the plaintext (or ciphertext depending on the direction) can be processed.  
+
+\index{gcm\_process()}
+\begin{verbatim}
+int gcm_process(gcm_state *gcm,
+                     unsigned char *pt,     unsigned long ptlen,
+                     unsigned char *ct,
+                     int direction);
+\end{verbatim}
+This processes message data where ``pt'' is the plaintext and ``ct'' is the ciphertext.  The length of both are equal and stored in ``ptlen''.  Depending on the 
+mode ``pt'' is the input and ``ct'' is the output (or vice versa).  When ``direction'' equals \textbf{GCM\_ENCRYPT} the plaintext is read, encrypted and stored
+in the ciphertext buffer.  When ``direction'' equals \textbf{GCM\_DECRYPT} the opposite occurs.
+
+\subsubsection{State Termination}
+To terminate a GCM state and retrieve the message authentication tag call the following function.
+
+\index{gcm\_done()}
+\begin{verbatim}
+int gcm_done(gcm_state *gcm, 
+                     unsigned char *tag,    unsigned long *taglen);
+\end{verbatim}
+This terminates the GCM state ``gcm'' and stores the tag in ``tag'' of length ``taglen'' octets.
+
+\subsubsection{State Reset}
+The call to gcm\_init() will perform considerable pre--computation (when \textbf{GCM\_TABLES} is defined) and if you're going to be dealing with a lot of packets
+it is very costly to have to call it repeatedly.  To aid in this endeavour the reset function has been provided.
+
+\index{gcm\_reset()}
+\begin{verbatim}
+int gcm_reset(gcm_state *gcm);
+\end{verbatim}
+
+This will reset the GCM state ``gcm'' to the state that gcm\_init() left it.  The user would then call gcm\_add\_iv(), gcm\_add\_aad(), etc.
+
+\subsubsection{One--Shot Packet}
+To process a single packet under any given key the following helper function can be used.
+
+\index{gcm\_memory()}
+\begin{verbatim}
+int gcm_memory(      int           cipher,
+               const unsigned char *key,    unsigned long keylen,
+               const unsigned char *IV,     unsigned long IVlen,
+               const unsigned char *adata,  unsigned long adatalen,
+                     unsigned char *pt,     unsigned long ptlen,
+                     unsigned char *ct, 
+                     unsigned char *tag,    unsigned long *taglen,
+                               int direction);
+\end{verbatim}
+
+This will initialize the GCM state with the given key, IV and AAD value then proceed to encrypt or decrypt the message text and store the final
+message tag.  The definition of the variables is the same as it is for all the manual functions.
+
+If you are processing many packets under the same key you shouldn't use this function as it invokes the pre--computation with each call.
+
+\subsubsection{Example Usage}
+The following is an example usage of how to use GCM over multiple packets with a shared secret key.
+
+\begin{small}
+\begin{verbatim}
+#include <tomcrypt.h>
+
+int send_packet(const unsigned char *pt,  unsigned long ptlen,
+                const unsigned char *iv,  unsigned long ivlen,
+                const unsigned char *aad, unsigned long aadlen,
+                      gcm_state     *gcm)
+{
+   int           err;
+   unsigned long taglen;
+   unsigned char tag[16];
+
+   /* reset the state */
+   if ((err = gcm_reset(gcm)) != CRYPT_OK) {
+      return err;
+   }
+ 
+   /* Add the IV */
+   if ((err = gcm_add_iv(gcm, iv, ivlen)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* Add the AAD (note: aad can be NULL if aadlen == 0) */
+   if ((err = gcm_add_aad(gcm, aad, aadlen)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* process the plaintext */
+   if ((err = gcm_add_process(gcm, pt, ptlen, pt, GCM_ENCRYPT)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* Finish up and get the MAC tag */
+   taglen = sizeof(tag);
+   if ((err = gcm_done(gcm, tag, &taglen)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* depending on the protocol and how IV is generated you may have to send it too... */
+   send(socket, iv, ivlen, 0);
+
+   /* send the aad */
+   send(socket, aad, aadlen, 0);
+
+   /* send the ciphertext */
+   send(socket, pt, ptlen, 0);
+
+   /* send the tag */
+   send(socket, tag, taglen, 0);
+
+   return CRYPT_OK;
+}
+
+int main(void)
+{
+   gcm_state     gcm;
+   unsigned char key[16], IV[12], pt[PACKET_SIZE];
+   int           err, x;
+   unsigned long ptlen; 
+ 
+   /* somehow fill key/IV with random values */
+   
+   /* register AES */
+   register_cipher(&aes_desc);
+
+   /* init the GCM state */
+   if ((err = gcm_init(&gcm, find_cipher("aes"), key, 16)) != CRYPT_OK) {
+      whine_and_pout(err);
+   }
+
+   /* handle us some packets */
+   for (;;) {
+       ptlen = make_packet_we_want_to_send(pt);
+
+       /* use IV as counter (12 byte counter) */
+       for (x = 11; x >= 0; x--) {
+           if (++IV[x]) {
+              break;
+           }
+       }
+
+       if ((err = send_packet(pt, ptlen, iv, 12, NULL, 0, &gcm)) != CRYPT_OK) {
+           whine_and_pout(err);
+       }
+   }
+   return EXIT_SUCCESS;
+}
+\end{verbatim}
+\end{small}
+
 \chapter{One-Way Cryptographic Hash Functions}
 \section{Core Functions}
 
@@ -1709,11 +2008,81 @@ and the cipher specified by the ``cipher'''th entry in the cipher\_descriptor ta
 the same rules as omac\_done.
 
 To test if the PMAC code is working there is the following function:
+\index{pmac\_test()}
 \begin{verbatim}
 int pmac_test(void);
 \end{verbatim}
 Which returns {\bf CRYPT\_OK} if the code passes otherwise it returns an error code.
 
+\section{Pelican MAC}
+Pelican MAC is a new (experimental) MAC by the AES team that uses four rounds of AES as a ``mixing function''.  It achieves a very high 
+rate of processing and is potentially very secure.  It requires AES to be enabled to function.  You do not have to register\_cipher() AES first though
+as it calls AES directly.
+
+\index{pelican\_init()}
+\begin{verbatim}
+int pelican_init(pelican_state *pelmac, const unsigned char *key, unsigned long keylen);
+\end{verbatim}
+This will initialize the Pelican state with the given AES key.  Once this has been done you can begin processing data.
+
+\index{pelican\_process()}
+\begin{verbatim}
+int pelican_process(pelican_state *pelmac, const unsigned char *in, unsigned long inlen);
+\end{verbatim}
+This will process ``inlen'' bytes of ``in'' through the Pelican MAC.  It's best that you pass in multiples of 16 bytes as it makes the
+routine more efficient but you may pass in any length of text.  You can call this function as many times as required to process
+an entire message.
+
+\index{pelican\_done()}
+\begin{verbatim}
+int pelican_done(pelican_state *pelmac, unsigned char *out);
+\end{verbatim}
+This terminates a Pelican MAC and writes the 16--octet tag to ``out''.
+
+\subsection{Example}
+
+\begin{verbatim}
+#include <tomcrypt.h>
+int main(void)
+{
+   pelican_state pelstate;
+   unsigned char key[32], tag[16];
+   int           err;
+
+   /* somehow initialize a key */
+
+   /* initialize pelican mac */
+   if ((err = pelican_init(&pelstate,          /* the state */
+                           key,                /* user key */
+                           32                  /* key length in octets */
+                          )) != CRYPT_OK) {
+      printf("Error initializing Pelican: %s", error_to_string(err));
+      return EXIT_FAILURE;
+   }
+
+   /* MAC some data */
+   if ((err = pelican_process(&pelstate,       /* the state */
+                              "hello world",   /* data to mac */        
+                              11               /* length of data */
+                              )) != CRYPT_OK) {
+      printf("Error processing Pelican: %s", error_to_string(err));
+      return EXIT_FAILURE;
+   }
+
+   /* Terminate the MAC */
+   if ((err = pelican_done(&pelstate,       /* the state */
+                           tag              /* where to store the tag */
+                           )) != CRYPT_OK) {
+      printf("Error terminating Pelican: %s", error_to_string(err));
+      return EXIT_FAILURE;
+   }
+
+   /* tag[0..15] has the MAC output now */
+
+   return EXIT_SUCCESS;
+}
+\end{verbatim}
+
 
 \chapter{Pseudo-Random Number Generators}
 \section{Core Functions}
@@ -3359,16 +3728,6 @@ This will use libtool and gcc to build a shared library ``libtomcrypt.la'' as we
 and install them into /usr/lib (and the headers into /usr/include).  To link your application you should use the 
 libtool program in ``--mode=link''.
 
-You can also build LibTomCrypt as a shared library (DLL) in Windows with Cygwin.  Issue the following
-
-\begin{alltt}
-make -f makefile.cygwin_dll
-\end{alltt}
-This will build ``libtomcrypt.dll.a'' which is an import library for ``libtomcrypt.dll''.  You must copy 
-``libtomcrypt.dll.a'' to your library directory, ``libtomcrypt.dll' to somewhere in your PATH and the header
-files to your include directory.  So long as ``libtomcrypt.dll'' is in your system path you can run any LibTomCrypt
-program that uses it.
-
 \section{mycrypt\_cfg.h}
 The file ``mycrypt\_cfg.h'' is what lets you control various high level macros which control the behaviour 
 of the library. 
@@ -3391,36 +3750,36 @@ Currently LibTomCrypt will detect x86-32 and x86-64 running GCC as well as x86-3
 \section{The Configure Script}
 There are also options you can specify from the configure script or ``mycrypt\_custom.h''.  
 
-\subsubsection{X memory routines}
+\subsection{X memory routines}
 At the top of mycrypt\_custom.h are four macros denoted as XMALLOC, XCALLOC, XREALLOC and XFREE which resolve to 
 the name of the respective functions.  This lets you substitute in your own memory routines.  If you substitute in 
 your own functions they must behave like the standard C library functions in terms of what they expect as input and 
 output.  By default the library uses the standard C routines.
 
-\subsubsection{X clock routines}
+\subsection{X clock routines}
 The rng\_get\_bytes() function can call a function that requires the clock() function.  These macros let you override
 the default clock() used with a replacement.  By default the standard C library clock() function is used.
 
-\subsubsection{NO\_FILE}
+\subsection{NO\_FILE}
 During the build if NO\_FILE is defined then any function in the library that uses file I/O will not call the file I/O 
 functions and instead simply return CRYPT\_NOP.  This should help resolve any linker errors stemming from a lack of
 file I/O on embedded platforms.
 
-\subsubsection{CLEAN\_STACK}
+\subsection{CLEAN\_STACK}
 When this functions is defined the functions that store key material on the stack will clean up afterwards.  
 Assumes that you have no memory paging with the stack.
 
-\subsubsection{LTC\_TEST}
+\subsection{LTC\_TEST}
 When this has been defined the various self--test functions (for ciphers, hashes, prngs, etc) are included in the build.
 When this has been undefined the tests are removed and if called will return CRYPT\_NOP.
 
-\subsubsection{Symmetric Ciphers, One-way Hashes, PRNGS and Public Key Functions}
+\subsection{Symmetric Ciphers, One-way Hashes, PRNGS and Public Key Functions}
 There are a plethora of macros for the ciphers, hashes, PRNGs and public key functions which are fairly 
 self-explanatory.  When they are defined the functionality is included otherwise it is not.  There are some 
 dependency issues which are noted in the file.  For instance, Yarrow requires CTR chaining mode, a block 
 cipher and a hash function.
 
-\subsubsection{TWOFISH\_SMALL and TWOFISH\_TABLES}
+\subsection{TWOFISH\_SMALL and TWOFISH\_TABLES}
 Twofish is a 128-bit symmetric block cipher that is provided within the library.  The cipher itself is flexible enough
 to allow some tradeoffs in the implementation.  When TWOFISH\_SMALL is defined the scheduled symmetric key for Twofish 
 requires only 200 bytes of memory.  This is achieved by not pre-computing the substitution boxes.  Having this 
@@ -3432,10 +3791,39 @@ useful when TWOFISH\_SMALL is defined as the table values are computed on the fl
 will increase by approximately 500 bytes.  If this is defined but TWOFISH\_SMALL is not the cipher will still work but
 it will not speed up the encryption or decryption functions.
 
-\subsubsection{SMALL\_CODE}
+\subsection{GCM\_TABLES}
+When defined GCM will use a 64KB table (per GCM state) which will greatly lower up the per--packet latency.  
+It also increases the initialization time.  
+
+\subsection{SMALL\_CODE}
 When this is defined some of the code such as the Rijndael and SAFER+ ciphers are replaced with smaller code variants.
 These variants are slower but can save quite a bit of code space.
 
+\subsection{LTC\_FAST}
+This mode (autodetected with x86\_32,x86\_64 platforms with GCC or MSVC) configures various routines such as ctr\_encrypt() or 
+cbc\_encrypt() that it can safely XOR multiple octets in one step by using a larger data type.  This has the benefit of 
+cutting down the overhead of the respective functions.  
+
+This mode does have one downside.  It can cause unaligned reads from memory if you are not careful with the functions.  This is why
+it has been enabled by default only for the x86 class of processors where unaligned accesses are allowed.  Technically LTC\_FAST
+is not ``portable'' since unaligned accesses are not covered by the ISO C specifications.
+
+In practice however, you can use it on pretty much any platform (even MIPS) with care.
+
+By design the ``fast'' mode functions won't get unaligned on their own.  For instance, if you call ctr\_encrypt() right after calling
+ctr\_start() and all the inputs you gave are aligned than ctr\_encrypt() will perform aligned memory operations only.  However, if you 
+call ctr\_encrypt() with an odd amount of plaintext then call it again the CTR pad (the IV) will be partially used.  This will
+cause the ctr routine to first use up the remaining pad bytes.  Then if there are enough plaintext bytes left it will use 
+whole word XOR operations.  These operations will be unaligned.
+
+The simplest precaution is to make sure you process all data in power of two blocks and handle ``remainder'' at the end.  e.g. If you are 
+CTR'ing a long stream process it in blocks of (say) four kilobytes and handle any remaining incomplete blocks at the end of the stream.  
+
+If you do plan on using the ``LTC\_FAST'' mode you have to also define a ``LTC\_FAST\_TYPE'' macro which resolves to an optimal sized
+data type you can perform integer operations with.  Ideally it should be four or eight bytes since it must properly divide the size 
+of your block cipher (e.g. 16 bytes for AES).  This means sadly if you're on a platform with 57--bit words (or something) you can't 
+use this mode.  So sad.
+
 \section{MPI Tweaks}
 \subsection{RSA Only Tweak}
 If you plan on only using RSA with moduli in the range of 1024 to 2560 bits you can enable a series of tweaks
@@ -3448,7 +3836,417 @@ to reduce the library size.  Follow these steps
    \item Rebuild the library.
 \end{enumerate}
 
+\chapter{Optimizations}
+\section{Introduction}
+The entire API was designed with plug and play in mind at the low level.  That is you can swap out any cipher, hash or PRNG and dependent API will not require
+updating.  This has the nice benefit that I can add ciphers not have to re--write large portions of the API.  For the most part LibTomCrypt has also been written
+to be highly portable and easy to build out of the box on pretty much any platform.  As such there are no assembler inlines throughout the code, I make no assumptions
+about the platform, etc...
+
+That works well for most cases but there are times where time is of the essence.  This API also allows optimized routines to be dropped in--place of the existing
+portable routines.  For instance, hand optimized assembler versions of AES could be provided and any existing function that uses the cipher could automatically use
+the optimized code without re--writing.  This also paves the way for hardware drivers that can access hardware accelerated cryptographic devices.
+
+At the heart of this flexibility is the ``descriptor'' system.  A descriptor is essentially just a C ``struct'' which describes the algorithm and provides pointers
+to functions that do the work.  For a given class of operation (e.g. cipher, hash, prng) the functions have identical prototypes which makes development simple.  In most
+dependent routines all a developer has to do is register\_XXX() the descriptor and they're set.
+
+\section{Ciphers}
+The ciphers in LibTomCrypt are accessed through the ltc\_cipher\_descriptor structure.
+
+\begin{small}
+\begin{verbatim}
+struct ltc_cipher_descriptor {
+   /** name of cipher */
+   char *name;
+   /** internal ID */
+   unsigned char ID;
+   /** min keysize (octets) */
+   int  min_key_length, 
+   /** max keysize (octets) */
+        max_key_length, 
+   /** block size (octets) */
+        block_length, 
+   /** default number of rounds */
+        default_rounds;
+   /** Setup the cipher 
+      @param key         The input symmetric key
+      @param keylen      The length of the input key (octets)
+      @param num_rounds  The requested number of rounds (0==default)
+      @param skey        [out] The destination of the scheduled key
+      @return CRYPT_OK if successful
+   */
+   int  (*setup)(const unsigned char *key, int keylen, 
+                 int num_rounds, symmetric_key *skey);
+   /** Encrypt a block
+      @param pt      The plaintext
+      @param ct      [out] The ciphertext
+      @param skey    The scheduled key
+   */
+   void (*ecb_encrypt)(const unsigned char *pt, 
+                             unsigned char *ct, symmetric_key *skey);
+   /** Decrypt a block
+      @param ct      The ciphertext
+      @param pt      [out] The plaintext
+      @param skey    The scheduled key
+   */
+   void (*ecb_decrypt)(const unsigned char *ct, 
+                             unsigned char *pt, symmetric_key *skey);
+   /** Test the block cipher
+       @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
+   */
+   int (*test)(void);
+   /** Determine a key size
+       @param keysize    [in/out] The size of the key desired and the suggested size
+       @return CRYPT_OK if successful
+   */
+   int  (*keysize)(int *keysize);
+
+/** Accelerators **/
+   /** Accelerated ECB encryption 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param skey    The scheduled key context
+   */
+   void (*accel_ecb_encrypt)(const unsigned char *pt, 
+                                   unsigned char *ct, unsigned long blocks, 
+                             symmetric_key *skey);
+
+   /** Accelerated ECB decryption 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param skey    The scheduled key context
+   */
+   void (*accel_ecb_decrypt)(const unsigned char *ct, 
+                                   unsigned char *pt, unsigned long blocks, 
+                             symmetric_key *skey);
+
+   /** Accelerated CBC encryption 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param IV      The initial value (input/output)
+       @param skey    The scheduled key context
+   */
+   void (*accel_cbc_encrypt)(const unsigned char *pt, 
+                                   unsigned char *ct, unsigned long blocks, 
+                                   unsigned char *IV, symmetric_key *skey);
+
+   /** Accelerated CBC decryption 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param IV      The initial value (input/output)
+       @param skey    The scheduled key context
+   */
+   void (*accel_cbc_decrypt)(const unsigned char *ct, 
+                                   unsigned char *pt, unsigned long blocks, 
+                                   unsigned char *IV, symmetric_key *skey);
+
+   /** Accelerated CTR encryption 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param IV      The initial value (input/output)
+       @param mode    little or big endian counter (mode=0 or mode=1)
+       @param skey    The scheduled key context
+   */
+   void (*accel_ctr_encrypt)(const unsigned char *pt, 
+                                   unsigned char *ct, unsigned long blocks, 
+                                   unsigned char *IV, int mode, symmetric_key *skey);
+
+   /** Accelerated CCM packet (one-shot)
+       @param key        The secret key to use
+       @param keylen     The length of the secret key (octets)
+       @param nonce      The session nonce [use once]
+       @param noncelen   The length of the nonce
+       @param header     The header for the session
+       @param headerlen  The length of the header (octets)
+       @param pt         [out] The plaintext
+       @param ptlen      The length of the plaintext (octets)
+       @param ct         [out] The ciphertext
+       @param tag        [out] The destination tag
+       @param taglen     [in/out] The max size and resulting size of the authentication tag
+       @param direction  Encrypt or Decrypt direction (0 or 1)
+       @return CRYPT_OK if successful
+   */
+   void (*accel_ccm_memory)(
+       const unsigned char *key,    unsigned long keylen,
+       const unsigned char *nonce,  unsigned long noncelen,
+       const unsigned char *header, unsigned long headerlen,
+             unsigned char *pt,     unsigned long ptlen,
+             unsigned char *ct,
+             unsigned char *tag,    unsigned long *taglen,
+                       int  direction);
+
+   /** Accelerated GCM packet (one shot)
+       @param key               The secret key
+       @param keylen            The length of the secret key
+       @param IV                The initial vector 
+       @param IVlen             The length of the initial vector
+       @param adata             The additional authentication data (header)
+       @param adatalen          The length of the adata
+       @param pt                The plaintext
+       @param ptlen             The length of the plaintext (ciphertext length is the same)
+       @param ct                The ciphertext
+       @param tag               [out] The MAC tag
+       @param taglen            [in/out] The MAC tag length
+       @param direction         Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
+   */
+   void (*accel_gcm_memory)(
+       const unsigned char *key,    unsigned long keylen,
+       const unsigned char *IV,     unsigned long IVlen,
+       const unsigned char *adata,  unsigned long adatalen,
+             unsigned char *pt,     unsigned long ptlen,
+             unsigned char *ct, 
+             unsigned char *tag,    unsigned long *taglen,
+                       int direction);
+
+};
+\end{verbatim}
+\end{small}
+
+\subsection{Name}
+The ``name'' parameter specifies the name of the cipher.  This is what a developer would pass to find\_cipher() to find the cipher in the descriptor
+tables.
+
+\subsection{Internal ID}
+This is a single byte Internal ID you can use to distingish ciphers from each other.
+
+\subsection{Key Lengths}
+The minimum key length is ``min\_key\_length'' and is measured in octets.  Similarly the maximum key length is ``max\_key\_length''.  They can be equal
+and both must valid key sizes for the cipher.  Values in between are not assumed to be valid though they may be.
+
+\subsection{Block Length}
+The size of the ciphers plaintext or ciphertext is ``block\_length'' and is measured in octets.
+
+\subsection{Rounds}
+Some ciphers allow different number of rounds to be used.  Usually you just use the default.  The default round count is ``default\_rounds''.
+
+\subsection{Setup}
+To initialize a cipher (for ECB mode) the function setup() was provided.  It accepts an array of key octets ``key'' of length ``keylen'' octets.  The user
+can specify the number of rounds they want through ``num\_rounds'' where $num\_rounds = 0$ means use the default.  The destination of a scheduled key is stored
+in ``skey''.
+
+This is where things get tricky.  Currently there is no provision to allocate memory during initialization since there is no ``cipher done'' function.  So you have
+to either use an existing member of the symmetric\_key union or alias your own structure over top of it provided symmetric\_key is not smaller.
+
+\subsection{Single block ECB}
+To process a single block in ECB mode the ecb\_encrypt() and ecb\_decrypt() functions were provided.  The plaintext and ciphertext buffers are allowed to overlap so you 
+must make sure you do not overwrite the output before you are finished with the input.
+
+\subsection{Testing}
+The test() function is used to self--test the ``device''.  It takes no arguments and returns \textbf{CRYPT\_OK} if all is working properly.
+
+\subsection{Key Sizing}
+Occasionally a function will want to find a suitable key size to use since the input is oddly sized.  The keysize() function is for this case.  It accepts a 
+pointer to an integer which represents the desired size.  The function then has to match it to the exact or a lower key size that is valid for the cipher.  For
+example, if the input is $25$ and $24$ is valid then it stores $24$ back in the pointed to integer.  It must not round up and must return an error if the keysize
+ cannot be mapped to a valid key size for the cipher.
+
+\subsection{Acceleration}
+The next set of functions cover the accelerated functionality of the cipher descriptor.  Any combination of these functions may be set to \textbf{NULL} to indicate
+it is not supported.  In those cases the software fallbacks are used (using the single ECB block routines).
+
+\subsubsection{Accelerated ECB}
+These two functions are meant for cases where a user wants to encrypt (in ECB mode no less) an array of blocks.  These functions are accessed
+through the accel\_ecb\_encrypt and accel\_ecb\_decrypt pointers.  The ``blocks'' count is the number of complete blocks to process.
+
+\subsubsection{Accelerated CBC} 
+These two functions are meant for accelerated CBC encryption.  These functions are accessed through the accel\_cbc\_encrypt and accel\_cbc\_decrypt pointers.
+The ``blocks'' value is the number of complete blocks to process.  The ``IV'' is the CBC initial vector.  It is an input upon calling this function and must be
+updated by the function before returning.  
+
+\subsubsection{Accelerated CTR}
+This function is meant for accelerated CTR encryption.  It is accessible through the accel\_ctr\_encrypt pointer.
+The ``blocks'' value is the number of complete blocks to process.  The ``IV'' is the CTR counter vector.  It is an input upon calling this function and must be
+updated by the function before returning.  The ``mode'' value indicates whether the counter is big ($mode = 1$) or little ($mode = 0$) endian.
+
+This function (and the way it's called) differs from the other two since ctr\_encrypt() allows any size input plaintext.  The accelerator will only be
+called if the following conditions are met.
+
+\begin{enumerate}
+   \item The accelerator is present
+   \item The CTR pad is empty
+   \item The remaining length of the input to process is greater than or equal to the block size.
+\end{enumerate}
+
+The ``CTR pad'' is empty when a multiple (including zero) blocks of text have been processed.  That is, if you pass in seven bytes to AES--CTR mode you would have to 
+pass in a minimum of nine extra bytes before the accelerator could be called.  The CTR accelerator must increment the counter (and store it back into the 
+buffer provided) before encrypting it to create the pad.  
+
+The accelerator will only be used to encrypt whole blocks.  Partial blocks are always handled in software.
+
+\subsubsection{Accelerated CCM}
+This function is meant for accelerated CCM encryption or decryption.  It processes the entire packet in one call.  Note that the setup() function will not
+be called prior to this.  This function must handle scheduling the key provided on its own.
+
+\subsubsection{Accelerated GCM}
+This function is meant for accelerated GCM encryption or decryption.  It processes the entire packet in one call.  Note that the setup() function will not
+be called prior to this.  This function must handle scheduling the key provided on its own.
+
+\section{One--Way Hashes}
+The hash functions are accessed through the ltc\_hash\_descriptor structure.
+
+\begin{small}
+\begin{verbatim}
+struct ltc_hash_descriptor {
+    /** name of hash */
+    char *name;
+    /** internal ID */
+    unsigned char ID;
+    /** Size of digest in octets */
+    unsigned long hashsize;
+    /** Input block size in octets */
+    unsigned long blocksize;
+    /** ASN.1 DER identifier */
+    unsigned char DER[64];
+    /** Length of DER encoding */
+    unsigned long DERlen;
+    /** Init a hash state
+      @param hash   The hash to initialize
+      @return CRYPT_OK if successful
+    */
+    int (*init)(hash_state *hash);
+    /** Process a block of data 
+      @param hash   The hash state
+      @param in     The data to hash
+      @param inlen  The length of the data (octets)
+      @return CRYPT_OK if successful
+    */
+    int (*process)(hash_state *hash, const unsigned char *in, unsigned long inlen);
+    /** Produce the digest and store it
+      @param hash   The hash state
+      @param out    [out] The destination of the digest
+      @return CRYPT_OK if successful
+    */
+    int (*done)(hash_state *hash, unsigned char *out);
+    /** Self-test
+      @return CRYPT_OK if successful, CRYPT_NOP if self-tests have been disabled
+    */
+    int (*test)(void);
+};
+\end{verbatim}
+\end{small}
+
+\subsection{Name}
+This is the name the hash is known by and what find\_hash() will look for.
+
+\subsection{Internal ID}
+This is the internal ID byte used to distinguish the hash from other hashes.
+
+\subsection{Digest Size}
+The ``hashsize'' variable indicates the length of the output in octets.
+
+\subsection{Block Size}
+The `blocksize'' variable indicates the length of input (in octets) that the hash processes in a given
+invokation.
+
+\subsection{DER Identifier}
+This is the DER identifier (including the SEQUENCE header).  This is used solely for PKCS \#1 style signatures.  
+
+\subsection{Initialization}
+The init function initializes the hash and prepares it to process message bytes.
+
+\subsection{Process}
+This processes message bytes.  The algorithm must accept any length of input that the hash would allow.  The input is not
+guaranteed to be a multiple of the block size in length.
+
+\subsection{Done}
+The done function terminates the hash and returns the message digest.
+
+\subsection{Acceleration}
+A compatible accelerator must allow processing data in any granularity which may require internal padding on the driver side.  
+
+\section{Pseudo--Random Number Generators}
+The pseudo--random number generators are accessible through the ltc\_prng\_descriptor structure.
+
+\begin{small}
+\begin{verbatim}
+struct ltc_prng_descriptor {
+    /** Name of the PRNG */
+    char *name;
+    /** size in bytes of exported state */
+    int  export_size;
+    /** Start a PRNG state
+        @param prng   [out] The state to initialize
+        @return CRYPT_OK if successful
+    */
+    int (*start)(prng_state *prng);
+    /** Add entropy to the PRNG
+        @param in         The entropy
+        @param inlen      Length of the entropy (octets)\
+        @param prng       The PRNG state
+        @return CRYPT_OK if successful
+    */
+    int (*add_entropy)(const unsigned char *in, unsigned long inlen, prng_state *prng);
+    /** Ready a PRNG state to read from
+        @param prng       The PRNG state to ready
+        @return CRYPT_OK if successful
+    */
+    int (*ready)(prng_state *prng);
+    /** Read from the PRNG
+        @param out     [out] Where to store the data
+        @param outlen  Length of data desired (octets)
+        @param prng    The PRNG state to read from
+        @return Number of octets read
+    */
+    unsigned long (*read)(unsigned char *out, unsigned long outlen, prng_state *prng);
+    /** Terminate a PRNG state
+        @param prng   The PRNG state to terminate
+        @return CRYPT_OK if successful
+    */
+    int (*done)(prng_state *prng);
+    /** Export a PRNG state  
+        @param out     [out] The destination for the state
+        @param outlen  [in/out] The max size and resulting size of the PRNG state
+        @param prng    The PRNG to export
+        @return CRYPT_OK if successful
+    */
+    int (*pexport)(unsigned char *out, unsigned long *outlen, prng_state *prng);
+    /** Import a PRNG state
+        @param in      The data to import
+        @param inlen   The length of the data to import (octets)
+        @param prng    The PRNG to initialize/import
+        @return CRYPT_OK if successful
+    */
+    int (*pimport)(const unsigned char *in, unsigned long inlen, prng_state *prng);
+    /** Self-test the PRNG
+        @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
+    */
+    int (*test)(void);
+};
+\end{verbatim}
+\end{small}
+
+\subsection{Name}
+The name by which find\_prng() will find the PRNG.
+
+\subsection{Export Size}
+When an PRNG state is to be exported for future use you specify the space required in this variable.
+
+\subsection{Start}
+Initialize the PRNG and make it ready to accept entropy.
+
+\subsection{Entropy Addition}
+Add entropy to the PRNG state.  The exact behaviour of this function depends on the particulars of the PRNG.
+
+\subsection{Ready}
+This function makes the PRNG ready to read from by processing the entropy added.  The behaviour of this function depends
+on the specific PRNG used.
+
+\subsection{Read}
+Read from the PRNG and return the number of bytes read.  This function does not have to fill the buffer but it is best 
+if it does as many protocols do not retry reads and will fail on the first try.
+
+\subsection{Done}
+Terminate a PRNG state.  The behaviour of this function depends on the particular PRNG used.
 
+\subsection{Exporting and Importing}
+An exported PRNG state is data that the PRNG can later import to resume activity.  They're not meant to resume ``the same session''
+but should at least maintain the same level of state entropy.
 
 \input{crypt.ind}
 

demos/test.c

@@ -0,0 +1,19 @@
+#include <tomcrypt_test.h>
+
+int main(void)
+{
+   reg_algs();
+   printf("build == \n%s\n", crypt_build_settings);
+   printf("\ncipher_test..."); fflush(stdout); printf(cipher_hash_test() ? "failed" : "passed");
+   printf("\nmodes_test..."); fflush(stdout); printf(modes_test() ? "failed" : "passed");
+   printf("\nmac_test..."); fflush(stdout); printf(mac_test() ? "failed" : "passed");
+   printf("\npkcs_1_test..."); fflush(stdout); printf(pkcs_1_test() ? "failed" : "passed");
+   printf("\nstore_test..."); fflush(stdout); printf(store_test() ? "failed" : "passed");
+   printf("\nrsa_test..."); fflush(stdout); printf(rsa_test() ? "failed" : "passed");
+   printf("\necc_test..."); fflush(stdout); printf(ecc_tests() ? "failed" : "passed");
+   printf("\ndsa_test..."); fflush(stdout); printf(dsa_test() ? "failed" : "passed");
+   printf("\ndh_test..."); fflush(stdout); printf(dh_tests() ? "failed" : "passed");
+   printf("\nder_test..."); fflush(stdout); printf(der_tests() ? "failed" : "passed");
+
+   return EXIT_SUCCESS;
+}

demos/test/.ccmalloc

@@ -1,356 +0,0 @@
-                %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-                %%%% generic configuration file for %%%%
-                %%%%  the ccmalloc memory profiler  %%%%
-                %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-    
-    %-----------------------------------------------------------------%
-    % COPY THIS FILE TO '.ccmalloc' in your project or home directory %
-    %-----------------------------------------------------------------%
-
-##############################################################################
-## (C) 1997-2003 Armin Biere, 1998 Johannes Keukelaar
-## $Id: ccmalloc.cfg,v 1.6 2003/02/03 08:03:54 biere Exp $
-##############################################################################
-
-%%% '%' and '#' are comments !!!!!!!
-
-% This file must be called '.ccmalloc' and is searched for in the
-% current directory and in the home directory of the user. If it
-% does not exist then the default values mentioned below are used.
-
-% It is also the only available user manual yet ;-) So here is a reading
-% hint. First have a look at the short one line descriptions of each option
-% ...
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% with 'file' the executable is specified [a.out]
-% ----------------------------------------------------------------------
-% This should not be necessary for Linux and Solaris because the proc
-% file system can be used to find argv[0].
-%
-% (the rest of this comment only applies to other OS)
-%
-% For other OS you should use this option unless the executable is
-% in the current directory or its name is 'a.out'.
-%
-% If you do not specify this then ccmalloc tries to find an executable
-% in the current directory that matches the running program starting
-% with 'a.out'. For this process it must call 'nm' on each executable
-% file in the directory which may be time consuming. With this option
-% you can speed up this process.
-%
-% You can also specify absolute or relative path names. This is 
-% necessary if you do not start your program from the current directory.
-% But you can also simply link or name your program to 'a.out'.
-
-%file FILE
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'log' specify the logfile [stderr]
-% ----------------------------------------------------------------------
-% The default is to use stderr. The argument to 'log' is the name of
-% the file you want to write to. It can also be 'stdout' or '-' which 
-% sets stdout as logfile. If the logfile is stdout or stderr and is
-% connected to a terminal then the output is slightly different.
-%
-% For big programs the logfile can be really big. To reduce the size
-% you can use a small chain length (see 'chain-length' below). The other
-% possibility is to use compressed logfiles. This can be done by
-% specifying a logfile name with  a '.gz' (or a '.Z') suffix. This means
-% that gnuzip (resp. compress) is used to compress the output.
-
-%log FILE
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'logpid' specify the logfile
-% ----------------------------------------------------------------------
-% Can be used alternatively to the 'log' command if you want to use
-% ccmalloc for debugging parallel applications where several copies of
-% the program you are debugging must be run simoultaneously. In this
-% case you can not use 'log' because you do not want to write to the same
-% log file. Using 'logpid' uses a file name ending with the <pid> of
-% the process which means the name is unique even if several copies of
-% your program are run simoultaneously.
-%
-% If you use the compressing suffixes then the <pid> is inserted before
-% the suffix (e.g. 'logpid ccmalloc.log.gz' uses 'ccmalloc.log.<pid>.gz'
-% as the name for the log file).
-
-%logpid FILE
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'dont-log-chain' skip info about certain chains []
-% ----------------------------------------------------------------------
-% This command may be repeated any number of times. The argument to this
-% command is a comma-separated list of function-or-file-and-line
-% specifications. Garbage allocated from a callchain that contains this
-% subchain anywhere will _not_ be logged.
-%
-% The ';'-separated list should not contain any spaces. E.g. not:
-%
-%    main ; foo ; bar
-%
-% but:
-%
-%     main;foo;bar
-%
-% A function-or-file-and-line specification is a string followed by an
-% optional colon and number, for example: main or main:14 or main.c or
-% main.c:15. Note that the string is compared with both the function and the
-% file name, if available. If main.c happens to be a function name, that
-% will cause a match (for that string at least).  Not specifying a line
-% number will match any line number. If line number information is not
-% available, anything will match!  Not specifying a name (e.g. ;;;) will
-% match an unknown function name.  Not giving any parameters at all, will
-% match a chain containing at least one unknown function.
-%
-% Note that if you say 'dont-log-chain wrapper.c' nothing will be logged.
-
-%dont-log-chain
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'only-log-chain' skip info about other chains []
-% ----------------------------------------------------------------------
-% The obvious counterpart to dont-log-chain. In this case, only matching
-% chains will be reported. Non-matching chains will not be reported.
-% Can be repeated any number of times; if the chain matches any of the
-% instances, it will be reported.
-
-%only-log-chain
-
-########################################################################
-#                                                                      #
-# This is the 'flag' section                                           #
-#                                                                      #
-#    'set FLAG' is the same as 'set FLAG 1'                            #
-#                                                                      #
-# The default values are those set below.  If 'silent' is disabled     #
-# then you will find the banner in the log file (or it is listed on    #
-# stdout or stderr). The banner describes the current settings of all  #
-# these flags.                                                         #
-#                                                                      #
-########################################################################
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% with 'only-count' ccmalloc only counts garbage - no call chains [0]
-% ----------------------------------------------------------------------
-% If only-count is set to one then only one additional pointer for
-% each allocated data is used and no call chain is generated. This is
-% the fasted and most space efficient mode ccmalloc can operate
-% in. In this mode you get at least the size of garbage produced.
-%
-% Note that 'check-free-space' does not work at all with 'only-count'
-% set and over writes ('check-overwrites') are only checked when
-% calling free.
-
-%set only-count 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'load-dynlibs' load dynamic linked libraries into gdb [0]
-% ----------------------------------------------------------------------
-% If your program is linked with dynamic libraries, function and file
-% name information is not available for addresses in those libraries,
-% unless you set 'load-dynlibs' to 1.
-
-%set load-dynlibs 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'keep-deallocated-data' does not recycle deallocated data [0]
-% ----------------------------------------------------------------------
-% If you enable keep-deallocated-data then all data deallocated with
-% 'free' (or 'delete' in C++) is not given back to the free store
-% but stays associated with the call chain of its allocation. This is
-% very useful if your program does multiple deallocation of the
-% same data.
-
-%set keep-deallocated-data 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'check-overwrites' detect overwrites [0]
-% ----------------------------------------------------------------------
-% If you want to detect 'off by n bytes' errors you should set
-% 'checking-overwrites' to n/4 (on 32-Bit machines).
-%
-% ccmalloc inserts a boundary above allocated data. This boundary
-% consists of 'check-overwrites' words. If your program writes to
-% this area then ccmalloc can detect this (see also check-start
-% and check-interval). 'ccmalloc' also does checking for overwrites
-% at non word boundaries (e.g. strcpy(malloc(strlen("hello")),"hello");)
-
-set check-overwrites 1
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'check-underwrites' detect underwrites [0]
-% ----------------------------------------------------------------------
-% same with writes below allocated data. You do not have to set this
-% option if you only want detect 'off (below) by one' errors because
-% ccmalloc keeps a magic value just before the user data.
-
-set check-underwrites 1
-
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'check-free-space' can be used to find dangling pointers. [0]
-% ----------------------------------------------------------------------
-% A very serious type of bug is to write on data that has already been
-% freed. If this happens the free space management of malloc is in
-% trouble and you will perhaps encounter non deterministic behaviour of
-% your program. To test this first enable 'keep-deallocated-data' and
-% restart your program. If the problem goes away and ccmalloc does not
-% report anything then you should *also* enable 'check-free-space'. Now
-% ccmalloc checks already deallocated data for corruption.
-%
-% Note that to perform this check 'keep-deallocated-data' also must
-% be enabled and 'only-count' disabled.
-
-set check-free-space 1
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'check-interval' can be used to speed up checks [0]
-% ----------------------------------------------------------------------
-% If check-overwrite, check-underwrites or check-free-space is set then
-% the default is to do 'write checks' when data is deallocated and
-% to do 'free space checks' when reporting together with
-% 'write checks' for garbage. When you want these checks to be
-% performed more often then you should set 'check-interval' to a
-% positive number. This number is the interval between the number of
-% calls to free or malloc without performing the checks.
-
-%set check-interval 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'check-start' can be used to speed up checks [0]
-% ----------------------------------------------------------------------
-% The flag 'check-start' delays the start of checks until the given
-% number of calls to free and malloc have occured. Together with
-% 'check-interval' you can use a binary search to find an aproximation
-% when a corruption occured! If you simply set check-interval to 1 and
-% check-start to 0 then this will slow done your program too much.
-
-%set check-start 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'silent' disables banner [0]
-% ----------------------------------------------------------------------
-% If you don't want to see the banner of ccmalloc then set
-% 'silent' to 1 (f.e. when logging to stderr)
-
-%set silent
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'file-info' en/disables file and line number information [1]
-% ----------------------------------------------------------------------
-% If your program was compiled with debugging information (-g) then
-% ccmalloc can generate line number and file info for call chains opening
-% a pipe to gdb. For very big programs this method is slow. In this case
-% you can set 'file-info' to zero and you will only get the function
-% names. For SunOS 4.3.1 'nm' does not 'demangle' C++ identifiers
-% very well. So gdb is called instead but only if 'file-info' is
-% not set to 0.
-
-%set file-info 1
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'continue' if ccmalloc aborts when something weired happened [0]
-% ----------------------------------------------------------------------
-% If the free function of ccmalloc is called with an argument that does
-% not make sense to ccmalloc or that has already been freed then you
-% probably want the program to stop at this point. This is also
-% the default behaviour. But you can force ccmalloc also to ignore
-% this if you set 'continue' to 1. This flag also controls the behaviour
-% of ccmalloc when free space is found to be corrupted or a write
-% boundary has been overwritten.
-
-%set continue 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'chain-length' is the length of the maximal call chain [0 = infinite]
-% ----------------------------------------------------------------------
-% You can restrict the length of call chains by setting 'chain-length'
-% to a number greater than zero. If 'chain-length' is zero (the default)
-% then chains are as long as possible (on a non x86 system only call
-% chains with a finite maximal length can be generated). For big
-% programs especially if keep-deallocated-data is enabled this can
-% reduce the size of the log file from over 100MB to several MB!
-
-%set chain-length 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'print-addresses' of data [0]
-% ----------------------------------------------------------------------
-% If you want to see the addresses of the allocated data (and
-% deallocated data if keep-deallocated-data is set to 1) set
-% 'print-addresses' to 1.
-
-%set print-addresses 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'print-on-one-line' shortens log file [0]
-% ----------------------------------------------------------------------
-% The default is to print function names and file/line number info
-% on separate lines. With 'print-on-one-line' set 1 all are printed
-% on one line.
-
-%set print-on-one-line 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'additional-line' enlarges readability [1]
-% ----------------------------------------------------------------------
-% When printing call chains an empty line is printed between to
-% call points. Set 'additional-line' to 0 to disable this feature.
-
-%set additional-line 1
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% 'statistics' enables more accurate profiling [0] 
-% ----------------------------------------------------------------------
-% Calculate number of allocations and deallocations and bytes also on
-% a per call chain basis. This uses 4 additional pointers for each
-% call chain.
-
-set statistics 1
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% set order for sorting of call chains [1] [1]
-% ----------------------------------------------------------------------
-% When printing the report to the log file the call chains are sorted by
-% default with respect to the largest accumulated garbage produced by
-% that call chain. This can be changed with setting 'sort-by-wasted'
-% to 0. In this case they are sorted by the number of allocated bytes.
-% If you want the number of allocations (only possible if 'statistics'
-% is enabled) as sorting criteria instead then set 'sort-by-size' to 0.
-
-%set sort-by-wasted 1
-%set sort-by-size 1
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% report library chains [0]
-% ----------------------------------------------------------------------
-% Some external libraries (like libg++) have memory leaks. On some
-% systems even a call to printf produces a leak. ccmalloc tries to
-% detect this (only heuristically!) and with this flag you can control
-% if leaks produced by such library calls are reported.
-%
-% Since version 0.2.1 some similar effect can be achieved by using
-% 'dont-log-chain' with no argument.
-
-%set library-chains 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% print debugging information [X] (compile time dependend)
-% ----------------------------------------------------------------------
-
-%set debug X
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% align memory on 8 byte boundary [0] (no effect on SunOS or Solaris)
-% ----------------------------------------------------------------------
-
-%set align-8-byte 0
-
-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
-% only report allocations which ended up being wasted (i.e don't report
-% allocations which were completely freed properly. ) [1]
-% ----------------------------------------------------------------------
-
-%set only-wasting-alloc 1

demos/test/mac_test.c

@@ -1,12 +0,0 @@
-/* test pmac/omac/hmac */
-#include "test.h"
-
-int mac_test(void)
-{
-   DO(hmac_test()); 
-   DO(pmac_test()); 
-   DO(omac_test()); 
-   DO(eax_test());  
-   DO(ocb_test());  
-   return 0;
-}

demos/test/makefile

@@ -1,25 +0,0 @@
-# make test harness, it is good.
-CFLAGS += -Wall -W -Os -I../../src/headers/ -I./
-
-# add -g3 for ccmalloc debugging 
-#CFLAGS += -g3
-
-# if you're not debugging
-CFLAGS += -fomit-frame-pointer
-
-default: test
-
-OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \
-pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o 
-
-#uncomment this to get heap checking [e.g. memory leaks].  Note 
-#that you *MUST* build libtomcrypt.a with -g3 enabled [and make install it]
-#
-#
-#CCMALLOC = -lccmalloc -ldl
-
-test: $(OBJECTS)
-	$(CC) $(CFLAGS) $(OBJECTS) /usr/lib/libtomcrypt.a  $(CCMALLOC) -o test
-	
-clean:
-	rm -rf test *.o *.obj *.exe *~	.libs

demos/test/makefile.icc

@@ -1,14 +0,0 @@
-# make test harness, it is good.
-CFLAGS += -O3 -xN -ip -I../../src/headers/ -I./
-CC=icc
-
-default: test
-
-OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \
-pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o
-
-test: $(OBJECTS)
-	$(CC) $(OBJECTS) -ltomcrypt -o test
-	
-clean:
-	rm -f test *.o *~	

demos/test/makefile.msvc

@@ -1,14 +0,0 @@
-# make test harness, it is good.
-CFLAGS = $(CFLAGS) /W3 /Ox /I../../src/headers/ /I./
-
-default: test.exe
-
-OBJECTS = test.obj cipher_hash_test.obj mac_test.obj modes_test.obj \
-pkcs_1_test.obj store_test.obj rsa_test.obj ecc_test.obj dsa_test.c dh_tests.obj der_tests.obj
-
-
-test.exe: $(OBJECTS)
-	cl $(OBJECTS) tomcrypt.lib advapi32.lib 
-	
-clean:
-	rm -f test.exe *.obj *~	

demos/test/makefile.shared

@@ -1,19 +0,0 @@
-# make test harness, it is good.
-CFLAGS += -Wall -W -Os -I../../src/headers/ -I./
-
-# if you're not debugging
-CFLAGS += -fomit-frame-pointer
-
-default: test
-
-#if you don't have mpi.o 
-#MPISHARED=-ltommath
-
-OBJECTS=test.o cipher_hash_test.o mac_test.o modes_test.o \
-pkcs_1_test.o store_test.o rsa_test.o ecc_test.o dsa_test.o dh_tests.o der_tests.o 
-
-test: $(OBJECTS)
-	libtool --mode=link gcc $(CFLAGS) $(OBJECTS) -o test -ltomcrypt $(MPISHARED)
-	
-clean:
-	rm -f test *.o *.obj *.exe *~	

demos/test/test.c

@@ -1,271 +0,0 @@
-#include "test.h"
-
-test_entry tests[26];
-
-test_entry test_list[26] = { 
-
-/* test name          provides    requires             entry */
-{"store_test",             "a",         "",          store_test           },
-{"cipher_hash_test",       "b",        "a",          cipher_hash_test     },
-{"modes_test",             "c",        "b",          modes_test           },
-{"mac_test",               "d",        "c",          mac_test             },
-{"der_test",               "e",         "",          der_tests            },
-
-{"pkcs_1_test",            "f",        "e",          pkcs_1_test          },
-{"rsa_test",               "g",        "e",          rsa_test             },
-{"ecc_test",               "h",        "a",          ecc_tests            },
-{"dsa_test",               "i",        "a",          dsa_test             },
-{"dh_test",                "j",        "a",          dh_tests             },
-
-{NULL, NULL, NULL, NULL} 
-};
-
-prng_state test_yarrow;
-static int current_test;
-
-void run_cmd(int res, int line, char *file, char *cmd)
-{
-   if (res != CRYPT_OK) {
-      fprintf(stderr, "[%s]: %s (%d)\n%s:%d:%s\n", tests[current_test].name, error_to_string(res), res, file, line, cmd);
-      exit(EXIT_FAILURE);
-   }
-}
-
-void register_algs(void)
-{
-  int err;
-
-#ifdef RIJNDAEL
-  register_cipher (&aes_desc);
-#endif
-#ifdef BLOWFISH
-  register_cipher (&blowfish_desc);
-#endif
-#ifdef XTEA
-  register_cipher (&xtea_desc);
-#endif
-#ifdef RC5
-  register_cipher (&rc5_desc);
-#endif
-#ifdef RC6
-  register_cipher (&rc6_desc);
-#endif
-#ifdef SAFERP
-  register_cipher (&saferp_desc);
-#endif
-#ifdef TWOFISH
-  register_cipher (&twofish_desc);
-#endif
-#ifdef SAFER
-  register_cipher (&safer_k64_desc);
-  register_cipher (&safer_sk64_desc);
-  register_cipher (&safer_k128_desc);
-  register_cipher (&safer_sk128_desc);
-#endif
-#ifdef RC2
-  register_cipher (&rc2_desc);
-#endif
-#ifdef DES
-  register_cipher (&des_desc);
-  register_cipher (&des3_desc);
-#endif
-#ifdef CAST5
-  register_cipher (&cast5_desc);
-#endif
-#ifdef NOEKEON
-  register_cipher (&noekeon_desc);
-#endif
-#ifdef SKIPJACK
-  register_cipher (&skipjack_desc);
-#endif
-#ifdef KHAZAD
-  register_cipher (&khazad_desc);
-#endif
-#ifdef ANUBIS
-  register_cipher (&anubis_desc);
-#endif
-
-#ifdef TIGER
-  register_hash (&tiger_desc);
-#endif
-#ifdef MD2
-  register_hash (&md2_desc);
-#endif
-#ifdef MD4
-  register_hash (&md4_desc);
-#endif
-#ifdef MD5
-  register_hash (&md5_desc);
-#endif
-#ifdef SHA1
-  register_hash (&sha1_desc);
-#endif
-#ifdef SHA256
-  register_hash (&sha256_desc);
-#endif
-#ifdef SHA224
-  register_hash (&sha224_desc);
-#endif
-#ifdef SHA384
-  register_hash (&sha384_desc);
-#endif
-#ifdef SHA512
-  register_hash (&sha512_desc);
-#endif
-#ifdef RIPEMD128
-  register_hash (&rmd128_desc);
-#endif
-#ifdef RIPEMD160
-  register_hash (&rmd160_desc);
-#endif
-#ifdef WHIRLPOOL
-  register_hash (&whirlpool_desc);
-#endif
-#ifdef CHC_HASH
-  register_hash(&chc_desc);
-  if ((err = chc_register(register_cipher(&aes_enc_desc))) != CRYPT_OK) {
-     printf("chc_register error: %s\n", error_to_string(err));
-     exit(EXIT_FAILURE);
-  }
-#endif
-
-
-#ifdef YARROW
-   register_prng(&yarrow_desc);
-#endif
-#ifdef FORTUNA
-   register_prng(&fortuna_desc);
-#endif
-#ifdef RC4
-   register_prng(&rc4_desc);
-#endif
-#ifdef SPRNG
-   register_prng(&sprng_desc);
-#endif
-#ifdef SOBER128
-   register_prng(&sober128_desc);
-#endif
-}
-
-/* sort tests based on their requirement/services.  Helps make sure dependencies are tested first */
-void sort(void)
-{
-   unsigned x, y, z, a, pidx[26];
-      
-   /* find out where things are provided */
-   zeromem(pidx, sizeof(pidx));   
-   z = 0;
-   do { 
-      y = 0;
-      for (x = 0; test_list[x].name != NULL; x++) {
-        if (test_list[x].entry == NULL) continue;
-        if (strlen(test_list[x].prov) == 0) {
-           y = 1;
-           tests[z++] = test_list[x]; test_list[x].entry = NULL;
-           pidx[test_list[x].prov[0]-'a'] = 1;
-           break;
-        } else {
-           for (a = 0; a < strlen(test_list[x].req); a++) {
-               if (pidx[test_list[x].req[a]-'a'] == 0) break;
-           }
-           if (a == strlen(test_list[x].req)) {
-              y = 1;
-              tests[z++] = test_list[x]; test_list[x].entry = NULL;
-              pidx[test_list[x].prov[0]-'a'] = 1;
-              break;
-           }
-        }
-      }
-   } while (y == 1);
-}
-
-#define STACKBLOCK       8
-#define STACK_EST_USAGE  32768
-
-unsigned char stack_mask[STACKBLOCK];
-unsigned long stack_cur=0;
-
-void stack_masker(void)
-{
-#ifdef STACK_TEST
-   volatile unsigned char M[STACK_EST_USAGE];
-   stack_cur   = 0;
-   for (stack_cur = 0; stack_cur < STACK_EST_USAGE/STACKBLOCK; stack_cur++) {
-       memcpy(M+(stack_cur*STACKBLOCK), stack_mask, STACKBLOCK);
-   }
-#endif
-}
-
-void stack_check(void)
-{
-#ifdef STACK_TEST
-   unsigned char M[STACK_EST_USAGE];
-   stack_cur   = 0;
-#ifdef STACK_DOWN
-   while (memcmp(M+(STACK_EST_USAGE-STACKBLOCK-stack_cur), stack_mask, STACKBLOCK) && 
-#else
-   while (memcmp(M+stack_cur, stack_mask, STACKBLOCK) &&
-#endif
-          stack_cur < (STACK_EST_USAGE - STACKBLOCK)) {
-      ++stack_cur;
-   }
-#endif
-}
-
-int main(void)
-{
-   int x;
-   unsigned char buf[16];
-
-   /* setup stack checker */
-   srand(time(NULL));
-   for (x = 0; x < STACKBLOCK; x++) {
-       stack_mask[x] = rand() & 255;
-   }
-   stack_masker();
-
-   printf("Built with\n%s\n", crypt_build_settings);
-
-   sort();
-   register_algs();
-      
-   // start dummy yarrow for internal use 
-   DO(yarrow_start(&test_yarrow));
-   sprng_read(buf, 16, NULL);
-   DO(yarrow_add_entropy(buf, 16, &test_yarrow));
-   DO(yarrow_ready(&test_yarrow));
-
-   // output sizes (this will crash MSVC... go figure.)
-#ifndef _MSC_VER 
-   printf("Sizes of objects (in bytes)\n");
-   printf("\tsymmetric_key\t=\t%5Zu\n", sizeof(symmetric_key));
-   printf("\thash_state\t=\t%5Zu\n", sizeof(hash_state));
-   printf("\thmac_state\t=\t%5Zu\n", sizeof(hmac_state));
-   printf("\tomac_state\t=\t%5Zu\n", sizeof(omac_state));
-   printf("\tpmac_state\t=\t%5Zu\n", sizeof(pmac_state));
-   printf("\tocb_state\t=\t%5Zu\n", sizeof(ocb_state));
-   printf("\teax_state\t=\t%5Zu\n", sizeof(eax_state));
-   printf("\tmp_int\t\t=\t%5Zu\n", sizeof(mp_int));
-#ifdef MRSA
-   printf("\trsa_key\t\t=\t%5Zu\n", sizeof(rsa_key));
-#endif
-#ifdef MDSA
-   printf("\tdsa_key\t\t=\t%5Zu\n", sizeof(dsa_key));
-#endif
-#ifdef MDH
-   printf("\tdh_key\t\t=\t%5Zu\n", sizeof(dh_key));
-#endif
-#ifdef MECC
-   printf("\tecc_key\t\t=\t%5Zu\n", sizeof(ecc_key));
-#endif
-   printf("\n\n");
-#endif
-
-   // do tests
-   for (current_test = 0; tests[current_test].name != NULL; current_test++) {
-       printf("[%-20s]: ", tests[current_test].name); fflush(stdout);
-       printf("\t%s\n", tests[current_test].entry()==0?"passed":"failed"); 
-   }
-   
-   return 0;
-}

demos/test/test.h

@@ -1,41 +0,0 @@
-
-#ifndef __TEST_H_
-#define __TEST_H_
-
-#include "tomcrypt.h"
-
-/* enable stack testing */
-// #define STACK_TEST
-
-/* stack testing, define this if stack usage goes downwards [e.g. x86] */
-#define STACK_DOWN
-
-typedef struct {
-    char *name, *prov, *req;
-    int  (*entry)(void);
-} test_entry;
-
-extern prng_state test_yarrow;
-
-
-void stack_masker(void);
-void stack_check(void);
-extern unsigned long stack_cur;
-#define stack_chk(x) { stack_check(); if (stack_cur >= 1024) { fprintf(stderr, " Warning: Stack usage of %lu in %s, %s:%d\n", stack_cur, x, __FILE__, __LINE__); } }
-
-void run_cmd(int res, int line, char *file, char *cmd);
-#define DO(x) { stack_masker(); run_cmd((x), __LINE__, __FILE__, #x); stack_chk(#x); }
-
-/* TESTS */
-int cipher_hash_test(void);
-int modes_test(void);
-int mac_test(void);
-int pkcs_1_test(void);
-int store_test(void);
-int rsa_test(void);
-int ecc_tests(void);
-int dsa_test(void);
-int dh_tests(void);
-int der_tests(void);
-
-#endif

demos/timing.c

@@ -0,0 +1,23 @@
+#include <tomcrypt_test.h>
+
+int main(void)
+{
+init_timer();
+reg_algs();
+time_keysched();
+time_cipher();
+time_cipher2();
+time_cipher3();
+time_hash();
+time_macs();
+time_encmacs();
+time_prng();
+time_mult();
+time_sqr();
+time_rsa();
+time_ecc();
+time_dh();
+
+return EXIT_SUCCESS;
+
+}

demos/tv_gen.c

@@ -501,6 +501,127 @@ void ocb_gen(void)
    fclose(out);
 }
 
+
+void ccm_gen(void)
+{
+   int err, kl, x, y1, z;
+   FILE *out;
+   unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2], 
+                 plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
+   unsigned long len;
+
+   out = fopen("ccm_tv.txt", "w");
+   fprintf(out, "CCM Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key.  The outputs\n"
+                "are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous\n"
+                "step repeated sufficiently.  The nonce is fixed throughout at 13 bytes 000102...\n\n");
+
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      kl = cipher_descriptor[x].block_length;
+
+      /* skip ciphers which do not have 128 bit block sizes */
+      if (kl != 16) continue;
+
+      if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
+         kl = cipher_descriptor[x].max_key_length;
+      }
+      fprintf(out, "CCM-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+
+      /* the key */
+      for (z = 0; z < kl; z++) {
+          key[z] = (z & 255);
+      }
+
+      /* fixed nonce */
+      for (z = 0; z < cipher_descriptor[x].block_length; z++) {
+          nonce[z] = z;
+      }
+      
+      for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
+         for (z = 0; z < y1; z++) {
+            plaintext[z] = (unsigned char)(z & 255);
+         }
+         len = sizeof(tag);
+         if ((err = ccm_memory(x, key, kl, nonce, 13, plaintext, y1, plaintext, y1, plaintext, tag, &len, CCM_ENCRYPT)) != CRYPT_OK) {
+            printf("Error CCM'ing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y1);
+         for (z = 0; z < y1; z++) {
+            fprintf(out, "%02X", plaintext[z]);
+         }
+         fprintf(out, ", ");
+         for (z = 0; z <(int)len; z++) {
+            fprintf(out, "%02X", tag[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         for (z = 0; z < kl; z++) {
+             key[z] = tag[z % len];
+         }
+      }
+      fprintf(out, "\n");
+   }
+   fclose(out);
+}
+
+void gcm_gen(void)
+{
+   int err, kl, x, y1, z;
+   FILE *out;
+   unsigned char key[MAXBLOCKSIZE], plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
+   unsigned long len;
+
+   out = fopen("gcm_tv.txt", "w");
+   fprintf(out, "GCM Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key.  The outputs\n"
+                "are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous\n"
+                "step repeated sufficiently.  The nonce is fixed throughout at 13 bytes 000102...\n\n");
+
+   for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+      kl = cipher_descriptor[x].block_length;
+
+      /* skip ciphers which do not have 128 bit block sizes */
+      if (kl != 16) continue;
+
+      if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
+         kl = cipher_descriptor[x].max_key_length;
+      }
+      fprintf(out, "GCM-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+
+      /* the key */
+      for (z = 0; z < kl; z++) {
+          key[z] = (z & 255);
+      }
+     
+      for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
+         for (z = 0; z < y1; z++) {
+            plaintext[z] = (unsigned char)(z & 255);
+         }
+         len = sizeof(tag);
+         if ((err = gcm_memory(x, key, kl, plaintext, y1, plaintext, y1, plaintext, y1, plaintext, tag, &len, GCM_ENCRYPT)) != CRYPT_OK) {
+            printf("Error GCM'ing: %s\n", error_to_string(err));
+            exit(EXIT_FAILURE);
+         }
+         fprintf(out, "%3d: ", y1);
+         for (z = 0; z < y1; z++) {
+            fprintf(out, "%02X", plaintext[z]);
+         }
+         fprintf(out, ", ");
+         for (z = 0; z <(int)len; z++) {
+            fprintf(out, "%02X", tag[z]);
+         }
+         fprintf(out, "\n");
+
+         /* forward the key */
+         for (z = 0; z < kl; z++) {
+             key[z] = tag[z % len];
+         }
+      }
+      fprintf(out, "\n");
+   }
+   fclose(out);
+}
+
 void base64_gen(void)
 {
    FILE *out;
@@ -530,6 +651,8 @@ int main(void)
    printf("Generating PMAC   vectors..."); fflush(stdout); pmac_gen(); printf("done\n");
    printf("Generating EAX    vectors..."); fflush(stdout); eax_gen(); printf("done\n");
    printf("Generating OCB    vectors..."); fflush(stdout); ocb_gen(); printf("done\n");
+   printf("Generating CCM    vectors..."); fflush(stdout); ccm_gen(); printf("done\n");
+   printf("Generating GCM    vectors..."); fflush(stdout); gcm_gen(); printf("done\n");
    printf("Generating BASE64 vectors..."); fflush(stdout); base64_gen(); printf("done\n");
    return 0;
 }

genlist.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # aes_tab.o is a pseudo object as it's made from aes.o and MPI is optional
 export a=`echo -n "src/ciphers/aes/aes_enc.o *(MPIOBJECT) " ; find . -type f | sort | grep "[.]/src" | grep "[.]c" | grep -v "sha224" | grep -v "sha384" | grep -v "aes_tab" | grep -v "twofish_tab" | grep -v "whirltab" | grep -v "dh_sys" | grep -v "ecc_sys" | grep -v "mpi[.]c" | grep -v "sober128tab" | sed -e 'sE\./EE' | sed -e 's/\.c/\.o/' | xargs`
-./parsenames.pl OBJECTS "$a"
+perl ./parsenames.pl OBJECTS "$a"
 export a=`find . -type f | grep [.]/src | grep [.]h | sed -e 'se\./ee' | xargs`
-./parsenames.pl HEADERS "$a"
+perl ./parsenames.pl HEADERS "$a"

makefile

@@ -4,7 +4,7 @@
 # Modified by Clay Culver
 
 # The version
-VERSION=1.00
+VERSION=1.01
 
 # Compiler and Linker Names
 #CC=gcc
@@ -15,20 +15,20 @@ VERSION=1.00
 #ARFLAGS=r
 
 # Compilation flags. Note the += does not write over the user's CFLAGS!
-CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow 
+CFLAGS += -c -I./testprof/ -I./src/headers/ -Wall -Wsign-compare -W -Wshadow -Wno-unused-parameter
 
 # additional warnings (newer GCC 3.4 and higher)
 #CFLAGS += -Wsystem-headers -Wdeclaration-after-statement -Wbad-function-cast -Wcast-align -Wstrict-prototypes -Wmissing-prototypes \
 #		  -Wmissing-declarations -Wpointer-arith 
 
 # optimize for SPEED
-#CFLAGS += -O3 -funroll-all-loops
+CFLAGS += -O3 -funroll-loops
 
 # add -fomit-frame-pointer.  hinders debugging!
 CFLAGS += -fomit-frame-pointer
 
 # optimize for SIZE
-CFLAGS += -Os -DLTC_SMALL_CODE
+#CFLAGS += -Os -DLTC_SMALL_CODE
 
 # older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
 # define this to help
@@ -39,12 +39,15 @@ CFLAGS += -Os -DLTC_SMALL_CODE
 
 #Output filenames for various targets.
 LIBNAME=libtomcrypt.a
+LIBTEST=testprof/libtomcrypt_prof.a
 HASH=hashsum
 CRYPT=encrypt
 SMALL=small
 PROF=x86_prof
 TV=tv_gen
 MULTI=multi
+TIMING=timing
+TEST=test
 
 #LIBPATH-The directory for libtomcrypt to be installed to.
 #INCPATH-The directory to install the header files for libtomcrypt.
@@ -56,93 +59,94 @@ DATAPATH=/usr/share/doc/libtomcrypt/pdf
 
 #Who do we install as?
 USER=root
-GROUP=root
+GROUP=wheel
 
 #List of objects to compile.
 
 #Leave MPI built-in or force developer to link against libtommath?
 MPIOBJECT=src/misc/mpi/mpi.o
 
-
-OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
-src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
-src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
-src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
-src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
-src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
-src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
-src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
-src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
-src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
-src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
-src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
-src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
-src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
-src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
-src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
-src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
-src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
-src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
-src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
-src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
-src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
-src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
-src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
-src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
-src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
-src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
-src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
-src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
-src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
-src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
-src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
-src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
-src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
-src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
-src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
-src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
-src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
-src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
-src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
-src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
-src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
+OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \
+src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \
+src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
+src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
+src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
+src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
+src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
+src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \
+src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
+src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \
+src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \
+src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
+src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
+src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
+src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
+src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
+src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
+src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \
+src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
+src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
+src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
+src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
+src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
+src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \
+src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
+src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
+src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
+src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
+src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
+src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
 src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
-src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
-src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
-src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
-src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
 src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
-src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
-src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
-src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
-src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
-src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
-src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
-src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
-src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
-src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
-src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
-src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
-src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
-src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
-src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
-src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
-src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
-src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
+src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o \
+src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
+src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
+src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v15_es_decode.o \
+src/pk/pkcs1/pkcs_1_v15_es_encode.o src/pk/pkcs1/pkcs_1_v15_sa_decode.o \
+src/pk/pkcs1/pkcs_1_v15_sa_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_v15_decrypt_key.o \
+src/pk/rsa/rsa_v15_encrypt_key.o src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o 
+
+HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
+src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \
+src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
 
 TESTOBJECTS=demos/test.o
 HASHOBJECTS=demos/hashsum.o
 CRYPTOBJECTS=demos/encrypt.o
 SMALLOBJECTS=demos/small.o
-PROFS=demos/x86_prof.o
 TVS=demos/tv_gen.o
 MULTIS=demos/multi.o
+TIMINGS=demos/timing.o
+TESTS=demos/test.o
 
 #Files left over from making the crypt.pdf.
 LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
@@ -150,12 +154,6 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out
 #Compressed filenames
 COMPRESSED=crypt-$(VERSION).tar.bz2 crypt-$(VERSION).zip
 
-#Header files used by libtomcrypt.
-HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
-src/headers/tomcrypt_misc.h  src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h  src/headers/tomcrypt_hash.h \
-src/headers/tomcrypt_macros.h  src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
-
 #The default rule for make builds the libtomcrypt library.
 default:library
 
@@ -173,7 +171,10 @@ src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
 src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
 
 #This rule makes the libtomcrypt library.
-library: $(LIBNAME)
+library: $(LIBTEST) $(LIBNAME)
+
+$(LIBTEST): 
+	cd testprof ; CFLAGS="$(CFLAGS)" make 
 
 $(LIBNAME): $(OBJECTS)
 	$(AR) $(ARFLAGS) $@ $(OBJECTS) 
@@ -191,14 +192,18 @@ crypt: library $(CRYPTOBJECTS)
 small: library $(SMALLOBJECTS)
 	$(CC) $(SMALLOBJECTS) $(LIBNAME) -o $(SMALL) $(WARN)
 	
-x86_prof: library $(PROFS)
-	$(CC) $(PROFS) $(LIBNAME) $(EXTRALIBS) -o $(PROF)
-
 tv_gen: library $(TVS)
 	$(CC) $(TVS) $(LIBNAME) $(EXTRALIBS) -o $(TV)
 
 multi: library $(MULTIS)
-	$(CC) $(MULTIS) $(LIBNAME) -o multi
+	$(CC) $(MULTIS) $(LIBNAME) -o $(MULTI)
+
+timing: library $(TIMINGS)
+	$(CC) $(TIMINGS) $(LIBTEST) $(LIBNAME) -o $(TIMING)
+
+test: library $(TESTS)
+	$(CC) $(TESTS) $(LIBTEST) $(LIBNAME) -o $(TEST)
+
 
 #This rule installs the library and the header files. This must be run
 #as root in order to have a high enough permission to write to the correct
@@ -227,10 +232,14 @@ clean:
 	rm -f `find . -type f | grep "[.]obj" | xargs`
 	rm -f `find . -type f | grep "[.]lib" | xargs`
 	rm -f `find . -type f | grep "[.]exe" | xargs`
+	rm -f `find . -type f | grep "[.]gcda" | xargs`
+	rm -f `find . -type f | grep "[.]gcno" | xargs`
+	rm -f `find . -type f | grep "[.]il" | xargs`
+	rm -f `find . -type f | grep "[.]dyn" | xargs`
+	rm -f `find . -type f | grep "[.]dpi" | xargs`
 	rm -rf `find . -type d | grep "[.]libs" | xargs`
 	rm -f crypt.aux  crypt.dvi  crypt.idx  crypt.ilg  crypt.ind  crypt.log crypt.toc
-	rm -f $(TV) $(PROF) $(SMALL) $(CRYPT) $(HASHSUM) $(MULTI)
-	cd demos/test ; make clean
+	rm -f $(TV) $(PROF) $(SMALL) $(CRYPT) $(HASHSUM) $(MULTI) $(TIMING) $(TEST)
 	rm -rf doc/doxygen
 	rm -f doc/*.pdf
 
@@ -262,18 +271,15 @@ docdvi: crypt.tex
 	makeindex crypt.idx
 	latex crypt > /dev/null
 
-#for GCC 3.4+
-profiled:
-	make clean
-	make CFLAGS="$(CFLAGS) -fprofile-generate" EXTRALIBS=-lgcov x86_prof
-	./x86_prof
-	rm *.o *.a x86_prof
-	make CFLAGS="$(CFLAGS) -fprofile-use" EXTRALIBS=-lgcov x86_prof
-
 #zipup the project (take that!)
-zipup: clean docs
+no_oops: clean
+	cd .. ; cvs commit 
+
+zipup: no_oops docs
 	cd .. ; rm -rf crypt* libtomcrypt-$(VERSION) ; mkdir libtomcrypt-$(VERSION) ; \
 	cp -R ./libtomcrypt/* ./libtomcrypt-$(VERSION)/ ; \
-	tar -cjvf crypt-$(VERSION).tar.bz2 libtomcrypt-$(VERSION)/* ; \
-	zip -9 -r crypt-$(VERSION).zip libtomcrypt-$(VERSION)/* ; \
-	gpg -b -a crypt-$(VERSION).tar.bz2 ; gpg -b -a crypt-$(VERSION).zip
+	cd libtomcrypt-$(VERSION) ; rm -rf `find . -type d | grep CVS | xargs` ; cd .. ; \
+	tar -cjvf crypt-$(VERSION).tar.bz2 libtomcrypt-$(VERSION) ; \
+	zip -9r crypt-$(VERSION).zip libtomcrypt-$(VERSION) ; \
+	gpg -b -a crypt-$(VERSION).tar.bz2 ; gpg -b -a crypt-$(VERSION).zip ; \
+	mv -fv crypt* ~ ; rm -rf libtomcrypt-$(VERSION)

makefile.cygwin_dll

@@ -1,117 +0,0 @@
-#makefile for Cygwin [makes a .dll]
-
-default: ltc_dll
-
-
-# Compilation flags. Note the += does not write over the user's CFLAGS!
-CFLAGS += -I./src/headers/ -Wall -Wsign-compare -W -Wno-unused -Wshadow -mno-cygwin -DWIN32 -DLTC_NO_ROLC
-
-# optimize for SPEED
-CFLAGS += -O3 -funroll-all-loops
-
-#add -fomit-frame-pointer.  v3.2 is buggy for certain platforms!
-CFLAGS += -fomit-frame-pointer
-
-# optimize for SIZE
-#CFLAGS += -Os
-
-#Leave MPI built-in or force developer to link against libtommath?
-MPIOBJECT=src/misc/mpi/mpi.o
-
-OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
-src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
-src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
-src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
-src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
-src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
-src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
-src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
-src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
-src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
-src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
-src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
-src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
-src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
-src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
-src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
-src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
-src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
-src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
-src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
-src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
-src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
-src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
-src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
-src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
-src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
-src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
-src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
-src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
-src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
-src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
-src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
-src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
-src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
-src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
-src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
-src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
-src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
-src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
-src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
-src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
-src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
-src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
-src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
-src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
-src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
-src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
-src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
-src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
-src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
-src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
-src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
-src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
-src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
-src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
-src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
-src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
-src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
-src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
-src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
-src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
-src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
-src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
-src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
-src/prngs/sprng.o src/prngs/yarrow.o
-
-#Header files used by libtomcrypt.
-HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
-src/headers/tomcrypt_misc.h  src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h  src/headers/tomcrypt_hash.h \
-src/headers/tomcrypt_macros.h  src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
-
-#ciphers come in two flavours... enc+dec and enc 
-src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
-
-#These are the rules to make certain object files.
-src/ciphers/aes/aes.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-src/ciphers/twofish/twofish.o: src/ciphers/twofish/twofish.c src/ciphers/twofish/twofish_tab.c
-src/hashes/whirl/whirl.o: src/hashes/whirl/whirl.c src/hashes/whirl/whirltab.c
-src/pk/ecc/ecc.o: src/pk/ecc/ecc.c src/pk/ecc/ecc_sys.c
-src/pk/dh/dh.o: src/pk/dh/dh.c src/pk/dh/dh_sys.c
-src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
-src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
-
-ltc_dll: $(OBJECTS) $(MPIOBJECT)
-	gcc -mno-cygwin -mdll -o libtomcrypt.dll -Wl,--out-implib=libtomcrypt.dll.a -Wl,--export-all-symbols `find . -type f | grep [.]o | xargs` -ladvapi32
-	ranlib libtomcrypt.dll.a
-	cp -fv src/headers/* /usr/include
-	cp -fv *.a /usr/lib
-	cp -fv *.dll /usr/bin

makefile.icc

@@ -41,7 +41,7 @@ default:library
 #	B - Blend of P4 and PM [mobile]
 #
 # Default to just generic max opts
-CFLAGS += -O3 -xN -ip 
+CFLAGS += -O3 -xP -ip 
 
 # want to see stuff?
 #CFLAGS += -opt_report
@@ -50,11 +50,15 @@ CFLAGS += -O3 -xN -ip
 
 #Output filenames for various targets.
 LIBNAME=libtomcrypt.a
+LIBTEST=testprof/libtomcrypt_prof.a
 HASH=hashsum
 CRYPT=encrypt
 SMALL=small
 PROF=x86_prof
 TV=tv_gen
+MULTI=multi
+TIMING=timing
+TEST=test
 
 #LIBPATH-The directory for libtomcrypt to be installed to.
 #INCPATH-The directory to install the header files for libtomcrypt.
@@ -69,77 +73,78 @@ DATAPATH=/usr/share/doc/libtomcrypt/pdf
 #Leave MPI built-in or force developer to link against libtommath?
 MPIOBJECT=src/misc/mpi/mpi.o
 
-OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
-src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
-src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
-src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
-src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
-src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
-src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
-src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
-src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
-src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
-src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
-src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
-src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
-src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
-src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
-src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
-src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
-src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
-src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
-src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
-src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
-src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
-src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
-src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
-src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
-src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
-src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
-src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
-src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
-src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
-src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
-src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
-src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
-src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
-src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
-src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
-src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
-src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
-src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
-src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
-src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
-src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
+OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \
+src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \
+src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
+src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
+src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
+src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
+src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
+src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \
+src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
+src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \
+src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \
+src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
+src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
+src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
+src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
+src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
+src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
+src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \
+src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
+src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
+src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
+src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
+src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
+src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \
+src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
+src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
+src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
+src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
+src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
+src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
 src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
-src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
-src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
-src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
-src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
 src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
-src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
-src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
-src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
-src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
-src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
-src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
-src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
-src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
-src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
-src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
-src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
-src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
-src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
-src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
-src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
-src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
-src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
+src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o \
+src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
+src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
+src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v15_es_decode.o \
+src/pk/pkcs1/pkcs_1_v15_es_encode.o src/pk/pkcs1/pkcs_1_v15_sa_decode.o \
+src/pk/pkcs1/pkcs_1_v15_sa_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_v15_decrypt_key.o \
+src/pk/rsa/rsa_v15_encrypt_key.o src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o 
+
+HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
+src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \
+src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h  testprof/tomcrypt_test.h
 
 #ciphers come in two flavours... enc+dec and enc 
 aes_enc.o: aes.c aes_tab.c
@@ -148,8 +153,9 @@ aes_enc.o: aes.c aes_tab.c
 HASHOBJECTS=demos/hashsum.o
 CRYPTOBJECTS=demos/encrypt.o
 SMALLOBJECTS=demos/small.o
-PROFS=demos/x86_prof.o
 TVS=demos/tv_gen.o
+TIMINGS=demos/timing.o
+TESTS=demos/test.o
 
 #Files left over from making the crypt.pdf.
 LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind
@@ -157,12 +163,6 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind
 #Compressed filenames
 COMPRESSED=crypt.tar.bz2 crypt.zip crypt.tar.gz
 
-#Header files used by libtomcrypt.
-HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
-src/headers/tomcrypt_misc.h  src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h  src/headers/tomcrypt_hash.h \
-src/headers/tomcrypt_macros.h  src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
-
 #ciphers come in two flavours... enc+dec and enc 
 src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
 	$(CC) $(CFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
@@ -177,7 +177,10 @@ src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
 src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
 
 #This rule makes the libtomcrypt library.
-library: $(LIBNAME)
+library: $(LIBTEST) $(LIBNAME)
+
+$(LIBTEST):
+	cd testprof ; make -f makefile.icc
 
 $(LIBNAME): $(OBJECTS)
 	$(AR) $(ARFLAGS) $@ $(OBJECTS)
@@ -195,19 +198,14 @@ crypt: library $(CRYPTOBJECTS)
 small: library $(SMALLOBJECTS)
 	$(CC) $(SMALLOBJECTS) $(LIBNAME) -o $(SMALL) $(WARN)
 	
-x86_prof: library $(PROFS)
-	$(CC) $(PROFS) $(LIBNAME) -o $(PROF)
-
 tv_gen: library $(TVS)
 	$(CC) $(TVS) $(LIBNAME) -o $(TV)
 
-profiled:
-	make clean
-	make -f makefile.icc CFLAGS="$(CFLAGS) -prof_gen" x86_prof
-	./x86_prof
-	rm *.o *.a x86_prof
-	make -f makefile.icc CFLAGS="$(CFLAGS) -prof_use" x86_prof
+timing: library $(TIMINGS)
+	$(CC) $(TIMINGS) $(LIBTEST) $(LIBNAME) -o $(TIMING)
 
+test: library $(TESTS)
+	$(CC) $(TESTS) $(LIBTEST) $(LIBNAME) -o $(TEST)
   
 #This rule installs the library and the header files. This must be run
 #as root in order to have a high enough permission to write to the correct

makefile.msvc

@@ -1,84 +1,85 @@
 #MSVC Makefile [tested with MSVC 6.00 with SP5]
 #
 #Tom St Denis
-CFLAGS = /Isrc/headers/ /Ox /DWIN32 /W3 /Fo$@
+CFLAGS = /Isrc/headers/ /Itestprof/ /Ox /DWIN32 /W3 /Fo$@
 
 default: library
 
 # leave this blank and link against libtommath if you want better link resolution
 MPIOBJECT=src/misc/mpi/mpi.obj
 
-OBJECTS=src/ciphers/aes/aes_enc.obj $(MPIOBJECT) src/ciphers/aes/aes.obj \
-src/ciphers/anubis.obj src/ciphers/blowfish.obj src/ciphers/cast5.obj src/ciphers/des.obj \
-src/ciphers/khazad.obj src/ciphers/noekeon.obj src/ciphers/rc2.obj src/ciphers/rc5.obj \
-src/ciphers/rc6.obj src/ciphers/safer/safer.obj src/ciphers/safer/safer_tab.obj \
-src/ciphers/safer/saferp.obj src/ciphers/skipjack.obj src/ciphers/twofish/twofish.obj \
-src/ciphers/xtea.obj src/encauth/eax/eax_addheader.obj src/encauth/eax/eax_decrypt.obj \
-src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj \
-src/encauth/eax/eax_encrypt.obj src/encauth/eax/eax_encrypt_authenticate_memory.obj \
-src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj \
-src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
-src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj \
-src/encauth/ocb/ocb_encrypt.obj src/encauth/ocb/ocb_encrypt_authenticate_memory.obj \
-src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
-src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj \
-src/encauth/ocb/s_ocb_done.obj src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj \
-src/hashes/helper/hash_filehandle.obj src/hashes/helper/hash_memory.obj \
-src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \
-src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/sha1.obj \
-src/hashes/sha2/sha256.obj src/hashes/sha2/sha512.obj src/hashes/tiger.obj \
-src/hashes/whirl/whirl.obj src/mac/hmac/hmac_done.obj src/mac/hmac/hmac_file.obj \
-src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \
-src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj \
-src/mac/hmac/hmac_test.obj src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj \
-src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \
-src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj \
-src/mac/omac/omac_test.obj src/mac/pmac/pmac_done.obj src/mac/pmac/pmac_file.obj \
-src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
-src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj \
-src/mac/pmac/pmac_process.obj src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj \
-src/misc/base64/base64_decode.obj src/misc/base64/base64_encode.obj \
-src/misc/burn_stack.obj src/misc/crypt/crypt.obj src/misc/crypt/crypt_argchk.obj \
-src/misc/crypt/crypt_cipher_descriptor.obj src/misc/crypt/crypt_cipher_is_valid.obj \
-src/misc/crypt/crypt_find_cipher.obj src/misc/crypt/crypt_find_cipher_any.obj \
-src/misc/crypt/crypt_find_cipher_id.obj src/misc/crypt/crypt_find_hash.obj \
-src/misc/crypt/crypt_find_hash_any.obj src/misc/crypt/crypt_find_hash_id.obj \
-src/misc/crypt/crypt_find_prng.obj src/misc/crypt/crypt_hash_descriptor.obj \
-src/misc/crypt/crypt_hash_is_valid.obj src/misc/crypt/crypt_prng_descriptor.obj \
-src/misc/crypt/crypt_prng_is_valid.obj src/misc/crypt/crypt_register_cipher.obj \
-src/misc/crypt/crypt_register_hash.obj src/misc/crypt/crypt_register_prng.obj \
-src/misc/crypt/crypt_unregister_cipher.obj src/misc/crypt/crypt_unregister_hash.obj \
-src/misc/crypt/crypt_unregister_prng.obj src/misc/error_to_string.obj \
-src/misc/mpi/is_prime.obj src/misc/mpi/mpi_to_ltc_error.obj src/misc/mpi/rand_prime.obj \
-src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj \
-src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_encrypt.obj src/modes/cbc/cbc_getiv.obj \
-src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj src/modes/cfb/cfb_decrypt.obj \
-src/modes/cfb/cfb_encrypt.obj src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj \
-src/modes/cfb/cfb_start.obj src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_encrypt.obj \
+OBJECTS=src/ciphers/aes/aes_enc.obj $(MPIOBJECT) src/ciphers/aes/aes.obj src/ciphers/anubis.obj \
+src/ciphers/blowfish.obj src/ciphers/cast5.obj src/ciphers/des.obj src/ciphers/khazad.obj src/ciphers/noekeon.obj \
+src/ciphers/rc2.obj src/ciphers/rc5.obj src/ciphers/rc6.obj src/ciphers/safer/safer.obj \
+src/ciphers/safer/safer_tab.obj src/ciphers/safer/saferp.obj src/ciphers/skipjack.obj \
+src/ciphers/twofish/twofish.obj src/ciphers/xtea.obj src/encauth/ccm/ccm_memory.obj \
+src/encauth/ccm/ccm_test.obj src/encauth/eax/eax_addheader.obj src/encauth/eax/eax_decrypt.obj \
+src/encauth/eax/eax_decrypt_verify_memory.obj src/encauth/eax/eax_done.obj src/encauth/eax/eax_encrypt.obj \
+src/encauth/eax/eax_encrypt_authenticate_memory.obj src/encauth/eax/eax_init.obj \
+src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj src/encauth/gcm/gcm_add_iv.obj \
+src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj src/encauth/gcm/gcm_init.obj \
+src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj \
+src/encauth/gcm/gcm_test.obj src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
+src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
+src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \
+src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj src/hashes/helper/hash_filehandle.obj \
+src/hashes/helper/hash_memory.obj src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj \
+src/hashes/md5.obj src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/sha1.obj src/hashes/sha2/sha256.obj \
+src/hashes/sha2/sha512.obj src/hashes/tiger.obj src/hashes/whirl/whirl.obj src/mac/hmac/hmac_done.obj \
+src/mac/hmac/hmac_file.obj src/mac/hmac/hmac_init.obj src/mac/hmac/hmac_memory.obj \
+src/mac/hmac/hmac_memory_multi.obj src/mac/hmac/hmac_process.obj src/mac/hmac/hmac_test.obj \
+src/mac/omac/omac_done.obj src/mac/omac/omac_file.obj src/mac/omac/omac_init.obj src/mac/omac/omac_memory.obj \
+src/mac/omac/omac_memory_multi.obj src/mac/omac/omac_process.obj src/mac/omac/omac_test.obj \
+src/mac/pelican/pelican.obj src/mac/pelican/pelican_memory.obj src/mac/pelican/pelican_test.obj \
+src/mac/pmac/pmac_done.obj src/mac/pmac/pmac_file.obj src/mac/pmac/pmac_init.obj src/mac/pmac/pmac_memory.obj \
+src/mac/pmac/pmac_memory_multi.obj src/mac/pmac/pmac_ntz.obj src/mac/pmac/pmac_process.obj \
+src/mac/pmac/pmac_shift_xor.obj src/mac/pmac/pmac_test.obj src/misc/base64/base64_decode.obj \
+src/misc/base64/base64_encode.obj src/misc/burn_stack.obj src/misc/crypt/crypt.obj \
+src/misc/crypt/crypt_argchk.obj src/misc/crypt/crypt_cipher_descriptor.obj \
+src/misc/crypt/crypt_cipher_is_valid.obj src/misc/crypt/crypt_find_cipher.obj \
+src/misc/crypt/crypt_find_cipher_any.obj src/misc/crypt/crypt_find_cipher_id.obj \
+src/misc/crypt/crypt_find_hash.obj src/misc/crypt/crypt_find_hash_any.obj \
+src/misc/crypt/crypt_find_hash_id.obj src/misc/crypt/crypt_find_prng.obj \
+src/misc/crypt/crypt_hash_descriptor.obj src/misc/crypt/crypt_hash_is_valid.obj \
+src/misc/crypt/crypt_prng_descriptor.obj src/misc/crypt/crypt_prng_is_valid.obj \
+src/misc/crypt/crypt_register_cipher.obj src/misc/crypt/crypt_register_hash.obj \
+src/misc/crypt/crypt_register_prng.obj src/misc/crypt/crypt_unregister_cipher.obj \
+src/misc/crypt/crypt_unregister_hash.obj src/misc/crypt/crypt_unregister_prng.obj \
+src/misc/error_to_string.obj src/misc/mpi/is_prime.obj src/misc/mpi/mpi_to_ltc_error.obj \
+src/misc/mpi/rand_prime.obj src/misc/pkcs5/pkcs_5_1.obj src/misc/pkcs5/pkcs_5_2.obj src/misc/zeromem.obj \
+src/modes/cbc/cbc_decrypt.obj src/modes/cbc/cbc_done.obj src/modes/cbc/cbc_encrypt.obj \
+src/modes/cbc/cbc_getiv.obj src/modes/cbc/cbc_setiv.obj src/modes/cbc/cbc_start.obj \
+src/modes/cfb/cfb_decrypt.obj src/modes/cfb/cfb_done.obj src/modes/cfb/cfb_encrypt.obj \
+src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.obj \
+src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj \
 src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj \
-src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_encrypt.obj src/modes/ecb/ecb_start.obj \
-src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj \
-src/modes/ofb/ofb_setiv.obj src/modes/ofb/ofb_start.obj \
-src/pk/asn1/der/der_decode_integer.obj src/pk/asn1/der/der_encode_integer.obj \
+src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \
+src/modes/ecb/ecb_start.obj src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj \
+src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj \
+src/modes/ofb/ofb_start.obj src/pk/asn1/der/der_decode_integer.obj src/pk/asn1/der/der_encode_integer.obj \
 src/pk/asn1/der/der_get_multi_integer.obj src/pk/asn1/der/der_length_integer.obj \
-src/pk/asn1/der/der_put_multi_integer.obj src/pk/dh/dh.obj src/pk/dsa/dsa_export.obj \
-src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_make_key.obj \
-src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj \
-src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/packet_store_header.obj \
-src/pk/packet_valid_header.obj src/pk/pkcs1/pkcs_1_i2osp.obj \
-src/pk/pkcs1/pkcs_1_mgf1.obj src/pk/pkcs1/pkcs_1_oaep_decode.obj \
-src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \
-src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj \
-src/pk/pkcs1/pkcs_1_v15_es_decode.obj src/pk/pkcs1/pkcs_1_v15_es_encode.obj \
-src/pk/pkcs1/pkcs_1_v15_sa_decode.obj src/pk/pkcs1/pkcs_1_v15_sa_encode.obj \
-src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj src/pk/rsa/rsa_export.obj \
-src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_import.obj \
-src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj \
-src/pk/rsa/rsa_v15_decrypt_key.obj src/pk/rsa/rsa_v15_encrypt_key.obj \
-src/pk/rsa/rsa_v15_sign_hash.obj src/pk/rsa/rsa_v15_verify_hash.obj \
-src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj src/prngs/rc4.obj \
-src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj \
-src/prngs/sprng.obj src/prngs/yarrow.obj
+src/pk/asn1/der/der_put_multi_integer.obj src/pk/dh/dh.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj \
+src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_sign_hash.obj \
+src/pk/dsa/dsa_verify_hash.obj src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/packet_store_header.obj \
+src/pk/packet_valid_header.obj src/pk/pkcs1/pkcs_1_i2osp.obj src/pk/pkcs1/pkcs_1_mgf1.obj \
+src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/pkcs1/pkcs_1_os2ip.obj \
+src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/pkcs1/pkcs_1_v15_es_decode.obj \
+src/pk/pkcs1/pkcs_1_v15_es_encode.obj src/pk/pkcs1/pkcs_1_v15_sa_decode.obj \
+src/pk/pkcs1/pkcs_1_v15_sa_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \
+src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_import.obj \
+src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj src/pk/rsa/rsa_v15_decrypt_key.obj \
+src/pk/rsa/rsa_v15_encrypt_key.obj src/pk/rsa/rsa_v15_sign_hash.obj src/pk/rsa/rsa_v15_verify_hash.obj \
+src/pk/rsa/rsa_verify_hash.obj src/prngs/fortuna.obj src/prngs/rc4.obj src/prngs/rng_get_bytes.obj \
+src/prngs/rng_make_prng.obj src/prngs/sober128.obj src/prngs/sprng.obj src/prngs/yarrow.obj 
+
+HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
+src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \
+src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
 
 #ciphers come in two flavours... enc+dec and enc
 src/ciphers/aes/aes_enc.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
@@ -86,12 +87,18 @@ src/ciphers/aes/aes_enc.obj: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
 
 library: $(OBJECTS)
 	lib /out:tomcrypt.lib $(OBJECTS)
+	cd testprof 
+	nmake -f makefile.msvc
+	cd ..
 	
-x86_prof: demos/x86_prof.c library
-	cl $(CFLAGS) demos/x86_prof.c tomcrypt.lib advapi32.lib 
-
 tv_gen: demos/tv_gen.c library
 	cl $(CFLAGS) demos/tv_gen.c tomcrypt.lib advapi32.lib 
 
 hashsum: demos/hashsum.c library
 	cl $(CFLAGS) demos/hashsum.c tomcrypt.lib advapi32.lib
+
+test: demos/test.c library
+	cl $(CFLAGS) demos/test.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib
+
+timing: demos/timing.c library
+	cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib

makefile.shared

@@ -6,10 +6,10 @@
 # Tom St Denis
 
 # The version
-VERSION=0:100
+VERSION=0:101
 
 # Compiler and Linker Names
-CC=libtool --silent --mode=compile gcc
+CC=libtool --mode=compile gcc
 
 # Compilation flags. Note the += does not write over the user's CFLAGS!
 CFLAGS += -c -I./src/headers/ -Wall -Wsign-compare -W -Wshadow 
@@ -35,12 +35,16 @@ CFLAGS += -fomit-frame-pointer
 #CFLAGS += -DLTC_NO_ROLC
 
 #Output filenames for various targets.
+LIBTEST=libtomcrypt_prof.la
 LIBNAME=libtomcrypt.la
 HASH=hashsum
 CRYPT=encrypt
 SMALL=small
 PROF=x86_prof
 TV=tv_gen
+TEST=test
+TIMING=timing
+
 
 #LIBPATH-The directory for libtomcrypt to be installed to.
 #INCPATH-The directory to install the header files for libtomcrypt.
@@ -52,7 +56,7 @@ DATAPATH=/usr/share/doc/libtomcrypt/pdf
 
 #Who do we install as?
 USER=root
-GROUP=root
+GROUP=wheel
 
 #List of objects to compile.
 
@@ -62,90 +66,86 @@ MPIOBJECT=src/misc/mpi/mpi.o
 #If you don't want mpi.o then add this
 #MPISHARED=$(LIBPATH)/libtommath.la
 
-OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o \
-src/ciphers/anubis.o src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o \
-src/ciphers/khazad.o src/ciphers/noekeon.o src/ciphers/rc2.o src/ciphers/rc5.o \
-src/ciphers/rc6.o src/ciphers/safer/safer.o src/ciphers/safer/safer_tab.o \
-src/ciphers/safer/saferp.o src/ciphers/skipjack.o src/ciphers/twofish/twofish.o \
-src/ciphers/xtea.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
-src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o \
-src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
-src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o \
-src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
-src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o \
-src/encauth/ocb/ocb_encrypt.o src/encauth/ocb/ocb_encrypt_authenticate_memory.o \
-src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
-src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o \
-src/encauth/ocb/s_ocb_done.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
-src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
-src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
-src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o \
-src/hashes/sha2/sha256.o src/hashes/sha2/sha512.o src/hashes/tiger.o \
-src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o src/mac/hmac/hmac_file.o \
-src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
-src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o \
-src/mac/hmac/hmac_test.o src/mac/omac/omac_done.o src/mac/omac/omac_file.o \
-src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
-src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o \
-src/mac/omac/omac_test.o src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o \
-src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
-src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o \
-src/mac/pmac/pmac_process.o src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o \
-src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o \
-src/misc/burn_stack.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \
-src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \
-src/misc/crypt/crypt_find_cipher.o src/misc/crypt/crypt_find_cipher_any.o \
-src/misc/crypt/crypt_find_cipher_id.o src/misc/crypt/crypt_find_hash.o \
-src/misc/crypt/crypt_find_hash_any.o src/misc/crypt/crypt_find_hash_id.o \
-src/misc/crypt/crypt_find_prng.o src/misc/crypt/crypt_hash_descriptor.o \
-src/misc/crypt/crypt_hash_is_valid.o src/misc/crypt/crypt_prng_descriptor.o \
-src/misc/crypt/crypt_prng_is_valid.o src/misc/crypt/crypt_register_cipher.o \
-src/misc/crypt/crypt_register_hash.o src/misc/crypt/crypt_register_prng.o \
-src/misc/crypt/crypt_unregister_cipher.o src/misc/crypt/crypt_unregister_hash.o \
-src/misc/crypt/crypt_unregister_prng.o src/misc/error_to_string.o \
-src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o src/misc/mpi/rand_prime.o \
-src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
-src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_encrypt.o src/modes/cbc/cbc_getiv.o \
-src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o src/modes/cfb/cfb_decrypt.o \
-src/modes/cfb/cfb_encrypt.o src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o \
-src/modes/cfb/cfb_start.o src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_encrypt.o \
+OBJECTS=src/ciphers/aes/aes_enc.o $(MPIOBJECT) src/ciphers/aes/aes.o src/ciphers/anubis.o \
+src/ciphers/blowfish.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/khazad.o src/ciphers/noekeon.o \
+src/ciphers/rc2.o src/ciphers/rc5.o src/ciphers/rc6.o src/ciphers/safer/safer.o \
+src/ciphers/safer/safer_tab.o src/ciphers/safer/saferp.o src/ciphers/skipjack.o \
+src/ciphers/twofish/twofish.o src/ciphers/xtea.o src/encauth/ccm/ccm_memory.o \
+src/encauth/ccm/ccm_test.o src/encauth/eax/eax_addheader.o src/encauth/eax/eax_decrypt.o \
+src/encauth/eax/eax_decrypt_verify_memory.o src/encauth/eax/eax_done.o src/encauth/eax/eax_encrypt.o \
+src/encauth/eax/eax_encrypt_authenticate_memory.o src/encauth/eax/eax_init.o \
+src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o src/encauth/gcm/gcm_add_iv.o \
+src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o src/encauth/gcm/gcm_init.o \
+src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o \
+src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
+src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
+src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
+src/hashes/helper/hash_memory.o src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o \
+src/hashes/md5.o src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/sha1.o src/hashes/sha2/sha256.o \
+src/hashes/sha2/sha512.o src/hashes/tiger.o src/hashes/whirl/whirl.o src/mac/hmac/hmac_done.o \
+src/mac/hmac/hmac_file.o src/mac/hmac/hmac_init.o src/mac/hmac/hmac_memory.o \
+src/mac/hmac/hmac_memory_multi.o src/mac/hmac/hmac_process.o src/mac/hmac/hmac_test.o \
+src/mac/omac/omac_done.o src/mac/omac/omac_file.o src/mac/omac/omac_init.o src/mac/omac/omac_memory.o \
+src/mac/omac/omac_memory_multi.o src/mac/omac/omac_process.o src/mac/omac/omac_test.o \
+src/mac/pelican/pelican.o src/mac/pelican/pelican_memory.o src/mac/pelican/pelican_test.o \
+src/mac/pmac/pmac_done.o src/mac/pmac/pmac_file.o src/mac/pmac/pmac_init.o src/mac/pmac/pmac_memory.o \
+src/mac/pmac/pmac_memory_multi.o src/mac/pmac/pmac_ntz.o src/mac/pmac/pmac_process.o \
+src/mac/pmac/pmac_shift_xor.o src/mac/pmac/pmac_test.o src/misc/base64/base64_decode.o \
+src/misc/base64/base64_encode.o src/misc/burn_stack.o src/misc/crypt/crypt.o \
+src/misc/crypt/crypt_argchk.o src/misc/crypt/crypt_cipher_descriptor.o \
+src/misc/crypt/crypt_cipher_is_valid.o src/misc/crypt/crypt_find_cipher.o \
+src/misc/crypt/crypt_find_cipher_any.o src/misc/crypt/crypt_find_cipher_id.o \
+src/misc/crypt/crypt_find_hash.o src/misc/crypt/crypt_find_hash_any.o \
+src/misc/crypt/crypt_find_hash_id.o src/misc/crypt/crypt_find_prng.o \
+src/misc/crypt/crypt_hash_descriptor.o src/misc/crypt/crypt_hash_is_valid.o \
+src/misc/crypt/crypt_prng_descriptor.o src/misc/crypt/crypt_prng_is_valid.o \
+src/misc/crypt/crypt_register_cipher.o src/misc/crypt/crypt_register_hash.o \
+src/misc/crypt/crypt_register_prng.o src/misc/crypt/crypt_unregister_cipher.o \
+src/misc/crypt/crypt_unregister_hash.o src/misc/crypt/crypt_unregister_prng.o \
+src/misc/error_to_string.o src/misc/mpi/is_prime.o src/misc/mpi/mpi_to_ltc_error.o \
+src/misc/mpi/rand_prime.o src/misc/pkcs5/pkcs_5_1.o src/misc/pkcs5/pkcs_5_2.o src/misc/zeromem.o \
+src/modes/cbc/cbc_decrypt.o src/modes/cbc/cbc_done.o src/modes/cbc/cbc_encrypt.o \
+src/modes/cbc/cbc_getiv.o src/modes/cbc/cbc_setiv.o src/modes/cbc/cbc_start.o \
+src/modes/cfb/cfb_decrypt.o src/modes/cfb/cfb_done.o src/modes/cfb/cfb_encrypt.o \
+src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
+src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
 src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
-src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_encrypt.o src/modes/ecb/ecb_start.o \
-src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o \
-src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
-src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
+src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
+src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
+src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
+src/modes/ofb/ofb_start.o src/pk/asn1/der/der_decode_integer.o src/pk/asn1/der/der_encode_integer.o \
 src/pk/asn1/der/der_get_multi_integer.o src/pk/asn1/der/der_length_integer.o \
-src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o \
-src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o \
-src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \
-src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
-src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o \
-src/pk/pkcs1/pkcs_1_mgf1.o src/pk/pkcs1/pkcs_1_oaep_decode.o \
-src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
-src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o \
-src/pk/pkcs1/pkcs_1_v15_es_decode.o src/pk/pkcs1/pkcs_1_v15_es_encode.o \
-src/pk/pkcs1/pkcs_1_v15_sa_decode.o src/pk/pkcs1/pkcs_1_v15_sa_encode.o \
-src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o src/pk/rsa/rsa_export.o \
-src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
-src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \
-src/pk/rsa/rsa_v15_decrypt_key.o src/pk/rsa/rsa_v15_encrypt_key.o \
-src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
-src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o \
-src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \
-src/prngs/sprng.o src/prngs/yarrow.o
+src/pk/asn1/der/der_put_multi_integer.o src/pk/dh/dh.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \
+src/pk/dsa/dsa_import.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_sign_hash.o \
+src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/packet_store_header.o \
+src/pk/packet_valid_header.o src/pk/pkcs1/pkcs_1_i2osp.o src/pk/pkcs1/pkcs_1_mgf1.o \
+src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1/pkcs_1_os2ip.o \
+src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v15_es_decode.o \
+src/pk/pkcs1/pkcs_1_v15_es_encode.o src/pk/pkcs1/pkcs_1_v15_sa_decode.o \
+src/pk/pkcs1/pkcs_1_v15_sa_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \
+src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_import.o \
+src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o src/pk/rsa/rsa_v15_decrypt_key.o \
+src/pk/rsa/rsa_v15_encrypt_key.o src/pk/rsa/rsa_v15_sign_hash.o src/pk/rsa/rsa_v15_verify_hash.o \
+src/pk/rsa/rsa_verify_hash.o src/prngs/fortuna.o src/prngs/rc4.o src/prngs/rng_get_bytes.o \
+src/prngs/rng_make_prng.o src/prngs/sober128.o src/prngs/sprng.o src/prngs/yarrow.o 
+
+HEADERS=src/headers/tommath_superclass.h src/headers/tomcrypt_cfg.h \
+src/headers/tomcrypt_mac.h src/headers/tomcrypt_macros.h \
+src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h \
+src/headers/tomcrypt_cipher.h src/headers/tomcrypt_pk.h \
+src/headers/tommath_class.h src/headers/ltc_tommath.h src/headers/tomcrypt_hash.h \
+src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
+src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
 
 TESTOBJECTS=demos/test.o
 HASHOBJECTS=demos/hashsum.o
 CRYPTOBJECTS=demos/encrypt.o
 SMALLOBJECTS=demos/small.o
-PROFS=demos/x86_prof.o
 TVS=demos/tv_gen.o
-
-#Header files used by libtomcrypt.
-HEADERS=src/headers/ltc_tommath.h src/headers/tomcrypt_cfg.h \
-src/headers/tomcrypt_misc.h  src/headers/tomcrypt_prng.h src/headers/tomcrypt_cipher.h  src/headers/tomcrypt_hash.h \
-src/headers/tomcrypt_macros.h  src/headers/tomcrypt_pk.h src/headers/tomcrypt.h src/headers/tomcrypt_argchk.h \
-src/headers/tomcrypt_custom.h src/headers/tomcrypt_pkcs.h src/headers/tommath_class.h src/headers/tommath_superclass.h
+TESTS=demos/test.o
+TIMINGS=demos/timing.o
 
 #The default rule for make builds the libtomcrypt library.
 default:library
@@ -164,11 +164,14 @@ src/hashes/sha2/sha512.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha384.c
 src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
 
 #This rule makes the libtomcrypt library.
-library: $(LIBNAME)
+library: $(LIBTEST) $(LIBNAME)
+
+$(LIBTEST):
+	cd testprof ; CFLAGS="$(CFLAGS)" GROUP=$(GROUP) USER=$(USER) VERSION=$(VERSION) LIBPATH=$(LIBPATH) LIBNAME=$(LIBTEST) make -f makefile.shared
 
 $(LIBNAME): $(OBJECTS)
-	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | xargs` -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION)
-	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]o" | xargs`  -o libtomcrypt.a
+	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]lo" | grep "src/" | xargs` -o libtomcrypt.la -rpath $(LIBPATH) -version-info $(VERSION)
+	libtool --silent --mode=link gcc $(CFLAGS) `find . -type f | grep "[.]o" | grep "src/" | xargs`  -o libtomcrypt.a
 	ranlib libtomcrypt.a
 	libtool --silent --mode=install install -c libtomcrypt.la $(LIBPATH)/libtomcrypt.la
 	install -d -g $(GROUP) -o $(USER) $(DESTDIR)$(INCPATH)
@@ -177,17 +180,19 @@ $(LIBNAME): $(OBJECTS)
 #This rule makes the hash program included with libtomcrypt
 hashsum: library
 	gcc $(CFLAGS) demos/hashsum.c -o hashsum.o
-	libtool --mode=link gcc -o hashsum hashsum.o -ltomcrypt $(MPISHARED)
+	gcc -o hashsum hashsum.o -ltomcrypt_prof -ltomcrypt $(MPISHARED)
 
 #makes the crypt program
 crypt: library 
 	gcc $(CFLAGS) demos/encrypt.c -o encrypt.o
-	libtool --mode=link gcc -o crypt encrypt.o -ltomcrypt $(MPISHARED)
-
-x86_prof: library
-	gcc $(CFLAGS) demos/x86_prof.c -o x86_prof.o
-	libtool --mode=link gcc -o x86_prof x86_prof.o -ltomcrypt $(MPISHARED) $(EXTRALIBS)
+	gcc -o crypt encrypt.o -ltomcrypt_prof -ltomcrypt $(MPISHARED)
 
 tv_gen: library $(TVS)
-	gcc $(CFLAGS) demos/tv_gen.c -o tv_gen.o
-	libtool --mode=link gcc -o tv_gen tv_gen.o -ltomcrypt $(MPISHARED)
+	gcc -o tv_gen $(TVS) -ltomcrypt_prof -ltomcrypt $(MPISHARED)
+
+test: library $(TESTS)
+	gcc -o $(TEST) $(TESTS) -ltomcrypt_prof -ltomcrypt $(MPISHARED)
+
+timing: library $(TIMINGS)
+	gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(MPISHARED)
+

notes/ccm_tv.txt

@@ -0,0 +1,214 @@
+CCM Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key.  The outputs
+are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous
+step repeated sufficiently.  The nonce is fixed throughout at 13 bytes 000102...
+
+CCM-aes (16 byte key)
+  0: , 54C92FE45510D6B3B0D46EAC2FEE8E63
+  1: DA, 7A8984228DCF944903936CA9D7709ACF
+  2: B95E, 1056DE0CBBEEA760ED2053FFEB554EA6
+  3: 58FF3B, A42DE1A812D29BBC6C1C5AC808565437
+  4: 9D6E6FB6, 5E8E0422792999381ED669CE17601D34
+  5: 40D49E851D, B076B4ED79BF0155B39A743550593944
+  6: 015356B9A6E1, 8D62CEFC451CAE4A21C1C579C6CAA128
+  7: A2CF0A77AE0DE2, 97B9D201740FA59E863513EDACC59FFB
+  8: A44C68E52F95B48B, A461B79D4D9B8ADF6C6618E6ECDC059A
+  9: F56B8AD68AA31F22B9, C5C7D2E6FE34D94CE72B86DA55679080
+ 10: 5C17EEBF4E348CBE3278, 29FAE7B470CB652C501343FE23B25894
+ 11: 1EE960BFAE360302D834E3, 8F8F475EB9BAB29CE14A9CF42C30B148
+ 12: EFF6BA1F2B1389237C6C045E, C895302DD8E75096951EF5CA63BFDD67
+ 13: 5A1179A4047334CCD9162F36EB, 110987D37F45422625DEA402BD7580EB
+ 14: F26E2C27E7D287B182FA42879978, 530FDE90C13A01EBCA86449073A3B035
+ 15: 77BFE79B4BC87116EC5232606E890F, 280994EB0E16C7CF10F31BB60DBF52C8
+ 16: 9926A4CE1AD70B89CC0050A58B958742, A635B4272EBFA1F83DAE270452D877E7
+ 17: BAAF99CAE4753E3304D6F8F9C0CD366C68, A6F606AACD0B87923B43C3EB61AC3965
+ 18: F72453C6765352A31494FA02B388E407B1FB, 0A446D28B7C5845C3621B4D3A0FA98DB
+ 19: A7372589A86B2E137F124A96618095EB5E1435, 3C59A6A858947FEBFD32441E37309F1A
+ 20: 5683E13A4E82A1AB8B3DC2051B6DBF2E1F2BB417, 459D1B0D2CF2C30B5ED5C237D07DFC19
+ 21: 33594C4B84536C23DA5AB2117E9267258CCE5DEC3B, 6E4BB70A72343E142AC4E31CE0FE6A77
+ 22: 332EDC9A3BDB90DBCCF317AC55BE5855CA9BCA2A73C4, 9FB310E5FFF5C754EE1E5FFF865F1656
+ 23: 734618677055469335FFD574B008F2C68B78633F79010E, FAD31386E42BB4EA76A643A9004A8CB4
+ 24: BA6F6ABA2AF35895F7F966D71F4E91A0BDD1DD551826F861, 25A3EC1C91C26283BAA5975390285AB2
+ 25: FF519213E858E36AC8D92450F81CA46C8CA8AB129A997EBB36, 0D4AB2B7A5EB02242C01A81CEBF5D84E
+ 26: B1F80058C3B4316EA86E9A898CD0B9C0366DFCB2AEC0799312D5, 0F4FF2759EDDF6349F4E23F284FAAD2E
+ 27: 00BDC15012F8183112D5C3A135DC60DC9C764A04BD39A8E041F1D9, 0C68BC9E6A6BF1B01743F3183C9B7C80
+ 28: 3022FD12969D925365C553D98D59E5D1EC494540909D1FA794F41E18, 05E61844943E78DB9BD417DDDE9C98B2
+ 29: 4F4A4554BFED6BAA09E3D8843C4EA3807B8762799C1D21289A46575389, 3A59A6DC9230020FE061466A92BBCAFD
+ 30: 6AE735EB15D9B39C8AD0E54F45307AAD97DB9F8A2A66BDC9BABCCFBD54A3, 0BDB365E493A9E160EEFD7DE24101870
+ 31: 4AF19F00EAE55FED2304B94FBCA29383042F2BE711041323C1D9F14BA63383, 94561581E496553D068052BA698683D2
+ 32: C2438BC46A92A465E0DB41E638CC6C8E0029C4DA842CA4140D73F90985EABA9C, 0F5A69F52AA8D8508D09E642511E54E5
+
+CCM-rc6 (16 byte key)
+  0: , D01FACF2BB577BFA6194800E53FB4A00
+  1: 65, 92E48F7300FA2697E9E0FF80DD187237
+  2: AF5C, 332863BC515649D5BCAB6A2FE5F5250D
+  3: E7C89D, 49A641F027C65A15100009D99E79CF3F
+  4: ACB36D46, 53DE328A8B4B14CAD363BED53DACE8A1
+  5: C3ADAE6CCF, F713F5079BD77046F95D8685CDF522DC
+  6: 5A8CABC912DA, FB97B059D2BE1273497FA8D2739A1505
+  7: 27F101DD6D0894, 266ACEF34476A0E64410D209219335D0
+  8: 66164DA09BE2F46D, EFC64C01890A5B562AF39ADFC48E1CA9
+  9: 1B0018895394753995, FA894E1C882D96E35A4C238708931F3D
+ 10: D346062826187BAEFC3B, A036AE1D3C02E2AD23541DE095AC7B84
+ 11: EFB375BA1138339FA1B504, CDD4232FF4664D59D5AC6BE32CBE1B35
+ 12: AFCF494078D7D7E6D9803FD5, 07E06ED923F76150BE82C1DDCB62C4DD
+ 13: 75DF2EC91379408DA426A444E4, 440ACDF2A6567FA3A5009DDFE502A1A1
+ 14: 3B36B62B01E324E702694305DD29, 4093598607DCD9993845D1837D211FE2
+ 15: 7DF6595C9711B164C99CB246B4D57E, F364993B2C187058F466B62D11E0F94D
+ 16: D317EE9EE1746D1B89A4CC52D88F0819, 41856B0B229D38344FA718E04CA57A8B
+ 17: 85252277A97CA7553007995BD5A0DCD372, BDEEAB636BD1ACC8D5A23F658150FA30
+ 18: 36FF305AC6EF662C155A1C15A6C195D3EC88, 9AC48EF07A510E308E06E79C0C80C3A0
+ 19: 51645A614313E978F6DCE7BBDDEDC33E3284AB, E9F7723E763AD50161C0671C4034FD0A
+ 20: 3CB9E6D0730FE05F903D338708AD8E34BFBB3285, 8A12185DAD518049F0FAC945A8FB305A
+ 21: 276E37D246C40ABF32DC83007B95390EE801CDA6E3, 73FA1D310D031E0A0A3A1421661B4697
+ 22: 4444BB070EDFBD1AC59D0BF70D66F48F0830069F3562, 9DCB6A99CBCCE3C8AEF29F06AF5057FB
+ 23: D16BA084CF82EDD2E43349311140BF3A2E37DE40544BF3, CB93C5AD60C700D4EA653136101AACCC
+ 24: 3FBAEBB36E2B74014043BA7D72F899B0D8DED883F592D778, 54DEA31D7EEA863A06A16D6C9B25DC13
+ 25: 3614B5428B790793F31E23670A38A070B65DB8E51C61FEA9C9, A91B750FD7ABFF18376C982DFA0C8872
+ 26: AC15FD90A4C254BA1406BE7DBA5694BB2625F634C69F45CCCD04, E6F97BCC8526BE3C04BA139EB50E65DF
+ 27: B506E83557E48553BD8557411D2C17D64005E734BA5A5FF1CF98B1, 6FA001758A19F783A71C97AF1AA61F94
+ 28: F07721663400838947EA1B9404D9683556F2D911429A9F59E3F5AD31, 376A1165A30C919E96C3706A4AB5DB37
+ 29: 98B5EB8FE0005E515A585D8F44D838FA590054EA5201CD444366B6F71E, D8C58448F601F2C05F24ED2CC349C78B
+ 30: E36E2FC225767CC1E2C388BEBC2C81C340FEF5B504575D5FA49682E1C214, CFED56F38CA4F84E6E1E16CEF50A6154
+ 31: 7A9FDD8E481B822B3D282AAF726944101ED61DAE73782DE055D7D305E36B27, 328B10841E977041CBD13C39CD70F03F
+ 32: 48AE8B5FA027930A7BCEC27468D795D0D8E6099C5F0558361B3AD20C1ECFF89F, B180AA9353E9EB6A22710A4DE872FACB
+
+CCM-safer+ (16 byte key)
+  0: , E106F41D61402E532662213EBA471BFF
+  1: 05, 1749600C7045647DCB3293C0724E7A21
+  2: 2355, 80DD597665723F4AEFFF760C5C6C5EE2
+  3: 5F4CD8, 59AE54E63A8CF4DBAD050B42CE922013
+  4: 75F63A43, C31B6BD3125C036C99507DDEE0197201
+  5: 51D4D87B8D, 0F3872088CDEB0E958C35F343677AC24
+  6: 8CF6D81A274C, C8E688954E72A052B5F8D1CA46FB44B0
+  7: 5EB8283B299AB1, 5977CB96C8D439DE3A86AE0452A2EE34
+  8: 829B1A4EA8643EAA, 1E892D3DFB73A469035CA81DD7F937D1
+  9: 0FEEF9504CF0F4E282, EDCBED7C61E8E2D24392B4145218F0AB
+ 10: DEF7679D3073D461A94C, D7ABAE561901CBB30FD7D9467C088B3B
+ 11: 625FD679C7354A74D62893, 450E3954857640DDF4C7A95A6E202A1E
+ 12: 3C9E76E4E2D4D95FEABD5C90, CD4467F695B7ED8973AEED5A822B347A
+ 13: B1B6294ECEAE6AEE4853731CA9, 6042302DAE598822BE8554BE038119CF
+ 14: 204BF480582D4BA408BAD23CEB52, 4D6B87334E1BFB9BA2D42B89B24165B2
+ 15: 277591770E3E2DB97A3011D9616991, 75D0A4B9937748EAE7794056F7A8A7FE
+ 16: 5669F75D0C908BFF7B82095231B86DAA, 3E816776A73FB89276534A3646C0F8FB
+ 17: 37E621EF5A043A83FC98A65329891BC031, 159A823EA61B3A47B42EFCF12F304725
+ 18: 18AC6ECF3F478A0797BF813C871235A9D309, 9B415B1B3A933B22C9027E2D72764956
+ 19: 671484C7587DAAB885C7F2FAF030081B452CC6, 574A63D113A5ECEC877D5A368A3160AA
+ 20: D7AB0F7D46B7ED976C8F6E7D0C6AABE3CAAA5A6E, 266C7A025C4EDF657DD42EB82BB6616A
+ 21: D60E4CFC6500E237276A69F35AE4BBAE17371392EF, 6ED2A1673F8B4DB795547D9D93D76D8B
+ 22: FAC6E21979D8D9896C790CB883C29F84D6820AE4FD4B, 1C7B6D73200E3C2DC5C701152F38EE8E
+ 23: 39240DC2B544CA8BEBBB4EA499FD48A5EE707198AE8AC8, E7FFD169552665ADE7B9C0DFFDD04EBD
+ 24: 6BE2C24172CAA192D55CC3E640E34675DD7F441CE5DB0FC0, 760CA976355281F76E49A2856A4EC7A0
+ 25: 0E20427218D6447D6E23FA4832CB8D2A172B23FDC542B41524, 27D0F37E109252FF5E6F6F703CA784F5
+ 26: 0AF75BD89028A5691B8B7993B9CE4FD24334A312DE28212C8B2C, AFE4C6B193B0F1796FC9E6C23292C060
+ 27: 6830D8E2E6DEC1476796DA44C982D36409E268F966283A66E801ED, 9E2C92D5B30EB0943E17869ED4C789EC
+ 28: 75ED280BEECD7768F7E032071F0E06D9D6BF1C9FF8E5DEB536DCD4BA, BF0DD11D633DBA5DCD25F4172765570B
+ 29: DF1FAECC1DB24718236B18B90B354F405FD5DE1257EC43F811F4A43DCD, 48D182E572E794350BBDA91FD76B86BC
+ 30: 176681E38ACACCD3C625F554C1F7A2D7C2C474C9444EAC8929B8C36EC05E, 080E109FFC5D247F1007217DD642BBA3
+ 31: 8A8172C21D88A1FDD43089C545C308507617F7BDB02C47CF2719F1484407E2, 1A0D10B0AF5BE21BF19D570D3FDA5BCE
+ 32: 0A93CAE2B95517773A4009FD3438231A207B9D46AABAE83FC4E1057EA4E2D6B4, 717AEF2F55DC8669F7E2D0298F8A7BE9
+
+CCM-twofish (16 byte key)
+  0: , 33B3DF1B59C84DD3C15E4FEB66173303
+  1: BF, 92DCEBF1C11DD0B028DEC944A555E4C6
+  2: 8A4F, A859C7F76291326D821BB3C7519657C0
+  3: BAE755, 14D7C2EFBCA1063460FEFCEBAE3AD79A
+  4: 25695BC6, 9358BC434B14B59ED17F9C0D3F51DCB1
+  5: 1D9FC70ECE, 2A86578FA3A8C702E2E6723DB9A9893F
+  6: AC39F1DF3661, 3F9C71EE0506FD2BAFFEE7200D22CD92
+  7: D330A915EED9D0, 22DC25EDF5ACDEF8358BE2A3082112BC
+  8: EF913ADAE6380507, E87D72BB6395EEEF2AD4F546B4033DE8
+  9: 5EC16994E762BCE467, D7700F7BF4FE026A2076F161C3383A0A
+ 10: 7EEB4910B7C2B540B490, 40C88A977E1DCDDABD749ABC9A0C60F8
+ 11: E5DD32FF54D39451CC2AF8, 541B1558B5AFF6E9EFBEE496D60AD65C
+ 12: 242C2900F859966B6627FF5C, 1CED148098350F3A5D1B5634180817A3
+ 13: EEF025B9E4EB867B127EBD19D4, AD0179A07AD1418C25F40E123C2BEF47
+ 14: C5E812B0AE37098686E2C4452C12, 02FC88AAA62E34742BB8577A651E922B
+ 15: 7BCAB32D1A871A62F9C781AFCAC60C, 2CD1C11EE197D9E130359F76E7F49251
+ 16: 1E82D8B8EED9A730D1670F0DCFF17B60, B7730261560EA6CF715FF7006D5FEFE2
+ 17: 0E1966992E360DC81312B28ECA6865B811, 10C40ACD169CB0F2A6FFC99F9A5516EA
+ 18: 5F5418C1322BF7EB828CF27C1F72086515BE, 90F8ED0447171A10476DED39F7518075
+ 19: 6C552506FA167FB8AA12E9F416930031487D4E, C992009F83F31A7BF922BFAE68C4134B
+ 20: 38429D966676406B17638DB7F9F7205250408BB2, 3385A50E9789D2C63835A80EFE9CFAE4
+ 21: 56EF426315EF96BE4C60B49F41C9BDDE2E0CDB3C22, 2D51D5B4F5B04BEF3BC1A7CF1AEA70E9
+ 22: 314B075C097EE531ECCE6AD7CEF22A72AAFCEFB02029, FB7A7D84D23FF524D060871D90FAC106
+ 23: 61CCCF7E2A9B3E46CD0A94D7F4A7617BB0DBA2D989907A, B3F4D46094732F3EDD81E0755F0C52EB
+ 24: 7A812A3BCED4E0A72FB81218BD5A4E33D69CA18834FFAE61, 487F80588B41F4E1198124708987667D
+ 25: DBFAB77EF07AA4C9ED2B05500BDFA00FE3F19F15F97A74880A, 84504D9EECBC6CE11B18BD105DE55E2C
+ 26: E676D4739B01B5101E36BF8D9F4FAE8F767C028E83A6D5B39664, 3141A05669807BCA30F0934F599FD077
+ 27: D8FEBD069D87C1EE504CB8F72ADFF2166B14BA40B17B4DAA439668, 1D99A301943041C2F7A71432DA736FE0
+ 28: D98E2A1CFFAB28341F92C41971A21AD0FDDE733EA25F2607967CD0C3, 42E05A53BF4F1A6C5B7F84742ECE031B
+ 29: 13FA412B484945C1FE8291A7EB8F8FB78D2DC2C72C5132386EA82BF4A6, A1A8E8B026DD116B0F9C73EB14C1C7CD
+ 30: 10ABD2DC25C8BA594FBFA9312E69C1A2DBF326475AF2080E55E3611FBC0E, 49DF8A5171DAC3FB684BA2CF7FBB3D3B
+ 31: F401D2123619B81F54F307B783362CC40FB4FB2433CF51F5543A147BCD1FE5, ACBB670CB3722059B4B9FBEE67703E98
+ 32: 839A9BFA1D3CA37924BC6648DED2291FC61736A3638906D9C5DA28A66AA684AC, CD07B83C8E0C3E6FB4115A149BDF6FDA
+
+CCM-noekeon (16 byte key)
+  0: , FF73C6775C61DB36D9B5EEC812091FF7
+  1: 5F, 7D2AEA62A5202E3C4FBE05F33EBE4CC5
+  2: 0EA5, 312ED15FDDAB6EEEAC6AF9BE9CE698FA
+  3: 968F95, FA1AD58B85B93B5A4B5096C881F773C3
+  4: 9A8F4069, 8911063ADDF79E27D9DCEFF3F440E6D7
+  5: A5C0376E27, 9553F44B0BA8039527F8E05CD70AD8B0
+  6: 5B097736F3DA, 405B7EC685FC94903B36AC8E700558B8
+  7: 616810AE303B2C, 64C95A2DF5263F7BE6D1F9F3CF88EADE
+  8: C8D69A2E1170532C, 073A7E426266237FD73D8109F55AE5D3
+  9: 3E42CDB7DA4A72F2E0, 48675EA4302CA6BFE5992DE96CE43BB3
+ 10: 88532CC1F3E321F66D64, 528B3516C6D9A4B5390DD32C2A2E6C19
+ 11: 9216A8FC9A961E7F602F7D, B03047186B783844F5B6757057576B38
+ 12: 89B0858D4FDE6795EDE19CCC, F4530A2DCA823307AEDE5AF34E5C4191
+ 13: A676E20BB0A5E84FD0B9149BF7, 11B823B315DA93B0E15780851526D4BD
+ 14: 903AD5C108C43A80436FE2117EF0, EB1C79C7DF20CE2967A99783EA8D6EF8
+ 15: 81774C36F46F67159B7FFC24C080D7, 2E9E4812D9A92977EC34922782B6420D
+ 16: 63FD1C3F692D64B2DA3982FCD474A5D4, 04171AE84857713A9BABBD4564875D33
+ 17: B1BF6AD99F83C9173C6C021ACA74C5431C, 38D17D4F6AA3C24B8F3B465EAACE0A1E
+ 18: 0948D1ED59F07DE44A96A76E05B0B6F7C309, 1848D886FCFF35E85B0DC3CBE5BEE7FA
+ 19: 3458E5911222F9C555A1054C7D9748876DA39A, 584AFAE72FB6065A74BE016CF39D2E86
+ 20: 641F3867185D0605E9D666AB605187E75A1299EF, 6F9332E6FB5EA0CE811E3345593CD163
+ 21: 0676622D07733EF31A765AAB1E713FCE329277FB16, 88547474050FFC986930CC04BA8A03F0
+ 22: 79861EC2FD2BCC5C12B69F30A1575FC66AC1405281BB, FC68EEAC8F39ED69D312AEABF8000084
+ 23: CB2731835A576F7F8F2C2786D786FB6186E2F85D89DA3B, 3ED9E95BC51CF6368E6EF63667B35BD8
+ 24: 3CB1C02FADB6DD5483BC5D3C03D944102CFCEDF82B913402, 1C3F60C989A6FBF41A7AF4F29115C334
+ 25: E69FAEA5E3D0B76EF9E70F99C5918D934D0E9836F248DB9EEE, 7F1916B2CF7C9A5E3F5581D365ADBD31
+ 26: 36779AD755A9DF2DC3C5824DC2F7DD4FFE038628A4E1A1C33AE7, 2BDED3703468D267F8AB7EC0AF8F1E65
+ 27: E9D325646A41EE5AA7DABCDE98DE83440A7DC02714BA0AEE017E22, 972F4D7832F3371C60DCD04A6DEDEA15
+ 28: 0FAAE3F6028A28A80BBFE71FA7AA9042E538B41A0D514D6EB4EE6029, F7B3925495E260249ACC6E1CBE956BC5
+ 29: A9CC39EFFEE354C0E0579256AA85CBAA7B10E670DD3828A7A05DA0F49D, 28D9D20187AFE70AD9DD16759F0EFEB5
+ 30: 032F4BBB4EBF2E65758C541FDAFF2107DDBED399739849F8EBB41AF9711F, A3436981ED637CE5EEE01B380C46ACAD
+ 31: 7B321ED831CE96A603668E3E74BBC7453749A03D04A1B38E95966E6CC488F0, 88D1DADF2C1EE0BA579D0A8A90C1E62A
+ 32: D862B0BD0E2178AE05AEFB14F34C791547C5956F1F3B5BD525926578DE383A94, BF32CFE059F27222DC55D3E7CE7C5F10
+
+CCM-anubis (16 byte key)
+  0: , C85F41475E06F25682F855C3D45A6523
+  1: 25, 437BD73ECB8CFFAD9B2876F08D4BDA36
+  2: 5ADC, 5C762058A5EF71278B69F567F18CBE51
+  3: 95E541, DF099E8218AEDE8087791B38298334E9
+  4: 2DAA84E4, 7437094198E4AD2647C2618248769A26
+  5: B9641C5855, 91B02EC44D22460BFF22BB40C799E20C
+  6: 102012BCEFA5, E60488DA65D683182F0EFDF9DA52A78C
+  7: 8F14972CA4F8EA, C26B51F20ACDEC7DCA911500CF1241ED
+  8: ED2714B652972256, 8BA29459D5D370FC608EE362B55B7633
+  9: BF58A269A4F59CE0A4, D69080820F836E5B5CA8F393E61ED009
+ 10: 44AF1F715ADAF26C6EF0, FEFBC7DB75ECDDBA4A13CBF9A57873D8
+ 11: 77CDE1B951F0803893642D, FBF8B80B061703504D8D3A7718366B6E
+ 12: DE599BAAC9D3EFD9FCD47E44, F636EC35D172D661F01746FF86688B95
+ 13: A792B8359050C4866572977415, AE67D4EED92E63A14003FBC936EEF43E
+ 14: 62D5A7A4DFB78A175831627987CB, 25F7B440DBE9902C28B28E50BF02C516
+ 15: B6F289459F924C76586F4EEA0C1CAA, 54266B4424C3AF6E81F6CC4F2437F54E
+ 16: 884B7DF3395F063DCA26BDF9F2FEF4EA, E3C2BFA1964EFDF78FDB9559C8031C50
+ 17: 774962377B8731F2F301B930487518801F, F35B54264711D843D23636BA6CFA3E4C
+ 18: E9C8D1164F2B196C7305406179B232E45F1F, 2A13E034A136EBC0ED3361737EAD214C
+ 19: D3DCD242C952C5589E00B65CD826CA87691B8F, 9D624D482042798DB896B55D801EAD98
+ 20: 57065B2655D4799C0478FE7E8463A2215E758875, C8FB052F14F9DF6731A9C8B566E71D53
+ 21: FF736FDBD23593D9BC9A0D8CA7D819F550EF969322, 5CC3023029790BFD43204B27D52D7D7E
+ 22: C562B7387B8F1D3DBA22DD1636C9C4AB443F2FF15F70, 195C928EAF88BB4ACBA8A01B4EBAEE6E
+ 23: D0AC6EA8A804DC261304D4821E6AD7FCC2F0DC1A299B9A, 34FE2034CCF09A98DD50581DA8BCBE39
+ 24: B65933A7D7C8EF19C1BDEAABE2B4CE5E821459D953565EF8, 42B20EF142EB228803D6AF47C6482BEB
+ 25: F1F4FCE842EFEF563F6F047956E6706DC9B178D00D82776D74, 3ECE3050D8C80319821D5F57A7CA7066
+ 26: 4A3F10F4E34210A5CA1B81AD4269CBC3FD68AC662BF0E9DC9935, 0BC0724AA9A194D8C75EE6FC8E7F28F1
+ 27: 077F3C055303FD669BC1A370B18AA7F31D3C8CBFF5A69381404FBB, 872C7946401BE70E677B79EA13FB0F58
+ 28: FD39D32B27FE5BB8E6512C642D490E0AD0866E386580AE115C85ED2B, EE81712EA57DD54DDEE98EAB3285E6EE
+ 29: B45ED179290A6064188AFF6B722B37F8C3E984EC37AB5F47B353229B12, 186B3AD0C9F60D57E84992CBB2B0F71B
+ 30: 83FF1FD179D518A414148C15BE566BE4CC3DBE9FF5319A651E862811F152, 4B2942C66565EB9139A83C2EFD549D55
+ 31: B8176469E6A0D5797ED6421A871FEECDE48ACF011E394981C43AC917E8FFD5, E9B01383DB1A32E6126BD802A6C6F47E
+ 32: AB6A0AA29B687D05735167D78DB697BA2478BD14ECD059AE9D1239E7F2AB48FD, A560A30FD87CF28BA66F5B2638567E4B
+

notes/cipher_tv.txt

@@ -1005,6 +1005,222 @@ Key Size: 32 bytes
 49: F8B974A4BC134F39BE9B27BD8B2F1129
 
 
+Cipher: safer-k64
+Key Size: 8 bytes
+ 0: 533F0CD7CCC6DDF6
+ 1: C3CD66BB1E5E5C17
+ 2: 079DFD68F6AF9A79
+ 3: 84EB4922264A1204
+ 4: 31F3A7D739C7E42C
+ 5: 381F88FB46E1DCA2
+ 6: CAF4AC443E50EF47
+ 7: 2914E255DA9BDDBB
+ 8: A160A24120E4FECC
+ 9: F748C6009FFBC465
+10: 8B3CB5784846D2B0
+11: 4F98C1621473399B
+12: B486B0BC365ABEE9
+13: 314EAB2B4E9F7840
+14: 613FE3637968A8FE
+15: 28935352361E1239
+16: 0DCB090233B8EB3C
+17: CF0BC7F307586C8B
+18: 64DF354F96CB0781
+19: D2B73C6BAACA7FB1
+20: 638FCEEF49A29743
+21: 204C4E0E0C0A8B63
+22: F041EF6BE046D8AA
+23: 76954D822F5E2C32
+24: 6700C60971A73C9E
+25: 80019293AA929DF2
+26: 8EF4DE13F054ED98
+27: 41DDF9845ABA2B7A
+28: B91834079643850C
+29: 8F44EC823D5D70DC
+30: EC2FF8DE726C84CE
+31: 25DF59DC2EA22CB5
+32: FC1130B511794ABB
+33: ED3259359D2E68D4
+34: D7773C04804033F6
+35: C1A32C114589251C
+36: 51647E61EE32542E
+37: B95A8037457C8425
+38: 4F84B3D483F239EE
+39: 458401C3787BCA5E
+40: F59B5A93FD066F8A
+41: 1450E10189CC4000
+42: 0F758B71804B3AB3
+43: 51B744B271554626
+44: B55ADA1ED1B29F0D
+45: 585DF794461FEBDA
+46: 3790CC4DCA437505
+47: 7F7D46616FF05DFA
+48: 6AE981921DFCFB13
+49: FE89299D55465BC6
+
+
+Cipher: safer-sk64
+Key Size: 8 bytes
+ 0: 14A391FCE1DECD95
+ 1: 16A5418C990D77F4
+ 2: EE33161465F7E2DD
+ 3: AB85A34464D58EC4
+ 4: 3D247C84C1B98737
+ 5: D88D275545132F17
+ 6: 00B45A81780E3441
+ 7: 6830FAE6C4A6D0D3
+ 8: 93DF6918E1975723
+ 9: 15AB9036D02AA290
+10: 0933666F0BA4486E
+11: 93F42DEE726D949C
+12: 756E7BA3A6D4DE2E
+13: 4922DCE8EED38CFD
+14: 8EC07AFBD42DF21C
+15: E82BEBCFB1D7C6B4
+16: B3EDB4CB62B8A9BA
+17: 5521307CA52DD2F3
+18: 54B5D75512E1F8F3
+19: 1A736293F2D460A8
+20: 778C71384545F710
+21: CBC041D3BF742253
+22: 9C47FC0FDA1FE8D9
+23: B84E290D4BF6EE66
+24: FC3E514CE66BB9E3
+25: E8742C92E3640AA8
+26: 4DA275A571BDE1F0
+27: C5698E3F6AC5ED9D
+28: AC3E758DBC7425EA
+29: B1D316FC0C5A59FD
+30: 2861C78CA59069B9
+31: E742B9B6525201CF
+32: 2072746EDF9B32A6
+33: 41EF55A26D66FEBC
+34: EC57905E4EED5AC9
+35: 5854E6D1C2FB2B88
+36: 492D7E4A699EA6D6
+37: D3E6B9298813982C
+38: 65071A860261288B
+39: 401EEF4839AC3C2E
+40: 1025CA9BD9109F1D
+41: 0C28B570A1AE84EA
+42: BFBE239720E4B3C5
+43: 09FB0339ACCEC228
+44: DFF2E0E2631B556D
+45: ECE375020575B084
+46: 1C4C14890D44EB42
+47: EA9062A14D4E1F7F
+48: 82773D9EEFCAB1AB
+49: 516C78FF770B6A2F
+
+
+Cipher: safer-k128
+Key Size: 16 bytes
+ 0: 4D791DB28D724E55
+ 1: 53788205114E1200
+ 2: 4472BCCAF3DDEF59
+ 3: FE9B3640ED11589C
+ 4: 4DDD7859819857D7
+ 5: 6BF901C4B46CC9DB
+ 6: 930DBFC0DE0F5007
+ 7: E89F702158A00D82
+ 8: BEB661953BF46D50
+ 9: 6F0DA64C0FD101F9
+10: 4EBBCE4E5A37BED8
+11: 996EAA0AF92A09AC
+12: AED6BB9522E0B00F
+13: DF9C643624A271B4
+14: 2E5C789DD44EF0CF
+15: 86A5BA1060177330
+16: 2385DBA4DEBEB4A3
+17: 82E2FC765722094D
+18: B3CA2161757695EF
+19: F8A4C6081F3ABC06
+20: 6422316E1BEFFAC8
+21: C178511BFBFF380E
+22: 049B8CBEDE5942A9
+23: 0E181292C1B1DEFC
+24: C347BA0632A49E55
+25: 32FDA46669714F99
+26: 0523743E30C16788
+27: 782BE96A93769ED0
+28: 9F99C9E8BD4A69D8
+29: 104C094F120C926D
+30: 1F7EA3C4654D59E6
+31: 90C263629BC81D53
+32: 1803469BE59FED9E
+33: 1478C7C176B86336
+34: 362FE111601411FF
+35: 6428417432ECC3C8
+36: D74C42FCC6946FC5
+37: 1A8F3A82C78C2BE6
+38: EE22C641DC096375
+39: 59D34A0187C5C021
+40: F68CC96F09686A30
+41: CF8C608BDCC4A7FC
+42: D2896AB16C284A85
+43: 8375C5B139D93189
+44: 0F0462F9D8EBAED0
+45: C3359B7CF78B3963
+46: E4F7233D6F05DCC9
+47: 8533D1062397119B
+48: 4B300915F320DFCE
+49: A050956A4F705DB9
+
+
+Cipher: safer-sk128
+Key Size: 16 bytes
+ 0: 511E4D5D8D70B37E
+ 1: 3C688F629490B796
+ 2: 41CB15571FE700C6
+ 3: F1CBFE79F0AD23C8
+ 4: 0A0DC4AA14C2E8AA
+ 5: 05740CF7CD1CA039
+ 6: 24E886AD6E0C0A67
+ 7: EEF14D7B967066BC
+ 8: 6ABDF6D8AF85EAA0
+ 9: 0EB947521357ED27
+10: BDD2C15957F9EC95
+11: 0989B87A74A2D454
+12: 04C793BA2FAB7462
+13: 3DAD2FACDDFA3C45
+14: D1194935CC4E1BD7
+15: BAC0A2C8248FF782
+16: 7DD5894A82298C64
+17: A59F552A4377C08B
+18: 8DDDE41AB4586151
+19: 7CC4261B38FFA833
+20: E99204D6584158EC
+21: AACC8ED0803CB5C4
+22: C105CA72A7688E79
+23: 3D662FDC35B88C09
+24: A4BCEDC0AE99E30E
+25: EAECF9B6024D353C
+26: 214651A3D34AFF40
+27: 807099325F9D73C2
+28: 45EC21AEB6B90A24
+29: DCED39526687F219
+30: 2CC248E301D3101D
+31: C7F37AB8570BA13C
+32: BB9B31A34A39641B
+33: 5314570844948CAC
+34: 4581F837C02CD4F4
+35: 4E036B1B62303BF3
+36: 7B3B88DE1F5492A4
+37: CEF2865C14875035
+38: 14DE8BEE09A155DE
+39: 3AA284C74867161B
+40: 3616B4607369D597
+41: 07512F57E75EDEF7
+42: 710D1641FCE64DC2
+43: DB2A089E87C867A2
+44: A192D7B392AA2E2F
+45: 8D797A62FBFE6C81
+46: E52CE898E19BF110
+47: 72695C25158CB870
+48: 29F945B733FB498F
+49: 27057037E976F3FB
+
+
 Cipher: rc2
 Key Size: 8 bytes
  0: 83B189DE87161805

notes/eax_tv.txt

@@ -199,6 +199,82 @@ EAX-twofish (16 byte key)
  31: 2DC26D449379997D110309B2A0DC2760FCE8CADB4B14ED580F86C70F69C9BA, EFCB60EB2B25737E256BC76700B198EF
  32: 2B1890EB9FC0B8293E45D42D2126F4072754AA54E220C853C5F20FBA86BE0795, 1A1B15BBC287372FB9AF035FB124B6A1
 
+EAX-safer-k64 (8 byte key)
+  0: , 9065118C8F6F7842
+  1: A1, 1926B3F5112C33BA
+  2: 2E9A, 5FA6078A0AA7B7C8
+  3: 56FCE2, 984E385F9441FEC8
+  4: C33ACE8A, 24AC1CBBCCD0D00A
+  5: 24307E196B, DD2D52EFCA571B68
+  6: 31471EAA5155, EB41C2B36FAAA774
+  7: 03D397F6CFFF62, 7DFBC8485C8B169B
+  8: 8FA39E282C21B5B2, 2C7EC769966B36D7
+  9: FEA5402D9A8BE34946, A058E165B5FFB556
+ 10: 6CDEF76554CA845193F0, FED516001FFE039A
+ 11: DC50D19E98463543D94820, 8F9CCF32394498A1
+ 12: 42D8DC34F1974FB4EB2535D7, 77F648526BCBB5AF
+ 13: B75F1299EF6211A6318F6A8EAA, C5086AEA1BE7640B
+ 14: 1E28D68373330829DD1FFC5D083E, 33EDA06A7B5929A2
+ 15: 85529CF87C4706751B0D47CC89CEA6, D031905D6141CBED
+ 16: FE5CB61BAF93B30ED3C296EE85F51864, CC484888F0ABD922
+
+EAX-safer-sk64 (8 byte key)
+  0: , 5254AB3079CDCB78
+  1: 75, 798DCF14FEF8F4D1
+  2: 0300, D5FCA75DAC97849C
+  3: 520F98, 10E357957CE20898
+  4: 80E2764D, 5C7F46656C6A46EA
+  5: C48960CDAA, 3CCF44BD41F01CA8
+  6: E0E60BD9AA2C, EBB493983FCEE79D
+  7: D13D8804906A1B, 6EDDCA919978F0B6
+  8: B7AE14C37A343BFB, 2369E38A9B686747
+  9: 5DE326BBCC7D0D35E9, 041E5EE8568E941C
+ 10: 13494F5B0635BA3D6E53, EAEEA8AFA55141DD
+ 11: A9BB35B14C831FDA0D83F7, 4002A696F1363987
+ 12: E242043A1C355409819FABFC, 63A085B8886C5FDC
+ 13: 204598B889272C6FE694BDBB4D, 194A1530138EFECE
+ 14: EE3F39E0823A82615679C664DEBF, 1EFF8134C8BEFB3A
+ 15: 8579D87FD3B5E2780BC229665F1D1B, A832CD3E1C1C2289
+ 16: 74D7290D72DA67C4A9EAD434AE3A0A85, 96BAA615A5253CB5
+
+EAX-safer-k128 (16 byte key)
+  0: , 7E32E3F943777EE7
+  1: D1, BA00336F561731A7
+  2: F6D7, 8E3862846CD1F482
+  3: 5323B5, BD1B8C27B061969B
+  4: A3EC3416, 170BBB9CE17D1D62
+  5: 0C74D66716, 7BD024B890C5CE01
+  6: 6158A630EB37, B5C5BD0652ACB712
+  7: 17F2D0E019947D, F9FF81E2638EC21C
+  8: 68E135CC154509C8, AA9EAEF8426886AA
+  9: EDB1ABE0B486749C21, 355C99E4651C0400
+ 10: DB0C30E9367A72E8F5B2, 631B5671B8A1DB9A
+ 11: D4E5453D9A4C9DB5170FCE, 75A2DF0042E14D82
+ 12: 3F429CC9A550CBDA44107AA7, 2C2977EA13FEBD45
+ 13: A7CA22A97C2361171B415E7083, BFE81185F31727A8
+ 14: 170F79D8B0E3F77299C44208C5B1, D5ED9F9459DF9C22
+ 15: 2E24312D2AE5D5F09D5410900A4BBA, 2FC865CA96EA5A7E
+ 16: 8F3C49A316BA27067FF2C6D99EC8C846, 9D840F40CDB62E4B
+
+EAX-safer-sk128 (16 byte key)
+  0: , 22D90A75BBA5F298
+  1: 3F, 98C31AB2DE61DE82
+  2: 584D, F4701D4A1A09928C
+  3: B9DEAD, 6E221A98505153DA
+  4: 06D4A6EB, 0E57C51B96BA13B6
+  5: 7B58B441CA, E28CCF271F5D0A29
+  6: 7950E0D1EC24, 2ACDDE6E38180C07
+  7: 65A4F4E098D7C6, 7DC1C9E9602BACF2
+  8: FEBE4E72BAA0848F, C4607EA3F138BAD9
+  9: 9B7BD6D6D655985AA3, 8B2C58A9530EA6AC
+ 10: 60C92F925D1478470203, 51E6F5F6DC996F84
+ 11: 7B40769370E651F64AA654, 74F1F8A8D3F4B9AF
+ 12: 7215832C2FB9C54DF7A9C686, 9BF9AEF14F9151D1
+ 13: AD0F9C79008572AB8AE2466EFF, F375D0583D921B69
+ 14: C05076E2C330A0D25D7CEC80597F, 843C12F84B00A8E0
+ 15: D18F0563AB0278140B0CD9A9B07B34, 262B1688E16A171E
+ 16: 650747091F5C532EE37D2D78EE1EC605, 1BAC36144F9A0E8D
+
 EAX-rc2 (8 byte key)
   0: , D6CC8632EEE0F46B
   1: 4C, EA19572CB8970CB4

notes/gcm_tv.txt

@@ -0,0 +1,214 @@
+GCM Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/header/plaintext/key.  The outputs
+are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous
+step repeated sufficiently.  The nonce is fixed throughout at 13 bytes 000102...
+
+GCM-aes (16 byte key)
+  0: , C6A13B37878F5B826F4F8162A1C8D879
+  1: F1, 397F649A20F3F89A00F45BF230F26B61
+  2: D6B8, 1653F67C9C716D0FC59F3B14154DECBF
+  3: 673456, E82EFC79B30CA5235E2DC8BE4C14265D
+  4: 26DD7C26, B8D1F4DB845F7D7079DEB8920949C14D
+  5: DA62AD1487, 828A42329320764E5FB74D44A6108F4B
+  6: FB79F7D51742, 865415BD049E86F3DA2E0B6E25E1A50C
+  7: 9D96D1034166BF, 50669247A5B338E183DE5139831CD6A4
+  8: B466050E1330B20A, CB264FA7853A1FFE86E1A07CFA7C7319
+  9: CF16F0B3D9FC6183DF, 647DD6E1F40F385E1DFE6676FB036242
+ 10: 14D90928C7236050096F, 930CAAA5536406218885475CA823A973
+ 11: 4F2322D66A7079BD7DF519, 3B3931D47413042FAF1313F1041509A3
+ 12: F1497906F1D8F4F9E47E4BE9, 469FB0D62828427C2E9BA04041A1424F
+ 13: 2FAFA2A3EEA4C000702E58D1D4, C9A484FC4ED8644A06060DAE2C3D1568
+ 14: 5D707F8ACF319413D220AA2FC2B2, 0EE9AAF5B1CF622ECF6C4F5E5FF4656A
+ 15: 2C19DBF966D24B2713F82B69934060, 8676246A2F7795ABD435B3C6B4EA6E7A
+ 16: B3FED6C2315CE6D98729DBE69270A11E, B8AC739AD154744A33E906C34D91BD4B
+ 17: B2BC44CE088BC3F654B9703D9C691F17B3, BAD8314A171BC0119942136C5876AACC
+ 18: C6E958E3E9AC836C9626BD66478974D26B0C, 4E6D61833E9DB839117B665A96DC686C
+ 19: D40FADD078B474EBCE130FB44DDB4824077988, F43E3CD978A6E328AF039CC70E291E1C
+ 20: E177B3DF83A117E55F255A6C2CD78AFDAFDA307F, EEF1ABAAB9CBE0EE317CC79E7E5E24B8
+ 21: DBB4569B3E305E4525F1F7B3D2AFEF226F397E661D, 65ACFB70132EEE1D47319A550A506DB5
+ 22: AC2CAF77718DE59131A6B745DE9F3A9897B17580EC71, D8DB9006A9597F640F2594340D69E551
+ 23: 8F62022F72A0D769D2D095A55E28832950870B2B44B0BE, A7E196F869071B7BB713E8A2D15627E9
+ 24: 37F5640F820384B35F13F8C8C7DC31BDE1E4F29DCFBDA321, D5765C39DBCA72AC89100CCB8864E1DB
+ 25: 25059BFC302D0F8DD41BB22CF2391D456630C06F1DAF4DFA86, DC2FFD153C788C28D251B78AB8B7388C
+ 26: 151F158CC4BA9393FDB153C4C72911C120BAB519FAF64719133D, C61915006038BF15DED603832FD179DE
+ 27: F5DCF4231482F72D02F8B9BE0A41113D35AEA1CD85021CEC978D9C, 9CBD02C557180FBD0868C87A0BEA25AE
+ 28: 5D88B5554A2ED73054226473676FAA7159CE12B5357D635DDED35B5A, 5AD11CD6B14C59E64B5B26DFBD00FB5C
+ 29: 5696C7066EA09A30FC8BCBAD96D48A5E5FBCC8756B770F0A89B8711911, B9EA5F3BEF0599D385A9ACEBE4064498
+ 30: 1240FED47B305AC1883F8CF137D58E79052B4E686DCA1423A6A2BECBD5F5, 036A5EA5F4F2D0BF397E8896EB7AB03D
+ 31: AD9517BF392C1EB56D78EDE1C41F3C73B72304DA47F400C390C86B37A50C2A, EB3E026D518EED47F6C927525746AC54
+ 32: 2AE1CEED83C6490A7E5752E91532406EAC6FF4B11AA770EFFF1B255FDB77C528, 74BFBC7F120B58FA2B5E988A41EAF7AC
+
+GCM-rc6 (16 byte key)
+  0: , D595FEDAB06C62D8C5290E76ED84601D
+  1: 4D, 47A6EDEF8286F9C144B7B51C9BCCCACF
+  2: 0085, 9788DDF89843EC51120B132EB0D0F833
+  3: 463701, 673CB8D248E6BECD5A6A7B0B08465EF6
+  4: F5B3222C, 1C424282D7FB427E55285E20FC2ABFF9
+  5: 3A4A8361B2, BD40E631B054F280C7973E5AB3F06B42
+  6: A475866BF2C5, 2067F42FAAA6274270CF9E65D833FDED
+  7: 689D0D407172C8, 3BCCFFC64E56D5B753352E1DDD5CCAA3
+  8: D9CE4B051202A1D3, 79B0CCDA3D0B9C9BCF640BC9E6D9CE0D
+  9: 0317D68BE098D276B7, AF35043DB6213DC5D4F3DFB8E29EE537
+ 10: 154CEF0C6F37AA0A73C4, 61E598A8C6D17B639F9E27AF55DD00F3
+ 11: C3DB1B2B6CCC9170B9C05F, 966871DDD6E110711FB9DD733B6B2B3A
+ 12: E4F22383C75BC0FB0E59C5E8, 971536AF878F4EED68F59046C928EAC8
+ 13: 2FBFB99AABC6209FB8664916DD, 68D0BF2144AD1ADECC4074DAE58540C2
+ 14: 5FEEDFD09BF89719A34CDCCD2AAA, 64DEB7D5E6891103AA54C0EB366715D0
+ 15: E063A076E0C770FB010D26C3AC3EB5, 0CA321B2A7448FEEF84D4E0AD5BA2DA4
+ 16: AFB0DB9959F0906BD346C2D81DC5412C, 425627895E2C4C9546D3227975585459
+ 17: 79179C0D4D6C5E0741DD4CA1E8CF28C75C, D0188A344A1CEE52272FE6368DB0FB75
+ 18: 8A75521139B0DE3C08C9EAEB77D8018A39FE, 47FCC200D8A384320D2F1A5E803A9991
+ 19: 0399381D0A975AE3980A9FB75B991C055AF367, 034915370AF94B96A8A4E50FF9B134CC
+ 20: 8C189094DB13FBE62EA5C4A53C29A428ED587BA2, 99C58F838423033298897841ED526347
+ 21: D91F5144B525AF5D47EF4D5F0AF9915447A55927F9, F6750BF7E089515D35B47BC1C65E2E3A
+ 22: A4E26B554AA277057A5FE3FA08A6138CEEC6D69BB1D8, 7BBEBF52D8251108C7AA1025E213EC44
+ 23: 5C1A8C3A46FCA90D73675706313CADFBB90A535A4B3D5A, E35244A2633478BBDAFCC81161F28B80
+ 24: D69F7264FC594057B89181B83582D799AE54E9EE4FE8AD48, D4B29E5C25F9477D9345526DBDE9372A
+ 25: AFD322D0AC4AF38D5B9CBE0DFE85618C001A7A77CD8FFFCB3E, AD06BB9C59D23D258D6A2AEDD946AA20
+ 26: 179CA8395CD8E75B4E5EA07D25C8036AF08B1A1C330492523D36, E3704C4341A834C087500E332B7DEAE9
+ 27: B9178EF7774684F43F1FCE99A4319B5A4D167B0A848551F562CD7C, 5D5082FB02B9B494D5883DF49DB3B84B
+ 28: 830FCD15A09EC61245D7DA258E308E76D3B542F2345DBFC11AE983A3, F50C3332F8D91911BDACCFE228565E5C
+ 29: 179619B8C7EE9B3121405BBED2AC102A027E6C97EAEDB5ECFEB13792EF, 859EBA3BADCE6E5AB271A261B26DE28C
+ 30: 14264C7E0A154119BF24B7FCF434E81440D42D54738F0BAE55836849AB85, 0B6C9B9CADB1B6EC71CEA090C8C72834
+ 31: 0D7A316F8B873F62CF26CFC569179AB11CBF09D3467936A85ADC265B2C9A8F, 866AE7C51EC2D9DEB32748A1C8B61143
+ 32: F8FD1F967CD3632805AD7FA8ECB40F530927DD5C49D31FDBAE49738E2315905D, 9CB1CB84A727C9F42555EB566E0A1DEE
+
+GCM-safer+ (16 byte key)
+  0: , F769B436C7FB7C0C822E24BB2B2555D3
+  1: CA, B156298625F5634FA012B23044437807
+  2: 4960, A64C73E890F3D77B2C3B3C76C2D913C6
+  3: DBBB8D, 686651A017F89A22F9FE96533C85C52C
+  4: 150AD99A, 177F7DE9E897DACCAB7EACEE3CDE7601
+  5: 077055065F, 48B4309C76CAC37BDF11842311BA6CD3
+  6: B2F8CE062C06, ED04DF96C06959524956E8AC5C338457
+  7: DCE718211410D8, 3F8D8180BDEAC2F018EA81615177CC8F
+  8: 0F71E2772402AC83, 2130481B2CA7B4B4C8F3EE73B3B3C28F
+  9: B69030734E5ADF753C, 8CC4B62BFBC3EA56CCDBF0ED318C784D
+ 10: 6B8A91ABC1BF2F2D0176, 86EAAD80D148A48086987A40A5631DEF
+ 11: 44AD00799EC8E62E34D6A1, 016830D58F06F75E54531B45D9E785F9
+ 12: 0C4B9381D78E0F0A78B3CEAA, 4A79C58DAB131A22F172F9177DC4158B
+ 13: 2C56D4625876524B4D8D5F079B, 7B407F704225B25F1F136C984E564147
+ 14: 36424D69BACC56407D345B3D7B4D, EB126C255A2DCFD32F69DD5CB61876C7
+ 15: FDD3E091C0420D1A4D4A848757FCC2, D319C5C07134D67BA42A4BF312CD874D
+ 16: EFAF6F117EA9A4B4B83052BBF5A07DB9, BB09D473FE82257146E7ABC2EFF6F631
+ 17: 19B71383C414BAC3EF252FFF09F5ACD777, 526DC9AE6895ED33A34A9A4ADB07E1B6
+ 18: 9AB6DFDB930D26E00B3D98DD5AD014E08756, D70B95B20C106A5A03F9B803D2CAC3A0
+ 19: EEB3C236C3031DE4C3F94BD746677AE84B271D, 9483BBCBBFDBA1CC5F6392DABA2ACC19
+ 20: 3A0EBC7536F8717E8FDAFEDAC39E8F1F43C0627A, 3DA7DC2475466CEDF01EB543870A74FA
+ 21: 79D28D2F149E1D97E910342DF383FCEECF5AFD4C6A, 2364F33BCF6F07E381F7E26DAF802D83
+ 22: F1D7C319BAFB740332CA19AB0C9B71728D3AE69BFAC2, 3D4AEE9780A5C98CBC69606CDDDB31F8
+ 23: 1A0D80381A186673FB7B52C40AB6C46A11AB0889333C20, AF5C17E3D0D9724EDC1FC438A16B4EBB
+ 24: 5E503440B22DD6AE6401BA4355C8791BACC598C9E0F1412E, 156D8221BD61F5C108FC18FB2F50D159
+ 25: 7784EFDC6F0FC56FCADAFF17BB52DEB35B64FA19C3F391BDFD, A291E8238EF158A2379692077F70E8D0
+ 26: 184B6E18032D1A70CE5027912E447C357C72EEF7B20EF0FB256C, 0FA0138FB9480E0C4C237BF5D6099777
+ 27: 7AC8FCB64F35B71C5ED0CCD776B1FF76CE352EB57244085ED34FE8, D995B3C1350CC777878108640C1CADAE
+ 28: 86C7A01FB2262A8E37FF38CC99BF3EFAEB8B36166D24913BDD3B91DA, 25EC6D9F69168C5FA32C39631B606B55
+ 29: 91F5D3E3FE0B1976E2915B8DA3E785F4D55768FD727AEF19FA1552F506, AF902DED55E386F0FC4210C97DB9446E
+ 30: 7ABF5BD9CB2EFF8382C6D2B28C1B0B25540E434123AC252046BDDA74DA32, 713259EDDA9B1B63EB68E0283D0259DB
+ 31: 5634B23ACEF2874BE0591BE3268C4538698FF2D93D59B39BC86D0137DACBAD, C4054796AFD335B43C60E7E634122BAF
+ 32: F26C68C36B1E56449595EA4E162391E0C6A306592949F69797B6C2327E533ADB, 7B392AF776A94983078814B6B8428BFE
+
+GCM-twofish (16 byte key)
+  0: , 6275E8CA35B36C108AD6D5F84F0CC5A3
+  1: 38, A714210792F9ED12A28F25CAE3B3BC5E
+  2: 8E2F, 6357C1F125723F2244DAF344CDFCD47B
+  3: 900A4C, ED4E0B318346D5B9B646441E946204E9
+  4: 087EAFF8, B871ED95C873F1EFA24EF8B6915F447D
+  5: 63FC9EFBD4, 650D0ED98CBECA07040AB97B97129360
+  6: B6081E94AA19, 6A3BDA8030C5A79B6B9087555A1DA67B
+  7: E10A7B9CBB20C2, 59EB55DFD0A37C55A869834E597373AF
+  8: 94E947FEE05780EE, 354918527F855264E37DB6892E868050
+  9: 9A80C567AA50220862, 814EE57CC9D51D7D900AB4840C4B072F
+ 10: A8741BE1E42BE207C416, 2B28AFD8ABE20664D8BAD7535F82F11A
+ 11: 6AB7E3C68B6682023E8190, 5E48B67541FE83969952394F84D29E93
+ 12: 4F66FB634EB258CEE2955D84, F2632C2135B6E1144673B0EF73499818
+ 13: B29042F3877C2F5E694953C5F6, 03268A30499D57A06AA873EF00160C3C
+ 14: DCC7B5D9F58C88F54A9611389B8D, 5515426FF7CF2EEA91BE2B3752371CE0
+ 15: B665488BCD75FC02A0DF7994B7CF98, B721531E2A317C254FA2ED306ADCF96C
+ 16: 9535DC8A72645E34F948B71A5159AA9B, 5CEED93DE128044F0471C65AA8F21D29
+ 17: 5CBFC61A23D28562FCA929375E5B585327, 3AA842B21631968D1B58B72FEE090EE1
+ 18: 2AC3F780B956A933C0B8565EE527173B8CC8, 16EC4B6D8E2CF3CD0D16E7A5F401C78E
+ 19: 5067FD65870A4EBF6C7FA811A15270E7F8F17D, 9A7563BEDADFA6B6E48F5C13FCEAED6E
+ 20: E3A65A188077E5DC171CFF30BE8B27F10F015166, BD5B3D84D0C1DD51A3909F849141B57F
+ 21: 88D0A65C105823E68BE3987CB205AE0C1A27588FCD, B280221AD0BD83E1D6B37F331F326AB5
+ 22: 7C56D987FEF6807EEFAFD4C7EB9D72AA0E037979D91E, 686E1268A8DC9CD0192A383EA6C2D975
+ 23: B23CCD0A076CB122750B634B9E6551E0585EDEA18C3245, 6DF30A7F0728E2D549AA411AE375E569
+ 24: 767BC3AF206E67C9E27A4D7E814F3B3A65D27BB70BA9DD4D, AB2B16C031FB2C8E85B3B2B38A5CBA4E
+ 25: 9ABF34ABD43705D62F377449461C5DC239A2A86E5A98AFB159, 3DEDEDA85E6BFB53C6F18726CD561604
+ 26: FE756344C05CB12AA0673F1C2069A86556E583FF4B7313A0D395, 21CB0E0BABC3C7E547F5CB207295C0EE
+ 27: B70F16AD19A6B0AF6D8DBF4E98D7D5ADB944D91BD889D9390C3E21, 2AE67812A22C1C785D3BFC184A1C74EA
+ 28: A6389032AA9D08BDBAAA5E230E5130665FB4F0CB868F3F20C4C5438B, ECA054EFA3F39400A587839C4F0605C7
+ 29: A55A41315EAF3A67A0FD0E14C6E04D03A5E38D0F756719F4A0800B290A, 7A5277809D4B65E663603099B4DFFBD8
+ 30: E739633579AA6201A024B9873F28412BB08B08B8616D611BC9D07979BD3A, 390038A93AFD326C5CC1525A24CA91AD
+ 31: ED3266F8B0DAA7C3DB7814427E8139831CFC0EDE668F0DA83FF7090154410D, DE440EC2C6080048BFF3C5455E1BB33F
+ 32: 4D0F751B55DA3A2E0B28DE59E9680669FCB5984E9C0DB942DBAACDDEF0879731, 62F96CFE31D3D6AAA0B9F5130ED1B21B
+
+GCM-noekeon (16 byte key)
+  0: , EB5A8E30D5C16311864E2D8D32859ACB
+  1: 88, EAB88DE1EB7BC784A706B2D7946798D7
+  2: BA1F, DC3CEC6AA324AC7D053EFF7A99AD3069
+  3: 9A1457, 4AB65831DE378DFF71C20249C7BEC05E
+  4: 2F9496D6, 800745CF95EAE3A698EDF9EC949D92B7
+  5: 84153177A2, F6A05B654435ABDF5F696C0E0588CB5C
+  6: F80B7865C766, 2334D0061FD488D15A6AC8E44EA1F4B9
+  7: 872EA486B4EA9D, 3A49671DE347F675AD7904DDF4255F3D
+  8: A4EE5750507FC831, 956D09F7C5FE812C6FB982E1DDBE864A
+  9: B5874AC964FBFC1A97, 90FBC75F45BFF58B3A1100393955D0C2
+ 10: 92FF5FCF1EC675E02E71, 983C96A7BD4A0DB5D3B877911CE8A6B3
+ 11: F7BCA69A9C7033D84A2BA0, D4ECE5BB9FFCBB331A646D9CE8078634
+ 12: 5E1041B4554C8CDD14AAF16D, 1EF777F307CB96788B9120FFF8A8BC2F
+ 13: 7BB7289FCAD209D7992EB7AEDC, E8AEFB830DBAED2B4A790FFEF940A20B
+ 14: 12776A7C937A648F0A8628AD8C5C, F070283852AC030819EA67BF82C719AA
+ 15: 7293476D9E935EAE9DEB66F697F662, D6322603671153A1EC1453CDA5978E15
+ 16: DC12A86C85E7358919BABB15A3BF5FD7, BBBFA467EBA8124DFEC82DB0137D56B9
+ 17: 0CC1DAD00A987F9C57E3660D9417F226E5, BB8AF5A0B5BC79BD11C5D41CA80CDE2C
+ 18: D0049115D6EB5495FB391CDC494022AEAA48, 682FF357B2BC059765C29AE6CA668D0C
+ 19: 48FC54A401B4C06CE8567AD298B672191C7E84, 493A4AF4C2A8828FED8442C4EFF877F6
+ 20: 90779795821CB1B7DBD97028E29DC1CE7D0CFAE0, E126F485F73B6F7B3894B4CF7E1C5DDE
+ 21: 8CA5C246C8B7C04BD7171CAE2D1A892D66302433F8, 5D73149A3635A86B3C34DEA5B95CCBCB
+ 22: DF082B665F7A952B2604C04554B81393FCC7C0B816C8, D3569ED7D431176B286EF22414E4CBA8
+ 23: 761908530C9069E189649ED24B6A68A89B067C31E9868C, A258BCD83D3FBC7AE2AEF7516025AB36
+ 24: 717048F5A31F3C89D3704F90069AC5D5174118770C65BDA1, 067EBF18F7E3DF4EA13F9ABAC682C2A2
+ 25: 08C6FCC5D3099347C3FEBA3858A6C22C51298CB591DDB77827, B57BFBA40BE99DF5031918A1A4E2CA80
+ 26: 2CC53EF7EB954234E64CD4D60FB1D7157A489ABABC10900FFCDB, 236E769611D16EB7F463B7578770F886
+ 27: 2556B46F2E831223D632F2691329A874F517687AF81B8322AC55D7, E213A90DBC31DC261A45A9AE41CFEEC3
+ 28: 71241792728594D69791B80AD6DBC6417D1D14D222DF5E6F834B82C8, 601F97617708B1945BCDA8A82496EFB1
+ 29: 5003DC2EAAA23F9E2221CCBB9E20116692CCC99B3CFBD0DDD3A8491E7C, 3743155B792012845550205C8949B73E
+ 30: D0589675357E850333F854FBA160688F06D122DEC00CC2620DA0B2770765, 20E085752FC4D37791C22501ED1DB6AD
+ 31: 645B46D2D114EE7329F14AC1D94E6817EB385EB80C61F014F90530749079EC, 8A18DE86F9555A1070D0BFEDAC15B14F
+ 32: 068389206D37BF5A41C58075FC98901C3B42E6F2F13C09F4E92524021BB1C1C8, 370B86914D63CFEE8303D538A6BEA0E7
+
+GCM-anubis (16 byte key)
+  0: , A0061C2F3B2295BFA33BC74C037EA8DA
+  1: ED, 9E5648DCE40DE37B56C557D26CB18D83
+  2: 6719, A6605253C59A101FF85C5102CE92BE45
+  3: B8873D, 13F3E3ED3646BB296EE4ED5D6379A21B
+  4: 5AA6E2CB, 1812E8385D15B5BAE043E4E860BEF490
+  5: 4F6F4CD8E9, 8A80BC5E08929C42A5A74C5D9ACC0C6D
+  6: 2F0D8B483CE4, 316F588F78FC6A9196C97CE59B9B63B6
+  7: 82D885FDE1F948, 7160BF556614511F53738A92B5277056
+  8: E4931462AD41B6DC, 7CE24C4D6B499975FCB72B5E2275ED56
+  9: 503AA70BE698BC5B41, 10EA0C61FDBA8FF7B4E9927BCCEFD911
+ 10: 6B2D213D14B5D25EBE36, DC3222AED12EE26D3D14E2E733EDB2A7
+ 11: 7D8B0BC1B7443E7267371E, FCACFC73E391865BE86E041F51C45E81
+ 12: 9EF3BF8609E133BEB10565AF, D84326D4CAC9D5B74FCFD8CBAFE79E77
+ 13: 59AE7B1FDE1178CEE7F63C4894, E1BCFCDCA86CAB9C684F7D21962D580D
+ 14: 564E7B8BAC5582A3BF1178916569, 54804D8DF4D7577EF65C15487695F840
+ 15: 758A6DC437C8821274B0F16F911BAA, 19DD27500915F425F34F67CC2374DC36
+ 16: 0468C94A88A27AEEE2B3A973065E53CC, C743996C6F49363B2F4613F24703EF7E
+ 17: 3B0CABA5EEE44B7BFF0D726ECED54763FF, 14D9D09815BCD91DCCE2F5AE1A9929CF
+ 18: 5B945D83B98C43B0248F9BC0479E332869AB, 67A275F0313D4245B1965411CFCC8F17
+ 19: 97332441CA96DE8553A3C6D898FC6D90C86DBF, 73150EC3D6327E3FC8015A6192652D3B
+ 20: B9A1778FAF9767160D0D87816ECE1B99AA727087, 0C173D3C4078392CE377313C48D2BAE8
+ 21: 5882B73911C7D26EFDCCA3AED2EDC8A8BFFE75B1F8, 8F8C535639A0B59537E590C7FC9D2E53
+ 22: 70AEBED8CCFFF6E5CF06F3E841D12387EF8D6C7B4BDE, 4B00C27FCA9BEB82331CC8EB13DCC580
+ 23: 345CCB52BC20DC5F1BF5EEDF5D72A6C48F402557FFD342, 1A790A39573B853DBB8E2E73B7331014
+ 24: 0637C78A817E91D63CE18CEAF8D65C6107283A90C5A97842, 52786CB81724E12C76A0D23D4680E36B
+ 25: 59526D1E86A473DFB720FF25E97D6571077845F73C5E8322F1, 369FBA7823FC83D727FFD25D10130987
+ 26: 2933BB4E7603C313B62332827601F8189E14C1F08EA547E15AB5, 204520E365DAFF6551B01562A4CEFDFB
+ 27: A4098CF2A48A1DC2BCCE65CCE8DF825AF51E7E5F94B6186FF85D77, 9833EBB9A1D5CD0356E023E2C3761C2B
+ 28: 26557B942FD6913D806672EB01526DBD5D6F532F78AB6759DE3415C5, EDAACDD101BC40EE6530D8B5DC031F31
+ 29: DB92C3D77DF0C8F4C98845AA9AD43FB800192E57A53E083862B7E3FAF0, 628DEB1E345303A40700289052080FF8
+ 30: FC57BFAC2C77781723C2B721886D44ED67A52D9AD827874BC4EEC0A97281, 9A222DBC47B4AB4E520D3CC5850D4DEF
+ 31: 72DFB9E91A78EAFE758B4542206A4A957B4523A58428398C11BCF2AEAE1938, 307D0B876130E82804C1167E03B69B2F
+ 32: 7275C6EBDC2680DFCB73326A987D2FBCE83E40A9AEFE6351CFDA7251A6FE10A6, 895E6EEAA9BD88594903325A063CA45F
+

notes/ocb_tv.txt

@@ -199,6 +199,82 @@ OCB-twofish (16 byte key)
  31: F175230606040ADACEBAFE4D58BBD140B2D45E8BF7E5C904510B58E4B53D3F, DAF579E1A12481D39F4DCFB7C28794B1
  32: 261388D491EF1CB92C261FD9B91CAD5B95440DE0A747144EB8697699F600801D, 749056EBEAF4F20CD8746AA8C8846C47
 
+OCB-safer-k64 (8 byte key)
+  0: , 0EDD2A1AB692AA7A
+  1: 3E, 306F814F3C2C109E
+  2: 0593, 063D19B734C34715
+  3: CA72C6, DF6DAAFAD91BE697
+  4: 08924AEE, 15095FA49E789483
+  5: 359908A6CD, 16CB7F0741BA4091
+  6: 97F3BD820CF4, A59DB15B67B95EE8
+  7: 0A267201AC039E, B4FFC31DBCD8284A
+  8: 9F6ACD9705C9ECC5, 6B41A938F0B1CAEB
+  9: F355D5A937DD1582C2, 9D1F932E521CB955
+ 10: ED39758CAF89E7932E48, 398EF517015F118F
+ 11: D8ACF19363A0E0ADC9321B, F98B2A30217766AA
+ 12: F8F54A8202B0F281ED610F33, 36EF7FA4A20E04B7
+ 13: 0F8677DF64B5982DB6E2299140, 4DED2DA806834C81
+ 14: 0C357A9DC321C93B3872881503B0, 7814D1C0C6A8900A
+ 15: 10B6B1A261C3015A18110AD200A7B6, 9A814D6D2BAD850C
+ 16: AA9EA9D1BA7818C0D2EBF23781A5467D, 236A24FC98826702
+
+OCB-safer-sk64 (8 byte key)
+  0: , 76F16BDCE55B3E23
+  1: 63, F34B0B471F6F8F75
+  2: 8651, D7EFE17943D35193
+  3: D45504, 263224E50E7E9E75
+  4: 57B414C3, A553D6CABCA0F285
+  5: 4976E3B303, AC5E9969F739EBD9
+  6: F10AB8EB94E0, 8301FFE68848D46D
+  7: 6E954593AC427D, C1CF93BBC0F92644
+  8: F48F44441B898C0F, 698FFAED1A95E8E4
+  9: 1DC60156D62782E3D0, 6AFF0DCC65D4C933
+ 10: 71920ADC8997CB8B3A72, 1C101C6A27CFBBBD
+ 11: 890ED7492ED914AC20391B, F66DCD6205D945C6
+ 12: 1B9FAB84A8748BAC187C7393, B450757FCAFAAD52
+ 13: B4C89E1BB280DBC265E43ACE15, AE6BB3D2E6A371FF
+ 14: 24B0C28944BDF22048E2E86644F5, 84E93E2191CEF17A
+ 15: 8F2D5694D55EE235168AAA735943AF, 514252AEF2F2A2D9
+ 16: 568B7E31FFDA726718E40397CFC8DCC6, 3C80BA7FCA9E419E
+
+OCB-safer-k128 (16 byte key)
+  0: , 4919F68F6BC44ABC
+  1: 65, C6785F7BE4DE54D3
+  2: E1B0, C197C93B63F58355
+  3: BB7247, DFE092EF8184443B
+  4: 38C2D022, 943FD999227C5596
+  5: D71E4FD0ED, 51040FE9A01EA901
+  6: C4B211EADC2A, 329429BE3366F22F
+  7: 426DEB3FC3A4BC, CF1C976F6A19CE88
+  8: A6F813C09CE84800, 98D9FF427B3BD571
+  9: 4D1A9948FD157814B4, 5A389FAEEB85B8C6
+ 10: EC3EA142C3F07F5A9EEB, 31E26E13F032A48F
+ 11: A75FB14365D1533CD3FBE7, 8EF01ACC568C0591
+ 12: 891582B5853DD546FF3EA071, E013CFFE43219C21
+ 13: 54CA848C49DCDEE076780F21F4, 298EFC7B4D6B6CFE
+ 14: EA7611C69A60F1A2EF71D6A7762D, 7D9AA51CFCEC8101
+ 15: B2D1A211BC524B965A084BB4B21710, 7B2AC0EEB5216892
+ 16: 5E81F1BFA270E804A488C9BFAB75811D, A67F627CE1E37851
+
+OCB-safer-sk128 (16 byte key)
+  0: , E523C6DBB3CA178D
+  1: 5E, B1CB7EBE5780DF98
+  2: F4D8, 8036235F2BE7A817
+  3: 4FE268, 123320394EAC24F6
+  4: A5BA02B4, B8276B5E027D45DA
+  5: 1571859CCC, 29406C5F2DF2CFC4
+  6: CA1E47447B95, 5D4FAF8FD5341791
+  7: 8710DB37022D96, E10040FEA9AEA9C2
+  8: 205990DC9A34DA3C, AE25CB49AA7A697B
+  9: 757AFCB3191DC811C3, AA8CADA8638D6118
+ 10: 6994F8C153522361BB92, 1BCEE09E928EB18B
+ 11: A86FA0CDD051BB60AF5AA8, 50A38F8E9889354D
+ 12: 8D3FD3EB7FF2269AACFD24BA, CB51CF84CEFC45F0
+ 13: 03D2A313925D9490FC5547F95F, A1FF9D72E11C420B
+ 14: D77C0F0F600FE92F14F479FA457C, 1EBE1B4B9685EDFA
+ 15: 0CAF0A8BEB864E26058C7DF8EBA0EB, 1B153DDAE807561F
+ 16: 113D12716DFE0596A2F30C875EC6BA0E, C61F5AC0245154A6
+
 OCB-rc2 (8 byte key)
   0: , 1A073F25FF5690BE
   1: F4, 3D3221E92E40F634

notes/omac_tv.txt

@@ -199,6 +199,82 @@ OMAC-twofish (16 byte key)
  31: C24FCA5DD4AE0DF2BFF17364D17D6743
  32: DC6738080478AF9AF7CA833295031E06
 
+OMAC-safer-k64 (8 byte key)
+  0: 726FE2DD40A43924
+  1: 2A138B65EB352621
+  2: 9588A1B53E29616C
+  3: C025DEFDE1A59850
+  4: 73D062F1B6D8E003
+  5: 944598A2FC8A2D76
+  6: B176C25D8CAFFC98
+  7: 14F05014DE6A090A
+  8: A7B9847B2CE22D0F
+  9: FCD71310CBAA3A62
+ 10: BFF00CE5D4A20331
+ 11: BEE12A2171333ED5
+ 12: 333FD849BEB4A64A
+ 13: D048EC7E93B90435
+ 14: F04960356689CFEF
+ 15: 9E63D9744BF1B61A
+ 16: 7C744982F32F8889
+
+OMAC-safer-sk64 (8 byte key)
+  0: E96711BA37D53743
+  1: 7DCFF26A03509FE1
+  2: 0A20EF19C8EE9BF2
+  3: FE2883748A6963CF
+  4: 557060195B820A18
+  5: 771A7931FBBE5C0F
+  6: 6BDBCE5F96CF91D8
+  7: F3B924CCE8724595
+  8: EC7191286D83C2C3
+  9: 94F55B19BB7A8AC1
+ 10: 2189F4F2B06A8CA4
+ 11: 99853DAEBCA33A46
+ 12: 66EAC37A033802D7
+ 13: 845D7AA866F8A8AD
+ 14: 33A874DFECAC22AC
+ 15: 63DD9F7A7F3683DF
+ 16: EAC277D951676C44
+
+OMAC-safer-k128 (16 byte key)
+  0: 8037B89AF193F129
+  1: FF2314E87BA6AFE1
+  2: C3243DF896B61D85
+  3: 0F61C715CE821AB8
+  4: EBFDC6A9CFD2F5A4
+  5: AB6497D7AF2C7FFF
+  6: C920CEEB7C1819C2
+  7: 3E186951B545A7E5
+  8: 5EA36A93C94AF4AC
+  9: 6A2C59FAE33709BE
+ 10: BF1BAFAF9FC39C19
+ 11: 69EB6EF046677B7C
+ 12: CDDCEE6B20453094
+ 13: A3833BD3FED6895C
+ 14: B6C05E51F01E049B
+ 15: 90A2D0EAB739D39B
+ 16: 07BF607A161D0A66
+
+OMAC-safer-sk128 (16 byte key)
+  0: 5E8B137A3946A557
+  1: 0228FA66B13F3C7E
+  2: A6F9BBAFF050DCDD
+  3: F75880F684A796CE
+  4: E0AEFB8E32040EBD
+  5: 9F65D658B86D310F
+  6: 3FA52804FB46CCAA
+  7: 2F6D12D199FCD2FB
+  8: CB56AF60AFB4D2BB
+  9: 8E6F0FF6FDD262FD
+ 10: 490245BE3CCCEDE2
+ 11: EFD319AE46C73005
+ 12: 43E00E545C848995
+ 13: 10444B41ECA15EBE
+ 14: 521775C389D5BE71
+ 15: 9B683EF8B097FEBA
+ 16: 3C5D746EED09530A
+
 OMAC-rc2 (8 byte key)
   0: F001FE9BBC3A97B0
   1: 8F8DC9C952897FBD

notes/pmac_tv.txt

@@ -199,6 +199,82 @@ PMAC-twofish (16 byte key)
  31: 0D06F2FAEC5AA404A4087AAEBC4DBB36
  32: 0F396FE9E3D9D74D17EB7A0BF603AB51
 
+PMAC-safer-k64 (8 byte key)
+  0: 2E49792C78C1DA52
+  1: 7A5136F4FE617C57
+  2: 6FC8575F6F3D78EC
+  3: 7C0373CAEAAA640B
+  4: 9D469E7FF6C35D31
+  5: 7755D62DD7D88112
+  6: ADD9E7855A958C9F
+  7: 752D29BA8150F18E
+  8: 0954649A99596104
+  9: 05D4D75A9FAE233D
+ 10: 1AADAFD7B4B250DA
+ 11: E7A8F31ED74DA32B
+ 12: 1A74DF61BDB9DF94
+ 13: C38A67B1955C4E0D
+ 14: EBADAA44746ADF16
+ 15: C0BFBB092CE81D8E
+ 16: 984975657F3FF2B0
+
+PMAC-safer-sk64 (8 byte key)
+  0: E8917E1629E7403E
+  1: AE8061A5E412A647
+  2: C969771CE5A9B0C6
+  3: 78159C01D0A3A5CB
+  4: 1DD4382A8FC81921
+  5: 4086880FD863C048
+  6: A520B45600A3FA1D
+  7: 0F0AB5118D7506C4
+  8: 22E315F2DD03BCC6
+  9: 5ECB5561EE372016
+ 10: 446A9B2BCB367AD6
+ 11: B2107FE2EB411AE9
+ 12: 5A539B62FB5893DF
+ 13: F44EE1EB3278C2BA
+ 14: 293FEA56D1F6EA81
+ 15: F38F614D2B5F81C4
+ 16: AB23F7F8F4C12A7E
+
+PMAC-safer-k128 (16 byte key)
+  0: 7E0BDE11EC82FDE6
+  1: 8942FB017A135520
+  2: 0B073E6D0F037A02
+  3: DBF88439D671ED4F
+  4: B89427ED1121069A
+  5: AA8573DAC66D2315
+  6: 12DA3144BEF13FF2
+  7: EF80413CBA281B3A
+  8: DFA7114D8505EEBD
+  9: AE53607F3E6F4A54
+ 10: 3F2C9395CFB9F78F
+ 11: 67EB7C5F02760AED
+ 12: 3EF4CBB4AB5B8D1F
+ 13: 83B63AFA78795A92
+ 14: 5DE400951766992A
+ 15: AA8791A45237CF83
+ 16: 7743B18704B037CF
+
+PMAC-safer-sk128 (16 byte key)
+  0: 8F1597FFCF6FB7C1
+  1: AFF8BD8FF9F3888A
+  2: 65F89D82869D8B42
+  3: CBE1F06476B2D5BD
+  4: 4878D47FDFECE23E
+  5: 4751A9E6D61AB2A2
+  6: 003AC162AED4DED8
+  7: 1F617A5555092C22
+  8: 088EE0C35B607153
+  9: F840B485086F9908
+ 10: BA99E0FB5D7D0976
+ 11: F04AF6DC4BAF6887
+ 12: 5DBBE40AF2F67E4E
+ 13: 7F52A93E87E29C9D
+ 14: 7B26A14A4BD5B709
+ 15: C34F26E08C64F26B
+ 16: 291A41D479EC1D2A
+
 PMAC-rc2 (8 byte key)
   0: E5AF80FAC4580444
   1: 6A15D6211EB4FF99

parsenames.pl

@@ -11,10 +11,12 @@ print $b;
 foreach my $obj (@a) {
    $len = $len + length($obj);
    $obj =~ s/\*/\$/;
-   if ($len > 80) {
+   if ($len > 100) {
       printf "\\\n";
       $len = length($obj);
    }
    print "$obj ";
 }
+if ($ARGV[0] eq "HEADERS") { print "testprof/tomcrypt_test.h"; }
+
 print "\n\n";

src/ciphers/aes/aes.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /* AES implementation by Tom St Denis
@@ -39,6 +39,7 @@
 #define SETUP    rijndael_setup
 #define ECB_ENC  rijndael_ecb_encrypt
 #define ECB_DEC  rijndael_ecb_decrypt
+#define ECB_DONE rijndael_done
 #define ECB_TEST rijndael_test
 #define ECB_KS   rijndael_keysize
 
@@ -47,7 +48,8 @@ const struct ltc_cipher_descriptor rijndael_desc =
     "rijndael",
     6,
     16, 32, 16, 10,
-    SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_KS
+    SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 const struct ltc_cipher_descriptor aes_desc =
@@ -55,7 +57,8 @@ const struct ltc_cipher_descriptor aes_desc =
     "aes",
     6,
     16, 32, 16, 10,
-    SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_KS
+    SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 #else
@@ -63,13 +66,15 @@ const struct ltc_cipher_descriptor aes_desc =
 #define SETUP    rijndael_enc_setup
 #define ECB_ENC  rijndael_enc_ecb_encrypt
 #define ECB_KS   rijndael_enc_keysize
+#define ECB_DONE rijndael_enc_done
 
 const struct ltc_cipher_descriptor rijndael_enc_desc =
 {
     "rijndael",
     6,
     16, 32, 16, 10,
-    SETUP, ECB_ENC, NULL, NULL, ECB_KS
+    SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 const struct ltc_cipher_descriptor aes_enc_desc =
@@ -77,7 +82,8 @@ const struct ltc_cipher_descriptor aes_enc_desc =
     "aes",
     6,
     16, 32, 16, 10,
-    SETUP, ECB_ENC, NULL, NULL, ECB_KS
+    SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 #endif
@@ -707,6 +713,15 @@ int ECB_TEST(void)
 
 #endif /* ENCRYPT_ONLY */
 
+
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void ECB_DONE(symmetric_key *skey)
+{
+}
+
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/aes/aes_tab.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 /* The precomputed tables for AES */
 /*

src/ciphers/anubis.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**
@@ -27,7 +27,9 @@ const struct ltc_cipher_descriptor anubis_desc = {
    &anubis_ecb_encrypt,
    &anubis_ecb_decrypt,
    &anubis_test,
-   &anubis_keysize
+   &anubis_done,
+   &anubis_keysize,
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 #define MIN_N           4 
@@ -1168,7 +1170,7 @@ int anubis_test(void)
      int keylen;
      unsigned char pt[16], ct[16], key[40];
   } tests[] = {
-#ifndef ANUBIS_TWEAK
+#ifndef ANUBIS_TWEAK
   /**** ORIGINAL ANUBIS ****/
   /* 128 bit keys */
 {
@@ -1325,24 +1327,24 @@ int anubis_test(void)
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
-}
-#else
-  /**** Tweaked ANUBIS ****/
+}
+#else
+  /**** Tweaked ANUBIS ****/
   /* 128 bit keys */
 {
-   16,
+   16,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0xB8, 0x35, 0xBD, 0xC3, 0x34, 0x82, 0x9D, 0x83,
-     0x71, 0xBF, 0xA3, 0x71, 0xE4, 0xB3, 0xC4, 0xFD },
+   { 0xB8, 0x35, 0xBD, 0xC3, 0x34, 0x82, 0x9D, 0x83,
+     0x71, 0xBF, 0xA3, 0x71, 0xE4, 0xB3, 0xC4, 0xFD },
    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
 }, {
    16,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0xE6, 0x14, 0x1E, 0xAF, 0xEB, 0xE0, 0x59, 0x3C,
-     0x48, 0xE1, 0xCD, 0xF2, 0x1B, 0xBA, 0xA1, 0x89 },
+   { 0xE6, 0x14, 0x1E, 0xAF, 0xEB, 0xE0, 0x59, 0x3C,
+     0x48, 0xE1, 0xCD, 0xF2, 0x1B, 0xBA, 0xA1, 0x89 },
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
 },
@@ -1352,8 +1354,8 @@ int anubis_test(void)
    20,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x97, 0x59, 0x79, 0x4B, 0x5C, 0xA0, 0x70, 0x73,
-     0x24, 0xEF, 0xB3, 0x58, 0x67, 0xCA, 0xD4, 0xB3 },
+   { 0x97, 0x59, 0x79, 0x4B, 0x5C, 0xA0, 0x70, 0x73,
+     0x24, 0xEF, 0xB3, 0x58, 0x67, 0xCA, 0xD4, 0xB3 },
    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00 }
@@ -1361,8 +1363,8 @@ int anubis_test(void)
    20,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0xB8, 0x0D, 0xFB, 0x9B, 0xE4, 0xA1, 0x58, 0x87,
-     0xB3, 0x76, 0xD5, 0x02, 0x18, 0x95, 0xC1, 0x2E },
+   { 0xB8, 0x0D, 0xFB, 0x9B, 0xE4, 0xA1, 0x58, 0x87,
+     0xB3, 0x76, 0xD5, 0x02, 0x18, 0x95, 0xC1, 0x2E },
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x01 }
@@ -1373,8 +1375,8 @@ int anubis_test(void)
    24,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x7D, 0x62, 0x3B, 0x52, 0xC7, 0x4C, 0x64, 0xD8,
-     0xEB, 0xC7, 0x2D, 0x57, 0x97, 0x85, 0x43, 0x8F },
+   { 0x7D, 0x62, 0x3B, 0x52, 0xC7, 0x4C, 0x64, 0xD8,
+     0xEB, 0xC7, 0x2D, 0x57, 0x97, 0x85, 0x43, 0x8F },
    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }
@@ -1382,8 +1384,8 @@ int anubis_test(void)
    24,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0xB1, 0x0A, 0x59, 0xDD, 0x5D, 0x5D, 0x8D, 0x67,
-     0xEC, 0xEE, 0x4A, 0xC4, 0xBE, 0x4F, 0xA8, 0x4F },
+   { 0xB1, 0x0A, 0x59, 0xDD, 0x5D, 0x5D, 0x8D, 0x67,
+     0xEC, 0xEE, 0x4A, 0xC4, 0xBE, 0x4F, 0xA8, 0x4F },
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
@@ -1394,8 +1396,8 @@ int anubis_test(void)
    28,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x68, 0x9E, 0x05, 0x94, 0x6A, 0x94, 0x43, 0x8F,
-     0xE7, 0x8E, 0x37, 0x3D, 0x24, 0x97, 0x92, 0xF5 },
+   { 0x68, 0x9E, 0x05, 0x94, 0x6A, 0x94, 0x43, 0x8F,
+     0xE7, 0x8E, 0x37, 0x3D, 0x24, 0x97, 0x92, 0xF5 },
    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1404,8 +1406,8 @@ int anubis_test(void)
    28,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0xDD, 0xB7, 0xB0, 0xB4, 0xE9, 0xB4, 0x9B, 0x9C,
-     0x38, 0x20, 0x25, 0x0B, 0x47, 0xC2, 0x1F, 0x89 },
+   { 0xDD, 0xB7, 0xB0, 0xB4, 0xE9, 0xB4, 0x9B, 0x9C,
+     0x38, 0x20, 0x25, 0x0B, 0x47, 0xC2, 0x1F, 0x89 },
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1417,8 +1419,8 @@ int anubis_test(void)
    32,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x96, 0x00, 0xF0, 0x76, 0x91, 0x69, 0x29, 0x87,
-     0xF5, 0xE5, 0x97, 0xDB, 0xDB, 0xAF, 0x1B, 0x0A },
+   { 0x96, 0x00, 0xF0, 0x76, 0x91, 0x69, 0x29, 0x87,
+     0xF5, 0xE5, 0x97, 0xDB, 0xDB, 0xAF, 0x1B, 0x0A },
    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1427,8 +1429,8 @@ int anubis_test(void)
    32,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x69, 0x9C, 0xAF, 0xDD, 0x94, 0xC7, 0xBC, 0x60,
-     0x44, 0xFE, 0x02, 0x05, 0x8A, 0x6E, 0xEF, 0xBD },
+   { 0x69, 0x9C, 0xAF, 0xDD, 0x94, 0xC7, 0xBC, 0x60,
+     0x44, 0xFE, 0x02, 0x05, 0x8A, 0x6E, 0xEF, 0xBD },
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1440,8 +1442,8 @@ int anubis_test(void)
    36,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x0F, 0xC7, 0xA2, 0xC0, 0x11, 0x17, 0xAC, 0x43,
-     0x52, 0x5E, 0xDF, 0x6C, 0xF3, 0x96, 0x33, 0x6C },
+   { 0x0F, 0xC7, 0xA2, 0xC0, 0x11, 0x17, 0xAC, 0x43,
+     0x52, 0x5E, 0xDF, 0x6C, 0xF3, 0x96, 0x33, 0x6C },
    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1451,8 +1453,8 @@ int anubis_test(void)
    36,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0xAD, 0x08, 0x4F, 0xED, 0x55, 0xA6, 0x94, 0x3E,
-     0x7E, 0x5E, 0xED, 0x05, 0xA1, 0x9D, 0x41, 0xB4 },
+   { 0xAD, 0x08, 0x4F, 0xED, 0x55, 0xA6, 0x94, 0x3E,
+     0x7E, 0x5E, 0xED, 0x05, 0xA1, 0x9D, 0x41, 0xB4 },
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1465,8 +1467,8 @@ int anubis_test(void)
    40,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0xFE, 0xE2, 0x0E, 0x2A, 0x9D, 0xC5, 0x83, 0xBA,
-     0xA3, 0xA6, 0xD6, 0xA6, 0xF2, 0xE8, 0x06, 0xA5 },
+   { 0xFE, 0xE2, 0x0E, 0x2A, 0x9D, 0xC5, 0x83, 0xBA,
+     0xA3, 0xA6, 0xD6, 0xA6, 0xF2, 0xE8, 0x06, 0xA5 },
    { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -1476,15 +1478,15 @@ int anubis_test(void)
    40,
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
-   { 0x86, 0x3D, 0xCC, 0x4A, 0x60, 0x34, 0x9C, 0x28,
-     0xA7, 0xDA, 0xA4, 0x3B, 0x0A, 0xD7, 0xFD, 0xC7 },
+   { 0x86, 0x3D, 0xCC, 0x4A, 0x60, 0x34, 0x9C, 0x28,
+     0xA7, 0xDA, 0xA4, 0x3B, 0x0A, 0xD7, 0xFD, 0xC7 },
    { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
      0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }
-}
-#endif
+}
+#endif
 };
    int x, y;
    unsigned char buf[2][16];
@@ -1509,6 +1511,13 @@ int anubis_test(void)
 #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void anubis_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/blowfish.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 /**
   @file blowfish.c
@@ -25,7 +25,9 @@ const struct ltc_cipher_descriptor blowfish_desc =
     &blowfish_ecb_encrypt,
     &blowfish_ecb_decrypt,
     &blowfish_test,
-    &blowfish_keysize
+    &blowfish_done,
+    &blowfish_keysize,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 ORIG_P[16 + 2] = {
@@ -553,6 +555,13 @@ int blowfish_test(void)
  #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void blowfish_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/cast5.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
  
  /** 
@@ -25,7 +25,9 @@ const struct ltc_cipher_descriptor cast5_desc = {
    &cast5_ecb_encrypt,
    &cast5_ecb_decrypt,
    &cast5_test,
-   &cast5_keysize
+   &cast5_done,
+   &cast5_keysize,
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 S1[256] = {
@@ -683,6 +685,13 @@ int cast5_test(void)
  #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void cast5_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/des.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 
@@ -29,7 +29,9 @@ const struct ltc_cipher_descriptor des_desc =
     &des_ecb_encrypt,
     &des_ecb_decrypt,
     &des_test,
-    &des_keysize
+    &des_done,
+    &des_keysize,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 const struct ltc_cipher_descriptor des3_desc =
@@ -41,7 +43,9 @@ const struct ltc_cipher_descriptor des3_desc =
     &des3_ecb_encrypt,
     &des3_ecb_decrypt,
     &des3_test,
-    &des3_keysize
+    &des3_done,
+    &des3_keysize,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 bytebit[8] =
@@ -1476,7 +1480,7 @@ static void _desfunc(ulong32 *block, const ulong32 *keys)
     work = ((leftt >> 8) ^ right) & 0x00ff00ffL;
     right ^= work;
     leftt ^= (work << 8);
-    // --
+    /* -- */
     work = ((leftt >> 2) ^ right) & 0x33333333L;
     right ^= work;
     leftt ^= (work << 2);
@@ -1665,7 +1669,7 @@ int des_test(void)
  #else    
     int err;
     static const struct des_test_case {
-        int num, mode; // mode 1 = encrypt
+        int num, mode; /* mode 1 = encrypt */
         unsigned char key[8], txt[8], out[8];
     } cases[] = {
         { 1, 1,     { 0x10, 0x31, 0x6E, 0x02, 0x8C, 0x8F, 0x3B, 0x4A },
@@ -1837,6 +1841,21 @@ int des3_test(void)
  #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void des_done(symmetric_key *skey)
+{
+}
+
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void des3_done(symmetric_key *skey)
+{
+}
+
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/khazad.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 
@@ -26,7 +26,9 @@ const struct ltc_cipher_descriptor khazad_desc = {
    &khazad_ecb_encrypt,
    &khazad_ecb_decrypt,
    &khazad_test,
-   &khazad_keysize
+   &khazad_done,
+   &khazad_keysize,
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 #define R      8 
@@ -819,6 +821,13 @@ int khazad_test(void)
 #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void khazad_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/noekeon.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 /**
    @file noekeon.c
@@ -25,7 +25,9 @@ const struct ltc_cipher_descriptor noekeon_desc =
     &noekeon_ecb_encrypt,
     &noekeon_ecb_decrypt,
     &noekeon_test,
-    &noekeon_keysize
+    &noekeon_done,
+    &noekeon_keysize,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 RC[] = {
@@ -263,6 +265,13 @@ int noekeon_test(void)
  #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void noekeon_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/rc2.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 /**********************************************************************\
 * To commemorate the 1996 RSA Data Security Conference, the following  *
@@ -34,7 +34,9 @@ const struct ltc_cipher_descriptor rc2_desc = {
    &rc2_ecb_encrypt,
    &rc2_ecb_decrypt,
    &rc2_test,
-   &rc2_keysize
+   &rc2_done,
+   &rc2_keysize,
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 /* 256-entry permutation table, probably derived somehow from pi */
@@ -319,6 +321,13 @@ int rc2_test(void)
    #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void rc2_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/rc5.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**
@@ -27,7 +27,9 @@ const struct ltc_cipher_descriptor rc5_desc =
     &rc5_ecb_encrypt,
     &rc5_ecb_decrypt,
     &rc5_test,
-    &rc5_keysize
+    &rc5_done,
+    &rc5_keysize,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 stab[50] = {
@@ -279,6 +281,13 @@ int rc5_test(void)
   #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void rc5_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/rc6.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**
@@ -26,7 +26,9 @@ const struct ltc_cipher_descriptor rc6_desc =
     &rc6_ecb_encrypt,
     &rc6_ecb_decrypt,
     &rc6_test,
-    &rc6_keysize
+    &rc6_done,
+    &rc6_keysize,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 stab[44] = {
@@ -309,6 +311,13 @@ int rc6_test(void)
   #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void rc6_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/safer/safer.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /*******************************************************************************
@@ -40,7 +40,9 @@ const struct ltc_cipher_descriptor
    &safer_ecb_encrypt,
    &safer_ecb_decrypt,
    &safer_k64_test,
-   &safer_64_keysize
+   &safer_done,
+   &safer_64_keysize,
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL
    },
 
    safer_sk64_desc = {
@@ -50,7 +52,9 @@ const struct ltc_cipher_descriptor
    &safer_ecb_encrypt,
    &safer_ecb_decrypt,
    &safer_sk64_test,
-   &safer_64_keysize
+   &safer_done,
+   &safer_64_keysize,
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL
    },
 
    safer_k128_desc = {
@@ -60,7 +64,9 @@ const struct ltc_cipher_descriptor
    &safer_ecb_encrypt,
    &safer_ecb_decrypt,
    &safer_sk128_test,
-   &safer_128_keysize
+   &safer_done,
+   &safer_128_keysize,
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL
    },
 
    safer_sk128_desc = {
@@ -70,11 +76,13 @@ const struct ltc_cipher_descriptor
    &safer_ecb_encrypt,
    &safer_ecb_decrypt,
    &safer_sk128_test,
-   &safer_128_keysize
+   &safer_done,
+   &safer_128_keysize,
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL
    };
 
 /******************* Constants ************************************************/
-// #define TAB_LEN      256
+/* #define TAB_LEN      256  */
 
 /******************* Assertions ***********************************************/
 
@@ -428,6 +436,13 @@ int safer_sk64_test(void)
   #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void safer_done(symmetric_key *skey)
+{
+}
+
 int safer_sk128_test(void)
 {
  #ifndef LTC_TEST

src/ciphers/safer/safer_tab.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**

src/ciphers/safer/saferp.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 
@@ -26,7 +26,9 @@ const struct ltc_cipher_descriptor saferp_desc =
     &saferp_ecb_encrypt,
     &saferp_ecb_decrypt,
     &saferp_test,
-    &saferp_keysize
+    &saferp_done,
+    &saferp_keysize,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 /* ROUND(b,i) 
@@ -516,6 +518,13 @@ int saferp_test(void)
  #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void saferp_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/skipjack.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**
@@ -26,7 +26,9 @@ const struct ltc_cipher_descriptor skipjack_desc =
     &skipjack_ecb_encrypt,
     &skipjack_ecb_decrypt,
     &skipjack_test,
-    &skipjack_keysize
+    &skipjack_done,
+    &skipjack_keysize,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const unsigned char sbox[256] = {
@@ -303,6 +305,13 @@ int skipjack_test(void)
   #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void skipjack_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/twofish/twofish.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
  /** 
@@ -33,7 +33,9 @@ const struct ltc_cipher_descriptor twofish_desc =
     &twofish_ecb_encrypt,
     &twofish_ecb_decrypt,
     &twofish_test,
-    &twofish_keysize
+    &twofish_done,
+    &twofish_keysize,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 /* the two polynomials */
@@ -665,6 +667,13 @@ int twofish_test(void)
 #endif 
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void twofish_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/ciphers/twofish/twofish_tab.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
  /**

src/ciphers/xtea.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**
@@ -26,7 +26,9 @@ const struct ltc_cipher_descriptor xtea_desc =
     &xtea_ecb_encrypt,
     &xtea_ecb_decrypt,
     &xtea_test,
-    &xtea_keysize
+    &xtea_done,
+    &xtea_keysize,
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)
@@ -172,6 +174,13 @@ int xtea_test(void)
  #endif
 }
 
+/** Terminate the context 
+   @param skey    The scheduled key
+*/
+void xtea_done(symmetric_key *skey)
+{
+}
+
 /**
   Gets suitable key size
   @param keysize [in/out] The length of the recommended key (in bytes).  This function will store the suitable size back in this variable.

src/encauth/ccm/ccm_memory.c

@@ -0,0 +1,306 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+  @file ccm_memory.c
+  CCM support, process a block of memory, Tom St Denis
+*/
+
+#ifdef CCM_MODE
+
+/**
+   CCM encrypt/decrypt and produce an authentication tag
+   @param cipher     The index of the cipher desired
+   @param key        The secret key to use
+   @param keylen     The length of the secret key (octets)
+   @param nonce      The session nonce [use once]
+   @param noncelen   The length of the nonce
+   @param header     The header for the session
+   @param headerlen  The length of the header (octets)
+   @param pt         [out] The plaintext
+   @param ptlen      The length of the plaintext (octets)
+   @param ct         [out] The ciphertext
+   @param tag        [out] The destination tag
+   @param taglen     [in/out] The max size and resulting size of the authentication tag
+   @param direction  Encrypt or Decrypt direction (0 or 1)
+   @return CRYPT_OK if successful
+*/
+int ccm_memory(int cipher,
+    const unsigned char *key,    unsigned long keylen,
+    const unsigned char *nonce,  unsigned long noncelen,
+    const unsigned char *header, unsigned long headerlen,
+          unsigned char *pt,     unsigned long ptlen,
+          unsigned char *ct,
+          unsigned char *tag,    unsigned long *taglen,
+                    int  direction)
+{
+   unsigned char  PAD[16], ctr[16], CTRPAD[16], b;
+   symmetric_key *skey;
+   int            err;
+   unsigned long  len, L, x, y, z, CTRlen;
+
+   LTC_ARGCHK(key    != NULL);
+   LTC_ARGCHK(nonce  != NULL);
+   if (headerlen > 0) {
+      LTC_ARGCHK(header != NULL);
+   }
+   LTC_ARGCHK(pt     != NULL);
+   LTC_ARGCHK(ct     != NULL);
+   LTC_ARGCHK(tag    != NULL);
+   LTC_ARGCHK(taglen != NULL);
+
+#ifdef LTC_FAST
+   if (16 % sizeof(LTC_FAST_TYPE)) {
+      return CRYPT_INVALID_ARG;
+   }
+#endif
+
+   /* check cipher input */
+   if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+      return err;
+   }
+   if (cipher_descriptor[cipher].block_length != 16) {
+      return CRYPT_INVALID_CIPHER;
+   }
+
+   /* make sure the taglen is even and <= 16 */
+   *taglen &= ~1;
+   if (*taglen > 16) {
+      *taglen = 16;
+   }
+
+   /* can't use < 4 */
+   if (*taglen < 4) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   /* is there an accelerator? */
+   if (cipher_descriptor[cipher].accel_ccm_memory != NULL) {
+       cipher_descriptor[cipher].accel_ccm_memory(
+           key,    keylen,
+           nonce,  noncelen,
+           header, headerlen,
+           pt,     ptlen,
+           ct, 
+           tag,    taglen,
+           direction);
+      return CRYPT_OK;
+   }
+
+   /* let's get the L value */
+   len = ptlen;
+   L   = 0;
+   while (len) {
+      ++L;
+      len >>= 8;
+   }
+   if (L <= 1) {
+      L = 2;
+   }
+
+   /* increase L to match the nonce len */
+   noncelen = (noncelen > 13) ? 13 : noncelen;
+   if ((15 - noncelen) > L) {
+      L = 15 - noncelen;
+   }
+
+   /* allocate mem for the symmetric key */
+   skey = XMALLOC(sizeof(*skey));
+   if (skey == NULL) {
+      return CRYPT_MEM;
+   }
+
+   /* initialize the cipher */
+   if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, skey)) != CRYPT_OK) {
+      XFREE(skey);
+      return err;
+   }
+
+   /* form B_0 == flags | Nonce N | l(m) */
+   x = 0;
+   PAD[x++] = ((headerlen > 0) ? (1<<6) : 0) |
+            (((*taglen - 2)>>1)<<3)        |
+            (L-1);
+
+   /* nonce */
+   for (y = 0; y < (16 - (L + 1)); y++) {
+       PAD[x++] = nonce[y];
+   }
+
+   /* store len */
+   len = ptlen;
+
+   /* shift len so the upper bytes of len are the contents of the length */
+   for (y = L; y < 4; y++) {
+       len <<= 8;
+   }
+
+   /* store l(m) (only store 32-bits) */
+   for (y = 0; L > 4 && (L-y)>4; y++) {
+       PAD[x++] = 0;
+   }
+   for (; y < L; y++) {
+       PAD[x++] = (len >> 24) & 255;
+       len <<= 8;
+   }
+
+   /* encrypt PAD */
+   cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+
+   /* handle header */
+   if (headerlen > 0) {
+      x = 0;
+      
+      /* store length */
+      if (headerlen < ((1UL<<16) - (1UL<<8))) {
+         PAD[x++] ^= (headerlen>>8) & 255;
+         PAD[x++] ^= headerlen & 255;
+      } else {
+         PAD[x++] ^= 0xFF;
+         PAD[x++] ^= 0xFE;
+         PAD[x++] ^= (headerlen>>24) & 255;
+         PAD[x++] ^= (headerlen>>16) & 255;
+         PAD[x++] ^= (headerlen>>8) & 255;
+         PAD[x++] ^= headerlen & 255;
+      }
+
+      /* now add the data */
+      for (y = 0; y < headerlen; y++) {
+          if (x == 16) {
+             /* full block so let's encrypt it */
+             cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+             x = 0;
+          }
+          PAD[x++] ^= header[y];
+      }
+
+      /* remainder? */
+      if (x != 0) {
+         cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+      }
+   }
+
+   /* setup the ctr counter */
+   x = 0;
+
+   /* flags */
+   ctr[x++] = L-1;
+ 
+   /* nonce */
+   for (y = 0; y < (16 - (L+1)); ++y) {
+      ctr[x++] = nonce[y];
+   }
+   /* offset */
+   while (x < 16) {
+      ctr[x++] = 0;
+   }
+
+   x      = 0;
+   CTRlen = 16;
+
+   /* now handle the PT */
+   if (ptlen > 0) {
+      y = 0;
+#ifdef LTC_FAST
+      if (ptlen & ~15)  {
+          if (direction == CCM_ENCRYPT) {
+             for (; y < (ptlen & ~15); y += 16) {
+                /* increment the ctr? */
+                for (z = 15; z > 15-L; z--) {
+                    ctr[z] = (ctr[z] + 1) & 255;
+                    if (ctr[z]) break;
+                }
+                cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+
+                /* xor the PT against the pad first */
+                for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
+                    *((LTC_FAST_TYPE*)(&PAD[z]))  ^= *((LTC_FAST_TYPE*)(&pt[y+z]));
+                    *((LTC_FAST_TYPE*)(&ct[y+z])) = *((LTC_FAST_TYPE*)(&pt[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z]));
+                }
+                cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+             }
+         } else {
+             for (; y < (ptlen & ~15); y += 16) {
+                /* increment the ctr? */
+                for (z = 15; z > 15-L; z--) {
+                    ctr[z] = (ctr[z] + 1) & 255;
+                    if (ctr[z]) break;
+                }
+                cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+
+                /* xor the PT against the pad last */
+                for (z = 0; z < 16; z += sizeof(LTC_FAST_TYPE)) {
+                    *((LTC_FAST_TYPE*)(&pt[y+z])) = *((LTC_FAST_TYPE*)(&ct[y+z])) ^ *((LTC_FAST_TYPE*)(&CTRPAD[z]));
+                    *((LTC_FAST_TYPE*)(&PAD[z]))  ^= *((LTC_FAST_TYPE*)(&pt[y+z]));
+                }
+                cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+             }
+         }
+     }
+#endif
+
+      for (; y < ptlen; y++) {
+          /* increment the ctr? */
+          if (CTRlen == 16) {
+             for (z = 15; z > 15-L; z--) {
+                 ctr[z] = (ctr[z] + 1) & 255;
+                 if (ctr[z]) break;
+             }
+             cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+             CTRlen = 0;
+          }
+
+          /* if we encrypt we add the bytes to the MAC first */
+          if (direction == CCM_ENCRYPT) {
+             b     = pt[y];
+             ct[y] = b ^ CTRPAD[CTRlen++];
+          } else {
+             b     = ct[y] ^ CTRPAD[CTRlen++];
+             pt[y] = b;
+          }
+
+          if (x == 16) {
+             cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+             x = 0;
+          }
+          PAD[x++] ^= b;
+      }
+             
+      if (x != 0) {
+         cipher_descriptor[cipher].ecb_encrypt(PAD, PAD, skey);
+      }
+   }
+
+   /* setup CTR for the TAG */
+   ctr[14] = ctr[15] = 0x00;
+   cipher_descriptor[cipher].ecb_encrypt(ctr, CTRPAD, skey);
+   cipher_descriptor[cipher].done(skey);
+
+   /* store the TAG */
+   for (x = 0; x < 16 && x < *taglen; x++) {
+       tag[x] = PAD[x] ^ CTRPAD[x];
+   }
+   *taglen = x;
+
+#ifdef LTC_CLEAN_STACK
+   zeromem(skey,   sizeof(*skey));
+   zeromem(B,      sizeof(B));
+   zeromem(PAD,    sizeof(PAD));
+   zeromem(CTRPAD, sizeof(CTRPAD));
+#endif
+
+   XFREE(skey);
+
+   return CRYPT_OK;
+}
+
+#endif

src/encauth/ccm/ccm_test.c

@@ -0,0 +1,170 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+  @file ccm_test.c
+  CCM support, process a block of memory, Tom St Denis
+*/
+
+#ifdef CCM_MODE
+
+int ccm_test(void)
+{
+#ifndef LTC_TEST
+   return CRYPT_NOP;
+#else
+   static const struct {
+       unsigned char key[16];
+       unsigned char nonce[16];
+       int           noncelen;
+       unsigned char header[64];
+       int           headerlen;
+       unsigned char pt[64];
+       int           ptlen;
+       unsigned char ct[64];
+       unsigned char tag[16];
+       int           taglen;
+   } tests[] = {
+
+/* 13 byte nonce, 8 byte auth, 23 byte pt */
+{
+   { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 
+     0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF },
+   { 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xA0, 
+     0xA1, 0xA2, 0xA3, 0xA4, 0xA5 },
+   13,
+   { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 },
+   8,
+   { 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+     0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+     0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E },
+   23,
+   { 0x58, 0x8C, 0x97, 0x9A, 0x61, 0xC6, 0x63, 0xD2,
+     0xF0, 0x66, 0xD0, 0xC2, 0xC0, 0xF9, 0x89, 0x80,
+     0x6D, 0x5F, 0x6B, 0x61, 0xDA, 0xC3, 0x84 },
+   { 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 },
+   8
+},
+
+/* 13 byte nonce, 12 byte header, 19 byte pt */
+{
+   { 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7, 
+     0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF },
+   { 0x00, 0x00, 0x00, 0x06, 0x05, 0x04, 0x03, 0xA0, 
+     0xA1, 0xA2, 0xA3, 0xA4, 0xA5 },
+   13,
+   { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+     0x08, 0x09, 0x0A, 0x0B },
+   12,
+   { 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 
+     0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 
+     0x1C, 0x1D, 0x1E },
+   19,
+   { 0xA2, 0x8C, 0x68, 0x65, 0x93, 0x9A, 0x9A, 0x79, 
+     0xFA, 0xAA, 0x5C, 0x4C, 0x2A, 0x9D, 0x4A, 0x91, 
+     0xCD, 0xAC, 0x8C },
+   { 0x96, 0xC8, 0x61, 0xB9, 0xC9, 0xE6, 0x1E, 0xF1 },
+   8
+},
+
+/* supplied by Brian Gladman */
+{
+   { 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 
+     0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f },
+   { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16  },
+   7,
+   { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 },
+   8,
+   { 0x20, 0x21, 0x22, 0x23 },
+   4,
+   { 0x71, 0x62, 0x01, 0x5b },
+   { 0x4d, 0xac, 0x25, 0x5d },
+   4
+},
+
+{
+   { 0xc9, 0x7c, 0x1f, 0x67, 0xce, 0x37, 0x11, 0x85, 
+     0x51, 0x4a, 0x8a, 0x19, 0xf2, 0xbd, 0xd5, 0x2f },
+   { 0x00, 0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0xb5, 
+     0x03, 0x97, 0x76, 0xe7, 0x0c },
+   13,
+   { 0x08, 0x40, 0x0f, 0xd2, 0xe1, 0x28, 0xa5, 0x7c, 
+     0x50, 0x30, 0xf1, 0x84, 0x44, 0x08, 0xab, 0xae, 
+     0xa5, 0xb8, 0xfc, 0xba, 0x00, 0x00 },
+   22,
+   { 0xf8, 0xba, 0x1a, 0x55, 0xd0, 0x2f, 0x85, 0xae, 
+     0x96, 0x7b, 0xb6, 0x2f, 0xb6, 0xcd, 0xa8, 0xeb, 
+     0x7e, 0x78, 0xa0, 0x50 },
+   20,
+   { 0xf3, 0xd0, 0xa2, 0xfe, 0x9a, 0x3d, 0xbf, 0x23, 
+     0x42, 0xa6, 0x43, 0xe4, 0x32, 0x46, 0xe8, 0x0c, 
+     0x3c, 0x04, 0xd0, 0x19 },
+   { 0x78, 0x45, 0xce, 0x0b, 0x16, 0xf9, 0x76, 0x23 },
+   8
+},
+
+};
+  unsigned long taglen, x;
+  unsigned char buf[64], buf2[64], tag2[16], tag[16];
+  int           err, idx;
+
+  idx = find_cipher("aes");
+  if (idx == -1) {
+     idx = find_cipher("rijndael");
+     if (idx == -1) {
+        return CRYPT_NOP;
+     }
+  }
+
+  for (x = 0; x < (sizeof(tests)/sizeof(tests[0])); x++) {
+      taglen = tests[x].taglen;
+      if ((err = ccm_memory(idx,
+                            tests[x].key, 16,
+                            tests[x].nonce, tests[x].noncelen,
+                            tests[x].header, tests[x].headerlen,
+                            (unsigned char*)tests[x].pt, tests[x].ptlen,
+                            buf,
+                            tag, &taglen, 0)) != CRYPT_OK) {
+         return err;
+      }
+
+      if (memcmp(buf, tests[x].ct, tests[x].ptlen)) {
+         return CRYPT_FAIL_TESTVECTOR;
+      }
+      if (memcmp(tag, tests[x].tag, tests[x].taglen)) {
+         return CRYPT_FAIL_TESTVECTOR;
+      }
+
+      if ((err = ccm_memory(idx,
+                            tests[x].key, 16,
+                            tests[x].nonce, tests[x].noncelen,
+                            tests[x].header, tests[x].headerlen,
+                            buf2, tests[x].ptlen,
+                            buf,
+                            tag2, &taglen, 1	)) != CRYPT_OK) {
+         return err;
+      }
+
+     if (memcmp(buf2, tests[x].pt, tests[x].ptlen)) {
+         return CRYPT_FAIL_TESTVECTOR;
+      }
+     if (memcmp(tag2, tests[x].tag, tests[x].taglen)) {
+         return CRYPT_FAIL_TESTVECTOR;
+     }
+ 
+
+  }
+  return CRYPT_OK;
+#endif
+}
+
+#endif

src/encauth/eax/eax_addheader.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 /** 
     @file eax_addheader.c

src/encauth/eax/eax_decrypt.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/encauth/eax/eax_decrypt_verify_memory.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**

src/encauth/eax/eax_done.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**
@@ -62,6 +62,11 @@ int eax_done(eax_state *eax, unsigned char *tag, unsigned long *taglen)
       goto LBL_ERR; 
    }
 
+   /* terminate the CTR chain */
+   if ((err = ctr_done(&eax->ctr)) != CRYPT_OK) {
+      goto LBL_ERR;
+   }
+
    /* compute N xor H xor C */
    for (x = 0; x < len && x < *taglen; x++) {
        tag[x] = eax->N[x] ^ headermac[x] ^ ctmac[x];

src/encauth/eax/eax_encrypt.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**

src/encauth/eax/eax_encrypt_authenticate_memory.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**

src/encauth/eax/eax_init.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/encauth/eax/eax_test.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/encauth/gcm/gcm_add_aad.c

@@ -0,0 +1,120 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_add_aad.c
+   GCM implementation, Add AAD data to the stream, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef GCM_MODE
+
+/**
+  Add AAD to the GCM state
+  @param gcm       The GCM state
+  @param adata     The additional authentication data to add to the GCM state
+  @param adatalen  The length of the AAD data.
+  @return CRYPT_OK on success
+ */
+int gcm_add_aad(gcm_state *gcm,
+               const unsigned char *adata,  unsigned long adatalen)
+{
+   unsigned long x, y;
+   int           err;
+
+   LTC_ARGCHK(gcm    != NULL);
+   if (adatalen > 0) {
+      LTC_ARGCHK(adata  != NULL);
+   }
+
+   if (gcm->buflen > 16 || gcm->buflen < 0) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* in IV mode? */
+   if (gcm->mode == GCM_MODE_IV) {
+      /* let's process the IV */
+      if (gcm->ivmode || gcm->buflen != 12) {
+         for (x = 0; x < (unsigned long)gcm->buflen; x++) {
+             gcm->X[x] ^= gcm->buf[x];
+         }
+         if (gcm->buflen) {
+            gcm->totlen += gcm->buflen * CONST64(8);
+            gcm_mult_h(gcm, gcm->X);
+         }
+ 
+         /* mix in the length */
+         zeromem(gcm->buf, 8);
+         STORE64H(gcm->totlen, gcm->buf+8);
+         for (x = 0; x < 16; x++) {
+             gcm->X[x] ^= gcm->buf[x];
+         }
+         gcm_mult_h(gcm, gcm->X);
+
+         /* copy counter out */ 
+         XMEMCPY(gcm->Y, gcm->X, 16);
+         zeromem(gcm->X, 16);
+      } else {
+         XMEMCPY(gcm->Y, gcm->buf, 12);
+         gcm->Y[12] = 0;
+         gcm->Y[13] = 0;
+         gcm->Y[14] = 0;
+         gcm->Y[15] = 1;
+      }
+      XMEMCPY(gcm->Y_0, gcm->Y, 16);
+      zeromem(gcm->buf, 16);
+      gcm->buflen = 0;
+      gcm->totlen = 0;
+      gcm->mode   = GCM_MODE_AAD;
+   }
+
+   if (gcm->mode != GCM_MODE_AAD || gcm->buflen >= 16) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   x = 0;
+#ifdef LTC_FAST
+   if (gcm->buflen == 0) {
+      for (x = 0; x < (adatalen & ~15); x += 16) {
+          for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+              *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&adata[x + y]));
+          }
+          gcm_mult_h(gcm, gcm->X);
+          gcm->totlen += 128;
+      }
+      adata += x;
+   }
+#endif
+
+
+   /* start adding AAD data to the state */
+   for (; x < adatalen; x++) {
+       gcm->buf[gcm->buflen++] = *adata++;
+
+       if (gcm->buflen == 16) {
+         /* GF mult it */
+         for (y = 0; y < 16; y++) {
+             gcm->X[y] ^= gcm->buf[y];
+         }
+         gcm_mult_h(gcm, gcm->X);
+         gcm->buflen = 0;
+         gcm->totlen += 128;
+      }
+   }
+
+   return CRYPT_OK;
+}
+#endif
+   

src/encauth/gcm/gcm_add_iv.c

@@ -0,0 +1,90 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_add_iv.c
+   GCM implementation, add IV data to the state, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef GCM_MODE
+
+/**
+  Add IV data to the GCM state
+  @param gcm    The GCM state
+  @param IV     The initial value data to add
+  @param IVlen  The length of the IV
+  @return CRYPT_OK on success
+ */
+int gcm_add_iv(gcm_state *gcm, 
+               const unsigned char *IV,     unsigned long IVlen)
+{
+   unsigned long x, y;
+   int           err;
+
+   LTC_ARGCHK(gcm != NULL);
+   if (IVlen > 0) {
+      LTC_ARGCHK(IV  != NULL);
+   }
+
+   /* must be in IV mode */
+   if (gcm->mode != GCM_MODE_IV) {
+      return CRYPT_INVALID_ARG;
+   }
+ 
+   if (gcm->buflen >= 16 || gcm->buflen < 0) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
+      return err;
+   }
+
+
+   /* trip the ivmode flag */
+   if (IVlen + gcm->buflen > 12) {
+      gcm->ivmode |= 1;
+   }
+
+   x = 0;
+#ifdef LTC_FAST
+   if (gcm->buflen == 0) {
+      for (x = 0; x < (IVlen & ~15); x += 16) {
+          for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+              *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&IV[x + y]));
+          }
+          gcm_mult_h(gcm, gcm->X);
+          gcm->totlen += 128;
+      }
+      IV += x;
+   }
+#endif
+
+   /* start adding IV data to the state */
+   for (; x < IVlen; x++) {
+       gcm->buf[gcm->buflen++] = *IV++;
+
+       if (gcm->buflen == 16) {
+         /* GF mult it */
+         for (y = 0; y < 16; y++) {
+             gcm->X[y] ^= gcm->buf[y];
+         }
+         gcm_mult_h(gcm, gcm->X);
+         gcm->buflen = 0;
+         gcm->totlen += 128;
+      }
+   }
+
+   return CRYPT_OK;
+}
+
+#endif
+   

src/encauth/gcm/gcm_done.c

@@ -0,0 +1,80 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_done.c
+   GCM implementation, Terminate the stream, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef GCM_MODE
+
+/**
+  Terminate a GCM stream
+  @param gcm     The GCM state
+  @param tag     [out] The destination for the MAC tag
+  @param taglen  [in/out]  The length of the MAC tag
+  @return CRYPT_OK on success
+ */
+int gcm_done(gcm_state *gcm, 
+                     unsigned char *tag,    unsigned long *taglen)
+{
+   unsigned long x;
+   int err;
+
+   LTC_ARGCHK(gcm     != NULL);
+   LTC_ARGCHK(tag     != NULL);
+   LTC_ARGCHK(taglen  != NULL);
+
+   if (gcm->buflen > 16 || gcm->buflen < 0) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
+      return err;
+   }
+
+
+   if (gcm->mode != GCM_MODE_TEXT) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   /* handle remaining ciphertext */
+   if (gcm->buflen) {
+      for (x = 0; x < (unsigned long)gcm->buflen; x++) {
+          gcm->X[x] ^= gcm->buf[x];  
+      }
+      gcm->pttotlen += gcm->buflen * CONST64(8);
+      gcm_mult_h(gcm, gcm->X);
+   }
+
+   /* length */
+   STORE64H(gcm->totlen, gcm->buf);
+   STORE64H(gcm->pttotlen, gcm->buf+8);
+   for (x = 0; x < 16; x++) {
+       gcm->X[x] ^= gcm->buf[x];
+   }
+   gcm_mult_h(gcm, gcm->X);
+
+   /* encrypt original counter */
+   cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y_0, gcm->buf, &gcm->K);
+   for (x = 0; x < 16 && x < *taglen; x++) {
+       tag[x] = gcm->buf[x] ^ gcm->X[x];
+   }
+   *taglen = x;
+
+   cipher_descriptor[gcm->cipher].done(&gcm->K);
+
+   return CRYPT_OK;
+}
+
+#endif
+

src/encauth/gcm/gcm_gf_mult.c

@@ -0,0 +1,89 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_gf_mult.c
+   GCM implementation, initialize state, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef GCM_MODE
+
+/* right shift */
+static void gcm_rightshift(unsigned char *a)
+{
+   int x;
+   for (x = 15; x > 0; x--) {
+       a[x] = (a[x]>>1) | ((a[x-1]<<7)&0x80);
+   }
+   a[0] >>= 1;
+}
+
+/* c = b*a */
+static const unsigned char mask[] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+static const unsigned char poly[] = { 0x00, 0xE1 };
+
+/**
+  GCM GF multiplier (internal use only) 
+  @param a   First value
+  @param b   Second value
+  @param c   Destination for a * b
+ */  
+void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
+{
+   unsigned char Z[16], V[16];
+   unsigned x, y, z;
+
+   zeromem(Z, 16);
+   XMEMCPY(V, a, 16);
+   for (x = 0; x < 128; x++) {
+       if (b[x>>3] & mask[x&7]) {
+          for (y = 0; y < 16; y++) {
+              Z[y] ^= V[y]; 
+          }
+       }
+       z     = V[15] & 0x01;
+       gcm_rightshift(V);
+       V[0] ^= poly[z];
+   }
+   XMEMCPY(c, Z, 16);
+}
+
+/**
+  GCM multiply by H
+  @param gcm   The GCM state which holds the H value
+  @param I     The value to multiply H by
+ */
+void gcm_mult_h(gcm_state *gcm, unsigned char *I)
+{
+   unsigned char T[16];
+#ifdef GCM_TABLES
+   int x, y;
+   XMEMCPY(T, &gcm->PC[0][I[0]][0], 16);
+   for (x = 1; x < 16; x++) {
+#ifdef LTC_FAST
+       for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+           *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y]));
+       }
+#else
+       for (y = 0; y < 16; y++) {
+           T[y] ^= gcm->PC[x][I[x]][y];
+       }
+#endif
+   }
+#else     
+   gcm_gf_mult(gcm->H, I, T); 
+#endif
+   XMEMCPY(I, T, 16);
+}
+
+
+#endif

src/encauth/gcm/gcm_init.c

@@ -0,0 +1,88 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_init.c
+   GCM implementation, initialize state, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef GCM_MODE
+
+/**
+  Initialize a GCM state
+  @param gcm     The GCM state to initialize
+  @param cipher  The index of the cipher to use
+  @param key     The secret key
+  @param keylen  The length of the secret key
+  @return CRYPT_OK on success
+ */
+int gcm_init(gcm_state *gcm, int cipher, 
+             const unsigned char *key,  int keylen)
+{
+   int           err;
+   unsigned char B[16];
+#ifdef GCM_TABLES
+   int           x, y;
+#endif
+
+   LTC_ARGCHK(gcm != NULL);
+   LTC_ARGCHK(key != NULL);
+
+#ifdef LTC_FAST
+   if (16 % sizeof(LTC_FAST_TYPE)) {
+      return CRYPT_INVALID_ARG;
+   }
+#endif
+
+   /* is cipher valid? */
+   if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+      return err;
+   }
+   if (cipher_descriptor[cipher].block_length != 16) {
+      return CRYPT_INVALID_CIPHER;
+   }
+
+   /* schedule key */
+   if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &gcm->K)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* H = E(0) */
+   zeromem(B, 16);
+   cipher_descriptor[cipher].ecb_encrypt(B, gcm->H, &gcm->K);
+
+   /* setup state */
+   zeromem(gcm->buf, sizeof(gcm->buf));
+   zeromem(gcm->X,   sizeof(gcm->X));
+   gcm->cipher   = cipher;
+   gcm->mode     = GCM_MODE_IV;
+   gcm->ivmode   = 0;
+   gcm->buflen   = 0;
+   gcm->totlen   = 0;
+   gcm->pttotlen = 0;
+
+#ifdef GCM_TABLES
+   /* setup tables */
+   zeromem(B, 16);
+   for (x = 0; x < 16; x++) {
+       for (y = 0; y < 256; y++) {
+            B[x] = y;
+            gcm_gf_mult(gcm->H, B, &gcm->PC[x][y][0]);
+       }
+       B[x] = 0;
+   }
+#endif
+
+   return CRYPT_OK;
+}
+
+#endif

src/encauth/gcm/gcm_memory.c

@@ -0,0 +1,89 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_memory.c
+   GCM implementation, process a packet, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef GCM_MODE
+
+/**
+  Process an entire GCM packet in one call.
+  @param cipher            Index of cipher to use
+  @param key               The secret key
+  @param keylen            The length of the secret key
+  @param IV                The initial vector 
+  @param IVlen             The length of the initial vector
+  @param adata             The additional authentication data (header)
+  @param adatalen          The length of the adata
+  @param pt                The plaintext
+  @param ptlen             The length of the plaintext (ciphertext length is the same)
+  @param ct                The ciphertext
+  @param tag               [out] The MAC tag
+  @param taglen            [in/out] The MAC tag length
+  @param direction         Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
+  @return CRYPT_OK on success
+ */
+int gcm_memory(      int           cipher,
+               const unsigned char *key,    unsigned long keylen,
+               const unsigned char *IV,     unsigned long IVlen,
+               const unsigned char *adata,  unsigned long adatalen,
+                     unsigned char *pt,     unsigned long ptlen,
+                     unsigned char *ct, 
+                     unsigned char *tag,    unsigned long *taglen,
+                               int direction)
+{
+    gcm_state *gcm;
+    int        err;
+
+    if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+       return err;
+    }
+ 
+    if (cipher_descriptor[cipher].accel_gcm_memory != NULL) {
+       cipher_descriptor[cipher].accel_gcm_memory
+                                          (key,   keylen,
+                                           IV,    IVlen,
+                                           adata, adatalen,
+                                           pt,    ptlen,
+                                           ct,
+                                           tag,   taglen,
+                                           direction);
+       return CRYPT_OK;
+    }
+
+
+    gcm = XMALLOC(sizeof(*gcm));
+    if (gcm == NULL) {
+        return CRYPT_MEM;
+    }
+
+    if ((err = gcm_init(gcm, cipher, key, keylen)) != CRYPT_OK) {
+       goto LTC_ERR;
+    }
+    if ((err = gcm_add_iv(gcm, IV, IVlen)) != CRYPT_OK) {
+       goto LTC_ERR;
+    }
+    if ((err = gcm_add_aad(gcm, adata, adatalen)) != CRYPT_OK) {
+       goto LTC_ERR;
+    }
+    if ((err = gcm_process(gcm, pt, ptlen, ct, direction)) != CRYPT_OK) {
+       goto LTC_ERR;
+    }
+    err = gcm_done(gcm, tag, taglen);
+LTC_ERR:
+    XFREE(gcm);
+    return err;
+}
+#endif
+

src/encauth/gcm/gcm_process.c

@@ -0,0 +1,147 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_process.c
+   GCM implementation, process message data, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef GCM_MODE
+
+/** 
+  Process plaintext/ciphertext through GCM
+  @param gcm       The GCM state 
+  @param pt        The plaintext
+  @param ptlen     The plaintext length (ciphertext length is the same)
+  @param ct        The ciphertext
+  @param direction Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
+  @return CRYPT_OK on success
+ */
+int gcm_process(gcm_state *gcm,
+                     unsigned char *pt,     unsigned long ptlen,
+                     unsigned char *ct,
+                     int direction)
+{
+   unsigned long x, y;
+   unsigned char b;
+   int           err;
+
+   LTC_ARGCHK(gcm != NULL);
+   LTC_ARGCHK(pt  != NULL);
+   LTC_ARGCHK(ct  != NULL);
+
+   if (gcm->buflen > 16 || gcm->buflen < 0) {
+      return CRYPT_INVALID_ARG;
+   }
+ 
+   if ((err = cipher_is_valid(gcm->cipher)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* in AAD mode? */
+   if (gcm->mode == GCM_MODE_AAD) {
+      /* let's process the AAD */
+      if (gcm->buflen) {
+         for (x = 0; x < (unsigned long)gcm->buflen; x++) {
+             gcm->X[x] ^= gcm->buf[x];
+         }
+         gcm->totlen += gcm->buflen * CONST64(8);
+         gcm_mult_h(gcm, gcm->X);
+      }
+
+      /* increment counter */
+      for (y = 15; y >= 12; y--) {
+          if (++gcm->Y[y]) { break; }
+      }
+      /* encrypt the counter */
+      cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);     
+
+      gcm->buflen = 0;
+      gcm->mode   = GCM_MODE_TEXT;
+   }
+
+   if (gcm->mode != GCM_MODE_TEXT) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   x = 0;
+#ifdef LTC_FAST
+   if (gcm->buflen == 0) {
+      if (direction == GCM_ENCRYPT) { 
+         for (x = 0; x < (ptlen & ~15); x += 16) {
+             /* ctr encrypt */
+             for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+                 *((LTC_FAST_TYPE*)(&ct[x + y])) = *((LTC_FAST_TYPE*)(&pt[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y]));
+                 *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y]));
+             }
+             /* GMAC it */
+             gcm->pttotlen += 128;
+             gcm_mult_h(gcm, gcm->X);
+             /* increment counter */
+             for (y = 15; y >= 12; y--) {
+                 if (++gcm->Y[y]) { break; }
+             }
+             cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
+         }
+      } else {
+         for (x = 0; x < (ptlen & ~15); x += 16) {
+             /* ctr encrypt */
+             for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+                 *((LTC_FAST_TYPE*)(&gcm->X[y])) ^= *((LTC_FAST_TYPE*)(&ct[x+y]));
+                 *((LTC_FAST_TYPE*)(&pt[x + y])) = *((LTC_FAST_TYPE*)(&ct[x+y])) ^ *((LTC_FAST_TYPE*)(&gcm->buf[y]));
+             }
+             /* GMAC it */
+             gcm->pttotlen += 128;
+             gcm_mult_h(gcm, gcm->X);
+             /* increment counter */
+             for (y = 15; y >= 12; y--) {
+                 if (++gcm->Y[y]) { break; }
+             }
+             cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
+         }
+     }
+   }
+#endif        
+
+   /* process text */
+   for (; x < ptlen; x++) {
+       if (gcm->buflen == 16) {
+          for (y = 0; y < 16; y++) {
+              gcm->X[y] ^= gcm->buf[y];
+          }
+          gcm->pttotlen += 128;
+          gcm_mult_h(gcm, gcm->X);
+          
+          /* increment counter */
+          for (y = 15; y >= 12; y--) {
+              if (++gcm->Y[y]) { break; }
+          }
+          cipher_descriptor[gcm->cipher].ecb_encrypt(gcm->Y, gcm->buf, &gcm->K);
+          gcm->buflen = 0;
+       }
+
+       if (direction == GCM_ENCRYPT) {
+          b = ct[x] = pt[x] ^ gcm->buf[gcm->buflen]; 
+       } else {
+          b = ct[x];
+          pt[x] = ct[x] ^ gcm->buf[gcm->buflen];
+       }
+       gcm->buf[gcm->buflen++] = b;          
+   }
+
+   return CRYPT_OK;
+}
+
+
+
+#endif
+   

src/encauth/gcm/gcm_reset.c

@@ -0,0 +1,40 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_reset.c
+   GCM implementation, reset a used state so it can accept IV data, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef GCM_MODE
+
+/**
+  Reset a GCM state to as if you just called gcm_init().  This saves the initialization time.
+  @param gcm   The GCM state to reset
+  @return CRYPT_OK on success
+*/
+int gcm_reset(gcm_state *gcm)
+{
+   LTC_ARGCHK(gcm != NULL);
+
+   zeromem(gcm->buf, sizeof(gcm->buf));
+   zeromem(gcm->X,   sizeof(gcm->X));
+   gcm->mode     = GCM_MODE_IV;
+   gcm->ivmode   = 0;
+   gcm->buflen   = 0;
+   gcm->totlen   = 0;
+   gcm->pttotlen = 0;
+  
+   return CRYPT_OK;
+}
+
+#endif

src/encauth/gcm/gcm_test.c

@@ -0,0 +1,361 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_test.c
+   GCM implementation, testing, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#ifdef GCM_MODE
+
+/** 
+  Test the GCM code
+  @return CRYPT_OK on success
+ */
+int gcm_test(void)
+{
+   static const struct {
+       unsigned char K[32];
+       int           keylen;
+       unsigned char P[64];
+       unsigned long ptlen;
+		 unsigned char A[64];
+       unsigned long alen;
+       unsigned char IV[64];
+       unsigned long IVlen;
+       unsigned char C[64];
+       unsigned char T[16];
+   } tests[] = {
+
+/* test case #1 */
+{
+  /* key */
+  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+  16,
+
+  /* plaintext */
+  { 0 },
+  0,
+
+  /* AAD data */
+  { 0 },
+  0,
+
+  /* IV */
+  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00 },
+  12,
+
+  /* ciphertext  */
+  { 0 },
+
+  /* tag */
+  { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
+    0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a }
+},
+
+/* test case #2 */
+{
+  /* key */
+  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+  16,
+
+  /* PT */
+  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+  16,
+
+  /* ADATA */
+  { 0 },
+  0,
+
+  /* IV */
+  { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00 },
+  12,
+
+  /* CT */
+  { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
+    0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
+
+  /* TAG */
+  { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
+    0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf }
+},
+
+/* test case #3 */
+{
+   /* key */
+   { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 
+     0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
+   16,
+
+   /* PT */
+   { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 
+     0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 
+     0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 
+     0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 
+     0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 
+     0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 
+     0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 
+     0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55, },
+  64,
+
+  /* ADATA */
+  { 0 },
+  0,
+
+  /* IV */
+  { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 
+    0xde, 0xca, 0xf8, 0x88,  },
+  12,
+ 
+  /* CT */
+  { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 
+    0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 
+    0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 
+    0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 
+    0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 
+    0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 
+    0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 
+    0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85, },
+
+  /* TAG */
+  { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6, 
+    0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4, }
+},
+
+/* test case #4 */
+{
+   /* key */
+   { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 
+     0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
+   16,
+
+   /* PT */
+   { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 
+     0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 
+     0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 
+     0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 
+     0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 
+     0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 
+     0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 
+     0xba, 0x63, 0x7b, 0x39,  },
+   60,
+
+   /* ADATA */
+   { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 
+     0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 
+     0xab, 0xad, 0xda, 0xd2,  },
+   20,
+
+   /* IV */
+   { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 
+     0xde, 0xca, 0xf8, 0x88,  },
+   12,
+
+   /* CT */
+   { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24, 
+     0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c, 
+     0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0, 
+     0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e, 
+     0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c, 
+     0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05, 
+     0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97, 
+     0x3d, 0x58, 0xe0, 0x91,  },
+
+   /* TAG */
+   { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb, 
+     0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47, }
+
+},
+
+/* test case #5 */
+{
+   /* key */
+   { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 
+     0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
+   16,
+
+   /* PT */
+   { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 
+     0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 
+     0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 
+     0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 
+     0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 
+     0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 
+     0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 
+     0xba, 0x63, 0x7b, 0x39,  },
+   60,
+
+   /* ADATA */
+   { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 
+     0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 
+     0xab, 0xad, 0xda, 0xd2,  },
+   20,
+
+   /* IV */
+   { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, },
+   8,
+
+   /* CT */
+   { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a, 
+     0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55, 
+     0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8, 
+     0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23, 
+     0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2, 
+     0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42, 
+     0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07, 
+     0xc2, 0x3f, 0x45, 0x98,  },
+
+   /* TAG */
+   { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85, 
+     0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb, }
+},
+
+/* test case #6 */
+{
+   /* key */
+   { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 
+     0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, },
+   16,
+
+   /* PT */
+   { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 
+     0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, 
+     0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 
+     0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 
+     0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, 
+     0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 
+     0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 
+     0xba, 0x63, 0x7b, 0x39,  },
+   60,
+
+   /* ADATA */
+   { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 
+     0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 
+     0xab, 0xad, 0xda, 0xd2,  },
+   20,
+
+   /* IV */
+   { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, 
+     0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, 
+     0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, 
+     0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, 
+     0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, 
+     0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, 
+     0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, 
+     0xa6, 0x37, 0xb3, 0x9b,  },
+   60,
+
+   /* CT */
+   { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6, 
+     0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94, 
+     0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8, 
+     0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7, 
+     0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90, 
+     0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f, 
+     0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03, 
+     0x4c, 0x34, 0xae, 0xe5,  },
+
+   /* TAG */
+   { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa, 
+     0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50, }
+}
+
+/* rest of test cases are the same except AES key size changes... ignored... */
+};
+   int           idx, err;
+   unsigned long x, y;
+   gcm_state     gcm;
+   unsigned char out[2][64], T[2][16];
+
+   /* find aes */
+   idx = find_cipher("aes");
+   if (idx == -1) {
+      idx = find_cipher("rijndael");
+      if (idx == -1) {
+         return CRYPT_NOP;
+      }
+   }
+
+   for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+       y = sizeof(T[0]);
+       if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
+                             tests[x].IV, tests[x].IVlen,
+                             tests[x].A, tests[x].alen,
+                             (unsigned char*)tests[x].P, tests[x].ptlen,
+                             out[0], T[0], &y, GCM_ENCRYPT)) != CRYPT_OK) {
+          return err;
+       }
+
+       if (memcmp(out[0], tests[x].C, tests[x].ptlen)) {
+#if 0
+          printf("\nCiphertext wrong %lu\n", x);
+          for (y = 0; y < tests[x].ptlen; y++) {
+              printf("%02x", out[0][y] & 255);
+          }
+          printf("\n");
+#endif
+          return CRYPT_FAIL_TESTVECTOR;
+       }
+
+       if (memcmp(T[0], tests[x].T, 16)) {
+#if 0
+          printf("\nTag on plaintext wrong %lu\n", x);
+          for (y = 0; y < 16; y++) {
+              printf("%02x", T[0][y] & 255);
+          }
+          printf("\n");
+#endif
+          return CRYPT_FAIL_TESTVECTOR;
+       }
+
+       y = sizeof(T[1]);
+       if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
+                             tests[x].IV, tests[x].IVlen,
+                             tests[x].A, tests[x].alen,
+                             out[1], tests[x].ptlen,
+                             out[0], T[1], &y, GCM_DECRYPT)) != CRYPT_OK) {
+          return err;
+       }
+
+       if (memcmp(out[1], tests[x].P, tests[x].ptlen)) {
+#if 0
+          printf("\nplaintext wrong %lu\n", x);
+          for (y = 0; y < tests[x].ptlen; y++) {
+              printf("%02x", out[0][y] & 255);
+          }
+          printf("\n");
+#endif
+          return CRYPT_FAIL_TESTVECTOR;
+       }
+
+       if (memcmp(T[1], tests[x].T, 16)) {
+#if 0
+          printf("\nTag on ciphertext wrong %lu\n", x);
+          for (y = 0; y < 16; y++) {
+              printf("%02x", T[1][y] & 255);
+          }
+          printf("\n");
+#endif
+          return CRYPT_FAIL_TESTVECTOR;
+       }
+
+   }
+   return CRYPT_OK;
+}
+
+#endif
+

src/encauth/ocb/ocb_decrypt.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**

src/encauth/ocb/ocb_decrypt_verify_memory.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/encauth/ocb/ocb_done_decrypt.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/encauth/ocb/ocb_done_encrypt.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/encauth/ocb/ocb_encrypt.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/encauth/ocb/ocb_encrypt_authenticate_memory.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/encauth/ocb/ocb_init.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**

src/encauth/ocb/ocb_ntz.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /**

src/encauth/ocb/ocb_shift_xor.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/encauth/ocb/ocb_test.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/encauth/ocb/s_ocb_done.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 
@@ -114,6 +114,7 @@ int s_ocb_done(ocb_state *ocb, const unsigned char *pt, unsigned long ptlen,
    
    /* encrypt checksum, er... tag!! */
    cipher_descriptor[ocb->cipher].ecb_encrypt(ocb->checksum, X, &ocb->key);
+   cipher_descriptor[ocb->cipher].done(&ocb->key);
 
    /* now store it */
    for (x = 0; x < ocb->block_len && x < (int)*taglen; x++) {

src/hashes/chc/chc.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 #include "tomcrypt.h"

src/hashes/helper/hash_file.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/helper/hash_filehandle.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/helper/hash_memory.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/helper/hash_memory_multi.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 #include <stdarg.h>

src/hashes/md2.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/md4.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/md5.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/rmd128.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/rmd160.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/sha1.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/sha2/sha224.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 /**
    @param sha224.c

src/hashes/sha2/sha256.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/sha2/sha384.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 /** 
    @param sha384.c

src/hashes/sha2/sha512.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 #include "tomcrypt.h"
 

src/hashes/tiger.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 #include "tomcrypt.h"

src/hashes/whirl/whirl.c

@@ -6,7 +6,7 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  *
- * Tom St Denis, tomstdenis@iahu.ca, http://libtomcrypt.org
+ * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
  */
 
 /** 

src/headers/ltc_tommath.h

@@ -44,7 +44,7 @@ extern "C" {
 
 /* detect 64-bit mode if possible */
 #if defined(__x86_64__) 
-   #if !(defined(MP_64BIT) || defined(MP_31BIT) || defined(MP_16BIT) || defined(MP_8BIT))
+   #if !(defined(MP_64BIT) && defined(MP_16BIT) && defined(MP_8BIT))
       #define MP_64BIT
    #endif
 #endif
@@ -112,7 +112,7 @@ extern "C" {
    #else
       /* prototypes for our heap functions */
       extern void *XMALLOC(size_t n);
-      extern void *REALLOC(void *p, size_t n);
+      extern void *XREALLOC(void *p, size_t n);
       extern void *XCALLOC(size_t n, size_t s);
       extern void XFREE(void *p);
    #endif
@@ -147,7 +147,6 @@ extern "C" {
 /* Primality generation flags */
 #define LTM_PRIME_BBS      0x0001 /* BBS style prime */
 #define LTM_PRIME_SAFE     0x0002 /* Safe prime (p-1)/2 == prime */
-#define LTM_PRIME_2MSB_OFF 0x0004 /* force 2nd MSB to 0 */
 #define LTM_PRIME_2MSB_ON  0x0008 /* force 2nd MSB to 1 */
 
 typedef int           mp_err;
@@ -429,6 +428,15 @@ int mp_reduce_2k_setup(mp_int *a, mp_digit *d);
 /* reduces a modulo b where b is of the form 2**p - k [0 <= a] */
 int mp_reduce_2k(mp_int *a, mp_int *n, mp_digit d);
 
+/* returns true if a can be reduced with mp_reduce_2k_l */
+int mp_reduce_is_2k_l(mp_int *a);
+
+/* determines k value for 2k reduction */
+int mp_reduce_2k_setup_l(mp_int *a, mp_int *d);
+
+/* reduces a modulo b where b is of the form 2**p - k [0 <= a] */
+int mp_reduce_2k_l(mp_int *a, mp_int *n, mp_int *d);
+
 /* d = a**b (mod c) */
 int mp_exptmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d);
 
@@ -509,14 +517,16 @@ int mp_prime_random_ex(mp_int *a, int t, int size, int flags, ltm_prime_callback
 int mp_count_bits(mp_int *a);
 
 int mp_unsigned_bin_size(mp_int *a);
-int mp_read_unsigned_bin(mp_int *a, unsigned char *b, int c);
+int mp_read_unsigned_bin(mp_int *a, const unsigned char *b, int c);
 int mp_to_unsigned_bin(mp_int *a, unsigned char *b);
+int mp_to_unsigned_bin_n (mp_int * a, unsigned char *b, unsigned long *outlen);
 
 int mp_signed_bin_size(mp_int *a);
-int mp_read_signed_bin(mp_int *a, unsigned char *b, int c);
-int mp_to_signed_bin(mp_int *a, unsigned char *b);
+int mp_read_signed_bin(mp_int *a, const unsigned char *b, int c);
+int mp_to_signed_bin(mp_int *a,  unsigned char *b);
+int mp_to_signed_bin_n (mp_int * a, unsigned char *b, unsigned long *outlen);
 
-int mp_read_radix(mp_int *a, char *str, int radix);
+int mp_read_radix(mp_int *a, const char *str, int radix);
 int mp_toradix(mp_int *a, char *str, int radix);
 int mp_toradix_n(mp_int * a, char *str, int radix, int maxlen);
 int mp_radix_size(mp_int *a, int radix, int *size);
@@ -554,7 +564,7 @@ int fast_mp_invmod(mp_int *a, mp_int *b, mp_int *c);
 int mp_invmod_slow (mp_int * a, mp_int * b, mp_int * c);
 int fast_mp_montgomery_reduce(mp_int *a, mp_int *m, mp_digit mp);
 int mp_exptmod_fast(mp_int *G, mp_int *X, mp_int *P, mp_int *Y, int mode);
-int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y);
+int s_mp_exptmod (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, int mode);
 void bn_reverse(unsigned char *s, int len);
 
 extern const char *mp_s_rmap;

src/headers/tomcrypt.h

@@ -16,8 +16,8 @@ extern "C" {
 #endif
 
 /* version */
-#define CRYPT   0x0100
-#define SCRYPT  "1.00"
+#define CRYPT   0x0101
+#define SCRYPT  "1.01"
 
 /* max size of either a cipher/hash block or symmetric key [largest of the two] */
 #define MAXBLOCKSIZE  128
@@ -66,6 +66,7 @@ enum {
 #include <tomcrypt_macros.h>
 #include <tomcrypt_cipher.h>
 #include <tomcrypt_hash.h>
+#include <tomcrypt_mac.h>
 #include <tomcrypt_prng.h>
 #include <tomcrypt_pk.h>
 #include <tomcrypt_misc.h>

src/headers/tomcrypt_cfg.h

@@ -9,7 +9,7 @@
 
 /* you can change how memory allocation works ... */
 void *XMALLOC(size_t n);
-void *REALLOC(void *p, size_t n);
+void *XREALLOC(void *p, size_t n);
 void *XCALLOC(size_t n, size_t s);
 void XFREE(void *p);
 
@@ -34,6 +34,8 @@ int   XMEMCMP(const void *s1, const void *s2, size_t n);
 #if defined(INTEL_CC) || (defined(_MSC_VER) && defined(WIN32)) || (defined(__GNUC__) && (defined(__DJGPP__) || defined(__CYGWIN__) || defined(__MINGW32__) || defined(__i386__)))
    #define ENDIAN_LITTLE
    #define ENDIAN_32BITWORD
+   #define LTC_FAST
+   #define LTC_FAST_TYPE    unsigned long
 #endif
 
 /* detects MIPS R5900 processors (PS2) */
@@ -46,6 +48,26 @@ int   XMEMCMP(const void *s1, const void *s2, size_t n);
 #if defined(__x86_64__)
    #define ENDIAN_LITTLE
    #define ENDIAN_64BITWORD
+   #define LTC_FAST
+   #define LTC_FAST_TYPE    unsigned long
+#endif
+
+#ifdef LTC_NO_FAST
+   #ifdef LTC_FAST
+      #undef LTC_FAST
+   #endif
+#endif
+
+/* No asm is a quick way to disable anything "not portable" */
+#ifdef LTC_NO_ASM
+   #undef ENDIAN_LITTLE
+   #undef ENDIAN_BIG
+   #undef ENDIAN_32BITWORD
+   #undef ENDIAN_64BITWORD
+   #undef LTC_FAST
+   #undef LTC_FAST_TYPE
+   #define LTC_NO_ROLC
+	#define LTC_NO_BSWAP
 #endif
 
 /* #define ENDIAN_LITTLE */

src/headers/tomcrypt_cipher.h

@@ -164,6 +164,7 @@ typedef union Symmetric_key {
 #ifdef ANUBIS
    struct anubis_key   anubis;
 #endif
+   void   *data;
 } symmetric_key;
 
 /* A block cipher ECB structure */
@@ -274,11 +275,109 @@ extern struct ltc_cipher_descriptor {
        @return CRYPT_OK if successful, CRYPT_NOP if self-testing has been disabled
    */
    int (*test)(void);
+
+   /** Terminate the context 
+      @param skey    The scheduled key
+   */
+   void (*done)(symmetric_key *skey);      
+
    /** Determine a key size
        @param keysize    [in/out] The size of the key desired and the suggested size
        @return CRYPT_OK if successful
    */
    int  (*keysize)(int *keysize);
+
+/** Accelerators **/
+   /** Accelerated ECB encryption 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param skey    The scheduled key context
+   */
+   void (*accel_ecb_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, symmetric_key *skey);
+
+   /** Accelerated ECB decryption 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param skey    The scheduled key context
+   */
+   void (*accel_ecb_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, symmetric_key *skey);
+
+   /** Accelerated CBC encryption 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param IV      The initial value (input/output)
+       @param skey    The scheduled key context
+   */
+   void (*accel_cbc_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, symmetric_key *skey);
+
+   /** Accelerated CBC decryption 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param IV      The initial value (input/output)
+       @param skey    The scheduled key context
+   */
+   void (*accel_cbc_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, symmetric_key *skey);
+
+   /** Accelerated CTR encryption 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param IV      The initial value (input/output)
+       @param mode    little or big endian counter (mode=0 or mode=1)
+       @param skey    The scheduled key context
+   */
+   void (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey);
+
+   /** Accelerated CCM packet (one-shot)
+       @param key        The secret key to use
+       @param keylen     The length of the secret key (octets)
+       @param nonce      The session nonce [use once]
+       @param noncelen   The length of the nonce
+       @param header     The header for the session
+       @param headerlen  The length of the header (octets)
+       @param pt         [out] The plaintext
+       @param ptlen      The length of the plaintext (octets)
+       @param ct         [out] The ciphertext
+       @param tag        [out] The destination tag
+       @param taglen     [in/out] The max size and resulting size of the authentication tag
+       @param direction  Encrypt or Decrypt direction (0 or 1)
+       @return CRYPT_OK if successful
+   */
+   void (*accel_ccm_memory)(
+       const unsigned char *key,    unsigned long keylen,
+       const unsigned char *nonce,  unsigned long noncelen,
+       const unsigned char *header, unsigned long headerlen,
+             unsigned char *pt,     unsigned long ptlen,
+             unsigned char *ct,
+             unsigned char *tag,    unsigned long *taglen,
+                       int  direction);
+
+   /** Accelerated GCM packet (one shot)
+       @param key               The secret key
+       @param keylen            The length of the secret key
+       @param IV                The initial vector 
+       @param IVlen             The length of the initial vector
+       @param adata             The additional authentication data (header)
+       @param adatalen          The length of the adata
+       @param pt                The plaintext
+       @param ptlen             The length of the plaintext (ciphertext length is the same)
+       @param ct                The ciphertext
+       @param tag               [out] The MAC tag
+       @param taglen            [in/out] The MAC tag length
+       @param direction         Encrypt or Decrypt mode (GCM_ENCRYPT or GCM_DECRYPT)
+   */
+   void (*accel_gcm_memory)(
+       const unsigned char *key,    unsigned long keylen,
+       const unsigned char *IV,     unsigned long IVlen,
+       const unsigned char *adata,  unsigned long adatalen,
+             unsigned char *pt,     unsigned long ptlen,
+             unsigned char *ct, 
+             unsigned char *tag,    unsigned long *taglen,
+                       int direction);
 } cipher_descriptor[];
 
 #ifdef BLOWFISH
@@ -286,6 +385,7 @@ int blowfish_setup(const unsigned char *key, int keylen, int num_rounds, symmetr
 void blowfish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void blowfish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int blowfish_test(void);
+void blowfish_done(symmetric_key *skey);
 int blowfish_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor blowfish_desc;
 #endif
@@ -295,6 +395,7 @@ int rc5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
 void rc5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void rc5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int rc5_test(void);
+void rc5_done(symmetric_key *skey);
 int rc5_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor rc5_desc;
 #endif
@@ -304,6 +405,7 @@ int rc6_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
 void rc6_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void rc6_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int rc6_test(void);
+void rc6_done(symmetric_key *skey);
 int rc6_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor rc6_desc;
 #endif
@@ -313,6 +415,7 @@ int rc2_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
 void rc2_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void rc2_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int rc2_test(void);
+void rc2_done(symmetric_key *skey);
 int rc2_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor rc2_desc;
 #endif
@@ -322,6 +425,7 @@ int saferp_setup(const unsigned char *key, int keylen, int num_rounds, symmetric
 void saferp_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void saferp_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int saferp_test(void);
+void saferp_done(symmetric_key *skey);
 int saferp_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor saferp_desc;
 #endif
@@ -336,6 +440,7 @@ void safer_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key
 int safer_k64_test(void);
 int safer_sk64_test(void);
 int safer_sk128_test(void);
+void safer_done(symmetric_key *skey);
 int safer_64_keysize(int *keysize);
 int safer_128_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor safer_k64_desc, safer_k128_desc, safer_sk64_desc, safer_sk128_desc;
@@ -348,6 +453,7 @@ extern const struct ltc_cipher_descriptor safer_k64_desc, safer_k128_desc, safer
 #define aes_ecb_encrypt     rijndael_ecb_encrypt
 #define aes_ecb_decrypt     rijndael_ecb_decrypt
 #define aes_test            rijndael_test
+#define aes_done            rijndael_done
 #define aes_keysize         rijndael_keysize
 
 #define aes_enc_setup           rijndael_enc_setup
@@ -358,9 +464,11 @@ int rijndael_setup(const unsigned char *key, int keylen, int num_rounds, symmetr
 void rijndael_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void rijndael_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int rijndael_test(void);
+void rijndael_done(symmetric_key *skey);
 int rijndael_keysize(int *keysize);
 int rijndael_enc_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
 void rijndael_enc_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
+void rijndael_enc_done(symmetric_key *skey);
 int rijndael_enc_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor rijndael_desc, aes_desc;
 extern const struct ltc_cipher_descriptor rijndael_enc_desc, aes_enc_desc;
@@ -371,6 +479,7 @@ int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_k
 void xtea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void xtea_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int xtea_test(void);
+void xtea_done(symmetric_key *skey);
 int xtea_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor xtea_desc;
 #endif
@@ -380,6 +489,7 @@ int twofish_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
 void twofish_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void twofish_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int twofish_test(void);
+void twofish_done(symmetric_key *skey);
 int twofish_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor twofish_desc;
 #endif
@@ -389,11 +499,13 @@ int des_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_ke
 void des_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void des_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int des_test(void);
+void des_done(symmetric_key *skey);
 int des_keysize(int *keysize);
 int des3_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey);
 void des3_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void des3_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int des3_test(void);
+void des3_done(symmetric_key *skey);
 int des3_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor des_desc, des3_desc;
 #endif
@@ -403,6 +515,7 @@ int cast5_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_
 void cast5_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void cast5_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int cast5_test(void);
+void cast5_done(symmetric_key *skey);
 int cast5_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor cast5_desc;
 #endif
@@ -412,6 +525,7 @@ int noekeon_setup(const unsigned char *key, int keylen, int num_rounds, symmetri
 void noekeon_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void noekeon_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int noekeon_test(void);
+void noekeon_done(symmetric_key *skey);
 int noekeon_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor noekeon_desc;
 #endif
@@ -421,6 +535,7 @@ int skipjack_setup(const unsigned char *key, int keylen, int num_rounds, symmetr
 void skipjack_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void skipjack_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int skipjack_test(void);
+void skipjack_done(symmetric_key *skey);
 int skipjack_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor skipjack_desc;
 #endif
@@ -430,6 +545,7 @@ int khazad_setup(const unsigned char *key, int keylen, int num_rounds, symmetric
 void khazad_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void khazad_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int khazad_test(void);
+void khazad_done(symmetric_key *skey);
 int khazad_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor khazad_desc;
 #endif
@@ -439,6 +555,7 @@ int anubis_setup(const unsigned char *key, int keylen, int num_rounds, symmetric
 void anubis_ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_key *skey);
 void anubis_ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_key *skey);
 int anubis_test(void);
+void anubis_done(symmetric_key *skey);
 int anubis_keysize(int *keysize);
 extern const struct ltc_cipher_descriptor anubis_desc;
 #endif
@@ -446,8 +563,9 @@ extern const struct ltc_cipher_descriptor anubis_desc;
 #ifdef ECB
 int ecb_start(int cipher, const unsigned char *key, 
               int keylen, int num_rounds, symmetric_ECB *ecb);
-int ecb_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_ECB *ecb);
-int ecb_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_ECB *ecb);
+int ecb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_ECB *ecb);
+int ecb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_ECB *ecb);
+int ecb_done(symmetric_ECB *ecb);
 #endif
 
 #ifdef CFB
@@ -457,6 +575,7 @@ int cfb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
 int cfb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CFB *cfb);
 int cfb_getiv(unsigned char *IV, unsigned long *len, symmetric_CFB *cfb);
 int cfb_setiv(const unsigned char *IV, unsigned long len, symmetric_CFB *cfb);
+int cfb_done(symmetric_CFB *cfb);
 #endif
 
 #ifdef OFB
@@ -466,15 +585,17 @@ int ofb_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
 int ofb_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_OFB *ofb);
 int ofb_getiv(unsigned char *IV, unsigned long *len, symmetric_OFB *ofb);
 int ofb_setiv(const unsigned char *IV, unsigned long len, symmetric_OFB *ofb);
+int ofb_done(symmetric_OFB *ofb);
 #endif
 
 #ifdef CBC
 int cbc_start(int cipher, const unsigned char *IV, const unsigned char *key,
                int keylen, int num_rounds, symmetric_CBC *cbc);
-int cbc_encrypt(const unsigned char *pt, unsigned char *ct, symmetric_CBC *cbc);
-int cbc_decrypt(const unsigned char *ct, unsigned char *pt, symmetric_CBC *cbc);
+int cbc_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_CBC *cbc);
+int cbc_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CBC *cbc);
 int cbc_getiv(unsigned char *IV, unsigned long *len, symmetric_CBC *cbc);
 int cbc_setiv(const unsigned char *IV, unsigned long len, symmetric_CBC *cbc);
+int cbc_done(symmetric_CBC *cbc);
 #endif
 
 #ifdef CTR
@@ -484,6 +605,7 @@ int ctr_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, s
 int ctr_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_CTR *ctr);
 int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr);
 int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr);
+int ctr_done(symmetric_CTR *ctr);
 #endif
     
 int find_cipher(const char *name);

src/headers/tomcrypt_custom.h

@@ -17,19 +17,25 @@
 #define XCLOCKS_PER_SEC CLOCKS_PER_SEC
 
 /* Use small code where possible */
-// #define LTC_SMALL_CODE
+/* #define LTC_SMALL_CODE */
 
 /* Enable self-test test vector checking */
 #define LTC_TEST
 
 /* clean the stack of functions which put private information on stack */
-// #define LTC_CLEAN_STACK
+/* #define LTC_CLEAN_STACK */
 
 /* disable all file related functions */
-// #define LTC_NO_FILE
+/* #define LTC_NO_FILE */
 
 /* disable all forms of ASM */
-// #define LTC_NO_ASM
+/* #define LTC_NO_ASM */
+
+/* disable FAST mode */
+/* #define LTC_NO_FAST */
+
+/* disable BSWAP on x86 */
+/* #define LTC_NO_BSWAP */
 
 /* ---> Symmetric Block Ciphers <--- */
 #define BLOWFISH
@@ -43,17 +49,14 @@
  * (saves 4KB of ram), _ALL_TABLES enables all tables during setup */
 #define TWOFISH
 #define TWOFISH_TABLES
-// #define TWOFISH_ALL_TABLES
-// #define TWOFISH_SMALL
+/* #define TWOFISH_ALL_TABLES */
+/* #define TWOFISH_SMALL */
 /* DES includes EDE triple-DES */
 #define DES
 #define CAST5
 #define NOEKEON
 #define SKIPJACK
-/* SAFER code isn't public domain.  It appears to be free to use 
- * but has been disabled by default to avoid any such problems 
- */
-//#define SAFER
+#define SAFER
 #define KHAZAD
 #define ANUBIS
 #define ANUBIS_TWEAK
@@ -85,6 +88,11 @@
 #define HMAC
 #define OMAC
 #define PMAC
+#define PELICAN
+
+#if defined(PELICAN) && !defined(RIJNDAEL)
+   #error Pelican-MAC requires RIJNDAEL
+#endif
 
 /* ---> Encrypt + Authenticate Modes <--- */
 #define EAX_MODE
@@ -93,6 +101,11 @@
 #endif
 
 #define OCB_MODE
+#define CCM_MODE
+
+#define GCM_MODE
+/* Use 64KiB tables */
+#define GCM_TABLES 
 
 /* Various tidbits of modern neatoness */
 #define BASE64
@@ -100,8 +113,8 @@
 /* --> Pseudo Random Number Generators <--- */
 /* Yarrow */
 #define YARROW
-// which descriptor of AES to use? 
-// 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full]
+/* which descriptor of AES to use?  */
+/* 0 = rijndael_enc 1 = aes_enc, 2 = rijndael [full], 3 = aes [full] */
 #define YARROW_AES 0
 
 #if defined(YARROW) && !defined(CTR)