Merge pull request #550 from libtom/clean-up-stuff

Patch & clean up

.gitattributes

@@ -3,3 +3,5 @@
 /.travis.yml    export-ignore
 
 /**             export-subst
+
+/tests/test.key -text

.travis.yml

@@ -61,22 +61,6 @@ env:
     BUILDNAME="SMALL+NOTABLES"
     BUILDOPTIONS="-DLTC_SMALL_CODE -DLTC_NO_TABLES"
     BUILDSCRIPT=".ci/run.sh"
-  - |
-    BUILDNAME="CLEANSTACK"
-    BUILDOPTIONS="-DLTC_CLEAN_STACK"
-    BUILDSCRIPT=".ci/run.sh"
-  - |
-    BUILDNAME="CLEANSTACK+SMALL"
-    BUILDOPTIONS="-DLTC_SMALL_CODE -DLTC_CLEAN_STACK"
-    BUILDSCRIPT=".ci/run.sh"
-  - |
-    BUILDNAME="CLEANSTACK+NOTABLES"
-    BUILDOPTIONS="-DLTC_NO_TABLES -DLTC_CLEAN_STACK"
-    BUILDSCRIPT=".ci/run.sh"
-  - |
-    BUILDNAME="CLEANSTACK+NOTABLES+SMALL"
-    BUILDOPTIONS="-DLTC_NO_TABLES -DLTC_CLEAN_STACK -DLTC_SMALL_CODE"
-    BUILDSCRIPT=".ci/run.sh"
   - |
     BUILDNAME="NO_FAST"
     BUILDOPTIONS="-DLTC_NO_FAST"
@@ -93,18 +77,10 @@ env:
     BUILDNAME="NO_TIMING_RESISTANCE"
     BUILDOPTIONS="-DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING"
     BUILDSCRIPT=".ci/run.sh"
-  - |
-    BUILDNAME="CLEANSTACK+NOTABLES+SMALL+NO_ASM+NO_TIMING_RESISTANCE+LTC_FORTUNA_RESEED_RATELIMIT_STATIC"
-    BUILDOPTIONS="-DLTC_CLEAN_STACK -DLTC_NO_TABLES -DLTC_SMALL_CODE -DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING -DLTC_FORTUNA_RESEED_RATELIMIT_STATIC"
-    BUILDSCRIPT=".ci/run.sh"
   - |
     BUILDNAME="PTHREAD"
     BUILDOPTIONS="-DLTC_PTHREAD"
     BUILDSCRIPT=".ci/run.sh"
-  - |
-    BUILDNAME="PTHREAD+CLEANSTACK+NOTABLES+SMALL+NO_ASM+NO_TIMING_RESISTANCE+LTC_FORTUNA_RESEED_RATELIMIT_STATIC"
-    BUILDOPTIONS="-DLTC_CLEAN_STACK -DLTC_NO_TABLES -DLTC_SMALL_CODE -DLTC_NO_ECC_TIMING_RESISTANT -DLTC_NO_RSA_BLINDING -DLTC_FORTUNA_RESEED_RATELIMIT_STATIC -DLTC_PTHREAD"
-    BUILDSCRIPT=".ci/run.sh"
   - |
     BUILDNAME="STOCK+ARGTYPE=1"
     BUILDOPTIONS="-DARGTYPE=1"

demos/aesgcm.c

@@ -97,6 +97,7 @@ int main(int argc, char **argv)
    uint8_t keybuf[48] = {0};
    char *out = NULL;
    const char *mode, *in_file, *out_file, *key_string;
+   unsigned long ivlen;
 
    if (argc < 5) die(__LINE__);
 
@@ -113,9 +114,9 @@ int main(int argc, char **argv)
    if (fsize(in_file) <= 0) die(__LINE__);
 
    keylen = XSTRLEN(key_string);
-   if (keylen != 96) die(__LINE__);
+   if (keylen != 88 && keylen != 96) die(__LINE__);
 
-   scan_hex(key_string, keybuf, sizeof(keybuf));
+   scan_hex(key_string, keybuf, keylen/2);
 
    register_all_ciphers();
 
@@ -125,7 +126,8 @@ int main(int argc, char **argv)
       goto cleanup;
    }
    close(tmp);
-   if((err = gcm_file(find_cipher("aes"), &keybuf[16], 32, keybuf, 16, NULL, 0, in_file, out, 16, direction, &res)) != CRYPT_OK) {
+   ivlen = keylen/2 - 32;
+   if((err = gcm_file(find_cipher("aes"), &keybuf[ivlen], 32, keybuf, ivlen, NULL, 0, in_file, out, 16, direction, &res)) != CRYPT_OK) {
       fprintf(stderr, "boooh %s\n", error_to_string(err));
       ret = __LINE__;
       goto cleanup;

demos/timing.c

@@ -86,6 +86,10 @@ static ulong64 rdtsc (void)
            __asm__ __volatile__ ("rd %%tick, %0; clruw %0, %1; srlx %0, 32, %0" : "=r" (x), "=r" (y) : "0" (x), "1" (y));
            return ((unsigned long long) x << 32) | y;
          #endif
+      #elif defined(__aarch64__)
+         ulong64 CNTVCT_EL0;
+         __asm__ __volatile__ ("mrs %0, cntvct_el0" : "=r"(CNTVCT_EL0));
+         return CNTVCT_EL0;
       #else
          return XCLOCK();
       #endif

makefile_include.mk

@@ -434,6 +434,9 @@ all_test: $(call print-help,all_test,Builds the library and all unbroken demos a
 
 bins: $(call print-help,bins,Builds the library and all useful demos) $(USEFUL_DEMOS)
 
+check: test
+	./test
+
 #build the doxy files (requires Doxygen, tetex and patience)
 doxygen: $(call print-help,doxygen,Builds the doxygen html documentation)
 	$(MAKE) -C doc/ $@ V=$(V)

notes/cipher_tv.txt

@@ -2551,55 +2551,55 @@ Key Size: 32 bytes
 
 Cipher: tea
 Key Size: 16 bytes
- 0: 07D3CA2209D99A34
- 1: 8AA2AB0843657382
- 2: 231B235F7895BDA1
- 3: 51CFB710B6CA50FD
- 4: BC14673856317504
- 5: 5BBE5F3F0897B3EF
- 6: ABAAD961EAEE4908
- 7: CFFD532347EB7D6B
- 8: 0A677D4419B1F8CE
- 9: E7D3055744921384
-10: 1458509E9D9AAE6D
-11: 038D0CB56FFD996B
-12: 2B36B73D385D3DF0
-13: 3DBC5982A528B9AA
-14: D6C7E606AF90CA7F
-15: 9CE6BBCC39AF11C3
-16: 591F6776C4B59FF3
-17: D39322630621C580
-18: DE2D2D98D1526D89
-19: B101FC38A8F915D6
-20: A2695E46228277FB
-21: CF8B6A0B1B1CEE21
-22: 29990F0FFBC40861
-23: 0F765791933BC0F9
-24: F94736075FDF68D5
-25: 2B29EBBEFA233845
-26: 6801BACE0B6AD59D
-27: 28DEC844CB3BC864
-28: 066B6AF32EC592E0
-29: E9FB041FEC4B2A9B
-30: D84C73A0A8373FAD
-31: 2C9E423F3762E688
-32: F6BAFB7A20F8FD06
-33: 3B0C18B126C1734F
-34: 9CD0A5DA38FB3FE6
-35: EBD38074D2039A4F
-36: 12F8007B2B2552BF
-37: E3A8D7EB6F20CD15
-38: 48AAEC5AE87A7AB6
-39: 05DF67BD335B67D3
-40: 8ECF370F9B397A6D
-41: E771760027A021EC
-42: 8B16418D1D18EBED
-43: 252904E3E9A91E88
-44: D7C870C14BEB0DAF
-45: 8C70C0A5786A3999
-46: 579D639AEBE8F8DF
-47: 0CA3D87B954DC6DF
-48: 3A24AD0D9A6C22B7
-49: D38FB50ACB2958CD
+ 0: 54D51B2BF3E47E12
+ 1: B4617BE1F7508D97
+ 2: 531211EE95A0A058
+ 3: 6EACE196DA17DAC2
+ 4: 2FB9DD2655A0B649
+ 5: 7E302A63839BD8BC
+ 6: 47ABFE28EF03769C
+ 7: 432ED9D44C864CAA
+ 8: CB3FD723CAFAFCF6
+ 9: 98F4CACFE992187B
+10: 50B3D02E6DB6A236
+11: DC4773A3A67E65EE
+12: D6F9E20F957D59BD
+13: 7AE277DCB8E7DAC6
+14: B06985B8C6553AEF
+15: FE4C06F6568E3868
+16: B902EBBCE7D8D89E
+17: 5316796AC30920E8
+18: 7FC75B3B56EA64C4
+19: 55E791AC45D2F835
+20: F3B73331E3FA5921
+21: 63B0AED6F4119E35
+22: CB8FBD17723831F0
+23: 8D6DE59C74F50676
+24: 336B129371084BE4
+25: 3D97B6861E5147EF
+26: 5904D18FAF54059C
+27: 49242681158D88A2
+28: D588A9BAF9E67F22
+29: F4A22FC0BF0FA678
+30: 793DEF3385243659
+31: 66672F79B7CE8959
+32: 64E1175A4AF8FEA3
+33: E41B29C5BA3AD7C6
+34: 842FC234DFC0C5F6
+35: 9DB2EFDDA9D5A342
+36: 16E50CA57D441821
+37: 17B3625349C40147
+38: D89922F622CD73A9
+39: 5377B8E7F01EB9FF
+40: C46A179121AB9A07
+41: F42F48E4B6E30D0E
+42: 779695B31899ECE8
+43: C8F8B66D400A7B6C
+44: B3FAC446C50F8775
+45: FB910623C88560B6
+46: 622DFA98884810CB
+47: 29E007FCCA3EA93A
+48: 4020E134D1154AA9
+49: 5B63CCF731964AE0
 
 

notes/eax_tv.txt

@@ -622,21 +622,21 @@ EAX-serpent (16 byte key)
  32: 1DFDE8719F4FC7C235A1BB9862E1E6E132EC0C77EFEC71FD7E48C6B000C14291, 0CD8517E1B79FCA166F9D7CA1FB6336F
 
 EAX-tea (16 byte key)
-  0: , 581EF8A02372869F
-  1: FB, FB90C7378F6DBE3C
-  2: EC00, A19AB4ED51B2F2D5
-  3: 551BF7, 73E49811E90FDEC0
-  4: F9EA225A, CE609251E8693701
-  5: CDD0AEFEB0, 14E611D307EA66FD
-  6: 71C2847F58B5, 5CDF647518362E7B
-  7: 42409A216C573F, DE90E9CBF340587C
-  8: 4E66670E50D12994, A9C361739623DA73
-  9: 30208A8AABA72C07C5, B85CCFACD565CAC9
- 10: EB24F57D350908B19AA1, A2BB5B52ADDCCD5D
- 11: A30D1E71047FA930BB4FFB, 9F6088572C52A66F
- 12: 9BCEFFABDC81E5003A05CD43, 4DA2ACF4FB189F52
- 13: F3ADF893A855DA761BEA526AB4, 5FEE2D491403361D
- 14: DB8E2662E8339B64D92B849E7DFB, 2EB5E802E63D80B7
- 15: 5E0EF25BF8AB11A0D8E8E4C68BFFFA, 4B3E3136466D7B83
- 16: A2B4256701C9E3AFF612B0E9614C510E, 1EB5503868796FDF
+  0: , F31507FD2F9DE170
+  1: 5E, 883F01F57C0A3752
+  2: 4656, DC2F8425AA00F7D4
+  3: 86DA0A, CC9CDE3472FA2840
+  4: 73375083, 276F06F48DA9CFD2
+  5: FCF867064C, 7DB9052193E77F3F
+  6: D2F367F6EFEB, AB05FE3267FF2C0F
+  7: DE33A9E128D6DE, 648884C97F036DB6
+  8: C5DEC03A2D1C32AB, 1835E8C6266BFA24
+  9: A09153B81B609A7FE2, EA1DAA9BE8F39403
+ 10: AAA1741EE38A70A37B8B, 63B53E90B1D1B390
+ 11: 829932D95C1E7F343703FF, 6CAFE57B55A67598
+ 12: A04008ECEF2762153B06DE85, 5B4FADA65B67BE59
+ 13: A0881EA826A8072E45ABB7AE4C, 426BC1450AAFEF4F
+ 14: A25B5A049A3DE803C09C6208DB91, 1C12BE6131CDFFA5
+ 15: 457B9E88FD12B1D508D545A5EF74C2, 7A03467F15043DBF
+ 16: BFF0EF485331FAC285BE3B9DFEA372CE, FE06E955E5EE5930
 

notes/ocb_tv.txt

@@ -622,21 +622,21 @@ OCB-serpent (16 byte key)
  32: 77E116BE37F8153D717F3F19DEFD045C2E8CAC499295B9EE6A95A3509D4CBC47, A0406E2C09C510AB5A9E5A5B20B0C306
 
 OCB-tea (16 byte key)
-  0: , E1389796E71A9964
-  1: 52, 9AD765743EEF7E6C
-  2: 8FB4, C3AD7B2AA8BF6FDB
-  3: 4998DB, 3BB882FD3008226A
-  4: 5EAE4FBC, 09B37C919FD239CA
-  5: A7C3303005, 3F617FD1CC528C81
-  6: 3A325C2AC305, E2AC383FC0F167EF
-  7: E392792697A39C, 215D2FFF2921BEAC
-  8: 4E202347147693D7, B716880A27AF4DA4
-  9: DCA7B8360C9AC81FFB, 0BC016ADCF52508F
- 10: 695967EBF5FCF3517499, 6C24E93417356D9B
- 11: 248C5246F4C1DD0586BE74, 5ED892B4576C3028
- 12: DEBAE87E44D2121D127837E8, 50146ACA34F44650
- 13: 7C3DF8DEA0130C0C531E41C20A, E5CAB16B8EE6FD91
- 14: F3E1FF2655AC34ED9E455788CBCB, 3EAF740FDC652506
- 15: FA19BF16C8F2AEDA0608C3F9833352, 92380ECC4F20FA1A
- 16: 469E76EEBAB8C2A1DC0AD4DD53584D0F, BDB10B835DF8623A
+  0: , 1A6D3BE15B6C879D
+  1: B5, 91A035C7871CCF11
+  2: AEB1, C715E399C46D9DD1
+  3: 2B3273, 2F8BD77A9E036FA5
+  4: 5C009E43, 1CDEEEA46EEAE63F
+  5: 8E07B56FEB, 2A486014BEDC6B01
+  6: F2D5B9842DE7, 1734AB18A976BACB
+  7: C49F333DFA40A8, 007BEE13E4B1151F
+  8: 4A99C75688B0DBA8, 2BB62A22623A02B3
+  9: 1E1175070E0C9EBBE5, B9750E34056F00AF
+ 10: D066C7016D6458538A33, C8301F29178F512D
+ 11: 6B036FFB0C6636135ADC66, 48967AD3659260BA
+ 12: 3018AB281C87CA4185A53207, 4F043FB366001F3C
+ 13: 93DA80463817D8A43B5D59133C, E95DE5587B95E6AC
+ 14: C1389108A40292097F489603BF2D, 8E56A1F7B04194EB
+ 15: 36E512F52335419EB6DAD9CB9C40BC, F0498560CD814C62
+ 16: 2381E281D648AFF1ABB7D65B9AE41B35, EEC952B027B9A81D
 

notes/omac_tv.txt

@@ -622,21 +622,21 @@ OMAC-serpent (16 byte key)
  32: 6E458187EC664A776005EA140154ACBF
 
 OMAC-tea (16 byte key)
-  0: 60897729F54131CF
-  1: 3E1CAB200AA5552F
-  2: 47A0EAF7FFE01BB0
-  3: 1447F1EC98212470
-  4: A58559E0BF9F9445
-  5: 3099C9A028D58D12
-  6: E5ADDD59BFD0495F
-  7: 3EA329EE687F8A25
-  8: 149685934D9CCAD1
-  9: 3130967CE43B22D5
- 10: 2842C1C36B15E6DC
- 11: 59A2E900143BE9C3
- 12: 1211C81F2888AD0C
- 13: 45DDA7DED8403233
- 14: 2694A22BDEC4E7E5
- 15: A3227929FA1CBBC7
- 16: 59638CE1C63C7776
+  0: AFFFFA671072AA14
+  1: 4F2113632BD0300F
+  2: EA885545F0601DC4
+  3: 04EE4A961B57D587
+  4: 7B3CE6D2F53EBA2D
+  5: 5589B7ABDFA45D88
+  6: F0932A9958090A36
+  7: C82ADECA3A6D8FEC
+  8: 53DEE813EA84E8EB
+  9: 268DC8EA239A3FBC
+ 10: E716FC17E51609A6
+ 11: 5F0564D9A8F877F5
+ 12: D3F25DE735A5085B
+ 13: 4A125CAA16ADCDE9
+ 14: DCEE8CB047957FAC
+ 15: 33F078C713C6DA61
+ 16: BB936D1B0427DD4F
 

notes/pmac_tv.txt

@@ -622,21 +622,21 @@ PMAC-serpent (16 byte key)
  32: D6C0DE7EEB98DA9EB0F800D2734B100A
 
 PMAC-tea (16 byte key)
-  0: 1B62CCC832F7C9AE
-  1: A1839B62B3DEE7CE
-  2: 0E1ADB184E1292EB
-  3: 595860B6F905D832
-  4: 202A473F69C85E8E
-  5: 66E459169829D505
-  6: AB602CB86A0F7AAA
-  7: A06636338D7DC52E
-  8: 254DEC5F2600B5AE
-  9: E818966534DBB92B
- 10: 94E47556B975726D
- 11: 5A0E20AFE5620715
- 12: 5A7A930E9E3AA535
- 13: F4D22501B3E52121
- 14: 998261FF1B92CEC2
- 15: 97A766D863814EDB
- 16: 6FACD2074DEE6AC6
+  0: 9C47729C9C2F4813
+  1: 1E9EDE66951A751E
+  2: 5F0FF355F5C067AB
+  3: EDE26E1BF7FF7662
+  4: 9C2D4A377660E475
+  5: C9A605E660C8E954
+  6: 578873E2BF4CCC0B
+  7: 1D888213B1AA95DB
+  8: A6631112C99F4E47
+  9: 02312F3A134B9DCA
+ 10: 35D9138A4B5ABA96
+ 11: A21B17E07D6E3F9B
+ 12: DC6D9724BF55DE13
+ 13: 87E31C1EFD9D35E9
+ 14: 38DCBC571E62088A
+ 15: B63413E18BEC7ABE
+ 16: 200DA2D5CD5B9AA9
 

src/ciphers/tea.c

@@ -68,7 +68,7 @@ int tea_ecb_encrypt(const unsigned char *pt, unsigned char *ct, const symmetric_
 
    LOAD32H(y, &pt[0]);
    LOAD32H(z, &pt[4]);
-   for (r = 0; r < 32; r += 4) {
+   for (r = 0; r < 32; r++) {
       sum += delta;
       y += ((z<<4) + skey->tea.k[0]) ^ (z + sum) ^ ((z>>5) + skey->tea.k[1]);
       z += ((y<<4) + skey->tea.k[2]) ^ (y + sum) ^ ((y>>5) + skey->tea.k[3]);
@@ -154,11 +154,11 @@ int tea_test(void)
        zeromem(&skey, sizeof(skey));
 
        l = sizeof(key);
-       if ((err = base16_decode(tests[i].key, XSTRLEN(tests[i].key), key, &l)) != CRYPT) return err;
+       if ((err = base16_decode(tests[i].key, XSTRLEN(tests[i].key), key, &l)) != CRYPT_OK) return err;
        l = sizeof(ptct[0]);
-       if ((err = base16_decode(tests[i].pt, XSTRLEN(tests[i].pt), ptct[0], &l)) != CRYPT) return err;
+       if ((err = base16_decode(tests[i].pt, XSTRLEN(tests[i].pt), ptct[0], &l)) != CRYPT_OK) return err;
        l = sizeof(ptct[1]);
-       if ((err = base16_decode(tests[i].ct, XSTRLEN(tests[i].ct), ptct[1], &l)) != CRYPT) return err;
+       if ((err = base16_decode(tests[i].ct, XSTRLEN(tests[i].ct), ptct[1], &l)) != CRYPT_OK) return err;
 
        if ((err = tea_setup(key, 16, 0, &skey)) != CRYPT_OK)  {
           return err;
@@ -166,8 +166,8 @@ int tea_test(void)
        tea_ecb_encrypt(ptct[0], tmp[0], &skey);
        tea_ecb_decrypt(tmp[0], tmp[1], &skey);
 
-       if (compare_testvector(tmp[0], 8, ptct[0], 8, "TEA Encrypt", i) != 0 ||
-             compare_testvector(tmp[1], 8, ptct[1], 8, "TEA Decrypt", i) != 0) {
+       if (compare_testvector(tmp[0], 8, ptct[1], 8, "TEA Encrypt", i) != 0 ||
+             compare_testvector(tmp[1], 8, ptct[0], 8, "TEA Decrypt", i) != 0) {
           return CRYPT_FAIL_TESTVECTOR;
        }
 

src/headers/tomcrypt_custom.h

@@ -585,6 +585,11 @@
    #define LTC_PBES
 #endif
 
+#if defined(LTC_CLEAN_STACK)
+/* if you're sure that you want to use it, remove the line below */
+   #error LTC_CLEAN_STACK is considered as broken
+#endif
+
 #if defined(LTC_PBES) && !defined(LTC_PKCS_5)
    #error LTC_PBES requires LTC_PKCS_5
 #endif

src/headers/tomcrypt_misc.h

@@ -146,6 +146,9 @@ enum padding_type {
    LTC_PAD_ISO_10126    = 0x1000U,
 #endif
    LTC_PAD_ANSI_X923    = 0x2000U,
+   /* The following padding modes don't contain the padding
+    * length as last byte of the padding.
+    */
    LTC_PAD_ONE_AND_ZERO = 0x8000U,
    LTC_PAD_ZERO         = 0x9000U,
    LTC_PAD_ZERO_ALWAYS  = 0xA000U,

src/math/rand_bn.c

@@ -19,7 +19,7 @@ int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng)
    if ((res = prng_is_valid(wprng)) != CRYPT_OK) return res;
 
    bytes = (bits+7) >> 3;
-   mask = 0xff << (8 - bits % 8);
+   mask = 0xff >> (bits % 8 == 0 ? 0 : 8 - bits % 8);
 
    /* allocate buffer */
    if ((buf = XCALLOC(1, bytes)) == NULL) return CRYPT_MEM;
@@ -30,7 +30,7 @@ int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng)
       goto cleanup;
    }
    /* mask bits */
-   buf[0] &= ~mask;
+   buf[0] &= mask;
    /* load value */
    if ((res = mp_read_unsigned_bin(N, buf, bytes)) != CRYPT_OK) goto cleanup;
 

src/misc/pkcs5/pkcs_5_1.c

@@ -50,6 +50,10 @@ static int s_pkcs_5_alg1_common(const unsigned char *password,
    LTC_ARGCHK(out      != NULL);
    LTC_ARGCHK(outlen   != NULL);
 
+   if (iteration_count <= 0) {
+      return CRYPT_INVALID_ARG;
+   }
+
    /* test hash IDX */
    if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
       return err;

src/misc/pkcs5/pkcs_5_2.c

@@ -36,6 +36,10 @@ int pkcs_5_alg2(const unsigned char *password, unsigned long password_len,
    LTC_ARGCHK(out      != NULL);
    LTC_ARGCHK(outlen   != NULL);
 
+   if (iteration_count <= 0) {
+      return CRYPT_INVALID_ARG;
+   }
+
    /* test hash IDX */
    if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
       return err;