Merge tag 'v1.18.0' into develop

libtomcrypt v1.18.0

.travis.yml

@@ -26,7 +26,9 @@ matrix:
   fast_finish: true
 branches:
   only:
+    - master
     - develop
+    - /^release\/.*$/
 
 compiler:
   - gcc
@@ -123,6 +125,7 @@ env:
 after_failure:
   - cat test_std.txt
   - cat test_err.txt
+  - cat tv.txt
 
 after_script:
   - cat gcc_1.txt

README.md

@@ -1,15 +1,20 @@
-libtomcrypt
-==========
+# libtomcrypt
 
-See `doc/crypt.pdf` for a detailed documentation
+Previously the git repository contained `doc/crypt.pdf` for detailed documentation.
+This was changed and the file is now only available from the tarball of the appropriate version
+or from the page https://github.com/libtom/libtomcrypt/releases .
 
-Project Status
---------------
+## Project Status
 
-develop: [![Build Status](https://api.travis-ci.org/libtom/libtomcrypt.png?branch=develop)](https://travis-ci.org/libtom/libtomcrypt) [![Coverage Status](https://coveralls.io/repos/libtom/libtomcrypt/badge.png?branch=develop)](https://coveralls.io/r/libtom/libtomcrypt) [![Coverity Scan Build Status](https://scan.coverity.com/projects/487/badge.svg)](https://scan.coverity.com/projects/487)
+master: [![Build Status](https://api.travis-ci.org/libtom/libtomcrypt.png?branch=master)](https://travis-ci.org/libtom/libtomcrypt) [![Coverage Status](https://coveralls.io/repos/libtom/libtomcrypt/badge.png?branch=master)](https://coveralls.io/r/libtom/libtomcrypt)
 
-Submitting patches
-------------------
+develop: [![Build Status](https://api.travis-ci.org/libtom/libtomcrypt.png?branch=develop)](https://travis-ci.org/libtom/libtomcrypt) [![Coverage Status](https://coveralls.io/repos/libtom/libtomcrypt/badge.png?branch=develop)](https://coveralls.io/r/libtom/libtomcrypt)
+
+[![Coverity Scan Build Status](https://scan.coverity.com/projects/487/badge.svg)](https://scan.coverity.com/projects/487)
+
+API/ABI changes: [check here](https://abi-laboratory.pro/tracker/timeline/libtomcrypt/)
+
+## Submitting patches
 
 Please branch off from develop if you want to submit a patch.
 
@@ -17,10 +22,152 @@ Patch integration will be faster if tests and documentation are included.
 
 Please update the makefiles in a separate commit. To update them simply run the `updatemakes.sh` script.
 
-Branches
---------
+If you have something bigger to submit, feel free to contact us beforehand.
+Then we can give you write access to this repo, so you can open your PR based on this repo
+and we can easier follow the rebase-before-merge approach we're using (or even do the rebase ourself).
+
+### Reviews
+
+We're using Pull Request reviews to make sure that the code is in line with the existing code base.
+
+Please have a look [here](https://help.github.com/articles/approving-a-pull-request-with-required-reviews/) to get an idea of the approach.
+
+## Branches
 
 Please be aware, that all branches besides _master_ and _develop_ __can__ and __will be__ force-pushed, rebased and/or removed!
 
 If you want to rely on such an _unstable_ branch, create your own fork of this repository to make sure nothing breaks for you.
 
+## Configuration options
+
+By default the library builds its entire feature set (besides `katja`) in a (depending on your needs more or less) optimal way.
+
+There are numerous configuration options available if you want to trim down the functionality of the library.
+
+Please have a look at `src/headers/tomcrypt_custom.h` for all available configuration options.
+
+The following list is a small part of the available, but the most often required, configuration switches.
+
+| Flag | Behavior |
+| ---- | -------- |
+| `LTC_NO_TEST` | Remove all algorithm self-tests from the library |
+| `LTC_NO_FILE` | Remove all API functions requiring a pre-defined `FILE` data-type (mostly useful for embedded targets) |
+| `GMP_DESC` | enable [gmp](https://gmplib.org/) as MPI provider *\*1* |
+| `LTM_DESC` | enable [libtommath](http://www.libtom.net/) as MPI provider *\*1* |
+| `TFM_DESC` | enable [tomsfastmath](http://www.libtom.net/) as MPI provider *\*1* *\*2* |
+| `USE_GMP` | use `gmp` as MPI provider when building the binaries *\*3* |
+| `USE_LTM` | use `libtommath` as MPI provider when building the binaries *\*3* |
+| `USE_TFM` | use `tomsfastmath` as MPI provider when building the binaries *\*3* |
+
+*\*1* It is possible to build the library against all MPI providers in parallel and choose at startup-time which math library should be used.
+
+*\*2* Please be aware that `tomsfastmath` has the limitation of a fixed max size of MPI's.
+
+*\*3* Only one is supported at the time & this is only required when building the binaries, not when building the library itself.
+
+## Building the library
+
+There are several `makefile`s provided. Please choose the one that fits best for you.
+
+| makefile | use-case |
+| -------- | -------- |
+| `makefile` | builds a static library (GNU Make required) |
+| `makefile.shared` | builds a shared (and static) library (GNU Make required) |
+| `makefile.unix` | for unusual UNIX platforms, or if you do not have GNU Make |
+| `makefile.mingw` | for usage with the mingw compiler on MS Windows |
+| `makefile.msvc` | for usage with the MSVC compiler on MS Windows |
+| `libtomcrypt_VS2008.sln` | A VisualStudio 2008 project for MS Windows |
+
+### Make targets
+
+The `makefile`s provide several targets to build (VS project excluded).
+The following list does not claim to be complete resp. to be available across all `makefile` variants.
+
+| target | application |
+| ------ | ----------- |
+| *empty target*/none given | c.f. `library`
+| `library` | builds only the library |
+| `hashsum` | builds the `hashsum` binary, similar to [`shasum`](https://linux.die.net/man/1/shasum), but with support for all hash-algorithms included in the library *\*4* |
+| `ltcrypt` | builds the `ltcrypt` binary, implementing something similar to [`crypt`](https://linux.die.net/man/3/crypt) *\*4* |
+| `sizes` | builds the `sizes` binary, printing all internal data sizes on invocation *\*4* |
+| `constants` | builds the `constants` binary, printing all internal constants on invocation *\*4* |
+| `openssl-enc` | builds the `openssl-enc` binary, which is more or less compatible to [`openssl enc`](https://linux.die.net/man/1/enc) *\*4* *\*5* |
+| `test` | builds the `test` binary, which runs all algorithm self-tests + some extended tests *\*4* |
+| `timing` | builds the `timing` binary, which can be used to measure timings for algorithms and modes *\*4* |
+| `bins` | builds `hashsum` *\*4* |
+| `all_test` | builds `test`, `hashsum`, `ltcrypt`, `small`, `tv_gen`, `sizes` & `constants` *\*4* |
+| `docs` | builds the developer documentation `doc/crypt.pdf` |
+| `install` | installs the `library` and header files *\*7* *\*8* |
+| `install_bins` | installs the binaries created by the `bins` target *\*7* *\*8* |
+| `install_docs` | installs the documentation created by the `docs` target *\*7* *\*8* |
+| `install_test` | installs the test-app created by the `test` target *\*7* *\*8* |
+| `install_all` | installs everything (i.e. `library`, `bins`, `docs` and `test`) *\*8* |
+| `uninstall` | uninstalls the `library` and header files |
+
+*\*4* also builds `library`
+
+*\*5* broken build in some configurations, therefore not built by default
+
+*\*7* also builds the necessary artifact(s) before installing it
+
+*\*8* also have a look at the 'Installation' section of this file
+
+### Examples
+
+You want to build the library as static library
+
+    make
+
+You want to build the library as shared library
+
+    make -f makefile.shared
+
+You have `libtommath` installed on your system and want to build a static library and the `test` binary to run the self-tests.
+
+    make CFLAGS="-DUSE_LTM -DLTM_DESC" EXTRALIBS="-ltommath" test
+
+You have `tomsfastmath` installed on your system and want to build a shared library and all binaries
+
+    make -f makefile.shared CFLAGS="-DUSE_TFM -DTFM_DESC" EXTRALIBS="-ltfm" all demos
+
+You have `gmp`, `libtommath` and `tomsfastmath` installed on your system and want to build a static library and the `timing` binary to measure timings against `gmp`.
+
+    make CFLAGS="-DUSE_GMP -DGMP_DESC -DLTM_DESC -DTFM_DESC" EXTRALIBS="-lgmp" timing
+
+If you have `libtommath` in a non-standard location:
+
+    make CFLAGS="-DUSE_LTM -DLTM_DESC -I/opt/devel/ltm" EXTRALIBS="/opt/devel/ltm/libtommath.a" all
+
+## Installation
+
+There exist several _install_ make-targets which are described in the table above.
+
+These targets support the standard ways (c.f. [[GNU]], [[FreeBSD]])
+to modify the installation path via the following set of variables:
+
+    DESTDIR
+    PREFIX
+    LIBPATH
+    INCPATH
+    DATAPATH
+    BINPATH
+
+The entire set of the variables is only supported in `makefile`, `makefile.shared` and `makefile.unix`.
+
+In case you have to use one of the other makefiles, check in the file which variables are supported.
+
+### Examples
+
+You want to install the static library to the default paths
+
+    make install
+
+You want to install the shared library to a special path and use it from this path
+
+    make -f makefile.shared PREFIX=/opt/special/path
+
+Have a look at the developer documentation, [[GNU]] or [[FreeBSD]] to get a detailed explanation of all the variables.
+
+[GNU]: https://www.gnu.org/prep/standards/html_node/DESTDIR.html
+
+[FreeBSD]: https://www.freebsd.org/doc/en/books/porters-handbook/porting-prefix.html

TODO

@@ -1,3 +0,0 @@
-for 1.18
-- document new ECC functions
-- add test for new functions

build.sh

@@ -26,7 +26,7 @@ fi
 echo -n "testing..."
 
 if [ -a test ] && [ -f test ] && [ -x test ]; then
-   ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt" && exit 1)
+   ((./test >test_std.txt 2>test_err.txt && ./tv_gen > tv.txt) && echo "$1 test passed." && echo "y" > testok.txt) || (echo "$1 test failed, look at test_err.txt or tv.txt" && exit 1)
    if find *_tv.txt -type f 1>/dev/null 2>/dev/null ; then
       for f in *_tv.txt; do
          # check for lines starting with '<' ($f might be a subset of notes/$f)

changes

@@ -1,33 +1,54 @@
-XXX, 2014
+XXX, 2017
 v1.18.0
-      -- Added Camellia block cipher
-      -- Thanks to Karel Miko for cotributing a bunchload of patches and additions, namely
-         OCBv3, DSA and ECC key generation FIPS-186-4 compliance, BASE64-URL encoding,
-         a bugfix in Camellia,
+      -- Bugfix multi2
+      -- Bugfix Noekeon
+      -- Bugfix XTEA
+      -- Bugfix rng_get_bytes() on windows where we could read from c:\dev\random
+      -- Fixed the Bleichbacher Signature attack in PKCS#1 v1.5 EMSA, thanks to Alex Dent
+      -- Fixed a potential cache-based timing attack in CCM, thanks to Sebastian Verschoor
+      -- Fix GCM counter reuse and potential timing attacks in EAX, OCB and OCBv3,
+         thanks to Raphaël Jamet
+      -- Implement hardened RSA operations when CRT is used
+      -- Enabled timing resistant calculations of ECC and RSA operations per default
+      -- Applied some patches from the OLPC project regarding PKCS#1 and preventing
+         the hash algorithms from overflowing
       -- Larry Bugbee contributed the necessary stuff to more easily call libtomcrypt
          from a dynamic language like Python, as shown in his pyTomCrypt
       -- Nikos Mavrogiannopoulos contributed RSA blinding and export of RSA and DSA keys
          in OpenSSL/GnuTLS compatible format
       -- Patrick Pelletier contributed a smart volley of patches
-      -- RyanC contributed HKDF including documentation (yippie)
-      -- Added 2-key Triple-DES mode, thanks to Paul Howarth
       -- Christopher Brown contributed some patches and additions to ASN.1/DER
-      -- Pascal Brand of STMicroelectronics contributed patches regarding the
+      -- Pascal Brand of STMicroelectronics contributed patches regarding CCM, the
          XTS mode and RSA private key operations with keys without CRT parameters
-      -- Applied some patches from the OLPC project regarding PKCS#1 and preventing
-         the hash algorithms from overflowing
-      -- Fixed the Bleichbacher Signature attack in PKCS#1 v1.5 EMSA, thanks to Alex Dent
-      -- Add PKCS#1 testvectors from RSA
-      -- Brought back Diffie-Hellman
-      -- Enabled timing resistant calculations of ECC and RSA operations per default
-      -- Fixed several build issues on FreeBSD, NetBSD, Linux x32 ABI, x86_64 Windows ...
+      -- RC2 now also works with smaller key-sizes
+      -- Improved/extended several tests & demos
+      -- Hardened DSA and RSA by testing (through Karel's perl-CryptX)
+         against Google's "Wycheproof" and Kudelski Security's "CDF"
+      -- Fixed all compiler warnings
+      -- Fixed several build issues on FreeBSD, NetBSD, Linux x32 ABI, HP-UX/IA64,
+         Mac OS X, Windows (32&64bit, Cygwin, MingW & MSVC) ...
+      -- Re-worked all makefiles
+      -- Re-worked most PRNG's
+      -- The code is now verified by a linter, thanks to Francois Perrad
       -- Documentation (crypt.pdf) is now built deterministically, thanks to Michael Stapelberg
-      -- Removed all compiler warnings
-      -- Improved/extended several tests
+      -- Add Adler32 and CRC32 checksum algorithms
+      -- Add Base64-URL de-/encoding and some strict variants
+      -- Add Blake2b & Blake2s (hash & mac), thanks to Kelvin Sherlock
+      -- Add Camellia block cipher
+      -- Add ChaCha (stream cipher), Poly1305 (mac), ChaCha20Poly1305 (encauth)
+      -- Add constant-time mem-compare mem_neq()
+      -- Add DER GeneralizedTime de-/encoding
+      -- Add DSA and ECC key generation FIPS-186-4 compliance
+      -- Add HKDF, thanks to RyanC (especially for also providing documentation :-) )
+      -- Add OCBv3
+      -- Add PKCS#1 v1.5 mode of SSL3.0
+      -- Add PKCS#1 testvectors from RSA
+      -- Add PKCS#8 & X.509 import for RSA keys
+      -- Add stream cipher API
+      -- Add SHA3 & SHAKE
       -- Add SHA512/256 and SHA512/224
-      -- Bugfix multi2
-      -- Bugfix Noekeon
-      -- Bugfix XTEA
+      -- Add Triple-DES 2-key mode, thanks to Paul Howarth
+      -- Brought back Diffie-Hellman
 
 May 12th, 2007
 v1.17 -- Cryptography Research Inc. contributed another small volley of patches, one to fix __WCHAR_DEFINED__ for BSD platforms, 

coverage_more.sh

@@ -5,7 +5,7 @@ set -e
 ./sizes
 ./constants
 
-for i in $(for j in $(echo $(./hashsum -h | tail -n +3)); do echo $j; done | sort); do echo -n "$i: " && ./hashsum -a $i tests/test.key ; done > hashsum_tv.txt
+for i in $(for j in $(echo $(./hashsum -h | awk '/Algorithms/,EOF' | tail -n +2)); do echo $j; done | sort); do echo -n "$i: " && ./hashsum -a $i tests/test.key ; done > hashsum_tv.txt
 difftroubles=$(diff -i -w -B hashsum_tv.txt notes/hashsum_tv.txt | grep '^<') || true
 if [ -n "$difftroubles" ]; then
   echo "FAILURE: hashsum_tv.tx"

demos/constants.c

@@ -8,6 +8,12 @@
  */
 #include "tomcrypt.h"
 
+#if _POSIX_C_SOURCE >= 200112L
+#include <libgen.h>
+#else
+#define basename(x) x
+#endif
+
 /**
   @file demo_crypt_constants.c
 
@@ -17,33 +23,61 @@
   Larry Bugbee, February 2013
 */
 
+static void _print_line(const char* cmd, const char* desc)
+{
+   printf("  %-16s - %s\n", cmd, desc);
+}
 
-int main(void) {
-    /* given a specific constant name, get and print its value */
-    char name[] = "CTR_COUNTER_BIG_ENDIAN";
-    int  value;
-    char *names_list;
-    unsigned int names_list_len;
+int main(int argc, char **argv)
+{
+   if (argc == 1) {
+      /* given a specific constant name, get and print its value */
+      char name[] = "CTR_COUNTER_BIG_ENDIAN";
+      int value;
+      char *names_list;
+      unsigned int names_list_len;
 
-    if (crypt_get_constant(name, &value) != 0)
-      exit(EXIT_FAILURE);
-    printf("\n  %s is %d \n\n", name, value);
+      if (crypt_get_constant(name, &value) != 0) exit(EXIT_FAILURE);
+      printf("\n  %s is %d \n\n", name, value);
 
-    /* get and print the length of the names (and values) list */
+      /* get and print the length of the names (and values) list */
 
-    if (crypt_list_all_constants(NULL, &names_list_len) != 0)
-      exit(EXIT_FAILURE);
-    printf("  need to allocate %u bytes \n\n", names_list_len);
+      if (crypt_list_all_constants(NULL, &names_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  need to allocate %u bytes \n\n", names_list_len);
 
-    /* get and print the names (and values) list */
-    if ((names_list = malloc(names_list_len)) == NULL)
-      exit(EXIT_FAILURE);
-    if (crypt_list_all_constants(names_list, &names_list_len) != 0)
-      exit(EXIT_FAILURE);
-    printf("  supported constants:\n\n%s\n\n", names_list);
-    free(names_list);
+      /* get and print the names (and values) list */
+      if ((names_list = malloc(names_list_len)) == NULL) exit(EXIT_FAILURE);
+      if (crypt_list_all_constants(names_list, &names_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  supported constants:\n\n%s\n\n", names_list);
+      free(names_list);
+   } else if (argc == 2) {
+      if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {
+         char* base = strdup(basename(argv[0]));
+         printf("Usage: %s [-a] [-s name]\n\n", base);
+         _print_line("<no argument>", "The old behavior of the demo");
+         _print_line("-a", "Only lists all constants");
+         _print_line("-s name", "List a single constant given as argument");
+         _print_line("-h", "The help you're looking at");
+         free(base);
+      } else if (strcmp(argv[1], "-a") == 0) {
+         char *names_list;
+         unsigned int names_list_len;
+         /* get and print the length of the names (and values) list */
+         if (crypt_list_all_constants(NULL, &names_list_len) != 0) exit(EXIT_FAILURE);
+         /* get and print the names (and values) list */
+         names_list = malloc(names_list_len);
+         if (crypt_list_all_constants(names_list, &names_list_len) != 0) exit(EXIT_FAILURE);
+         printf("%s\n", names_list);
+      }
+   } else if (argc == 3) {
+      if (strcmp(argv[1], "-s") == 0) {
+         int value;
+         if (crypt_get_constant(argv[2], &value) != 0) exit(EXIT_FAILURE);
+         printf("%s,%u\n", argv[2], value);
+      }
+   }
 
-    return 0;
+   return 0;
 }
 
 

demos/demo_dynamic.py

@@ -1,7 +1,7 @@
 
 
 """
-    demo_dynamic.py                                     v1
+    demo_dynamic.py                                    v2b
 
     This program demonstrates Python's use of the dynamic
     language support additions to LTC, namely access to LTC
@@ -19,164 +19,224 @@
     load multiple .dylibs, but it does not support this level
     of tight coupling between otherwise independent libraries.)
 
-    My .dylib was created on OSX with the following steps:
+    My .dylib was created on OSX/macOS with the following:
+        sudo make -j5 -f makefile.shared                        \
+            CFLAGS="-DUSE_TFM -DTFM_DESC -I/usr/local/include"  \
+            EXTRALIBS=/usr/local/lib/libtfm.a  install
 
-      1- compile LTC to a .a static lib:
-           CFLAGS="-DLTM_DESC -DUSE_LTM" make
-
-      2- link LTC and LTM into a single .dylib:
-           ar2dylib_with  tomcrypt  tommath
-         where ar2dylib_with is a shell script that combines
-         the LTC .a with the LTM .dylib
+    For python 2.7.12 on Ubuntu Xenial the following worked for
+    me (without MPI support):
+        sudo make -f makefile.shared install PREFIX="/usr"
 
     Reminder: you don't need to bind in a math library unless
-              you are going to use LTC functions that depend
-              on a mathlib.  For example, public key crypto
-              needs a mathlib; hashing and symmetric encryption
-              do not.
-
-    This code was written for Python 2.7.
+              you are going to use LTC functions that need a
+              mathlib.  For example, public key crypto requires
+              a mathlib; hashing and symmetric encryption do not.
+
+    ------
+
+    This code was originally written for Python 2.7 with the
+    ctypes standard library.  This version is modified to run
+    under both Python 2.7 and 3.6.
+
+    Arguably the biggest change for Python3 has to do with
+    strings.  Under Python2, native strings are ASCII bytes and
+    passing them to LTC is natural and requires no conversion.
+    Under Python3 all native strings are Unicode which requires
+    they be converted to bytes before use by LTC.
+
+    Note the following for Python3.
+        - ASCII keys, IVs and other string arguments must be
+          'bytes'.  Define them with a 'b' prefix or convert
+          via the 'bytes()' function.
+        - "strings" returned from LTC are bytes and conversion
+          to Unicode might be necessary for proper printing.
+          If so, use <string>.decode('utf-8').
+        - The Python2 'print' statement becomes a function in
+          Python3 which requires parenthesis, eg. 'print()'.
+
+    NB: Unicode is achieved under Python2 by either defining
+        a Unicode string with a 'u' prefix or passing ASCII
+        strings thru the 'unicode()' function.
 
     Larry Bugbee
-    March 2014
+    March 2014      v1
+    August 2017     v2b
 
 """
 
 
+import sys
 from ctypes import *
 from ctypes.util import find_library
 
+# switches to enable/disable selected output
+SHOW_ALL_CONSTANTS      = True
+SHOW_ALL_SIZES          = True
+SHOW_SELECTED_CONSTANTS = True
+SHOW_SELECTED_SIZES     = True
+SHOW_BUILD_OPTIONS_ALGS = True
+SHOW_SHA256_EXAMPLE     = True
+SHOW_CHACHA_EXAMPLE     = True
+
+print(' ')
+print('  demo_dynamic.py')
+
+def inprint(s, indent=0):
+    "prints strings indented, including multline strings"
+    for line in s.split('\n'):
+        print(' '*indent + line)
 
-#---------------------------------------------------------------
+#-------------------------------------------------------------------------------
 # load the .dylib
 
 libname = 'tomcrypt'
 libpath = find_library(libname)
-
-print
-print('  demo_dynamic.py')
-print
+print(' ')
 print('  path to library %s: %s' % (libname, libpath))
 
 LTC = cdll.LoadLibrary(libpath)
 print('  loaded: %s' % LTC)
-print
+print(' ')
 
 
-
-#---------------------------------------------------------------
+#-------------------------------------------------------------------------------
 # get list of all supported constants followed by a list of all
 # supported sizes.  One alternative: these lists may be parsed
 # and used as needed.
 
-if 1:
-    print '  all supported constants and their values:'
+if SHOW_ALL_CONSTANTS:
+    print('-'*60)
+    print('  all supported constants and their values:')
 
     # get size to allocate for constants output list
     str_len = c_int(0)
     ret = LTC.crypt_list_all_constants(None, byref(str_len))
-    print '    need to allocate %d bytes \n' % str_len.value
+    print('    need to allocate %d bytes to build list \n' % str_len.value)
 
     # allocate that size and get (name, size) pairs, each pair
     # separated by a newline char.
     names_sizes = c_buffer(str_len.value)
     ret = LTC.crypt_list_all_constants(names_sizes, byref(str_len))
-    print names_sizes.value
-    print
+    print(names_sizes.value.decode("utf-8"))
+    print(' ')
 
 
-if 1:
-    print '  all supported sizes:'
+if SHOW_ALL_SIZES:
+    print('-'*60)
+    print('  all supported sizes:')
 
     # get size to allocate for sizes output list
     str_len = c_int(0)
     ret = LTC.crypt_list_all_sizes(None, byref(str_len))
-    print '    need to allocate %d bytes \n' % str_len.value
+    print('    need to allocate %d bytes to build list \n' % str_len.value)
 
     # allocate that size and get (name, size) pairs, each pair
     # separated by a newline char.
     names_sizes = c_buffer(str_len.value)
     ret = LTC.crypt_list_all_sizes(names_sizes, byref(str_len))
-    print names_sizes.value
-    print
+    print(names_sizes.value.decode("utf-8"))
+    print(' ')
 
 
-#---------------------------------------------------------------
+#-------------------------------------------------------------------------------
 # get individually named constants and sizes
 
-# print selected constants
-if 1:
-    print '\n  selected constants:'
+if SHOW_SELECTED_CONSTANTS:
+    print('-'*60)
+    print('\n  selected constants:')
 
     names = [
-        'ENDIAN_LITTLE',
-        'ENDIAN_64BITWORD',
-        'PK_PUBLIC',
-        'MAX_RSA_SIZE',
-        'CTR_COUNTER_BIG_ENDIAN',
+        b'ENDIAN_LITTLE',
+        b'ENDIAN_64BITWORD',
+        b'PK_PUBLIC',
+        b'LTC_MILLER_RABIN_REPS',
+        b'CTR_COUNTER_BIG_ENDIAN',
     ]
     for name in names:
         const_value = c_int(0)
         rc = LTC.crypt_get_constant(name, byref(const_value))
         value = const_value.value
-        print '    %-25s  %d' % (name, value)
+        print('    %-25s  %d' % (name.decode("utf-8"), value))
+    print(' ')
 
-# print selected sizes
-if 1:
-    print '\n  selected sizes:'
+if SHOW_SELECTED_SIZES:
+    print('-'*60)
+    print('\n  selected sizes:')
 
     names = [
-        'rijndael_key',
-        'rsa_key',
-        'symmetric_CTR',
-        'twofish_key',
-        'ecc_point',
-        'gcm_state',
-        'sha512_state',
+        b'rijndael_key',
+        b'rsa_key',
+        b'symmetric_CTR',
+        b'twofish_key',
+        b'ecc_point',
+        b'gcm_state',
+        b'sha512_state',
     ]
     for name in names:
         size_value = c_int(0)
         rc = LTC.crypt_get_size(name, byref(size_value))
         value = size_value.value
-        print '    %-25s  %d' % (name, value)
+        print('    %-25s  %d' % (name.decode("utf-8"), value))
+    print(' ')
 
 
-#---------------------------------------------------------------
-#---------------------------------------------------------------
-# ctypes getting a list of this build's supported algorithms
-# and compiler switches
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+# LibTomCrypt exposes one interesting string that can be accessed
+# via Python's ctypes module, "crypt_build_settings", which
+# provides a list of this build's compiler switches and supported
+# algorithms.  If someday LTC exposes other interesting strings,
+# they can be found with:
+#   nm /usr/local/lib/libtomcrypt.dylib | grep " D "
 
 def get_named_string(lib, name):
-    return c_char_p.in_dll(lib, name).value
-
-if 0:
-    print '\n%s' % ('-'*60)
-    print 'This is a string compiled into LTC showing compile '
-    print 'options and algorithms supported by this build \n'
-    print get_named_string(LTC, 'crypt_build_settings')
-    print
+    return c_char_p.in_dll(lib, name).value.decode("utf-8")
 
+if SHOW_BUILD_OPTIONS_ALGS:
+    print('-'*60)
+    print('This is a string compiled into LTC showing compile')
+    print('options and algorithms supported by this build \n')
+#    print(get_named_string(LTC, 'crypt_build_settings'))
+    inprint(get_named_string(LTC, 'crypt_build_settings'), 4)
 
 
-#---------------------------------------------------------------
-#---------------------------------------------------------------
-# here is an example of how a wrapper can make Python access
-# more Pythonic
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+# here is an example of how Python code can be written to access
+# LTC's implementation of SHA256 and ChaCha,
 
 # - - - - - - - - - - - - -
-# a wrapper fragment...
+# definitions
+
+from binascii import hexlify, unhexlify
+
+def _err2str(err):
+    # define return type
+    errstr = LTC.error_to_string
+    errstr.restype = c_char_p
+    # get and return err string
+    return errstr(err)
 
 def _get_size(name):
     size = c_int(0)
-    rc = LTC.crypt_get_size(name, byref(size))
+    rc = LTC.crypt_get_size(bytes(name), byref(size))
+    if rc != 0:
+        raise Exception('LTC.crypt_get_size(%s) rc = %d' % (name, rc))
     return size.value
 
-sha256_state_struct_size = _get_size('sha256_state')
-sha512_state_struct_size = _get_size('sha512_state')
+def _get_constant(name):
+    constant = c_int(0)
+    rc = LTC.crypt_get_constant(bytes(name), byref(constant))
+    if rc != 0:
+        raise Exception('LTC.crypt_get_constant(%s) rc = %d' % (name, rc))
+    return constant.value
+
+CRYPT_OK = _get_constant(b'CRYPT_OK')
 
 class SHA256(object):
     def __init__(self):
-        self.state = c_buffer(sha256_state_struct_size)
+        self.state = c_buffer(_get_size(b'sha256_state'))
         LTC.sha256_init(byref(self.state))
     def update(self, data):
         LTC.sha256_process(byref(self.state), data, len(data))
@@ -185,22 +245,65 @@ class SHA256(object):
         LTC.sha256_done(byref(self.state), byref(md))
         return md.raw
 
+class ChaCha(object):
+    def __init__(self, key, rounds):
+        self.state   = c_buffer(_get_size(b'chacha_state'))
+        self.counter = c_int(1)
+        err = LTC.chacha_setup(byref(self.state), key, len(key), rounds)
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_setup(), err = %d, "%s"' % (err, _err2str(err)))
+    def set_iv32(self, iv):
+        err = LTC.chacha_ivctr32(byref(self.state), iv, len(iv), byref(self.counter))
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_ivctr32(), err = %d, "%s"' % (err, _err2str(err)))
+    def crypt(self, datain):
+        dataout = c_buffer(len(datain))
+        err = LTC.chacha_crypt(byref(self.state), datain, len(datain), byref(dataout))
+        if err != CRYPT_OK:
+            raise Exception('LTC.chacha_crypt(), err = %d, "%s"' % (err, _err2str(err)))
+        return dataout.raw
+
+# - - - - - - - - - - - - -
+# a SHA256 app fragment
+
+if SHOW_SHA256_EXAMPLE:
+    print('-'*60)
+    data = b'hello world'               # we want bytes, not Unicode
+
+    sha256 = SHA256()
+    sha256.update(data)
+    md = sha256.digest()
+
+    template = '\n  the SHA256 digest for "%s" is %s \n'
+    print(template % (data, hexlify(md)))
+
 # - - - - - - - - - - - - -
-# an app fragment...
+# a ChaCha app fragment
 
-# from wrapper import *         # uncomment in real life
+if SHOW_CHACHA_EXAMPLE:
+    print('-'*60)
+    key     = b'hownowbrowncow\x00\x00' # exactly 16 or 32 bytes
+    rounds  = 12                        # common values: 8, 12, 20
+    iv      = b'123456789012'           # exactly 12 bytes
+    plain   = b'Kilroy was here, there, and everywhere!'
 
-data = 'hello world'
+    cha = ChaCha(key, rounds)
+    cha.set_iv32(iv)
+    cipher = cha.crypt(plain)
 
-sha256 = SHA256()
-sha256.update(data)
-md = sha256.digest()
+    template = '\n  ChaCha%d ciphertext   for "%s" is "%s"'
+    print(template % (rounds, plain, hexlify(cipher)))
 
-template = '\n\n  the SHA256 digest for "%s" is %s \n'
-print template % (data, md.encode('hex'))
+    cha.set_iv32(iv)                    # reset to decrypt
+    decrypted = cha.crypt(cipher)
 
+    template = '  ChaCha%d decoded text for "%s" is "%s" \n'
+    print(template % (rounds, plain, decrypted.decode("utf-8")))
 
+# Footnote: Keys should be erased fm memory as soon as possible after use,
+# and that includes Python.  For a tip on how to do that in Python, see
+# http://buggywhip.blogspot.com/2010/12/erase-keys-and-credit-card-numbers-in.html
 
-#---------------------------------------------------------------
-#---------------------------------------------------------------
-#---------------------------------------------------------------
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------
+#-------------------------------------------------------------------------------

demos/hashsum.c

@@ -38,22 +38,28 @@
 
 static char* hashsum;
 
+static void cleanup(void)
+{
+   free(hashsum);
+}
+
 static void die(int status)
 {
    unsigned long w, x;
    FILE* o = status == EXIT_SUCCESS ? stdout : stderr;
-   fprintf(o, "usage: %s -a algorithm [-c] [file...]\n", hashsum);
-   fprintf(o, "Algorithms:\n");
+   fprintf(o, "usage: %s -a algorithm [-c] [file...]\n\n", hashsum);
+   fprintf(o, "\t-c\tCheck the hash(es) of the file(s) written in [file].\n");
+   fprintf(o, "\t\t(-a not required)\n");
+   fprintf(o, "\nAlgorithms:\n\t");
    w = 0;
    for (x = 0; hash_descriptor[x].name != NULL; x++) {
       w += fprintf(o, "%-14s", hash_descriptor[x].name);
       if (w >= 70) {
-         fprintf(o, "\n");
+         fprintf(o, "\n\t");
          w = 0;
       }
    }
    if (w != 0) fprintf(o, "\n");
-   free(hashsum);
    exit(status);
 }
 
@@ -90,6 +96,10 @@ static void check_file(int argn, int argc, char **argv)
          int tries, n;
          unsigned long hash_len, w, x;
          char* space = strstr(s, " ");
+
+         /* skip lines with comments */
+         if (buf[0] == '#') continue;
+
          if (space == NULL) {
             fprintf(stderr, "%s: no properly formatted checksum lines found\n", hashsum);
             goto ERR;
@@ -98,6 +108,11 @@ static void check_file(int argn, int argc, char **argv)
          hash_len = space - s;
          hash_len /= 2;
 
+         if (hash_len > sizeof(should_buffer)) {
+            fprintf(stderr, "%s: hash too long\n", hashsum);
+            goto ERR;
+         }
+
          /* convert the hex-string back to binary */
          for (x = 0; x < hash_len; ++x) {
             should_buffer[x] = HEXOF(s[x*2]) << 4 | HEXOF(s[x*2 + 1]);
@@ -164,6 +179,7 @@ int main(int argc, char **argv)
    unsigned char hash_buffer[MAXBLOCKSIZE];
 
    hashsum = strdup(basename(argv[0]));
+   atexit(cleanup);
 
    /* You need to register algorithms before using them */
    register_all_ciphers();

demos/ltcrypt.c

@@ -47,6 +47,7 @@ int main(int argc, char *argv[])
    /* register algs, so they can be printed */
    register_all_ciphers();
    register_all_hashes();
+   register_all_prngs();
 
    if (argc < 4) {
       if ((argc > 2) && (!strcmp(argv[1], "-t"))) {

demos/openssl-enc.c

@@ -89,9 +89,9 @@ union paddable {
  * Output:       <no return>
  * Side Effects: print messages and barf (does exit(3))
  */
-void barf(char *pname, char *err)
+void barf(const char *pname, const char *err)
 {
-   printf("Usage: %s <enc|dec> infile outfile [salt]\n", pname);
+   printf("Usage: %s <enc|dec> infile outfile passphrase [salt]\n", pname);
    printf("\n");
    printf("       # encrypts infile->outfile, random salt\n");
    printf("       %s enc infile outfile \"passphrase\"\n", pname);

demos/sizes.c

@@ -6,8 +6,14 @@
  * The library is free for all purposes without any express
  * guarantee it works.
  */
+
 #include "tomcrypt.h"
 
+#if _POSIX_C_SOURCE >= 200112L
+#include <libgen.h>
+#else
+#define basename(x) x
+#endif
 /**
   @file demo_crypt_sizes.c
 
@@ -15,29 +21,57 @@
   like Python - Larry Bugbee, February 2013
 */
 
+static void _print_line(const char* cmd, const char* desc)
+{
+   printf("  %-16s - %s\n", cmd, desc);
+}
+
+int main(int argc, char **argv)
+{
+   if (argc == 1) {
+      /* given a specific size name, get and print its size */
+      char name[] = "ltc_hash_descriptor";
+      unsigned int size;
+      char *sizes_list;
+      unsigned int sizes_list_len;
+      if (crypt_get_size(name, &size) != 0) exit(EXIT_FAILURE);
+      printf("\n  size of '%s' is %u \n\n", name, size);
+
+      /* get and print the length of the names (and sizes) list */
+      if (crypt_list_all_sizes(NULL, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  need to allocate %u bytes \n\n", sizes_list_len);
 
-int main(void) {
-
-    /* given a specific size name, get and print its size */
-    char name[] = "ecc_key";
-    unsigned int size;
-    char *sizes_list;
-    unsigned int sizes_list_len;
-    if(crypt_get_size(name, &size) != 0)
-      exit(EXIT_FAILURE);
-    printf("\n  size of '%s' is %u \n\n", name, size);
-
-    /* get and print the length of the names (and sizes) list */
-    if(crypt_list_all_sizes(NULL, &sizes_list_len) != 0)
-       exit(EXIT_FAILURE);
-    printf("  need to allocate %u bytes \n\n", sizes_list_len);
-
-    /* get and print the names (and sizes) list */
-    sizes_list = malloc(sizes_list_len);
-    if(crypt_list_all_sizes(sizes_list, &sizes_list_len) != 0)
-       exit(EXIT_FAILURE);
-    printf("  supported sizes:\n\n%s\n\n", sizes_list);
-    return 0;
+      /* get and print the names (and sizes) list */
+      sizes_list = malloc(sizes_list_len);
+      if (crypt_list_all_sizes(sizes_list, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+      printf("  supported sizes:\n\n%s\n\n", sizes_list);
+   } else if (argc == 2) {
+      if (strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) {
+         char* base = strdup(basename(argv[0]));
+         printf("Usage: %s [-a] [-s name]\n\n", base);
+         _print_line("<no argument>", "The old behavior of the demo");
+         _print_line("-a", "Only lists all sizes");
+         _print_line("-s name", "List a single size given as argument");
+         _print_line("-h", "The help you're looking at");
+         free(base);
+      } else if (strcmp(argv[1], "-a") == 0) {
+         char *sizes_list;
+         unsigned int sizes_list_len;
+         /* get and print the length of the names (and sizes) list */
+         if (crypt_list_all_sizes(NULL, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+         /* get and print the names (and sizes) list */
+         sizes_list = malloc(sizes_list_len);
+         if (crypt_list_all_sizes(sizes_list, &sizes_list_len) != 0) exit(EXIT_FAILURE);
+         printf("%s\n", sizes_list);
+      }
+   } else if (argc == 3) {
+      if (strcmp(argv[1], "-s") == 0) {
+         unsigned int size;
+         if (crypt_get_size(argv[2], &size) != 0) exit(EXIT_FAILURE);
+         printf("%s,%u\n", argv[2], size);
+      }
+   }
+   return 0;
 }
 
 /* ref:         $Format:%D$ */

demos/timing.c

@@ -520,8 +520,11 @@ static void time_hash(void)
 }
 
 /*#warning you need an mp_rand!!!*/
-#ifndef USE_LTM
+#if !defined(USE_LTM) && !defined(USE_TFM) && !defined(USE_GMP) && !defined(EXT_MATH_LIB)
   #undef LTC_MPI
+  #undef LTC_TEST_MPI
+#else
+  #define LTC_TEST_MPI
 #endif
 
 #ifdef LTC_MPI
@@ -642,7 +645,7 @@ static void time_prng(void)
    }
 }
 
-#ifdef LTC_MDSA
+#if defined(LTC_MDSA) && defined(LTC_TEST_MPI)
 /* time various DSA operations */
 static void time_dsa(void)
 {
@@ -657,7 +660,9 @@ static const struct {
 { 20, 128 },
 { 24, 192 },
 { 28, 256 },
-{ 32, 512 }
+#ifndef TFM_DESC
+{ 32, 512 },
+#endif
 };
 
    for (x = 0; x < (sizeof(groups)/sizeof(groups[0])); x++) {
@@ -695,7 +700,7 @@ static void time_dsa(void) { fprintf(stderr, "NO DSA\n"); }
 #endif
 
 
-#ifdef LTC_MRSA
+#if defined(LTC_MRSA) && defined(LTC_TEST_MPI)
 /* time various RSA operations */
 static void time_rsa(void)
 {
@@ -819,7 +824,7 @@ static void time_rsa(void)
 static void time_rsa(void) { fprintf(stderr, "NO RSA\n"); }
 #endif
 
-#ifdef LTC_MKAT
+#if defined(LTC_MKAT) && defined(LTC_TEST_MPI)
 /* time various KAT operations */
 static void time_katja(void)
 {
@@ -889,7 +894,7 @@ static void time_katja(void)
 static void time_katja(void) { fprintf(stderr, "NO Katja\n"); }
 #endif
 
-#ifdef LTC_MDH
+#if defined(LTC_MDH) && defined(LTC_TEST_MPI)
 /* time various DH operations */
 static void time_dh(void)
 {
@@ -897,7 +902,12 @@ static void time_dh(void)
    ulong64 t1, t2;
    unsigned long i, x, y;
    int           err;
-   static unsigned long sizes[] = {768/8, 1024/8, 1536/8, 2048/8, 3072/8, 4096/8, 6144/8, 8192/8, 100000};
+   static unsigned long sizes[] = {768/8, 1024/8, 1536/8, 2048/8,
+#ifndef TFM_DESC
+                                   3072/8, 4096/8, 6144/8, 8192/8,
+#endif
+                                   100000
+   };
 
    for (x = sizes[i=0]; x < 100000; x = sizes[++i]) {
        t2 = 0;
@@ -919,14 +929,14 @@ static void time_dh(void)
            dh_free(&key);
        }
        t2 >>= 4;
-       fprintf(stderr, "DH-%4lu make_key    took %15llu cycles\n", x*8, t2);
+       fprintf(stderr, "DH-%4lu make_key    took %15"PRI64"u cycles\n", x*8, t2);
   }
 }
 #else
 static void time_dh(void) { fprintf(stderr, "NO DH\n"); }
 #endif
 
-#ifdef LTC_MECC
+#if defined(LTC_MECC) && defined(LTC_TEST_MPI)
 /* time various ECC operations */
 static void time_ecc(void)
 {
@@ -1273,7 +1283,7 @@ static void time_encmacs_(unsigned long MAC_SIZE)
         t_start();
         t1 = t_read();
         z = 16;
-        if ((err = ocb3_encrypt_authenticate_memory(cipher_idx, key, 16, IV, 16, (unsigned char*)"", 0, buf, MAC_SIZE*1024, buf, tag, &z)) != CRYPT_OK) {
+        if ((err = ocb3_encrypt_authenticate_memory(cipher_idx, key, 16, IV, 15, (unsigned char*)"", 0, buf, MAC_SIZE*1024, buf, tag, &z)) != CRYPT_OK) {
            fprintf(stderr, "\nOCB3 error... %s\n", error_to_string(err));
            exit(EXIT_FAILURE);
         }
@@ -1427,9 +1437,11 @@ register_all_prngs();
    ltc_mp = tfm_desc;
 #elif defined(USE_GMP)
    ltc_mp = gmp_desc;
-#else
-   extern ltc_math_descriptor EXT_MATH_LIB;
-   ltc_mp = EXT_MATH_LIB;
+#elif defined(EXT_MATH_LIB)
+   {
+      extern ltc_math_descriptor EXT_MATH_LIB;
+      ltc_mp = EXT_MATH_LIB;
+   }
 #endif
 
 if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT_OK) {

demos/tv_gen.c

@@ -420,7 +420,7 @@ void ocb_gen(void)
 void ocb3_gen(void)
 {
 #ifdef LTC_OCB3_MODE
-   int err, kl, x, y1, z;
+   int err, kl, x, y1, z, noncelen;
    FILE *out;
    unsigned char key[MAXBLOCKSIZE], nonce[MAXBLOCKSIZE*2],
                  plaintext[MAXBLOCKSIZE*2], tag[MAXBLOCKSIZE];
@@ -435,12 +435,12 @@ void ocb3_gen(void)
       kl = cipher_descriptor[x].block_length;
 
       /* skip ciphers which do not have 64 or 128 bit block sizes */
-      if (kl != 8 && kl != 16) continue;
+      if (kl != 16) continue;
 
       if (cipher_descriptor[x].keysize(&kl) != CRYPT_OK) {
          kl = cipher_descriptor[x].max_key_length;
       }
-      fprintf(out, "OCB-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
+      fprintf(out, "OCB3-%s (%d byte key)\n", cipher_descriptor[x].name, kl);
 
       /* the key */
       for (z = 0; z < kl; z++) {
@@ -448,7 +448,8 @@ void ocb3_gen(void)
       }
 
       /* fixed nonce */
-      for (z = 0; z < cipher_descriptor[x].block_length; z++) {
+      noncelen = MIN(15, cipher_descriptor[x].block_length);
+      for (z = 0; z < noncelen; z++) {
           nonce[z] = z;
       }
 
@@ -456,9 +457,9 @@ void ocb3_gen(void)
          for (z = 0; z < y1; z++) {
             plaintext[z] = (unsigned char)(z & 255);
          }
-         len = sizeof(tag);
-         if ((err = ocb3_encrypt_authenticate_memory(x, key, kl, nonce, cipher_descriptor[x].block_length, (unsigned char*)"AAD", 3, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
-            printf("Error OCB'ing: %s\n", error_to_string(err));
+         len = 16;
+         if ((err = ocb3_encrypt_authenticate_memory(x, key, kl, nonce, noncelen, (unsigned char*)"AAD", 3, plaintext, y1, plaintext, tag, &len)) != CRYPT_OK) {
+            printf("Error OCB3'ing: %s\n", error_to_string(err));
             exit(EXIT_FAILURE);
          }
          fprintf(out, "%3d: ", y1);
@@ -526,6 +527,10 @@ void ccm_gen(void)
             printf("Error CCM'ing: %s\n", error_to_string(err));
             exit(EXIT_FAILURE);
          }
+         if (len == 0) {
+            printf("Error CCM'ing: zero length\n");
+            exit(EXIT_FAILURE);
+         }
          fprintf(out, "%3d: ", y1);
          for (z = 0; z < y1; z++) {
             fprintf(out, "%02X", plaintext[z]);
@@ -576,7 +581,7 @@ void gcm_gen(void)
           key[z] = (z & 255);
       }
 
-      for (y1 = 0; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
+      for (y1 = 1; y1 <= (int)(cipher_descriptor[x].block_length*2); y1++){
          for (z = 0; z < y1; z++) {
             plaintext[z] = (unsigned char)(z & 255);
          }

doc/footer.html

@@ -1,10 +0,0 @@
-<hr width="80%">
-Code by <a href="http://www.libtomcrypt.com/">Tom</a><br>
-Docs using <img src="doxygen.png" alt="doxygen" align="middle" border=0>
-<a href="http://jlcooke.ca/tom/hidden_image.png">
-
-<!--
-/* ref:         $Format:%D$ */
-/* git commit:  $Format:%H$ */
-/* commit time: $Format:%ai$ */
--->

doc/header.html

@@ -1,12 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html><head><meta http-equiv="Content-Type" content="text/html;charset=iso-8859-1">
-<title>LibTomCrypt: Main Page</title>
-<link href="doxygen.css" rel="stylesheet" type="text/css">
-</head><body>
-<!-- Generated by Doxygen 1.3.8 -->
-
-<!--
-/* ref:         $Format:%D$ */
-/* git commit:  $Format:%H$ */
-/* commit time: $Format:%ai$ */
--->

doc/makefile

@@ -14,7 +14,10 @@ LEFTOVERS=*.dvi *.log *.aux *.toc *.idx *.ilg *.ind *.out *.lof
 doxygen:
 	doxygen $(silent_stdout)
 
-doxy: doxygen
+patched_doxygen:
+	(cat Doxyfile && echo "HAVE_DOT=no") | doxygen - $(silent_stdout)
+
+doxy: patched_doxygen
 	${MAKE} -C doxygen/latex $(silent_stdout) && mv -f doxygen/latex/refman.pdf .
 	@echo The huge doxygen PDF should be available as doc/refman.pdf
 
@@ -52,6 +55,9 @@ docdvi: crypt.tex
 	latex crypt $(silent_stdout)
 	latex crypt $(silent_stdout)
 
+termdoc: docdvi
+	dvi2tty crypt.dvi -w120
+
 clean:
 	rm -f $(LEFTOVERS)
 	rm -rf doxygen/

helper.pl

@@ -59,7 +59,7 @@ sub check_source {
           $file !~ m|src/ciphers/.*\.c$| &&
           $file !~ m|src/hashes/.*\.c$| &&
           $file !~ m|src/math/.+_desc.c$| &&
-          $file !~ m|src/stream/sober128/sober128.c$| &&
+          $file !~ m|src/stream/sober128/sober128_stream.c$| &&
           $l =~ /^static\s+\S+\s+([^_][a-zA-Z0-9_]+)\s*\(/) {
         push @{$troubles->{staticfunc_name}}, "$lineno($1)";
       }
@@ -260,7 +260,7 @@ sub prepare_msvc_files_xml {
   return $files;
 }
 
-sub patch_makefile {
+sub patch_file {
   my ($content, @variables) = @_;
   for my $v (@variables) {
     if ($v =~ /^([A-Z0-9_]+)\s*=.*$/si) {
@@ -268,16 +268,16 @@ sub patch_makefile {
       $content =~ s/\n\Q$name\E\b.*?[^\\]\n/\n$v\n/s;
     }
     else {
-      die "patch_makefile failed: " . substr($v, 0, 30) . "..";
+      die "patch_file failed: " . substr($v, 0, 30) . "..";
     }
   }
   return $content;
 }
 
-sub version_form_tomcrypt_h {
+sub version_from_tomcrypt_h {
   my $h = read_file(shift);
-  if ($h =~ /\n#define\s*SCRYPT\s*"([0-9]+)\.([0-9]+)"/s) {
-    return "VERSION=$1.$2", "VERSION_LT=0:$1$2";
+  if ($h =~ /\n#define\s*SCRYPT\s*"([0-9]+)\.([0-9]+)\.([0-9]+)(.*)"/s) {
+    return "VERSION_PC=$1.$2.$3", "VERSION_LT=1:0", "VERSION=$1.$2.$3$4", "PROJECT_NUMBER=$1.$2.$3$4";
   }
   else {
     die "#define SCRYPT not found in tomcrypt.h";
@@ -304,7 +304,7 @@ sub process_makefiles {
   my $var_to = prepare_variable("TOBJECTS", sort map { my $x = $_; $x =~ s/\.c$/.o/; $x } @t);
   (my $var_tobj = $var_to) =~ s/\.o\b/.obj/sg;
 
-  my @ver_version = version_form_tomcrypt_h("src/headers/tomcrypt.h");
+  my @ver_version = version_from_tomcrypt_h("src/headers/tomcrypt.h");
 
   # update MSVC project files
   my $msvc_files = prepare_msvc_files_xml(\@all, qr/tab\.c$/, ['Debug|Win32', 'Release|Win32', 'Debug|x64', 'Release|x64']);
@@ -320,10 +320,10 @@ sub process_makefiles {
   }
 
   # update OBJECTS + HEADERS in makefile*
-  for my $m (qw/ makefile makefile.shared makefile.unix makefile.mingw makefile.msvc makefile_include.mk /) {
+  for my $m (qw/ makefile makefile.shared makefile.unix makefile.mingw makefile.msvc makefile_include.mk doc\/Doxyfile /) {
     my $old = read_file($m);
-    my $new = $m eq 'makefile.msvc' ? patch_makefile($old, $var_obj, $var_h, $var_tobj, @ver_version)
-                                    : patch_makefile($old, $var_o, $var_h, $var_to, @ver_version);
+    my $new = $m eq 'makefile.msvc' ? patch_file($old, $var_obj, $var_h, $var_tobj, @ver_version)
+                                    : patch_file($old, $var_o, $var_h, $var_to, @ver_version);
     if ($old ne $new) {
       write_file($m, $new) if $write;
       warn "changed: $m\n";

libtomcrypt_VS2008.vcproj

@@ -798,14 +798,6 @@
 					RelativePath="src\encauth\ocb3\ocb3_init.c"
 					>
 				</File>
-				<File
-					RelativePath="src\encauth\ocb3\ocb3_int_aad_add_block.c"
-					>
-				</File>
-				<File
-					RelativePath="src\encauth\ocb3\ocb3_int_calc_offset_zero.c"
-					>
-				</File>
 				<File
 					RelativePath="src\encauth\ocb3\ocb3_int_ntz.c"
 					>
@@ -2455,7 +2447,7 @@
 				Name="rc4"
 				>
 				<File
-					RelativePath="src\stream\rc4\rc4.c"
+					RelativePath="src\stream\rc4\rc4_stream.c"
 					>
 				</File>
 				<File
@@ -2467,7 +2459,7 @@
 				Name="sober128"
 				>
 				<File
-					RelativePath="src\stream\sober128\sober128.c"
+					RelativePath="src\stream\sober128\sober128_stream.c"
 					>
 				</File>
 				<File

makefile

@@ -15,17 +15,12 @@ endif
 
 PLATFORM := $(shell uname | sed -e 's/_.*//')
 
-ifneq ($(MAKECMDGOALS),clean)
-ifeq ($(PLATFORM), Darwin)
-$(error Can't build static library on Mac, please use makefile.shared)
-endif
-endif
-
 # ranlib tools
 ifndef RANLIB
 RANLIB:=$(CROSS_COMPILE)ranlib
 endif
 INSTALL_CMD = install
+UNINSTALL_CMD = rm
 
 #Output filenames for various targets.
 ifndef LIBNAME
@@ -38,19 +33,19 @@ include makefile_include.mk
 ifeq ($(COVERAGE),1)
 all_test: LIB_PRE = -Wl,--whole-archive
 all_test: LIB_POST = -Wl,--no-whole-archive
-CFLAGS += -fprofile-arcs -ftest-coverage
+LTC_CFLAGS += -fprofile-arcs -ftest-coverage
 EXTRALIBS += -lgcov
 endif
 
 #AES comes in two flavours... enc+dec and enc
 src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-	${silent} ${CC} ${CFLAGS} -DENCRYPT_ONLY -c $< -o $@
+	${silent} ${CC} ${LTC_CFLAGS} -DENCRYPT_ONLY -c $< -o $@
 
 .c.o:
 ifneq ($V,1)
 	@echo "   * ${CC} $@"
 endif
-	${silent} ${CC} ${CFLAGS} -c $< -o $@
+	${silent} ${CC} ${LTC_CFLAGS} -c $< -o $@
 
 $(LIBNAME): $(OBJECTS)
 ifneq ($V,1)
@@ -62,25 +57,19 @@ ifneq ($V,1)
 endif
 	${silent} $(RANLIB) $@
 
-timing: $(LIBNAME) $(TIMINGS)
-ifneq ($V,1)
-	@echo "   * ${CC} $@"
-endif
-	${silent} $(CC) $(LDFLAGS) $(TIMINGS) $(LIB_PRE) $(LIBNAME) $(LIB_POST) $(EXTRALIBS) -o $(TIMING)
-
-test: $(LIBNAME) $(TOBJECTS)
+test: $(call print-help,test,Builds the library and the 'test' application to run all self-tests) $(LIBNAME) $(TOBJECTS)
 ifneq ($V,1)
 	@echo "   * ${CC} $@"
 endif
-	${silent} $(CC) $(LDFLAGS) $(TOBJECTS) $(LIB_PRE) $(LIBNAME) $(LIB_POST) $(EXTRALIBS) -o $(TEST)
+	${silent} $(CC) $(LTC_LDFLAGS) $(TOBJECTS) $(LIB_PRE) $(LIBNAME) $(LIB_POST) $(EXTRALIBS) -o $(TEST)
 
 # build the demos from a template
 define DEMO_template
-$(1): demos/$(1).o $$(LIBNAME)
+$(1): $(call print-help,$(1),Builds the library and the '$(1)' demo) demos/$(1).o $$(LIBNAME)
 ifneq ($V,1)
 	@echo "   * $${CC} $$@"
 endif
-	$${silent} $$(CC) $$(CFLAGS) $$< $$(LIB_PRE) $$(LIBNAME) $$(LIB_POST) $$(EXTRALIBS) -o $(1)
+	$${silent} $$(CC) $$(LTC_CFLAGS) $$< $$(LIB_PRE) $$(LIBNAME) $$(LIB_POST) $$(EXTRALIBS) -o $(1)
 endef
 
 $(foreach demo, $(strip $(DEMOS)), $(eval $(call DEMO_template,$(demo))))
@@ -89,15 +78,17 @@ $(foreach demo, $(strip $(DEMOS)), $(eval $(call DEMO_template,$(demo))))
 #This rule installs the library and the header files. This must be run
 #as root in order to have a high enough permission to write to the correct
 #directories and to set the owner and group to root.
-install: .common_install
+install: $(call print-help,install,Installs the library and headers) .common_install
+
+install_bins: $(call print-help,install_bins,Installs the useful demos ($(USEFUL_DEMOS))) .common_install_bins
 
-install_bins: .common_install_bins
+uninstall: $(call print-help,uninstall,Uninstalls the library and headers) .common_uninstall
 
 profile:
-	CFLAGS="$(CFLAGS) -fprofile-generate" $(MAKE) timing EXTRALIBS="$(EXTRALIBS) -lgcov"
+	LTC_CFLAGS="$(LTC_CFLAGS) -fprofile-generate" $(MAKE) timing EXTRALIBS="$(EXTRALIBS) -lgcov"
 	./timing
 	rm -f timing `find . -type f | grep [.][ao] | xargs`
-	CFLAGS="$(CFLAGS) -fprofile-use" $(MAKE) timing EXTRALIBS="$(EXTRALIBS) -lgcov"
+	LTC_CFLAGS="$(LTC_CFLAGS) -fprofile-use" $(MAKE) timing EXTRALIBS="$(EXTRALIBS) -lgcov"
 
 # target that pre-processes all coverage data
 lcov-single-create:
@@ -125,12 +116,12 @@ lcov-single:
 
 
 #make the code coverage of the library
-coverage: CFLAGS += -fprofile-arcs -ftest-coverage
+coverage: LTC_CFLAGS += -fprofile-arcs -ftest-coverage
 coverage: EXTRALIBS += -lgcov
 coverage: LIB_PRE = -Wl,--whole-archive
 coverage: LIB_POST = -Wl,--no-whole-archive
 
-coverage: test
+coverage: $(call print-help,coverage,Create code-coverage of the library - but better use coverage.sh) test
 	./test
 
 # cleans everything - coverage output and standard 'clean'

makefile.mingw

@@ -25,9 +25,9 @@ CFLAGS    = -O2 -DUSE_LTM -DLTM_DESC -I../libtommath
 EXTRALIBS = -L../libtommath -ltommath
 
 #Compilation flags
-LTC_CFLAGS  = $(CFLAGS) -Isrc/headers -Itests -DLTC_SOURCE
+LTC_CFLAGS  = -Isrc/headers -Itests -DLTC_SOURCE $(CFLAGS)
 LTC_LDFLAGS = $(LDFLAGS) $(EXTRALIBS)
-VERSION=1.17
+VERSION=1.18.0
 
 #Libraries to be created
 LIBMAIN_S =libtomcrypt.a
@@ -61,10 +61,9 @@ src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb
 src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
 src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
 src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
-src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o \
-src/encauth/ocb3/ocb3_int_aad_add_block.o src/encauth/ocb3/ocb3_int_calc_offset_zero.o \
-src/encauth/ocb3/ocb3_int_ntz.o src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o \
-src/hashes/blake2b.o src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o src/encauth/ocb3/ocb3_int_ntz.o \
+src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o src/hashes/blake2b.o \
+src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
 src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
 src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
 src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
@@ -189,7 +188,7 @@ src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/so
 src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
 src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
 src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
-src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
+src/stream/rc4/rc4_stream.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128_stream.o \
 src/stream/sober128/sober128_test.o
 
 #List of test objects to compile
@@ -248,6 +247,10 @@ small.exe: demos/small.o $(LIBMAIN_S)
 	$(CC) demos/small.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 tv_gen.exe: demos/tv_gen.o $(LIBMAIN_S)
 	$(CC) demos/tv_gen.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+sizes.exe: demos/sizes.o $(LIBMAIN_S)
+	$(CC) demos/sizes.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+constants.exe: demos/constants.o $(LIBMAIN_S)
+	$(CC) demos/constants.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 timing.exe: demos/timing.o $(LIBMAIN_S)
 	$(CC) demos/timing.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 
@@ -256,7 +259,7 @@ test.exe: $(TOBJECTS) $(LIBMAIN_S)
 	$(CC) $(TOBJECTS) $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 	@echo NOTICE: start the tests by launching test.exe
 
-all: $(LIBMAIN_S) $(LIBMAIN_I) $(LIBMAIN_D) hashsum.exe ltcrypt.exe small.exe tv_gen.exe timing.exe test.exe
+all: $(LIBMAIN_S) $(LIBMAIN_I) $(LIBMAIN_D) hashsum.exe ltcrypt.exe small.exe tv_gen.exe sizes.exe constants.exe timing.exe test.exe
 
 test: test.exe
 

makefile.msvc

@@ -20,9 +20,9 @@ CFLAGS    = /Ox /DUSE_LTM /DLTM_DESC /I../libtommath
 EXTRALIBS = ../libtommath/tommath.lib
 
 #Compilation flags
-LTC_CFLAGS  = $(CFLAGS) /nologo /Isrc/headers/ /Itests/ /D_CRT_SECURE_NO_WARNINGS /D_CRT_NONSTDC_NO_DEPRECATE /DLTC_SOURCE /W3
+LTC_CFLAGS  = /nologo /Isrc/headers/ /Itests/ /D_CRT_SECURE_NO_WARNINGS /D_CRT_NONSTDC_NO_DEPRECATE /DLTC_SOURCE /W3 $(CFLAGS)
 LTC_LDFLAGS = advapi32.lib $(EXTRALIBS)
-VERSION=1.17
+VERSION=1.18.0
 
 #Libraries to be created (this makefile builds only static libraries)
 LIBMAIN_S =tomcrypt.lib
@@ -54,10 +54,9 @@ src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s
 src/encauth/ocb3/ocb3_add_aad.obj src/encauth/ocb3/ocb3_decrypt.obj src/encauth/ocb3/ocb3_decrypt_last.obj \
 src/encauth/ocb3/ocb3_decrypt_verify_memory.obj src/encauth/ocb3/ocb3_done.obj \
 src/encauth/ocb3/ocb3_encrypt.obj src/encauth/ocb3/ocb3_encrypt_authenticate_memory.obj \
-src/encauth/ocb3/ocb3_encrypt_last.obj src/encauth/ocb3/ocb3_init.obj \
-src/encauth/ocb3/ocb3_int_aad_add_block.obj src/encauth/ocb3/ocb3_int_calc_offset_zero.obj \
-src/encauth/ocb3/ocb3_int_ntz.obj src/encauth/ocb3/ocb3_int_xor_blocks.obj src/encauth/ocb3/ocb3_test.obj \
-src/hashes/blake2b.obj src/hashes/blake2s.obj src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj \
+src/encauth/ocb3/ocb3_encrypt_last.obj src/encauth/ocb3/ocb3_init.obj src/encauth/ocb3/ocb3_int_ntz.obj \
+src/encauth/ocb3/ocb3_int_xor_blocks.obj src/encauth/ocb3/ocb3_test.obj src/hashes/blake2b.obj \
+src/hashes/blake2s.obj src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj \
 src/hashes/helper/hash_filehandle.obj src/hashes/helper/hash_memory.obj \
 src/hashes/helper/hash_memory_multi.obj src/hashes/md2.obj src/hashes/md4.obj src/hashes/md5.obj \
 src/hashes/rmd128.obj src/hashes/rmd160.obj src/hashes/rmd256.obj src/hashes/rmd320.obj src/hashes/sha1.obj \
@@ -182,7 +181,7 @@ src/prngs/rc4.obj src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/pr
 src/prngs/sprng.obj src/prngs/yarrow.obj src/stream/chacha/chacha_crypt.obj src/stream/chacha/chacha_done.obj \
 src/stream/chacha/chacha_ivctr32.obj src/stream/chacha/chacha_ivctr64.obj \
 src/stream/chacha/chacha_keystream.obj src/stream/chacha/chacha_setup.obj src/stream/chacha/chacha_test.obj \
-src/stream/rc4/rc4.obj src/stream/rc4/rc4_test.obj src/stream/sober128/sober128.obj \
+src/stream/rc4/rc4_stream.obj src/stream/rc4/rc4_test.obj src/stream/sober128/sober128_stream.obj \
 src/stream/sober128/sober128_test.obj
 
 #List of test objects to compile
@@ -235,6 +234,10 @@ small.exe: demos/small.c $(LIBMAIN_S)
 	cl $(LTC_CFLAGS) demos/small.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
 tv_gen.exe: demos/tv_gen.c $(LIBMAIN_S)
 	cl $(LTC_CFLAGS) demos/tv_gen.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
+sizes.exe: demos/sizes.c $(LIBMAIN_S)
+	cl $(LTC_CFLAGS) demos/sizes.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
+constants.exe: demos/constants.c $(LIBMAIN_S)
+	cl $(LTC_CFLAGS) demos/constants.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
 timing.exe: demos/timing.c $(LIBMAIN_S)
 	cl $(LTC_CFLAGS) demos/timing.c tests/common.c $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
 
@@ -243,7 +246,7 @@ test.exe: $(LIBMAIN_S) $(TOBJECTS)
 	cl $(LTC_CFLAGS) $(TOBJECTS) $(LIBMAIN_S) $(LTC_LDFLAGS) /Fe$@
 	@echo NOTICE: start the tests by launching test.exe
 
-all: $(LIBMAIN_S) hashsum.exe ltcrypt.exe small.exe tv_gen.exe timing.exe test.exe
+all: $(LIBMAIN_S) hashsum.exe ltcrypt.exe small.exe tv_gen.exe sizes.exe constants.exe timing.exe test.exe
 
 test: test.exe
 

makefile.shared

@@ -23,8 +23,12 @@ ifndef LT
     LT:=libtool
   endif
 endif
+ifeq ($(PLATFORM), CYGWIN)
+  NO_UNDEFINED:=-no-undefined
+endif
 LTCOMPILE = $(LT) --mode=compile --tag=CC $(CC)
 INSTALL_CMD = $(LT) --mode=install install
+UNINSTALL_CMD = $(LT) --mode=uninstall rm
 
 #Output filenames for various targets.
 ifndef LIBNAME
@@ -37,38 +41,37 @@ include makefile_include.mk
 
 #ciphers come in two flavours... enc+dec and enc
 src/ciphers/aes/aes_enc.o: src/ciphers/aes/aes.c src/ciphers/aes/aes_tab.c
-	$(LTCOMPILE) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
+	$(LTCOMPILE) $(LTC_CFLAGS) $(CPPFLAGS) $(LTC_LDFLAGS) -DENCRYPT_ONLY -c src/ciphers/aes/aes.c -o src/ciphers/aes/aes_enc.o
 
 .c.o:
-	$(LTCOMPILE) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $@ -c $<
+	$(LTCOMPILE) $(LTC_CFLAGS) $(CPPFLAGS) $(LTC_LDFLAGS) -o $@ -c $<
 
-$(LIBNAME): $(OBJECTS)
-	$(LT) --mode=link --tag=CC $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) `find ./src -type f -name "*.lo" | LC_ALL=C sort` $(EXTRALIBS) -o $@ -rpath $(LIBPATH) -version-info $(VERSION_LT)
+LOBJECTS = $(OBJECTS:.o=.lo)
 
-install: .common_install
-	sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION),' libtomcrypt.pc.in > libtomcrypt.pc
-	install -d $(DESTDIR)$(LIBPATH)/pkgconfig
-	install -m 644 libtomcrypt.pc $(DESTDIR)$(LIBPATH)/pkgconfig/
-
-install_bins: .common_install_bins
-
-test: $(LIBNAME) $(TOBJECTS)
-	$(LT) --mode=link --tag=CC $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $(TEST) $(TOBJECTS) $(LIBNAME) $(EXTRALIBS)
+$(LIBNAME): $(OBJECTS)
+	$(LT) --mode=link --tag=CC $(CC) $(LTC_CFLAGS) $(CPPFLAGS) $(LTC_LDFLAGS) $(LOBJECTS) $(EXTRALIBS) -o $@ -rpath $(LIBPATH) -version-info $(VERSION_LT) $(NO_UNDEFINED)
 
-timing: $(TIMINGS) $(LIBNAME)
-	$(LT) --mode=link --tag=CC $(CC) $(CFLAGS) $(CPPFLAGS) $(LDFLAGS) -o $(TIMING) $^ $(EXTRALIBS)
+test: $(call print-help,test,Builds the library and the 'test' application to run all self-tests) $(LIBNAME) $(TOBJECTS)
+	$(LT) --mode=link --tag=CC $(CC) $(LTC_CFLAGS) $(CPPFLAGS) $(LTC_LDFLAGS) -o $(TEST) $(TOBJECTS) $(LIBNAME) $(EXTRALIBS)
 
 # build the demos from a template
 define DEMO_template
-$(1): demos/$(1).o $$(LIBNAME)
-ifneq ($V,1)
-	@echo "   * $${CC} $$@"
-endif
-	$$(LT) --mode=link --tag=CC $$(CC) $$(CFLAGS) $$(CPPFLAGS) $$(LDFLAGS) $$^ $$(EXTRALIBS) -o $(1)
+$(1): $(call print-help,$(1),Builds the library and the '$(1)' demo) demos/$(1).o $$(LIBNAME)
+	$$(LT) --mode=link --tag=CC $$(CC) $$(LTC_CFLAGS) $$(CPPFLAGS) $$(LTC_LDFLAGS) $$^ $$(EXTRALIBS) -o $(1)
 endef
 
 $(foreach demo, $(strip $(DEMOS)), $(eval $(call DEMO_template,$(demo))))
 
+install: $(call print-help,install,Installs the library + headers + pkg-config file) .common_install
+	sed -e 's,^prefix=.*,prefix=$(PREFIX),' -e 's,^Version:.*,Version: $(VERSION_PC),' libtomcrypt.pc.in > libtomcrypt.pc
+	install -d $(DESTDIR)$(LIBPATH)/pkgconfig
+	install -m 644 libtomcrypt.pc $(DESTDIR)$(LIBPATH)/pkgconfig/
+
+install_bins: $(call print-help,install_bins,Installs the useful demos ($(USEFUL_DEMOS))) .common_install_bins
+
+uninstall: $(call print-help,uninstall,Uninstalls the library + headers + pkg-config file) .common_uninstall
+	rm $(DESTDIR)$(LIBPATH)/pkgconfig/libtomcrypt.pc
+
 # ref:         $Format:%D$
 # git commit:  $Format:%H$
 # commit time: $Format:%ai$

makefile.unix

@@ -37,9 +37,9 @@ CFLAGS    = -O2 -DUSE_LTM -DLTM_DESC -I../libtommath
 EXTRALIBS = ../libtommath/libtommath.a
 
 #Compilation flags
-LTC_CFLAGS  = $(CFLAGS) -Isrc/headers -Itests -DLTC_SOURCE
+LTC_CFLAGS  = -Isrc/headers -Itests -DLTC_SOURCE $(CFLAGS)
 LTC_LDFLAGS = $(LDFLAGS) $(EXTRALIBS)
-VERSION=1.17
+VERSION=1.18.0
 
 #Libraries to be created (this makefile builds only static libraries)
 LIBMAIN_S =libtomcrypt.a
@@ -71,10 +71,9 @@ src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb
 src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
 src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
 src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
-src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o \
-src/encauth/ocb3/ocb3_int_aad_add_block.o src/encauth/ocb3/ocb3_int_calc_offset_zero.o \
-src/encauth/ocb3/ocb3_int_ntz.o src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o \
-src/hashes/blake2b.o src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o src/encauth/ocb3/ocb3_int_ntz.o \
+src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o src/hashes/blake2b.o \
+src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
 src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
 src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
 src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
@@ -199,7 +198,7 @@ src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/so
 src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
 src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
 src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
-src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
+src/stream/rc4/rc4_stream.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128_stream.o \
 src/stream/sober128/sober128_test.o
 
 #List of test objects to compile (all goes to libtomcrypt_prof.a)
@@ -255,6 +254,10 @@ small: demos/small.o $(LIBMAIN_S)
 	$(CC) demos/small.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 tv_gen: demos/tv_gen.o $(LIBMAIN_S)
 	$(CC) demos/tv_gen.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+sizes: demos/sizes.o $(LIBMAIN_S)
+	$(CC) demos/sizes.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
+constants: demos/constants.o $(LIBMAIN_S)
+	$(CC) demos/constants.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 timing: demos/timing.o $(LIBMAIN_S)
 	$(CC) demos/timing.o $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 
@@ -263,15 +266,15 @@ test: $(TOBJECTS) $(LIBMAIN_S)
 	$(CC) $(TOBJECTS) $(LIBMAIN_S) $(LTC_LDFLAGS) -o $@
 	@echo "NOTICE: start the tests by: ./test"
 
-all: $(LIBMAIN_S) hashsum ltcrypt small tv_gen timing test
+all: $(LIBMAIN_S) hashsum ltcrypt small tv_gen sizes constants timing test
 
 #NOTE: this makefile works also on cygwin, thus we need to delete *.exe
 clean:
 	-@rm -f $(OBJECTS) $(TOBJECTS)
 	-@rm -f $(LIBMAIN_S)
 	-@rm -f demos/*.o *_tv.txt
-	-@rm -f test tv_gen hashsum ltcrypt small timing
-	-@rm -f test.exe tv_gen.exe hashsum.exe ltcrypt.exe small.exe timing.exe
+	-@rm -f test constants sizes tv_gen hashsum ltcrypt small timing
+	-@rm -f test.exe constants.exe sizes.exe tv_gen.exe hashsum.exe ltcrypt.exe small.exe timing.exe
 
 #Install the library + headers
 install: $(LIBMAIN_S) $(HEADERS)

makefile_include.mk

@@ -2,10 +2,11 @@
 # Include makefile used by makefile + makefile.shared
 #  (GNU make only)
 
-# The version - BEWARE: VERSION and VERSION_LT are updated via ./updatemakes.sh
-VERSION=1.17
+# The version - BEWARE: VERSION, VERSION_PC and VERSION_LT are updated via ./updatemakes.sh
+VERSION=1.18.0
+VERSION_PC=1.18.0
 # http://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html
-VERSION_LT=0:117
+VERSION_LT=1:0
 
 # Compiler and Linker Names
 ifndef CROSS_COMPILE
@@ -29,6 +30,9 @@ endif
 ifndef INSTALL_CMD
 $(error your makefile must define INSTALL_CMD)
 endif
+ifndef UNINSTALL_CMD
+$(error your makefile must define UNINSTALL_CMD)
+endif
 
 ifndef EXTRALIBS
 ifneq ($(shell echo $(CFLAGS) | grep USE_LTM),)
@@ -40,6 +44,11 @@ endif
 endif
 endif
 
+need-help := $(filter help,$(MAKECMDGOALS))
+define print-help
+$(if $(need-help),$(info $1 -- $2))
+endef
+
 #
 # Compilation flags. Note the += does not write over the user's CFLAGS!
 #
@@ -48,44 +57,46 @@ endif
 # by giving them as a parameter to make:
 #  make CFLAGS="-I./src/headers/ -DLTC_SOURCE ..." ...
 #
-CFLAGS += -I./src/headers/ -Wall -Wsign-compare -Wshadow -DLTC_SOURCE
+LTC_CFLAGS += -I./src/headers/ -Wall -Wsign-compare -Wshadow -DLTC_SOURCE
 
 ifdef OLD_GCC
-CFLAGS += -W
+LTC_CFLAGS += -W
 # older GCCs can't handle the "rotate with immediate" ROLc/RORc/etc macros
 # define this to help
-CFLAGS += -DLTC_NO_ROLC
+LTC_CFLAGS += -DLTC_NO_ROLC
 else
-CFLAGS += -Wextra
+LTC_CFLAGS += -Wextra
 # additional warnings
-CFLAGS += -Wsystem-headers -Wbad-function-cast -Wcast-align
-CFLAGS += -Wstrict-prototypes -Wpointer-arith
-CFLAGS += -Wdeclaration-after-statement
+LTC_CFLAGS += -Wsystem-headers -Wbad-function-cast -Wcast-align
+LTC_CFLAGS += -Wstrict-prototypes -Wpointer-arith
+LTC_CFLAGS += -Wdeclaration-after-statement
+LTC_CFLAGS += -Wwrite-strings
 endif
 
-CFLAGS += -Wno-type-limits
+LTC_CFLAGS += -Wno-type-limits
 
 ifdef LTC_DEBUG
+$(info Debug build)
 # compile for DEBUGGING (required for ccmalloc checking!!!)
-CFLAGS += -g3 -DLTC_NO_ASM
+LTC_CFLAGS += -g3 -DLTC_NO_ASM
 ifneq (,$(strip $(LTC_DEBUG)))
-CFLAGS += -DLTC_TEST_DBG=$(LTC_DEBUG)
+LTC_CFLAGS += -DLTC_TEST_DBG=$(LTC_DEBUG)
 else
-CFLAGS += -DLTC_TEST_DBG
+LTC_CFLAGS += -DLTC_TEST_DBG
 endif
 else
 
 ifdef LTC_SMALL
 # optimize for SIZE
-CFLAGS += -Os -DLTC_SMALL_CODE
+LTC_CFLAGS += -Os -DLTC_SMALL_CODE
 else
 
 ifndef IGNORE_SPEED
 # optimize for SPEED
-CFLAGS += -O3 -funroll-loops
+LTC_CFLAGS += -O3 -funroll-loops
 
 # add -fomit-frame-pointer.  hinders debugging!
-CFLAGS += -fomit-frame-pointer
+LTC_CFLAGS += -fomit-frame-pointer
 endif
 
 endif # COMPILE_SMALL
@@ -93,23 +104,29 @@ endif # COMPILE_DEBUG
 
 
 ifneq ($(findstring clang,$(CC)),)
-CFLAGS += -Wno-typedef-redefinition -Wno-tautological-compare -Wno-builtin-requires-header
+LTC_CFLAGS += -Wno-typedef-redefinition -Wno-tautological-compare -Wno-builtin-requires-header -Wno-missing-field-initializers
+endif
+ifneq ($(findstring mingw,$(CC)),)
+LTC_CFLAGS += -Wno-shadow -Wno-attributes
 endif
 ifeq ($(PLATFORM), Darwin)
-CFLAGS += -Wno-nullability-completeness
+LTC_CFLAGS += -Wno-nullability-completeness
 endif
 
 
-GIT_VERSION := $(shell [ -e .git ] && { printf git- ; git describe --tags --always --dirty ; } || echo $(VERSION))
+GIT_VERSION := $(shell { [ -e .git ] && which git 2>/dev/null 1>&2 ; } && { printf git- ; git describe --tags --always --dirty ; } || echo $(VERSION))
 ifneq ($(GIT_VERSION),)
-CFLAGS += -DGIT_VERSION=\"$(GIT_VERSION)\"
+LTC_CFLAGS += -DGIT_VERSION=\"$(GIT_VERSION)\"
 endif
 
+LTC_CFLAGS := $(LTC_CFLAGS) $(CFLAGS)
 
-ifneq ($(findstring -DLTC_PTHREAD,$(CFLAGS)),)
-LDFLAGS += -pthread
+ifneq ($(findstring -DLTC_PTHREAD,$(LTC_CFLAGS)),)
+LTC_LDFLAGS += -pthread
 endif
 
+LTC_LDFLAGS := $(LTC_LDFLAGS) $(LDFLAGS)
+
 #List of demo objects
 DSOURCES = $(wildcard demos/*.c)
 DOBJECTS = $(DSOURCES:.c=.o)
@@ -117,14 +134,25 @@ DOBJECTS = $(DSOURCES:.c=.o)
 #List of tests headers
 THEADERS = $(wildcard tests/*.h)
 
-TIMING=timing
 TEST=test
 
-USEFUL_DEMOS=hashsum
-UNBROKEN_DEMOS=$(USEFUL_DEMOS) ltcrypt small tv_gen sizes constants
-DEMOS=$(UNBROKEN_DEMOS) openssl-enc
+# Demos that are even somehow useful and could be installed as a system-tool
+USEFUL_DEMOS   = hashsum
+
+# Demos that are usable but only rarely make sense to be installed
+USEABLE_DEMOS  = ltcrypt sizes constants
 
-TIMINGS=demos/timing.o
+# Demos that are used for testing or measuring
+TEST_DEMOS     = small tv_gen
+
+# Demos that are in one config broken
+#  openssl-enc - can't be build with LTC_EASY
+#  timing      - not really broken, but older gcc builds spit warnings
+BROKEN_DEMOS   = openssl-enc timing
+
+# Combine demos in groups
+UNBROKEN_DEMOS = $(TEST_DEMOS) $(USEABLE_DEMOS) $(USEFUL_DEMOS)
+DEMOS          = $(UNBROKEN_DEMOS) $(BROKEN_DEMOS)
 
 #LIBPATH  The directory for libtomcrypt to be installed to.
 #INCPATH  The directory to install the header files for libtomcrypt.
@@ -150,6 +178,11 @@ else
 GROUP=wheel
 endif
 
+
+#The first rule is also the default rule and builds the libtomcrypt library.
+library: $(call print-help,library,Builds the library) $(LIBNAME)
+
+
 # List of objects to compile (all goes to libtomcrypt.a)
 OBJECTS=src/ciphers/aes/aes.o src/ciphers/aes/aes_enc.o src/ciphers/anubis.o src/ciphers/blowfish.o \
 src/ciphers/camellia.o src/ciphers/cast5.o src/ciphers/des.o src/ciphers/kasumi.o src/ciphers/khazad.o \
@@ -177,10 +210,9 @@ src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb
 src/encauth/ocb3/ocb3_add_aad.o src/encauth/ocb3/ocb3_decrypt.o src/encauth/ocb3/ocb3_decrypt_last.o \
 src/encauth/ocb3/ocb3_decrypt_verify_memory.o src/encauth/ocb3/ocb3_done.o \
 src/encauth/ocb3/ocb3_encrypt.o src/encauth/ocb3/ocb3_encrypt_authenticate_memory.o \
-src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o \
-src/encauth/ocb3/ocb3_int_aad_add_block.o src/encauth/ocb3/ocb3_int_calc_offset_zero.o \
-src/encauth/ocb3/ocb3_int_ntz.o src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o \
-src/hashes/blake2b.o src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
+src/encauth/ocb3/ocb3_encrypt_last.o src/encauth/ocb3/ocb3_init.o src/encauth/ocb3/ocb3_int_ntz.o \
+src/encauth/ocb3/ocb3_int_xor_blocks.o src/encauth/ocb3/ocb3_test.o src/hashes/blake2b.o \
+src/hashes/blake2s.o src/hashes/chc/chc.o src/hashes/helper/hash_file.o \
 src/hashes/helper/hash_filehandle.o src/hashes/helper/hash_memory.o \
 src/hashes/helper/hash_memory_multi.o src/hashes/md2.o src/hashes/md4.o src/hashes/md5.o \
 src/hashes/rmd128.o src/hashes/rmd160.o src/hashes/rmd256.o src/hashes/rmd320.o src/hashes/sha1.o \
@@ -305,7 +337,7 @@ src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/so
 src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \
 src/stream/chacha/chacha_ivctr32.o src/stream/chacha/chacha_ivctr64.o \
 src/stream/chacha/chacha_keystream.o src/stream/chacha/chacha_setup.o src/stream/chacha/chacha_test.o \
-src/stream/rc4/rc4.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128.o \
+src/stream/rc4/rc4_stream.o src/stream/rc4/rc4_test.o src/stream/sober128/sober128_stream.o \
 src/stream/sober128/sober128_test.o
 
 # List of test objects to compile (all goes to libtomcrypt_prof.a)
@@ -331,36 +363,33 @@ src/hashes/sha2/sha512_224.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha512_22
 src/hashes/sha2/sha512_256.o: src/hashes/sha2/sha512.c src/hashes/sha2/sha512_256.c
 src/hashes/sha2/sha256.o: src/hashes/sha2/sha256.c src/hashes/sha2/sha224.c
 
-
-#The default rule for make builds the libtomcrypt library.
-default:library
-
-$(DOBJECTS): CFLAGS += -Itests
-$(TOBJECTS): CFLAGS += -Itests
-
-#This rule makes the libtomcrypt library.
-library: $(LIBNAME)
+$(DOBJECTS): LTC_CFLAGS := -Itests $(LTC_CFLAGS)
+$(TOBJECTS): LTC_CFLAGS := -Itests $(LTC_CFLAGS)
 
 #Dependencies on *.h
 $(OBJECTS): $(HEADERS)
 $(DOBJECTS): $(HEADERS) $(THEADERS)
 $(TOBJECTS): $(HEADERS) $(THEADERS)
 
-bins: $(USEFUL_DEMOS)
+all: $(call print-help,all,Builds the library and all demos and test utils (test $(UNBROKEN_DEMOS) $(BROKEN_DEMOS))) all_test $(BROKEN_DEMOS)
 
-all: all_test
+all_test: $(call print-help,all_test,Builds the library and all unbroken demos and test utils (test $(UNBROKEN_DEMOS))) test $(UNBROKEN_DEMOS)
 
-all_test: test $(UNBROKEN_DEMOS)
+bins: $(call print-help,bins,Builds the library and all useful demos) $(USEFUL_DEMOS)
 
 #build the doxy files (requires Doxygen, tetex and patience)
-doxygen doxy docs:
+doxygen: $(call print-help,doxygen,Builds the doxygen html documentation)
+	$(MAKE) -C doc/ $@ V=$(V)
+doxy: $(call print-help,doxy,Builds the complete doxygen documentation including refman.pdf (takes long to generate))
+	$(MAKE) -C doc/ $@ V=$(V)
+docs: $(call print-help,docs,Builds the Developer Manual)
 	$(MAKE) -C doc/ $@ V=$(V)
 
-doc/crypt.pdf:
+doc/crypt.pdf: $(call print-help,doc/crypt.pdf,Builds the Developer Manual)
 	$(MAKE) -C doc/ crypt.pdf V=$(V)
 
 
-install_all: install install_bins install_docs install_test
+install_all: $(call print-help,install_all,Install everything - library bins docs tests) install install_bins install_docs install_test
 
 INSTALL_OPTS ?= -m 644
 
@@ -370,20 +399,30 @@ INSTALL_OPTS ?= -m 644
 	$(INSTALL_CMD) $(INSTALL_OPTS) $(LIBNAME) $(DESTDIR)$(LIBPATH)/$(LIBNAME)
 	install -m 644 $(HEADERS) $(DESTDIR)$(INCPATH)
 
-.common_install_bins: $(USEFUL_DEMOS)
+$(DESTDIR)$(BINPATH):
 	install -d $(DESTDIR)$(BINPATH)
+
+.common_install_bins: $(USEFUL_DEMOS) $(DESTDIR)$(BINPATH)
 	$(INSTALL_CMD) -m 775 $(USEFUL_DEMOS) $(DESTDIR)$(BINPATH)
 
-install_docs: doc/crypt.pdf
+install_docs: $(call print-help,install_docs,Installs the Developer Manual) doc/crypt.pdf
 	install -d $(DESTDIR)$(DATAPATH)
 	install -m 644 doc/crypt.pdf $(DESTDIR)$(DATAPATH)
 
-install_hooks:
+install_test: $(call print-help,install_test,Installs the self-test binary) test $(DESTDIR)$(BINPATH)
+	$(INSTALL_CMD) -m 775 $< $(DESTDIR)$(BINPATH)
+
+install_hooks: $(call print-help,install_hooks,Installs the git hooks)
 	for s in `ls hooks/`; do ln -s ../../hooks/$$s .git/hooks/$$s; done
 
+HEADER_FILES=$(notdir $(HEADERS))
+.common_uninstall:
+	$(UNINSTALL_CMD) $(DESTDIR)$(LIBPATH)/$(LIBNAME)
+	rm $(HEADER_FILES:%=$(DESTDIR)$(INCPATH)/%)
+
 #This rule cleans the source tree of all compiled code, not including the pdf
 #documentation.
-clean:
+clean: $(call print-help,clean,Clean everything besides the pdf documentation)
 	find . -type f    -name "*.o"   \
                -o -name "*.lo"  \
                -o -name "*.a"   \
@@ -405,7 +444,7 @@ clean:
 	rm -rf `find . -type d -name "*.libs" | xargs`
 	$(MAKE) -C doc/ clean
 
-zipup: doc/crypt.pdf
+zipup: $(call print-help,zipup,Prepare the archives for a release) doc/crypt.pdf
 	@# Update the index, so diff-index won't fail in case the pdf has been created.
 	@#   As the pdf creation modifies crypt.tex, git sometimes detects the
 	@#   modified file, but misses that it's put back to its original version.
@@ -423,6 +462,8 @@ zipup: doc/crypt.pdf
 	gpg -b -a crypt-$(VERSION).tar.xz
 	gpg -b -a crypt-$(VERSION).zip
 
-codecheck:
+codecheck: $(call print-help,codecheck,Check the code of the library)
 	perl helper.pl -a
 	perlcritic *.pl
+
+help: $(call print-help,help,That's what you're currently looking at)

notes/gcm_tv.txt

@@ -3,282 +3,274 @@ are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag
 step repeated sufficiently.  The nonce is fixed throughout at 13 bytes 000102...
 
 GCM-aes (16 byte key)
-  0: , C6A13B37878F5B826F4F8162A1C8D879
-  1: F1, 397F649A20F3F89A00F45BF230F26B61
-  2: D6B8, 1653F67C9C716D0FC59F3B14154DECBF
-  3: 673456, E82EFC79B30CA5235E2DC8BE4C14265D
-  4: 26DD7C26, B8D1F4DB845F7D7079DEB8920949C14D
-  5: DA62AD1487, 828A42329320764E5FB74D44A6108F4B
-  6: FB79F7D51742, 865415BD049E86F3DA2E0B6E25E1A50C
-  7: 9D96D1034166BF, 50669247A5B338E183DE5139831CD6A4
-  8: B466050E1330B20A, CB264FA7853A1FFE86E1A07CFA7C7319
-  9: CF16F0B3D9FC6183DF, 647DD6E1F40F385E1DFE6676FB036242
- 10: 14D90928C7236050096F, 930CAAA5536406218885475CA823A973
- 11: 4F2322D66A7079BD7DF519, 3B3931D47413042FAF1313F1041509A3
- 12: F1497906F1D8F4F9E47E4BE9, 469FB0D62828427C2E9BA04041A1424F
- 13: 2FAFA2A3EEA4C000702E58D1D4, C9A484FC4ED8644A06060DAE2C3D1568
- 14: 5D707F8ACF319413D220AA2FC2B2, 0EE9AAF5B1CF622ECF6C4F5E5FF4656A
- 15: 2C19DBF966D24B2713F82B69934060, 8676246A2F7795ABD435B3C6B4EA6E7A
- 16: B3FED6C2315CE6D98729DBE69270A11E, B8AC739AD154744A33E906C34D91BD4B
- 17: B2BC44CE088BC3F654B9703D9C691F17B3, BAD8314A171BC0119942136C5876AACC
- 18: C6E958E3E9AC836C9626BD66478974D26B0C, 4E6D61833E9DB839117B665A96DC686C
- 19: D40FADD078B474EBCE130FB44DDB4824077988, F43E3CD978A6E328AF039CC70E291E1C
- 20: E177B3DF83A117E55F255A6C2CD78AFDAFDA307F, EEF1ABAAB9CBE0EE317CC79E7E5E24B8
- 21: DBB4569B3E305E4525F1F7B3D2AFEF226F397E661D, 65ACFB70132EEE1D47319A550A506DB5
- 22: AC2CAF77718DE59131A6B745DE9F3A9897B17580EC71, D8DB9006A9597F640F2594340D69E551
- 23: 8F62022F72A0D769D2D095A55E28832950870B2B44B0BE, A7E196F869071B7BB713E8A2D15627E9
- 24: 37F5640F820384B35F13F8C8C7DC31BDE1E4F29DCFBDA321, D5765C39DBCA72AC89100CCB8864E1DB
- 25: 25059BFC302D0F8DD41BB22CF2391D456630C06F1DAF4DFA86, DC2FFD153C788C28D251B78AB8B7388C
- 26: 151F158CC4BA9393FDB153C4C72911C120BAB519FAF64719133D, C61915006038BF15DED603832FD179DE
- 27: F5DCF4231482F72D02F8B9BE0A41113D35AEA1CD85021CEC978D9C, 9CBD02C557180FBD0868C87A0BEA25AE
- 28: 5D88B5554A2ED73054226473676FAA7159CE12B5357D635DDED35B5A, 5AD11CD6B14C59E64B5B26DFBD00FB5C
- 29: 5696C7066EA09A30FC8BCBAD96D48A5E5FBCC8756B770F0A89B8711911, B9EA5F3BEF0599D385A9ACEBE4064498
- 30: 1240FED47B305AC1883F8CF137D58E79052B4E686DCA1423A6A2BECBD5F5, 036A5EA5F4F2D0BF397E8896EB7AB03D
- 31: AD9517BF392C1EB56D78EDE1C41F3C73B72304DA47F400C390C86B37A50C2A, EB3E026D518EED47F6C927525746AC54
- 32: 2AE1CEED83C6490A7E5752E91532406EAC6FF4B11AA770EFFF1B255FDB77C528, 74BFBC7F120B58FA2B5E988A41EAF7AC
+  1: 3A, 03C32E0E9D7E07A410B9BEE40A8F0D26
+  2: 26AE, 3A635BBDC1A17CA40B58CEEA78105CDC
+  3: 142FAC, 7E8922E8FA6F1E41E4339F0B52176DE4
+  4: 20C1863F, A1D12620C22EA7A0AA0E74667A20B8E1
+  5: B3B796AA54, 53F0F9F03791BBD76BC99D1B5639F3C0
+  6: FDCFF8EA82D8, B56076B42E3EEAC73DD42FC83B9220F9
+  7: 4695E719E67849, B4A1A2E29AAD713D5677CF425E65A400
+  8: EE5BA3309D417697, 146EA95CED151F8C40DF98C1CC54930B
+  9: 13FF05ABB084FA608F, 55550AADC3461CC190CA22F29C6246CD
+ 10: 008B0102208A22D3A562, 7178534BC7145754BAE525CC06E14A6B
+ 11: 3536DBBB07B026E78E94C8, AB27183AEA2240B0166D702EEB2A7BFA
+ 12: 00739D5A27AE82AC7D6A40EC, 4354578C3D241074D3C1F6496420F239
+ 13: DA41A5F458400C94B84026C052, DC6CB036FCAE9765A69F5B8C38B0B767
+ 14: 4C99797C7EDCEA9D5425565522E2, 3FFEEC557F0D5FA73472D2A3F8E71389
+ 15: D381E7AD2E5BE2C97FB4BD958BC2EB, 6BF713D4E7DA7C4290967A1D23F97EDD
+ 16: 5016C127F16A4787734AF3A3E6F6F0F7, 8CD8458531E94BC8160E2176F63F8D0B
+ 17: BDF3D0F24D9415AB5CF9B87BB45B4A8AE4, D81A3D56451313742ACE53D41223F6AF
+ 18: 68C1FCBE22FBDB296C246F2E34D871A6902E, 7AFD64D4EB0DE7E2A842B518AC6D483F
+ 19: 7D8D3C31E643611B0B557F29B437F635FE3FD0, 8501B61DBF4A4DD19B87E95055B95962
+ 20: 4185EEB0B9B480F69B3EC7A162810073A36AD95A, B9BCA6D9CA0AC2B4B35D7BFF4DB27D25
+ 21: F991F4A481E322FEEC6FE9302D010AC4C811B23B4A, 54FA4DDA92E57509F4D48D206A03624F
+ 22: B288424FF96596B2A30A1EB9480F5EADC2F6D8551B9A, 2C998C8DFDC7663C8DE677B2F1CBCB57
+ 23: 1066FE3DCB9F8AE0DC0693F7179F111E0A7A1FFE944FF4, 65402D1F8AFBDC819D6D1ADB5375AFD0
+ 24: 0A8772CCDE122EFF01D7C187C77F07BDA50997B4320CD0D8, F55823AFC3D9FE6E749E70E82C823925
+ 25: E6E2FBB3E2238BC8CB396F463C2F488B4B4933087728D39815, F06DA35A9AEE65F9AD0DAD5B99AB4DF6
+ 26: 569BD39CB1693CB89B88923ABE0D8CFA0B4F22A48A15E2EACD4A, 661AF51FF0E0E363406AB278BFC9176D
+ 27: 199EED81C2428170EB089060FF9676596EADD2270895A0C8650903, 90AA9C634469D45E7BDD9AB955B90130
+ 28: B5200497A0654009B9F5B0D45FFDCF192F3042D6B05C6D6A8191A7EA, 71F6C4982AA50705D5FFC60512FC674C
+ 29: E39DA262C0E851B5CB5BD55A8B19D0AC0ABDC6FF3F32DF3B1896242D9E, B58AA05F594FC9779E185353CC52B8FB
+ 30: AF349B91BAD4BE2F2D5E4DDE28A1AA74115A9059A5EBBF9E38F341DC368B, 966B04FE43A2A9D94004E756F7DBFEFA
+ 31: 8C87861DFFDE72FA64E926BF741330F64E2B30837650F309A3F979AE43BA2E, A5C825AE1B844D6A8D531077C881BD36
+ 32: 924E178A17FA1CA0E7486F0404123B91DBF797BB9DBDE9B1D48D5C7F53165912, 10F972B6F9E0A3C1CF9CCF56543DCA79
 
 GCM-rc6 (16 byte key)
-  0: , D595FEDAB06C62D8C5290E76ED84601D
-  1: 4D, 47A6EDEF8286F9C144B7B51C9BCCCACF
-  2: 0085, 9788DDF89843EC51120B132EB0D0F833
-  3: 463701, 673CB8D248E6BECD5A6A7B0B08465EF6
-  4: F5B3222C, 1C424282D7FB427E55285E20FC2ABFF9
-  5: 3A4A8361B2, BD40E631B054F280C7973E5AB3F06B42
-  6: A475866BF2C5, 2067F42FAAA6274270CF9E65D833FDED
-  7: 689D0D407172C8, 3BCCFFC64E56D5B753352E1DDD5CCAA3
-  8: D9CE4B051202A1D3, 79B0CCDA3D0B9C9BCF640BC9E6D9CE0D
-  9: 0317D68BE098D276B7, AF35043DB6213DC5D4F3DFB8E29EE537
- 10: 154CEF0C6F37AA0A73C4, 61E598A8C6D17B639F9E27AF55DD00F3
- 11: C3DB1B2B6CCC9170B9C05F, 966871DDD6E110711FB9DD733B6B2B3A
- 12: E4F22383C75BC0FB0E59C5E8, 971536AF878F4EED68F59046C928EAC8
- 13: 2FBFB99AABC6209FB8664916DD, 68D0BF2144AD1ADECC4074DAE58540C2
- 14: 5FEEDFD09BF89719A34CDCCD2AAA, 64DEB7D5E6891103AA54C0EB366715D0
- 15: E063A076E0C770FB010D26C3AC3EB5, 0CA321B2A7448FEEF84D4E0AD5BA2DA4
- 16: AFB0DB9959F0906BD346C2D81DC5412C, 425627895E2C4C9546D3227975585459
- 17: 79179C0D4D6C5E0741DD4CA1E8CF28C75C, D0188A344A1CEE52272FE6368DB0FB75
- 18: 8A75521139B0DE3C08C9EAEB77D8018A39FE, 47FCC200D8A384320D2F1A5E803A9991
- 19: 0399381D0A975AE3980A9FB75B991C055AF367, 034915370AF94B96A8A4E50FF9B134CC
- 20: 8C189094DB13FBE62EA5C4A53C29A428ED587BA2, 99C58F838423033298897841ED526347
- 21: D91F5144B525AF5D47EF4D5F0AF9915447A55927F9, F6750BF7E089515D35B47BC1C65E2E3A
- 22: A4E26B554AA277057A5FE3FA08A6138CEEC6D69BB1D8, 7BBEBF52D8251108C7AA1025E213EC44
- 23: 5C1A8C3A46FCA90D73675706313CADFBB90A535A4B3D5A, E35244A2633478BBDAFCC81161F28B80
- 24: D69F7264FC594057B89181B83582D799AE54E9EE4FE8AD48, D4B29E5C25F9477D9345526DBDE9372A
- 25: AFD322D0AC4AF38D5B9CBE0DFE85618C001A7A77CD8FFFCB3E, AD06BB9C59D23D258D6A2AEDD946AA20
- 26: 179CA8395CD8E75B4E5EA07D25C8036AF08B1A1C330492523D36, E3704C4341A834C087500E332B7DEAE9
- 27: B9178EF7774684F43F1FCE99A4319B5A4D167B0A848551F562CD7C, 5D5082FB02B9B494D5883DF49DB3B84B
- 28: 830FCD15A09EC61245D7DA258E308E76D3B542F2345DBFC11AE983A3, F50C3332F8D91911BDACCFE228565E5C
- 29: 179619B8C7EE9B3121405BBED2AC102A027E6C97EAEDB5ECFEB13792EF, 859EBA3BADCE6E5AB271A261B26DE28C
- 30: 14264C7E0A154119BF24B7FCF434E81440D42D54738F0BAE55836849AB85, 0B6C9B9CADB1B6EC71CEA090C8C72834
- 31: 0D7A316F8B873F62CF26CFC569179AB11CBF09D3467936A85ADC265B2C9A8F, 866AE7C51EC2D9DEB32748A1C8B61143
- 32: F8FD1F967CD3632805AD7FA8ECB40F530927DD5C49D31FDBAE49738E2315905D, 9CB1CB84A727C9F42555EB566E0A1DEE
+  1: 16, 2CA928694EA91AF92B3ADB402FBBCDEE
+  2: CD9D, 4A9940BD7148F08AE75A4F238148C174
+  3: 6D1332, 5CD73043FD797D1375AA011D2E36896A
+  4: ADC34199, FF5D2B40B02CB58BC63AA6D1CFBA811B
+  5: 83158D52A1, CB8C45A56D7539CBACBB85DFB4C1F52E
+  6: 66E32F053C17, 3EB9AC9A066DC66DB4973B5C78C6EC0B
+  7: F23224FEB14897, 0ED4890D034F20A9A78ACA7492AE9341
+  8: 3FF9570F77486C86, B82C19DE2C5CA6CAAC223F337173F840
+  9: 44B4F4130619FD516C, 6689DC410118E0DC2D90ADCD6327049B
+ 10: 6E205B2537935E50A1E3, CE5739FDFC13D279075508786388C08D
+ 11: DB836471D91F2FFC6A199E, 1518E9A6CD2190D32A9EA1AC0849DF09
+ 12: B9936A58667AABD9BB9B2ADA, 388894E75CEF512CD5E3986DFB2CA589
+ 13: 1B5072C8FC0EA19A0486C0E04C, A804D99E2414A314440E5F4B8BDCFB45
+ 14: 614903F301B1E7C092E9A32C195C, B4F7406533C58AC54869F09C4B0801CE
+ 15: F30ADEF328878D174B1AEAF5D7137D, 7C5BB92772540C1E2209B77C78AAB092
+ 16: 776D20B980DDC7C48ACE4225F59E2736, 85DAEE9785EB1BA9C99FFAA5AE565159
+ 17: 6BBA225325564369BB5F11EF5734604938, E41E0E3C31F4B1770AB93750A386286C
+ 18: 6EAAF9EF0C149A13BA535A2AFC398281017D, 10CBB6A874711DE179D8A4EEDC4DE085
+ 19: 9D0B62274F7E5426F5AD9515DAAF4742C291D9, A35D18485F881CB0BBB00A9421C9694C
+ 20: E6A18F640923DBB22FCBCEB0ACD1A2BC94256212, CFCFC7E7E5C64090DF746F8C36F605D4
+ 21: E37EB92C38B47C6E2621C2CC64D83CCCA9104C2095, D88C0FBF2402FBA40EB525118FC2CAC8
+ 22: 0E690F9D73E7E689AF48FE5B99E58AC42F3702EA40FD, 33D698F9C44FEB68C1C442B30DD36B9E
+ 23: DA759D58629FA946FB635538C1AED318890C4D84EB6610, D7BC6A69DA658EE3DB842C01B9085A07
+ 24: 581F86B5A844FD709B13E09A7CF64ADEA84EFC2D7AD9300A, 0296F58775CE4D4E92C4DD0CF65CF8D7
+ 25: 78B346A03098BD6EBE0BF56F5C37C83B3C42288D0E031E0D4B, 2F89EDA70B8A31EE64B264C7C5165AF1
+ 26: ED768B0F18A13ACF40738FD61642C0CFBCF746D60887A8C5FDD9, 56EE211AB10B37D61FD80692A76615B0
+ 27: FCC298575C9F4E1DD2C8B0482F9FFF42EFFE565ED5FB178DC56947, 0EBA843B28F91798D79E2105995EF662
+ 28: 4341133DA062A885DA6D7BF4387C6F28829E65EA7DB7E50B15F2D03F, DAEFA9D1230FE3084FDB91AC7ED35503
+ 29: 777C13A7FC16345BF949508CBC1051540928CB5B9B36569488109FB60E, C8DEE566513233B8E74ACB1046FE87B4
+ 30: 6342B6FEDC0B8868AAB5E870CE1B2E420269CB11DBA74F10C5E978F2B44D, B2B001639A2A0BA045023817947573E4
+ 31: 99A123D836EF76A4250A960DF7DCFA231C3595EAB53024F53B961EF80901ED, 02E8820F6D31A23DC9F0DCE511A1F8FF
+ 32: BF57034D1EA94A6DB86642918EDBC9CC7D6C39025F9EC528EAA2A9EE7B22EAA1, 7801231ADBA83C137D760AA75FF2C9E6
 
 GCM-safer+ (16 byte key)
-  0: , F769B436C7FB7C0C822E24BB2B2555D3
-  1: CA, B156298625F5634FA012B23044437807
-  2: 4960, A64C73E890F3D77B2C3B3C76C2D913C6
-  3: DBBB8D, 686651A017F89A22F9FE96533C85C52C
-  4: 150AD99A, 177F7DE9E897DACCAB7EACEE3CDE7601
-  5: 077055065F, 48B4309C76CAC37BDF11842311BA6CD3
-  6: B2F8CE062C06, ED04DF96C06959524956E8AC5C338457
-  7: DCE718211410D8, 3F8D8180BDEAC2F018EA81615177CC8F
-  8: 0F71E2772402AC83, 2130481B2CA7B4B4C8F3EE73B3B3C28F
-  9: B69030734E5ADF753C, 8CC4B62BFBC3EA56CCDBF0ED318C784D
- 10: 6B8A91ABC1BF2F2D0176, 86EAAD80D148A48086987A40A5631DEF
- 11: 44AD00799EC8E62E34D6A1, 016830D58F06F75E54531B45D9E785F9
- 12: 0C4B9381D78E0F0A78B3CEAA, 4A79C58DAB131A22F172F9177DC4158B
- 13: 2C56D4625876524B4D8D5F079B, 7B407F704225B25F1F136C984E564147
- 14: 36424D69BACC56407D345B3D7B4D, EB126C255A2DCFD32F69DD5CB61876C7
- 15: FDD3E091C0420D1A4D4A848757FCC2, D319C5C07134D67BA42A4BF312CD874D
- 16: EFAF6F117EA9A4B4B83052BBF5A07DB9, BB09D473FE82257146E7ABC2EFF6F631
- 17: 19B71383C414BAC3EF252FFF09F5ACD777, 526DC9AE6895ED33A34A9A4ADB07E1B6
- 18: 9AB6DFDB930D26E00B3D98DD5AD014E08756, D70B95B20C106A5A03F9B803D2CAC3A0
- 19: EEB3C236C3031DE4C3F94BD746677AE84B271D, 9483BBCBBFDBA1CC5F6392DABA2ACC19
- 20: 3A0EBC7536F8717E8FDAFEDAC39E8F1F43C0627A, 3DA7DC2475466CEDF01EB543870A74FA
- 21: 79D28D2F149E1D97E910342DF383FCEECF5AFD4C6A, 2364F33BCF6F07E381F7E26DAF802D83
- 22: F1D7C319BAFB740332CA19AB0C9B71728D3AE69BFAC2, 3D4AEE9780A5C98CBC69606CDDDB31F8
- 23: 1A0D80381A186673FB7B52C40AB6C46A11AB0889333C20, AF5C17E3D0D9724EDC1FC438A16B4EBB
- 24: 5E503440B22DD6AE6401BA4355C8791BACC598C9E0F1412E, 156D8221BD61F5C108FC18FB2F50D159
- 25: 7784EFDC6F0FC56FCADAFF17BB52DEB35B64FA19C3F391BDFD, A291E8238EF158A2379692077F70E8D0
- 26: 184B6E18032D1A70CE5027912E447C357C72EEF7B20EF0FB256C, 0FA0138FB9480E0C4C237BF5D6099777
- 27: 7AC8FCB64F35B71C5ED0CCD776B1FF76CE352EB57244085ED34FE8, D995B3C1350CC777878108640C1CADAE
- 28: 86C7A01FB2262A8E37FF38CC99BF3EFAEB8B36166D24913BDD3B91DA, 25EC6D9F69168C5FA32C39631B606B55
- 29: 91F5D3E3FE0B1976E2915B8DA3E785F4D55768FD727AEF19FA1552F506, AF902DED55E386F0FC4210C97DB9446E
- 30: 7ABF5BD9CB2EFF8382C6D2B28C1B0B25540E434123AC252046BDDA74DA32, 713259EDDA9B1B63EB68E0283D0259DB
- 31: 5634B23ACEF2874BE0591BE3268C4538698FF2D93D59B39BC86D0137DACBAD, C4054796AFD335B43C60E7E634122BAF
- 32: F26C68C36B1E56449595EA4E162391E0C6A306592949F69797B6C2327E533ADB, 7B392AF776A94983078814B6B8428BFE
+  1: 0F, 62E723CCA67DFC49C1915AD3C69FDFF7
+  2: 87A7, A73B3D416AD68235C662E9684430FAA0
+  3: 40FF80, 8EC11FFA3B777664FC6D2AD37AED3765
+  4: ED5B1716, 1A4FD3FDC9D197866FA8AA1403E3219F
+  5: 033CF349B9, CA1E6111A5BF539931490D2EFDA7575C
+  6: 23E30716B131, 79FB546DE6C534A18BBA604E8E2BE8D0
+  7: DE67DCF5635B0D, 463989CCB9A972468B870C403AB840D8
+  8: AFB5BCFD6E36E41F, FD3A63618F1D31A8A71D94FE91F41501
+  9: DBA0EB7B664D303BE5, 2860B5516CF0CE20E35BF766A4375EAF
+ 10: 2826E6EDCFD7E9FB938C, 685E8B032254DFF65DAC8A44C3819E08
+ 11: B70FC9EE54123F45A4E67D, 8661E54524A0F12612E000876E8E6F15
+ 12: 5FC3C79807594E403B82B9DB, 9D88DACCB8654708B241A505AB12FD47
+ 13: 2C7AC463E62BBC014E1A48E15C, B4FB110193F147E4A59EC38983528047
+ 14: 046D692C6B2827453F7BA3EFB609, C4E46E0D5F71D2D477D7CD12B7447713
+ 15: CD693A49640E00134FE33C9E324122, F43001B425E37C094BCCBAC49A6471C8
+ 16: 9FC2042EF22E0F8A767DB0C52109E4F5, F60730D914AA02A3BCED7F737640B9FC
+ 17: F09ECC9AA4FE3596C00D0AF4E052E60755, 199B8C9CEED9B4E70526BFE603FD5E45
+ 18: 0C8BD929E87A21A9F043E47CE79950EA0E75, EC9D38AB193FEC16EC470A15E27FB367
+ 19: F621E43B7FB21D98544817FB229C2F308361D4, B6BDD4053C4DFBD3970A5055E4A7719A
+ 20: 63F1D36ACEDADC63627CD438B379C48D648126A8, B1A7217302F84CF5F6A259F2881484B6
+ 21: 60BAE96D5E0F248A257CB3A7788D6107CFB525D20C, FE60C3B3E2029869EA063BA3B981AB96
+ 22: 01213496633A4525B2C7CAABDCFEB84193A8AE2D8059, 738E7956DA8464FF655CE4F5B0A005C9
+ 23: F6822F3C87B238F6F7E44307C416B6366C18B26B2357C1, A27A98EA0AAFD1D3010DAF4070F52E7A
+ 24: 32B49BE196CC3825B7B6E0DEBD90680B996C3AA161BB52ED, 8505573CC5191577BD992A004F255953
+ 25: 38361B85808140127A44B364046A5E1FB0B86885D5030110D3, 17DF461782D45807A7709EB2BCFAABE1
+ 26: DBEF6C2067BAFF378A285EBF685F559A896B76A517292B4301F0, B6061185764BA316CC0163925F27A1A7
+ 27: 15E2A0634520C0CF4C189436D35DE01CF5C83F0684CBC261A59AC5, DCD96E1687F24676838B60E873D47087
+ 28: F837ACBF63898720B0527477B59A8EA74751DABCF2CC48C768AB421E, 72DD76EADF13C65E6F322E110F9944FD
+ 29: FDA50738B60251E5FF1C38AF0A8E3F619D247C24A20D63B372571AD6D7, F1F1B212BD7E973BA17BDABDF27F5AC3
+ 30: 0CDDC7A10CA3F3616E923A751EB638CF1E67CC2D17A03538C6A2BEB8555F, 7DB533FD15E48FFB217B18E91B7B2928
+ 31: BE0C9A148FC3344025C8BD35AC883B584AC706F540BE1100A92DB67EF900B9, FD172B0942DDC1EA076D46BA46B9F7AC
+ 32: F8256E9A41BC6E09084274A91229DC877257C433E3E43F05FDDBC3584B6093D4, 5CD834DDE7406085CADD5BEE122AF052
 
 GCM-twofish (16 byte key)
-  0: , 6275E8CA35B36C108AD6D5F84F0CC5A3
-  1: 38, A714210792F9ED12A28F25CAE3B3BC5E
-  2: 8E2F, 6357C1F125723F2244DAF344CDFCD47B
-  3: 900A4C, ED4E0B318346D5B9B646441E946204E9
-  4: 087EAFF8, B871ED95C873F1EFA24EF8B6915F447D
-  5: 63FC9EFBD4, 650D0ED98CBECA07040AB97B97129360
-  6: B6081E94AA19, 6A3BDA8030C5A79B6B9087555A1DA67B
-  7: E10A7B9CBB20C2, 59EB55DFD0A37C55A869834E597373AF
-  8: 94E947FEE05780EE, 354918527F855264E37DB6892E868050
-  9: 9A80C567AA50220862, 814EE57CC9D51D7D900AB4840C4B072F
- 10: A8741BE1E42BE207C416, 2B28AFD8ABE20664D8BAD7535F82F11A
- 11: 6AB7E3C68B6682023E8190, 5E48B67541FE83969952394F84D29E93
- 12: 4F66FB634EB258CEE2955D84, F2632C2135B6E1144673B0EF73499818
- 13: B29042F3877C2F5E694953C5F6, 03268A30499D57A06AA873EF00160C3C
- 14: DCC7B5D9F58C88F54A9611389B8D, 5515426FF7CF2EEA91BE2B3752371CE0
- 15: B665488BCD75FC02A0DF7994B7CF98, B721531E2A317C254FA2ED306ADCF96C
- 16: 9535DC8A72645E34F948B71A5159AA9B, 5CEED93DE128044F0471C65AA8F21D29
- 17: 5CBFC61A23D28562FCA929375E5B585327, 3AA842B21631968D1B58B72FEE090EE1
- 18: 2AC3F780B956A933C0B8565EE527173B8CC8, 16EC4B6D8E2CF3CD0D16E7A5F401C78E
- 19: 5067FD65870A4EBF6C7FA811A15270E7F8F17D, 9A7563BEDADFA6B6E48F5C13FCEAED6E
- 20: E3A65A188077E5DC171CFF30BE8B27F10F015166, BD5B3D84D0C1DD51A3909F849141B57F
- 21: 88D0A65C105823E68BE3987CB205AE0C1A27588FCD, B280221AD0BD83E1D6B37F331F326AB5
- 22: 7C56D987FEF6807EEFAFD4C7EB9D72AA0E037979D91E, 686E1268A8DC9CD0192A383EA6C2D975
- 23: B23CCD0A076CB122750B634B9E6551E0585EDEA18C3245, 6DF30A7F0728E2D549AA411AE375E569
- 24: 767BC3AF206E67C9E27A4D7E814F3B3A65D27BB70BA9DD4D, AB2B16C031FB2C8E85B3B2B38A5CBA4E
- 25: 9ABF34ABD43705D62F377449461C5DC239A2A86E5A98AFB159, 3DEDEDA85E6BFB53C6F18726CD561604
- 26: FE756344C05CB12AA0673F1C2069A86556E583FF4B7313A0D395, 21CB0E0BABC3C7E547F5CB207295C0EE
- 27: B70F16AD19A6B0AF6D8DBF4E98D7D5ADB944D91BD889D9390C3E21, 2AE67812A22C1C785D3BFC184A1C74EA
- 28: A6389032AA9D08BDBAAA5E230E5130665FB4F0CB868F3F20C4C5438B, ECA054EFA3F39400A587839C4F0605C7
- 29: A55A41315EAF3A67A0FD0E14C6E04D03A5E38D0F756719F4A0800B290A, 7A5277809D4B65E663603099B4DFFBD8
- 30: E739633579AA6201A024B9873F28412BB08B08B8616D611BC9D07979BD3A, 390038A93AFD326C5CC1525A24CA91AD
- 31: ED3266F8B0DAA7C3DB7814427E8139831CFC0EDE668F0DA83FF7090154410D, DE440EC2C6080048BFF3C5455E1BB33F
- 32: 4D0F751B55DA3A2E0B28DE59E9680669FCB5984E9C0DB942DBAACDDEF0879731, 62F96CFE31D3D6AAA0B9F5130ED1B21B
+  1: E9, D82A22BF49B52DECE1A3DAA163956EA1
+  2: 3DE3, 837CB2018053A6FA9A51A18362C0A6E5
+  3: 1123B2, 280150FC247D06FF79ABE3C6C5ACFDBF
+  4: 6BE74C72, 52FA635AA14154D3FFD7A4866AC989E7
+  5: 7610B2DE22, 3E77AF501CA8EF386E2843A2C9F30425
+  6: 31BBF5CC9F77, DA25899A5B84C4CE3CB031D24BE39EEC
+  7: 49FE2D43D16BEF, 491CAFC0F9A749AF0F87CB5276FF7BD0
+  8: 28191B8F4FBE3C03, B8318CE8B7EEE3BD42A35F7EF7B4FE91
+  9: F6BCC7AD009DF4B71F, 01BDA4572E1B95D0152A8675BBA9F6B4
+ 10: 89B6B6B611CBBD4AB667, 5AD5C05B2FFC3AF07ACA04EC488BC4BF
+ 11: 985A04A3BE0A43A3489870, 57AB64D52976293C09882943B8622A0C
+ 12: 15DDAC26F9C07856F5C11CCA, 183A4FD20C0D7AD1744B77992D4A16C1
+ 13: FE45E506C3C26745D6B5B53A36, 67B3768535D1A50D2756AB4ED83C73F1
+ 14: 8EBA337B5E13FC16BBB18B8F0B10, FA90CD334FA6565E517097C37B7281C7
+ 15: C9F914A669C4C58ACA86884FFF469C, 876599BB8BC1AD6E7B1DBB00ED53276E
+ 16: 8416EEB95A4B3DA645035CBDC76C8532, 405B3A936CE697DCBA9385CAEAFE2B55
+ 17: 312BBF82B6619E5F7EE56AE873CAC9C415, D5FB2028CF3F6C57295BA6F7E5F410A9
+ 18: 1B51044539639A7093D996E3B4174D6A253C, E934D7A7EF90586A56C6C2DB53CD6C40
+ 19: 178762C071950E8E0198E6573BD585EEEE4E69, DD661E463BF3BB45225F7E7A6E0DE3EA
+ 20: FFD6BA51FEDDB7E20593AD2BF0EEE061D3B5C014, 0DCCDAEBE6135EDF787FEEDABFF3A4F3
+ 21: 04BE622B5CBE1058A4C8356F65B8158295F39E1AB1, FCA9B0BCA348B319D0B19DD28EE9DE79
+ 22: 8B49016BFA45DCE019BA9E4606E987A159ED0DA07D2D, 6B93BD424871D5231EB359E40666CC5E
+ 23: FF8D016642B2C3190094423F5A61F7CBD358522A5E5799, 2088A4088AF6F786DFE08AED79A19B3B
+ 24: 07F446A2E3597041B9AFFEDF5DD474CA5FA5C872844A4F8C, 870223F7404BA37C8DB940623F0DDBE2
+ 25: 32C2EF41ED54C8B63AB8151E690C1770CED90D2827EB2C302B, 5BC4EABF30986EE33FE483B8FABCE7D3
+ 26: 3310D94B00007C10D4B3BC3F57DE877D0E2B822B96DA9CFEFEDD, E0E114CEC34558A180675B0438128F30
+ 27: A4C95A5B316AE03A569B7862290DC6340FDEA1299C5B27591333B6, 63288F9CDEB93BF029C194B2C62B4AB6
+ 28: CB63472F93E0325123558620DB9FBA058455D8AF1D23A94BEBB60A79, EC0968F60DCAFEB17411C4A2D7793FCD
+ 29: 74241261257C5610211A3B9D45D62AA0876B63EA289FE938FB03CC8D1C, 4A18EAA2039B29F0CEF7745EB8AA7DDD
+ 30: 6172080F96B60E3BA450BA195EB4D6732A25AF30A109031560915C4C0344, 3B690B088522D3EBD6B647070AECF97F
+ 31: AF52E18DE8608C39FA886377899C66AAF8612513C21C7B815E248D9F75D775, 39F0F712265F44A442A7581D8F314D1B
+ 32: 64F9AE4A9E6735D348343EA7ADD617F0687C2883637468BBFA3664F9194F1683, 947A02C9994DA490BFC9E036305B26EA
 
 GCM-noekeon (16 byte key)
-  0: , 24FBBB850691F47A085EB57AE00304CC
-  1: B3, 8BCF7A69E538ABB7E8FEECBED90C34CF
-  2: 6E74, 393546FF18FE3921BE4755E993FE669F
-  3: 523837, 2B89AACC9117430488FCBD3E05C15F65
-  4: A0805168, 2430C64F2683BBB56F5092D4796473E2
-  5: 947FD3FC56, 9976BB989B3054991ED2741CB68A8F83
-  6: 8209DCFD76D0, 2A57678E78AA81509F5F88F448225F5E
-  7: E08CB4FC1169B8, 694904F451A25A52022B5DF85BE76AB9
-  8: E1F64D7205D070B8, 42E272E75AF762BDD98243A3083DC250
-  9: D209B87AB1D069C946, AA6E2B0265C342968631D7D0DD7FB722
- 10: EB294F813FAF31A56731, 1946AFF788D597D545CE01339F1344CA
- 11: C3623DFC818CFB5DAA7F11, A141D7654E5C5FF853365DF19626E295
- 12: 6C6ECFF070BACB61B625BB46, 176A894AD6F9C4ABBFE33704B4D0A5BF
- 13: D9984A7F164345EF6D9E920944, DDABDA0CA76A3D98059DF8288D607C56
- 14: 9D271AB343D8FD4B7B9CAE828FEE, 3AA2FF2B08283ADDBD8DA9D825DD5DDE
- 15: 1BEAD524FFA2812526C66E6AA262C5, AB586F0DA87D813A4E5DF5589D0EDD77
- 16: FF2CCDC2F7DCAD46B0557E265B849CED, 61D2163972EB0521F1AEFF5B157CE226
- 17: 8B39921ACBE0603970F5AED3430D8C7733, 2C4D0DA0E3A87B20255B849DED865C03
- 18: 6716B5F4169F0E609DE1BDC62E34967030C5, 3115A1F7E06D2585115CA39BE13D8F02
- 19: 0E59D5EE86573648C06A47D11DBFE1D504BB51, B080AC131829D9B9F004E672506D17D2
- 20: 74BCEDA70D4B870C2F3C1FA07BB4314D32D5814A, 1AAEF188554ED4B5FD0508474DC06046
- 21: 92575752FD1A2EE03615F71F09A776770EF817975D, 766061C717348F33E1398C8BCDC014B3
- 22: 5D6C261BFF784690911177CA62DA928D35742663C484, 227A7468C3F133FD26056F781AA0DABC
- 23: D9901B1E1A1F077C93B9BB5929B76A0FD00540056032EE, 343997846C6FB089E833B15AAB16F28D
- 24: 18C64411F459E87F96ADFD94ED8C6CC787C37AB9D02FC709, 7D4F5CBC141C31D44DA558D8AFD6F9B2
- 25: 2B5617D866AD278CBB3B3601E3F924C209857DBABF487C36E6, 481FF0E5F97F65FBEF74C4FE84895B08
- 26: AF03196009787A666CF901DB67CF45AAB6E870D530930964A7CE, C314771BB93E0A3ACC03EE18AC7A2739
- 27: EC721BB4A2822D39869A1981DB66C303116676E5CB3FEDACB1F970, BBA561C9B5912E84365E8258A34BA9EA
- 28: 12898BDA4009B40ADDF41B495A3A1A1B0064B9F69FD7BC13F8A14BA0, B2869D73F73E32F912E73AD6C02A0768
- 29: 329B540E422F21AD3B09CF8CFE482B606149230196E429F5666DF206B2, 72CBD361E003F7A9A87E089373C768FD
- 30: 497F13387271C869AE9A54A6F78116958951773A85CA804E149B27F68F4F, 68703910888C9304D7B1170258F6B841
- 31: ED63106B3E692A69C0C03BFD303BF4EB2FDB0D9562B9FE39612352DED01DBF, 451E328ACAF0A8196736D88A1D46CBD5
- 32: 1A46B990A8BDFCAEBF9C81D21C5A70A1D865F621AC9470E379F783D0A5150A13, 9571772CE2E0B947F9FE7B148163DD71
+  1: 05, E18F8A201F281A4F3F4FE6F43A001107
+  2: 55DF, BE4D95A0BC5966CC2E80FB544AD43B8B
+  3: 0C5A1D, DDAE782864D5EAC894C863D4D2E3CA54
+  4: 767CCE5C, 106D7DBE5D9D56D38E6A679528C72688
+  5: 9F099BF360, D4D50BE3B13DE7B18BE415B21BD9AD4B
+  6: AE4B0C056B1B, 8E0EA5A5F612835B1A498C671413CA19
+  7: A8EF51FA62B5F9, 44A65E1A85C9C102467A50297F8256B0
+  8: C58D955A860EE8E0, 45622020FC40884B61BE3C35B940A870
+  9: FC5F5562143A7F9AA9, 7FBED30D1594D1DB57BA10EEF0C4AABA
+ 10: C2B2D5B922504BD29C23, F14AF5025799EAF249745F1B91AB554A
+ 11: 62C250C8548BAF088DD01F, 6D49DB3F4D3D8D30DB0B26DCF6CF6A80
+ 12: 3FD64FC5BE13ED2AA041B8C5, EDC192E68D5A7B37F395B794C3D8245F
+ 13: A84B4EA6C8CF088B0C6D40B5E0, 01EE07A0D3F4A1957579C1EE36C5D5A3
+ 14: 39A4C10E5C542FABA9C6138E02D6, 8B31EDD92A71F53ECEF716E08CD0A3C3
+ 15: E4DF855B9065B51C47454CBC3209A1, 4714B347E11804D0AB3241B1D72F4FCB
+ 16: FB6D42C9C44997D4C854BA321C8631CB, 7F0BD8708CC6358899B7C62A7ACEE739
+ 17: 81A2C031F0D5593DBD283A9650A4160185, 3267D10C3BE6044B0D2E0BB59A919AFC
+ 18: 33776FB240A45E1A84B86B49FB04A350B9F8, 3743BA55B523F4BFC25E8B2474347C70
+ 19: 4E19A791B6EA4B776C5449CC3AC486EE9EAAE7, 9D4FD554D57E73B6789D20E262E706FD
+ 20: 10B946D1B1C005516B7DE7F51CD41C8DCC581DA5, 3F41B2B8FFCFDE5298473D2E6FF76227
+ 21: 184C4DD415AFE6FE74B3BE662AC04E6229F517F4A2, 158749C83A13B178F0FB7C48E7A4A19E
+ 22: 6DBD3F3888A2028841B61167C3EDAAE71FC23774C923, E0E87641B9C55DCC041D343960C9417C
+ 23: 6D995776DB3B90B038A4CE44EF2D4EFEA16DFE0A5BB054, E14F63E6C6657CB904B16EC4F2B82972
+ 24: A955576527F9A240B13F9DA2FD67997D5E606D34548C1444, B8FD23A3EFA33E7F4367C61E071F8BEE
+ 25: F7D9EE67BD019E97A5EB7A33B7A307B2268ED7BECA95553D92, 6B31B756C9B3EE98613BB29B357FADAE
+ 26: ED68485EF62E89965CC8B085CAFE89BD9661ACF66939FB014E1F, C57A80259C493520E50902597EA3EFCA
+ 27: 53365AF657B186724902E8011368D6E49DDD2158F51EE0FFFA9658, 8EB890A78716344E79E4AD48C52D423D
+ 28: B49CCFC3FEAEF5C8DE4E41EF538A537552B4957E8965E454FFA3B5F7, 7CA3442BAF416B50431BBBE5CACD44DD
+ 29: F02E7CA72035455ED723EB802E66118D5FA642295416F12AB298567AF8, AB211AB9624F17975279690C6D95EB51
+ 30: CA4C2EC503773BBF34FA411340CBAD6A9115E81B073932444ACEC5537614, D877D5B78FFB31CC54142562BED1890F
+ 31: 9B9BBF2D46D301F3ECDE92A13C1EEE8F9F1533AA4AADFE2E22D36D51F5F469, F03F634BCCAC070F210142F737542491
+ 32: 92AD34E95350275A4CF208CC1A07776E7A6635EB8F2A7D4D9B6B6C96D6812616, 52E49767709D7CE349AAFC0C405A68ED
 
 GCM-anubis (16 byte key)
-  0: , A0061C2F3B2295BFA33BC74C037EA8DA
-  1: ED, 9E5648DCE40DE37B56C557D26CB18D83
-  2: 6719, A6605253C59A101FF85C5102CE92BE45
-  3: B8873D, 13F3E3ED3646BB296EE4ED5D6379A21B
-  4: 5AA6E2CB, 1812E8385D15B5BAE043E4E860BEF490
-  5: 4F6F4CD8E9, 8A80BC5E08929C42A5A74C5D9ACC0C6D
-  6: 2F0D8B483CE4, 316F588F78FC6A9196C97CE59B9B63B6
-  7: 82D885FDE1F948, 7160BF556614511F53738A92B5277056
-  8: E4931462AD41B6DC, 7CE24C4D6B499975FCB72B5E2275ED56
-  9: 503AA70BE698BC5B41, 10EA0C61FDBA8FF7B4E9927BCCEFD911
- 10: 6B2D213D14B5D25EBE36, DC3222AED12EE26D3D14E2E733EDB2A7
- 11: 7D8B0BC1B7443E7267371E, FCACFC73E391865BE86E041F51C45E81
- 12: 9EF3BF8609E133BEB10565AF, D84326D4CAC9D5B74FCFD8CBAFE79E77
- 13: 59AE7B1FDE1178CEE7F63C4894, E1BCFCDCA86CAB9C684F7D21962D580D
- 14: 564E7B8BAC5582A3BF1178916569, 54804D8DF4D7577EF65C15487695F840
- 15: 758A6DC437C8821274B0F16F911BAA, 19DD27500915F425F34F67CC2374DC36
- 16: 0468C94A88A27AEEE2B3A973065E53CC, C743996C6F49363B2F4613F24703EF7E
- 17: 3B0CABA5EEE44B7BFF0D726ECED54763FF, 14D9D09815BCD91DCCE2F5AE1A9929CF
- 18: 5B945D83B98C43B0248F9BC0479E332869AB, 67A275F0313D4245B1965411CFCC8F17
- 19: 97332441CA96DE8553A3C6D898FC6D90C86DBF, 73150EC3D6327E3FC8015A6192652D3B
- 20: B9A1778FAF9767160D0D87816ECE1B99AA727087, 0C173D3C4078392CE377313C48D2BAE8
- 21: 5882B73911C7D26EFDCCA3AED2EDC8A8BFFE75B1F8, 8F8C535639A0B59537E590C7FC9D2E53
- 22: 70AEBED8CCFFF6E5CF06F3E841D12387EF8D6C7B4BDE, 4B00C27FCA9BEB82331CC8EB13DCC580
- 23: 345CCB52BC20DC5F1BF5EEDF5D72A6C48F402557FFD342, 1A790A39573B853DBB8E2E73B7331014
- 24: 0637C78A817E91D63CE18CEAF8D65C6107283A90C5A97842, 52786CB81724E12C76A0D23D4680E36B
- 25: 59526D1E86A473DFB720FF25E97D6571077845F73C5E8322F1, 369FBA7823FC83D727FFD25D10130987
- 26: 2933BB4E7603C313B62332827601F8189E14C1F08EA547E15AB5, 204520E365DAFF6551B01562A4CEFDFB
- 27: A4098CF2A48A1DC2BCCE65CCE8DF825AF51E7E5F94B6186FF85D77, 9833EBB9A1D5CD0356E023E2C3761C2B
- 28: 26557B942FD6913D806672EB01526DBD5D6F532F78AB6759DE3415C5, EDAACDD101BC40EE6530D8B5DC031F31
- 29: DB92C3D77DF0C8F4C98845AA9AD43FB800192E57A53E083862B7E3FAF0, 628DEB1E345303A40700289052080FF8
- 30: FC57BFAC2C77781723C2B721886D44ED67A52D9AD827874BC4EEC0A97281, 9A222DBC47B4AB4E520D3CC5850D4DEF
- 31: 72DFB9E91A78EAFE758B4542206A4A957B4523A58428398C11BCF2AEAE1938, 307D0B876130E82804C1167E03B69B2F
- 32: 7275C6EBDC2680DFCB73326A987D2FBCE83E40A9AEFE6351CFDA7251A6FE10A6, 895E6EEAA9BD88594903325A063CA45F
+  1: 99, DD35EDAD537F6FCA5BCDEB053BEE36B8
+  2: 12A6, 24CB6ECAECF376400F7BFF52C4312D08
+  3: 791DDD, 7C35A987766AC11A4625C92BA4AA419E
+  4: 601FF830, 69A6E3718404D3A20019D9E7F875C2FA
+  5: 45A67C8B23, 92EFC3CA67CA0934E5E22A0EBA4E5613
+  6: 5F2C7A733D42, EB5BF55241D049343457F05BE8B53CB5
+  7: C356F4D8AC59BB, 12598DA524E6F01EDDB512E3B988B860
+  8: F24201E87407B8BC, 58FBE9D3E242E16BA16420C354BCF0D0
+  9: 509A017E05D0075264, 357822F3CAF350972D86F2423FE49040
+ 10: 0BCBA97FD277C65D4BB2, 068F57C866AD35379F108237B39C78C0
+ 11: BFE30A88F0B1FE651D0EC3, EE2F073E23DACD211B1C22074CB32A70
+ 12: 11AA35923D9CCC49AF83DA5D, 9A7E9EED9774C06D1D127D1ADE221893
+ 13: E3FE3E1C2CA4E1C61D530AA46F, 0D26F48272F7DAE98C797F0AE5BD5B3E
+ 14: 6407C7F6DD9E188DB09F584AD32E, A673DD2BB4ACC85983DCD4B5EAC2FB68
+ 15: AEFBD570198C05D5B430A275AA82D5, 3A1CB79A7DDB7601C7F72A5B0DA8531D
+ 16: 40C1B9150E8E09C9483C1CA0CCBDF363, 241FBB631ACEDF77D51594D660BB4981
+ 17: AD3F3FA6D431E12D6B41476D7B5DA77C2C, 4C22BF4240AE4235FEAA2D3ED7AAB8B4
+ 18: 5EB8D86E7B26064D75E56C42B090A17544E0, 44EBE42984F206FA78D19DFC88AA1EAA
+ 19: 75D7E5AD5C2D19E21A1931F88229C1456EBFD4, 1F1CF1F832658DB0804D577BB2FCD2AB
+ 20: F73F1D3F38E8B99898E30FACECEFA40FA933F63B, EFF893CE73B6B30AD144735A5BC759A3
+ 21: 452A09F297A013652273C124085FFE03D5034EC331, 9E71970BCD0EC639049F906589B7FFD1
+ 22: D7BB98AD11A884CC8BF3F2F52CE9F8C17F8B188C190E, 31496C89519DE6F66113C9BEEB151275
+ 23: 97B8305B1D1E02D4D1D8194BC54E4AB394FA8F5C8B2526, 1A153F52C3C67E0DA81B626C159D31A9
+ 24: 1542789709D1FD889E7C5820F920126434D5969C4EC3F6AB, 685A03CA342688A70753953AB27CF0BE
+ 25: BB08A7F815AFA96B96C028EA48D79FF3BA7FFFFFA1902E7822, 98E4377462566EFEE39F65659DEB13CE
+ 26: DC8EC0B08BCADA829B3663980D66B80A2D51500AFD80EA0F18CC, 58D9C85F9561F59BF264393DA954399B
+ 27: 477A3B8344DBCC79577C15524F35B45A7FEA72B0561A0CDCB3CD66, 57343CF1432D30FAF8724C5AB3120539
+ 28: 3CE2DD2869EDF99ABBB3DABC981B5BF294D6AA29A785F1ED6363D6A5, A939560243DC164D46028133C12B16BD
+ 29: 72504872BE65F3DE8F0B63BD24AFEED17B195D270AB20ACBEA7E6B0B8A, 4D5D642AEAFE6A2CE8881577FCD7F2B7
+ 30: 5B71030C43F551C27183A17D08FC1B9C8AC1829D404B8DA8803FBB09343A, A602A88365B46F19DB240F2C077A0334
+ 31: 89C0C85BA495D5F92D91EAC281362F374A0F41C507FD20DF6E05147C8E7208, 7F8994E46CE0548DE8F290303E8F3613
+ 32: 5AC62A000B9A80B6B849F3A36E1B512097922F8475D3C6F237C3DAE23A6B8C6A, 346203E5D4775D002A1022D7F42504C1
 
 GCM-seed (16 byte key)
-  0: , C11F22F20140505084483597E4370F43
-  1: E1, D39B9E55EF1C94F1E15397E083346491
-  2: D46C, 1303648548ECD8B3992C803A648E3BEF
-  3: CBBF1C, C965567985BCF2BCD4C9CF66B2168BD6
-  4: 30544838, 88D10DE290E82F2EFDBF50AD062A13FB
-  5: 544DCAFBCB, 52AE6D0576B4D65D82088179EE8E5121
-  6: 26F91824D36D, 7EFF9AED81561EFD2FD4CCAA8CA3E49C
-  7: ABAF75A310B8B2, C3E0E6FE9EF8B91325E7952205C3B215
-  8: 460EB25BAF346FEC, 78293B6E454C7A820B0D6ED86399CC70
-  9: CCE2D164E8BA0B80E2, 0DB9D3A14CDC8F8CBAE68D092D769697
- 10: 1C700418306E0FB9A09B, 5ACFC32C1CC06D63DA8F8139909FBB10
- 11: 8A306163BC711A92C1ED0C, 0518DED52A4D698C43709B17F8E6409F
- 12: 7FAC8AE98C5D035703D3257D, EBD479B656C24E4E256CC207D26DCB2F
- 13: 26DDDDAEAF072E292D9D3A8917, D1AE629015A78A35580B96B524C35A5C
- 14: DA8D19951BC8EC2657142DB6239F, 56753850A747FCA0445BF881EFB466D3
- 15: EB82C127979C395018BC346B46C4C8, EFEBDA26F5A1F53BE6A2DECD5DAC0D88
- 16: AE6050FAB41D6EDCE402ED3FA5F56AE9, 2A8922AF8AC424433B13C96EF64721FE
- 17: 47D7E682FF60C6F8B4DC1D43CCA75B7CDE, F7CEC551D1855914534CBF4B0F90AB36
- 18: 7DCD5194A227EC2AD352F14C4BC2958067D0, DA444BF98069E6BC209C9AE8C669E892
- 19: 3F9E6101EFFF05D547C881F463FFB43B0CC131, 0FCD327A4C3D9FB679E192C887CD0642
- 20: 70BE93EA6FB611EA7656A70B42AA444403DCD945, 75FA8421BF145219B6973657F9FAB726
- 21: 39A97F1B32D664E53734F506515BEFB3674E2F265C, FC47392114426ABEB42E9B7BD15ED237
- 22: 4D54574772CC127C2E87186E30D6BBD050231601B80E, 48E3BFD70F52434C8D92D412018345DE
- 23: 6C757A980FAC2BA8257750293EB63E52A9F7EE10C96005, 4057EB8AF43227A23A85651C002BB795
- 24: 817FDC2FB49084CB3E0F306154ED9252C3FE1C39DF481DF7, 9F510141E2E1716F4738D9979C440C04
- 25: A55CECDEE410C0ED7140BDCEDDF57652D5400793996CB376AA, 0897B814408133BCD6F6392489BDDE4C
- 26: BD5E9C3A051AC1FA975649EF4B8E2B6E8C317586643597548E8B, 316C16B9643C1704503CBAB5D01215DE
- 27: 4AE2A8FBDA0E92A7C32F95FE5DC63AAD97CE8D07133F0787E1C2E0, B518CE779929E704846376C043D481EC
- 28: 3AB6AB78B1C3978951A17A5DC6FEE1F2DA096770246DC040F72FD070, E459B8B8CC525428FB851D9B7616084A
- 29: ECD99B0E203AD3E722ADD6A38159C4A2C9C4A4B1A4448EE55091D382E8, 49C80A40C5BC637BB27B69BC2AD0B9A3
- 30: 4EEFF7BF368A278B1C8524F0C805C37F84F6D54785D79BA378A6B9B2999D, 491F2F02B7CDC02A627BD052A007EE56
- 31: 3490DA4EA01B23E86382D3F7BFF3239190F4E19BC4A9BAEA8AEF893F382062, 8431CE0772CBF6867F4F40E45031D9F7
- 32: 590E5508063DC675310C74227B886E68E2C61825C5E9A08231810D11EA695481, B96C6391C22F3961B307578D47120C52
+  1: 26, 87B72BF4F343FA59CFA40D1091F50FD1
+  2: E80F, BF6A3B3F649E3AD1D07D24326C44365A
+  3: 16C93E, 740A57E99296F82515190712B4B56F00
+  4: C403D1FF, B210C95ED48A15A8E78DBECA2831CBC8
+  5: DAF5735AE4, D74ABA53295DAEB4A04842D0F587C0FD
+  6: B80ECF00DBBA, 91DD19615D6F71F696C4AE9D388D7266
+  7: 45F170B0D2ADD6, B9FC969B51976A3CE3D8CDD227722A53
+  8: E3EC82041FE3EEDE, 3B82743C9A974E594D53DCF17204CE55
+  9: 15B8E18A9D105E2F2A, F1452F649ADEB08006092347A722497D
+ 10: BE3E6D03650BC96975E1, BFA2A6EDEF412FAB922E861514475C21
+ 11: 0361D6CEEAFBA30C30EE5D, AC97D081314CB9CD24113CF38E9E41FB
+ 12: 50E4627778596D55D7A508F4, 99A3E41EC4F3B20DE8D217C06C828F23
+ 13: E3362B153E59770912C7B12FB2, 9A96E56341834743DDF33156AF411B5E
+ 14: 3408B88EEB308F20964DAA903AC7, A4D487202ED5EEC5EA4C45792982A821
+ 15: A6AAA4ACBFF8AE329618B023C1EB99, 5B67A194B6358D44FA5801B588289DF0
+ 16: 4DCF2115BE730CEFA52053E9398EDCA2, 5DE56AA2FFC6FFEAF87225316C74C87B
+ 17: CFFA74C036CD62DCE15843160B39FD18F2, B0CA9A45CCFDD7A61B1D06E0075610B2
+ 18: A68AA4DB35238DCE0D537670D76073ECE5FE, 283B33B1D7B57917B8658B3E957B52A0
+ 19: F99FCDF3990405A203BC6F9F7D56DB5B8A3E5C, 0887CB21263AE7178AB02E287D47E2C2
+ 20: 363664B0944200D152A48C8C27183D7AEE177A1A, 3043B2927916652091951B9E2104E91B
+ 21: C1D9BF607F76D69761A9BDBA7D13D9CE4C8E430F7B, D6E7509B620B7E83B3FF7F931020F56C
+ 22: BB2DC71C8FB4A7A201AF36C4A174AD542D3A34EB2BD6, 2158A10FFA890769882FBB6636F95D1A
+ 23: 6B478DD22EF941F726D89C1B5654260845DC9140317630, 359297946889A740671BBB0BD2857883
+ 24: 3211DA2201F029B1ED2E11187E62D434442D5302E78A3242, 0C1D43B63A4DD329EA11ABE5404E83F4
+ 25: E0398E55D8E5146A715FE9E9A74316BBBD69DE747B5F7C3C68, 74FE8E2F10A96CAB8102EE6F0847380B
+ 26: C404BB08D0BEE8FF032D3EFDE7A15CEE27BA29B43161F0B5E952, 0F21B0E2D83584B65BD7A2F912BF9CEB
+ 27: C61D97BC584FA3CB0E6CA3E966747D75BE90CE32E4E1DFA2F34CAC, 45D4D5B01D578ADE8EB7B58CDEFB7950
+ 28: 2EEC4B1DEF647FAB996C7A5FA5061E5B572E8B1B0BAA0C8B7D01D122, 36E014FF6D8729B2EADF2E0406840B9E
+ 29: 9753865FB716D470C634974C2056D637F11EB2467274D0024A72E5FDCC, 1E2DEAEBBBA78E0E6000275B7CAEC89C
+ 30: E9FE40F4C8F4AF2607E41C6BDCAA28EC7241FBC6C8DEF6F36961EFE9B46B, EC5EDD19299A09A39D2F9006093E4CEB
+ 31: 995FEA1FA6A0B0B141375B12BC9BA18E29229E3D3BA3FF2F67438268B06EAE, 0413AF0B5AAB28C4EE92495ACEAF17B1
+ 32: 746961D162BECF915397F718478F5C1DF7A3FB8BD2413A4BF7C0C43314F6E2B1, FED8ACB5288B6ED8E0556D169CAD99B0
 
 GCM-camellia (16 byte key)
-  0: , 477650012AA6284033E1B85321EEF770
-  1: E1, 2E95EDCCAF3264B5178CD6ED0F2EDEEA
-  2: 314B, B11392D89769FCEEE4B8170F8ED1F98A
-  3: C7CF73, D79DF351C70A7DDA124355490EAF71D2
-  4: 3C369E92, B9345C0A6E509B10A1245F42BAC2070C
-  5: 6F5634E263, D781B8F61B104158D822CD04A9FE7998
-  6: 299A167791D4, F1707A7EF00815631F79AEF3F3CF2599
-  7: 61C5184DE525F1, 615524D1CB7DDA84EE5B91647449AC8E
-  8: C724705EF011DCC7, 5F78479065F8EE14C07C909F12AB9289
-  9: E1466E81002EF30043, 143651985FB01E9882D923615DA0587F
- 10: E252A74713C90B153C30, 6166F77FBF04809553936EFF256593C1
- 11: FAB8BC72140D01EAF5F015, 1756C4D44B412F078B0476DAD3711DA5
- 12: 774DA96F528D758DC098157F, D169FD2BDE61020499B482786BF14046
- 13: C15708A21A56963D342CCEE9D0, 9C3416DE3CCBB7BFDEB4CCB0A0B767D2
- 14: 52EDEAE7AFC4D3C77E7ACB31B1AE, FA98CD47050F12F7A95AF55EA29BB57E
- 15: 48ACDD91D755D9F8602DB17F41C1F9, 5A0CC2D372501E38ED3EC44BDE185E0B
- 16: 9385B12D8EB0F0507BA643958F4EF377, 8FE23300220D1D2A8DEFF7BA69CC28E9
- 17: C31A9198E85864D8BC020B5F61FE1ED596, 9865C80843631D26B02A0369B5FCDF8D
- 18: 4D159E1705839309E31C95E12A5BEA81277C, 0A8907002FEC82725530B4FC2BBC2B82
- 19: AB6B471DD358000FA8C489B06F448508AA7051, C87EEA614DEC03B4EE2724F6E1CB70A8
- 20: BFB0EA4F27CEC231815F07ED50E3AE8156172BAC, 09244CB698982CDE8C9030FC309409A9
- 21: 259FF16BCC807B01FE4870161CD0F06A92DBE886FE, 86A9D502C6BA9804D26EC4B8CA419090
- 22: 01FCE8F5DBCC4B2351A3319EC1737A84E8D3C959CE42, F337E99A62357057BB508398443E1960
- 23: 114602337E1655C3965EDB3E7BC4428F7DAD1485D5FF05, 67287E94DEB5D255D512E89508E85B47
- 24: B0B95F745C9433B741F8EB6EE36117C979CA65E6B9D8E595, BB75BABB42D9C73C4CCF8F9E1F9CCE1D
- 25: 4DE486D47096B3EB1AD2C6A6F9248DA1FA2623B339E787DCAA, 7BED5402F5B5AC690488C6830D484FD8
- 26: 40C5770A6B0A5C14AD168C262BBB3BD512E12654F6F57B13280E, 3E123FB667B2187D2DEA581C1E1EAF3E
- 27: CF20B534737142322FD08B2AC9602F4C447BDD91BD00FD820ADE78, EA8D30E6CA004F31CFCCCB47F0BF7A62
- 28: A61AAC29A28EAF0192E3B4646E0421D254B12C3D11F491909D18712B, 92B39BFF07D93AEDBA3AECB974859A17
- 29: 6782FAA7F0D18AC1989FAD68C5C2258742EC691ABE47F744E6E795FF74, C63AA120F2889C6996636DDFB15450A0
- 30: 79CB100D91BC41C73473723F5069B5D38C7208848B885E729A9604BB053C, 195D327AECF7F6D2BB1CFE019A0C2C0C
- 31: 7753C753224B63EB00E2773D5CBA726F2B2AE54097E13A2CAAFBAFE7F53791, D344D335666E06DC87E8E30E6C141DCF
- 32: F8BDD6BD3B27237424BB4E7871F9D893D204D8A4843E8AAE155B844716E2BDD7, 40806139E1038B68346931AFAAEEF1F4
+  1: 13, 0679D1B662AFDDF3ACFCE419B6DA94AC
+  2: 26D6, 162A86F8E59F9E6EA5DF0748B890862A
+  3: 58767A, EE0B79D3ED4B852EEFA323F8EF9839DE
+  4: 0CA5F75E, A8063610439C0AD6631F6CFBE10C2AEE
+  5: 5B821141C2, 0568AE410E4EF4C9FD4EC55926FB0300
+  6: ADCDD0B1C7AC, 84B1E359DF762B7E51084FCE1619D632
+  7: 75882A4FF78AF6, A13923C17E9006E06FC10710C3F1FAD0
+  8: C4F2E79246F1CE2C, 27FE18DF274233BF632F91F5C6004C3F
+  9: B5F5462F5AFD8333EF, 56EE2A3CCF86F4F5CC6FCFF2638283B7
+ 10: FF40C4163E604B0679D7, F813C36C222C5EC2DF7EF51DD12BDA97
+ 11: 93FAF62FB742529F2F1034, 2A67CA1A0CD5ECD3EC62E9A303D11B27
+ 12: 4C7F377995D7FA5D94E740A9, 0F8B822AA9775F742D5436029263520A
+ 13: 357A0DE9ED3E1070808B2AFBA4, FFB8426038E07FD7D23E92876B3CF4CA
+ 14: 281F9A4C95ED6C363A1F00564206, 93D5470EEA15AF8E85019C47728B217F
+ 15: CBBB9CCCBC78A78CF1F571BF667059, 15C7BFE9E2D25DE73BACE501D9BB5346
+ 16: 8A3392119B0B01A9C38C556C6F31AE45, 87886BF5B99CB77FE3B681826286E87B
+ 17: EC52B385BC9CE88DABC560DA23B3684378, F6B71A19E39723BD4D9DCFF7ADE97796
+ 18: DA81EDEBBAD7F6A49D3BC377E5F16272765A, A0D06F71CD2D9947562832E1A83E577C
+ 19: 2146F272EDB8F46958C01887D92BD3AC9B8A47, B5CC3F66E09AD98AB6BCEAFCDED10CB3
+ 20: 3E281F975765DE1DB519696DDEA6F94B462B4717, 515B758DC732EC6CAEEAA4B94C943CF0
+ 21: B3A735243E2D508E2EF3066705D0FA37442C8406BA, A8C1CC8EE8D5935FBEEC31B7132977FE
+ 22: C1272F2CFEE63BA750A7689385ABBCD4D431A99BD2E6, 46511DE41E6ABDBDA73AD854149B03F5
+ 23: 3C66C359BA5DC0AB52EB152DBE89AB28767B7E4A6A05E6, DE4BB656C5B0DDE993ED461A0D9C185A
+ 24: D0248AC2923887E76BAB9FD48D8FB73D93B23E4FA8704C10, 7C120335F1DDBB429431F15E24F64455
+ 25: ACFFD738047C794E9C88BB76C2BD8E300CC5F89C2E5505815F, 7D090676F5CD61FE8BB3E20BB1BC8235
+ 26: 8B2F83612C9B5870782FDC506FD9E7CF08024C6D126AA0E715AC, 5A72E736892087A91E77FE785200ED68
+ 27: DDB64F5869813B94E80975E55BB8B62A23CC8B0DD56357C51A0B2F, FE9B74933C7D6FF5272A0DD90D1F5D71
+ 28: 00A21C6C047DB3551368ACA67B45222386A2DD63297CABC780493A73, BEDAED8C4799594FDB40F992CC82B4A2
+ 29: 35FE5CD3F9ABC78C3B6E96EF11FB601741710FDA8572CF741EF9E5A522, FE34A91C83C93FE08F7D4EEA3F927415
+ 30: 4CEE166BB1E1325C69BFAE06C9422BA735FD5B21EE2D7581E27FC027CDB2, 31D3086C3A0639D79FE08F5DEEB3E81A
+ 31: 6F575BCEF0FC079F8FA300040AA50AD6CF6F4C92A27E24A210AD32FB1FB0E7, 057E5239A6277E1D96BC277D4EEF5FFA
+ 32: 5090FF37EF4F163F5B54AEA54DAF1CDAC1125C46A8617CE3D251576BF52143E2, 182FD3ED463E1A6A615F4E25B34CA748
 

notes/ocb3_tv.txt

@@ -2,568 +2,283 @@ OCB3 Test Vectors.  Uses the 00010203...NN-1 pattern for nonce/plaintext/key.  T
 are of the form ciphertext,tag for a given NN.  The key for step N>1 is the tag of the previous
 step repeated sufficiently.  The nonce is fixed throughout. AAD is fixed to 3 bytes (ASCII) 'AAD'.
 
-OCB-aes (16 byte key)
-  0: , CDE5AA0562BC4D474EFBB4120E4C5BFF
-  1: 9E, B60840CA7005A169C1240E3BFB401AB8
-  2: 75DF, C606FAD65B2CD087774CD0EB341AD265
-  3: 78309B, 26179C93AB865167FC583166E6AFD275
-  4: 0DA474F6, A55358F6EBF78F63C45AEFA5C63FAF17
-  5: 2BE7DEDEA2, 95E6590B2A19D85F25E4A76861F7CDB3
-  6: BE808ABA55FC, 6C9E74B2BA0D628834A2C2FD8AF9CF39
-  7: 7B20C2D42F94E5, 5B293A423119EF044A5E5E5E70FC87DD
-  8: B7CE5AFA00FC9843, D5AC1CF000137D8E0710DC63457E5F73
-  9: E8EF6A913D905BEAEC, A96A005A2A0F08BCEFA7169D69E347E2
- 10: A15B41ED2FE26F90C0B7, D8453A7F07D90AA3E48BBE792DEFBC84
- 11: 5CCED9699C5524623AEF4A, D7450C6465DF3AD2513B799521995821
- 12: AE70D6492673FC870675AAE2, 697EB5B96673EB7FE48A07A1F2C1E957
- 13: 23C3E43575A9D80938BE58D6F1, 2CAFDB3ADABFBE0EE48FB1DD31D67ABA
- 14: 235E50ED798584EEB7CE7F31490F, C26DA5513F19D6C9345EEE2D9B24EE30
- 15: 99BECD55D0CA96718E5F9DDDD127BF, E1A4FAF9F68CD80C997EB59FA8B6A38A
- 16: 8EDDAE4DE1D32CA64D741A8D0371745C, 603603E91FB7EBA3F9247420C3AB36FD
- 17: 52F17D54375D514A518EFA8A1081990846, 7B5C4EBB3B1AA523288770151550B97D
- 18: EFC039545414A9D26B58934BBAE30D587082, FA4CFB8B873933154A24C58A1F469146
- 19: E4756B6C55FE1973E4CD1ED5CD15AAC1FAEFD3, F32D28D2559EFF18B2F00F344DA975BA
- 20: 8F47FC80A73ADDE004F69BCABFBAFAAC7EE38D50, D80913FBFAADF1C5C3FA8734C74DEBBD
- 21: CBC47AE59B62F9A5AC8B1A0B27A54EA98DF1FEFE29, C34597A3E452216F9D8B53FB32E11B86
- 22: FFECFCE641E2F16F656A47157248D39C78A928378831, E8D7ED60F3BD44DCD676F06C43BF18CF
- 23: 8B4C8A02A2D2CA06691A29AB7E856C058946A404DFB78E, A8F44E1BDF86BDC4CC80BE55B2A8906D
- 24: 97D0A8D76D8CEA8E378B66E94B498127997C60A9EB0E1D03, AFB2B208164DBE1408694BFE8E87A5B9
- 25: 81BB7CC0A206760A631EF633BF5897B407BD27A20C28DE334A, ED82026689CD89BD4E777A74DAC791DB
- 26: AB69BF543CB1E731CAEADA9C8F09AB81720D446BDA453AF87D1E, FC588E24304E8CB47ACDCF1AF111DA99
- 27: C5FC023E000F16C42CE63AB26C3FA4FFD8373E4EEC97AB8EC0A9CB, 99598DBDE114FCFED0B5EC710A61B99A
- 28: AA200F54FDDFEEF3AFA3447149F5996643E4E63ADD57339129F83BCD, 1C6645CC83112B031F156E9D191BE806
- 29: 3E75A6B5DA18FE0F918094CDE11F0109BD206D68C570E4DCD7C0BA6E05, 669779DE7B8E1A657DE51C4FBD8FA8FA
- 30: 79EA616591785C8EA654E90E819920E20A53CB420147527FA9D2F92B9835, CBC3557ECB9D850CA17ADB726EB020FF
- 31: 35709AAA8B6C28254C1A75FE6CF13E7D90EDF1AEA677FB1057FB6C0ACCAB98, 491E0662C259D03C2E72A58736B6F709
- 32: 59459AD454CCECF40D4FF30E748CD1BA17314C9EF158D223AE2A736ADF7E2397, 2C3240DDD2FA281A567D38C4FA598ECE
+OCB3-aes (16 byte key)
+  0: , B314B579B54365D9094A8A7544FECFA7
+  1: F9, 3E49FF310B88634BACA91D55DFBAA185
+  2: 04B6, E13FBD06086CAEF7AD042C93D7BB6FB0
+  3: 5E9389, 04216D3227A79ED90D60637AACA49318
+  4: AD4A090A, 71FF49510C87EE5FC004162F146D4C1E
+  5: A3D8218932, 5AA9FE79861F6B5BC8F3E238D0221388
+  6: F8FADE0FFCCD, 04FB1C91F3B23E58F6B9614648B1A653
+  7: 92C4F8CC40044E, 232C049DA70A9AB4B6B3A03B286180C1
+  8: F93B1744D7C77AA0, 21FBF572E7FE551ECB5025BDE9ED5984
+  9: BA51E012FF90E40800, 117280C3D04F2376D4B2F020AA661146
+ 10: 71CE4295BF396C6B2338, BE21F998166D7EB96285884217FA8086
+ 11: E8BD27F4EE71D7C8B92B32, D6004359B714792C44B1EF5F9CA04F3D
+ 12: 44F561EA59DD0DC2A2FFF982, 6AAE8B19D5D6FE35A510E53C35C74AE8
+ 13: 644B54237E20C68249B4FCE531, 806FA9F25EA420A8B4CAFA7620C7256A
+ 14: 2AC152EA88E036E58667960CAA99, 04351AF74BC428C37282EF2A85C85B08
+ 15: DBB19579CA7E525544CA6893556BE0, 6847407644710A2DDDC128E4C7223FBF
+ 16: 457557479FDC7F70CCDFDDD53EC950CC, 8B9C8D93E60A881F625B82E200B021BD
+ 17: C07EAF5328D338CA4601560F513A2A4AC7, E882049660635CF0D13F6058773141DA
+ 18: BDEAE23389E05F719CCD723DC972F2C884D3, 0E40806F30CF1F788C3C6D10B89096A2
+ 19: D5F334BC7A5196E460D52F89E129F33D2C9F91, 00C4EF195CB474CD880DF1B6915EA357
+ 20: 74435B9ACFB72DF8D67DE0BBB2F18F34EF1C5962, B33A91F1AFEE65F56C781AD7047E55C4
+ 21: 31618C38EEB4A77E0769131E91F4814C7DFB825409, 8307F47A53FD8CB7B82211E8121738DE
+ 22: 45ADEBF8F29313F13C3919A4246C96142485B58D074C, 268C4072B1FB58F0491EFF34756C1250
+ 23: 2E11364612BE88875F506FD6603CBDCCA10188B3F6BD79, B782DB9E311FA0C3F1489DA839CF37CD
+ 24: 565DB17A001D87FF3B432D80CB6DCF84A389E306845D4BAB, FE514CA6EACFC08D6CA02D4F34CA223B
+ 25: 7819A4A63E4ECE3FB6DBC5208A5E0ECC5803E22F28C083C6B8, FA00969B7C91711E0E70027D13FF0407
+ 26: 27186491315F2F00D125C1266C442FB3C7B6FC824DE4A30B3EAB, 084DA787A8AA2D108B95F3A5B69BFA52
+ 27: 3545DE774BF9CFC3AF51602CCEAFDAD54302C8FC75C3FC1794C6CD, 68A18C2F767BDADD023D85B722BE8D6D
+ 28: 73AB104D83AE82A4D0AF53065D488EEA47C05E201A667581BB046E98, E65DAFCC4DD662232C895602DD8C7582
+ 29: B7B26992F361B7D9CE2782304C6C62495E46216304075A787395948752, 38F99FA3C086CE6B2620302931DB0BC8
+ 30: ADB1E4FC3217F82C2851122B8EEACCFB1C731565AFF856E201E8EEE702D1, 615A3A991F4BA240768FDCB4D9CF16DD
+ 31: F2CF0958F00F11E8564CFFD9AEC71451344E2A35DE7D82D1AAC14649BCD34C, 04E97E02B50CFCC86EC0B9A958057F66
+ 32: 914755B90B12CF5720CC0176AED145ADEC862E51B237AFE862477CF91D729768, EEDA6BE8E7875AA7E1E3393DE81FBAF7
 
-OCB-blowfish (8 byte key)
-  0: , 33332FA5A79E3645
-  1: 38, 66779E3613C5540F
-  2: 3443, 48D3E25F4007A1E3
-  3: D1ED65, 486767AAD7B4DCCF
-  4: 6FC4D34A, 50706E35463CE200
-  5: 7F05718FCB, 4AFB55795A94172B
-  6: 9AAA6E72BC1B, E060FA18168A31FC
-  7: AE90EE07B41CBF, F47C611E9C02D095
-  8: D4D67E11C84600BF, 9DACA76000861745
-  9: C4DBBD53B65A321CC8, 9E5A12890282120C
- 10: 74C14E2DE4BEC704CF1D, F1D432FBF8B17265
- 11: A57514B6A91B733A1467C2, 6E54A6A9F56D8459
- 12: 9CAB77627D8EFA9438451F3C, 4925FF74D2CDB33F
- 13: 2E5BC3A020EC249DA94E8DB4E8, 30739AD56648C917
- 14: 807B29C5AF9AF93906CFE876B081, 97901FE44444A99F
- 15: 6BD70492F763A704CD5351E691BF07, 2459A0B9332CF14A
- 16: 1F4919EB6CAD8D19B755157FD1A2E89A, F7EAE8DB5F5FA9B1
+OCB3-rc6 (16 byte key)
+  0: , E55863F7B850CEA28023BA8E2AB1F4FD
+  1: E5, C1F5CEA421F84AECACF622BCE507BD21
+  2: 6443, FB3B7992E057AA4A0E31E8718093740B
+  3: A1E36C, 0BE1B8CC538E60FDC36165AF5D273F41
+  4: 4891FC23, C6ADA69F1A613830CFF5E564F01FEA93
+  5: 6AAFA8549C, 6DDA8C3720633B9E83BBF2DB356EEBCA
+  6: 254EBFFB3C60, F092EA5FE0DA6B90DD5F2FB75FF92960
+  7: 1DA9F258ACA84E, 762E38C6545C3ED4AF970B09C6747CFB
+  8: 289067E54AF4FFC9, C04CFAAC0D919AD6027A7D923705443B
+  9: 65E083C54F9CC7C228, D6A4A1AC4144217BC07329BCDDD6F27F
+ 10: F78CE1BEE4471E9830FE, A503FBBE2378505EFDD50AD4FEE587E4
+ 11: 31874B00827B810588A635, 287CE2ECEF9247BCBF7537DA052E6A86
+ 12: AC8CB1138A4BC5A19BA96DC3, F443C67A2CC51FE2DF38A8B6C0F08220
+ 13: EFBFF1BCDF7B3F66A402A01459, 274A2DA9F33DB5203A1EBF90366E5064
+ 14: 7A47F5FBA688594319CC14B33458, 9107C62E140339F3FAB445113331DE4C
+ 15: 69957805FC3C51C59F9149306CCED0, C887CB0B1D880BE0ACA16AC513019721
+ 16: 6735D0D5D2ECFB68B718B8A95AFB8922, C97E9187ED00C6D9FAFC76511BE46AD5
+ 17: 00F51550A1875A3517FDE2A3038E1CCDAB, CDA7AE39A8B8708E91A3EB7C94FA7BD6
+ 18: 85184BEF9A31A8F4CBB5CAA56FF5C63845EE, 5BFA7FFF2072E7B4D9AFEA21D23755CE
+ 19: 025F6ACB1A85173A639D8FB24ED4B1E08339B8, BAB248C26F24FCAA94328C9BB0821E55
+ 20: E18DA8E16897E888C73743E0BE165A6F8CC94A04, D759682D03ECE0888B07915D6E3F5FC6
+ 21: 6B94BCF8DE2F326BC7D6BBE1FE7B744E25E717CDC3, A69D284CB8B279297A4FEA3B6561171A
+ 22: B9AEBFF5E08E82451A486BFFAAAAA2564F36BEB8B00D, B0F0B98B97DADF33B25AACE289D8BF9B
+ 23: 5F3C5797CC821B3A3B8559C5A5AF422F85B2803B7A4D9E, E01492AC89D7CB9F87FB8B23B6E55152
+ 24: 2760B653AE34625A78ECC775BF4584DDE6B2D0A1063C7B8C, 2FDB63B68839C6250E0C5F16351C31BF
+ 25: A5CD59CCA78AA4A95B1C1CAFABF90230FBC9F6BE66E1AE7575, 0EE3390FF12980B9C3DBA27802FA7F01
+ 26: 4E9D19900631CBBF3F2326C129C90AC6B5BC3889E1392A05E542, 3CE0EC540949EBF4D70E98B17BC37D58
+ 27: 5448E01EF054DC8B4B6C148CB05D5A20F50EBDFA42E59FAE178058, BD64C93FDE56099E206AD57958A259C4
+ 28: 9D62242B65C51F9BCF41177BE9E992AAB7721A6EB3584CCB25FE13C1, C93E44C0AF6559D8045D89B98CFF59D4
+ 29: B72E80500D0ECA63727E82569B3BCE66F11DADBE374BD0672D0880645F, 8419544A26D030E30085ECF8F97896F1
+ 30: 28F27958226709140EA0867D285376E1B14890F44A18A219E1CAB02FF62D, 77CA96AB5A1F36E7564B7010ED08E540
+ 31: 80F7CA76B988519731D76C4D60DA0E5C77BEC17368C9B237AE60A910312334, 962C1F0C4E7C8137863A48E6E5BFA44B
+ 32: 1B43CDD2D0E13ECAE95F2DE4782760679CDCCE5E74A3C3E6614BAD86DFE073EE, B5A6A14CA26E60AAC3B5C9DB0723ACE5
 
-OCB-xtea (16 byte key)
-  0: , 5F751041CDB0C2B5
-  1: A5, C48C22CADB797CF7
-  2: A3E9, CBB821F70FBAEA3A
-  3: 7CA3C5, 686647FF8466C56A
-  4: 318C2DA8, 65C58584A3E9118A
-  5: A7C02B6438, F87A48C547971C30
-  6: 314FBFEE9BDE, E62DC6E65FD35E8B
-  7: 87481270584EB8, C582AC684B8D02A0
-  8: 1E5E0DD030860CBC, A19FF0144005994E
-  9: F0BDCCA3C2463850A5, 15420E4C10821445
- 10: B6D1C598C7046F921299, EE9C28659EE2927E
- 11: B1376A4D9B3EF59B873917, 0DD3005E47CE72DB
- 12: BC9D026F374A89B8A45E55D0, 09DA1DDFDC3A5463
- 13: CC8DF93BE2D71601CDC52124A7, 9623D92C2FD9D62C
- 14: 90854B2161951CEA934AAB4E2B6C, E80632AB9F2CE421
- 15: 7ADE7A19FD0BAF71BE1C6DA601F6D3, 90612EEA15A64111
- 16: FA21FE68977D60D51ED897915945E5C4, 1A9344DD8E25D45C
+OCB3-safer+ (16 byte key)
+  0: , 8F56A79150DEFC6B2CBB3FB6E359FBD2
+  1: C9, 8E316BB1D0C29B6D7A5A87099B85B72A
+  2: 2060, BC6DEBA562045204F685BD4AD1095614
+  3: 0CB79E, FF5C3DD5E0D3C587F73B79871E18D92D
+  4: EB055446, 68712BEFD76001DEBEB0D49FB45753C9
+  5: E936796698, DACC5325D10076E3454EA244FDE2C446
+  6: E64E038A3E72, C790A04E48892CD267FC323EC8606BE6
+  7: 3530F74D417ACC, F0383D56F2FF810F37DFEC884A7F0189
+  8: 2B616C4A95A3C681, C2D5793720F925F74693C7A8E117860C
+  9: CE0C99100C05C3BB31, B1F94A461CD2F81E31AABB949E2B2866
+ 10: 2F4556261D59FB7104EF, F061D0F70B0984C57651ADC2C500FB90
+ 11: B0DC48C26496AF66330E6C, 68276FCFD1C9AC88C54429CA7714662E
+ 12: 5F2ABA85E68BE0FBCB8127A4, C1FF0E5E54CFCB1109E8707E6EFC5548
+ 13: 52560F88ABD9EF2BE8F5693CC9, FDC0F5DEE4C0739869C8D310EDE6D8CB
+ 14: 3FB7DFB38F9CB53B932C09BB4953, 156BFBDE08F2665A3F7C79F711042B40
+ 15: 09031E49212D7F8706DB42929EE5FE, 8A0F8A6634EFA7E56471178F6F906CED
+ 16: CED816F12E02E14B312C6DD520BDD936, 4FE5C914D17C426A3BCF5799A4BE0FA8
+ 17: 30180417B91D913762B8066964F01F7050, F9FF5A968C3B5D6F6F8ABD5BF23461F5
+ 18: 9135A4CE4F8DC27758B9F158F515F89C8B9C, 7B3E446236E33F999D7B586205B55D33
+ 19: FE2BC52A5AD051401471D2487803E2F70679E9, 902CB619F522AC61EE70C5407E23441C
+ 20: 7FD71CB30B9836C6CABAC78AC336BD5775EF3027, 7E6419511E3886BD3736D1BE13FB8599
+ 21: A946EBC8A4F779A6FF805B2B4F9D166479A25C71BB, 850E57C9BD78774FC4CF5BB1A956BD4D
+ 22: 1F3101AB8B7FA06DC3194D66F3997C990C79DD69669F, AC4962DAACEC80D993E52A2170ACF145
+ 23: F8BA79427B329475C7374CD1F48518C5064D3796683978, 39D4EE512DA456B0E6EBE7680766756B
+ 24: 52CD976F3DE59CCAA8E352161BD7867C026D39142FDFADC4, 7BF77402B6CDC953487A1A4C87AE4ED7
+ 25: 1A1D64F1B73C52B698FFED8DCED76292807AB3676004B63064, 6E16BCC6F312A92E80FCB10DB8BC659C
+ 26: 171AF49F6816848A355D92E7DBFD769587EA2B988076BA5D5918, 9F821AC305325BDB9B12B44F82882C63
+ 27: 025152E05F44E7F05C2B4BA3B0023544CFBBEC8F9A98C13E931E2D, C8E3228E2B74FCC935BE1802E092C346
+ 28: 96B96648528B740D15504E299E619A6D0B129407DEFD04C1BF405AA6, D0721CC578C44EF15FAC882A8F49617B
+ 29: 9136905B84ED8A403CA83DC0DE081CAAA0F8E4F775FE0EA1E3E20BF223, EB474F78BFB6BAC8E1B1867ED405DC38
+ 30: D65A403FB587A6839C071167ED096B46FB480468F7C1F702F1B2479CDA5C, 8E82A3BA76E1AFCD82E324FEAC9E3084
+ 31: 017E3A54463EDC279879A07FD7BFF1225CEE307BD8741B6013FE4C9A454EB8, 10449A44C1F90C64CCCA5D808AC705A5
+ 32: DB9C895FF4A59D407344B8254FCD416F0D5EDB2ECB639CF226DEAA76370FB79D, CFE8C49CF0E323F694FAB1805A85DC93
 
-OCB-rc5 (8 byte key)
-  0: , 4287F61BB46382B2
-  1: B9, 753F79A4BB0CC986
-  2: 4FC1, 77132F07D73B20C4
-  3: F1009F, D0113ABB5CD465FB
-  4: D68B146D, 5CFA18D483741043
-  5: 3EE7237B8F, 0AAF3E6746AC93E4
-  6: D6C5D714B773, E1C3A97890A4B86B
-  7: CF1ABC07E56F1A, 96215C8CC5471BBF
-  8: 9783988AE164F9E1, 0680B375E3A0D562
-  9: 9ACCEC35CF126304F6, F74653152A177CE9
- 10: D94C215F59ED195DDB5D, A5AD88DFFAA297F7
- 11: 911BCE3E464282F3F67A3C, 561F90837B05F0EE
- 12: 48F8A06D30CA2C53D2B7176C, 5BA9AEA8003B2DD7
- 13: B66F45A34FFA2CE7086D63E1EB, 0C8D09F2F4C46C79
- 14: 15EFFA2ED88EDBE91FBBAED12128, AFCD680C7DCDBE27
- 15: 5B54DEDCB7D14FD48373C1B93CF084, 226A5920A2E712D9
- 16: DDDACAEAE7BAB3029B1D841502F3F8F1, 98527F33CD759F1E
+OCB3-twofish (16 byte key)
+  0: , 924B3293251DA82CC6843F4616DAA68D
+  1: 01, 4B07AF17FF5D6C2477E90B7843F19D1B
+  2: 5CFF, 75BF06BF38FA2BEC8A3A546B9E29741E
+  3: B31197, 0923C75169AAFCA604EDEFB93E7C5D83
+  4: 8AF83046, 29C744B4A6A1DB80CF625B490FD25A60
+  5: 0D0AF40357, 477754E1995FC70B3D4D7E6D6DDDA77F
+  6: 9E6765559AED, 389733D5DCAD65971EDB674B2479F13E
+  7: 113AD2738DB565, 366AE5F327EE4BDF2CA04A3B82FA3A3F
+  8: F2235181D51EB014, 3418DCFFEB24E4D94DC72F7F3876A978
+  9: 303087A4458E3063AE, F3E6B83CAA0A07261BA9D384087D6D5A
+ 10: 98FF08F0E42331B68492, E532298F60E06BB72C57596957400E16
+ 11: CD40F0F4D8000E5096262D, 8AF824C0EC17FF0F88371BF3E05AF7BD
+ 12: A7EE8BD81168FBDC359375E9, E20FD7E1914136C94223F6DF67386099
+ 13: 8BFD44C8A327E7835A9D43A52B, 7AF41E1B25A7BF4D1F5868F0E047E2DF
+ 14: 8DAF93847C1B3D8220B7748A9823, 9787A3B32FD7EE08835DD7A9277F5A4F
+ 15: C602FD9F13259C4D3E3700F89CDDBF, 5711A41B4666248FC3FAE3FE8FB9E861
+ 16: 972734035B0C78BF774279BA3DB7CB0A, 23E96A558B3A64D95FE1669923E10CC5
+ 17: 9D8B4DD8259B51DAC20C4C64693E20AEC0, 66E07F2BF239C0541DF19254F53820CC
+ 18: 4F76EDFD8C101BF1A20B9D337724BE0019A7, E046081F3CBD112CFAD56D9A32FDC6F1
+ 19: 59B667CDFCCC1634C9891DD0D3809A682EDA2C, A0F8E38B41BD82E8010F917F4629184B
+ 20: 0DBF3DD74E0D165C095468824E431B8B5650EB5F, DB7B71633206184ECD6157060DB2E443
+ 21: F5A457AA7ED8C131ABE99EC2C1008DA022D27908F0, 794C3E20F41E7D32B70BF043DBD0D86E
+ 22: ACABF3932E154342873B1EB770A3E5E31C629090EE8B, 4D998537CAFD3453A5D748EF09C81B69
+ 23: 850CA96B3B1287A8726E2B11B7B17EE321CF7D65481F73, D78C52190C81FCCAD299DDBCA72D95BF
+ 24: 5060CD915C916D082579B571FCF340E82224A9704398E033, 30EE449934C54F531D2702F8F1B9F510
+ 25: 0C47F5CAA3F2E8ED47F016918B634474B004B357A35337F14B, 9D749132486F07B06D25428B592CD767
+ 26: F01B95D67392793ED557D2C7289CF899C053ECC5E8BD28BA662B, 3760662B33EAFF659DEDD2AD6E7B32A5
+ 27: BF8B0FB0B069978F0EEE2120F61B6437969C0BDBA700AE279B3239, EF2A1D664F26DAB4F9E8142730C2942F
+ 28: 64E68C83E76FECF44BE02B2E44F182C1F6A08B8DAF396BFA3B395A18, 55AEE32957B9B15AD35F172849308919
+ 29: B594643A43A91DD34A75D30B259EEAFB75145C91D8A862F2526CF47A35, 0E60E4118213E89C28BB71A8003A94FC
+ 30: 5D2E20D31A1F6C48EBF52B63FAE1CC09C85F2307E509CBDD4E8771B65787, 11D347399697D4955028F7B08EE32B93
+ 31: 8726247FAEB21D7F8927DC3E90267ECD744A8452C64B9EBE08D1A590BFA1F9, 8D75DAEC7E4438E7C701A392346EBBF6
+ 32: 0DC0EE528456FEC203AFB12A55A4D3A901B9408958E5387EB42E75730D98B6A6, D7D682F57C1E1671BE459EE33BEA6B26
 
-OCB-rc6 (16 byte key)
-  0: , 3BB834902D39E5E91D89B0DC0DDF65EF
-  1: 2E, 9B9135C04DA988AD3D2A71B8330EA0C7
-  2: D7CC, A4D984EC457906AC76D633086DDA5FBB
-  3: 394491, 35413A2E1936F2C5347BC3F11DE5C5E6
-  4: CDB4E8BC, C92E3FB50FDA7292D8889CAF1239C669
-  5: E073807488, 293B4362693F5CB7F87B499B5DE802FB
-  6: C423B1D2250B, 4C1C672BF015B68FFC5496C1E4845038
-  7: 0A9221803183AC, CB7E94F239CDAFAA2E85C8F6F84D291C
-  8: B11DF4E8DFE0DDF5, 388330327A540AA342FCCE9DA8722974
-  9: 4F22BE632E97EAC40A, 52A80B5BABAD91063F005A90366F5D03
- 10: C078544308477C436C1A, B71ECF0393B5EDAC6A6885E589B8495F
- 11: 70D055E1DD32D2968F27E9, CC203EB94EA969ADA6AC66E38114AC15
- 12: 444A3B67B3DFBEBF25CF1EB8, 0D46A4E88E25DE2B876B53D6221BC155
- 13: 82DFFC0FF3AA208EAEC9AFFC95, 90EB11D825B92AF732659F5E3A57AB3F
- 14: AED1A39332ECFF633DB4DD4F53D4, BB14AB91B3CCE190F780BA05D94B4FF1
- 15: E98CDF3BAA07AF91F30D984D1B31D0, B74AA68488959CEB0434D0DF258E6206
- 16: C6EA56068EC393603313926A54E79808, 8D7EC011133F2E419AE27DB99265BB51
- 17: F28D6DC79AC812B4E14925AABC7A18800B, F125CFFDA992F6336D88E3D6CD5DC739
- 18: 419AB005309458BF84572AF5EED46DC0D90F, B0A5A2D13EC928BF3DD2434079A20528
- 19: 64D64C8F3ECDF0DD43B6BEFA045FAE72D79D0D, 9FB86FB186B57602E609F08E76FDD8D0
- 20: A8EFCDA63D38273404E91241C40992A82DB63F23, AF116B5369C3B6C5A8709252537DDDDA
- 21: 39A5A5EF3CD91B27138BBB784CBE027B57A81603DE, ECDF09F22FB185D110F6997C891F8569
- 22: 464381184976612C15D1589DC1AAC2C922D69F3FFD31, C18416F51FA8502C06AAEABDBE5AB22E
- 23: 21F0118E17188E09D5E5C6E53DB97BA2585A122FECD6E9, DD7B583A17B07967917D7603D453301C
- 24: 109AE231C1810250AB181BB094099D4B21B08B948A9F7934, BA3BD871DCEC2A0D75C1B54F3C5AE870
- 25: 080BA8AAFB8056A102BFB37864FF0533278F2AB3A23D42F719, 4566DED8A3B4E9CA441B87EC18BD5E4A
- 26: B7531B5B0E7401491248451B6833F738F4700B9F7FA13C262125, 9F6B4E956A338907E34BB91EFA5D2A26
- 27: 7473E5550DB57A75C1E63859580DBB7E0E4704E4360EF4AA0FB3DF, 0E1C543C18F93E853143C8B21CDF6327
- 28: 8D8CB57288A98D1A3CC315045DDAE1388C90F6C6EBD9704E91F9657A, 9FF33BCB85A5AE936244B7C24C2F7909
- 29: D4951C16BE95E67C9FA9579465AB44187C1777B0C4050D3878FA82B7A9, C9F3EF7588B041DF17E5333EB397D015
- 30: E28CAEB88F590D3D7D0FB6F7DD7EAA88C091D67B72E67B297E280F048C68, CB855FF11691C31A423A88525F7941EC
- 31: A043763CAB64783E8637382E5DCA023356DC8FC02F7A9F314B448DC7C2A4AA, D35E089232C405B0928A99149555C406
- 32: DB2F18A11D7726DC6EFAFFDB160846968EDE06A251E03CB92ACE0F435E6DD698, 7FBF8E2F2047216C0062B6B070FC39C5
+OCB3-noekeon (16 byte key)
+  0: , B23A40302652E204B694EA78AF5A8FCC
+  1: B1, 5245C8680A6F4520168B173A39661249
+  2: CE8C, 05763A489DF8B88DF01862007B2D6655
+  3: CB7D55, E14463F2230FD60AC779B5608F708A13
+  4: B4E9D036, 78A9A918D7CC6E742F22BBAB7781CC7F
+  5: 0CB35CAD63, 1A010E65263EDB85039E81B8BF88B978
+  6: 7094335707F5, 8EC8C49EFBB77AEF2B443855760CF5D2
+  7: 734E7D94C8BD6C, 5E701C5886A72499A79B3DB6A6F865A7
+  8: 5375C12BD7B724F8, 3C12E52B9E0DB5967AA09C84DC4D48BA
+  9: AE56D9F446D45EF168, 297EED4ED9671F7D9E6433E189C754AB
+ 10: 203F357C80E760BB0D47, AEB8CCB8AA3D0752266E9BFF4B501832
+ 11: 12A9F075BF911C0691338A, 317824AEDC90F284C3702A651BA50488
+ 12: A4F167C8D051DC582892E5B0, CCB64B2CD8CB62212003A4E0A4065B23
+ 13: 42B2F2B5E43D407E2E2E047957, B81F80502CEE49C84BCE21A942BD6206
+ 14: BA5562041E71339AA676E1BFBE07, 7C0920E33B1AD9257FC6FF8732EE4BBA
+ 15: 1D1DE906DDBB4C3FB367DD7FB59622, 10D4E97FF5495A4250B60A1238D21B3D
+ 16: A06A25AFEC795738D0ED17542EF1E691, 1D31E82501E1779FC62E8A2847D89631
+ 17: F7BAFF86763A1BE37F6ABCAEB2E8A64411, 4F3E5E7009B8A09CE47ED7E67D9B6B0C
+ 18: 15A97D2BEA9DA105282144776C710A047F1C, 79406BCFE7C9E8283AA851ACE9D40AB6
+ 19: 80FD02BBAD283477394A3DF93FD6323AB2718C, 30FB621D3A41DD01BF8F4E7EFFE93C22
+ 20: E091A9D6C14A60627FF6BDC59DFE85E9528AF3A6, E8D5A085BC63B7AA48761FE4431A7966
+ 21: 76FC712E7BE90A93015045E96DC102FFC2DAF113AD, D563F913F2A90D653C0764F276F8D0D8
+ 22: D4A6E1FD6DC7504CE40F4A1A7B9342ECCC03CD3788F6, E6C45E97B3B2E00C2DD0C639EC056485
+ 23: 7DB75AADBA75F026F430C7B9A59E4E0F228770990512B1, 09BAFFCA7F69156C6ABD5FA7A8F1F39C
+ 24: 18AF0400D1FCC74AFFD5D2FE4F8224A29BD17DB2294F89DC, BAB2E20E100E6292658A7BBE67F96E13
+ 25: DE47E5BD43101F0688D7149811511E549C8846AB71B35A12F8, AFD0DF5FAF7821759DE3AD928B239570
+ 26: 1826EEBA81A57174214F9953BA88F4324456127D7F7ADDCA8036, A03FF1F7B71611D8E9B41DA61E191A90
+ 27: 73D79CFEC44F7274720BC73B7F2422BDB79A9DE6245B08B006F654, 00F66AADBB4110E77A7A788A1B0CB4B2
+ 28: BA5F0C34A1DF413378C6F49E09BEDE1ED757935934C1FDCD978C2B3D, AC286CAE6E7C3DC2CEE3B6019F5A1662
+ 29: 231AB287C2156BD0E590632E057D7EE92B6DD7976AFB75540FB04FC84C, 12420BEED7F377C4792A0940EA91C34D
+ 30: 7B06F611F07763C65EA542EAF679DDBCADDA4B61238F489331184FAF764D, 56FCBC05F1E3B57286B1AE881FF04BF4
+ 31: 17C5B1127E3D08737590EFB2FEB17562E7FDB4B21A768595ADDD9697CF9B46, 6F4BC0A033BE040350FF4958866BDEA0
+ 32: 4667525E9B39821CF08E6C7A7E37A5020CE23F81DEF05932113E9A6B5B3F9BCF, 5C0350C6F7299192947EB22ED415B05C
 
-OCB-safer+ (16 byte key)
-  0: , 818F824701DF2D6F384E39A6B33C8C7B
-  1: BD, D1BA735E4601B977CEE4C846DF801030
-  2: 97E3, 4ACAA433A1F4BE2459D8FB5A46C83D97
-  3: 54A32B, 837526FBF9334EEE32444898D72A6FAF
-  4: 550BF0B6, 66993BCE9CEEBB0E42E734EE72F71F6A
-  5: B9DBB41DDA, 5BF83E90030911DEC1F706A0CA3EAEF8
-  6: CFFF407F7559, C3F9471E5B38384FB1882D4B0FCD4164
-  7: 27AACCF405075B, 16E59258A2639EBB74A622FE58B10D50
-  8: 6E0E5FCE730A1E0F, 74F51050BAC882A782DD1D66A83367AA
-  9: F4A70127DDD496C035, BD93EAFFD5A2C36A354950DC3548925F
- 10: D6C82811BF1493C3065E, 9252733A1C829D9328E810D8E1A68AC2
- 11: 6AC43EB973A878E80ADF13, 9EE33A4F9F9FE039A7BC0B3395AABC24
- 12: E54F88B6A05961399FD4A842, 11354D65DB61A2F42683E3ABE65C1518
- 13: 2771576E1EC6533061395C206C, 1BC2281E33BB360A7EB488A87FD3422A
- 14: 59FACB5C29A24EA7B2ACFF73C3D5, 1D1E65A92DCE815BFC61C067F919C9D5
- 15: CEB8B9CD33CBB8638BB3AA463DCAFC, 4B6307B67D62F0C9C2A17407E6A6D37C
- 16: 1E9BF87DB8A50018945D20F1711939E8, D21689B5C7AA20421E1B0543C44CDBF8
- 17: CF466CFF02460FDFEDDD55D32E7B81F7DE, 34853E04F800B867FD81101337396B5C
- 18: 7825EC997E35D69B7807EF09520FE262D9ED, 0C56E50B01DDB6F79C0796F644566365
- 19: 0DE8DC870E440E81E884FBD240F135C0C51904, BFA98A06FC10F61ACA04A3EB83F4E4C9
- 20: D7B6238F58DFA34AFB01F7E863A6239A643EF85D, 72D58FFFCB8EDD2B212E384499556655
- 21: 0C39A6472C20069C81B86D017C29996D332A7934B6, 00200B481BD27D3E7F3B5A93B01E8CD8
- 22: AFD445996544CADF9DB1095A8ABD1B85139C49ECE807, AFA537A91C7B5B461285C1916587C5BC
- 23: F5971CA871AC2AD43E5FD3B7F135F8F114E1CB8475CE3F, D2AEEFCC904BCC19BF1746D4F4C12B2F
- 24: 0E501E14E1D90A21882A39AD8BF30415A5A19F45F930C9B4, 994BEFD4A19281466D6DA15A136AE7B3
- 25: 91DE86170B63B8A3429DE5A9686CC7033A76ABAACD196E1AC6, 1D19585EB7F4215499C3E5E95E6D9B3B
- 26: C32E3723685B361A29A931AEA09029A3ADF4DB5E6FE03ABA1374, B7E237316BE981CF1BB7EA2C0AAB4FE2
- 27: A7C3BEA3BB8590EA4533EE86CF6A98F555E4C75C31648F7539FBA2, 4FED5804515A9C83A1CD7E0FF18EA714
- 28: 4B801BE2237D8E46B2989A4CB914929B9DED959F14DB78006ED1BEC5, 6A8315F87E69535EA157E1F7C46772F6
- 29: 868A2EB898BD7AF43846C7792BD0C30BAF0B278796BD8CF74BC5BF0BC2, 600A8C9D4DAA2907DA94F0F6C5ECE1F2
- 30: 8F9C5C2BF2C5BFB33535E5A7793D18341B9B6D5A788765196068843B0E49, 6EDC9F4E8BD16E030E6F63ECBAC407B6
- 31: 626D32D56088410B8B0E106ABCFB6B80A3F51C68A6FA648C45B93B5FA79A1B, A1C9660396698CDE92C48E5C79C95FB4
- 32: 23735C7C0AE0FF5FCAC7D16377090DCA9FD0E679248E04EAC56752BD0AA790F3, 7C8EE978EEF3E9BC9F5E18902CADFA94
+OCB3-anubis (16 byte key)
+  0: , BAF3C352341E4E8F5E1FE11C9CB3E151
+  1: 1E, 01BAEEA2431B9106129937F135D46215
+  2: B586, AC89B511AC5F80B2E6F9E6BC96DDCE15
+  3: F28FB1, EFF43DCF8C909D51ABD58CE44461C35F
+  4: 2AE6B0DC, 36A21C9193BDB12FCACA73E756C6D75F
+  5: 4A37080738, F90B5BBA5A103EAF4ED01FF845F7F6C3
+  6: 369B9FDCA431, 85C530F58C7DB80C6E8B1F3A9A593C69
+  7: DF0388D34583E9, 4EEF27EABC10A78488F82E8105C52C2C
+  8: E63011F0E310F68A, 8AC5A7B20B6F4E160EEFA6D16DD868DA
+  9: 93FBDAD02B07A03C8D, 2C968FA16435934EB40F27019AE00F87
+ 10: 6D91E68224DEAD679298, 2AE270894D8618D4D92485B51B7B5658
+ 11: 53B08EE1F8FFF2590B7CF5, FC9A33C9221C06ED7EBB1D3C33BB0FE9
+ 12: AFE762CDB97A411E0F6D8422, A9A1028C6055FA627007E65CAFE5618C
+ 13: 781464F6A0739FB8EFD8C6130F, 1DBCCACDDC218B76FC27F444FC0CCDB8
+ 14: 1F9AEFACB5D87693CCBB9D173529, EE13B9890D0E05EAF61E1BBE8B0ED0F9
+ 15: 107248D8D565CDBD520E50A139531B, CD7220BB19B95C496FC901C831AB7CAE
+ 16: 1045F21485E1C4FB812D9428C4D29D7C, 08035EF80327E3D238D98A09E3B48542
+ 17: 68E48C74D09B7D07F38BFD1722F6DAF18D, 9D94E4B7CC4F00F1716D830D953E1DC4
+ 18: BF9D274E7DD49FA2ACEE1D65DEB0A5A74D2D, BB841A83356BED14D2A06B5D7F5F8556
+ 19: 4586B730D46E9BEBE34EB52242DE954CD39B90, 40981229C0DC8D47C69AA261D2BC960A
+ 20: 11038CE2E4AB2D2F8258D4DEF25F102352468350, 1EC047D2BD87BDDF02068BFD5742688E
+ 21: 25E4D441758E4953D463D0BB63CAE2B8D5F78B7968, B548855DEC4C11C10F74983D6B426A41
+ 22: 1711526E226559666D2439881650AEED6DA12EA01A72, EE6D4D29BDC8EC975ED90340910EF829
+ 23: A70447A0317930D20C5EBB0841528802B948DA7E437EED, CCB551453425652D6535DAD0A5890431
+ 24: 57D82A93F29B4B2C2CE4D2326D2E224836F0857EC8035972, 87E1F70A7D4140A58851A2C4F0E39F0F
+ 25: 5F065C6406B07A8CA35AE0F05D0D48C631C6FB3D7655D5F6BE, 2E3EE16DFA370D0F988615CA063DD62F
+ 26: 3DE835DAF81C17F45DE11431A6F8294FBDFC062F237A7DF30E1E, 401F8841A7D97F84438B905D2C03A416
+ 27: ABDF9D5E996364C628D4DCF67ECC870117E8CC5A6C52E4663C26C4, 05996C80448BCB0C4B311E05AD0B4C5E
+ 28: 1C2401BB1DA2CEBA1BB56C69728FDAEE42FBFA374E57DE1C593494E6, 8491B62BBF372C671C311A97C173BBE3
+ 29: E504321BA399FFB6E3187B645635273A92C63D014E337EC266334BEC7C, 026444BAAD6C4EF67C660180CCC6E7B4
+ 30: A61D3FCC22988166F57F4585E936CB8CD714713355593780F54EED1681E7, 3507D5E0185318CC4577C5FECB3A348D
+ 31: 55AFBFA3A57B960AC0F8B3DAE6EA60165FF7D5A77731B05BCB7E8C647487AA, E25444D551A823650757DAAD8ED6B588
+ 32: 5553F81F123EC0697C26B00BF20BE287C0A1E9C4035C8EB3036F6D58C8A3B83B, B7349CE03F264F816305A6D46C274980
 
-OCB-twofish (16 byte key)
-  0: , 594164A8DAEA1C847BCD04E06EB69AA1
-  1: 82, D86AD044B55DC09DC6302700B728C9F2
-  2: CAC8, 910C748DABA8A3CEE24C888295E15BF7
-  3: AA0A64, CDF692384CB4A1F2B9355F7DA2CF6D82
-  4: 8558D35A, 4F542602753901709C33D1B3FDFBDBFD
-  5: E3AE8A5EDE, 8196572296F1D18D5AAAE6EB7B3DE383
-  6: E602A86B84F4, 2F6FE22A3A5506BA8FABA92CF153B53D
-  7: D9FDAC7CFC1C7F, 735A47BA7F9F8242AF59B65555A89D8E
-  8: D1ECDD40593FC01A, E98A3D894F217A645C5576EABBD0DEAE
-  9: 0A085D49B094924621, B50611A43EEBA79B129A4A7CDE1D6933
- 10: D28C9B15530A73167396, AE4BDA212228FF92044359A8BD49FDCF
- 11: 4ACC04003B2DB52BF6AC9E, 14436E44AEAD95DB04151409AE0554E9
- 12: DF4A0500653E45E0C9B0955B, 5D1F14392C117752D25C608B88D27FE4
- 13: 779E1F3875A3DD5957585119CE, 09CA0CE358A026F4A0587AACA17D6483
- 14: CFFC6F342044C9FE27A77DE2F08C, 86E1A306D08BF4DBF1E9C0B8109F542F
- 15: F512032FCE7598AF164F8BDC979F4C, D9923D9B1434A1C7E8A705B28EFFFF44
- 16: 8F81FCF56B506E0848C49D252053F86B, 1DF7C9EE369191347758689A06E725F7
- 17: BFF875AE91FD5334B7BF7C0A589F86A27C, DF7FE649DFE3101D3EF0FA54D89D33FE
- 18: 4659BEA017C75E61588021CF8937D7C2C6A5, CFCD5D0F8122361909138E92B6C03134
- 19: 9484B68F9F02BEF42A8E861435026112C5CFF0, 3FC907A83E8DA1AF5FFCB2691FADAEB1
- 20: E13ABD911540BABA4F7F86A40DACD095C0DA2A3B, 2553A726A8E320D4A42B670933304075
- 21: 2F412FC9B166B8F4069245324946E9D2C70BC893DD, 2E434FE6C1C71F390BA463263EB49EB3
- 22: 1B4FC8CFC047959880F22A36ABB1E825260EDFEBE84D, 455666419750CF6012659EB68EA93706
- 23: 86DE014441AE5E868C335AC480A227507304F416AA1DB0, 4861EB2C1860B5FE68FD844C93F957D7
- 24: 98DB0F92C96A6A4A76FD8388852E30EE9D4B397DD36DCA23, A6A5136EF28DD468B8C9BA27D0423E08
- 25: 012701CDF2BC3F72A6DDBFA8ABE102D44531AB30693F3C92D9, 7A0AF791A2AA53FFA3C17867B9B39FB9
- 26: 3B6A8D60F5A580EC5676D3F656E98BFDF4A3F1C38F63B51A0A0B, 74CF48B317AB5966856CD1F84C1C53A5
- 27: B5DA5A540BD8C1FE05DF994A780E8FC54D0C84F9979515E4EF60B6, C1CB0C8D114C218D4C7650BB9F2F9732
- 28: AFD1259572B60A5ED77B8CDF9E8C31CFDA25FFAD45A6CDD614F83500, BF4F4E01D34B69F7460361C0B653137A
- 29: 1CDF78F6CF70428A19C87EFC9F2A861AB35CB03638003F701C57F5A108, B005D9CB01E35A08329ED34EEDB51C2B
- 30: 97A60FD030DCFB8E8DA4FAC24682C8A7901168504E6D494431EDC44BD2EB, 9958A0B0908DD27D3377268EDDFF8196
- 31: AD36ED716E5C956BC6766EA376E18EC1456258DF590E3425235493ECBAE133, F31D35D8D6E24C90E47C12E35F300826
- 32: EFABA1D19F94A4C288E3EF8353A919F06EC1AFD2ED802C82BA6806F26B93B581, D599015BC0A240AB62E85D3284E111BC
+OCB3-seed (16 byte key)
+  0: , A7D37A371F0B3596ACF3856B5D18B45E
+  1: 49, 3C671A1AFA5B253DD8FF67FFED9C33E4
+  2: B986, 2A069C4C6FF67FA6880D6EDA8490A3C6
+  3: F78307, AB6D00AB217E62E1C2863A63E7E805FF
+  4: C43CDED4, 9332E6E78B574354B866EB49B951AD6E
+  5: 47FBFDFF71, 14B3A25479FC36C71C837680871855C9
+  6: 4662362F3992, 28B8B162DDEAECC2AFD92C343C49D986
+  7: 64BE9B49D4E3F2, 6DD06663768ECDEBC64980E0FE11BA9C
+  8: DC6F456F02349DDD, D4CBE9414C65BEA4F1340707410A8D6F
+  9: E0C1166D7CA0A919B2, E7B742D40ACECC618A9012DA72C0DBB5
+ 10: 1E9B38CA4B1D2E41173F, 6F87E9D8B7EA96249B533FFB626773BB
+ 11: 7598A106F4A42DC2EBCEAA, 8A1358443F492C6996ECA14D41FCD91A
+ 12: 79C43C511A13395E5F1D259B, 0955EC3B5D6999D1DACA88E4B4B0EE77
+ 13: 39DD979B5CDC450D7E7D49136B, 78E5E86F6FE3EFC5827BF7F088EC8FF0
+ 14: A1C18979318C625FA4FCB0D40FC0, 6F9508959B87F510F3E7B39FF3237B7E
+ 15: D3A55B637FAF068BC97C52265B7DFC, 8C940DFDC990CAD1A08179784E668012
+ 16: DC120E50B38579CB4A45DC7D45C29AE6, 2E0939B538B26E0009B198D5C3E6DE17
+ 17: 266CD82BBCA8FBC6D146CD10DB417685F9, 0AE1614717E23EEFD5F9BE7916494A71
+ 18: 00741031BC893E10F6B86698B4B3787FA14A, C297ED582832F4B77C7AD820F5637EA7
+ 19: FFCF3CF4B06AA83E05E5C049DA2A4F1AB4843A, F2FB3E63B88B56E9D680560F346C6144
+ 20: 381DDB2637F17F8FFC619AF59A4DCAEA227E95A5, 82D692BD1F86AFD28EE140D021E69532
+ 21: 6267EDEE16E3FD95356079CC4366BCAA0739C5831B, 9D4F17B8A5E85E5CDD18FE16D6BE29F7
+ 22: 0B79A1E9B3EE98DD6EF57E4F23171D84D7250562B4C6, D76DB52F53F51553C604FF17E23253B4
+ 23: 1DED7558063E2F8B18514B8F5A3446981D6CD648ED098B, 0B209EE39335BD6336309D1DE1EBC379
+ 24: E3E3CF278C9FB18005A468674E1EC0CDB5DB5B42ED1CA4D3, 772C852C854303FED2DE41F8437E81C7
+ 25: 8D0F93686527DD62C4101B213B88930E375167E48B04446B90, 11BA6E13F45B82FD916644F859689AE6
+ 26: 1B45865FB91DB5E93D87569DDB8A1CC395381E875E5CA6EAC1F1, 8BCB49BD6D413542DC88156758EF8CBD
+ 27: 06C381B8028DAC54D785CABF55B47AD7BD2CFC6D66C4B538F287F4, DEBFCDB4E6C7A43B7D7E0983D4FC0C87
+ 28: D71A0CE6A88F80CC922189EFCA5696FE5C8F6557AB744698E4A65222, 4DCB5B5B0F9794D776C4C63C3E00C78C
+ 29: 23099CF8578E878B58589D6FFCAC8E6A74B373074D90E0F38ACCFB6117, A5B2C145ECF768842A957E47A8511D2F
+ 30: EC19652D148810E8C714D184263FE7E961FECE4C9CFD30D6921C32D2D4A9, 74B900BA5F4AE547C19221081DDC1F91
+ 31: 9DB58E1FEF922A4A1F99602710ABCA029E8A10383465C62967EB0A466F11AD, 08D4FF277C8DA53A2598201B255B7FD7
+ 32: 1BD03BAB70BE842FDB12E49DEB04AE477335B0B3930E75A27C37EBB1594099E7, 3A6DEAE1C289763C4405DE86544DF401
 
-OCB-safer-k64 (8 byte key)
-  0: , ADC114C0D077300D
-  1: A9, F24A07BC00CAAA0C
-  2: 75A7, DAD101DA4CB6D700
-  3: 0EFFA0, 9A098D97F685CE48
-  4: 16438C72, 739EE029D575F395
-  5: 303FABFBF8, 00C4C2494022E52C
-  6: B1209255BE6C, D068FBF0EA49BAEB
-  7: F784608D57ED05, F3395D67FFDAD746
-  8: 7AF185590214412E, DC524433F8A75A16
-  9: 44FE566F96CF0B8A37, 71846BF7025901E7
- 10: 1618A09FAC353DDB5685, BBDA87FF67B5DF14
- 11: 7F1907238DFBD66679FC63, 48F1009DD129B0B7
- 12: 40B3AD0A9C2B65670C0FD968, BA95C8A250D6EC75
- 13: A64662338728218AE4A9D387D9, DF0079004B48083E
- 14: CBDCDB3E912682AD5990ECCA0453, 102A70C169347128
- 15: 3A924FAFAAE941784360E30D0757AC, 16B8BED72BEC1950
- 16: FB1E63659F958EA320BD015599A3551F, 5AFE10D792095AFD
-
-OCB-safer-sk64 (8 byte key)
-  0: , 52BD1FFF50351BCE
-  1: F7, 4274F3D1A0CF5BA1
-  2: 28B3, 4BD97A9EBA18E5FA
-  3: 1EA215, B6D28CD00E7B1098
-  4: 93129898, 7A9F3FF172C91AE5
-  5: 36BC2888B7, E6A37037F50199F7
-  6: 1A24F1C9D32D, 3A0472F6372EDDE9
-  7: 1A799D9CE0C2CD, E3BFF559234C265D
-  8: 1C43DDAA18FC9A97, 851499FD6C0313C5
-  9: 08AD38225230BDE500, 5B9558370016257E
- 10: 3E00DA672753F931226B, 47901E285CA2AD82
- 11: 892F0D4C2302EDEC2C3587, 1D4C71FB290104E9
- 12: 124E7EBE7D643EB6B2426644, 0DA9ECE397151EFB
- 13: AB1BFEA636E3E4189677433CAF, FEF2E8389207857D
- 14: 79A206C4B23DBBD7422432A32093, 04FE9BD236AAAEB2
- 15: D8997D69B89058F0AE974A241DB76F, F395D15E6F18E555
- 16: CE7B2A79A46AB5F0FC5B55A0F751245F, D6E1523F75489CC9
-
-OCB-safer-k128 (16 byte key)
-  0: , 233F1509E202E728
-  1: E5, 47D8BEBAF965745E
-  2: 754D, 290AF209DF1FAACB
-  3: 76EE38, 2B2077CD08A9F56A
-  4: 54B277EF, 8498AE1104DB117F
-  5: 549B360B06, 8B6B990840CFD666
-  6: 4687E79DAD45, A72CC518980419E2
-  7: 00A89236339443, 1BD4A6F472218B05
-  8: 2898F27243B4DC08, B0CF6DE09DF4F6EB
-  9: C0FD319C9AD18A842F, AD6526380D323480
- 10: BC924B95E3CA0EF2EF51, 262F667D40D4EDE5
- 11: 0255999B9317DE741F3C73, C148B4E3C0D7D6E3
- 12: F4DAAE53F04D5E977CD98015, BB254770D37F80CB
- 13: ADE0774EE8F303A96FA110DE09, 9547EEFE854DD99C
- 14: 0824C8FF6D62C849A8EAEFD06B4C, 613B264BDCD0DF4D
- 15: 6C69F69F3F4A28798E141003E7A9DD, 1BBB5B912118AE95
- 16: 4727E3139B38396F294CC2D532BE5FA5, CE8039B0BF3D7247
-
-OCB-safer-sk128 (16 byte key)
-  0: , 6B06914D0E070584
-  1: 33, 6E16F49996CED793
-  2: 2C9D, 9001E62BEB613A8F
-  3: BA9381, 791EE199D5BFD651
-  4: F7A81D0C, D128ACC4FAB2941E
-  5: 66D1DC880E, 08D3EB7D405F26E0
-  6: 90F8FCEC0067, 23CD39807B169E1F
-  7: 7D559F904AC0E3, A9C685E5657F4A34
-  8: F317A68CAE96032A, 9654658AF84528E0
-  9: 3FC34820F421D931B9, B480CAE6B6D61FFF
- 10: 173ADC60BCCBCFB18966, 1392B2FBB86EA6EE
- 11: E1EDC19C2E4AE5A20668EC, 17A2A7FB18440B50
- 12: 0F346BDD0C5F1685B281493C, 8169618CFBBC84A6
- 13: 74597EA4DB09F6A38565316AA0, 192F1B3F863B20BD
- 14: E5470A157BB18E7456A79C5E40AC, F49954A039514F1E
- 15: F055944B9C518AE9D44AB407C32F35, 0A45830C1175B3A0
- 16: DADA8AEBF57928C9D13EABC840B335A4, 67AE540EAC0129DA
-
-OCB-rc2 (8 byte key)
-  0: , CB28E7BD706EFF65
-  1: C8, 7E3F5A176F71601E
-  2: B632, C91680B7A52A3DFC
-  3: 41435E, A97F1A5EDA202127
-  4: 81BC4015, CDE53BAE0F178F51
-  5: 97628A29F6, 5CFD18FF1112E76F
-  6: 6218ED3F0875, 10F80C337AC529B0
-  7: 797E08DE799E97, A3E5BB262953E00F
-  8: 5ECFED1D31A7207E, 559893E2748E3982
-  9: 91BB1BDF184D3733E7, 9EC128ADD1B550DD
- 10: B31DC920C7EEE1F29E72, F37AE3B755C95181
- 11: 9061478D7846AE093557D6, 9515937DAD0C3859
- 12: 56918DD08F7D60502FDD9CB5, 24B6903992B8107A
- 13: 3F1D1C1F745EAB05459B2DB86E, B4475B5A5ACB91E5
- 14: E00B385EC963602982A0BBDC3182, CA06E1DD1CB9637C
- 15: 40BB2FBC9DD133E3958D5073DF9FF9, 2E5ECB03309630F4
- 16: 0AEE1927D6439C8BFCE6984DEEF2E6E9, 398561F898EE36E5
-
-OCB-des (8 byte key)
-  0: , E5E4D924A3DDA7CE
-  1: BA, 2AEDAEF9CA1A9C7B
-  2: 0F37, A8FF952EBCB5C27C
-  3: 2AAC55, 9D7CD4AEEDAEFBC3
-  4: 9D1A16A0, 5064135780E6BFC9
-  5: E1B26204F1, 1F1D5449C214F528
-  6: 6A0D8B244E3E, 78DAD555E2977E74
-  7: 08CAA94D23DE55, A1A1B7972E3B5413
-  8: C1EAB716F806D038, 906CD254EAD1F9D2
-  9: F4E8F83B0B48250236, 12D96AD38BF22277
- 10: 4FACF4CA8F9D9C1CB61D, 6448284C9D8A6B38
- 11: 8AAD13A87B869AF1FD5CBB, 5C44F3C0642313B4
- 12: E50E78A36CF3AAD27A962F82, B796C10A692F72E4
- 13: CBB785CDA5263F8B45915942FA, D7D18C57408D00C8
- 14: 39EDAA0F16DF4BE3E1F4CC9B93F5, 5A78D4D529E658A2
- 15: 1D8B9D2A0779F31AF61A172E563E21, DD9D78D160903970
- 16: 4F5AFE126EA161ED8EDFA6AD9640B9DC, BE20EEFB088C1BC2
-
-OCB-3des (24 byte key)
-  0: , 30D1F1D526BCDE16
-  1: CA, 737A0D73F465DEC6
-  2: CB98, 3F772C5AC706F24F
-  3: 0C764C, BC80B99A6ED9FBF5
-  4: 01525168, 6DE48387E0F56E2F
-  5: D7463F67FA, 90018E688367A3E7
-  6: BF3DD0750CFE, 6E1965C24DA3E913
-  7: 8EFCACB99A8D0A, 0727B907696F8FAD
-  8: F8E92EF758BA48CB, F863DC4B8E73339C
-  9: 5E9DA0FBDDCD0DD3EF, BE6482A44DC7E537
- 10: 5A5466EA4BB3CAE7B020, FBED57DA0D91AF2F
- 11: 78F1B76EDAE923B875E1A0, B6C4FEB194193A65
- 12: 5CA677153C30E14C457807BA, 7F0FCE7505AF14D4
- 13: E748CE1E7F9FFAB9C9983D16E2, 01D3ABECE0DEA2A2
- 14: CAD89FC73FE93E17D2AB4D8B36E8, D682B9F5F39513C0
- 15: D3B5BDDE86E988628357B3EC622357, 12180A98DBEA8D4B
- 16: C9962CDA2141ECF9F8E5178307E526F7, 105CF6D040987D93
-
-OCB-cast5 (8 byte key)
-  0: , 53EB91E57923FE43
-  1: 53, AC15D2C444C5E407
-  2: F3B4, 448E3405E97FF5F4
-  3: EA2BF7, 23A7798222027AFC
-  4: 2EE3166D, 0BA3E584C8B6C7C7
-  5: 3A8EFA1923, 088B5F14925C1054
-  6: D4C03D32CCBA, 7A19BF98BBE14AF3
-  7: A2CD3D4233DAB8, C44AEB4C39572364
-  8: A0EB1F16AA4E2F82, FB7CC3CB4EC595C0
-  9: DD3A71458B8DAD91CE, 1565FF64BCC0094B
- 10: 399948E91E4EE7D2E0CC, 03BA85E452E52DE8
- 11: 8B589B04321BC35F591499, 14E0DBB700E7BE85
- 12: D2C1A33EBE900EFB656797C8, 13498FF76B676EED
- 13: 534C1BA008EC89D2AF43B21725, EEE64FC92802CCEF
- 14: 5368EB18C2157B667D098B8580BE, AF8BCAAC5AFDB0B8
- 15: 6BD7F55DE1A4718A6B3B6EA4D43031, 1C6BEAC4FE0D480E
- 16: FA1E5410E622051400CAD151211916A7, 3EC52677421255D2
-
-OCB-noekeon (16 byte key)
-  0: , 7F0EEED1FD7FFECEE2CAC95477884E58
-  1: 74, 97B25EB4C8A4A01BD8F4F4CA2AC26B13
-  2: 20FF, B6D315A991297456529355CBAB74B231
-  3: 8FD23D, 6DEC092FBEA42213EE4B795E52A91484
-  4: 868F9D8B, 7A4E1EFD87F0A4D82571E025DC8976DA
-  5: EF59D700F0, A7D7A4CA5AEAA4F193C4CC7A6A311C86
-  6: BCD16ED4DE78, 8C661423A4EBE84AA863BC62894D2FDE
-  7: D1996ECF096D77, C99D7F79307F08986E151F44A9B3409E
-  8: 88BADF7ED86D024C, A39E95FDE8C15D3F0B4D439A3E9512CA
-  9: 2DB1F66EC64B3A3309, B85B0530B581FF599F04E285B0DBD562
- 10: 6627C3586AB1A43777AA, DCD0B6E4749D0D983B777947B2E7DF94
- 11: D47B10151EA15496D68D0A, 5462DBDB94D194DB01D03CB5719799C4
- 12: D997EF4B4782C959D7FEF298, 00E39632CE89CBF5892D8A55BABD66CD
- 13: C3684D24C78AF4542E088949D3, 302FD96F20FA01F841DF8E3FF634EA65
- 14: C0FF61350FFC8FA4CEA857E69770, 1EA083FEEA89B019044A56176D47A209
- 15: 35896DB08FA2B837AE7F73F563F1A5, 5A1DCAA52F051A78552AE4BECDEB5EBD
- 16: C44C28E2EF2B145B57030B5D403300AD, 615F4D3C2342397C323D91BFB6F35537
- 17: 925BFCFD598EE2167823204E531C09D744, 769A60612D34E0D76C65812E437B366B
- 18: 56FF27AF89F9A438EDA0F00D83C864A58C90, 4122513495F866E7A154FFBB49ADE999
- 19: BB9C0633EB07E5053E3BD64B7ADC2D15C497B9, 42074FDF7C3D5919769C3168FC0DA9B7
- 20: E77E666D6B6C206274E8AA6BC21E615399B10B60, 15DE064D9EF7F61518FBC130AFD27633
- 21: 26835663DB363A54E5B5DF6C080579E007A3936979, F4D635FE378D957143EF215FEFF1964F
- 22: 20F33C26AA97C924FAA320D147703A2E44A0CD2DE9D0, 8BF2C8D6A46F938146FD964C272315C4
- 23: ED3EB5440B984DD5DD81136AA7BFF25A51329EEF01FE59, 7A07644AFD20B4AEE7612A8B365CBBFF
- 24: 51086917EFC1EAF5DF11811573ACB5977FCF090E2A287223, EAC6812D7218A315D6859BB7A71899B9
- 25: ABFB3BA3588D0B04ECFAC7A43B8801C5C309AEE607E5EDBE24, AFCC1659F0D6CA1B9FA37ADC5B13E6C3
- 26: 77381C4A7E18FF7FD5F3ED5710B924C7935A9CDC0B8EA761FD68, CBC15B38DCB4549514F49650EA47E4F4
- 27: 91AD26366BDC121CC316BCFF1C73B97D73F4D267F1501967C9724C, 9D4A729FB78ED0A38E741FC380D62323
- 28: E3B7762DEECAA467384D25304A8C20887C3424230D84DA976F6C3316, CC2C5112C9208CFE165DB913FCB8A331
- 29: 7AE2A23472737F9587065CC5254DD64074C6C8D64E7E6198927FA30788, 9F4542664F18DBD85286D59EE8E33D7F
- 30: 67AFAD81B4283C81131D0C7E411872D937A6D657D780FA23D62624B62154, 6B2DBA7CDC032A51D9FBAE63EACA43B7
- 31: 1424442606ECB6ABCA1CDA3CF492357AB7EB828537A9B8E1057644663CBB03, 4B4A8B2C2BEEE927161080570B7E7A8E
- 32: A26EA76C18D7145F8569335458BA0919A7E70BB9EBF328D2C22D07B2CFA6B38E, 0AA05190DA1D44EADC609CED2368737A
-
-OCB-skipjack (10 byte key)
-  0: , 509609FAF6B2A760
-  1: 1C, D19D4AD11B65B435
-  2: 328A, 252CB779130397D6
-  3: 6DA4D8, D67C555D873050DB
-  4: 31D7BF8B, C92EF449E99E4689
-  5: AE263BC571, 4D840A59C00B4462
-  6: D3BFDC4AB208, A28415ACC9B0110A
-  7: A5B72B226A5DDD, B414058C98FD853B
-  8: CAA29B280DDD3C15, 4D26BF4D0C89E38E
-  9: 5254ABED0835B8EB8D, 606061B9A2E80198
- 10: 2EF661B59DD3F2EF31EF, 9185BD6F1AB894B1
- 11: 65124843D1E57AF3F68BD8, 8B3D629B42A7083E
- 12: EEB3427A492FEA461196E2FD, 5B02BB30264C4773
- 13: BDF601AE59455530E8CD5D4733, 42CCC4F51CDD9AD1
- 14: 8563FEEB2847AEA38D940953882C, E233C6110A0E77F8
- 15: 766A8BD4C655ECC0589BD0A3EE65A5, 1374E4A3F96D13F8
- 16: 85BB8A319C9FAC34E3FD694727747DE3, ED65F930AE6DE12A
-
-OCB-anubis (16 byte key)
-  0: , E8D6A3FB8D3E664DA78571CA8BFCB95B
-  1: EA, 03E38265C85DE60108B7098A51B5E341
-  2: 670D, EEC6A709FD9A74551467CE9F330D9032
-  3: 42A726, 1E45B0C7F9B143FE17904412B8F88DA0
-  4: 7AA61A9D, A89163D9B707F3B83082BDCA2CC00712
-  5: C3D7E3EB14, 0DE7F3A68788E854603CEF766A25B63C
-  6: A160A9CCE0C9, 6DC1504CD1368E83BDBC113EB95DD895
-  7: 18415CDBFB78CF, EF372363366B5868AC287F1B43CCD739
-  8: E40D6DD638AA2C9C, CB3B89CAA74ADAD76CD6ACC7C2CEF3B1
-  9: 7AEA37ABB7582721D6, E01A28646610DEB22E7539CBB6696BF4
- 10: 03F16C187F6DEB996299, 74F6018D51DE37D77A30021583F07658
- 11: 9E080BBD30A520A3B47AC5, 0457907DA3AD8467B3F0CA41B82E584F
- 12: E673042F50FD247F04734C59, C7917428BCC7D932DE373CB03954A7C7
- 13: 0A0F2CFB5D4F3F7EAD1B0E3C57, 2717CAA7A3AEE7873969971F884E70FB
- 14: 8DD2128500F515F917862726FCB8, 3313A88FA208776F305F1BB344748E85
- 15: 625D855CFA0097B136B47E41AB21A8, 8B7FB512341B339AAA45F9345B16B66C
- 16: 6DC9BF9F13D8ACED3C07DFE183C4C21D, 1E8B9686F5D564448AE06B5C6408D2BF
- 17: 6193393E9CE9087EF765574FEFCBD599BA, A2C14ED8BDDFDC988AF9CF2C71CF6277
- 18: 3F06E79CEB0FF301A0C6D8076D4241F549E5, E1838748BF36D2D37D477B89E7327338
- 19: 15963F7AD2C5DA43D46523880E0329F70527ED, 6471F1CFAB79ED06BDCFEBDF0AD3C98B
- 20: 3632F3B578836AFC8B9456DEBD853564602AEFD5, 4FE167E3AF7AC854D02758F68DBFFD08
- 21: 576EBD9F85575741C7FB50AB8DC1C9E8762FEAB590, ACB4386F6EA5F1C30C10C1D032A32CF7
- 22: 8DE26C7278A29F8721EBA3B66FC8900242EC213C047E, 46F25D10117CBCDDC5FB2CE2044342E9
- 23: EC5781849EF2B46A02F9624CD225A4FED1E6F876B10437, 014680D2681AA27B55EADF71E198B091
- 24: C7FE74EAC6C697C2878132D127541BC4CCFF6C6EE0AF9926, 9BB9C5AFC2321FE0B771C99B1A4CF273
- 25: 232091C00F1CF16D2A7D05A403412A13A0070491370E86DD53, 5F7AB245670B2D2FF8B70B520ABC4070
- 26: 6D3A0812C0EDF89E4A9EADE407C4E7CBCB068F0BD8463B67B0D9, 96E638BD35F910653098D36EE011A8E1
- 27: BCC775956A49BF8914E37A59D32DB49D334B40133ED0D72692D7D3, 4F9B0FBEEF6DDD17A7D30392E2B14C77
- 28: BFA70C11B18D1E9E74A2C91C967E5F0F9B5A43001ECF7C8F286DFFAE, 0D71543408255921DE67189D999D2A18
- 29: 4FDCE50EF26DCB4106A81554B2F97166C6D9A018E340FDE9E2B7FD350E, 6A73C694FA85CB83272C0EA856B83E0B
- 30: D0C9F3D92BADF1A874DD47B1926B509191AF06D720D4C05F4BB6F314D6DC, 2F54556E01233BE6B309FBD11D2B9289
- 31: CB9F54B5936B90530B68A11A50CA4568AC2423A137066AAE38C2C5420DCBAB, 58277F655B1F71939B61E49200E8DC3B
- 32: 08015545AC92A9F77C8B1ABB42CF3EF2C48C5A1E40C5F0980684A21D8E03F445, 54FA9E6195A3ECE7AF469FC179C36739
-
-OCB-khazad (16 byte key)
-  0: , 2D528A56D24DA0B1
-  1: DD, 195FF8AA3642FCBF
-  2: 8081, F96BF0542DBABB49
-  3: A3BDB4, 53B2301ADA9F2471
-  4: B65B1104, BC470E5528C50AA0
-  5: E3020368BE, 36911628972321F4
-  6: F6D17AFCA3E8, 2BBA5E3BEA80D17F
-  7: CBF398ECFCA361, D79987D6D0751DC8
-  8: D625BD23AC106E16, 91CEEEE861A07568
-  9: E28B40E0D810AB8B28, EC2AB51CB46F101C
- 10: A831B14C2E0F1C583F5E, 17AB8A4B822A4D9C
- 11: 1CA32A525BA0A8A141E852, 7E2A30A9FE7BCA18
- 12: 9B7F20DBEE7E7735FE7BB8A0, E881254902FFB81A
- 13: DEA8DB05EEBD550B9A36B5043C, F7DE10A41ED5450E
- 14: B6681197883BCC1EF3F880D15CC8, 7CC43F7E2D10C161
- 15: B5F13633767C37E2A5BE44B95AC80D, C66A029513179FAF
- 16: BBAB31F93B165465FE5E2133810E46C2, 146A3AA6A6A68E2A
-
-OCB-seed (16 byte key)
-  0: , 31FC3BE15BE66DE898D8E64F043EF5F2
-  1: 13, 71D7F7D74329C74E68209EBCEC6ED76B
-  2: 65DE, 63484B2DB036CE460F25E5F42FB996D9
-  3: A6F3A8, 779A84F1B325BC7746DD61C982C0C84A
-  4: CD93DE8A, 78B2B22BF20F341225D239AD89BC0400
-  5: 39D1DC6410, 6BD9D8849627A1C866C8882686F59F8E
-  6: 1A90FE8478E0, D99148D2185D130069D1007F759F1952
-  7: 7B021158285E6F, D64304C2FCB0C4207E1172D9F5EDFA54
-  8: 3938321C337EB440, 7535C124E443A1AAC16FF84A8A2D4E73
-  9: 69D89353ACD77C251A, 8BE9575D98A8F6BBA1BCF49F0D133A57
- 10: 4FA9D0AA53C795D8B4A6, D424622976F53C3F862D9C09780D134B
- 11: 10E2F16190079B783912FC, 3354E1E8AC4D661B82C1BE44A094E9C0
- 12: 87769AA867DF8624E1C6CC9C, 537FCA01A65D7783E7DF1D337D6F71E9
- 13: 0547E2F6A8017FF31D24EC9F20, 2ECC8DD05C36CCCB1262FFBE6A810E79
- 14: 6B234F55551F86F2478D6A7E910C, 91863300122086508F0259054125736E
- 15: AAF361AFF276F996740A110F1868F8, 9DCF980FB47D0533D168490887E1718F
- 16: 114A274873A4E60CD175DCC60823DE3F, 9C5F32D0D32F82FFE776025BACFFBF20
- 17: B13F7DC743D559613F563315D68EE30AF2, 9FDA482FEFFFE96F8F748A7B0DA24D71
- 18: 79A2D1D9667777680DB25BB68105378B7981, CC45BA5C13450BCDEACEDD602729A337
- 19: 683E53C85E7000019CD5B8C78FB66E3D4EE0C9, AA4533EBB37F197D1402143CCB0887F0
- 20: 546D9B5CF8FB4BC20CE200C67ACBEB79530AEEA8, 5E9C1CF09C360A0F0C386BD93A9C91F5
- 21: 8CB773A96DA7E4A83FA214BC94117CE042CC2620DD, 058229EBA77FF300E0448C29D37C839A
- 22: B13348E2E498E2A02B08CD94B5A66786334B0A415C4B, C9E19F610CC82B0242E8546272D20E3D
- 23: 53BD3612B86412C39B98C322AA0E6352A1A3A66A992EC2, 3880B204A156302679F07932103DD531
- 24: 30E2B86833BE1A5187E65F4EFC24D1F753EA2B5D89C87F06, 99FCBA36AB397837A7F9F53C0EF7DBC6
- 25: 03D03F968292C26A26CA833F5F186ACE9BC5D2B6678C4DC220, 3F34D2FBDFBD688A03C29E49B02DDF04
- 26: D443389FE849AF4A74DBDFA2936C8D7DC0C69721C2B3375DFA24, 10198F7477ECF631207AACEC364638A2
- 27: BAF661D4BA70F9E310CD930F36DE90CCDD9DB3473B8A5747A0B5A8, B080FEBEC0497EB16D978E3B8DFFDB77
- 28: 5FE274B3A042BC903879B600C0DF31EB66A260D8ECAE09E45DFA4650, EB35B008EBB5098CFA03B010E1B4AD4F
- 29: B124A2D8B0187DD409C7CAA44764C587052FB9B4750CA0DB0174D120CB, 2C48CC7B2D61D68B311F294AE6D6292B
- 30: 8488F0C46151994F7798F70F55C7DA1D242B58CFF49BBFF458D5E574EAD0, 94C2D7BB27BBE184AC75213C1147DA71
- 31: 84050C6EBBD37CFCB7DAAC665A15FE459E420FC32CB7677089B236E6EC06F4, 5AC1CDFB43DC955D727FDED9847D9CCE
- 32: 3EF03B96631A35B492DD1DC49D7862AA4D0DBDC9161D46711FA5360C1B4E76C7, 567869D045CF62531A10C6B9C3E4CE29
-
-OCB-kasumi (16 byte key)
-  0: , 8A6AB01A47834615
-  1: 23, 5184BF3E82D10C7F
-  2: FDDB, EA45B282D973729D
-  3: 8E3693, 432EFEDC2F238A6C
-  4: 2409AE69, 7899D1928D55C08B
-  5: CA037E6EF1, CA831CE963C9AD95
-  6: BC530A4140A2, EA77571BFFF105A1
-  7: 98B672C2D201EF, 607822313DBC9796
-  8: 26F9AB69E145B531, 7951CE4DC8C47F98
-  9: 30BFC33675F27F7EEB, D17DC60BF79939D2
- 10: F5F816B636D91279AC1C, E2C7B48991DEEF2F
- 11: 705C47FABE7905757C0ED2, AADB2A403B861D55
- 12: 50DEB9C57870B744152ADF08, CB6126DAB93504D1
- 13: 767CB16AA8380C8F25A28A2039, F2C271CC48E067E6
- 14: 3A67656FD8B6ABA8BE7F3BE6C123, 462B6736DF6DC3B1
- 15: 21FB98C62DF932E70D05EB915BA8CF, AEFB635A4E0B6C60
- 16: EA8305ADB368267AB86F3ADDE5EE1719, 97E72E1B174A04F7
-
-OCB-multi2 (40 byte key)
-  0: , AF7F5567D2CFBAA8
-  1: 15, 66BDF680986FAD17
-  2: C94C, D35B49ADC2B24181
-  3: A0516B, DBA6331562F87FE7
-  4: 49C24A69, 6B88C358FF40AD0F
-  5: E1839EFAB4, 08B6C2F97518E402
-  6: 71CF3D6DC458, 7CA89CC9D23CF4CE
-  7: 02AC7B36DCD0CC, 00331F043D5FB756
-  8: 216F3088BE2553AA, 8A58C76BF8EBC046
-  9: DA0CC0753327707AE3, 8716B1FB7196CB14
- 10: 12B88569BDAAACA144AE, 71A031364BF44ECD
- 11: 35B7F2ECD911F86DA2040C, 7649CD32D29AA258
- 12: BF20840BA08B0C85BEAC80B6, C8BD34015F1E3578
- 13: 2A3F508352AA5673BD5A880093, 9987F70EF92CE4E6
- 14: 5DC44D52A234D9A1ABA4C9BF8301, 728D3D9BC56140E7
- 15: 5FCB0AF77D9BA605056BA9178B15FC, A59675797C1307E2
- 16: 09BB95F7F998572CC38719BC4047BA3A, 5F4DA28D281C7FE9
-
-OCB-camellia (16 byte key)
-  0: , 3F877FAB2796D87C990AE311F952ABD1
-  1: 00, DD1FC339F770744F39B1A41A3A82CAEA
-  2: 2676, D350A1789213678BDCF07F1C42856456
-  3: F2BF5D, 012AD9BAA22496920EAC7ED7747C261E
-  4: 7C421EA6, 1187E883BE6BD6D6A67F175B187F276C
-  5: E709524F55, 36B849B052B8C5BA55AD9526333C0FF2
-  6: F49A3BEDA44C, CBCDE03DD9C5EBC7591329C5023F4F7C
-  7: 6BC6BA030C3E8A, 726E39A65F92ED22728ED4351DEECCFA
-  8: EBFCF5FED85EEACC, 5E390FA62857DAC97225368029263E00
-  9: 3DD92B177D039DF76F, 224D361D1A7D660485A9B3FD11DE370A
- 10: C90774C14A42828E7EDB, E6A48823F8F004EE5A178C37B87BA06A
- 11: 39089E93DC6E76B827B701, C2AAC46E4D1DE7F319B1E2592F9A29B9
- 12: 0C0C8ED5B3DD2C0A67606172, 2EA84EE1736B4F6F0C0A133C345B328E
- 13: AF6770413CDF0DCE68F447F76D, AB462C2F2524940FAB9A57A17FA2783B
- 14: C210E4CBBB5FD339B3FF90A722BD, 05A92BEFBFFEDA7F5FEB9BBC6E7BC363
- 15: 90FC04748C52CAA59BF6C92FF11F1B, 991C959C9E3B58D783120FAFF45C29E6
- 16: AB86F4DC4EDD4556F168A98249235F02, 92585560E23DFCF81B8551AA94135BB2
- 17: A160C9534C3E2185013F6D5D76E0218E7D, 9A3CDDFB67DB71D8E5BC4BE4D8EFDC4B
- 18: C08635F10D090C6A5DF4DC43DD9B58D50EC5, CC8A076D653B3FBC2AE34A8A0FF42609
- 19: 24C18B9EED5029BFAE91D440608BE46F9798AA, 9A56608D45081C2E5A8C9CC163A307DE
- 20: 5946CFA51DD90646F09CE74F96D4603CFB20B7A2, 1CD0CE9985AC99F2600B5D762BF46EC0
- 21: 08D8BB0667DC8106E365D7D685392DB987EFA5D3DF, C969DB2859DB494DDD57E9F93CF2C279
- 22: 4AF8331829032CD8BCFEF44CFB2DBC8F0931E055B7A2, 623C86EC7059B580124530CA201740F0
- 23: 45A7C23FD71657BEDA626937C187038D9E1872FBE029D8, 32E954062276603C2F588852C6A17B6F
- 24: 2EACBAD372A281A6AC79D6A13EF4D8F5FB0AA15224C7DBEF, 059A4622EB369FFD2A50565351202907
- 25: 405576484E48609F1BB950DEBE5F3915660A80E632E033DB4C, CAEAAB99D713B860F29E03AF719B5FC6
- 26: CC701CFF33D7CD69D6E9C20E15FC629B5375A3C9F8A9CCBB194A, B5F1CCD9E6C6DA25766CC11FFF313040
- 27: 1FD00A679D2F29518B5663A10CEBB83975C1D3183FD9F9617BBCB8, 03FCE87FFFEE68464DBCF9181280C0EB
- 28: B92D0C160F1A13504B55D9969CF9A51A3F0DFCB4911F7A4712D0E8FC, 8B858E49BFEE49A17F2D7E9A83CF2143
- 29: 5EC88A34A42C155A1F59947BBFD90B3FC8699EC8294EDEBEA75D8416CE, 1B8A62889CDCFAAB60FE80D8E9B764CE
- 30: 1A2D76510AA8AEC8ADCC71458E13592DDEC46CB2C92D551CDF4DA3C190F4, AD08510F3F1A2CBC608634D6431BECD5
- 31: 19ECDC6B7F8EC795F9E6D7E0E02F410228F9EBDA404BF3D998F99D938D3009, 58AF4CAFE7DDE4E99EC617D3A2AE600D
- 32: 6FCB93EBC43D6EE05E3EF20109328DFABE6D9D814BFCB7180AE36BBA1B96ECC8, 36032D6860317FF56E7033DCD8161FDC
+OCB3-camellia (16 byte key)
+  0: , DFF7EA9ECD4E2AD37B9838E85F9D36EB
+  1: 1B, D5D37222F530EA2C282A4D8BC55A08EA
+  2: B73C, 5163F4BD7CBC03DA1B31C7C1105B5511
+  3: 42B8CB, 997087C18C191D560E3FCF70E77A3C15
+  4: F533FD5E, 15275FBDDED6459BFD8FBB8FA08DDD3F
+  5: CA7A675DD6, 11604097A97E10A4724799DC6A349F34
+  6: 00F4D4CAC81D, 9165C7B49928D47A8F3C17C0B029F44E
+  7: 8751CBEEC4D29C, F541920B2E92DE956B6468EF83DFECB0
+  8: B851DACF29824BF3, C16660EB40CF830FFD263C52C1FA8C97
+  9: 8646C3D808426E03E8, DB30D0CE9F7DA93162D69D42F0B4C644
+ 10: 0715BC4E51EAF610956D, 2475EAB0B92533BD574550F316C86746
+ 11: 12F6C6BE1A4AAD391BCDB4, F1F387AB03A4E36965CF41C6842950C4
+ 12: 4F85DAC1AB5B6D48CFA75266, 57B3ACD0FB6D2F8B672BF097E7C559A9
+ 13: FCD56B0CAF30F6A29324AA3067, 437461CFA9DE7562A572085439CE5B5D
+ 14: 612BD3BDAA826CCCC76722699D51, 90863205C506D85FEE095B32F3E1DF93
+ 15: 5C85AFD2B6A6FC85B282B57D48642E, C59DBD94D744A6F3745EBD9D4EBAE0F4
+ 16: 64173080FB3CB43EA8FD41F23DB88587, D80103E4C578DD4B79A23372E34ED967
+ 17: DBA50DDBF3B3F064F8E40967EB53769FB3, 4751B6EEAA9B2E49BF8B23A3BA13807D
+ 18: 04B8D0D351F3FA3B3B3F641A244EF7036825, 6BB18750DCEBD39DC25E42233475BE7E
+ 19: A15A0C3E91CE8AC01C8A5291D24FA0514453A8, 5DDC4FB9D6C7AAF7660B763EADAAD969
+ 20: 6E223B742F768FA57651AD90B6BDFAA772E6AC04, C987C8A3A27605B6CE04B25777286875
+ 21: 1FBFEA7AB374D972FBF76456048F77745D8E7B64C1, C301981D5C17473953B00818967E9230
+ 22: D642F5D05092443C776E53D6FCF2B65F6D25E8E98F89, 5E87E6BFA1EBD436909126197B2CCAA5
+ 23: A8270C56D2A0084670A0C5D8DA2B495A849D1BFC571912, C4D32192AC893C87C900EE2F80443789
+ 24: 431ED5C50F16D509C8229156E9BF0A7E1998F48F0032D91C, 960F4467E129A002CAC3F75EACCC7D73
+ 25: DB57EDEBCAA10C4B8E0194CEE7E778FDEFA88424883DC476DC, 069F456F5AF43492AEDC7FC24A0ED875
+ 26: DC8AF80FE840605041638184A00F683FB0AB86C4067550B4DB49, 862057189AC987639992EA9F49C7158E
+ 27: 6A67318A81F95E33F741C95BCBCD8623CBF26D2D8801D0E745DFB6, 22DA5E8C63CEBC5A6957FB1A01AC7571
+ 28: 70587F34F31CF711F2558C7DB1B04334DD58D850930ACDD5825EE131, D2436CA4FC757B16509CECA1272A2955
+ 29: 736DF200A877930DA3EC2FD0AF53F08285E02EFB519A443F50B9E2F1F1, 22607EA2C6F1AE1B73785554F9440F2B
+ 30: 62248D90EA60163F9CBDFAEC498802AA816915273093D375B02BBE22241B, BFADB3689B3863AB997D101380F7156A
+ 31: 41C092516DC494E4E165EABAF939858EDAE3D3DAE488D14EFDB0E850675565, F45307A495AFE24E29E2AB744311F07C
+ 32: EFFEAF5A73C2A825AFEE12A2BE80406937C75D4264FD937A310FA57C7D5D01CB, 3B430C0DA47DAA069FCC5C92C5427396
 

notes/rsa-testvectors/oaep-int.txt

@@ -16,4 +16,4 @@ scan_build=$(which scan-build)
 [ -z "$scan_build" ] && { echo "couldn't find clang scan-build"; exit 1; } || echo "run $scan_build"
 export CFLAGS="-DUSE_LTM -DLTM_DESC -I/usr/include"
 export EXTRALIBS="-ltommath"
-$scan_build make -f makefile.unix all CFLAGS="$CFLAGS" EXTRALIBS="$EXTRALIBS"
+$scan_build --status-bugs make -f makefile.unix all CFLAGS="$CFLAGS" EXTRALIBS="$EXTRALIBS"

src/encauth/chachapoly/chacha20poly1305_memory.c

@@ -15,8 +15,8 @@
   Process an entire GCM packet in one call.
   @param key               The secret key
   @param keylen            The length of the secret key
-  @param iv                The initial vector
-  @param ivlen             The length of the initial vector
+  @param iv                The initialization vector
+  @param ivlen             The length of the initialization vector
   @param aad               The additional authentication data (header)
   @param aadlen            The length of the aad
   @param in                The plaintext

src/encauth/chachapoly/chacha20poly1305_setiv.c

@@ -15,7 +15,7 @@
   Set IV + counter data to the ChaCha20Poly1305 state and reset the context
   @param st     The ChaCha20Poly1305 state
   @param iv     The IV data to add
-  @param inlen  The length of the IV (must be 12 or 8)
+  @param ivlen  The length of the IV (must be 12 or 8)
   @return CRYPT_OK on success
  */
 int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen)

src/encauth/chachapoly/chacha20poly1305_setiv_rfc7905.c

@@ -15,7 +15,7 @@
   Set IV + counter data (with RFC7905-magic) to the ChaCha20Poly1305 state and reset the context
   @param st     The ChaCha20Poly1305 state
   @param iv     The IV data to add
-  @param inlen  The length of the IV (must be 12 or 8)
+  @param ivlen  The length of the IV (must be 12 or 8)
   @param sequence_number   64bit sequence number which is incorporated into IV as described in RFC7905
   @return CRYPT_OK on success
  */

src/encauth/eax/eax_decrypt_verify_memory.c

@@ -55,6 +55,9 @@ int eax_decrypt_verify_memory(int cipher,
    /* default to zero */
    *stat = 0;
 
+   /* limit taglen */
+   taglen = MIN(taglen, MAXBLOCKSIZE);
+
    /* allocate ram */
    buf = XMALLOC(taglen);
    eax = XMALLOC(sizeof(*eax));

src/encauth/eax/eax_test.c

@@ -242,8 +242,7 @@ int eax_test(void)
         }
         if ((res != 1) || compare_testvector(outct, tests[x].msglen, tests[x].plaintext, tests[x].msglen, "EAX", x)) {
 #ifdef LTC_TEST_DBG
-           printf("\n\nEAX: Failure-decrypt\n");
-           printf("\nres = %d\n\n", res);
+           printf("\n\nEAX: Failure-decrypt - res = %d\n", res);
 #endif
            return CRYPT_FAIL_TESTVECTOR;
         }

src/encauth/gcm/gcm_add_aad.c

@@ -46,6 +46,8 @@ int gcm_add_aad(gcm_state *gcm,
 
    /* in IV mode? */
    if (gcm->mode == LTC_GCM_MODE_IV) {
+      /* IV length must be > 0 */
+      if (gcm->buflen == 0 && gcm->totlen == 0) return CRYPT_ERROR;
       /* let's process the IV */
       if (gcm->ivmode || gcm->buflen != 12) {
          for (x = 0; x < (unsigned long)gcm->buflen; x++) {

src/encauth/gcm/gcm_done.c

@@ -40,6 +40,15 @@ int gcm_done(gcm_state *gcm,
       return err;
    }
 
+   if (gcm->mode == LTC_GCM_MODE_IV) {
+      /* let's process the IV */
+      if ((err = gcm_add_aad(gcm, NULL, 0)) != CRYPT_OK) return err;
+   }
+
+   if (gcm->mode == LTC_GCM_MODE_AAD) {
+      /* let's process the AAD */
+      if ((err = gcm_process(gcm, NULL, 0, NULL, 0)) != CRYPT_OK) return err;
+   }
 
    if (gcm->mode != LTC_GCM_MODE_TEXT) {
       return CRYPT_INVALID_ARG;

src/encauth/gcm/gcm_memory.c

@@ -20,8 +20,8 @@
   @param cipher            Index of cipher to use
   @param key               The secret key
   @param keylen            The length of the secret key
-  @param IV                The initial vector
-  @param IVlen             The length of the initial vector
+  @param IV                The initialization vector
+  @param IVlen             The length of the initialization vector
   @param adata             The additional authentication data (header)
   @param adatalen          The length of the adata
   @param pt                The plaintext

src/encauth/gcm/gcm_process.c

@@ -52,6 +52,11 @@ int gcm_process(gcm_state *gcm,
       return CRYPT_INVALID_ARG;
    }
 
+   if (gcm->mode == LTC_GCM_MODE_IV) {
+      /* let's process the IV */
+      if ((err = gcm_add_aad(gcm, NULL, 0)) != CRYPT_OK) return err;
+   }
+
    /* in AAD mode? */
    if (gcm->mode == LTC_GCM_MODE_AAD) {
       /* let's process the AAD */

src/encauth/gcm/gcm_test.c

@@ -325,6 +325,7 @@ int gcm_test(void)
    int           idx, err;
    unsigned long x, y;
    unsigned char out[2][128], T[2][16];
+   gcm_state gcm;
 
    /* find aes */
    idx = find_cipher("aes");
@@ -335,6 +336,14 @@ int gcm_test(void)
       }
    }
 
+   /* Special test case for empty AAD + empty PT */
+   y = sizeof(T[0]);
+   if ((err = gcm_init(&gcm, idx, tests[0].K, tests[0].keylen)) != CRYPT_OK) return err;
+   if ((err = gcm_add_iv(&gcm, tests[0].IV, tests[0].IVlen)) != CRYPT_OK)    return err;
+   /* intentionally skip gcm_add_aad + gcm_process */
+   if ((err = gcm_done(&gcm, T[0], &y)) != CRYPT_OK)                         return err;
+   if (compare_testvector(T[0], y, tests[0].T, 16, "GCM Encrypt Tag-special", 0))      return CRYPT_FAIL_TESTVECTOR;
+
    for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
        y = sizeof(T[0]);
        if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,

src/encauth/ocb/ocb_test.c

@@ -191,8 +191,7 @@ int ocb_test(void)
         }
         if ((res != 1) || compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB", x)) {
 #ifdef LTC_TEST_DBG
-           printf("\n\nOCB: Failure-decrypt\n");
-           printf("\nres = %d\n\n", res);
+           printf("\n\nOCB: Failure-decrypt - res = %d\n", res);
 #endif
            return CRYPT_FAIL_TESTVECTOR;
         }

src/encauth/ocb3/ocb3_add_aad.c

@@ -15,6 +15,32 @@
 
 #ifdef LTC_OCB3_MODE
 
+/**
+   Add one block of AAD data (internal function)
+   @param ocb        The OCB state
+   @param aad_block  [in] AAD data (block_len size)
+   @return CRYPT_OK if successful
+*/
+static int _ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block)
+{
+   unsigned char tmp[MAXBLOCKSIZE];
+   int err;
+
+   /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
+   ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_[ocb3_int_ntz(ocb->ablock_index)], ocb->block_len);
+
+   /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
+   ocb3_int_xor_blocks(tmp, aad_block, ocb->aOffset_current, ocb->block_len);
+   if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) {
+     return err;
+   }
+   ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len);
+
+   ocb->ablock_index++;
+
+   return CRYPT_OK;
+}
+
 /**
    Add AAD - additional associated data
    @param ocb       The OCB state
@@ -28,10 +54,9 @@ int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen
    unsigned char *data;
    unsigned long datalen, l;
 
-   LTC_ARGCHK(ocb    != NULL);
-   LTC_ARGCHK(aad    != NULL);
-
+   LTC_ARGCHK(ocb != NULL);
    if (aadlen == 0) return CRYPT_OK;
+   LTC_ARGCHK(aad != NULL);
 
    if (ocb->adata_buffer_bytes > 0) {
      l = ocb->block_len - ocb->adata_buffer_bytes;
@@ -40,7 +65,7 @@ int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen
      ocb->adata_buffer_bytes += l;
 
      if (ocb->adata_buffer_bytes == ocb->block_len) {
-       if ((err = ocb3_int_aad_add_block(ocb, ocb->adata_buffer)) != CRYPT_OK) {
+       if ((err = _ocb3_int_aad_add_block(ocb, ocb->adata_buffer)) != CRYPT_OK) {
          return err;
        }
        ocb->adata_buffer_bytes = 0;
@@ -61,7 +86,7 @@ int ocb3_add_aad(ocb3_state *ocb, const unsigned char *aad, unsigned long aadlen
    last_block_len = datalen - full_blocks_len;
 
    for (x=0; x<full_blocks; x++) {
-     if ((err = ocb3_int_aad_add_block(ocb, data+x*ocb->block_len)) != CRYPT_OK) {
+     if ((err = _ocb3_int_aad_add_block(ocb, data+x*ocb->block_len)) != CRYPT_OK) {
        return err;
      }
    }

src/encauth/ocb3/ocb3_decrypt.c

@@ -30,8 +30,10 @@ int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen,
    unsigned char *pt_b, *ct_b;
 
    LTC_ARGCHK(ocb != NULL);
-   LTC_ARGCHK(pt  != NULL);
-   LTC_ARGCHK(ct  != NULL);
+   if (ctlen == 0) return CRYPT_OK; /* no data, nothing to do */
+   LTC_ARGCHK(ct != NULL);
+   LTC_ARGCHK(pt != NULL);
+
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       return err;
    }

src/encauth/ocb3/ocb3_decrypt_last.c

@@ -30,7 +30,12 @@ int ocb3_decrypt_last(ocb3_state *ocb, const unsigned char *ct, unsigned long ct
    int err, x, full_blocks, full_blocks_len, last_block_len;
 
    LTC_ARGCHK(ocb != NULL);
-   LTC_ARGCHK(ct  != NULL);
+   if (ct == NULL) LTC_ARGCHK(ctlen == 0);
+   if (ctlen != 0) {
+      LTC_ARGCHK(ct    != NULL);
+      LTC_ARGCHK(pt    != NULL);
+   }
+
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       goto LBL_ERR;
    }

src/encauth/ocb3/ocb3_decrypt_verify_memory.c

@@ -46,16 +46,14 @@ int ocb3_decrypt_verify_memory(int cipher,
    unsigned char *buf;
    unsigned long  buflen;
 
-   LTC_ARGCHK(key    != NULL);
-   LTC_ARGCHK(nonce  != NULL);
-   LTC_ARGCHK(pt     != NULL);
-   LTC_ARGCHK(ct     != NULL);
-   LTC_ARGCHK(tag    != NULL);
    LTC_ARGCHK(stat    != NULL);
 
    /* default to zero */
    *stat = 0;
 
+   /* limit taglen */
+   taglen = MIN(taglen, MAXBLOCKSIZE);
+
    /* allocate memory */
    buf = XMALLOC(taglen);
    ocb = XMALLOC(sizeof(ocb3_state));
@@ -69,12 +67,14 @@ int ocb3_decrypt_verify_memory(int cipher,
       return CRYPT_MEM;
    }
 
-   if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen)) != CRYPT_OK) {
+   if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, taglen)) != CRYPT_OK) {
       goto LBL_ERR;
    }
 
-   if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
-      goto LBL_ERR;
+   if (adata != NULL || adatalen != 0) {
+      if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
+         goto LBL_ERR;
+      }
    }
 
    if ((err = ocb3_decrypt_last(ocb, ct, ctlen, pt)) != CRYPT_OK) {

src/encauth/ocb3/ocb3_done.c

@@ -34,6 +34,12 @@ int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen)
       goto LBL_ERR;
    }
 
+   /* check taglen */
+   if ((int)*taglen < ocb->tag_len) {
+      *taglen = (unsigned long)ocb->tag_len;
+      return CRYPT_BUFFER_OVERFLOW;
+   }
+
    /* finalize AAD processing */
 
    if (ocb->adata_buffer_bytes>0) {
@@ -64,13 +70,9 @@ int ocb3_done(ocb3_state *ocb, unsigned char *tag, unsigned long *taglen)
    /* tag = tag ^ HASH(K, A) */
    ocb3_int_xor_blocks(tmp, ocb->tag_part, ocb->aSum_current, ocb->block_len);
 
-   /* fix taglen if needed */
-   if ((int)*taglen > ocb->block_len) {
-     *taglen = (unsigned long)ocb->block_len;
-   }
-
    /* copy tag bytes */
-   for(x=0; x<(int)*taglen; x++) tag[x] = tmp[x];
+   for(x = 0; x < ocb->tag_len; x++) tag[x] = tmp[x];
+   *taglen = (unsigned long)ocb->tag_len;
 
    err = CRYPT_OK;
 

src/encauth/ocb3/ocb3_encrypt.c

@@ -30,8 +30,10 @@ int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen,
    unsigned char *pt_b, *ct_b;
 
    LTC_ARGCHK(ocb != NULL);
-   LTC_ARGCHK(pt  != NULL);
-   LTC_ARGCHK(ct  != NULL);
+   if (ptlen == 0) return CRYPT_OK; /* no data, nothing to do */
+   LTC_ARGCHK(pt != NULL);
+   LTC_ARGCHK(ct != NULL);
+
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       return err;
    }

src/encauth/ocb3/ocb3_encrypt_authenticate_memory.c

@@ -42,11 +42,6 @@ int ocb3_encrypt_authenticate_memory(int cipher,
    int err;
    ocb3_state *ocb;
 
-   LTC_ARGCHK(key    != NULL);
-   LTC_ARGCHK(nonce  != NULL);
-   LTC_ARGCHK(pt     != NULL);
-   LTC_ARGCHK(ct     != NULL);
-   LTC_ARGCHK(tag    != NULL);
    LTC_ARGCHK(taglen != NULL);
 
    /* allocate memory */
@@ -55,12 +50,14 @@ int ocb3_encrypt_authenticate_memory(int cipher,
       return CRYPT_MEM;
    }
 
-   if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen)) != CRYPT_OK) {
+   if ((err = ocb3_init(ocb, cipher, key, keylen, nonce, noncelen, *taglen)) != CRYPT_OK) {
       goto LBL_ERR;
    }
 
-   if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
-      goto LBL_ERR;
+   if (adata != NULL || adatalen != 0) {
+      if ((err = ocb3_add_aad(ocb, adata, adatalen)) != CRYPT_OK) {
+         goto LBL_ERR;
+      }
    }
 
    if ((err = ocb3_encrypt_last(ocb, pt, ptlen, ct)) != CRYPT_OK) {

src/encauth/ocb3/ocb3_encrypt_last.c

@@ -30,7 +30,12 @@ int ocb3_encrypt_last(ocb3_state *ocb, const unsigned char *pt, unsigned long pt
    int err, x, full_blocks, full_blocks_len, last_block_len;
 
    LTC_ARGCHK(ocb != NULL);
-   LTC_ARGCHK(pt  != NULL);
+   if (pt == NULL) LTC_ARGCHK(ptlen == 0);
+   if (ptlen != 0) {
+      LTC_ARGCHK(pt    != NULL);
+      LTC_ARGCHK(ct    != NULL);
+   }
+
    if ((err = cipher_is_valid(ocb->cipher)) != CRYPT_OK) {
       goto LBL_ERR;
    }

src/encauth/ocb3/ocb3_init.c

@@ -15,6 +15,51 @@
 
 #ifdef LTC_OCB3_MODE
 
+static void _ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen, unsigned long taglen)
+{
+   int x, y, bottom;
+   int idx, shift;
+   unsigned char iNonce[MAXBLOCKSIZE];
+   unsigned char iKtop[MAXBLOCKSIZE];
+   unsigned char iStretch[MAXBLOCKSIZE+8];
+
+   /* Nonce = zeros(127-bitlen(N)) || 1 || N          */
+   zeromem(iNonce, sizeof(iNonce));
+   for (x = ocb->block_len-1, y=0; y<(int)noncelen; x--, y++) {
+     iNonce[x] = nonce[noncelen-y-1];
+   }
+   iNonce[x] = 0x01;
+   iNonce[0] |= ((taglen*8) % 128) << 1;
+
+   /* bottom = str2num(Nonce[123..128])               */
+   bottom = iNonce[ocb->block_len-1] & 0x3F;
+
+   /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))   */
+   iNonce[ocb->block_len-1] = iNonce[ocb->block_len-1] & 0xC0;
+   if ((cipher_descriptor[ocb->cipher].ecb_encrypt(iNonce, iKtop, &ocb->key)) != CRYPT_OK) {
+      zeromem(ocb->Offset_current, ocb->block_len);
+      return;
+   }
+
+   /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */
+   for (x = 0; x < ocb->block_len; x++) {
+     iStretch[x] = iKtop[x];
+   }
+   for (y = 0; y < 8; y++) {
+     iStretch[x+y] = iKtop[y] ^ iKtop[y+1];
+   }
+
+   /* Offset_0 = Stretch[1+bottom..128+bottom]        */
+   idx = bottom / 8;
+   shift = (bottom % 8);
+   for (x = 0; x < ocb->block_len; x++) {
+      ocb->Offset_current[x] = iStretch[idx+x] << shift;
+      if (shift > 0) {
+        ocb->Offset_current[x] |= iStretch[idx+x+1] >> (8-shift);
+      }
+   }
+}
+
 static const struct {
     int           len;
     unsigned char poly_mul[MAXBLOCKSIZE];
@@ -36,12 +81,14 @@ static const struct {
    @param key       The secret key
    @param keylen    The length of the secret key (octets)
    @param nonce     The session nonce
-   @param noncelen  The length of the session nonce (octets)
+   @param noncelen  The length of the session nonce (octets, up to 15)
+   @param taglen    The length of the tag (octets, up to 16)
    @return CRYPT_OK if successful
 */
 int ocb3_init(ocb3_state *ocb, int cipher,
              const unsigned char *key, unsigned long keylen,
-             const unsigned char *nonce, unsigned long noncelen)
+             const unsigned char *nonce, unsigned long noncelen,
+             unsigned long taglen)
 {
    int poly, x, y, m, err;
    unsigned char *previous, *current;
@@ -56,6 +103,23 @@ int ocb3_init(ocb3_state *ocb, int cipher,
    }
    ocb->cipher = cipher;
 
+   /* Valid Nonce?
+    * As of RFC7253: "string of no more than 120 bits" */
+   if (noncelen > (120/8)) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   /* The blockcipher must have a 128-bit blocksize */
+   if (cipher_descriptor[cipher].block_length != 16) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   /* The TAGLEN may be any value up to 128 (bits) */
+   if (taglen > 16) {
+      return CRYPT_INVALID_ARG;
+   }
+   ocb->tag_len = taglen;
+
    /* determine which polys to use */
    ocb->block_len = cipher_descriptor[cipher].block_length;
    x = (int)(sizeof(polys)/sizeof(polys[0]));
@@ -108,7 +172,7 @@ int ocb3_init(ocb3_state *ocb, int cipher,
    }
 
    /* initialize ocb->Offset_current = Offset_0 */
-   ocb3_int_calc_offset_zero(ocb, nonce, noncelen);
+   _ocb3_int_calc_offset_zero(ocb, nonce, noncelen, taglen);
 
    /* initialize checksum to all zeros */
    zeromem(ocb->checksum, ocb->block_len);

src/encauth/ocb3/ocb3_int_aad_add_block.c

@@ -1,49 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
-   @file ocb3_int_aad_add_block.c
-   OCB implementation, INTERNALL ONLY helper, by Karel Miko
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
-   Add one block of AAD data (internal function)
-   @param ocb        The OCB state
-   @param aad_block  [in] AAD data (block_len size)
-   @return CRYPT_OK if successful
-*/
-int ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block)
-{
-   unsigned char tmp[MAXBLOCKSIZE];
-   int err;
-
-   /* Offset_i = Offset_{i-1} xor L_{ntz(i)} */
-   ocb3_int_xor_blocks(ocb->aOffset_current, ocb->aOffset_current, ocb->L_[ocb3_int_ntz(ocb->ablock_index)], ocb->block_len);
-
-   /* Sum_i = Sum_{i-1} xor ENCIPHER(K, A_i xor Offset_i) */
-   ocb3_int_xor_blocks(tmp, aad_block, ocb->aOffset_current, ocb->block_len);
-   if ((err = cipher_descriptor[ocb->cipher].ecb_encrypt(tmp, tmp, &ocb->key)) != CRYPT_OK) {
-     return err;
-   }
-   ocb3_int_xor_blocks(ocb->aSum_current, ocb->aSum_current, tmp, ocb->block_len);
-
-   ocb->ablock_index++;
-
-   return CRYPT_OK;
-}
-
-#endif
-
-
-/* ref:         $Format:%D$ */
-/* git commit:  $Format:%H$ */
-/* commit time: $Format:%ai$ */

src/encauth/ocb3/ocb3_int_calc_offset_zero.c

@@ -1,72 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- */
-
-/**
-   @file ocb3_int_calc_offset_zero.c
-   OCB implementation, INTERNAL ONLY helper, by Karel Miko
-*/
-#include "tomcrypt.h"
-
-#ifdef LTC_OCB3_MODE
-
-/**
-   Sets 'ocb->Offset_current' to 'Offset_0' value (internal function)
-   @param ocb       The OCB state
-   @param nonce     The session nonce
-   @param noncelen  The length of the session nonce (octets)
-*/
-void ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen)
-{
-   int x, y, bottom;
-   int idx, shift;
-   unsigned char iNonce[MAXBLOCKSIZE];
-   unsigned char iKtop[MAXBLOCKSIZE];
-   unsigned char iStretch[MAXBLOCKSIZE+8];
-
-   /* Nonce = zeros(127-bitlen(N)) || 1 || N          */
-   zeromem(iNonce, sizeof(iNonce));
-   for (x = ocb->block_len-1, y=0; y<(int)noncelen; x--, y++) {
-     iNonce[x] = nonce[noncelen-y-1];
-   }
-   iNonce[x] = 0x01;
-
-   /* bottom = str2num(Nonce[123..128])               */
-   bottom = iNonce[ocb->block_len-1] & 0x3F;
-
-   /* Ktop = ENCIPHER(K, Nonce[1..122] || zeros(6))   */
-   iNonce[ocb->block_len-1] = iNonce[ocb->block_len-1] & 0xC0;
-   if ((cipher_descriptor[ocb->cipher].ecb_encrypt(iNonce, iKtop, &ocb->key)) != CRYPT_OK) {
-      zeromem(ocb->Offset_current, ocb->block_len);
-      return;
-   }
-
-   /* Stretch = Ktop || (Ktop[1..64] xor Ktop[9..72]) */
-   for (x = 0; x < ocb->block_len; x++) {
-     iStretch[x] = iKtop[x];
-   }
-   for (y = 0; y < 8; y++) {
-     iStretch[x+y] = iKtop[y] ^ iKtop[y+1];
-   }
-
-   /* Offset_0 = Stretch[1+bottom..128+bottom]        */
-   idx = bottom / 8;
-   shift = (bottom % 8);
-   for (x = 0; x < ocb->block_len; x++) {
-      ocb->Offset_current[x] = iStretch[idx+x] << shift;
-      if (shift > 0) {
-        ocb->Offset_current[x] |= iStretch[idx+x+1] >> (8-shift);
-      }
-   }
-}
-
-#endif
-
-/* ref:         $Format:%D$ */
-/* git commit:  $Format:%H$ */
-/* commit time: $Format:%ai$ */

src/encauth/ocb3/ocb3_test.c

@@ -27,7 +27,7 @@ int ocb3_test(void)
    /* test vectors from: http://tools.ietf.org/html/draft-krovetz-ocb-03 */
    unsigned char key[16]   = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
    unsigned char nonce[12] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0A,0x0B };
-   static const struct {
+   const struct {
          int ptlen;
          int aadlen;
          unsigned char pt[64], aad[64], ct[64], tag[16];
@@ -163,10 +163,50 @@ int ocb3_test(void)
    },
 
 };
+   /* As of RFC 7253 - 'Appendix A.  Sample Results'
+    *    The next tuple shows a result with a tag length of 96 bits and a
+   different key.
+
+     K: 0F0E0D0C0B0A09080706050403020100
+
+     N: BBAA9988776655443322110D
+     A: 000102030405060708090A0B0C0D0E0F1011121314151617
+        18191A1B1C1D1E1F2021222324252627
+     P: 000102030405060708090A0B0C0D0E0F1011121314151617
+        18191A1B1C1D1E1F2021222324252627
+     C: 1792A4E31E0755FB03E31B22116E6C2DDF9EFD6E33D536F1
+        A0124B0A55BAE884ED93481529C76B6AD0C515F4D1CDD4FD
+        AC4F02AA
+
+        The C has been split up in C and T (tag)
+    */
+   const unsigned char K[] = { 0x0F,0x0E,0x0D,0x0C,0x0B,0x0A,0x09,0x08,
+                               0x07,0x06,0x05,0x04,0x03,0x02,0x01,0x00 };
+   const unsigned char N[] = { 0xBB,0xAA,0x99,0x88,0x77,0x66,0x55,0x44,
+                               0x33,0x22,0x11,0x0D };
+   const unsigned char A[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+                               0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
+                               0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
+                               0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,
+                               0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 };
+   const unsigned char P[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
+                               0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F,
+                               0x10,0x11,0x12,0x13,0x14,0x15,0x16,0x17,
+                               0x18,0x19,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,
+                               0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27 };
+   const unsigned char C[] = { 0x17,0x92,0xA4,0xE3,0x1E,0x07,0x55,0xFB,
+                               0x03,0xE3,0x1B,0x22,0x11,0x6E,0x6C,0x2D,
+                               0xDF,0x9E,0xFD,0x6E,0x33,0xD5,0x36,0xF1,
+                               0xA0,0x12,0x4B,0x0A,0x55,0xBA,0xE8,0x84,
+                               0xED,0x93,0x48,0x15,0x29,0xC7,0x6B,0x6A };
+   const unsigned char T[] = { 0xD0,0xC5,0x15,0xF4,0xD1,0xCD,0xD4,0xFD,
+                               0xAC,0x4F,0x02,0xAA };
 
    int err, x, idx, res;
    unsigned long len;
-   unsigned char outct[MAXBLOCKSIZE], outtag[MAXBLOCKSIZE];
+   unsigned char outct[MAXBLOCKSIZE]  = { 0 };
+   unsigned char outtag[MAXBLOCKSIZE] = { 0 };
+   ocb3_state ocb;
 
     /* AES can be under rijndael or aes... try to find it */
     if ((idx = find_cipher("aes")) == -1) {
@@ -176,13 +216,13 @@ int ocb3_test(void)
     }
 
     for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
-        len = sizeof(outtag);
+        len = 16; /* must be the same as the required taglen */
         if ((err = ocb3_encrypt_authenticate_memory(idx,
                                                    key, sizeof(key),
                                                    nonce, sizeof(nonce),
-                                                   tests[x].aad, tests[x].aadlen,
-                                                   tests[x].pt, tests[x].ptlen,
-                                                   outct, outtag, &len)) != CRYPT_OK) {
+                                                   tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
+                                                   tests[x].ptlen != 0 ? tests[x].pt : NULL, tests[x].ptlen,
+                                                   tests[x].ptlen != 0 ? outct : NULL, outtag, &len)) != CRYPT_OK) {
            return err;
         }
 
@@ -194,32 +234,76 @@ int ocb3_test(void)
         if ((err = ocb3_decrypt_verify_memory(idx,
                                              key, sizeof(key),
                                              nonce, sizeof(nonce),
-                                             tests[x].aad, tests[x].aadlen,
-                                             outct, tests[x].ptlen,
-             outct, tests[x].tag, len, &res)) != CRYPT_OK) {
+                                             tests[x].aadlen != 0 ? tests[x].aad : NULL, tests[x].aadlen,
+                                             tests[x].ptlen != 0 ? outct : NULL, tests[x].ptlen,
+                                             tests[x].ptlen != 0 ? outct : NULL, tests[x].tag, len, &res)) != CRYPT_OK) {
            return err;
         }
         if ((res != 1) || compare_testvector(outct, tests[x].ptlen, tests[x].pt, tests[x].ptlen, "OCB3", x)) {
 #ifdef LTC_TEST_DBG
-           printf("\n\nOCB3: Failure-decrypt\n");
-           printf("\nres = %d\n\n", res);
+           printf("\n\nOCB3: Failure-decrypt - res = %d\n", res);
 #endif
            return CRYPT_FAIL_TESTVECTOR;
         }
     }
+
+    /* RFC 7253 - test vector with a tag length of 96 bits - part 1 */
+    x = 99;
+    len = 12;
+    if ((err = ocb3_encrypt_authenticate_memory(idx,
+                                                K, sizeof(K),
+                                                N, sizeof(N),
+                                                A, sizeof(A),
+                                                P, sizeof(P),
+                                                outct, outtag, &len)) != CRYPT_OK) {
+       return err;
+    }
+
+    if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag", x) ||
+          compare_testvector(outct, sizeof(P), C, sizeof(C), "OCB3 CT", x)) {
+       return CRYPT_FAIL_TESTVECTOR;
+    }
+
+    if ((err = ocb3_decrypt_verify_memory(idx,
+                                          K, sizeof(K),
+                                          N, sizeof(N),
+                                          A, sizeof(A),
+                                          C, sizeof(C),
+                                          outct, T, sizeof(T), &res)) != CRYPT_OK) {
+       return err;
+    }
+    if ((res != 1) || compare_testvector(outct, sizeof(C), P, sizeof(P), "OCB3", x)) {
+#ifdef LTC_TEST_DBG
+       printf("\n\nOCB3: Failure-decrypt - res = %d\n", res);
+#endif
+       return CRYPT_FAIL_TESTVECTOR;
+    }
+
+    /* RFC 7253 - test vector with a tag length of 96 bits - part 2 */
+    x = 100;
+    if ((err = ocb3_init(&ocb, idx, K, sizeof(K), N, sizeof(N), 12)) != CRYPT_OK)  return err;
+    if ((err = ocb3_add_aad(&ocb, A, sizeof(A))) != CRYPT_OK)                      return err;
+    if ((err = ocb3_encrypt(&ocb, P, 32, outct)) != CRYPT_OK)                      return err;
+    if ((err = ocb3_encrypt_last(&ocb, P+32, sizeof(P)-32, outct+32)) != CRYPT_OK) return err;
+    len = sizeof(outtag); /* intentionally more than 12 */
+    if ((err = ocb3_done(&ocb, outtag, &len)) != CRYPT_OK)                         return err;
+    if (compare_testvector(outct, sizeof(P), C, sizeof(C), "OCB3 CT", x))          return CRYPT_FAIL_TESTVECTOR;
+    if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag.enc", x))          return CRYPT_FAIL_TESTVECTOR;
+    if ((err = ocb3_init(&ocb, idx, K, sizeof(K), N, sizeof(N), 12)) != CRYPT_OK)  return err;
+    if ((err = ocb3_add_aad(&ocb, A, sizeof(A))) != CRYPT_OK)                      return err;
+    if ((err = ocb3_decrypt(&ocb, C, 32, outct)) != CRYPT_OK)                      return err;
+    if ((err = ocb3_decrypt_last(&ocb, C+32, sizeof(C)-32, outct+32)) != CRYPT_OK) return err;
+    len = sizeof(outtag); /* intentionally more than 12 */
+    if ((err = ocb3_done(&ocb, outtag, &len)) != CRYPT_OK)                         return err;
+    if (compare_testvector(outct, sizeof(C), P, sizeof(P), "OCB3 PT", x))          return CRYPT_FAIL_TESTVECTOR;
+    if (compare_testvector(outtag, len, T, sizeof(T), "OCB3 Tag.dec", x))          return CRYPT_FAIL_TESTVECTOR;
+
     return CRYPT_OK;
 #endif /* LTC_TEST */
 }
 
 #endif /* LTC_OCB3_MODE */
 
-/* some comments
-
-   -- it's hard to seek
-   -- hard to stream [you can't emit ciphertext until full block]
-   -- The setup is somewhat complicated...
-*/
-
 /* ref:         $Format:%D$ */
 /* git commit:  $Format:%H$ */
 /* commit time: $Format:%ai$ */

src/hashes/blake2b.c

@@ -399,7 +399,7 @@ int blake2b_512_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[64];
   } tests[] = {
     { "",
@@ -450,7 +450,7 @@ int blake2b_384_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[48];
   } tests[] = {
     { "",
@@ -497,7 +497,7 @@ int blake2b_256_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[32];
   } tests[] = {
     { "",
@@ -550,7 +550,7 @@ int blake2b_160_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[20];
   } tests[] = {
     { "",

src/hashes/blake2s.c

@@ -387,7 +387,7 @@ int blake2s_256_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[32];
   } tests[] = {
     { "",
@@ -441,7 +441,7 @@ int blake2s_224_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[28];
   } tests[] = {
     { "",
@@ -485,7 +485,7 @@ int blake2s_160_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[20];
   } tests[] = {
     { "",
@@ -527,7 +527,7 @@ int blake2s_128_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[16];
   } tests[] = {
     { "",

src/hashes/chc/chc.c

@@ -153,7 +153,13 @@ static int chc_compress(hash_state *md, unsigned char *buf)
    return CRYPT_OK;
 }
 
-/* function for processing blocks */
+/**
+   Function for processing blocks
+   @param md   The hash state
+   @param buf  The data to hash
+   @param len  The length of the data (octets)
+   @return CRYPT_OK if successful
+*/
 static int _chc_process(hash_state * md, const unsigned char *buf, unsigned long len);
 static HASH_PROCESS(_chc_process, chc_compress, chc, (unsigned long)cipher_blocksize)
 

src/hashes/md2.c

@@ -191,7 +191,7 @@ int md2_test(void)
     return CRYPT_NOP;
  #else
    static const struct {
-        char *msg;
+        const char *msg;
         unsigned char hash[16];
    } tests[] = {
       { "",

src/hashes/md4.c

@@ -254,7 +254,7 @@ int md4_test(void)
     return CRYPT_NOP;
  #else
     static const struct md4_test_case {
-        char *input;
+        const char *input;
         unsigned char hash[16];
     } tests[] = {
         { "",

src/hashes/md5.c

@@ -314,7 +314,7 @@ int  md5_test(void)
     return CRYPT_NOP;
  #else
   static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[16];
   } tests[] = {
     { "",

src/hashes/rmd128.c

@@ -353,7 +353,7 @@ int rmd128_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-        char *msg;
+        const char *msg;
         unsigned char hash[16];
    } tests[] = {
    { "",

src/hashes/rmd160.c

@@ -412,7 +412,7 @@ int rmd160_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-        char *msg;
+        const char *msg;
         unsigned char hash[20];
    } tests[] = {
    { "",

src/hashes/rmd256.c

@@ -366,7 +366,7 @@ int rmd256_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-        char *msg;
+        const char *msg;
         unsigned char hash[32];
    } tests[] = {
    { "",

src/hashes/rmd320.c

@@ -431,7 +431,7 @@ int rmd320_test(void)
    return CRYPT_NOP;
 #else
    static const struct {
-        char *msg;
+        const char *msg;
         unsigned char hash[40];
    } tests[] = {
    { "",

src/hashes/sha1.c

@@ -246,7 +246,7 @@ int  sha1_test(void)
     return CRYPT_NOP;
  #else
   static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[20];
   } tests[] = {
     { "abc",

src/hashes/sha2/sha224.c

@@ -88,7 +88,7 @@ int  sha224_test(void)
     return CRYPT_NOP;
  #else
   static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[28];
   } tests[] = {
     { "abc",

src/hashes/sha2/sha256.c

@@ -292,7 +292,7 @@ int  sha256_test(void)
     return CRYPT_NOP;
  #else
   static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[32];
   } tests[] = {
     { "abc",

src/hashes/sha2/sha384.c

@@ -90,7 +90,7 @@ int  sha384_test(void)
     return CRYPT_NOP;
  #else
   static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[48];
   } tests[] = {
     { "abc",

src/hashes/sha2/sha512.c

@@ -262,7 +262,7 @@ int  sha512_test(void)
     return CRYPT_NOP;
  #else
   static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[64];
   } tests[] = {
     { "abc",

src/hashes/sha2/sha512_224.c

@@ -90,7 +90,7 @@ int  sha512_224_test(void)
     return CRYPT_NOP;
  #else
   static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[28];
   } tests[] = {
     { "abc",

src/hashes/sha2/sha512_256.c

@@ -90,7 +90,7 @@ int  sha512_256_test(void)
     return CRYPT_NOP;
  #else
   static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[32];
   } tests[] = {
     { "abc",

src/hashes/tiger.c

@@ -735,7 +735,7 @@ int  tiger_test(void)
     return CRYPT_NOP;
  #else
   static const struct {
-      char *msg;
+      const char *msg;
       unsigned char hash[24];
   } tests[] = {
     { "",

src/headers/tomcrypt.h

@@ -26,8 +26,8 @@ extern "C" {
 #endif
 
 /* version */
-#define CRYPT   0x0117
-#define SCRYPT  "1.17"
+#define CRYPT   0x0118
+#define SCRYPT  "1.18.0"
 
 /* max size of either a cipher/hash block or symmetric key [largest of the two] */
 #define MAXBLOCKSIZE  128
@@ -68,7 +68,8 @@ enum {
    CRYPT_OVERFLOW,         /* An overflow of a value was detected/prevented */
 
    CRYPT_UNUSED1,          /* UNUSED1 */
-   CRYPT_UNUSED2,          /* UNUSED2 */
+
+   CRYPT_INPUT_TOO_LONG,   /* The input was longer than expected. */
 
    CRYPT_PK_INVALID_SIZE,  /* Invalid size input for PK parameters */
 

src/headers/tomcrypt_argchk.h

@@ -20,7 +20,7 @@
 #define NORETURN
 #endif
 
-void crypt_argchk(char *v, char *s, int d) NORETURN;
+void crypt_argchk(const char *v, const char *s, int d) NORETURN;
 #define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0)
 #define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0)
 

src/headers/tomcrypt_cfg.h

@@ -64,6 +64,11 @@ LTC_EXPORT int   LTC_CALL XSTRCMP(const char *s1, const char *s2);
    #define ARGTYPE  0
 #endif
 
+#undef LTC_ENCRYPT
+#define LTC_ENCRYPT 0
+#undef LTC_DECRYPT
+#define LTC_DECRYPT 1
+
 /* Controls endianess and size of registers.  Leave uncommented to get platform neutral [slower] code
  *
  * Note: in order to use the optimized macros your platform must support unaligned 32 and 64 bit read/writes.
@@ -168,15 +173,17 @@ LTC_EXPORT int   LTC_CALL XSTRCMP(const char *s1, const char *s2);
 
 /* endianness fallback */
 #if !defined(ENDIAN_BIG) && !defined(ENDIAN_LITTLE)
-  #if defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN || \
+  #if defined(_BYTE_ORDER) && _BYTE_ORDER == _BIG_ENDIAN || \
+      defined(__BYTE_ORDER) && __BYTE_ORDER == __BIG_ENDIAN || \
       defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ || \
-      defined(__BIG_ENDIAN__) || defined(_BIG_ENDIAN) || \
+      defined(__BIG_ENDIAN__) || \
       defined(__ARMEB__) || defined(__THUMBEB__) || defined(__AARCH64EB__) || \
       defined(_MIPSEB) || defined(__MIPSEB) || defined(__MIPSEB__)
     #define ENDIAN_BIG
-  #elif defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN || \
+  #elif defined(_BYTE_ORDER) && _BYTE_ORDER == _LITTLE_ENDIAN || \
+      defined(__BYTE_ORDER) && __BYTE_ORDER == __LITTLE_ENDIAN || \
       defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ || \
-      defined(__LITTLE_ENDIAN__) || defined(_LITTLE_ENDIAN) || \
+      defined(__LITTLE_ENDIAN__) || \
       defined(__ARMEL__) || defined(__THUMBEL__) || defined(__AARCH64EL__) || \
       defined(_MIPSEL) || defined(__MIPSEL) || defined(__MIPSEL__)
     #define ENDIAN_LITTLE
@@ -212,6 +219,22 @@ LTC_EXPORT int   LTC_CALL XSTRCMP(const char *s1, const char *s2);
    #endif
 #endif
 
+#if defined(ENDIAN_64BITWORD) && !defined(_MSC_VER)
+typedef unsigned long long ltc_mp_digit;
+#else
+typedef unsigned long ltc_mp_digit;
+#endif
+
+/* No asm is a quick way to disable anything "not portable" */
+#ifdef LTC_NO_ASM
+   #define ENDIAN_NEUTRAL
+   #undef ENDIAN_32BITWORD
+   #undef ENDIAN_64BITWORD
+   #undef LTC_FAST
+   #define LTC_NO_ROLC
+   #define LTC_NO_BSWAP
+#endif
+
 /* No LTC_FAST if: explicitly disabled OR non-gcc/non-clang compiler OR old gcc OR using -ansi -std=c99 */
 #if defined(LTC_NO_FAST) || (__GNUC__ < 4) || defined(__STRICT_ANSI__)
    #undef LTC_FAST
@@ -226,25 +249,8 @@ LTC_EXPORT int   LTC_CALL XSTRCMP(const char *s1, const char *s2);
    #endif
 #endif
 
-#ifdef ENDIAN_64BITWORD
-typedef ulong64 ltc_mp_digit;
-#else
-typedef ulong32 ltc_mp_digit;
-#endif
-
-/* No asm is a quick way to disable anything "not portable" */
-#ifdef LTC_NO_ASM
-   #define ENDIAN_NEUTRAL
-   #undef ENDIAN_32BITWORD
-   #undef ENDIAN_64BITWORD
-   #undef LTC_FAST
-   #undef LTC_FAST_TYPE
-   #define LTC_NO_ROLC
-   #define LTC_NO_BSWAP
-#endif
-
 #if !defined(ENDIAN_NEUTRAL) && (defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE)) && !(defined(ENDIAN_32BITWORD) || defined(ENDIAN_64BITWORD))
-    #error You must specify a word size as well as endianess in tomcrypt_cfg.h
+   #error You must specify a word size as well as endianess in tomcrypt_cfg.h
 #endif
 
 #if !(defined(ENDIAN_BIG) || defined(ENDIAN_LITTLE))
@@ -252,7 +258,7 @@ typedef ulong32 ltc_mp_digit;
 #endif
 
 #if (defined(ENDIAN_32BITWORD) && defined(ENDIAN_64BITWORD))
-    #error Cannot be 32 and 64 bit words...
+   #error Cannot be 32 and 64 bit words...
 #endif
 
 /* gcc 4.3 and up has a bswap builtin; detect it by gcc version.

src/headers/tomcrypt_cipher.h

@@ -349,7 +349,7 @@ typedef struct {
 /** cipher descriptor table, last entry has "name == NULL" to mark the end of table */
 extern struct ltc_cipher_descriptor {
    /** name of cipher */
-   char *name;
+   const char *name;
    /** internal ID */
    unsigned char ID;
    /** min keysize (octets) */
@@ -499,8 +499,8 @@ extern struct ltc_cipher_descriptor {
    /** Accelerated GCM packet (one shot)
        @param key        The secret key
        @param keylen     The length of the secret key
-       @param IV         The initial vector
-       @param IVlen      The length of the initial vector
+       @param IV         The initialization vector
+       @param IVlen      The length of the initialization vector
        @param adata      The additional authentication data (header)
        @param adatalen   The length of the adata
        @param pt         The plaintext
@@ -875,8 +875,8 @@ int ctr_test(void);
 
 #ifdef LTC_LRW_MODE
 
-#define LRW_ENCRYPT 0
-#define LRW_DECRYPT 1
+#define LRW_ENCRYPT LTC_ENCRYPT
+#define LRW_DECRYPT LTC_DECRYPT
 
 int lrw_start(               int   cipher,
               const unsigned char *IV,

src/headers/tomcrypt_custom.h

@@ -62,7 +62,6 @@
 
 /* shortcut to disable automatic inclusion */
 #if defined LTC_NOTHING && !defined LTC_EASY
-  #define LTC_NO_MATH
   #define LTC_NO_CIPHERS
   #define LTC_NO_MODES
   #define LTC_NO_HASHES
@@ -71,7 +70,6 @@
   #define LTC_NO_PK
   #define LTC_NO_PKCS
   #define LTC_NO_MISC
-  #define LTC_NO_FILE
 #endif /* LTC_NOTHING */
 
 /* Easy button? */
@@ -426,30 +424,6 @@
 #define LTC_ECC_TIMING_RESISTANT
 #endif
 
-/* define these PK sizes out of LTC_NO_PK
- * to have them always defined
- */
-#if defined(LTC_MRSA)
-/* Min and Max RSA key sizes (in bits) */
-#ifndef MIN_RSA_SIZE
-#define MIN_RSA_SIZE 1024
-#endif
-#ifndef MAX_RSA_SIZE
-#define MAX_RSA_SIZE 4096
-#endif
-#endif
-
-/* in cases where you want ASN.1/DER functionality, but no
- * RSA, you can define this externally if 1024 is not enough
- */
-#if defined(LTC_MRSA)
-#define LTC_DER_MAX_PUBKEY_SIZE MAX_RSA_SIZE
-#elif !defined(LTC_DER_MAX_PUBKEY_SIZE)
-/* this includes DSA */
-#define LTC_DER_MAX_PUBKEY_SIZE 1024
-#endif
-
-
 /* PKCS #1 (RSA) and #5 (Password Handling) stuff */
 #ifndef LTC_NO_PKCS
 
@@ -501,6 +475,11 @@
 #if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT)
    /* Include the MPI functionality?  (required by the PK algorithms) */
    #define LTC_MPI
+
+   #ifndef LTC_PK_MAX_RETRIES
+      /* iterations limit for retry-loops */
+      #define LTC_PK_MAX_RETRIES  20
+   #endif
 #endif
 
 #ifdef LTC_MRSA
@@ -551,6 +530,10 @@
    #error LTC_BLAKE2BMAC requires LTC_BLAKE2B
 #endif
 
+#if defined(LTC_SPRNG) && !defined(LTC_RNG_GET_BYTES)
+   #error LTC_SPRNG requires LTC_RNG_GET_BYTES
+#endif
+
 #if defined(LTC_NO_MATH) && (defined(LTM_DESC) || defined(TFM_DESC) || defined(GMP_DESC))
    #error LTC_NO_MATH defined, but also a math descriptor
 #endif

src/headers/tomcrypt_hash.h

@@ -204,7 +204,7 @@ typedef union Hash_state {
 /** hash descriptor */
 extern  struct ltc_hash_descriptor {
     /** name of hash */
-    char *name;
+    const char *name;
     /** internal ID */
     unsigned char ID;
     /** Size of digest in octets */
@@ -497,7 +497,7 @@ int func_name (hash_state * md, const unsigned char *in, unsigned long inlen)
     if (md-> state_var .curlen > sizeof(md-> state_var .buf)) {                             \
        return CRYPT_INVALID_ARG;                                                            \
     }                                                                                       \
-    if ((md-> state_var .length + inlen) < md-> state_var .length) {                       \
+    if ((md-> state_var .length + inlen) < md-> state_var .length) {                        \
       return CRYPT_HASH_OVERFLOW;                                                           \
     }                                                                                       \
     while (inlen > 0) {                                                                     \
@@ -510,7 +510,7 @@ int func_name (hash_state * md, const unsigned char *in, unsigned long inlen)
            inlen          -= block_size;                                                    \
         } else {                                                                            \
            n = MIN(inlen, (block_size - md-> state_var .curlen));                           \
-           XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n);              \
+           XMEMCPY(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n);             \
            md-> state_var .curlen += n;                                                     \
            in             += n;                                                             \
            inlen          -= n;                                                             \

src/headers/tomcrypt_mac.h

@@ -266,12 +266,14 @@ typedef struct {
    symmetric_key     key;                     /* scheduled key for cipher */
    unsigned long     block_index;             /* index # for current data block */
    int               cipher,                  /* cipher idx */
+                     tag_len,                 /* length of tag */
                      block_len;               /* length of block */
 } ocb3_state;
 
 int ocb3_init(ocb3_state *ocb, int cipher,
              const unsigned char *key, unsigned long keylen,
-             const unsigned char *nonce, unsigned long noncelen);
+             const unsigned char *nonce, unsigned long noncelen,
+             unsigned long taglen);
 
 int ocb3_encrypt(ocb3_state *ocb, const unsigned char *pt, unsigned long ptlen, unsigned char *ct);
 int ocb3_decrypt(ocb3_state *ocb, const unsigned char *ct, unsigned long ctlen, unsigned char *pt);
@@ -301,8 +303,6 @@ int ocb3_test(void);
 
 #ifdef LTC_SOURCE
 /* internal helper functions */
-int ocb3_int_aad_add_block(ocb3_state *ocb, const unsigned char *aad_block);
-void ocb3_int_calc_offset_zero(ocb3_state *ocb, const unsigned char *nonce, unsigned long noncelen);
 int ocb3_int_ntz(unsigned long x);
 void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const unsigned char *block_b, unsigned long block_len);
 #endif /* LTC_SOURCE */
@@ -311,8 +311,8 @@ void ocb3_int_xor_blocks(unsigned char *out, const unsigned char *block_a, const
 
 #ifdef LTC_CCM_MODE
 
-#define CCM_ENCRYPT 0
-#define CCM_DECRYPT 1
+#define CCM_ENCRYPT LTC_ENCRYPT
+#define CCM_DECRYPT LTC_DECRYPT
 
 typedef struct {
    symmetric_key       K;
@@ -378,8 +378,8 @@ extern const unsigned char gcm_shift_table[];
 
 #ifdef LTC_GCM_MODE
 
-#define GCM_ENCRYPT 0
-#define GCM_DECRYPT 1
+#define GCM_ENCRYPT LTC_ENCRYPT
+#define GCM_DECRYPT LTC_DECRYPT
 
 #define LTC_GCM_MODE_IV    0
 #define LTC_GCM_MODE_AAD   1
@@ -542,8 +542,8 @@ typedef struct {
    int aadflg;
 } chacha20poly1305_state;
 
-#define CHCHA20POLY1305_ENCRYPT 0
-#define CHCHA20POLY1305_DECRYPT 1
+#define CHCHA20POLY1305_ENCRYPT LTC_ENCRYPT
+#define CHCHA20POLY1305_DECRYPT LTC_DECRYPT
 
 int chacha20poly1305_init(chacha20poly1305_state *st, const unsigned char *key, unsigned long keylen);
 int chacha20poly1305_setiv(chacha20poly1305_state *st, const unsigned char *iv, unsigned long ivlen);

src/headers/tomcrypt_math.h

@@ -26,16 +26,17 @@
 
 #ifndef LTC_MILLER_RABIN_REPS
    /* Number of rounds of the Miller-Rabin test
-    * "Reasonable values of reps are between 15 and 50." c.f. gmp doc of mpz_probab_prime_p() */
-   #define LTC_MILLER_RABIN_REPS    35
+    * "Reasonable values of reps are between 15 and 50." c.f. gmp doc of mpz_probab_prime_p()
+    * As of https://security.stackexchange.com/a/4546 we should use 40 rounds */
+   #define LTC_MILLER_RABIN_REPS    40
 #endif
 
-int radix_to_bin(const void *in, int radix, void *out, size_t* len);
+int radix_to_bin(const void *in, int radix, void *out, unsigned long *len);
 
 /** math descriptor */
 typedef struct {
    /** Name of the math provider */
-   char *name;
+   const char *name;
 
    /** Bits per digit, amount of bits must fit in an unsigned long */
    int  bits_per_digit;

src/headers/tomcrypt_misc.h

@@ -78,11 +78,9 @@ void init_LTM(void);
 #ifdef TFM_DESC
 void init_TFM(void);
 #endif
-/*                          *** use of GMP is untested ***
 #ifdef GMP_DESC
 void init_GMP(void);
 #endif
-*/
 
 #ifdef LTC_ADLER32
 typedef struct adler32_state_s

src/headers/tomcrypt_pk.h

@@ -17,9 +17,6 @@ enum {
 /* Indicates standard output formats that can be read e.g. by OpenSSL or GnuTLS */
 #define PK_STD          0x1000
 
-/* iterations limit for retry-loops */
-#define PK_MAX_RETRIES  20
-
 int rand_prime(void *N, long len, prng_state *prng, int wprng);
 
 #ifdef LTC_SOURCE
@@ -198,13 +195,6 @@ int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key);
 /* ---- DH Routines ---- */
 #ifdef LTC_MDH
 
-typedef struct {
-  int size;
-  char *name, *base, *prime;
-} ltc_dh_set_type;
-
-extern const ltc_dh_set_type ltc_dh_sets[];
-
 typedef struct {
     int type;
     void *x;
@@ -224,9 +214,7 @@ int dh_set_pg(const unsigned char *p, unsigned long plen,
 int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key);
 int dh_set_pg_groupsize(int groupsize, dh_key *key);
 
-int dh_set_key(const unsigned char *pub, unsigned long publen,
-               const unsigned char *priv, unsigned long privlen,
-               dh_key *key);
+int dh_set_key(const unsigned char *in, unsigned long inlen, int type, dh_key *key);
 int dh_generate_key(prng_state *prng, int wprng, dh_key *key);
 
 int dh_shared_secret(dh_key        *private_key, dh_key        *public_key,
@@ -234,10 +222,16 @@ int dh_shared_secret(dh_key        *private_key, dh_key        *public_key,
 
 void dh_free(dh_key *key);
 
-int dh_export_key(void *out, unsigned long *outlen,
-                  int type, dh_key *key);
+int dh_export_key(void *out, unsigned long *outlen, int type, dh_key *key);
 
 #ifdef LTC_SOURCE
+typedef struct {
+  int size;
+  const char *name, *base, *prime;
+} ltc_dh_set_type;
+
+extern const ltc_dh_set_type ltc_dh_sets[];
+
 /* internal helper functions */
 int dh_check_pubkey(dh_key *key);
 #endif
@@ -260,22 +254,22 @@ typedef struct {
    int size;
 
    /** name of curve */
-   char *name;
+   const char *name;
 
    /** The prime that defines the field the curve is in (encoded in hex) */
-   char *prime;
+   const char *prime;
 
    /** The fields B param (hex) */
-   char *B;
+   const char *B;
 
    /** The order of the curve (hex) */
-   char *order;
+   const char *order;
 
    /** The x co-ordinate of the base point on the curve (hex) */
-   char *Gx;
+   const char *Gx;
 
    /** The y co-ordinate of the base point on the curve (hex) */
-   char *Gy;
+   const char *Gy;
 } ltc_ecc_set_type;
 
 /** A point on a ECC curve, stored in Jacbobian format such that (x,y,z) => (x/z^2, y/z^3, 1) when interpretted as affine */
@@ -449,9 +443,7 @@ int dsa_set_pqg(const unsigned char *p,  unsigned long plen,
 int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, dsa_key *key);
 int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key);
 
-int dsa_set_key(const unsigned char *pub, unsigned long publen,
-                const unsigned char *priv, unsigned long privlen,
-                dsa_key *key);
+int dsa_set_key(const unsigned char *in, unsigned long inlen, int type, dsa_key *key);
 int dsa_generate_key(prng_state *prng, int wprng, dsa_key *key);
 
 void dsa_free(dsa_key *key);
@@ -484,7 +476,12 @@ int dsa_decrypt_key(const unsigned char *in,  unsigned long  inlen,
 int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key);
 int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key);
 int dsa_verify_key(dsa_key *key, int *stat);
-
+#ifdef LTC_SOURCE
+/* internal helper functions */
+int dsa_int_validate_xy(dsa_key *key, int *stat);
+int dsa_int_validate_pqg(dsa_key *key, int *stat);
+int dsa_int_validate_primes(dsa_key *key, int *stat);
+#endif
 int dsa_shared_secret(void          *private_key, void *base,
                       dsa_key       *public_key,
                       unsigned char *out,         unsigned long *outlen);

src/headers/tomcrypt_pkcs.h

@@ -80,13 +80,13 @@ int pkcs_1_pss_decode(const unsigned char *msghash, unsigned long msghashlen,
 /* ===> PKCS #5 -- Password Based Cryptography <=== */
 #ifdef LTC_PKCS_5
 
-/* Algorithm #1 (old) */
+/* Algorithm #1 (PBKDF1) */
 int pkcs_5_alg1(const unsigned char *password, unsigned long password_len,
                 const unsigned char *salt,
                 int iteration_count,  int hash_idx,
                 unsigned char *out,   unsigned long *outlen);
 
-/* Algorithm #1 - OpenSSL-compatible variant for arbitrarily-long keys.
+/* Algorithm #1 (PBKDF1) - OpenSSL-compatible variant for arbitrarily-long keys.
    Compatible with EVP_BytesToKey() */
 int pkcs_5_alg1_openssl(const unsigned char *password,
                         unsigned long password_len,
@@ -94,7 +94,7 @@ int pkcs_5_alg1_openssl(const unsigned char *password,
                         int iteration_count,  int hash_idx,
                         unsigned char *out,   unsigned long *outlen);
 
-/* Algorithm #2 (new) */
+/* Algorithm #2 (PBKDF2) */
 int pkcs_5_alg2(const unsigned char *password, unsigned long password_len,
                 const unsigned char *salt,     unsigned long salt_len,
                 int iteration_count,           int hash_idx,

src/headers/tomcrypt_prng.h

@@ -81,7 +81,7 @@ typedef struct {
 /** PRNG descriptor */
 extern struct ltc_prng_descriptor {
     /** Name of the PRNG */
-    char *name;
+    const char *name;
     /** size in bytes of exported state */
     int  export_size;
     /** Start a PRNG state

src/mac/blake2/blake2bmac.c

@@ -14,6 +14,7 @@
 /**
    Initialize an BLAKE2B MAC context.
    @param st       The BLAKE2B MAC state
+   @param outlen   The size of the MAC output (octets)
    @param key      The secret key
    @param keylen   The length of the secret key (octets)
    @return CRYPT_OK if successful

src/mac/blake2/blake2bmac_memory_multi.c

@@ -16,8 +16,8 @@
    BLAKE2B MAC multiple blocks of memory to produce the authentication tag
    @param key       The secret key
    @param keylen    The length of the secret key (octets)
-   @param out       [out] Destination of the authentication tag
-   @param outlen    [in/out] Max size and resulting size of authentication tag
+   @param mac       [out] Destination of the authentication tag
+   @param maclen    [in/out] Max size and resulting size of authentication tag
    @param in        The data to BLAKE2B MAC
    @param inlen     The length of the data to BLAKE2B MAC (octets)
    @param ...       tuples of (data,len) pairs to BLAKE2B MAC, terminated with a (NULL,x) (x=don't care)

src/mac/blake2/blake2smac.c

@@ -14,6 +14,7 @@
 /**
    Initialize an BLAKE2S MAC context.
    @param st       The BLAKE2S MAC state
+   @param outlen   The size of the MAC output (octets)
    @param key      The secret key
    @param keylen   The length of the secret key (octets)
    @return CRYPT_OK if successful

src/mac/blake2/blake2smac_memory_multi.c

@@ -16,8 +16,8 @@
    BLAKE2S MAC multiple blocks of memory to produce the authentication tag
    @param key       The secret key
    @param keylen    The length of the secret key (octets)
-   @param out       [out] Destination of the authentication tag
-   @param outlen    [in/out] Max size and resulting size of authentication tag
+   @param mac       [out] Destination of the authentication tag
+   @param maclen    [in/out] Max size and resulting size of authentication tag
    @param in        The data to BLAKE2S MAC
    @param inlen     The length of the data to BLAKE2S MAC (octets)
    @param ...       tuples of (data,len) pairs to BLAKE2S MAC, terminated with a (NULL,x) (x=don't care)

src/mac/hmac/hmac_init.c

@@ -75,7 +75,7 @@ int hmac_init(hmac_state *hmac, int hash, const unsigned char *key, unsigned lon
        zeromem((hmac->key) + keylen, (size_t)(LTC_HMAC_BLOCKSIZE - keylen));
     }
 
-    /* Create the initial vector for step (3) */
+    /* Create the initialization vector for step (3) */
     for(i=0; i < LTC_HMAC_BLOCKSIZE;   i++) {
        buf[i] = hmac->key[i] ^ 0x36;
     }

src/mac/hmac/hmac_test.c

@@ -142,8 +142,8 @@ int hmac_test(void)
     };
 
     static const struct hmac_test_case {
-        char *num;
-        char *algo;
+        const char *num;
+        const char *algo;
         const unsigned char *key;
         unsigned long keylen;
         const unsigned char *data;

src/mac/poly1305/poly1305.c

@@ -164,8 +164,8 @@ int poly1305_process(poly1305_state *st, const unsigned char *in, unsigned long
 /**
    Terminate a POLY1305 session
    @param st      The POLY1305 state
-   @param out     [out] The destination of the POLY1305 authentication tag
-   @param outlen  [in/out]  The max size and resulting size of the POLY1305 authentication tag
+   @param mac     [out] The destination of the POLY1305 authentication tag
+   @param maclen  [in/out]  The max size and resulting size of the POLY1305 authentication tag
    @return CRYPT_OK if successful
 */
 int poly1305_done(poly1305_state *st, unsigned char *mac, unsigned long *maclen)

src/mac/poly1305/poly1305_memory_multi.c

@@ -21,8 +21,8 @@
    POLY1305 multiple blocks of memory to produce the authentication tag
    @param key       The secret key
    @param keylen    The length of the secret key (octets)
-   @param out       [out] Destination of the authentication tag
-   @param outlen    [in/out] Max size and resulting size of authentication tag
+   @param mac       [out] Destination of the authentication tag
+   @param maclen    [in/out] Max size and resulting size of authentication tag
    @param in        The data to POLY1305
    @param inlen     The length of the data to POLY1305 (octets)
    @param ...       tuples of (data,len) pairs to POLY1305, terminated with a (NULL,x) (x=don't care)

src/math/radix_to_bin.c

@@ -31,9 +31,9 @@
 
    @return CRYPT_OK on success.
 */
-int radix_to_bin(const void *in, int radix, void *out, size_t* len)
+int radix_to_bin(const void *in, int radix, void *out, unsigned long *len)
 {
-   size_t l;
+   unsigned long l;
    void* mpi;
    int err;
 

src/math/rand_bn.c

@@ -538,7 +538,7 @@ static int tfm_ecc_projective_dbl_point(ecc_point *P, ecc_point *R, void *modulu
    @param Q        The point to add
    @param R        [out] The destination of the double
    @param modulus  The modulus of the field the ECC curve is in
-   @param mp       The "b" value from montgomery_setup()
+   @param Mp       The "b" value from montgomery_setup()
    @return CRYPT_OK on success
 */
 static int tfm_ecc_projective_add_point(ecc_point *P, ecc_point *Q, ecc_point *R, void *modulus, void *Mp)

src/misc/compare_testvector.c

@@ -10,7 +10,7 @@
 #include "tomcrypt.h"
 
 /**
-  @file compare_testvecotr.c
+  @file compare_testvector.c
   Function to compare two testvectors and print a (detailed) error-message if required, Steffen Jaeckel
 */
 
@@ -49,13 +49,24 @@ static void _print_hex(const char* what, const void* v, const unsigned long l)
 }
 #endif
 
+/**
+  Compare two test-vectors
+
+  @param is             The data as it is
+  @param is_len         The length of is
+  @param should         The data as it should
+  @param should_len     The length of should
+  @param what           The type of the data
+  @param which          The iteration count
+  @return 0 on equality, -1 or 1 on difference
+*/
 int compare_testvector(const void* is, const unsigned long is_len, const void* should, const unsigned long should_len, const char* what, int which)
 {
    int res = 0;
    if(is_len != should_len)
       res = is_len > should_len ? -1 : 1;
    else
-      res = XMEMCMP(is, should, MAX(is_len, should_len));
+      res = XMEMCMP(is, should, is_len);
 
 #if defined(LTC_TEST) && defined(LTC_TEST_DBG)
    if (res != 0) {

src/misc/crypt/crypt.c

@@ -43,7 +43,7 @@ const char *crypt_build_settings =
 #else
    "disabled\n"
 #endif
-   "Ciphers built-in:\n"
+   "\nCiphers built-in:\n"
 #if defined(LTC_BLOWFISH)
    "   Blowfish\n"
 #endif
@@ -301,7 +301,7 @@ const char *crypt_build_settings =
     "   SOBER128\n"
 #endif
 
-    "\nPK Algs:\n"
+    "\nPK Crypto:\n"
 #if defined(LTC_MRSA)
     "   RSA"
 #if defined(LTC_RSA_BLINDING) && defined(LTC_RSA_CRT_HARDENING)
@@ -329,6 +329,9 @@ const char *crypt_build_settings =
 #if defined(LTC_MKAT)
     "   Katja\n"
 #endif
+#if defined(LTC_PK_MAX_RETRIES)
+    "   "NAME_VALUE(LTC_PK_MAX_RETRIES)"\n"
+#endif
 
     "\nMPI (Math):\n"
 #if defined(LTC_MPI)
@@ -378,6 +381,9 @@ const char *crypt_build_settings =
 #endif
 
     "\nVarious others: "
+#if defined(ARGTYPE)
+    " " NAME_VALUE(ARGTYPE) " "
+#endif
 #if defined(LTC_ADLER32)
     " ADLER32 "
 #endif
@@ -393,9 +399,6 @@ const char *crypt_build_settings =
 #if defined(LTC_DER)
     " DER "
 #endif
-#if defined(LTC_DER_MAX_PUBKEY_SIZE)
-    " " NAME_VALUE(LTC_DER_MAX_PUBKEY_SIZE) " "
-#endif
 #if defined(LTC_PKCS_1)
     " PKCS#1 "
 #endif
@@ -429,6 +432,9 @@ const char *crypt_build_settings =
 #if defined(LTC_TEST)
     " LTC_TEST "
 #endif
+#if defined(LTC_TEST_DBG)
+    " " NAME_VALUE(LTC_TEST_DBG) " "
+#endif
 #if defined(LTC_TEST_EXT)
     " LTC_TEST_EXT "
 #endif

src/misc/crypt/crypt_argchk.c

@@ -14,7 +14,7 @@
 */
 
 #if (ARGTYPE == 0)
-void crypt_argchk(char *v, char *s, int d)
+void crypt_argchk(const char *v, const char *s, int d)
 {
  fprintf(stderr, "LTC_ARGCHK '%s' failure on line %d of file %s\n",
          v, d, s);

src/misc/crypt/crypt_constants.c

@@ -26,11 +26,39 @@ typedef struct {
 #define _C_STRINGIFY(s) { #s, s }
 
 static const crypt_constant _crypt_constants[] = {
+
+    _C_STRINGIFY(CRYPT_OK),
+    _C_STRINGIFY(CRYPT_ERROR),
+    _C_STRINGIFY(CRYPT_NOP),
+    _C_STRINGIFY(CRYPT_INVALID_KEYSIZE),
+    _C_STRINGIFY(CRYPT_INVALID_ROUNDS),
+    _C_STRINGIFY(CRYPT_FAIL_TESTVECTOR),
+    _C_STRINGIFY(CRYPT_BUFFER_OVERFLOW),
+    _C_STRINGIFY(CRYPT_INVALID_PACKET),
+    _C_STRINGIFY(CRYPT_INVALID_PRNGSIZE),
+    _C_STRINGIFY(CRYPT_ERROR_READPRNG),
+    _C_STRINGIFY(CRYPT_INVALID_CIPHER),
+    _C_STRINGIFY(CRYPT_INVALID_HASH),
+    _C_STRINGIFY(CRYPT_INVALID_PRNG),
+    _C_STRINGIFY(CRYPT_MEM),
+    _C_STRINGIFY(CRYPT_PK_TYPE_MISMATCH),
+    _C_STRINGIFY(CRYPT_PK_NOT_PRIVATE),
+    _C_STRINGIFY(CRYPT_INVALID_ARG),
+    _C_STRINGIFY(CRYPT_FILE_NOTFOUND),
+    _C_STRINGIFY(CRYPT_PK_INVALID_TYPE),
+    _C_STRINGIFY(CRYPT_OVERFLOW),
+    _C_STRINGIFY(CRYPT_UNUSED1),
+    _C_STRINGIFY(CRYPT_INPUT_TOO_LONG),
+    _C_STRINGIFY(CRYPT_PK_INVALID_SIZE),
+    _C_STRINGIFY(CRYPT_INVALID_PRIME_SIZE),
+    _C_STRINGIFY(CRYPT_PK_INVALID_PADDING),
+    _C_STRINGIFY(CRYPT_HASH_OVERFLOW),
+
     _C_STRINGIFY(PK_PUBLIC),
     _C_STRINGIFY(PK_PRIVATE),
 
-    _C_STRINGIFY(PKA_RSA),
-    _C_STRINGIFY(PKA_DSA),
+    _C_STRINGIFY(LTC_ENCRYPT),
+    _C_STRINGIFY(LTC_DECRYPT),
 
 #ifdef LTC_PKCS_1
     {"LTC_PKCS_1", 1},
@@ -42,14 +70,13 @@ static const crypt_constant _crypt_constants[] = {
     _C_STRINGIFY(LTC_PKCS_1_V1_5),
     _C_STRINGIFY(LTC_PKCS_1_OAEP),
     _C_STRINGIFY(LTC_PKCS_1_PSS),
+    _C_STRINGIFY(LTC_PKCS_1_V1_5_NA1),
 #else
     {"LTC_PKCS_1", 0},
 #endif
 
 #ifdef LTC_MRSA
     {"LTC_MRSA", 1},
-    _C_STRINGIFY(MIN_RSA_SIZE),
-    _C_STRINGIFY(MAX_RSA_SIZE),
 #else
     {"LTC_MRSA", 0},
 #endif
@@ -78,13 +105,35 @@ static const crypt_constant _crypt_constants[] = {
     {"LTC_MDSA", 0},
 #endif
 
-#ifdef LTC_DER_MAX_PUBKEY_SIZE
-    _C_STRINGIFY(LTC_DER_MAX_PUBKEY_SIZE),
-#endif
 #ifdef LTC_MILLER_RABIN_REPS
     _C_STRINGIFY(LTC_MILLER_RABIN_REPS),
 #endif
 
+#ifdef LTC_DER
+/* DER handling */
+    _C_STRINGIFY(LTC_ASN1_EOL),
+    _C_STRINGIFY(LTC_ASN1_BOOLEAN),
+    _C_STRINGIFY(LTC_ASN1_INTEGER),
+    _C_STRINGIFY(LTC_ASN1_SHORT_INTEGER),
+    _C_STRINGIFY(LTC_ASN1_BIT_STRING),
+    _C_STRINGIFY(LTC_ASN1_OCTET_STRING),
+    _C_STRINGIFY(LTC_ASN1_NULL),
+    _C_STRINGIFY(LTC_ASN1_OBJECT_IDENTIFIER),
+    _C_STRINGIFY(LTC_ASN1_IA5_STRING),
+    _C_STRINGIFY(LTC_ASN1_PRINTABLE_STRING),
+    _C_STRINGIFY(LTC_ASN1_UTF8_STRING),
+    _C_STRINGIFY(LTC_ASN1_UTCTIME),
+    _C_STRINGIFY(LTC_ASN1_CHOICE),
+    _C_STRINGIFY(LTC_ASN1_SEQUENCE),
+    _C_STRINGIFY(LTC_ASN1_SET),
+    _C_STRINGIFY(LTC_ASN1_SETOF),
+    _C_STRINGIFY(LTC_ASN1_RAW_BIT_STRING),
+    _C_STRINGIFY(LTC_ASN1_TELETEX_STRING),
+    _C_STRINGIFY(LTC_ASN1_CONSTRUCTED),
+    _C_STRINGIFY(LTC_ASN1_CONTEXT_SPECIFIC),
+    _C_STRINGIFY(LTC_ASN1_GENERALIZEDTIME),
+#endif
+
 #ifdef LTC_CTR_MODE
     {"LTC_CTR_MODE", 1},
     _C_STRINGIFY(CTR_COUNTER_LITTLE_ENDIAN),
@@ -93,6 +142,18 @@ static const crypt_constant _crypt_constants[] = {
 #else
     {"LTC_CTR_MODE", 0},
 #endif
+#ifdef LTC_GCM_MODE
+    _C_STRINGIFY(LTC_GCM_MODE_IV),
+    _C_STRINGIFY(LTC_GCM_MODE_AAD),
+    _C_STRINGIFY(LTC_GCM_MODE_TEXT),
+#endif
+
+    _C_STRINGIFY(LTC_MP_LT),
+    _C_STRINGIFY(LTC_MP_EQ),
+    _C_STRINGIFY(LTC_MP_GT),
+
+    _C_STRINGIFY(LTC_MP_NO),
+    _C_STRINGIFY(LTC_MP_YES),
 
     _C_STRINGIFY(MAXBLOCKSIZE),
     _C_STRINGIFY(TAB_SIZE),

src/misc/crypt/crypt_ltc_mp_descriptor.c

@@ -8,7 +8,8 @@
  */
 #include "tomcrypt.h"
 
-ltc_math_descriptor ltc_mp;
+/* Initialize ltc_mp to nulls, to force allocation on all platforms, including macOS. */
+ltc_math_descriptor ltc_mp = { 0 };
 
 /* ref:         $Format:%D$ */
 /* git commit:  $Format:%H$ */

src/misc/crypt/crypt_sizes.c

@@ -30,8 +30,11 @@ static const crypt_size _crypt_sizes[] = {
     /* hash state sizes */
     _SZ_STRINGIFY_S(ltc_hash_descriptor),
     _SZ_STRINGIFY_T(hash_state),
-#ifdef LTC_SHA256
-    _SZ_STRINGIFY_S(sha256_state),
+#ifdef LTC_CHC_HASH
+    _SZ_STRINGIFY_S(chc_state),
+#endif
+#ifdef LTC_WHIRLPOOL
+    _SZ_STRINGIFY_S(whirlpool_state),
 #endif
 #ifdef LTC_SHA3
     _SZ_STRINGIFY_S(sha3_state),
@@ -39,17 +42,23 @@ static const crypt_size _crypt_sizes[] = {
 #ifdef LTC_SHA512
     _SZ_STRINGIFY_S(sha512_state),
 #endif
-#ifdef LTC_WHIRLPOOL
-    _SZ_STRINGIFY_S(whirlpool_state),
+#ifdef LTC_SHA256
+    _SZ_STRINGIFY_S(sha256_state),
 #endif
-#ifdef LTC_MD2
-    _SZ_STRINGIFY_S(md2_state),
+#ifdef LTC_SHA1
+    _SZ_STRINGIFY_S(sha1_state),
+#endif
+#ifdef LTC_MD5
+    _SZ_STRINGIFY_S(md5_state),
 #endif
 #ifdef LTC_MD4
     _SZ_STRINGIFY_S(md4_state),
 #endif
-#ifdef LTC_MD5
-    _SZ_STRINGIFY_S(md5_state),
+#ifdef LTC_MD2
+    _SZ_STRINGIFY_S(md2_state),
+#endif
+#ifdef LTC_TIGER
+    _SZ_STRINGIFY_S(tiger_state),
 #endif
 #ifdef LTC_RIPEMD128
     _SZ_STRINGIFY_S(rmd128_state),
@@ -63,21 +72,12 @@ static const crypt_size _crypt_sizes[] = {
 #ifdef LTC_RIPEMD320
     _SZ_STRINGIFY_S(rmd320_state),
 #endif
-#ifdef LTC_SHA1
-    _SZ_STRINGIFY_S(sha1_state),
-#endif
-#ifdef LTC_TIGER
-    _SZ_STRINGIFY_S(tiger_state),
-#endif
 #ifdef LTC_BLAKE2S
     _SZ_STRINGIFY_S(blake2s_state),
 #endif
 #ifdef LTC_BLAKE2B
     _SZ_STRINGIFY_S(blake2b_state),
 #endif
-#ifdef LTC_CHC_HASH
-    _SZ_STRINGIFY_S(chc_state),
-#endif
 
     /* block cipher key sizes */
     _SZ_STRINGIFY_S(ltc_cipher_descriptor),
@@ -142,46 +142,57 @@ static const crypt_size _crypt_sizes[] = {
 #endif
 
     /* mode sizes */
-#ifdef LTC_CBC_MODE
-    _SZ_STRINGIFY_T(symmetric_CBC),
+#ifdef LTC_ECB_MODE
+    _SZ_STRINGIFY_T(symmetric_ECB),
 #endif
 #ifdef LTC_CFB_MODE
     _SZ_STRINGIFY_T(symmetric_CFB),
 #endif
+#ifdef LTC_OFB_MODE
+    _SZ_STRINGIFY_T(symmetric_OFB),
+#endif
+#ifdef LTC_CBC_MODE
+    _SZ_STRINGIFY_T(symmetric_CBC),
+#endif
 #ifdef LTC_CTR_MODE
     _SZ_STRINGIFY_T(symmetric_CTR),
 #endif
-#ifdef LTC_ECB_MODE
-    _SZ_STRINGIFY_T(symmetric_ECB),
+#ifdef LTC_LRW_MODE
+    _SZ_STRINGIFY_T(symmetric_LRW),
 #endif
 #ifdef LTC_F8_MODE
     _SZ_STRINGIFY_T(symmetric_F8),
 #endif
-#ifdef LTC_LRW_MODE
-    _SZ_STRINGIFY_T(symmetric_LRW),
+#ifdef LTC_XTS_MODE
+    _SZ_STRINGIFY_T(symmetric_xts),
 #endif
-#ifdef LTC_OFB_MODE
-    _SZ_STRINGIFY_T(symmetric_OFB),
+
+    /* stream cipher sizes */
+#ifdef LTC_CHACHA
+    _SZ_STRINGIFY_T(chacha_state),
+#endif
+#ifdef LTC_RC4_STREAM
+    _SZ_STRINGIFY_T(rc4_state),
+#endif
+#ifdef LTC_SOBER128_STREAM
+    _SZ_STRINGIFY_T(sober128_state),
 #endif
 
     /* MAC sizes            -- no states for ccm, lrw */
-#ifdef LTC_F9_MODE
-    _SZ_STRINGIFY_T(f9_state),
-#endif
 #ifdef LTC_HMAC
     _SZ_STRINGIFY_T(hmac_state),
 #endif
 #ifdef LTC_OMAC
     _SZ_STRINGIFY_T(omac_state),
 #endif
-#ifdef LTC_PELICAN
-    _SZ_STRINGIFY_T(pelican_state),
-#endif
 #ifdef LTC_PMAC
     _SZ_STRINGIFY_T(pmac_state),
 #endif
-#ifdef LTC_XCBC
-    _SZ_STRINGIFY_T(xcbc_state),
+#ifdef LTC_POLY1305
+    _SZ_STRINGIFY_T(poly1305_state),
+#endif
+#ifdef LTC_EAX_MODE
+    _SZ_STRINGIFY_T(eax_state),
 #endif
 #ifdef LTC_OCB_MODE
     _SZ_STRINGIFY_T(ocb_state),
@@ -189,17 +200,23 @@ static const crypt_size _crypt_sizes[] = {
 #ifdef LTC_OCB3_MODE
     _SZ_STRINGIFY_T(ocb3_state),
 #endif
+#ifdef LTC_CCM_MODE
+    _SZ_STRINGIFY_T(ccm_state),
+#endif
 #ifdef LTC_GCM_MODE
     _SZ_STRINGIFY_T(gcm_state),
 #endif
-#ifdef LTC_EAX_MODE
-    _SZ_STRINGIFY_T(eax_state),
+#ifdef LTC_PELICAN
+    _SZ_STRINGIFY_T(pelican_state),
 #endif
-#ifdef LTC_CCM_MODE
-/* not defined */
+#ifdef LTC_XCBC
+    _SZ_STRINGIFY_T(xcbc_state),
 #endif
-#ifdef LRW_MODE
-/* not defined */
+#ifdef LTC_F9_MODE
+    _SZ_STRINGIFY_T(f9_state),
+#endif
+#ifdef LTC_CHACHA20POLY1305_MODE
+    _SZ_STRINGIFY_T(chacha20poly1305_state),
 #endif
 
     /* asymmetric keys */
@@ -214,13 +231,20 @@ static const crypt_size _crypt_sizes[] = {
 #endif
 #ifdef LTC_MECC
     _SZ_STRINGIFY_T(ltc_ecc_set_type),
-    _SZ_STRINGIFY_T(ecc_key),
     _SZ_STRINGIFY_T(ecc_point),
+    _SZ_STRINGIFY_T(ecc_key),
 #endif
 #ifdef LTC_MKAT
     _SZ_STRINGIFY_T(katja_key),
 #endif
 
+    /* DER handling */
+#ifdef LTC_DER
+    _SZ_STRINGIFY_T(ltc_asn1_list),  /* a list entry */
+    _SZ_STRINGIFY_T(ltc_utctime),
+    _SZ_STRINGIFY_T(ltc_generalizedtime),
+#endif
+
     /* prng state sizes */
     _SZ_STRINGIFY_S(ltc_prng_descriptor),
     _SZ_STRINGIFY_T(prng_state),
@@ -248,6 +272,10 @@ static const crypt_size _crypt_sizes[] = {
 #ifdef LTC_CRC32
     _SZ_STRINGIFY_T(crc32_state),
 #endif
+
+    _SZ_STRINGIFY_T(ltc_mp_digit),
+    _SZ_STRINGIFY_T(ltc_math_descriptor)
+
 };
 
 /* crypt_get_size()