added libtomcrypt-1.10

Doxyfile

@@ -23,7 +23,7 @@ PROJECT_NAME           = LibTomCrypt
 # This could be handy for archiving the generated documentation or 
 # if some version control system is used.
 
-PROJECT_NUMBER         = 1.09
+PROJECT_NUMBER         = 1.10
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
 # base path where the generated documentation will be put. 

changes

@@ -1,3 +1,11 @@
+February 11th, 2006
+v1.10 -- Free ecb/cbc/ctr/lrw structures in timing code by calling the "done" function
+      -- fixed bug in lrw_process() which would always use the slow update ...
+      -- vastly sped up gcm_gf_mult() when LTC_FAST is defined.  This speeds up LRW and GCM state creation, useful for servers with GCM
+      -- Removed NLS since there are some attacks against it.  
+      -- fixed memory leak in rsa_import reported by John Kuhns
+      ++ re-released as the rsa fix was incorrect (bad John bad ... hehehe) and I missed some NULLs in the static descriptor entry for ciphers 
+
 January 26th, 2006
 v1.09 -- Added missing doxygen comments to some of the ASN.1 routines
       -- Added "easy button" define LTC_EASY and LTC will build with a subset of all the algos.  Reduces build times for typical
@@ -1405,6 +1413,6 @@ v0.02  -- Changed RC5 to only allow 12 to 24 rounds
 v0.01  -- We will call this the first version.
 
 /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */
-/* $Revision: 1.168 $ */
-/* $Date: 2006/01/26 18:15:51 $ */
+/* $Revision: 1.173 $ */
+/* $Date: 2006/02/11 09:18:11 $ */
 

crypt.tex

@@ -47,7 +47,7 @@
 \def\gap{\vspace{0.5ex}}
 \makeindex
 \begin{document}
-\title{LibTomCrypt \\ Version 1.09}
+\title{LibTomCrypt \\ Version 1.10}
 \author{Tom St Denis \\
 \\
 [email protected] \\
@@ -5181,5 +5181,5 @@ Since the function is given the entire RSA key (for private keys only) CRT is po
 \end{document}
 
 % $Source: /cvs/libtom/libtomcrypt/crypt.tex,v $   
-% $Revision: 1.62 $   
-% $Date: 2006/01/26 18:29:02 $ 
+% $Revision: 1.63 $   
+% $Date: 2006/01/26 19:20:46 $ 

demos/timing.c

@@ -18,6 +18,7 @@ time_keysched();
 time_cipher();
 time_cipher2();
 time_cipher3();
+time_cipher4();
 time_hash();
 time_macs();
 time_encmacs();

makefile

@@ -4,7 +4,7 @@
 # Modified by Clay Culver
 
 # The version
-VERSION=1.09
+VERSION=1.10
 
 # Compiler and Linker Names
 #CC=gcc
@@ -113,9 +113,8 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa
 src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
 src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
 src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
-src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
-src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
-src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
 src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
 src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
@@ -365,5 +364,5 @@ zipup: no_oops docs
 
 
 # $Source: /cvs/libtom/libtomcrypt/makefile,v $ 
-# $Revision: 1.114 $ 
-# $Date: 2006/01/26 06:12:31 $ 
+# $Revision: 1.116 $ 
+# $Date: 2006/01/29 15:53:38 $ 

makefile.icc

@@ -100,9 +100,8 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa
 src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
 src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
 src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
-src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
-src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
-src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
 src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
 src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
@@ -270,6 +269,6 @@ install: library
 	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
 
 # $Source: /cvs/libtom/libtomcrypt/makefile.icc,v $   
-# $Revision: 1.49 $   
-# $Date: 2006/01/26 06:12:31 $ 
+# $Revision: 1.50 $   
+# $Date: 2006/01/29 15:53:38 $ 
 

makefile.msvc

@@ -15,9 +15,8 @@ src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_ad
 src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \
 src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \
 src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \
-src/encauth/nls/nls_memory.obj src/encauth/nls/nlsfast.obj src/encauth/ocb/ocb_decrypt.obj \
-src/encauth/ocb/ocb_decrypt_verify_memory.obj src/encauth/ocb/ocb_done_decrypt.obj \
-src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
+src/encauth/ocb/ocb_decrypt.obj src/encauth/ocb/ocb_decrypt_verify_memory.obj \
+src/encauth/ocb/ocb_done_decrypt.obj src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
 src/encauth/ocb/ocb_shift_xor.obj src/encauth/ocb/ocb_test.obj src/encauth/ocb/s_ocb_done.obj \
 src/hashes/chc/chc.obj src/hashes/helper/hash_file.obj src/hashes/helper/hash_filehandle.obj \
@@ -133,5 +132,5 @@ timing: demos/timing.c library
 	cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib $(EXTRALIBS)
 
 # $Source: /cvs/libtom/libtomcrypt/makefile.msvc,v $   
-# $Revision: 1.29 $   
-# $Date: 2006/01/26 06:12:31 $ 
+# $Revision: 1.30 $   
+# $Date: 2006/01/29 15:53:38 $ 

makefile.shared

@@ -6,7 +6,7 @@
 # Tom St Denis
 
 # The version
-VERSION=0:109
+VERSION=0:110
 
 # Compiler and Linker Names
 CC=libtool --mode=compile gcc 
@@ -107,9 +107,8 @@ src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aa
 src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
 src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
 src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
-src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
-src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
-src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
+src/encauth/ocb/ocb_decrypt.o src/encauth/ocb/ocb_decrypt_verify_memory.o \
+src/encauth/ocb/ocb_done_decrypt.o src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
 src/encauth/ocb/ocb_shift_xor.o src/encauth/ocb/ocb_test.o src/encauth/ocb/s_ocb_done.o \
 src/hashes/chc/chc.o src/hashes/helper/hash_file.o src/hashes/helper/hash_filehandle.o \
@@ -259,5 +258,5 @@ timing: library testprof/$(LIBTEST) $(TIMINGS)
 	gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS)
 
 # $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $   
-# $Revision: 1.43 $   
-# $Date: 2006/01/26 06:12:31 $ 
+# $Revision: 1.45 $   
+# $Date: 2006/01/29 15:53:38 $ 

src/encauth/gcm/gcm_gf_mult.c

@@ -15,8 +15,50 @@
 */
 #include "tomcrypt.h"
 
+#if defined(GCM_TABLES) || defined(LRW_TABLES) || ((defined(GCM_MODE) || defined(GCM_MODE)) && defined(LTC_FAST))
+
+/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format.  Since only the 
+ * lower 16 bits are not zero'ed I removed the upper 14 bytes */
+const unsigned char gcm_shift_table[256*2] = {
+0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
+0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
+0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
+0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
+0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
+0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
+0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
+0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
+0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
+0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
+0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
+0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
+0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
+0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
+0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
+0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
+0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
+0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
+0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
+0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
+0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
+0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
+0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
+0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
+0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
+0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
+0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
+0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
+0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
+0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
+0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
+0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
+
+#endif
+
+
 #if defined(GCM_MODE) || defined(LRW_MODE)
 
+#ifndef LTC_FAST
 /* right shift */
 static void gcm_rightshift(unsigned char *a)
 {
@@ -33,7 +75,7 @@ static const unsigned char poly[] = { 0x00, 0xE1 };
 
      
 /**
-  GCM GF multiplier (internal use only) 
+  GCM GF multiplier (internal use only)  bitserial
   @param a   First value
   @param b   Second value
   @param c   Destination for a * b
@@ -57,8 +99,123 @@ void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *
    }
    XMEMCPY(c, Z, 16);
 }
+
+#else
+
+/* map normal numbers to "ieee" way ... e.g. bit reversed */
+#define M(x) ( ((x&8)>>3) | ((x&4)>>1) | ((x&2)<<1) | ((x&1)<<3) )
+
+#define BPD (sizeof(LTC_FAST_TYPE) * 8)
+#define WPV (1 + (16 / sizeof(LTC_FAST_TYPE)))
+
+/**
+  GCM GF multiplier (internal use only)  word oriented
+  @param a   First value
+  @param b   Second value
+  @param c   Destination for a * b
+ */  
+void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c)
+{
+   int i, j, k, u;
+   LTC_FAST_TYPE B[16][WPV], tmp[32 / sizeof(LTC_FAST_TYPE)], pB[16 / sizeof(LTC_FAST_TYPE)], zz, z;
+   unsigned char pTmp[32];
+
+   /* create simple tables */
+   zeromem(B[0],       sizeof(B[0]));
+   zeromem(B[M(1)],    sizeof(B[M(1)]));
+
+#ifdef ENDIAN_32BITWORD
+   for (i = 0; i < 4; i++) {
+       LOAD32H(B[M(1)][i], a + (i<<2));
+       LOAD32L(pB[i],      b + (i<<2));
+   }
+#else 
+   for (i = 0; i < 2; i++) {
+       LOAD64H(B[M(1)][i], a + (i<<3));
+       LOAD64L(pB[i],      b + (i<<3));
+   }
+#endif
+
+   /* now create 2, 4 and 8 */
+   B[M(2)][0] = B[M(1)][0] >> 1;
+   B[M(4)][0] = B[M(1)][0] >> 2;
+   B[M(8)][0] = B[M(1)][0] >> 3;
+   for (i = 1; i < (int)WPV; i++) {
+      B[M(2)][i] = (B[M(1)][i-1] << (BPD-1)) | (B[M(1)][i] >> 1);
+      B[M(4)][i] = (B[M(1)][i-1] << (BPD-2)) | (B[M(1)][i] >> 2);
+      B[M(8)][i] = (B[M(1)][i-1] << (BPD-3)) | (B[M(1)][i] >> 3);
+   }
+
+   /*  now all values with two bits which are 3, 5, 6, 9, 10, 12 */
+   for (i = 0; i < (int)WPV; i++) {
+      B[M(3)][i]  = B[M(1)][i] ^ B[M(2)][i];
+      B[M(5)][i]  = B[M(1)][i] ^ B[M(4)][i];
+      B[M(6)][i]  = B[M(2)][i] ^ B[M(4)][i];
+      B[M(9)][i]  = B[M(1)][i] ^ B[M(8)][i];
+      B[M(10)][i] = B[M(2)][i] ^ B[M(8)][i];
+      B[M(12)][i] = B[M(8)][i] ^ B[M(4)][i];
+   
+   /*  now all 3 bit values and the only 4 bit value: 7, 11, 13, 14, 15 */
+      B[M(7)][i]  = B[M(3)][i] ^ B[M(4)][i];
+      B[M(11)][i] = B[M(3)][i] ^ B[M(8)][i];
+      B[M(13)][i] = B[M(1)][i] ^ B[M(12)][i];
+      B[M(14)][i] = B[M(6)][i] ^ B[M(8)][i];
+      B[M(15)][i] = B[M(7)][i] ^ B[M(8)][i];
+   }
+
+   zeromem(tmp, sizeof(tmp));
+
+   /* compute product four bits of each word at a time */
+   /* for each nibble */
+   for (i = (BPD/4)-1; i >= 0; i--) {
+       /* for each word */
+       for (j = 0; j < (int)(WPV-1); j++) {
+        /* grab the 4 bits recall the nibbles are backwards so it's a shift by (i^1)*4 */
+           u = (pB[j] >> ((i^1)<<2)) & 15;
+
+        /* add offset by the word count the table looked up value to the result */
+           for (k = 0; k < (int)WPV; k++) {
+               tmp[k+j] ^= B[u][k];
+           }
+       }
+     /* shift result up by 4 bits */
+       if (i != 0) {
+          for (z = j = 0; j < (int)(32 / sizeof(LTC_FAST_TYPE)); j++) {
+              zz = tmp[j] << (BPD-4);
+              tmp[j] = (tmp[j] >> 4) | z;
+              z = zz;
+          }
+       }
+   }
+
+   /* store product */
+#ifdef ENDIAN_32BITWORD
+   for (i = 0; i < 8; i++) {
+       STORE32H(tmp[i], pTmp + (i<<2));
+   }
+#else 
+   for (i = 0; i < 4; i++) {
+       STORE64H(tmp[i], pTmp + (i<<3));
+   }
+#endif
+
+   /* reduce by taking most significant byte and adding the appropriate two byte sequence 16 bytes down */
+   for (i = 31; i >= 16; i--) {
+       pTmp[i-16] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)];
+       pTmp[i-15] ^= gcm_shift_table[((unsigned)pTmp[i]<<1)+1];
+   }
+
+   for (i = 0; i < 16; i++) {
+       c[i] = pTmp[i];
+   }
+
+}
+
+#endif
+
 #endif
 
 /* $Source$ */
 /* $Revision$ */
 /* $Date$ */
+ 

src/encauth/gcm/gcm_init.c

@@ -17,46 +17,6 @@
 
 #ifdef GCM_MODE
 
-#ifdef GCM_TABLES
-
-/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format.  Since only the 
- * lower 16 bits are not zero'ed I removed the upper 14 bytes */
-static const unsigned char gcm_shift_table[256*2] = {
-0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
-0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
-0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
-0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
-0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
-0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
-0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
-0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
-0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
-0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
-0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
-0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
-0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
-0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
-0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
-0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
-0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
-0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
-0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
-0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
-0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
-0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
-0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
-0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
-0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
-0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
-0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
-0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
-0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
-0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
-0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
-0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
-
-#endif
-
 /**
   Initialize a GCM state
   @param gcm     The GCM state to initialize

src/encauth/nls/nls_memory.c

@@ -1,94 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-/**
-  @file nls_memory.c
-  NLS support, process a block of memory, Tom St Denis
-*/
-
-#ifdef NLS_MODE
-
-int nls_memory(const unsigned char *key,    unsigned long keylen,
-               const unsigned char *IV,     unsigned long IVlen,
-               const unsigned char *adata,  unsigned long adatalen,
-                     unsigned char *pt,     unsigned long ptlen,
-                     unsigned char *ct, 
-                     unsigned char *tag,    unsigned long taglen,
-                               int direction)
-{
-   nls_state *nls;
-   int        err;
-
-   LTC_ARGCHK(key   != NULL);
-   LTC_ARGCHK(IV    != NULL);
-   if (adatalen > 0) {
-      LTC_ARGCHK(adata != NULL);
-   }      
-   LTC_ARGCHK(pt    != NULL);
-   LTC_ARGCHK(ct    != NULL);
-   if (taglen > 0) {
-      LTC_ARGCHK(tag   != NULL);
-   }      
-   
-   /* alloc NLS state */
-   nls = XCALLOC(1, sizeof(*nls));
-   if (nls == NULL) {
-      return CRYPT_MEM;
-   }
-   
-   /* init key and IV */
-   if ((err = nls_key(nls, key, keylen)) != CRYPT_OK) {
-      goto done;
-   }
-   if ((err = nls_nonce(nls, IV, IVlen)) != CRYPT_OK) {
-      goto done;
-   }
-   
-   /* process adata */
-   if (adatalen > 0) {
-      if ((err = nls_maconly(nls, adata, adatalen)) != CRYPT_OK) {
-         goto done;
-      }
-   }      
-   
-   /* process msg */
-   if (direction == NLS_ENCRYPT) {
-      if ((err = nls_encrypt(nls, pt, nbytes, ct)) != CRYPT_OK) {
-         goto done;
-      }
-   } else {      
-      if ((err = nls_decrypt(nls, ct, nbytes, pt)) != CRYPT_OK) {
-         goto done;
-      }
-   }      
-   
-   /* grab tag */
-   if (taglen > 0) {
-      if ((err = nls_finish(nls, tag, taglen)) != CRYPT_OK) {
-         goto done;
-      }
-   }
-   
-   err = CRYPT_OK;
-done:
-#ifdef LTC_CLEAN_STACK
-   zeromem(nls, sizeof(*nls));
-#endif
-   XFREE(nls);
-   
-   return err;
-}                     
-
-#endif
-
-/* $Source$ */
-/* $Revision$ */
-/* $Date$ */

src/encauth/nls/nlsfast.c

@@ -1,981 +0,0 @@
-/* LibTomCrypt, modular cryptographic library -- Tom St Denis
- *
- * LibTomCrypt is a library that provides various cryptographic
- * algorithms in a highly modular and flexible manner.
- *
- * The library is free for all purposes without any express
- * guarantee it works.
- *
- * Tom St Denis, [email protected], http://libtomcrypt.org
- */
-
-/**
-  @file nlsfast.c
-  NLS support, entire suite, Tom St Denis
-*/
-
-
-/* Id: nlsfast.c 346 2005-04-22 18:36:12Z mwp */
-/* nlsfast: NLS stream cipher and Mundja MAC -- fast implementation */
-
-/*
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
-WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND AGAINST
-INFRINGEMENT ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-*/
-
-
-/* This source has been modified from the original source for the LibTomCrypt project
- * by Tom St Denis.  (Warnings fixed and code GNU indented)
- */
-
-#include "tomcrypt.h"
-
-#ifdef NLS_MODE
-
-#define NLS_LONG_OUTPUT 1
-#define N               17
-#define NMAC            8
-#define WORDSIZE        32
-#define F16             0x10001ul
-#define MACKONST        8
-
-/* interface, multiplication table and SBox */
-#include "nlssbox.inc"
-#include "nlsmultab.inc"
-/*
- * FOLD is how many register cycles need to be performed after combining the
- * last byte of key and non-linear feedback, before every byte depends on every
- * byte of the key. This depends on the feedback and nonlinear functions, and
- * on where they are combined into the register.
- */
-#define FOLD N                  /* how many iterations of folding to do */
-#define INITKONST 0x6996c53a    /* value of KONST to use during key loading */
-#define KEYP 15                 /* where to insert key words */
-#define FOLDP 4                 /* where to insert non-linear feedback */
-#if NLS_LONG_OUTPUT
-#define CTRP 2                  /* where to insert counter to avoid small cycles */
-#endif /*NLS_LONG_OUTPUT */
-
-#define Byte(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
-
-/* define IS_LITTLE_ENDIAN for faster operation when appropriate */
-#if defined(ENDIAN_LITTLE) && defined(ENDIAN_32BITWORD)
-/* Useful macros -- little endian words on a little endian machine */
-#define BYTE2WORD(b) (*(ulong32 *)(b))
-#define WORD2BYTE(w, b) ((*(ulong32 *)(b)) = w)
-#define XORWORD(w, b) ((*(ulong32 *)(b)) ^= w)
-#else
-/* Useful macros -- machine independent little-endian version */
-#define BYTE2WORD(b) ( \
-   (((ulong32)(b)[3] & 0xFF)<<24) | \
-   (((ulong32)(b)[2] & 0xFF)<<16) | \
-   (((ulong32)(b)[1] & 0xFF)<<8) | \
-   (((ulong32)(b)[0] & 0xFF)) \
-)
-#define WORD2BYTE(w, b) { \
-   (b)[3] = Byte(w,3); \
-   (b)[2] = Byte(w,2); \
-   (b)[1] = Byte(w,1); \
-   (b)[0] = Byte(w,0); \
-}
-#define XORWORD(w, b) { \
-   (b)[3] ^= Byte(w,3); \
-   (b)[2] ^= Byte(w,2); \
-   (b)[1] ^= Byte(w,1); \
-   (b)[0] ^= Byte(w,0); \
-}
-#endif
-
-#if NLS_LONG_OUTPUT
-#define ZEROCOUNTER(c)    c->CtrModF16 = c->CtrMod232 = 0
-#else
-#define ZEROCOUNTER(c)          /* nothing */
-#endif /*NLS_LONG_OUTPUT */
-
-/* give correct offset for the current position of the register,
- * where logically R[0] is at position "zero".
- */
-#define OFF(zero, i) (((zero)+(i)) % N)
-
-#if NLS_LONG_OUTPUT
-/* Increment counter and mix into register every so often */
-#define FIXCTR(c,z) \
-{ \
-    if (++c->CtrModF16 == F16) { \
-   c->CtrMod232 += c->CtrModF16; \
-   c->R[OFF(z,CTRP)] += c->CtrMod232; \
-   c->CtrMod232 = 0; \
-    } \
-}
-#endif /*NLS_LONG_OUTPUT */
-
-/* step the shift register */
-/* After stepping, "zero" moves right one place */
-#define STEP(c,z) \
-    { register ulong32 tt; \
-   tt = ROL(c->R[OFF(z,0)],19) + ROL(c->R[OFF(z,15)],9) + c->konst; \
-   tt ^= Sbox[(tt >> 24) & 0xFF]; \
-   c->R[OFF(z,0)] = tt ^ c->R[OFF(z,4)]; \
-    }
-static void cycle(nls_state * c)
-{
-   ulong32 t;
-   int i;
-
-   /* nonlinear feedback function */
-   STEP(c, 0);
-   /* shift register */
-   t = c->R[0];
-   for (i = 1; i < N; ++i)
-      c->R[i - 1] = c->R[i];
-   c->R[N - 1] = t;
-#if NLS_LONG_OUTPUT
-   FIXCTR(c, 0);
-#endif /*NLS_LONG_OUTPUT */
-}
-
-/* Return a non-linear function of some parts of the register.
- */
-#define NLFUNC(c,z) \
-    (c->R[OFF(z,0)] + c->R[OFF(z,16)]) \
-    ^ (c->R[OFF(z,1)] + c->konst) \
-    ^ (c->R[OFF(z,6)] + c->R[OFF(z,13)])
-
-static ulong32 nltap(nls_state * c)
-{
-   return NLFUNC(c, 0);
-}
-
-/* The Mundja MAC function is modelled after the round function of SHA-256.
- * The following lines establish aliases for the MAC accumulator, just
- * so that the definition of that function looks more like FIPS-180-2.
- */
-#define A c->M[0]
-#define B c->M[1]
-#define C c->M[2]
-#define D c->M[3]
-#define E c->M[4]
-#define F c->M[5]
-#define G c->M[6]
-#define H c->M[7]
-#define SIGMA0(x) (ROR((x), 2) ^ ROR((x), 13) ^ ROR((x), 22))
-#define SIGMA1(x) (ROR((x), 6) ^ ROR((x), 11) ^ ROR((x), 25))
-#define CHOOSE(x,y,z) (z ^ (x & (y ^ z)))
-#define MAJORITY(x,y,z) ((x & y) | (z & (x | y)))
-
-/* Accumulate a nonlinear function of a register word and an input word for MAC.
- * Except for the added S-Box and SOBER LFSR input instead of constants,
- * this is exactly a round of SHA-256.
- */
-#define SHAFUNC(c,i,k,A,B,C,D,E,F,G,H) \
-    { \
-   ulong32   t1; \
-   t1 = H + k + i; \
-   t1 ^= Sbox[(t1 >> 24) & 0xFF]; \
-   t1 += SIGMA1(E) + CHOOSE(E, F, G); \
-   D += t1; \
-   t1 += SIGMA0(A) + MAJORITY(A, B, C); \
-   H = t1; \
-    }
-
-static void shafunc(nls_state * c, ulong32 i)
-{
-   ulong32 t;
-
-   SHAFUNC(c, i, c->R[MACKONST], A, B, C, D, E, F, G, H);
-   /* now correct alignment of MAC accumulator */
-   t = c->M[NMAC - 1];
-   for (i = NMAC - 1; i > 0; --i)
-      c->M[i] = c->M[i - 1];
-   c->M[0] = t;
-}
-
-/* Accumulate a CRC of input words, later to be fed into MAC.
- */
-#define CRCFUNC(c,i,zero,five) \
-    { \
-   ulong32   t1; \
-   t1 = (c->CRC[zero] << 8) ^ Multab[(c->CRC[zero] >> 24) & 0xFF] \
-      ^ c->CRC[five] ^ i; \
-   c->CRC[zero] = t1; \
-    }
-
-static void crcfunc(nls_state * c, ulong32 i)
-{
-   ulong32 t;
-
-   CRCFUNC(c, i, 0, 5);
-   /* now correct alignment of CRC accumulator */
-   t = c->CRC[0];
-   for (i = 1; i < NMAC; ++i)
-      c->CRC[i - 1] = c->CRC[i];
-   c->CRC[NMAC - 1] = t;
-}
-
-/* Normal MAC word processing: do both SHA and CRC.
- */
-static void macfunc(nls_state * c, ulong32 i)
-{
-   crcfunc(c, i);
-   shafunc(c, i);
-}
-
-/* initialise to known state
- */
-static void nls_initstate(nls_state * c)
-{
-   int i;
-
-   /* Register initialised to Fibonacci numbers */
-   c->R[0] = 1;
-   c->R[1] = 1;
-   for (i = 2; i < N; ++i)
-      c->R[i] = c->R[i - 1] + c->R[i - 2];
-   c->konst = INITKONST;
-   ZEROCOUNTER(c);
-}
-
-/* Save the current register state
- */
-static void nls_savestate(nls_state * c)
-{
-   int i;
-
-   for (i = 0; i < N; ++i)
-      c->initR[i] = c->R[i];
-}
-
-/* initialise to previously saved register state
- */
-static void nls_reloadstate(nls_state * c)
-{
-   int i;
-
-   for (i = 0; i < N; ++i)
-      c->R[i] = c->initR[i];
-   ZEROCOUNTER(c);
-}
-
-/* Initialise "konst"
- */
-static void nls_genkonst(nls_state * c)
-{
-   ulong32 newkonst;
-
-   do {
-      cycle(c);
-      newkonst = nltap(c);
-   }
-   while ((newkonst & 0xFF000000) == 0);
-   c->konst = newkonst;
-}
-
-/* Load key material into the register
- */
-#define ADDKEY(k) \
-   c->R[KEYP] += (k);
-
-#define XORNL(nl) \
-   c->R[FOLDP] ^= (nl);
-
-/* nonlinear diffusion of register for key and MAC */
-#define DROUND(z) STEP(c,z); c->R[OFF((z+1),FOLDP)] ^= NLFUNC(c,(z+1));
-static void nls_diffuse(nls_state * c)
-{
-   /* relies on FOLD == N! */
-   DROUND(0);
-   DROUND(1);
-   DROUND(2);
-   DROUND(3);
-   DROUND(4);
-   DROUND(5);
-   DROUND(6);
-   DROUND(7);
-   DROUND(8);
-   DROUND(9);
-   DROUND(10);
-   DROUND(11);
-   DROUND(12);
-   DROUND(13);
-   DROUND(14);
-   DROUND(15);
-   DROUND(16);
-}
-
-/* common actions for loading key material */
-static void
-nls_loadkey(nls_state * c, const unsigned char *key, unsigned long keylen)
-{
-   ulong32 i, k;
-
-   /* start folding in key, reject odd sized keys */
-   if ((keylen & 3) != 0)
-      abort();
-   for (i = 0; i < keylen; i += 4) {
-      k = BYTE2WORD(&key[i]);
-      ADDKEY(k);
-      cycle(c);
-      XORNL(nltap(c));
-   }
-
-   /* also fold in the length of the key */
-   ADDKEY(keylen);
-
-   /* now diffuse */
-   nls_diffuse(c);
-}
-
-/* initialise MAC related registers
- */
-static void nls_macinit(nls_state * c)
-{
-   int i;
-
-   for (i = 0; i < NMAC; ++i) {
-      c->M[i] = c->R[i];
-      c->CRC[i] = c->R[i + NMAC];
-   }
-}
-
-/* Published "key" interface
- */
-int nls_key(nls_state * c, const unsigned char *key, unsigned long keylen)
-{
-   LTC_ARGCHK(c != NULL);
-   LTC_ARGCHK(key != NULL);
-
-   if (keylen == 0) {
-      return CRYPT_INVALID_ARG;
-   }
-   nls_initstate(c);
-   nls_loadkey(c, key, keylen);
-   nls_genkonst(c);
-   nls_savestate(c);
-   nls_macinit(c);
-   c->nbuf = 0;
-   ZEROCOUNTER(c);
-   return CRYPT_OK;
-}
-
-/* Published "nonce" interface
- */
-int
-nls_nonce(nls_state * c, const unsigned char *nonce, unsigned long noncelen)
-{
-   LTC_ARGCHK(c != NULL);
-   LTC_ARGCHK(nonce != NULL);
-   if (noncelen == 0) {
-      return CRYPT_INVALID_ARG;
-   }
-   nls_reloadstate(c);
-   nls_loadkey(c, nonce, noncelen);
-   nls_macinit(c);
-   c->nbuf = 0;
-   ZEROCOUNTER(c);
-   return CRYPT_OK;
-}
-
-#if 0
-/* XOR pseudo-random bytes into buffer
- * Note: doesn't play well with MAC functions.
- */
-#define SROUND(z) STEP(c,z); t = NLFUNC(c,(z+1)); XORWORD(t, buf+(z*4));
-static void
-nls_stream(nls_state * c, unsigned char *buf, unsigned long nbytes)
-{
-   ulong32 t = 0;
-
-   /* handle any previously buffered bytes */
-   while (c->nbuf != 0 && nbytes != 0) {
-      *buf++ ^= c->sbuf & 0xFF;
-      c->sbuf >>= 8;
-      c->nbuf -= 8;
-      --nbytes;
-   }
-
-   /* do lots at a time, if there's enough to do */
-   while (nbytes >= N * 4) {
-#if NLS_LONG_OUTPUT
-      if (c->CtrModF16 < (F16 - 17)) {
-#endif /*NLS_LONG_OUTPUT */
-         SROUND(0);
-         SROUND(1);
-         SROUND(2);
-         SROUND(3);
-         SROUND(4);
-         SROUND(5);
-         SROUND(6);
-         SROUND(7);
-         SROUND(8);
-         SROUND(9);
-         SROUND(10);
-         SROUND(11);
-         SROUND(12);
-         SROUND(13);
-         SROUND(14);
-         SROUND(15);
-         SROUND(16);
-#if NLS_LONG_OUTPUT
-         c->CtrModF16 += 17;
-      } else {
-         SROUND(0);
-         FIXCTR(c, 1);
-         SROUND(1);
-         FIXCTR(c, 2);
-         SROUND(2);
-         FIXCTR(c, 3);
-         SROUND(3);
-         FIXCTR(c, 4);
-         SROUND(4);
-         FIXCTR(c, 5);
-         SROUND(5);
-         FIXCTR(c, 6);
-         SROUND(6);
-         FIXCTR(c, 7);
-         SROUND(7);
-         FIXCTR(c, 8);
-         SROUND(8);
-         FIXCTR(c, 9);
-         SROUND(9);
-         FIXCTR(c, 10);
-         SROUND(10);
-         FIXCTR(c, 11);
-         SROUND(11);
-         FIXCTR(c, 12);
-         SROUND(12);
-         FIXCTR(c, 13);
-         SROUND(13);
-         FIXCTR(c, 14);
-         SROUND(14);
-         FIXCTR(c, 15);
-         SROUND(15);
-         FIXCTR(c, 16);
-         SROUND(16);
-         FIXCTR(c, 0);
-      }
-#endif /*NLS_LONG_OUTPUT */
-      buf += 4 * N;
-      nbytes -= N * 4;
-   }
-
-   /* do small or odd size buffers the slow way */
-   while (4 <= nbytes) {
-      cycle(c);
-      t = nltap(c);
-      XORWORD(t, buf);
-      buf += 4;
-      nbytes -= 4;
-   }
-
-   /* handle any trailing bytes */
-   if (nbytes != 0) {
-      cycle(c);
-      c->sbuf = nltap(c);
-      c->nbuf = 32;
-      while (c->nbuf != 0 && nbytes != 0) {
-         *buf++ ^= c->sbuf & 0xFF;
-         c->sbuf >>= 8;
-         c->nbuf -= 8;
-         --nbytes;
-      }
-   }
-}
-
-#endif
-
-/* accumulate words into MAC without encryption
- * Note that plaintext is accumulated for MAC.
- */
-#define MROUND(z,A,B,C,D,E,F,G,H) \
-    t = BYTE2WORD(buf+(z*4)); \
-    STEP(c,z); \
-    CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \
-    SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H);
-int nls_maconly(nls_state * c, const unsigned char *buf, unsigned long nbytes)
-{
-   int i;
-   ulong32 t = 0;
-
-   LTC_ARGCHK(c != NULL);
-   LTC_ARGCHK(buf != NULL);
-
-
-   /* handle any previously buffered bytes */
-   if (c->nbuf != 0) {
-      while (c->nbuf != 0 && nbytes != 0) {
-         c->mbuf ^= (*buf++) << (32 - c->nbuf);
-         c->nbuf -= 8;
-         --nbytes;
-      }
-      if (c->nbuf != 0) {       /* not a whole word yet */
-         return CRYPT_OK;
-      }
-      /* LFSR already cycled */
-      macfunc(c, c->mbuf);
-   }
-
-   /* do lots at a time, if there's enough to do */
-   while (4 * N <= nbytes) {
-#if NLS_LONG_OUTPUT
-      if (c->CtrModF16 < (F16 - 17)) {
-#endif /*NLS_LONG_OUTPUT */
-         MROUND(0, A, B, C, D, E, F, G, H);
-         MROUND(1, H, A, B, C, D, E, F, G);
-         MROUND(2, G, H, A, B, C, D, E, F);
-         MROUND(3, F, G, H, A, B, C, D, E);
-         MROUND(4, E, F, G, H, A, B, C, D);
-         MROUND(5, D, E, F, G, H, A, B, C);
-         MROUND(6, C, D, E, F, G, H, A, B);
-         MROUND(7, B, C, D, E, F, G, H, A);
-         MROUND(8, A, B, C, D, E, F, G, H);
-         MROUND(9, H, A, B, C, D, E, F, G);
-         MROUND(10, G, H, A, B, C, D, E, F);
-         MROUND(11, F, G, H, A, B, C, D, E);
-         MROUND(12, E, F, G, H, A, B, C, D);
-         MROUND(13, D, E, F, G, H, A, B, C);
-         MROUND(14, C, D, E, F, G, H, A, B);
-         MROUND(15, B, C, D, E, F, G, H, A);
-         MROUND(16, A, B, C, D, E, F, G, H);
-#if NLS_LONG_OUTPUT
-         c->CtrModF16 += 17;
-      } else {
-         MROUND(0, A, B, C, D, E, F, G, H);
-         FIXCTR(c, 1);
-         MROUND(1, H, A, B, C, D, E, F, G);
-         FIXCTR(c, 2);
-         MROUND(2, G, H, A, B, C, D, E, F);
-         FIXCTR(c, 3);
-         MROUND(3, F, G, H, A, B, C, D, E);
-         FIXCTR(c, 4);
-         MROUND(4, E, F, G, H, A, B, C, D);
-         FIXCTR(c, 5);
-         MROUND(5, D, E, F, G, H, A, B, C);
-         FIXCTR(c, 6);
-         MROUND(6, C, D, E, F, G, H, A, B);
-         FIXCTR(c, 7);
-         MROUND(7, B, C, D, E, F, G, H, A);
-         FIXCTR(c, 8);
-         MROUND(8, A, B, C, D, E, F, G, H);
-         FIXCTR(c, 9);
-         MROUND(9, H, A, B, C, D, E, F, G);
-         FIXCTR(c, 10);
-         MROUND(10, G, H, A, B, C, D, E, F);
-         FIXCTR(c, 11);
-         MROUND(11, F, G, H, A, B, C, D, E);
-         FIXCTR(c, 12);
-         MROUND(12, E, F, G, H, A, B, C, D);
-         FIXCTR(c, 13);
-         MROUND(13, D, E, F, G, H, A, B, C);
-         FIXCTR(c, 14);
-         MROUND(14, C, D, E, F, G, H, A, B);
-         FIXCTR(c, 15);
-         MROUND(15, B, C, D, E, F, G, H, A);
-         FIXCTR(c, 16);
-         MROUND(16, A, B, C, D, E, F, G, H);
-         FIXCTR(c, 0);
-      }
-#endif /*NLS_LONG_OUTPUT */
-      buf += 4 * N;
-      nbytes -= 4 * N;
-      /* fix alignment of MAC buffer */
-      t = c->M[NMAC - 1];
-      for (i = NMAC - 1; i > 0; --i)
-         c->M[i] = c->M[i - 1];
-      c->M[0] = t;
-      /* fix alignment of CRC buffer */
-      t = c->CRC[0];
-      for (i = 1; i < NMAC; ++i)
-         c->CRC[i - 1] = c->CRC[i];
-      c->CRC[NMAC - 1] = t;
-   }
-
-   /* do small or odd size buffers the slow way */
-   while (4 <= nbytes) {
-      cycle(c);
-      macfunc(c, BYTE2WORD(buf));
-      buf += 4;
-      nbytes -= 4;
-   }
-
-   /* handle any trailing bytes */
-   if (nbytes != 0) {
-      cycle(c);
-      c->sbuf = nltap(c);
-      c->mbuf = 0;
-      c->nbuf = 32;
-      while (nbytes != 0) {
-         c->mbuf ^= (*buf++) << (32 - c->nbuf);
-         c->nbuf -= 8;
-         --nbytes;
-      }
-   }
-
-   return CRYPT_OK;
-}
-
-/* Combined MAC and encryption.
- * Note that plaintext is accumulated for MAC.
- */
-#define EROUND(z,A,B,C,D,E,F,G,H) \
-    STEP(c,z); \
-    t3 = BYTE2WORD(buf+(z*4)); \
-    CRCFUNC(c,t3,((z)&0x7),(((z)+5)&0x7)); \
-    SHAFUNC(c,t3,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \
-    t = NLFUNC(c,(z+1)); \
-    t ^= t3; \
-    WORD2BYTE(t,buf+(z*4));
-int nls_encrypt(nls_state * c, 
-                const unsigned char *pt, unsigned long nbytes,
-                      unsigned char *ct)
-{
-   ulong32 t = 0, t3 = 0;
-   int i;
-
-   LTC_ARGCHK(c != NULL);
-   LTC_ARGCHK(pt != NULL);
-   LTC_ARGCHK(ct != NULL);
-   
-   #define buf ct
-   
-   /* do copy as required */
-   if (pt != ct) {
-       XMEMCPY(ct, pt, nbytes);
-   }       
-
-   /* handle any previously buffered bytes */
-   if (c->nbuf != 0) {
-      while (c->nbuf != 0 && nbytes != 0) {
-         c->mbuf ^= *buf << (32 - c->nbuf);
-         *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
-         ++buf;
-         c->nbuf -= 8;
-         --nbytes;
-      }
-      if (c->nbuf != 0)         /* not a whole word yet */
-         return CRYPT_OK;
-      /* LFSR already cycled */
-      macfunc(c, c->mbuf);
-   }
-
-   /* do lots at a time, if there's enough to do */
-   while (4 * N <= nbytes) {
-#if NLS_LONG_OUTPUT
-      if (c->CtrModF16 < (F16 - 17)) {
-#endif /*NLS_LONG_OUTPUT */
-         EROUND(0, A, B, C, D, E, F, G, H);
-         EROUND(1, H, A, B, C, D, E, F, G);
-         EROUND(2, G, H, A, B, C, D, E, F);
-         EROUND(3, F, G, H, A, B, C, D, E);
-         EROUND(4, E, F, G, H, A, B, C, D);
-         EROUND(5, D, E, F, G, H, A, B, C);
-         EROUND(6, C, D, E, F, G, H, A, B);
-         EROUND(7, B, C, D, E, F, G, H, A);
-         EROUND(8, A, B, C, D, E, F, G, H);
-         EROUND(9, H, A, B, C, D, E, F, G);
-         EROUND(10, G, H, A, B, C, D, E, F);
-         EROUND(11, F, G, H, A, B, C, D, E);
-         EROUND(12, E, F, G, H, A, B, C, D);
-         EROUND(13, D, E, F, G, H, A, B, C);
-         EROUND(14, C, D, E, F, G, H, A, B);
-         EROUND(15, B, C, D, E, F, G, H, A);
-         EROUND(16, A, B, C, D, E, F, G, H);
-#if NLS_LONG_OUTPUT
-         c->CtrModF16 += 17;
-      } else {
-         EROUND(0, A, B, C, D, E, F, G, H);
-         FIXCTR(c, 1);
-         EROUND(1, H, A, B, C, D, E, F, G);
-         FIXCTR(c, 2);
-         EROUND(2, G, H, A, B, C, D, E, F);
-         FIXCTR(c, 3);
-         EROUND(3, F, G, H, A, B, C, D, E);
-         FIXCTR(c, 4);
-         EROUND(4, E, F, G, H, A, B, C, D);
-         FIXCTR(c, 5);
-         EROUND(5, D, E, F, G, H, A, B, C);
-         FIXCTR(c, 6);
-         EROUND(6, C, D, E, F, G, H, A, B);
-         FIXCTR(c, 7);
-         EROUND(7, B, C, D, E, F, G, H, A);
-         FIXCTR(c, 8);
-         EROUND(8, A, B, C, D, E, F, G, H);
-         FIXCTR(c, 9);
-         EROUND(9, H, A, B, C, D, E, F, G);
-         FIXCTR(c, 10);
-         EROUND(10, G, H, A, B, C, D, E, F);
-         FIXCTR(c, 11);
-         EROUND(11, F, G, H, A, B, C, D, E);
-         FIXCTR(c, 12);
-         EROUND(12, E, F, G, H, A, B, C, D);
-         FIXCTR(c, 13);
-         EROUND(13, D, E, F, G, H, A, B, C);
-         FIXCTR(c, 14);
-         EROUND(14, C, D, E, F, G, H, A, B);
-         FIXCTR(c, 15);
-         EROUND(15, B, C, D, E, F, G, H, A);
-         FIXCTR(c, 16);
-         EROUND(16, A, B, C, D, E, F, G, H);
-         FIXCTR(c, 0);
-      }
-#endif /*NLS_LONG_OUTPUT */
-      buf += 4 * N;
-      nbytes -= 4 * N;
-      /* fix alignment of MAC buffer */
-      t = c->M[7];
-      for (i = NMAC - 1; i > 0; --i)
-         c->M[i] = c->M[i - 1];
-      c->M[0] = t;
-      /* fix alignment of CRC buffer */
-      t = c->CRC[0];
-      for (i = 1; i < NMAC; ++i)
-         c->CRC[i - 1] = c->CRC[i];
-      c->CRC[NMAC - 1] = t;
-   }
-
-   /* do small or odd size buffers the slow way */
-   while (4 <= nbytes) {
-      cycle(c);
-      t = BYTE2WORD(buf);
-      macfunc(c, t);
-      t ^= nltap(c);
-      WORD2BYTE(t, buf);
-      nbytes -= 4;
-      buf += 4;
-   }
-
-   /* handle any trailing bytes */
-   if (nbytes != 0) {
-      cycle(c);
-      c->sbuf = nltap(c);
-      c->mbuf = 0;
-      c->nbuf = 32;
-      while (c->nbuf != 0 && nbytes != 0) {
-         c->mbuf ^= *buf << (32 - c->nbuf);
-         *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
-         ++buf;
-         c->nbuf -= 8;
-         --nbytes;
-      }
-   }
-   
-   #undef buf
-
-   return CRYPT_OK;
-}
-
-/* Combined MAC and decryption.
- * Note that plaintext is accumulated for MAC.
- */
-#undef DROUND
-#define DROUND(z,A,B,C,D,E,F,G,H) \
-    STEP(c,z); \
-    t = NLFUNC(c,(z+1)); \
-    t3 = BYTE2WORD(buf+(z*4)); \
-    t ^= t3; \
-    CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \
-    SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \
-    WORD2BYTE(t, buf+(z*4));
-int nls_decrypt(nls_state * c, 
-                const unsigned char *ct, unsigned long nbytes,
-                      unsigned char *pt)
-{
-   ulong32 t = 0, t3 = 0;
-   int i;
-
-   LTC_ARGCHK(c  != NULL);
-   LTC_ARGCHK(pt != NULL);
-   LTC_ARGCHK(ct != NULL);
-   
-   #define buf pt
-   
-   if (pt != ct) {
-      XMEMCPY(pt, ct, nbytes);
-   }      
-
-   /* handle any previously buffered bytes */
-   if (c->nbuf != 0) {
-      while (c->nbuf != 0 && nbytes != 0) {
-         *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
-         c->mbuf ^= *buf << (32 - c->nbuf);
-         ++buf;
-         c->nbuf -= 8;
-         --nbytes;
-      }
-      if (c->nbuf != 0)         /* not a whole word yet */
-         return CRYPT_OK;
-      /* LFSR already cycled */
-      macfunc(c, c->mbuf);
-   }
-
-   /* now do lots at a time, if there's enough */
-   while (4 * N <= nbytes) {
-#if NLS_LONG_OUTPUT
-      if (c->CtrModF16 < (F16 - 17)) {
-#endif /*NLS_LONG_OUTPUT */
-         DROUND(0, A, B, C, D, E, F, G, H);
-         DROUND(1, H, A, B, C, D, E, F, G);
-         DROUND(2, G, H, A, B, C, D, E, F);
-         DROUND(3, F, G, H, A, B, C, D, E);
-         DROUND(4, E, F, G, H, A, B, C, D);
-         DROUND(5, D, E, F, G, H, A, B, C);
-         DROUND(6, C, D, E, F, G, H, A, B);
-         DROUND(7, B, C, D, E, F, G, H, A);
-         DROUND(8, A, B, C, D, E, F, G, H);
-         DROUND(9, H, A, B, C, D, E, F, G);
-         DROUND(10, G, H, A, B, C, D, E, F);
-         DROUND(11, F, G, H, A, B, C, D, E);
-         DROUND(12, E, F, G, H, A, B, C, D);
-         DROUND(13, D, E, F, G, H, A, B, C);
-         DROUND(14, C, D, E, F, G, H, A, B);
-         DROUND(15, B, C, D, E, F, G, H, A);
-         DROUND(16, A, B, C, D, E, F, G, H);
-#if NLS_LONG_OUTPUT
-         c->CtrModF16 += 17;
-      } else {
-         DROUND(0, A, B, C, D, E, F, G, H);
-         FIXCTR(c, 1);
-         DROUND(1, H, A, B, C, D, E, F, G);
-         FIXCTR(c, 2);
-         DROUND(2, G, H, A, B, C, D, E, F);
-         FIXCTR(c, 3);
-         DROUND(3, F, G, H, A, B, C, D, E);
-         FIXCTR(c, 4);
-         DROUND(4, E, F, G, H, A, B, C, D);
-         FIXCTR(c, 5);
-         DROUND(5, D, E, F, G, H, A, B, C);
-         FIXCTR(c, 6);
-         DROUND(6, C, D, E, F, G, H, A, B);
-         FIXCTR(c, 7);
-         DROUND(7, B, C, D, E, F, G, H, A);
-         FIXCTR(c, 8);
-         DROUND(8, A, B, C, D, E, F, G, H);
-         FIXCTR(c, 9);
-         DROUND(9, H, A, B, C, D, E, F, G);
-         FIXCTR(c, 10);
-         DROUND(10, G, H, A, B, C, D, E, F);
-         FIXCTR(c, 11);
-         DROUND(11, F, G, H, A, B, C, D, E);
-         FIXCTR(c, 12);
-         DROUND(12, E, F, G, H, A, B, C, D);
-         FIXCTR(c, 13);
-         DROUND(13, D, E, F, G, H, A, B, C);
-         FIXCTR(c, 14);
-         DROUND(14, C, D, E, F, G, H, A, B);
-         FIXCTR(c, 15);
-         DROUND(15, B, C, D, E, F, G, H, A);
-         FIXCTR(c, 16);
-         DROUND(16, A, B, C, D, E, F, G, H);
-         FIXCTR(c, 0);
-      }
-#endif /*NLS_LONG_OUTPUT */
-      buf += 4 * N;
-      nbytes -= 4 * N;
-      /* fix alignment of MAC buffer */
-      t = c->M[7];
-      for (i = NMAC - 1; i > 0; --i)
-         c->M[i] = c->M[i - 1];
-      c->M[0] = t;
-      /* fix alignment of CRC buffer */
-      t = c->CRC[0];
-      for (i = 1; i < NMAC; ++i)
-         c->CRC[i - 1] = c->CRC[i];
-      c->CRC[NMAC - 1] = t;
-   }
-
-   /* do small or odd size buffers the slow way */
-   while (4 <= nbytes) {
-      cycle(c);
-      t = nltap(c);
-      t3 = BYTE2WORD(buf);
-      t ^= t3;
-      macfunc(c, t);
-      WORD2BYTE(t, buf);
-      nbytes -= 4;
-      buf += 4;
-   }
-
-   /* handle any trailing bytes */
-   if (nbytes != 0) {
-      cycle(c);
-      c->sbuf = nltap(c);
-      c->mbuf = 0;
-      c->nbuf = 32;
-      while (c->nbuf != 0 && nbytes != 0) {
-         *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
-         c->mbuf ^= *buf << (32 - c->nbuf);
-         ++buf;
-         c->nbuf -= 8;
-         --nbytes;
-      }
-   }
-   return CRYPT_OK;
-   
-   #undef buf
-}
-
-/* Having accumulated a MAC, finish processing and return it.
- * Note that any unprocessed bytes are treated as if
- * they were encrypted zero bytes, so plaintext (zero) is accumulated.
- */
-int nls_finish(nls_state * c, unsigned char *buf, unsigned long nbytes)
-{
-   ulong32 i;
-
-   LTC_ARGCHK(c   != NULL);
-   LTC_ARGCHK(buf != NULL);
-
-   /* handle any previously buffered bytes */
-   if (c->nbuf != 0) {
-      /* LFSR already cycled */
-      macfunc(c, c->mbuf);
-   }
-
-   /* perturb the MAC to mark end of input.
-    * Note that only the SHA part is updated, not the CRC. This is an
-    * action that can't be duplicated by passing in plaintext, hence
-    * defeating any kind of extension attack.
-    */
-   cycle(c);
-   shafunc(c, INITKONST + (c->nbuf << 24));
-   c->nbuf = 0;
-
-   /* now add the CRC to the MAC like input material */
-   for (i = 0; i < NMAC; ++i) {
-      cycle(c);
-      crcfunc(c, 0);
-      shafunc(c, c->CRC[7]);
-   }
-
-   /* continue that process, producing output from the MAC buffer */
-   while (nbytes > 0) {
-      cycle(c);
-      crcfunc(c, 0);
-      shafunc(c, c->CRC[7]);
-      if (nbytes >= 4) {
-         WORD2BYTE(A, buf);
-         nbytes -= 4;
-         buf += 4;
-      } else {
-         for (i = 0; i < nbytes; ++i)
-            buf[i] = Byte(A, i);
-         break;
-      }
-   }
-
-   return CRYPT_OK;
-}
-
-#endif
-
-/* $Source$ */
-/* $Revision$ */
-/* $Date$ */

src/encauth/nls/nlsmultab.inc

@@ -1,68 +0,0 @@
-/* Id: nlsmultab.h 333 2005-04-13 05:35:54Z mwp  */
-/* Multiplication table for Mundja using 0xD02B4367 */
-static const ulong32 Multab[256] = {
-    0x00000000, 0xD02B4367, 0xED5686CE, 0x3D7DC5A9,
-    0x97AC41D1, 0x478702B6, 0x7AFAC71F, 0xAAD18478,
-    0x631582EF, 0xB33EC188, 0x8E430421, 0x5E684746,
-    0xF4B9C33E, 0x24928059, 0x19EF45F0, 0xC9C40697,
-    0xC62A4993, 0x16010AF4, 0x2B7CCF5D, 0xFB578C3A,
-    0x51860842, 0x81AD4B25, 0xBCD08E8C, 0x6CFBCDEB,
-    0xA53FCB7C, 0x7514881B, 0x48694DB2, 0x98420ED5,
-    0x32938AAD, 0xE2B8C9CA, 0xDFC50C63, 0x0FEE4F04,
-    0xC154926B, 0x117FD10C, 0x2C0214A5, 0xFC2957C2,
-    0x56F8D3BA, 0x86D390DD, 0xBBAE5574, 0x6B851613,
-    0xA2411084, 0x726A53E3, 0x4F17964A, 0x9F3CD52D,
-    0x35ED5155, 0xE5C61232, 0xD8BBD79B, 0x089094FC,
-    0x077EDBF8, 0xD755989F, 0xEA285D36, 0x3A031E51,
-    0x90D29A29, 0x40F9D94E, 0x7D841CE7, 0xADAF5F80,
-    0x646B5917, 0xB4401A70, 0x893DDFD9, 0x59169CBE,
-    0xF3C718C6, 0x23EC5BA1, 0x1E919E08, 0xCEBADD6F,
-    0xCFA869D6, 0x1F832AB1, 0x22FEEF18, 0xF2D5AC7F,
-    0x58042807, 0x882F6B60, 0xB552AEC9, 0x6579EDAE,
-    0xACBDEB39, 0x7C96A85E, 0x41EB6DF7, 0x91C02E90,
-    0x3B11AAE8, 0xEB3AE98F, 0xD6472C26, 0x066C6F41,
-    0x09822045, 0xD9A96322, 0xE4D4A68B, 0x34FFE5EC,
-    0x9E2E6194, 0x4E0522F3, 0x7378E75A, 0xA353A43D,
-    0x6A97A2AA, 0xBABCE1CD, 0x87C12464, 0x57EA6703,
-    0xFD3BE37B, 0x2D10A01C, 0x106D65B5, 0xC04626D2,
-    0x0EFCFBBD, 0xDED7B8DA, 0xE3AA7D73, 0x33813E14,
-    0x9950BA6C, 0x497BF90B, 0x74063CA2, 0xA42D7FC5,
-    0x6DE97952, 0xBDC23A35, 0x80BFFF9C, 0x5094BCFB,
-    0xFA453883, 0x2A6E7BE4, 0x1713BE4D, 0xC738FD2A,
-    0xC8D6B22E, 0x18FDF149, 0x258034E0, 0xF5AB7787,
-    0x5F7AF3FF, 0x8F51B098, 0xB22C7531, 0x62073656,
-    0xABC330C1, 0x7BE873A6, 0x4695B60F, 0x96BEF568,
-    0x3C6F7110, 0xEC443277, 0xD139F7DE, 0x0112B4B9,
-    0xD31DD2E1, 0x03369186, 0x3E4B542F, 0xEE601748,
-    0x44B19330, 0x949AD057, 0xA9E715FE, 0x79CC5699,
-    0xB008500E, 0x60231369, 0x5D5ED6C0, 0x8D7595A7,
-    0x27A411DF, 0xF78F52B8, 0xCAF29711, 0x1AD9D476,
-    0x15379B72, 0xC51CD815, 0xF8611DBC, 0x284A5EDB,
-    0x829BDAA3, 0x52B099C4, 0x6FCD5C6D, 0xBFE61F0A,
-    0x7622199D, 0xA6095AFA, 0x9B749F53, 0x4B5FDC34,
-    0xE18E584C, 0x31A51B2B, 0x0CD8DE82, 0xDCF39DE5,
-    0x1249408A, 0xC26203ED, 0xFF1FC644, 0x2F348523,
-    0x85E5015B, 0x55CE423C, 0x68B38795, 0xB898C4F2,
-    0x715CC265, 0xA1778102, 0x9C0A44AB, 0x4C2107CC,
-    0xE6F083B4, 0x36DBC0D3, 0x0BA6057A, 0xDB8D461D,
-    0xD4630919, 0x04484A7E, 0x39358FD7, 0xE91ECCB0,
-    0x43CF48C8, 0x93E40BAF, 0xAE99CE06, 0x7EB28D61,
-    0xB7768BF6, 0x675DC891, 0x5A200D38, 0x8A0B4E5F,
-    0x20DACA27, 0xF0F18940, 0xCD8C4CE9, 0x1DA70F8E,
-    0x1CB5BB37, 0xCC9EF850, 0xF1E33DF9, 0x21C87E9E,
-    0x8B19FAE6, 0x5B32B981, 0x664F7C28, 0xB6643F4F,
-    0x7FA039D8, 0xAF8B7ABF, 0x92F6BF16, 0x42DDFC71,
-    0xE80C7809, 0x38273B6E, 0x055AFEC7, 0xD571BDA0,
-    0xDA9FF2A4, 0x0AB4B1C3, 0x37C9746A, 0xE7E2370D,
-    0x4D33B375, 0x9D18F012, 0xA06535BB, 0x704E76DC,
-    0xB98A704B, 0x69A1332C, 0x54DCF685, 0x84F7B5E2,
-    0x2E26319A, 0xFE0D72FD, 0xC370B754, 0x135BF433,
-    0xDDE1295C, 0x0DCA6A3B, 0x30B7AF92, 0xE09CECF5,
-    0x4A4D688D, 0x9A662BEA, 0xA71BEE43, 0x7730AD24,
-    0xBEF4ABB3, 0x6EDFE8D4, 0x53A22D7D, 0x83896E1A,
-    0x2958EA62, 0xF973A905, 0xC40E6CAC, 0x14252FCB,
-    0x1BCB60CF, 0xCBE023A8, 0xF69DE601, 0x26B6A566,
-    0x8C67211E, 0x5C4C6279, 0x6131A7D0, 0xB11AE4B7,
-    0x78DEE220, 0xA8F5A147, 0x958864EE, 0x45A32789,
-    0xEF72A3F1, 0x3F59E096, 0x0224253F, 0xD20F6658,
-};

src/encauth/nls/nlssbox.inc

@@ -1,84 +0,0 @@
-/* Id: nlssbox.h 333 2005-04-13 05:35:54Z mwp  */
-/* Sbox for NLS */
-/*
- * This is really the combination of two SBoxes; the least significant
- * 24 bits comes from:
- * 8->32 Sbox generated by Millan et. al. at Queensland University of
- * Technology. See: E. Dawson, W. Millan, L. Burnett, G. Carter,
- * "On the Design of 8*32 S-boxes". Unpublished report, by the
- * Information Systems Research Centre,
- * Queensland University of Technology, 1999.
- * 
- * The most significant 8 bits are the Skipjack "F table", which can be
- * found at http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf .
- * In this optimised table, though, the intent is to XOR the word from
- * the table selected by the high byte with the input word. Thus, the
- * high byte is actually the Skipjack F-table entry XORED with its
- * table index.
- */
-static const ulong32 Sbox[256] = {
-    0xa3aa1887, 0xd65e435c, 0x0b65c042, 0x800e6ef4,
-    0xfc57ee20, 0x4d84fed3, 0xf066c502, 0xf354e8ae,
-    0xbb2ee9d9, 0x281f38d4, 0x1f829b5d, 0x735cdf3c,
-    0x95864249, 0xbc2e3963, 0xa1f4429f, 0xf6432c35,
-    0xf7f40325, 0x3cc0dd70, 0x5f973ded, 0x9902dc5e,
-    0xda175b42, 0x590012bf, 0xdc94d78c, 0x39aab26b,
-    0x4ac11b9a, 0x8c168146, 0xc3ea8ec5, 0x058ac28f,
-    0x52ed5c0f, 0x25b4101c, 0x5a2db082, 0x370929e1,
-    0x2a1843de, 0xfe8299fc, 0x202fbc4b, 0x833915dd,
-    0x33a803fa, 0xd446b2de, 0x46233342, 0x4fcee7c3,
-    0x3ad607ef, 0x9e97ebab, 0x507f859b, 0xe81f2e2f,
-    0xc55b71da, 0xd7e2269a, 0x1339c3d1, 0x7ca56b36,
-    0xa6c9def2, 0xb5c9fc5f, 0x5927b3a3, 0x89a56ddf,
-    0xc625b510, 0x560f85a7, 0xace82e71, 0x2ecb8816,
-    0x44951e2a, 0x97f5f6af, 0xdfcbc2b3, 0xce4ff55d,
-    0xcb6b6214, 0x2b0b83e3, 0x549ea6f5, 0x9de041af,
-    0x792f1f17, 0xf73b99ee, 0x39a65ec0, 0x4c7016c6,
-    0x857709a4, 0xd6326e01, 0xc7b280d9, 0x5cfb1418,
-    0xa6aff227, 0xfd548203, 0x506b9d96, 0xa117a8c0,
-    0x9cd5bf6e, 0xdcee7888, 0x61fcfe64, 0xf7a193cd,
-    0x050d0184, 0xe8ae4930, 0x88014f36, 0xd6a87088,
-    0x6bad6c2a, 0x1422c678, 0xe9204de7, 0xb7c2e759,
-    0x0200248e, 0x013b446b, 0xda0d9fc2, 0x0414a895,
-    0x3a6cc3a1, 0x56fef170, 0x86c19155, 0xcf7b8a66,
-    0x551b5e69, 0xb4a8623e, 0xa2bdfa35, 0xc4f068cc,
-    0x573a6acd, 0x6355e936, 0x03602db9, 0x0edf13c1,
-    0x2d0bb16d, 0x6980b83c, 0xfeb23763, 0x3dd8a911,
-    0x01b6bc13, 0xf55579d7, 0xf55c2fa8, 0x19f4196e,
-    0xe7db5476, 0x8d64a866, 0xc06e16ad, 0xb17fc515,
-    0xc46feb3c, 0x8bc8a306, 0xad6799d9, 0x571a9133,
-    0x992466dd, 0x92eb5dcd, 0xac118f50, 0x9fafb226,
-    0xa1b9cef3, 0x3ab36189, 0x347a19b1, 0x62c73084,
-    0xc27ded5c, 0x6c8bc58f, 0x1cdde421, 0xed1e47fb,
-    0xcdcc715e, 0xb9c0ff99, 0x4b122f0f, 0xc4d25184,
-    0xaf7a5e6c, 0x5bbf18bc, 0x8dd7c6e0, 0x5fb7e420,
-    0x521f523f, 0x4ad9b8a2, 0xe9da1a6b, 0x97888c02,
-    0x19d1e354, 0x5aba7d79, 0xa2cc7753, 0x8c2d9655,
-    0x19829da1, 0x531590a7, 0x19c1c149, 0x3d537f1c,
-    0x50779b69, 0xed71f2b7, 0x463c58fa, 0x52dc4418,
-    0xc18c8c76, 0xc120d9f0, 0xafa80d4d, 0x3b74c473,
-    0xd09410e9, 0x290e4211, 0xc3c8082b, 0x8f6b334a,
-    0x3bf68ed2, 0xa843cc1b, 0x8d3c0ff3, 0x20e564a0,
-    0xf8f55a4f, 0x2b40f8e7, 0xfea7f15f, 0xcf00fe21,
-    0x8a6d37d6, 0xd0d506f1, 0xade00973, 0xefbbde36,
-    0x84670fa8, 0xfa31ab9e, 0xaedab618, 0xc01f52f5,
-    0x6558eb4f, 0x71b9e343, 0x4b8d77dd, 0x8cb93da6,
-    0x740fd52d, 0x425412f8, 0xc5a63360, 0x10e53ad0,
-    0x5a700f1c, 0x8324ed0b, 0xe53dc1ec, 0x1a366795,
-    0x6d549d15, 0xc5ce46d7, 0xe17abe76, 0x5f48e0a0,
-    0xd0f07c02, 0x941249b7, 0xe49ed6ba, 0x37a47f78,
-    0xe1cfffbd, 0xb007ca84, 0xbb65f4da, 0xb59f35da,
-    0x33d2aa44, 0x417452ac, 0xc0d674a7, 0x2d61a46a,
-    0xdc63152a, 0x3e12b7aa, 0x6e615927, 0xa14fb118,
-    0xa151758d, 0xba81687b, 0xe152f0b3, 0x764254ed,
-    0x34c77271, 0x0a31acab, 0x54f94aec, 0xb9e994cd,
-    0x574d9e81, 0x5b623730, 0xce8a21e8, 0x37917f0b,
-    0xe8a9b5d6, 0x9697adf8, 0xf3d30431, 0x5dcac921,
-    0x76b35d46, 0xaa430a36, 0xc2194022, 0x22bca65e,
-    0xdaec70ba, 0xdfaea8cc, 0x777bae8b, 0x242924d5,
-    0x1f098a5a, 0x4b396b81, 0x55de2522, 0x435c1cb8,
-    0xaeb8fe1d, 0x9db3c697, 0x5b164f83, 0xe0c16376,
-    0xa319224c, 0xd0203b35, 0x433ac0fe, 0x1466a19a,
-    0x45f0b24f, 0x51fda998, 0xc0d52d71, 0xfa0896a8,
-    0xf9e6053f, 0xa4b0d300, 0xd499cbcc, 0xb95e3d40,
-};

src/headers/tomcrypt.h

@@ -16,8 +16,8 @@ extern "C" {
 #endif
 
 /* version */
-#define CRYPT   0x0109
-#define SCRYPT  "1.09"
+#define CRYPT   0x0110
+#define SCRYPT  "1.10"
 
 /* max size of either a cipher/hash block or symmetric key [largest of the two] */
 #define MAXBLOCKSIZE  128

src/headers/tomcrypt_custom.h

@@ -192,8 +192,6 @@
 #define OCB_MODE
 #define CCM_MODE
 #define GCM_MODE
-/* disabled waiting on test vectors */
-/* #define NLS_MODE */
 
 /* Use 64KiB tables */
 #ifndef LTC_NO_TABLES

src/headers/tomcrypt_mac.h

@@ -216,6 +216,12 @@ int ccm_test(void);
 void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
 #endif
 
+
+/* table shared between GCM and LRW */
+#if defined(GCM_TABLES) || defined(LRW_TABLES) || ((defined(GCM_MODE) || defined(GCM_MODE)) && defined(LTC_FAST))
+extern const unsigned char gcm_shift_table[];
+#endif
+
 #ifdef GCM_MODE
 
 #define GCM_ENCRYPT 0
@@ -300,48 +306,6 @@ int pelican_memory(const unsigned char *key, unsigned long keylen,
 
 #endif
 
-#ifdef NLS_MODE
-
-#define NLS_ENCRYPT 0
-#define NLS_DECRYPT 1
-
-typedef struct {
-    ulong32	R[17];		/* Working storage for the shift register */
-    ulong32	M[8];	/* Working storage for MAC accumulation */
-    ulong32	CRC[8];	/* Working storage for CRC accumulation */
-    ulong32	initR[17];	/* saved register contents */ 
-    ulong32	konst;		/* key dependent constant */
-    ulong32	sbuf;		/* partial ulong32 encryption buffer */
-    ulong32	mbuf;		/* partial ulong32 MAC buffer */
-    int		nbuf;		/* number of part-ulong32 stream bits buffered */
-    ulong32	CtrModF16;	/* Multiprecision counter, modulo F16 */
-    ulong32	CtrMod232;	/* Multiprecision counter, LSW */
-} nls_state;
-
-/* interface definitions */
-int nls_key(nls_state *c,     const unsigned char *key,   unsigned long keylen);   /* set key */
-int nls_nonce(nls_state *c,   const unsigned char *nonce, unsigned long noncelen); /* set IV */
-int nls_maconly(nls_state *c, const unsigned char *buf,   unsigned long nbytes);   /* accumulate MAC */
-int nls_encrypt(nls_state * c, 
-                const unsigned char *pt, unsigned long nbytes,
-                      unsigned char *ct);                                          /* enc+MAC */
-int nls_decrypt(nls_state * c, 
-                const unsigned char *ct, unsigned long nbytes,
-                      unsigned char *pt);                                          /* dec+MAC */
-int nls_finish(nls_state *c,  unsigned char *buf, unsigned long nbytes);           /* finalize MAC */
-
-int nls_memory(const unsigned char *key,    unsigned long keylen,
-               const unsigned char *IV,     unsigned long IVlen,
-               const unsigned char *adata,  unsigned long adatalen,
-                     unsigned char *pt,     unsigned long ptlen,
-                     unsigned char *ct, 
-                     unsigned char *tag,    unsigned long taglen,
-                               int direction);
-
-
-#endif
-
-
 /* $Source$ */
 /* $Revision$ */
 /* $Date$ */

src/misc/crypt/crypt_cipher_descriptor.c

@@ -16,7 +16,7 @@
 */
 
 struct ltc_cipher_descriptor cipher_descriptor[TAB_SIZE] = {
-{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
+{ NULL, 0, 0, 0, 0, 0, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }
  };
 
 LTC_MUTEX_GLOBAL(ltc_cipher_mutex)

src/modes/lrw/lrw_process.c

@@ -55,7 +55,7 @@ int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, i
       }
 
       /* update pad */
-#ifdef LRW_2TABLES
+#ifdef LRW_TABLES
       /* for each byte changed we undo it's affect on the pad then add the new product */
       for (; x < 16; x++) {
 #ifdef LTC_FAST

src/modes/lrw/lrw_start.c

@@ -17,46 +17,6 @@
 
 #ifdef LRW_MODE
 
-#ifdef LRW_TABLES
-
-/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format.  Since only the 
- * lower 16 bits are not zero'ed I removed the upper 14 bytes */
-static const unsigned char gcm_shift_table[256*2] = {
-0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
-0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
-0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
-0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
-0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
-0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
-0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
-0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
-0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
-0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
-0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
-0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
-0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
-0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
-0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
-0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
-0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
-0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
-0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
-0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
-0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
-0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
-0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
-0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
-0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
-0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
-0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
-0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
-0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
-0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
-0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
-0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
-
-#endif
-
 /**
   Initialize the LRW context
   @param cipher        The cipher desired, must be a 128-bit block cipher 

src/pk/rsa/rsa_import.c

@@ -38,7 +38,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
    LTC_ARGCHK(ltc_mp.name != NULL);
 
    /* init key */
-   if ((err = mp_init_multi(&zero, &key->e, &key->d, &key->N, &key->dQ, 
+   if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, 
                             &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
       return err;
    }
@@ -95,6 +95,9 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
    }
 
    if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) {
+      if ((err = mp_init(&zero)) != CRYPT_OK) { 
+         goto LBL_ERR;
+      }
       /* it's a private key */
       if ((err = der_decode_sequence_multi(in, inlen, 
                           LTC_ASN1_INTEGER, 1UL, zero, 
@@ -107,8 +110,10 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
                           LTC_ASN1_INTEGER, 1UL, key->dQ, 
                           LTC_ASN1_INTEGER, 1UL, key->qP, 
                           LTC_ASN1_EOL,     0UL, NULL)) != CRYPT_OK) {
+         mp_clear(zero);
          goto LBL_ERR;
       }
+      mp_clear(zero);
       key->type = PK_PRIVATE;
    } else if (mp_cmp_d(key->N, 1) == LTC_MP_EQ) {
       /* we don't support multi-prime RSA */
@@ -126,7 +131,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
    }
    return CRYPT_OK;
 LBL_ERR:
-   mp_clear_multi(zero,    key->d, key->e, key->N, key->dQ, key->dP,
+   mp_clear_multi(key->d,  key->e, key->N, key->dQ, key->dP,
                   key->qP, key->p, key->q, NULL);
    return err;
 }

testprof/x86_prof.c

@@ -330,6 +330,7 @@ int time_cipher(void)
         c2 = (t2 > c2 ? c2 : t2);
     }
     a2 = c2 - c1 - skew;
+    ecb_done(&ecb);
     
     results[no_results].id = x;
     results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length);
@@ -401,6 +402,7 @@ int time_cipher2(void)
         c2 = (t2 > c2 ? c2 : t2);
     }
     a2 = c2 - c1 - skew;
+    cbc_done(&cbc);
     
     results[no_results].id = x;
     results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length);
@@ -475,6 +477,7 @@ int time_cipher3(void)
         c2 = (t2 > c2 ? c2 : t2);
     }
     a2 = c2 - c1 - skew;
+    ctr_done(&ctr);
     
     results[no_results].id = x;
     results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length);
@@ -494,6 +497,84 @@ int time_cipher3(void)
 int time_cipher3(void) { fprintf(stderr, "NO CTR\n"); return 0; }
 #endif
 
+#ifdef LRW_MODE
+int time_cipher4(void)
+{
+  unsigned long x, y1;
+  ulong64  t1, t2, c1, c2, a1, a2;
+  symmetric_LRW lrw;
+  unsigned char key[MAXBLOCKSIZE], pt[4096];
+  int err;
+
+  fprintf(stderr, "\n\nLRW Time Trials for the Symmetric Ciphers:\n");
+  no_results = 0;
+  for (x = 0; cipher_descriptor[x].name != NULL; x++) {
+    if (cipher_descriptor[x].block_length != 16) continue;
+    lrw_start(x, pt, key, cipher_descriptor[x].min_key_length, key, 0, &lrw);
+
+    /* sanity check on cipher */
+    if ((err = cipher_descriptor[x].test()) != CRYPT_OK) {
+       fprintf(stderr, "\n\nERROR: Cipher %s failed self-test %s\n", cipher_descriptor[x].name, error_to_string(err));
+       exit(EXIT_FAILURE);
+    }
+
+#define DO1   lrw_encrypt(pt, pt, sizeof(pt), &lrw);
+#define DO2   DO1 DO1
+
+    c1 = c2 = (ulong64)-1;
+    for (y1 = 0; y1 < 100; y1++) {
+        t_start();
+        DO1;
+        t1 = t_read();
+        DO2;
+        t2 = t_read();
+        t2 -= t1;
+
+        c1 = (t1 > c1 ? c1 : t1);
+        c2 = (t2 > c2 ? c2 : t2);
+    }
+    a1 = c2 - c1 - skew;
+
+#undef DO1
+#undef DO2
+#define DO1   lrw_decrypt(pt, pt, sizeof(pt), &lrw);
+#define DO2   DO1 DO1
+
+    c1 = c2 = (ulong64)-1;
+    for (y1 = 0; y1 < 100; y1++) {
+        t_start();
+        DO1;
+        t1 = t_read();
+        DO2;
+        t2 = t_read();
+        t2 -= t1;
+
+        c1 = (t1 > c1 ? c1 : t1);
+        c2 = (t2 > c2 ? c2 : t2);
+    }
+    a2 = c2 - c1 - skew;
+
+    lrw_done(&lrw);
+    
+    results[no_results].id = x;
+    results[no_results].spd1 = a1/(sizeof(pt)/cipher_descriptor[x].block_length);
+    results[no_results].spd2 = a2/(sizeof(pt)/cipher_descriptor[x].block_length);
+    results[no_results].avg = (results[no_results].spd1 + results[no_results].spd2+1)/2;
+    ++no_results;
+    fprintf(stderr, "."); fflush(stdout);
+    
+#undef DO2
+#undef DO1
+   }
+   tally_results(1);
+
+   return 0;
+}
+#else
+int time_cipher4(void) { fprintf(stderr, "NO LRW\n"); return 0; }
+#endif
+
+
 int time_hash(void)
 {
   unsigned long x, y1, len;