added libtomcrypt-1.09

Doxyfile

@@ -23,7 +23,7 @@ PROJECT_NAME           = LibTomCrypt
 # This could be handy for archiving the generated documentation or 
 # if some version control system is used.
 
-PROJECT_NUMBER         = 1.08
+PROJECT_NUMBER         = 1.09
 
 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) 
 # base path where the generated documentation will be put. 

TODO

@@ -1 +0,0 @@
-

changes

@@ -1,3 +1,14 @@
+January 26th, 2006
+v1.09 -- Added missing doxygen comments to some of the ASN.1 routines
+      -- Added "easy button" define LTC_EASY and LTC will build with a subset of all the algos.  Reduces build times for typical
+         configurations.  Tunable [see tomcrypt_custom.h]
+      -- Added some error detection to reg_algs() of the testprof.a library to detect when the PRNG is not setup correctly (took me 10 mins to figure out, PITA!)
+      -- Similar fixes to timing demo (MD5 not defined when EASY is defined)
+      -- Added the NLS enc+mac stream cipher from QUALCOMM, disabled for this release, waiting on test vectors
+      -- Finally added an auto-update script for the makefiles.  So when I add new files/dirs it can automatically fix up the makefiles [all four of them...]
+      -- Added LRW to the list of cipher modes supported
+      -- cleaned up ciphers definitions to remove cbc/cfb/ofb/ctr/etc from the namespace when not used.
+
 November 24th, 2005
 v1.08 -- Added SET and SET OF support to the ASN.1 side
       -- Fixed up X macros, added QSORT to the mix [thanks SET/SETOF]
@@ -1394,6 +1405,6 @@ v0.02  -- Changed RC5 to only allow 12 to 24 rounds
 v0.01  -- We will call this the first version.
 
 /* $Source: /cvs/libtom/libtomcrypt/changes,v $ */
-/* $Revision: 1.161 $ */
-/* $Date: 2005/11/24 03:30:18 $ */
+/* $Revision: 1.168 $ */
+/* $Date: 2006/01/26 18:15:51 $ */
 

crypt.tex

@@ -47,7 +47,7 @@
 \def\gap{\vspace{0.5ex}}
 \makeindex
 \begin{document}
-\title{LibTomCrypt \\ Version 1.08}
+\title{LibTomCrypt \\ Version 1.09}
 \author{Tom St Denis \\
 \\
 [email protected] \\
@@ -520,6 +520,18 @@ struct _cipher_descriptor {
                                    unsigned char *ct, 
                                    unsigned long blocks, unsigned char *IV, 
                                    int mode, symmetric_key *skey);
+   int (*accel_lrw_encrypt)(const unsigned char *pt, 
+                                  unsigned char *ct, 
+                                  unsigned long blocks, 
+                                  unsigned char *IV, 
+                            const unsigned char *tweak, 
+                                  symmetric_key *skey);
+   int (*accel_lrw_decrypt)(const unsigned char *ct, 
+                                  unsigned char *pt, 
+                                  unsigned long blocks, 
+                                  unsigned char *IV, 
+                            const unsigned char *tweak, 
+                                  symmetric_key *skey);
    int (*accel_ccm_memory)(
        const unsigned char *key,    unsigned long keylen,
        symmetric_key       *uskey,
@@ -938,6 +950,61 @@ int main(void)
 \end{verbatim}
 \end{small}
 
+\subsection{LRW Mode}
+
+LRW mode is a cipher mode which is meant for indexed encryption like used to handle storage media.  It is meant to have efficient seeking and overcome the 
+security problems of ECB mode while not increasing the storage requirements.  It is used much like any other chaining mode except with two key differences.
+
+The key is specified as two strings the first key $K_1$ is the (normally AES) key and can be any length (typically 16, 24 or 32 octets long).  The second key 
+$K_2$ is the ``tweak'' key and is always 16 octets long.  The tweak value is \textbf{NOT} a nonce or IV value it must be random and secret.  
+
+To initialize LRW mode use:
+
+\index{lrw\_start()}
+\begin{verbatim}
+int lrw_start(               int   cipher,
+              const unsigned char *IV,
+              const unsigned char *key,       int keylen,
+              const unsigned char *tweak,
+                             int  num_rounds, 
+                   symmetric_LRW *lrw);
+\end{verbatim}
+
+This will initialize the LRW context with the given (16 octet) ``IV'', cipher $K_1$ ``key'' of length ``keylen'' octets and the (16 octet) $K_2$ ``tweak''.  
+While LRW was specified to be used only with AES, LibTomCrypt will allow any 128--bit block cipher to be specified as indexed by ``cipher''.  The
+number of rounds for the block cipher ``num\_rounds'' can be 0 to use the default number of rounds for the given cipher.
+
+To process data use the following functions:
+
+\index{lrw\_encrypt()} \index{lrw\_decrypt()}
+\begin{verbatim}
+int lrw_encrypt(const unsigned char *pt, unsigned char *ct, 
+                      unsigned long len, symmetric_LRW *lrw);
+int lrw_decrypt(const unsigned char *ct, unsigned char *pt, 
+                      unsigned long len, symmetric_LRW *lrw);
+\end{verbatim}
+
+These will encrypt (or decrypt) the plaintext to the ciphertext buffer (or vice versa).  The length is specified by ``len'' in octets but must be a multiple
+of 16.
+
+To manipulate the IV use the following functions:
+
+\index{lrw\_getiv()} \index{lrw\_setiv()} 
+\begin{verbatim}
+int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw);
+int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw);
+\end{verbatim}
+
+These will get or set the 16--octet IV.  Note that setting the IV is the same as ``seeking'' and unlike other modes is not a free operation.  It requires
+updating the entire tweak which is slower than sequential use.  Avoid seeking excessively in performance constrained code.
+
+To terminate the LRW state use the following:
+
+\index{lrw\_done()}
+\begin{verbatim}
+int lrw_done(symmetric_LRW *lrw);
+\end{verbatim}
+
 \section{Encrypt and Authenticate Modes}
 
 \subsection{EAX Mode}
@@ -4306,6 +4373,32 @@ struct ltc_cipher_descriptor {
                                   unsigned long blocks, unsigned char *IV, 
                                   int mode, symmetric_key *skey);
 
+   /** Accelerated LRW 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param IV      The initial value (input/output)
+       @param tweak   The LRW tweak
+       @param skey    The scheduled key context
+       @return CRYPT_OK if successful
+   */
+   int (*accel_lrw_encrypt)(const unsigned char *pt,    unsigned char *ct, 
+                                  unsigned long blocks, unsigned char *IV, 
+                            const unsigned char *tweak, symmetric_key *skey);
+
+   /** Accelerated LRW 
+       @param ct      Ciphertext
+       @param pt      Plaintext
+       @param blocks  The number of complete blocks to process
+       @param IV      The initial value (input/output)
+       @param tweak   The LRW tweak
+       @param skey    The scheduled key context
+       @return CRYPT_OK if successful
+   */
+   int (*accel_lrw_decrypt)(const unsigned char *ct,    unsigned char *pt, 
+                                  unsigned long blocks, unsigned char *IV, 
+                            const unsigned char *tweak, symmetric_key *skey);
+
    /** Accelerated CCM packet (one-shot)
        @param key        The secret key to use
        @param keylen     The length of the secret key (octets)
@@ -4432,6 +4525,18 @@ buffer provided) before encrypting it to create the pad.
 
 The accelerator will only be used to encrypt whole blocks.  Partial blocks are always handled in software.
 
+\subsubsection{Accelerated LRW}
+These functions are meant for accelerated LRW.  They process blocks of input in lengths of multiples of 16 octets.  They must accept the ``IV'' and ``tweak''
+state variables and updated them prior to returning.  Note that you may want to disable \textbf{LRW\_TABLES} in ``tomcrypt\_custom.h'' if you intend
+to use accelerators for LRW.
+
+While both encrypt and decrypt accelerators are not required it is suggested as it makes lrw\_setiv() more efficient.
+
+Note that calling lrw\_done() will only invoke the cipher\_descriptor[].done() function on the ``symmetric\_key'' parameter of the LRW state.  That means 
+if your device requires any (LRW specific) resources you should free them in your ciphers() done function.  The simplest way to think of it is to write
+the plugin solely to do LRW with the cipher.  That way cipher\_descriptor[].setup() means to init LRW resources and cipher\_descriptor[].done() means to
+free them.
+
 \subsubsection{Accelerated CCM}
 This function is meant for accelerated CCM encryption or decryption.  It processes the entire packet in one call.  You can optimize the work flow somewhat
 by allowing the caller to call the setup() function first to schedule the key if your accelerator cannot do the key schedule on the fly (for instance).  This 
@@ -5076,5 +5181,5 @@ Since the function is given the entire RSA key (for private keys only) CRT is po
 \end{document}
 
 % $Source: /cvs/libtom/libtomcrypt/crypt.tex,v $   
-% $Revision: 1.59 $   
-% $Date: 2005/11/24 01:53:18 $ 
+% $Revision: 1.62 $   
+% $Date: 2006/01/26 18:29:02 $ 

filter.pl

@@ -0,0 +1,30 @@
+#!/usr/bin/perl
+
+# we want to filter every between START_INS and END_INS out and then insert crap from another file (this is fun)
+
+$dst = shift;
+$ins = shift;
+
+open(SRC,"<$dst");
+open(INS,"<$ins");
+open(TMP,">tmp.delme");
+
+$l = 0;
+while (<SRC>) {
+   if ($_ =~ /START_INS/) {
+      print TMP $_;
+      $l = 1;
+      while (<INS>) {
+         print TMP $_;
+      }
+      close INS;
+   } elsif ($_ =~ /END_INS/) {
+      print TMP $_;
+      $l = 0;
+   } elsif ($l == 0) {
+      print TMP $_;
+   }
+}
+
+close TMP;
+close SRC;

makefile

@@ -4,7 +4,7 @@
 # Modified by Clay Culver
 
 # The version
-VERSION=1.08
+VERSION=1.09
 
 # Compiler and Linker Names
 #CC=gcc
@@ -111,8 +111,9 @@ src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/en
 src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
 src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
 src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
-src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o \
-src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
+src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
+src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
+src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
 src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
 src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
@@ -150,14 +151,16 @@ src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
 src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
 src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
 src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
-src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
-src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
-src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
-src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
-src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
-src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
-src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
-src/pk/asn1/der/integer/der_length_integer.o \
+src/modes/ecb/ecb_start.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
+src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
+src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
+src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
+src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
+src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
 src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
@@ -200,6 +203,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt
 src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
 src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
 src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+
 #END_INS
 
 TESTOBJECTS=demos/test.o
@@ -361,5 +365,5 @@ zipup: no_oops docs
 
 
 # $Source: /cvs/libtom/libtomcrypt/makefile,v $ 
-# $Revision: 1.108 $ 
-# $Date: 2005/11/23 02:34:57 $ 
+# $Revision: 1.114 $ 
+# $Date: 2006/01/26 06:12:31 $ 

makefile.icc

@@ -98,8 +98,9 @@ src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/en
 src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
 src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
 src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
-src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o \
-src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
+src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
+src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
+src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
 src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
 src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
@@ -137,14 +138,16 @@ src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
 src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
 src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
 src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
-src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
-src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
-src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
-src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
-src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
-src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
-src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
-src/pk/asn1/der/integer/der_length_integer.o \
+src/modes/ecb/ecb_start.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
+src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
+src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
+src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
+src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
+src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
 src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
@@ -187,6 +190,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt
 src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
 src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
 src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+
 #END_INS
 
 #Who do we install as?
@@ -266,6 +270,6 @@ install: library
 	install -g $(GROUP) -o $(USER) $(HEADERS) $(DESTDIR)$(INCPATH)
 
 # $Source: /cvs/libtom/libtomcrypt/makefile.icc,v $   
-# $Revision: 1.45 $   
-# $Date: 2005/11/23 02:34:57 $ 
+# $Revision: 1.49 $   
+# $Date: 2006/01/26 06:12:31 $ 
 

makefile.msvc

@@ -13,8 +13,9 @@ src/encauth/eax/eax_decrypt.obj src/encauth/eax/eax_decrypt_verify_memory.obj sr
 src/encauth/eax/eax_encrypt.obj src/encauth/eax/eax_encrypt_authenticate_memory.obj \
 src/encauth/eax/eax_init.obj src/encauth/eax/eax_test.obj src/encauth/gcm/gcm_add_aad.obj \
 src/encauth/gcm/gcm_add_iv.obj src/encauth/gcm/gcm_done.obj src/encauth/gcm/gcm_gf_mult.obj \
-src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_process.obj \
-src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj src/encauth/ocb/ocb_decrypt.obj \
+src/encauth/gcm/gcm_init.obj src/encauth/gcm/gcm_memory.obj src/encauth/gcm/gcm_mult_h.obj \
+src/encauth/gcm/gcm_process.obj src/encauth/gcm/gcm_reset.obj src/encauth/gcm/gcm_test.obj \
+src/encauth/nls/nls_memory.obj src/encauth/nls/nlsfast.obj src/encauth/ocb/ocb_decrypt.obj \
 src/encauth/ocb/ocb_decrypt_verify_memory.obj src/encauth/ocb/ocb_done_decrypt.obj \
 src/encauth/ocb/ocb_done_encrypt.obj src/encauth/ocb/ocb_encrypt.obj \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.obj src/encauth/ocb/ocb_init.obj src/encauth/ocb/ocb_ntz.obj \
@@ -52,14 +53,16 @@ src/modes/cfb/cfb_getiv.obj src/modes/cfb/cfb_setiv.obj src/modes/cfb/cfb_start.
 src/modes/ctr/ctr_decrypt.obj src/modes/ctr/ctr_done.obj src/modes/ctr/ctr_encrypt.obj \
 src/modes/ctr/ctr_getiv.obj src/modes/ctr/ctr_setiv.obj src/modes/ctr/ctr_start.obj \
 src/modes/ecb/ecb_decrypt.obj src/modes/ecb/ecb_done.obj src/modes/ecb/ecb_encrypt.obj \
-src/modes/ecb/ecb_start.obj src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj \
-src/modes/ofb/ofb_encrypt.obj src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj \
-src/modes/ofb/ofb_start.obj src/pk/asn1/der/bit/der_decode_bit_string.obj \
-src/pk/asn1/der/bit/der_encode_bit_string.obj src/pk/asn1/der/bit/der_length_bit_string.obj \
-src/pk/asn1/der/choice/der_decode_choice.obj src/pk/asn1/der/ia5/der_decode_ia5_string.obj \
-src/pk/asn1/der/ia5/der_encode_ia5_string.obj src/pk/asn1/der/ia5/der_length_ia5_string.obj \
-src/pk/asn1/der/integer/der_decode_integer.obj src/pk/asn1/der/integer/der_encode_integer.obj \
-src/pk/asn1/der/integer/der_length_integer.obj \
+src/modes/ecb/ecb_start.obj src/modes/lrw/lrw_decrypt.obj src/modes/lrw/lrw_done.obj \
+src/modes/lrw/lrw_encrypt.obj src/modes/lrw/lrw_getiv.obj src/modes/lrw/lrw_process.obj \
+src/modes/lrw/lrw_setiv.obj src/modes/lrw/lrw_start.obj src/modes/lrw/lrw_test.obj \
+src/modes/ofb/ofb_decrypt.obj src/modes/ofb/ofb_done.obj src/modes/ofb/ofb_encrypt.obj \
+src/modes/ofb/ofb_getiv.obj src/modes/ofb/ofb_setiv.obj src/modes/ofb/ofb_start.obj \
+src/pk/asn1/der/bit/der_decode_bit_string.obj src/pk/asn1/der/bit/der_encode_bit_string.obj \
+src/pk/asn1/der/bit/der_length_bit_string.obj src/pk/asn1/der/choice/der_decode_choice.obj \
+src/pk/asn1/der/ia5/der_decode_ia5_string.obj src/pk/asn1/der/ia5/der_encode_ia5_string.obj \
+src/pk/asn1/der/ia5/der_length_ia5_string.obj src/pk/asn1/der/integer/der_decode_integer.obj \
+src/pk/asn1/der/integer/der_encode_integer.obj src/pk/asn1/der/integer/der_length_integer.obj \
 src/pk/asn1/der/object_identifier/der_decode_object_identifier.obj \
 src/pk/asn1/der/object_identifier/der_encode_object_identifier.obj \
 src/pk/asn1/der/object_identifier/der_length_object_identifier.obj \
@@ -102,6 +105,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt
 src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
 src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
 src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+
 #END_INS
 
 default: library
@@ -129,5 +133,5 @@ timing: demos/timing.c library
 	cl $(CFLAGS) demos/timing.c testprof/tomcrypt_prof.lib tomcrypt.lib advapi32.lib $(EXTRALIBS)
 
 # $Source: /cvs/libtom/libtomcrypt/makefile.msvc,v $   
-# $Revision: 1.25 $   
-# $Date: 2005/11/23 02:34:57 $ 
+# $Revision: 1.29 $   
+# $Date: 2006/01/26 06:12:31 $ 

makefile.shared

@@ -6,7 +6,7 @@
 # Tom St Denis
 
 # The version
-VERSION=0:108
+VERSION=0:109
 
 # Compiler and Linker Names
 CC=libtool --mode=compile gcc 
@@ -105,8 +105,9 @@ src/encauth/eax/eax_decrypt.o src/encauth/eax/eax_decrypt_verify_memory.o src/en
 src/encauth/eax/eax_encrypt.o src/encauth/eax/eax_encrypt_authenticate_memory.o \
 src/encauth/eax/eax_init.o src/encauth/eax/eax_test.o src/encauth/gcm/gcm_add_aad.o \
 src/encauth/gcm/gcm_add_iv.o src/encauth/gcm/gcm_done.o src/encauth/gcm/gcm_gf_mult.o \
-src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_process.o \
-src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o src/encauth/ocb/ocb_decrypt.o \
+src/encauth/gcm/gcm_init.o src/encauth/gcm/gcm_memory.o src/encauth/gcm/gcm_mult_h.o \
+src/encauth/gcm/gcm_process.o src/encauth/gcm/gcm_reset.o src/encauth/gcm/gcm_test.o \
+src/encauth/nls/nls_memory.o src/encauth/nls/nlsfast.o src/encauth/ocb/ocb_decrypt.o \
 src/encauth/ocb/ocb_decrypt_verify_memory.o src/encauth/ocb/ocb_done_decrypt.o \
 src/encauth/ocb/ocb_done_encrypt.o src/encauth/ocb/ocb_encrypt.o \
 src/encauth/ocb/ocb_encrypt_authenticate_memory.o src/encauth/ocb/ocb_init.o src/encauth/ocb/ocb_ntz.o \
@@ -144,14 +145,16 @@ src/modes/cfb/cfb_getiv.o src/modes/cfb/cfb_setiv.o src/modes/cfb/cfb_start.o \
 src/modes/ctr/ctr_decrypt.o src/modes/ctr/ctr_done.o src/modes/ctr/ctr_encrypt.o \
 src/modes/ctr/ctr_getiv.o src/modes/ctr/ctr_setiv.o src/modes/ctr/ctr_start.o \
 src/modes/ecb/ecb_decrypt.o src/modes/ecb/ecb_done.o src/modes/ecb/ecb_encrypt.o \
-src/modes/ecb/ecb_start.o src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o \
-src/modes/ofb/ofb_encrypt.o src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o \
-src/modes/ofb/ofb_start.o src/pk/asn1/der/bit/der_decode_bit_string.o \
-src/pk/asn1/der/bit/der_encode_bit_string.o src/pk/asn1/der/bit/der_length_bit_string.o \
-src/pk/asn1/der/choice/der_decode_choice.o src/pk/asn1/der/ia5/der_decode_ia5_string.o \
-src/pk/asn1/der/ia5/der_encode_ia5_string.o src/pk/asn1/der/ia5/der_length_ia5_string.o \
-src/pk/asn1/der/integer/der_decode_integer.o src/pk/asn1/der/integer/der_encode_integer.o \
-src/pk/asn1/der/integer/der_length_integer.o \
+src/modes/ecb/ecb_start.o src/modes/lrw/lrw_decrypt.o src/modes/lrw/lrw_done.o \
+src/modes/lrw/lrw_encrypt.o src/modes/lrw/lrw_getiv.o src/modes/lrw/lrw_process.o \
+src/modes/lrw/lrw_setiv.o src/modes/lrw/lrw_start.o src/modes/lrw/lrw_test.o \
+src/modes/ofb/ofb_decrypt.o src/modes/ofb/ofb_done.o src/modes/ofb/ofb_encrypt.o \
+src/modes/ofb/ofb_getiv.o src/modes/ofb/ofb_setiv.o src/modes/ofb/ofb_start.o \
+src/pk/asn1/der/bit/der_decode_bit_string.o src/pk/asn1/der/bit/der_encode_bit_string.o \
+src/pk/asn1/der/bit/der_length_bit_string.o src/pk/asn1/der/choice/der_decode_choice.o \
+src/pk/asn1/der/ia5/der_decode_ia5_string.o src/pk/asn1/der/ia5/der_encode_ia5_string.o \
+src/pk/asn1/der/ia5/der_length_ia5_string.o src/pk/asn1/der/integer/der_decode_integer.o \
+src/pk/asn1/der/integer/der_encode_integer.o src/pk/asn1/der/integer/der_length_integer.o \
 src/pk/asn1/der/object_identifier/der_decode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_encode_object_identifier.o \
 src/pk/asn1/der/object_identifier/der_length_object_identifier.o \
@@ -194,6 +197,7 @@ src/headers/tomcrypt_custom.h src/headers/tomcrypt_argchk.h src/headers/tomcrypt
 src/headers/tomcrypt_pk.h src/headers/tomcrypt_hash.h src/headers/tomcrypt_math.h \
 src/headers/tomcrypt_misc.h src/headers/tomcrypt.h src/headers/tomcrypt_pkcs.h \
 src/headers/tomcrypt_prng.h testprof/tomcrypt_test.h
+
 #END_INS
 
 TESTOBJECTS=demos/test.o
@@ -255,5 +259,5 @@ timing: library testprof/$(LIBTEST) $(TIMINGS)
 	gcc -o $(TIMING) $(TIMINGS) -ltomcrypt_prof -ltomcrypt $(EXTRALIBS)
 
 # $Source: /cvs/libtom/libtomcrypt/makefile.shared,v $   
-# $Revision: 1.38 $   
-# $Date: 2005/11/23 02:34:57 $ 
+# $Revision: 1.43 $   
+# $Date: 2006/01/26 06:12:31 $ 

src/ciphers/aes/aes.c

@@ -49,7 +49,7 @@ const struct ltc_cipher_descriptor rijndael_desc =
     6,
     16, 32, 16, 10,
     SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 const struct ltc_cipher_descriptor aes_desc =
@@ -58,7 +58,7 @@ const struct ltc_cipher_descriptor aes_desc =
     6,
     16, 32, 16, 10,
     SETUP, ECB_ENC, ECB_DEC, ECB_TEST, ECB_DONE, ECB_KS,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 #else
@@ -74,7 +74,7 @@ const struct ltc_cipher_descriptor rijndael_enc_desc =
     6,
     16, 32, 16, 10,
     SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 const struct ltc_cipher_descriptor aes_enc_desc =
@@ -83,7 +83,7 @@ const struct ltc_cipher_descriptor aes_enc_desc =
     6,
     16, 32, 16, 10,
     SETUP, ECB_ENC, NULL, NULL, ECB_DONE, ECB_KS,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 #endif

src/ciphers/anubis.c

@@ -29,7 +29,7 @@ const struct ltc_cipher_descriptor anubis_desc = {
    &anubis_test,
    &anubis_done,
    &anubis_keysize,
-   NULL, NULL, NULL, NULL, NULL, NULL, NULL
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 #define MIN_N           4 

src/ciphers/blowfish.c

@@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor blowfish_desc =
     &blowfish_test,
     &blowfish_done,
     &blowfish_keysize,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 ORIG_P[16 + 2] = {

src/ciphers/cast5.c

@@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor cast5_desc = {
    &cast5_test,
    &cast5_done,
    &cast5_keysize,
-   NULL, NULL, NULL, NULL, NULL, NULL, NULL
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 S1[256] = {

src/ciphers/des.c

@@ -31,7 +31,7 @@ const struct ltc_cipher_descriptor des_desc =
     &des_test,
     &des_done,
     &des_keysize,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 const struct ltc_cipher_descriptor des3_desc =
@@ -45,7 +45,7 @@ const struct ltc_cipher_descriptor des3_desc =
     &des3_test,
     &des3_done,
     &des3_keysize,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 bytebit[8] =

src/ciphers/khazad.c

@@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor khazad_desc = {
    &khazad_test,
    &khazad_done,
    &khazad_keysize,
-   NULL, NULL, NULL, NULL, NULL, NULL, NULL
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 #define R      8 

src/ciphers/noekeon.c

@@ -27,7 +27,7 @@ const struct ltc_cipher_descriptor noekeon_desc =
     &noekeon_test,
     &noekeon_done,
     &noekeon_keysize,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 RC[] = {

src/ciphers/rc2.c

@@ -36,7 +36,7 @@ const struct ltc_cipher_descriptor rc2_desc = {
    &rc2_test,
    &rc2_done,
    &rc2_keysize,
-   NULL, NULL, NULL, NULL, NULL, NULL, NULL
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 /* 256-entry permutation table, probably derived somehow from pi */

src/ciphers/rc5.c

@@ -29,7 +29,7 @@ const struct ltc_cipher_descriptor rc5_desc =
     &rc5_test,
     &rc5_done,
     &rc5_keysize,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 stab[50] = {

src/ciphers/rc6.c

@@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor rc6_desc =
     &rc6_test,
     &rc6_done,
     &rc6_keysize,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const ulong32 stab[44] = {

src/ciphers/safer/safer.c

@@ -42,7 +42,7 @@ const struct ltc_cipher_descriptor
    &safer_k64_test,
    &safer_done,
    &safer_64_keysize,
-   NULL, NULL, NULL, NULL, NULL, NULL, NULL
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
    },
 
    safer_sk64_desc = {
@@ -54,7 +54,7 @@ const struct ltc_cipher_descriptor
    &safer_sk64_test,
    &safer_done,
    &safer_64_keysize,
-   NULL, NULL, NULL, NULL, NULL, NULL, NULL
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
    },
 
    safer_k128_desc = {
@@ -66,7 +66,7 @@ const struct ltc_cipher_descriptor
    &safer_sk128_test,
    &safer_done,
    &safer_128_keysize,
-   NULL, NULL, NULL, NULL, NULL, NULL, NULL
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
    },
 
    safer_sk128_desc = {
@@ -78,7 +78,7 @@ const struct ltc_cipher_descriptor
    &safer_sk128_test,
    &safer_done,
    &safer_128_keysize,
-   NULL, NULL, NULL, NULL, NULL, NULL, NULL
+   NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
    };
 
 /******************* Constants ************************************************/

src/ciphers/safer/saferp.c

@@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor saferp_desc =
     &saferp_test,
     &saferp_done,
     &saferp_keysize,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 /* ROUND(b,i) 

src/ciphers/skipjack.c

@@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor skipjack_desc =
     &skipjack_test,
     &skipjack_done,
     &skipjack_keysize,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 static const unsigned char sbox[256] = {

src/ciphers/twofish/twofish.c

@@ -35,7 +35,7 @@ const struct ltc_cipher_descriptor twofish_desc =
     &twofish_test,
     &twofish_done,
     &twofish_keysize,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 /* the two polynomials */

src/ciphers/xtea.c

@@ -28,7 +28,7 @@ const struct ltc_cipher_descriptor xtea_desc =
     &xtea_test,
     &xtea_done,
     &xtea_keysize,
-    NULL, NULL, NULL, NULL, NULL, NULL, NULL
+    NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL
 };
 
 int xtea_setup(const unsigned char *key, int keylen, int num_rounds, symmetric_key *skey)

src/encauth/gcm/gcm_gf_mult.c

@@ -11,11 +11,11 @@
 
 /**
    @file gcm_gf_mult.c
-   GCM implementation, initialize state, by Tom St Denis
+   GCM implementation, do the GF mult, by Tom St Denis
 */
 #include "tomcrypt.h"
 
-#ifdef GCM_MODE
+#if defined(GCM_MODE) || defined(LRW_MODE)
 
 /* right shift */
 static void gcm_rightshift(unsigned char *a)
@@ -57,36 +57,6 @@ void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *
    }
    XMEMCPY(c, Z, 16);
 }
-
-/**
-  GCM multiply by H
-  @param gcm   The GCM state which holds the H value
-  @param I     The value to multiply H by
- */
-void gcm_mult_h(gcm_state *gcm, unsigned char *I)
-{
-   unsigned char T[16];
-#ifdef GCM_TABLES
-   int x, y;
-   XMEMCPY(T, &gcm->PC[0][I[0]][0], 16);
-   for (x = 1; x < 16; x++) {
-#ifdef LTC_FAST
-       for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
-           *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y]));
-       }
-#else
-       for (y = 0; y < 16; y++) {
-           T[y] ^= gcm->PC[x][I[x]][y];
-       }
-#endif
-   }
-#else     
-   gcm_gf_mult(gcm->H, I, T); 
-#endif
-   XMEMCPY(I, T, 16);
-}
-
-
 #endif
 
 /* $Source$ */

src/encauth/gcm/gcm_mult_h.c

@@ -0,0 +1,50 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+   @file gcm_mult_h.c
+   GCM implementation, do the GF mult, by Tom St Denis
+*/
+#include "tomcrypt.h"
+
+#if defined(GCM_MODE)
+/**
+  GCM multiply by H
+  @param gcm   The GCM state which holds the H value
+  @param I     The value to multiply H by
+ */
+void gcm_mult_h(gcm_state *gcm, unsigned char *I)
+{
+   unsigned char T[16];
+#ifdef GCM_TABLES
+   int x, y;
+   XMEMCPY(T, &gcm->PC[0][I[0]][0], 16);
+   for (x = 1; x < 16; x++) {
+#ifdef LTC_FAST
+       for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+           *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&gcm->PC[x][I[x]][y]));
+       }
+#else
+       for (y = 0; y < 16; y++) {
+           T[y] ^= gcm->PC[x][I[x]][y];
+       }
+#endif
+   }
+#else     
+   gcm_gf_mult(gcm->H, I, T); 
+#endif
+   XMEMCPY(I, T, 16);
+}
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/encauth/nls/nls_memory.c

@@ -0,0 +1,94 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+  @file nls_memory.c
+  NLS support, process a block of memory, Tom St Denis
+*/
+
+#ifdef NLS_MODE
+
+int nls_memory(const unsigned char *key,    unsigned long keylen,
+               const unsigned char *IV,     unsigned long IVlen,
+               const unsigned char *adata,  unsigned long adatalen,
+                     unsigned char *pt,     unsigned long ptlen,
+                     unsigned char *ct, 
+                     unsigned char *tag,    unsigned long taglen,
+                               int direction)
+{
+   nls_state *nls;
+   int        err;
+
+   LTC_ARGCHK(key   != NULL);
+   LTC_ARGCHK(IV    != NULL);
+   if (adatalen > 0) {
+      LTC_ARGCHK(adata != NULL);
+   }      
+   LTC_ARGCHK(pt    != NULL);
+   LTC_ARGCHK(ct    != NULL);
+   if (taglen > 0) {
+      LTC_ARGCHK(tag   != NULL);
+   }      
+   
+   /* alloc NLS state */
+   nls = XCALLOC(1, sizeof(*nls));
+   if (nls == NULL) {
+      return CRYPT_MEM;
+   }
+   
+   /* init key and IV */
+   if ((err = nls_key(nls, key, keylen)) != CRYPT_OK) {
+      goto done;
+   }
+   if ((err = nls_nonce(nls, IV, IVlen)) != CRYPT_OK) {
+      goto done;
+   }
+   
+   /* process adata */
+   if (adatalen > 0) {
+      if ((err = nls_maconly(nls, adata, adatalen)) != CRYPT_OK) {
+         goto done;
+      }
+   }      
+   
+   /* process msg */
+   if (direction == NLS_ENCRYPT) {
+      if ((err = nls_encrypt(nls, pt, nbytes, ct)) != CRYPT_OK) {
+         goto done;
+      }
+   } else {      
+      if ((err = nls_decrypt(nls, ct, nbytes, pt)) != CRYPT_OK) {
+         goto done;
+      }
+   }      
+   
+   /* grab tag */
+   if (taglen > 0) {
+      if ((err = nls_finish(nls, tag, taglen)) != CRYPT_OK) {
+         goto done;
+      }
+   }
+   
+   err = CRYPT_OK;
+done:
+#ifdef LTC_CLEAN_STACK
+   zeromem(nls, sizeof(*nls));
+#endif
+   XFREE(nls);
+   
+   return err;
+}                     
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/encauth/nls/nlsfast.c

@@ -0,0 +1,981 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+
+/**
+  @file nlsfast.c
+  NLS support, entire suite, Tom St Denis
+*/
+
+
+/* Id: nlsfast.c 346 2005-04-22 18:36:12Z mwp */
+/* nlsfast: NLS stream cipher and Mundja MAC -- fast implementation */
+
+/*
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND AGAINST
+INFRINGEMENT ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+/* This source has been modified from the original source for the LibTomCrypt project
+ * by Tom St Denis.  (Warnings fixed and code GNU indented)
+ */
+
+#include "tomcrypt.h"
+
+#ifdef NLS_MODE
+
+#define NLS_LONG_OUTPUT 1
+#define N               17
+#define NMAC            8
+#define WORDSIZE        32
+#define F16             0x10001ul
+#define MACKONST        8
+
+/* interface, multiplication table and SBox */
+#include "nlssbox.inc"
+#include "nlsmultab.inc"
+/*
+ * FOLD is how many register cycles need to be performed after combining the
+ * last byte of key and non-linear feedback, before every byte depends on every
+ * byte of the key. This depends on the feedback and nonlinear functions, and
+ * on where they are combined into the register.
+ */
+#define FOLD N                  /* how many iterations of folding to do */
+#define INITKONST 0x6996c53a    /* value of KONST to use during key loading */
+#define KEYP 15                 /* where to insert key words */
+#define FOLDP 4                 /* where to insert non-linear feedback */
+#if NLS_LONG_OUTPUT
+#define CTRP 2                  /* where to insert counter to avoid small cycles */
+#endif /*NLS_LONG_OUTPUT */
+
+#define Byte(x,i) ((unsigned char)(((x) >> (8*i)) & 0xFF))
+
+/* define IS_LITTLE_ENDIAN for faster operation when appropriate */
+#if defined(ENDIAN_LITTLE) && defined(ENDIAN_32BITWORD)
+/* Useful macros -- little endian words on a little endian machine */
+#define BYTE2WORD(b) (*(ulong32 *)(b))
+#define WORD2BYTE(w, b) ((*(ulong32 *)(b)) = w)
+#define XORWORD(w, b) ((*(ulong32 *)(b)) ^= w)
+#else
+/* Useful macros -- machine independent little-endian version */
+#define BYTE2WORD(b) ( \
+   (((ulong32)(b)[3] & 0xFF)<<24) | \
+   (((ulong32)(b)[2] & 0xFF)<<16) | \
+   (((ulong32)(b)[1] & 0xFF)<<8) | \
+   (((ulong32)(b)[0] & 0xFF)) \
+)
+#define WORD2BYTE(w, b) { \
+   (b)[3] = Byte(w,3); \
+   (b)[2] = Byte(w,2); \
+   (b)[1] = Byte(w,1); \
+   (b)[0] = Byte(w,0); \
+}
+#define XORWORD(w, b) { \
+   (b)[3] ^= Byte(w,3); \
+   (b)[2] ^= Byte(w,2); \
+   (b)[1] ^= Byte(w,1); \
+   (b)[0] ^= Byte(w,0); \
+}
+#endif
+
+#if NLS_LONG_OUTPUT
+#define ZEROCOUNTER(c)    c->CtrModF16 = c->CtrMod232 = 0
+#else
+#define ZEROCOUNTER(c)          /* nothing */
+#endif /*NLS_LONG_OUTPUT */
+
+/* give correct offset for the current position of the register,
+ * where logically R[0] is at position "zero".
+ */
+#define OFF(zero, i) (((zero)+(i)) % N)
+
+#if NLS_LONG_OUTPUT
+/* Increment counter and mix into register every so often */
+#define FIXCTR(c,z) \
+{ \
+    if (++c->CtrModF16 == F16) { \
+   c->CtrMod232 += c->CtrModF16; \
+   c->R[OFF(z,CTRP)] += c->CtrMod232; \
+   c->CtrMod232 = 0; \
+    } \
+}
+#endif /*NLS_LONG_OUTPUT */
+
+/* step the shift register */
+/* After stepping, "zero" moves right one place */
+#define STEP(c,z) \
+    { register ulong32 tt; \
+   tt = ROL(c->R[OFF(z,0)],19) + ROL(c->R[OFF(z,15)],9) + c->konst; \
+   tt ^= Sbox[(tt >> 24) & 0xFF]; \
+   c->R[OFF(z,0)] = tt ^ c->R[OFF(z,4)]; \
+    }
+static void cycle(nls_state * c)
+{
+   ulong32 t;
+   int i;
+
+   /* nonlinear feedback function */
+   STEP(c, 0);
+   /* shift register */
+   t = c->R[0];
+   for (i = 1; i < N; ++i)
+      c->R[i - 1] = c->R[i];
+   c->R[N - 1] = t;
+#if NLS_LONG_OUTPUT
+   FIXCTR(c, 0);
+#endif /*NLS_LONG_OUTPUT */
+}
+
+/* Return a non-linear function of some parts of the register.
+ */
+#define NLFUNC(c,z) \
+    (c->R[OFF(z,0)] + c->R[OFF(z,16)]) \
+    ^ (c->R[OFF(z,1)] + c->konst) \
+    ^ (c->R[OFF(z,6)] + c->R[OFF(z,13)])
+
+static ulong32 nltap(nls_state * c)
+{
+   return NLFUNC(c, 0);
+}
+
+/* The Mundja MAC function is modelled after the round function of SHA-256.
+ * The following lines establish aliases for the MAC accumulator, just
+ * so that the definition of that function looks more like FIPS-180-2.
+ */
+#define A c->M[0]
+#define B c->M[1]
+#define C c->M[2]
+#define D c->M[3]
+#define E c->M[4]
+#define F c->M[5]
+#define G c->M[6]
+#define H c->M[7]
+#define SIGMA0(x) (ROR((x), 2) ^ ROR((x), 13) ^ ROR((x), 22))
+#define SIGMA1(x) (ROR((x), 6) ^ ROR((x), 11) ^ ROR((x), 25))
+#define CHOOSE(x,y,z) (z ^ (x & (y ^ z)))
+#define MAJORITY(x,y,z) ((x & y) | (z & (x | y)))
+
+/* Accumulate a nonlinear function of a register word and an input word for MAC.
+ * Except for the added S-Box and SOBER LFSR input instead of constants,
+ * this is exactly a round of SHA-256.
+ */
+#define SHAFUNC(c,i,k,A,B,C,D,E,F,G,H) \
+    { \
+   ulong32   t1; \
+   t1 = H + k + i; \
+   t1 ^= Sbox[(t1 >> 24) & 0xFF]; \
+   t1 += SIGMA1(E) + CHOOSE(E, F, G); \
+   D += t1; \
+   t1 += SIGMA0(A) + MAJORITY(A, B, C); \
+   H = t1; \
+    }
+
+static void shafunc(nls_state * c, ulong32 i)
+{
+   ulong32 t;
+
+   SHAFUNC(c, i, c->R[MACKONST], A, B, C, D, E, F, G, H);
+   /* now correct alignment of MAC accumulator */
+   t = c->M[NMAC - 1];
+   for (i = NMAC - 1; i > 0; --i)
+      c->M[i] = c->M[i - 1];
+   c->M[0] = t;
+}
+
+/* Accumulate a CRC of input words, later to be fed into MAC.
+ */
+#define CRCFUNC(c,i,zero,five) \
+    { \
+   ulong32   t1; \
+   t1 = (c->CRC[zero] << 8) ^ Multab[(c->CRC[zero] >> 24) & 0xFF] \
+      ^ c->CRC[five] ^ i; \
+   c->CRC[zero] = t1; \
+    }
+
+static void crcfunc(nls_state * c, ulong32 i)
+{
+   ulong32 t;
+
+   CRCFUNC(c, i, 0, 5);
+   /* now correct alignment of CRC accumulator */
+   t = c->CRC[0];
+   for (i = 1; i < NMAC; ++i)
+      c->CRC[i - 1] = c->CRC[i];
+   c->CRC[NMAC - 1] = t;
+}
+
+/* Normal MAC word processing: do both SHA and CRC.
+ */
+static void macfunc(nls_state * c, ulong32 i)
+{
+   crcfunc(c, i);
+   shafunc(c, i);
+}
+
+/* initialise to known state
+ */
+static void nls_initstate(nls_state * c)
+{
+   int i;
+
+   /* Register initialised to Fibonacci numbers */
+   c->R[0] = 1;
+   c->R[1] = 1;
+   for (i = 2; i < N; ++i)
+      c->R[i] = c->R[i - 1] + c->R[i - 2];
+   c->konst = INITKONST;
+   ZEROCOUNTER(c);
+}
+
+/* Save the current register state
+ */
+static void nls_savestate(nls_state * c)
+{
+   int i;
+
+   for (i = 0; i < N; ++i)
+      c->initR[i] = c->R[i];
+}
+
+/* initialise to previously saved register state
+ */
+static void nls_reloadstate(nls_state * c)
+{
+   int i;
+
+   for (i = 0; i < N; ++i)
+      c->R[i] = c->initR[i];
+   ZEROCOUNTER(c);
+}
+
+/* Initialise "konst"
+ */
+static void nls_genkonst(nls_state * c)
+{
+   ulong32 newkonst;
+
+   do {
+      cycle(c);
+      newkonst = nltap(c);
+   }
+   while ((newkonst & 0xFF000000) == 0);
+   c->konst = newkonst;
+}
+
+/* Load key material into the register
+ */
+#define ADDKEY(k) \
+   c->R[KEYP] += (k);
+
+#define XORNL(nl) \
+   c->R[FOLDP] ^= (nl);
+
+/* nonlinear diffusion of register for key and MAC */
+#define DROUND(z) STEP(c,z); c->R[OFF((z+1),FOLDP)] ^= NLFUNC(c,(z+1));
+static void nls_diffuse(nls_state * c)
+{
+   /* relies on FOLD == N! */
+   DROUND(0);
+   DROUND(1);
+   DROUND(2);
+   DROUND(3);
+   DROUND(4);
+   DROUND(5);
+   DROUND(6);
+   DROUND(7);
+   DROUND(8);
+   DROUND(9);
+   DROUND(10);
+   DROUND(11);
+   DROUND(12);
+   DROUND(13);
+   DROUND(14);
+   DROUND(15);
+   DROUND(16);
+}
+
+/* common actions for loading key material */
+static void
+nls_loadkey(nls_state * c, const unsigned char *key, unsigned long keylen)
+{
+   ulong32 i, k;
+
+   /* start folding in key, reject odd sized keys */
+   if ((keylen & 3) != 0)
+      abort();
+   for (i = 0; i < keylen; i += 4) {
+      k = BYTE2WORD(&key[i]);
+      ADDKEY(k);
+      cycle(c);
+      XORNL(nltap(c));
+   }
+
+   /* also fold in the length of the key */
+   ADDKEY(keylen);
+
+   /* now diffuse */
+   nls_diffuse(c);
+}
+
+/* initialise MAC related registers
+ */
+static void nls_macinit(nls_state * c)
+{
+   int i;
+
+   for (i = 0; i < NMAC; ++i) {
+      c->M[i] = c->R[i];
+      c->CRC[i] = c->R[i + NMAC];
+   }
+}
+
+/* Published "key" interface
+ */
+int nls_key(nls_state * c, const unsigned char *key, unsigned long keylen)
+{
+   LTC_ARGCHK(c != NULL);
+   LTC_ARGCHK(key != NULL);
+
+   if (keylen == 0) {
+      return CRYPT_INVALID_ARG;
+   }
+   nls_initstate(c);
+   nls_loadkey(c, key, keylen);
+   nls_genkonst(c);
+   nls_savestate(c);
+   nls_macinit(c);
+   c->nbuf = 0;
+   ZEROCOUNTER(c);
+   return CRYPT_OK;
+}
+
+/* Published "nonce" interface
+ */
+int
+nls_nonce(nls_state * c, const unsigned char *nonce, unsigned long noncelen)
+{
+   LTC_ARGCHK(c != NULL);
+   LTC_ARGCHK(nonce != NULL);
+   if (noncelen == 0) {
+      return CRYPT_INVALID_ARG;
+   }
+   nls_reloadstate(c);
+   nls_loadkey(c, nonce, noncelen);
+   nls_macinit(c);
+   c->nbuf = 0;
+   ZEROCOUNTER(c);
+   return CRYPT_OK;
+}
+
+#if 0
+/* XOR pseudo-random bytes into buffer
+ * Note: doesn't play well with MAC functions.
+ */
+#define SROUND(z) STEP(c,z); t = NLFUNC(c,(z+1)); XORWORD(t, buf+(z*4));
+static void
+nls_stream(nls_state * c, unsigned char *buf, unsigned long nbytes)
+{
+   ulong32 t = 0;
+
+   /* handle any previously buffered bytes */
+   while (c->nbuf != 0 && nbytes != 0) {
+      *buf++ ^= c->sbuf & 0xFF;
+      c->sbuf >>= 8;
+      c->nbuf -= 8;
+      --nbytes;
+   }
+
+   /* do lots at a time, if there's enough to do */
+   while (nbytes >= N * 4) {
+#if NLS_LONG_OUTPUT
+      if (c->CtrModF16 < (F16 - 17)) {
+#endif /*NLS_LONG_OUTPUT */
+         SROUND(0);
+         SROUND(1);
+         SROUND(2);
+         SROUND(3);
+         SROUND(4);
+         SROUND(5);
+         SROUND(6);
+         SROUND(7);
+         SROUND(8);
+         SROUND(9);
+         SROUND(10);
+         SROUND(11);
+         SROUND(12);
+         SROUND(13);
+         SROUND(14);
+         SROUND(15);
+         SROUND(16);
+#if NLS_LONG_OUTPUT
+         c->CtrModF16 += 17;
+      } else {
+         SROUND(0);
+         FIXCTR(c, 1);
+         SROUND(1);
+         FIXCTR(c, 2);
+         SROUND(2);
+         FIXCTR(c, 3);
+         SROUND(3);
+         FIXCTR(c, 4);
+         SROUND(4);
+         FIXCTR(c, 5);
+         SROUND(5);
+         FIXCTR(c, 6);
+         SROUND(6);
+         FIXCTR(c, 7);
+         SROUND(7);
+         FIXCTR(c, 8);
+         SROUND(8);
+         FIXCTR(c, 9);
+         SROUND(9);
+         FIXCTR(c, 10);
+         SROUND(10);
+         FIXCTR(c, 11);
+         SROUND(11);
+         FIXCTR(c, 12);
+         SROUND(12);
+         FIXCTR(c, 13);
+         SROUND(13);
+         FIXCTR(c, 14);
+         SROUND(14);
+         FIXCTR(c, 15);
+         SROUND(15);
+         FIXCTR(c, 16);
+         SROUND(16);
+         FIXCTR(c, 0);
+      }
+#endif /*NLS_LONG_OUTPUT */
+      buf += 4 * N;
+      nbytes -= N * 4;
+   }
+
+   /* do small or odd size buffers the slow way */
+   while (4 <= nbytes) {
+      cycle(c);
+      t = nltap(c);
+      XORWORD(t, buf);
+      buf += 4;
+      nbytes -= 4;
+   }
+
+   /* handle any trailing bytes */
+   if (nbytes != 0) {
+      cycle(c);
+      c->sbuf = nltap(c);
+      c->nbuf = 32;
+      while (c->nbuf != 0 && nbytes != 0) {
+         *buf++ ^= c->sbuf & 0xFF;
+         c->sbuf >>= 8;
+         c->nbuf -= 8;
+         --nbytes;
+      }
+   }
+}
+
+#endif
+
+/* accumulate words into MAC without encryption
+ * Note that plaintext is accumulated for MAC.
+ */
+#define MROUND(z,A,B,C,D,E,F,G,H) \
+    t = BYTE2WORD(buf+(z*4)); \
+    STEP(c,z); \
+    CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \
+    SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H);
+int nls_maconly(nls_state * c, const unsigned char *buf, unsigned long nbytes)
+{
+   int i;
+   ulong32 t = 0;
+
+   LTC_ARGCHK(c != NULL);
+   LTC_ARGCHK(buf != NULL);
+
+
+   /* handle any previously buffered bytes */
+   if (c->nbuf != 0) {
+      while (c->nbuf != 0 && nbytes != 0) {
+         c->mbuf ^= (*buf++) << (32 - c->nbuf);
+         c->nbuf -= 8;
+         --nbytes;
+      }
+      if (c->nbuf != 0) {       /* not a whole word yet */
+         return CRYPT_OK;
+      }
+      /* LFSR already cycled */
+      macfunc(c, c->mbuf);
+   }
+
+   /* do lots at a time, if there's enough to do */
+   while (4 * N <= nbytes) {
+#if NLS_LONG_OUTPUT
+      if (c->CtrModF16 < (F16 - 17)) {
+#endif /*NLS_LONG_OUTPUT */
+         MROUND(0, A, B, C, D, E, F, G, H);
+         MROUND(1, H, A, B, C, D, E, F, G);
+         MROUND(2, G, H, A, B, C, D, E, F);
+         MROUND(3, F, G, H, A, B, C, D, E);
+         MROUND(4, E, F, G, H, A, B, C, D);
+         MROUND(5, D, E, F, G, H, A, B, C);
+         MROUND(6, C, D, E, F, G, H, A, B);
+         MROUND(7, B, C, D, E, F, G, H, A);
+         MROUND(8, A, B, C, D, E, F, G, H);
+         MROUND(9, H, A, B, C, D, E, F, G);
+         MROUND(10, G, H, A, B, C, D, E, F);
+         MROUND(11, F, G, H, A, B, C, D, E);
+         MROUND(12, E, F, G, H, A, B, C, D);
+         MROUND(13, D, E, F, G, H, A, B, C);
+         MROUND(14, C, D, E, F, G, H, A, B);
+         MROUND(15, B, C, D, E, F, G, H, A);
+         MROUND(16, A, B, C, D, E, F, G, H);
+#if NLS_LONG_OUTPUT
+         c->CtrModF16 += 17;
+      } else {
+         MROUND(0, A, B, C, D, E, F, G, H);
+         FIXCTR(c, 1);
+         MROUND(1, H, A, B, C, D, E, F, G);
+         FIXCTR(c, 2);
+         MROUND(2, G, H, A, B, C, D, E, F);
+         FIXCTR(c, 3);
+         MROUND(3, F, G, H, A, B, C, D, E);
+         FIXCTR(c, 4);
+         MROUND(4, E, F, G, H, A, B, C, D);
+         FIXCTR(c, 5);
+         MROUND(5, D, E, F, G, H, A, B, C);
+         FIXCTR(c, 6);
+         MROUND(6, C, D, E, F, G, H, A, B);
+         FIXCTR(c, 7);
+         MROUND(7, B, C, D, E, F, G, H, A);
+         FIXCTR(c, 8);
+         MROUND(8, A, B, C, D, E, F, G, H);
+         FIXCTR(c, 9);
+         MROUND(9, H, A, B, C, D, E, F, G);
+         FIXCTR(c, 10);
+         MROUND(10, G, H, A, B, C, D, E, F);
+         FIXCTR(c, 11);
+         MROUND(11, F, G, H, A, B, C, D, E);
+         FIXCTR(c, 12);
+         MROUND(12, E, F, G, H, A, B, C, D);
+         FIXCTR(c, 13);
+         MROUND(13, D, E, F, G, H, A, B, C);
+         FIXCTR(c, 14);
+         MROUND(14, C, D, E, F, G, H, A, B);
+         FIXCTR(c, 15);
+         MROUND(15, B, C, D, E, F, G, H, A);
+         FIXCTR(c, 16);
+         MROUND(16, A, B, C, D, E, F, G, H);
+         FIXCTR(c, 0);
+      }
+#endif /*NLS_LONG_OUTPUT */
+      buf += 4 * N;
+      nbytes -= 4 * N;
+      /* fix alignment of MAC buffer */
+      t = c->M[NMAC - 1];
+      for (i = NMAC - 1; i > 0; --i)
+         c->M[i] = c->M[i - 1];
+      c->M[0] = t;
+      /* fix alignment of CRC buffer */
+      t = c->CRC[0];
+      for (i = 1; i < NMAC; ++i)
+         c->CRC[i - 1] = c->CRC[i];
+      c->CRC[NMAC - 1] = t;
+   }
+
+   /* do small or odd size buffers the slow way */
+   while (4 <= nbytes) {
+      cycle(c);
+      macfunc(c, BYTE2WORD(buf));
+      buf += 4;
+      nbytes -= 4;
+   }
+
+   /* handle any trailing bytes */
+   if (nbytes != 0) {
+      cycle(c);
+      c->sbuf = nltap(c);
+      c->mbuf = 0;
+      c->nbuf = 32;
+      while (nbytes != 0) {
+         c->mbuf ^= (*buf++) << (32 - c->nbuf);
+         c->nbuf -= 8;
+         --nbytes;
+      }
+   }
+
+   return CRYPT_OK;
+}
+
+/* Combined MAC and encryption.
+ * Note that plaintext is accumulated for MAC.
+ */
+#define EROUND(z,A,B,C,D,E,F,G,H) \
+    STEP(c,z); \
+    t3 = BYTE2WORD(buf+(z*4)); \
+    CRCFUNC(c,t3,((z)&0x7),(((z)+5)&0x7)); \
+    SHAFUNC(c,t3,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \
+    t = NLFUNC(c,(z+1)); \
+    t ^= t3; \
+    WORD2BYTE(t,buf+(z*4));
+int nls_encrypt(nls_state * c, 
+                const unsigned char *pt, unsigned long nbytes,
+                      unsigned char *ct)
+{
+   ulong32 t = 0, t3 = 0;
+   int i;
+
+   LTC_ARGCHK(c != NULL);
+   LTC_ARGCHK(pt != NULL);
+   LTC_ARGCHK(ct != NULL);
+   
+   #define buf ct
+   
+   /* do copy as required */
+   if (pt != ct) {
+       XMEMCPY(ct, pt, nbytes);
+   }       
+
+   /* handle any previously buffered bytes */
+   if (c->nbuf != 0) {
+      while (c->nbuf != 0 && nbytes != 0) {
+         c->mbuf ^= *buf << (32 - c->nbuf);
+         *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
+         ++buf;
+         c->nbuf -= 8;
+         --nbytes;
+      }
+      if (c->nbuf != 0)         /* not a whole word yet */
+         return CRYPT_OK;
+      /* LFSR already cycled */
+      macfunc(c, c->mbuf);
+   }
+
+   /* do lots at a time, if there's enough to do */
+   while (4 * N <= nbytes) {
+#if NLS_LONG_OUTPUT
+      if (c->CtrModF16 < (F16 - 17)) {
+#endif /*NLS_LONG_OUTPUT */
+         EROUND(0, A, B, C, D, E, F, G, H);
+         EROUND(1, H, A, B, C, D, E, F, G);
+         EROUND(2, G, H, A, B, C, D, E, F);
+         EROUND(3, F, G, H, A, B, C, D, E);
+         EROUND(4, E, F, G, H, A, B, C, D);
+         EROUND(5, D, E, F, G, H, A, B, C);
+         EROUND(6, C, D, E, F, G, H, A, B);
+         EROUND(7, B, C, D, E, F, G, H, A);
+         EROUND(8, A, B, C, D, E, F, G, H);
+         EROUND(9, H, A, B, C, D, E, F, G);
+         EROUND(10, G, H, A, B, C, D, E, F);
+         EROUND(11, F, G, H, A, B, C, D, E);
+         EROUND(12, E, F, G, H, A, B, C, D);
+         EROUND(13, D, E, F, G, H, A, B, C);
+         EROUND(14, C, D, E, F, G, H, A, B);
+         EROUND(15, B, C, D, E, F, G, H, A);
+         EROUND(16, A, B, C, D, E, F, G, H);
+#if NLS_LONG_OUTPUT
+         c->CtrModF16 += 17;
+      } else {
+         EROUND(0, A, B, C, D, E, F, G, H);
+         FIXCTR(c, 1);
+         EROUND(1, H, A, B, C, D, E, F, G);
+         FIXCTR(c, 2);
+         EROUND(2, G, H, A, B, C, D, E, F);
+         FIXCTR(c, 3);
+         EROUND(3, F, G, H, A, B, C, D, E);
+         FIXCTR(c, 4);
+         EROUND(4, E, F, G, H, A, B, C, D);
+         FIXCTR(c, 5);
+         EROUND(5, D, E, F, G, H, A, B, C);
+         FIXCTR(c, 6);
+         EROUND(6, C, D, E, F, G, H, A, B);
+         FIXCTR(c, 7);
+         EROUND(7, B, C, D, E, F, G, H, A);
+         FIXCTR(c, 8);
+         EROUND(8, A, B, C, D, E, F, G, H);
+         FIXCTR(c, 9);
+         EROUND(9, H, A, B, C, D, E, F, G);
+         FIXCTR(c, 10);
+         EROUND(10, G, H, A, B, C, D, E, F);
+         FIXCTR(c, 11);
+         EROUND(11, F, G, H, A, B, C, D, E);
+         FIXCTR(c, 12);
+         EROUND(12, E, F, G, H, A, B, C, D);
+         FIXCTR(c, 13);
+         EROUND(13, D, E, F, G, H, A, B, C);
+         FIXCTR(c, 14);
+         EROUND(14, C, D, E, F, G, H, A, B);
+         FIXCTR(c, 15);
+         EROUND(15, B, C, D, E, F, G, H, A);
+         FIXCTR(c, 16);
+         EROUND(16, A, B, C, D, E, F, G, H);
+         FIXCTR(c, 0);
+      }
+#endif /*NLS_LONG_OUTPUT */
+      buf += 4 * N;
+      nbytes -= 4 * N;
+      /* fix alignment of MAC buffer */
+      t = c->M[7];
+      for (i = NMAC - 1; i > 0; --i)
+         c->M[i] = c->M[i - 1];
+      c->M[0] = t;
+      /* fix alignment of CRC buffer */
+      t = c->CRC[0];
+      for (i = 1; i < NMAC; ++i)
+         c->CRC[i - 1] = c->CRC[i];
+      c->CRC[NMAC - 1] = t;
+   }
+
+   /* do small or odd size buffers the slow way */
+   while (4 <= nbytes) {
+      cycle(c);
+      t = BYTE2WORD(buf);
+      macfunc(c, t);
+      t ^= nltap(c);
+      WORD2BYTE(t, buf);
+      nbytes -= 4;
+      buf += 4;
+   }
+
+   /* handle any trailing bytes */
+   if (nbytes != 0) {
+      cycle(c);
+      c->sbuf = nltap(c);
+      c->mbuf = 0;
+      c->nbuf = 32;
+      while (c->nbuf != 0 && nbytes != 0) {
+         c->mbuf ^= *buf << (32 - c->nbuf);
+         *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
+         ++buf;
+         c->nbuf -= 8;
+         --nbytes;
+      }
+   }
+   
+   #undef buf
+
+   return CRYPT_OK;
+}
+
+/* Combined MAC and decryption.
+ * Note that plaintext is accumulated for MAC.
+ */
+#undef DROUND
+#define DROUND(z,A,B,C,D,E,F,G,H) \
+    STEP(c,z); \
+    t = NLFUNC(c,(z+1)); \
+    t3 = BYTE2WORD(buf+(z*4)); \
+    t ^= t3; \
+    CRCFUNC(c,t,((z)&0x7),(((z)+5)&0x7)); \
+    SHAFUNC(c,t,c->R[OFF(z+1,MACKONST)],A,B,C,D,E,F,G,H); \
+    WORD2BYTE(t, buf+(z*4));
+int nls_decrypt(nls_state * c, 
+                const unsigned char *ct, unsigned long nbytes,
+                      unsigned char *pt)
+{
+   ulong32 t = 0, t3 = 0;
+   int i;
+
+   LTC_ARGCHK(c  != NULL);
+   LTC_ARGCHK(pt != NULL);
+   LTC_ARGCHK(ct != NULL);
+   
+   #define buf pt
+   
+   if (pt != ct) {
+      XMEMCPY(pt, ct, nbytes);
+   }      
+
+   /* handle any previously buffered bytes */
+   if (c->nbuf != 0) {
+      while (c->nbuf != 0 && nbytes != 0) {
+         *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
+         c->mbuf ^= *buf << (32 - c->nbuf);
+         ++buf;
+         c->nbuf -= 8;
+         --nbytes;
+      }
+      if (c->nbuf != 0)         /* not a whole word yet */
+         return CRYPT_OK;
+      /* LFSR already cycled */
+      macfunc(c, c->mbuf);
+   }
+
+   /* now do lots at a time, if there's enough */
+   while (4 * N <= nbytes) {
+#if NLS_LONG_OUTPUT
+      if (c->CtrModF16 < (F16 - 17)) {
+#endif /*NLS_LONG_OUTPUT */
+         DROUND(0, A, B, C, D, E, F, G, H);
+         DROUND(1, H, A, B, C, D, E, F, G);
+         DROUND(2, G, H, A, B, C, D, E, F);
+         DROUND(3, F, G, H, A, B, C, D, E);
+         DROUND(4, E, F, G, H, A, B, C, D);
+         DROUND(5, D, E, F, G, H, A, B, C);
+         DROUND(6, C, D, E, F, G, H, A, B);
+         DROUND(7, B, C, D, E, F, G, H, A);
+         DROUND(8, A, B, C, D, E, F, G, H);
+         DROUND(9, H, A, B, C, D, E, F, G);
+         DROUND(10, G, H, A, B, C, D, E, F);
+         DROUND(11, F, G, H, A, B, C, D, E);
+         DROUND(12, E, F, G, H, A, B, C, D);
+         DROUND(13, D, E, F, G, H, A, B, C);
+         DROUND(14, C, D, E, F, G, H, A, B);
+         DROUND(15, B, C, D, E, F, G, H, A);
+         DROUND(16, A, B, C, D, E, F, G, H);
+#if NLS_LONG_OUTPUT
+         c->CtrModF16 += 17;
+      } else {
+         DROUND(0, A, B, C, D, E, F, G, H);
+         FIXCTR(c, 1);
+         DROUND(1, H, A, B, C, D, E, F, G);
+         FIXCTR(c, 2);
+         DROUND(2, G, H, A, B, C, D, E, F);
+         FIXCTR(c, 3);
+         DROUND(3, F, G, H, A, B, C, D, E);
+         FIXCTR(c, 4);
+         DROUND(4, E, F, G, H, A, B, C, D);
+         FIXCTR(c, 5);
+         DROUND(5, D, E, F, G, H, A, B, C);
+         FIXCTR(c, 6);
+         DROUND(6, C, D, E, F, G, H, A, B);
+         FIXCTR(c, 7);
+         DROUND(7, B, C, D, E, F, G, H, A);
+         FIXCTR(c, 8);
+         DROUND(8, A, B, C, D, E, F, G, H);
+         FIXCTR(c, 9);
+         DROUND(9, H, A, B, C, D, E, F, G);
+         FIXCTR(c, 10);
+         DROUND(10, G, H, A, B, C, D, E, F);
+         FIXCTR(c, 11);
+         DROUND(11, F, G, H, A, B, C, D, E);
+         FIXCTR(c, 12);
+         DROUND(12, E, F, G, H, A, B, C, D);
+         FIXCTR(c, 13);
+         DROUND(13, D, E, F, G, H, A, B, C);
+         FIXCTR(c, 14);
+         DROUND(14, C, D, E, F, G, H, A, B);
+         FIXCTR(c, 15);
+         DROUND(15, B, C, D, E, F, G, H, A);
+         FIXCTR(c, 16);
+         DROUND(16, A, B, C, D, E, F, G, H);
+         FIXCTR(c, 0);
+      }
+#endif /*NLS_LONG_OUTPUT */
+      buf += 4 * N;
+      nbytes -= 4 * N;
+      /* fix alignment of MAC buffer */
+      t = c->M[7];
+      for (i = NMAC - 1; i > 0; --i)
+         c->M[i] = c->M[i - 1];
+      c->M[0] = t;
+      /* fix alignment of CRC buffer */
+      t = c->CRC[0];
+      for (i = 1; i < NMAC; ++i)
+         c->CRC[i - 1] = c->CRC[i];
+      c->CRC[NMAC - 1] = t;
+   }
+
+   /* do small or odd size buffers the slow way */
+   while (4 <= nbytes) {
+      cycle(c);
+      t = nltap(c);
+      t3 = BYTE2WORD(buf);
+      t ^= t3;
+      macfunc(c, t);
+      WORD2BYTE(t, buf);
+      nbytes -= 4;
+      buf += 4;
+   }
+
+   /* handle any trailing bytes */
+   if (nbytes != 0) {
+      cycle(c);
+      c->sbuf = nltap(c);
+      c->mbuf = 0;
+      c->nbuf = 32;
+      while (c->nbuf != 0 && nbytes != 0) {
+         *buf ^= (c->sbuf >> (32 - c->nbuf)) & 0xFF;
+         c->mbuf ^= *buf << (32 - c->nbuf);
+         ++buf;
+         c->nbuf -= 8;
+         --nbytes;
+      }
+   }
+   return CRYPT_OK;
+   
+   #undef buf
+}
+
+/* Having accumulated a MAC, finish processing and return it.
+ * Note that any unprocessed bytes are treated as if
+ * they were encrypted zero bytes, so plaintext (zero) is accumulated.
+ */
+int nls_finish(nls_state * c, unsigned char *buf, unsigned long nbytes)
+{
+   ulong32 i;
+
+   LTC_ARGCHK(c   != NULL);
+   LTC_ARGCHK(buf != NULL);
+
+   /* handle any previously buffered bytes */
+   if (c->nbuf != 0) {
+      /* LFSR already cycled */
+      macfunc(c, c->mbuf);
+   }
+
+   /* perturb the MAC to mark end of input.
+    * Note that only the SHA part is updated, not the CRC. This is an
+    * action that can't be duplicated by passing in plaintext, hence
+    * defeating any kind of extension attack.
+    */
+   cycle(c);
+   shafunc(c, INITKONST + (c->nbuf << 24));
+   c->nbuf = 0;
+
+   /* now add the CRC to the MAC like input material */
+   for (i = 0; i < NMAC; ++i) {
+      cycle(c);
+      crcfunc(c, 0);
+      shafunc(c, c->CRC[7]);
+   }
+
+   /* continue that process, producing output from the MAC buffer */
+   while (nbytes > 0) {
+      cycle(c);
+      crcfunc(c, 0);
+      shafunc(c, c->CRC[7]);
+      if (nbytes >= 4) {
+         WORD2BYTE(A, buf);
+         nbytes -= 4;
+         buf += 4;
+      } else {
+         for (i = 0; i < nbytes; ++i)
+            buf[i] = Byte(A, i);
+         break;
+      }
+   }
+
+   return CRYPT_OK;
+}
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/encauth/nls/nlsmultab.inc

@@ -0,0 +1,68 @@
+/* Id: nlsmultab.h 333 2005-04-13 05:35:54Z mwp  */
+/* Multiplication table for Mundja using 0xD02B4367 */
+static const ulong32 Multab[256] = {
+    0x00000000, 0xD02B4367, 0xED5686CE, 0x3D7DC5A9,
+    0x97AC41D1, 0x478702B6, 0x7AFAC71F, 0xAAD18478,
+    0x631582EF, 0xB33EC188, 0x8E430421, 0x5E684746,
+    0xF4B9C33E, 0x24928059, 0x19EF45F0, 0xC9C40697,
+    0xC62A4993, 0x16010AF4, 0x2B7CCF5D, 0xFB578C3A,
+    0x51860842, 0x81AD4B25, 0xBCD08E8C, 0x6CFBCDEB,
+    0xA53FCB7C, 0x7514881B, 0x48694DB2, 0x98420ED5,
+    0x32938AAD, 0xE2B8C9CA, 0xDFC50C63, 0x0FEE4F04,
+    0xC154926B, 0x117FD10C, 0x2C0214A5, 0xFC2957C2,
+    0x56F8D3BA, 0x86D390DD, 0xBBAE5574, 0x6B851613,
+    0xA2411084, 0x726A53E3, 0x4F17964A, 0x9F3CD52D,
+    0x35ED5155, 0xE5C61232, 0xD8BBD79B, 0x089094FC,
+    0x077EDBF8, 0xD755989F, 0xEA285D36, 0x3A031E51,
+    0x90D29A29, 0x40F9D94E, 0x7D841CE7, 0xADAF5F80,
+    0x646B5917, 0xB4401A70, 0x893DDFD9, 0x59169CBE,
+    0xF3C718C6, 0x23EC5BA1, 0x1E919E08, 0xCEBADD6F,
+    0xCFA869D6, 0x1F832AB1, 0x22FEEF18, 0xF2D5AC7F,
+    0x58042807, 0x882F6B60, 0xB552AEC9, 0x6579EDAE,
+    0xACBDEB39, 0x7C96A85E, 0x41EB6DF7, 0x91C02E90,
+    0x3B11AAE8, 0xEB3AE98F, 0xD6472C26, 0x066C6F41,
+    0x09822045, 0xD9A96322, 0xE4D4A68B, 0x34FFE5EC,
+    0x9E2E6194, 0x4E0522F3, 0x7378E75A, 0xA353A43D,
+    0x6A97A2AA, 0xBABCE1CD, 0x87C12464, 0x57EA6703,
+    0xFD3BE37B, 0x2D10A01C, 0x106D65B5, 0xC04626D2,
+    0x0EFCFBBD, 0xDED7B8DA, 0xE3AA7D73, 0x33813E14,
+    0x9950BA6C, 0x497BF90B, 0x74063CA2, 0xA42D7FC5,
+    0x6DE97952, 0xBDC23A35, 0x80BFFF9C, 0x5094BCFB,
+    0xFA453883, 0x2A6E7BE4, 0x1713BE4D, 0xC738FD2A,
+    0xC8D6B22E, 0x18FDF149, 0x258034E0, 0xF5AB7787,
+    0x5F7AF3FF, 0x8F51B098, 0xB22C7531, 0x62073656,
+    0xABC330C1, 0x7BE873A6, 0x4695B60F, 0x96BEF568,
+    0x3C6F7110, 0xEC443277, 0xD139F7DE, 0x0112B4B9,
+    0xD31DD2E1, 0x03369186, 0x3E4B542F, 0xEE601748,
+    0x44B19330, 0x949AD057, 0xA9E715FE, 0x79CC5699,
+    0xB008500E, 0x60231369, 0x5D5ED6C0, 0x8D7595A7,
+    0x27A411DF, 0xF78F52B8, 0xCAF29711, 0x1AD9D476,
+    0x15379B72, 0xC51CD815, 0xF8611DBC, 0x284A5EDB,
+    0x829BDAA3, 0x52B099C4, 0x6FCD5C6D, 0xBFE61F0A,
+    0x7622199D, 0xA6095AFA, 0x9B749F53, 0x4B5FDC34,
+    0xE18E584C, 0x31A51B2B, 0x0CD8DE82, 0xDCF39DE5,
+    0x1249408A, 0xC26203ED, 0xFF1FC644, 0x2F348523,
+    0x85E5015B, 0x55CE423C, 0x68B38795, 0xB898C4F2,
+    0x715CC265, 0xA1778102, 0x9C0A44AB, 0x4C2107CC,
+    0xE6F083B4, 0x36DBC0D3, 0x0BA6057A, 0xDB8D461D,
+    0xD4630919, 0x04484A7E, 0x39358FD7, 0xE91ECCB0,
+    0x43CF48C8, 0x93E40BAF, 0xAE99CE06, 0x7EB28D61,
+    0xB7768BF6, 0x675DC891, 0x5A200D38, 0x8A0B4E5F,
+    0x20DACA27, 0xF0F18940, 0xCD8C4CE9, 0x1DA70F8E,
+    0x1CB5BB37, 0xCC9EF850, 0xF1E33DF9, 0x21C87E9E,
+    0x8B19FAE6, 0x5B32B981, 0x664F7C28, 0xB6643F4F,
+    0x7FA039D8, 0xAF8B7ABF, 0x92F6BF16, 0x42DDFC71,
+    0xE80C7809, 0x38273B6E, 0x055AFEC7, 0xD571BDA0,
+    0xDA9FF2A4, 0x0AB4B1C3, 0x37C9746A, 0xE7E2370D,
+    0x4D33B375, 0x9D18F012, 0xA06535BB, 0x704E76DC,
+    0xB98A704B, 0x69A1332C, 0x54DCF685, 0x84F7B5E2,
+    0x2E26319A, 0xFE0D72FD, 0xC370B754, 0x135BF433,
+    0xDDE1295C, 0x0DCA6A3B, 0x30B7AF92, 0xE09CECF5,
+    0x4A4D688D, 0x9A662BEA, 0xA71BEE43, 0x7730AD24,
+    0xBEF4ABB3, 0x6EDFE8D4, 0x53A22D7D, 0x83896E1A,
+    0x2958EA62, 0xF973A905, 0xC40E6CAC, 0x14252FCB,
+    0x1BCB60CF, 0xCBE023A8, 0xF69DE601, 0x26B6A566,
+    0x8C67211E, 0x5C4C6279, 0x6131A7D0, 0xB11AE4B7,
+    0x78DEE220, 0xA8F5A147, 0x958864EE, 0x45A32789,
+    0xEF72A3F1, 0x3F59E096, 0x0224253F, 0xD20F6658,
+};

src/encauth/nls/nlssbox.inc

@@ -0,0 +1,84 @@
+/* Id: nlssbox.h 333 2005-04-13 05:35:54Z mwp  */
+/* Sbox for NLS */
+/*
+ * This is really the combination of two SBoxes; the least significant
+ * 24 bits comes from:
+ * 8->32 Sbox generated by Millan et. al. at Queensland University of
+ * Technology. See: E. Dawson, W. Millan, L. Burnett, G. Carter,
+ * "On the Design of 8*32 S-boxes". Unpublished report, by the
+ * Information Systems Research Centre,
+ * Queensland University of Technology, 1999.
+ * 
+ * The most significant 8 bits are the Skipjack "F table", which can be
+ * found at http://csrc.nist.gov/CryptoToolkit/skipjack/skipjack.pdf .
+ * In this optimised table, though, the intent is to XOR the word from
+ * the table selected by the high byte with the input word. Thus, the
+ * high byte is actually the Skipjack F-table entry XORED with its
+ * table index.
+ */
+static const ulong32 Sbox[256] = {
+    0xa3aa1887, 0xd65e435c, 0x0b65c042, 0x800e6ef4,
+    0xfc57ee20, 0x4d84fed3, 0xf066c502, 0xf354e8ae,
+    0xbb2ee9d9, 0x281f38d4, 0x1f829b5d, 0x735cdf3c,
+    0x95864249, 0xbc2e3963, 0xa1f4429f, 0xf6432c35,
+    0xf7f40325, 0x3cc0dd70, 0x5f973ded, 0x9902dc5e,
+    0xda175b42, 0x590012bf, 0xdc94d78c, 0x39aab26b,
+    0x4ac11b9a, 0x8c168146, 0xc3ea8ec5, 0x058ac28f,
+    0x52ed5c0f, 0x25b4101c, 0x5a2db082, 0x370929e1,
+    0x2a1843de, 0xfe8299fc, 0x202fbc4b, 0x833915dd,
+    0x33a803fa, 0xd446b2de, 0x46233342, 0x4fcee7c3,
+    0x3ad607ef, 0x9e97ebab, 0x507f859b, 0xe81f2e2f,
+    0xc55b71da, 0xd7e2269a, 0x1339c3d1, 0x7ca56b36,
+    0xa6c9def2, 0xb5c9fc5f, 0x5927b3a3, 0x89a56ddf,
+    0xc625b510, 0x560f85a7, 0xace82e71, 0x2ecb8816,
+    0x44951e2a, 0x97f5f6af, 0xdfcbc2b3, 0xce4ff55d,
+    0xcb6b6214, 0x2b0b83e3, 0x549ea6f5, 0x9de041af,
+    0x792f1f17, 0xf73b99ee, 0x39a65ec0, 0x4c7016c6,
+    0x857709a4, 0xd6326e01, 0xc7b280d9, 0x5cfb1418,
+    0xa6aff227, 0xfd548203, 0x506b9d96, 0xa117a8c0,
+    0x9cd5bf6e, 0xdcee7888, 0x61fcfe64, 0xf7a193cd,
+    0x050d0184, 0xe8ae4930, 0x88014f36, 0xd6a87088,
+    0x6bad6c2a, 0x1422c678, 0xe9204de7, 0xb7c2e759,
+    0x0200248e, 0x013b446b, 0xda0d9fc2, 0x0414a895,
+    0x3a6cc3a1, 0x56fef170, 0x86c19155, 0xcf7b8a66,
+    0x551b5e69, 0xb4a8623e, 0xa2bdfa35, 0xc4f068cc,
+    0x573a6acd, 0x6355e936, 0x03602db9, 0x0edf13c1,
+    0x2d0bb16d, 0x6980b83c, 0xfeb23763, 0x3dd8a911,
+    0x01b6bc13, 0xf55579d7, 0xf55c2fa8, 0x19f4196e,
+    0xe7db5476, 0x8d64a866, 0xc06e16ad, 0xb17fc515,
+    0xc46feb3c, 0x8bc8a306, 0xad6799d9, 0x571a9133,
+    0x992466dd, 0x92eb5dcd, 0xac118f50, 0x9fafb226,
+    0xa1b9cef3, 0x3ab36189, 0x347a19b1, 0x62c73084,
+    0xc27ded5c, 0x6c8bc58f, 0x1cdde421, 0xed1e47fb,
+    0xcdcc715e, 0xb9c0ff99, 0x4b122f0f, 0xc4d25184,
+    0xaf7a5e6c, 0x5bbf18bc, 0x8dd7c6e0, 0x5fb7e420,
+    0x521f523f, 0x4ad9b8a2, 0xe9da1a6b, 0x97888c02,
+    0x19d1e354, 0x5aba7d79, 0xa2cc7753, 0x8c2d9655,
+    0x19829da1, 0x531590a7, 0x19c1c149, 0x3d537f1c,
+    0x50779b69, 0xed71f2b7, 0x463c58fa, 0x52dc4418,
+    0xc18c8c76, 0xc120d9f0, 0xafa80d4d, 0x3b74c473,
+    0xd09410e9, 0x290e4211, 0xc3c8082b, 0x8f6b334a,
+    0x3bf68ed2, 0xa843cc1b, 0x8d3c0ff3, 0x20e564a0,
+    0xf8f55a4f, 0x2b40f8e7, 0xfea7f15f, 0xcf00fe21,
+    0x8a6d37d6, 0xd0d506f1, 0xade00973, 0xefbbde36,
+    0x84670fa8, 0xfa31ab9e, 0xaedab618, 0xc01f52f5,
+    0x6558eb4f, 0x71b9e343, 0x4b8d77dd, 0x8cb93da6,
+    0x740fd52d, 0x425412f8, 0xc5a63360, 0x10e53ad0,
+    0x5a700f1c, 0x8324ed0b, 0xe53dc1ec, 0x1a366795,
+    0x6d549d15, 0xc5ce46d7, 0xe17abe76, 0x5f48e0a0,
+    0xd0f07c02, 0x941249b7, 0xe49ed6ba, 0x37a47f78,
+    0xe1cfffbd, 0xb007ca84, 0xbb65f4da, 0xb59f35da,
+    0x33d2aa44, 0x417452ac, 0xc0d674a7, 0x2d61a46a,
+    0xdc63152a, 0x3e12b7aa, 0x6e615927, 0xa14fb118,
+    0xa151758d, 0xba81687b, 0xe152f0b3, 0x764254ed,
+    0x34c77271, 0x0a31acab, 0x54f94aec, 0xb9e994cd,
+    0x574d9e81, 0x5b623730, 0xce8a21e8, 0x37917f0b,
+    0xe8a9b5d6, 0x9697adf8, 0xf3d30431, 0x5dcac921,
+    0x76b35d46, 0xaa430a36, 0xc2194022, 0x22bca65e,
+    0xdaec70ba, 0xdfaea8cc, 0x777bae8b, 0x242924d5,
+    0x1f098a5a, 0x4b396b81, 0x55de2522, 0x435c1cb8,
+    0xaeb8fe1d, 0x9db3c697, 0x5b164f83, 0xe0c16376,
+    0xa319224c, 0xd0203b35, 0x433ac0fe, 0x1466a19a,
+    0x45f0b24f, 0x51fda998, 0xc0d52d71, 0xfa0896a8,
+    0xf9e6053f, 0xa4b0d300, 0xd499cbcc, 0xb95e3d40,
+};

src/headers/tomcrypt.h

@@ -16,8 +16,8 @@ extern "C" {
 #endif
 
 /* version */
-#define CRYPT   0x0108
-#define SCRYPT  "1.08"
+#define CRYPT   0x0109
+#define SCRYPT  "1.09"
 
 /* max size of either a cipher/hash block or symmetric key [largest of the two] */
 #define MAXBLOCKSIZE  128

src/headers/tomcrypt_cipher.h

@@ -167,6 +167,7 @@ typedef union Symmetric_key {
    void   *data;
 } symmetric_key;
 
+#ifdef ECB
 /** A block cipher ECB structure */
 typedef struct {
    /** The index of the cipher chosen */
@@ -176,7 +177,9 @@ typedef struct {
    /** The scheduled key */                       
    symmetric_key       key;
 } symmetric_ECB;
+#endif
 
+#ifdef CFB
 /** A block cipher CFB structure */
 typedef struct {
    /** The index of the cipher chosen */
@@ -192,7 +195,9 @@ typedef struct {
    /** The scheduled key */
    symmetric_key       key;
 } symmetric_CFB;
+#endif
 
+#ifdef OFB
 /** A block cipher OFB structure */
 typedef struct {
    /** The index of the cipher chosen */
@@ -206,7 +211,9 @@ typedef struct {
    /** The scheduled key */
    symmetric_key       key;
 } symmetric_OFB;
+#endif
 
+#ifdef CBC
 /** A block cipher CBC structure */
 typedef struct {
    /** The index of the cipher chosen */
@@ -218,7 +225,10 @@ typedef struct {
    /** The scheduled key */
    symmetric_key       key;
 } symmetric_CBC;
+#endif
+
 
+#ifdef CTR
 /** A block cipher CTR structure */
 typedef struct {
    /** The index of the cipher chosen */
@@ -236,6 +246,35 @@ typedef struct {
    /** The scheduled key */
    symmetric_key       key;
 } symmetric_CTR;
+#endif
+
+
+#ifdef LRW_MODE
+/** A LRW structure */
+typedef struct {
+    /** The index of the cipher chosen (must be a 128-bit block cipher) */
+    int               cipher;
+
+    /** The current IV */
+    unsigned char     IV[16],
+ 
+    /** the tweak key */
+                      tweak[16],
+
+    /** The current pad, it's the product of the first 15 bytes against the tweak key */
+                      pad[16];
+
+    /** The scheduled symmetric key */
+    symmetric_key     key;
+
+#ifdef LRW_TABLES
+    /** The pre-computed multiplication table */
+    unsigned char     PC[16][256][16];
+#endif
+} symmetric_LRW;
+#endif
+
+
 
 /** cipher descriptor table, last entry has "name == NULL" to mark the end of table */
 extern struct ltc_cipher_descriptor {
@@ -339,6 +378,28 @@ extern struct ltc_cipher_descriptor {
    */
    int (*accel_ctr_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, int mode, symmetric_key *skey);
 
+   /** Accelerated LRW 
+       @param pt      Plaintext
+       @param ct      Ciphertext
+       @param blocks  The number of complete blocks to process
+       @param IV      The initial value (input/output)
+       @param tweak   The LRW tweak
+       @param skey    The scheduled key context
+       @return CRYPT_OK if successful
+   */
+   int (*accel_lrw_encrypt)(const unsigned char *pt, unsigned char *ct, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey);
+
+   /** Accelerated LRW 
+       @param ct      Ciphertext
+       @param pt      Plaintext
+       @param blocks  The number of complete blocks to process
+       @param IV      The initial value (input/output)
+       @param tweak   The LRW tweak
+       @param skey    The scheduled key context
+       @return CRYPT_OK if successful
+   */
+   int (*accel_lrw_decrypt)(const unsigned char *ct, unsigned char *pt, unsigned long blocks, unsigned char *IV, const unsigned char *tweak, symmetric_key *skey);
+
    /** Accelerated CCM packet (one-shot)
        @param key        The secret key to use
        @param keylen     The length of the secret key (octets)
@@ -624,7 +685,29 @@ int ctr_getiv(unsigned char *IV, unsigned long *len, symmetric_CTR *ctr);
 int ctr_setiv(const unsigned char *IV, unsigned long len, symmetric_CTR *ctr);
 int ctr_done(symmetric_CTR *ctr);
 #endif
-    
+
+#ifdef LRW_MODE
+
+#define LRW_ENCRYPT 0
+#define LRW_DECRYPT 1
+
+int lrw_start(               int   cipher,
+              const unsigned char *IV,
+              const unsigned char *key,       int keylen,
+              const unsigned char *tweak,
+                             int  num_rounds, 
+                   symmetric_LRW *lrw);
+int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw);
+int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw);
+int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw);
+int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw);
+int lrw_done(symmetric_LRW *lrw);
+
+/* don't call */
+int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw);
+
+
+#endif    
 int find_cipher(const char *name);
 int find_cipher_any(const char *name, int blocklen, int keylen);
 int find_cipher_id(unsigned char ID);

src/headers/tomcrypt_custom.h

@@ -36,6 +36,45 @@
 #define XQSORT qsort
 #endif
 
+/* Easy button? */
+#ifdef LTC_EASY
+   #define LTC_NO_CIPHERS
+   #define RIJNDAEL
+   #define BLOWFISH
+   #define DES
+   #define CAST5
+   
+   #define LTC_NO_MODES
+   #define ECB
+   #define CBC
+   #define CTR
+   
+   #define LTC_NO_HASHES
+   #define SHA1
+   #define SHA512
+   #define SHA384
+   #define SHA256
+   #define SHA224
+   #define WHIRLPOOL
+   
+   #define LTC_NO_MACS
+   #define HMAC
+   #define OMAC
+   #define CCM_MODE
+
+   #define LTC_NO_PRNGS
+   #define SPRNG
+   #define YARROW
+   #define DEVRANDOM
+   #define TRY_URANDOM_FIRST
+      
+   #define LTC_NO_PK
+   #define MRSA
+   #define MECC
+#endif   
+   
+
+
 /* Use small code where possible */
 /* #define LTC_SMALL_CODE */
 
@@ -101,6 +140,15 @@
 #define CBC
 #define CTR
 
+/* LRW mode */
+#define LRW_MODE
+#ifndef LTC_NO_TABLES
+   /* like GCM mode this will enable 16 8x128 tables [64KB] that make
+    * seeking very fast.  
+    */
+   #define LRW_TABLES
+#endif
+
 #endif /* LTC_NO_MODES */
 
 /* ---> One-Way Hash Functions <--- */
@@ -143,8 +191,9 @@
 
 #define OCB_MODE
 #define CCM_MODE
-
 #define GCM_MODE
+/* disabled waiting on test vectors */
+/* #define NLS_MODE */
 
 /* Use 64KiB tables */
 #ifndef LTC_NO_TABLES

src/headers/tomcrypt_mac.h

@@ -212,6 +212,10 @@ int ccm_test(void);
 
 #endif /* CCM_MODE */
 
+#if defined(LRW_MODE) || defined(GCM_MODE)
+void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
+#endif
+
 #ifdef GCM_MODE
 
 #define GCM_ENCRYPT 0
@@ -243,7 +247,6 @@ typedef struct {
 
 } gcm_state;
 
-void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c);
 void gcm_mult_h(gcm_state *gcm, unsigned char *I);
 
 int gcm_init(gcm_state *gcm, int cipher,
@@ -297,6 +300,48 @@ int pelican_memory(const unsigned char *key, unsigned long keylen,
 
 #endif
 
+#ifdef NLS_MODE
+
+#define NLS_ENCRYPT 0
+#define NLS_DECRYPT 1
+
+typedef struct {
+    ulong32	R[17];		/* Working storage for the shift register */
+    ulong32	M[8];	/* Working storage for MAC accumulation */
+    ulong32	CRC[8];	/* Working storage for CRC accumulation */
+    ulong32	initR[17];	/* saved register contents */ 
+    ulong32	konst;		/* key dependent constant */
+    ulong32	sbuf;		/* partial ulong32 encryption buffer */
+    ulong32	mbuf;		/* partial ulong32 MAC buffer */
+    int		nbuf;		/* number of part-ulong32 stream bits buffered */
+    ulong32	CtrModF16;	/* Multiprecision counter, modulo F16 */
+    ulong32	CtrMod232;	/* Multiprecision counter, LSW */
+} nls_state;
+
+/* interface definitions */
+int nls_key(nls_state *c,     const unsigned char *key,   unsigned long keylen);   /* set key */
+int nls_nonce(nls_state *c,   const unsigned char *nonce, unsigned long noncelen); /* set IV */
+int nls_maconly(nls_state *c, const unsigned char *buf,   unsigned long nbytes);   /* accumulate MAC */
+int nls_encrypt(nls_state * c, 
+                const unsigned char *pt, unsigned long nbytes,
+                      unsigned char *ct);                                          /* enc+MAC */
+int nls_decrypt(nls_state * c, 
+                const unsigned char *ct, unsigned long nbytes,
+                      unsigned char *pt);                                          /* dec+MAC */
+int nls_finish(nls_state *c,  unsigned char *buf, unsigned long nbytes);           /* finalize MAC */
+
+int nls_memory(const unsigned char *key,    unsigned long keylen,
+               const unsigned char *IV,     unsigned long IVlen,
+               const unsigned char *adata,  unsigned long adatalen,
+                     unsigned char *pt,     unsigned long ptlen,
+                     unsigned char *ct, 
+                     unsigned char *tag,    unsigned long taglen,
+                               int direction);
+
+
+#endif
+
+
 /* $Source$ */
 /* $Revision$ */
 /* $Date$ */

src/misc/crypt/crypt.c

@@ -168,6 +168,13 @@ const char *crypt_build_settings =
 #if defined(CTR)
     "   CTR\n"
 #endif
+#if defined(LRW_MODE)
+    "   LRW_MODE"
+#if defined(LRW_TABLES)
+    " (LRW_TABLES) "
+#endif
+    "\n"
+#endif
 
     "\nMACs:\n"
 #if defined(HMAC)
@@ -314,6 +321,9 @@ const char *crypt_build_settings =
 #if defined(TFM_DESC)
     " TFM_DESC "
 #endif
+#if defined(LTC_EASY)
+    " (easy) "
+#endif    
 
     "\n"
     "\n\n\n"

src/modes/lrw/lrw_decrypt.c

@@ -0,0 +1,51 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+   @file lrw_decrypt.c
+   LRW_MODE implementation, Decrypt blocks, Tom St Denis
+*/
+
+#ifdef LRW_MODE
+
+/**
+  LRW decrypt blocks
+  @param ct     The ciphertext
+  @param pt     [out] The plaintext
+  @param len    The length in octets, must be a multiple of 16
+  @param lrw    The LRW state
+*/
+int lrw_decrypt(const unsigned char *ct, unsigned char *pt, unsigned long len, symmetric_LRW *lrw)
+{
+   int err;
+
+   LTC_ARGCHK(pt  != NULL);
+   LTC_ARGCHK(ct  != NULL);
+   LTC_ARGCHK(lrw != NULL);
+
+   if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
+      return err;
+   }
+
+   if (cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) {
+      return cipher_descriptor[lrw->cipher].accel_lrw_decrypt(ct, pt, len, lrw->IV, lrw->tweak, &lrw->key);
+   }
+
+   return lrw_process(ct, pt, len, LRW_DECRYPT, lrw);
+}
+
+
+#endif
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/modes/lrw/lrw_done.c

@@ -0,0 +1,42 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+   @file lrw_done.c
+   LRW_MODE implementation, Free resources, Tom St Denis
+*/
+
+#ifdef LRW_MODE
+
+/**
+  Terminate a LRW state
+  @param lrw   The state to terminate
+  @return CRYPT_OK if successful
+*/
+int lrw_done(symmetric_LRW *lrw) 
+{
+   int err;
+
+   LTC_ARGCHK(lrw != NULL);
+ 
+   if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
+      return err;
+   }
+   cipher_descriptor[lrw->cipher].done(&lrw->key);
+
+   return CRYPT_OK;
+}
+
+#endif
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/modes/lrw/lrw_encrypt.c

@@ -0,0 +1,50 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+   @file lrw_encrypt.c
+   LRW_MODE implementation, Encrypt blocks, Tom St Denis
+*/
+
+#ifdef LRW_MODE
+ 
+/**
+  LRW encrypt blocks
+  @param pt     The plaintext
+  @param ct     [out] The ciphertext
+  @param len    The length in octets, must be a multiple of 16
+  @param lrw    The LRW state
+*/
+int lrw_encrypt(const unsigned char *pt, unsigned char *ct, unsigned long len, symmetric_LRW *lrw)
+{
+   int err;
+
+   LTC_ARGCHK(pt  != NULL);
+   LTC_ARGCHK(ct  != NULL);
+   LTC_ARGCHK(lrw != NULL);
+
+   if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
+      return err;
+   }
+
+   if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL) {
+      return cipher_descriptor[lrw->cipher].accel_lrw_encrypt(pt, ct, len, lrw->IV, lrw->tweak, &lrw->key);
+   }
+
+   return lrw_process(pt, ct, len, LRW_ENCRYPT, lrw);
+}
+
+
+#endif
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/modes/lrw/lrw_getiv.c

@@ -0,0 +1,44 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+   @file lrw_getiv.c
+   LRW_MODE implementation, Retrieve the current IV, Tom St Denis
+*/
+
+#ifdef LRW_MODE
+
+/**
+  Get the IV for LRW
+  @param IV      [out] The IV, must be 16 octets
+  @param len     Length ... must be at least 16 :-)
+  @param lrw     The LRW state to read
+  @return CRYPT_OK if successful
+*/
+int lrw_getiv(unsigned char *IV, unsigned long *len, symmetric_LRW *lrw)
+{
+   LTC_ARGCHK(IV != NULL);
+   LTC_ARGCHK(len != NULL);
+   LTC_ARGCHK(lrw != NULL);
+   if (*len < 16) {
+       return CRYPT_BUFFER_OVERFLOW;
+   }
+
+   XMEMCPY(IV, lrw->IV, 16);
+   *len = 16;
+   return CRYPT_OK;
+}
+
+#endif
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/modes/lrw/lrw_process.c

@@ -0,0 +1,116 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+   @file lrw_process.c
+   LRW_MODE implementation, Encrypt/decrypt blocks, Tom St Denis
+*/
+
+#ifdef LRW_MODE
+
+/**
+  Process blocks with LRW, since decrypt/encrypt are largely the same they share this code.
+  @param pt        The "input" data
+  @param ct        [out] The "output" data
+  @param len       The length of the input, must be a multiple of 128-bits (16 octets)
+  @param mode      LRW_ENCRYPT or LRW_DECRYPT
+  @param lrw       The LRW state
+  @return  CRYPT_OK if successful
+*/
+int lrw_process(const unsigned char *pt, unsigned char *ct, unsigned long len, int mode, symmetric_LRW *lrw)
+{
+   unsigned char prod[16];
+   int           x;
+#ifdef LRW_TABLES
+   int           y;
+#endif
+
+   LTC_ARGCHK(pt  != NULL);
+   LTC_ARGCHK(ct  != NULL);
+   LTC_ARGCHK(lrw != NULL);
+
+   if (len & 15) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   while (len) {
+      /* copy pad */
+      XMEMCPY(prod, lrw->pad, 16);
+
+      /* increment IV */
+      for (x = 15; x >= 0; x--) {
+          lrw->IV[x] = (lrw->IV[x] + 1) & 255;
+          if (lrw->IV[x]) { 
+              break;
+          }
+      }
+
+      /* update pad */
+#ifdef LRW_2TABLES
+      /* for each byte changed we undo it's affect on the pad then add the new product */
+      for (; x < 16; x++) {
+#ifdef LTC_FAST
+          for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+              *((LTC_FAST_TYPE *)(lrw->pad + y)) ^= *((LTC_FAST_TYPE *)(&lrw->PC[x][lrw->IV[x]][y])) ^ *((LTC_FAST_TYPE *)(&lrw->PC[x][(lrw->IV[x]-1)&255][y]));
+          }
+#else
+          for (y = 0; y < 16; y++) {
+              lrw->pad[y] ^= lrw->PC[x][lrw->IV[x]][y] ^ lrw->PC[x][(lrw->IV[x]-1)&255][y];
+          }
+#endif
+      }
+#else
+      gcm_gf_mult(lrw->tweak, lrw->IV, lrw->pad);
+#endif
+
+      /* xor prod */
+#ifdef LTC_FAST
+      for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
+           *((LTC_FAST_TYPE *)(ct + x)) = *((LTC_FAST_TYPE *)(pt + x)) ^ *((LTC_FAST_TYPE *)(prod + x));
+      }
+#else
+      for (x = 0; x < 16; x++) {
+         ct[x] = pt[x] ^ prod[x];
+      }
+#endif
+
+      /* send through cipher */
+      if (mode == LRW_ENCRYPT) {
+         cipher_descriptor[lrw->cipher].ecb_encrypt(ct, ct, &lrw->key);
+      } else {
+         cipher_descriptor[lrw->cipher].ecb_decrypt(ct, ct, &lrw->key);
+      }               
+
+      /* xor prod */
+#ifdef LTC_FAST
+      for (x = 0; x < 16; x += sizeof(LTC_FAST_TYPE)) {
+           *((LTC_FAST_TYPE *)(ct + x)) = *((LTC_FAST_TYPE *)(ct + x)) ^ *((LTC_FAST_TYPE *)(prod + x));
+      }
+#else
+      for (x = 0; x < 16; x++) {
+         ct[x] = ct[x] ^ prod[x];
+      }
+#endif
+   
+      /* move to next */
+      pt  += 16;
+      ct  += 16;
+      len -= 16;
+   }
+
+   return CRYPT_OK;
+}
+      
+#endif
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/modes/lrw/lrw_setiv.c

@@ -0,0 +1,79 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+   @file lrw_setiv.c
+   LRW_MODE implementation, Set the current IV, Tom St Denis
+*/
+
+#ifdef LRW_MODE
+
+/**
+  Set the IV for LRW
+  @param IV      The IV, must be 16 octets
+  @param len     Length ... must be 16 :-)
+  @param lrw     The LRW state to update
+  @return CRYPT_OK if successful
+*/
+int lrw_setiv(const unsigned char *IV, unsigned long len, symmetric_LRW *lrw)
+{
+   int           err;
+#ifdef LRW_TABLES
+   unsigned char T[16];
+   int           x, y;
+#endif
+   LTC_ARGCHK(IV != NULL);
+   LTC_ARGCHK(lrw != NULL);
+
+   if (len != 16) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   if ((err = cipher_is_valid(lrw->cipher)) != CRYPT_OK) {
+      return err;
+   }
+
+   /* copy the IV */
+   XMEMCPY(lrw->IV, IV, 16);
+
+   /* check if we have to actually do work */
+   if (cipher_descriptor[lrw->cipher].accel_lrw_encrypt != NULL && cipher_descriptor[lrw->cipher].accel_lrw_decrypt != NULL) {
+       /* we have accelerators, let's bail since they don't use lrw->pad anyways */
+       return CRYPT_OK;
+   }
+
+#ifdef LRW_TABLES
+   XMEMCPY(T, &lrw->PC[0][IV[0]][0], 16);
+   for (x = 1; x < 16; x++) {
+#ifdef LTC_FAST
+       for (y = 0; y < 16; y += sizeof(LTC_FAST_TYPE)) {
+           *((LTC_FAST_TYPE *)(T + y)) ^= *((LTC_FAST_TYPE *)(&lrw->PC[x][IV[x]][y]));
+       }
+#else
+       for (y = 0; y < 16; y++) {
+           T[y] ^= lrw->PC[x][IV[x]][y];
+       }
+#endif
+   }
+   XMEMCPY(lrw->pad, T, 16);
+#else     
+   gcm_gf_mult(lrw->tweak, IV, lrw->pad); 
+#endif
+
+   return CRYPT_OK;
+}
+
+
+#endif
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/modes/lrw/lrw_start.c

@@ -0,0 +1,143 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+   @file lrw_start.c
+   LRW_MODE implementation, start mode, Tom St Denis
+*/
+
+#ifdef LRW_MODE
+
+#ifdef LRW_TABLES
+
+/* this is x*2^128 mod p(x) ... the results are 16 bytes each stored in a packed format.  Since only the 
+ * lower 16 bits are not zero'ed I removed the upper 14 bytes */
+static const unsigned char gcm_shift_table[256*2] = {
+0x00, 0x00, 0x01, 0xc2, 0x03, 0x84, 0x02, 0x46, 0x07, 0x08, 0x06, 0xca, 0x04, 0x8c, 0x05, 0x4e,
+0x0e, 0x10, 0x0f, 0xd2, 0x0d, 0x94, 0x0c, 0x56, 0x09, 0x18, 0x08, 0xda, 0x0a, 0x9c, 0x0b, 0x5e,
+0x1c, 0x20, 0x1d, 0xe2, 0x1f, 0xa4, 0x1e, 0x66, 0x1b, 0x28, 0x1a, 0xea, 0x18, 0xac, 0x19, 0x6e,
+0x12, 0x30, 0x13, 0xf2, 0x11, 0xb4, 0x10, 0x76, 0x15, 0x38, 0x14, 0xfa, 0x16, 0xbc, 0x17, 0x7e,
+0x38, 0x40, 0x39, 0x82, 0x3b, 0xc4, 0x3a, 0x06, 0x3f, 0x48, 0x3e, 0x8a, 0x3c, 0xcc, 0x3d, 0x0e,
+0x36, 0x50, 0x37, 0x92, 0x35, 0xd4, 0x34, 0x16, 0x31, 0x58, 0x30, 0x9a, 0x32, 0xdc, 0x33, 0x1e,
+0x24, 0x60, 0x25, 0xa2, 0x27, 0xe4, 0x26, 0x26, 0x23, 0x68, 0x22, 0xaa, 0x20, 0xec, 0x21, 0x2e,
+0x2a, 0x70, 0x2b, 0xb2, 0x29, 0xf4, 0x28, 0x36, 0x2d, 0x78, 0x2c, 0xba, 0x2e, 0xfc, 0x2f, 0x3e,
+0x70, 0x80, 0x71, 0x42, 0x73, 0x04, 0x72, 0xc6, 0x77, 0x88, 0x76, 0x4a, 0x74, 0x0c, 0x75, 0xce,
+0x7e, 0x90, 0x7f, 0x52, 0x7d, 0x14, 0x7c, 0xd6, 0x79, 0x98, 0x78, 0x5a, 0x7a, 0x1c, 0x7b, 0xde,
+0x6c, 0xa0, 0x6d, 0x62, 0x6f, 0x24, 0x6e, 0xe6, 0x6b, 0xa8, 0x6a, 0x6a, 0x68, 0x2c, 0x69, 0xee,
+0x62, 0xb0, 0x63, 0x72, 0x61, 0x34, 0x60, 0xf6, 0x65, 0xb8, 0x64, 0x7a, 0x66, 0x3c, 0x67, 0xfe,
+0x48, 0xc0, 0x49, 0x02, 0x4b, 0x44, 0x4a, 0x86, 0x4f, 0xc8, 0x4e, 0x0a, 0x4c, 0x4c, 0x4d, 0x8e,
+0x46, 0xd0, 0x47, 0x12, 0x45, 0x54, 0x44, 0x96, 0x41, 0xd8, 0x40, 0x1a, 0x42, 0x5c, 0x43, 0x9e,
+0x54, 0xe0, 0x55, 0x22, 0x57, 0x64, 0x56, 0xa6, 0x53, 0xe8, 0x52, 0x2a, 0x50, 0x6c, 0x51, 0xae,
+0x5a, 0xf0, 0x5b, 0x32, 0x59, 0x74, 0x58, 0xb6, 0x5d, 0xf8, 0x5c, 0x3a, 0x5e, 0x7c, 0x5f, 0xbe,
+0xe1, 0x00, 0xe0, 0xc2, 0xe2, 0x84, 0xe3, 0x46, 0xe6, 0x08, 0xe7, 0xca, 0xe5, 0x8c, 0xe4, 0x4e,
+0xef, 0x10, 0xee, 0xd2, 0xec, 0x94, 0xed, 0x56, 0xe8, 0x18, 0xe9, 0xda, 0xeb, 0x9c, 0xea, 0x5e,
+0xfd, 0x20, 0xfc, 0xe2, 0xfe, 0xa4, 0xff, 0x66, 0xfa, 0x28, 0xfb, 0xea, 0xf9, 0xac, 0xf8, 0x6e,
+0xf3, 0x30, 0xf2, 0xf2, 0xf0, 0xb4, 0xf1, 0x76, 0xf4, 0x38, 0xf5, 0xfa, 0xf7, 0xbc, 0xf6, 0x7e,
+0xd9, 0x40, 0xd8, 0x82, 0xda, 0xc4, 0xdb, 0x06, 0xde, 0x48, 0xdf, 0x8a, 0xdd, 0xcc, 0xdc, 0x0e,
+0xd7, 0x50, 0xd6, 0x92, 0xd4, 0xd4, 0xd5, 0x16, 0xd0, 0x58, 0xd1, 0x9a, 0xd3, 0xdc, 0xd2, 0x1e,
+0xc5, 0x60, 0xc4, 0xa2, 0xc6, 0xe4, 0xc7, 0x26, 0xc2, 0x68, 0xc3, 0xaa, 0xc1, 0xec, 0xc0, 0x2e,
+0xcb, 0x70, 0xca, 0xb2, 0xc8, 0xf4, 0xc9, 0x36, 0xcc, 0x78, 0xcd, 0xba, 0xcf, 0xfc, 0xce, 0x3e,
+0x91, 0x80, 0x90, 0x42, 0x92, 0x04, 0x93, 0xc6, 0x96, 0x88, 0x97, 0x4a, 0x95, 0x0c, 0x94, 0xce,
+0x9f, 0x90, 0x9e, 0x52, 0x9c, 0x14, 0x9d, 0xd6, 0x98, 0x98, 0x99, 0x5a, 0x9b, 0x1c, 0x9a, 0xde,
+0x8d, 0xa0, 0x8c, 0x62, 0x8e, 0x24, 0x8f, 0xe6, 0x8a, 0xa8, 0x8b, 0x6a, 0x89, 0x2c, 0x88, 0xee,
+0x83, 0xb0, 0x82, 0x72, 0x80, 0x34, 0x81, 0xf6, 0x84, 0xb8, 0x85, 0x7a, 0x87, 0x3c, 0x86, 0xfe,
+0xa9, 0xc0, 0xa8, 0x02, 0xaa, 0x44, 0xab, 0x86, 0xae, 0xc8, 0xaf, 0x0a, 0xad, 0x4c, 0xac, 0x8e,
+0xa7, 0xd0, 0xa6, 0x12, 0xa4, 0x54, 0xa5, 0x96, 0xa0, 0xd8, 0xa1, 0x1a, 0xa3, 0x5c, 0xa2, 0x9e,
+0xb5, 0xe0, 0xb4, 0x22, 0xb6, 0x64, 0xb7, 0xa6, 0xb2, 0xe8, 0xb3, 0x2a, 0xb1, 0x6c, 0xb0, 0xae,
+0xbb, 0xf0, 0xba, 0x32, 0xb8, 0x74, 0xb9, 0xb6, 0xbc, 0xf8, 0xbd, 0x3a, 0xbf, 0x7c, 0xbe, 0xbe };
+
+#endif
+
+/**
+  Initialize the LRW context
+  @param cipher        The cipher desired, must be a 128-bit block cipher 
+  @param IV            The index value, must be 128-bits
+  @param key           The cipher key 
+  @param keylen        The length of the cipher key in octets
+  @param tweak         The tweak value (second key), must be 128-bits
+  @param num_rounds    The number of rounds for the cipher (0 == default)
+  @param lrw           [out] The LRW state
+  @return CRYPT_OK on success.
+*/
+int lrw_start(               int   cipher,
+              const unsigned char *IV,
+              const unsigned char *key,       int keylen,
+              const unsigned char *tweak,
+                             int  num_rounds, 
+                   symmetric_LRW *lrw)
+{
+   int           err;
+#ifdef LRW_TABLES
+   unsigned char B[16];
+   int           x, y, z, t;
+#endif
+
+  LTC_ARGCHK(IV    != NULL);
+  LTC_ARGCHK(key   != NULL);
+  LTC_ARGCHK(tweak != NULL);
+  LTC_ARGCHK(lrw   != NULL);
+
+#ifdef LTC_FAST
+   if (16 % sizeof(LTC_FAST_TYPE)) {
+      return CRYPT_INVALID_ARG;
+   }
+#endif
+
+   /* is cipher valid? */
+   if ((err = cipher_is_valid(cipher)) != CRYPT_OK) {
+      return err;
+   }
+   if (cipher_descriptor[cipher].block_length != 16) {
+      return CRYPT_INVALID_CIPHER;
+   }
+
+   /* schedule key */
+   if ((err = cipher_descriptor[cipher].setup(key, keylen, 0, &lrw->key)) != CRYPT_OK) {
+      return err;
+   }
+   lrw->cipher = cipher;
+
+   /* copy the IV and tweak */
+   XMEMCPY(lrw->tweak, tweak, 16);
+
+#ifdef LRW_TABLES
+   /* setup tables */
+   /* generate the first table as it has no shifting (from which we make the other tables) */
+   zeromem(B, 16);
+   for (y = 0; y < 256; y++) {
+        B[0] = y;
+        gcm_gf_mult(tweak, B, &lrw->PC[0][y][0]);
+   }
+
+   /* now generate the rest of the tables based the previous table */
+   for (x = 1; x < 16; x++) {
+      for (y = 0; y < 256; y++) {
+         /* now shift it right by 8 bits */
+         t = lrw->PC[x-1][y][15];
+         for (z = 15; z > 0; z--) {
+             lrw->PC[x][y][z] = lrw->PC[x-1][y][z-1];
+         }
+         lrw->PC[x][y][0]  = gcm_shift_table[t<<1];
+         lrw->PC[x][y][1] ^= gcm_shift_table[(t<<1)+1];
+     }
+  }
+#endif
+
+   /* generate first pad */
+   return lrw_setiv(IV, 16, lrw);
+}
+
+
+#endif
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/modes/lrw/lrw_test.c

@@ -0,0 +1,157 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ *
+ * Tom St Denis, [email protected], http://libtomcrypt.org
+ */
+#include "tomcrypt.h"
+
+/**
+   @file lrw_test.c
+   LRW_MODE implementation, test LRW, Tom St Denis
+*/
+
+#ifdef LRW_MODE
+
+/**
+  Test LRW against specs
+  @return CRYPT_OK if goodly
+*/
+int lrw_test(void)
+{
+#ifndef  LTC_TEST
+   return CRYPT_NOP;
+#else
+   static const struct {
+      unsigned char key[16], tweak[16], IV[16], P[16], expected_tweak[16], C[16];
+   } tests[] = {
+
+{
+{ 0x45, 0x62, 0xac, 0x25, 0xf8, 0x28, 0x17, 0x6d, 0x4c, 0x26, 0x84, 0x14, 0xb5, 0x68, 0x01, 0x85 },
+{ 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03, 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 },
+{ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
+{ 0x25, 0x8e, 0x2a, 0x05, 0xe7, 0x3e, 0x9d, 0x03, 0xee, 0x5a, 0x83, 0x0c, 0xcc, 0x09, 0x4c, 0x87 },
+{ 0xf1, 0xb2, 0x73, 0xcd, 0x65, 0xa3, 0xdf, 0x5f, 0xe9, 0x5d, 0x48, 0x92, 0x54, 0x63, 0x4e, 0xb8 }
+},
+
+{
+{ 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c, 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44 },
+{ 0x35, 0x23, 0xc2, 0xde, 0xc5, 0x69, 0x4f, 0xa8, 0x72, 0xa9, 0xac, 0xa7, 0x0b, 0x2b, 0xee, 0xbc },
+{ 0x40, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
+{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
+{ 0x1a, 0x91, 0xe1, 0x6f, 0x62, 0xb4, 0xa7, 0xd4, 0x39, 0x54, 0xd6, 0x53, 0x85, 0x95, 0xf7, 0x5e },
+{ 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5, 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 },
+},
+
+{
+{ 0x59, 0x70, 0x47, 0x14, 0xf5, 0x57, 0x47, 0x8c, 0xd7, 0x79, 0xe8, 0x0f, 0x54, 0x88, 0x79, 0x44 },
+{ 0x67, 0x53, 0xc9, 0x0c, 0xb7, 0xd8, 0xcd, 0xe5, 0x06, 0xa0, 0x47, 0x78, 0x1a, 0xad, 0x85, 0x11 },
+{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 },
+{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
+{ 0x1a, 0x91, 0xe1, 0x6f, 0x62, 0xb4, 0xa7, 0xd4, 0x39, 0x54, 0xd6, 0x53, 0x85, 0x95, 0xf7, 0x5e },
+{ 0x00, 0xc8, 0x2b, 0xae, 0x95, 0xbb, 0xcd, 0xe5, 0x27, 0x4f, 0x07, 0x69, 0xb2, 0x60, 0xe1, 0x36 },
+},
+
+{
+
+{ 0xd8, 0x2a, 0x91, 0x34, 0xb2, 0x6a, 0x56, 0x50, 0x30, 0xfe, 0x69, 0xe2, 0x37, 0x7f, 0x98, 0x47 },
+{ 0x4e, 0xb5, 0x5d, 0x31, 0x05, 0x97, 0x3a, 0x3f, 0x5e, 0x23, 0xda, 0xfb, 0x5a, 0x45, 0xd6, 0xc0 },
+{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00 },
+{ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46 },
+{ 0x18, 0xc9, 0x1f, 0x6d, 0x60, 0x1a, 0x1a, 0x37, 0x5d, 0x0b, 0x0e, 0xf7, 0x3a, 0xd5, 0x74, 0xc4 },
+{ 0x76, 0x32, 0x21, 0x83, 0xed, 0x8f, 0xf1, 0x82, 0xf9, 0x59, 0x62, 0x03, 0x69, 0x0e, 0x5e, 0x01 },
+
+}
+};
+
+  int idx, err, x;
+  symmetric_LRW lrw;
+  unsigned char buf[2][16];
+
+  idx = find_cipher("aes");
+  if (idx == -1) {
+     idx = find_cipher("rijndael");
+     if (idx == -1) {
+        return CRYPT_NOP;
+     }
+  }
+
+#define PRINT
+
+  for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
+     /* schedule it */
+     if ((err = lrw_start(idx, tests[x].IV, tests[x].key, 16, tests[x].tweak, 0, &lrw)) != CRYPT_OK) {
+#ifdef PRINT
+   printf("\n\nERR at %d\n", __LINE__);
+#endif
+        return err;
+     }
+
+     /* check pad against expected tweak */
+     if (XMEMCMP(tests[x].expected_tweak, lrw.pad, 16)) {
+        lrw_done(&lrw);
+#ifdef PRINT
+   printf("\n\nERR at %d\n", __LINE__);
+#endif
+        return CRYPT_FAIL_TESTVECTOR;
+     }
+
+     /* process block */
+     if ((err = lrw_encrypt(tests[x].P, buf[0], 16, &lrw)) != CRYPT_OK) {
+        lrw_done(&lrw);
+#ifdef PRINT
+   printf("\n\nERR at %d\n", __LINE__);
+#endif
+        return err;
+     }
+
+     if (XMEMCMP(buf[0], tests[x].C, 16)) {
+        lrw_done(&lrw);
+#ifdef PRINT
+   printf("\n\nERR at %d\n", __LINE__);
+#endif
+        return CRYPT_FAIL_TESTVECTOR;
+     }
+
+     /* process block */
+     if ((err = lrw_setiv(tests[x].IV, 16, &lrw)) != CRYPT_OK) { 
+        lrw_done(&lrw);
+#ifdef PRINT
+   printf("\n\nERR at %d\n", __LINE__);
+#endif
+        return err;
+     }
+
+     if ((err = lrw_decrypt(buf[0], buf[1], 16, &lrw)) != CRYPT_OK) {
+        lrw_done(&lrw);
+#ifdef PRINT
+   printf("\n\nERR at %d\n", __LINE__);
+#endif
+        return err;
+     }
+
+     if (XMEMCMP(buf[1], tests[x].P, 16)) {
+        lrw_done(&lrw);
+#ifdef PRINT
+   printf("\n\nERR at %d\n", __LINE__);
+#endif
+        return CRYPT_FAIL_TESTVECTOR;
+     }
+     lrw_done(&lrw);
+   }
+   return CRYPT_OK;
+#endif
+}
+
+#endif
+
+
+
+/* $Source$ */
+/* $Revision$ */
+/* $Date$ */

src/pk/asn1/der/sequence/der_decode_sequence_multi.c

@@ -19,6 +19,13 @@
 
 #ifdef LTC_DER
 
+/**
+  Decode a SEQUENCE type using a VA list
+  @param in    Input buffer
+  @param inlen Length of input in octets
+  @remark <...> is of the form <type, size, data> (int, unsigned long, void*)
+  @return CRYPT_OK on success
+*/  
 int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...)
 {
    int           err, type;

src/pk/asn1/der/sequence/der_encode_sequence_multi.c

@@ -19,6 +19,13 @@
 
 #ifdef LTC_DER
 
+/**
+  Encode a SEQUENCE type using a VA list
+  @param out    [out] Destination for data
+  @param outlen [in/out] Length of buffer and resulting length of output
+  @remark <...> is of the form <type, size, data> (int, unsigned long, void*)
+  @return CRYPT_OK on success
+*/  
 int der_encode_sequence_multi(unsigned char *out, unsigned long *outlen, ...)
 {
    int           err, type;

src/pk/asn1/der/set/der_encode_set.c

@@ -54,6 +54,14 @@ static int qsort_helper(const void *a, const void *b)
    }
 }   
 
+/*
+   Encode a SET type
+   @param list      The list of items to encode
+   @param inlen     The number of items in the list
+   @param out       [out] The destination 
+   @param outlen    [in/out] The size of the output
+   @return CRYPT_OK on success
+*/
 int der_encode_set(ltc_asn1_list *list, unsigned long inlen,
                    unsigned char *out,  unsigned long *outlen)
 {

src/pk/asn1/der/set/der_encode_setof.c

@@ -50,6 +50,14 @@ static int qsort_helper(const void *a, const void *b)
    return r;      
 }
 
+/**
+   Encode a SETOF stucture
+   @param list      The list of items to encode
+   @param inlen     The number of items in the list
+   @param out       [out] The destination 
+   @param outlen    [in/out] The size of the output
+   @return CRYPT_OK on success
+*/   
 int der_encode_setof(ltc_asn1_list *list, unsigned long inlen,
                      unsigned char *out,  unsigned long *outlen)
 {

src/pk/asn1/der/short_integer/der_decode_short_integer.c

@@ -19,7 +19,7 @@
 #ifdef LTC_DER
 
 /**
-  Read a mp_int integer
+  Read a short integer
   @param in       The DER encoded data
   @param inlen    Size of data
   @param num      [out] The integer to decode

src/pk/asn1/der/short_integer/der_encode_short_integer.c

@@ -18,9 +18,8 @@
 
 #ifdef LTC_DER
 
-/* Exports a positive integer as DER format (upto 32-bits in size) */
 /**
-  Store a mp_int integer
+  Store a short integer in the range (0,2^32-1)
   @param num      The integer to encode
   @param out      [out] The destination for the DER encoded integers
   @param outlen   [in/out] The max size and resulting size of the DER encoded integers

src/pk/asn1/der/utctime/der_decode_utctime.c

@@ -39,6 +39,13 @@ static int char_to_int(unsigned char x)
    if (y >= max) return CRYPT_INVALID_PACKET;           \
    x += 2;
 
+/**
+  Decodes a UTC time structure in DER format (reads all 6 valid encoding formats)
+  @param in     Input buffer
+  @param inlen  Length of input buffer in octets
+  @param out    [out] Destination of UTC time structure
+  @return CRYPT_OK   if successful
+*/
 int der_decode_utctime(const unsigned char *in, unsigned long *inlen,
                              ltc_utctime   *out)
 {

testme.sh

@@ -14,7 +14,6 @@ echo "uname="`uname -a`
 echo "gcc="`gcc -dumpversion`
 echo
 
-
 # stock build
 bash run.sh "STOCK" " " "$1" "$2" "$3" || exit 1
 
@@ -42,6 +41,9 @@ bash run.sh "CLEANSTACK+NOTABLES+SMALL" "-DLTC_NO_TABLES -DLTC_CLEAN_STACK -DLTC
 # NO_FAST
 bash run.sh "NO_FAST" "-DLTC_NO_FAST" "$1" "$2" "$3" || exit 1
 
+# NO_FAST + NOTABLES
+bash run.sh "NO_FAST+NOTABLES" "-DLTC_NO_FAST -DLTC_NO_TABLES" "$1" "$2" "$3" || exit 1
+
 # NO_ASM
 bash run.sh "NO_ASM" "-DLTC_NO_ASM" "$1" "$2" "$3" || exit 1
 
@@ -52,5 +54,5 @@ bash testbuild.sh "NOTEST" "-DLTC_NO_TEST" "$1" "$2" "$3" || exit 1
 bash testbuild.sh "NOFILE" "-DLTC_NO_FILE" "$1" "$2" "$3" || exit 1
 
 # $Source: /cvs/libtom/libtomcrypt/testme.sh,v $   
-# $Revision: 1.19 $   
-# $Date: 2005/07/28 01:32:41 $ 
+# $Revision: 1.20 $   
+# $Date: 2006/01/26 14:49:43 $ 

testprof/modes_test.c

@@ -5,10 +5,18 @@ int modes_test(void)
 {
    unsigned char pt[64], ct[64], tmp[64], key[16], iv[16], iv2[16];
    int cipher_idx;
+#ifdef CBC
    symmetric_CBC cbc;
+#endif
+#ifdef CFB
    symmetric_CFB cfb;
+#endif
+#ifdef OFB
    symmetric_OFB ofb;
+#endif
+#ifdef CTR
    symmetric_CTR ctr;
+#endif
    unsigned long l;
    
    /* make a random pt, key and iv */
@@ -23,6 +31,10 @@ int modes_test(void)
       return 1;
    }
    
+#ifdef LRW_MODE
+   DO(lrw_test());
+#endif
+
 #ifdef CBC
    /* test CBC mode */
    /* encode the block */

testprof/x86_prof.c

@@ -233,7 +233,11 @@ register_prng(&rc4_desc);
 register_prng(&sober128_desc);
 #endif
 
-rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL);
+   if ((err = rng_make_prng(128, find_prng("yarrow"), &yarrow_prng, NULL)) != CRYPT_OK) {
+      fprintf(stderr, "rng_make_prng failed: %s\n", error_to_string(err));
+      exit(EXIT_FAILURE);
+   }
+   
 }
 
 int time_keysched(void)
@@ -886,7 +890,12 @@ void time_macs_(unsigned long MAC_SIZE)
    }
 
    cipher_idx = find_cipher("aes");
-   hash_idx   = find_hash("md5");
+   hash_idx   = find_hash("sha1");
+   
+   if (cipher_idx == -1 || hash_idx == -1) {
+      fprintf(stderr, "Warning the MAC tests requires AES and SHA1 to operate... so sorry\n");
+      return;
+   }
 
    yarrow_read(buf, MAC_SIZE*1024, &yarrow_prng);
    yarrow_read(key, 16, &yarrow_prng);
@@ -904,7 +913,7 @@ void time_macs_(unsigned long MAC_SIZE)
         t1 = t_read() - t1;
         if (t1 < t2) t2 = t1;
    }
-   fprintf(stderr, "OMAC-AES\t\t%9llu\n", t2/(ulong64)(MAC_SIZE*1024));
+   fprintf(stderr, "OMAC-%s\t\t%9llu\n", cipher_descriptor[cipher_idx].name, t2/(ulong64)(MAC_SIZE*1024));
 #endif
 
 #ifdef PMAC
@@ -952,7 +961,7 @@ void time_macs_(unsigned long MAC_SIZE)
         t1 = t_read() - t1;
         if (t1 < t2) t2 = t1;
    }
-   fprintf(stderr, "HMAC-MD5\t\t%9llu\n", t2/(ulong64)(MAC_SIZE*1024));
+   fprintf(stderr, "HMAC-%s\t\t%9llu\n", hash_descriptor[hash_idx].name, t2/(ulong64)(MAC_SIZE*1024));
 #endif
 
    XFREE(buf);

updatemakes.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+bash genlist.sh > tmplist
+
+perl filter.pl makefile tmplist
+mv -f tmp.delme makefile
+
+perl filter.pl makefile.icc tmplist
+mv -f tmp.delme makefile.icc
+
+perl filter.pl makefile.shared tmplist
+mv -f tmp.delme makefile.shared
+
+perl filter.pl makefile.msvc tmplist
+sed -e 's/\.o /.obj /g' < tmp.delme > makefile.msvc
+
+rm -f tmplist
+rm -f tmp.delme